rpms/net-snmp
8
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:c10s
rpms:c9-beta
rpms:c9s
rpms:c8-beta
rpms:c8s
rpms:imports/c9/net-snmp-5.9.1-17.el9
rpms:imports/c10s/net-snmp-5.9.4-14.el10
rpms:imports/c9-beta/net-snmp-5.9.1-17.el9
rpms:imports/c9/net-snmp-5.9.1-13.el9_4.3
rpms:imports/c9/net-snmp-5.9.1-13.el9_4.2
rpms:imports/c10s/net-snmp-5.9.4-13.el10
rpms:imports/c10s/net-snmp-5.9.4-12.el10
rpms:imports/c8/net-snmp-5.8-30.el8
rpms:imports/c8/net-snmp-5.8-30.el8_10
rpms:imports/c9/net-snmp-5.9.1-13.el9
rpms:imports/c9/net-snmp-5.9.1-11.el9_3.1
rpms:imports/c8/net-snmp-5.8-28.el8
rpms:imports/c8/net-snmp-5.8-27.el8_8.1
rpms:imports/c8-beta/net-snmp-5.8-28.el8
rpms:imports/c9/net-snmp-5.9.1-11.el9_2
rpms:imports/c8/net-snmp-5.8-27.el8
rpms:imports/c9/net-snmp-5.9.1-9.el9
rpms:imports/c9-beta/net-snmp-5.9.1-9.el9
rpms:imports/c8-beta/net-snmp-5.8-27.el8
rpms:imports/c8s/net-snmp-5.8-27.el8
rpms:imports/c8/net-snmp-5.8-25.el8_7.1
rpms:imports/c8s/net-snmp-5.8-26.el8
rpms:imports/c9-beta/net-snmp-5.9.1-7.el9_0.1
rpms:imports/c9/net-snmp-5.9.1-7.el9_0.1
rpms:imports/c9/net-snmp-5.9.1-7.el9
rpms:imports/c8/net-snmp-5.8-25.el8
rpms:imports/c8-beta/net-snmp-5.8-25.el8
rpms:imports/c8s/net-snmp-5.8-25.el8
rpms:imports/c8s/net-snmp-5.8-24.el8
rpms:imports/c9-beta/net-snmp-5.9.1-7.el9
rpms:imports/c9-beta/net-snmp-5.9.1-4.el9
rpms:imports/c8/net-snmp-5.8-22.el8
rpms:imports/c8s/net-snmp-5.8-23.el8
rpms:imports/c8-beta/net-snmp-5.8-22.el8
rpms:imports/c8-beta/net-snmp-5.8-20.el8
rpms:imports/c8-beta/net-snmp-5.8-15.el8
rpms:imports/c8-beta/net-snmp-5.8-12.el8
rpms:imports/c8-beta/net-snmp-5.8-9.el8
rpms:imports/c8s/net-snmp-5.8-22.el8
rpms:imports/c8s/net-snmp-5.8-21.el8
rpms:imports/c8s/net-snmp-5.8-20.el8
rpms:imports/c8s/net-snmp-5.8-19.el8
rpms:imports/c8s/net-snmp-5.8-17.el8
rpms:imports/c8/net-snmp-5.8-20.el8
rpms:imports/c8/net-snmp-5.8-18.el8_3.1
rpms:imports/c8/net-snmp-5.8-17.el8
rpms:imports/c8/net-snmp-5.8-14.el8_2.1
rpms:imports/c8/net-snmp-5.8-14.el8
...
pull from: rpms:c10s
Branches Tags
rpms:c9
rpms:c10s
rpms:c9-beta
rpms:c9s
rpms:c8
rpms:c8-beta
rpms:c8s
rpms:imports/c9/net-snmp-5.9.1-17.el9
rpms:imports/c10s/net-snmp-5.9.4-14.el10
rpms:imports/c9-beta/net-snmp-5.9.1-17.el9
rpms:imports/c9/net-snmp-5.9.1-13.el9_4.3
rpms:imports/c9/net-snmp-5.9.1-13.el9_4.2
rpms:imports/c10s/net-snmp-5.9.4-13.el10
rpms:imports/c10s/net-snmp-5.9.4-12.el10
rpms:imports/c8/net-snmp-5.8-30.el8
rpms:imports/c8/net-snmp-5.8-30.el8_10
rpms:imports/c9/net-snmp-5.9.1-13.el9
rpms:imports/c9/net-snmp-5.9.1-11.el9_3.1
rpms:imports/c8/net-snmp-5.8-28.el8
rpms:imports/c8/net-snmp-5.8-27.el8_8.1
rpms:imports/c8-beta/net-snmp-5.8-28.el8
rpms:imports/c9/net-snmp-5.9.1-11.el9_2
rpms:imports/c8/net-snmp-5.8-27.el8
rpms:imports/c9/net-snmp-5.9.1-9.el9
rpms:imports/c9-beta/net-snmp-5.9.1-9.el9
rpms:imports/c8-beta/net-snmp-5.8-27.el8
rpms:imports/c8s/net-snmp-5.8-27.el8
rpms:imports/c8/net-snmp-5.8-25.el8_7.1
rpms:imports/c8s/net-snmp-5.8-26.el8
rpms:imports/c9-beta/net-snmp-5.9.1-7.el9_0.1
rpms:imports/c9/net-snmp-5.9.1-7.el9_0.1
rpms:imports/c9/net-snmp-5.9.1-7.el9
rpms:imports/c8/net-snmp-5.8-25.el8
rpms:imports/c8-beta/net-snmp-5.8-25.el8
rpms:imports/c8s/net-snmp-5.8-25.el8
rpms:imports/c8s/net-snmp-5.8-24.el8
rpms:imports/c9-beta/net-snmp-5.9.1-7.el9
rpms:imports/c9-beta/net-snmp-5.9.1-4.el9
rpms:imports/c8/net-snmp-5.8-22.el8
rpms:imports/c8s/net-snmp-5.8-23.el8
rpms:imports/c8-beta/net-snmp-5.8-22.el8
rpms:imports/c8-beta/net-snmp-5.8-20.el8
rpms:imports/c8-beta/net-snmp-5.8-15.el8
rpms:imports/c8-beta/net-snmp-5.8-12.el8
rpms:imports/c8-beta/net-snmp-5.8-9.el8
rpms:imports/c8s/net-snmp-5.8-22.el8
rpms:imports/c8s/net-snmp-5.8-21.el8
rpms:imports/c8s/net-snmp-5.8-20.el8
rpms:imports/c8s/net-snmp-5.8-19.el8
rpms:imports/c8s/net-snmp-5.8-17.el8
rpms:imports/c8/net-snmp-5.8-20.el8
rpms:imports/c8/net-snmp-5.8-18.el8_3.1
rpms:imports/c8/net-snmp-5.8-17.el8
rpms:imports/c8/net-snmp-5.8-14.el8_2.1
rpms:imports/c8/net-snmp-5.8-14.el8

No commits in common. "c8" and "c10s" have entirely different histories.
c8 ... c10s

89 changed files with 1378 additions and 3653 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

13
.gitignore vendored
View File

@ -1 +1,12 @@
SOURCES/net-snmp-5.8.tar.gz
net-snmp-5.5.tar.gz
/net-snmp-5.6.tar.gz
/net-snmp-5.6.1.tar.gz
/net-snmp-5.7.tar.gz
/net-snmp-5.7.1.tar.gz
/net-snmp-5.7.2.tar.gz
/net-snmp-5.7.3.tar.gz
/net-snmp-5.8.tar.gz
/net-snmp-5.9.tar.gz
/net-snmp-5.9.1.tar.gz
/net-snmp-5.9.3.tar.gz
/net-snmp-5.9.4.tar.gz

1
.net-snmp.metadata
View File

@ -1 +0,0 @@
81654b086af051edbe7e03ba49672aa0c2ab1d38 SOURCES/net-snmp-5.8.tar.gz

0
SOURCES/IETF-MIB-LICENSE.txt → IETF-MIB-LICENSE.txt
View File

70
SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch
View File

@ -1,70 +0,0 @@
diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c
--- old/agent/mibgroup/agent/extend.c 2020-11-11 12:41:46.377115142 +0100
+++ new/agent/mibgroup/agent/extend.c 2020-11-11 12:50:28.047142105 +0100
@@ -16,6 +16,12 @@
#define SHELLCOMMAND 3
#endif
+/* This mib is potentially dangerous to turn on by default, since it
+ * allows arbitrary commands to be set by anyone with SNMP WRITE
+ * access to the MIB table. If all of your users are "root" level
+ * users, then it may be safe to turn on. */
+#define ENABLE_EXTEND_WRITE_ACCESS 0
+
netsnmp_feature_require(extract_table_row_data)
netsnmp_feature_require(table_data_delete_table)
#ifndef NETSNMP_NO_WRITE_SUPPORT
@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
*
**********/
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
case MODE_SET_RESERVE1:
/*
* Validate the new assignments
@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
break;
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
default:
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
/*
* If we're marking a given row as active,
* then we need to check that it's ready.
@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
@@ -1571,7 +1577,7 @@ fixExec2Error(int action,
idx = name[name_len-1] -1;
exten = &compatability_entries[ idx ];
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
switch (action) {
case MODE_SET_RESERVE1:
if (var_val_type != ASN_INTEGER) {
@@ -1592,7 +1598,7 @@ fixExec2Error(int action,
case MODE_SET_COMMIT:
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */

10
SOURCES/net-snmp-5.7.2-autoreconf.patch
View File

@ -1,10 +0,0 @@
926223 - net-snmp: Does not support aarch64 in f19 and rawhide
Update autoconf version to make the test suite happy.
diff -up net-snmp-5.7.2/dist/autoconf-version.autoreconf net-snmp-5.7.2/dist/autoconf-version
--- net-snmp-5.7.2/dist/autoconf-version.autoreconf 2013-03-25 13:00:15.002745347 +0100
+++ net-snmp-5.7.2/dist/autoconf-version 2013-03-25 13:00:17.207736442 +0100
@@ -1 +1 @@
-2.68
+2.69

128
SOURCES/net-snmp-5.7.2-pie.patch
View File

@ -1,128 +0,0 @@
diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in
--- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200
@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@
diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in
--- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200
@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
--- a/apps/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/Makefile.in 2018-09-25 09:38:18.361298461 +0200
@@ -156,37 +156,37 @@ OTHERUNINSTALL=snmpinformuninstall snmpt
# build rules
#
snmpwalk$(EXEEXT): snmpwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkwalk$(EXEEXT): snmpbulkwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkget$(EXEEXT): snmpbulkget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptranslate$(EXEEXT): snmptranslate.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpstatus$(EXEEXT): snmpstatus.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpget$(EXEEXT): snmpget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdelta$(EXEEXT): snmpdelta.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptable$(EXEEXT): snmptable.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpinform$(EXEEXT): snmptrap$(EXEEXT)
rm -f snmpinform
@@ -197,34 +197,34 @@ snmptop$(EXEEXT): snmpps$(EXEEXT)
$(LN_S) snmpps$(EXEEXT) snmptop$(EXEEXT)
snmpset$(EXEEXT): snmpset.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpusm$(EXEEXT): snmpusm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpvacm$(EXEEXT): snmpvacm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptls$(EXEEXT): snmptls.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
agentxtrap$(EXEEXT): agentxtrap.$(OSUFFIX) $(USEAGENTLIBS)
$(LINK) ${CFLAGS} -o $@ agentxtrap.$(OSUFFIX) ${LDFLAGS} $(USEAGENTLIBS) $(PERLLDOPTS_FOR_APPS) ${LIBS}
snmpgetnext$(EXEEXT): snmpgetnext.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
encode_keychange$(EXEEXT): encode_keychange.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdf$(EXEEXT): snmpdf.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpps$(EXEEXT): snmpps.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
snmpping$(EXEEXT): snmpping.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
+ $(LINK) ${CFLAGS} -o $@ -pie snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
diff -urNp a/apps/snmpnetstat/Makefile.in b/apps/snmpnetstat/Makefile.in
--- a/apps/snmpnetstat/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/snmpnetstat/Makefile.in 2018-09-25 09:39:30.406458117 +0200
@@ -34,4 +34,4 @@ LIBS= ../../snmplib/libnetsnmp.$(LIB_EX
all: standardall
snmpnetstat$(EXEEXT): ${LOBJS} ${USELIBS}
- ${LINK} ${CFLAGS} -o $@ ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}
+ ${LINK} ${CFLAGS} -o $@ -pie ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}

163
SOURCES/net-snmp-5.8-CVE-2022-24805-24810.patch
View File

@ -1,163 +0,0 @@
From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Tue, 24 Aug 2021 07:55:00 -0700
Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
When a SET request includes a mix of delegated and
non-delegated requests (e.g., objects handled by master
agent and agentx sub-agent), the status can get lost while
waiting for the reply from the sub-agent. Recover the status
into the session from the requests even if it has already
been processed.
---
agent/snmp_agent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 84fbb42b47..095ee70985 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp,
if (requests->status != SNMP_ERR_NOERROR &&
(!look_for_specific || requests->status == look_for_specific)
&& (look_for_specific || asp->index == 0
- || requests->index < asp->index)) {
+ || requests->index <= asp->index)) {
asp->index = requests->index;
asp->status = requests->status;
}
From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Wed, 30 Jun 2021 14:00:28 -0700
Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB,
NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
---
agent/mibgroup/agent/nsLogging.c | 6 ++++++
agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++--
agent/mibgroup/mibII/vacm_vars.c | 3 +++
agent/mibgroup/snmpv3/usmUser.c | 2 --
4 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c
index 9abdeb5bb7..7f4290490a 100644
--- a/agent/mibgroup/agent/nsLogging.c
+++ b/agent/mibgroup/agent/nsLogging.c
@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
}
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c
index cc61fce7e6..6c43210074 100644
--- a/agent/mibgroup/agent/nsVacmAccessTable.c
+++ b/agent/mibgroup/agent/nsVacmAccessTable.c
@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
ret = SNMP_ERR_NOERROR;
switch (table_info->colnum) {
@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
* Extract the authType token from the list of indexes
*/
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
idx = idx->next_variable; model = *idx->val.integer;
idx = idx->next_variable; level = *idx->val.integer;
entry = vacm_createAccessEntry( gName, cPrefix, model, level );
- entry->storageType = ST_NONVOLATILE;
- netsnmp_insert_iterator_context(request, (void*)entry);
+ if (entry) {
+ entry->storageType = ST_NONVOLATILE;
+ netsnmp_insert_iterator_context(request, (void*)entry);
+ }
}
}
}
@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c
index 469a1eba59..62c9a3d051 100644
--- a/agent/mibgroup/mibII/vacm_vars.c
+++ b/agent/mibgroup/mibII/vacm_vars.c
@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen,
return 1;
}
groupNameL = oidIndex[0];
+ if ((groupNameL + 1) > (int) oidLen) {
+ return 1;
+ }
contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */
if ((int) oidLen != groupNameL + contextPrefixL + 4) {
return 1;
diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c
index 0f52aaba49..0edea53cfb 100644
--- a/agent/mibgroup/snmpv3/usmUser.c
+++ b/agent/mibgroup/snmpv3/usmUser.c
@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action,
if (usmStatusCheck(uptr)) {
uptr->userStatus = RS_ACTIVE;
} else {
- SNMP_FREE(engineID);
- SNMP_FREE(newName);
return SNMP_ERR_INCONSISTENTVALUE;
}
} else if (long_ret == RS_CREATEANDWAIT) {

129
SOURCES/net-snmp-5.8-CVE-2022-44792-44793.patch
View File

@ -1,129 +0,0 @@
From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 08:41:24 -0800
Subject: [PATCH 1/3] snmp_agent: disallow SET with NULL varbind
---
agent/snmp_agent.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 867d0c166f..3f678fe2df 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
return 1;
}
+static int
+check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
+{
+ int i;
+ netsnmp_variable_list *v = NULL;
+
+ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
+ if (v->type == ASN_NULL) {
+ /*
+ * Protect SET implementations that do not protect themselves
+ * against wrong type.
+ */
+ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
+ asp->index = i;
+ return SNMP_ERR_WRONGTYPE;
+ }
+ }
+ return SNMP_ERR_NOERROR;
+}
+
int
handle_pdu(netsnmp_agent_session *asp)
{
int status, inclusives = 0;
netsnmp_variable_list *v = NULL;
+#ifndef NETSNMP_NO_WRITE_SUPPORT
+ /*
+ * Check for ASN_NULL in SET request
+ */
+ if (asp->pdu->command == SNMP_MSG_SET) {
+ status = check_set_pdu_for_null_varbind(asp);
+ if (status != SNMP_ERR_NOERROR) {
+ return status;
+ }
+ }
+#endif /* NETSNMP_NO_WRITE_SUPPORT */
+
/*
* for illegal requests, mark all nodes as ASN_NULL
*/
From 7f4ac4051cc7fec6a5944661923acb95cec359c7 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 08:41:46 -0800
Subject: [PATCH 2/3] apps: snmpset: allow SET with NULL varbind for testing
---
apps/snmpset.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/apps/snmpset.c b/apps/snmpset.c
index 48e14bd513..d542713e1b 100644
--- a/apps/snmpset.c
+++ b/apps/snmpset.c
@@ -182,6 +182,7 @@ main(int argc, char *argv[])
case 'x':
case 'd':
case 'b':
+ case 'n': /* undocumented */
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
case 'I':
case 'U':
From 15f9d7f7e5b90c9b419832ed8e6413feb6570d83 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 10:23:32 -0800
Subject: [PATCH 3/3] Add test for NULL varbind set
---
.../default/T0142snmpv2csetnull_simple | 31 +++++++++++++++++++
1 file changed, 31 insertions(+)
create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple
diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple
new file mode 100644
index 0000000000..0f1b8f386b
--- /dev/null
+++ b/testing/fulltests/default/T0142snmpv2csetnull_simple
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+. ../support/simple_eval_tools.sh
+
+HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
+
+SKIPIF NETSNMP_DISABLE_SET_SUPPORT
+SKIPIF NETSNMP_NO_WRITE_SUPPORT
+SKIPIF NETSNMP_DISABLE_SNMPV2C
+SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
+
+#
+# Begin test
+#
+
+# standard V2C configuration: testcomunnity
+snmp_write_access='all'
+. ./Sv2cconfig
+STARTAGENT
+
+CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
+
+CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
+
+CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
+
+CHECK "Reason: wrongType"
+
+STOPAGENT
+
+FINISHED

100
SOURCES/net-snmp-5.8-aes-config.patch
View File

@ -1,100 +0,0 @@
From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 27 Apr 2020 08:23:16 -0700
Subject: [PATCH] configure: Report supported authentication and encryption
modes correctly
Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
protocol constants handling") added support for several AES encryption modes.
Make the configure script report which modes are supported.
---
configure | 15 ++++++++++++++-
configure.d/config_os_misc2 | 15 ++++++++++++++-
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 46402589f..7481ebd07 100755
--- a/configure
+++ b/configure
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
$as_echo "Internal Crypto Support" >&6; }
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -26492,6 +26498,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
index 1df9bf0a2..be0bccec0 100644
--- a/configure.d/config_os_misc2
+++ b/configure.d/config_os_misc2
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
AC_MSG_RESULT(Internal Crypto Support)
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -86,6 +92,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
AC_SUBST(LNETSNMPLIBS)
AC_SUBST(LAGENTLIBS)
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200
+++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200
@@ -58,11 +58,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ DES|AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ des|aes|aes128|aes192|aes256)
Xalgorithm=`echo $1 | tr a-z A-Z`
shift
;;

