rpms
/
net-snmp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:c9
rpms:c8s
rpms:imports/c9/net-snmp-5.9.1-11.el9_3.1
rpms:imports/c8/net-snmp-5.8-28.el8
rpms:imports/c8/net-snmp-5.8-27.el8_8.1
rpms:imports/c8-beta/net-snmp-5.8-28.el8
rpms:imports/c9/net-snmp-5.9.1-11.el9_2
rpms:imports/c8/net-snmp-5.8-27.el8
rpms:imports/c9/net-snmp-5.9.1-9.el9
rpms:imports/c9-beta/net-snmp-5.9.1-9.el9
rpms:imports/c8-beta/net-snmp-5.8-27.el8
rpms:imports/c8s/net-snmp-5.8-27.el8
rpms:imports/c8/net-snmp-5.8-25.el8_7.1
rpms:imports/c8s/net-snmp-5.8-26.el8
rpms:imports/c9-beta/net-snmp-5.9.1-7.el9_0.1
rpms:imports/c9/net-snmp-5.9.1-7.el9_0.1
rpms:imports/c9/net-snmp-5.9.1-7.el9
rpms:imports/c8/net-snmp-5.8-25.el8
rpms:imports/c8-beta/net-snmp-5.8-25.el8
rpms:imports/c8s/net-snmp-5.8-25.el8
rpms:imports/c8s/net-snmp-5.8-24.el8
rpms:imports/c9-beta/net-snmp-5.9.1-7.el9
rpms:imports/c9-beta/net-snmp-5.9.1-4.el9
rpms:imports/c8/net-snmp-5.8-22.el8
rpms:imports/c8s/net-snmp-5.8-23.el8
rpms:imports/c8-beta/net-snmp-5.8-22.el8
rpms:imports/c8-beta/net-snmp-5.8-20.el8
rpms:imports/c8-beta/net-snmp-5.8-15.el8
rpms:imports/c8-beta/net-snmp-5.8-12.el8
rpms:imports/c8-beta/net-snmp-5.8-9.el8
rpms:imports/c8s/net-snmp-5.8-22.el8
rpms:imports/c8s/net-snmp-5.8-21.el8
rpms:imports/c8s/net-snmp-5.8-20.el8
rpms:imports/c8s/net-snmp-5.8-19.el8
rpms:imports/c8s/net-snmp-5.8-17.el8
rpms:imports/c8/net-snmp-5.8-20.el8
rpms:imports/c8/net-snmp-5.8-18.el8_3.1
rpms:imports/c8/net-snmp-5.8-17.el8
rpms:imports/c8/net-snmp-5.8-14.el8_2.1
rpms:imports/c8/net-snmp-5.8-14.el8
...
pull from: rpms:c9s
Branches Tags
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:c9
rpms:c8
rpms:c8s
rpms:imports/c9/net-snmp-5.9.1-11.el9_3.1
rpms:imports/c8/net-snmp-5.8-28.el8
rpms:imports/c8/net-snmp-5.8-27.el8_8.1
rpms:imports/c8-beta/net-snmp-5.8-28.el8
rpms:imports/c9/net-snmp-5.9.1-11.el9_2
rpms:imports/c8/net-snmp-5.8-27.el8
rpms:imports/c9/net-snmp-5.9.1-9.el9
rpms:imports/c9-beta/net-snmp-5.9.1-9.el9
rpms:imports/c8-beta/net-snmp-5.8-27.el8
rpms:imports/c8s/net-snmp-5.8-27.el8
rpms:imports/c8/net-snmp-5.8-25.el8_7.1
rpms:imports/c8s/net-snmp-5.8-26.el8
rpms:imports/c9-beta/net-snmp-5.9.1-7.el9_0.1
rpms:imports/c9/net-snmp-5.9.1-7.el9_0.1
rpms:imports/c9/net-snmp-5.9.1-7.el9
rpms:imports/c8/net-snmp-5.8-25.el8
rpms:imports/c8-beta/net-snmp-5.8-25.el8
rpms:imports/c8s/net-snmp-5.8-25.el8
rpms:imports/c8s/net-snmp-5.8-24.el8
rpms:imports/c9-beta/net-snmp-5.9.1-7.el9
rpms:imports/c9-beta/net-snmp-5.9.1-4.el9
rpms:imports/c8/net-snmp-5.8-22.el8
rpms:imports/c8s/net-snmp-5.8-23.el8
rpms:imports/c8-beta/net-snmp-5.8-22.el8
rpms:imports/c8-beta/net-snmp-5.8-20.el8
rpms:imports/c8-beta/net-snmp-5.8-15.el8
rpms:imports/c8-beta/net-snmp-5.8-12.el8
rpms:imports/c8-beta/net-snmp-5.8-9.el8
rpms:imports/c8s/net-snmp-5.8-22.el8
rpms:imports/c8s/net-snmp-5.8-21.el8
rpms:imports/c8s/net-snmp-5.8-20.el8
rpms:imports/c8s/net-snmp-5.8-19.el8
rpms:imports/c8s/net-snmp-5.8-17.el8
rpms:imports/c8/net-snmp-5.8-20.el8
rpms:imports/c8/net-snmp-5.8-18.el8_3.1
rpms:imports/c8/net-snmp-5.8-17.el8
rpms:imports/c8/net-snmp-5.8-14.el8_2.1
rpms:imports/c8/net-snmp-5.8-14.el8

No commits in common. "c8" and "c9s" have entirely different histories.
c8 ... c9s

92 changed files with 1581 additions and 2677 deletions
Show Stats Expand all files Collapse all files

11
.gitignore vendored
View File

@ -1 +1,10 @@
SOURCES/net-snmp-5.8.tar.gz
net-snmp-5.5.tar.gz
/net-snmp-5.6.tar.gz
/net-snmp-5.6.1.tar.gz
/net-snmp-5.7.tar.gz
/net-snmp-5.7.1.tar.gz
/net-snmp-5.7.2.tar.gz
/net-snmp-5.7.3.tar.gz
/net-snmp-5.8.tar.gz
/net-snmp-5.9.tar.gz
/net-snmp-5.9.1.tar.gz

1
.net-snmp.metadata
View File

@ -1 +0,0 @@
81654b086af051edbe7e03ba49672aa0c2ab1d38 SOURCES/net-snmp-5.8.tar.gz

28
0001-Link-libnetsnmptrapd-against-MYSQL_LIBS.patch Normal file
View File

@ -0,0 +1,28 @@
From 9432f629e66e4f9500f6335eab3ad427f84523b2 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Thu, 20 Jul 2017 10:31:47 -0700
Subject: [PATCH] Link libnetsnmptrapd against MYSQL_LIBS
When building with MySQL (MariaDB) support, this library must
be linked against the MySQL client library, or else it will
have unresolved symbols.
---
apps/Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/Makefile.in b/apps/Makefile.in
index 77404dd89..7da434522 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -204,7 +204,7 @@ snmpdf$(EXEEXT): snmpdf.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS)
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
$(RANLIB) $@
snmpinforminstall:
--
2.13.0

0
SOURCES/IETF-MIB-LICENSE.txt → IETF-MIB-LICENSE.txt
View File

70
SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch
View File

@ -1,70 +0,0 @@
diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c
--- old/agent/mibgroup/agent/extend.c 2020-11-11 12:41:46.377115142 +0100
+++ new/agent/mibgroup/agent/extend.c 2020-11-11 12:50:28.047142105 +0100
@@ -16,6 +16,12 @@
#define SHELLCOMMAND 3
#endif
+/* This mib is potentially dangerous to turn on by default, since it
+ * allows arbitrary commands to be set by anyone with SNMP WRITE
+ * access to the MIB table. If all of your users are "root" level
+ * users, then it may be safe to turn on. */
+#define ENABLE_EXTEND_WRITE_ACCESS 0
+
netsnmp_feature_require(extract_table_row_data)
netsnmp_feature_require(table_data_delete_table)
#ifndef NETSNMP_NO_WRITE_SUPPORT
@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
*
**********/
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
case MODE_SET_RESERVE1:
/*
* Validate the new assignments
@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
break;
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
default:
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
/*
* If we're marking a given row as active,
* then we need to check that it's ready.
@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
@@ -1571,7 +1577,7 @@ fixExec2Error(int action,
idx = name[name_len-1] -1;
exten = &compatability_entries[ idx ];
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
switch (action) {
case MODE_SET_RESERVE1:
if (var_val_type != ASN_INTEGER) {
@@ -1592,7 +1598,7 @@ fixExec2Error(int action,
case MODE_SET_COMMIT:
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */

10
SOURCES/net-snmp-5.7.2-autoreconf.patch
View File

@ -1,10 +0,0 @@
926223 - net-snmp: Does not support aarch64 in f19 and rawhide
Update autoconf version to make the test suite happy.
diff -up net-snmp-5.7.2/dist/autoconf-version.autoreconf net-snmp-5.7.2/dist/autoconf-version
--- net-snmp-5.7.2/dist/autoconf-version.autoreconf 2013-03-25 13:00:15.002745347 +0100
+++ net-snmp-5.7.2/dist/autoconf-version 2013-03-25 13:00:17.207736442 +0100
@@ -1 +1 @@
-2.68
+2.69

