rpms
/
net-snmp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import net-snmp-5.8-15.el8

This commit is contained in:
CentOS Sources 2020-07-28 03:50:43 -04:00 committed by Stepan Oksanichenko
parent 588711ef43
commit b6caa8010a
16 changed files with 1634 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
SOURCES/net-snmp-5.8-aes-config.patch Normal file
View File

@ -0,0 +1,100 @@
From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 27 Apr 2020 08:23:16 -0700
Subject: [PATCH] configure: Report supported authentication and encryption
modes correctly
Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
protocol constants handling") added support for several AES encryption modes.
Make the configure script report which modes are supported.
---
configure | 15 ++++++++++++++-
configure.d/config_os_misc2 | 15 ++++++++++++++-
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 46402589f..7481ebd07 100755
--- a/configure
+++ b/configure
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
$as_echo "Internal Crypto Support" >&6; }
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -26492,6 +26498,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
index 1df9bf0a2..be0bccec0 100644
--- a/configure.d/config_os_misc2
+++ b/configure.d/config_os_misc2
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
AC_MSG_RESULT(Internal Crypto Support)
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -86,6 +92,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
AC_SUBST(LNETSNMPLIBS)
AC_SUBST(LAGENTLIBS)
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200
+++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200
@@ -58,11 +58,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ DES|AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ des|aes|aes128|aes192|aes256)
Xalgorithm=`echo $1 | tr a-z A-Z`
shift
;;

181
SOURCES/net-snmp-5.8-dskTable-dynamic.patch Normal file
View File

@ -0,0 +1,181 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:29:35.867328760 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:44:13.053535421 +0200
@@ -153,9 +153,10 @@ static void disk_free_config(void)
static void disk_parse_config(const char *, char *);
static void disk_parse_config_all(const char *, char *);
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
-static void find_and_add_allDisks(int minpercent);
+static void refresh_disk_table(int addNewDisks, int minpercent);
static void add_device(char *path, char *device,
- int minspace, int minpercent, int override);
+ int minspace, int minpercent, int addNewDisks,
+ int override);
static void modify_disk_parameters(int index, int minspace,
int minpercent);
static int disk_exists(char *path);
@@ -167,6 +168,7 @@ struct diskpart {
char path[STRMAX];
int minimumspace;
int minpercent;
+ int alive;
};
#define MAX_INT_32 0x7fffffff
@@ -174,6 +176,7 @@ struct diskpart {
unsigned int numdisks;
int allDisksIncluded = 0;
+int allDisksMinPercent = 0;
unsigned int maxdisks = 0;
struct diskpart *disks;
@@ -238,6 +241,7 @@ init_disk(void)
disk_free_config,
"minpercent%");
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -253,6 +257,7 @@ disk_free_config(void)
disks[i].minpercent = -1;
}
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
* check if the disk already exists, if so then modify its
* parameters. if it does not exist then add it
*/
- add_device(path, find_device(path), minspace, minpercent, 1);
+ add_device(path, find_device(path), minspace, minpercent, 1, 1);
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
}
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
static void
-add_device(char *path, char *device, int minspace, int minpercent, int override)
+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override)
{
int index;
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
}
index = disk_exists(path);
- if((index != -1) && (index < maxdisks) && (override==1)) {
- modify_disk_parameters(index, minspace, minpercent);
+ if((index != -1) && (index < maxdisks)) {
+ /* the path is already in the table */
+ disks[index].alive = 1;
+ /* -> update its device */
+ strlcpy(disks[index].device, device, sizeof(disks[index].device));
+ if (override == 1) {
+ modify_disk_parameters(index, minspace, minpercent);
+ }
}
- else if(index == -1){
+ else if(index == -1 && addNewDisks){
/* add if and only if the device was found */
if(device[0] != 0) {
/* The following buffers are cleared above, no need to add '\0' */
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
disks[numdisks].minimumspace = minspace;
disks[numdisks].minpercent = minpercent;
+ disks[numdisks].alive = 1;
numdisks++;
}
else {
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
disks[numdisks].minpercent = -1;
disks[numdisks].path[0] = 0;
disks[numdisks].device[0] = 0;
+ disks[numdisks].alive = 0;
}
}
}
@@ -444,7 +457,7 @@ int disk_exists(char *path)
}
static void
-find_and_add_allDisks(int minpercent)
+refresh_disk_table(int addNewDisks, int minpercent)
{
#if HAVE_GETMNTENT
#if HAVE_SYS_MNTTAB_H
@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while (mntfp && NULL != (mntent = getmntent(mntfp))) {
- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
if (mntfp)
@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while ((i = getmntent(mntfp, &mnttab)) == 0) {
- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
fclose(mntfp);
@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent)
#elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) {
- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
endfsent(); /* close /etc/fstab */
@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) {
- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0);
+ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0);
}
}
}
@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/"
*/
if (statfs("/", &statf) == 0) {
- add_device("/", statf.f_mntfromname, -1, minpercent, 0);
+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
}
#endif
else {
@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_e
#endif
#endif
+ if (disks[disknum].alive == 0){
+ return -1;
+ }
+
entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -826,6 +843,13 @@ var_extensible_disk(struct variable *vp,
static long long_ret;
static char *errmsg;
+ int i;
+ for (i = 0; i < numdisks; i++){
+ disks[i].alive = 0;
+ }
+ /* dynamically add new disks + update alive flag */
+ refresh_disk_table(allDisksIncluded, allDisksMinPercent);
+
tryAgain:
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numdisks))

11
SOURCES/net-snmp-5.8-duplicate-ipAddress.patch Normal file
View File

@ -0,0 +1,11 @@
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200
@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
/* 'entry' is duplicate of the previous one -> delete it */
+ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
netsnmp_access_ipaddress_entry_free(entry);
} else {
CONTAINER_INSERT(ret, entry);

12
SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch Normal file
View File

@ -0,0 +1,12 @@
diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200
+++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200
@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
* save a warning header to the top of the new file
*/
snprintf(fileold, sizeof(fileold),
- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
+ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
"#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
"#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
type, type, type,

