Compare commits

...

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

68 changed files with 1183 additions and 2853 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/net-snmp-5.8.tar.gz
SOURCES/net-snmp-5.9.1.tar.gz

View File

@ -1 +1 @@
81654b086af051edbe7e03ba49672aa0c2ab1d38 SOURCES/net-snmp-5.8.tar.gz
0326d0e07c86f52100ceadd42c875a446309a846 SOURCES/net-snmp-5.9.1.tar.gz

View File

@ -1,70 +0,0 @@
diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c
--- old/agent/mibgroup/agent/extend.c 2020-11-11 12:41:46.377115142 +0100
+++ new/agent/mibgroup/agent/extend.c 2020-11-11 12:50:28.047142105 +0100
@@ -16,6 +16,12 @@
#define SHELLCOMMAND 3
#endif
+/* This mib is potentially dangerous to turn on by default, since it
+ * allows arbitrary commands to be set by anyone with SNMP WRITE
+ * access to the MIB table. If all of your users are "root" level
+ * users, then it may be safe to turn on. */
+#define ENABLE_EXTEND_WRITE_ACCESS 0
+
netsnmp_feature_require(extract_table_row_data)
netsnmp_feature_require(table_data_delete_table)
#ifndef NETSNMP_NO_WRITE_SUPPORT
@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
*
**********/
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
case MODE_SET_RESERVE1:
/*
* Validate the new assignments
@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
break;
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
default:
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
/*
* If we're marking a given row as active,
* then we need to check that it's ready.
@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
@@ -1571,7 +1577,7 @@ fixExec2Error(int action,
idx = name[name_len-1] -1;
exten = &compatability_entries[ idx ];
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
switch (action) {
case MODE_SET_RESERVE1:
if (var_val_type != ASN_INTEGER) {
@@ -1592,7 +1598,7 @@ fixExec2Error(int action,
case MODE_SET_COMMIT:
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */

View File

@ -1,10 +0,0 @@
926223 - net-snmp: Does not support aarch64 in f19 and rawhide
Update autoconf version to make the test suite happy.
diff -up net-snmp-5.7.2/dist/autoconf-version.autoreconf net-snmp-5.7.2/dist/autoconf-version
--- net-snmp-5.7.2/dist/autoconf-version.autoreconf 2013-03-25 13:00:15.002745347 +0100
+++ net-snmp-5.7.2/dist/autoconf-version 2013-03-25 13:00:17.207736442 +0100
@@ -1 +1 @@
-2.68
+2.69

View File

@ -1,128 +0,0 @@
diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in
--- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200
@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@
diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in
--- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200
@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
--- a/apps/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/Makefile.in 2018-09-25 09:38:18.361298461 +0200
@@ -156,37 +156,37 @@ OTHERUNINSTALL=snmpinformuninstall snmpt
# build rules
#
snmpwalk$(EXEEXT): snmpwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkwalk$(EXEEXT): snmpbulkwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkget$(EXEEXT): snmpbulkget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptranslate$(EXEEXT): snmptranslate.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpstatus$(EXEEXT): snmpstatus.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpget$(EXEEXT): snmpget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdelta$(EXEEXT): snmpdelta.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptable$(EXEEXT): snmptable.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpinform$(EXEEXT): snmptrap$(EXEEXT)
rm -f snmpinform
@@ -197,34 +197,34 @@ snmptop$(EXEEXT): snmpps$(EXEEXT)
$(LN_S) snmpps$(EXEEXT) snmptop$(EXEEXT)
snmpset$(EXEEXT): snmpset.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpusm$(EXEEXT): snmpusm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpvacm$(EXEEXT): snmpvacm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptls$(EXEEXT): snmptls.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
agentxtrap$(EXEEXT): agentxtrap.$(OSUFFIX) $(USEAGENTLIBS)
$(LINK) ${CFLAGS} -o $@ agentxtrap.$(OSUFFIX) ${LDFLAGS} $(USEAGENTLIBS) $(PERLLDOPTS_FOR_APPS) ${LIBS}
snmpgetnext$(EXEEXT): snmpgetnext.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
encode_keychange$(EXEEXT): encode_keychange.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdf$(EXEEXT): snmpdf.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpps$(EXEEXT): snmpps.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
snmpping$(EXEEXT): snmpping.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
+ $(LINK) ${CFLAGS} -o $@ -pie snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
diff -urNp a/apps/snmpnetstat/Makefile.in b/apps/snmpnetstat/Makefile.in
--- a/apps/snmpnetstat/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/snmpnetstat/Makefile.in 2018-09-25 09:39:30.406458117 +0200
@@ -34,4 +34,4 @@ LIBS= ../../snmplib/libnetsnmp.$(LIB_EX
all: standardall
snmpnetstat$(EXEEXT): ${LOBJS} ${USELIBS}
- ${LINK} ${CFLAGS} -o $@ ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}
+ ${LINK} ${CFLAGS} -o $@ -pie ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}

View File

@ -1,100 +0,0 @@
From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 27 Apr 2020 08:23:16 -0700
Subject: [PATCH] configure: Report supported authentication and encryption
modes correctly
Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
protocol constants handling") added support for several AES encryption modes.
Make the configure script report which modes are supported.
---
configure | 15 ++++++++++++++-
configure.d/config_os_misc2 | 15 ++++++++++++++-
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 46402589f..7481ebd07 100755
--- a/configure
+++ b/configure
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
$as_echo "Internal Crypto Support" >&6; }
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -26492,6 +26498,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
index 1df9bf0a2..be0bccec0 100644
--- a/configure.d/config_os_misc2
+++ b/configure.d/config_os_misc2
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
AC_MSG_RESULT(Internal Crypto Support)
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -86,6 +92,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
AC_SUBST(LNETSNMPLIBS)
AC_SUBST(LAGENTLIBS)
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200
+++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200
@@ -58,11 +58,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ DES|AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ des|aes|aes128|aes192|aes256)
Xalgorithm=`echo $1 | tr a-z A-Z`
shift
;;

View File

@ -1,122 +0,0 @@
diff -urNp a/agent/agent_trap.c b/agent/agent_trap.c
--- a/agent/agent_trap.c 2019-02-13 13:10:36.862269252 +0100
+++ b/agent/agent_trap.c 2019-02-13 15:02:11.396042356 +0100
@@ -174,6 +174,11 @@ _trap_version_incr(int version)
case SNMP_VERSION_3:
++_v2_sessions;
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
@@ -201,6 +206,11 @@ _trap_version_decr(int version)
_v2_sessions = 0;
}
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
diff -urNp old/agent/mibgroup/agentx/master.c new/agent/mibgroup/agentx/master.c
--- old/agent/mibgroup/agentx/master.c 2019-04-03 12:13:55.115769783 +0200
+++ new/agent/mibgroup/agentx/master.c 2019-04-10 09:49:53.277168497 +0200
@@ -280,6 +280,11 @@ agentx_got_response(int operation,
netsnmp_free_delegated_cache(cache);
return 0;
+ case NETSNMP_CALLBACK_OP_RESEND:
+ DEBUGMSGTL(("agentx/master", "resend on session %8p req=0x%x\n",
+ session, (unsigned)reqid));
+ return 0;
+
case NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE:
/*
* This session is alive
diff -urNp old/snmplib/snmp_api.c new/snmplib/snmp_api.c
--- old/snmplib/snmp_api.c 2019-04-24 00:28:34.904357292 +0200
+++ new/snmplib/snmp_api.c 2019-04-24 00:24:40.101830685 +0200
@@ -352,6 +352,7 @@ static int snmpv3_build(u_char ** p
netsnmp_pdu *pdu);
static int snmp_parse_version(u_char *, size_t);
static int snmp_resend_request(struct session_list *slp,
+ netsnmp_request_list *orp,
netsnmp_request_list *rp,
int incr_retries);
static void register_default_handlers(void);
@@ -5717,7 +5718,7 @@ _sess_process_packet_handle_pdu(void *se
* * inifinite resend
*/
if (rp->retries <= sp->retries) {
- snmp_resend_request(slp, rp, TRUE);
+ snmp_resend_request(slp, orp, rp, TRUE);
break;
} else {
/* We're done with retries, so no longer waiting for a response */
@@ -6662,9 +6663,22 @@ snmp_timeout(void)
snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION);
}
+static void
+remove_request(struct snmp_internal_session *isp,
+ netsnmp_request_list *orp, netsnmp_request_list *rp)
+{
+ if (orp)
+ orp->next_request = rp->next_request;
+ else
+ isp->requests = rp->next_request;
+ if (isp->requestsEnd == rp)
+ isp->requestsEnd = orp;
+ snmp_free_pdu(rp->pdu);
+}
+
static int
-snmp_resend_request(struct session_list *slp, netsnmp_request_list *rp,
- int incr_retries)
+snmp_resend_request(struct session_list *slp, netsnmp_request_list *orp,
+ netsnmp_request_list *rp, int incr_retries)
{
struct snmp_internal_session *isp;
netsnmp_session *sp;
@@ -6731,9 +6745,11 @@ snmp_resend_request(struct session_list
sp->s_snmp_errno = SNMPERR_BAD_SENDTO;
sp->s_errno = errno;
snmp_set_detail(strerror(errno));
- if (rp->callback)
+ if (rp->callback) {
rp->callback(NETSNMP_CALLBACK_OP_SEND_FAILED, sp,
rp->pdu->reqid, rp->pdu, rp->cb_data);
+ remove_request(isp, orp, rp);
+ }
return -1;
} else {
netsnmp_get_monotonic_clock(&now);
@@ -6813,19 +6829,12 @@ snmp_sess_timeout(void *sessp)
callback(NETSNMP_CALLBACK_OP_TIMED_OUT, sp,
rp->pdu->reqid, rp->pdu, magic);
}
- if (orp)
- orp->next_request = rp->next_request;
- else
- isp->requests = rp->next_request;
- if (isp->requestsEnd == rp)
- isp->requestsEnd = orp;
- snmp_free_pdu(rp->pdu);
+ remove_request(isp, orp, rp);
freeme = rp;
continue; /* don't update orp below */
} else {
- if (snmp_resend_request(slp, rp, TRUE)) {
+ if (snmp_resend_request(slp, orp, rp, TRUE))
break;
- }
}
}
orp = rp;

View File

@ -1,12 +0,0 @@
diff -urNp a/agent/mibgroup/agentx/master.c b/agent/mibgroup/agentx/master.c
--- a/agent/mibgroup/agentx/master.c 2018-07-18 12:13:49.953014652 +0200
+++ b/agent/mibgroup/agentx/master.c 2018-07-18 12:20:23.537626773 +0200
@@ -221,7 +221,7 @@ agentx_got_response(int operation,
/* response is too late, free the cache */
if (magic)
netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic);
- return 0;
+ return 1;
}
requests = cache->requests;

View File

@ -1,86 +0,0 @@
From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 12:21:59 -0800
Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
Handle length zero correctly.
Fixes: https://github.com/net-snmp/net-snmp/issues/253
Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
---
snmplib/asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
index e983500e7..33c272768 100644
--- a/snmplib/asn1.c
+++ b/snmplib/asn1.c
@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
* long length; first byte is length of length (after masking high bit)
*/
len_len = (int) ((*pkt & ~0x80) + 1);
- if ((int) pkt_len <= len_len )
+ if (pkt_len < len_len)
return NULL; /* still too short for length and data */
/* now we know we have enough data to parse length */
From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 10:00:33 -0800
Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
test
Add a reproducer for the bug fixed by the previous patch.
---
.../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++
1 file changed, 41 insertions(+)
create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
new file mode 100644
index 000000000..5c21ccdc7
--- /dev/null
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
@@ -0,0 +1,41 @@
+/* HEADER Parsing of an SNMP trap with no varbinds */
+netsnmp_pdu pdu;
+int rc;
+static u_char trap_pdu[] = {
+ /* Sequence with length of 0x2d = 45 bytes. */
+ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
+ /* version = INTEGER 0 */
+ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
+ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
+ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
+ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
+ /* SNMP_MSG_TRAP; 32 bytes. */
+ [15] = 0xa4, [16] = 0x20,
+ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
+ [17] = 0x06, [18] = 0x08,
+ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
+ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
+ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
+ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
+ [31] = 0x01, [32] = 0x22,
+ /* generic-trap = INTEGER 0 */
+ [33] = 0x02, [34] = 0x01, [35] = 0x00,
+ /* specific-trap = INTEGER 0 */
+ [36] = 0x02, [37] = 0x01, [38] = 0x00,
+ /* ASN_TIMETICKS 0x117f243a */
+ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
+ [43] = 0x24, [44] = 0x3a,
+ /* varbind list */
+ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
+};
+static size_t trap_pdu_length = sizeof(trap_pdu);
+netsnmp_session session;
+
+snmp_set_do_debugging(TRUE);
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
+memset(&session, 0, sizeof(session));
+snmp_sess_init(&session);
+memset(&pdu, 0, sizeof(pdu));
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
+
+OKF((rc == 0), ("Parsing of a trap PDU"));

View File

@ -1,199 +0,0 @@
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntctl.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:15:46.782859398 +0200
@@ -43,8 +43,9 @@ _fsys_type( int type)
case MNT_NFS:
case MNT_NFS3:
- case MNT_AUTOFS:
return NETSNMP_FS_TYPE_NFS;
+ case MNT_AUTOFS:
+ return NETSNMP_FS_TYPE_AUTOFS;
/*
* The following code covers selected filesystems
@@ -156,10 +157,12 @@ netsnmp_fsys_arch_load( void )
/*
* Optionally skip retrieving statistics for remote mounts
+ * AUTOFS is skipped by default
*/
- if ( (entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
+ if ( ((entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
- NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
+ NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES)) ||
+ entry->type == (NETSNMP_FS_TYPE_AUTOFS))
continue;
if ( statfs( entry->path, &stat_buf ) < 0 ) {
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:15:46.782859398 +0200
@@ -150,6 +150,13 @@ _fsys_type( char *typename )
!strcmp(typename, MNTTYPE_LOFS))
return NETSNMP_FS_TYPE_OTHER;
+ /* Detection of AUTOFS.
+ * This file system will be ignored by default
+ */
+ else if ( !strcmp(typename, MNTTYPE_AUTOFS))
+ return NETSNMP_FS_TYPE_AUTOFS;
+
+
/*
* All other types are silently skipped
*/
@@ -239,6 +246,10 @@ netsnmp_fsys_arch_load( void )
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
continue;
+ /* Skip AUTOFS enteries */
+ if ( entry->type == (NETSNMP_FS_TYPE_AUTOFS))
+ continue;
+
#ifdef irix6
if ( NSFS_STATFS( entry->path, &stat_buf, sizeof(struct statfs), 0) < 0 )
#else
diff -urNp b/agent/mibgroup/hardware/fsys/mnttypes.h net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h
--- b/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:15:46.782859398 +0200
@@ -165,6 +165,9 @@
#ifndef MNTTYPE_APP
#define MNTTYPE_APP "app"
#endif
+#ifndef MNTTYPE_AUTOFS
+#define MNTTYPE_AUTOFS "autofs"
+#endif
#ifndef MNTTYPE_DEVPTS
#define MNTTYPE_DEVPTS "devpts"
#endif
diff -urNp b/agent/mibgroup/host/hr_filesys.c net-snmp-5.8/agent/mibgroup/host/hr_filesys.c
--- b/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:15:46.783859399 +0200
@@ -834,6 +834,27 @@ Check_HR_FileSys_NFS (void)
return 0; /* no NFS file system */
}
+/* This function checks whether current file system is an AutoFs
+ * HRFS_entry must be valid prior to calling this function
+ * return 1 if AutoFs, 0 otherwise
+ */
+int
+Check_HR_FileSys_AutoFs (void)
+{
+#if HAVE_GETFSSTAT
+ if ( HRFS_entry->HRFS_type != NULL &&
+#if defined(MNTTYPE_AUTOFS)
+ !strcmp( HRFS_entry->HRFS_type, MNTTYPE_AUTOFS)
+#else
+ !strcmp( HRFS_entry->HRFS_type, "autofs")
+#endif
+ )
+#endif /* HAVE_GETFSSTAT */
+ return 1; /* AUTOFS */
+
+ return 0; /* no AUTOFS */
+}
+
void
End_HR_FileSys(void)
{
diff -urNp b/agent/mibgroup/host/hr_filesys.h net-snmp-5.8/agent/mibgroup/host/hr_filesys.h
--- b/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:15:46.784859400 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_filesys.c net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c
--- b/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:15:46.785859402 +0200
@@ -429,3 +429,9 @@ Check_HR_FileSys_NFS (void)
{
return (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) ? 1 : 0;
}
+
+int
+Check_HR_FileSys_AutoFs (void)
+{
+ return (HRFS_entry->type == (NETSNMP_FS_TYPE_AUTOFS)) ? 1 : 0;
+}
diff -urNp b/agent/mibgroup/host/hrh_filesys.h net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h
--- b/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:15:46.785859402 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrhfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_storage.c net-snmp-5.8/agent/mibgroup/host/hrh_storage.c
--- b/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -367,9 +367,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (store_idx <= NETSNMP_MEM_TYPE_MAX ) {
mem = (netsnmp_memory_info*)ptr;
@@ -508,7 +509,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/agent/mibgroup/host/hr_storage.c net-snmp-5.8/agent/mibgroup/host/hr_storage.c
--- b/agent/mibgroup/host/hr_storage.c 2018-07-18 16:12:20.670499644 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (HRFS_statfs(HRFS_entry->HRFS_mount, &stat_buf) < 0) {
snmp_log_perror(HRFS_entry->HRFS_mount);
@@ -683,7 +684,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/include/net-snmp/agent/hardware/fsys.h net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h
--- b/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:12:20.649499726 +0200
+++ net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:19:33.994918912 +0200
@@ -41,6 +41,7 @@ typedef struct netsnmp_fsys_info_s netsn
#define NETSNMP_FS_TYPE_SYSFS (4 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_TYPE_TMPFS (5 | _NETSNMP_FS_TYPE_LOCAL)
#define NETSNMP_FS_TYPE_USBFS (6 | _NETSNMP_FS_TYPE_LOCAL)
+#define NETSNMP_FS_TYPE_AUTOFS (7 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_FLAG_ACTIVE 0x01
#define NETSNMP_FS_FLAG_REMOTE 0x02

