rpms/net-snmp
8
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: #1964963 - new upstream release 5.9.1

Browse Source
This commit is contained in:
Josef Řídký 2021-05-27 16:42:00 +02:00
parent 38d4ad14a5
commit 75659615d5
14 changed files with 121 additions and 594 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -7,3 +7,4 @@ net-snmp-5.5.tar.gz
/net-snmp-5.7.3.tar.gz
/net-snmp-5.8.tar.gz
/net-snmp-5.9.tar.gz
/net-snmp-5.9.1.tar.gz

86
net-snmp-5.8-asn-parse-nlength.patch
View File

@ -1,86 +0,0 @@
From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 12:21:59 -0800
Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
Handle length zero correctly.
Fixes: https://github.com/net-snmp/net-snmp/issues/253
Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
---
snmplib/asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
index e983500e7..33c272768 100644
--- a/snmplib/asn1.c
+++ b/snmplib/asn1.c
@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
* long length; first byte is length of length (after masking high bit)
*/
len_len = (int) ((*pkt & ~0x80) + 1);
- if ((int) pkt_len <= len_len )
+ if (pkt_len < len_len)
return NULL; /* still too short for length and data */
/* now we know we have enough data to parse length */
From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 10:00:33 -0800
Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
test
Add a reproducer for the bug fixed by the previous patch.
---
.../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++
1 file changed, 41 insertions(+)
create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
new file mode 100644
index 000000000..5c21ccdc7
--- /dev/null
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
@@ -0,0 +1,41 @@
+/* HEADER Parsing of an SNMP trap with no varbinds */
+netsnmp_pdu pdu;
+int rc;
+static u_char trap_pdu[] = {
+ /* Sequence with length of 0x2d = 45 bytes. */
+ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
+ /* version = INTEGER 0 */
+ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
+ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
+ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
+ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
+ /* SNMP_MSG_TRAP; 32 bytes. */
+ [15] = 0xa4, [16] = 0x20,
+ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
+ [17] = 0x06, [18] = 0x08,
+ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
+ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
+ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
+ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
+ [31] = 0x01, [32] = 0x22,
+ /* generic-trap = INTEGER 0 */
+ [33] = 0x02, [34] = 0x01, [35] = 0x00,
+ /* specific-trap = INTEGER 0 */
+ [36] = 0x02, [37] = 0x01, [38] = 0x00,
+ /* ASN_TIMETICKS 0x117f243a */
+ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
+ [43] = 0x24, [44] = 0x3a,
+ /* varbind list */
+ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
+};
+static size_t trap_pdu_length = sizeof(trap_pdu);
+netsnmp_session session;
+
+snmp_set_do_debugging(TRUE);
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
+memset(&session, 0, sizeof(session));
+snmp_sess_init(&session);
+memset(&pdu, 0, sizeof(pdu));
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
+
+OKF((rc == 0), ("Parsing of a trap PDU"));

30
net-snmp-5.8-empty-passphrase.patch
View File

@ -1,30 +0,0 @@
From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
From: Josef Ridky <jridky@redhat.com>
Date: Wed, 18 Nov 2020 20:54:34 -0800
Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
See also https://github.com/net-snmp/net-snmp/issues/86.
Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
Reported-by: Chris Cheney
---
net-snmp-create-v3-user.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 452c2699d..31b4c58c1 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -120,7 +120,11 @@ fi
fi
outdir="@PERSISTENT_DIRECTORY@"
outfile="$outdir/snmpd.conf"
-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+if test "x$xpassphrase" = "x" ; then
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
+else
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+fi
echo "adding the following line to $outfile:"
echo " " $line
# in case it hasn't ever been started yet, start it.

