From 102cd86e604e89cd54b36a2bc5a93245d2727303 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 3 Nov 2020 06:52:15 -0500 Subject: [PATCH] import net-snmp-5.8-17.el8 --- .net-snmp.metadata | 2 +- SOURCES/net-snmp-5.8-aes-config.patch | 100 ++++++++++ SOURCES/net-snmp-5.8-dskTable-dynamic.patch | 181 ++++++++++++++++++ .../net-snmp-5.8-duplicate-ipAddress.patch | 11 ++ .../net-snmp-5.8-expand-SNMPCONFPATH.patch | 12 ++ .../net-snmp-5.8-ipAddress-faster-load.patch | 82 ++++++++ SOURCES/net-snmp-5.8-man-page.patch | 36 ++++ SOURCES/net-snmp-5.8-memory-reporting.patch | 35 ++++ SOURCES/net-snmp-5.8-proxy-getnext.patch | 12 ++ SOURCES/net-snmp-5.8-rpm-memory-leak.patch | 26 +++ SOURCES/snmpd.service | 2 +- SOURCES/snmptrapd.service | 2 +- SPECS/net-snmp.spec | 48 ++++- 13 files changed, 540 insertions(+), 9 deletions(-) create mode 100644 SOURCES/net-snmp-5.8-aes-config.patch create mode 100644 SOURCES/net-snmp-5.8-dskTable-dynamic.patch create mode 100644 SOURCES/net-snmp-5.8-duplicate-ipAddress.patch create mode 100644 SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch create mode 100644 SOURCES/net-snmp-5.8-ipAddress-faster-load.patch create mode 100644 SOURCES/net-snmp-5.8-man-page.patch create mode 100644 SOURCES/net-snmp-5.8-memory-reporting.patch create mode 100644 SOURCES/net-snmp-5.8-proxy-getnext.patch create mode 100644 SOURCES/net-snmp-5.8-rpm-memory-leak.patch diff --git a/.net-snmp.metadata b/.net-snmp.metadata index 6435577..557c391 100644 --- a/.net-snmp.metadata +++ b/.net-snmp.metadata @@ -1 +1 @@ -78f70731df9dcdb13fe8f60eb7d80d7583da4d2c SOURCES/net-snmp-5.8.tar.gz +81654b086af051edbe7e03ba49672aa0c2ab1d38 SOURCES/net-snmp-5.8.tar.gz diff --git a/SOURCES/net-snmp-5.8-aes-config.patch b/SOURCES/net-snmp-5.8-aes-config.patch new file mode 100644 index 0000000..a1ce69c --- /dev/null +++ b/SOURCES/net-snmp-5.8-aes-config.patch @@ -0,0 +1,100 @@ +From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Mon, 27 Apr 2020 08:23:16 -0700 +Subject: [PATCH] configure: Report supported authentication and encryption + modes correctly + +Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP +Research / CISCO") removed SHA-128 and SHA-192 support and added support for +SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv +protocol constants handling") added support for several AES encryption modes. +Make the configure script report which modes are supported. +--- + configure | 15 ++++++++++++++- + configure.d/config_os_misc2 | 15 ++++++++++++++- + 2 files changed, 28 insertions(+), 2 deletions(-) + +diff --git a/configure b/configure +index 46402589f..7481ebd07 100755 +--- a/configure ++++ b/configure +@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h + { $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5 + $as_echo "Internal Crypto Support" >&6; } + elif test "x$useopenssl" != "xno" ; then +- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192" ++ authmodes="MD5 SHA1" ++ if test "x$ac_cv_func_EVP_sha224" = xyes; then ++ authmodes="$authmodes SHA224 SHA256" ++ fi ++ if test "x$ac_cv_func_EVP_sha384" = xyes; then ++ authmodes="$authmodes SHA384 SHA512" ++ fi + if test "x$enable_privacy" != "xno" ; then + if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then + encrmodes="DES AES" +@@ -26492,6 +26498,13 @@ fi + if test "x$enable_md5" = "xno"; then + authmodes=`echo $authmodes | $SED 's/MD5 *//;'` + fi ++if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes || ++ test "x$CRYPTO" = xinternal; then ++ encrmodes="$encrmodes AES128" ++ if test "x$aes_capable" = "xyes"; then ++ encrmodes="$encrmodes AES192 AES192C AES256 AES256C" ++ fi ++fi + + + +diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2 +index 1df9bf0a2..be0bccec0 100644 +--- a/configure.d/config_os_misc2 ++++ b/configure.d/config_os_misc2 +@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then + AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used") + AC_MSG_RESULT(Internal