rpms/net-snmp
8
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-139310 - perl modern auth enablement

Browse Source 
Signed-off-by: Josef Ridky <jridky@redhat.com>
This commit is contained in:
Josef Ridky 2026-01-14 14:13:04 +01:00
parent 3d35f7bf2b
commit 4dc107e15a
2 changed files with 111 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
net-snmp-5.8-perl-modern-auth-enablement.patch Normal file
View File

@ -0,0 +1,108 @@
diff -up net-snmp-5.8/include/net-snmp/library/scapi.h.rhcase04340580 net-snmp-5.8/include/net-snmp/library/scapi.h
--- net-snmp-5.8/include/net-snmp/library/scapi.h.rhcase04340580 2026-01-07 09:24:59.756322331 +0100
+++ net-snmp-5.8/include/net-snmp/library/scapi.h 2026-01-07 09:25:38.665568566 +0100
@@ -87,9 +87,9 @@ typedef struct netsnmp_priv_alg_info_s {
NETSNMP_IMPORT
oid * sc_get_auth_oid(int auth_type, size_t *oid_len);
NETSNMP_IMPORT
- netsnmp_auth_alg_info * sc_get_auth_alg_byoid(const oid *oid, u_int len);
+ netsnmp_auth_alg_info * sc_find_auth_alg_byoid(const oid *oid, u_int len);
NETSNMP_IMPORT
- netsnmp_auth_alg_info * sc_get_auth_alg_bytype(u_int type);
+ netsnmp_auth_alg_info * sc_find_auth_alg_bytype(u_int type);
NETSNMP_IMPORT
netsnmp_auth_alg_info * sc_get_auth_alg_byindex(u_int index);
diff -up net-snmp-5.8/perl/SNMP/SNMP.xs.rhcase04340580 net-snmp-5.8/perl/SNMP/SNMP.xs
--- net-snmp-5.8/perl/SNMP/SNMP.xs.rhcase04340580 2026-01-05 11:30:22.717000136 +0100
+++ net-snmp-5.8/perl/SNMP/SNMP.xs 2026-01-05 11:44:27.466329639 +0100
@@ -2633,6 +2633,7 @@ snmp_new_v3_session(version, peer, retri
SnmpSession session = {0};
SnmpSession *ss = NULL;
int verbose = SvIV(perl_get_sv("SNMP::verbose", 0x01 | 0x04));
+ int auth_type, priv_type;
snmp_sess_init(&session);
@@ -2664,25 +2665,25 @@ snmp_new_v3_session(version, peer, retri
(char **) &session.contextEngineID);
session.engineBoots = eng_boots;
session.engineTime = eng_time;
-#ifndef NETSNMP_DISABLE_MD5
- if (!strcmp(auth_proto, "MD5")) {
- session.securityAuthProto =
- snmp_duplicate_objid(usmHMACMD5AuthProtocol,
- OID_LENGTH(usmHMACMD5AuthProtocol));
- session.securityAuthProtoLen = OID_LENGTH(usmHMACMD5AuthProtocol);
- } else
-#endif
- if (!strcmp(auth_proto, "SHA")) {
- session.securityAuthProto =
- snmp_duplicate_objid(usmHMACSHA1AuthProtocol,
- OID_LENGTH(usmHMACSHA1AuthProtocol));
- session.securityAuthProtoLen = OID_LENGTH(usmHMACSHA1AuthProtocol);
- } else if (!strcmp(auth_proto, "DEFAULT")) {
+ /* NETSNMP_USMAUTH_* */
+ auth_type = usm_lookup_auth_type(auth_proto);
+ if (auth_type >= 0) {
+ const netsnmp_auth_alg_info *auth_alg_info =
+ sc_find_auth_alg_bytype(auth_type);
+ if (auth_alg_info) {
+ session.securityAuthProto =
+ snmp_duplicate_objid(auth_alg_info->alg_oid,
+ auth_alg_info->oid_len);
+ session.securityAuthProtoLen = auth_alg_info->oid_len;
+ }
+ }
+ if (strcmp(auth_proto, "DEFAULT") == 0) {
const oid *theoid =
get_default_authtype(&session.securityAuthProtoLen);
session.securityAuthProto =
snmp_duplicate_objid(theoid, session.securityAuthProtoLen);
- } else {
+ }
+ if (session.securityAuthProto == NULL) {
if (verbose)
warn("error:snmp_new_v3_session:Unsupported authentication protocol(%s)\n", auth_proto);
goto end;
@@ -2714,25 +2715,24 @@ snmp_new_v3_session(version, peer, retri
}
}
}
-#ifndef NETSNMP_DISABLE_DES
- if (!strcmp(priv_proto, "DES")) {
- session.securityPrivProto =
- snmp_duplicate_objid(usmDESPrivProtocol,
- OID_LENGTH(usmDESPrivProtocol));
- session.securityPrivProtoLen = OID_LENGTH(usmDESPrivProtocol);
- } else
-#endif
- if (!strncmp(priv_proto, "AES", 3)) {
- session.securityPrivProto =
- snmp_duplicate_objid(usmAESPrivProtocol,
- OID_LENGTH(usmAESPrivProtocol));
- session.securityPrivProtoLen = OID_LENGTH(usmAESPrivProtocol);
- } else if (!strcmp(priv_proto, "DEFAULT")) {
+ priv_type = usm_lookup_priv_type(priv_proto);
+ if (priv_type >= 0) {
+ const netsnmp_priv_alg_info *priv_alg_info =
+ sc_get_priv_alg_bytype(priv_type);
+ if (priv_alg_info) {
+ session.securityPrivProto =
+ snmp_duplicate_objid(priv_alg_info->alg_oid,
+ priv_alg_info->oid_len);
+ session.securityPrivProtoLen = priv_alg_info->oid_len;
+ }
+ }
+ if (strcmp(priv_proto, "DEFAULT") == 0) {
const oid *theoid =
get_default_privtype(&session.securityPrivProtoLen);
session.securityPrivProto =
snmp_duplicate_objid(theoid, session.securityPrivProtoLen);
- } else {
+ }
+ if (session.securityPrivProto == NULL) {
if (verbose)
warn("error:snmp_new_v3_session:Unsupported privacy protocol(%s)\n", priv_proto);
goto end;

3
net-snmp.spec
View File

@ -84,6 +84,7 @@ Patch55: net-snmp-5.8-CVE-2022-24805-24810.patch
Patch56: net-snmp-5.8-callback-fix.patch
Patch57: net-snmp-5.8-engine-evaluation.patch
Patch58: net-snmp-5.9.4-oob-access.patch
Patch59: net-snmp-5.8-perl-modern-auth-enablement.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
@ -267,6 +268,7 @@ rm -r python
%patch56 -p1 -b .callback-fix
%patch57 -p1 -b .engine-evaluation
%patch58 -p1 -b .oob-access
%patch59 -p1 -b .perl-auth-enablement
%patch101 -p1 -b .modern-rpm-api
@ -523,6 +525,7 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%changelog
* Wed Jan 14 2026 Josef Ridky <jridky@redhat.com> - 1:5.8-33
- fix out of bound access (RHEL-137501)
- perl modern auth enablement (RHEL-137310)
* Wed Oct 29 2025 Josef Ridky <jridky@redhat.com> - 1:5.8-32
- fix engine order of evaluation (RHEL-116089)