10
net-snmp-5.9-aes-config.patch
View File

@ -1,18 +1,18 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index afd6fa4..07c26fe 100644
index ac3c60f..177c00f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -58,11 +58,11 @@ case $1 in
@@ -57,11 +57,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ DES|AES|AES128|AES192|AES256)
+ AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ des|aes|aes128|aes192|aes256)
Xalgorithm=`echo $1 | tr a-z A-Z`
+ aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift
;;

143
net-snmp-5.9-available-memory.patch
View File

@ -1,143 +0,0 @@
From 5b8bf5d4130761c3374f9ad618e8a76bb75eb634 Mon Sep 17 00:00:00 2001
From: Yuwei Ba <i@xiaoba.me>
Date: Fri, 21 Aug 2020 15:06:10 +0800
Subject: [PATCH] snmpd: support MemAvailable on Linux
See also https://github.com/net-snmp/net-snmp/pull/167 .
[bvanassche: modified the behavior of this patch]
---
agent/mibgroup/hardware/memory/memory_linux.c | 20 ++++++++++++++++++-
agent/mibgroup/ucd-snmp/memory.c | 12 ++++++++++-
agent/mibgroup/ucd-snmp/memory.h | 1 +
include/net-snmp/agent/hardware/memory.h | 1 +
mibs/UCD-SNMP-MIB.txt | 16 +++++++++++++++
5 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86cde..4ae235c2d 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -24,7 +24,8 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
static int first = 1;
ssize_t bytes_read;
char *b;
- unsigned long memtotal = 0, memfree = 0, memshared = 0,
+ int have_memavail = 0;
+ unsigned long memtotal = 0, memavail = 0, memfree = 0, memshared = 0,
buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
@@ -81,6 +82,11 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No MemTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "MemAvailable: ");
+ if (b) {
+ have_memavail = 1;
+ sscanf(b, "MemAvailable: %lu", &memavail);
+ }
b = strstr(buff, "MemFree: ");
if (b)
sscanf(b, "MemFree: %lu", &memfree);
@@ -151,6 +157,18 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
mem->other = -1;
}
+ if (have_memavail) {
+ mem = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 1);
+ if (mem) {
+ if (!mem->descr)
+ mem->descr = strdup("Available memory");
+ mem->units = 1024;
+ mem->size = memavail;
+ mem->free = memavail;
+ mem->other = -1;
+ }
+ }
+
mem = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_VIRTMEM, 1 );
if (!mem) {
snmp_log_perror("No Virtual Memory info entry");
diff --git a/agent/mibgroup/ucd-snmp/memory.c b/agent/mibgroup/ucd-snmp/memory.c
index 371a77e9a..158b28e67 100644
--- a/agent/mibgroup/ucd-snmp/memory.c
+++ b/agent/mibgroup/ucd-snmp/memory.c
@@ -26,7 +26,7 @@ init_memory(void)
netsnmp_create_handler_registration("memory", handle_memory,
memory_oid, OID_LENGTH(memory_oid),
HANDLER_CAN_RONLY),
- 1, 26);
+ 1, 27);
netsnmp_register_scalar(
netsnmp_create_handler_registration("memSwapError", handle_memory,
memSwapError_oid, OID_LENGTH(memSwapError_oid),
@@ -272,6 +272,16 @@ handle_memory(netsnmp_mib_handler *handler,
c64.low = val & 0xFFFFFFFF;
c64.high = val >>32;
break;
+ case MEMORY_SYS_AVAIL:
+ type = ASN_COUNTER64;
+ mem_info = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 0);
+ if (!mem_info)
+ goto NOSUCH;
+ val = mem_info->size; /* memavail */
+ val *= (mem_info->units/1024);
+ c64.low = val & 0xFFFFFFFF;
+ c64.high = val >> 32;
+ break;
case MEMORY_SWAP_ERROR:
mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 );
if (!mem_info)
diff --git a/agent/mibgroup/ucd-snmp/memory.h b/agent/mibgroup/ucd-snmp/memory.h
index ded214022..54a56a2fd 100644
--- a/agent/mibgroup/ucd-snmp/memory.h
+++ b/agent/mibgroup/ucd-snmp/memory.h
@@ -41,6 +41,7 @@ Netsnmp_Node_Handler handle_memory;
#define MEMORY_SHARED_X 24
#define MEMORY_BUFFER_X 25
#define MEMORY_CACHED_X 26
+#define MEMORY_SYS_AVAIL 27
#define MEMORY_SWAP_ERROR 100
#define MEMORY_SWAP_ERRMSG 101
#endif /* MEMORY_H */
diff --git a/include/net-snmp/agent/hardware/memory.h b/include/net-snmp/agent/hardware/memory.h
index 54265cf22..aca3a4d00 100644
--- a/include/net-snmp/agent/hardware/memory.h
+++ b/include/net-snmp/agent/hardware/memory.h
@@ -10,6 +10,7 @@ typedef struct netsnmp_memory_info_s netsnmp_memory_info;
#define NETSNMP_MEM_TYPE_SHARED 8
#define NETSNMP_MEM_TYPE_SHARED2 9
#define NETSNMP_MEM_TYPE_SWAP 10
+#define NETSNMP_MEM_TYPE_AVAILMEM 11
/* Leave space for individual swap devices */
#define NETSNMP_MEM_TYPE_MAX 30
diff --git a/mibs/UCD-SNMP-MIB.txt b/mibs/UCD-SNMP-MIB.txt
index cde67feb5..d360bad02 100644
--- a/mibs/UCD-SNMP-MIB.txt
+++ b/mibs/UCD-SNMP-MIB.txt
@@ -746,6 +746,22 @@ memCachedX OBJECT-TYPE
memory as specifically reserved for this purpose."
::= { memory 26 }
+memSysAvail OBJECT-TYPE
+ SYNTAX CounterBasedGauge64
+ UNITS "kB"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total amount of available memory, which is an estimate
+ of how much memory is available for starting new applications,
+ without swapping.
+
+ This object will not be implemented on hosts where the
+ underlying operating system does not explicitly identify
+ memory as specifically reserved for this purpose."
+ ::= { memory 27 }
+
+
memSwapError OBJECT-TYPE
SYNTAX UCDErrorFlag
MAX-ACCESS read-only

