Upgrade Ganglia to 3.1.1 plus a fix for CVE-2009-0241.

PR:		ports/129822, ports/131067
Submitted by:	Mark Foster <mark at foster dot cc> (vuxml)
Security:	vid:b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e

security/vuxml/vuln.xml

@@ -34,6 +34,40 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e">
+    <topic>ganglia-monitor-core -- Stack-based buffer overflow in the process_path function</topic>
+    <affects>
+      <package>
+	<name>ganglia-monitor-core</name>
+	<range><lt>3.1.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Secunia reports:</p>
+	  <blockquote cite="http://secunia.com/advisories/33506">
+	    <p>Spike Spiegel has discovered a vulnerability in Ganglia which
+	      can be exploited by malicious people to compromise a
+	      vulnerable system.  The vulnerability is caused due to a
+	      boundary error within the process_path function in
+	      gmetad/server.c. This can be exploited to cause a stack-based
+	      buffer overflow by e.g. sending a specially crafted message to
+	      the gmetad service.</p>
+	    <p>The vulnerability is confirmed in version 3.1.1. Other
+	      versions may also be affected.</p>
+	  </blockquote>
+       </body>
+    </description>
+    <references>
+      <url>http://secunia.com/advisories/33506</url>
+      <cvename>CVE-2009-0241</cvename>
+      <bid>33229</bid>
+    </references>
+    <dates>
+      <discovery>2009-01-21</discovery>
+      <entry>2009-01-27</entry>
+    </dates>
+  </vuln>
   <vuln vid="100a9ed2-ee56-11dd-ab4f-0030843d3802">
     <topic>tor -- unspecified memory vorruption vulnerability</topic>
     <affects>

sysutils/ganglia-monitor-core/Makefile

@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	monitor-core
-PORTVERSION=	3.0.6
-PORTREVISION=	1
+PORTVERSION=	3.1.1
 CATEGORIES=	sysutils net parallel
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	ganglia
@@ -20,10 +19,15 @@ DISTNAME=	ganglia-${PORTVERSION}
 MAINTAINER=	brooks@FreeBSD.org
 COMMENT=	Ganglia cluster monitor, monitoring daemon
 
+LIB_DEPENDS+=	confuse:${PORTSDIR}/devel/libconfuse
+
 PKGINSTALL=	${WRKDIR}/pkg-install
 
-OPTIONS+=	GMETAD "include gmetad" on \
-		LIBGANGLIA "include libganglia" off
+OPTIONS+=	GMETAD "include gmetad" on
+
+USE_PYTHON=	yes
+USE_AUTOTOOLS=	libtool:15
+LIBTOOLFILES=	configure libmetrics/configure
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ENV=	CFLAGS="${_CFLAGS}" LDFLAGS="${_LDFLAGS}"
@@ -63,7 +67,7 @@ USE_RC_SUBR=	ganglia.sh
 .endif
 
 .if defined (WITH_GMETAD)
-LIB_DEPENDS=	rrd:${PORTSDIR}/databases/rrdtool
+LIB_DEPENDS+=	rrd:${PORTSDIR}/databases/rrdtool
 CONFIGURE_ARGS+=	--with-gmetad
 PLIST_SUB+=	GMETAD=
 SUB_LIST+=	GMETAD=
@@ -72,12 +76,7 @@ PLIST_SUB+=	GMETAD="@comment "
 SUB_LIST+=	GMETAD="\#"
 .endif
 
-.if defined (WITH_LIBGANGLIA)
 USE_LDCONFIG=	yes
-PLIST_SUB+=	LIBGANGLIA=
-.else
-PLIST_SUB+=	LIBGANGLIA="@comment "
-.endif
 
 MAN1=		gmetric.1 gmond.1 gstat.1
 .if defined (WITH_GMETAD)
@@ -109,6 +108,16 @@ FIX_USER_FILES=	ganglia.pod \
 		gmond/g25_config.c \
 		lib/libgmond.c
 