128
SOURCES/net-snmp-5.7.2-pie.patch
View File

@ -1,128 +0,0 @@
diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in
--- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200
@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@
diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in
--- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200
@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
--- a/apps/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/Makefile.in 2018-09-25 09:38:18.361298461 +0200
@@ -156,37 +156,37 @@ OTHERUNINSTALL=snmpinformuninstall snmpt
# build rules
#
snmpwalk$(EXEEXT): snmpwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkwalk$(EXEEXT): snmpbulkwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkget$(EXEEXT): snmpbulkget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptranslate$(EXEEXT): snmptranslate.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpstatus$(EXEEXT): snmpstatus.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpget$(EXEEXT): snmpget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdelta$(EXEEXT): snmpdelta.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptable$(EXEEXT): snmptable.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpinform$(EXEEXT): snmptrap$(EXEEXT)
rm -f snmpinform
@@ -197,34 +197,34 @@ snmptop$(EXEEXT): snmpps$(EXEEXT)
$(LN_S) snmpps$(EXEEXT) snmptop$(EXEEXT)
snmpset$(EXEEXT): snmpset.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpusm$(EXEEXT): snmpusm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpvacm$(EXEEXT): snmpvacm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptls$(EXEEXT): snmptls.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
agentxtrap$(EXEEXT): agentxtrap.$(OSUFFIX) $(USEAGENTLIBS)
$(LINK) ${CFLAGS} -o $@ agentxtrap.$(OSUFFIX) ${LDFLAGS} $(USEAGENTLIBS) $(PERLLDOPTS_FOR_APPS) ${LIBS}
snmpgetnext$(EXEEXT): snmpgetnext.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
encode_keychange$(EXEEXT): encode_keychange.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdf$(EXEEXT): snmpdf.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpps$(EXEEXT): snmpps.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
snmpping$(EXEEXT): snmpping.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
+ $(LINK) ${CFLAGS} -o $@ -pie snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
diff -urNp a/apps/snmpnetstat/Makefile.in b/apps/snmpnetstat/Makefile.in
--- a/apps/snmpnetstat/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/snmpnetstat/Makefile.in 2018-09-25 09:39:30.406458117 +0200
@@ -34,4 +34,4 @@ LIBS= ../../snmplib/libnetsnmp.$(LIB_EX
all: standardall
snmpnetstat$(EXEEXT): ${LOBJS} ${USELIBS}
- ${LINK} ${CFLAGS} -o $@ ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}
+ ${LINK} ${CFLAGS} -o $@ -pie ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}

100
SOURCES/net-snmp-5.8-aes-config.patch
View File

@ -1,100 +0,0 @@
From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 27 Apr 2020 08:23:16 -0700
Subject: [PATCH] configure: Report supported authentication and encryption
modes correctly
Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
protocol constants handling") added support for several AES encryption modes.
Make the configure script report which modes are supported.
---
configure | 15 ++++++++++++++-
configure.d/config_os_misc2 | 15 ++++++++++++++-
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 46402589f..7481ebd07 100755
--- a/configure
+++ b/configure
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
$as_echo "Internal Crypto Support" >&6; }
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -26492,6 +26498,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
index 1df9bf0a2..be0bccec0 100644
--- a/configure.d/config_os_misc2
+++ b/configure.d/config_os_misc2
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
AC_MSG_RESULT(Internal Crypto Support)
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -86,6 +92,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
AC_SUBST(LNETSNMPLIBS)
AC_SUBST(LAGENTLIBS)
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200
+++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200
@@ -58,11 +58,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ DES|AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ des|aes|aes128|aes192|aes256)
Xalgorithm=`echo $1 | tr a-z A-Z`
shift
;;

122
SOURCES/net-snmp-5.8-agent-of-death.patch
View File

@ -1,122 +0,0 @@
diff -urNp a/agent/agent_trap.c b/agent/agent_trap.c
--- a/agent/agent_trap.c 2019-02-13 13:10:36.862269252 +0100
+++ b/agent/agent_trap.c 2019-02-13 15:02:11.396042356 +0100
@@ -174,6 +174,11 @@ _trap_version_incr(int version)
case SNMP_VERSION_3:
++_v2_sessions;
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
@@ -201,6 +206,11 @@ _trap_version_decr(int version)
_v2_sessions = 0;
}
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
diff -urNp old/agent/mibgroup/agentx/master.c new/agent/mibgroup/agentx/master.c
--- old/agent/mibgroup/agentx/master.c 2019-04-03 12:13:55.115769783 +0200
+++ new/agent/mibgroup/agentx/master.c 2019-04-10 09:49:53.277168497 +0200
@@ -280,6 +280,11 @@ agentx_got_response(int operation,
netsnmp_free_delegated_cache(cache);
return 0;
+ case NETSNMP_CALLBACK_OP_RESEND:
+ DEBUGMSGTL(("agentx/master", "resend on session %8p req=0x%x\n",
+ session, (unsigned)reqid));
+ return 0;
+
case NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE:
/*
* This session is alive
diff -urNp old/snmplib/snmp_api.c new/snmplib/snmp_api.c
--- old/snmplib/snmp_api.c 2019-04-24 00:28:34.904357292 +0200
+++ new/snmplib/snmp_api.c 2019-04-24 00:24:40.101830685 +0200
@@ -352,6 +352,7 @@ static int snmpv3_build(u_char ** p
netsnmp_pdu *pdu);
static int snmp_parse_version(u_char *, size_t);
static int snmp_resend_request(struct session_list *slp,
+ netsnmp_request_list *orp,
netsnmp_request_list *rp,
int incr_retries);
static void register_default_handlers(void);
@@ -5717,7 +5718,7 @@ _sess_process_packet_handle_pdu(void *se
* * inifinite resend
*/
if (rp->retries <= sp->retries) {
- snmp_resend_request(slp, rp, TRUE);
+ snmp_resend_request(slp, orp, rp, TRUE);
break;
} else {
/* We're done with retries, so no longer waiting for a response */
@@ -6662,9 +6663,22 @@ snmp_timeout(void)
snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION);
}
+static void
+remove_request(struct snmp_internal_session *isp,
+ netsnmp_request_list *orp, netsnmp_request_list *rp)
+{
+ if (orp)
+ orp->next_request = rp->next_request;
+ else
+ isp->requests = rp->next_request;
+ if (isp->requestsEnd == rp)
+ isp->requestsEnd = orp;
+ snmp_free_pdu(rp->pdu);
+}
+
static int
-snmp_resend_request(struct session_list *slp, netsnmp_request_list *rp,
- int incr_retries)
+snmp_resend_request(struct session_list *slp, netsnmp_request_list *orp,
+ netsnmp_request_list *rp, int incr_retries)
{
struct snmp_internal_session *isp;
netsnmp_session *sp;
@@ -6731,9 +6745,11 @@ snmp_resend_request(struct session_list
sp->s_snmp_errno = SNMPERR_BAD_SENDTO;
sp->s_errno = errno;
snmp_set_detail(strerror(errno));
- if (rp->callback)
+ if (rp->callback) {
rp->callback(NETSNMP_CALLBACK_OP_SEND_FAILED, sp,
rp->pdu->reqid, rp->pdu, rp->cb_data);
+ remove_request(isp, orp, rp);
+ }
return -1;
} else {
netsnmp_get_monotonic_clock(&now);
@@ -6813,19 +6829,12 @@ snmp_sess_timeout(void *sessp)
callback(NETSNMP_CALLBACK_OP_TIMED_OUT, sp,
rp->pdu->reqid, rp->pdu, magic);
}
- if (orp)
- orp->next_request = rp->next_request;
- else
- isp->requests = rp->next_request;
- if (isp->requestsEnd == rp)
- isp->requestsEnd = orp;
- snmp_free_pdu(rp->pdu);
+ remove_request(isp, orp, rp);
freeme = rp;
continue; /* don't update orp below */
} else {
- if (snmp_resend_request(slp, rp, TRUE)) {
+ if (snmp_resend_request(slp, orp, rp, TRUE))
break;
- }
}
}
orp = rp;

12
SOURCES/net-snmp-5.8-agentx-disconnect-crash.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/agent/mibgroup/agentx/master.c b/agent/mibgroup/agentx/master.c
--- a/agent/mibgroup/agentx/master.c 2018-07-18 12:13:49.953014652 +0200
+++ b/agent/mibgroup/agentx/master.c 2018-07-18 12:20:23.537626773 +0200
@@ -221,7 +221,7 @@ agentx_got_response(int operation,
/* response is too late, free the cache */
if (magic)
netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic);
- return 0;
+ return 1;
}
requests = cache->requests;

86
SOURCES/net-snmp-5.8-asn-parse-nlength.patch
View File

@ -1,86 +0,0 @@
From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 12:21:59 -0800
Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
Handle length zero correctly.
Fixes: https://github.com/net-snmp/net-snmp/issues/253
Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
---
snmplib/asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
index e983500e7..33c272768 100644
--- a/snmplib/asn1.c
+++ b/snmplib/asn1.c
@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
* long length; first byte is length of length (after masking high bit)
*/
len_len = (int) ((*pkt & ~0x80) + 1);
- if ((int) pkt_len <= len_len )
+ if (pkt_len < len_len)
return NULL; /* still too short for length and data */
/* now we know we have enough data to parse length */
From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 10:00:33 -0800
Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
test
Add a reproducer for the bug fixed by the previous patch.
---
.../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++
1 file changed, 41 insertions(+)
create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
new file mode 100644
index 000000000..5c21ccdc7
--- /dev/null
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
@@ -0,0 +1,41 @@
+/* HEADER Parsing of an SNMP trap with no varbinds */
+netsnmp_pdu pdu;
+int rc;
+static u_char trap_pdu[] = {
+ /* Sequence with length of 0x2d = 45 bytes. */
+ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
+ /* version = INTEGER 0 */
+ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
+ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
+ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
+ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
+ /* SNMP_MSG_TRAP; 32 bytes. */
+ [15] = 0xa4, [16] = 0x20,
+ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
+ [17] = 0x06, [18] = 0x08,
+ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
+ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
+ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
+ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
+ [31] = 0x01, [32] = 0x22,
+ /* generic-trap = INTEGER 0 */
+ [33] = 0x02, [34] = 0x01, [35] = 0x00,
+ /* specific-trap = INTEGER 0 */
+ [36] = 0x02, [37] = 0x01, [38] = 0x00,
+ /* ASN_TIMETICKS 0x117f243a */
+ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
+ [43] = 0x24, [44] = 0x3a,
+ /* varbind list */
+ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
+};
+static size_t trap_pdu_length = sizeof(trap_pdu);
+netsnmp_session session;
+
+snmp_set_do_debugging(TRUE);
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
+memset(&session, 0, sizeof(session));
+snmp_sess_init(&session);
+memset(&pdu, 0, sizeof(pdu));
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
+
+OKF((rc == 0), ("Parsing of a trap PDU"));