122
SOURCES/net-snmp-5.8-agent-of-death.patch
View File

@ -1,122 +0,0 @@
diff -urNp a/agent/agent_trap.c b/agent/agent_trap.c
--- a/agent/agent_trap.c 2019-02-13 13:10:36.862269252 +0100
+++ b/agent/agent_trap.c 2019-02-13 15:02:11.396042356 +0100
@@ -174,6 +174,11 @@ _trap_version_incr(int version)
case SNMP_VERSION_3:
++_v2_sessions;
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
@@ -201,6 +206,11 @@ _trap_version_decr(int version)
_v2_sessions = 0;
}
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
diff -urNp old/agent/mibgroup/agentx/master.c new/agent/mibgroup/agentx/master.c
--- old/agent/mibgroup/agentx/master.c 2019-04-03 12:13:55.115769783 +0200
+++ new/agent/mibgroup/agentx/master.c 2019-04-10 09:49:53.277168497 +0200
@@ -280,6 +280,11 @@ agentx_got_response(int operation,
netsnmp_free_delegated_cache(cache);
return 0;
+ case NETSNMP_CALLBACK_OP_RESEND:
+ DEBUGMSGTL(("agentx/master", "resend on session %8p req=0x%x\n",
+ session, (unsigned)reqid));
+ return 0;
+
case NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE:
/*
* This session is alive
diff -urNp old/snmplib/snmp_api.c new/snmplib/snmp_api.c
--- old/snmplib/snmp_api.c 2019-04-24 00:28:34.904357292 +0200
+++ new/snmplib/snmp_api.c 2019-04-24 00:24:40.101830685 +0200
@@ -352,6 +352,7 @@ static int snmpv3_build(u_char ** p
netsnmp_pdu *pdu);
static int snmp_parse_version(u_char *, size_t);
static int snmp_resend_request(struct session_list *slp,
+ netsnmp_request_list *orp,
netsnmp_request_list *rp,
int incr_retries);
static void register_default_handlers(void);
@@ -5717,7 +5718,7 @@ _sess_process_packet_handle_pdu(void *se
* * inifinite resend
*/
if (rp->retries <= sp->retries) {
- snmp_resend_request(slp, rp, TRUE);
+ snmp_resend_request(slp, orp, rp, TRUE);
break;
} else {
/* We're done with retries, so no longer waiting for a response */
@@ -6662,9 +6663,22 @@ snmp_timeout(void)
snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION);
}
+static void
+remove_request(struct snmp_internal_session *isp,
+ netsnmp_request_list *orp, netsnmp_request_list *rp)
+{
+ if (orp)
+ orp->next_request = rp->next_request;
+ else
+ isp->requests = rp->next_request;
+ if (isp->requestsEnd == rp)
+ isp->requestsEnd = orp;
+ snmp_free_pdu(rp->pdu);
+}
+
static int
-snmp_resend_request(struct session_list *slp, netsnmp_request_list *rp,
- int incr_retries)
+snmp_resend_request(struct session_list *slp, netsnmp_request_list *orp,
+ netsnmp_request_list *rp, int incr_retries)
{
struct snmp_internal_session *isp;
netsnmp_session *sp;
@@ -6731,9 +6745,11 @@ snmp_resend_request(struct session_list
sp->s_snmp_errno = SNMPERR_BAD_SENDTO;
sp->s_errno = errno;
snmp_set_detail(strerror(errno));
- if (rp->callback)
+ if (rp->callback) {
rp->callback(NETSNMP_CALLBACK_OP_SEND_FAILED, sp,
rp->pdu->reqid, rp->pdu, rp->cb_data);
+ remove_request(isp, orp, rp);
+ }
return -1;
} else {
netsnmp_get_monotonic_clock(&now);
@@ -6813,19 +6829,12 @@ snmp_sess_timeout(void *sessp)
callback(NETSNMP_CALLBACK_OP_TIMED_OUT, sp,
rp->pdu->reqid, rp->pdu, magic);
}
- if (orp)
- orp->next_request = rp->next_request;
- else
- isp->requests = rp->next_request;
- if (isp->requestsEnd == rp)
- isp->requestsEnd = orp;
- snmp_free_pdu(rp->pdu);
+ remove_request(isp, orp, rp);
freeme = rp;
continue; /* don't update orp below */
} else {
- if (snmp_resend_request(slp, rp, TRUE)) {
+ if (snmp_resend_request(slp, orp, rp, TRUE))
break;
- }
}
}
orp = rp;

12
SOURCES/net-snmp-5.8-agentx-disconnect-crash.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/agent/mibgroup/agentx/master.c b/agent/mibgroup/agentx/master.c
--- a/agent/mibgroup/agentx/master.c 2018-07-18 12:13:49.953014652 +0200
+++ b/agent/mibgroup/agentx/master.c 2018-07-18 12:20:23.537626773 +0200
@@ -221,7 +221,7 @@ agentx_got_response(int operation,
/* response is too late, free the cache */
if (magic)
netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic);
- return 0;
+ return 1;
}
requests = cache->requests;

86
SOURCES/net-snmp-5.8-asn-parse-nlength.patch
View File

@ -1,86 +0,0 @@
From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 12:21:59 -0800
Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
Handle length zero correctly.
Fixes: https://github.com/net-snmp/net-snmp/issues/253
Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
---
snmplib/asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
index e983500e7..33c272768 100644
--- a/snmplib/asn1.c
+++ b/snmplib/asn1.c
@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
* long length; first byte is length of length (after masking high bit)
*/
len_len = (int) ((*pkt & ~0x80) + 1);
- if ((int) pkt_len <= len_len )
+ if (pkt_len < len_len)
return NULL; /* still too short for length and data */
/* now we know we have enough data to parse length */
From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 10:00:33 -0800
Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
test
Add a reproducer for the bug fixed by the previous patch.
---
.../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++
1 file changed, 41 insertions(+)
create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
new file mode 100644
index 000000000..5c21ccdc7
--- /dev/null
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
@@ -0,0 +1,41 @@
+/* HEADER Parsing of an SNMP trap with no varbinds */
+netsnmp_pdu pdu;
+int rc;
+static u_char trap_pdu[] = {
+ /* Sequence with length of 0x2d = 45 bytes. */
+ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
+ /* version = INTEGER 0 */
+ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
+ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
+ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
+ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
+ /* SNMP_MSG_TRAP; 32 bytes. */
+ [15] = 0xa4, [16] = 0x20,
+ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
+ [17] = 0x06, [18] = 0x08,
+ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
+ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
+ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
+ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
+ [31] = 0x01, [32] = 0x22,
+ /* generic-trap = INTEGER 0 */
+ [33] = 0x02, [34] = 0x01, [35] = 0x00,
+ /* specific-trap = INTEGER 0 */
+ [36] = 0x02, [37] = 0x01, [38] = 0x00,
+ /* ASN_TIMETICKS 0x117f243a */
+ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
+ [43] = 0x24, [44] = 0x3a,
+ /* varbind list */
+ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
+};
+static size_t trap_pdu_length = sizeof(trap_pdu);
+netsnmp_session session;
+
+snmp_set_do_debugging(TRUE);
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
+memset(&session, 0, sizeof(session));
+snmp_sess_init(&session);
+memset(&pdu, 0, sizeof(pdu));
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
+
+OKF((rc == 0), ("Parsing of a trap PDU"));

199
SOURCES/net-snmp-5.8-autofs-skip.patch
View File

@ -1,199 +0,0 @@
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntctl.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:15:46.782859398 +0200
@@ -43,8 +43,9 @@ _fsys_type( int type)
case MNT_NFS:
case MNT_NFS3:
- case MNT_AUTOFS:
return NETSNMP_FS_TYPE_NFS;
+ case MNT_AUTOFS:
+ return NETSNMP_FS_TYPE_AUTOFS;
/*
* The following code covers selected filesystems
@@ -156,10 +157,12 @@ netsnmp_fsys_arch_load( void )
/*
* Optionally skip retrieving statistics for remote mounts
+ * AUTOFS is skipped by default
*/
- if ( (entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
+ if ( ((entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
- NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
+ NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES)) ||
+ entry->type == (NETSNMP_FS_TYPE_AUTOFS))
continue;
if ( statfs( entry->path, &stat_buf ) < 0 ) {
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:15:46.782859398 +0200
@@ -150,6 +150,13 @@ _fsys_type( char *typename )
!strcmp(typename, MNTTYPE_LOFS))
return NETSNMP_FS_TYPE_OTHER;
+ /* Detection of AUTOFS.
+ * This file system will be ignored by default
+ */
+ else if ( !strcmp(typename, MNTTYPE_AUTOFS))
+ return NETSNMP_FS_TYPE_AUTOFS;
+
+
/*
* All other types are silently skipped
*/
@@ -239,6 +246,10 @@ netsnmp_fsys_arch_load( void )
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
continue;
+ /* Skip AUTOFS enteries */
+ if ( entry->type == (NETSNMP_FS_TYPE_AUTOFS))
+ continue;
+
#ifdef irix6
if ( NSFS_STATFS( entry->path, &stat_buf, sizeof(struct statfs), 0) < 0 )
#else
diff -urNp b/agent/mibgroup/hardware/fsys/mnttypes.h net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h
--- b/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:15:46.782859398 +0200
@@ -165,6 +165,9 @@
#ifndef MNTTYPE_APP
#define MNTTYPE_APP "app"
#endif
+#ifndef MNTTYPE_AUTOFS
+#define MNTTYPE_AUTOFS "autofs"
+#endif
#ifndef MNTTYPE_DEVPTS
#define MNTTYPE_DEVPTS "devpts"
#endif
diff -urNp b/agent/mibgroup/host/hr_filesys.c net-snmp-5.8/agent/mibgroup/host/hr_filesys.c
--- b/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:15:46.783859399 +0200
@@ -834,6 +834,27 @@ Check_HR_FileSys_NFS (void)
return 0; /* no NFS file system */
}
+/* This function checks whether current file system is an AutoFs
+ * HRFS_entry must be valid prior to calling this function
+ * return 1 if AutoFs, 0 otherwise
+ */
+int
+Check_HR_FileSys_AutoFs (void)
+{
+#if HAVE_GETFSSTAT
+ if ( HRFS_entry->HRFS_type != NULL &&
+#if defined(MNTTYPE_AUTOFS)
+ !strcmp( HRFS_entry->HRFS_type, MNTTYPE_AUTOFS)
+#else
+ !strcmp( HRFS_entry->HRFS_type, "autofs")
+#endif
+ )
+#endif /* HAVE_GETFSSTAT */
+ return 1; /* AUTOFS */
+
+ return 0; /* no AUTOFS */
+}
+
void
End_HR_FileSys(void)
{
diff -urNp b/agent/mibgroup/host/hr_filesys.h net-snmp-5.8/agent/mibgroup/host/hr_filesys.h
--- b/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:15:46.784859400 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_filesys.c net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c
--- b/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:15:46.785859402 +0200
@@ -429,3 +429,9 @@ Check_HR_FileSys_NFS (void)
{
return (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) ? 1 : 0;
}
+
+int
+Check_HR_FileSys_AutoFs (void)
+{
+ return (HRFS_entry->type == (NETSNMP_FS_TYPE_AUTOFS)) ? 1 : 0;
+}
diff -urNp b/agent/mibgroup/host/hrh_filesys.h net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h
--- b/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:15:46.785859402 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrhfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_storage.c net-snmp-5.8/agent/mibgroup/host/hrh_storage.c
--- b/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -367,9 +367,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (store_idx <= NETSNMP_MEM_TYPE_MAX ) {
mem = (netsnmp_memory_info*)ptr;
@@ -508,7 +509,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/agent/mibgroup/host/hr_storage.c net-snmp-5.8/agent/mibgroup/host/hr_storage.c
--- b/agent/mibgroup/host/hr_storage.c 2018-07-18 16:12:20.670499644 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (HRFS_statfs(HRFS_entry->HRFS_mount, &stat_buf) < 0) {
snmp_log_perror(HRFS_entry->HRFS_mount);
@@ -683,7 +684,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/include/net-snmp/agent/hardware/fsys.h net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h
--- b/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:12:20.649499726 +0200
+++ net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:19:33.994918912 +0200
@@ -41,6 +41,7 @@ typedef struct netsnmp_fsys_info_s netsn
#define NETSNMP_FS_TYPE_SYSFS (4 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_TYPE_TMPFS (5 | _NETSNMP_FS_TYPE_LOCAL)
#define NETSNMP_FS_TYPE_USBFS (6 | _NETSNMP_FS_TYPE_LOCAL)
+#define NETSNMP_FS_TYPE_AUTOFS (7 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_FLAG_ACTIVE 0x01
#define NETSNMP_FS_FLAG_REMOTE 0x02

90
SOURCES/net-snmp-5.8-broken-errmsg.patch
View File

@ -1,90 +0,0 @@
diff -urNp a/agent/mibgroup/host/hrh_filesys.c b/agent/mibgroup/host/hrh_filesys.c
--- a/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:30:07.744455758 +0200
+++ b/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:32:50.657160232 +0200
@@ -219,6 +219,7 @@ var_hrhfilesys(struct variable *vp,
{
int fsys_idx;
static char *string;
+ static char empty_str[1];
fsys_idx =
header_hrhfilesys(vp, name, length, exact, var_len, write_method);
@@ -235,7 +236,7 @@ var_hrhfilesys(struct variable *vp,
*var_len = 0;
if (asprintf(&string, "%s", HRFS_entry->path) >= 0)
*var_len = strlen(string);
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_RMOUNT:
free(string);
if (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) {
@@ -245,7 +246,7 @@ var_hrhfilesys(struct variable *vp,
string = strdup("");
}
*var_len = string ? strlen(string) : 0;
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_TYPE:
fsys_type_id[fsys_type_len - 1] =
diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:30:07.728455689 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:34:32.722597366 +0200
@@ -842,6 +842,7 @@ var_extensible_disk(struct variable *vp,
struct dsk_entry entry;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
int i;
for (i = 0; i < numdisks; i++){
@@ -950,7 +951,7 @@ tryAgain:
*var_len = strlen(errmsg);
}
}
- return (u_char *) (errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/disk_hw.c b/agent/mibgroup/ucd-snmp/disk_hw.c
--- a/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:30:07.727455684 +0200
+++ b/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:35:53.420943010 +0200
@@ -314,6 +314,7 @@ var_extensible_disk(struct variable *vp,
unsigned long long val;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
netsnmp_cache *cache;
/* Update the fsys H/W module */
@@ -432,7 +433,7 @@ tryAgain:
>= 0)) {
*var_len = strlen(errmsg);
}
- return (u_char *) errmsg;
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/proc.c b/agent/mibgroup/ucd-snmp/proc.c
--- a/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:30:07.725455676 +0200
+++ b/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:37:31.143361548 +0200
@@ -267,7 +267,7 @@ var_extensible_proc(struct variable *vp,
struct myproc *proc;
static long long_ret;
static char *errmsg;
-
+ static char empty_str[1];
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numprocs))
@@ -330,7 +330,7 @@ var_extensible_proc(struct variable *vp,
}
}
*var_len = errmsg ? strlen(errmsg) : 0;
- return ((u_char *) errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
case ERRORFIX:
*write_method = fixProcError;
long_return = fixproc.result;

51
SOURCES/net-snmp-5.8-bulk.patch
View File

@ -1,51 +0,0 @@
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-09-29 14:08:09.821479662 +0200
+++ b/snmplib/snmp_api.c 2020-10-01 10:15:46.607374362 +0200
@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session
session->retries = SNMP_DEFAULT_RETRIES;
session->version = SNMP_DEFAULT_VERSION;
session->securityModel = SNMP_DEFAULT_SECMODEL;
- session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
+ session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
session->sndMsgMaxSize = netsnmp_max_send_msg_size();
session->flags |= SNMP_FLAGS_DONT_PROBE;
}
@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
/*
* build a scopedPDU structure into spdu_buf
*/
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "ScopedPdu");
cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
&spdu_hdr_e);
@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
*/
DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
if (pdu_data) {
+ if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
+ snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
+ __func__, pdu_data_len, sizeof(spdu_buf));
+ return -1;
+ }
memcpy(cp, pdu_data, pdu_data_len);
cp += pdu_data_len;
} else {
@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
* re-encode the actual ASN.1 length of the scopedPdu
*/
spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
if (asn_build_sequence(spdu_buf, &spdu_buf_len,
(u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
spdu_len) == NULL)
@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
* message - the entire message to transmitted on the wire is returned
*/
cp = NULL;
- *out_length = SNMP_MAX_MSG_SIZE;
+ *out_length = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
sptr = find_sec_mod(pdu->securityModel);
if (sptr && sptr->encode_forward) {

12
SOURCES/net-snmp-5.8-certs.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/local/net-snmp-cert b/local/net-snmp-cert
--- a/local/net-snmp-cert 2021-10-11 09:08:53.451970484 +0200
+++ b/local/net-snmp-cert 2021-10-11 09:11:36.765386413 +0200
@@ -1002,7 +1002,7 @@ sub make_openssl_conf {
rdir = .
dir = $ENV::DIR
RANDFILE = $rdir/.rand
-MD = sha1
+MD = sha512
KSIZE = 2048
CN = net-snmp.org
EMAIL = admin@net-snmp.org

112
SOURCES/net-snmp-5.8-cflags.patch
View File

@ -1,112 +0,0 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/agent/default_store/Makefile.PL b/perl/agent/default_store/Makefile.PL
--- a/perl/agent/default_store/Makefile.PL 2018-07-18 13:43:12.170426290 +0200
+++ b/perl/agent/default_store/Makefile.PL 2018-07-18 13:51:31.812176486 +0200
@@ -83,7 +83,7 @@ sub AgentDefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Makefile.PL b/perl/agent/Makefile.PL
--- a/perl/agent/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Makefile.PL 2018-07-18 13:52:53.884973275 +0200
@@ -98,7 +98,7 @@ sub AgentInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . $Params{'LIBS'};
# $Params{'PREREQ_PM'} = {'NetSNMP::OID' => '0.1'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Support/Makefile.PL b/perl/agent/Support/Makefile.PL
--- a/perl/agent/Support/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Support/Makefile.PL 2018-07-18 13:53:11.414929921 +0200
@@ -90,7 +90,7 @@ sub SupportInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/ASN/Makefile.PL b/perl/ASN/Makefile.PL
--- a/perl/ASN/Makefile.PL 2018-07-18 13:43:12.171426287 +0200
+++ b/perl/ASN/Makefile.PL 2018-07-18 13:53:46.652842822 +0200
@@ -93,7 +93,7 @@ sub AsnInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/default_store/Makefile.PL b/perl/default_store/Makefile.PL
--- a/perl/default_store/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/default_store/Makefile.PL 2018-07-18 13:54:20.814758441 +0200
@@ -83,7 +83,7 @@ sub DefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/OID/Makefile.PL b/perl/OID/Makefile.PL
--- a/perl/OID/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/OID/Makefile.PL 2018-07-18 13:54:43.348702811 +0200
@@ -90,7 +90,7 @@ sub OidInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = {'SNMP' => '5.0'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/SNMP/Makefile.PL b/perl/SNMP/Makefile.PL
--- a/perl/SNMP/Makefile.PL 2018-07-18 13:43:12.173426282 +0200
+++ b/perl/SNMP/Makefile.PL 2018-07-18 13:55:07.220643903 +0200
@@ -103,7 +103,7 @@ sub SnmpInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = { 'NetSNMP::default_store' => 0.01 };
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if (!$ENV{'NETSNMP_PREFIX'}) {
$prefix = `$opts->{'nsconfig'} --prefix`;
diff -urNp a/perl/TrapReceiver/Makefile.PL b/perl/TrapReceiver/Makefile.PL
--- a/perl/TrapReceiver/Makefile.PL 2018-07-18 13:43:12.172426285 +0200
+++ b/perl/TrapReceiver/Makefile.PL 2018-07-18 13:55:43.100647233 +0200
@@ -132,7 +132,7 @@ sub TrapReceiverInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . " $Params{'LIBS'}";
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";

68
SOURCES/net-snmp-5.8-coverity.patch
View File

@ -1,68 +0,0 @@
diff -urNp a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
--- a/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 10:43:38.722444233 +0200
+++ b/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 11:01:46.503253963 +0200
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
diff -urNp a/agent/mibgroup/hardware/cpu/cpu_linux.c b/agent/mibgroup/hardware/cpu/cpu_linux.c
--- a/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 10:43:38.697444449 +0200
+++ b/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 11:12:07.109024625 +0200
@@ -122,6 +122,7 @@ int netsnmp_cpu_arch_load( netsnmp_cache
bsize = getpagesize()-1;
buff = (char*)malloc(bsize+1);
if (buff == NULL) {
+ close(statfd);
return -1;
}
}
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 10:43:38.711444328 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 11:16:45.532231535 +0200
@@ -543,15 +543,18 @@ netsnmp_access_ipaddress_extra_prefix_in
status = send (sd, &req, req.nlhdr.nlmsg_len, 0);
if (status < 0) {
snmp_log(LOG_ERR, "could not send netlink request\n");
+ close(sd);
return -1;
}
status = recv (sd, buf, sizeof(buf), 0);
if (status < 0) {
snmp_log (LOG_ERR, "could not recieve netlink request\n");
+ close(sd);
return -1;
}
if (status == 0) {
snmp_log (LOG_ERR, "nothing to read\n");
+ close(sd);
return -1;
}
for (nlmp = (struct nlmsghdr *)buf; status > sizeof(*nlmp); ){
@@ -561,11 +564,13 @@ netsnmp_access_ipaddress_extra_prefix_in
if (req_len < 0 || len > status) {
snmp_log (LOG_ERR, "invalid netlink message\n");
+ close(sd);
return -1;
}
if (!NLMSG_OK (nlmp, status)) {
snmp_log (LOG_ERR, "invalid NLMSG message\n");
+ close(sd);
return -1;
}
rtmp = (struct ifaddrmsg *)NLMSG_DATA(nlmp);

41
SOURCES/net-snmp-5.8-deleted-iface.patch
View File

@ -1,41 +0,0 @@
diff -up net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c
--- net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original 2022-02-02 15:06:29.382119898 +0900
+++ net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c 2022-02-02 15:15:39.298280447 +0900
@@ -600,7 +600,6 @@ netsnmp_arch_interface_container_load(ne
{
FILE *devin;
char line[256];
- netsnmp_interface_entry *entry = NULL;
static char scan_expected = 0;
int fd;
#ifdef NETSNMP_ENABLE_IPV6
@@ -669,6 +668,7 @@ netsnmp_arch_interface_container_load(ne
* and retrieve (or create) the corresponding data structure.
*/
while (fgets(line, sizeof(line), devin)) {
+ netsnmp_interface_entry *entry = NULL;
char *stats, *ifstart = line;
u_int flags;
oid if_index;
@@ -701,6 +701,11 @@ netsnmp_arch_interface_container_load(ne
*stats++ = 0; /* null terminate name */
if_index = netsnmp_arch_interface_index_find(ifstart);
+ if (if_index == 0) {
+ DEBUGMSGTL(("access:interface", "network interface %s is gone",
+ ifstart));
+ continue;
+ }
/*
* set address type flags.
@@ -726,7 +731,7 @@ netsnmp_arch_interface_container_load(ne
continue;
}
- entry = netsnmp_access_interface_entry_create(ifstart, 0);
+ entry = netsnmp_access_interface_entry_create(ifstart, if_index);
if(NULL == entry) {
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