Crypto Support) + elif test "x$useopenssl" != "xno" ; then +- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192" ++ authmodes="MD5 SHA1" ++ if test "x$ac_cv_func_EVP_sha224" = xyes; then ++ authmodes="$authmodes SHA224 SHA256" ++ fi ++ if test "x$ac_cv_func_EVP_sha384" = xyes; then ++ authmodes="$authmodes SHA384 SHA512" ++ fi + if test "x$enable_privacy" != "xno" ; then + if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then + encrmodes="DES AES" +@@ -86,6 +92,13 @@ fi + if test "x$enable_md5" = "xno"; then + authmodes=`echo $authmodes | $SED 's/MD5 *//;'` + fi ++if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes || ++ test "x$CRYPTO" = xinternal; then ++ encrmodes="$encrmodes AES128" ++ if test "x$aes_capable" = "xyes"; then ++ encrmodes="$encrmodes AES192 AES192C AES256 AES256C" ++ fi ++fi + AC_SUBST(LNETSNMPLIBS) + AC_SUBST(LAGENTLIBS) + + +diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in +--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200 ++++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200 +@@ -58,11 +58,11 @@ case $1 in + exit 1 + fi + case $1 in +- DES|AES|AES128) ++ DES|AES|AES128|AES192|AES256) + Xalgorithm=$1 + shift + ;; +- des|aes|aes128) ++ des|aes|aes128|aes192|aes256) + Xalgorithm=`echo $1 | tr a-z A-Z` + shift + ;; diff --git a/SOURCES/net-snmp-5.8-dskTable-dynamic.patch b/SOURCES/net-snmp-5.8-dskTable-dynamic.patch new file mode 100644 index 0000000..3ecbe64 --- /dev/null +++ b/SOURCES/net-snmp-5.8-dskTable-dynamic.patch @@ -0,0 +1,181 @@ +diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c +--- a/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:29:35.867328760 +0200 ++++ b/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:44:13.053535421 +0200 +@@ -153,9 +153,10 @@ static void disk_free_config(void) + static void disk_parse_config(const char *, char *); + static void disk_parse_config_all(const char *, char *); + #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS +-static void find_and_add_allDisks(int minpercent); ++static void refresh_disk_table(int addNewDisks, int minpercent); + static void add_device(char *path, char *device, +- int minspace, int minpercent, int override); ++ int minspace, int minpercent, int addNewDisks, ++ int override); + static void modify_disk_parameters(int index, int minspace, + int minpercent); + static int disk_exists(char *path); +@@ -167,6 +168,7 @@ struct diskpart { + char path[STRMAX]; + int minimumspace; + int minpercent; ++ int alive; + }; + + #define MAX_INT_32 0x7fffffff +@@ -174,6 +176,7 @@ struct diskpart { + + unsigned int numdisks; + int allDisksIncluded = 0; ++int allDisksMinPercent = 0; + unsigned int maxdisks = 0; + struct diskpart *disks; + +@@ -238,6 +241,7 @@ init_disk(void) + disk_free_config, + "minpercent%"); + allDisksIncluded = 0; ++ allDisksMinPercent = 0; + } + + static void +@@ -253,6 +257,7 @@ disk_free_config(void) + disks[i].minpercent = -1; + } + allDisksIncluded = 0; ++ allDisksMinPercent = 0; + } + + static void +@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha + * check if the disk already exists, if so then modify its + * parameters. if it does not exist then add it + */ +- add_device(path, find_device(path), minspace, minpercent, 1); ++ add_device(path, find_device(path), minspace, minpercent, 1, 1); + #endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */ + } + +@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token, + + #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS + static void +-add_device(char *path, char *device, int minspace, int minpercent, int override) ++add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override) + { + int index; + +@@ -402,10 +407,16 @@ add_device(char *path, char *device, int + } + + index = disk_exists(path); +- if((index != -1) && (index < maxdisks) && (override==1)) { +- modify_disk_parameters(index, minspace, minpercent); ++ if((index != -1) && (index < maxdisks)) { ++ /* the path is already in the table */ ++ disks[index].alive = 1; ++ /* -> update its device */ ++ strlcpy(disks[index].device, device, sizeof(disks[index].device)); ++ if (override == 1) { ++ modify_disk_parameters(index, minspace, minpercent); ++ } + } +- else if(index == -1){ ++ else if(index == -1 && addNewDisks){ + /* add if and only if the device was found */ + if(device[0] != 0) { + /* The following buffers are cleared above, no need to add '\0' */ +@@ -413,6 +424,7 @@ add_device(char *path, char *device, int + strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device)); + disks[numdisks].minimumspace = minspace; + disks[numdisks].minpercent = minpercent; ++ disks[numdisks].alive = 1; + numdisks++; + } + else { +@@ -420,6 +432,7 @@ add_device(char *path, char *device, int + disks[numdisks].minpercent = -1; + disks[numdisks].path[0] = 0; + disks[numdisks].device[0] = 0; ++ disks[numdisks].alive = 0; + } + } + } +@@ -444,7 +457,7 @@ int disk_exists(char *path) + } + + static void +-find_and_add_allDisks(int minpercent) ++refresh_disk_table(int addNewDisks, int minpercent) + { + #if HAVE_GETMNTENT + #if HAVE_SYS_MNTTAB_H +@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent) + return; + } + while (mntfp && NULL != (mntent = getmntent(mntfp))) { +- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0); ++ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0); + dummy = 1; + } + if (mntfp) +@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent) + return; + } + while ((i = getmntent(mntfp, &mnttab)) == 0) { +- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0); ++ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0); + dummy = 1; + } + fclose(mntfp); +@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent) + #elif HAVE_FSTAB_H + setfsent(); /* open /etc/fstab */ + while((fstab1 = getfsent()) != NULL) { +- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0); ++ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0); + dummy = 1; + } + endfsent(); /* close /etc/fstab */ +@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent) + mntsize = getmntinfo(&mntbuf, MNT_NOWAIT); + for (i = 0; i < mntsize; i++) { + if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) { +- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0); ++ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0); + } + } + } +@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent) + * statfs we default to the root partition "/" + */ + if (statfs("/", &statf) == 0) { +- add_device("/", statf.f_mntfromname, -1, minpercent, 0); ++ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0); + } + #endif + else { +@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_e + #endif + #endif + ++ if (disks[disknum].alive == 0){ ++ return -1; ++ } ++ + entry->dskPercentInode = -1; + + #if defined(HAVE_STATVFS) || defined(HAVE_STATFS) +@@ -826,6 +843,13 @@ var_extensible_disk(struct variable *vp, + static long long_ret; + static char *errmsg; + ++ int i; ++ for (i = 0; i < numdisks; i++){ ++ disks[i].alive = 0; ++ } ++ /* dynamically add new disks + update alive flag */ ++ refresh_disk_table(allDisksIncluded, allDisksMinPercent); ++ + tryAgain: + if (header_simple_table + (vp, name, length, exact, var_len, write_method, numdisks)) diff --git a/SOURCES/net-snmp-5.8-duplicate-ipAddress.patch b/SOURCES/net-snmp-5.8-duplicate-ipAddress.patch new file mode 100644 index 0000000..075976a --- /dev/null +++ b/SOURCES/net-snmp-5.8-duplicate-ipAddress.patch @@ -0,0 +1,11 @@ +diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c +--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200 ++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200 +@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co + for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) { + if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) { + /* 'entry' is duplicate of the previous one -> delete it */ ++ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n")); + netsnmp_access_ipaddress_entry_free(entry); + } else { + CONTAINER_INSERT(ret, entry); diff --git a/SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch b/SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch new file mode 100644 index 0000000..a812cf4 --- /dev/null +++ b/SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch @@ -0,0 +1,12 @@ +diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c +--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200 ++++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200 +@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type) + * save a warning header to the top of the new file + */ + snprintf(fileold, sizeof(fileold), +- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s", ++ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s", + "#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n", + "#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n", + type, type, type, diff --git a/SOURCES/net-snmp-5.8-ipAddress-faster-load.patch b/SOURCES/net-snmp-5.8-ipAddress-faster-load.patch new file mode 100644 index 0000000..db95998 --- /dev/null +++ b/SOURCES/net-snmp-5.8-ipAddress-faster-load.patch @@ -0,0 +1,82 @@ +diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c +--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200 ++++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200 +@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr) + } + + #elif defined(linux) ++#include + static struct ifreq *ifr; + static int ifr_counter; + + static void + Address_Scan_Init(void) + { +- int num_interfaces = 0; ++ int i; + int fd; ++ int lastlen = 0; + + /* get info about all interfaces */ + +@@ -510,28 +512,45 @@ Address_Scan_Init(void) + SNMP_FREE(ifc.ifc_buf); + ifr_counter = 0; + +- do +- { + if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + { + DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n")); + return; + } +- num_interfaces += 16; + +- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces; +- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len); +- +- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) +- { +- ifr=NULL; +- close(fd); +- return; +- } +- close(fd); ++ /* ++ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF ++ * on some platforms; see W. R. Stevens, ``Unix Network Programming ++ * Volume I'', p.435... ++ */ ++ ++ for (i = 8;; i *= 2) { ++ ifc.ifc_len = sizeof(struct ifreq) * i; ++ ifc.ifc_req = calloc(i, sizeof(struct ifreq)); ++ ++ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) { ++ if (errno != EINVAL || lastlen != 0) { ++ /* ++ * Something has gone genuinely wrong... ++ */ ++ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno); ++ SNMP_FREE(ifc.ifc_buf); ++ close(fd); ++ return; ++ } ++ } else { ++ if (ifc.ifc_len == lastlen) { ++ /* ++ * The length is the same as the last time; we're done... ++ */ ++ break; ++ } ++ lastlen = ifc.ifc_len; ++ } ++ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */ + } +- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces)); +- ++ ++ close(fd); + ifr = ifc.ifc_req; + } + diff --git a/SOURCES/net-snmp-5.8-man-page.patch b/SOURCES/net-snmp-5.8-man-page.patch new file mode 100644 index 0000000..dc78e14 --- /dev/null +++ b/SOURCES/net-snmp-5.8-man-page.patch @@ -0,0 +1,36 @@ +diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def +--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200 ++++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200 +@@ -3,7 +3,7 @@ + net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file + .SH SYNOPSIS + .PP +-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES] ++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES] + .B [username] + .SH DESCRIPTION + .PP +@@ -16,13 +16,16 @@ new user in net-snmp configuration file + displays the net-snmp version number + .TP + \fB\-ro\fR +-create an user with read-only permissions ++creates a user