import net-snmp-5.8-19.el8

2020-12-03 08:10:25 +00:00 · 2020-12-03 08:10:25 +00:00 · a11633299b
commit a11633299b
parent dac47ded42
6 changed files with 230 additions and 4 deletions
--- a/SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch
+++ b/SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch
@ -0,0 +1,70 @@
+diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c
+--- old/agent/mibgroup/agent/extend.c	2020-11-11 12:41:46.377115142 +0100
+++ new/agent/mibgroup/agent/extend.c	2020-11-11 12:50:28.047142105 +0100
+@@ -16,6 +16,12 @@
+ #define SHELLCOMMAND 3
+ #endif
+ 
+/*  This mib is potentially dangerous to turn on by default, since it
+ *  allows arbitrary commands to be set by anyone with SNMP WRITE
+ *  access to the MIB table.  If all of your users are "root" level
+ *  users, then it may be safe to turn on. */
+#define ENABLE_EXTEND_WRITE_ACCESS 0
+
+ netsnmp_feature_require(extract_table_row_data)
+ netsnmp_feature_require(table_data_delete_table)
+ #ifndef NETSNMP_NO_WRITE_SUPPORT
+@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
+          *
+          **********/
+ 
+-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
+         case MODE_SET_RESERVE1:
+             /*
+              * Validate the new assignments
+@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
+                 }
+             }
+             break;
+-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ 
+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
+ 
+         default:
+             netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
+@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
+         }
+     }
+ 
+-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
+     /*
+      * If we're marking a given row as active,
+      *  then we need to check that it's ready.
+@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
+             }
+         }
+     }
+-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
+     
+     return SNMP_ERR_NOERROR;
+ }
+@@ -1571,7 +1577,7 @@ fixExec2Error(int action,
+     idx = name[name_len-1] -1;
+     exten = &compatability_entries[ idx ];
+ 
+-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
+     switch (action) {
+     case MODE_SET_RESERVE1:
+         if (var_val_type != ASN_INTEGER) {
+@@ -1592,7 +1598,7 @@ fixExec2Error(int action,
+     case MODE_SET_COMMIT:
+         netsnmp_cache_check_and_reload( exten->efix_entry->cache );
+     }
+-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
+     return SNMP_ERR_NOERROR;
+ }
+ #endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */
--- a/SOURCES/net-snmp-5.8-bulk.patch
+++ b/SOURCES/net-snmp-5.8-bulk.patch
@ -0,0 +1,51 @@
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c	2020-09-29 14:08:09.821479662 +0200
+++ b/snmplib/snmp_api.c	2020-10-01 10:15:46.607374362 +0200
+@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session
+     session->retries = SNMP_DEFAULT_RETRIES;
+     session->version = SNMP_DEFAULT_VERSION;
+     session->securityModel = SNMP_DEFAULT_SECMODEL;
+-    session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
+    session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
+     session->sndMsgMaxSize = netsnmp_max_send_msg_size();
+     session->flags |= SNMP_FLAGS_DONT_PROBE;
+ }
+@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
+     /*
+      * build a scopedPDU structure into spdu_buf
+      */
+-    spdu_buf_len = SNMP_MAX_MSG_SIZE;
+    spdu_buf_len = sizeof(spdu_buf);
+     DEBUGDUMPSECTION("send", "ScopedPdu");
+     cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
+                                        &spdu_hdr_e);
+@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
+      */
+     DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
+     if (pdu_data) {
+        if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
+            snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
+                     __func__, pdu_data_len, sizeof(spdu_buf));
+            return -1;
+        }
+         memcpy(cp, pdu_data, pdu_data_len);
+         cp += pdu_data_len;
+     } else {
+@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
+      * re-encode the actual ASN.1 length of the scopedPdu
+      */
+     spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
+-    spdu_buf_len = SNMP_MAX_MSG_SIZE;
+    spdu_buf_len = sizeof(spdu_buf);
+     if (asn_build_sequence(spdu_buf, &spdu_buf_len,
+                            (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
+                            spdu_len) == NULL)
+@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
+      * message - the entire message to transmitted on the wire is returned
+      */
+     cp = NULL;
+-    *out_length = SNMP_MAX_MSG_SIZE;
+    *out_length = sizeof(spdu_buf);
+     DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
+     sptr = find_sec_mod(pdu->securityModel);
+     if (sptr && sptr->encode_forward) {
--- a/SOURCES/net-snmp-5.8-clientaddr-error-message.patch
+++ b/SOURCES/net-snmp-5.8-clientaddr-error-message.patch
@ -0,0 +1,23 @@
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c	2020-11-26 11:05:51.084788775 +0100
+++ b/snmplib/snmp_api.c	2020-11-26 11:08:27.850751397 +0100
+@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
+     "No error",                 /* SNMPERR_SUCCESS */
+     "Generic error",            /* SNMPERR_GENERR */
+     "Invalid local port",       /* SNMPERR_BAD_LOCPORT */
+-    "Unknown host",             /* SNMPERR_BAD_ADDRESS */
+    "Invalid address",          /* SNMPERR_BAD_ADDRESS */
+     "Unknown session",          /* SNMPERR_BAD_SESSION */
+     "Too long",                 /* SNMPERR_TOO_LONG */
+     "No socket",                /* SNMPERR_NO_SOCKET */
+@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
+         DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
+         in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
+         in_session->s_errno = errno;
+-        snmp_set_detail(in_session->peername);
+        if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
+                                    NETSNMP_DS_LIB_CLIENT_ADDR))
+            snmp_set_detail(in_session->peername);
+         return NULL;
+     }
+ 
--- a/SOURCES/net-snmp-5.8-empty-passphrase.patch
+++ b/SOURCES/net-snmp-5.8-empty-passphrase.patch
@ -0,0 +1,30 @@
+From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
+From: Josef Ridky <jridky@redhat.com>
+Date: Wed, 18 Nov 2020 20:54:34 -0800
+Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
+
+See also https://github.com/net-snmp/net-snmp/issues/86.
+
+Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
+Reported-by: Chris Cheney
+---
+ net-snmp-create-v3-user.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+index 452c2699d..31b4c58c1 100644
+--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
+@@ -120,7 +120,11 @@ fi
+ fi
+ outdir="@PERSISTENT_DIRECTORY@"
+ outfile="$outdir/snmpd.conf"
+-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+if test "x$xpassphrase" = "x" ; then
+    line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
+else
+    line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+fi
+ echo "adding the following line to $outfile:"
+ echo "  " $line
+ # in case it hasn't ever been started yet, start it.
--- a/SOURCES/net-snmp-5.8-ipv6-disabled.patch
+++ b/SOURCES/net-snmp-5.8-ipv6-disabled.patch
@ -0,0 +1,31 @@
+diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
+--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c	2020-09-29 14:08:09.742478965 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c	2020-10-01 14:20:25.575174851 +0200
+@@ -19,6 +19,7 @@
+ 
+ #include <errno.h>
+ #include <sys/ioctl.h>
+#include <sys/stat.h>
+ 
+ netsnmp_feature_require(prefix_info)
+ netsnmp_feature_require(find_prefix_info)
+@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i
+ 
+ #define PROCFILE "/proc/net/if_inet6"
+     if (!(in = fopen(PROCFILE, "r"))) {
+-        NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+
+        /* 
+         * If PROCFILE exists, but isn't readable, file ERROR message.
+         * Otherwise log nothing, due of IPv6 support on this machine is
+         * intentionaly disabled/unavailable.
+         */
+
+        struct stat filestat;
+
+        if(stat(PROCFILE, &filestat) == 0){
+            NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+        }
+         return -2;
+     }
+ 
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@ -10,7 +10,7 @@
 Summary:    A collection of SNMP protocol tools and libraries
 Name:       net-snmp
 Version:    5.8
-Release:    17%{?dist}
+Release:    19%{?dist}
 Epoch:      1