35
SOURCES/net-snmp-5.8-dev-mem-leak.patch
View File

@ -1,35 +0,0 @@
From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:21:16 -0700
Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
The Linux kernel regenerates proc files in their entirety every time a 4 KiB
boundary is crossed. This can result in reading the same network interface
twice if network information changes while it is being read. Fix a memory
leak that can be triggered if /proc/net/dev changes while being read.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e99360a216..215b30e806 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
/*
* add to container
*/
- CONTAINER_INSERT(container, entry);
+ if (CONTAINER_INSERT(container, entry) != 0) {
+ netsnmp_interface_entry *existing =
+ CONTAINER_FIND(container, entry);
+ NETSNMP_LOGONCE((LOG_WARNING,
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ entry->index, existing ? existing->name : "(?)",
+ entry->name));
+ netsnmp_access_interface_entry_free(entry);
+ }
}
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

98
SOURCES/net-snmp-5.8-digest-from-ECC.patch
View File

@ -1,98 +0,0 @@
From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001
From: minfrin <minfrin@users.noreply.github.com>
Date: Tue, 5 Jan 2021 23:17:14 +0000
Subject: [PATCH] Add support for digests detected from ECC certificates
Previously, the digest could be detected on RSA certificates only. This
patch adds detection for ECC certificates.
[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2
back to _htmap ]
---
snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++-------
1 file changed, 50 insertions(+), 10 deletions(-)
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index c092a007af..432cb5c27c 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
}
}
-static int _htmap[NS_HASH_MAX + 1] = {
- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption,
- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption,
- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption };
+static const struct {
+ uint16_t nid;
+ uint16_t ht;
+} _htmap[] = {
+ { 0, NS_HASH_NONE },
+#ifdef NID_md5WithRSAEncryption
+ { NID_md5WithRSAEncryption, NS_HASH_MD5 },
+#endif
+#ifdef NID_sha1WithRSAEncryption
+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 },
+#endif
+#ifdef NID_ecdsa_with_SHA1
+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 },
+#endif
+#ifdef NID_sha224WithRSAEncryption
+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 },
+#endif
+#ifdef NID_ecdsa_with_SHA224
+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 },
+#endif
+#ifdef NID_sha256WithRSAEncryption
+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 },
+#endif
+#ifdef NID_ecdsa_with_SHA256
+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 },
+#endif
+#ifdef NID_sha384WithRSAEncryption
+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 },
+#endif
+#ifdef NID_ecdsa_with_SHA384
+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 },
+#endif
+#ifdef NID_sha512WithRSAEncryption
+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 },
+#endif
+#ifdef NID_ecdsa_with_SHA512
+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 },
+#endif
+};
int
_nid2ht(int nid)
{
int i;
- for (i=1; i<= NS_HASH_MAX; ++i) {
- if (nid == _htmap[i])
- return i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].nid == nid)
+ return _htmap[i].ht;
}
return 0;
}
@@ -541,9 +577,13 @@ _nid2ht(int nid)
int
_ht2nid(int ht)
{
- if ((ht < 0) || (ht > NS_HASH_MAX))
- return 0;
- return _htmap[ht];
+ int i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].ht == ht)
+ return _htmap[i].nid;
+ }
+ return 0;
}
#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */

12
SOURCES/net-snmp-5.8-dir-fix.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2018-07-18 11:11:53.227015237 +0200
+++ b/net-snmp-create-v3-user.in 2018-07-18 11:12:13.375010176 +0200
@@ -137,7 +137,7 @@ fi
echo $line >> $outfile
prefix="@prefix@"
datarootdir="@datarootdir@"
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " " $line

48
SOURCES/net-snmp-5.8-double-IP-parsing.patch
View File

@ -1,48 +0,0 @@
From 1bb941d6fcd7ac2db5a54b95ee0ed07ec9861e70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Fri, 12 Mar 2021 10:15:30 +0100
Subject: [PATCH] Prevent parsing IP address twice (#199)
This fixes issue, that is caused by parsing IP address twice.
First as IPv4 and as IPv6 at second, even thow the address was
properly parsed as a valid IPv4 address.
---
snmplib/transports/snmpUDPDomain.c | 2 +-
snmplib/transports/snmpUDPIPv6Domain.c | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index b96497f3a3..b594a389b9 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -387,7 +387,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
/* Nope, wasn't a dotted quad. Must be a hostname. */
int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
if (ret < 0) {
- config_perror("cannot resolve source hostname");
+ config_perror("cannot resolve IPv4 source hostname");
return;
}
}
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index 238c8a9d63..7db19c5c02 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -736,7 +736,15 @@ netsnmp_udp6_parse_security(const char *token, char *param)
memset(&pton_addr.sin6_addr.s6_addr, '\0',
sizeof(struct in6_addr));
} else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) {
- /* Nope, wasn't a numeric address. Must be a hostname. */
+ /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */
+
+ /* Try interpreting as dotted quad - IPv4 */
+ struct in_addr network;
+ if (inet_pton(AF_INET, sourcep, &network) > 0){
+ /* Yes, it's IPv4 - so it's already parsed and we can return. */
+ DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n"));
+ return;
+ }
#if HAVE_GETADDRINFO
int gai_error;

181
SOURCES/net-snmp-5.8-dskTable-dynamic.patch
View File

@ -1,181 +0,0 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:29:35.867328760 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:44:13.053535421 +0200
@@ -153,9 +153,10 @@ static void disk_free_config(void)
static void disk_parse_config(const char *, char *);
static void disk_parse_config_all(const char *, char *);
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
-static void find_and_add_allDisks(int minpercent);
+static void refresh_disk_table(int addNewDisks, int minpercent);
static void add_device(char *path, char *device,
- int minspace, int minpercent, int override);
+ int minspace, int minpercent, int addNewDisks,
+ int override);
static void modify_disk_parameters(int index, int minspace,
int minpercent);
static int disk_exists(char *path);
@@ -167,6 +168,7 @@ struct diskpart {
char path[STRMAX];
int minimumspace;
int minpercent;
+ int alive;
};
#define MAX_INT_32 0x7fffffff
@@ -174,6 +176,7 @@ struct diskpart {
unsigned int numdisks;
int allDisksIncluded = 0;
+int allDisksMinPercent = 0;
unsigned int maxdisks = 0;
struct diskpart *disks;
@@ -238,6 +241,7 @@ init_disk(void)
disk_free_config,
"minpercent%");
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -253,6 +257,7 @@ disk_free_config(void)
disks[i].minpercent = -1;
}
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
* check if the disk already exists, if so then modify its
* parameters. if it does not exist then add it
*/
- add_device(path, find_device(path), minspace, minpercent, 1);
+ add_device(path, find_device(path), minspace, minpercent, 1, 1);
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
}
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
static void
-add_device(char *path, char *device, int minspace, int minpercent, int override)
+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override)
{
int index;
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
}
index = disk_exists(path);
- if((index != -1) && (index < maxdisks) && (override==1)) {
- modify_disk_parameters(index, minspace, minpercent);
+ if((index != -1) && (index < maxdisks)) {
+ /* the path is already in the table */
+ disks[index].alive = 1;
+ /* -> update its device */
+ strlcpy(disks[index].device, device, sizeof(disks[index].device));
+ if (override == 1) {
+ modify_disk_parameters(index, minspace, minpercent);
+ }
}
- else if(index == -1){
+ else if(index == -1 && addNewDisks){
/* add if and only if the device was found */
if(device[0] != 0) {
/* The following buffers are cleared above, no need to add '\0' */
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
disks[numdisks].minimumspace = minspace;
disks[numdisks].minpercent = minpercent;
+ disks[numdisks].alive = 1;
numdisks++;
}
else {
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
disks[numdisks].minpercent = -1;
disks[numdisks].path[0] = 0;
disks[numdisks].device[0] = 0;
+ disks[numdisks].alive = 0;
}
}
}
@@ -444,7 +457,7 @@ int disk_exists(char *path)
}
static void
-find_and_add_allDisks(int minpercent)
+refresh_disk_table(int addNewDisks, int minpercent)
{
#if HAVE_GETMNTENT
#if HAVE_SYS_MNTTAB_H
@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while (mntfp && NULL != (mntent = getmntent(mntfp))) {
- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
if (mntfp)
@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while ((i = getmntent(mntfp, &mnttab)) == 0) {
- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
fclose(mntfp);
@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent)
#elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) {
- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
endfsent(); /* close /etc/fstab */
@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) {
- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0);
+ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0);
}
}
}
@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/"
*/
if (statfs("/", &statf) == 0) {
- add_device("/", statf.f_mntfromname, -1, minpercent, 0);
+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
}
#endif
else {
@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_e
#endif
#endif
+ if (disks[disknum].alive == 0){
+ return -1;
+ }
+
entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -826,6 +843,13 @@ var_extensible_disk(struct variable *vp,
static long long_ret;
static char *errmsg;
+ int i;
+ for (i = 0; i < numdisks; i++){
+ disks[i].alive = 0;
+ }
+ /* dynamically add new disks + update alive flag */
+ refresh_disk_table(allDisksIncluded, allDisksMinPercent);
+
tryAgain:
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numdisks))

30
SOURCES/net-snmp-5.8-empty-passphrase.patch
View File

@ -1,30 +0,0 @@
From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
From: Josef Ridky <jridky@redhat.com>
Date: Wed, 18 Nov 2020 20:54:34 -0800
Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
See also https://github.com/net-snmp/net-snmp/issues/86.
Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
Reported-by: Chris Cheney
---
net-snmp-create-v3-user.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 452c2699d..31b4c58c1 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -120,7 +120,11 @@ fi
fi
outdir="@PERSISTENT_DIRECTORY@"
outfile="$outdir/snmpd.conf"
-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+if test "x$xpassphrase" = "x" ; then
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
+else
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+fi
echo "adding the following line to $outfile:"
echo " " $line
# in case it hasn't ever been started yet, start it.

25
SOURCES/net-snmp-5.8-engine-id.patch
View File

@ -1,25 +0,0 @@
From 79f014464ba761e2430cc767b021993ab9379822 Mon Sep 17 00:00:00 2001
From: Wes Hardaker <opensource@hardakers.net>
Date: Tue, 8 Jan 2019 08:52:29 -0800
Subject: [PATCH] NEWS: snmptrap: BUG: 2899: Patch from Drew Roedersheimer to
set library engineboots/time values before sending
---
apps/snmptrap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/apps/snmptrap.c b/apps/snmptrap.c
index d16d2fa671..12808d07e4 100644
--- a/apps/snmptrap.c
+++ b/apps/snmptrap.c
@@ -237,6 +237,9 @@ main(int argc, char *argv[])
session.engineBoots = 1;
if (session.engineTime == 0) /* not really correct, */
session.engineTime = get_uptime(); /* but it'll work. Sort of. */
+
+ set_enginetime(session.securityEngineID, session.securityEngineIDLen,
+ session.engineBoots, session.engineTime, TRUE);
}
ss = snmp_add(&session,

67
SOURCES/net-snmp-5.8-fix-cert-crash.patch
View File

@ -1,67 +0,0 @@
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-06-09 12:38:23.196037329 +0200
+++ b/snmplib/snmp_openssl.c 2021-06-09 12:44:11.782503048 +0200
@@ -284,31 +284,30 @@ _cert_get_extension(X509_EXTENSION *oex
}
if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
snmp_log(LOG_ERR, "could not print extension!\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
space = BIO_get_mem_data(bio, &data);
if (buf && *buf) {
- if (*len < space)
- buf_ptr = NULL;
- else
- buf_ptr = *buf;
+ if (*len < space +1) {
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
+ goto out;
+ }
+ buf_ptr = *buf;
+ } else {
+ buf_ptr = calloc(1, space + 1);
}
- else
- buf_ptr = calloc(1,space + 1);
if (!buf_ptr) {
- snmp_log(LOG_ERR,
- "not enough space or error in allocation for extenstion\n");
- BIO_vfree(bio);
- return NULL;
+ snmp_log(LOG_ERR, "error in allocation for extenstion\n");
+ goto out;
}
memcpy(buf_ptr, data, space);
buf_ptr[space] = 0;
if (len)
*len = space;
+out:
BIO_vfree(bio);
return buf_ptr;
@@ -479,7 +478,7 @@ netsnmp_openssl_cert_dump_extensions(X50
{
X509_EXTENSION *extension;
const char *extension_name;
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
int i, num_extensions, buf_len, nid;
if (NULL == ocert)
@@ -499,6 +498,11 @@ netsnmp_openssl_cert_dump_extensions(X50
extension_name = OBJ_nid2sn(nid);
buf_len = sizeof(buf);
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
+ if (!str) {
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
+ extension_name));
+ continue;
+ }
lf = strchr(str, '\n'); /* look for multiline strings */
if (NULL != lf)
*lf = '\0'; /* only log first line of multiline here */

26
SOURCES/net-snmp-5.8-flood-messages.patch
View File

@ -1,26 +0,0 @@
From cd09fd82522861830aaf9d237b26eef5f9ba50d2 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 21 Nov 2018 20:47:42 -0800
Subject: [PATCH] MIB-II: Only log once that opening /proc/net/if_inet6 failed
If IPv6 has been disabled (ipv6.disable=1) then opening /proc/net/if_inet6
fails. Only log this once instead of thousand of times a day.
Reported-by: Fif <lefif@users.sourceforge.net>
---
agent/mibgroup/ip-mib/data_access/ipaddress_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
index 5ddead3e0..280575ce3 100644
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
@@ -234,7 +234,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- snmp_log_perror("ipaddress_linux: could not open " PROCFILE);
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
return -2;
}

12
SOURCES/net-snmp-5.8-ipv6-clientaddr.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
--- a/snmplib/transports/snmpUDPIPv6Domain.c 2019-01-24 09:03:05.606441678 +0100
+++ b/snmplib/transports/snmpUDPIPv6Domain.c 2019-02-07 08:59:26.434587244 +0100
@@ -464,7 +464,7 @@ netsnmp_udp6_transport(const struct sock
NETSNMP_DS_LIB_CLIENT_ADDR);
if (client_socket) {
struct sockaddr_in6 client_addr;
- if(!netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
+ if(netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
return netsnmp_udp6_transport_with_source(addr, local,
&client_addr);
}

38
SOURCES/net-snmp-5.8-ipv6-disable-leak.patch
View File

@ -1,38 +0,0 @@
diff -up net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
--- net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 2022-10-13 11:10:12.206072210 +0200
+++ net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c 2022-10-13 11:10:40.893111569 +0200
@@ -566,6 +566,7 @@ _systemstats_v6_load_systemstats(netsnmp
DEBUGMSGTL(("access:systemstats",
"Failed to load Systemstats Table (linux1), cannot open %s\n",
filename));
+ netsnmp_access_systemstats_entry_free(entry);
return 0;
}
diff --git a/agent/mibgroup/ucd-snmp/lmsensorsMib.c b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
index f709812fdc..ef93eeedc9 100644
--- a/agent/mibgroup/ucd-snmp/lmsensorsMib.c
+++ b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
@@ -94,7 +94,9 @@ initialize_lmSensorsTable(const char *tableName, const oid *tableOID,
netsnmp_table_helper_add_indexes(table_info, ASN_INTEGER, 0);
table_info->min_column = COLUMN_LMSENSORS_INDEX;
table_info->max_column = COLUMN_LMSENSORS_VALUE;
- netsnmp_container_table_register( reg, table_info, container, 0 );
+ if (netsnmp_container_table_register(reg, table_info, container, 0) !=
+ SNMPERR_SUCCESS)
+ return;
/*
* If the HAL sensors module was configured as an on-demand caching
diff -up net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 net-snmp-5.7.2/snmplib/snmp_logging.c
--- net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 2022-10-13 11:11:25.599172905 +0200
+++ net-snmp-5.7.2/snmplib/snmp_logging.c 2022-10-13 11:12:26.986257126 +0200
@@ -534,7 +534,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

31
SOURCES/net-snmp-5.8-ipv6-disabled.patch
View File

@ -1,31 +0,0 @@
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-09-29 14:08:09.742478965 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-10-01 14:20:25.575174851 +0200
@@ -19,6 +19,7 @@
#include <errno.h>
#include <sys/ioctl.h>
+#include <sys/stat.h>
netsnmp_feature_require(prefix_info)
netsnmp_feature_require(find_prefix_info)
@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+
+ /*
+ * If PROCFILE exists, but isn't readable, file ERROR message.
+ * Otherwise log nothing, due of IPv6 support on this machine is
+ * intentionaly disabled/unavailable.
+ */
+
+ struct stat filestat;
+
+ if(stat(PROCFILE, &filestat) == 0){
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+ }
return -2;
}

12
SOURCES/net-snmp-5.8-libnetsnmptrapd-against-MYSQL_LIBS.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
--- a/apps/Makefile.in 2018-07-18 15:39:28.069251000 +0200
+++ b/apps/Makefile.in 2018-07-18 15:54:52.261943123 +0200
@@ -230,7 +230,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS)
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
$(RANLIB) $@
snmpinforminstall:

143
SOURCES/net-snmp-5.8-memavailable.patch
View File

@ -1,143 +0,0 @@
From 5b8bf5d4130761c3374f9ad618e8a76bb75eb634 Mon Sep 17 00:00:00 2001
From: Yuwei Ba <i@xiaoba.me>
Date: Fri, 21 Aug 2020 15:06:10 +0800
Subject: [PATCH] snmpd: support MemAvailable on Linux
See also https://github.com/net-snmp/net-snmp/pull/167 .
[bvanassche: modified the behavior of this patch]
---
agent/mibgroup/hardware/memory/memory_linux.c | 20 ++++++++++++++++++-
agent/mibgroup/ucd-snmp/memory.c | 12 ++++++++++-
agent/mibgroup/ucd-snmp/memory.h | 1 +
include/net-snmp/agent/hardware/memory.h | 1 +
mibs/UCD-SNMP-MIB.txt | 16 +++++++++++++++
5 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86cde4..4ae235c2d0 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -24,7 +24,8 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
static int first = 1;
ssize_t bytes_read;
char *b;
- unsigned long memtotal = 0, memfree = 0, memshared = 0,
+ int have_memavail = 0;
+ unsigned long memtotal = 0, memavail = 0, memfree = 0, memshared = 0,
buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
@@ -81,6 +82,11 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No MemTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "MemAvailable: ");
+ if (b) {
+ have_memavail = 1;
+ sscanf(b, "MemAvailable: %lu", &memavail);
+ }
b = strstr(buff, "MemFree: ");
if (b)
sscanf(b, "MemFree: %lu", &memfree);
@@ -151,6 +157,18 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
mem->other = -1;
}
+ if (have_memavail) {
+ mem = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 1);
+ if (mem) {
+ if (!mem->descr)
+ mem->descr = strdup("Available memory");
+ mem->units = 1024;
+ mem->size = memavail;
+ mem->free = memavail;
+ mem->other = -1;
+ }
+ }
+
mem = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_VIRTMEM, 1 );
if (!mem) {
snmp_log_perror("No Virtual Memory info entry");
diff --git a/agent/mibgroup/ucd-snmp/memory.c b/agent/mibgroup/ucd-snmp/memory.c
index 371a77e9a5..158b28e67b 100644
--- a/agent/mibgroup/ucd-snmp/memory.c
+++ b/agent/mibgroup/ucd-snmp/memory.c
@@ -26,7 +26,7 @@ init_memory(void)
netsnmp_create_handler_registration("memory", handle_memory,
memory_oid, OID_LENGTH(memory_oid),
HANDLER_CAN_RONLY),
- 1, 26);
+ 1, 27);
netsnmp_register_scalar(
netsnmp_create_handler_registration("memSwapError", handle_memory,
memSwapError_oid, OID_LENGTH(memSwapError_oid),
@@ -272,6 +272,16 @@ handle_memory(netsnmp_mib_handler *handler,
c64.low = val & 0xFFFFFFFF;
c64.high = val >>32;
break;
+ case MEMORY_SYS_AVAIL:
+ type = ASN_COUNTER64;
+ mem_info = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 0);
+ if (!mem_info)
+ goto NOSUCH;
+ val = mem_info->size; /* memavail */
+ val *= (mem_info->units/1024);
+ c64.low = val & 0xFFFFFFFF;
+ c64.high = val >> 32;
+ break;
case MEMORY_SWAP_ERROR:
mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 );
if (!mem_info)
diff --git a/agent/mibgroup/ucd-snmp/memory.h b/agent/mibgroup/ucd-snmp/memory.h
index ded2140227..54a56a2fdb 100644
--- a/agent/mibgroup/ucd-snmp/memory.h
+++ b/agent/mibgroup/ucd-snmp/memory.h
@@ -41,6 +41,7 @@ Netsnmp_Node_Handler handle_memory;
#define MEMORY_SHARED_X 24
#define MEMORY_BUFFER_X 25
#define MEMORY_CACHED_X 26
+#define MEMORY_SYS_AVAIL 27
#define MEMORY_SWAP_ERROR 100
#define MEMORY_SWAP_ERRMSG 101
#endif /* MEMORY_H */
diff --git a/include/net-snmp/agent/hardware/memory.h b/include/net-snmp/agent/hardware/memory.h
index 54265cf22a..aca3a4d00d 100644
--- a/include/net-snmp/agent/hardware/memory.h
+++ b/include/net-snmp/agent/hardware/memory.h
@@ -10,6 +10,7 @@ typedef struct netsnmp_memory_info_s netsnmp_memory_info;
#define NETSNMP_MEM_TYPE_SHARED 8
#define NETSNMP_MEM_TYPE_SHARED2 9
#define NETSNMP_MEM_TYPE_SWAP 10
+#define NETSNMP_MEM_TYPE_AVAILMEM 11
/* Leave space for individual swap devices */
#define NETSNMP_MEM_TYPE_MAX 30
diff --git a/mibs/UCD-SNMP-MIB.txt b/mibs/UCD-SNMP-MIB.txt
index cde67feb50..d360bad025 100644
--- a/mibs/UCD-SNMP-MIB.txt
+++ b/mibs/UCD-SNMP-MIB.txt
@@ -746,6 +746,22 @@ memCachedX OBJECT-TYPE
memory as specifically reserved for this purpose."
::= { memory 26 }
+memSysAvail OBJECT-TYPE
+ SYNTAX CounterBasedGauge64
+ UNITS "kB"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total amount of available memory, which is an estimate
+ of how much memory is available for starting new applications,
+ without swapping.
+
+ This object will not be implemented on hosts where the
+ underlying operating system does not explicitly identify
+ memory as specifically reserved for this purpose."
+ ::= { memory 27 }
+
+
memSwapError OBJECT-TYPE
SYNTAX UCDErrorFlag
MAX-ACCESS read-only