with read-only permissions + .TP +-\fB\-a authpass\fR +-specify authentication password ++\fB\-A authpass\fR ++specifies the authentication password + .TP +-\fB\-x privpass\fR +-specify encryption password ++\fB\-a MD5|SHA\fR ++specifies the authentication password hashing algorithm + .TP +-\fB\-X DES|AES\fR +-specify encryption algorithm ++\fB\-X privpass\fR ++specifies the encryption password ++.TP ++\fB\-x DES|AES\fR ++specifies the encryption algorithm diff --git a/SOURCES/net-snmp-5.8-memory-reporting.patch b/SOURCES/net-snmp-5.8-memory-reporting.patch new file mode 100644 index 0000000..da03a37 --- /dev/null +++ b/SOURCES/net-snmp-5.8-memory-reporting.patch @@ -0,0 +1,35 @@ +diff -urNp a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c +--- a/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:36:40.164588176 +0200 ++++ b/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:38:59.398944829 +0200 +@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache + ssize_t bytes_read; + char *b; + unsigned long memtotal = 0, memfree = 0, memshared = 0, +- buffers = 0, cached = 0, ++ buffers = 0, cached = 0, sreclaimable = 0, + swaptotal = 0, swapfree = 0; + + netsnmp_memory_info *mem; +@@ -127,6 +127,13 @@ int netsnmp_mem_arch_load( netsnmp_cache + if (first) + snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n"); + } ++ b = strstr(buff, "SReclaimable: "); ++ if (b) ++ sscanf(b, "SReclaimable: %lu", &sreclaimable); ++ else { ++ if (first) ++ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n"); ++ } + b = strstr(buff, "SwapFree: "); + if (b) + sscanf(b, "SwapFree: %lu", &swapfree); +@@ -183,7 +190,7 @@ int netsnmp_mem_arch_load( netsnmp_cache + if (!mem->descr) + mem->descr = strdup("Cached memory"); + mem->units = 1024; +- mem->size = cached; ++ mem->size = cached+sreclaimable; + mem->free = 0; /* Report cached size/used as equal */ + mem->other = -1; + } diff --git a/SOURCES/net-snmp-5.8-proxy-getnext.patch b/SOURCES/net-snmp-5.8-proxy-getnext.patch new file mode 100644 index 0000000..ff2294f --- /dev/null +++ b/SOURCES/net-snmp-5.8-proxy-getnext.patch @@ -0,0 +1,12 @@ +diff -ruNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c +--- a/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:24:24.933347483 +0200 ++++ b/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:25:49.007148474 +0200 +@@ -460,7 +460,7 @@ proxy_handler(netsnmp_mib_handler *handl + if (sp->base_len && + reqinfo->mode == MODE_GETNEXT && + (snmp_oid_compare(ourname, ourlength, +- sp->base, sp->base_len) < 0)) { ++ sp->name, sp->name_len) < 0)) { + DEBUGMSGTL(( "proxy", "request is out of registered range\n")); + /* + * Create GETNEXT request with an OID so the diff --git a/SOURCES/net-snmp-5.8-rpm-memory-leak.patch b/SOURCES/net-snmp-5.8-rpm-memory-leak.patch new file mode 100644 index 0000000..33b8d29 --- /dev/null +++ b/SOURCES/net-snmp-5.8-rpm-memory-leak.patch @@ -0,0 +1,26 @@ +diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c +--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200 ++++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200 +@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void) + snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath ); + SNMP_FREE(rpmdbpath); + dbpath = NULL; ++#ifdef HAVE_RPMGETPATH ++ rpmFreeRpmrc(); ++#endif + if (-1 == stat( pkg_directory, &stat_buf )) { + snmp_log(LOG_ERR, "Can't find directory of RPM packages"); + pkg_directory[0] = '\0'; +diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c +--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200 ++++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200 +@@ -231,6 +231,9 @@ init_hr_swinst(void) + snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath); + path[ sizeof(path)-1 ] = 0; + swi->swi_directory = strdup(path); ++#ifdef HAVE_RPMGETPATH ++ rpmFreeRpmrc(); ++#endif + } + #else + # ifdef _PATH_HRSW_directory diff --git a/SOURCES/snmpd.service b/SOURCES/snmpd.service