10
net-snmp-5.9-dir-fix.patch
View File

@ -1,8 +1,8 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 452c269..afd6fa4 100644
index b0c71d9..ac3c60f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -16,6 +16,10 @@ Xalgorithm="DES"
@@ -14,6 +14,10 @@ Xalgorithm="DES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
@ -13,12 +13,12 @@ index 452c269..afd6fa4 100644
unset shifted
case $1 in
@@ -134,7 +138,7 @@ echo $line >> $outfile
prefix="@prefix@"
@@ -136,7 +140,7 @@ fi
echo "$line" >> "$outfile"
# Avoid that configure complains that this script ignores @datarootdir@
echo "@datarootdir@" >/dev/null
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " " $line
echo " $line"

26
net-snmp-5.9-dskTable-dynamic.patch
View File

@ -1,5 +1,5 @@
diff --git a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
index 5206235..5e98476 100644
index 7c756ff..ff22019 100644
--- a/agent/mibgroup/ucd-snmp/disk.c
+++ b/agent/mibgroup/ucd-snmp/disk.c
@@ -153,9 +153,10 @@ static void disk_free_config(void);
@ -128,7 +128,14 @@ index 5206235..5e98476 100644
dummy = 1;
}
fclose(mntfp);
@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent)
@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1,
- minpercent, 0);
+ minpercent, addNewDisks 0);
}
}
#elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) {
@ -137,16 +144,7 @@ index 5206235..5e98476 100644
dummy = 1;
}
endfsent(); /* close /etc/fstab */
@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) {
- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0);
+ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0);
}
}
}
@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent)
@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/"
*/
if (statfs("/", &statf) == 0) {
@ -155,7 +153,7 @@ index 5206235..5e98476 100644
}
#endif
else {
@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry)
@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry)
#endif
#endif
@ -166,7 +164,7 @@ index 5206235..5e98476 100644
entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -827,6 +844,13 @@ var_extensible_disk(struct variable *vp,
@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp,
static char *errmsg;
static char empty_str[1];