82
SOURCES/net-snmp-5.8-ipAddress-faster-load.patch Normal file
View File

@ -0,0 +1,82 @@
diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200
+++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200
@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
}
#elif defined(linux)
+#include <errno.h>
static struct ifreq *ifr;
static int ifr_counter;
static void
Address_Scan_Init(void)
{
- int num_interfaces = 0;
+ int i;
int fd;
+ int lastlen = 0;
/* get info about all interfaces */
@@ -510,28 +512,45 @@ Address_Scan_Init(void)
SNMP_FREE(ifc.ifc_buf);
ifr_counter = 0;
- do
- {
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
{
DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
return;
}
- num_interfaces += 16;
- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
-
- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
- {
- ifr=NULL;
- close(fd);
- return;
- }
- close(fd);
+ /*
+ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
+ * on some platforms; see W. R. Stevens, ``Unix Network Programming
+ * Volume I'', p.435...
+ */
+
+ for (i = 8;; i *= 2) {
+ ifc.ifc_len = sizeof(struct ifreq) * i;
+ ifc.ifc_req = calloc(i, sizeof(struct ifreq));
+
+ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
+ if (errno != EINVAL || lastlen != 0) {
+ /*
+ * Something has gone genuinely wrong...
+ */
+ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
+ SNMP_FREE(ifc.ifc_buf);
+ close(fd);
+ return;
+ }
+ } else {
+ if (ifc.ifc_len == lastlen) {
+ /*
+ * The length is the same as the last time; we're done...
+ */
+ break;
+ }
+ lastlen = ifc.ifc_len;
+ }
+ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
}
- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
-
+
+ close(fd);
ifr = ifc.ifc_req;
}