index adb394d..8f6cb2e 100644 --- a/SOURCES/snmpd.service +++ b/SOURCES/snmpd.service @@ -1,6 +1,6 @@ [Unit] Description=Simple Network Management Protocol (SNMP) Daemon. -After=syslog.target network.target +After=syslog.target network-online.target [Service] Type=notify diff --git a/SOURCES/snmptrapd.service b/SOURCES/snmptrapd.service index 9835a38..ec71e75 100644 --- a/SOURCES/snmptrapd.service +++ b/SOURCES/snmptrapd.service @@ -1,6 +1,6 @@ [Unit] Description=Simple Network Management Protocol (SNMP) Trap Daemon. -After=syslog.target network.target +After=syslog.target network-online.target [Service] Type=notify diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec index c5fc5df..f85bdff 100644 --- a/SPECS/net-snmp.spec +++ b/SPECS/net-snmp.spec @@ -10,7 +10,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.8 -Release: 14%{?dist}.1 +Release: 17%{?dist} Epoch: 1 License: BSD @@ -46,7 +46,16 @@ Patch17: net-snmp-5.8-trapsink.patch Patch18: net-snmp-5.8-flood-messages.patch Patch19: net-snmp-5.8-v3-forward.patch Patch20: net-snmp-5.8-sec-counter.patch -Patch21: net-snmp-5.8-sec-memory-leak.patch +Patch21: net-snmp-5.8-proxy-getnext.patch +Patch22: net-snmp-5.8-dskTable-dynamic.patch +Patch23: net-snmp-5.8-expand-SNMPCONFPATH.patch +Patch24: net-snmp-5.8-duplicate-ipAddress.patch +Patch25: net-snmp-5.8-memory-reporting.patch +Patch26: net-snmp-5.8-man-page.patch +Patch27: net-snmp-5.8-ipAddress-faster-load.patch +Patch28: net-snmp-5.8-rpm-memory-leak.patch +Patch29: net-snmp-5.8-sec-memory-leak.patch +Patch30: net-snmp-5.8-aes-config.patch # Modern RPM API means at least EL6 Patch101: net-snmp-5.8-modern-rpm-api.patch @@ -192,7 +201,16 @@ rm -r python %patch18 -p1 -b .flood-messages %patch19 -p1 -b .v3-forward %patch20 -p1 -b .sec-counter -%patch21 -p1 -b .sec-memory-leak +%patch21 -p1 -b .proxy-getnext +%patch22 -p1 -b .dskTable-dynamic +%patch23 -p1 -b .expand-SNMPCONFPATH +%patch24 -p1 -b .duplicate-ipAddress +%patch25 -p1 -b .memory-reporting +%patch26 -p1 -b .man-page +%patch27 -p1 -b .ipAddress-faster-load +%patch28 -p1 -b .rpm-memory-leak +%patch29 -p1 -b .sec-memory-leak +%patch30 -p1 -b .aes-config %patch101 -p1 -b .modern-rpm-api @@ -222,6 +240,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" %configure \ --disable-static --enable-shared \ --enable-as-needed \ + --enable-blumenthal-aes \ --enable-embedded-perl \ --enable-ipv6 \ --enable-local-smux \ @@ -229,7 +248,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" --enable-ucd-snmp-compatibility \ --sysconfdir=%{_sysconfdir} \ --with-cflags="$RPM_OPT_FLAGS" \ - --with-ldflags="-Wl,-z,relro -Wl,-z,now" \ + --with-ldflags="-Wl,-z,relro -Wl,-z,now -lm" \ --with-logfile="/var/log/snmpd.log" \ --with-mib-modules="$MIBS" \ --with-mysql \ @@ -446,8 +465,25 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_libdir}/libnetsnmptrapd*.so.%{soname}* %changelog -* Mon Jun 15 2020 Josef Ridky -1:5.8-14.1 -- add missing part of memory leak patch (#1839736) +* Tue Aug 11 2020 Josef Ridky - 1:5.8-17 +- add math library in LDFLAGS (#1846252) + +* Thu Jul 16 2020 Josef Ridky - 1:5.8-16 +- remove file due licensing issues (#1690936) + +* Wed Jun 10 2020 Josef Ridky - 1:5.8-15 +- proxied OIDs unspecified in proxy statement in snmpd.conf (#1658134) +- UCD-SNMP-MIB::dskTable doesn't update dynamically (#1658185) +- expand SNMPCONFPATH variable (#1660146) +- remove file with Apple license (#1690936) +- log meningful message on duplicate IP address (#1692286) +- memory reporting adjustment (#1695497 and #1766521) +- fix typos in man page (#1700262) +- speedup ipAddressTable loading(#1700391) +- fix memory leak when shut down librpm (#1763008) +- services starts after network-online.target (#1775304) +- add missing part of memory leak patch (#1829860) +- add support for AES192 and AES256 (#1846252) * Mon Mar 16 2020 Josef Ridky - 1:5.8-14 - fix double free or corruption error when freeing security context (#1809077)