View File

@ -1,90 +0,0 @@
diff -urNp a/agent/mibgroup/host/hrh_filesys.c b/agent/mibgroup/host/hrh_filesys.c
--- a/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:30:07.744455758 +0200
+++ b/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:32:50.657160232 +0200
@@ -219,6 +219,7 @@ var_hrhfilesys(struct variable *vp,
{
int fsys_idx;
static char *string;
+ static char empty_str[1];
fsys_idx =
header_hrhfilesys(vp, name, length, exact, var_len, write_method);
@@ -235,7 +236,7 @@ var_hrhfilesys(struct variable *vp,
*var_len = 0;
if (asprintf(&string, "%s", HRFS_entry->path) >= 0)
*var_len = strlen(string);
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_RMOUNT:
free(string);
if (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) {
@@ -245,7 +246,7 @@ var_hrhfilesys(struct variable *vp,
string = strdup("");
}
*var_len = string ? strlen(string) : 0;
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_TYPE:
fsys_type_id[fsys_type_len - 1] =
diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:30:07.728455689 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:34:32.722597366 +0200
@@ -842,6 +842,7 @@ var_extensible_disk(struct variable *vp,
struct dsk_entry entry;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
int i;
for (i = 0; i < numdisks; i++){
@@ -950,7 +951,7 @@ tryAgain:
*var_len = strlen(errmsg);
}
}
- return (u_char *) (errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/disk_hw.c b/agent/mibgroup/ucd-snmp/disk_hw.c
--- a/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:30:07.727455684 +0200
+++ b/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:35:53.420943010 +0200
@@ -314,6 +314,7 @@ var_extensible_disk(struct variable *vp,
unsigned long long val;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
netsnmp_cache *cache;
/* Update the fsys H/W module */
@@ -432,7 +433,7 @@ tryAgain:
>= 0)) {
*var_len = strlen(errmsg);
}
- return (u_char *) errmsg;
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/proc.c b/agent/mibgroup/ucd-snmp/proc.c
--- a/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:30:07.725455676 +0200
+++ b/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:37:31.143361548 +0200
@@ -267,7 +267,7 @@ var_extensible_proc(struct variable *vp,
struct myproc *proc;
static long long_ret;
static char *errmsg;
-
+ static char empty_str[1];
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numprocs))
@@ -330,7 +330,7 @@ var_extensible_proc(struct variable *vp,
}
}
*var_len = errmsg ? strlen(errmsg) : 0;
- return ((u_char *) errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
case ERRORFIX:
*write_method = fixProcError;
long_return = fixproc.result;

View File

@ -1,51 +0,0 @@
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-09-29 14:08:09.821479662 +0200
+++ b/snmplib/snmp_api.c 2020-10-01 10:15:46.607374362 +0200
@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session
session->retries = SNMP_DEFAULT_RETRIES;
session->version = SNMP_DEFAULT_VERSION;
session->securityModel = SNMP_DEFAULT_SECMODEL;
- session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
+ session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
session->sndMsgMaxSize = netsnmp_max_send_msg_size();
session->flags |= SNMP_FLAGS_DONT_PROBE;
}
@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
/*
* build a scopedPDU structure into spdu_buf
*/
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "ScopedPdu");
cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
&spdu_hdr_e);
@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
*/
DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
if (pdu_data) {
+ if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
+ snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
+ __func__, pdu_data_len, sizeof(spdu_buf));
+ return -1;
+ }
memcpy(cp, pdu_data, pdu_data_len);
cp += pdu_data_len;
} else {
@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
* re-encode the actual ASN.1 length of the scopedPdu
*/
spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
if (asn_build_sequence(spdu_buf, &spdu_buf_len,
(u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
spdu_len) == NULL)
@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
* message - the entire message to transmitted on the wire is returned
*/
cp = NULL;
- *out_length = SNMP_MAX_MSG_SIZE;
+ *out_length = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
sptr = find_sec_mod(pdu->securityModel);
if (sptr && sptr->encode_forward) {

View File

@ -1,12 +0,0 @@
diff -urNp a/local/net-snmp-cert b/local/net-snmp-cert
--- a/local/net-snmp-cert 2021-10-11 09:08:53.451970484 +0200
+++ b/local/net-snmp-cert 2021-10-11 09:11:36.765386413 +0200
@@ -1002,7 +1002,7 @@ sub make_openssl_conf {
rdir = .
dir = $ENV::DIR
RANDFILE = $rdir/.rand
-MD = sha1
+MD = sha512
KSIZE = 2048
CN = net-snmp.org
EMAIL = admin@net-snmp.org

View File

@ -1,112 +0,0 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/agent/default_store/Makefile.PL b/perl/agent/default_store/Makefile.PL
--- a/perl/agent/default_store/Makefile.PL 2018-07-18 13:43:12.170426290 +0200
+++ b/perl/agent/default_store/Makefile.PL 2018-07-18 13:51:31.812176486 +0200
@@ -83,7 +83,7 @@ sub AgentDefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Makefile.PL b/perl/agent/Makefile.PL
--- a/perl/agent/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Makefile.PL 2018-07-18 13:52:53.884973275 +0200
@@ -98,7 +98,7 @@ sub AgentInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . $Params{'LIBS'};
# $Params{'PREREQ_PM'} = {'NetSNMP::OID' => '0.1'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Support/Makefile.PL b/perl/agent/Support/Makefile.PL
--- a/perl/agent/Support/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Support/Makefile.PL 2018-07-18 13:53:11.414929921 +0200
@@ -90,7 +90,7 @@ sub SupportInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/ASN/Makefile.PL b/perl/ASN/Makefile.PL
--- a/perl/ASN/Makefile.PL 2018-07-18 13:43:12.171426287 +0200
+++ b/perl/ASN/Makefile.PL 2018-07-18 13:53:46.652842822 +0200
@@ -93,7 +93,7 @@ sub AsnInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/default_store/Makefile.PL b/perl/default_store/Makefile.PL
--- a/perl/default_store/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/default_store/Makefile.PL 2018-07-18 13:54:20.814758441 +0200
@@ -83,7 +83,7 @@ sub DefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/OID/Makefile.PL b/perl/OID/Makefile.PL
--- a/perl/OID/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/OID/Makefile.PL 2018-07-18 13:54:43.348702811 +0200
@@ -90,7 +90,7 @@ sub OidInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = {'SNMP' => '5.0'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/SNMP/Makefile.PL b/perl/SNMP/Makefile.PL
--- a/perl/SNMP/Makefile.PL 2018-07-18 13:43:12.173426282 +0200
+++ b/perl/SNMP/Makefile.PL 2018-07-18 13:55:07.220643903 +0200
@@ -103,7 +103,7 @@ sub SnmpInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = { 'NetSNMP::default_store' => 0.01 };
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if (!$ENV{'NETSNMP_PREFIX'}) {
$prefix = `$opts->{'nsconfig'} --prefix`;
diff -urNp a/perl/TrapReceiver/Makefile.PL b/perl/TrapReceiver/Makefile.PL
--- a/perl/TrapReceiver/Makefile.PL 2018-07-18 13:43:12.172426285 +0200
+++ b/perl/TrapReceiver/Makefile.PL 2018-07-18 13:55:43.100647233 +0200
@@ -132,7 +132,7 @@ sub TrapReceiverInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . " $Params{'LIBS'}";
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";

View File

@ -30,6 +30,6 @@ diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snm
errno, strerror(errno)));
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
+ strerror(errno)));
netsnmp_socketbase_close(t);
return 1;
goto err;
}

View File

@ -1,68 +0,0 @@
diff -urNp a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
--- a/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 10:43:38.722444233 +0200
+++ b/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 11:01:46.503253963 +0200
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
diff -urNp a/agent/mibgroup/hardware/cpu/cpu_linux.c b/agent/mibgroup/hardware/cpu/cpu_linux.c
--- a/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 10:43:38.697444449 +0200
+++ b/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 11:12:07.109024625 +0200
@@ -122,6 +122,7 @@ int netsnmp_cpu_arch_load( netsnmp_cache
bsize = getpagesize()-1;
buff = (char*)malloc(bsize+1);
if (buff == NULL) {
+ close(statfd);
return -1;
}
}
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 10:43:38.711444328 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 11:16:45.532231535 +0200
@@ -543,15 +543,18 @@ netsnmp_access_ipaddress_extra_prefix_in
status = send (sd, &req, req.nlhdr.nlmsg_len, 0);
if (status < 0) {
snmp_log(LOG_ERR, "could not send netlink request\n");
+ close(sd);
return -1;
}
status = recv (sd, buf, sizeof(buf), 0);
if (status < 0) {
snmp_log (LOG_ERR, "could not recieve netlink request\n");
+ close(sd);
return -1;
}
if (status == 0) {
snmp_log (LOG_ERR, "nothing to read\n");
+ close(sd);
return -1;
}
for (nlmp = (struct nlmsghdr *)buf; status > sizeof(*nlmp); ){
@@ -561,11 +564,13 @@ netsnmp_access_ipaddress_extra_prefix_in
if (req_len < 0 || len > status) {
snmp_log (LOG_ERR, "invalid netlink message\n");
+ close(sd);
return -1;
}
if (!NLMSG_OK (nlmp, status)) {
snmp_log (LOG_ERR, "invalid NLMSG message\n");
+ close(sd);
return -1;
}
rtmp = (struct ifaddrmsg *)NLMSG_DATA(nlmp);

View File

@ -1,35 +0,0 @@
From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:21:16 -0700
Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
The Linux kernel regenerates proc files in their entirety every time a 4 KiB
boundary is crossed. This can result in reading the same network interface
twice if network information changes while it is being read. Fix a memory
leak that can be triggered if /proc/net/dev changes while being read.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e99360a216..215b30e806 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
/*
* add to container
*/
- CONTAINER_INSERT(container, entry);
+ if (CONTAINER_INSERT(container, entry) != 0) {
+ netsnmp_interface_entry *existing =
+ CONTAINER_FIND(container, entry);
+ NETSNMP_LOGONCE((LOG_WARNING,
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ entry->index, existing ? existing->name : "(?)",
+ entry->name));
+ netsnmp_access_interface_entry_free(entry);
+ }
}
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

View File

@ -1,12 +0,0 @@
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2018-07-18 11:11:53.227015237 +0200
+++ b/net-snmp-create-v3-user.in 2018-07-18 11:12:13.375010176 +0200
@@ -137,7 +137,7 @@ fi
echo $line >> $outfile
prefix="@prefix@"
datarootdir="@datarootdir@"
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " " $line

View File

@ -1,48 +0,0 @@
From 1bb941d6fcd7ac2db5a54b95ee0ed07ec9861e70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Fri, 12 Mar 2021 10:15:30 +0100
Subject: [PATCH] Prevent parsing IP address twice (#199)
This fixes issue, that is caused by parsing IP address twice.
First as IPv4 and as IPv6 at second, even thow the address was
properly parsed as a valid IPv4 address.
---
snmplib/transports/snmpUDPDomain.c | 2 +-
snmplib/transports/snmpUDPIPv6Domain.c | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index b96497f3a3..b594a389b9 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -387,7 +387,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
/* Nope, wasn't a dotted quad. Must be a hostname. */
int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
if (ret < 0) {
- config_perror("cannot resolve source hostname");
+ config_perror("cannot resolve IPv4 source hostname");
return;
}
}
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index 238c8a9d63..7db19c5c02 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -736,7 +736,15 @@ netsnmp_udp6_parse_security(const char *token, char *param)
memset(&pton_addr.sin6_addr.s6_addr, '\0',
sizeof(struct in6_addr));
} else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) {
- /* Nope, wasn't a numeric address. Must be a hostname. */
+ /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */
+
+ /* Try interpreting as dotted quad - IPv4 */
+ struct in_addr network;
+ if (inet_pton(AF_INET, sourcep, &network) > 0){
+ /* Yes, it's IPv4 - so it's already parsed and we can return. */
+ DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n"));
+ return;
+ }
#if HAVE_GETADDRINFO
int gai_error;

View File

@ -1,30 +0,0 @@
From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
From: Josef Ridky <jridky@redhat.com>
Date: Wed, 18 Nov 2020 20:54:34 -0800
Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
See also https://github.com/net-snmp/net-snmp/issues/86.
Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
Reported-by: Chris Cheney
---
net-snmp-create-v3-user.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 452c2699d..31b4c58c1 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -120,7 +120,11 @@ fi
fi
outdir="@PERSISTENT_DIRECTORY@"
outfile="$outdir/snmpd.conf"
-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+if test "x$xpassphrase" = "x" ; then
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
+else
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+fi
echo "adding the following line to $outfile:"
echo " " $line
# in case it hasn't ever been started yet, start it.