199
SOURCES/net-snmp-5.8-autofs-skip.patch
View File

@ -1,199 +0,0 @@
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntctl.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:15:46.782859398 +0200
@@ -43,8 +43,9 @@ _fsys_type( int type)
case MNT_NFS:
case MNT_NFS3:
- case MNT_AUTOFS:
return NETSNMP_FS_TYPE_NFS;
+ case MNT_AUTOFS:
+ return NETSNMP_FS_TYPE_AUTOFS;
/*
* The following code covers selected filesystems
@@ -156,10 +157,12 @@ netsnmp_fsys_arch_load( void )
/*
* Optionally skip retrieving statistics for remote mounts
+ * AUTOFS is skipped by default
*/
- if ( (entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
+ if ( ((entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
- NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
+ NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES)) ||
+ entry->type == (NETSNMP_FS_TYPE_AUTOFS))
continue;
if ( statfs( entry->path, &stat_buf ) < 0 ) {
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:15:46.782859398 +0200
@@ -150,6 +150,13 @@ _fsys_type( char *typename )
!strcmp(typename, MNTTYPE_LOFS))
return NETSNMP_FS_TYPE_OTHER;
+ /* Detection of AUTOFS.
+ * This file system will be ignored by default
+ */
+ else if ( !strcmp(typename, MNTTYPE_AUTOFS))
+ return NETSNMP_FS_TYPE_AUTOFS;
+
+
/*
* All other types are silently skipped
*/
@@ -239,6 +246,10 @@ netsnmp_fsys_arch_load( void )
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
continue;
+ /* Skip AUTOFS enteries */
+ if ( entry->type == (NETSNMP_FS_TYPE_AUTOFS))
+ continue;
+
#ifdef irix6
if ( NSFS_STATFS( entry->path, &stat_buf, sizeof(struct statfs), 0) < 0 )
#else
diff -urNp b/agent/mibgroup/hardware/fsys/mnttypes.h net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h
--- b/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:15:46.782859398 +0200
@@ -165,6 +165,9 @@
#ifndef MNTTYPE_APP
#define MNTTYPE_APP "app"
#endif
+#ifndef MNTTYPE_AUTOFS
+#define MNTTYPE_AUTOFS "autofs"
+#endif
#ifndef MNTTYPE_DEVPTS
#define MNTTYPE_DEVPTS "devpts"
#endif
diff -urNp b/agent/mibgroup/host/hr_filesys.c net-snmp-5.8/agent/mibgroup/host/hr_filesys.c
--- b/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:15:46.783859399 +0200
@@ -834,6 +834,27 @@ Check_HR_FileSys_NFS (void)
return 0; /* no NFS file system */
}
+/* This function checks whether current file system is an AutoFs
+ * HRFS_entry must be valid prior to calling this function
+ * return 1 if AutoFs, 0 otherwise
+ */
+int
+Check_HR_FileSys_AutoFs (void)
+{
+#if HAVE_GETFSSTAT
+ if ( HRFS_entry->HRFS_type != NULL &&
+#if defined(MNTTYPE_AUTOFS)
+ !strcmp( HRFS_entry->HRFS_type, MNTTYPE_AUTOFS)
+#else
+ !strcmp( HRFS_entry->HRFS_type, "autofs")
+#endif
+ )
+#endif /* HAVE_GETFSSTAT */
+ return 1; /* AUTOFS */
+
+ return 0; /* no AUTOFS */
+}
+
void
End_HR_FileSys(void)
{
diff -urNp b/agent/mibgroup/host/hr_filesys.h net-snmp-5.8/agent/mibgroup/host/hr_filesys.h
--- b/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:15:46.784859400 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_filesys.c net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c
--- b/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:15:46.785859402 +0200
@@ -429,3 +429,9 @@ Check_HR_FileSys_NFS (void)
{
return (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) ? 1 : 0;
}
+
+int
+Check_HR_FileSys_AutoFs (void)
+{
+ return (HRFS_entry->type == (NETSNMP_FS_TYPE_AUTOFS)) ? 1 : 0;
+}
diff -urNp b/agent/mibgroup/host/hrh_filesys.h net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h
--- b/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:15:46.785859402 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrhfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_storage.c net-snmp-5.8/agent/mibgroup/host/hrh_storage.c
--- b/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -367,9 +367,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (store_idx <= NETSNMP_MEM_TYPE_MAX ) {
mem = (netsnmp_memory_info*)ptr;
@@ -508,7 +509,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/agent/mibgroup/host/hr_storage.c net-snmp-5.8/agent/mibgroup/host/hr_storage.c
--- b/agent/mibgroup/host/hr_storage.c 2018-07-18 16:12:20.670499644 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (HRFS_statfs(HRFS_entry->HRFS_mount, &stat_buf) < 0) {
snmp_log_perror(HRFS_entry->HRFS_mount);
@@ -683,7 +684,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/include/net-snmp/agent/hardware/fsys.h net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h
--- b/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:12:20.649499726 +0200
+++ net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:19:33.994918912 +0200
@@ -41,6 +41,7 @@ typedef struct netsnmp_fsys_info_s netsn
#define NETSNMP_FS_TYPE_SYSFS (4 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_TYPE_TMPFS (5 | _NETSNMP_FS_TYPE_LOCAL)
#define NETSNMP_FS_TYPE_USBFS (6 | _NETSNMP_FS_TYPE_LOCAL)
+#define NETSNMP_FS_TYPE_AUTOFS (7 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_FLAG_ACTIVE 0x01
#define NETSNMP_FS_FLAG_REMOTE 0x02

90
SOURCES/net-snmp-5.8-broken-errmsg.patch
View File

@ -1,90 +0,0 @@
diff -urNp a/agent/mibgroup/host/hrh_filesys.c b/agent/mibgroup/host/hrh_filesys.c
--- a/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:30:07.744455758 +0200
+++ b/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:32:50.657160232 +0200
@@ -219,6 +219,7 @@ var_hrhfilesys(struct variable *vp,
{
int fsys_idx;
static char *string;
+ static char empty_str[1];
fsys_idx =
header_hrhfilesys(vp, name, length, exact, var_len, write_method);
@@ -235,7 +236,7 @@ var_hrhfilesys(struct variable *vp,
*var_len = 0;
if (asprintf(&string, "%s", HRFS_entry->path) >= 0)
*var_len = strlen(string);
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_RMOUNT:
free(string);
if (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) {
@@ -245,7 +246,7 @@ var_hrhfilesys(struct variable *vp,
string = strdup("");
}
*var_len = string ? strlen(string) : 0;
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_TYPE:
fsys_type_id[fsys_type_len - 1] =
diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:30:07.728455689 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:34:32.722597366 +0200
@@ -842,6 +842,7 @@ var_extensible_disk(struct variable *vp,
struct dsk_entry entry;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
int i;
for (i = 0; i < numdisks; i++){
@@ -950,7 +951,7 @@ tryAgain:
*var_len = strlen(errmsg);
}
}
- return (u_char *) (errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/disk_hw.c b/agent/mibgroup/ucd-snmp/disk_hw.c
--- a/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:30:07.727455684 +0200
+++ b/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:35:53.420943010 +0200
@@ -314,6 +314,7 @@ var_extensible_disk(struct variable *vp,
unsigned long long val;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
netsnmp_cache *cache;
/* Update the fsys H/W module */
@@ -432,7 +433,7 @@ tryAgain:
>= 0)) {
*var_len = strlen(errmsg);
}
- return (u_char *) errmsg;
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/proc.c b/agent/mibgroup/ucd-snmp/proc.c
--- a/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:30:07.725455676 +0200
+++ b/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:37:31.143361548 +0200
@@ -267,7 +267,7 @@ var_extensible_proc(struct variable *vp,
struct myproc *proc;
static long long_ret;
static char *errmsg;
-
+ static char empty_str[1];
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numprocs))
@@ -330,7 +330,7 @@ var_extensible_proc(struct variable *vp,
}
}
*var_len = errmsg ? strlen(errmsg) : 0;
- return ((u_char *) errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
case ERRORFIX:
*write_method = fixProcError;
long_return = fixproc.result;

51
SOURCES/net-snmp-5.8-bulk.patch
View File

@ -1,51 +0,0 @@
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-09-29 14:08:09.821479662 +0200
+++ b/snmplib/snmp_api.c 2020-10-01 10:15:46.607374362 +0200
@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session
session->retries = SNMP_DEFAULT_RETRIES;
session->version = SNMP_DEFAULT_VERSION;
session->securityModel = SNMP_DEFAULT_SECMODEL;
- session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
+ session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
session->sndMsgMaxSize = netsnmp_max_send_msg_size();
session->flags |= SNMP_FLAGS_DONT_PROBE;
}
@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
/*
* build a scopedPDU structure into spdu_buf
*/
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "ScopedPdu");
cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
&spdu_hdr_e);
@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
*/
DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
if (pdu_data) {
+ if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
+ snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
+ __func__, pdu_data_len, sizeof(spdu_buf));
+ return -1;
+ }
memcpy(cp, pdu_data, pdu_data_len);
cp += pdu_data_len;
} else {
@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
* re-encode the actual ASN.1 length of the scopedPdu
*/
spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
if (asn_build_sequence(spdu_buf, &spdu_buf_len,
(u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
spdu_len) == NULL)
@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
* message - the entire message to transmitted on the wire is returned
*/
cp = NULL;
- *out_length = SNMP_MAX_MSG_SIZE;
+ *out_length = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
sptr = find_sec_mod(pdu->securityModel);
if (sptr && sptr->encode_forward) {

12
SOURCES/net-snmp-5.8-certs.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/local/net-snmp-cert b/local/net-snmp-cert
--- a/local/net-snmp-cert 2021-10-11 09:08:53.451970484 +0200
+++ b/local/net-snmp-cert 2021-10-11 09:11:36.765386413 +0200
@@ -1002,7 +1002,7 @@ sub make_openssl_conf {
rdir = .
dir = $ENV::DIR
RANDFILE = $rdir/.rand
-MD = sha1
+MD = sha512
KSIZE = 2048
CN = net-snmp.org
EMAIL = admin@net-snmp.org