92
SOURCES/net-snmp-5.8-memleak-backport.patch
View File

@ -1,92 +0,0 @@
From c6facf2f080c9e1ea803e4884dc92889ec83d990 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Wed, 10 Oct 2018 21:42:35 -0700
Subject: [PATCH] snmplib/keytools: Fix a memory leak
Avoid that Valgrind reports the following memory leak:
17,328 bytes in 361 blocks are definitely lost in loss record 696 of 704
at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
by 0x52223B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x52DDB06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x4E9885D: generate_Ku (keytools.c:186)
by 0x40171F: asynchronous (leaktest.c:276)
by 0x400FE7: main (leaktest.c:356)
---
snmplib/keytools.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/snmplib/keytools.c b/snmplib/keytools.c
index 2cf0240abf..dcdae044ac 100644
--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
@@ -186,11 +186,15 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
ctx = EVP_MD_CTX_create();
#else
ctx = malloc(sizeof(*ctx));
- if (!EVP_MD_CTX_init(ctx))
- return SNMPERR_GENERR;
+ if (!EVP_MD_CTX_init(ctx)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#endif
- if (!EVP_DigestInit(ctx, hashfn))
- return SNMPERR_GENERR;
+ if (!EVP_DigestInit(ctx, hashfn)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#elif NETSNMP_USE_INTERNAL_CRYPTO
#ifndef NETSNMP_DISABLE_MD5
From 67726f2a74007b5b4117fe49ca1e02c86110b624 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Tue, 9 Oct 2018 23:28:25 +0000
Subject: [PATCH] snmplib: Fix a memory leak in scapi.c
This patch avoids that Valgrind reports the following leak:
==1069== 3,456 bytes in 72 blocks are definitely lost in loss record 1,568 of 1,616
==1069== at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==1069== by 0x70A63B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x7161B06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x4EA3017: sc_hash (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1CD8: hash_engineID (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1DEC: search_enginetime_list (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA2256: set_enginetime (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC495E: usm_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC58CA: usm_secmod_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7B91D: snmpv3_parse (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7C1F6: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7CE94: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
[ bvanassche: minimized diffs / edited commit message ]
---
snmplib/scapi.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/snmplib/scapi.c b/snmplib/scapi.c
index 8ad1d70d90..54310099d8 100644
--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
/* requested hash function is not available */
- return SNMPERR_SC_NOT_CONFIGURED;
+ rval = SNMPERR_SC_NOT_CONFIGURED;
+ goto sc_hash_type_quit;
}
/** pass the data */
@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
+
+sc_hash_type_quit:
#if defined(HAVE_EVP_MD_CTX_FREE)
EVP_MD_CTX_free(cptr);
#elif defined(HAVE_EVP_MD_CTX_DESTROY)

35
SOURCES/net-snmp-5.8-memory-reporting.patch
View File

@ -1,35 +0,0 @@
diff -urNp a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
--- a/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:36:40.164588176 +0200
+++ b/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:38:59.398944829 +0200
@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
ssize_t bytes_read;
char *b;
unsigned long memtotal = 0, memfree = 0, memshared = 0,
- buffers = 0, cached = 0,
+ buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
netsnmp_memory_info *mem;
@@ -127,6 +127,13 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -183,7 +190,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (!mem->descr)
mem->descr = strdup("Cached memory");
mem->units = 1024;
- mem->size = cached;
+ mem->size = cached+sreclaimable;
mem->free = 0; /* Report cached size/used as equal */
mem->other = -1;
}

12
SOURCES/net-snmp-5.8-proxy-getnext.patch
View File

@ -1,12 +0,0 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
--- a/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:24:24.933347483 +0200
+++ b/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:25:49.007148474 +0200
@@ -460,7 +460,7 @@ proxy_handler(netsnmp_mib_handler *handl
if (sp->base_len &&
reqinfo->mode == MODE_GETNEXT &&
(snmp_oid_compare(ourname, ourlength,
- sp->base, sp->base_len) < 0)) {
+ sp->name, sp->name_len) < 0)) {
DEBUGMSGTL(( "proxy", "request is out of registered range\n"));
/*
* Create GETNEXT request with an OID so the

33
SOURCES/net-snmp-5.8-proxy-time-out.patch
View File

@ -1,33 +0,0 @@
From 6fd7499ccaafdf244a74306972562b2091cb91b1 Mon Sep 17 00:00:00 2001
From: fisabelle <fisabelle@broadsoft.com>
Date: Thu, 9 Jul 2020 15:49:35 -0400
Subject: [PATCH] Issue#147: Net-SNMP not responding when proxy requests times
out
---
agent/mibgroup/ucd-snmp/proxy.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index 24ae9322bd..e0ee96b29a 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -572,6 +572,17 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
}
switch (operation) {
+ case NETSNMP_CALLBACK_OP_RESEND:
+ /*
+ * Issue#147: Net-SNMP not responding when proxy requests times out
+ *
+ * When snmp_api issue a resend, the default case was hit and the
+ * delagated cache was freed.
+ * As a result, the NETSNMP_CALLBACK_OP_TIMED_OUT never came in.
+ */
+ DEBUGMSGTL(("proxy", "pdu has been resent for request = %8p\n", requests));
+ return SNMP_ERR_NOERROR;
+
case NETSNMP_CALLBACK_OP_TIMED_OUT:
/*
* WWWXXX: don't leave requests delayed if operation is

46
SOURCES/net-snmp-5.8-proxy.patch
View File

@ -1,46 +0,0 @@
From b67afb81eb0f7ad89496cd3e672654bfd8c55d0e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 21 Mar 2020 20:03:13 -0700
Subject: [PATCH] snmpd: UCD-SNMP proxy: Fix a crash triggered by a wrong
passphrase
See also https://github.com/net-snmp/net-snmp/issues/82 .
---
agent/mibgroup/ucd-snmp/proxy.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index f4eb03ef6f..548ae7588f 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -698,8 +698,6 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
"proxy OID return length too long.\n");
netsnmp_set_request_error(cache->reqinfo, requests,
SNMP_ERR_GENERR);
- if (pdu)
- snmp_free_pdu(pdu);
netsnmp_free_delegated_cache(cache);
return 1;
}
@@ -723,8 +721,6 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
* ack, this is bad. The # of varbinds don't match and
* there is no way to fix the problem
*/
- if (pdu)
- snmp_free_pdu(pdu);
snmp_log(LOG_ERR,
"response to proxy request illegal. We're screwed.\n");
netsnmp_set_request_error(cache->reqinfo, requests,
@@ -735,11 +731,6 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
if (cache->reqinfo->mode == MODE_GETBULK)
netsnmp_bulk_to_next_fix_requests(requests);
- /*
- * free the response
- */
- if (pdu && 0)
- snmp_free_pdu(pdu);
break;
default:

146
SOURCES/net-snmp-5.8-sec-counter.patch
View File

@ -1,146 +0,0 @@
diff -urNp a/include/net-snmp/library/snmpusm.h b/include/net-snmp/library/snmpusm.h
--- a/include/net-snmp/library/snmpusm.h 2020-03-16 09:54:29.883655600 +0100
+++ b/include/net-snmp/library/snmpusm.h 2020-03-16 09:55:24.142944520 +0100
@@ -43,6 +43,7 @@ extern "C" {
* Structures.
*/
struct usmStateReference {
+ int refcnt;
char *usr_name;
size_t usr_name_length;
u_char *usr_engine_id;
diff -urNp a/snmplib/snmp_client.c b/snmplib/snmp_client.c
--- a/snmplib/snmp_client.c 2020-03-16 09:54:29.892655813 +0100
+++ b/snmplib/snmp_client.c 2020-03-16 09:58:13.214021890 +0100
@@ -402,27 +402,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
return NULL;
}
- if (pdu->securityStateRef &&
- pdu->command == SNMP_MSG_TRAP2) {
-
- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
- (struct usmStateReference **) &newpdu->securityStateRef );
-
- if (ret)
- {
+ sptr = find_sec_mod(newpdu->securityModel);
+ if (sptr && sptr->pdu_clone) {
+ /* call security model if it needs to know about this */
+ ret = sptr->pdu_clone(pdu, newpdu);
+ if (ret) {
snmp_free_pdu(newpdu);
return NULL;
}
}
- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
- sptr->pdu_clone != NULL) {
- /*
- * call security model if it needs to know about this
- */
- (*sptr->pdu_clone) (pdu, newpdu);
- }
-
return newpdu;
}
diff -urNp a/snmplib/snmpusm.c b/snmplib/snmpusm.c
--- a/snmplib/snmpusm.c 2020-03-16 09:54:29.894655860 +0100
+++ b/snmplib/snmpusm.c 2020-03-16 10:03:38.870027530 +0100
@@ -285,43 +285,64 @@ free_enginetime_on_shutdown(int majorid,
struct usmStateReference *
usm_malloc_usmStateReference(void)
{
- struct usmStateReference *retval = (struct usmStateReference *)
- calloc(1, sizeof(struct usmStateReference));
+ struct usmStateReference *retval;
+
+ retval = calloc(1, sizeof(struct usmStateReference));
+ if (retval)
+ retval->refcnt = 1;
return retval;
} /* end usm_malloc_usmStateReference() */
+static int
+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
+{
+ struct usmStateReference *ref = pdu->securityStateRef;
+ struct usmStateReference **new_ref =
+ (struct usmStateReference **)&new_pdu->securityStateRef;
+ int ret = 0;
+
+ if (!ref)
+ return ret;
+
+ if (pdu->command == SNMP_MSG_TRAP2) {
+ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
+ ret = usm_clone_usmStateReference(ref, new_ref);
+ } else {
+ netsnmp_assert(ref == *new_ref);
+ ref->refcnt++;
+ }
+
+ return ret;
+}
+
void
usm_free_usmStateReference(void *old)
{
- struct usmStateReference *old_ref = (struct usmStateReference *) old;
+ struct usmStateReference *ref = old;
- if (old_ref) {
+ if (!ref)
+ return;
- if (old_ref->usr_name_length)
- SNMP_FREE(old_ref->usr_name);
- if (old_ref->usr_engine_id_length)
- SNMP_FREE(old_ref->usr_engine_id);
- if (old_ref->usr_auth_protocol_length)
- SNMP_FREE(old_ref->usr_auth_protocol);
- if (old_ref->usr_priv_protocol_length)
- SNMP_FREE(old_ref->usr_priv_protocol);
-
- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
- SNMP_FREE(old_ref->usr_auth_key);
- }
- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
- SNMP_FREE(old_ref->usr_priv_key);
- }
+ if (--ref->refcnt > 0)
+ return;
- SNMP_ZERO(old_ref, sizeof(*old_ref));
- SNMP_FREE(old_ref);
+ SNMP_FREE(ref->usr_name);
+ SNMP_FREE(ref->usr_engine_id);
+ SNMP_FREE(ref->usr_auth_protocol);
+ SNMP_FREE(ref->usr_priv_protocol);
+ if (ref->usr_auth_key_length && ref->usr_auth_key) {
+ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
+ SNMP_FREE(ref->usr_auth_key);
+ }
+ if (ref->usr_priv_key_length && ref->usr_priv_key) {
+ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
+ SNMP_FREE(ref->usr_priv_key);
}
+ SNMP_FREE(ref);
} /* end usm_free_usmStateReference() */
struct usmUser *
@@ -3316,6 +3337,7 @@ init_usm(void)
def->encode_reverse = usm_secmod_rgenerate_out_msg;
def->encode_forward = usm_secmod_generate_out_msg;
def->decode = usm_secmod_process_in_msg;
+ def->pdu_clone = usm_clone;
def->pdu_free_state_ref = usm_free_usmStateReference;
def->session_setup = usm_session_init;
def->handle_report = usm_handle_report;

84
SOURCES/net-snmp-5.8-sec-memory-leak.patch
View File

@ -1,84 +0,0 @@
diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
--- a/agent/snmp_agent.c 2020-06-11 10:20:31.646339191 +0200
+++ b/agent/snmp_agent.c 2020-06-11 10:23:41.178056889 +0200
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
- /* Clean up securityStateRef here to prevent a double free */
- if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
- snmp_free_securityStateRef(asp->orig_pdu);
- if (asp->pdu && asp->pdu->securityStateRef)
- snmp_free_securityStateRef(asp->pdu);
-
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
--- a/include/net-snmp/pdu_api.h 2020-06-11 10:20:31.631339058 +0200
+++ b/include/net-snmp/pdu_api.h 2020-06-11 10:24:17.261390028 +0200
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
-NETSNMP_IMPORT
-void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-06-11 10:20:31.695339627 +0200
+++ b/snmplib/snmp_api.c 2020-06-11 10:33:55.510891945 +0200
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
-/*
- * This function is here to provide a separate call to
- * free the securityStateRef memory. This is needed to prevent
- * a double free if this memory is freed in snmp_free_pdu.
- */
-void
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
-{
- free_securityStateRef(pdu);
-}
-
#define ERROR_STAT_LENGTH 11
int
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
if (!pdu)
return;
+ free_securityStateRef(pdu);
+
/*
* If the command field is empty, that probably indicates
* that this PDU structure has already been freed.
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
}
if (ret != SNMP_ERR_NOERROR) {
- /*
- * Call the security model to free any securityStateRef supplied w/ msg.
- */
- if (pdu->securityStateRef != NULL) {
- free_securityStateRef(pdu);
- }
snmp_free_pdu(pdu);
return NULL;
}
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
}
}
- /*
- * Call USM to free any securityStateRef supplied with the message.
- */
- if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
- free_securityStateRef(pdu);
-
if (!handled) {
if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
return -2;

12
SOURCES/net-snmp-5.8-sendmsg-error-code.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
--- a/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:20:56.776099134 +0200
+++ b/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:23:18.921323874 +0200
@@ -293,7 +293,7 @@ int netsnmp_udpbase_sendto(int fd, const
}
rc = sendmsg(fd, &m, MSG_NOSIGNAL|MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

30
SOURCES/net-snmp-5.8-test-debug.patch
View File

@ -1,30 +0,0 @@
Don't check tests which depend on DNS - it's disabled in Koji
diff -urNp a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
--- a/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:52:56.081185545 +0200
+++ b/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:54:18.843968880 +0200
@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
CHECKAGENT '<"c408a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then
CHECKAGENT 'line 32: Error:'
diff -urNp a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
--- a/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:52:56.080185548 +0200
+++ b/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:55:17.779818732 +0200
@@ -132,6 +132,10 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
# 608
CHECKAGENT '<"c608a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then

21
SOURCES/net-snmp-5.8-trapsink.patch
View File

@ -1,21 +0,0 @@
diff -urNp old/snmplib/transports/snmpUDPIPv4BaseDomain.c new/snmplib/transports/snmpUDPIPv4BaseDomain.c
--- old/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:40:48.663969034 +0200
+++ new/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:42:05.293723487 +0200
@@ -317,7 +317,7 @@ netsnmp_udpipv4base_tspec_transport(nets
if (NULL != tspec->source) {
struct sockaddr_in src_addr, *srcp = &src_addr;
/** get sockaddr from source */
- if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, NULL))
+ if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, ":0"))
return NULL;
return netsnmp_udpipv4base_transport_with_source(&addr, local, srcp);
} else {
@@ -364,7 +364,7 @@ netsnmp_udpipv4base_transport(const stru
strcat(client_address, ":0");
have_port = 1;
}
- rc = netsnmp_sockaddr_in2(&client_addr, client_socket, NULL);
+ rc = netsnmp_sockaddr_in2(&client_addr, client_socket, ":0");
if (client_address != client_socket)
free(client_address);
if(rc) {

48
SOURCES/net-snmp-5.8-truncating-log-once.patch
View File

@ -1,48 +0,0 @@
From 7330e3e3e08d9baff23332e764f9a53561939fff Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 2 Sep 2021 21:06:54 -0700
Subject: [PATCH] libsnmp: Log "Truncating integer value >32 bits" once
Log this message once instead of every time sysUpTime and/or
hrSystemUptime are accessed after snmpd is running for more than 497 days.
Fixes: https://github.com/net-snmp/net-snmp/issues/144
---
snmplib/snmp_client.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/snmplib/snmp_client.c b/snmplib/snmp_client.c
index 0f539c63fe..b00670d973 100644
--- a/snmplib/snmp_client.c
+++ b/snmplib/snmp_client.c
@@ -853,7 +853,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const u_long *) value;
*(vars->val.integer) = *val_ulong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -865,7 +866,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const unsigned long long *) value;
*(vars->val.integer) = (long) *val_ullong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -877,7 +879,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const uintmax_t *) value;
*(vars->val.integer) = (long) *val_uintmax_t;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}

11
SOURCES/net-snmp-5.8-usage-exit.patch
View File

@ -1,11 +0,0 @@
diff -urNp a/agent/snmpd.c b/agent/snmpd.c
--- a/agent/snmpd.c 2018-10-04 10:34:10.939728847 +0200
+++ b/agent/snmpd.c 2018-10-04 10:34:43.910625603 +0200
@@ -325,6 +325,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

13
SOURCES/net-snmp-5.8-util-fix.patch
View File

@ -1,13 +0,0 @@
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-12-09 08:45:23.217942229 +0100
+++ b/snmplib/cert_util.c 2021-12-09 08:46:56.567562352 +0100
@@ -1368,8 +1368,7 @@ _add_certfile(const char* dirname, const
okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
if (NULL == okey)
- snmp_log(LOG_ERR, "error parsing key file %s\n",
- key->info.filename);
+ snmp_log(LOG_ERR, "error parsing key file %s\n", filename);
else {
key = _add_key(okey, dirname, filename, index);
if (NULL == key) {

