import net-snmp-5.8-18.el8_3.1
This commit is contained in:
parent
102cd86e60
commit
d21b2d74cd
70
SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch
Normal file
70
SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch
Normal file
@ -0,0 +1,70 @@
|
||||
diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c
|
||||
--- old/agent/mibgroup/agent/extend.c 2020-11-11 12:41:46.377115142 +0100
|
||||
+++ new/agent/mibgroup/agent/extend.c 2020-11-11 12:50:28.047142105 +0100
|
||||
@@ -16,6 +16,12 @@
|
||||
#define SHELLCOMMAND 3
|
||||
#endif
|
||||
|
||||
+/* This mib is potentially dangerous to turn on by default, since it
|
||||
+ * allows arbitrary commands to be set by anyone with SNMP WRITE
|
||||
+ * access to the MIB table. If all of your users are "root" level
|
||||
+ * users, then it may be safe to turn on. */
|
||||
+#define ENABLE_EXTEND_WRITE_ACCESS 0
|
||||
+
|
||||
netsnmp_feature_require(extract_table_row_data)
|
||||
netsnmp_feature_require(table_data_delete_table)
|
||||
#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
|
||||
*
|
||||
**********/
|
||||
|
||||
-#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
|
||||
case MODE_SET_RESERVE1:
|
||||
/*
|
||||
* Validate the new assignments
|
||||
@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
|
||||
}
|
||||
}
|
||||
break;
|
||||
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
|
||||
+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
|
||||
|
||||
default:
|
||||
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
|
||||
@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
|
||||
}
|
||||
}
|
||||
|
||||
-#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
|
||||
/*
|
||||
* If we're marking a given row as active,
|
||||
* then we need to check that it's ready.
|
||||
@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
|
||||
}
|
||||
}
|
||||
}
|
||||
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
|
||||
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
|
||||
|
||||
return SNMP_ERR_NOERROR;
|
||||
}
|
||||
@@ -1571,7 +1577,7 @@ fixExec2Error(int action,
|
||||
idx = name[name_len-1] -1;
|
||||
exten = &compatability_entries[ idx ];
|
||||
|
||||
-#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
|
||||
switch (action) {
|
||||
case MODE_SET_RESERVE1:
|
||||
if (var_val_type != ASN_INTEGER) {
|
||||
@@ -1592,7 +1598,7 @@ fixExec2Error(int action,
|
||||
case MODE_SET_COMMIT:
|
||||
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
|
||||
}
|
||||
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
|
||||
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
|
||||
return SNMP_ERR_NOERROR;
|
||||
}
|
||||
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */
|
51
SOURCES/net-snmp-5.8-bulk.patch
Normal file
51
SOURCES/net-snmp-5.8-bulk.patch
Normal file
@ -0,0 +1,51 @@
|
||||
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
|
||||
--- a/snmplib/snmp_api.c 2020-09-29 14:08:09.821479662 +0200
|
||||
+++ b/snmplib/snmp_api.c 2020-10-01 10:15:46.607374362 +0200
|
||||
@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session
|
||||
session->retries = SNMP_DEFAULT_RETRIES;
|
||||
session->version = SNMP_DEFAULT_VERSION;
|
||||
session->securityModel = SNMP_DEFAULT_SECMODEL;
|
||||
- session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
|
||||
+ session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
|
||||
session->sndMsgMaxSize = netsnmp_max_send_msg_size();
|
||||
session->flags |= SNMP_FLAGS_DONT_PROBE;
|
||||
}
|
||||
@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
|
||||
/*
|
||||
* build a scopedPDU structure into spdu_buf
|
||||
*/
|
||||
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
|
||||
+ spdu_buf_len = sizeof(spdu_buf);
|
||||
DEBUGDUMPSECTION("send", "ScopedPdu");
|
||||
cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
|
||||
&spdu_hdr_e);
|
||||
@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