112
SOURCES/net-snmp-5.8-cflags.patch
View File

@ -1,112 +0,0 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/agent/default_store/Makefile.PL b/perl/agent/default_store/Makefile.PL
--- a/perl/agent/default_store/Makefile.PL 2018-07-18 13:43:12.170426290 +0200
+++ b/perl/agent/default_store/Makefile.PL 2018-07-18 13:51:31.812176486 +0200
@@ -83,7 +83,7 @@ sub AgentDefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Makefile.PL b/perl/agent/Makefile.PL
--- a/perl/agent/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Makefile.PL 2018-07-18 13:52:53.884973275 +0200
@@ -98,7 +98,7 @@ sub AgentInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . $Params{'LIBS'};
# $Params{'PREREQ_PM'} = {'NetSNMP::OID' => '0.1'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Support/Makefile.PL b/perl/agent/Support/Makefile.PL
--- a/perl/agent/Support/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Support/Makefile.PL 2018-07-18 13:53:11.414929921 +0200
@@ -90,7 +90,7 @@ sub SupportInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/ASN/Makefile.PL b/perl/ASN/Makefile.PL
--- a/perl/ASN/Makefile.PL 2018-07-18 13:43:12.171426287 +0200
+++ b/perl/ASN/Makefile.PL 2018-07-18 13:53:46.652842822 +0200
@@ -93,7 +93,7 @@ sub AsnInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/default_store/Makefile.PL b/perl/default_store/Makefile.PL
--- a/perl/default_store/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/default_store/Makefile.PL 2018-07-18 13:54:20.814758441 +0200
@@ -83,7 +83,7 @@ sub DefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/OID/Makefile.PL b/perl/OID/Makefile.PL
--- a/perl/OID/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/OID/Makefile.PL 2018-07-18 13:54:43.348702811 +0200
@@ -90,7 +90,7 @@ sub OidInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = {'SNMP' => '5.0'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/SNMP/Makefile.PL b/perl/SNMP/Makefile.PL
--- a/perl/SNMP/Makefile.PL 2018-07-18 13:43:12.173426282 +0200
+++ b/perl/SNMP/Makefile.PL 2018-07-18 13:55:07.220643903 +0200
@@ -103,7 +103,7 @@ sub SnmpInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = { 'NetSNMP::default_store' => 0.01 };
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if (!$ENV{'NETSNMP_PREFIX'}) {
$prefix = `$opts->{'nsconfig'} --prefix`;
diff -urNp a/perl/TrapReceiver/Makefile.PL b/perl/TrapReceiver/Makefile.PL
--- a/perl/TrapReceiver/Makefile.PL 2018-07-18 13:43:12.172426285 +0200
+++ b/perl/TrapReceiver/Makefile.PL 2018-07-18 13:55:43.100647233 +0200
@@ -132,7 +132,7 @@ sub TrapReceiverInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . " $Params{'LIBS'}";
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";

68
SOURCES/net-snmp-5.8-coverity.patch
View File

@ -1,68 +0,0 @@
diff -urNp a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
--- a/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 10:43:38.722444233 +0200
+++ b/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 11:01:46.503253963 +0200
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
diff -urNp a/agent/mibgroup/hardware/cpu/cpu_linux.c b/agent/mibgroup/hardware/cpu/cpu_linux.c
--- a/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 10:43:38.697444449 +0200
+++ b/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 11:12:07.109024625 +0200
@@ -122,6 +122,7 @@ int netsnmp_cpu_arch_load( netsnmp_cache
bsize = getpagesize()-1;
buff = (char*)malloc(bsize+1);
if (buff == NULL) {
+ close(statfd);
return -1;
}
}
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 10:43:38.711444328 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 11:16:45.532231535 +0200
@@ -543,15 +543,18 @@ netsnmp_access_ipaddress_extra_prefix_in
status = send (sd, &req, req.nlhdr.nlmsg_len, 0);
if (status < 0) {
snmp_log(LOG_ERR, "could not send netlink request\n");
+ close(sd);
return -1;
}
status = recv (sd, buf, sizeof(buf), 0);
if (status < 0) {
snmp_log (LOG_ERR, "could not recieve netlink request\n");
+ close(sd);
return -1;
}
if (status == 0) {
snmp_log (LOG_ERR, "nothing to read\n");
+ close(sd);
return -1;
}
for (nlmp = (struct nlmsghdr *)buf; status > sizeof(*nlmp); ){
@@ -561,11 +564,13 @@ netsnmp_access_ipaddress_extra_prefix_in
if (req_len < 0 || len > status) {
snmp_log (LOG_ERR, "invalid netlink message\n");
+ close(sd);
return -1;
}
if (!NLMSG_OK (nlmp, status)) {
snmp_log (LOG_ERR, "invalid NLMSG message\n");
+ close(sd);
return -1;
}
rtmp = (struct ifaddrmsg *)NLMSG_DATA(nlmp);

41
SOURCES/net-snmp-5.8-deleted-iface.patch
View File

@ -1,41 +0,0 @@
diff -up net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c
--- net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original 2022-02-02 15:06:29.382119898 +0900
+++ net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c 2022-02-02 15:15:39.298280447 +0900
@@ -600,7 +600,6 @@ netsnmp_arch_interface_container_load(ne
{
FILE *devin;
char line[256];
- netsnmp_interface_entry *entry = NULL;
static char scan_expected = 0;
int fd;
#ifdef NETSNMP_ENABLE_IPV6
@@ -669,6 +668,7 @@ netsnmp_arch_interface_container_load(ne
* and retrieve (or create) the corresponding data structure.
*/
while (fgets(line, sizeof(line), devin)) {
+ netsnmp_interface_entry *entry = NULL;
char *stats, *ifstart = line;
u_int flags;
oid if_index;
@@ -701,6 +701,11 @@ netsnmp_arch_interface_container_load(ne
*stats++ = 0; /* null terminate name */
if_index = netsnmp_arch_interface_index_find(ifstart);
+ if (if_index == 0) {
+ DEBUGMSGTL(("access:interface", "network interface %s is gone",
+ ifstart));
+ continue;
+ }
/*
* set address type flags.
@@ -726,7 +731,7 @@ netsnmp_arch_interface_container_load(ne
continue;
}
- entry = netsnmp_access_interface_entry_create(ifstart, 0);
+ entry = netsnmp_access_interface_entry_create(ifstart, if_index);
if(NULL == entry) {
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

35
SOURCES/net-snmp-5.8-dev-mem-leak.patch
View File

@ -1,35 +0,0 @@
From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:21:16 -0700
Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
The Linux kernel regenerates proc files in their entirety every time a 4 KiB
boundary is crossed. This can result in reading the same network interface
twice if network information changes while it is being read. Fix a memory
leak that can be triggered if /proc/net/dev changes while being read.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e99360a216..215b30e806 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
/*
* add to container
*/
- CONTAINER_INSERT(container, entry);
+ if (CONTAINER_INSERT(container, entry) != 0) {
+ netsnmp_interface_entry *existing =
+ CONTAINER_FIND(container, entry);
+ NETSNMP_LOGONCE((LOG_WARNING,
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ entry->index, existing ? existing->name : "(?)",
+ entry->name));
+ netsnmp_access_interface_entry_free(entry);
+ }
}
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

12
SOURCES/net-snmp-5.8-dir-fix.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2018-07-18 11:11:53.227015237 +0200
+++ b/net-snmp-create-v3-user.in 2018-07-18 11:12:13.375010176 +0200
@@ -137,7 +137,7 @@ fi
echo $line >> $outfile
prefix="@prefix@"
datarootdir="@datarootdir@"
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " " $line

48
SOURCES/net-snmp-5.8-double-IP-parsing.patch
View File

@ -1,48 +0,0 @@
From 1bb941d6fcd7ac2db5a54b95ee0ed07ec9861e70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Fri, 12 Mar 2021 10:15:30 +0100
Subject: [PATCH] Prevent parsing IP address twice (#199)
This fixes issue, that is caused by parsing IP address twice.
First as IPv4 and as IPv6 at second, even thow the address was
properly parsed as a valid IPv4 address.
---
snmplib/transports/snmpUDPDomain.c | 2 +-
snmplib/transports/snmpUDPIPv6Domain.c | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index b96497f3a3..b594a389b9 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -387,7 +387,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
/* Nope, wasn't a dotted quad. Must be a hostname. */
int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
if (ret < 0) {
- config_perror("cannot resolve source hostname");
+ config_perror("cannot resolve IPv4 source hostname");
return;
}
}
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index 238c8a9d63..7db19c5c02 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -736,7 +736,15 @@ netsnmp_udp6_parse_security(const char *token, char *param)
memset(&pton_addr.sin6_addr.s6_addr, '\0',
sizeof(struct in6_addr));
} else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) {
- /* Nope, wasn't a numeric address. Must be a hostname. */
+ /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */
+
+ /* Try interpreting as dotted quad - IPv4 */
+ struct in_addr network;
+ if (inet_pton(AF_INET, sourcep, &network) > 0){
+ /* Yes, it's IPv4 - so it's already parsed and we can return. */
+ DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n"));
+ return;
+ }
#if HAVE_GETADDRINFO
int gai_error;

30
SOURCES/net-snmp-5.8-empty-passphrase.patch
View File

@ -1,30 +0,0 @@
From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
From: Josef Ridky <jridky@redhat.com>
Date: Wed, 18 Nov 2020 20:54:34 -0800
Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
See also https://github.com/net-snmp/net-snmp/issues/86.
Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
Reported-by: Chris Cheney
---
net-snmp-create-v3-user.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 452c2699d..31b4c58c1 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -120,7 +120,11 @@ fi
fi
outdir="@PERSISTENT_DIRECTORY@"
outfile="$outdir/snmpd.conf"
-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+if test "x$xpassphrase" = "x" ; then
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
+else
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+fi
echo "adding the following line to $outfile:"
echo " " $line
# in case it hasn't ever been started yet, start it.

