diff --git a/net-snmp-5.8-key-leak-backport.patch b/net-snmp-5.8-key-leak-backport.patch new file mode 100644 index 0000000..8f04b48 --- /dev/null +++ b/net-snmp-5.8-key-leak-backport.patch @@ -0,0 +1,56 @@ +diff -urNp a/snmplib/keytools.c b/snmplib/keytools.c +--- a/snmplib/keytools.c 2018-11-27 15:04:59.931217024 +0100 ++++ b/snmplib/keytools.c 2018-11-27 15:07:50.765672477 +0100 +@@ -187,25 +187,25 @@ generate_Ku(const oid * hashtype, u_int + #else + ctx = malloc(sizeof(*ctx)); + if (!EVP_MD_CTX_init(ctx)) +- return SNMPERR_GENERR; ++ QUITFUN(SNMPERR_GENERR, generate_Ku_quit); + #endif + if (!EVP_DigestInit(ctx, hashfn)) +- return SNMPERR_GENERR; ++ QUITFUN(SNMPERR_GENERR, generate_Ku_quit); + + #elif NETSNMP_USE_INTERNAL_CRYPTO + #ifndef NETSNMP_DISABLE_MD5 + if (NETSNMP_USMAUTH_HMACMD5 == auth_type) { + if (!MD5_Init(&cmd5)) +- return SNMPERR_GENERR; ++ QUITFUN(SNMPERR_GENERR, generate_Ku_quit); + cryptotype = TYPE_MD5; + } else + #endif + if (NETSNMP_USMAUTH_HMACSHA1 == auth_type) { + if (!SHA1_Init(&csha1)) +- return SNMPERR_GENERR; ++ QUITFUN(SNMPERR_GENERR, generate_Ku_quit); + cryptotype = TYPE_SHA1; + } else { +- return (SNMPERR_GENERR); ++ QUITFUN(SNMPERR_GENERR, generate_Ku_quit); + } + #else + MDbegin(&MD); +diff -urNp a/snmplib/scapi.c b/snmplib/scapi.c +--- a/snmplib/scapi.c 2018-11-27 15:04:59.931217024 +0100 ++++ b/snmplib/scapi.c 2018-11-27 15:14:37.587393891 +0100 +@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char + #endif + if (!EVP_DigestInit(cptr, hashfn)) { + /* requested hash function is not available */ +- return SNMPERR_SC_NOT_CONFIGURED; ++ rval = SNMPERR_SC_NOT_CONFIGURED; ++ goto sc_hash_type_quit; + } + + /** pass the data */ +@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char + /** do the final pass */ + EVP_DigestFinal(cptr, MAC, &tmp_len); + *MAC_len = tmp_len; ++ ++sc_hash_type_quit: + #if defined(HAVE_EVP_MD_CTX_FREE) + EVP_MD_CTX_free(cptr); + #elif defined(HAVE_EVP_MD_CTX_DESTROY) diff --git a/net-snmp.spec b/net-snmp.spec index 251abaf..1c78d0b 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -10,7 +10,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.8 -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 License: BSD @@ -39,6 +39,7 @@ Patch9: net-snmp-5.8-Remove-U64-typedef.patch Patch10: net-snmp-5.8-libnetsnmptrapd-against-MYSQL_LIBS.patch Patch11: net-snmp-5.7.3-iterator-fix.patch Patch12: net-snmp-5.8-autofs-skip.patch +Patch13: net-snmp-5.8-key-leak-backport.patch # Modern RPM API means at least EL6 Patch101: net-snmp-5.8-modern-rpm-api.patch @@ -205,6 +206,7 @@ cp %{SOURCE10} . %patch10 -p1 -b .perlfix %patch11 -p1 -b .iterator-fix %patch12 -p1 -b .autofs-skip +%patch13 -p1 -b .leak-backport %patch101 -p1 -b .modern-rpm-api %patch102 -p1 @@ -475,6 +477,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_libdir}/libnetsnmptrapd*.so.%{soname}* %changelog +* Tue Nov 27 2018 Josef Ridky - 1:5.8-3 +- backport memory leak fixes from upstream + * Mon Jul 23 2018 Josef Ridky - 1:5.8-2 - fix unresoved error with mysql functions - implement changes to announce soname changes