185
net-snmp-5.9-intermediate-certs.patch
View File

@ -1,6 +1,7 @@
diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
--- a/include/net-snmp/library/cert_util.h 2021-01-28 12:55:48.969560884 +0100
+++ b/include/net-snmp/library/cert_util.h 2021-01-28 13:10:25.616592870 +0100
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
index 80e2a19..143adbb 100644
--- a/include/net-snmp/library/cert_util.h
+++ b/include/net-snmp/library/cert_util.h
@@ -55,7 +55,8 @@ extern "C" {
char *common_name;
@ -19,9 +20,10 @@ diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cer
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
--- a/include/net-snmp/library/dir_utils.h 2021-01-28 12:55:48.969560884 +0100
+++ b/include/net-snmp/library/dir_utils.h 2021-01-28 13:10:25.616592870 +0100
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
index 471bb0b..6c5a23f 100644
--- a/include/net-snmp/library/dir_utils.h
+++ b/include/net-snmp/library/dir_utils.h
@@ -53,6 +53,8 @@ extern "C" {
#define NETSNMP_DIR_NSFILE 0x0010
/** load stats in netsnmp_file */
@ -31,10 +33,11 @@ diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-01-28 12:55:48.909560222 +0100
+++ b/snmplib/cert_util.c 2021-01-28 13:14:32.104988765 +0100
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
index e7b7114..bee0b5f 100644
--- a/snmplib/cert_util.c
+++ b/snmplib/cert_util.c
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
* bump this value whenever cert index format changes, so indexes
* will be regenerated with new format.
*/
@ -43,7 +46,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_container *_certs = NULL;
static netsnmp_container *_keys = NULL;
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_ce
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
netsnmp_cert_common *rhs);
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
@ -116,7 +119,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
{
netsnmp_cert *cert;
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const cha
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
cert->info.dir = strdup(dirname);
cert->info.filename = strdup(filename);
@ -226,18 +229,18 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
- certbio = BIO_new(BIO_s_file());
- if (NULL == certbio) {
- snmp_log(LOG_ERR, "error creating BIO\n");
- return NULL;
- }
-
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
+ if (!certbio) {
return NULL;
}
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
- return NULL;
- }
-
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
- char *pos = strrchr(cert->info.filename, '.');
- if (NULL == pos)
@ -364,7 +367,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return NULL;
}
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
cert->issuer_cert = _find_issuer(cert);
if (NULL == cert->issuer_cert) {
DEBUGMSGT(("cert:load:warn",
@ -373,7 +376,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
/** get issuer ocert */
if ((NULL == cert->issuer_cert->ocert) &&
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
@ -382,7 +385,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
}
@ -391,7 +394,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (key->cert) {
DEBUGMSGT(("cert:partner", "key already has partner\n"));
return;
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
*pos = 0;
@ -401,7 +404,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return;
if (1 == matching->size) {
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
key->info.filename));
}
@ -410,7 +413,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (cert->key) {
DEBUGMSGT(("cert:partner", "cert already has partner\n"));
return;
@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
}
}
@ -653,7 +656,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
}
return 0;
@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, st
@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
struct stat idx_stat;
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
@ -666,7 +669,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_cert *cert;
netsnmp_key *key;
netsnmp_container *newer, *found;
@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, st
@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
netsnmp_directory_container_read_some(NULL, dirname,
_time_filter, &idx_stat,
NETSNMP_DIR_NSFILE |
@ -676,7 +679,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (newer) {
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
CONTAINER_FREE_ALL(newer, NULL);
@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, st
@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
pos = &tmpstr[2];
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
@ -685,7 +688,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
(NULL == (pos=copy_nword(pos, fingerprint,
sizeof(fingerprint)))) ||
@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, st
@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
break;
}
type = atoi(type_str);
@ -709,7 +712,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == cert_container) {
DEBUGMSGT(("cert:index:dir",
"error creating container for cert files\n"));
@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *conte
@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *context)
if (NULL == c)
return;
@ -718,7 +721,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
c->info.type, c->info.allowed_uses,
_mode_str(c->info.allowed_uses)));
@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, v
@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, void *hint)
netsnmp_void_array *matching;