+MODULES=	modcpu.so \
+		moddisk.so \
+		modload.so \
+		modmem.so \
+		modmulticpu.so \
+		modnet.so \
+		modproc.so \
+		modpython.so \
+		modsys.so
+
 post-patch:
 	${REINPLACE_CMD} -e "s|/etc/\(gm[a-z]*d.conf\)|${PREFIX}/etc/\1|g" \
 	    ${FIX_CONF_FILES:S|^|${WRKSRC}/|}
@@ -120,26 +129,17 @@ post-patch:
 post-build:
 	${WRKSRC}/gmond/gmond -t > ${WRKDIR}/gmond.conf
 
-do-install:
-.if defined (WITH_GMETAD)
-	cd ${WRKSRC}/gmetad && make install
+post-install:
+.if defined(WITH_GMETAD)
 	${INSTALL_SCRIPT} ${FILESDIR}/gmetasnap.sh ${PREFIX}/sbin/gmetasnap
 	${INSTALL_MAN} ${WRKSRC}/mans/gmetad.1 ${MANPREFIX}/man/man1
 	${INSTALL_DATA} ${GMETAD_CONF} ${PREFIX}/etc/gmetad.conf.sample
 .endif
-	cd ${WRKSRC}/gmetric && make install
 	${INSTALL_MAN} ${WRKSRC}/mans/gmetric.1 ${MANPREFIX}/man/man1
-	cd ${WRKSRC}/gmond && make install
 	${INSTALL_MAN} ${WRKSRC}/mans/gmond.1 ${MANPREFIX}/man/man1
 	${INSTALL_MAN} ${WRKSRC}/gmond/gmond.conf.5 ${MANPREFIX}/man/man5
 	${INSTALL_MAN} ${WRKSRC}/mans/gstat.1 ${MANPREFIX}/man/man1
 	${INSTALL_DATA} ${GMOND_CONF} ${PREFIX}/etc/gmond.conf.sample
-.if defined (WITH_LIBGANGLIA)
-	cd ${WRKSRC}/lib && make install
-	${INSTALL_SCRIPT} ${WRKSRC}/ganglia-config ${PREFIX}/bin
-.endif
-
-post-install:
 	${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
 
 .include <bsd.port.post.mk>

sysutils/ganglia-monitor-core/distinfo

@@ -1,3 +1,3 @@
-MD5 (ganglia-3.0.6.tar.gz) = f2fecaae424be95ddf8b2cc6247be31d
-SHA256 (ganglia-3.0.6.tar.gz) = 590c0c5e1b7b7a27cc1234093cf8caaac6b000f8035d9985459aaa7dcf2c2cb5
-SIZE (ganglia-3.0.6.tar.gz) = 2854746
+MD5 (ganglia-3.1.1.tar.gz) = e6f4de42afecb4731a5de4606e3f1045
+SHA256 (ganglia-3.1.1.tar.gz) = cc6955f0b086f40dc646e3d0d9f152854d1dcd19dea81b9bff16b38f3819f75c
+SIZE (ganglia-3.1.1.tar.gz) = 1152883

sysutils/ganglia-monitor-core/files/patch-gmetad_server.c

@@ -0,0 +1,49 @@
+
+$FreeBSD$
+
+--- gmetad/server.c.orig
++++ gmetad/server.c
+@@ -370,14 +370,13 @@
+    
+ /* sacerdoti: This function does a tree walk while respecting the filter path.
+  * Will return valid XML even if we have chosen a subtree. Since tree depth is
+- * bounded, this function guarantees O(1) search time. The recursive structure 
+- * does not require any memory allocations. 
++ * bounded, this function guarantees O(1) search time.
+  */
+ static int
+ process_path (client_t *client, char *path, datum_t *myroot, datum_t *key)
+ {
+    char *p, *q, *pathend;
+-   char element[256];
++   char *element;
+    int rc, len;
+    datum_t *found;
+    datum_t findkey;
+@@ -419,6 +418,9 @@
+          if (!q) q=pathend;
+       
+          len = q-p;
++         element = malloc(len + 1);
++         if ( element == NULL )
++             return 1;
+          strncpy(element, p, len);
+          element[len] = '\0';
+       
+@@ -440,6 +442,7 @@
+             {
+                rc = process_path(client, 0, myroot, NULL);
+             }
++         free(element);
+       }
+    if (rc) return 1;
+ 
+@@ -537,7 +540,7 @@
+    socklen_t len;
+    client_t client;
+    char remote_ip[16];
+-   char request[REQUESTLEN];
++   char request[REQUESTLEN + 1];
+    llist_entry *le;
+    datum_t rootdatum;
+ 