357
SOURCES/net-snmp-5.8-v3-forward.patch
View File

@ -1,357 +0,0 @@
diff -urNp c/agent/snmp_agent.c d/agent/snmp_agent.c
--- c/agent/snmp_agent.c 2019-09-18 08:44:53.833601845 +0200
+++ d/agent/snmp_agent.c 2019-09-18 08:46:38.176595597 +0200
@@ -1604,6 +1604,13 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
+
+ /* Clean up securityStateRef here to prevent a double free */
+ if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->orig_pdu);
+ if (asp->pdu && asp->pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->pdu);
+
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp c/include/net-snmp/pdu_api.h d/include/net-snmp/pdu_api.h
--- c/include/net-snmp/pdu_api.h 2019-09-18 08:44:53.822601740 +0200
+++ d/include/net-snmp/pdu_api.h 2019-09-18 08:47:03.620838212 +0200
@@ -19,6 +19,8 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
+NETSNMP_IMPORT
+void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp c/snmplib/snmp_api.c d/snmplib/snmp_api.c
--- c/snmplib/snmp_api.c 2019-09-18 08:44:53.807601597 +0200
+++ d/snmplib/snmp_api.c 2019-09-18 08:53:19.937435576 +0200
@@ -4012,7 +4012,12 @@ snmpv3_parse(netsnmp_pdu *pdu,
static void
free_securityStateRef(netsnmp_pdu* pdu)
{
- struct snmp_secmod_def *sptr = find_sec_mod(pdu->securityModel);
+ struct snmp_secmod_def *sptr;
+
+ if(!pdu->securityStateRef)
+ return;
+
+ sptr = find_sec_mod(pdu->securityModel);
if (sptr) {
if (sptr->pdu_free_state_ref) {
(*sptr->pdu_free_state_ref) (pdu->securityStateRef);
@@ -4029,6 +4034,17 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
+/*
+ * This function is here to provide a separate call to
+ * free the securityStateRef memory. This is needed to prevent
+ * a double free if this memory is freed in snmp_free_pdu.
+ */
+void
+snmp_free_securityStateRef(netsnmp_pdu* pdu)
+{
+ free_securityStateRef(pdu);
+}
+
#define ERROR_STAT_LENGTH 11
int
diff -urNp c/snmplib/snmpusm.c d/snmplib/snmpusm.c
--- c/snmplib/snmpusm.c 2019-09-18 08:44:53.802601550 +0200
+++ d/snmplib/snmpusm.c 2019-09-18 08:57:35.696872662 +0200
@@ -299,16 +299,20 @@ usm_free_usmStateReference(void *old)
if (old_ref) {
- SNMP_FREE(old_ref->usr_name);
- SNMP_FREE(old_ref->usr_engine_id);
- SNMP_FREE(old_ref->usr_auth_protocol);
- SNMP_FREE(old_ref->usr_priv_protocol);
+ if (old_ref->usr_name_length)
+ SNMP_FREE(old_ref->usr_name);
+ if (old_ref->usr_engine_id_length)
+ SNMP_FREE(old_ref->usr_engine_id);
+ if (old_ref->usr_auth_protocol_length)
+ SNMP_FREE(old_ref->usr_auth_protocol);
+ if (old_ref->usr_priv_protocol_length)
+ SNMP_FREE(old_ref->usr_priv_protocol);
- if (old_ref->usr_auth_key) {
+ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
SNMP_FREE(old_ref->usr_auth_key);
}
- if (old_ref->usr_priv_key) {
+ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
SNMP_FREE(old_ref->usr_priv_key);
}
@@ -1039,7 +1043,6 @@ usm_generate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1091,7 +1094,6 @@ usm_generate_out_msg(int msgProcModel,
thePrivProtocolLength) == 1) {
DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1121,7 +1123,6 @@ usm_generate_out_msg(int msgProcModel,
&msgAuthParmLen, &msgPrivParmLen, &otstlen,
&seq_len, &msgSecParmLen) == -1) {
DEBUGMSGTL(("usm", "Failed calculating offsets.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1143,7 +1144,6 @@ usm_generate_out_msg(int msgProcModel,
ptr = *wholeMsg = globalData;
if (theTotalLength > *wholeMsgLen) {
DEBUGMSGTL(("usm", "Message won't fit in buffer.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1169,7 +1169,6 @@ usm_generate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
&ptr[privParamsOffset]) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1185,7 +1184,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[privParamsOffset])
== -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1198,7 +1196,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[dataOffset], &encrypted_length)
!= SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
#ifdef NETSNMP_ENABLE_TESTING_CODE
@@ -1226,7 +1223,6 @@ usm_generate_out_msg(int msgProcModel,
if ((encrypted_length != (theTotalLength - dataOffset))
|| (salt_length != msgPrivParmLen)) {
DEBUGMSGTL(("usm", "encryption length error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1362,7 +1358,6 @@ usm_generate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1376,7 +1371,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1384,7 +1378,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1398,7 +1391,6 @@ usm_generate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
@@ -1548,7 +1540,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1601,7 +1592,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1636,7 +1626,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm",
"couldn't malloc %d bytes for encrypted PDU\n",
(int)ciphertextlen));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_MALLOC;
}
@@ -1652,7 +1641,6 @@ usm_rgenerate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
iv) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1667,7 +1655,6 @@ usm_rgenerate_out_msg(int msgProcModel,
thePrivKeyLength - 8,
iv) == -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1686,7 +1673,6 @@ usm_rgenerate_out_msg(int msgProcModel,
scopedPdu, scopedPduLen,
ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1703,7 +1689,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ciphertext, ciphertextlen);
if (rc == 0) {
DEBUGMSGTL(("usm", "Encryption failed.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1743,7 +1728,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building privParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1766,7 +1750,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1789,7 +1772,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1805,7 +1787,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineTime failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1821,7 +1802,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineBoots failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1833,7 +1813,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1846,7 +1825,6 @@ usm_rgenerate_out_msg(int msgProcModel,
*offset - sp_offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building usm security parameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1860,7 +1838,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1870,7 +1847,6 @@ usm_rgenerate_out_msg(int msgProcModel,
while ((*wholeMsgLen - *offset) < globalDataLen) {
if (!asn_realloc(wholeMsg, wholeMsgLen)) {
DEBUGMSGTL(("usm", "building global data failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
}
@@ -1886,7 +1862,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ASN_CONSTRUCTOR), *offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building master packet sequence failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1904,7 +1879,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1915,14 +1889,12 @@ usm_rgenerate_out_msg(int msgProcModel,
!= SNMP_ERR_NOERROR) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
if (temp_sig_len != msgAuthParmLen) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1933,7 +1905,6 @@ usm_rgenerate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
return SNMPERR_SUCCESS;
} /* end usm_rgenerate_out_msg() */

7
gating.yaml Normal file
View File

@ -0,0 +1,7 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

0
SOURCES/net-snmp-5.7.2-cert-path.patch → net-snmp-5.7.2-cert-path.patch
View File

0
SOURCES/net-snmp-5.7.3-iterator-fix.patch → net-snmp-5.7.3-iterator-fix.patch
View File

0
SOURCES/net-snmp-5.8-Remove-U64-typedef.patch → net-snmp-5.8-Remove-U64-typedef.patch
View File

4
SOURCES/net-snmp-5.8-clientaddr-error-message.patch → net-snmp-5.8-clientaddr-error-message.patch
View File

@ -30,6 +30,6 @@ diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snm
errno, strerror(errno)));
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
+ strerror(errno)));
netsnmp_socketbase_close(t);
return 1;
goto err;
}

0
SOURCES/net-snmp-5.8-duplicate-ipAddress.patch → net-snmp-5.8-duplicate-ipAddress.patch
View File

0
SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch → net-snmp-5.8-expand-SNMPCONFPATH.patch
View File

0
SOURCES/net-snmp-5.8-ipAddress-faster-load.patch → net-snmp-5.8-ipAddress-faster-load.patch
View File

0
SOURCES/net-snmp-5.8-man-page.patch → net-snmp-5.8-man-page.patch
View File

0
SOURCES/net-snmp-5.8-modern-rpm-api.patch → net-snmp-5.8-modern-rpm-api.patch
View File

16
SOURCES/net-snmp-5.8-rpm-memory-leak.patch → net-snmp-5.8-rpm-memory-leak.patch
View File

@ -1,6 +1,7 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
index 695c469..dd0e487 100644
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
SNMP_FREE(rpmdbpath);
@ -9,11 +10,12 @@ diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/
+ rpmFreeRpmrc();
+#endif
if (-1 == stat( pkg_directory, &stat_buf )) {
snmp_log(LOG_ERR, "Can't find directory of RPM packages");
snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
pkg_directory[0] = '\0';
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200
diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
index 1f52733..ccf1cab 100644
--- a/agent/mibgroup/host/hr_swinst.c
+++ b/agent/mibgroup/host/hr_swinst.c
@@ -231,6 +231,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;

18
net-snmp-5.9-aes-config.patch Normal file
View File

@ -0,0 +1,18 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index afd6fa4..07c26fe 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -58,11 +58,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ DES|AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ des|aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift
;;

12
net-snmp-5.9-autofs-skip.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
index e7ca92f..80b3e0d 100644
--- a/agent/mibgroup/host/hr_filesys.c
+++ b/agent/mibgroup/host/hr_filesys.c
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
"shm",
"sockfs",
"sysfs",
+ "tmpfs",
"usbdevfs",
"usbfs",
#endif

20
net-snmp-5.9-cflags.patch Normal file
View File

@ -0,0 +1,20 @@
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200
@@ -1,3 +1,4 @@
+use lib '.';
use strict;
use warnings;
use ExtUtils::MakeMaker;
diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
--- a/perl/MakefileSubs.pm 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/MakefileSubs.pm 2020-08-26 08:36:44.097218448 +0200
@@ -116,7 +116,7 @@ sub AddCommonParams {
append($Params->{'CCFLAGS'}, $cflags);
append($Params->{'CCFLAGS'}, $Config{'ccflags'});
# Suppress known Perl header shortcomings.
- $Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
+ $Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
append($Params->{'CCFLAGS'}, '-Wformat');
}
}

22
net-snmp-5.9-coverity.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
index e9a8831..5a1d8e7 100644
--- a/agent/mibgroup/disman/event/mteTrigger.c
+++ b/agent/mibgroup/disman/event/mteTrigger.c
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;

30
net-snmp-5.9-dir-fix.patch Normal file
View File

@ -0,0 +1,30 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 19895a1..ac3c60f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -14,6 +14,10 @@ Xalgorithm="DES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
+case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+esac
unset shifted
case $1 in
@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
touch "$outfile"
fi
echo "$line" >> "$outfile"
-prefix=@prefix@
-datarootdir=@datarootdir@
-# To suppress shellcheck complaints about $prefix and $datarootdir.
-: "$prefix" "$datarootdir"
-outfile="@datadir@/snmp/snmpd.conf"
+# Avoid that configure complains that this script ignores @datarootdir@
+echo "@datarootdir@" >/dev/null
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " $line"

375
SOURCES/net-snmp-5.8-intermediate-certs.patch → net-snmp-5.9-intermediate-certs.patch
View File

@ -1,6 +1,7 @@
diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
--- a/include/net-snmp/library/cert_util.h 2021-06-09 10:55:22.767954797 +0200
+++ b/include/net-snmp/library/cert_util.h 2021-06-09 10:56:36.725272293 +0200
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
index 80e2a19..143adbb 100644
--- a/include/net-snmp/library/cert_util.h
+++ b/include/net-snmp/library/cert_util.h
@@ -55,7 +55,8 @@ extern "C" {
char *common_name;
@ -19,22 +20,25 @@ diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cer
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
--- a/include/net-snmp/library/dir_utils.h 2021-06-09 10:55:22.767954797 +0200
+++ b/include/net-snmp/library/dir_utils.h 2021-06-09 10:56:36.726272298 +0200
@@ -53,6 +53,8 @@ extern "C" {
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
index 471bb0b..ac7f69a 100644
--- a/include/net-snmp/library/dir_utils.h
+++ b/include/net-snmp/library/dir_utils.h
@@ -53,7 +53,8 @@ extern "C" {
#define NETSNMP_DIR_NSFILE 0x0010
/** load stats in netsnmp_file */
#define NETSNMP_DIR_NSFILE_STATS 0x0020
-
+/** allow files to be indexed more than once */
+#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-06-09 10:55:22.785954874 +0200
+++ b/snmplib/cert_util.c 2021-06-09 11:02:43.890848394 +0200
@@ -104,7 +104,7 @@ netsnmp_feature_child_of(tls_fingerprint
#ifdef __cplusplus
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
index 210ad8b..b1f8144 100644
--- a/snmplib/cert_util.c
+++ b/snmplib/cert_util.c
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
* bump this value whenever cert index format changes, so indexes
* will be regenerated with new format.
*/
@ -43,7 +47,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_container *_certs = NULL;
static netsnmp_container *_keys = NULL;
@@ -130,6 +130,8 @@ static int _cert_fn_ncompare(netsnmp_ce
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
netsnmp_cert_common *rhs);
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
@ -52,7 +56,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
const char *directory);
static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
@@ -349,6 +351,8 @@ _get_cert_container(const char *use)
@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
{
netsnmp_container *c;
@ -61,7 +65,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
c = netsnmp_container_find("certs:binary_array");
if (NULL == c) {
snmp_log(LOG_ERR, "could not create container for %s\n", use);
@@ -358,6 +362,8 @@ _get_cert_container(const char *use)
@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
c->free_item = (netsnmp_container_obj_func*)_cert_free;
c->compare = (netsnmp_container_compare*)_cert_compare;
@ -70,7 +74,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return c;
}
@@ -366,6 +372,8 @@ _setup_containers(void)
@@ -362,6 +368,8 @@ _setup_containers(void)
{
netsnmp_container *additional_keys;
@ -79,7 +83,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
_certs = _get_cert_container("netsnmp certificates");
if (NULL == _certs)
return;
@@ -380,6 +388,7 @@ _setup_containers(void)
@@ -376,6 +384,7 @@ _setup_containers(void)
additional_keys->container_name = strdup("certs_cn");
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
@ -87,7 +91,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: subject name */
@@ -393,6 +402,7 @@ _setup_containers(void)
@@ -389,6 +398,7 @@ _setup_containers(void)
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
@ -95,7 +99,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: file name */
@@ -406,6 +416,7 @@ _setup_containers(void)
@@ -402,6 +412,7 @@ _setup_containers(void)
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
@ -103,32 +107,28 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_container_add_index(_certs, additional_keys);
_keys = netsnmp_container_find("cert_keys:binary_array");
@@ -428,9 +439,9 @@ netsnmp_cert_map_container(void)
@@ -424,7 +435,7 @@ netsnmp_cert_map_container(void)
}
static netsnmp_cert *
-_new_cert(const char *dirname, const char *filename, int certType,
- int hashType, const char *fingerprint, const char *common_name,
- const char *subject)
+_new_cert(const char *dirname, const char *filename, int certType, int offset,
+ int allowed_uses, int hashType, const char *fingerprint,
+ const char *common_name, const char *subject)
int hashType, const char *fingerprint, const char *common_name,
const char *subject)
{
netsnmp_cert *cert;
@@ -450,8 +461,10 @@ _new_cert(const char *dirname, const cha
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
cert->info.dir = strdup(dirname);
cert->info.filename = strdup(filename);
- cert->info.allowed_uses = NS_CERT_REMOTE_PEER;
+ /* only the first certificate is allowed to be a remote peer */
+ cert->info.allowed_uses = allowed_uses;
+ cert->info.allowed_uses = offset ? 0 : NS_CERT_REMOTE_PEER;
cert->info.type = certType;
+ cert->offset = offset;
if (fingerprint) {
cert->hash_type = hashType;
cert->fingerprint = strdup(fingerprint);
@@ -888,14 +901,86 @@ _certindex_new( const char *dirname )
@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
* certificate utility functions
*
*/
@ -217,7 +217,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == cert)
return NULL;
@@ -912,51 +997,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
}
}
@ -277,7 +277,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL != okey) {
netsnmp_key *key;
DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
@@ -983,7 +1050,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
break;
#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
case NS_CERT_TYPE_PKCS12:
@ -286,7 +286,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
PKCS12_verify_mac(p12, NULL, 0)))
@@ -1003,46 +1070,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
return NULL;
}
@ -334,7 +334,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return ocert;
}
@@ -1052,7 +1080,6 @@ netsnmp_okey_get(netsnmp_key *key)
@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key)
{
BIO *keybio;
EVP_PKEY *okey;
@ -342,7 +342,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == key)
return NULL;
@@ -1060,19 +1087,8 @@ netsnmp_okey_get(netsnmp_key *key)
@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key)
if (key->okey)
return key->okey;
@ -364,7 +364,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return NULL;
}
@@ -1158,7 +1174,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
cert->issuer_cert = _find_issuer(cert);
if (NULL == cert->issuer_cert) {
DEBUGMSGT(("cert:load:warn",
@ -373,7 +373,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1167,7 +1183,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
/** get issuer ocert */
if ((NULL == cert->issuer_cert->ocert) &&
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
@ -382,7 +382,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1188,7 +1204,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
}
@ -391,7 +391,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (key->cert) {
DEBUGMSGT(("cert:partner", "key already has partner\n"));
return;
@@ -1201,7 +1217,8 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
*pos = 0;
@ -401,7 +401,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return;
if (1 == matching->size) {
@@ -1221,7 +1238,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
key->info.filename));
}
@ -410,7 +410,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (cert->key) {
DEBUGMSGT(("cert:partner", "cert already has partner\n"));
return;
@@ -1259,76 +1276,189 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
}
}
@ -440,13 +440,11 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
+}
+
+static netsnmp_cert *
+_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset,
+ int allowed_uses, FILE *index)
+_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, FILE *index)
+{
+ netsnmp_cert *cert;
+
+ cert = _new_cert(dirname, filename, type, offset,
+ allowed_uses, -1, NULL, NULL, NULL);
+ cert = _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NULL);
+ if (NULL == cert)
+ return NULL;
+
@ -464,9 +462,8 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
+ /** fingerprint max = 64*3=192 for sha512 */
+ /** common name / CN = 64 */
+ if (cert)
+ fprintf(index, "c:%s %d %d %d %d %s '%s' '%s'\n", filename,
+ cert->info.type, cert->offset, cert->info.allowed_uses,
+ cert->hash_type, cert->fingerprint,
+ fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename,
+ cert->info.type, cert->offset, cert->hash_type, cert->fingerprint,
+ cert->common_name, cert->subject);
+ }
+
@ -564,8 +561,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
+
+ ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */
+ if (NULL != ocert) {
+ if (!_add_cert(ocert, dirname, filename, type, 0,
+ NS_CERT_REMOTE_PEER, index)) {
+ if (!_add_cert(ocert, dirname, filename, type, 0, index)) {
+ X509_free(ocert);
+ ocert = NULL;
+ }
@ -581,18 +577,9 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
+ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
+ type = NS_CERT_TYPE_PEM;
+ }
+
+ /* read the private key first so we can record this in the index */
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+
+ (void)BIO_reset(certbio);
+
+ /* certs are read after the key */
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+ if (NULL != ocert) {
+ cert = _add_cert(ncert, dirname, filename, type, 0,
+ okey ? NS_CERT_IDENTITY | NS_CERT_REMOTE_PEER :
+ NS_CERT_REMOTE_PEER, index);
+ cert = _add_cert(ncert, dirname, filename, type, offset, index);
+ if (NULL == cert) {
+ X509_free(ocert);
+ ocert = ncert = NULL;
@ -602,13 +589,18 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
+ offset = BIO_tell(certbio);
+ ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+ if (ncert) {
+ if (NULL == _add_cert(ncert, dirname, filename, type, offset, 0, index)) {
+ if (NULL == _add_cert(ncert, dirname, filename, type, offset, index)) {
+ X509_free(ncert);
+ ncert = NULL;
+ }
+ }
+ }
+
+ BIO_seek(certbio, offset);
+
+ /** check for private key too */
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+
+ if (NULL != okey) {
+ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
+ cert->info.filename));
@ -618,6 +610,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
+ cert->info.filename));
+ key->cert = cert;
+ cert->key = key;
+ cert->info.allowed_uses |= NS_CERT_IDENTITY;
+ }
+ else {
+ EVP_PKEY_free(okey);
@ -653,22 +646,19 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
}
return 0;
@@ -1342,8 +1472,10 @@ _cert_read_index(const char *dirname, st
@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
struct stat idx_stat;
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
- char subject[SNMP_MAXBUF_SMALL], hash_str[15];
- int count = 0, type, hash, version;
+ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15];
+ char allowed_uses_str[15];
+ ssize_t offset;
+ int count = 0, type, allowed_uses, hash, version;
int count = 0, type, hash, version;
netsnmp_cert *cert;
netsnmp_key *key;
netsnmp_container *newer, *found;
@@ -1386,7 +1518,8 @@ _cert_read_index(const char *dirname, st
(netsnmp_directory_filter*)
_time_filter,(void*)&idx_stat,
@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
netsnmp_directory_container_read_some(NULL, dirname,
_time_filter, &idx_stat,
NETSNMP_DIR_NSFILE |
- NETSNMP_DIR_NSFILE_STATS);
+ NETSNMP_DIR_NSFILE_STATS |
@ -676,32 +666,28 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (newer) {
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
CONTAINER_FREE_ALL(newer, NULL);
@@ -1430,6 +1563,8 @@ _cert_read_index(const char *dirname, st
@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
pos = &tmpstr[2];
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
+ (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) ||
+ (NULL == (pos=copy_nword(pos, allowed_uses_str, sizeof(allowed_uses_str)))) ||
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
(NULL == (pos=copy_nword(pos, fingerprint,
sizeof(fingerprint)))) ||
@@ -1442,9 +1577,11 @@ _cert_read_index(const char *dirname, st
@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
break;
}
type = atoi(type_str);
+ offset = atoi(offset_str);
+ allowed_uses = atoi(allowed_uses_str);
hash = atoi(hash_str);
- cert = (void*)_new_cert(dirname, filename, type, hash, fingerprint,
- common_name, subject);
+ cert = _new_cert(dirname, filename, type, offset, allowed_uses, hash,
+ fingerprint, common_name, subject);
- cert = _new_cert(dirname, filename, type, hash, fingerprint,
+ cert = _new_cert(dirname, filename, type, offset, hash, fingerprint,
common_name, subject);
if (cert && 0 == CONTAINER_INSERT(found, cert))
++count;
else {
@@ -1549,7 +1686,8 @@ _add_certdir(const char *dirname)
(netsnmp_directory_filter*)
&_cert_cert_filter, NULL,
@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname)
netsnmp_directory_container_read_some(NULL, dirname,
_cert_cert_filter, NULL,
NETSNMP_DIR_RELATIVE_PATH |
- NETSNMP_DIR_EMPTY_OK );
+ NETSNMP_DIR_EMPTY_OK |
@ -709,7 +695,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == cert_container) {
DEBUGMSGT(("cert:index:dir",
"error creating container for cert files\n"));
@@ -1637,7 +1775,7 @@ _cert_print(netsnmp_cert *c, void *conte
@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context)
if (NULL == c)
return;
@ -718,7 +704,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
c->info.type, c->info.allowed_uses,
_mode_str(c->info.allowed_uses)));
@@ -1841,7 +1979,8 @@ netsnmp_cert_find(int what, int where, v
@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint)
netsnmp_void_array *matching;
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
@ -728,40 +714,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return NULL;
if (1 == matching->size)
@@ -1887,6 +2026,32 @@ netsnmp_cert_find(int what, int where, v
return result;
}
+netsnmp_void_array *
+netsnmp_certs_find(int what, int where, void *hint)
+{
+
+ DEBUGMSGT(("certs:find:params", "looking for %s(%d) in %s(0x%x), hint %p\n",
+ _mode_str(what), what, _where_str(where), where, hint));
+
+ if (NS_CERTKEY_FILE == where) {
+ /** hint == filename */
+ char *filename = (char*)hint;
+ netsnmp_void_array *matching;
+
+ DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
+ matching = _cert_reduce_subset_what(_cert_find_subset_fn(
+ filename, NULL ), what);
+
+ return matching;
+ } /* where = NS_CERTKEY_FILE */
+ else { /* unknown location */
+
+ DEBUGMSGT(("certs:find:err", "unhandled location %d for %d\n", where,
+ what));
+ return NULL;
+ }
+}
+
#ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS
int
netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var)
@@ -2284,6 +2449,124 @@ _reduce_subset_dir(netsnmp_void_array *m
@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
}
}
@ -886,181 +839,17 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_void_array *
_cert_find_subset_common(const char *filename, netsnmp_container *container)
{
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-06-09 10:55:22.791954900 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-06-09 10:56:36.727272302 +0200
@@ -59,7 +59,7 @@ int openssl_local_index;
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
- char buf[1024], *fingerprint;
+ char subject[SNMP_MAXBUF_MEDIUM], issuer[SNMP_MAXBUF_MEDIUM], *fingerprint;
X509 *thecert;
netsnmp_cert *cert;
_netsnmp_verify_info *verify_info;
@@ -71,10 +71,12 @@ int verify_callback(int ok, X509_STORE_C
/* things to do: */
- X509_NAME_oneline(X509_get_subject_name(thecert), buf, sizeof(buf));
+ X509_NAME_oneline(X509_get_subject_name(thecert), subject, sizeof(subject));
+ X509_NAME_oneline(X509_get_issuer_name(thecert), issuer, sizeof(issuer));
fingerprint = netsnmp_openssl_cert_get_fingerprint(thecert, -1);
- DEBUGMSGTL(("tls_x509:verify", "Cert: %s\n", buf));
- DEBUGMSGTL(("tls_x509:verify", " fp: %s\n", fingerprint ?
+ DEBUGMSGTL(("tls_x509:verify", " subject: %s\n", subject));
+ DEBUGMSGTL(("tls_x509:verify", " issuer: %s\n", issuer));
+ DEBUGMSGTL(("tls_x509:verify", " fp: %s\n", fingerprint ?
fingerprint : "unknown"));
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -109,7 +111,7 @@ int verify_callback(int ok, X509_STORE_C
} else {
DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n"));
/* log where we are and why called */
- snmp_log(LOG_ERR, "tls verification failure: ok=%d ctx=%p depth=%d err=%i:%s\n", ok, ctx, depth, err, X509_verify_cert_error_string(err));
+ snmp_log(LOG_ERR, "tls verification failure: ok=%d ctx=%p depth=%d fp=%s subject='%s' issuer='%s' err=%i:%s\n", ok, ctx, depth, fingerprint, subject, issuer, err, X509_verify_cert_error_string(err));
SNMP_FREE(fingerprint);
return 0;
}
@@ -425,23 +427,50 @@ netsnmp_tlsbase_extract_security_name(SS
int
_trust_this_cert(SSL_CTX *the_ctx, char *certspec) {
netsnmp_cert *trustcert;
+ netsnmp_cert *candidate;
+ netsnmp_void_array *matching = NULL;
+
+ int i;
DEBUGMSGTL(("sslctx_client", "Trying to load a trusted certificate: %s\n",
certspec));
/* load this identifier into the trust chain */
trustcert = netsnmp_cert_find(NS_CERT_CA,
- NS_CERTKEY_MULTIPLE,
+ NS_CERTKEY_FINGERPRINT,
certspec);
+
+ /* loop through all CA certs in the given files */
+ if (!trustcert) {
+ matching = netsnmp_certs_find(NS_CERT_CA,
+ NS_CERTKEY_FILE,
+ certspec);
+ for (i = 0; (matching) && (i < matching->size); ++i) {
+ candidate = (netsnmp_cert*)matching->array[i];
+ if (netsnmp_cert_trust(the_ctx, candidate) != SNMPERR_SUCCESS) {
+ free(matching->array);
+ free(matching);
+ LOGANDDIE("failed to load trust certificate");
+ }
+ } /** matching loop */
+
+ if (matching) {
+ free(matching->array);
+ free(matching);
+ return 1;
+ }
+ }
+
+ /* fall back to trusting the remote peer certificate */
if (!trustcert)
trustcert = netsnmp_cert_find(NS_CERT_REMOTE_PEER,
NS_CERTKEY_MULTIPLE,
certspec);
if (!trustcert)
LOGANDDIE("failed to find requested certificate to trust");
-
+
/* Add the certificate to the context */
- if (netsnmp_cert_trust_ca(the_ctx, trustcert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
LOGANDDIE("failed to load trust certificate");
return 1;
@@ -481,7 +510,7 @@ _sslctx_common_setup(SSL_CTX *the_ctx, _
NETSNMP_DS_LIB_X509_CRL_FILE);
if (NULL != crlFile) {
cert_store = SSL_CTX_get_cert_store(the_ctx);
- DEBUGMSGTL(("sslctx_client", "loading CRL: %s\n", crlFile));
+ DEBUGMSGTL(("sslctx_common", "loading CRL: %s\n", crlFile));
if (!cert_store)
LOGANDDIE("failed to find certificate store");
if (!(lookup = X509_STORE_add_lookup(cert_store, X509_LOOKUP_file())))
@@ -546,13 +575,19 @@ sslctx_client_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the client certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the client private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("client public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate client certificate");
+ }
if (tlsbase->their_identity)
peer_cert = netsnmp_cert_find(NS_CERT_REMOTE_PEER,
@@ -566,11 +601,11 @@ sslctx_client_setup(const SSL_METHOD *me
peer_cert ? peer_cert->info.filename : "none"));
/* Trust the expected certificate */
- if (netsnmp_cert_trust_ca(the_ctx, peer_cert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, peer_cert) != SNMPERR_SUCCESS)
LOGANDDIE ("failed to set verify paths");
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
index c2dd989..e7145e4 100644
--- a/snmplib/dir_utils.c
+++ b/snmplib/dir_utils.c
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
/** default to unsorted */
if (! (flags & NETSNMP_DIR_SORTED))
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
+ /** default to duplicates not allowed */
+ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
}
- /* trust a certificate (possibly a CA) aspecifically passed in */
+ /* trust a certificate (possibly a CA) specifically passed in */
if (tlsbase->trust_cert) {
if (!_trust_this_cert(the_ctx, tlsbase->trust_cert))
return 0;
@@ -589,7 +624,7 @@ sslctx_server_setup(const SSL_METHOD *me
/* setting up for ssl */
SSL_CTX *the_ctx = SSL_CTX_new(NETSNMP_REMOVE_CONST(SSL_METHOD *, method));
if (!the_ctx) {
- LOGANDDIE("can't create a new context");
+ LOGANDDIE("can't create a new server context");
}
id_cert = netsnmp_cert_find(NS_CERT_IDENTITY, NS_CERTKEY_DEFAULT, NULL);
@@ -597,7 +632,7 @@ sslctx_server_setup(const SSL_METHOD *me
LOGANDDIE ("error finding server identity keys");
if (!id_cert->key || !id_cert->key->okey)
- LOGANDDIE("failed to load private key");
+ LOGANDDIE("failed to load server private key");
DEBUGMSGTL(("sslctx_server", "using public key: %s\n",
id_cert->info.filename));
@@ -605,13 +640,19 @@ sslctx_server_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the server certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the server private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("server public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate server certificate");
+ }
SSL_CTX_set_read_ahead(the_ctx, 1); /* XXX: DTLS only? */
dir = opendir(dirname);

