diff --git a/.net-snmp.metadata b/.net-snmp.metadata index 6435577..557c391 100644 --- a/.net-snmp.metadata +++ b/.net-snmp.metadata @@ -1 +1 @@ -78f70731df9dcdb13fe8f60eb7d80d7583da4d2c SOURCES/net-snmp-5.8.tar.gz +81654b086af051edbe7e03ba49672aa0c2ab1d38 SOURCES/net-snmp-5.8.tar.gz diff --git a/SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch b/SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch new file mode 100644 index 0000000..394c714 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch @@ -0,0 +1,70 @@ +diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c +--- old/agent/mibgroup/agent/extend.c 2020-11-11 12:41:46.377115142 +0100 ++++ new/agent/mibgroup/agent/extend.c 2020-11-11 12:50:28.047142105 +0100 +@@ -16,6 +16,12 @@ + #define SHELLCOMMAND 3 + #endif + ++/* This mib is potentially dangerous to turn on by default, since it ++ * allows arbitrary commands to be set by anyone with SNMP WRITE ++ * access to the MIB table. If all of your users are "root" level ++ * users, then it may be safe to turn on. */ ++#define ENABLE_EXTEND_WRITE_ACCESS 0 ++ + netsnmp_feature_require(extract_table_row_data) + netsnmp_feature_require(table_data_delete_table) + #ifndef NETSNMP_NO_WRITE_SUPPORT +@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h + * + **********/ + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + case MODE_SET_RESERVE1: + /* + * Validate the new assignments +@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h + } + } + break; +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */ + + default: + netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR); +@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h + } + } + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + /* + * If we're marking a given row as active, + * then we need to check that it's ready. +@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h + } + } + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + + return SNMP_ERR_NOERROR; + } +@@ -1571,7 +1577,7 @@ fixExec2Error(int action, + idx = name[name_len-1] -1; + exten = &compatability_entries[ idx ]; + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + switch (action) { + case MODE_SET_RESERVE1: + if (var_val_type != ASN_INTEGER) { +@@ -1592,7 +1598,7 @@ fixExec2Error(int action, + case MODE_SET_COMMIT: + netsnmp_cache_check_and_reload( exten->efix_entry->cache ); + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + return SNMP_ERR_NOERROR; + } + #endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */ diff --git a/SOURCES/net-snmp-5.8-asn-parse-nlength.patch b/SOURCES/net-snmp-5.8-asn-parse-nlength.patch new file mode 100644 index 0000000..23823f5 --- /dev/null +++ b/SOURCES/net-snmp-5.8-asn-parse-nlength.patch @@ -0,0 +1,86 @@ +From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Mon, 4 Jan 2021 12:21:59 -0800 +Subject: [PATCH] libsnmp: Fix asn_parse_nlength() + +Handle length zero correctly. + +Fixes: https://github.com/net-snmp/net-snmp/issues/253 +Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths") +--- + snmplib/asn1.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/snmplib/asn1.c b/snmplib/asn1.c +index e983500e7..33c272768 100644 +--- a/snmplib/asn1.c ++++ b/snmplib/asn1.c +@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len) + * long length; first byte is length of length (after masking high bit) + */ + len_len = (int) ((*pkt & ~0x80) + 1); +- if ((int) pkt_len <= len_len ) ++ if (pkt_len < len_len) + return NULL; /* still too short for length and data */ + + /* now we know we have enough data to parse length */ +From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Mon, 4 Jan 2021 10:00:33 -0800 +Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this + test + +Add a reproducer for the bug fixed by the previous patch. +--- + .../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++ + 1 file changed, 41 insertions(+) + create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c + +diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c +new file mode 100644 +index 000000000..5c21ccdc7 +--- /dev/null ++++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c +@@ -0,0 +1,41 @@ ++/* HEADER Parsing of an SNMP trap with no varbinds */ ++netsnmp_pdu pdu; ++int rc; ++static u_char trap_pdu[] = { ++ /* Sequence with length of 0x2d = 45 bytes. */ ++ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d, ++ /* version = INTEGER 0 */ ++ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00, ++ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */ ++ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75, ++ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63, ++ /* SNMP_MSG_TRAP; 32 bytes. */ ++ [15] = 0xa4, [16] = 0x20, ++ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */ ++ [17] = 0x06, [18] = 0x08, ++ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06, ++ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05, ++ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */ ++ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8, ++ [31] = 0x01, [32] = 0x22, ++ /* generic-trap = INTEGER 0 */ ++ [33] = 0x02, [34] = 0x01, [35] = 0x00, ++ /* specific-trap = INTEGER 0 */ ++ [36] = 0x02, [37] = 0x01, [38] = 0x00, ++ /* ASN_TIMETICKS 0x117f243a */ ++ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f, ++ [43] = 0x24, [44] = 0x3a, ++ /* varbind list */ ++ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00, ++}; ++static size_t trap_pdu_length = sizeof(trap_pdu); ++netsnmp_session session; ++ ++snmp_set_do_debugging(TRUE); ++debug_register_tokens("dumpv_recv,dumpv_send,asn,recv"); ++memset(&session, 0, sizeof(session)); ++snmp_sess_init(&session); ++memset(&pdu, 0, sizeof(pdu)); ++rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length); ++ ++OKF((rc == 0), ("Parsing of a trap PDU")); + diff --git a/SOURCES/net-snmp-5.8-bulk.patch b/SOURCES/net-snmp-5.8-bulk.patch new file mode 100644 index 0000000..6e0a563 --- /dev/null +++ b/SOURCES/net-snmp-5.8-bulk.patch @@ -0,0 +1,51 @@ +diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c +--- a/snmplib/snmp_api.c 2020-09-29 14:08:09.821479662 +0200 ++++ b/snmplib/snmp_api.c 2020-10-01 10:15:46.607374362 +0200 +@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session + session->retries = SNMP_DEFAULT_RETRIES; + session->version = SNMP_DEFAULT_VERSION; + session->securityModel = SNMP_DEFAULT_SECMODEL; +- session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE; ++ session->rcvMsgMaxSize = netsnmp_max_send_msg_size(); + session->sndMsgMaxSize = netsnmp_max_send_msg_size(); + session->flags |= SNMP_FLAGS_DONT_PROBE; + } +@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se + /* + * build a scopedPDU structure into spdu_buf + */ +- spdu_buf_len = SNMP_MAX_MSG_SIZE; ++ spdu_buf_len = sizeof(spdu_buf); + DEBUGDUMPSECTION("send", "ScopedPdu"); + cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len, + &spdu_hdr_e); +@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se + */ + DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00)); + if (pdu_data) { ++ if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) { ++ snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n", ++ __func__, pdu_data_len, sizeof(spdu_buf)); ++ return -1; ++ } + memcpy(cp, pdu_data, pdu_data_len); + cp += pdu_data_len; + } else { +@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se + * re-encode the actual ASN.1 length of the scopedPdu + */ + spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */ +- spdu_buf_len = SNMP_MAX_MSG_SIZE; ++ spdu_buf_len = sizeof(spdu_buf); + if (asn_build_sequence(spdu_buf, &spdu_buf_len, + (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR), + spdu_len) == NULL) +@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se + * message - the entire message to transmitted on the wire is returned + */ + cp = NULL; +- *out_length = SNMP_MAX_MSG_SIZE; ++ *out_length = sizeof(spdu_buf); + DEBUGDUMPSECTION("send", "SM msgSecurityParameters"); + sptr = find_sec_mod(pdu->securityModel); + if (sptr && sptr->encode_forward) { diff --git a/SOURCES/net-snmp-5.8-clientaddr-error-message.patch b/SOURCES/net-snmp-5.8-clientaddr-error-message.patch new file mode 100644 index 0000000..c423f21 --- /dev/null +++ b/SOURCES/net-snmp-5.8-clientaddr-error-message.patch @@ -0,0 +1,35 @@ +diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c +--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100 ++++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100 +@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M + "No error", /* SNMPERR_SUCCESS */ + "Generic error", /* SNMPERR_GENERR */ + "Invalid local port", /* SNMPERR_BAD_LOCPORT */ +- "Unknown host", /* SNMPERR_BAD_ADDRESS */ ++ "Invalid address", /* SNMPERR_BAD_ADDRESS */ + "Unknown session", /* SNMPERR_BAD_SESSION */ + "Too long", /* SNMPERR_TOO_LONG */ + "No socket", /* SNMPERR_NO_SOCKET */ +@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session) + DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n")); + in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS; + in_session->s_errno = errno; +- snmp_set_detail(in_session->peername); ++ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, ++ NETSNMP_DS_LIB_CLIENT_ADDR)) ++ snmp_set_detail(in_session->peername); + return NULL; + } + +diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c +--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100 ++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100 +@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn + DEBUGMSGTL(("netsnmp_udpbase", + "failed to bind for clientaddr: %d %s\n", + errno, strerror(errno))); ++ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n", ++ strerror(errno))); + netsnmp_socketbase_close(t); + return 1; + } diff --git a/SOURCES/net-snmp-5.8-empty-passphrase.patch b/SOURCES/net-snmp-5.8-empty-passphrase.patch new file mode 100644 index 0000000..deb0388 --- /dev/null +++ b/SOURCES/net-snmp-5.8-empty-passphrase.patch @@ -0,0 +1,30 @@ +From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001 +From: Josef Ridky +Date: Wed, 18 Nov 2020 20:54:34 -0800 +Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly + +See also https://github.com/net-snmp/net-snmp/issues/86. + +Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line") +Reported-by: Chris Cheney +--- + net-snmp-create-v3-user.in | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in +index 452c2699d..31b4c58c1 100644 +--- a/net-snmp-create-v3-user.in ++++ b/net-snmp-create-v3-user.in +@@ -120,7 +120,11 @@ fi + fi + outdir="@PERSISTENT_DIRECTORY@" + outfile="$outdir/snmpd.conf" +-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\"" ++if test "x$xpassphrase" = "x" ; then ++ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm" ++else ++ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\"" ++fi + echo "adding the following line to $outfile:" + echo " " $line + # in case it hasn't ever been started yet, start it. diff --git a/SOURCES/net-snmp-5.8-ipv6-disabled.patch b/SOURCES/net-snmp-5.8-ipv6-disabled.patch new file mode 100644 index 0000000..824c09c --- /dev/null +++ b/SOURCES/net-snmp-5.8-ipv6-disabled.patch @@ -0,0 +1,31 @@ +diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c +--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-09-29 14:08:09.742478965 +0200 ++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-10-01 14:20:25.575174851 +0200 +@@ -19,6 +19,7 @@ + + #include + #include ++#include + + netsnmp_feature_require(prefix_info) + netsnmp_feature_require(find_prefix_info) +@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i + + #define PROCFILE "/proc/net/if_inet6" + if (!