sysutils/ganglia-monitor-core/files/patch-libmetrics_freebsd_metrics.c

@@ -1,14 +0,0 @@
-
-$FreeBSD$
-
---- libmetrics/freebsd/metrics.c.orig
-+++ libmetrics/freebsd/metrics.c
-@@ -211,7 +211,7 @@
- {
-    g_val_t val;
-    size_t len;
--   long total;
-+   u_long total;
- 
-    len = sizeof(total);
- 

sysutils/ganglia-monitor-core/pkg-plist

@@ -1,17 +1,30 @@
 @comment $FreeBSD$
-%%LIBGANGLIA%%bin/ganglia-config
+bin/ganglia-config
 bin/gstat
 bin/gmetric
 @unexec if cmp -s %D/etc/gmond.conf %D/etc/gmond.conf.sample; then rm -f %D/etc/gmond.conf; fi
 etc/gmond.conf.sample
 %%GMETAD%%@unexec if cmp -s %D/etc/gmetad.conf %D/etc/gmetad.conf.sample; then rm -f %D/etc/gmetad.conf; fi
 %%GMETAD%%etc/gmetad.conf.sample
-%%LIBGANGLIA%%include/ganglia.h
-%%LIBGANGLIA%%lib/libganglia-3.0.0.so.0
-%%LIBGANGLIA%%lib/libganglia-3.0.0.so
-%%LIBGANGLIA%%lib/libganglia.so
-%%LIBGANGLIA%%lib/libganglia.la
-%%LIBGANGLIA%%lib/libganglia.a
+include/ganglia.h
+include/ganglia_gexec.h
+include/gm_mmn.h
+include/gm_metric.h
+include/gm_msg.h
+include/gm_protocol.h
+include/gm_value.h
+lib/libganglia-3.1.1.so.0
+lib/libganglia.a
+lib/libganglia.la
+lib/ganglia/libmodcpu.so.0.0
+lib/ganglia/libmoddisk.so.0.0
+lib/ganglia/libmodload.so.0.0
+lib/ganglia/libmodmem.so.0.0
+lib/ganglia/libmodmulticpu.so.0.0
+lib/ganglia/libmodnet.so.0.0
+lib/ganglia/libmodproc.so.0.0
+lib/ganglia/libmodpython.so.0.0
+lib/ganglia/libmodsys.so.0.0
 %%GMETAD%%sbin/gmetad
 %%GMETAD%%sbin/gmetasnap
 sbin/gmond

sysutils/ganglia-webfrontend/Makefile

@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	webfrontend
-PORTVERSION=	3.0.6
-PORTREVISION=	3
+PORTVERSION=	3.1.1
 CATEGORIES=	sysutils net parallel www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	ganglia

sysutils/ganglia-webfrontend/distinfo

@@ -1,3 +1,3 @@
-MD5 (ganglia-3.0.6.tar.gz) = f2fecaae424be95ddf8b2cc6247be31d
-SHA256 (ganglia-3.0.6.tar.gz) = 590c0c5e1b7b7a27cc1234093cf8caaac6b000f8035d9985459aaa7dcf2c2cb5
-SIZE (ganglia-3.0.6.tar.gz) = 2854746
+MD5 (ganglia-3.1.1.tar.gz) = e6f4de42afecb4731a5de4606e3f1045
+SHA256 (ganglia-3.1.1.tar.gz) = cc6955f0b086f40dc646e3d0d9f152854d1dcd19dea81b9bff16b38f3819f75c
+SIZE (ganglia-3.1.1.tar.gz) = 1152883