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
@ -728,7 +731,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return NULL;
if (1 == matching->size)
@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, v
@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, void *hint)
return result;
}
@ -761,7 +764,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
#ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS
int
netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var)
@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *m
@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
}
}
@ -886,10 +889,11 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_void_array *
_cert_find_subset_common(const char *filename, netsnmp_container *container)
{
diff -urNp a/snmplib/dir_utils.c b/snmplib/dir_utils.c
--- a/snmplib/dir_utils.c 2021-01-28 12:55:48.911560244 +0100
+++ b/snmplib/dir_utils.c 2021-01-28 13:10:25.618592889 +0100
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(ne
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
index c2dd989..e7145e4 100644
--- a/snmplib/dir_utils.c
+++ b/snmplib/dir_utils.c
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
/** default to unsorted */
if (! (flags & NETSNMP_DIR_SORTED))
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
@ -899,10 +903,11 @@ diff -urNp a/snmplib/dir_utils.c b/snmplib/dir_utils.c
}
dir = opendir(dirname);
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-01-28 12:55:48.916560299 +0100
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-01-28 13:00:41.437047788 +0100
@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(c
diff --git a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
index a3a85bc..b9baeae 100644
--- a/snmplib/transports/snmpTLSBaseDomain.c
+++ b/snmplib/transports/snmpTLSBaseDomain.c
@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(const char **file, int *line,
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@ -911,7 +916,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
X509 *thecert;
netsnmp_cert *cert;
_netsnmp_verify_info *verify_info;
@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_C
@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
/* things to do: */
@ -927,7 +932,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
fingerprint : "unknown"));
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_C
@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
} else {
DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n"));
/* log where we are and why called */
@ -936,7 +941,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
SNMP_FREE(fingerprint);
return 0;
}
@@ -434,23 +436,50 @@ netsnmp_tlsbase_extract_security_name(SS
@@ -434,21 +436,48 @@ netsnmp_tlsbase_extract_security_name(SSL *ssl, _netsnmpTLSBaseData *tlsdata) {
int
_trust_this_cert(SSL_CTX *the_ctx, char *certspec) {
netsnmp_cert *trustcert;
@ -985,95 +990,5 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
-
+
/* Add the certificate to the context */
- if (netsnmp_cert_trust_ca(the_ctx, trustcert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
LOGANDDIE("failed to load trust certificate");
return 1;
@@ -490,7 +519,7 @@ _sslctx_common_setup(SSL_CTX *the_ctx, _
NETSNMP_DS_LIB_X509_CRL_FILE);
if (NULL != crlFile) {
cert_store = SSL_CTX_get_cert_store(the_ctx);
- DEBUGMSGTL(("sslctx_client", "loading CRL: %s\n", crlFile));
+ DEBUGMSGTL(("sslctx_common", "loading CRL: %s\n", crlFile));
if (!cert_store)
LOGANDDIE("failed to find certificate store");
if (!(lookup = X509_STORE_add_lookup(cert_store, X509_LOOKUP_file())))
@@ -556,13 +585,19 @@ sslctx_client_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the client certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the client private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("client public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate client certificate");
+ }
if (tlsbase->their_identity)
peer_cert = netsnmp_cert_find(NS_CERT_REMOTE_PEER,
@@ -576,11 +611,11 @@ sslctx_client_setup(const SSL_METHOD *me
peer_cert ? peer_cert->info.filename : "none"));
/* Trust the expected certificate */
- if (netsnmp_cert_trust_ca(the_ctx, peer_cert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, peer_cert) != SNMPERR_SUCCESS)
LOGANDDIE ("failed to set verify paths");
}
- /* trust a certificate (possibly a CA) aspecifically passed in */
+ /* trust a certificate (possibly a CA) specifically passed in */
if (tlsbase->trust_cert) {
if (!_trust_this_cert(the_ctx, tlsbase->trust_cert))
return 0;
@@ -599,7 +634,7 @@ sslctx_server_setup(const SSL_METHOD *me
/* setting up for ssl */
SSL_CTX *the_ctx = SSL_CTX_new(NETSNMP_REMOVE_CONST(SSL_METHOD *, method));
if (!the_ctx) {
- LOGANDDIE("can't create a new context");
+ LOGANDDIE("can't create a new server context");
}
MAKE_MEM_DEFINED(the_ctx, 256/*sizeof(*the_ctx)*/);
@@ -608,7 +643,7 @@ sslctx_server_setup(const SSL_METHOD *me
LOGANDDIE ("error finding server identity keys");
if (!id_cert->key || !id_cert->key->okey)
- LOGANDDIE("failed to load private key");
+ LOGANDDIE("failed to load server private key");
DEBUGMSGTL(("sslctx_server", "using public key: %s\n",
id_cert->info.filename));
@@ -616,13 +651,19 @@ sslctx_server_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the server certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the server private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("server public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate server certificate");
+ }
SSL_CTX_set_read_ahead(the_ctx, 1); /* XXX: DTLS only? */