500
SOURCES/net-snmp-5.8-licensing.patch Normal file
View File

@ -0,0 +1,500 @@
diff -ruNp a/agent/mibgroup/host/data_access/swrun_darwin.c b/agent/mibgroup/host/data_access/swrun_darwin.c
--- a/agent/mibgroup/host/data_access/swrun_darwin.c 2020-06-10 09:56:52.517606921 +0200
+++ b/agent/mibgroup/host/data_access/swrun_darwin.c 1970-01-01 01:00:00.000000000 +0100
@@ -1,496 +0,0 @@
-/*
- * swrun_darwin.c:
- * hrSWRunTable data access:
- * Darwin
- */
-/*
- * Copyright (C) 2007 Apple, Inc. All rights reserved.
- * Use is subject to license terms specified in the COPYING file
- * distributed with the Net-SNMP package.
- */
-#include <net-snmp/net-snmp-config.h>
-#include <net-snmp/net-snmp-includes.h>
-#include <net-snmp/agent/net-snmp-agent-includes.h>
-#include <net-snmp/library/container.h>
-#include <net-snmp/library/snmp_debug.h>
-#include <net-snmp/data_access/swrun.h>
-#include "swrun_private.h"
-
-#include <stdlib.h>
-#include <unistd.h>
-
-#include <libproc.h>
-#include <sys/proc_info.h>
-#include <sys/sysctl.h> /* for sysctl() and struct kinfo_proc */
-
-#define __APPLE_API_EVOLVING 1
-#include <sys/acl.h> /* or else CoreFoundation.h barfs */
-#undef __APPLE_API_EVOLVING
-
-#include <CoreFoundation/CFBase.h>
-#include <CoreFoundation/CFNumber.h>
-#include <CoreFoundation/CFBundle.h>
-#include <CoreServices/CoreServices.h>
-#include <IOKit/IOCFBundle.h>
-#include <mach/mach.h>
-#include <mach/mach_time.h>
-
-/** sigh... can't find Processes.h */
-#ifndef kProcessDictionaryIncludeAllInformationMask
-#define kProcessDictionaryIncludeAllInformationMask (long)0xFFFFFFFF
-#endif
-#ifndef procNotFound
-#define procNotFound -600
-#endif
-
-/* ---------------------------------------------------------------------
- */
-static int _kern_argmax;
-static int _set_command_name(netsnmp_swrun_entry *entry);
-
-/** avoid kernel bug in 10.2. 8192 oughta be enough anyways, right? */
-#define MAX_KERN_ARGMAX 8192
-
-/* ---------------------------------------------------------------------
- */
-void
-netsnmp_arch_swrun_init(void)
-{
- int mib[2] = { CTL_KERN, KERN_ARGMAX };
- size_t size, mib_size = sizeof(mib)/sizeof(mib[0]);
-
- DEBUGMSGTL(("swrun:load:arch","init\n"));
-
- size = sizeof(_kern_argmax);
- if (sysctl(mib, mib_size, &_kern_argmax, &size, NULL, 0) == -1) {
- snmp_log(LOG_ERR, "Error in ARGMAX sysctl(): %s", strerror(errno));
- _kern_argmax = MAX_KERN_ARGMAX;
- }
- else if (_kern_argmax > MAX_KERN_ARGMAX) {
- DEBUGMSGTL(("swrun:load:arch",
- "artificially limiting ARGMAX to %d (from %d)\n",
- MAX_KERN_ARGMAX, _kern_argmax));
- _kern_argmax = MAX_KERN_ARGMAX;
- }
-
-
-}
-
-/* ---------------------------------------------------------------------
- */
-#define SWRUNINDENT " "
-int
-netsnmp_arch_swrun_container_load( netsnmp_container *container, u_int flags)
-{
- int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL};
- size_t buf_size, mib_size = sizeof(mib)/sizeof(mib[0]);
- struct kinfo_proc *processes = NULL;
- struct proc_taskallinfo taskinfo;
- netsnmp_swrun_entry *entry;
- int rc, num_entries, i;
-
- DEBUGMSGTL(("swrun:load:arch"," load\n"));
-
- /*
- * get size to allocate. This introduces a bit of a race condition,
- * as the size could change between this call and the next...
- */
- rc = sysctl(mib, mib_size, NULL, &buf_size, NULL, 0);
- if (rc < 0) {
- snmp_log(LOG_ERR, "KERN_PROC_ALL size sysctl failed: %d\n", rc);
- return -1;
- }
-
- processes = (struct kinfo_proc*) malloc(buf_size);
- if (NULL == processes) {
- snmp_log(LOG_ERR, "malloc failed\n");
- return -1;
- }
-
- rc = sysctl(mib, mib_size, processes, &buf_size, NULL, 0);
- if (rc < 0) {
- snmp_log(LOG_ERR, "KERN_PROC_ALL sysctl failed: %d\n", rc);
- free(processes);
- return -1;
- }
-
- num_entries = buf_size / sizeof(struct kinfo_proc);
-
- for (i = 0; i < num_entries; i++) {
- /*
- * skip empty names.
- * p_stat = (SIDL|SRUN|SSLEEP|SSTOP|SZOMB)
- */
- if (('\0' == processes[i].kp_proc.p_comm[0]) ||
- (0 == processes[i].kp_proc.p_pid)) {
- DEBUGMSGTL(("swrun:load:arch",
- " skipping p_comm '%s', pid %5d, p_pstat %d\n",
- processes[i].kp_proc.p_comm ?
- processes[i].kp_proc.p_comm : "NULL",
- processes[i].kp_proc.p_pid,
- processes[i].kp_proc.p_stat));
- continue;
- }
-
- DEBUGMSGTL(("swrun:load:arch"," %s pid %5d\n",
- processes[i].kp_proc.p_comm,
- processes[i].kp_proc.p_pid));
-
- entry = netsnmp_swrun_entry_create(processes[i].kp_proc.p_pid);
- if (NULL == entry)
- continue; /* error already logged by function */
- rc = CONTAINER_INSERT(container, entry);
-
- /*
- * p_comm is a partial name, but it is all we have at this point.
- */
- entry->hrSWRunName_len = snprintf(entry->hrSWRunName,
- sizeof(entry->hrSWRunName)-1,
- "%s", processes[i].kp_proc.p_comm);
-
- /** sysctl for name, path, params */
- rc = _set_command_name(entry);
-
- /*
- * map p_stat to RunStatus. Odd that there is no 'running' status.
- */
- switch(processes[i].kp_proc.p_stat) {
- case SRUN:
- entry->hrSWRunStatus = HRSWRUNSTATUS_RUNNABLE;
- break;
- case SSLEEP:
- case SSTOP:
- entry->hrSWRunStatus = HRSWRUNSTATUS_NOTRUNNABLE;
- break;
- case SIDL:
- case SZOMB:
- default:
- entry->hrSWRunStatus = HRSWRUNSTATUS_INVALID;
- break;
- }
-
- /*
- * check for system processes
- */
- if (P_SYSTEM & processes[i].kp_proc.p_flag) {
- entry->hrSWRunType = HRSWRUNTYPE_OPERATINGSYSTEM;
- DEBUGMSGTL(("swrun:load:arch", SWRUNINDENT "SYSTEM\n"));
- }
- else entry->hrSWRunType = HRSWRUNTYPE_APPLICATION;
-
- /*
- * get mem size, run time
- */
- rc = proc_pidinfo( processes[i].kp_proc.p_pid, PROC_PIDTASKALLINFO, 0,
- &taskinfo, sizeof(taskinfo));
- if (sizeof(taskinfo) != rc) {
- DEBUGMSGTL(("swrun:load:arch", " proc_pidinfo returned %d\n", rc));
- }
- else {
- uint64_t task_mem = taskinfo.ptinfo.pti_resident_size / 1024;
- union {
- u_quad_t uq; /* u_int64_t */
- UnsignedWide uw; /* struct u_int32_t hi/lo */
- } at, ns;
- at.uq = taskinfo.ptinfo.pti_total_user +
- taskinfo.ptinfo.pti_total_system;
- ns = at;
- ns.uq = ns.uq / 10000000LL; /* nano to deci */
- if (task_mem > INT32_MAX) {
- DEBUGMSGTL(("swrun:load:arch", SWRUNINDENT "mem overflow\n"));
- task_mem = INT32_MAX;
- }
- if (ns.uq > INT32_MAX) {
- DEBUGMSGTL(("swrun:load:arch", SWRUNINDENT "time overflow\n"));
- ns.uq = INT32_MAX;
- }
- entry->hrSWRunPerfMem = task_mem;
- entry->hrSWRunPerfCPU = ns.uq;
- }
- }
- free(processes);
-
- DEBUGMSGTL(("swrun:load:arch"," loaded %d entries\n",
- (int)CONTAINER_SIZE(container)));
-
- return 0;
-}
-
-/* ---------------------------------------------------------------------
- * The following code was snagged from Darwin code, and the original
- * file had the following licences:
- */
-
-/*
- * Copyright (c) 2002-2004 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License"). You may not use this file except in compliance with the
- * License. Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
- * License for the specific language governing rights and limitations
- * under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-#ifdef JAGUAR /* xxx configure test? */
-static int
-_set_command_name_jaguar(netsnmp_swrun_entry *entry)
-{
- int mib[3] = {CTL_KERN, KERN_PROCARGS, 0};
- size_t procargssize, mib_size = sizeof(mib)/sizeof(mib[0]);
- char *arg_end, *exec_path;
- int *ip;
- int len;
- char *command_beg, *command, *command_end;
- char arg_buf[MAX_KERN_ARGMAX]; /* max to avoid kernel bug */