12
net-snmp-5.9-ipv6-disable-leak.patch Normal file
View File

@ -0,0 +1,12 @@
diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100
+++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100
@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

28
net-snmp-5.9-memory-reporting.patch Normal file
View File

@ -0,0 +1,28 @@
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86c..68b55d2 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
}
- b = strstr(buff, "SReclaimable: ");
- if (b)
- sscanf(b, "SReclaimable: %lu", &sreclaimable);
first = 0;

27
SOURCES/net-snmp-5.8-multilib.patch → net-snmp-5.9-multilib.patch
View File

@ -1,6 +1,7 @@
diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
--- a/man/netsnmp_config_api.3.def 2018-07-18 11:18:06.196792766 +0200
+++ b/man/netsnmp_config_api.3.def 2018-07-18 11:20:04.631679886 +0200
diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
index 90b20d9..bd5abe1 100644
--- a/man/netsnmp_config_api.3.def
+++ b/man/netsnmp_config_api.3.def
@@ -295,7 +295,7 @@ for one particular machine.
.PP
The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
@ -10,7 +11,7 @@ diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
followed by \fC $HOME/.snmp\fP.
This list can be changed by setting the environmental variable
.I SNMPCONFPATH
@@ -367,7 +367,7 @@ A colon separated list of directories to
@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration
files in.
Default:
.br
@ -19,10 +20,11 @@ diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
.SH "SEE ALSO"
netsnmp_mib_api(3), snmp_api(3)
.\" Local Variables:
diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def
--- a/man/snmp_config.5.def 2018-07-18 11:18:06.194792767 +0200
+++ b/man/snmp_config.5.def 2018-07-18 11:20:56.423626117 +0200
@@ -10,7 +10,7 @@ First off, there are numerous places tha
diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def
index fd30873..c3437d6 100644
--- a/man/snmp_config.5.def
+++ b/man/snmp_config.5.def
@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
found and read from. By default, the applications look for
configuration files in the following 4 directories, in order:
SYSCONFDIR/snmp,
@ -31,10 +33,11 @@ diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def
directories, it looks for files snmp.conf, snmpd.conf and/or
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
and/or snmptrapd.local.conf. *.local.conf are always
diff -urNp a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
--- a/man/snmpd.conf.5.def 2018-07-18 11:18:06.196792766 +0200
+++ b/man/snmpd.conf.5.def 2018-07-18 11:21:44.263574388 +0200
@@ -1559,7 +1559,7 @@ filename), and call the initialisation r
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
index 7ce8a46..a4000f9 100644
--- a/man/snmpd.conf.5.def
+++ b/man/snmpd.conf.5.def
@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
.RS
.IP "Note:"
If the specified PATH is not a fully qualified filename, it will

26
net-snmp-5.9-pie.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/agent/Makefile.in b/agent/Makefile.in
index 047d880..38d40aa 100644
--- a/agent/Makefile.in
+++ b/agent/Makefile.in
@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index 3dbb1d1..48ed23a 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}

38
net-snmp-5.9-python3.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git a/Makefile.in b/Makefile.in
index 912f6b2..862fb5f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -227,7 +227,7 @@ perlcleanfeatures:
# python specific build rules
#
-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
+PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
pythonmodules: subdirs
@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
if test $$? != 0 ; then \
diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
index daf11a4..3a30a64 100644
--- a/python/netsnmp/client.py
+++ b/python/netsnmp/client.py
@@ -56,7 +56,7 @@ class Varbind(object):
def __init__(self, tag=None, iid=None, val=None, type_arg=None):
self.tag = STR(tag)
self.iid = STR(iid)
- self.val = STR(val)
+ self.val = val
self.type = STR(type_arg)
# parse iid out of tag if needed
if iid is None and tag is not None:
@@ -66,7 +66,10 @@ class Varbind(object):
(self.tag, self.iid) = match.group(1, 2)
def __setattr__(self, name, val):
- self.__dict__[name] = STR(val)
+ if name == 'val':
+ self.__dict__[name] = val
+ else:
+ self.__dict__[name] = STR(val)
def __str__(self):
return obj_to_str(self)

65
net-snmp-5.9-rpmdb.patch Normal file
View File

@ -0,0 +1,65 @@
From ed4ee14af5b83fa4a86dfaa783f841d3e8545ce4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Wed, 9 Aug 2023 16:51:28 +0200
Subject: [PATCH] Add support for RPM SQLite DB background.
From RPM 4.16 the SQLite support is available for RPM DB.
After https://fedoraproject.org/wiki/Changes/Sqlite_Rpmdb, rpm changed
it's background DB from Berkeley to SQLite in Fedora.
Net-SNMP is using hard coded paths to determine where RPM DB files are.
This update is adding check for rpmdb.sqlite file in order to be able
invalidate internal cache after system package change.
Closes #596
---
agent/mibgroup/host/data_access/swinst_rpm.c | 18 +++++++++++++-----
agent/mibgroup/host/hr_swinst.c | 3 +++
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
index 050edff307..7ad91a3194 100644
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
@@ -73,15 +73,23 @@ netsnmp_swinst_arch_init(void)
#endif
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
+
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+
+ /* check for SQLite DB backend */
+ snprintf( pkg_directory, SNMP_MAXPATH, "%s/rpmdb.sqlite", dbpath );
+
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+ snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
+ pkg_directory[0] = '\0';
+ }
+ }
+
SNMP_FREE(rpmdbpath);
dbpath = NULL;
#ifdef HAVE_RPMGETPATH
rpmFreeRpmrc();
-#endif
- if (-1 == stat( pkg_directory, &stat_buf )) {
- snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
- pkg_directory[0] = '\0';
- }
+#endif
}
void
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2023-07-31 11:37:44.855071535 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2023-08-14 12:45:14.846357019 +0200
@@ -229,6 +229,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath);
if (stat(path, &stat_buf) == -1)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
+ /* check for SQLite DB backend */
+ if (stat(path, &stat_buf) == -1)
+ snprintf(path, sizeof(path), "%s/rpmdb.sqlite", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;
swi->swi_directory = strdup(path);
#ifdef HAVE_RPMGETPATH

110
net-snmp-5.9-test-debug.patch Normal file
View File

@ -0,0 +1,110 @@
diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
index 6c07f74..7df0b51 100644
--- a/testing/fulltests/default/T070com2sec_simple
+++ b/testing/fulltests/default/T070com2sec_simple
@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- CHECKAGENT '<"c408a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 32: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+CHECKAGENT '<"c408a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 32: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
+ FINISHED
+fi
- CHECKAGENT '<"c408b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 33: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+CHECKAGENT '<"c408b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 33: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
fi
-
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
fi
FINISHED
diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
index 76da70b..bc2d432 100644
--- a/testing/fulltests/default/T071com2sec6_simple
+++ b/testing/fulltests/default/T071com2sec6_simple
@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- # 608
- CHECKAGENT '<"c608a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 29: Error:'
- errnum=`expr $errnum - 1`
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+# 608
+CHECKAGENT '<"c608a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 29: Error:'
+ errnum=`expr $errnum - 1`
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ FINISHED
+fi
- CHECKAGENTCOUNT atleastone '<"c608b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 30: Error:'
- if [ "$snmp_last_test_result" -eq 1 ] ; then
- errnum=`expr $errnum - 1`
- fi
+CHECKAGENTCOUNT atleastone '<"c608b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 30: Error:'
+ if [ "$snmp_last_test_result" -eq 1 ] ; then
+ errnum=`expr $errnum - 1`
fi
fi

175
net-snmp-5.9.1-remove-des.patch Normal file
View File

@ -0,0 +1,175 @@
diff -urNp a/man/net-snmp-config.1.def b/man/net-snmp-config.1.def
--- a/man/net-snmp-config.1.def 2021-05-26 09:30:07.430790003 +0200
+++ b/man/net-snmp-config.1.def 2021-05-26 09:35:36.703673542 +0200
@@ -30,7 +30,7 @@ code for a list of available debug token
SNMP Setup commands:
.TP
\fB\-\-create\-snmpv3\-user\fR [\-ro] [\-a authpass] [\-x privpass]
-[\-X DES|AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
+[\-X AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
.PP
These options produce the various compilation flags needed when
building external SNMP applications:
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
--- a/man/net-snmp-create-v3-user.1.def 2021-05-26 09:30:07.430790003 +0200
+++ b/man/net-snmp-create-v3-user.1.def 2021-05-26 09:34:23.702034230 +0200
@@ -3,7 +3,7 @@
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
.SH SYNOPSIS
.PP
-.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x AES]
.B [username]
.SH DESCRIPTION
.PP
@@ -27,5 +27,5 @@ specifies the authentication password ha
\fB\-X privpass\fR
specifies the encryption password
.TP
-\fB\-x DES|AES\fR
+\fB\-x AES\fR
specifies the encryption algorithm
diff -urNp a/man/snmpcmd.1.def b/man/snmpcmd.1.def
--- a/man/snmpcmd.1.def 2021-05-26 09:30:07.429789994 +0200
+++ b/man/snmpcmd.1.def 2021-05-26 09:37:51.104850500 +0200
@@ -311,7 +311,7 @@ Overrides the \fIdefSecurityName\fR toke
file.
.TP
.BI \-x " privProtocol"
-Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages.
+Set the privacy protocol (AES) used for encrypted SNMPv3 messages.
Overrides the \fIdefPrivType\fR token in the
.I snmp.conf
file. This option is only valid if the Net-SNMP software was build
diff -urNp a/man/snmp.conf.5.def b/man/snmp.conf.5.def
--- a/man/snmp.conf.5.def 2021-05-26 09:30:07.429789994 +0200
+++ b/man/snmp.conf.5.def 2021-05-26 09:40:03.730011937 +0200
@@ -221,13 +221,13 @@ The
value will be used for the authentication and/or privacy pass phrases
if either of the other directives are not specified.
.IP "defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224"
-.IP "defPrivType DES|AES"
+.IP "defPrivType AES"
define the default authentication and privacy protocols to use for
SNMPv3 requests.
These can be overridden using the \fB\-a\fR and \fB\-x\fR options respectively.
.IP
If not specified, SNMPv3 requests will default to MD5 authentication
-and DES encryption.
+and AES encryption.
.RS
.IP "Note:
If the software has not been compiled to use the OpenSSL libraries,
@@ -262,8 +262,7 @@ master keys which have been converted to
suitable for on particular SNMP engine (agent). The length of the key
needs to be appropriate for the authentication or encryption type
being used (auth keys: MD5=16 bytes, SHA1=20 bytes;
-priv keys: DES=16 bytes (8
-bytes of which is used as an IV and not a key), and AES=16 bytes).
+priv keys: AES=16 bytes).
.IP "sshtosnmpsocket PATH"
Sets the path of the \fBsshtosnmp\fR socket created by an application
(e.g. snmpd) listening for incoming ssh connections through the
diff -urNp a/man/snmpd.examples.5.def b/man/snmpd.examples.5.def
--- a/man/snmpd.examples.5.def 2021-05-26 09:30:07.429789994 +0200
+++ b/man/snmpd.examples.5.def 2021-05-26 09:41:29.170761436 +0200
@@ -87,8 +87,8 @@ the same authentication and encryption s
.RS
.nf
createUser me MD5 "single pass phrase"
-createUser myself MD5 "single pass phrase" DES
-createUser andI MD5 "single pass phrase" DES "single pass phrase"
+createUser myself MD5 "single pass phrase" AES
+createUser andI MD5 "single pass phrase" AES "single pass phrase"
.fi
.RE
Note that this defines three \fIdistinct\fR users, who could be granted
diff -urNp a/man/snmptrapd.conf.5.def b/man/snmptrapd.conf.5.def
--- a/man/snmptrapd.conf.5.def 2021-05-26 09:30:07.428789985 +0200
+++ b/man/snmptrapd.conf.5.def 2021-05-26 09:42:02.963064029 +0200
@@ -117,7 +117,7 @@ to trigger the types of processing liste
See
.IR snmpd.conf (5)
for more details.
-.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES]"
+.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [AES]"
See the
.IR snmpd.conf (5)
manual page for a description of how to create SNMPv3 users. This
diff -urNp a/man/snmpusm.1.def b/man/snmpusm.1.def
--- a/man/snmpusm.1.def 2021-05-26 09:30:07.430790003 +0200
+++ b/man/snmpusm.1.def 2021-05-26 09:42:24.178253990 +0200
@@ -216,7 +216,7 @@ rwuser initial
# lets add the new user we'll create too:
rwuser wes
# USM configuration entries
-createUser initial MD5 setup_passphrase DES
+createUser initial MD5 setup_passphrase AES
.fi
.RE
.PP
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2021-05-26 09:30:07.369789468 +0200
+++ b/net-snmp-create-v3-user.in 2021-05-26 09:33:23.966511123 +0200
@@ -10,7 +10,7 @@ if @PSCMD@ | egrep ' snmpd *$' > /dev/nu
fi
Aalgorithm="MD5"
-Xalgorithm="DES"
+Xalgorithm="AES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
@@ -57,11 +57,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128|AES192|AES256)
+ AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128|aes192|aes256)
+ aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift
;;
@@ -90,7 +90,7 @@ if test "x$usage" = "xyes"; then
echo ""
echo "Usage:"
echo " net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]"
- echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x DES|AES] [username]"
+ echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x AES] [username]"
echo ""
exit
fi
diff -urNp a/README.snmpv3 b/README.snmpv3
--- a/README.snmpv3 2021-05-26 09:30:07.352789320 +0200
+++ b/README.snmpv3 2021-05-26 09:44:49.109551728 +0200
@@ -4,7 +4,7 @@ How to setup SNMPv3, a very brief docume
do a better job on since I suck at writing documentation and he
doesn't ;-) --Wes:
-Note: SHA authentication and DES/AES encryption support is only available
+Note: SHA authentication and AES encryption support is only available
if you have OpenSSL installed or if you've compiled using
--with-openssl=internal. If you use --with-openssl=internal please
read the documentation in snmplib/openssl/README for important details.
@@ -27,7 +27,7 @@ CREATING THE FIRST USER:
WARNING: SNMPv3 pass phrases must be at least 8 characters long!
The above line creates the user "myuser" with a password of
- "my_password" (and uses MD5 and DES for protection). (Note that
+ "my_password" (and uses MD5 and AES for protection). (Note that
encryption support isn't enabled in the binary releases downloadable
from the net-snmp web site.) net-snmp-config will also add a line
to your snmpd.conf file to let that user have read/write access to
@@ -44,7 +44,7 @@ CREATING THE FIRST USER:
[ this should return information about how long your agent has been up]
snmpget -v 3 -u myuser -l authPriv -a MD5 -A my_password
- -x DES -X my_password localhost sysUpTime.0
+ -x AES -X my_password localhost sysUpTime.0
[ this should return similar information, but encrypts the transmission ]
CREATING A SECOND USER:

