From 75659615d550e79f60b7c94308fc9a4315905f89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= Date: Thu, 27 May 2021 16:42:00 +0200 Subject: [PATCH] Resolves: #1964963 - new upstream release 5.9.1 --- .gitignore | 1 + net-snmp-5.8-asn-parse-nlength.patch | 86 ------------ net-snmp-5.8-empty-passphrase.patch | 30 ----- net-snmp-5.9-aes-config.patch | 10 +- net-snmp-5.9-available-memory.patch | 143 -------------------- net-snmp-5.9-dir-fix.patch | 10 +- net-snmp-5.9-dskTable-dynamic.patch | 26 ++-- net-snmp-5.9-intermediate-certs.patch | 185 +++++++------------------- net-snmp-5.9-proxy-getnext.patch | 13 -- net-snmp-5.9-python-ld-flags.patch | 21 --- net-snmp-5.9-ssl-buffer-size.patch | 67 ---------- net-snmp-5.9-twice-IP-parsing.patch | 42 ++---- net-snmp.spec | 79 +++++------ sources | 2 +- 14 files changed, 121 insertions(+), 594 deletions(-) delete mode 100644 net-snmp-5.8-asn-parse-nlength.patch delete mode 100644 net-snmp-5.8-empty-passphrase.patch delete mode 100644 net-snmp-5.9-available-memory.patch delete mode 100644 net-snmp-5.9-proxy-getnext.patch delete mode 100644 net-snmp-5.9-python-ld-flags.patch delete mode 100644 net-snmp-5.9-ssl-buffer-size.patch diff --git a/.gitignore b/.gitignore index eedf3ab..99fc27e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ net-snmp-5.5.tar.gz /net-snmp-5.7.3.tar.gz /net-snmp-5.8.tar.gz /net-snmp-5.9.tar.gz +/net-snmp-5.9.1.tar.gz diff --git a/net-snmp-5.8-asn-parse-nlength.patch b/net-snmp-5.8-asn-parse-nlength.patch deleted file mode 100644 index 23823f5..0000000 --- a/net-snmp-5.8-asn-parse-nlength.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Mon, 4 Jan 2021 12:21:59 -0800 -Subject: [PATCH] libsnmp: Fix asn_parse_nlength() - -Handle length zero correctly. - -Fixes: https://github.com/net-snmp/net-snmp/issues/253 -Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths") ---- - snmplib/asn1.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/snmplib/asn1.c b/snmplib/asn1.c -index e983500e7..33c272768 100644 ---- a/snmplib/asn1.c -+++ b/snmplib/asn1.c -@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len) - * long length; first byte is length of length (after masking high bit) - */ - len_len = (int) ((*pkt & ~0x80) + 1); -- if ((int) pkt_len <= len_len ) -+ if (pkt_len < len_len) - return NULL; /* still too short for length and data */ - - /* now we know we have enough data to parse length */ -From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Mon, 4 Jan 2021 10:00:33 -0800 -Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this - test - -Add a reproducer for the bug fixed by the previous patch. ---- - .../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++ - 1 file changed, 41 insertions(+) - create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c - -diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c -new file mode 100644 -index 000000000..5c21ccdc7 ---- /dev/null -+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c -@@ -0,0 +1,41 @@ -+/* HEADER Parsing of an SNMP trap with no varbinds */ -+netsnmp_pdu pdu; -+int rc; -+static u_char trap_pdu[] = { -+ /* Sequence with length of 0x2d = 45 bytes. */ -+ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d, -+ /* version = INTEGER 0 */ -+ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00, -+ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */ -+ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75, -+ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63, -+ /* SNMP_MSG_TRAP; 32 bytes. */ -+ [15] = 0xa4, [16] = 0x20, -+ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */ -+ [17] = 0x06, [18] = 0x08, -+ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06, -+ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05, -+ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */ -+ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8, -+ [31] = 0x01, [32] = 0x22, -+ /* generic-trap = INTEGER 0 */ -+ [33] = 0x02, [34] = 0x01, [35] = 0x00, -+ /* specific-trap = INTEGER 0 */ -+ [36] = 0x02, [37] = 0x01, [38] = 0x00, -+ /* ASN_TIMETICKS 0x117f243a */ -+ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f, -+ [43] = 0x24, [44] = 0x3a, -+ /* varbind list */ -+ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00, -+}; -+static size_t trap_pdu_length = sizeof(trap_pdu); -+netsnmp_session session; -+ -+snmp_set_do_debugging(TRUE); -+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv"); -+memset(&session, 0, sizeof(session)); -+snmp_sess_init(&session); -+memset(&pdu, 0, sizeof(pdu)); -+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length); -+ -+OKF((rc == 0), ("Parsing of a trap PDU")); - diff --git a/net-snmp-5.8-empty-passphrase.patch b/net-snmp-5.8-empty-passphrase.patch deleted file mode 100644 index deb0388..0000000 --- a/net-snmp-5.8-empty-passphrase.