25
SOURCES/net-snmp-5.8-engine-id.patch
View File

@ -1,25 +0,0 @@
From 79f014464ba761e2430cc767b021993ab9379822 Mon Sep 17 00:00:00 2001
From: Wes Hardaker <opensource@hardakers.net>
Date: Tue, 8 Jan 2019 08:52:29 -0800
Subject: [PATCH] NEWS: snmptrap: BUG: 2899: Patch from Drew Roedersheimer to
set library engineboots/time values before sending
---
apps/snmptrap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/apps/snmptrap.c b/apps/snmptrap.c
index d16d2fa671..12808d07e4 100644
--- a/apps/snmptrap.c
+++ b/apps/snmptrap.c
@@ -237,6 +237,9 @@ main(int argc, char *argv[])
session.engineBoots = 1;
if (session.engineTime == 0) /* not really correct, */
session.engineTime = get_uptime(); /* but it'll work. Sort of. */
+
+ set_enginetime(session.securityEngineID, session.securityEngineIDLen,
+ session.engineBoots, session.engineTime, TRUE);
}
ss = snmp_add(&session,

67
SOURCES/net-snmp-5.8-fix-cert-crash.patch
View File

@ -1,67 +0,0 @@
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-06-09 12:38:23.196037329 +0200
+++ b/snmplib/snmp_openssl.c 2021-06-09 12:44:11.782503048 +0200
@@ -284,31 +284,30 @@ _cert_get_extension(X509_EXTENSION *oex
}
if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
snmp_log(LOG_ERR, "could not print extension!\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
space = BIO_get_mem_data(bio, &data);
if (buf && *buf) {
- if (*len < space)
- buf_ptr = NULL;
- else
- buf_ptr = *buf;
+ if (*len < space +1) {
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
+ goto out;
+ }
+ buf_ptr = *buf;
+ } else {
+ buf_ptr = calloc(1, space + 1);
}
- else
- buf_ptr = calloc(1,space + 1);
if (!buf_ptr) {
- snmp_log(LOG_ERR,
- "not enough space or error in allocation for extenstion\n");
- BIO_vfree(bio);
- return NULL;
+ snmp_log(LOG_ERR, "error in allocation for extenstion\n");
+ goto out;
}
memcpy(buf_ptr, data, space);
buf_ptr[space] = 0;
if (len)
*len = space;
+out:
BIO_vfree(bio);
return buf_ptr;
@@ -479,7 +478,7 @@ netsnmp_openssl_cert_dump_extensions(X50
{
X509_EXTENSION *extension;
const char *extension_name;
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
int i, num_extensions, buf_len, nid;
if (NULL == ocert)
@@ -499,6 +498,11 @@ netsnmp_openssl_cert_dump_extensions(X50
extension_name = OBJ_nid2sn(nid);
buf_len = sizeof(buf);
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
+ if (!str) {
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
+ extension_name));
+ continue;
+ }
lf = strchr(str, '\n'); /* look for multiline strings */
if (NULL != lf)
*lf = '\0'; /* only log first line of multiline here */

26
SOURCES/net-snmp-5.8-flood-messages.patch
View File

@ -1,26 +0,0 @@
From cd09fd82522861830aaf9d237b26eef5f9ba50d2 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 21 Nov 2018 20:47:42 -0800
Subject: [PATCH] MIB-II: Only log once that opening /proc/net/if_inet6 failed
If IPv6 has been disabled (ipv6.disable=1) then opening /proc/net/if_inet6
fails. Only log this once instead of thousand of times a day.
Reported-by: Fif <lefif@users.sourceforge.net>
---
agent/mibgroup/ip-mib/data_access/ipaddress_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
index 5ddead3e0..280575ce3 100644
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
@@ -234,7 +234,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- snmp_log_perror("ipaddress_linux: could not open " PROCFILE);
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
return -2;
}

12
SOURCES/net-snmp-5.8-ipv6-clientaddr.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
--- a/snmplib/transports/snmpUDPIPv6Domain.c 2019-01-24 09:03:05.606441678 +0100
+++ b/snmplib/transports/snmpUDPIPv6Domain.c 2019-02-07 08:59:26.434587244 +0100
@@ -464,7 +464,7 @@ netsnmp_udp6_transport(const struct sock
NETSNMP_DS_LIB_CLIENT_ADDR);
if (client_socket) {
struct sockaddr_in6 client_addr;
- if(!netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
+ if(netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
return netsnmp_udp6_transport_with_source(addr, local,
&client_addr);
}

38
SOURCES/net-snmp-5.8-ipv6-disable-leak.patch
View File

@ -1,38 +0,0 @@
diff -up net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
--- net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 2022-10-13 11:10:12.206072210 +0200
+++ net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c 2022-10-13 11:10:40.893111569 +0200
@@ -566,6 +566,7 @@ _systemstats_v6_load_systemstats(netsnmp
DEBUGMSGTL(("access:systemstats",
"Failed to load Systemstats Table (linux1), cannot open %s\n",
filename));
+ netsnmp_access_systemstats_entry_free(entry);
return 0;
}
diff --git a/agent/mibgroup/ucd-snmp/lmsensorsMib.c b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
index f709812fdc..ef93eeedc9 100644
--- a/agent/mibgroup/ucd-snmp/lmsensorsMib.c
+++ b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
@@ -94,7 +94,9 @@ initialize_lmSensorsTable(const char *tableName, const oid *tableOID,
netsnmp_table_helper_add_indexes(table_info, ASN_INTEGER, 0);
table_info->min_column = COLUMN_LMSENSORS_INDEX;
table_info->max_column = COLUMN_LMSENSORS_VALUE;
- netsnmp_container_table_register( reg, table_info, container, 0 );
+ if (netsnmp_container_table_register(reg, table_info, container, 0) !=
+ SNMPERR_SUCCESS)
+ return;
/*
* If the HAL sensors module was configured as an on-demand caching
diff -up net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 net-snmp-5.7.2/snmplib/snmp_logging.c
--- net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 2022-10-13 11:11:25.599172905 +0200
+++ net-snmp-5.7.2/snmplib/snmp_logging.c 2022-10-13 11:12:26.986257126 +0200
@@ -534,7 +534,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

31
SOURCES/net-snmp-5.8-ipv6-disabled.patch
View File

@ -1,31 +0,0 @@
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-09-29 14:08:09.742478965 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-10-01 14:20:25.575174851 +0200
@@ -19,6 +19,7 @@
#include <errno.h>
#include <sys/ioctl.h>
+#include <sys/stat.h>
netsnmp_feature_require(prefix_info)
netsnmp_feature_require(find_prefix_info)
@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+
+ /*
+ * If PROCFILE exists, but isn't readable, file ERROR message.
+ * Otherwise log nothing, due of IPv6 support on this machine is
+ * intentionaly disabled/unavailable.
+ */
+
+ struct stat filestat;
+
+ if(stat(PROCFILE, &filestat) == 0){
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+ }
return -2;
}

92
SOURCES/net-snmp-5.8-memleak-backport.patch
View File

@ -1,92 +0,0 @@
From c6facf2f080c9e1ea803e4884dc92889ec83d990 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Wed, 10 Oct 2018 21:42:35 -0700
Subject: [PATCH] snmplib/keytools: Fix a memory leak
Avoid that Valgrind reports the following memory leak:
17,328 bytes in 361 blocks are definitely lost in loss record 696 of 704
at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
by 0x52223B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x52DDB06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x4E9885D: generate_Ku (keytools.c:186)
by 0x40171F: asynchronous (leaktest.c:276)
by 0x400FE7: main (leaktest.c:356)
---
snmplib/keytools.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/snmplib/keytools.c b/snmplib/keytools.c
index 2cf0240abf..dcdae044ac 100644
--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
@@ -186,11 +186,15 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
ctx = EVP_MD_CTX_create();
#else
ctx = malloc(sizeof(*ctx));
- if (!EVP_MD_CTX_init(ctx))
- return SNMPERR_GENERR;
+ if (!EVP_MD_CTX_init(ctx)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#endif
- if (!EVP_DigestInit(ctx, hashfn))
- return SNMPERR_GENERR;
+ if (!EVP_DigestInit(ctx, hashfn)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#elif NETSNMP_USE_INTERNAL_CRYPTO
#ifndef NETSNMP_DISABLE_MD5
From 67726f2a74007b5b4117fe49ca1e02c86110b624 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Tue, 9 Oct 2018 23:28:25 +0000
Subject: [PATCH] snmplib: Fix a memory leak in scapi.c
This patch avoids that Valgrind reports the following leak:
==1069== 3,456 bytes in 72 blocks are definitely lost in loss record 1,568 of 1,616
==1069== at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==1069== by 0x70A63B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x7161B06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x4EA3017: sc_hash (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1CD8: hash_engineID (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1DEC: search_enginetime_list (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA2256: set_enginetime (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC495E: usm_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC58CA: usm_secmod_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7B91D: snmpv3_parse (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7C1F6: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7CE94: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
[ bvanassche: minimized diffs / edited commit message ]
---
snmplib/scapi.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/snmplib/scapi.c b/snmplib/scapi.c
index 8ad1d70d90..54310099d8 100644
--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
/* requested hash function is not available */
- return SNMPERR_SC_NOT_CONFIGURED;
+ rval = SNMPERR_SC_NOT_CONFIGURED;
+ goto sc_hash_type_quit;
}
/** pass the data */
@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
+
+sc_hash_type_quit:
#if defined(HAVE_EVP_MD_CTX_FREE)
EVP_MD_CTX_free(cptr);
#elif defined(HAVE_EVP_MD_CTX_DESTROY)

35
SOURCES/net-snmp-5.8-memory-reporting.patch
View File

@ -1,35 +0,0 @@
diff -urNp a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
--- a/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:36:40.164588176 +0200
+++ b/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:38:59.398944829 +0200
@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
ssize_t bytes_read;
char *b;
unsigned long memtotal = 0, memfree = 0, memshared = 0,
- buffers = 0, cached = 0,
+ buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
netsnmp_memory_info *mem;
@@ -127,6 +127,13 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -183,7 +190,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (!mem->descr)
mem->descr = strdup("Cached memory");
mem->units = 1024;
- mem->size = cached;
+ mem->size = cached+sreclaimable;
mem->free = 0; /* Report cached size/used as equal */
mem->other = -1;
}