sysutils/ganglia-webfrontend/pkg-plist

@@ -9,10 +9,16 @@
 %%WEBFRONTDIR%%/ganglia.php
 %%WEBFRONTDIR%%/get_context.php
 %%WEBFRONTDIR%%/get_ganglia.php
+%%WEBFRONTDIR%%/graph.d/cpu_report.php
+%%WEBFRONTDIR%%/graph.d/load_report.php
+%%WEBFRONTDIR%%/graph.d/mem_report.php
+%%WEBFRONTDIR%%/graph.d/metric.php
+%%WEBFRONTDIR%%/graph.d/network_report.php
+%%WEBFRONTDIR%%/graph.d/packet_report.php
+%%WEBFRONTDIR%%/graph.d/sample_report.php
 %%WEBFRONTDIR%%/graph.php
 %%WEBFRONTDIR%%/grid_tree.php
 %%WEBFRONTDIR%%/header.php
-%%WEBFRONTDIR%%/host_gmetrics.php
 %%WEBFRONTDIR%%/host_view.php
 %%WEBFRONTDIR%%/index.php
 %%WEBFRONTDIR%%/meta_view.php
@@ -22,12 +28,6 @@
 %%WEBFRONTDIR%%/private_clusters
 %%WEBFRONTDIR%%/show_node.php
 %%WEBFRONTDIR%%/styles.css
-%%WEBFRONTDIR%%/templates/Rocks/cluster_extra.tpl
-%%WEBFRONTDIR%%/templates/Rocks/header.tpl
-%%WEBFRONTDIR%%/templates/Rocks/host_extra.tpl
-%%WEBFRONTDIR%%/templates/Rocks/images/ganglia.jpg
-%%WEBFRONTDIR%%/templates/Rocks/images/hardhat.png
-%%WEBFRONTDIR%%/templates/Rocks/images/rocks.jpg
 %%WEBFRONTDIR%%/templates/default/cluster_extra.tpl
 %%WEBFRONTDIR%%/templates/default/cluster_view.tpl
 %%WEBFRONTDIR%%/templates/default/footer.tpl
@@ -35,7 +35,6 @@
 %%WEBFRONTDIR%%/templates/default/header-nobanner.tpl
 %%WEBFRONTDIR%%/templates/default/header.tpl
 %%WEBFRONTDIR%%/templates/default/host_extra.tpl
-%%WEBFRONTDIR%%/templates/default/host_gmetrics.tpl
 %%WEBFRONTDIR%%/templates/default/host_view.tpl
 %%WEBFRONTDIR%%/templates/default/images/cluster_0-24.jpg
 %%WEBFRONTDIR%%/templates/default/images/cluster_25-49.jpg
@@ -63,8 +62,7 @@
 %%WEBFRONTDIR%%/version.php
 @dirrm %%WEBFRONTDIR%%/templates/default/images
 @dirrm %%WEBFRONTDIR%%/templates/default
-@dirrm %%WEBFRONTDIR%%/templates/Rocks/images
-@dirrm %%WEBFRONTDIR%%/templates/Rocks
 @dirrm %%WEBFRONTDIR%%/templates
-@dirrmtry rmdir %D/%%WEBFRONTDIR%%
+@dirrm %%WEBFRONTDIR%%/graph.d
+@dirrmtry /bin/rmdir %D/%%WEBFRONTDIR%%
 @unexec (test -d %D/%%WEBFRONTDIR%% && (echo "Configuration information saved.  If you will *NOT* use this package anymore," && echo "please remove %D/%%WEBFRONTDIR%% and its contents manually.")) || true