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001 -From: Josef Ridky -Date: Wed, 18 Nov 2020 20:54:34 -0800 -Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly - -See also https://github.com/net-snmp/net-snmp/issues/86. - -Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line") -Reported-by: Chris Cheney ---- - net-snmp-create-v3-user.in | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in -index 452c2699d..31b4c58c1 100644 ---- a/net-snmp-create-v3-user.in -+++ b/net-snmp-create-v3-user.in -@@ -120,7 +120,11 @@ fi - fi - outdir="@PERSISTENT_DIRECTORY@" - outfile="$outdir/snmpd.conf" --line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\"" -+if test "x$xpassphrase" = "x" ; then -+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm" -+else -+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\"" -+fi - echo "adding the following line to $outfile:" - echo " " $line - # in case it hasn't ever been started yet, start it. diff --git a/net-snmp-5.9-aes-config.patch b/net-snmp-5.9-aes-config.patch index ac70142..c3f6848 100644 --- a/net-snmp-5.9-aes-config.patch +++ b/net-snmp-5.9-aes-config.patch @@ -1,18 +1,18 @@ diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in -index afd6fa4..07c26fe 100644 +index ac3c60f..177c00f 100644 --- a/net-snmp-create-v3-user.in +++ b/net-snmp-create-v3-user.in -@@ -58,11 +58,11 @@ case $1 in +@@ -57,11 +57,11 @@ case $1 in exit 1 fi case $1 in - DES|AES|AES128) -+ DES|AES|AES128|AES192|AES256) ++ AES|AES128|AES192|AES256) Xalgorithm=$1 shift ;; - des|aes|aes128) -+ des|aes|aes128|aes192|aes256) - Xalgorithm=`echo $1 | tr a-z A-Z` ++ aes|aes128|aes192|aes256) + Xalgorithm=$(echo "$1" | tr a-z A-Z) shift ;; diff --git a/net-snmp-5.9-available-memory.patch b/net-snmp-5.9-available-memory.patch deleted file mode 100644 index 7d7013e..0000000 --- a/net-snmp-5.9-available-memory.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 5b8bf5d4130761c3374f9ad618e8a76bb75eb634 Mon Sep 17 00:00:00 2001 -From: Yuwei Ba -Date: Fri, 21 Aug 2020 15:06:10 +0800 -Subject: [PATCH] snmpd: support MemAvailable on Linux - -See also https://github.com/net-snmp/net-snmp/pull/167 . - -[bvanassche: modified the behavior of this patch] ---- - agent/mibgroup/hardware/memory/memory_linux.c | 20 ++++++++++++++++++- - agent/mibgroup/ucd-snmp/memory.c | 12 ++++++++++- - agent/mibgroup/ucd-snmp/memory.h | 1 + - include/net-snmp/agent/hardware/memory.h | 1 + - mibs/UCD-SNMP-MIB.txt | 16 +++++++++++++++ - 5 files changed, 48 insertions(+), 2 deletions(-) - -diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c -index 6d5e86cde..4ae235c2d 100644 ---- a/agent/mibgroup/hardware/memory/memory_linux.c -+++ b/agent/mibgroup/hardware/memory/memory_linux.c -@@ -24,7 +24,8 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) { - static int first = 1; - ssize_t bytes_read; - char *b; -- unsigned long memtotal = 0, memfree = 0, memshared = 0, -+ int have_memavail = 0; -+ unsigned long memtotal = 0, memavail = 0, memfree = 0, memshared = 0, - buffers = 0, cached = 0, sreclaimable = 0, - swaptotal = 0, swapfree = 0; - -@@ -81,6 +82,11 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) { - if (first) - snmp_log(LOG_ERR, "No MemTotal line in /proc/meminfo\n"); - } -+ b = strstr(buff, "MemAvailable: "); -+ if (b) { -+ have_memavail = 1; -+ sscanf(b, "MemAvailable: %lu", &memavail); -+ } - b = strstr(buff, "MemFree: "); - if (b) - sscanf(b, "MemFree: %lu", &memfree); -@@ -151,6 +157,18 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) { - mem->other = -1; - } - -+ if (have_memavail) { -+ mem = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 1); -+ if (mem) { -+ if (!mem->descr) -+ mem->descr = strdup("Available memory"); -+ mem->units = 1024; -+ mem->size = memavail; -+ mem->free = memavail; -+ mem->other = -1; -+ } -+ } -+ - mem = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_VIRTMEM, 1 ); - if (!mem) { - snmp_log_perror("No Virtual Memory info entry"); -diff --git a/agent/mibgroup/ucd-snmp/memory.c b/agent/mibgroup/ucd-snmp/memory.c -index 371a77e9a..158b28e67 100644 ---- a/agent/mibgroup/ucd-snmp/memory.c -+++ b/agent/mibgroup/ucd-snmp/memory.c -@@ -26,7 +26,7 @@ init_memory(void) - netsnmp_create_handler_registration("memory", handle_memory, - memory_oid, OID_LENGTH(memory_oid), - HANDLER_CAN_RONLY), -- 1, 26); -+ 1, 27); - netsnmp_register_scalar( - netsnmp_create_handler_registration("memSwapError", handle_memory, - memSwapError_oid, OID_LENGTH(memSwapError_oid), -@@ -272,6 +272,16 @@ handle_memory(netsnmp_mib_handler *handler, - c64.low = val & 0xFFFFFFFF; - c64.high = val >>32; - break; -+ case MEMORY_SYS_AVAIL: -+ type = ASN_COUNTER64; -+ mem_info = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 0); -+ if (!mem_info) -+ goto NOSUCH; -+ val = mem_info->size; /* memavail */ -+ val *= (mem_info->units/1024); -+ c64.low = val & 0xFFFFFFFF; -+ c64.high = val >> 32; -+ break; - case MEMORY_SWAP_ERROR: - mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 ); - if (!mem_info) -diff --git a/agent/mibgroup/ucd-snmp/memory.h b/agent/mibgroup/ucd-snmp/memory.h -index ded214022..54a56a2fd 100644 ---- a/agent/mibgroup/ucd-snmp/memory.h -+++ b/agent/mibgroup/ucd-snmp/memory.h -@@ -41,6 +41,7 @@ Netsnmp_Node_Handler handle_memory; - #define MEMORY_SHARED_X 24 - #define MEMORY_BUFFER_X 25 - #define MEMORY_CACHED_X 26 -+#define MEMORY_SYS_AVAIL 27 - #define MEMORY_SWAP_ERROR 100 - #define MEMORY_SWAP_ERRMSG 101 - #endif /* MEMORY_H */ -diff --git a/include/net-snmp/agent/hardware/memory.h b/include/net-snmp/agent/hardware/memory.h -index 54265cf22..aca3a4d00 100644 ---- a/include/net-snmp/agent/hardware/memory.h -+++ b/include/net-snmp/agent/hardware/memory.h -@@ -10,6 +10,7 @@ typedef struct netsnmp_memory_info_s netsnmp_memory_info; - #define NETSNMP_MEM_TYPE_SHARED 8 - #define NETSNMP_MEM_TYPE_SHARED2 9 - #define NETSNMP_MEM_TYPE_SWAP 10 -+#define NETSNMP_MEM_TYPE_AVAILMEM 11 - /* Leave space for individual swap devices */ - #define NETSNMP_MEM_TYPE_MAX 30 - -diff --git a/mibs/UCD-SNMP-MIB.txt b/mibs/UCD-SNMP-MIB.txt -index cde67feb5..d360bad02 100644 ---- a/mibs/UCD-SNMP-MIB.txt -+++ b/mibs/UCD-SNMP-MIB.txt -@@ -746,6 +746,22 @@ memCachedX OBJECT-TYPE - memory as specifically reserved for this purpose." - ::= { memory 26 } - -+memSysAvail OBJECT-TYPE -+ SYNTAX CounterBasedGauge64 -+ UNITS "kB" -+ MAX-ACCESS read-only -+ STATUS current -+ DESCRIPTION -+ "The total amount of available memory, which is an estimate -+ of how much memory is available for starting new applications, -+ without swapping. -+ -+ This object will not be implemented on hosts where the -+ underlying operating system does not explicitly identify -+ memory as specifically reserved for this purpose." -+ ::= { memory 27 } -+ -+ - memSwapError OBJECT-TYPE - SYNTAX UCDErrorFlag - MAX-ACCESS read-only - diff --git a/net-snmp-5.9-dir-fix.patch b/net-snmp-5.9-dir-fix.patch index 369626f..bf022d2 100644 --- a/net-snmp-5.9-dir-fix.patch +++ b/net-snmp-5.9-dir-fix.patch @@ -1,8 +1,8 @@ diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in -index 452c269..afd6fa4 100644 +index b0c71d9..ac3c60f 100644 --- a/net-snmp-create-v3-user.in +++ b/net-snmp-create-v3-user.in -@@ -16,6 +16,10 @@ Xalgorithm="DES" +@@ -14,6 +14,10 @@ Xalgorithm="DES" token=rwuser while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do @@ -13,12 +13,12 @@ index 452c269..afd6fa4 100644 unset shifted case $1 in -@@ -134,7 +138,7 @@ echo $line >> $outfile - prefix="@prefix@" +@@ -136,7 +140,7 @@ fi + echo "$line" >> "$outfile" # Avoid that configure complains that this script ignores @datarootdir@ echo "@datarootdir@" >/dev/null -outfile="@datadir@/snmp/snmpd.conf" +outfile="/etc/snmp/snmpd.conf" line="$token $user" echo "adding the following line to $outfile:" - echo " " $line + echo " $line" diff --git a/net-snmp-5.9-dskTable-dynamic.patch b/net-snmp-5.9-dskTable-dynamic.patch index 3822755..bffbc2a 100644 --- a/net-snmp-5.9-dskTable-dynamic.patch +++ b/net-snmp-5.9-dskTable-dynamic.patch @@ -1,5 +1,5 @@ diff --git a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c -index 5206235..5e98476 100644 +index 7c756ff..ff22019 100644 --- a/agent/mibgroup/ucd-snmp/disk.c +++ b/agent/mibgroup/ucd-snmp/disk.c @@ -153,9 +153,10 @@ static void disk_free_config(void); @@ -128,7 +128,14 @@ index 5206235..5e98476 100644 dummy = 1; } fclose(mntfp); -@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent) +@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent) + mntsize = getmntinfo(&mntbuf, MNT_NOWAIT); + for (i = 0; i < mntsize; i++) { + add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, +- minpercent, 0); ++ minpercent, addNewDisks 0); + } + } #elif HAVE_FSTAB_H setfsent(); /* open /etc/fstab */ while((fstab1 = getfsent()) != NULL) { @@ -137,16 +144,7 @@ index 5206235..5e98476 100644 dummy = 1; } endfsent(); /* close /etc/fstab */ -@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent) - mntsize = getmntinfo(&mntbuf, MNT_NOWAIT); - for (i = 0; i < mntsize; i++) { - if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) { -- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0); -+ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0); - } - } - } -@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent) +@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent) * statfs we default to the root partition "/" */ if (statfs("/", &statf) == 0) { @@ -155,7 +153,7 @@ index 5206235..5e98476 100644 } #endif else { -@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry) +@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry) #endif #endif @@ -166,7 +164,7 @@ index 5206235..5e98476 100644 entry->dskPercentInode = -1; #if defined(HAVE_STATVFS) || defined(HAVE_STATFS) -@@ -827,6 +844,13 @@ var_extensible_disk(struct variable *vp, +@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp, static char *errmsg; static char empty_str[1]; diff --git a/net-snmp-5.9-intermediate-certs.patch b/net-snmp-5.9-intermediate-certs.patch index 3a4ebcd..a119a90 100644 --- a/net-snmp-5.9-intermediate-certs.patch +++ b/net-snmp-5.9-intermediate-certs.patch @@ -1,6 +1,7 @@ -diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h ---- a/include/net-snmp/library/cert_util.h 2021-01-28 12:55:48.969560884 +0100 -+++ b/include/net-snmp/library/cert_util.h 2021-01-28 13:10:25.616592870 +0100 +diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h +index 80e2a19..143adbb 100644 +--- a/include/net-snmp/library/cert_util.h ++++ b/include/net-snmp/library/cert_util.h @@ -55,7 +55,8 @@ extern "C" { char *common_name; @@ -19,9 +20,10 @@ diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cer int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var); -diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h ---- a/include/net-snmp/library/dir_utils.h 2021-01-28 12:55:48.969560884 +0100 -+++ b/include/net-snmp/library/dir_utils.h 2021-01-28 13:10:25.616592870 +0100 +diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h +index 471bb0b..6c5a23f 100644 +--- a/include/net-snmp/library/dir_utils.h ++++ b/include/net-snmp/library/dir_utils.h @@ -53,6 +53,8 @@ extern "C" { #define NETSNMP_DIR_NSFILE 0x0010 /** load stats in netsnmp_file */ @@ -31,10 +33,11 @@ diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir -diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c ---- a/snmplib/cert_util.c 2021-01-28 12:55:48.909560222 +0100 -+++ b/snmplib/cert_util.c 2021-01-28 13:14:32.104988765 +0100 -@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint +diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c +index e7b7114..bee0b5f 100644 +--- a/snmplib/cert_util.c ++++ b/snmplib/cert_util.c +@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all); * bump this value whenever cert index format changes, so indexes * will be regenerated with new format. */ @@ -43,7 +46,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c static netsnmp_container *_certs = NULL; static netsnmp_container *_keys = NULL; -@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_ce +@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs, netsnmp_cert_common *rhs); static void _find_partner(netsnmp_cert *cert, netsnmp_key *key); static netsnmp_cert *_find_issuer(netsnmp_cert *cert); @@ -116,7 +119,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c { netsnmp_cert *cert; -@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const cha +@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType, cert->info.dir = strdup(dirname); cert->info.filename = strdup(filename); @@ -226,18 +229,18 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c - certbio = BIO_new(BIO_s_file()); - if (NULL == certbio) { - snmp_log(LOG_ERR, "error creating BIO\n"); -- return NULL; -- } -- -- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename); -- if (BIO_read_filename(certbio, file) <=0) { -- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file); -- BIO_vfree(certbio); + certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename); + if (!certbio) { return NULL; } +- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename); +- if (BIO_read_filename(certbio, file) <=0) { +- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file); +- BIO_vfree(certbio); +- return NULL; +- } +- - if (NS_CERT_TYPE_UNKNOWN == cert->info.type) { - char *pos = strrchr(cert->info.filename, '.'); - if (NULL == pos) @@ -364,7 +367,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c return NULL; } -@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer +@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) cert->issuer_cert = _find_issuer(cert); if (NULL == cert->issuer_cert) { DEBUGMSGT(("cert:load:warn", @@ -373,7 +376,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c cert->info.filename)); rc = CERT_LOAD_PARTIAL; break; -@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer +@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) /** get issuer ocert */ if ((NULL == cert->issuer_cert->ocert) && (netsnmp_ocert_get(cert->issuer_cert) == NULL)) { @@ -382,7 +385,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c cert->info.filename)); rc = CERT_LOAD_PARTIAL; break; -@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnm +@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) return; } @@ -391,7 +394,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (key->cert) { DEBUGMSGT(("cert:partner", "key already has partner\n")); return; -@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnm +@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) return; *pos = 0; @@ -401,7 +404,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (!matching) return; if (1 == matching->size) { -@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnm +@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) DEBUGMSGT(("cert:partner", "%s matches multiple certs\n", key->info.filename)); } @@ -410,7 +413,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (cert->key) { DEBUGMSGT(("cert:partner", "cert already has partner\n")); return; -@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnm +@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) } } @@ -653,7 +656,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c } return 0; -@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, st +@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, struct stat *dirstat) struct stat idx_stat; char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX]; char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15]; @@ -666,7 +669,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c netsnmp_cert *cert; netsnmp_key *key; netsnmp_container *newer, *found; -@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, st +@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) netsnmp_directory_container_read_some(NULL, dirname, _time_filter, &idx_stat, NETSNMP_DIR_NSFILE | @@ -676,7 +679,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (newer) { DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n")); CONTAINER_FREE_ALL(newer, NULL); -@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, st +@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) pos = &tmpstr[2]; if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) || (NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) || @@ -685,7 +688,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c (NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) || (NULL == (pos=copy_nword(pos, fingerprint, sizeof(fingerprint)))) || -@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, st +@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, struct stat *dirstat) break; } type = atoi(type_str); @@ -709,7 +712,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (NULL == cert_container) { DEBUGMSGT(("cert:index:dir", "error creating container for cert files\n")); -@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *conte +@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *context) if (NULL == c) return; @@ -718,7 +721,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n", c->info.type, c->info.allowed_uses, _mode_str(c->info.allowed_uses))); -@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, v +@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, void *hint) netsnmp_void_array *matching; DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint)); @@ -728,7 +731,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (!matching) return NULL; if (1 == matching->size) -@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, v +@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, void *hint) return result; } @@ -761,7 +764,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c #ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var) -@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *m +@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory) } } @@ -886,10 +889,11 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c static netsnmp_void_array * _cert_find_subset_common(const char *filename, netsnmp_container *container) { -diff -urNp a/snmplib/dir_utils.c b/snmplib/dir_utils.c ---- a/snmplib/dir_utils.c 2021-01-28 12:55:48.911560244 +0100 -+++ b/snmplib/dir_utils.c 2021-01-28 13:10:25.618592889 +0100 -@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(ne +diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c +index c2dd989..e7145e4 100644 +--- a/snmplib/dir_utils.c ++++ b/snmplib/dir_utils.c +@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container, /** default to unsorted */ if (! (flags & NETSNMP_DIR_SORTED)) CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc); @@ -899,10 +903,11 @@ diff -urNp a/snmplib/dir_utils.c b/snmplib/dir_utils.c } dir = opendir(dirname); -diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c ---- a/snmplib/transports/snmpTLSBaseDomain.c 2021-01-28 12:55:48.916560299 +0100 -+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-01-28 13:00:41.437047788 +0100 -@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(c +diff --git a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c +index a3a85bc..b9baeae 100644 +--- a/snmplib/transports/snmpTLSBaseDomain.c ++++ b/snmplib/transports/snmpTLSBaseDomain.c +@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(const char **file, int *line, /* this is called during negotiation */ int verify_callback(int ok, X509_STORE_CTX *ctx) { int err, depth; @@ -911,7 +916,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS X509 *thecert; netsnmp_cert *cert; _netsnmp_verify_info *verify_info; -@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_C +@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) { /* things to do: */ @@ -927,7 +932,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS fingerprint : "unknown")); ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); -@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_C +@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) { } else { DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n")); /* log where we are and why called */ @@ -936,7 +941,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS SNMP_FREE(fingerprint); return 0; } -@@ -434,23 +436,50 @@ netsnmp_tlsbase_extract_security_name(SS +@@ -434,21 +436,48 @@ netsnmp_tlsbase_extract_security_name(SSL *ssl, _netsnmpTLSBaseData *tlsdata) { int _trust_this_cert(SSL_CTX *the_ctx, char *certspec) { netsnmp_cert *trustcert; @@ -985,95 +990,5 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS - + /* Add the certificate to the context */ -- if (netsnmp_cert_trust_ca(the_ctx, trustcert) != SNMPERR_SUCCESS) -+ if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS) + if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS) LOGANDDIE("failed to load trust certificate"); - - return 1; -@@ -490,7 +519,7 @@ _sslctx_common_setup(SSL_CTX *the_ctx, _ - NETSNMP_DS_LIB_X509_CRL_FILE); - if (NULL != crlFile) { - cert_store = SSL_CTX_get_cert_store(the_ctx); -- DEBUGMSGTL(("sslctx_client", "loading CRL: %s\n", crlFile)); -+ DEBUGMSGTL(("sslctx_common", "loading CRL: %s\n", crlFile)); - if (!cert_store) - LOGANDDIE("failed to find certificate store"); - if (!(lookup = X509_STORE_add_lookup(cert_store, X509_LOOKUP_file()))) -@@ -556,13 +585,19 @@ sslctx_client_setup(const SSL_METHOD *me - id_cert->key->info.filename)); - - if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0) -- LOGANDDIE("failed to set the certificate to use"); -+ LOGANDDIE("failed to set the client certificate to use"); - - if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0) -- LOGANDDIE("failed to set the private key to use"); -+ LOGANDDIE("failed to set the client private key to use"); - - if (!SSL_CTX_check_private_key(the_ctx)) -- LOGANDDIE("public and private keys incompatible"); -+ LOGANDDIE("client public and private keys incompatible"); -+ -+ while (id_cert->issuer_cert) { -+ id_cert = id_cert->issuer_cert; -+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert)) -+ LOGANDDIE("failed to add intermediate client certificate"); -+ } - - if (tlsbase->their_identity) - peer_cert = netsnmp_cert_find(NS_CERT_REMOTE_PEER, -@@ -576,11 +611,11 @@ sslctx_client_setup(const SSL_METHOD *me - peer_cert ? peer_cert->info.filename : "none")); - - /* Trust the expected certificate */ -- if (netsnmp_cert_trust_ca(the_ctx, peer_cert) != SNMPERR_SUCCESS) -+ if (netsnmp_cert_trust(the_ctx, peer_cert) != SNMPERR_SUCCESS) - LOGANDDIE ("failed to set verify paths"); - } - -- /* trust a certificate (possibly a CA) aspecifically passed in */ -+ /* trust a certificate (possibly a CA) specifically passed in */ - if (tlsbase->trust_cert) { - if (!_trust_this_cert(the_ctx, tlsbase->trust_cert)) - return 0; -@@ -599,7 +634,7 @@ sslctx_server_setup(const SSL_METHOD *me - /* setting up for ssl */ - SSL_CTX *the_ctx = SSL_CTX_new(NETSNMP_REMOVE_CONST(SSL_METHOD *, method)); - if (!the_ctx) { -- LOGANDDIE("can't create a new context"); -+ LOGANDDIE("can't create a new server context"); - } - MAKE_MEM_DEFINED(the_ctx, 256/*sizeof(*the_ctx)*/); - -@@ -608,7 +643,7 @@ sslctx_server_setup(const SSL_METHOD *me - LOGANDDIE ("error finding server identity keys"); - - if (!id_cert->key || !id_cert->key->okey) -- LOGANDDIE("failed to load private key"); -+ LOGANDDIE("failed to load server private key"); - - DEBUGMSGTL(("sslctx_server", "using public key: %s\n", - id_cert->info.filename)); -@@ -616,13 +651,19 @@ sslctx_server_setup(const SSL_METHOD *me - id_cert->key->info.filename)); - - if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0) -- LOGANDDIE("failed to set the certificate to use"); -+ LOGANDDIE("failed to set the server certificate to use"); - - if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0) -- LOGANDDIE("failed to set the private key to use"); -+ LOGANDDIE("failed to set the server private key to use"); - - if (!SSL_CTX_check_private_key(the_ctx)) -- LOGANDDIE("public and private keys incompatible"); -+ LOGANDDIE("server public and private keys incompatible"); -+ -+ while (id_cert->issuer_cert) { -+ id_cert = id_cert->issuer_cert; -+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert)) -+ LOGANDDIE("failed to add intermediate server certificate"); -+ } - - SSL_CTX_set_read_ahead(the_ctx, 1); /* XXX: DTLS only? */ - diff --git a/net-snmp-5.9-proxy-getnext.patch b/net-snmp-5.9-proxy-getnext.patch deleted file mode 100644 index bfcbdbb..0000000 --- a/net-snmp-5.9-proxy-getnext.