12
SOURCES/net-snmp-5.8-proxy-getnext.patch
View File

@ -1,12 +0,0 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
--- a/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:24:24.933347483 +0200
+++ b/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:25:49.007148474 +0200
@@ -460,7 +460,7 @@ proxy_handler(netsnmp_mib_handler *handl
if (sp->base_len &&
reqinfo->mode == MODE_GETNEXT &&
(snmp_oid_compare(ourname, ourlength,
- sp->base, sp->base_len) < 0)) {
+ sp->name, sp->name_len) < 0)) {
DEBUGMSGTL(( "proxy", "request is out of registered range\n"));
/*
* Create GETNEXT request with an OID so the

33
SOURCES/net-snmp-5.8-proxy-time-out.patch
View File

@ -1,33 +0,0 @@
From 6fd7499ccaafdf244a74306972562b2091cb91b1 Mon Sep 17 00:00:00 2001
From: fisabelle <fisabelle@broadsoft.com>
Date: Thu, 9 Jul 2020 15:49:35 -0400
Subject: [PATCH] Issue#147: Net-SNMP not responding when proxy requests times
out
---
agent/mibgroup/ucd-snmp/proxy.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index 24ae9322bd..e0ee96b29a 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -572,6 +572,17 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
}
switch (operation) {
+ case NETSNMP_CALLBACK_OP_RESEND:
+ /*
+ * Issue#147: Net-SNMP not responding when proxy requests times out
+ *
+ * When snmp_api issue a resend, the default case was hit and the
+ * delagated cache was freed.
+ * As a result, the NETSNMP_CALLBACK_OP_TIMED_OUT never came in.
+ */
+ DEBUGMSGTL(("proxy", "pdu has been resent for request = %8p\n", requests));
+ return SNMP_ERR_NOERROR;
+
case NETSNMP_CALLBACK_OP_TIMED_OUT:
/*
* WWWXXX: don't leave requests delayed if operation is

146
SOURCES/net-snmp-5.8-sec-counter.patch
View File

@ -1,146 +0,0 @@
diff -urNp a/include/net-snmp/library/snmpusm.h b/include/net-snmp/library/snmpusm.h
--- a/include/net-snmp/library/snmpusm.h 2020-03-16 09:54:29.883655600 +0100
+++ b/include/net-snmp/library/snmpusm.h 2020-03-16 09:55:24.142944520 +0100
@@ -43,6 +43,7 @@ extern "C" {
* Structures.
*/
struct usmStateReference {
+ int refcnt;
char *usr_name;
size_t usr_name_length;
u_char *usr_engine_id;
diff -urNp a/snmplib/snmp_client.c b/snmplib/snmp_client.c
--- a/snmplib/snmp_client.c 2020-03-16 09:54:29.892655813 +0100
+++ b/snmplib/snmp_client.c 2020-03-16 09:58:13.214021890 +0100
@@ -402,27 +402,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
return NULL;
}
- if (pdu->securityStateRef &&
- pdu->command == SNMP_MSG_TRAP2) {
-
- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
- (struct usmStateReference **) &newpdu->securityStateRef );
-
- if (ret)
- {
+ sptr = find_sec_mod(newpdu->securityModel);
+ if (sptr && sptr->pdu_clone) {
+ /* call security model if it needs to know about this */
+ ret = sptr->pdu_clone(pdu, newpdu);
+ if (ret) {
snmp_free_pdu(newpdu);
return NULL;
}
}
- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
- sptr->pdu_clone != NULL) {
- /*
- * call security model if it needs to know about this
- */
- (*sptr->pdu_clone) (pdu, newpdu);
- }
-
return newpdu;
}
diff -urNp a/snmplib/snmpusm.c b/snmplib/snmpusm.c
--- a/snmplib/snmpusm.c 2020-03-16 09:54:29.894655860 +0100
+++ b/snmplib/snmpusm.c 2020-03-16 10:03:38.870027530 +0100
@@ -285,43 +285,64 @@ free_enginetime_on_shutdown(int majorid,
struct usmStateReference *
usm_malloc_usmStateReference(void)
{
- struct usmStateReference *retval = (struct usmStateReference *)
- calloc(1, sizeof(struct usmStateReference));
+ struct usmStateReference *retval;
+
+ retval = calloc(1, sizeof(struct usmStateReference));
+ if (retval)
+ retval->refcnt = 1;
return retval;
} /* end usm_malloc_usmStateReference() */
+static int
+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
+{
+ struct usmStateReference *ref = pdu->securityStateRef;
+ struct usmStateReference **new_ref =
+ (struct usmStateReference **)&new_pdu->securityStateRef;
+ int ret = 0;
+
+ if (!ref)
+ return ret;
+
+ if (pdu->command == SNMP_MSG_TRAP2) {
+ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
+ ret = usm_clone_usmStateReference(ref, new_ref);
+ } else {
+ netsnmp_assert(ref == *new_ref);
+ ref->refcnt++;
+ }
+
+ return ret;
+}
+
void
usm_free_usmStateReference(void *old)
{
- struct usmStateReference *old_ref = (struct usmStateReference *) old;
+ struct usmStateReference *ref = old;
- if (old_ref) {
+ if (!ref)
+ return;
- if (old_ref->usr_name_length)
- SNMP_FREE(old_ref->usr_name);
- if (old_ref->usr_engine_id_length)
- SNMP_FREE(old_ref->usr_engine_id);
- if (old_ref->usr_auth_protocol_length)
- SNMP_FREE(old_ref->usr_auth_protocol);
- if (old_ref->usr_priv_protocol_length)
- SNMP_FREE(old_ref->usr_priv_protocol);
-
- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
- SNMP_FREE(old_ref->usr_auth_key);
- }
- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
- SNMP_FREE(old_ref->usr_priv_key);
- }
+ if (--ref->refcnt > 0)
+ return;
- SNMP_ZERO(old_ref, sizeof(*old_ref));
- SNMP_FREE(old_ref);
+ SNMP_FREE(ref->usr_name);
+ SNMP_FREE(ref->usr_engine_id);
+ SNMP_FREE(ref->usr_auth_protocol);
+ SNMP_FREE(ref->usr_priv_protocol);
+ if (ref->usr_auth_key_length && ref->usr_auth_key) {
+ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
+ SNMP_FREE(ref->usr_auth_key);
+ }
+ if (ref->usr_priv_key_length && ref->usr_priv_key) {
+ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
+ SNMP_FREE(ref->usr_priv_key);
}
+ SNMP_FREE(ref);
} /* end usm_free_usmStateReference() */
struct usmUser *
@@ -3316,6 +3337,7 @@ init_usm(void)
def->encode_reverse = usm_secmod_rgenerate_out_msg;
def->encode_forward = usm_secmod_generate_out_msg;
def->decode = usm_secmod_process_in_msg;
+ def->pdu_clone = usm_clone;
def->pdu_free_state_ref = usm_free_usmStateReference;
def->session_setup = usm_session_init;
def->handle_report = usm_handle_report;

84
SOURCES/net-snmp-5.8-sec-memory-leak.patch
View File

@ -1,84 +0,0 @@
diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
--- a/agent/snmp_agent.c 2020-06-11 10:20:31.646339191 +0200
+++ b/agent/snmp_agent.c 2020-06-11 10:23:41.178056889 +0200
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
- /* Clean up securityStateRef here to prevent a double free */
- if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
- snmp_free_securityStateRef(asp->orig_pdu);
- if (asp->pdu && asp->pdu->securityStateRef)
- snmp_free_securityStateRef(asp->pdu);
-
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
--- a/include/net-snmp/pdu_api.h 2020-06-11 10:20:31.631339058 +0200
+++ b/include/net-snmp/pdu_api.h 2020-06-11 10:24:17.261390028 +0200
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
-NETSNMP_IMPORT
-void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-06-11 10:20:31.695339627 +0200
+++ b/snmplib/snmp_api.c 2020-06-11 10:33:55.510891945 +0200
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
-/*
- * This function is here to provide a separate call to
- * free the securityStateRef memory. This is needed to prevent
- * a double free if this memory is freed in snmp_free_pdu.
- */
-void
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
-{
- free_securityStateRef(pdu);
-}
-
#define ERROR_STAT_LENGTH 11
int
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
if (!pdu)
return;
+ free_securityStateRef(pdu);
+
/*
* If the command field is empty, that probably indicates
* that this PDU structure has already been freed.
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
}
if (ret != SNMP_ERR_NOERROR) {
- /*
- * Call the security model to free any securityStateRef supplied w/ msg.
- */
- if (pdu->securityStateRef != NULL) {
- free_securityStateRef(pdu);
- }
snmp_free_pdu(pdu);
return NULL;
}
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
}
}
- /*
- * Call USM to free any securityStateRef supplied with the message.
- */
- if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
- free_securityStateRef(pdu);
-
if (!handled) {
if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
return -2;

12
SOURCES/net-snmp-5.8-sendmsg-error-code.patch
View File

@ -1,12 +0,0 @@
diff -urNp a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
--- a/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:20:56.776099134 +0200
+++ b/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:23:18.921323874 +0200
@@ -293,7 +293,7 @@ int netsnmp_udpbase_sendto(int fd, const
}
rc = sendmsg(fd, &m, MSG_NOSIGNAL|MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

30
SOURCES/net-snmp-5.8-test-debug.patch
View File

@ -1,30 +0,0 @@
Don't check tests which depend on DNS - it's disabled in Koji
diff -urNp a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
--- a/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:52:56.081185545 +0200
+++ b/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:54:18.843968880 +0200
@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
CHECKAGENT '<"c408a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then
CHECKAGENT 'line 32: Error:'
diff -urNp a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
--- a/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:52:56.080185548 +0200
+++ b/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:55:17.779818732 +0200
@@ -132,6 +132,10 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
# 608
CHECKAGENT '<"c608a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then