-
- DEBUGMSGTL(("swrun:load:arch:_cn"," pid %d\n", entry->hrSWRunIndex));
-
- mib[2] = entry->hrSWRunIndex;
-
- memset(arg_buf, 0x0, sizeof(arg_buf));
- procargssize = _kern_argmax;
- if (sysctl(mib, mib_size, arg_buf, &procargssize, NULL, 0) == -1) {
- snmp_log(LOG_ERR, "Error in PROCARGS sysctl() for %s: %s\n",
- entry->hrSWRunName, strerror(errno));
- entry->hrSWRunPath_len = 0;
- return -1;
- }
-
- /* Set ip just above the end of arg_buf. */
- arg_end = &arg_buf[procargssize];
- ip = (int *)arg_end;
-
- /*
- * Skip the last 2 words, since the last is a 0 word, and
- * the second to last may be as well, if there are no
- * arguments.
- */
- ip -= 3;
-
- /* Iterate down the arguments until a 0 word is found. */
- for (; *ip != 0; ip--) {
- if (ip == (int *)arg_buf) {
- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected toparg\n"));
- return -1;
- }
- }
-
- /* The saved exec_path is just above the 0 word. */
- ip++;
- exec_path = (char *)ip;
- DEBUGMSGTL(("swrun:load:arch:_cn"," exec_path %s\n", exec_path));
- len = strlen(exec_path);
- strlcpy(entry->hrSWRunPath, exec_path, sizeof(entry->hrSWRunPath));
- if (len > sizeof(entry->hrSWRunPath)-1) {
- DEBUGMSGTL(("swrun:load:arch:_cn"," truncating long run path\n"));
- entry->hrSWRunPath[sizeof(entry->hrSWRunPath)-2] = '$';
- entry->hrSWRunPath_len = sizeof(entry->hrSWRunPath)-1;
- DEBUGMSGTL(("swrun:load:arch:_cn"," exec_path %s\n",
- entry->hrSWRunPath));
- }
- else
- entry->hrSWRunPath_len = len;
-
- /*
- * Get the beginning of the first argument. It is word-aligned,
- * so skip padding '\0' bytes.
- */
- command_beg = exec_path + strlen(exec_path);
- DEBUGMSGTL(("swrun:load:arch:_cn"," command_beg '%s'\n", command_beg));
- for (; *command_beg == '\0'; command_beg++) {
- if (command_beg >= arg_end)
- return -1;
- }
- DEBUGMSGTL(("swrun:load:arch:_cn"," command_beg '%s'\n", command_beg));
-
- /* Get the basename of command. */
- command = command_end = command_beg + strlen(command_beg) + 1;
- for (command--; command >= command_beg; command--) {
- if (*command == '/')
- break;
- }
- command++;
- DEBUGMSGTL(("swrun:load:arch:_cn"," command '%s'\n", command));
-
- /* Allocate space for the command and copy. */
- DEBUGMSGTL(("swrun:load:arch:_cn",
- SWRUNINDENT "kernel name %s\n", command));
- if (strncmp(command, entry->hrSWRunName, sizeof(entry->hrSWRunName)-1)) {
- strlcpy(entry->hrSWRunName, command, sizeof(entry->hrSWRunName));
- entry->hrSWRunName_len = strlen(entry->hrSWRunName);
- DEBUGMSGTL(("swrun:load:arch:_cn", "**"
- SWRUNINDENT "updated name to %s\n", entry->hrSWRunName));
- return 0;
- }
-
- /** no error, no change */
- return 1;
-}
-#else
-static int
-_set_command_name(netsnmp_swrun_entry *entry)
-{
- int mib[3] = {CTL_KERN, 0, 0};
- size_t procargssize, mib_size = sizeof(mib)/sizeof(mib[0]);
- char *cp;
- int len, nargs;
- char *command_beg, *command, *command_end, *exec_path, *argN;
- char arg_buf[MAX_KERN_ARGMAX]; /* max to avoid kernel bug */
-
- /*
- * arguments
- */
- mib[1] = KERN_PROCARGS2;
- mib[2] = entry->hrSWRunIndex;
-
- memset(arg_buf, 0x0, sizeof(arg_buf));
- procargssize = _kern_argmax;
- if (sysctl(mib, mib_size, arg_buf, &procargssize, NULL, 0) == -1) {
- snmp_log(LOG_ERR, "Error in PROCARGS2 sysctl() for %s: %s\n",
- entry->hrSWRunName, strerror(errno));
- entry->hrSWRunPath_len = 0;
- entry->hrSWRunParameters_len = 0;
- return -1;
- }
- else {
- memcpy(&nargs,arg_buf, sizeof(nargs));
- }
-
- exec_path = arg_buf + sizeof(nargs);
- len = strlen(exec_path);
- strlcpy(entry->hrSWRunPath, exec_path, sizeof(entry->hrSWRunPath));
- if (len > sizeof(entry->hrSWRunPath)-1) {
- DEBUGMSGTL(("swrun:load:arch:_cn"," truncating long run path\n"));
- entry->hrSWRunPath[sizeof(entry->hrSWRunPath)-2] = '$';
- entry->hrSWRunPath_len = sizeof(entry->hrSWRunPath)-1;
- }
- else
- entry->hrSWRunPath_len = len;
-
- /** Skip the saved exec_path. */
-#if 0
- cp = exec_path + len;
-#else
- for (cp = exec_path; cp < &arg_buf[procargssize]; cp++) {
- if (*cp == '\0')
- break; /* End of exec_path reached. */
- }
- if (cp != exec_path + len) {
- DEBUGMSGTL(("swrun:load:arch:_cn", " OFF BY %d\n",
- (int)((exec_path + len) - cp)));
- netsnmp_assert( cp == exec_path + len );
- }
-#endif
- if (cp == &arg_buf[procargssize]) {
- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected end of buffer\n"));
- return -1;
- }
-
- /** Skip trailing '\0' characters. */
- for (; cp < &arg_buf[procargssize]; cp++) {
- if (*cp != '\0')
- break; /* Beginning of first argument reached. */
- }
- if (cp == &arg_buf[procargssize]) {
- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected end of buffer\n"));
- return -1;
- }
- command_beg = cp;
-
- /*
- * Make sure that the command is '\0'-terminated. This protects
- * against malicious programs; under normal operation this never
- * ends up being a problem..
- */
- for (; cp < &arg_buf[procargssize]; cp++) {
- if (*cp == '\0')
- break; /* End of first argument reached. */
- }
- if (cp == &arg_buf[procargssize]) {
- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected end of buffer\n"));
- return -1;
- }
- command_end = command = cp;
- --nargs;
-
- /*
- * save arguments
- */
- while( nargs && cp < &arg_buf[procargssize] ) {
- /** Skip trailing '\0' characters from prev arg. */
- for (; (cp < &arg_buf[procargssize]) && (*cp == 0); cp++)
- ; /* noop */
- if (cp == &arg_buf[procargssize])
- continue; /* effectively a break */
-
- /** save argN start */
- argN = cp;
- --nargs;
- if (0 == nargs)
- continue; /* effectively a break */
-
- /** Skip to end of arg */
- for (; (cp < &arg_buf[procargssize]) && (*cp != 0); cp++)
- ; /* noop */
- if (cp == &arg_buf[procargssize])
- continue; /* effectively a break */
-
- /*
- * check for overrun into env
- */
- if ((*argN != '-') && strchr(argN,'=')) {
- DEBUGMSGTL(("swrun:load:arch:_cn", " *** OVERRUN INTO ENV %d\n",nargs));
- continue;
- }
-
- /*
- * save arg
- */
- if(entry->hrSWRunParameters_len < sizeof(entry->hrSWRunParameters)-1) {
- strlcat(&entry->hrSWRunParameters[entry->hrSWRunParameters_len],
- argN, sizeof(entry->hrSWRunParameters)-entry->hrSWRunParameters_len-1);
- entry->hrSWRunParameters_len = strlen(entry->hrSWRunParameters);
- if ((entry->hrSWRunParameters_len+2 < sizeof(entry->hrSWRunParameters)-1) && (0 != nargs)) {
- /* add space between params */
- entry->hrSWRunParameters[entry->hrSWRunParameters_len++] = ' ';
- entry->hrSWRunParameters[entry->hrSWRunParameters_len] = 0;
- } else {
- DEBUGMSGTL(("swrun:load:arch:_cn"," truncating long arg list\n"));
- entry->hrSWRunParameters[entry->hrSWRunParameters_len++] = '$';
- entry->hrSWRunParameters[entry->hrSWRunParameters_len] = '0';
- }
- }
- }
- if (' ' == entry->hrSWRunParameters[entry->hrSWRunParameters_len])
- entry->hrSWRunParameters[entry->hrSWRunParameters_len--] = 0;
-
-
- /* Get the basename of command. */
- for (command--; command >= command_beg; command--) {
- if (*command == '/')
- break;
- }
- command++;
-
- /* Allocate space for the command and copy. */
- if (strncmp(command, entry->hrSWRunName, sizeof(entry->hrSWRunName)-1)) {
- strlcpy(entry->hrSWRunName, command, sizeof(entry->hrSWRunName));
- entry->hrSWRunName_len = strlen(entry->hrSWRunName);
- DEBUGMSGTL(("swrun:load:arch:_cn",
- " **updated name to %s\n", entry->hrSWRunName));
- }
-
- return 0;
-}
-#endif