13
net-snmp-5.9-proxy-getnext.patch
View File

@ -1,13 +0,0 @@
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index e0ee96b..8abe7a3 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -463,7 +463,7 @@ proxy_handler(netsnmp_mib_handler *handler,
if (sp->base_len &&
reqinfo->mode == MODE_GETNEXT &&
(snmp_oid_compare(ourname, ourlength,
- sp->base, sp->base_len) < 0)) {
+ sp->name, sp->name_len) < 0)) {
DEBUGMSGTL(( "proxy", "request is out of registered range\n"));
/*
* Create GETNEXT request with an OID so the

21
net-snmp-5.9-python-ld-flags.patch
View File

@ -1,21 +0,0 @@
diff --git a/python/setup.py b/python/setup.py
index 2547842..0c68cd8 100644
--- a/python/setup.py
+++ b/python/setup.py
@@ -17,14 +17,14 @@ if intree:
netsnmp_libs = os.popen(basedir+'/net-snmp-config --libs').read()
libdir = os.popen(basedir+'/net-snmp-config --build-lib-dirs '+basedir).read()
incdir = os.popen(basedir+'/net-snmp-config --build-includes '+basedir).read() + " " + os.popen(basedir+'/net-snmp-config --base-cflags '+basedir).read()
- libs = re.findall(r"-l(\S+)", netsnmp_libs)
+ libs = re.findall(r"\s-l(\S+)", netsnmp_libs)
libdirs = re.findall(r"-L(\S+)", libdir)
incdirs = re.findall(r"-I(\S+)", incdir)
else:
netsnmp_libs = os.popen('net-snmp-config --libs').read()
libdirs = re.findall(r"-L(\S+)", netsnmp_libs)
incdirs = []
- libs = re.findall(r"-l(\S+)", netsnmp_libs)
+ libs = re.findall(r"\s-l(\S+)", netsnmp_libs)
setup(
name="netsnmp-python", version="1.0a1",