21
SOURCES/net-snmp-5.8-trapsink.patch
View File

@ -1,21 +0,0 @@
diff -urNp old/snmplib/transports/snmpUDPIPv4BaseDomain.c new/snmplib/transports/snmpUDPIPv4BaseDomain.c
--- old/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:40:48.663969034 +0200
+++ new/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:42:05.293723487 +0200
@@ -317,7 +317,7 @@ netsnmp_udpipv4base_tspec_transport(nets
if (NULL != tspec->source) {
struct sockaddr_in src_addr, *srcp = &src_addr;
/** get sockaddr from source */
- if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, NULL))
+ if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, ":0"))
return NULL;
return netsnmp_udpipv4base_transport_with_source(&addr, local, srcp);
} else {
@@ -364,7 +364,7 @@ netsnmp_udpipv4base_transport(const stru
strcat(client_address, ":0");
have_port = 1;
}
- rc = netsnmp_sockaddr_in2(&client_addr, client_socket, NULL);
+ rc = netsnmp_sockaddr_in2(&client_addr, client_socket, ":0");
if (client_address != client_socket)
free(client_address);
if(rc) {

11
SOURCES/net-snmp-5.8-usage-exit.patch
View File

@ -1,11 +0,0 @@
diff -urNp a/agent/snmpd.c b/agent/snmpd.c
--- a/agent/snmpd.c 2018-10-04 10:34:10.939728847 +0200
+++ b/agent/snmpd.c 2018-10-04 10:34:43.910625603 +0200
@@ -325,6 +325,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

13
SOURCES/net-snmp-5.8-util-fix.patch
View File

@ -1,13 +0,0 @@
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-12-09 08:45:23.217942229 +0100
+++ b/snmplib/cert_util.c 2021-12-09 08:46:56.567562352 +0100
@@ -1368,8 +1368,7 @@ _add_certfile(const char* dirname, const
okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
if (NULL == okey)
- snmp_log(LOG_ERR, "error parsing key file %s\n",
- key->info.filename);
+ snmp_log(LOG_ERR, "error parsing key file %s\n", filename);
else {
key = _add_key(okey, dirname, filename, index);
if (NULL == key) {

357
SOURCES/net-snmp-5.8-v3-forward.patch
View File

@ -1,357 +0,0 @@
diff -urNp c/agent/snmp_agent.c d/agent/snmp_agent.c
--- c/agent/snmp_agent.c 2019-09-18 08:44:53.833601845 +0200
+++ d/agent/snmp_agent.c 2019-09-18 08:46:38.176595597 +0200
@@ -1604,6 +1604,13 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
+
+ /* Clean up securityStateRef here to prevent a double free */
+ if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->orig_pdu);
+ if (asp->pdu && asp->pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->pdu);
+
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp c/include/net-snmp/pdu_api.h d/include/net-snmp/pdu_api.h
--- c/include/net-snmp/pdu_api.h 2019-09-18 08:44:53.822601740 +0200
+++ d/include/net-snmp/pdu_api.h 2019-09-18 08:47:03.620838212 +0200
@@ -19,6 +19,8 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
+NETSNMP_IMPORT
+void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp c/snmplib/snmp_api.c d/snmplib/snmp_api.c
--- c/snmplib/snmp_api.c 2019-09-18 08:44:53.807601597 +0200
+++ d/snmplib/snmp_api.c 2019-09-18 08:53:19.937435576 +0200
@@ -4012,7 +4012,12 @@ snmpv3_parse(netsnmp_pdu *pdu,
static void
free_securityStateRef(netsnmp_pdu* pdu)
{
- struct snmp_secmod_def *sptr = find_sec_mod(pdu->securityModel);
+ struct snmp_secmod_def *sptr;
+
+ if(!pdu->securityStateRef)
+ return;
+
+ sptr = find_sec_mod(pdu->securityModel);
if (sptr) {
if (sptr->pdu_free_state_ref) {
(*sptr->pdu_free_state_ref) (pdu->securityStateRef);
@@ -4029,6 +4034,17 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
+/*
+ * This function is here to provide a separate call to
+ * free the securityStateRef memory. This is needed to prevent
+ * a double free if this memory is freed in snmp_free_pdu.
+ */
+void
+snmp_free_securityStateRef(netsnmp_pdu* pdu)
+{
+ free_securityStateRef(pdu);
+}
+
#define ERROR_STAT_LENGTH 11
int
diff -urNp c/snmplib/snmpusm.c d/snmplib/snmpusm.c
--- c/snmplib/snmpusm.c 2019-09-18 08:44:53.802601550 +0200
+++ d/snmplib/snmpusm.c 2019-09-18 08:57:35.696872662 +0200
@@ -299,16 +299,20 @@ usm_free_usmStateReference(void *old)
if (old_ref) {
- SNMP_FREE(old_ref->usr_name);
- SNMP_FREE(old_ref->usr_engine_id);
- SNMP_FREE(old_ref->usr_auth_protocol);
- SNMP_FREE(old_ref->usr_priv_protocol);
+ if (old_ref->usr_name_length)
+ SNMP_FREE(old_ref->usr_name);
+ if (old_ref->usr_engine_id_length)
+ SNMP_FREE(old_ref->usr_engine_id);
+ if (old_ref->usr_auth_protocol_length)
+ SNMP_FREE(old_ref->usr_auth_protocol);
+ if (old_ref->usr_priv_protocol_length)
+ SNMP_FREE(old_ref->usr_priv_protocol);
- if (old_ref->usr_auth_key) {
+ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
SNMP_FREE(old_ref->usr_auth_key);
}
- if (old_ref->usr_priv_key) {
+ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
SNMP_FREE(old_ref->usr_priv_key);
}
@@ -1039,7 +1043,6 @@ usm_generate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1091,7 +1094,6 @@ usm_generate_out_msg(int msgProcModel,
thePrivProtocolLength) == 1) {
DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1121,7 +1123,6 @@ usm_generate_out_msg(int msgProcModel,
&msgAuthParmLen, &msgPrivParmLen, &otstlen,
&seq_len, &msgSecParmLen) == -1) {
DEBUGMSGTL(("usm", "Failed calculating offsets.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1143,7 +1144,6 @@ usm_generate_out_msg(int msgProcModel,
ptr = *wholeMsg = globalData;
if (theTotalLength > *wholeMsgLen) {
DEBUGMSGTL(("usm", "Message won't fit in buffer.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1169,7 +1169,6 @@ usm_generate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
&ptr[privParamsOffset]) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1185,7 +1184,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[privParamsOffset])
== -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1198,7 +1196,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[dataOffset], &encrypted_length)
!= SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
#ifdef NETSNMP_ENABLE_TESTING_CODE
@@ -1226,7 +1223,6 @@ usm_generate_out_msg(int msgProcModel,
if ((encrypted_length != (theTotalLength - dataOffset))
|| (salt_length != msgPrivParmLen)) {
DEBUGMSGTL(("usm", "encryption length error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1362,7 +1358,6 @@ usm_generate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1376,7 +1371,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1384,7 +1378,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1398,7 +1391,6 @@ usm_generate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
@@ -1548,7 +1540,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1601,7 +1592,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1636,7 +1626,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm",
"couldn't malloc %d bytes for encrypted PDU\n",
(int)ciphertextlen));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_MALLOC;
}
@@ -1652,7 +1641,6 @@ usm_rgenerate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
iv) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1667,7 +1655,6 @@ usm_rgenerate_out_msg(int msgProcModel,
thePrivKeyLength - 8,
iv) == -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1686,7 +1673,6 @@ usm_rgenerate_out_msg(int msgProcModel,
scopedPdu, scopedPduLen,
ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1703,7 +1689,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ciphertext, ciphertextlen);
if (rc == 0) {
DEBUGMSGTL(("usm", "Encryption failed.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1743,7 +1728,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building privParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1766,7 +1750,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1789,7 +1772,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1805,7 +1787,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineTime failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1821,7 +1802,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineBoots failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1833,7 +1813,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1846,7 +1825,6 @@ usm_rgenerate_out_msg(int msgProcModel,
*offset - sp_offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building usm security parameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1860,7 +1838,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1870,7 +1847,6 @@ usm_rgenerate_out_msg(int msgProcModel,
while ((*wholeMsgLen - *offset) < globalDataLen) {
if (!asn_realloc(wholeMsg, wholeMsgLen)) {
DEBUGMSGTL(("usm", "building global data failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
}
@@ -1886,7 +1862,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ASN_CONSTRUCTOR), *offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building master packet sequence failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1904,7 +1879,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1915,14 +1889,12 @@ usm_rgenerate_out_msg(int msgProcModel,
!= SNMP_ERR_NOERROR) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
if (temp_sig_len != msgAuthParmLen) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1933,7 +1905,6 @@ usm_rgenerate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
return SNMPERR_SUCCESS;
} /* end usm_rgenerate_out_msg() */

7
gating.yaml Normal file
View File

@ -0,0 +1,7 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

0
SOURCES/net-snmp-5.7.2-cert-path.patch → net-snmp-5.7.2-cert-path.patch
View File

0
SOURCES/net-snmp-5.7.3-iterator-fix.patch → net-snmp-5.7.3-iterator-fix.patch
View File

0
SOURCES/net-snmp-5.8-Remove-U64-typedef.patch → net-snmp-5.8-Remove-U64-typedef.patch
View File

4
SOURCES/net-snmp-5.8-clientaddr-error-message.patch → net-snmp-5.8-clientaddr-error-message.patch
View File

@ -30,6 +30,6 @@ diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snm
errno, strerror(errno)));
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
+ strerror(errno)));
netsnmp_socketbase_close(t);
return 1;
goto err;
}