View File

@ -1,25 +0,0 @@
From 79f014464ba761e2430cc767b021993ab9379822 Mon Sep 17 00:00:00 2001
From: Wes Hardaker <opensource@hardakers.net>
Date: Tue, 8 Jan 2019 08:52:29 -0800
Subject: [PATCH] NEWS: snmptrap: BUG: 2899: Patch from Drew Roedersheimer to
set library engineboots/time values before sending
---
apps/snmptrap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/apps/snmptrap.c b/apps/snmptrap.c
index d16d2fa671..12808d07e4 100644
--- a/apps/snmptrap.c
+++ b/apps/snmptrap.c
@@ -237,6 +237,9 @@ main(int argc, char *argv[])
session.engineBoots = 1;
if (session.engineTime == 0) /* not really correct, */
session.engineTime = get_uptime(); /* but it'll work. Sort of. */
+
+ set_enginetime(session.securityEngineID, session.securityEngineIDLen,
+ session.engineBoots, session.engineTime, TRUE);
}
ss = snmp_add(&session,

View File

@ -1,67 +0,0 @@
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-06-09 12:38:23.196037329 +0200
+++ b/snmplib/snmp_openssl.c 2021-06-09 12:44:11.782503048 +0200
@@ -284,31 +284,30 @@ _cert_get_extension(X509_EXTENSION *oex
}
if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
snmp_log(LOG_ERR, "could not print extension!\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
space = BIO_get_mem_data(bio, &data);
if (buf && *buf) {
- if (*len < space)
- buf_ptr = NULL;
- else
- buf_ptr = *buf;
+ if (*len < space +1) {
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
+ goto out;
+ }
+ buf_ptr = *buf;
+ } else {
+ buf_ptr = calloc(1, space + 1);
}
- else
- buf_ptr = calloc(1,space + 1);
if (!buf_ptr) {
- snmp_log(LOG_ERR,
- "not enough space or error in allocation for extenstion\n");
- BIO_vfree(bio);
- return NULL;
+ snmp_log(LOG_ERR, "error in allocation for extenstion\n");
+ goto out;
}
memcpy(buf_ptr, data, space);
buf_ptr[space] = 0;
if (len)
*len = space;
+out:
BIO_vfree(bio);
return buf_ptr;
@@ -479,7 +478,7 @@ netsnmp_openssl_cert_dump_extensions(X50
{
X509_EXTENSION *extension;
const char *extension_name;
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
int i, num_extensions, buf_len, nid;
if (NULL == ocert)
@@ -499,6 +498,11 @@ netsnmp_openssl_cert_dump_extensions(X50
extension_name = OBJ_nid2sn(nid);
buf_len = sizeof(buf);
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
+ if (!str) {
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
+ extension_name));
+ continue;
+ }
lf = strchr(str, '\n'); /* look for multiline strings */
if (NULL != lf)
*lf = '\0'; /* only log first line of multiline here */

View File

@ -1,26 +0,0 @@
From cd09fd82522861830aaf9d237b26eef5f9ba50d2 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 21 Nov 2018 20:47:42 -0800
Subject: [PATCH] MIB-II: Only log once that opening /proc/net/if_inet6 failed
If IPv6 has been disabled (ipv6.disable=1) then opening /proc/net/if_inet6
fails. Only log this once instead of thousand of times a day.
Reported-by: Fif <lefif@users.sourceforge.net>
---
agent/mibgroup/ip-mib/data_access/ipaddress_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
index 5ddead3e0..280575ce3 100644
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
@@ -234,7 +234,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- snmp_log_perror("ipaddress_linux: could not open " PROCFILE);
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
return -2;
}

View File

@ -1,12 +0,0 @@
diff -urNp a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
--- a/snmplib/transports/snmpUDPIPv6Domain.c 2019-01-24 09:03:05.606441678 +0100
+++ b/snmplib/transports/snmpUDPIPv6Domain.c 2019-02-07 08:59:26.434587244 +0100
@@ -464,7 +464,7 @@ netsnmp_udp6_transport(const struct sock
NETSNMP_DS_LIB_CLIENT_ADDR);
if (client_socket) {
struct sockaddr_in6 client_addr;
- if(!netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
+ if(netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
return netsnmp_udp6_transport_with_source(addr, local,
&client_addr);
}

View File

@ -1,38 +0,0 @@
diff -up net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
--- net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 2022-10-13 11:10:12.206072210 +0200
+++ net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c 2022-10-13 11:10:40.893111569 +0200
@@ -566,6 +566,7 @@ _systemstats_v6_load_systemstats(netsnmp
DEBUGMSGTL(("access:systemstats",
"Failed to load Systemstats Table (linux1), cannot open %s\n",
filename));
+ netsnmp_access_systemstats_entry_free(entry);
return 0;
}
diff --git a/agent/mibgroup/ucd-snmp/lmsensorsMib.c b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
index f709812fdc..ef93eeedc9 100644
--- a/agent/mibgroup/ucd-snmp/lmsensorsMib.c
+++ b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
@@ -94,7 +94,9 @@ initialize_lmSensorsTable(const char *tableName, const oid *tableOID,
netsnmp_table_helper_add_indexes(table_info, ASN_INTEGER, 0);
table_info->min_column = COLUMN_LMSENSORS_INDEX;
table_info->max_column = COLUMN_LMSENSORS_VALUE;
- netsnmp_container_table_register( reg, table_info, container, 0 );
+ if (netsnmp_container_table_register(reg, table_info, container, 0) !=
+ SNMPERR_SUCCESS)
+ return;
/*
* If the HAL sensors module was configured as an on-demand caching
diff -up net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 net-snmp-5.7.2/snmplib/snmp_logging.c
--- net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 2022-10-13 11:11:25.599172905 +0200
+++ net-snmp-5.7.2/snmplib/snmp_logging.c 2022-10-13 11:12:26.986257126 +0200
@@ -534,7 +534,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

View File

@ -1,31 +0,0 @@
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-09-29 14:08:09.742478965 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-10-01 14:20:25.575174851 +0200
@@ -19,6 +19,7 @@
#include <errno.h>
#include <sys/ioctl.h>
+#include <sys/stat.h>
netsnmp_feature_require(prefix_info)
netsnmp_feature_require(find_prefix_info)
@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+
+ /*
+ * If PROCFILE exists, but isn't readable, file ERROR message.
+ * Otherwise log nothing, due of IPv6 support on this machine is
+ * intentionaly disabled/unavailable.
+ */
+
+ struct stat filestat;
+
+ if(stat(PROCFILE, &filestat) == 0){
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+ }
return -2;
}

View File

@ -1,143 +0,0 @@
From 5b8bf5d4130761c3374f9ad618e8a76bb75eb634 Mon Sep 17 00:00:00 2001
From: Yuwei Ba <i@xiaoba.me>
Date: Fri, 21 Aug 2020 15:06:10 +0800
Subject: [PATCH] snmpd: support MemAvailable on Linux
See also https://github.com/net-snmp/net-snmp/pull/167 .
[bvanassche: modified the behavior of this patch]
---
agent/mibgroup/hardware/memory/memory_linux.c | 20 ++++++++++++++++++-
agent/mibgroup/ucd-snmp/memory.c | 12 ++++++++++-
agent/mibgroup/ucd-snmp/memory.h | 1 +
include/net-snmp/agent/hardware/memory.h | 1 +
mibs/UCD-SNMP-MIB.txt | 16 +++++++++++++++
5 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86cde4..4ae235c2d0 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -24,7 +24,8 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
static int first = 1;
ssize_t bytes_read;
char *b;
- unsigned long memtotal = 0, memfree = 0, memshared = 0,
+ int have_memavail = 0;
+ unsigned long memtotal = 0, memavail = 0, memfree = 0, memshared = 0,
buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
@@ -81,6 +82,11 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No MemTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "MemAvailable: ");
+ if (b) {
+ have_memavail = 1;
+ sscanf(b, "MemAvailable: %lu", &memavail);
+ }
b = strstr(buff, "MemFree: ");
if (b)
sscanf(b, "MemFree: %lu", &memfree);
@@ -151,6 +157,18 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
mem->other = -1;
}
+ if (have_memavail) {
+ mem = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 1);
+ if (mem) {
+ if (!mem->descr)
+ mem->descr = strdup("Available memory");
+ mem->units = 1024;
+ mem->size = memavail;
+ mem->free = memavail;
+ mem->other = -1;
+ }
+ }
+
mem = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_VIRTMEM, 1 );
if (!mem) {
snmp_log_perror("No Virtual Memory info entry");
diff --git a/agent/mibgroup/ucd-snmp/memory.c b/agent/mibgroup/ucd-snmp/memory.c
index 371a77e9a5..158b28e67b 100644
--- a/agent/mibgroup/ucd-snmp/memory.c
+++ b/agent/mibgroup/ucd-snmp/memory.c
@@ -26,7 +26,7 @@ init_memory(void)
netsnmp_create_handler_registration("memory", handle_memory,
memory_oid, OID_LENGTH(memory_oid),
HANDLER_CAN_RONLY),
- 1, 26);
+ 1, 27);
netsnmp_register_scalar(
netsnmp_create_handler_registration("memSwapError", handle_memory,
memSwapError_oid, OID_LENGTH(memSwapError_oid),
@@ -272,6 +272,16 @@ handle_memory(netsnmp_mib_handler *handler,
c64.low = val & 0xFFFFFFFF;
c64.high = val >>32;
break;
+ case MEMORY_SYS_AVAIL:
+ type = ASN_COUNTER64;
+ mem_info = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 0);
+ if (!mem_info)
+ goto NOSUCH;
+ val = mem_info->size; /* memavail */
+ val *= (mem_info->units/1024);
+ c64.low = val & 0xFFFFFFFF;
+ c64.high = val >> 32;
+ break;
case MEMORY_SWAP_ERROR:
mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 );
if (!mem_info)
diff --git a/agent/mibgroup/ucd-snmp/memory.h b/agent/mibgroup/ucd-snmp/memory.h
index ded2140227..54a56a2fdb 100644
--- a/agent/mibgroup/ucd-snmp/memory.h
+++ b/agent/mibgroup/ucd-snmp/memory.h
@@ -41,6 +41,7 @@ Netsnmp_Node_Handler handle_memory;
#define MEMORY_SHARED_X 24
#define MEMORY_BUFFER_X 25
#define MEMORY_CACHED_X 26
+#define MEMORY_SYS_AVAIL 27
#define MEMORY_SWAP_ERROR 100
#define MEMORY_SWAP_ERRMSG 101
#endif /* MEMORY_H */
diff --git a/include/net-snmp/agent/hardware/memory.h b/include/net-snmp/agent/hardware/memory.h
index 54265cf22a..aca3a4d00d 100644
--- a/include/net-snmp/agent/hardware/memory.h
+++ b/include/net-snmp/agent/hardware/memory.h
@@ -10,6 +10,7 @@ typedef struct netsnmp_memory_info_s netsnmp_memory_info;
#define NETSNMP_MEM_TYPE_SHARED 8
#define NETSNMP_MEM_TYPE_SHARED2 9
#define NETSNMP_MEM_TYPE_SWAP 10
+#define NETSNMP_MEM_TYPE_AVAILMEM 11
/* Leave space for individual swap devices */
#define NETSNMP_MEM_TYPE_MAX 30
diff --git a/mibs/UCD-SNMP-MIB.txt b/mibs/UCD-SNMP-MIB.txt
index cde67feb50..d360bad025 100644
--- a/mibs/UCD-SNMP-MIB.txt
+++ b/mibs/UCD-SNMP-MIB.txt
@@ -746,6 +746,22 @@ memCachedX OBJECT-TYPE
memory as specifically reserved for this purpose."
::= { memory 26 }
+memSysAvail OBJECT-TYPE
+ SYNTAX CounterBasedGauge64
+ UNITS "kB"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total amount of available memory, which is an estimate
+ of how much memory is available for starting new applications,
+ without swapping.
+
+ This object will not be implemented on hosts where the
+ underlying operating system does not explicitly identify
+ memory as specifically reserved for this purpose."
+ ::= { memory 27 }
+
+
memSwapError OBJECT-TYPE
SYNTAX UCDErrorFlag
MAX-ACCESS read-only

View File

@ -1,92 +0,0 @@
From c6facf2f080c9e1ea803e4884dc92889ec83d990 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Wed, 10 Oct 2018 21:42:35 -0700
Subject: [PATCH] snmplib/keytools: Fix a memory leak
Avoid that Valgrind reports the following memory leak:
17,328 bytes in 361 blocks are definitely lost in loss record 696 of 704
at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
by 0x52223B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x52DDB06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x4E9885D: generate_Ku (keytools.c:186)
by 0x40171F: asynchronous (leaktest.c:276)
by 0x400FE7: main (leaktest.c:356)
---
snmplib/keytools.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/snmplib/keytools.c b/snmplib/keytools.c
index 2cf0240abf..dcdae044ac 100644
--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
@@ -186,11 +186,15 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
ctx = EVP_MD_CTX_create();
#else
ctx = malloc(sizeof(*ctx));
- if (!EVP_MD_CTX_init(ctx))
- return SNMPERR_GENERR;
+ if (!EVP_MD_CTX_init(ctx)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#endif
- if (!EVP_DigestInit(ctx, hashfn))
- return SNMPERR_GENERR;
+ if (!EVP_DigestInit(ctx, hashfn)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#elif NETSNMP_USE_INTERNAL_CRYPTO
#ifndef NETSNMP_DISABLE_MD5
From 67726f2a74007b5b4117fe49ca1e02c86110b624 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Tue, 9 Oct 2018 23:28:25 +0000
Subject: [PATCH] snmplib: Fix a memory leak in scapi.c
This patch avoids that Valgrind reports the following leak:
==1069== 3,456 bytes in 72 blocks are definitely lost in loss record 1,568 of 1,616
==1069== at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==1069== by 0x70A63B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x7161B06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x4EA3017: sc_hash (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1CD8: hash_engineID (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1DEC: search_enginetime_list (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA2256: set_enginetime (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC495E: usm_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC58CA: usm_secmod_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7B91D: snmpv3_parse (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7C1F6: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7CE94: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
[ bvanassche: minimized diffs / edited commit message ]
---
snmplib/scapi.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/snmplib/scapi.c b/snmplib/scapi.c
index 8ad1d70d90..54310099d8 100644
--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
/* requested hash function is not available */
- return SNMPERR_SC_NOT_CONFIGURED;
+ rval = SNMPERR_SC_NOT_CONFIGURED;
+ goto sc_hash_type_quit;
}
/** pass the data */
@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
+
+sc_hash_type_quit:
#if defined(HAVE_EVP_MD_CTX_FREE)
EVP_MD_CTX_free(cptr);
#elif defined(HAVE_EVP_MD_CTX_DESTROY)

View File

@ -1,35 +0,0 @@
diff -urNp a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
--- a/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:36:40.164588176 +0200
+++ b/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:38:59.398944829 +0200
@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
ssize_t bytes_read;
char *b;
unsigned long memtotal = 0, memfree = 0, memshared = 0,
- buffers = 0, cached = 0,
+ buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
netsnmp_memory_info *mem;
@@ -127,6 +127,13 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -183,7 +190,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (!mem->descr)
mem->descr = strdup("Cached memory");
mem->units = 1024;
- mem->size = cached;
+ mem->size = cached+sreclaimable;
mem->free = 0; /* Report cached size/used as equal */
mem->other = -1;
}

View File

@ -1,12 +0,0 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
--- a/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:24:24.933347483 +0200
+++ b/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:25:49.007148474 +0200
@@ -460,7 +460,7 @@ proxy_handler(netsnmp_mib_handler *handl
if (sp->base_len &&
reqinfo->mode == MODE_GETNEXT &&
(snmp_oid_compare(ourname, ourlength,
- sp->base, sp->base_len) < 0)) {
+ sp->name, sp->name_len) < 0)) {
DEBUGMSGTL(( "proxy", "request is out of registered range\n"));
/*
* Create GETNEXT request with an OID so the

View File

@ -1,33 +0,0 @@
From 6fd7499ccaafdf244a74306972562b2091cb91b1 Mon Sep 17 00:00:00 2001
From: fisabelle <fisabelle@broadsoft.com>
Date: Thu, 9 Jul 2020 15:49:35 -0400
Subject: [PATCH] Issue#147: Net-SNMP not responding when proxy requests times
out
---
agent/mibgroup/ucd-snmp/proxy.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index 24ae9322bd..e0ee96b29a 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -572,6 +572,17 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
}
switch (operation) {
+ case NETSNMP_CALLBACK_OP_RESEND:
+ /*
+ * Issue#147: Net-SNMP not responding when proxy requests times out
+ *
+ * When snmp_api issue a resend, the default case was hit and the
+ * delagated cache was freed.
+ * As a result, the NETSNMP_CALLBACK_OP_TIMED_OUT never came in.
+ */
+ DEBUGMSGTL(("proxy", "pdu has been resent for request = %8p\n", requests));
+ return SNMP_ERR_NOERROR;
+
case NETSNMP_CALLBACK_OP_TIMED_OUT:
/*
* WWWXXX: don't leave requests delayed if operation is