(in = fopen(PROCFILE, "r"))) { +- NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE)); ++ ++ /* ++ * If PROCFILE exists, but isn't readable, file ERROR message. ++ * Otherwise log nothing, due of IPv6 support on this machine is ++ * intentionaly disabled/unavailable. ++ */ ++ ++ struct stat filestat; ++ ++ if(stat(PROCFILE, &filestat) == 0){ ++ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE)); ++ } + return -2; + } + diff --git a/SOURCES/net-snmp-5.8-licensing.patch b/SOURCES/net-snmp-5.8-licensing.patch deleted file mode 100644 index 4ff900d..0000000 --- a/SOURCES/net-snmp-5.8-licensing.patch +++ /dev/null @@ -1,500 +0,0 @@ -diff -ruNp a/agent/mibgroup/host/data_access/swrun_darwin.c b/agent/mibgroup/host/data_access/swrun_darwin.c ---- a/agent/mibgroup/host/data_access/swrun_darwin.c 2020-06-10 09:56:52.517606921 +0200 -+++ b/agent/mibgroup/host/data_access/swrun_darwin.c 1970-01-01 01:00:00.000000000 +0100 -@@ -1,496 +0,0 @@ --/* -- * swrun_darwin.c: -- * hrSWRunTable data access: -- * Darwin -- */ --/* -- * Copyright (C) 2007 Apple, Inc. All rights reserved. -- * Use is subject to license terms specified in the COPYING file -- * distributed with the Net-SNMP package. -- */ --#include --#include --#include --#include --#include --#include --#include "swrun_private.h" -- --#include --#include -- --#include --#include --#include /* for sysctl() and struct kinfo_proc */ -- --#define __APPLE_API_EVOLVING 1 --#include /* or else CoreFoundation.h barfs */ --#undef __APPLE_API_EVOLVING -- --#include --#include --#include --#include --#include --#include --#include -- --/** sigh... can't find Processes.h */ --#ifndef kProcessDictionaryIncludeAllInformationMask --#define kProcessDictionaryIncludeAllInformationMask (long)0xFFFFFFFF --#endif --#ifndef procNotFound --#define procNotFound -600 --#endif -- --/* --------------------------------------------------------------------- -- */ --static int _kern_argmax; --static int _set_command_name(netsnmp_swrun_entry *entry); -- --/** avoid kernel bug in 10.2. 8192 oughta be enough anyways, right? */ --#define MAX_KERN_ARGMAX 8192 -- --/* --------------------------------------------------------------------- -- */ --void --netsnmp_arch_swrun_init(void) --{ -- int mib[2] = { CTL_KERN, KERN_ARGMAX }; -- size_t size, mib_size = sizeof(mib)/sizeof(mib[0]); -- -- DEBUGMSGTL(("swrun:load:arch","init\n")); -- -- size = sizeof(_kern_argmax); -- if (sysctl(mib, mib_size, &_kern_argmax, &size, NULL, 0) == -1) { -- snmp_log(LOG_ERR, "Error in ARGMAX sysctl(): %s", strerror(errno)); -- _kern_argmax = MAX_KERN_ARGMAX; -- } -- else if (_kern_argmax > MAX_KERN_ARGMAX) { -- DEBUGMSGTL(("swrun:load:arch", -- "artificially limiting ARGMAX to %d (from %d)\n", -- MAX_KERN_ARGMAX, _kern_argmax)); -- _kern_argmax = MAX_KERN_ARGMAX; -- } -- -- --} -- --/* --------------------------------------------------------------------- -- */ --#define SWRUNINDENT " " --int --netsnmp_arch_swrun_container_load( netsnmp_container *container, u_int flags) --{ -- int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL}; -- size_t buf_size, mib_size = sizeof(mib)/sizeof(mib[0]); -- struct kinfo_proc *processes = NULL; -- struct proc_taskallinfo taskinfo; -- netsnmp_swrun_entry *entry; -- int rc, num_entries, i; -- -- DEBUGMSGTL(("swrun:load:arch"," load\n")); -- -- /* -- * get size to allocate. This introduces a bit of a race condition, -- * as the size could change between this call and the next... -- */ -- rc = sysctl(mib, mib_size, NULL, &buf_size, NULL, 0); -- if (rc < 0) { -- snmp_log(LOG_ERR, "KERN_PROC_ALL size sysctl failed: %d\n", rc); -- return -1; -- } -- -- processes = (struct kinfo_proc*) malloc(buf_size); -- if (NULL == processes) { -- snmp_log(LOG_ERR, "malloc failed\n"); -- return -1; -- } -- -- rc = sysctl(mib, mib_size, processes, &buf_size, NULL, 0); -- if (rc < 0) { -- snmp_log(LOG_ERR, "KERN_PROC_ALL sysctl failed: %d\n", rc); -- free(processes); -- return -1; -- } -- -- num_entries = buf_size / sizeof(struct kinfo_proc); -- -- for (i = 0; i < num_entries; i++) { -- /* -- * skip empty names. -- * p_stat = (SIDL|SRUN|SSLEEP|SSTOP|SZOMB) -- */ -- if (('\0' == processes[i].kp_proc.p_comm[0]) || -- (0 == processes[i].kp_proc.p_pid)) { -- DEBUGMSGTL(("swrun:load:arch", -- " skipping p_comm '%s', pid %5d, p_pstat %d\n", -- processes[i].kp_proc.p_comm ? -- processes[i].kp_proc.p_comm : "NULL", -- processes[i].kp_proc.p_pid, -- processes[i].kp_proc.p_stat)); -- continue; -- } -- -- DEBUGMSGTL(("swrun:load:arch"," %s pid %5d\n", -- processes[i].kp_proc.p_comm, -- processes[i].kp_proc.p_pid)); -- -- entry = netsnmp_swrun_entry_create(processes[i].kp_proc.p_pid); -- if (NULL == entry) -- continue; /* error already logged by function */ -- rc = CONTAINER_INSERT(container, entry); -- -- /* -- * p_comm is a partial name, but it is all we have at this point. -- */ -- entry->hrSWRunName_len = snprintf(entry->hrSWRunName, -- sizeof(entry->hrSWRunName)-1, -- "%s", processes[i].kp_proc.p_comm); -- -- /** sysctl for name, path, params */ -- rc = _set_command_name(entry); -- -- /* -- * map p_stat to RunStatus. Odd that there is no 'running' status. -- */ -- switch(processes[i].kp_proc.p_stat) { -- case SRUN: -- entry->hrSWRunStatus = HRSWRUNSTATUS_RUNNABLE; -- break; -- case SSLEEP: -- case SSTOP: -- entry->hrSWRunStatus = HRSWRUNSTATUS_NOTRUNNABLE; -- break; -- case SIDL: -- case SZOMB: -- default: -- entry->hrSWRunStatus = HRSWRUNSTATUS_INVALID; -- break; -- } -- -- /* -- * check for system processes -- */ -- if (P_SYSTEM & processes[i].kp_proc.p_flag) { -- entry->hrSWRunType = HRSWRUNTYPE_OPERATINGSYSTEM; -- DEBUGMSGTL(("swrun:load:arch", SWRUNINDENT "SYSTEM\n")); -- } -- else entry->hrSWRunType = HRSWRUNTYPE_APPLICATION; -- -- /* -- * get mem size, run time -- */ -- rc = proc_pidinfo( processes[i].kp_proc.p_pid, PROC_PIDTASKALLINFO, 0, -- &taskinfo, sizeof(taskinfo)); -- if (sizeof(taskinfo) != rc) { -- DEBUGMSGTL(("swrun:load:arch", " proc_pidinfo returned %d\n", rc)); -- } -- else { -- uint64_t task_mem = taskinfo.ptinfo.pti_resident_size / 1024; -- union { -- u_quad_t uq; /* u_int64_t */ -- UnsignedWide uw; /* struct u_int32_t hi/lo */ -- } at, ns; -- at.uq = taskinfo.ptinfo.pti_total_user + -- taskinfo.ptinfo.pti_total_system; -- ns = at; -- ns.uq = ns.uq / 10000000LL; /* nano to deci */ -- if (task_mem > INT32_MAX) { -- DEBUGMSGTL(("swrun:load:arch", SWRUNINDENT "mem overflow\n")); -- task_mem = INT32_MAX; -- } -- if (ns.uq > INT32_MAX) { -- DEBUGMSGTL(("swrun:load:arch", SWRUNINDENT "time overflow\n")); -- ns.uq = INT32_MAX; -- } -- entry->hrSWRunPerfMem = task_mem; -- entry->hrSWRunPerfCPU = ns.uq; -- } -- } -- free(processes); -- -- DEBUGMSGTL(("swrun:load:arch"," loaded %d entries\n", -- (int)CONTAINER_SIZE(container))); -- -- return 0; --} -- --/* --------------------------------------------------------------------- -- * The following code was snagged from Darwin code, and the original -- * file had the following licences: -- */ -- --/* -- * Copyright (c) 2002-2004 Apple Computer, Inc. All rights reserved. -- * -- * @APPLE_LICENSE_HEADER_START@ -- * -- * The contents of this file constitute Original Code as defined in and -- * are subject to the Apple Public Source License Version 1.1 (the -- * "License"). You may not use this file except in compliance with the -- * License. Please obtain a copy of the License at -- * http://www.apple.com/publicsource and read it before using this file. -- * -- * This Original Code and all software distributed under the License are -- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER -- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the -- * License for the specific language governing rights and limitations -- * under the License. -- * -- * @APPLE_LICENSE_HEADER_END@ -- */ --#ifdef JAGUAR /* xxx configure test? */ --static int --_set_command_name_jaguar(netsnmp_swrun_entry *entry) --{ -- int mib[3] = {CTL_KERN, KERN_PROCARGS, 0}; -- size_t procargssize, mib_size = sizeof(mib)/sizeof(mib[0]); -- char *arg_end, *exec_path; -- int *ip; -- int len; -- char *command_beg, *command, *command_end; -- char arg_buf[MAX_KERN_ARGMAX]; /* max to avoid kernel bug */ -- -- DEBUGMSGTL(("swrun:load:arch:_cn"," pid %d\n", entry->hrSWRunIndex)); -- -- mib[2] = entry->hrSWRunIndex; -- -- memset(arg_buf, 0x0, sizeof(arg_buf)); -- procargssize = _kern_argmax; -- if (sysctl(mib, mib_size, arg_buf, &procargssize, NULL, 0) == -1) { -- snmp_log(LOG_ERR, "Error in PROCARGS sysctl() for %s: %s\n", -- entry->hrSWRunName, strerror(errno)); -- entry->hrSWRunPath_len = 0; -- return -1; -- } -- -- /* Set ip just above the end of arg_buf. */ -- arg_end = &arg_buf[procargssize]; -- ip = (int *)arg_end; -- -- /* -- * Skip the last 2 words, since the last is a 0 word, and -- * the second to last may be as well, if there are no -- * arguments. -- */ -- ip -= 3; -- -- /* Iterate down the arguments until a 0 word is found. */ -- for (; *ip != 0; ip--) { -- if (ip == (int *)arg_buf) { -- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected toparg\n")); -- return -1; -- } -- } -- -- /* The saved exec_path is just above the 0 word. */ -- ip++; -- exec_path = (char *)ip; -- DEBUGMSGTL(("swrun:load:arch:_cn"," exec_path %s\n", exec_path)); -- len = strlen(exec_path); -- strlcpy(entry->hrSWRunPath, exec_path, sizeof(entry->hrSWRunPath)); -- if (len > sizeof(entry->hrSWRunPath)-1) { -- DEBUGMSGTL(("swrun:load:arch:_cn"," truncating long run path\n")); -- entry->hrSWRunPath[sizeof(entry->hrSWRunPath)-2] = '$'; -- entry->hrSWRunPath_len = sizeof(entry->hrSWRunPath)-1; -- DEBUGMSGTL(("swrun:load:arch:_cn"," exec_path %s\n", -- entry->hrSWRunPath)); -- } -- else -- entry->hrSWRunPath_len = len; -- -- /* -- * Get the beginning of the first argument. It is word-aligned, -- * so skip padding '\0' bytes. -- */ -- command_beg = exec_path + strlen(exec_path); -- DEBUGMSGTL(("swrun:load:arch:_cn"," command_beg '%s'\n", command_beg)); -- for (; *command_beg == '\0'; command_beg++) { -- if (command_beg >= arg_end) -- return -1; -- } -- DEBUGMSGTL(("swrun:load:arch:_cn"," command_beg '%s'\n", command_beg)); -- -- /* Get the basename of command. */ -- command = command_end = command_beg + strlen(command_beg) + 1; -- for (command--; command >= command_beg; command--) { -- if (*command == '/') -- break; -- } -- command++; -- DEBUGMSGTL(("swrun:load:arch:_cn"," command '%s'\n", command)); -- -- /* Allocate space for the command and copy. */ -- DEBUGMSGTL(("swrun:load:arch:_cn", -- SWRUNINDENT "kernel name %s\n", command)); -- if (strncmp(command, entry->hrSWRunName, sizeof(entry->hrSWRunName)-1)) { -- strlcpy(entry->hrSWRunName, command, sizeof(entry->hrSWRunName)); -- entry->hrSWRunName_len = strlen(entry->hrSWRunName); -- DEBUGMSGTL(("swrun:load:arch:_cn", "**" -- SWRUNINDENT "updated name to %s\n", entry->hrSWRunName)); -- return 0; -- } -- -- /** no error, no change */ -- return 1; --} --#else --static int --_set_command_name(netsnmp_swrun_entry *entry) --{ -- int mib[3] = {CTL_KERN, 0, 0}; -- size_t procargssize, mib_size = sizeof(mib)/sizeof(mib[0]); -- char *cp; -- int len, nargs; -- char *command_beg, *command, *command_end, *exec_path, *argN; -- char arg_buf[MAX_KERN_ARGMAX]; /* max to avoid kernel bug */ -- -- /* -- * arguments -- */ -- mib[1] = KERN_PROCARGS2; -- mib[2] = entry->hrSWRunIndex; -- -- memset(arg_buf, 0x0, sizeof(arg_buf)); -- procargssize = _kern_argmax; -- if (sysctl(mib, mib_size, arg_buf, &procargssize, NULL, 0) == -1) { -- snmp_log(LOG_ERR, "Error in PROCARGS2 sysctl() for %s: %s\n", -- entry->hrSWRunName, strerror(errno)); -- entry->hrSWRunPath_len = 0; -- entry->hrSWRunParameters_len = 0; -- return -1; -- } -- else { -- memcpy(&nargs,arg_buf, sizeof(nargs)); -- } -- -- exec_path = arg_buf + sizeof(nargs); -- len = strlen(exec_path); -- strlcpy(entry->hrSWRunPath, exec_path, sizeof(entry->hrSWRunPath)); -- if (len > sizeof(entry->hrSWRunPath)-1) { -- DEBUGMSGTL(("swrun:load:arch:_cn"," truncating long run path\n")); -- entry->hrSWRunPath[sizeof(entry->hrSWRunPath)-2] = '$'; -- entry->hrSWRunPath_len = sizeof(entry->hrSWRunPath)-1; -- } -- else -- entry->hrSWRunPath_len = len; -- -- /** Skip the saved exec_path. */ --#if 0 -- cp = exec_path + len; --#else -- for (cp = exec_path; cp < &arg_buf[procargssize]; cp++) { -- if (*cp == '\0') -- break; /* End of exec_path reached. */ -- } -- if (cp != exec_path + len) { -- DEBUGMSGTL(("swrun:load:arch:_cn", " OFF BY %d\n", -- (int)((exec_path + len) - cp))); -- netsnmp_assert( cp == exec_path + len ); -- } --#endif -- if (cp == &arg_buf[procargssize]) { -- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected end of buffer\n")); -- return -1; -- } -- -- /** Skip trailing '\0' characters. */ -- for (; cp < &arg_buf[procargssize]; cp++) { -- if (*cp != '\0') -- break; /* Beginning of first argument reached. */ -- } -- if (cp == &arg_buf[procargssize]) { -- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected end of buffer\n")); -- return -1; -- } -- command_beg = cp; -- -- /* -- * Make sure that the command is '\0'-terminated. This protects -- * against malicious programs; under normal operation this never -- * ends up being a problem.. -- */ -- for (; cp < &arg_buf[procargssize]; cp++) { -- if (*cp == '\0') -- break; /* End of first argument reached. */ -- } -- if (cp == &arg_buf[procargssize]) { -- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected end of buffer\n")); -- return -1; -- } -- command_end = command = cp; -- --nargs; -- -- /* -- * save arguments -- */ -- while( nargs && cp < &arg_buf[procargssize] ) { -- /** Skip trailing '\0' characters from prev arg. */ -- for (; (cp < &arg_buf[procargssize]) && (*cp == 0); cp++) -- ; /* noop */ -- if (cp == &arg_buf[procargssize]) -- continue; /* effectively a break */ -- -- /** save argN start */ -- argN = cp; -- --nargs; -- if (0 == nargs) -- continue; /* effectively a break */ -- -- /** Skip to end of arg */ -- for (; (cp < &arg_buf[procargssize]) && (*cp != 0); cp++) -- ; /* noop */ -- if (cp == &arg_buf[procargssize]) -- continue; /* effectively a break */ -- -- /* -- * check for overrun into env -- */ -- if ((*argN != '-') && strchr(argN,'=')) { -- DEBUGMSGTL(("swrun:load:arch:_cn", " *** OVERRUN INTO ENV %d\n",nargs)); -- continue; -- } -- -- /* -- * save arg -- */ -- if(entry->hrSWRunParameters_len < sizeof(entry->hrSWRunParameters)-1) { -- strlcat(&entry->hrSWRunParameters[entry->hrSWRunParameters_len], -- argN, sizeof(entry->hrSWRunParameters)-entry->hrSWRunParameters_len-1); -- entry->hrSWRunParameters_len = strlen(entry->hrSWRunParameters); -- if ((entry->hrSWRunParameters_len+2 < sizeof(entry->hrSWRunParameters)-1) && (0 != nargs)) { -- /* add space between params */ -- entry->hrSWRunParameters[entry->hrSWRunParameters_len++] = ' '; -- entry->hrSWRunParameters[entry->hrSWRunParameters_len] = 0; -- } else { -- DEBUGMSGTL(("swrun:load:arch:_cn"," truncating long arg list\n")); -- entry->hrSWRunParameters[entry->hrSWRunParameters_len++] = '$'; -- entry->hrSWRunParameters[entry->hrSWRunParameters_len] = '0'; -- } -- } -- } -- if (' ' == entry->hrSWRunParameters[entry->hrSWRunParameters_len]) -- entry->hrSWRunParameters[entry->hrSWRunParameters_len--] = 0; -- -- -- /* Get the basename of command. */ -- for (command--; command >= command_beg; command--) { -- if (*command == '/') -- break; -- } -- command++; -- -- /* Allocate space for the command and copy. */ -- if (strncmp(command, entry->hrSWRunName, sizeof(entry->hrSWRunName)-1)) { -- strlcpy(entry->hrSWRunName, command, sizeof(entry->hrSWRunName)); -- entry->hrSWRunName_len = strlen(entry->hrSWRunName); -- DEBUGMSGTL(("swrun:load:arch:_cn", -- " **updated name to %s\n", entry->hrSWRunName)); -- } -- -- return 0; --} --#endif diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec index 3e9bc0e..7fa1420 100644 --- a/SPECS/net-snmp.spec +++ b/SPECS/net-snmp.spec @@ -10,7 +10,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.8 -Release: 15%{?dist} +Release: 20%{?dist} Epoch: 1 License: BSD @@ -49,14 +49,19 @@ Patch20: net-snmp-5.8-sec-counter.patch Patch21: net-snmp-5.8-proxy-getnext.patch Patch22: net-snmp-5.8-dskTable-dynamic.patch Patch23: net-snmp-5.8-expand-SNMPCONFPATH.patch -Patch24: net-snmp-5.8-licensing.patch -Patch25: net-snmp-5.8-duplicate-ipAddress.patch -Patch26: net-snmp-5.8-memory-reporting.patch -Patch27: net-snmp-5.8-man-page.patch -Patch28: net-snmp-5.8-ipAddress-faster-load.patch -Patch29: net-snmp-5.8-rpm-memory-leak.patch -Patch30: net-snmp-5.8-sec-memory-leak.patch -Patch31: net-snmp-5.8-aes-config.patch +Patch24: net-snmp-5.8-duplicate-ipAddress.patch +Patch25: net-snmp-5.8-memory-reporting.patch +Patch26: net-snmp-5.8-man-page.patch +Patch27: net-snmp-5.8-ipAddress-faster-load.patch +Patch28: net-snmp-5.8-rpm-memory-leak.patch +Patch29: net-snmp-5.8-sec-memory-leak.patch +Patch30: net-snmp-5.8-aes-config.patch +Patch31: net-snmp-5.7.2-CVE-2020-15862.patch +Patch32: net-snmp-5.8-bulk.patch +Patch33: net-snmp-5.8-clientaddr-error-message.patch +Patch34: net-snmp-5.8-ipv6-disabled.patch +Patch35: net-snmp-5.8-empty-passphrase.patch +Patch36: net-snmp-5.8-asn-parse-nlength.patch # Modern RPM API means at least EL6 Patch101: net-snmp-5.8-modern-rpm-api.patch @@ -205,14 +210,19 @@ rm -r python %patch21 -p1 -b .proxy-getnext %patch22 -p1 -b .dskTable-dynamic %patch23 -p1 -b .expand-SNMPCONFPATH -%patch24 -p1 -%patch25 -p1 -b .duplicate-ipAddress -%patch26 -p1 -b .memory-reporting -%patch27 -p1 -b .man-page -%patch28 -p1 -b .ipAddress-faster-load -%patch29 -p1 -b .rpm-memory-leak -%patch30 -p1 -b .sec-memory-leak -%patch31 -p1 -b .aes-config +%patch24 -p1 -b .duplicate-ipAddress +%patch25 -p1 -b .memory-reporting +%patch26 -p1 -b .man-page +%patch27 -p1 -b .ipAddress-faster-load +%patch28 -p1 -b .rpm-memory-leak +%patch29 -p1 -b .sec-memory-leak +%patch30 -p1 -b .aes-config +%patch31 -p1 -b .CVE-2020-15862 +%patch32 -p1 -b .bulk +%patch33 -p1 -b .clientaddr-error-message +%patch34 -p1 -b .ipv6-disabled +%patch35 -p1 -b .empty-passphrase +%patch36 -p1 -b .asn-parse-nlength %patch101 -p1 -b .modern-rpm-api @@ -250,7 +260,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" --enable-ucd-snmp-compatibility \ --sysconfdir=%{_sysconfdir} \ --with-cflags="$RPM_OPT_FLAGS" \ - --with-ldflags="-Wl,-z,relro -Wl,-z,now" \ + --with-ldflags="-Wl,-z,relro -Wl,-z,now -lm" \ --with-logfile="/var/log/snmpd.log" \ --with-mib-modules="$MIBS" \ --with-mysql \ @@ -391,8 +401,8 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %doc README.thread AGENT.txt PORTING local/README.mib2c %doc IETF-MIB-LICENSE.txt %dir %{_sysconfdir}/snmp -%config(noreplace) %attr(0650,root,root) %{_sysconfdir}/snmp/snmpd.conf -%config(noreplace) %attr(0650,root,root) %{_sysconfdir}/snmp/snmptrapd.conf +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmpd.conf +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmptrapd.conf %{_bindir}/snmpconf %{_bindir}/net-snmp-create-v3-user %{_sbindir}/* @@ -467,6 +477,27 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_libdir}/libnetsnmptrapd*.so.%{soname}* %changelog +* Tue Jan 05 2021 Josef Ridky - 1:5.8-20 +- fix issue with parsing of long traps (#1912242) +- modify fix for #1877375 + +* Tue Dec 01 2020 Josef Ridky - 1:5.8-19 +- revert permission of config files to 600 (#1601060) +- fix error message when the address specified by clientaddr option + is wrong or cannot be bound (#1877375) +- log error with /proc/net/if_inet6 only when IPv6 is enabled (#1824367) +- fix issue with quoting empty passphrase (#1817225) + +* Wed Nov 11 2020 Josef Ridky - 1:5.8-18 +- fix CVE-2020-15862 (#1875497) +- fix bulk responses for invalid PID (#1817190) + +* Tue Aug 11 2020 Josef Ridky - 1:5.8-17 +- add math library in LDFLAGS (#1846252) + +* Thu Jul 16 2020 Josef Ridky - 1:5.8-16 +- remove file due licensing issues (#1690936) + * Wed Jun 10 2020 Josef Ridky - 1:5.8-15 - proxied OIDs unspecified in proxy statement in snmpd.conf (#1658134) - UCD-SNMP-MIB::dskTable doesn't update dynamically (#1658185) @@ -520,7 +551,7 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test * Mon Aug 13 2018 Josef Ridky - 1:5.8-2 - fix default configuration file (#1589480 and #1594147) -- modify permissions for /var/log files (#1601060) +- modify permissions for config files (#1601060) * Thu Aug 09 2018 Josef Ridky - 1:5.8-1 - remove python package and update to the last upstream version (#1584510)