Fix ftbfs 886920 ftbfs 881641 cve 881757 in debian

debian/patches/CVE-2017-16820-snmp-plugin-Fix-double-free-of-request-PDU.patch

@@ -0,0 +1,62 @@
+From d16c24542b2f96a194d43a73c2e5778822b9cb47 Mon Sep 17 00:00:00 2001
+From: Pavel Rochnyack <[email protected]>
+Date: Wed, 31 May 2017 23:27:13 +0700
+Subject: [PATCH] snmp plugin: Fix double free of request PDU
+
+snmp_sess_synch_response() always frees request PDU, in both case of request
+error and success. If error condition occurs inside of `while (status == 0)`
+loop, double free of `req` happens.
+
+Issue: #2291
+Signed-off-by: Florian Forster <[email protected]>
+
+Forwarded: no (backport)
+Author: Christian Ehrhardt <[email protected]>
+Original-Author: Pavel Rochnyack <[email protected]>
+Origin: upstream, https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881757
+Last-Update: 2018-01-11
+---
+ src/snmp.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/snmp.c b/src/snmp.c
+index 287f44b..6e26ad5 100644
+--- a/src/snmp.c
++++ b/src/snmp.c
+@@ -1357,11 +1357,13 @@ static int csnmp_read_table(host_definition_t *host, data_definition_t *data) {
+     if (oid_list_todo_num == 0) {
+       /* The request is still empty - so we are finished */
+       DEBUG("snmp plugin: all variables have left their subtree");
++      snmp_free_pdu(req);
+       status = 0;
+       break;
+     }
+
+     res = NULL;
++    /* snmp_sess_synch_response always frees our req PDU */
+     status = snmp_sess_synch_response(host->sess_handle, req, &res);
+     if ((status != STAT_SUCCESS) || (res == NULL)) {
+       char *errstr = NULL;
+@@ -1376,8 +1378,6 @@ static int csnmp_read_table(host_definition_t *host, data_definition_t *data) {
+         snmp_free_pdu(res);
+       res = NULL;
+
+-      /* snmp_synch_response already freed our PDU */
+-      req = NULL;
+       sfree(errstr);
+       csnmp_host_close_session(host);
+
+@@ -1492,9 +1492,6 @@ static int csnmp_read_table(host_definition_t *host, data_definition_t *data) {
+     snmp_free_pdu(res);
+   res = NULL;
+
+-  if (req != NULL)
+-    snmp_free_pdu(req);
+-  req = NULL;
+
+   if (status == 0)
+     csnmp_dispatch_table(host, data, instance_list_head, value_list_head);
+-- 
+2.7.4
+

debian/patches/series

@@ -6,3 +6,4 @@ libcollectdclient_error_buffer.patch
 local-msr-index-h.patch
 dpdk-pkg-config.patch
 write_mongodb.patch
+CVE-2017-16820-snmp-plugin-Fix-double-free-of-request-PDU.patch

debian/rules

@@ -19,6 +19,10 @@ CPPFLAGS += -I$(CURDIR)/debian/include
 CFLAGS = $(shell dpkg-buildflags --get CFLAGS)
 CFLAGS += -Wall -Wno-error=deprecated-declarations
 
+# liblvm2app is deprecated which will throw a #warning being handled as error
+# (LP 1742690 / Debian 881641 / Upstream 2647)
+CFLAGS += -Wno-cpp
+
 # Upstream defaults to ${sysconfdir}/collectd.conf. Setting ${sysconfdir} to
 # /etc/collectd would be wrong though.
 CPPFLAGS += -UCONFIGFILE
@@ -56,6 +60,10 @@ confflags = --host=$(DEB_HOST_GNU_TYPE) \
 			--disable-silent-rules \
 			--enable-all-plugins
 
+# Since libi2c-dev 4.0 detection is broken, which breaks dependent modules
+# (LP 1742691 / Debian 886920 / 2646)
+confflags += --disable-barometer
+
 # These plugins do not provide any functionality under Linux.
 # MacOS only (requires IO Kit):
 confflags += --disable-apple_sensors