36
SOURCES/net-snmp-5.8-man-page.patch Normal file
View File

@ -0,0 +1,36 @@
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200
+++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200
@@ -3,7 +3,7 @@
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
.SH SYNOPSIS
.PP
-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
.B [username]
.SH DESCRIPTION
.PP
@@ -16,13 +16,16 @@ new user in net-snmp configuration file
displays the net-snmp version number
.TP
\fB\-ro\fR
-create an user with read-only permissions
+creates a user with read-only permissions
.TP
-\fB\-a authpass\fR
-specify authentication password
+\fB\-A authpass\fR
+specifies the authentication password
.TP
-\fB\-x privpass\fR
-specify encryption password
+\fB\-a MD5|SHA\fR
+specifies the authentication password hashing algorithm
.TP
-\fB\-X DES|AES\fR
-specify encryption algorithm
+\fB\-X privpass\fR
+specifies the encryption password
+.TP
+\fB\-x DES|AES\fR
+specifies the encryption algorithm

35
SOURCES/net-snmp-5.8-memory-reporting.patch Normal file
View File

@ -0,0 +1,35 @@
diff -urNp a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
--- a/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:36:40.164588176 +0200
+++ b/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:38:59.398944829 +0200
@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
ssize_t bytes_read;
char *b;
unsigned long memtotal = 0, memfree = 0, memshared = 0,
- buffers = 0, cached = 0,
+ buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
netsnmp_memory_info *mem;
@@ -127,6 +127,13 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -183,7 +190,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (!mem->descr)
mem->descr = strdup("Cached memory");
mem->units = 1024;
- mem->size = cached;
+ mem->size = cached+sreclaimable;
mem->free = 0; /* Report cached size/used as equal */
mem->other = -1;
}

12
SOURCES/net-snmp-5.8-proxy-getnext.patch Normal file
View File

@ -0,0 +1,12 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
--- a/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:24:24.933347483 +0200
+++ b/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:25:49.007148474 +0200
@@ -460,7 +460,7 @@ proxy_handler(netsnmp_mib_handler *handl
if (sp->base_len &&
reqinfo->mode == MODE_GETNEXT &&
(snmp_oid_compare(ourname, ourlength,
- sp->base, sp->base_len) < 0)) {
+ sp->name, sp->name_len) < 0)) {
DEBUGMSGTL(( "proxy", "request is out of registered range\n"));
/*
* Create GETNEXT request with an OID so the

26
SOURCES/net-snmp-5.8-rpm-memory-leak.patch Normal file
View File

@ -0,0 +1,26 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
SNMP_FREE(rpmdbpath);
dbpath = NULL;
+#ifdef HAVE_RPMGETPATH
+ rpmFreeRpmrc();
+#endif
if (-1 == stat( pkg_directory, &stat_buf )) {
snmp_log(LOG_ERR, "Can't find directory of RPM packages");
pkg_directory[0] = '\0';
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200
@@ -231,6 +231,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;
swi->swi_directory = strdup(path);
+#ifdef HAVE_RPMGETPATH
+ rpmFreeRpmrc();
+#endif
}
#else
# ifdef _PATH_HRSW_directory