View File

@ -1,46 +0,0 @@
From b67afb81eb0f7ad89496cd3e672654bfd8c55d0e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 21 Mar 2020 20:03:13 -0700
Subject: [PATCH] snmpd: UCD-SNMP proxy: Fix a crash triggered by a wrong
passphrase
See also https://github.com/net-snmp/net-snmp/issues/82 .
---
agent/mibgroup/ucd-snmp/proxy.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index f4eb03ef6f..548ae7588f 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -698,8 +698,6 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
"proxy OID return length too long.\n");
netsnmp_set_request_error(cache->reqinfo, requests,
SNMP_ERR_GENERR);
- if (pdu)
- snmp_free_pdu(pdu);
netsnmp_free_delegated_cache(cache);
return 1;
}
@@ -723,8 +721,6 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
* ack, this is bad. The # of varbinds don't match and
* there is no way to fix the problem
*/
- if (pdu)
- snmp_free_pdu(pdu);
snmp_log(LOG_ERR,
"response to proxy request illegal. We're screwed.\n");
netsnmp_set_request_error(cache->reqinfo, requests,
@@ -735,11 +731,6 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
if (cache->reqinfo->mode == MODE_GETBULK)
netsnmp_bulk_to_next_fix_requests(requests);
- /*
- * free the response
- */
- if (pdu && 0)
- snmp_free_pdu(pdu);
break;
default:

View File

@ -1,146 +0,0 @@
diff -urNp a/include/net-snmp/library/snmpusm.h b/include/net-snmp/library/snmpusm.h
--- a/include/net-snmp/library/snmpusm.h 2020-03-16 09:54:29.883655600 +0100
+++ b/include/net-snmp/library/snmpusm.h 2020-03-16 09:55:24.142944520 +0100
@@ -43,6 +43,7 @@ extern "C" {
* Structures.
*/
struct usmStateReference {
+ int refcnt;
char *usr_name;
size_t usr_name_length;
u_char *usr_engine_id;
diff -urNp a/snmplib/snmp_client.c b/snmplib/snmp_client.c
--- a/snmplib/snmp_client.c 2020-03-16 09:54:29.892655813 +0100
+++ b/snmplib/snmp_client.c 2020-03-16 09:58:13.214021890 +0100
@@ -402,27 +402,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
return NULL;
}
- if (pdu->securityStateRef &&
- pdu->command == SNMP_MSG_TRAP2) {
-
- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
- (struct usmStateReference **) &newpdu->securityStateRef );
-
- if (ret)
- {
+ sptr = find_sec_mod(newpdu->securityModel);
+ if (sptr && sptr->pdu_clone) {
+ /* call security model if it needs to know about this */
+ ret = sptr->pdu_clone(pdu, newpdu);
+ if (ret) {
snmp_free_pdu(newpdu);
return NULL;
}
}
- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
- sptr->pdu_clone != NULL) {
- /*
- * call security model if it needs to know about this
- */
- (*sptr->pdu_clone) (pdu, newpdu);
- }
-
return newpdu;
}
diff -urNp a/snmplib/snmpusm.c b/snmplib/snmpusm.c
--- a/snmplib/snmpusm.c 2020-03-16 09:54:29.894655860 +0100
+++ b/snmplib/snmpusm.c 2020-03-16 10:03:38.870027530 +0100
@@ -285,43 +285,64 @@ free_enginetime_on_shutdown(int majorid,
struct usmStateReference *
usm_malloc_usmStateReference(void)
{
- struct usmStateReference *retval = (struct usmStateReference *)
- calloc(1, sizeof(struct usmStateReference));
+ struct usmStateReference *retval;
+
+ retval = calloc(1, sizeof(struct usmStateReference));
+ if (retval)
+ retval->refcnt = 1;
return retval;
} /* end usm_malloc_usmStateReference() */
+static int
+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
+{
+ struct usmStateReference *ref = pdu->securityStateRef;
+ struct usmStateReference **new_ref =
+ (struct usmStateReference **)&new_pdu->securityStateRef;
+ int ret = 0;
+
+ if (!ref)
+ return ret;
+
+ if (pdu->command == SNMP_MSG_TRAP2) {
+ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
+ ret = usm_clone_usmStateReference(ref, new_ref);
+ } else {
+ netsnmp_assert(ref == *new_ref);
+ ref->refcnt++;
+ }
+
+ return ret;
+}
+
void
usm_free_usmStateReference(void *old)
{
- struct usmStateReference *old_ref = (struct usmStateReference *) old;
+ struct usmStateReference *ref = old;
- if (old_ref) {
+ if (!ref)
+ return;
- if (old_ref->usr_name_length)
- SNMP_FREE(old_ref->usr_name);
- if (old_ref->usr_engine_id_length)
- SNMP_FREE(old_ref->usr_engine_id);
- if (old_ref->usr_auth_protocol_length)
- SNMP_FREE(old_ref->usr_auth_protocol);
- if (old_ref->usr_priv_protocol_length)
- SNMP_FREE(old_ref->usr_priv_protocol);
-
- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
- SNMP_FREE(old_ref->usr_auth_key);
- }
- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
- SNMP_FREE(old_ref->usr_priv_key);
- }
+ if (--ref->refcnt > 0)
+ return;
- SNMP_ZERO(old_ref, sizeof(*old_ref));
- SNMP_FREE(old_ref);
+ SNMP_FREE(ref->usr_name);
+ SNMP_FREE(ref->usr_engine_id);
+ SNMP_FREE(ref->usr_auth_protocol);
+ SNMP_FREE(ref->usr_priv_protocol);
+ if (ref->usr_auth_key_length && ref->usr_auth_key) {
+ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
+ SNMP_FREE(ref->usr_auth_key);
+ }
+ if (ref->usr_priv_key_length && ref->usr_priv_key) {
+ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
+ SNMP_FREE(ref->usr_priv_key);
}
+ SNMP_FREE(ref);
} /* end usm_free_usmStateReference() */
struct usmUser *
@@ -3316,6 +3337,7 @@ init_usm(void)
def->encode_reverse = usm_secmod_rgenerate_out_msg;
def->encode_forward = usm_secmod_generate_out_msg;
def->decode = usm_secmod_process_in_msg;
+ def->pdu_clone = usm_clone;
def->pdu_free_state_ref = usm_free_usmStateReference;
def->session_setup = usm_session_init;
def->handle_report = usm_handle_report;

View File

@ -1,84 +0,0 @@
diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
--- a/agent/snmp_agent.c 2020-06-11 10:20:31.646339191 +0200
+++ b/agent/snmp_agent.c 2020-06-11 10:23:41.178056889 +0200
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
- /* Clean up securityStateRef here to prevent a double free */
- if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
- snmp_free_securityStateRef(asp->orig_pdu);
- if (asp->pdu && asp->pdu->securityStateRef)
- snmp_free_securityStateRef(asp->pdu);
-
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
--- a/include/net-snmp/pdu_api.h 2020-06-11 10:20:31.631339058 +0200
+++ b/include/net-snmp/pdu_api.h 2020-06-11 10:24:17.261390028 +0200
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
-NETSNMP_IMPORT
-void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-06-11 10:20:31.695339627 +0200
+++ b/snmplib/snmp_api.c 2020-06-11 10:33:55.510891945 +0200
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
-/*
- * This function is here to provide a separate call to
- * free the securityStateRef memory. This is needed to prevent
- * a double free if this memory is freed in snmp_free_pdu.
- */
-void
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
-{
- free_securityStateRef(pdu);
-}
-
#define ERROR_STAT_LENGTH 11
int
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
if (!pdu)
return;
+ free_securityStateRef(pdu);
+
/*
* If the command field is empty, that probably indicates
* that this PDU structure has already been freed.
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
}
if (ret != SNMP_ERR_NOERROR) {
- /*
- * Call the security model to free any securityStateRef supplied w/ msg.
- */
- if (pdu->securityStateRef != NULL) {
- free_securityStateRef(pdu);
- }
snmp_free_pdu(pdu);
return NULL;
}
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
}
}
- /*
- * Call USM to free any securityStateRef supplied with the message.
- */
- if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
- free_securityStateRef(pdu);
-
if (!handled) {
if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
return -2;

View File

@ -1,12 +0,0 @@
diff -urNp a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
--- a/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:20:56.776099134 +0200
+++ b/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:23:18.921323874 +0200
@@ -293,7 +293,7 @@ int netsnmp_udpbase_sendto(int fd, const
}
rc = sendmsg(fd, &m, MSG_NOSIGNAL|MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

View File

@ -1,30 +0,0 @@
Don't check tests which depend on DNS - it's disabled in Koji
diff -urNp a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
--- a/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:52:56.081185545 +0200
+++ b/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:54:18.843968880 +0200
@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
CHECKAGENT '<"c408a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then
CHECKAGENT 'line 32: Error:'
diff -urNp a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
--- a/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:52:56.080185548 +0200
+++ b/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:55:17.779818732 +0200
@@ -132,6 +132,10 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
# 608
CHECKAGENT '<"c608a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then

View File

@ -1,21 +0,0 @@
diff -urNp old/snmplib/transports/snmpUDPIPv4BaseDomain.c new/snmplib/transports/snmpUDPIPv4BaseDomain.c
--- old/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:40:48.663969034 +0200
+++ new/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:42:05.293723487 +0200
@@ -317,7 +317,7 @@ netsnmp_udpipv4base_tspec_transport(nets
if (NULL != tspec->source) {
struct sockaddr_in src_addr, *srcp = &src_addr;
/** get sockaddr from source */
- if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, NULL))
+ if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, ":0"))
return NULL;
return netsnmp_udpipv4base_transport_with_source(&addr, local, srcp);
} else {
@@ -364,7 +364,7 @@ netsnmp_udpipv4base_transport(const stru
strcat(client_address, ":0");
have_port = 1;
}
- rc = netsnmp_sockaddr_in2(&client_addr, client_socket, NULL);
+ rc = netsnmp_sockaddr_in2(&client_addr, client_socket, ":0");
if (client_address != client_socket)
free(client_address);
if(rc) {

View File

@ -1,11 +0,0 @@
diff -urNp a/agent/snmpd.c b/agent/snmpd.c
--- a/agent/snmpd.c 2018-10-04 10:34:10.939728847 +0200
+++ b/agent/snmpd.c 2018-10-04 10:34:43.910625603 +0200
@@ -325,6 +325,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

View File

@ -1,13 +0,0 @@
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-12-09 08:45:23.217942229 +0100
+++ b/snmplib/cert_util.c 2021-12-09 08:46:56.567562352 +0100
@@ -1368,8 +1368,7 @@ _add_certfile(const char* dirname, const
okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
if (NULL == okey)
- snmp_log(LOG_ERR, "error parsing key file %s\n",
- key->info.filename);
+ snmp_log(LOG_ERR, "error parsing key file %s\n", filename);
else {
key = _add_key(okey, dirname, filename, index);
if (NULL == key) {

View File

@ -1,357 +0,0 @@
diff -urNp c/agent/snmp_agent.c d/agent/snmp_agent.c
--- c/agent/snmp_agent.c 2019-09-18 08:44:53.833601845 +0200
+++ d/agent/snmp_agent.c 2019-09-18 08:46:38.176595597 +0200
@@ -1604,6 +1604,13 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
+
+ /* Clean up securityStateRef here to prevent a double free */
+ if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->orig_pdu);
+ if (asp->pdu && asp->pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->pdu);
+
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp c/include/net-snmp/pdu_api.h d/include/net-snmp/pdu_api.h
--- c/include/net-snmp/pdu_api.h 2019-09-18 08:44:53.822601740 +0200
+++ d/include/net-snmp/pdu_api.h 2019-09-18 08:47:03.620838212 +0200
@@ -19,6 +19,8 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
+NETSNMP_IMPORT
+void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp c/snmplib/snmp_api.c d/snmplib/snmp_api.c
--- c/snmplib/snmp_api.c 2019-09-18 08:44:53.807601597 +0200
+++ d/snmplib/snmp_api.c 2019-09-18 08:53:19.937435576 +0200
@@ -4012,7 +4012,12 @@ snmpv3_parse(netsnmp_pdu *pdu,
static void
free_securityStateRef(netsnmp_pdu* pdu)
{
- struct snmp_secmod_def *sptr = find_sec_mod(pdu->securityModel);
+ struct snmp_secmod_def *sptr;
+
+ if(!pdu->securityStateRef)
+ return;
+
+ sptr = find_sec_mod(pdu->securityModel);
if (sptr) {
if (sptr->pdu_free_state_ref) {
(*sptr->pdu_free_state_ref) (pdu->securityStateRef);
@@ -4029,6 +4034,17 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
+/*
+ * This function is here to provide a separate call to
+ * free the securityStateRef memory. This is needed to prevent
+ * a double free if this memory is freed in snmp_free_pdu.
+ */
+void
+snmp_free_securityStateRef(netsnmp_pdu* pdu)
+{
+ free_securityStateRef(pdu);
+}
+
#define ERROR_STAT_LENGTH 11
int
diff -urNp c/snmplib/snmpusm.c d/snmplib/snmpusm.c
--- c/snmplib/snmpusm.c 2019-09-18 08:44:53.802601550 +0200
+++ d/snmplib/snmpusm.c 2019-09-18 08:57:35.696872662 +0200
@@ -299,16 +299,20 @@ usm_free_usmStateReference(void *old)
if (old_ref) {
- SNMP_FREE(old_ref->usr_name);
- SNMP_FREE(old_ref->usr_engine_id);
- SNMP_FREE(old_ref->usr_auth_protocol);
- SNMP_FREE(old_ref->usr_priv_protocol);
+ if (old_ref->usr_name_length)
+ SNMP_FREE(old_ref->usr_name);
+ if (old_ref->usr_engine_id_length)
+ SNMP_FREE(old_ref->usr_engine_id);
+ if (old_ref->usr_auth_protocol_length)
+ SNMP_FREE(old_ref->usr_auth_protocol);
+ if (old_ref->usr_priv_protocol_length)
+ SNMP_FREE(old_ref->usr_priv_protocol);
- if (old_ref->usr_auth_key) {
+ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
SNMP_FREE(old_ref->usr_auth_key);
}
- if (old_ref->usr_priv_key) {
+ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
SNMP_FREE(old_ref->usr_priv_key);
}
@@ -1039,7 +1043,6 @@ usm_generate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1091,7 +1094,6 @@ usm_generate_out_msg(int msgProcModel,
thePrivProtocolLength) == 1) {
DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1121,7 +1123,6 @@ usm_generate_out_msg(int msgProcModel,
&msgAuthParmLen, &msgPrivParmLen, &otstlen,
&seq_len, &msgSecParmLen) == -1) {
DEBUGMSGTL(("usm", "Failed calculating offsets.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1143,7 +1144,6 @@ usm_generate_out_msg(int msgProcModel,
ptr = *wholeMsg = globalData;
if (theTotalLength > *wholeMsgLen) {
DEBUGMSGTL(("usm", "Message won't fit in buffer.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1169,7 +1169,6 @@ usm_generate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
&ptr[privParamsOffset]) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1185,7 +1184,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[privParamsOffset])
== -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1198,7 +1196,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[dataOffset], &encrypted_length)
!= SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
#ifdef NETSNMP_ENABLE_TESTING_CODE
@@ -1226,7 +1223,6 @@ usm_generate_out_msg(int msgProcModel,
if ((encrypted_length != (theTotalLength - dataOffset))
|| (salt_length != msgPrivParmLen)) {
DEBUGMSGTL(("usm", "encryption length error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1362,7 +1358,6 @@ usm_generate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1376,7 +1371,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1384,7 +1378,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1398,7 +1391,6 @@ usm_generate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
@@ -1548,7 +1540,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1601,7 +1592,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1636,7 +1626,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm",
"couldn't malloc %d bytes for encrypted PDU\n",
(int)ciphertextlen));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_MALLOC;
}
@@ -1652,7 +1641,6 @@ usm_rgenerate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
iv) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1667,7 +1655,6 @@ usm_rgenerate_out_msg(int msgProcModel,
thePrivKeyLength - 8,
iv) == -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1686,7 +1673,6 @@ usm_rgenerate_out_msg(int msgProcModel,
scopedPdu, scopedPduLen,
ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1703,7 +1689,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ciphertext, ciphertextlen);
if (rc == 0) {
DEBUGMSGTL(("usm", "Encryption failed.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1743,7 +1728,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building privParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1766,7 +1750,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1789,7 +1772,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1805,7 +1787,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineTime failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1821,7 +1802,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineBoots failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1833,7 +1813,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1846,7 +1825,6 @@ usm_rgenerate_out_msg(int msgProcModel,
*offset - sp_offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building usm security parameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1860,7 +1838,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1870,7 +1847,6 @@ usm_rgenerate_out_msg(int msgProcModel,
while ((*wholeMsgLen - *offset) < globalDataLen) {
if (!asn_realloc(wholeMsg, wholeMsgLen)) {
DEBUGMSGTL(("usm", "building global data failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
}
@@ -1886,7 +1862,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ASN_CONSTRUCTOR), *offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building master packet sequence failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1904,7 +1879,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1915,14 +1889,12 @@ usm_rgenerate_out_msg(int msgProcModel,
!= SNMP_ERR_NOERROR) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
if (temp_sig_len != msgAuthParmLen) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1933,7 +1905,6 @@ usm_rgenerate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
return SNMPERR_SUCCESS;
} /* end usm_rgenerate_out_msg() */