|
||||
*/
|
||||
DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
|
||||
if (pdu_data) {
|
||||
+ if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
|
||||
+ snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
|
||||
+ __func__, pdu_data_len, sizeof(spdu_buf));
|
||||
+ return -1;
|
||||
+ }
|
||||
memcpy(cp, pdu_data, pdu_data_len);
|
||||
cp += pdu_data_len;
|
||||
} else {
|
||||
@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
|
||||
* re-encode the actual ASN.1 length of the scopedPdu
|
||||
*/
|
||||
spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
|
||||
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
|
||||
+ spdu_buf_len = sizeof(spdu_buf);
|
||||
if (asn_build_sequence(spdu_buf, &spdu_buf_len,
|
||||
(u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
|
||||
spdu_len) == NULL)
|
||||
@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
|
||||
* message - the entire message to transmitted on the wire is returned
|
||||
*/
|
||||
cp = NULL;
|
||||
- *out_length = SNMP_MAX_MSG_SIZE;
|
||||
+ *out_length = sizeof(spdu_buf);
|
||||
DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
|
||||
sptr = find_sec_mod(pdu->securityModel);
|
||||
if (sptr && sptr->encode_forward) {
|
@ -10,7 +10,7 @@
|
||||
Summary: A collection of SNMP protocol tools and libraries
|
||||
Name: net-snmp
|
||||
Version: 5.8
|
||||
Release: 17%{?dist}
|
||||
Release: 18%{?dist}.1
|
||||
Epoch: 1
|
||||
|
||||
License: BSD
|
||||
@ -56,6 +56,8 @@ Patch27: net-snmp-5.8-ipAddress-faster-load.patch
|
||||
Patch28: net-snmp-5.8-rpm-memory-leak.patch
|
||||
Patch29: net-snmp-5.8-sec-memory-leak.patch
|
||||
Patch30: net-snmp-5.8-aes-config.patch
|
||||
Patch31: net-snmp-5.7.2-CVE-2020-15862.patch
|
||||
Patch32: net-snmp-5.8-bulk.patch
|
||||
|
||||
# Modern RPM API means at least EL6
|
||||
Patch101: net-snmp-5.8-modern-rpm-api.patch
|
||||
@ -211,6 +213,8 @@ rm -r python
|
||||
%patch28 -p1 -b .rpm-memory-leak
|
||||
%patch29 -p1 -b .sec-memory-leak
|
||||
%patch30 -p1 -b .aes-config
|
||||
%patch31 -p1 -b .CVE-2020-15862
|
||||
%patch32 -p1 -b .bulk
|
||||
|
||||
%patch101 -p1 -b .modern-rpm-api
|
||||
|
||||
@ -389,8 +393,8 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
|
||||
%doc README.thread AGENT.txt PORTING local/README.mib2c
|
||||
%doc IETF-MIB-LICENSE.txt
|
||||
%dir %{_sysconfdir}/snmp
|
||||
%config(noreplace) %attr(0650,root,root) %{_sysconfdir}/snmp/snmpd.conf
|
||||
%config(noreplace) %attr(0650,root,root) %{_sysconfdir}/snmp/snmptrapd.conf
|
||||
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmpd.conf
|
||||
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmptrapd.conf
|
||||
%{_bindir}/snmpconf
|
||||
%{_bindir}/net-snmp-create-v3-user
|
||||
%{_sbindir}/*
|
||||
@ -465,6 +469,13 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
|
||||
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
|
||||
|
||||
%changelog
|
||||
* Tue Dec 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18.1
|
||||
- revert permission of config files to 600 (#1902662)
|
||||
|
||||
* Wed Nov 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18
|
||||
- fix CVE-2020-15862 (#1886100)
|
||||
- fix bulk responses for invalid PID (#1896760)
|
||||
|
||||
* Tue Aug 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
|
||||
- add math library in LDFLAGS (#1846252)
|
||||
|
||||
@ -524,7 +535,7 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
|
||||
|
||||
* Mon Aug 13 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
|
||||
- fix default configuration file (#1589480 and #1594147)
|
||||
- modify permissions for /var/log files (#1601060)
|
||||
- modify permissions for config files (#1601060)
|
||||
|
||||
* Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
|
||||
- remove python package and update to the last upstream version (#1584510)
|
||||
|
Loading…
Reference in New Issue
Block a user