From b43dc736d48299f20623d3ca64ae99578c794c1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C5=A0afr=C3=A1nek?= Date: Mon, 3 Nov 2008 09:01:59 +0000 Subject: [PATCH] explicitly require the right version and release of net-snmp and net-snmp-libs Related: #451225 update to net-snmp-5.4.2.1 to fix CVE-2008-4309 Resolves: CVE-2008-4309 --- .cvsignore | 2 +- net-snmp.spec | 20 +++++++++++++------- sources | 2 +- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/.cvsignore b/.cvsignore index 45f3310..f561c87 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -net-snmp-5.4.2.tar.gz +net-snmp-5.4.2.1.tar.gz diff --git a/net-snmp.spec b/net-snmp.spec index 0c64244..79aaf4e 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -3,12 +3,12 @@ # Arches on which we need to prevent arch conflicts on net-snmp-config.h %define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 -%define major_ver 5.4.2 +%define major_ver 5.4.2.1 Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: %{major_ver} -Release: 3%{?dist} +Release: 1%{?dist} Epoch: 1 License: BSD and MIT @@ -44,6 +44,7 @@ Requires(preun): chkconfig Requires(preun): initscripts # for /bin/rm Requires(preun): coreutils +Requires: %{name}-libs = %{epoch}:%{version}-%{release} Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel, bzip2-devel, elfutils-devel @@ -79,7 +80,7 @@ Building option: %package utils Group: Applications/System Summary: Network management utilities using SNMP, from the NET-SNMP project -Requires: %{name}-libs = %{epoch}:%{version} +Requires: %{name}-libs = %{epoch}:%{version}-%{release} %description utils The net-snmp-utils package contains various utilities for use with the @@ -92,7 +93,7 @@ package. %package devel Group: Development/Libraries Summary: The development environment for the NET-SNMP project -Requires: %{name}-libs = %{epoch}:%{version} +Requires: %{name}-libs = %{epoch}:%{version}-%{release} Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel %if %{tcp_wrappers} Requires: tcp_wrappers-devel @@ -114,7 +115,7 @@ packages installed. %package perl Group: Development/Libraries Summary: The perl NET-SNMP module and the mib2c tool -Requires: %{name}-libs = %{epoch}:%{version}, perl >= 5 +Requires: %{name}-libs = %{epoch}:%{version}-%{release}, perl >= 5 BuildRequires: perl >= 5 %description perl @@ -127,7 +128,7 @@ with perl. %package gui Group: Applications/System Summary: An interactive graphical MIB browser for SNMP -Requires: perl-Tk, net-snmp-perl +Requires: perl-Tk, net-snmp-perl = %{epoch}:%{version}-%{release} %description gui The net-snmp-gui package contains tkmib utility, which is a graphical user @@ -148,7 +149,7 @@ and applications. %package python Group: Development/Libraries Summary: The Python 'netsnmp' module for the NET-SNMP -Requires: %{name} = %{epoch}:%{version} +Requires: %{name}-libs = %{epoch}:%{version}-%{release} %description python The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3, @@ -413,6 +414,11 @@ rm -rf ${RPM_BUILD_ROOT} %{_datadir}/snmp/mibs %changelog +* Mon Nov 3 2008 Jan Safranek 5.4.2.1-1 +- explicitly require the right version and release of net-snmp and + net-snmp-libs +- update to net-snmp-5.4.2.1 to fix CVE-2008-4309 + * Fri Sep 26 2008 Jan Safranek 5.4.2-3 - further tune up the distribution of files among subpackages and dependencies diff --git a/sources b/sources index d318ab1..1489520 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2c97d0d99e1ec89d64f6713c069079ad net-snmp-5.4.2.tar.gz +984932520143f0c8bf7b7ce1fc9e1da1 net-snmp-5.4.2.1.tar.gz