From 3767762deb8891b87a9a77570767d74d0aaee730 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 7 Oct 2025 07:16:23 +0000
Subject: [PATCH] import UBI net-snmp-5.8-31.el8_10

---
 SOURCES/net-snmp-5.8-callback-fix.patch | 32 +++++++++++++++++++++++++
 SPECS/net-snmp.spec                     |  7 +++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/net-snmp-5.8-callback-fix.patch

diff --git a/SOURCES/net-snmp-5.8-callback-fix.patch b/SOURCES/net-snmp-5.8-callback-fix.patch
new file mode 100644
index 0000000..d82a41f
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-callback-fix.patch
@@ -0,0 +1,32 @@
+diff -urNp a/snmplib/callback.c b/snmplib/callback.c
+--- a/snmplib/callback.c	2025-08-13 15:21:25.507544080 +0200
++++ b/snmplib/callback.c	2025-08-13 15:25:01.973092935 +0200
+@@ -346,13 +346,17 @@ snmp_call_callbacks(int major, int minor
+     /*
+      * for each registered callback of type major and minor 
+      */
+-    for (scp = thecallbacks[major][minor]; scp != NULL; scp = scp->next) {
++    scp = thecallbacks[major][minor];
++    while (scp != NULL) {
++        struct snmp_gen_callback *scp_next = scp->next;
+ 
+         /*
+          * skip unregistered callbacks
+          */
+-        if(NULL == scp->sc_callback)
++        if(NULL == scp->sc_callback) {
++            scp = scp_next;
+             continue;
++        }
+ 
+         DEBUGMSGTL(("callback", "calling a callback for maj=%d min=%d\n",
+                     major, minor));
+@@ -363,6 +367,8 @@ snmp_call_callbacks(int major, int minor
+         (*(scp->sc_callback)) (major, minor, caller_arg,
+                                scp->sc_client_arg);
+         count++;
++
++        scp = scp_next;
+     }
+ 
+     DEBUGMSGTL(("callback",
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 514feed..554d9e3 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -10,7 +10,7 @@
 Summary:    A collection of SNMP protocol tools and libraries
 Name:       net-snmp
 Version:    5.8
-Release:    30%{?dist}
+Release:    31%{?dist}
 Epoch:      1
 
 License:    BSD
@@ -81,6 +81,7 @@ Patch52:    net-snmp-5.8-memavailable.patch
 Patch53:    net-snmp-5.8-proxy.patch
 Patch54:    net-snmp-5.8-truncating-log-once.patch
 Patch55:    net-snmp-5.8-CVE-2022-24805-24810.patch
+Patch56:    net-snmp-5.8-callback-fix.patch
 
 # Modern RPM API means at least EL6
 Patch101:   net-snmp-5.8-modern-rpm-api.patch
@@ -261,6 +262,7 @@ rm -r python
 %patch53 -p1 -b .proxy
 %patch54 -p1 -b .truncating-log-once
 %patch55 -p1 -b .CVE-2022-24805-24810
+%patch56 -p1 -b .callback-fix
 
 %patch101 -p1 -b .modern-rpm-api
 
@@ -515,6 +517,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_libdir}/libnetsnmptrapd*.so.%{soname}*
 
 %changelog
+* Wed Aug 13 2025 Josef Ridky <jridky@redhat.com> - 1:5.8-31
+- fix use after free issue (RHEL-64696)
+
 * Mon Mar 04 2024 Josef Ridky <jridky@redhat.com> - 1:5.8-30
 - fix crash when configured as proxy - issue 82 (RHEL-14454)
 - log once truncating issue (RHEL-13597)