146
SOURCES/net-snmp-5.8-sec-counter.patch Normal file
View File

@ -0,0 +1,146 @@
diff -urNp a/include/net-snmp/library/snmpusm.h b/include/net-snmp/library/snmpusm.h
--- a/include/net-snmp/library/snmpusm.h 2020-03-16 09:54:29.883655600 +0100
+++ b/include/net-snmp/library/snmpusm.h 2020-03-16 09:55:24.142944520 +0100
@@ -43,6 +43,7 @@ extern "C" {
* Structures.
*/
struct usmStateReference {
+ int refcnt;
char *usr_name;
size_t usr_name_length;
u_char *usr_engine_id;
diff -urNp a/snmplib/snmp_client.c b/snmplib/snmp_client.c
--- a/snmplib/snmp_client.c 2020-03-16 09:54:29.892655813 +0100
+++ b/snmplib/snmp_client.c 2020-03-16 09:58:13.214021890 +0100
@@ -402,27 +402,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
return NULL;
}
- if (pdu->securityStateRef &&
- pdu->command == SNMP_MSG_TRAP2) {
-
- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
- (struct usmStateReference **) &newpdu->securityStateRef );
-
- if (ret)
- {
+ sptr = find_sec_mod(newpdu->securityModel);
+ if (sptr && sptr->pdu_clone) {
+ /* call security model if it needs to know about this */
+ ret = sptr->pdu_clone(pdu, newpdu);
+ if (ret) {
snmp_free_pdu(newpdu);
return NULL;
}
}
- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
- sptr->pdu_clone != NULL) {
- /*
- * call security model if it needs to know about this
- */
- (*sptr->pdu_clone) (pdu, newpdu);
- }
-
return newpdu;
}
diff -urNp a/snmplib/snmpusm.c b/snmplib/snmpusm.c
--- a/snmplib/snmpusm.c 2020-03-16 09:54:29.894655860 +0100
+++ b/snmplib/snmpusm.c 2020-03-16 10:03:38.870027530 +0100
@@ -285,43 +285,64 @@ free_enginetime_on_shutdown(int majorid,
struct usmStateReference *
usm_malloc_usmStateReference(void)
{
- struct usmStateReference *retval = (struct usmStateReference *)
- calloc(1, sizeof(struct usmStateReference));
+ struct usmStateReference *retval;
+
+ retval = calloc(1, sizeof(struct usmStateReference));
+ if (retval)
+ retval->refcnt = 1;
return retval;
} /* end usm_malloc_usmStateReference() */
+static int
+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
+{
+ struct usmStateReference *ref = pdu->securityStateRef;
+ struct usmStateReference **new_ref =
+ (struct usmStateReference **)&new_pdu->securityStateRef;
+ int ret = 0;
+
+ if (!ref)
+ return ret;
+
+ if (pdu->command == SNMP_MSG_TRAP2) {
+ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
+ ret = usm_clone_usmStateReference(ref, new_ref);
+ } else {
+ netsnmp_assert(ref == *new_ref);
+ ref->refcnt++;
+ }
+
+ return ret;
+}
+
void
usm_free_usmStateReference(void *old)
{
- struct usmStateReference *old_ref = (struct usmStateReference *) old;
+ struct usmStateReference *ref = old;
- if (old_ref) {
+ if (!ref)
+ return;
- if (old_ref->usr_name_length)
- SNMP_FREE(old_ref->usr_name);
- if (old_ref->usr_engine_id_length)
- SNMP_FREE(old_ref->usr_engine_id);
- if (old_ref->usr_auth_protocol_length)
- SNMP_FREE(old_ref->usr_auth_protocol);
- if (old_ref->usr_priv_protocol_length)
- SNMP_FREE(old_ref->usr_priv_protocol);
-
- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
- SNMP_FREE(old_ref->usr_auth_key);
- }
- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
- SNMP_FREE(old_ref->usr_priv_key);
- }
+ if (--ref->refcnt > 0)
+ return;
- SNMP_ZERO(old_ref, sizeof(*old_ref));
- SNMP_FREE(old_ref);
+ SNMP_FREE(ref->usr_name);
+ SNMP_FREE(ref->usr_engine_id);
+ SNMP_FREE(ref->usr_auth_protocol);
+ SNMP_FREE(ref->usr_priv_protocol);
+ if (ref->usr_auth_key_length && ref->usr_auth_key) {
+ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
+ SNMP_FREE(ref->usr_auth_key);
+ }
+ if (ref->usr_priv_key_length && ref->usr_priv_key) {
+ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
+ SNMP_FREE(ref->usr_priv_key);
}
+ SNMP_FREE(ref);
} /* end usm_free_usmStateReference() */
struct usmUser *
@@ -3316,6 +3337,7 @@ init_usm(void)
def->encode_reverse = usm_secmod_rgenerate_out_msg;
def->encode_forward = usm_secmod_generate_out_msg;
def->decode = usm_secmod_process_in_msg;
+ def->pdu_clone = usm_clone;
def->pdu_free_state_ref = usm_free_usmStateReference;
def->session_setup = usm_session_init;
def->handle_report = usm_handle_report;