View File

@ -13,7 +13,7 @@ patch adds detection for ECC certificates.
1 file changed, 50 insertions(+), 10 deletions(-)
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index c092a007af..432cb5c27c 100644
index c092a007a..432cb5c27 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)

View File

@ -0,0 +1,18 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index ac3c60f..177c00f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -57,11 +57,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift
;;

View File

@ -0,0 +1,46 @@
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
index 4f78df3..fd25b3f 100644
--- a/agent/mibgroup/host/hr_filesys.c
+++ b/agent/mibgroup/host/hr_filesys.c
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
"shm",
"sockfs",
"sysfs",
+ "tmpfs",
"usbdevfs",
"usbfs",
#endif
diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c
index 6b459ec..f7a376b 100644
--- a/agent/mibgroup/host/hr_storage.c
+++ b/agent/mibgroup/host/hr_storage.c
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (Check_HR_FileSys_AutoFs())
return NULL;
diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c
index 8967d35..9bf2659 100644
--- a/agent/mibgroup/host/hrh_storage.c
+++ b/agent/mibgroup/host/hrh_storage.c
@@ -366,9 +366,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (HRFS_entry && Check_HR_FileSys_AutoFs())
return NULL;

View File

@ -0,0 +1,36 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200
@@ -1,3 +1,4 @@
+use lib '.';
use strict;
use warnings;
use ExtUtils::MakeMaker;
diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
--- a/perl/MakefileSubs.pm 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/MakefileSubs.pm 2020-08-26 08:36:44.097218448 +0200
@@ -116,7 +116,7 @@ sub AddCommonParams {
append($Params->{'CCFLAGS'}, $cflags);
append($Params->{'CCFLAGS'}, $Config{'ccflags'});
# Suppress known Perl header shortcomings.
- $Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
+ $Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
append($Params->{'CCFLAGS'}, '-Wformat');
}
}

View File

@ -0,0 +1,22 @@
diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
index e9a8831..5a1d8e7 100644
--- a/agent/mibgroup/disman/event/mteTrigger.c
+++ b/agent/mibgroup/disman/event/mteTrigger.c
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;

View File

@ -1,15 +1,15 @@
diff -up net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c
--- net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original 2022-02-02 15:06:29.382119898 +0900
+++ net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c 2022-02-02 15:15:39.298280447 +0900
@@ -600,7 +600,6 @@ netsnmp_arch_interface_container_load(ne
diff -urNp a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c 2024-07-16 10:05:43.294653089 +0200
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c 2024-07-16 10:23:55.392041022 +0200
@@ -609,7 +609,6 @@ netsnmp_arch_interface_container_load(ne
{
FILE *devin;
char line[256];
- netsnmp_interface_entry *entry = NULL;
static char scan_expected = 0;
int fd;
#ifdef NETSNMP_ENABLE_IPV6
@@ -669,6 +668,7 @@ netsnmp_arch_interface_container_load(ne
int interfaces = 0;
@@ -690,6 +689,7 @@ netsnmp_arch_interface_container_load(ne
* and retrieve (or create) the corresponding data structure.
*/
while (fgets(line, sizeof(line), devin)) {
@ -17,19 +17,22 @@ diff -up net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.origin
char *stats, *ifstart = line;
u_int flags;
oid if_index;
@@ -701,6 +701,11 @@ netsnmp_arch_interface_container_load(ne
*stats++ = 0; /* null terminate name */
@@ -733,8 +733,13 @@ netsnmp_arch_interface_container_load(ne
* ip version is to look for ip addresses. If anyone
* knows a better way, put it here!
*/
-#ifdef NETSNMP_ENABLE_IPV6
if_index = netsnmp_arch_interface_index_find(ifstart);
+ if (if_index == 0) {
+ DEBUGMSGTL(("access:interface", "network interface %s is gone",
+ ifstart));
+ continue;
+ }
/*
* set address type flags.
@@ -726,7 +731,7 @@ netsnmp_arch_interface_container_load(ne
+#ifdef NETSNMP_ENABLE_IPV6
_arch_interface_has_ipv6(if_index, &flags, addr_container);
#endif
netsnmp_access_interface_ioctl_has_ipv4(fd, ifstart, 0, &flags, &ifc);
@@ -752,7 +757,7 @@ netsnmp_arch_interface_container_load(ne
continue;
}
@ -38,4 +41,3 @@ diff -up net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.origin
if(NULL == entry) {
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

View File

@ -0,0 +1,24 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index b0c71d9..ac3c60f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -14,6 +14,10 @@ Xalgorithm="DES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
+case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+esac
unset shifted
case $1 in
@@ -136,7 +140,7 @@ fi
echo "$line" >> "$outfile"
# Avoid that configure complains that this script ignores @datarootdir@
echo "@datarootdir@" >/dev/null
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " $line"

View File

@ -1,7 +1,8 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:29:35.867328760 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:44:13.053535421 +0200
@@ -153,9 +153,10 @@ static void disk_free_config(void)
diff --git a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
index 7c756ff..ff22019 100644
--- a/agent/mibgroup/ucd-snmp/disk.c
+++ b/agent/mibgroup/ucd-snmp/disk.c
@@ -153,9 +153,10 @@ static void disk_free_config(void);
static void disk_parse_config(const char *, char *);
static void disk_parse_config_all(const char *, char *);
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
@ -46,7 +47,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
}
static void
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, char *cptr)
* check if the disk already exists, if so then modify its
* parameters. if it does not exist then add it
*/
@ -55,7 +56,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
}
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token, char *cptr)
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
static void
@ -64,7 +65,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
{
int index;
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
}
index = disk_exists(path);
@ -84,7 +85,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
/* add if and only if the device was found */
if(device[0] != 0) {
/* The following buffers are cleared above, no need to add '\0' */
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
disks[numdisks].minimumspace = minspace;
disks[numdisks].minpercent = minpercent;
@ -92,7 +93,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
numdisks++;
}
else {
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
disks[numdisks].minpercent = -1;
disks[numdisks].path[0] = 0;
disks[numdisks].device[0] = 0;
@ -127,7 +128,14 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
dummy = 1;
}
fclose(mntfp);
@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent)
@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1,
- minpercent, 0);
+ minpercent, addNewDisks 0);
}
}
#elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) {
@ -136,16 +144,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
dummy = 1;
}
endfsent(); /* close /etc/fstab */
@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) {
- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0);
+ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0);
}
}
}
@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent)
@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/"
*/
if (statfs("/", &statf) == 0) {
@ -154,7 +153,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
}
#endif
else {
@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_e
@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry)
#endif
#endif
@ -165,9 +164,9 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -826,6 +843,13 @@ var_extensible_disk(struct variable *vp,
static long long_ret;
@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp,
static char *errmsg;
static char empty_str[1];
+ int i;
+ for (i = 0; i < numdisks; i++){

View File

@ -1,6 +1,7 @@
diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
--- a/include/net-snmp/library/cert_util.h 2021-06-09 10:55:22.767954797 +0200
+++ b/include/net-snmp/library/cert_util.h 2021-06-09 10:56:36.725272293 +0200
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
index 80e2a19..143adbb 100644
--- a/include/net-snmp/library/cert_util.h
+++ b/include/net-snmp/library/cert_util.h
@@ -55,7 +55,8 @@ extern "C" {
char *common_name;
@ -19,9 +20,10 @@ diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cer
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
--- a/include/net-snmp/library/dir_utils.h 2021-06-09 10:55:22.767954797 +0200
+++ b/include/net-snmp/library/dir_utils.h 2021-06-09 10:56:36.726272298 +0200
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
index 471bb0b..6c5a23f 100644
--- a/include/net-snmp/library/dir_utils.h
+++ b/include/net-snmp/library/dir_utils.h
@@ -53,6 +53,8 @@ extern "C" {
#define NETSNMP_DIR_NSFILE 0x0010
/** load stats in netsnmp_file */
@ -31,10 +33,11 @@ diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-06-09 10:55:22.785954874 +0200
+++ b/snmplib/cert_util.c 2021-06-09 11:02:43.890848394 +0200
@@ -104,7 +104,7 @@ netsnmp_feature_child_of(tls_fingerprint
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
index e7b7114..bee0b5f 100644
--- a/snmplib/cert_util.c
+++ b/snmplib/cert_util.c
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
* bump this value whenever cert index format changes, so indexes
* will be regenerated with new format.
*/
@ -43,7 +46,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_container *_certs = NULL;
static netsnmp_container *_keys = NULL;
@@ -130,6 +130,8 @@ static int _cert_fn_ncompare(netsnmp_ce
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
netsnmp_cert_common *rhs);
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
@ -52,7 +55,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
const char *directory);
static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
@@ -349,6 +351,8 @@ _get_cert_container(const char *use)
@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
{
netsnmp_container *c;
@ -61,7 +64,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
c = netsnmp_container_find("certs:binary_array");
if (NULL == c) {
snmp_log(LOG_ERR, "could not create container for %s\n", use);
@@ -358,6 +362,8 @@ _get_cert_container(const char *use)
@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
c->free_item = (netsnmp_container_obj_func*)_cert_free;
c->compare = (netsnmp_container_compare*)_cert_compare;
@ -70,7 +73,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return c;
}
@@ -366,6 +372,8 @@ _setup_containers(void)
@@ -362,6 +368,8 @@ _setup_containers(void)
{
netsnmp_container *additional_keys;
@ -79,7 +82,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
_certs = _get_cert_container("netsnmp certificates");
if (NULL == _certs)
return;
@@ -380,6 +388,7 @@ _setup_containers(void)
@@ -376,6 +384,7 @@ _setup_containers(void)
additional_keys->container_name = strdup("certs_cn");
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
@ -87,7 +90,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: subject name */
@@ -393,6 +402,7 @@ _setup_containers(void)
@@ -389,6 +398,7 @@ _setup_containers(void)
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
@ -95,7 +98,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: file name */
@@ -406,6 +416,7 @@ _setup_containers(void)
@@ -402,6 +412,7 @@ _setup_containers(void)
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
@ -103,7 +106,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_container_add_index(_certs, additional_keys);
_keys = netsnmp_container_find("cert_keys:binary_array");
@@ -428,9 +439,9 @@ netsnmp_cert_map_container(void)
@@ -424,9 +435,9 @@ netsnmp_cert_map_container(void)
}
static netsnmp_cert *
@ -116,7 +119,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
{
netsnmp_cert *cert;
@@ -450,8 +461,10 @@ _new_cert(const char *dirname, const cha
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
cert->info.dir = strdup(dirname);
cert->info.filename = strdup(filename);
@ -128,7 +131,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (fingerprint) {
cert->hash_type = hashType;
cert->fingerprint = strdup(fingerprint);
@@ -888,14 +901,86 @@ _certindex_new( const char *dirname )
@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
* certificate utility functions
*
*/
@ -217,7 +220,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == cert)
return NULL;
@@ -912,51 +997,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
}
}
@ -226,18 +229,18 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
- certbio = BIO_new(BIO_s_file());
- if (NULL == certbio) {
- snmp_log(LOG_ERR, "error creating BIO\n");
- return NULL;
- }
-
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
+ if (!certbio) {
return NULL;
}
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
- return NULL;
- }
-
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
- char *pos = strrchr(cert->info.filename, '.');
- if (NULL == pos)
@ -277,7 +280,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL != okey) {
netsnmp_key *key;
DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
@@ -983,7 +1050,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
break;
#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
case NS_CERT_TYPE_PKCS12:
@ -286,7 +289,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
PKCS12_verify_mac(p12, NULL, 0)))
@@ -1003,46 +1070,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
return NULL;
}
@ -334,7 +337,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return ocert;
}
@@ -1052,7 +1080,6 @@ netsnmp_okey_get(netsnmp_key *key)
@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key)
{
BIO *keybio;
EVP_PKEY *okey;
@ -342,7 +345,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == key)
return NULL;
@@ -1060,19 +1087,8 @@ netsnmp_okey_get(netsnmp_key *key)
@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key)
if (key->okey)
return key->okey;
@ -364,7 +367,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return NULL;
}
@@ -1158,7 +1174,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
cert->issuer_cert = _find_issuer(cert);
if (NULL == cert->issuer_cert) {
DEBUGMSGT(("cert:load:warn",
@ -373,7 +376,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1167,7 +1183,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
/** get issuer ocert */
if ((NULL == cert->issuer_cert->ocert) &&
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
@ -382,7 +385,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1188,7 +1204,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
}
@ -391,7 +394,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (key->cert) {
DEBUGMSGT(("cert:partner", "key already has partner\n"));
return;
@@ -1201,7 +1217,8 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
*pos = 0;
@ -401,7 +404,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return;
if (1 == matching->size) {
@@ -1221,7 +1238,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
key->info.filename));
}
@ -410,7 +413,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (cert->key) {
DEBUGMSGT(("cert:partner", "cert already has partner\n"));
return;
@@ -1259,76 +1276,189 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
}
}
@ -653,7 +656,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
}
return 0;
@@ -1342,8 +1472,10 @@ _cert_read_index(const char *dirname, st
@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
struct stat idx_stat;
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
@ -666,9 +669,9 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_cert *cert;
netsnmp_key *key;
netsnmp_container *newer, *found;
@@ -1386,7 +1518,8 @@ _cert_read_index(const char *dirname, st
(netsnmp_directory_filter*)
_time_filter,(void*)&idx_stat,
@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
netsnmp_directory_container_read_some(NULL, dirname,
_time_filter, &idx_stat,
NETSNMP_DIR_NSFILE |
- NETSNMP_DIR_NSFILE_STATS);
+ NETSNMP_DIR_NSFILE_STATS |
@ -676,7 +679,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (newer) {
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
CONTAINER_FREE_ALL(newer, NULL);
@@ -1430,6 +1563,8 @@ _cert_read_index(const char *dirname, st
@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
pos = &tmpstr[2];
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
@ -685,23 +688,23 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
(NULL == (pos=copy_nword(pos, fingerprint,
sizeof(fingerprint)))) ||
@@ -1442,9 +1577,11 @@ _cert_read_index(const char *dirname, st
@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
break;
}
type = atoi(type_str);
+ offset = atoi(offset_str);
+ allowed_uses = atoi(allowed_uses_str);
hash = atoi(hash_str);
- cert = (void*)_new_cert(dirname, filename, type, hash, fingerprint,
- common_name, subject);
- cert = _new_cert(dirname, filename, type, hash, fingerprint,
- common_name, subject);
+ cert = _new_cert(dirname, filename, type, offset, allowed_uses, hash,
+ fingerprint, common_name, subject);
if (cert && 0 == CONTAINER_INSERT(found, cert))
++count;
else {
@@ -1549,7 +1686,8 @@ _add_certdir(const char *dirname)
(netsnmp_directory_filter*)
&_cert_cert_filter, NULL,
@@ -1543,7 +1680,8 @@ _add_certdir(const char *dirname)
netsnmp_directory_container_read_some(NULL, dirname,
_cert_cert_filter, NULL,
NETSNMP_DIR_RELATIVE_PATH |
- NETSNMP_DIR_EMPTY_OK );
+ NETSNMP_DIR_EMPTY_OK |
@ -709,7 +712,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == cert_container) {
DEBUGMSGT(("cert:index:dir",
"error creating container for cert files\n"));
@@ -1637,7 +1775,7 @@ _cert_print(netsnmp_cert *c, void *conte
@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *context)
if (NULL == c)
return;
@ -718,7 +721,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
c->info.type, c->info.allowed_uses,
_mode_str(c->info.allowed_uses)));
@@ -1841,7 +1979,8 @@ netsnmp_cert_find(int what, int where, v
@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, void *hint)
netsnmp_void_array *matching;
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
@ -728,7 +731,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return NULL;
if (1 == matching->size)
@@ -1887,6 +2026,32 @@ netsnmp_cert_find(int what, int where, v
@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, void *hint)
return result;
}
@ -761,7 +764,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
#ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS
int
netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var)
@@ -2284,6 +2449,124 @@ _reduce_subset_dir(netsnmp_void_array *m
@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
}
}
@ -886,10 +889,25 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_void_array *
_cert_find_subset_common(const char *filename, netsnmp_container *container)
{
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-06-09 10:55:22.791954900 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-06-09 10:56:36.727272302 +0200
@@ -59,7 +59,7 @@ int openssl_local_index;
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
index c2dd989..e7145e4 100644
--- a/snmplib/dir_utils.c
+++ b/snmplib/dir_utils.c
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
/** default to unsorted */
if (! (flags & NETSNMP_DIR_SORTED))
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
+ /** default to duplicates not allowed */
+ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
}
dir = opendir(dirname);
diff --git a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
index a3a85bc..b9baeae 100644
--- a/snmplib/transports/snmpTLSBaseDomain.c
+++ b/snmplib/transports/snmpTLSBaseDomain.c
@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(const char **file, int *line,
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@ -898,7 +916,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
X509 *thecert;
netsnmp_cert *cert;
_netsnmp_verify_info *verify_info;
@@ -71,10 +71,12 @@ int verify_callback(int ok, X509_STORE_C
@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
/* things to do: */
@ -914,7 +932,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
fingerprint : "unknown"));
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -109,7 +111,7 @@ int verify_callback(int ok, X509_STORE_C
@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
} else {
DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n"));
/* log where we are and why called */
@ -923,7 +941,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
SNMP_FREE(fingerprint);
return 0;
}
@@ -425,23 +427,50 @@ netsnmp_tlsbase_extract_security_name(SS
@@ -434,21 +436,48 @@ netsnmp_tlsbase_extract_security_name(SSL *ssl, _netsnmpTLSBaseData *tlsdata) {
int
_trust_this_cert(SSL_CTX *the_ctx, char *certspec) {
netsnmp_cert *trustcert;
@ -972,95 +990,5 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
-
+
/* Add the certificate to the context */
- if (netsnmp_cert_trust_ca(the_ctx, trustcert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
LOGANDDIE("failed to load trust certificate");
return 1;
@@ -481,7 +510,7 @@ _sslctx_common_setup(SSL_CTX *the_ctx, _
NETSNMP_DS_LIB_X509_CRL_FILE);
if (NULL != crlFile) {
cert_store = SSL_CTX_get_cert_store(the_ctx);
- DEBUGMSGTL(("sslctx_client", "loading CRL: %s\n", crlFile));
+ DEBUGMSGTL(("sslctx_common", "loading CRL: %s\n", crlFile));
if (!cert_store)
LOGANDDIE("failed to find certificate store");
if (!(lookup = X509_STORE_add_lookup(cert_store, X509_LOOKUP_file())))
@@ -546,13 +575,19 @@ sslctx_client_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the client certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the client private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("client public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate client certificate");
+ }
if (tlsbase->their_identity)
peer_cert = netsnmp_cert_find(NS_CERT_REMOTE_PEER,
@@ -566,11 +601,11 @@ sslctx_client_setup(const SSL_METHOD *me
peer_cert ? peer_cert->info.filename : "none"));
/* Trust the expected certificate */
- if (netsnmp_cert_trust_ca(the_ctx, peer_cert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, peer_cert) != SNMPERR_SUCCESS)
LOGANDDIE ("failed to set verify paths");
}
- /* trust a certificate (possibly a CA) aspecifically passed in */
+ /* trust a certificate (possibly a CA) specifically passed in */
if (tlsbase->trust_cert) {
if (!_trust_this_cert(the_ctx, tlsbase->trust_cert))
return 0;
@@ -589,7 +624,7 @@ sslctx_server_setup(const SSL_METHOD *me
/* setting up for ssl */
SSL_CTX *the_ctx = SSL_CTX_new(NETSNMP_REMOVE_CONST(SSL_METHOD *, method));
if (!the_ctx) {
- LOGANDDIE("can't create a new context");
+ LOGANDDIE("can't create a new server context");
}
id_cert = netsnmp_cert_find(NS_CERT_IDENTITY, NS_CERTKEY_DEFAULT, NULL);
@@ -597,7 +632,7 @@ sslctx_server_setup(const SSL_METHOD *me
LOGANDDIE ("error finding server identity keys");
if (!id_cert->key || !id_cert->key->okey)
- LOGANDDIE("failed to load private key");
+ LOGANDDIE("failed to load server private key");
DEBUGMSGTL(("sslctx_server", "using public key: %s\n",
id_cert->info.filename));
@@ -605,13 +640,19 @@ sslctx_server_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the server certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the server private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("server public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate server certificate");
+ }
SSL_CTX_set_read_ahead(the_ctx, 1); /* XXX: DTLS only? */