 License:    BSD
@ -56,6 +56,11 @@ Patch27:    net-snmp-5.8-ipAddress-faster-load.patch
 Patch28:    net-snmp-5.8-rpm-memory-leak.patch
 Patch29:    net-snmp-5.8-sec-memory-leak.patch
 Patch30:    net-snmp-5.8-aes-config.patch
+Patch31:    net-snmp-5.7.2-CVE-2020-15862.patch
+Patch32:    net-snmp-5.8-bulk.patch
+Patch33:    net-snmp-5.8-clientaddr-error-message.patch
+Patch34:    net-snmp-5.8-ipv6-disabled.patch
+Patch35:    net-snmp-5.8-empty-passphrase.patch

 # Modern RPM API means at least EL6
 Patch101:   net-snmp-5.8-modern-rpm-api.patch
@ -211,6 +216,11 @@ rm -r python
 %patch28 -p1 -b .rpm-memory-leak
 %patch29 -p1 -b .sec-memory-leak
 %patch30 -p1 -b .aes-config
+%patch31 -p1 -b .CVE-2020-15862
+%patch32 -p1 -b .bulk
+%patch33 -p1 -b .clientaddr-error-message
+%patch34 -p1 -b .ipv6-disabled
+%patch35 -p1 -b .empty-passphrase

 %patch101 -p1 -b .modern-rpm-api

@ -389,8 +399,8 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %doc README.thread AGENT.txt PORTING local/README.mib2c
 %doc IETF-MIB-LICENSE.txt
 %dir %{_sysconfdir}/snmp
-%config(noreplace) %attr(0650,root,root) %{_sysconfdir}/snmp/snmpd.conf
-%config(noreplace) %attr(0650,root,root) %{_sysconfdir}/snmp/snmptrapd.conf
+%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmpd.conf
+%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmptrapd.conf
 %{_bindir}/snmpconf
 %{_bindir}/net-snmp-create-v3-user
 %{_sbindir}/*
@ -465,6 +475,17 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_libdir}/libnetsnmptrapd*.so.%{soname}*

 %changelog
+* Tue Dec 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-19
+- revert permission of config files to 600 (#1601060)
+- fix error message when the address specified by clientaddr option
+  is wrong or cannot be bound (#1877375)
+- log error with /proc/net/if_inet6 only when IPv6 is enabled (#1824367)
+- fix issue with quoting empty passphrase (#1817225)
+
+* Wed Nov 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18
+- fix CVE-2020-15862 (#1875497)
+- fix bulk responses for invalid PID (#1817190)
+
 * Tue Aug 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
 - add math library in LDFLAGS (#1846252)

@ -524,7 +545,7 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test

 * Mon Aug 13 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
 - fix default configuration file (#1589480 and #1594147)
- modify permissions for /var/log files (#1601060)
+- modify permissions for config files (#1601060)

 * Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
 - remove python package and update to the last upstream version (#1584510)