84
SOURCES/net-snmp-5.8-sec-memory-leak.patch Normal file
View File

@ -0,0 +1,84 @@
diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
--- a/agent/snmp_agent.c 2020-06-11 10:20:31.646339191 +0200
+++ b/agent/snmp_agent.c 2020-06-11 10:23:41.178056889 +0200
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
- /* Clean up securityStateRef here to prevent a double free */
- if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
- snmp_free_securityStateRef(asp->orig_pdu);
- if (asp->pdu && asp->pdu->securityStateRef)
- snmp_free_securityStateRef(asp->pdu);
-
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
--- a/include/net-snmp/pdu_api.h 2020-06-11 10:20:31.631339058 +0200
+++ b/include/net-snmp/pdu_api.h 2020-06-11 10:24:17.261390028 +0200
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
-NETSNMP_IMPORT
-void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-06-11 10:20:31.695339627 +0200
+++ b/snmplib/snmp_api.c 2020-06-11 10:33:55.510891945 +0200
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
-/*
- * This function is here to provide a separate call to
- * free the securityStateRef memory. This is needed to prevent
- * a double free if this memory is freed in snmp_free_pdu.
- */
-void
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
-{
- free_securityStateRef(pdu);
-}
-
#define ERROR_STAT_LENGTH 11
int
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
if (!pdu)
return;
+ free_securityStateRef(pdu);
+
/*
* If the command field is empty, that probably indicates
* that this PDU structure has already been freed.
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
}
if (ret != SNMP_ERR_NOERROR) {
- /*
- * Call the security model to free any securityStateRef supplied w/ msg.
- */
- if (pdu->securityStateRef != NULL) {
- free_securityStateRef(pdu);
- }
snmp_free_pdu(pdu);
return NULL;
}
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
}
}
- /*
- * Call USM to free any securityStateRef supplied with the message.
- */
- if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
- free_securityStateRef(pdu);
-
if (!handled) {
if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
return -2;

357
SOURCES/net-snmp-5.8-v3-forward.patch Normal file
View File

@ -0,0 +1,357 @@
diff -urNp c/agent/snmp_agent.c d/agent/snmp_agent.c
--- c/agent/snmp_agent.c 2019-09-18 08:44:53.833601845 +0200
+++ d/agent/snmp_agent.c 2019-09-18 08:46:38.176595597 +0200
@@ -1604,6 +1604,13 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
+
+ /* Clean up securityStateRef here to prevent a double free */
+ if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->orig_pdu);
+ if (asp->pdu && asp->pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->pdu);
+
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp c/include/net-snmp/pdu_api.h d/include/net-snmp/pdu_api.h
--- c/include/net-snmp/pdu_api.h 2019-09-18 08:44:53.822601740 +0200
+++ d/include/net-snmp/pdu_api.h 2019-09-18 08:47:03.620838212 +0200
@@ -19,6 +19,8 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
+NETSNMP_IMPORT
+void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp c/snmplib/snmp_api.c d/snmplib/snmp_api.c
--- c/snmplib/snmp_api.c 2019-09-18 08:44:53.807601597 +0200
+++ d/snmplib/snmp_api.c 2019-09-18 08:53:19.937435576 +0200
@@ -4012,7 +4012,12 @@ snmpv3_parse(netsnmp_pdu *pdu,
static void
free_securityStateRef(netsnmp_pdu* pdu)
{
- struct snmp_secmod_def *sptr = find_sec_mod(pdu->securityModel);
+ struct snmp_secmod_def *sptr;
+
+ if(!pdu->securityStateRef)
+ return;
+
+ sptr = find_sec_mod(pdu->securityModel);
if (sptr) {
if (sptr->pdu_free_state_ref) {
(*sptr->pdu_free_state_ref) (pdu->securityStateRef);
@@ -4029,6 +4034,17 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
+/*
+ * This function is here to provide a separate call to
+ * free the securityStateRef memory. This is needed to prevent
+ * a double free if this memory is freed in snmp_free_pdu.
+ */
+void
+snmp_free_securityStateRef(netsnmp_pdu* pdu)
+{
+ free_securityStateRef(pdu);
+}
+
#define ERROR_STAT_LENGTH 11
int
diff -urNp c/snmplib/snmpusm.c d/snmplib/snmpusm.c
--- c/snmplib/snmpusm.c 2019-09-18 08:44:53.802601550 +0200
+++ d/snmplib/snmpusm.c 2019-09-18 08:57:35.696872662 +0200
@@ -299,16 +299,20 @@ usm_free_usmStateReference(void *old)
if (old_ref) {
- SNMP_FREE(old_ref->usr_name);
- SNMP_FREE(old_ref->usr_engine_id);
- SNMP_FREE(old_ref->usr_auth_protocol);
- SNMP_FREE(old_ref->usr_priv_protocol);
+ if (old_ref->usr_name_length)
+ SNMP_FREE(old_ref->usr_name);
+ if (old_ref->usr_engine_id_length)
+ SNMP_FREE(old_ref->usr_engine_id);
+ if (old_ref->usr_auth_protocol_length)
+ SNMP_FREE(old_ref->usr_auth_protocol);
+ if (old_ref->usr_priv_protocol_length)
+ SNMP_FREE(old_ref->usr_priv_protocol);
- if (old_ref->usr_auth_key) {
+ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
SNMP_FREE(old_ref->usr_auth_key);
}
- if (old_ref->usr_priv_key) {
+ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
SNMP_FREE(old_ref->usr_priv_key);
}
@@ -1039,7 +1043,6 @@ usm_generate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1091,7 +1094,6 @@ usm_generate_out_msg(int msgProcModel,
thePrivProtocolLength) == 1) {
DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1121,7 +1123,6 @@ usm_generate_out_msg(int msgProcModel,
&msgAuthParmLen, &msgPrivParmLen, &otstlen,
&seq_len, &msgSecParmLen) == -1) {
DEBUGMSGTL(("usm", "Failed calculating offsets.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1143,7 +1144,6 @@ usm_generate_out_msg(int msgProcModel,
ptr = *wholeMsg = globalData;
if (theTotalLength > *wholeMsgLen) {
DEBUGMSGTL(("usm", "Message won't fit in buffer.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1169,7 +1169,6 @@ usm_generate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
&ptr[privParamsOffset]) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1185,7 +1184,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[privParamsOffset])
== -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1198,7 +1196,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[dataOffset], &encrypted_length)
!= SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
#ifdef NETSNMP_ENABLE_TESTING_CODE
@@ -1226,7 +1223,6 @@ usm_generate_out_msg(int msgProcModel,
if ((encrypted_length != (theTotalLength - dataOffset))
|| (salt_length != msgPrivParmLen)) {
DEBUGMSGTL(("usm", "encryption length error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1362,7 +1358,6 @@ usm_generate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1376,7 +1371,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1384,7 +1378,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1398,7 +1391,6 @@ usm_generate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
@@ -1548,7 +1540,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1601,7 +1592,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1636,7 +1626,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm",
"couldn't malloc %d bytes for encrypted PDU\n",
(int)ciphertextlen));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_MALLOC;
}
@@ -1652,7 +1641,6 @@ usm_rgenerate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
iv) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1667,7 +1655,6 @@ usm_rgenerate_out_msg(int msgProcModel,
thePrivKeyLength - 8,
iv) == -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1686,7 +1673,6 @@ usm_rgenerate_out_msg(int msgProcModel,
scopedPdu, scopedPduLen,
ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1703,7 +1689,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ciphertext, ciphertextlen);
if (rc == 0) {
DEBUGMSGTL(("usm", "Encryption failed.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1743,7 +1728,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building privParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1766,7 +1750,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1789,7 +1772,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1805,7 +1787,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineTime failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1821,7 +1802,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineBoots failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1833,7 +1813,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1846,7 +1825,6 @@ usm_rgenerate_out_msg(int msgProcModel,
*offset - sp_offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building usm security parameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1860,7 +1838,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1870,7 +1847,6 @@ usm_rgenerate_out_msg(int msgProcModel,
while ((*wholeMsgLen - *offset) < globalDataLen) {
if (!asn_realloc(wholeMsg, wholeMsgLen)) {
DEBUGMSGTL(("usm", "building global data failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
}
@@ -1886,7 +1862,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ASN_CONSTRUCTOR), *offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building master packet sequence failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1904,7 +1879,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1915,14 +1889,12 @@ usm_rgenerate_out_msg(int msgProcModel,
!= SNMP_ERR_NOERROR) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
if (temp_sig_len != msgAuthParmLen) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1933,7 +1905,6 @@ usm_rgenerate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
return SNMPERR_SUCCESS;
} /* end usm_rgenerate_out_msg() */