120
net-snmp-5.9.4-kernel-6.7.patch Normal file
View File

@ -0,0 +1,120 @@
From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
From: Philippe Troin <phil+github-commits@fifi.org>
Date: Sat, 3 Feb 2024 10:30:30 -0800
Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
This breaks the hard-coded assumptions about the Ip line length.
Add compatibility to parse Linux 6.7 Ip header while keep support
for previous versions.
---
.../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++----
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
index 49e0a34d5c..f04e828a94 100644
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
}
/*
- /proc/net/snmp
+ /proc/net/snmp - Linux 6.6 and lower
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
Udp: InDatagrams NoPorts InErrors OutDatagrams
Udp: 1491094 122 0 1466178
+*
+ /proc/net/snmp - Linux 6.7 and higher
+
+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
+
+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
+
+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484
+
+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
+
+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ Udp: 2257832 1422 0 2252835 0 0 0 84 0
+
+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ UdpLite: 0 0 0 0 0 0 0 0 0
*/
@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
FILE *devin;
char line[1024];
netsnmp_systemstats_entry *entry = NULL;
- int scan_count;
+ int scan_count, expected_scan_count;
char *stats, *start = line;
int len;
- unsigned long long scan_vals[19];
+ unsigned long long scan_vals[20];
DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
load_flags));
@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
*/
NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
len = strlen(line);
- if (224 != len) {
+ switch (len) {
+ case 224:
+ expected_scan_count = 19;
+ break;
+ case 237:
+ expected_scan_count = 20;
+ break;
+ default:
fclose(devin);
snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
- " %d != 224\n", len);
+ " %d not in { 224, 237 } \n", len);
return -4;
}
@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
memset(scan_vals, 0x0, sizeof(scan_vals));
scan_count = sscanf(stats,
"%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
- "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
&scan_vals[0],&scan_vals[1],&scan_vals[2],
&scan_vals[3],&scan_vals[4],&scan_vals[5],
&scan_vals[6],&scan_vals[7],&scan_vals[8],
&scan_vals[9],&scan_vals[10],&scan_vals[11],
&scan_vals[12],&scan_vals[13],&scan_vals[14],
&scan_vals[15],&scan_vals[16],&scan_vals[17],
- &scan_vals[18]);
+ &scan_vals[18],&scan_vals[19]);
DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count));
- if(scan_count != 19) {
+ if(scan_count != expected_scan_count) {
snmp_log(LOG_ERR,
"error scanning systemstats data (expected %d, got %d)\n",
- 19, scan_count);
+ expected_scan_count, scan_count);
netsnmp_access_systemstats_entry_free(entry);
return -4;
}
@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
+ /* entry->stats. = scan_vals[19]; / * OutTransmits */
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;

43
net-snmp-5.9.4-remove-mail-sender.patch Normal file
View File

@ -0,0 +1,43 @@
diff -urNp a/local/checkbandwidth b/local/checkbandwidth
--- a/local/checkbandwidth 2024-06-21 21:17:01.675417287 +0200
+++ b/local/checkbandwidth 2024-06-21 21:19:40.107746544 +0200
@@ -326,7 +326,6 @@ See the Net-SNMP COPYING file for licens
use JSON;
use Data::Dumper;
-use Mail::Sender;
use SNMP;
use Fcntl ':flock';
@@ -744,19 +743,19 @@ sub send_rate_message($$$$$$) {
sub send_message($$$) {
my ($to, $subject, $text) = @_;
- my $sender = new Mail::Sender { smtp => $opts{'S'} ,
- port => $opts{'P'},
- from => $opts{'F'},
- };
-
- my $status =
- $sender->MailMsg({
- to => $to,
- subject => $subject,
- msg => $text
- });
+# my $sender = new Mail::Sender { smtp => $opts{'S'} ,
+# port => $opts{'P'},
+# from => $opts{'F'},
+# };
+
+ my $status = -1;
+# $sender->MailMsg({
+# to => $to,
+# subject => $subject,
+# msg => $text
+# });
if ($status < 0) {
- Log("Failed to send mail with error code $status: $Mail::Sender::Error");
+ Log("Failed to send mail with error code $status: Mail::Sender is not available");
}
}

29
net-snmp-5.9.4-test-fix.patch Normal file
View File

@ -0,0 +1,29 @@
diff -ruNp a/testing/fulltests/support/simple_eval_tools.sh b/testing/fulltests/support/simple_eval_tools.sh
--- a/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:36:03.641432345 +0100
+++ b/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:38:15.946855878 +0100
@@ -525,7 +525,6 @@ STARTPROG() {
if test -f $CFG_FILE; then
COMMAND="$COMMAND -C -c $CFG_FILE"
fi
- COMMAND="$COMMAND -f"
if [ "x$PORT_SPEC" != "x" ]; then
COMMAND="$COMMAND $PORT_SPEC"
fi
@@ -537,10 +536,13 @@ STARTPROG() {
OUTPUTENVVARS $LOG_FILE.command
echo $COMMAND >> $LOG_FILE.command
fi
- {
- { $COMMAND; } >$LOG_FILE.stdout 2>&1
- echo $? >$LOG_FILE.exitcode
- } &
+ if [ "x$OSTYPE" = "xmsys" ]; then
+ $COMMAND > $LOG_FILE.stdout 2>&1 &
+ ## COMMAND="cmd.exe //c start //min $COMMAND"
+ ## start $COMMAND > $LOG_FILE.stdout 2>&1
+ else
+ $COMMAND > $LOG_FILE.stdout 2>&1
+ fi
}
#------------------------------------ -o-

22
SOURCES/net-snmp-config → net-snmp-config
View File

@ -16,47 +16,47 @@
arch=`arch`
echo $arch | grep -q i.86
if [ $? -eq 0 ] ; then
net-snmp-config-i386 $*
net-snmp-config-i386 "$@"
exit 0
fi
if [ "$arch" = "ia64" ] ; then
net-snmp-config-ia64 $*
net-snmp-config-ia64 "$@"
exit 0
fi
if [ "$arch" = "ppc" ] ; then
net-snmp-config-ppc $*
net-snmp-config-ppc "$@"
exit 0
fi
if [ "$arch" = "ppc64" ] ; then
net-snmp-config-ppc64 $*
net-snmp-config-ppc64 "$@"
exit 0
fi
if [ "$arch" = "s390" ] ; then
net-snmp-config-s390 $*
net-snmp-config-s390 "$@"
exit 0
fi
if [ "$arch" = "s390x" ] ; then
net-snmp-config-s390x $*
net-snmp-config-s390x "$@"
exit 0
fi
if [ "$arch" = "x86_64" ] ; then
net-snmp-config-x86_64 $*
net-snmp-config-x86_64 "$@"
exit 0
fi
if [ "$arch" = "alpha" ] ; then
net-snmp-config-alpha $*
net-snmp-config-alpha "$@"
exit 0
fi
if [ "$arch" = "sparc" ] ; then
net-snmp-config-sparc $*
net-snmp-config-sparc "$@"
exit 0
fi
if [ "$arch" = "sparc64" ] ; then
net-snmp-config-sparc64 $*
net-snmp-config-sparc64 "$@"
exit 0
fi
if [ "$arch" = "aarch64" ] ; then
net-snmp-config-aarch64 $*
net-snmp-config-aarch64 "$@"
exit 0
fi
echo "Cannot determine architecture"

0
SOURCES/net-snmp-config.h → net-snmp-config.h
View File

59
net-snmp-libs-misunderstanding.patch Normal file
View File

@ -0,0 +1,59 @@
Libs.private should contain a list of libraries the library that the package
exposes is linked too. So let's filter out unrelated link flags.
diff --git net-snmp-5.9.1/netsnmp.pc.in~ net-snmp-5.9.1/netsnmp.pc.in
index 0a1f5785a4..524ca91d82 100644
--- net-snmp-5.9.1/netsnmp.pc.in~
+++ net-snmp-5.9.1/netsnmp.pc.in
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lnetsnmp
-Libs.private: @LDFLAGS@ @LNETSNMPLIBS@ @LIBS@ @PERLLDOPTS_FOR_APPS@
+Libs.private: @LNETSNMPLIBS@ @LIBS@
diff --git net-snmp-5.9.1/netsnmp-agent.pc.in~ net-snmp-5.9.1/netsnmp-agent.pc.in
index 3a1c77bbf8..3d3b308d21 100644
--- net-snmp-5.9.1/netsnmp-agent.pc.in~
+++ net-snmp-5.9.1/netsnmp-agent.pc.in
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lnetsnmpmibs -lnetsnmpagent -lnetsnmp
-Libs.private: @LDFLAGS@ @LMIBLIBS@ @LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@ @LNETSNMPLIBS@ @LIBS@
+Libs.private: @LMIBLIBS@ @LAGENTLIBS@ @LNETSNMPLIBS@ @LIBS@
diff --git net-snmp-5.9.1/net-snmp-config.in~ net-snmp-5.9.1/net-snmp-config.in
index 6b5abf8f83..ee81ce98fa 100644
--- net-snmp-5.9.1/net-snmp-config.in~
+++ net-snmp-5.9.1/net-snmp-config.in
@@ -193,13 +193,13 @@ else
#################################################### client lib
--libs)
# use this one == --netsnmp-libs + --external-libs
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
+ echo $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
;;
--netsnmp-libs)
echo $NSC_LIBDIR $NSC_BASE_SNMP_LIBS
;;
--external-libs)
- echo $NSC_LDFLAGS $NSC_LNETSNMPLIBS $NSC_LIBS @PERLLDOPTS_FOR_APPS@
+ echo $NSC_LNETSNMPLIBS $NSC_LIBS
;;
#################################################### agent lib
--base-agent-libs)
@@ -210,13 +210,13 @@ else
;;
--agent-libs)
# use this one == --netsnmp-agent-libs + --external-libs
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
+ echo $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
;;
--netsnmp-agent-libs)
echo $NSC_LIBDIR $NSC_BASE_AGENT_LIBS
;;
--external-agent-libs)
- echo $NSC_LDFLAGS $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
+ echo $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
;;
####################################################
--version|--ver*)

0
SOURCES/net-snmp-tmpfs.conf → net-snmp-tmpfs.conf
View File

0
SOURCES/net-snmp-trapd.redhat.conf → net-snmp-trapd.redhat.conf
View File

6
SOURCES/net-snmp.redhat.conf → net-snmp.redhat.conf
View File

@ -38,14 +38,14 @@
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser default public
#com2sec notConfigUser default public
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights to:

623
SPECS/net-snmp.spec → net-snmp.spec
View File

@ -5,15 +5,15 @@
%global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 aarch64
# actual soname version
%global soname 35
%global soname 40
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.8
Release: 30%{?dist}
Version: 5.9.4
Release: 14%{?dist}
Epoch: 1
License: BSD
License: MIT-CMU and BSD-3-Clause and MIT and OpenSSL
URL: http://net-snmp.sourceforge.net/
Source0: https://downloads.sourceforge.net/project/net-snmp/net-snmp/%{version}/net-snmp-%{version}.tar.gz
Source1: net-snmp.redhat.conf
@ -26,74 +26,49 @@ Source7: net-snmp-tmpfs.conf
Source8: snmpd.service
Source9: snmptrapd.service
Source10: IETF-MIB-LICENSE.txt
Patch1: net-snmp-5.7.2-pie.patch
Patch2: net-snmp-5.8-dir-fix.patch
Patch3: net-snmp-5.8-multilib.patch
Patch4: net-snmp-5.8-test-debug.patch
Patch5: net-snmp-5.7.2-autoreconf.patch
Patch6: net-snmp-5.8-agentx-disconnect-crash.patch
Patch7: net-snmp-5.7.2-cert-path.patch
Patch8: net-snmp-5.8-cflags.patch
Patch9: net-snmp-5.8-Remove-U64-typedef.patch
Patch10: net-snmp-5.8-libnetsnmptrapd-against-MYSQL_LIBS.patch
Patch11: net-snmp-5.7.3-iterator-fix.patch
Patch12: net-snmp-5.8-autofs-skip.patch
Patch13: net-snmp-5.8-usage-exit.patch
Patch14: net-snmp-5.8-coverity.patch
Patch15: net-snmp-5.8-ipv6-clientaddr.patch
Patch16: net-snmp-5.8-agent-of-death.patch
Patch17: net-snmp-5.8-trapsink.patch
Patch18: net-snmp-5.8-flood-messages.patch
Patch19: net-snmp-5.8-v3-forward.patch
Patch20: net-snmp-5.8-sec-counter.patch
Patch21: net-snmp-5.8-proxy-getnext.patch
Patch22: net-snmp-5.8-dskTable-dynamic.patch
Patch23: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch24: net-snmp-5.8-duplicate-ipAddress.patch
Patch25: net-snmp-5.8-memory-reporting.patch
Patch26: net-snmp-5.8-man-page.patch
Patch27: net-snmp-5.8-ipAddress-faster-load.patch
Patch28: net-snmp-5.8-rpm-memory-leak.patch
Patch29: net-snmp-5.8-sec-memory-leak.patch
Patch30: net-snmp-5.8-aes-config.patch
Patch31: net-snmp-5.7.2-CVE-2020-15862.patch
Patch32: net-snmp-5.8-bulk.patch
Patch33: net-snmp-5.8-clientaddr-error-message.patch
Patch34: net-snmp-5.8-ipv6-disabled.patch
Patch35: net-snmp-5.8-empty-passphrase.patch
Patch36: net-snmp-5.8-asn-parse-nlength.patch
Patch37: net-snmp-5.8-double-IP-parsing.patch
Patch38: net-snmp-5.8-digest-from-ECC.patch
Patch39: net-snmp-5.8-broken-errmsg.patch
Patch40: net-snmp-5.8-intermediate-certs.patch
Patch41: net-snmp-5.8-fix-cert-crash.patch
Patch42: net-snmp-5.8-engine-id.patch
Patch43: net-snmp-5.8-certs.patch
Patch44: net-snmp-5.8-util-fix.patch
Patch45: net-snmp-5.8-deleted-iface.patch
Patch46: net-snmp-5.8-memleak-backport.patch
Patch47: net-snmp-5.8-dev-mem-leak.patch
Patch48: net-snmp-5.8-CVE-2022-44792-44793.patch
Patch49: net-snmp-5.8-ipv6-disable-leak.patch
Patch50: net-snmp-5.8-proxy-time-out.patch
Patch51: net-snmp-5.8-sendmsg-error-code.patch
Patch52: net-snmp-5.8-memavailable.patch
Patch53: net-snmp-5.8-proxy.patch
Patch54: net-snmp-5.8-truncating-log-once.patch
Patch55: net-snmp-5.8-CVE-2022-24805-24810.patch
Patch1: net-snmp-5.9-pie.patch
Patch2: net-snmp-5.9-dir-fix.patch
Patch3: net-snmp-5.9-multilib.patch
Patch4: net-snmp-5.9-test-debug.patch
Patch5: net-snmp-5.7.2-cert-path.patch
Patch6: net-snmp-5.9-cflags.patch
Patch7: net-snmp-5.8-Remove-U64-typedef.patch
Patch8: net-snmp-5.7.3-iterator-fix.patch
Patch9: net-snmp-5.9-autofs-skip.patch
Patch10: net-snmp-5.9-coverity.patch
Patch11: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch12: net-snmp-5.8-duplicate-ipAddress.patch
Patch13: net-snmp-5.9-memory-reporting.patch
Patch14: net-snmp-5.8-man-page.patch
Patch15: net-snmp-5.8-ipAddress-faster-load.patch
Patch16: net-snmp-5.8-rpm-memory-leak.patch
Patch17: net-snmp-5.9-aes-config.patch
Patch18: net-snmp-5.8-clientaddr-error-message.patch
Patch19: net-snmp-5.9-intermediate-certs.patch
Patch20: net-snmp-5.9.1-remove-des.patch
Patch21: net-snmp-libs-misunderstanding.patch
Patch22: net-snmp-5.9-ipv6-disable-leak.patch
Patch23: net-snmp-5.9-rpmdb.patch
Patch24: net-snmp-5.9.4-test-fix.patch
Patch25: net-snmp-5.9.4-kernel-6.7.patch
Patch26: net-snmp-5.9.4-remove-mail-sender.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
#disable this patch due compatibility issues
Patch102: net-snmp-5.9-python3.patch
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: gcc
# This is actually needed for the %%triggerun script but Requires(triggerun)
# is not valid. We can use %%post because this particular %%triggerun script
# should fire just after this package is installed.
%{?systemd_requires}
BuildRequires: systemd
BuildRequires: make
BuildRequires: systemd
BuildRequires: gcc
BuildRequires: openssl-devel, bzip2-devel, elfutils-devel
BuildRequires: libselinux-devel, elfutils-libelf-devel, rpm-devel
BuildRequires: perl-devel, perl(ExtUtils::Embed), procps
@ -103,7 +78,17 @@ BuildRequires: mariadb-connector-c-devel
# for netstat, needed by 'make test'
BuildRequires: net-tools
# for make test
BuildRequires: perl(:VERSION) >= 5.6
BuildRequires: perl(AutoLoader)
BuildRequires: perl(blib)
BuildRequires: perl(Carp)
BuildRequires: perl(DynaLoader)
BuildRequires: perl(Exporter)
BuildRequires: perl(overload)
BuildRequires: perl(strict)
BuildRequires: perl(TAP::Harness)
BuildRequires: perl(vars)
BuildRequires: perl(warnings)
%ifnarch s390 s390x ppc64le
BuildRequires: lm_sensors-devel >= 3
%endif
@ -124,7 +109,6 @@ which contains NET-SNMP utilities.
%package utils
Summary: Network management utilities using SNMP, from the NET-SNMP project
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: gcc
%description utils
The net-snmp-utils package contains various utilities for use with the
@ -139,11 +123,12 @@ Summary: The development environment for the NET-SNMP project
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel
Requires: redhat-rpm-config
%ifnarch s390 s390x ppc64le
Requires: lm_sensors-devel
%endif
# pull perl development libraries, net-snmp agent libraries may link to them
Requires: perl-devel%{?_isa}, gcc
Requires: perl-devel%{?_isa}
%description devel
The net-snmp-devel package contains the development libraries and
@ -155,23 +140,39 @@ applications for use with the NET-SNMP project's network management
tools. You'll also need to have the net-snmp and net-snmp-utils
packages installed.
%package perl-module
Summary: The perl NET-SNMP module
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}, perl-interpreter
BuildRequires: perl-interpreter
BuildRequires: perl-generators
%description perl-module
The net-snmp-perl package contains the perl files to use SNMP from within
Perl.
Install the net-snmp-perl package, if you want to use SNMP with perl.
%package perl
Summary: The perl NET-SNMP module and the mib2c tool
Summary: The perl-based utilities and the mib2c tool
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}, perl-interpreter
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: perl-interpreter
BuildRequires: perl-generators
%description perl
The net-snmp-perl package contains the perl files to use SNMP from within
Perl.
The net-snmp-perl package contains the utilities written in perl.
Install the net-snmp-perl package, if you want to use mib2c or SNMP
with perl.
Install the net-snmp-perl package, if you want to use mib2c or other
perl utilities. Use the net-snmp-perl-module package instead to get the
SNMP perl module.
%package gui
Summary: An interactive graphical MIB browser for SNMP
Requires: perl-Tk, net-snmp-perl%{?_isa} = %{epoch}:%{version}-%{release}
Requires: perl-Tk, %{name}-perl-module%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: perl-interpreter
BuildRequires: perl-generators
%description gui
The net-snmp-gui package contains tkmib utility, which is a graphical user
@ -191,83 +192,65 @@ binaries and applications.
%package agent-libs
Summary: The NET-SNMP runtime agent libraries
# the libs link against libperl.so:
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description agent-libs
The net-snmp-agent-libs package contains the runtime agent libraries for shared
binaries and applications.
%package -n python3-net-snmp
%{?python_provide:%python_provide python3-net-snmp}
# Remove before F30
Provides: %{name}-python = %{version}-%{release}
Provides: %{name}-python%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python < %{version}-%{release}
Summary: The Python 'netsnmp' module for the Net-SNMP
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description -n python3-net-snmp
The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3,
SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the
Net-SNMP toolkit library.
%prep
%setup -q
cp %{SOURCE10} .
rm -r python
%ifnarch ia64
%patch1 -p1 -b .pie
%patch 1 -p1 -b .pie
%endif
%patch2 -p1 -b .dir-fix
%patch3 -p1 -b .multilib
%patch4 -p1
%patch5 -p1 -b .autoreconf
%patch6 -p1 -b .agentx-disconnect-crash
%patch7 -p1 -b .cert-path
%patch8 -p1 -b .cflags
%patch9 -p1 -b .u64-remove
%patch10 -p1 -b .perlfix
%patch11 -p1 -b .iterator-fix
%patch12 -p1 -b .autofs-skip
%patch13 -p1 -b .usage-fix
%patch14 -p1 -b .coverity
%patch15 -p1 -b .ipv6-clientaddr
%patch16 -p1 -b .agent-of-death
%patch17 -p1 -b .trapsink
%patch18 -p1 -b .flood-messages
%patch19 -p1 -b .v3-forward
%patch20 -p1 -b .sec-counter
%patch21 -p1 -b .proxy-getnext
%patch22 -p1 -b .dskTable-dynamic
%patch23 -p1 -b .expand-SNMPCONFPATH
%patch24 -p1 -b .duplicate-ipAddress
%patch25 -p1 -b .memory-reporting
%patch26 -p1 -b .man-page
%patch27 -p1 -b .ipAddress-faster-load
%patch28 -p1 -b .rpm-memory-leak
%patch29 -p1 -b .sec-memory-leak
%patch30 -p1 -b .aes-config
%patch31 -p1 -b .CVE-2020-15862
%patch32 -p1 -b .bulk
%patch33 -p1 -b .clientaddr-error-message
%patch34 -p1 -b .ipv6-disabled
%patch35 -p1 -b .empty-passphrase
%patch36 -p1 -b .asn-parse-nlength
%patch37 -p1 -b .double-IP-parsing
%patch38 -p1 -b .digest-from-ECC
%patch39 -p1 -b .broken-errmsg
%patch40 -p1 -b .intermediate-certs
%patch41 -p1 -b .fix-cert-crash
%patch42 -p1 -b .engine-id
%patch43 -p1 -b .certs
%patch44 -p1 -b .utils
%patch45 -p1 -b .ifaces
%patch46 -p1 -b .memleak-backport
%patch47 -p1 -b .dev-mem-leak
%patch48 -p1
%patch49 -p1 -b .ipv6-disable-leak
%patch50 -p1 -b .proxy-time-out
%patch51 -p1 -b .sendmsg-error-code
%patch52 -p1 -b .memavailable
%patch53 -p1 -b .proxy
%patch54 -p1 -b .truncating-log-once
%patch55 -p1 -b .CVE-2022-24805-24810
%patch 2 -p1 -b .dir-fix
%patch 3 -p1 -b .multilib
%patch 4 -p1
%patch 5 -p1 -b .cert-path
%patch 6 -p1 -b .cflags
%patch 7 -p1 -b .u64-remove
%patch 8 -p1 -b .iterator-fix
%patch 9 -p1 -b .autofs-skip
%patch 10 -p1 -b .coverity
%patch 11 -p1 -b .expand-SNMPCONFPATH
%patch 12 -p1 -b .duplicate-ipAddress
%patch 13 -p1 -b .memory-reporting
%patch 14 -p1 -b .man-page
%patch 15 -p1 -b .ipAddress-faster-load
%patch 16 -p1 -b .rpm-memory-leak
%patch 17 -p1 -b .aes-config
%patch 18 -p1 -b .clientaddr-error-message
%patch 19 -p1 -b .intermediate-certs
%patch 20 -p1 -b .remove-des
%patch 21 -p1
%patch 22 -p1 -b .ipv6-disable-leak
%patch 23 -p1 -b .rpmdbpatch
%patch 24 -p1 -b .test-fix
%patch 25 -p1 -b .kernel-fix
%patch 26 -p1 -b .remove-mail-sender
%patch101 -p1 -b .modern-rpm-api
%patch 101 -p1 -b .modern-rpm-api
%patch 102 -p1
%ifarch sparc64 s390 s390x
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
rm testing/fulltests/default/T200*
%endif
%build
@ -296,9 +279,10 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--enable-local-smux \
--enable-mfd-rewrites \
--enable-ucd-snmp-compatibility \
--disable-des \
--sysconfdir=%{_sysconfdir} \
--with-cflags="$RPM_OPT_FLAGS" \
--with-ldflags="-Wl,-z,relro -Wl,-z,now -lm" \
--with-cflags="$RPM_OPT_FLAGS -fPIE" \
--with-ldflags="$RPM_LD_FLAGS -lm" \
--with-logfile="/var/log/snmpd.log" \
--with-mib-modules="$MIBS" \
--with-mysql \
@ -311,7 +295,8 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--with-systemd \
--with-temp-file-pattern=/run/net-snmp/snmp-tmp-XXXXXX \
--with-transports="DTLSUDP TLSTCP" \
--with-sys-contact="root@localhost" <<EOF
--with-sys-contact="root@localhost" \
--without-pcre <<EOF
EOF
# store original libtool file, we will need it later
@ -321,11 +306,17 @@ sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
# the package is not %%_smp_mflags safe
make
%{__make}
# remove rpath from compiled perl libs
find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \;
# compile python module
pushd python
%{__python3} setup.py --basedir="../" build
popd
%install
make install DESTDIR=%{buildroot}
@ -368,6 +359,7 @@ rm -f %{buildroot}/%{_mandir}/man1/fixproc*
rm -f %{buildroot}/%{_bindir}/ipf-mod.pl
rm -f %{buildroot}/%{_libdir}/*.la
rm -f %{buildroot}/%{_libdir}/libsnmp*
rm -f %{buildroot}/%{_libdir}/perl5/vendor_perl/Bundle/MakefileSubs.pm
# remove special perl files
find %{buildroot} -name perllocal.pod \
@ -381,6 +373,11 @@ rm -f README.aix README.hpux11 README.osX README.Panasonic_AM3X.txt README.solar
# copy missing mib2c.conf files
install -m 644 local/mib2c.*.conf %{buildroot}%{_datadir}/snmp
# install python module
pushd python
%{__python3} setup.py --basedir=.. install -O1 --skip-build --root %{buildroot}
popd
find %{buildroot} -name '*.so' | xargs chmod 0755
# trim down massive ChangeLog
@ -395,10 +392,6 @@ done
# remove executable bit from documentation samples
chmod 644 local/passtest local/ipf-mod.pl
# dirty hack for #603243, until it's fixed properly upstream
install -m 755 -d %{buildroot}/usr/include/net-snmp/agent/util_funcs
install -m 644 agent/mibgroup/util_funcs/*.h %{buildroot}/usr/include/net-snmp/agent/util_funcs
# systemd stuff
install -m 755 -d %{buildroot}/%{_tmpfilesdir}
install -m 644 %SOURCE7 %{buildroot}/%{_tmpfilesdir}/net-snmp.conf
@ -416,6 +409,7 @@ cp -f libtool.orig libtool
chmod 755 local/passtest
LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%endif
@ -469,11 +463,18 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%files devel
%{_libdir}/lib*.so
/usr/include/*
%{_libdir}/pkgconfig/*
%{_includedir}/*
%attr(0644,root,root) %{_mandir}/man3/*.3.*
%attr(0755,root,root) %{_bindir}/net-snmp-config*
%attr(0644,root,root) %{_mandir}/man1/net-snmp-config*.1.*
%files perl-module
%attr(0644,root,root) %{_mandir}/man3/*.3pm.*
%{perl_vendorarch}/*SNMP*
%{perl_vendorarch}/auto/*SNMP*
%{perl_vendorarch}/auto/Bundle/*SNMP*
%files perl
%{_bindir}/mib2c-update
%{_bindir}/mib2c
@ -485,13 +486,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_datadir}/snmp/*.pl
%{_bindir}/traptoemail
%attr(0644,root,root) %{_mandir}/man[15]/mib2c*
%attr(0644,root,root) %{_mandir}/man3/*.3pm.*
%attr(0644,root,root) %{_mandir}/man1/traptoemail*.1*
%attr(0644,root,root) %{_mandir}/man1/snmp-bridge-mib.1*
%{perl_vendorarch}/*SNMP*
%{perl_vendorarch}/auto/*SNMP*
%{perl_vendorarch}/auto/Bundle/*SNMP*
%{perl_vendorarch}/Bundle/MakefileSubs.pm
%files -n python3-net-snmp
%doc README
%{python3_sitearch}/*
%files gui
%{_bindir}/tkmib
@ -515,124 +515,283 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
* Mon Mar 04 2024 Josef Ridky <jridky@redhat.com> - 1:5.8-30
- fix crash when configured as proxy - issue 82 (RHEL-14454)
- log once truncating issue (RHEL-13597)
- fix CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808,
CVE-2022-24809 and CVE-2022-24810 (RHEL-26650)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:5.9.4-14
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Tue Jan 23 2024 Josef Ridky <jridky@redhat.com> - 1:5.8-29
- backport MemAvailable report from upstream (RHEL-21780)
* Thu Aug 08 2024 Troy Dawson <tdawson@redhat.com> - 1:5.9.4-13
- Bump release for Aug 2024 java mass rebuild
* Wed Aug 02 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-28
- fix sendmsg error code for new kernel (#2185787)
* Tue Jul 16 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-12
- update license tag and remove tests folder
* Tue Jan 31 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-27
- fix memory leak due of proc file creating (#2105957)
- fix CVE-2022-44792 and CVE-2022-44793 (#2141901) and (#2141905)
- fix memory leak when ipv6 disable set to 1 (#2151537)
- fix proxy timeout issue (#2160723)
* Wed Jul 10 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-11
- Fix licensing issue in source code (RHEL-46905)
* Mon Oct 17 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-26
- backport two memory leaks from upstream (#2134635)
* Wed Jun 26 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-10
- Add gating.yaml file
* Mon Feb 21 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-25
- fix segfault with error on subcontainer (#2051370)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:5.9.4-9
- Bump release for June 2024 mass rebuild
* Thu Dec 09 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-24
- fix dereferencing null pointer (#2021403)
* Fri Jun 21 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-8
- add missing gating.yaml file
* Mon Oct 11 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-23
- net-snmp-cert gencert create SHA512 (#1908331)
* Fri Jun 21 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-7
- remove dependency issue for Mail::Sender perl module (RHEL-44478)
* Mon Jun 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-22
- update engineTime when sending traps (#1973252)
* Fri Jun 21 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-6
- add missing patch application
* Wed Jun 09 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-21
- prevent parsing IP address twice (#1768908)
- add support for digests detected from ECC certs (#1919714)
- fix broken ErrorMsg at ucd-snmp (#1933150)
- add support for intermediate certs (#1914656)
- fix crash of certs with longer extension (#1908718)
* Fri Jun 21 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-5
- fix unexpected header length in /proc/net/snmp (RHEL-44354)
* Tue Jan 05 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-20
- fix issue with parsing of long traps (#1912242)
- modify fix for #1877375
* Mon Feb 26 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-4
- Fix FTBFS in com2sec tests (RHEL-26443)
* Tue Dec 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-19
- revert permission of config files to 600 (#1601060)
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Aug 16 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.4-1
- New upstream release 5.9.4 (#2184202)
* Mon Aug 14 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.3-8
- Fix warning for RPM DB
- split perl module into separate package that doesn't pull in gcc and
other build dependencies (thanks Chris Adams)
- don't install MakefileSubs.pm - it's just needed at module build time
(thanks Chris Adams)
* Tue Aug 01 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.3-7
- Sync fixes with RHEL
- Fix sendmesg error code change for new kernel
* Wed Jul 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.3-6
- Migrate to SPDX license format
* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.9.3-5
- Perl 5.38 rebuild
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 1:5.9.3-4
- Rebuilt for Python 3.12
* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 1:5.9.3-3
- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Aug 04 2022 Josef Ridky <jridky@redhat.com> - 1:5.9.3-1
- New upstream release 5.9.3 (#2072230)
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.1-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 1:5.9.1-16
- Rebuilt for Python 3.11
* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.9.1-15
- Perl 5.36 rebuild
* Sat Jan 29 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1:5.9.1-14
- Remove linker flags from Libs.private (#2043092)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Oct 04 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-12
- fix FTBFS of ERR_get_error (#2008781)
* Wed Sep 15 2021 Sahana Prasad <sahana@redhat.com> - 1:5.9.1-11
- Rebuilt with OpenSSL 3.0.0
* Wed Sep 15 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-10
- Remove ERR_GET_FUNC from code (#2004351)
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:5.9.1-9
- Rebuilt with OpenSSL 3.0.0
* Wed Sep 01 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-8
- fix FTBFS (#1999475)
* Thu Jul 29 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-7
- revert cflags modification in net-snmp-config as was reverted in upstream
and add proper dependency to net-snmp-devel sub-package (#1544527)
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jul 19 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-5
- fix UseNumeric in Python library (#1970937)
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1:5.9.1-4
- Rebuilt for Python 3.10
* Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-3
- disable DES for F35+
* Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-2
- restore DES for F34 and F33
* Wed May 26 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-1
- New upstream release 5.9.1 (#1946399)
- remove DES support
* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.9-10
- Perl 5.34 rebuild
* Mon Mar 15 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-9
- fix issue with parsing IPv4 address twice
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1:5.9-8
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Thu Feb 04 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-7
- remove file with unsupported license
- use make and make install macros
* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-6
- add support for digests detected from ECC certificates
- add support for intermediate certificates
- fix crash caused by small buffer size
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-4
- fix issue with parsing long trap headers (#1912725)
- fix error message when the address specified by clientaddr option
is wrong or cannot be bound (#1877375)
- log error with /proc/net/if_inet6 only when IPv6 is enabled (#1824367)
- fix issue with quoting empty passphrase (#1817225)
is wrong or cannot be bound
- fix issue with quoting empty passphrase
* Wed Nov 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18
- fix CVE-2020-15862 (#1875497)
- fix bulk responses for invalid PID (#1817190)
* Wed Nov 18 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-3
- update net-snmp-tmpfs.conf for /var/run to /run (#1893471)
* Tue Aug 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
- add math library in LDFLAGS (#1846252)
* Tue Sep 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-2
- Disable pcre binding
- Add support for available memory report
* Thu Jul 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-16
- remove file due licensing issues (#1690936)
* Mon Aug 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-1
- New upstream release 5.9
* Wed Jun 10 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-15
- proxied OIDs unspecified in proxy statement in snmpd.conf (#1658134)
- UCD-SNMP-MIB::dskTable doesn't update dynamically (#1658185)
- expand SNMPCONFPATH variable (#1660146)
- remove file with Apple license (#1690936)
- log meningful message on duplicate IP address (#1692286)
- memory reporting adjustment (#1695497 and #1766521)
- fix typos in man page (#1700262)
- speedup ipAddressTable loading(#1700391)
- fix memory leak when shut down librpm (#1763008)
- services starts after network-online.target (#1775304)
- add missing part of memory leak patch (#1829860)
- add support for AES192 and AES256 (#1846252)
* Tue Aug 04 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-25
- link math library to fix FTBFS for hplip (#1863855)
* Mon Mar 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-14
- fix double free or corruption error when freeing security context (#1809077)
- remove deprecated CFLAG
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Feb 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-13
- fix double free or corruption error (#1726373)
* Tue Jul 07 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-23
- change /var/run/net-snmp to /run/net-snmp (#1737631)
* Wed Nov 06 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-12
- fix tmpfiles path (#1710784)
* Tue Jul 07 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-22
- proxied OIDs unspecified in proxy statement in snmpd.conf
- UCD-SNMP-MIB::dskTable doesn't update dynamically
- expand SNMPCONFPATH variable
- log meningful message on duplicate IP address
- memory reporting adjustment
- fix typos in man page
- speedup ipAddressTable loading
- fix memory leak when shut down librpm
- services starts after network-online.target
- add missing part of memory leak patch
- add support for AES192 and AES256
- fix net-snmp-config wrapper script (#1815984)
* Tue Oct 15 2019 Jiri Kucera <jkucera@redhat.com> - 1:5.8-11
- fix issue with flood messages (#1719350)
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.8-21
- Perl 5.32 rebuild
* Thu Jun 27 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-10
- fix trapsink port issue (#1677192)
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-20
- Rebuilt for Python 3.9
* Fri May 24 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-9
- rebuild for autoconf
* Thu Apr 09 2020 Josef Ridky <jridky@redhat.com> -1:5.8-19
- update skip_autofs patch (#1810104)
- exit snmpd after snmpd -h command
- fix issues found by coverity scan
- fix issue with flood messages
- fix double free or corruption error when freeing security context
* Tue May 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-8
- fix daemon crash on resend request (#1694047)
* Tue Mar 24 2020 Petr Pisar <ppisar@redhat.com> - 1:5.8-18
- Build-require Perl dependencies for running the tests
* Thu Feb 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-7
- fix address assigning for IPv6 clientaddr option (#1672668)
* Wed Feb 26 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
- fix config error with RPM library (#1807274)
* Wed Dec 05 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-6
- fix discovered issues from coverity scan (#1602630)
* Mon Feb 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-16
- set net-snmp-devel as requirement for net-snmp-perl
* Thu Oct 04 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-5
- exit snmpd after snmpd -h command (#1634811)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Sep 25 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-4
- fix annocheck distro flag failures (#1624151)
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-14
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Tue Sep 04 2018 Josh Boyer <jwboyer@redhat.com> - 1:5.8-3
- Change gcc Requires to BuildRequires (#1625189)
* Thu Sep 19 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-13
- Fix snmpv3 trap forwarding (#1753506)
* Mon Aug 13 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
- fix default configuration file (#1589480 and #1594147)
- modify permissions for config files (#1601060)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-12
- Rebuilt for Python 3.8
* Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
- remove python package and update to the last upstream version (#1584510)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jun 28 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-10
- remove file with unsupported license
- fix daemon crash on resend request (#1663027)
- fix issue with trapsink default port
* Mon Jun 10 22:13:21 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:5.8-9
- Rebuild for RPM 4.15
* Mon Jun 10 15:42:03 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:5.8-8
- Rebuild for RPM 4.15
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.8-7
- Perl 5.30 rebuild
* Thu Feb 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-6
- fix IPv6 address assignment for clientaddr option (#1673272)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:5.8-4
- Rebuilt for libcrypt.so.2 (#1666033)
* Tue Nov 27 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-3
- backport memory leak fixes from upstream
- add fPIE to CFLAGS (#1543853)
- use default LDFLAGS
* Mon Jul 23 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
- fix unresoved error with mysql functions
- implement changes to announce soname changes
* Wed Jul 18 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
- New upstream release 5.8
- remove APSL downstream patch due this copyright is already
coveret by part 8 in COPYING file
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.7.3-42
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat Jul 07 2018 Miro Hrončok <mhroncok@redhat.com> - 1:5.7.3-41
- Rebuilt for Python 3.7
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.7.3-40
- Perl 5.28 rebuild
* Mon May 21 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-39
- python3 support draft
* Mon May 21 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-38
- revert Python3 support
* Tue Mar 27 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-37
- backport upstream patch for structure iterator
* Thu Mar 08 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-36
- CVE-2018-1000116 Heap corruption in snmp_pdu_parse (#1552844)

0
SOURCES/net-snmpd.sysconfig → net-snmpd.sysconfig
View File

0
SOURCES/net-snmptrapd.sysconfig → net-snmptrapd.sysconfig
View File

37
plans/tier1.fmf Normal file
View File

@ -0,0 +1,37 @@
---
summary: Tier1 plan for net-snmp
discover:
how: fmf
url: https://pkgs.devel.redhat.com/git/tests/net-snmp
ref: master
filter: tier:1
prepare:
# Enable beaker-tasks repository
- how: shell
script: |
set -euxo pipefail
ENABLE_REPO_CMD="yum-config-manager --enable"
if command -v dnf >/dev/null 2>&1; then
ENABLE_REPO_CMD="dnf config-manager --set-enabled"
fi
${ENABLE_REPO_CMD} beaker-tasks || :
# Enable buildroot repository
- how: shell
script: |
set -exuo pipefail
if [[ -f /etc/os-release ]]; then
. /etc/os-release
if [[ "${ID:-}" == "rhel" && "${VERSION_ID%%.*}" -ge 8 ]]; then
dnf config-manager --enable rhel-CRB
fi
fi
execute:
how: tmt

0
SOURCES/snmpd.service → snmpd.service
View File

0
SOURCES/snmptrapd.service → snmptrapd.service
View File

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (net-snmp-5.9.4.tar.gz) = d6be297c6ca2db848420130cad8fb49aca143b35d45337643f99b36a18222208d3d7f94500d2ef36a449c3211957531710e7cebbe664b7ed3810417c03d02cc8