View File

@ -0,0 +1,12 @@
diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100
+++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100
@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

View File

@ -1,11 +1,12 @@
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
--- a/apps/Makefile.in 2018-07-18 15:39:28.069251000 +0200
+++ b/apps/Makefile.in 2018-07-18 15:54:52.261943123 +0200
@@ -230,7 +230,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX
diff --git a/apps/Makefile.in b/apps/Makefile.in
index d4529d3..175242b 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS)
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
$(RANLIB) $@

View File

@ -0,0 +1,28 @@
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86c..68b55d2 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
}
- b = strstr(buff, "SReclaimable: ");
- if (b)
- sscanf(b, "SReclaimable: %lu", &sreclaimable);
first = 0;

View File

@ -1,6 +1,7 @@
diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
--- a/man/netsnmp_config_api.3.def 2018-07-18 11:18:06.196792766 +0200
+++ b/man/netsnmp_config_api.3.def 2018-07-18 11:20:04.631679886 +0200
diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
index 90b20d9..bd5abe1 100644
--- a/man/netsnmp_config_api.3.def
+++ b/man/netsnmp_config_api.3.def
@@ -295,7 +295,7 @@ for one particular machine.
.PP
The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
@ -10,7 +11,7 @@ diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
followed by \fC $HOME/.snmp\fP.
This list can be changed by setting the environmental variable
.I SNMPCONFPATH
@@ -367,7 +367,7 @@ A colon separated list of directories to
@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration
files in.
Default:
.br
@ -19,10 +20,11 @@ diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
.SH "SEE ALSO"
netsnmp_mib_api(3), snmp_api(3)
.\" Local Variables:
diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def
--- a/man/snmp_config.5.def 2018-07-18 11:18:06.194792767 +0200
+++ b/man/snmp_config.5.def 2018-07-18 11:20:56.423626117 +0200
@@ -10,7 +10,7 @@ First off, there are numerous places tha
diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def
index fd30873..c3437d6 100644
--- a/man/snmp_config.5.def
+++ b/man/snmp_config.5.def
@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
found and read from. By default, the applications look for
configuration files in the following 4 directories, in order:
SYSCONFDIR/snmp,
@ -31,10 +33,11 @@ diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def
directories, it looks for files snmp.conf, snmpd.conf and/or
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
and/or snmptrapd.local.conf. *.local.conf are always
diff -urNp a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
--- a/man/snmpd.conf.5.def 2018-07-18 11:18:06.196792766 +0200
+++ b/man/snmpd.conf.5.def 2018-07-18 11:21:44.263574388 +0200
@@ -1559,7 +1559,7 @@ filename), and call the initialisation r
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
index 7ce8a46..a4000f9 100644
--- a/man/snmpd.conf.5.def
+++ b/man/snmpd.conf.5.def
@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
.RS
.IP "Note:"
If the specified PATH is not a fully qualified filename, it will

View File

@ -0,0 +1,84 @@
diff -urNp a/include/net-snmp/library/snmp_openssl.h b/include/net-snmp/library/snmp_openssl.h
--- a/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:55:39.829901038 +0200
+++ b/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:56:18.656412998 +0200
@@ -44,7 +44,6 @@ extern "C" {
/*
* misc
*/
- void netsnmp_openssl_err_log(const char *prefix);
void netsnmp_openssl_null_checks(SSL *ssl, int *nullAuth, int *nullCipher);
/*
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-09-15 07:55:39.785900458 +0200
+++ b/snmplib/snmp_openssl.c 2021-09-15 07:57:30.914417600 +0200
@@ -937,20 +937,6 @@ netsnmp_openssl_cert_issued_by(X509 *iss
return (X509_check_issued(issuer, cert) == X509_V_OK);
}
-
-#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
-void
-netsnmp_openssl_err_log(const char *prefix)
-{
- unsigned long err;
- for (err = ERR_get_error(); err; err = ERR_get_error()) {
- snmp_log(LOG_ERR,"%s: %ld\n", prefix ? prefix: "openssl error", err);
- snmp_log(LOG_ERR, "library=%d, function=%d, reason=%d\n",
- ERR_GET_LIB(err), ERR_GET_FUNC(err), ERR_GET_REASON(err));
- }
-}
-#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG */
-
void
netsnmp_openssl_null_checks(SSL *ssl, int *null_auth, int *null_cipher)
{
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-05-18 11:15:09.247472175 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-05-24 09:39:29.297494727 +0200
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
int openssl_local_index;
-#ifndef HAVE_ERR_GET_ERROR_ALL
-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
-static unsigned long ERR_get_error_all(const char **file, int *line,
- const char **func,
- const char **data, int *flags)
-{
- *func = NULL;
- return ERR_get_error_line_data(file, line, data, flags);
-}
-#endif
-
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con
ERR_reason_error_string(ERR_get_error()));
}
-
- /* other errors */
- while ((numerical_reason =
- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
- ERR_error_string(numerical_reason, NULL), file, func, line);
-
- /* if we have a text translation: */
- if (data && (flags & ERR_TXT_STRING)) {
- snmp_log(LOG_ERR, " Textual Error: %s\n", data);
- /*
- * per openssl man page: If it has been allocated by
- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
- *
- * arggh... stupid openssl prototype for ERR_get_error_line_data
- * wants a const char **, but returns something that we might
- * need to free??
- */
- if (flags & ERR_TXT_MALLOCED)
- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); }
- }
snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
}

View File

@ -0,0 +1,26 @@
diff --git a/agent/Makefile.in b/agent/Makefile.in
index b5d692d..1a30209 100644
--- a/agent/Makefile.in
+++ b/agent/Makefile.in
@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index 43f3b9c..d4529d3 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}

View File

@ -0,0 +1,38 @@
diff --git a/Makefile.in b/Makefile.in
index 912f6b2..862fb5f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -227,7 +227,7 @@ perlcleanfeatures:
# python specific build rules
#
-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
+PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
pythonmodules: subdirs
@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
if test $$? != 0 ; then \
diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
index daf11a4..3a30a64 100644
--- a/python/netsnmp/client.py
+++ b/python/netsnmp/client.py
@@ -56,7 +56,7 @@ class Varbind(object):
def __init__(self, tag=None, iid=None, val=None, type_arg=None):
self.tag = STR(tag)
self.iid = STR(iid)
- self.val = STR(val)
+ self.val = val
self.type = STR(type_arg)
# parse iid out of tag if needed
if iid is None and tag is not None:
@@ -66,7 +66,10 @@ class Varbind(object):
(self.tag, self.iid) = match.group(1, 2)
def __setattr__(self, name, val):
- self.__dict__[name] = STR(val)
+ if name == 'val':
+ self.__dict__[name] = val
+ else:
+ self.__dict__[name] = STR(val)
def __str__(self):
return obj_to_str(self)

View File

@ -0,0 +1,42 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2023-10-23 16:59:37.392368620 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2023-10-23 17:01:59.760640169 +0200
@@ -73,15 +73,21 @@ netsnmp_swinst_arch_init(void)
#endif
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+
+ /* check for SQLite DB backend */
+ snprintf( pkg_directory, SNMP_MAXPATH, "%s/rpmdb.sqlite", dbpath );
+
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+ snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
+ pkg_directory[0] = '\0';
+ }
+ }
SNMP_FREE(rpmdbpath);
dbpath = NULL;
#ifdef HAVE_RPMGETPATH
rpmFreeRpmrc();
#endif
- if (-1 == stat( pkg_directory, &stat_buf )) {
- snmp_log(LOG_ERR, "Can't find directory of RPM packages");
- pkg_directory[0] = '\0';
- }
}
void
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2023-10-23 16:59:37.391368611 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2023-10-23 17:02:47.159063503 +0200
@@ -229,6 +229,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath);
if (stat(path, &stat_buf) == -1)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
+ /* check for SQLite DB backend */
+ if (stat(path, &stat_buf) == -1)
+ snprintf(path, sizeof(path), "%s/rpmdb.sqlite", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;
swi->swi_directory = strdup(path);
#ifdef HAVE_RPMGETPATH

View File

@ -0,0 +1,31 @@
From 298c8103db80b292791616af4fd497342a71867f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Wed, 24 May 2023 10:49:41 +0200
Subject: [PATCH] libsnmp, UDP transport: Fix sendmsg() error code handling
This change has been made because of Linux kernel commit "ipv4: Return
-ENETUNREACH if we can't create route but saddr is valid"
(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=595e0651d029)
Fixes: https://github.com/net-snmp/net-snmp/issues/564
Fixes: https://github.com/net-snmp/net-snmp/pull/576
[ bvanassche: edited commit message ]
---
snmplib/transports/snmpUDPBaseDomain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
index ca8f9a5554..cd6b15e2ad 100644
--- a/snmplib/transports/snmpUDPBaseDomain.c
+++ b/snmplib/transports/snmpUDPBaseDomain.c
@@ -315,7 +315,7 @@ int netsnmp_udpbase_sendto_unix(int fd, const struct in_addr *srcip,
sizeof(struct sockaddr));
else
rc = sendmsg(fd, &m, MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

View File

@ -0,0 +1,110 @@
diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
index 6c07f74..7df0b51 100644
--- a/testing/fulltests/default/T070com2sec_simple
+++ b/testing/fulltests/default/T070com2sec_simple
@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- CHECKAGENT '<"c408a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 32: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+CHECKAGENT '<"c408a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 32: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
+ FINISHED
+fi
- CHECKAGENT '<"c408b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 33: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+CHECKAGENT '<"c408b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 33: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
fi
-
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
fi
FINISHED
diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
index 76da70b..bc2d432 100644
--- a/testing/fulltests/default/T071com2sec6_simple
+++ b/testing/fulltests/default/T071com2sec6_simple
@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- # 608
- CHECKAGENT '<"c608a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 29: Error:'
- errnum=`expr $errnum - 1`
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+# 608
+CHECKAGENT '<"c608a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 29: Error:'
+ errnum=`expr $errnum - 1`
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ FINISHED
+fi
- CHECKAGENTCOUNT atleastone '<"c608b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 30: Error:'
- if [ "$snmp_last_test_result" -eq 1 ] ; then
- errnum=`expr $errnum - 1`
- fi
+CHECKAGENTCOUNT atleastone '<"c608b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 30: Error:'
+ if [ "$snmp_last_test_result" -eq 1 ] ; then
+ errnum=`expr $errnum - 1`
fi
fi