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c -index e0ee96b..8abe7a3 100644 ---- a/agent/mibgroup/ucd-snmp/proxy.c -+++ b/agent/mibgroup/ucd-snmp/proxy.c -@@ -463,7 +463,7 @@ proxy_handler(netsnmp_mib_handler *handler, - if (sp->base_len && - reqinfo->mode == MODE_GETNEXT && - (snmp_oid_compare(ourname, ourlength, -- sp->base, sp->base_len) < 0)) { -+ sp->name, sp->name_len) < 0)) { - DEBUGMSGTL(( "proxy", "request is out of registered range\n")); - /* - * Create GETNEXT request with an OID so the diff --git a/net-snmp-5.9-python-ld-flags.patch b/net-snmp-5.9-python-ld-flags.patch deleted file mode 100644 index 78fab3d..0000000 --- a/net-snmp-5.9-python-ld-flags.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/python/setup.py b/python/setup.py -index 2547842..0c68cd8 100644 ---- a/python/setup.py -+++ b/python/setup.py -@@ -17,14 +17,14 @@ if intree: - netsnmp_libs = os.popen(basedir+'/net-snmp-config --libs').read() - libdir = os.popen(basedir+'/net-snmp-config --build-lib-dirs '+basedir).read() - incdir = os.popen(basedir+'/net-snmp-config --build-includes '+basedir).read() + " " + os.popen(basedir+'/net-snmp-config --base-cflags '+basedir).read() -- libs = re.findall(r"-l(\S+)", netsnmp_libs) -+ libs = re.findall(r"\s-l(\S+)", netsnmp_libs) - libdirs = re.findall(r"-L(\S+)", libdir) - incdirs = re.findall(r"-I(\S+)", incdir) - else: - netsnmp_libs = os.popen('net-snmp-config --libs').read() - libdirs = re.findall(r"-L(\S+)", netsnmp_libs) - incdirs = [] -- libs = re.findall(r"-l(\S+)", netsnmp_libs) -+ libs = re.findall(r"\s-l(\S+)", netsnmp_libs) - - setup( - name="netsnmp-python", version="1.0a1", diff --git a/net-snmp-5.9-ssl-buffer-size.patch b/net-snmp-5.9-ssl-buffer-size.patch deleted file mode 100644 index 5cb1ba6..0000000 --- a/net-snmp-5.9-ssl-buffer-size.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c ---- a/snmplib/snmp_openssl.c 2021-01-28 14:10:05.993443671 +0100 -+++ b/snmplib/snmp_openssl.c 2021-01-28 14:17:52.531088559 +0100 -@@ -284,31 +284,29 @@ _cert_get_extension(X509_EXTENSION *oex - } - if (X509V3_EXT_print(bio, oext, 0, 0) != 1) { - snmp_log(LOG_ERR, "could not print extension!\n"); -- BIO_vfree(bio); -- return NULL; -+ goto out; - } - - space = BIO_get_mem_data(bio, &data); - if (buf && *buf) { -- if (*len < space) -- buf_ptr = NULL; -- else -- buf_ptr = *buf; -+ if (*len < space + 1) { -+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n"); -+ goto out; -+ } -+ buf_ptr = *buf; -+ } else { -+ buf_ptr = calloc(1, space + 1); - } -- else -- buf_ptr = calloc(1,space + 1); - - if (!buf_ptr) { -- snmp_log(LOG_ERR, -- "not enough space or error in allocation for extenstion\n"); -- BIO_vfree(bio); -- return NULL; -+ snmp_log(LOG_ERR, "error in allocation for extension\n"); -+ goto out; - } - memcpy(buf_ptr, data, space); - buf_ptr[space] = 0; - if (len) - *len = space; -- -+out: - BIO_vfree(bio); - - return buf_ptr; -@@ -479,7 +477,7 @@ netsnmp_openssl_cert_dump_extensions(X50 - { - X509_EXTENSION *extension; - const char *extension_name; -- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf; -+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf; - int i, num_extensions, buf_len, nid; - - if (NULL == ocert) -@@ -499,6 +497,11 @@ netsnmp_openssl_cert_dump_extensions(X50 - extension_name = OBJ_nid2sn(nid); - buf_len = sizeof(buf); - str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0); -+ if (!str) { -+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i, -+ extension_name)); -+ continue; -+ } - lf = strchr(str, '\n'); /* look for multiline strings */ - if (NULL != lf) - *lf = '\0'; /* only log first line of multiline here */ diff --git a/net-snmp-5.9-twice-IP-parsing.patch b/net-snmp-5.9-twice-IP-parsing.patch index 2928e8f..7e62c02 100644 --- a/net-snmp-5.9-twice-IP-parsing.patch +++ b/net-snmp-5.9-twice-IP-parsing.patch @@ -1,34 +1,16 @@ -diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c -index b96497f3a..b594a389b 100644 ---- a/snmplib/transports/snmpUDPDomain.c -+++ b/snmplib/transports/snmpUDPDomain.c -@@ -387,7 +387,7 @@ netsnmp_udp_parse_security(const char *token, char *param) - /* Nope, wasn't a dotted quad. Must be a hostname. */ - int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr); - if (ret < 0) { -- config_perror("cannot resolve source hostname"); -+ config_perror("cannot resolve IPv4 source hostname"); - return; - } - } diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c -index 238c8a9d6..43c4eaee1 100644 +index e6f5b20..41a5e01 100644 --- a/snmplib/transports/snmpUDPIPv6Domain.c +++ b/snmplib/transports/snmpUDPIPv6Domain.c -@@ -736,7 +736,15 @@ netsnmp_udp6_parse_security(const char *token, char *param) - memset(&pton_addr.sin6_addr.s6_addr, '\0', - sizeof(struct in6_addr)); - } else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) { -- /* Nope, wasn't a numeric address. Must be a hostname. */ -+ /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */ +@@ -34,6 +34,11 @@ + #if HAVE_SYS_SOCKET_H + #include + #endif + -+ /* Try interpreting as dotted quad - IPv4 */ -+ struct in_addr network; -+ if (inet_pton(AF_INET, sourcep, &network) > 0){ -+ /* Yes, it's IPv4 - those it's already parsed and we can return. */ -+ DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n")); -+ return; -+ } - #if HAVE_GETADDRINFO - int gai_error; - ++#if defined(HAVE_WINSOCK_H) && !defined(mingw32) ++static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; ++#endif ++ + #if HAVE_NETINET_IN_H + #include + #endif diff --git a/net-snmp.spec b/net-snmp.spec index 2def0a2..837cc16 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -9,8 +9,8 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp -Version: 5.9 -Release: 11%{?dist} +Version: 5.9.1 +Release: 1%{?dist} Epoch: 1 License: BSD @@ -37,27 +37,21 @@ Patch7: net-snmp-5.8-Remove-U64-typedef.patch Patch8: net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch Patch9: net-snmp-5.7.3-iterator-fix.patch Patch10: net-snmp-5.9-autofs-skip.patch -Patch11: net-snmp-5.9-python-ld-flags.patch -Patch12: net-snmp-5.9-usage-exit.patch -Patch13: net-snmp-5.9-coverity.patch -Patch14: net-snmp-5.9-proxy-getnext.patch -Patch15: net-snmp-5.9-dskTable-dynamic.patch -Patch16: net-snmp-5.8-expand-SNMPCONFPATH.patch -Patch17: net-snmp-5.8-duplicate-ipAddress.patch -Patch18: net-snmp-5.9-memory-reporting.patch -Patch19: net-snmp-5.8-man-page.patch -Patch20: net-snmp-5.8-ipAddress-faster-load.patch -Patch21: net-snmp-5.8-rpm-memory-leak.patch -Patch22: net-snmp-5.9-aes-config.patch -Patch23: net-snmp-5.9-available-memory.patch -Patch24: net-snmp-5.8-asn-parse-nlength.patch -Patch25: net-snmp-5.8-clientaddr-error-message.patch -Patch26: net-snmp-5.8-empty-passphrase.patch -Patch27: net-snmp-5.9-ECC-cert.patch -Patch28: net-snmp-5.9-intermediate-certs.patch -Patch29: net-snmp-5.9-ssl-buffer-size.patch -Patch30: net-snmp-5.9-twice-IP-parsing.patch -Patch31: net-snmp-5.9-openssl-3.0.patch +Patch11: net-snmp-5.9-usage-exit.patch +Patch12: net-snmp-5.9-coverity.patch +Patch13: net-snmp-5.9-dskTable-dynamic.patch +Patch14: net-snmp-5.8-expand-SNMPCONFPATH.patch +Patch15: net-snmp-5.8-duplicate-ipAddress.patch +Patch16: net-snmp-5.9-memory-reporting.patch +Patch17: net-snmp-5.8-man-page.patch +Patch18: net-snmp-5.8-ipAddress-faster-load.patch +Patch19: net-snmp-5.8-rpm-memory-leak.patch +Patch20: net-snmp-5.9-aes-config.patch +Patch21: net-snmp-5.8-clientaddr-error-message.patch +Patch22: net-snmp-5.9-ECC-cert.patch +Patch23: net-snmp-5.9-intermediate-certs.patch +Patch24: net-snmp-5.9-twice-IP-parsing.patch +Patch25: net-snmp-5.9-openssl-3.0.patch # Modern RPM API means at least EL6 Patch101: net-snmp-5.8-modern-rpm-api.patch @@ -219,27 +213,21 @@ cp %{SOURCE10} . %patch8 -p1 -b .perlfix %patch9 -p1 -b .iterator-fix %patch10 -p1 -b .autofs-skip -%patch11 -p1 -b .python-ld-flags -%patch12 -p1 -b .usage-fix -%patch13 -p1 -b .coverity -%patch14 -p1 -b .proxy-getnext -%patch15 -p1 -b .dskTable-dynamic -%patch16 -p1 -b .expand-SNMPCONFPATH -%patch17 -p1 -b .duplicate-ipAddress -%patch18 -p1 -b .memory-reporting -%patch19 -p1 -b .man-page -%patch20 -p1 -b .ipAddress-faster-load -%patch21 -p1 -b .rpm-memory-leak -%patch22 -p1 -b .aes-config -%patch23 -p1 -b .available-memory -%patch24 -p1 -b .asn-parse-nlength -%patch25 -p1 -b .clientaddr-error-message -%patch26 -p1 -b .empty-passphrase -%patch27 -p1 -b .ECC-cert -%patch28 -p1 -b .intermediate-certs -%patch29 -p1 -b .ssl-buffer-size -%patch30 -p1 -b .twice-IP-parsing -%patch31 -p1 -b .openssl-3-0 +%patch11 -p1 -b .usage-fix +%patch12 -p1 -b .coverity +%patch13 -p1 -b .dskTable-dynamic +%patch14 -p1 -b .expand-SNMPCONFPATH +%patch15 -p1 -b .duplicate-ipAddress +%patch16 -p1 -b .memory-reporting +%patch17 -p1 -b .man-page +%patch18 -p1 -b .ipAddress-faster-load +%patch19 -p1 -b .rpm-memory-leak +%patch20 -p1 -b .aes-config +%patch21 -p1 -b .clientaddr-error-message +%patch22 -p1 -b .ECC-cert +%patch23 -p1 -b .intermediate-certs +%patch24 -p1 -b .twice-IP-parsing +%patch25 -p1 -b .openssl-3-0 %patch101 -p1 -b .modern-rpm-api %patch102 -p1 @@ -508,6 +496,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_libdir}/libnetsnmptrapd*.so.%{soname}* %changelog +* Thu May 27 2021 Josef Ridky - 1:5.9.1-1 +- New upstream release 5.9.1 (#1964963) + * Wed May 26 2021 Josef Ridky 1:5.9-11 - disable DES and port for OpenSSL 3.0 (#1958073) diff --git a/sources b/sources index c46cae1..30f421d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (net-snmp-5.9.tar.gz) = 21855ba5cee47ba41a82f88d2fa558c9a732690858af5523ae99c2b3939b133e3450d04c6446b3168eed6f08d6f0f5d4cbb5d784b713a8e14f68c424e514f91b +SHA512 (net-snmp-5.9.1.tar.gz) = 7d73b2085863b1c063d7eaee488d806cc07da79c070f702068846e43d8e5c67673b86357600f2c1f774c30c24b0561cb566c64ea4588b073bf6906a9c6949ab7