67
net-snmp-5.9-ssl-buffer-size.patch
View File

@ -1,67 +0,0 @@
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-01-28 14:10:05.993443671 +0100
+++ b/snmplib/snmp_openssl.c 2021-01-28 14:17:52.531088559 +0100
@@ -284,31 +284,29 @@ _cert_get_extension(X509_EXTENSION *oex
}
if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
snmp_log(LOG_ERR, "could not print extension!\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
space = BIO_get_mem_data(bio, &data);
if (buf && *buf) {
- if (*len < space)
- buf_ptr = NULL;
- else
- buf_ptr = *buf;
+ if (*len < space + 1) {
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
+ goto out;
+ }
+ buf_ptr = *buf;
+ } else {
+ buf_ptr = calloc(1, space + 1);
}
- else
- buf_ptr = calloc(1,space + 1);
if (!buf_ptr) {
- snmp_log(LOG_ERR,
- "not enough space or error in allocation for extenstion\n");
- BIO_vfree(bio);
- return NULL;
+ snmp_log(LOG_ERR, "error in allocation for extension\n");
+ goto out;
}
memcpy(buf_ptr, data, space);
buf_ptr[space] = 0;
if (len)
*len = space;
-
+out:
BIO_vfree(bio);
return buf_ptr;
@@ -479,7 +477,7 @@ netsnmp_openssl_cert_dump_extensions(X50
{
X509_EXTENSION *extension;
const char *extension_name;
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
int i, num_extensions, buf_len, nid;
if (NULL == ocert)
@@ -499,6 +497,11 @@ netsnmp_openssl_cert_dump_extensions(X50
extension_name = OBJ_nid2sn(nid);
buf_len = sizeof(buf);
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
+ if (!str) {
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
+ extension_name));
+ continue;
+ }
lf = strchr(str, '\n'); /* look for multiline strings */
if (NULL != lf)
*lf = '\0'; /* only log first line of multiline here */

42
net-snmp-5.9-twice-IP-parsing.patch
View File

@ -1,34 +1,16 @@
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index b96497f3a..b594a389b 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -387,7 +387,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
/* Nope, wasn't a dotted quad. Must be a hostname. */
int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
if (ret < 0) {
- config_perror("cannot resolve source hostname");
+ config_perror("cannot resolve IPv4 source hostname");
return;
}
}
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index 238c8a9d6..43c4eaee1 100644
index e6f5b20..41a5e01 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -736,7 +736,15 @@ netsnmp_udp6_parse_security(const char *token, char *param)
memset(&pton_addr.sin6_addr.s6_addr, '\0',
sizeof(struct in6_addr));
} else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) {
- /* Nope, wasn't a numeric address. Must be a hostname. */
+ /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */
@@ -34,6 +34,11 @@
#if HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
+
+ /* Try interpreting as dotted quad - IPv4 */
+ struct in_addr network;
+ if (inet_pton(AF_INET, sourcep, &network) > 0){
+ /* Yes, it's IPv4 - those it's already parsed and we can return. */
+ DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n"));
+ return;
+ }
#if HAVE_GETADDRINFO
int gai_error;
+#if defined(HAVE_WINSOCK_H) && !defined(mingw32)
+static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
+#endif
+
#if HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif

79
net-snmp.spec
View File

@ -9,8 +9,8 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.9
Release: 11%{?dist}
Version: 5.9.1
Release: 1%{?dist}
Epoch: 1
License: BSD
@ -37,27 +37,21 @@ Patch7: net-snmp-5.8-Remove-U64-typedef.patch
Patch8: net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch
Patch9: net-snmp-5.7.3-iterator-fix.patch
Patch10: net-snmp-5.9-autofs-skip.patch
Patch11: net-snmp-5.9-python-ld-flags.patch
Patch12: net-snmp-5.9-usage-exit.patch
Patch13: net-snmp-5.9-coverity.patch
Patch14: net-snmp-5.9-proxy-getnext.patch
Patch15: net-snmp-5.9-dskTable-dynamic.patch
Patch16: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch17: net-snmp-5.8-duplicate-ipAddress.patch
Patch18: net-snmp-5.9-memory-reporting.patch
Patch19: net-snmp-5.8-man-page.patch
Patch20: net-snmp-5.8-ipAddress-faster-load.patch
Patch21: net-snmp-5.8-rpm-memory-leak.patch
Patch22: net-snmp-5.9-aes-config.patch
Patch23: net-snmp-5.9-available-memory.patch
Patch24: net-snmp-5.8-asn-parse-nlength.patch
Patch25: net-snmp-5.8-clientaddr-error-message.patch
Patch26: net-snmp-5.8-empty-passphrase.patch
Patch27: net-snmp-5.9-ECC-cert.patch
Patch28: net-snmp-5.9-intermediate-certs.patch
Patch29: net-snmp-5.9-ssl-buffer-size.patch
Patch30: net-snmp-5.9-twice-IP-parsing.patch
Patch31: net-snmp-5.9-openssl-3.0.patch
Patch11: net-snmp-5.9-usage-exit.patch
Patch12: net-snmp-5.9-coverity.patch
Patch13: net-snmp-5.9-dskTable-dynamic.patch
Patch14: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch15: net-snmp-5.8-duplicate-ipAddress.patch
Patch16: net-snmp-5.9-memory-reporting.patch
Patch17: net-snmp-5.8-man-page.patch
Patch18: net-snmp-5.8-ipAddress-faster-load.patch
Patch19: net-snmp-5.8-rpm-memory-leak.patch
Patch20: net-snmp-5.9-aes-config.patch
Patch21: net-snmp-5.8-clientaddr-error-message.patch
Patch22: net-snmp-5.9-ECC-cert.patch
Patch23: net-snmp-5.9-intermediate-certs.patch
Patch24: net-snmp-5.9-twice-IP-parsing.patch
Patch25: net-snmp-5.9-openssl-3.0.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
@ -219,27 +213,21 @@ cp %{SOURCE10} .
%patch8 -p1 -b .perlfix
%patch9 -p1 -b .iterator-fix
%patch10 -p1 -b .autofs-skip
%patch11 -p1 -b .python-ld-flags
%patch12 -p1 -b .usage-fix
%patch13 -p1 -b .coverity
%patch14 -p1 -b .proxy-getnext
%patch15 -p1 -b .dskTable-dynamic
%patch16 -p1 -b .expand-SNMPCONFPATH
%patch17 -p1 -b .duplicate-ipAddress
%patch18 -p1 -b .memory-reporting
%patch19 -p1 -b .man-page
%patch20 -p1 -b .ipAddress-faster-load
%patch21 -p1 -b .rpm-memory-leak
%patch22 -p1 -b .aes-config
%patch23 -p1 -b .available-memory
%patch24 -p1 -b .asn-parse-nlength
%patch25 -p1 -b .clientaddr-error-message
%patch26 -p1 -b .empty-passphrase
%patch27 -p1 -b .ECC-cert
%patch28 -p1 -b .intermediate-certs
%patch29 -p1 -b .ssl-buffer-size
%patch30 -p1 -b .twice-IP-parsing
%patch31 -p1 -b .openssl-3-0
%patch11 -p1 -b .usage-fix
%patch12 -p1 -b .coverity
%patch13 -p1 -b .dskTable-dynamic
%patch14 -p1 -b .expand-SNMPCONFPATH
%patch15 -p1 -b .duplicate-ipAddress
%patch16 -p1 -b .memory-reporting
%patch17 -p1 -b .man-page
%patch18 -p1 -b .ipAddress-faster-load
%patch19 -p1 -b .rpm-memory-leak
%patch20 -p1 -b .aes-config
%patch21 -p1 -b .clientaddr-error-message
%patch22 -p1 -b .ECC-cert
%patch23 -p1 -b .intermediate-certs
%patch24 -p1 -b .twice-IP-parsing
%patch25 -p1 -b .openssl-3-0
%patch101 -p1 -b .modern-rpm-api
%patch102 -p1
@ -508,6 +496,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
* Thu May 27 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-1
- New upstream release 5.9.1 (#1964963)
* Wed May 26 2021 Josef Ridky <jridky@redhat.com> 1:5.9-11
- disable DES and port for OpenSSL 3.0 (#1958073)

2
sources
View File

@ -1 +1 @@
SHA512 (net-snmp-5.9.tar.gz) = 21855ba5cee47ba41a82f88d2fa558c9a732690858af5523ae99c2b3939b133e3450d04c6446b3168eed6f08d6f0f5d4cbb5d784b713a8e14f68c424e514f91b
SHA512 (net-snmp-5.9.1.tar.gz) = 7d73b2085863b1c063d7eaee488d806cc07da79c070f702068846e43d8e5c67673b86357600f2c1f774c30c24b0561cb566c64ea4588b073bf6906a9c6949ab7