View File

@ -0,0 +1,16 @@
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index e6f5b20..41a5e01 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -34,6 +34,11 @@
#if HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
+
+#if defined(HAVE_WINSOCK_H) && !defined(mingw32)
+static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
+#endif
+
#if HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif

View File

@ -0,0 +1,12 @@
diff --git a/agent/snmpd.c b/agent/snmpd.c
index ae73eda..f01b890 100644
--- a/agent/snmpd.c
+++ b/agent/snmpd.c
@@ -289,6 +289,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

View File

@ -0,0 +1,60 @@
From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 9 Jun 2021 14:19:46 -0700
Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1
Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()")
Fixes: https://github.com/net-snmp/net-snmp/issues/303
---
python/netsnmp/client_intf.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c
index e5e7372303..94da39fe34 100644
--- a/python/netsnmp/client_intf.c
+++ b/python/netsnmp/client_intf.c
@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args)
static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int varlist_ind, int sprintval_flag, int *len,
- char **str_buf)
+ char **str_buf, int getlabel_flag)
{
struct tree *tp;
int type;
@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int buf_over = 0;
const char *tag;
const char *iid;
- int getlabel_flag = NO_FLAGS;
if (!PyObject_HasAttrString(varbind, "tag"))
return TYPE_OTHER;
@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type,
varbind = PySequence_GetItem(varlist, varlist_ind);
type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag,
- &len, &str_buf);
+ &len, &str_buf, getlabel_flag);
if (type != TYPE_OTHER) {
/* save in return tuple as well */
if ((type == SNMP_ENDOFMIBVIEW) ||
@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varlist_ind,
- sprintval_flag, &len, &str_buf) !=
+ sprintval_flag, &len, &str_buf, getlabel_flag) !=
TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varbind_ind,
- sprintval_flag, &len, &str_buf) != TYPE_OTHER) {
+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
/* push varbind onto varbinds */

View File

@ -0,0 +1,120 @@
From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
From: Philippe Troin <phil+github-commits@fifi.org>
Date: Sat, 3 Feb 2024 10:30:30 -0800
Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
This breaks the hard-coded assumptions about the Ip line length.
Add compatibility to parse Linux 6.7 Ip header while keep support
for previous versions.
---
.../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++----
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
index 49e0a34d5c..f04e828a94 100644
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
}
/*
- /proc/net/snmp
+ /proc/net/snmp - Linux 6.6 and lower
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
Udp: InDatagrams NoPorts InErrors OutDatagrams
Udp: 1491094 122 0 1466178
+*
+ /proc/net/snmp - Linux 6.7 and higher
+
+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
+
+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
+
+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484
+
+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
+
+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ Udp: 2257832 1422 0 2252835 0 0 0 84 0
+
+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ UdpLite: 0 0 0 0 0 0 0 0 0
*/
@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
FILE *devin;
char line[1024];
netsnmp_systemstats_entry *entry = NULL;
- int scan_count;
+ int scan_count, expected_scan_count;
char *stats, *start = line;
int len;
- unsigned long long scan_vals[19];
+ unsigned long long scan_vals[20];
DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
load_flags));
@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
*/
NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
len = strlen(line);
- if (224 != len) {
+ switch (len) {
+ case 224:
+ expected_scan_count = 19;
+ break;
+ case 237:
+ expected_scan_count = 20;
+ break;
+ default:
fclose(devin);
snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
- " %d != 224\n", len);
+ " %d not in { 224, 237 } \n", len);
return -4;
}
@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
memset(scan_vals, 0x0, sizeof(scan_vals));
scan_count = sscanf(stats,
"%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
- "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
&scan_vals[0],&scan_vals[1],&scan_vals[2],
&scan_vals[3],&scan_vals[4],&scan_vals[5],
&scan_vals[6],&scan_vals[7],&scan_vals[8],
&scan_vals[9],&scan_vals[10],&scan_vals[11],
&scan_vals[12],&scan_vals[13],&scan_vals[14],
&scan_vals[15],&scan_vals[16],&scan_vals[17],
- &scan_vals[18]);
+ &scan_vals[18],&scan_vals[19]);
DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count));
- if(scan_count != 19) {
+ if(scan_count != expected_scan_count) {
snmp_log(LOG_ERR,
"error scanning systemstats data (expected %d, got %d)\n",
- 19, scan_count);
+ expected_scan_count, scan_count);
netsnmp_access_systemstats_entry_free(entry);
return -4;
}
@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
+ /* entry->stats. = scan_vals[19]; / * OutTransmits */
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;

View File

@ -16,47 +16,47 @@
arch=`arch`
echo $arch | grep -q i.86
if [ $? -eq 0 ] ; then
net-snmp-config-i386 $*
net-snmp-config-i386 "$@"
exit 0
fi
if [ "$arch" = "ia64" ] ; then
net-snmp-config-ia64 $*
net-snmp-config-ia64 "$@"
exit 0
fi
if [ "$arch" = "ppc" ] ; then
net-snmp-config-ppc $*
net-snmp-config-ppc "$@"
exit 0
fi
if [ "$arch" = "ppc64" ] ; then
net-snmp-config-ppc64 $*
net-snmp-config-ppc64 "$@"
exit 0
fi
if [ "$arch" = "s390" ] ; then
net-snmp-config-s390 $*
net-snmp-config-s390 "$@"
exit 0
fi
if [ "$arch" = "s390x" ] ; then
net-snmp-config-s390x $*
net-snmp-config-s390x "$@"
exit 0
fi
if [ "$arch" = "x86_64" ] ; then
net-snmp-config-x86_64 $*
net-snmp-config-x86_64 "$@"
exit 0
fi
if [ "$arch" = "alpha" ] ; then
net-snmp-config-alpha $*
net-snmp-config-alpha "$@"
exit 0
fi
if [ "$arch" = "sparc" ] ; then
net-snmp-config-sparc $*
net-snmp-config-sparc "$@"
exit 0
fi
if [ "$arch" = "sparc64" ] ; then
net-snmp-config-sparc64 $*
net-snmp-config-sparc64 "$@"
exit 0
fi
if [ "$arch" = "aarch64" ] ; then
net-snmp-config-aarch64 $*
net-snmp-config-aarch64 "$@"
exit 0
fi
echo "Cannot determine architecture"