2
SOURCES/snmpd.service
View File

@ -1,6 +1,6 @@
[Unit]
Description=Simple Network Management Protocol (SNMP) Daemon.
After=syslog.target network.target
After=syslog.target network-online.target
[Service]
Type=notify

2
SOURCES/snmptrapd.service
View File

@ -1,6 +1,6 @@
[Unit]
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
After=syslog.target network.target
After=syslog.target network-online.target
[Service]
Type=notify

52
SPECS/net-snmp.spec
View File

@ -10,7 +10,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.8
Release: 12%{?dist}
Release: 15%{?dist}
Epoch: 1
License: BSD
@ -44,6 +44,19 @@ Patch15: net-snmp-5.8-ipv6-clientaddr.patch
Patch16: net-snmp-5.8-agent-of-death.patch
Patch17: net-snmp-5.8-trapsink.patch
Patch18: net-snmp-5.8-flood-messages.patch
Patch19: net-snmp-5.8-v3-forward.patch
Patch20: net-snmp-5.8-sec-counter.patch
Patch21: net-snmp-5.8-proxy-getnext.patch
Patch22: net-snmp-5.8-dskTable-dynamic.patch
Patch23: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch24: net-snmp-5.8-licensing.patch
Patch25: net-snmp-5.8-duplicate-ipAddress.patch
Patch26: net-snmp-5.8-memory-reporting.patch
Patch27: net-snmp-5.8-man-page.patch
Patch28: net-snmp-5.8-ipAddress-faster-load.patch
Patch29: net-snmp-5.8-rpm-memory-leak.patch
Patch30: net-snmp-5.8-sec-memory-leak.patch
Patch31: net-snmp-5.8-aes-config.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
@ -187,6 +200,19 @@ rm -r python
%patch16 -p1 -b .agent-of-death
%patch17 -p1 -b .trapsink
%patch18 -p1 -b .flood-messages
%patch19 -p1 -b .v3-forward
%patch20 -p1 -b .sec-counter
%patch21 -p1 -b .proxy-getnext
%patch22 -p1 -b .dskTable-dynamic
%patch23 -p1 -b .expand-SNMPCONFPATH
%patch24 -p1
%patch25 -p1 -b .duplicate-ipAddress
%patch26 -p1 -b .memory-reporting
%patch27 -p1 -b .man-page
%patch28 -p1 -b .ipAddress-faster-load
%patch29 -p1 -b .rpm-memory-leak
%patch30 -p1 -b .sec-memory-leak
%patch31 -p1 -b .aes-config
%patch101 -p1 -b .modern-rpm-api
@ -216,13 +242,14 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
%configure \
--disable-static --enable-shared \
--enable-as-needed \
--enable-blumenthal-aes \
--enable-embedded-perl \
--enable-ipv6 \
--enable-local-smux \
--enable-mfd-rewrites \
--enable-ucd-snmp-compatibility \
--sysconfdir=%{_sysconfdir} \
--with-cflags="$RPM_OPT_FLAGS -D_RPM_4_4_COMPAT" \
--with-cflags="$RPM_OPT_FLAGS" \
--with-ldflags="-Wl,-z,relro -Wl,-z,now" \
--with-logfile="/var/log/snmpd.log" \
--with-mib-modules="$MIBS" \
@ -440,6 +467,27 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
* Wed Jun 10 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-15
- proxied OIDs unspecified in proxy statement in snmpd.conf (#1658134)
- UCD-SNMP-MIB::dskTable doesn't update dynamically (#1658185)
- expand SNMPCONFPATH variable (#1660146)
- remove file with Apple license (#1690936)
- log meningful message on duplicate IP address (#1692286)
- memory reporting adjustment (#1695497 and #1766521)
- fix typos in man page (#1700262)
- speedup ipAddressTable loading(#1700391)
- fix memory leak when shut down librpm (#1763008)
- services starts after network-online.target (#1775304)
- add missing part of memory leak patch (#1829860)
- add support for AES192 and AES256 (#1846252)
* Mon Mar 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-14
- fix double free or corruption error when freeing security context (#1809077)
- remove deprecated CFLAG
* Mon Feb 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-13
- fix double free or corruption error (#1726373)
* Wed Nov 06 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-12
- fix tmpfiles path (#1710784)