View File

@ -5,12 +5,12 @@
%global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 aarch64
# actual soname version
%global soname 35
%global soname 40
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.8
Release: 30%{?dist}
Version: 5.9.1
Release: 17%{?dist}
Epoch: 1
License: BSD
@ -26,74 +26,57 @@ Source7: net-snmp-tmpfs.conf
Source8: snmpd.service
Source9: snmptrapd.service
Source10: IETF-MIB-LICENSE.txt
Patch1: net-snmp-5.7.2-pie.patch
Patch2: net-snmp-5.8-dir-fix.patch
Patch3: net-snmp-5.8-multilib.patch
Patch4: net-snmp-5.8-test-debug.patch
Patch5: net-snmp-5.7.2-autoreconf.patch
Patch6: net-snmp-5.8-agentx-disconnect-crash.patch
Patch7: net-snmp-5.7.2-cert-path.patch
Patch8: net-snmp-5.8-cflags.patch
Patch9: net-snmp-5.8-Remove-U64-typedef.patch
Patch10: net-snmp-5.8-libnetsnmptrapd-against-MYSQL_LIBS.patch
Patch11: net-snmp-5.7.3-iterator-fix.patch
Patch12: net-snmp-5.8-autofs-skip.patch
Patch13: net-snmp-5.8-usage-exit.patch
Patch14: net-snmp-5.8-coverity.patch
Patch15: net-snmp-5.8-ipv6-clientaddr.patch
Patch16: net-snmp-5.8-agent-of-death.patch
Patch17: net-snmp-5.8-trapsink.patch
Patch18: net-snmp-5.8-flood-messages.patch
Patch19: net-snmp-5.8-v3-forward.patch
Patch20: net-snmp-5.8-sec-counter.patch
Patch21: net-snmp-5.8-proxy-getnext.patch
Patch22: net-snmp-5.8-dskTable-dynamic.patch
Patch23: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch24: net-snmp-5.8-duplicate-ipAddress.patch
Patch25: net-snmp-5.8-memory-reporting.patch
Patch26: net-snmp-5.8-man-page.patch
Patch27: net-snmp-5.8-ipAddress-faster-load.patch
Patch28: net-snmp-5.8-rpm-memory-leak.patch
Patch29: net-snmp-5.8-sec-memory-leak.patch
Patch30: net-snmp-5.8-aes-config.patch
Patch31: net-snmp-5.7.2-CVE-2020-15862.patch
Patch32: net-snmp-5.8-bulk.patch
Patch33: net-snmp-5.8-clientaddr-error-message.patch
Patch34: net-snmp-5.8-ipv6-disabled.patch
Patch35: net-snmp-5.8-empty-passphrase.patch
Patch36: net-snmp-5.8-asn-parse-nlength.patch
Patch37: net-snmp-5.8-double-IP-parsing.patch
Patch38: net-snmp-5.8-digest-from-ECC.patch
Patch39: net-snmp-5.8-broken-errmsg.patch
Patch40: net-snmp-5.8-intermediate-certs.patch
Patch41: net-snmp-5.8-fix-cert-crash.patch
Patch42: net-snmp-5.8-engine-id.patch
Patch43: net-snmp-5.8-certs.patch
Patch44: net-snmp-5.8-util-fix.patch
Patch45: net-snmp-5.8-deleted-iface.patch
Patch46: net-snmp-5.8-memleak-backport.patch
Patch47: net-snmp-5.8-dev-mem-leak.patch
Patch48: net-snmp-5.8-CVE-2022-44792-44793.patch
Patch49: net-snmp-5.8-ipv6-disable-leak.patch
Patch50: net-snmp-5.8-proxy-time-out.patch
Patch51: net-snmp-5.8-sendmsg-error-code.patch
Patch52: net-snmp-5.8-memavailable.patch
Patch53: net-snmp-5.8-proxy.patch
Patch54: net-snmp-5.8-truncating-log-once.patch
Patch55: net-snmp-5.8-CVE-2022-24805-24810.patch
Patch1: net-snmp-5.9-pie.patch
Patch2: net-snmp-5.9-dir-fix.patch
Patch3: net-snmp-5.9-multilib.patch
Patch4: net-snmp-5.9-test-debug.patch
Patch5: net-snmp-5.7.2-cert-path.patch
Patch6: net-snmp-5.9-cflags.patch
Patch7: net-snmp-5.8-Remove-U64-typedef.patch
Patch8: net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch
Patch9: net-snmp-5.7.3-iterator-fix.patch
Patch10: net-snmp-5.9-autofs-skip.patch
Patch11: net-snmp-5.9-usage-exit.patch
Patch12: net-snmp-5.9-coverity.patch
Patch13: net-snmp-5.9-dskTable-dynamic.patch
Patch14: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch15: net-snmp-5.8-duplicate-ipAddress.patch
Patch16: net-snmp-5.9-memory-reporting.patch
Patch17: net-snmp-5.8-man-page.patch
Patch18: net-snmp-5.8-ipAddress-faster-load.patch
Patch19: net-snmp-5.8-rpm-memory-leak.patch
Patch20: net-snmp-5.9-aes-config.patch
Patch21: net-snmp-5.8-clientaddr-error-message.patch
Patch22: net-snmp-5.9-ECC-cert.patch
Patch23: net-snmp-5.9-intermediate-certs.patch
Patch24: net-snmp-5.9-twice-IP-parsing.patch
Patch25: net-snmp-5.9-openssl-3.0.patch
Patch26: net-snmp-5.9-CVE-2022-44792-44793.patch
Patch27: net-snmp-5.9-ipv6-disable-leak.patch
Patch28: net-snmp-5.9-sendmsg-error-code.patch
Patch29: net-snmp-5.9-message-severity.patch
Patch30: net-snmp-5.9-rpmdb.patch
Patch31: net-snmp-5.9-CVE-2022-24805-24810.patch
Patch32: net-snmp-5.9.4-kernel-6.7.patch
Patch33: net-snmp-5.9-deleted-iface.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
#disable this patch due compatibility issues
Patch102: net-snmp-5.9-python3.patch
Patch103: net-snmp-5.9.1-python-usenumeric.patch
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: gcc
# This is actually needed for the %%triggerun script but Requires(triggerun)
# is not valid. We can use %%post because this particular %%triggerun script
# should fire just after this package is installed.
%{?systemd_requires}
BuildRequires: systemd
BuildRequires: make
BuildRequires: systemd
BuildRequires: gcc
BuildRequires: openssl-devel, bzip2-devel, elfutils-devel
BuildRequires: libselinux-devel, elfutils-libelf-devel, rpm-devel
BuildRequires: perl-devel, perl(ExtUtils::Embed), procps
@ -103,7 +86,17 @@ BuildRequires: mariadb-connector-c-devel
# for netstat, needed by 'make test'
BuildRequires: net-tools
# for make test
BuildRequires: perl(:VERSION) >= 5.6
BuildRequires: perl(AutoLoader)
BuildRequires: perl(blib)
BuildRequires: perl(Carp)
BuildRequires: perl(DynaLoader)
BuildRequires: perl(Exporter)
BuildRequires: perl(overload)
BuildRequires: perl(strict)
BuildRequires: perl(TAP::Harness)
BuildRequires: perl(vars)
BuildRequires: perl(warnings)
%ifnarch s390 s390x ppc64le
BuildRequires: lm_sensors-devel >= 3
%endif
@ -124,7 +117,6 @@ which contains NET-SNMP utilities.
%package utils
Summary: Network management utilities using SNMP, from the NET-SNMP project
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: gcc
%description utils
The net-snmp-utils package contains various utilities for use with the
@ -143,7 +135,7 @@ Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel
Requires: lm_sensors-devel
%endif
# pull perl development libraries, net-snmp agent libraries may link to them
Requires: perl-devel%{?_isa}, gcc
Requires: perl-devel%{?_isa}
%description devel
The net-snmp-devel package contains the development libraries and
@ -159,6 +151,7 @@ packages installed.
Summary: The perl NET-SNMP module and the mib2c tool
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}, perl-interpreter
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: perl-interpreter
BuildRequires: perl-generators
@ -198,10 +191,23 @@ Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
The net-snmp-agent-libs package contains the runtime agent libraries for shared
binaries and applications.
%package -n python3-net-snmp
%{?python_provide:%python_provide python3-net-snmp}
# Remove before F30
Provides: %{name}-python = %{epoch}:%{version}-%{release}
Provides: %{name}-python%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-python < %{epoch}:%{version}-%{release}
Summary: The Python 'netsnmp' module for the Net-SNMP
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description -n python3-net-snmp
The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3,
SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the
Net-SNMP toolkit library.
%prep
%setup -q
cp %{SOURCE10} .
rm -r python
%ifnarch ia64
%patch1 -p1 -b .pie
@ -210,64 +216,42 @@ rm -r python
%patch2 -p1 -b .dir-fix
%patch3 -p1 -b .multilib
%patch4 -p1
%patch5 -p1 -b .autoreconf
%patch6 -p1 -b .agentx-disconnect-crash
%patch7 -p1 -b .cert-path
%patch8 -p1 -b .cflags
%patch9 -p1 -b .u64-remove
%patch10 -p1 -b .perlfix
%patch11 -p1 -b .iterator-fix
%patch12 -p1 -b .autofs-skip
%patch13 -p1 -b .usage-fix
%patch14 -p1 -b .coverity
%patch15 -p1 -b .ipv6-clientaddr
%patch16 -p1 -b .agent-of-death
%patch17 -p1 -b .trapsink
%patch18 -p1 -b .flood-messages
%patch19 -p1 -b .v3-forward
%patch20 -p1 -b .sec-counter
%patch21 -p1 -b .proxy-getnext
%patch22 -p1 -b .dskTable-dynamic
%patch23 -p1 -b .expand-SNMPCONFPATH
%patch24 -p1 -b .duplicate-ipAddress
%patch25 -p1 -b .memory-reporting
%patch26 -p1 -b .man-page
%patch27 -p1 -b .ipAddress-faster-load
%patch28 -p1 -b .rpm-memory-leak
%patch29 -p1 -b .sec-memory-leak
%patch30 -p1 -b .aes-config
%patch31 -p1 -b .CVE-2020-15862
%patch32 -p1 -b .bulk
%patch33 -p1 -b .clientaddr-error-message
%patch34 -p1 -b .ipv6-disabled
%patch35 -p1 -b .empty-passphrase
%patch36 -p1 -b .asn-parse-nlength
%patch37 -p1 -b .double-IP-parsing
%patch38 -p1 -b .digest-from-ECC
%patch39 -p1 -b .broken-errmsg
%patch40 -p1 -b .intermediate-certs
%patch41 -p1 -b .fix-cert-crash
%patch42 -p1 -b .engine-id
%patch43 -p1 -b .certs
%patch44 -p1 -b .utils
%patch45 -p1 -b .ifaces
%patch46 -p1 -b .memleak-backport
%patch47 -p1 -b .dev-mem-leak
%patch48 -p1
%patch49 -p1 -b .ipv6-disable-leak
%patch50 -p1 -b .proxy-time-out
%patch51 -p1 -b .sendmsg-error-code
%patch52 -p1 -b .memavailable
%patch53 -p1 -b .proxy
%patch54 -p1 -b .truncating-log-once
%patch55 -p1 -b .CVE-2022-24805-24810
%patch5 -p1 -b .cert-path
%patch6 -p1 -b .cflags
%patch7 -p1 -b .u64-remove
%patch8 -p1 -b .perlfix
%patch9 -p1 -b .iterator-fix
%patch10 -p1 -b .autofs-skip
%patch11 -p1 -b .usage-fix
%patch12 -p1 -b .coverity
%patch13 -p1 -b .dskTable-dynamic
%patch14 -p1 -b .expand-SNMPCONFPATH
%patch15 -p1 -b .duplicate-ipAddress
%patch16 -p1 -b .memory-reporting
%patch17 -p1 -b .man-page
%patch18 -p1 -b .ipAddress-faster-load
%patch19 -p1 -b .rpm-memory-leak
%patch20 -p1 -b .aes-config
%patch21 -p1 -b .clientaddr-error-message
%patch22 -p1 -b .ECC-cert
%patch23 -p1 -b .intermediate-certs
%patch24 -p1 -b .twice-IP-parsing
%patch25 -p1 -b .openssl-3-0
%patch26 -p1
%patch27 -p1 -b .ipv6-disable-leak
%patch28 -p1 -b .sendmsg-error-code
%patch29 -p1 -b .message-severity
%patch30 -p1 -b .rpmdb
%patch31 -p1 -b .CVE-2022-24805-24810
%patch32 -p1 -b .kernel-6.7-fix
%patch33 -p1 -b .iface
%patch101 -p1 -b .modern-rpm-api
%patch102 -p1
%patch103 -p1
%ifarch sparc64 s390 s390x
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
rm testing/fulltests/default/T200*
%endif
%build
@ -296,9 +280,10 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--enable-local-smux \
--enable-mfd-rewrites \
--enable-ucd-snmp-compatibility \
--disable-des \
--sysconfdir=%{_sysconfdir} \
--with-cflags="$RPM_OPT_FLAGS" \
--with-ldflags="-Wl,-z,relro -Wl,-z,now -lm" \
--with-cflags="$RPM_OPT_FLAGS -fPIE" \
--with-ldflags="$RPM_LD_FLAGS -lm" \
--with-logfile="/var/log/snmpd.log" \
--with-mib-modules="$MIBS" \
--with-mysql \
@ -311,7 +296,8 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--with-systemd \
--with-temp-file-pattern=/run/net-snmp/snmp-tmp-XXXXXX \
--with-transports="DTLSUDP TLSTCP" \
--with-sys-contact="root@localhost" <<EOF
--with-sys-contact="root@localhost" \
--without-pcre <<EOF
EOF
# store original libtool file, we will need it later
@ -321,11 +307,17 @@ sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
# the package is not %%_smp_mflags safe
make
%{__make}
# remove rpath from compiled perl libs
find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \;
# compile python module
pushd python
%{__python3} setup.py --basedir="../" build
popd
%install
make install DESTDIR=%{buildroot}
@ -381,6 +373,11 @@ rm -f README.aix README.hpux11 README.osX README.Panasonic_AM3X.txt README.solar
# copy missing mib2c.conf files
install -m 644 local/mib2c.*.conf %{buildroot}%{_datadir}/snmp
# install python module
pushd python
%{__python3} setup.py --basedir=.. install -O1 --skip-build --root %{buildroot}
popd
find %{buildroot} -name '*.so' | xargs chmod 0755
# trim down massive ChangeLog
@ -395,10 +392,6 @@ done
# remove executable bit from documentation samples
chmod 644 local/passtest local/ipf-mod.pl
# dirty hack for #603243, until it's fixed properly upstream
install -m 755 -d %{buildroot}/usr/include/net-snmp/agent/util_funcs
install -m 644 agent/mibgroup/util_funcs/*.h %{buildroot}/usr/include/net-snmp/agent/util_funcs
# systemd stuff
install -m 755 -d %{buildroot}/%{_tmpfilesdir}
install -m 644 %SOURCE7 %{buildroot}/%{_tmpfilesdir}/net-snmp.conf
@ -416,6 +409,7 @@ cp -f libtool.orig libtool
chmod 755 local/passtest
LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%endif
@ -469,7 +463,8 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%files devel
%{_libdir}/lib*.so
/usr/include/*
%{_libdir}/pkgconfig/*
%{_includedir}/*
%attr(0644,root,root) %{_mandir}/man3/*.3.*
%attr(0755,root,root) %{_bindir}/net-snmp-config*
%attr(0644,root,root) %{_mandir}/man1/net-snmp-config*.1.*
@ -493,6 +488,10 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{perl_vendorarch}/auto/Bundle/*SNMP*
%{perl_vendorarch}/Bundle/MakefileSubs.pm
%files -n python3-net-snmp
%doc README
%{python3_sitearch}/*
%files gui
%{_bindir}/tkmib
%attr(0644,root,root) %{_mandir}/man1/tkmib.1*
@ -515,124 +514,216 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
* Mon Mar 04 2024 Josef Ridky <jridky@redhat.com> - 1:5.8-30
- fix crash when configured as proxy - issue 82 (RHEL-14454)
- log once truncating issue (RHEL-13597)
* Tue Jul 16 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-17
- fix segfault with error on subcontainer (RHEL-46033)
* Fri Jun 21 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-16
- fix unexpected header length in /proc/net/snmp (RHEL-44357)
* Tue Apr 09 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-15
- fix changelog issue
* Tue Apr 09 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-14
- fix CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808,
CVE-2022-24809 and CVE-2022-24810 (RHEL-26650)
CVE-2022-24809 and CVE-2022-24810 (RHEL-26649)
* Tue Jan 23 2024 Josef Ridky <jridky@redhat.com> - 1:5.8-29
- backport MemAvailable report from upstream (RHEL-21780)
* Thu Oct 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-13
- add support for SQLite db background of rpm (RHEL-6854)
* Wed Aug 02 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-28
- fix sendmsg error code for new kernel (#2185787)
* Thu Oct 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-12
- fix message severity issue (RHEL-13960)
* Tue Jan 31 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-27
- fix memory leak due of proc file creating (#2105957)
- fix CVE-2022-44792 and CVE-2022-44793 (#2141901) and (#2141905)
- fix memory leak when ipv6 disable set to 1 (#2151537)
- fix proxy timeout issue (#2160723)
* Thu Aug 03 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-11
- fix python3 missing epoch
* Mon Oct 17 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-26
- backport two memory leaks from upstream (#2134635)
* Wed Aug 02 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-10
- fix sendmsg error code for new kernel (#2210892)
* Mon Feb 21 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-25
- fix segfault with error on subcontainer (#2051370)
* Wed Feb 15 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-9
- fix CVE-2022-44792 and CVE-2022-44793 (#2141902) and (#2141906)
- fix memory leak when ipv6 disable set to 1 (#2151540)
* Thu Dec 09 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-24
- fix dereferencing null pointer (#2021403)
* Thu Apr 07 2022 Josef Ridky <jridky@redhat.com> - 1:5.9.1-8
- fix default snmpd.conf file content (#2067954)
* Mon Oct 11 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-23
- net-snmp-cert gencert create SHA512 (#1908331)
* Wed Oct 13 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-7
- fix FTBFS due of OpenSSL update (#2001430)
* Mon Jun 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-22
- update engineTime when sending traps (#1973252)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9.1-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 09 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-21
- prevent parsing IP address twice (#1768908)
- add support for digests detected from ECC certs (#1919714)
- fix broken ErrorMsg at ucd-snmp (#1933150)
- add support for intermediate certs (#1914656)
- fix crash of certs with longer extension (#1908718)
* Fri Aug 6 2021 Florian Weimer <fweimer@redhat.com> - 1:5.9.1-5
- Rebuild to pick up new build flags from redhat-rpm-config (#1984652)
* Tue Jan 05 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-20
- fix issue with parsing of long traps (#1912242)
- modify fix for #1877375
* Mon Jul 19 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-4
- fix UseNumeric in Python library (#1970938)
* Tue Dec 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-19
- revert permission of config files to 600 (#1601060)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9.1-3
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Jun 03 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-2
- Upload new source tarball
* Thu May 27 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-1
- New upstream release 5.9.1 (#1964963)
* Wed May 26 2021 Josef Ridky <jridky@redhat.com> 1:5.9-11
- disable DES and port for OpenSSL 3.0 (#1958073)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9-10
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 15 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-9
- fix issue with parsing IPv4 address twice
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1:5.9-8
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Thu Feb 04 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-7
- remove file with unsupported license
- use make and make install macros
* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-6
- add support for digests detected from ECC certificates
- add support for intermediate certificates
- fix crash caused by small buffer size
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-4
- fix issue with parsing long trap headers (#1912725)
- fix error message when the address specified by clientaddr option
is wrong or cannot be bound (#1877375)
- log error with /proc/net/if_inet6 only when IPv6 is enabled (#1824367)
- fix issue with quoting empty passphrase (#1817225)
is wrong or cannot be bound
- fix issue with quoting empty passphrase
* Wed Nov 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18
- fix CVE-2020-15862 (#1875497)
- fix bulk responses for invalid PID (#1817190)
* Wed Nov 18 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-3
- update net-snmp-tmpfs.conf for /var/run to /run (#1893471)
* Tue Aug 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
- add math library in LDFLAGS (#1846252)
* Tue Sep 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-2
- Disable pcre binding
- Add support for available memory report
* Thu Jul 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-16
- remove file due licensing issues (#1690936)
* Mon Aug 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-1
- New upstream release 5.9
* Wed Jun 10 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-15
- proxied OIDs unspecified in proxy statement in snmpd.conf (#1658134)
- UCD-SNMP-MIB::dskTable doesn't update dynamically (#1658185)
- expand SNMPCONFPATH variable (#1660146)
- remove file with Apple license (#1690936)
- log meningful message on duplicate IP address (#1692286)
- memory reporting adjustment (#1695497 and #1766521)
- fix typos in man page (#1700262)
- speedup ipAddressTable loading(#1700391)
- fix memory leak when shut down librpm (#1763008)
- services starts after network-online.target (#1775304)
- add missing part of memory leak patch (#1829860)
- add support for AES192 and AES256 (#1846252)
* Tue Aug 04 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-25
- link math library to fix FTBFS for hplip (#1863855)
* Mon Mar 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-14
- fix double free or corruption error when freeing security context (#1809077)
- remove deprecated CFLAG
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Feb 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-13
- fix double free or corruption error (#1726373)
* Tue Jul 07 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-23
- change /var/run/net-snmp to /run/net-snmp (#1737631)
* Wed Nov 06 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-12
- fix tmpfiles path (#1710784)
* Tue Jul 07 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-22
- proxied OIDs unspecified in proxy statement in snmpd.conf
- UCD-SNMP-MIB::dskTable doesn't update dynamically
- expand SNMPCONFPATH variable
- log meningful message on duplicate IP address
- memory reporting adjustment
- fix typos in man page
- speedup ipAddressTable loading
- fix memory leak when shut down librpm
- services starts after network-online.target
- add missing part of memory leak patch
- add support for AES192 and AES256
- fix net-snmp-config wrapper script (#1815984)
* Tue Oct 15 2019 Jiri Kucera <jkucera@redhat.com> - 1:5.8-11
- fix issue with flood messages (#1719350)
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.8-21
- Perl 5.32 rebuild
* Thu Jun 27 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-10
- fix trapsink port issue (#1677192)
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-20
- Rebuilt for Python 3.9
* Fri May 24 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-9
- rebuild for autoconf
* Thu Apr 09 2020 Josef Ridky <jridky@redhat.com> -1:5.8-19
- update skip_autofs patch (#1810104)
- exit snmpd after snmpd -h command
- fix issues found by coverity scan
- fix issue with flood messages
- fix double free or corruption error when freeing security context
* Tue May 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-8
- fix daemon crash on resend request (#1694047)
* Tue Mar 24 2020 Petr Pisar <ppisar@redhat.com> - 1:5.8-18
- Build-require Perl dependencies for running the tests
* Thu Feb 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-7
- fix address assigning for IPv6 clientaddr option (#1672668)
* Wed Feb 26 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
- fix config error with RPM library (#1807274)
* Wed Dec 05 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-6
- fix discovered issues from coverity scan (#1602630)
* Mon Feb 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-16
- set net-snmp-devel as requirement for net-snmp-perl
* Thu Oct 04 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-5
- exit snmpd after snmpd -h command (#1634811)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Sep 25 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-4
- fix annocheck distro flag failures (#1624151)
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-14
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Tue Sep 04 2018 Josh Boyer <jwboyer@redhat.com> - 1:5.8-3
- Change gcc Requires to BuildRequires (#1625189)
* Thu Sep 19 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-13
- Fix snmpv3 trap forwarding (#1753506)
* Mon Aug 13 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
- fix default configuration file (#1589480 and #1594147)
- modify permissions for config files (#1601060)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-12
- Rebuilt for Python 3.8
* Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
- remove python package and update to the last upstream version (#1584510)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jun 28 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-10
- remove file with unsupported license
- fix daemon crash on resend request (#1663027)
- fix issue with trapsink default port
* Mon Jun 10 22:13:21 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:5.8-9
- Rebuild for RPM 4.15
* Mon Jun 10 15:42:03 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:5.8-8
- Rebuild for RPM 4.15
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.8-7
- Perl 5.30 rebuild
* Thu Feb 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-6
- fix IPv6 address assignment for clientaddr option (#1673272)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:5.8-4
- Rebuilt for libcrypt.so.2 (#1666033)
* Tue Nov 27 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-3
- backport memory leak fixes from upstream
- add fPIE to CFLAGS (#1543853)
- use default LDFLAGS
* Mon Jul 23 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
- fix unresoved error with mysql functions
- implement changes to announce soname changes
* Wed Jul 18 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
- New upstream release 5.8
- remove APSL downstream patch due this copyright is already
coveret by part 8 in COPYING file
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.7.3-42
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat Jul 07 2018 Miro Hrončok <mhroncok@redhat.com> - 1:5.7.3-41
- Rebuilt for Python 3.7
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.7.3-40
- Perl 5.28 rebuild
* Mon May 21 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-39
- python3 support draft
* Mon May 21 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-38
- revert Python3 support
* Tue Mar 27 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-37
- backport upstream patch for structure iterator
* Thu Mar 08 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-36
- CVE-2018-1000116 Heap corruption in snmp_pdu_parse (#1552844)