0
SOURCES/net-snmp-5.8-duplicate-ipAddress.patch → net-snmp-5.8-duplicate-ipAddress.patch
View File

0
SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch → net-snmp-5.8-expand-SNMPCONFPATH.patch
View File

0
SOURCES/net-snmp-5.8-ipAddress-faster-load.patch → net-snmp-5.8-ipAddress-faster-load.patch
View File

0
SOURCES/net-snmp-5.8-man-page.patch → net-snmp-5.8-man-page.patch
View File

0
SOURCES/net-snmp-5.8-modern-rpm-api.patch → net-snmp-5.8-modern-rpm-api.patch
View File

0
SOURCES/net-snmp-5.8-rpm-memory-leak.patch → net-snmp-5.8-rpm-memory-leak.patch
View File

163
net-snmp-5.9-CVE-2022-24805-24810.patch Normal file
View File

@ -0,0 +1,163 @@
From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Tue, 24 Aug 2021 07:55:00 -0700
Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
When a SET request includes a mix of delegated and
non-delegated requests (e.g., objects handled by master
agent and agentx sub-agent), the status can get lost while
waiting for the reply from the sub-agent. Recover the status
into the session from the requests even if it has already
been processed.
---
agent/snmp_agent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 84fbb42b47..095ee70985 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp,
if (requests->status != SNMP_ERR_NOERROR &&
(!look_for_specific || requests->status == look_for_specific)
&& (look_for_specific || asp->index == 0
- || requests->index < asp->index)) {
+ || requests->index <= asp->index)) {
asp->index = requests->index;
asp->status = requests->status;
}
From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Wed, 30 Jun 2021 14:00:28 -0700
Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB,
NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
---
agent/mibgroup/agent/nsLogging.c | 6 ++++++
agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++--
agent/mibgroup/mibII/vacm_vars.c | 3 +++
agent/mibgroup/snmpv3/usmUser.c | 2 --
4 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c
index 9abdeb5bb7..7f4290490a 100644
--- a/agent/mibgroup/agent/nsLogging.c
+++ b/agent/mibgroup/agent/nsLogging.c
@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
}
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c
index cc61fce7e6..6c43210074 100644
--- a/agent/mibgroup/agent/nsVacmAccessTable.c
+++ b/agent/mibgroup/agent/nsVacmAccessTable.c
@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
ret = SNMP_ERR_NOERROR;
switch (table_info->colnum) {
@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
* Extract the authType token from the list of indexes
*/
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
idx = idx->next_variable; model = *idx->val.integer;
idx = idx->next_variable; level = *idx->val.integer;
entry = vacm_createAccessEntry( gName, cPrefix, model, level );
- entry->storageType = ST_NONVOLATILE;
- netsnmp_insert_iterator_context(request, (void*)entry);
+ if (entry) {
+ entry->storageType = ST_NONVOLATILE;
+ netsnmp_insert_iterator_context(request, (void*)entry);
+ }
}
}
}
@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c
index 469a1eba59..62c9a3d051 100644
--- a/agent/mibgroup/mibII/vacm_vars.c
+++ b/agent/mibgroup/mibII/vacm_vars.c
@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen,
return 1;
}
groupNameL = oidIndex[0];
+ if ((groupNameL + 1) > (int) oidLen) {
+ return 1;
+ }
contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */
if ((int) oidLen != groupNameL + contextPrefixL + 4) {
return 1;
diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c
index 0f52aaba49..0edea53cfb 100644
--- a/agent/mibgroup/snmpv3/usmUser.c
+++ b/agent/mibgroup/snmpv3/usmUser.c
@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action,
if (usmStatusCheck(uptr)) {
uptr->userStatus = RS_ACTIVE;
} else {
- SNMP_FREE(engineID);
- SNMP_FREE(newName);
return SNMP_ERR_INCONSISTENTVALUE;
}
} else if (long_ret == RS_CREATEANDWAIT) {

0
SOURCES/net-snmp-5.8-CVE-2022-44792-44793.patch → net-snmp-5.9-CVE-2022-44792-44793.patch
View File

2
SOURCES/net-snmp-5.8-digest-from-ECC.patch → net-snmp-5.9-ECC-cert.patch
View File

@ -13,7 +13,7 @@ patch adds detection for ECC certificates.
1 file changed, 50 insertions(+), 10 deletions(-)
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index c092a007af..432cb5c27c 100644
index c092a007a..432cb5c27 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)

18
net-snmp-5.9-aes-config.patch Normal file
View File

@ -0,0 +1,18 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index ac3c60f..177c00f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -57,11 +57,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift
;;

46
net-snmp-5.9-autofs-skip.patch Normal file
View File

@ -0,0 +1,46 @@
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
index 4f78df3..fd25b3f 100644
--- a/agent/mibgroup/host/hr_filesys.c
+++ b/agent/mibgroup/host/hr_filesys.c
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
"shm",
"sockfs",
"sysfs",
+ "tmpfs",
"usbdevfs",
"usbfs",
#endif
diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c
index 6b459ec..f7a376b 100644
--- a/agent/mibgroup/host/hr_storage.c
+++ b/agent/mibgroup/host/hr_storage.c
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (Check_HR_FileSys_AutoFs())
return NULL;
diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c
index 8967d35..9bf2659 100644
--- a/agent/mibgroup/host/hrh_storage.c
+++ b/agent/mibgroup/host/hrh_storage.c
@@ -366,9 +366,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (HRFS_entry && Check_HR_FileSys_AutoFs())
return NULL;

36
net-snmp-5.9-cflags.patch Normal file
View File

@ -0,0 +1,36 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200
@@ -1,3 +1,4 @@
+use lib '.';
use strict;
use warnings;
use ExtUtils::MakeMaker;
diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
--- a/perl/MakefileSubs.pm 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/MakefileSubs.pm 2020-08-26 08:36:44.097218448 +0200
@@ -116,7 +116,7 @@ sub AddCommonParams {
append($Params->{'CCFLAGS'}, $cflags);
append($Params->{'CCFLAGS'}, $Config{'ccflags'});
# Suppress known Perl header shortcomings.
- $Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
+ $Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
append($Params->{'CCFLAGS'}, '-Wformat');
}
}

22
net-snmp-5.9-coverity.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
index e9a8831..5a1d8e7 100644
--- a/agent/mibgroup/disman/event/mteTrigger.c
+++ b/agent/mibgroup/disman/event/mteTrigger.c
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;

24
net-snmp-5.9-dir-fix.patch Normal file
View File

@ -0,0 +1,24 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index b0c71d9..ac3c60f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -14,6 +14,10 @@ Xalgorithm="DES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
+case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+esac
unset shifted
case $1 in
@@ -136,7 +140,7 @@ fi
echo "$line" >> "$outfile"
# Avoid that configure complains that this script ignores @datarootdir@
echo "@datarootdir@" >/dev/null
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " $line"

45
SOURCES/net-snmp-5.8-dskTable-dynamic.patch → net-snmp-5.9-dskTable-dynamic.patch
View File

@ -1,7 +1,8 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:29:35.867328760 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:44:13.053535421 +0200
@@ -153,9 +153,10 @@ static void disk_free_config(void)
diff --git a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
index 7c756ff..ff22019 100644
--- a/agent/mibgroup/ucd-snmp/disk.c
+++ b/agent/mibgroup/ucd-snmp/disk.c
@@ -153,9 +153,10 @@ static void disk_free_config(void);
static void disk_parse_config(const char *, char *);
static void disk_parse_config_all(const char *, char *);
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
@ -46,7 +47,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
}
static void
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, char *cptr)
* check if the disk already exists, if so then modify its
* parameters. if it does not exist then add it
*/
@ -55,7 +56,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
}
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token, char *cptr)
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
static void
@ -64,7 +65,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
{
int index;
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
}
index = disk_exists(path);
@ -84,7 +85,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
/* add if and only if the device was found */
if(device[0] != 0) {
/* The following buffers are cleared above, no need to add '\0' */
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
disks[numdisks].minimumspace = minspace;
disks[numdisks].minpercent = minpercent;
@ -92,7 +93,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
numdisks++;
}
else {
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
disks[numdisks].minpercent = -1;
disks[numdisks].path[0] = 0;
disks[numdisks].device[0] = 0;
@ -127,7 +128,14 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
dummy = 1;
}
fclose(mntfp);
@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent)
@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1,
- minpercent, 0);
+ minpercent, addNewDisks 0);
}
}
#elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) {
@ -136,16 +144,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
dummy = 1;
}
endfsent(); /* close /etc/fstab */
@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) {
- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0);
+ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0);
}
}
}
@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent)
@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/"
*/
if (statfs("/", &statf) == 0) {
@ -154,7 +153,7 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
}
#endif
else {
@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_e
@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry)
#endif
#endif
@ -165,9 +164,9 @@ diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -826,6 +843,13 @@ var_extensible_disk(struct variable *vp,
static long long_ret;
@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp,
static char *errmsg;
static char empty_str[1];
+ int i;
+ for (i = 0; i < numdisks; i++){

230
SOURCES/net-snmp-5.8-intermediate-certs.patch → net-snmp-5.9-intermediate-certs.patch
View File

@ -1,6 +1,7 @@
diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
--- a/include/net-snmp/library/cert_util.h 2021-06-09 10:55:22.767954797 +0200
+++ b/include/net-snmp/library/cert_util.h 2021-06-09 10:56:36.725272293 +0200
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
index 80e2a19..143adbb 100644
--- a/include/net-snmp/library/cert_util.h
+++ b/include/net-snmp/library/cert_util.h
@@ -55,7 +55,8 @@ extern "C" {
char *common_name;
@ -19,9 +20,10 @@ diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cer
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
--- a/include/net-snmp/library/dir_utils.h 2021-06-09 10:55:22.767954797 +0200
+++ b/include/net-snmp/library/dir_utils.h 2021-06-09 10:56:36.726272298 +0200
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
index 471bb0b..6c5a23f 100644
--- a/include/net-snmp/library/dir_utils.h
+++ b/include/net-snmp/library/dir_utils.h
@@ -53,6 +53,8 @@ extern "C" {
#define NETSNMP_DIR_NSFILE 0x0010
/** load stats in netsnmp_file */
@ -31,10 +33,11 @@ diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-06-09 10:55:22.785954874 +0200
+++ b/snmplib/cert_util.c 2021-06-09 11:02:43.890848394 +0200
@@ -104,7 +104,7 @@ netsnmp_feature_child_of(tls_fingerprint
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
index e7b7114..bee0b5f 100644
--- a/snmplib/cert_util.c
+++ b/snmplib/cert_util.c
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
* bump this value whenever cert index format changes, so indexes
* will be regenerated with new format.
*/
@ -43,7 +46,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_container *_certs = NULL;
static netsnmp_container *_keys = NULL;
@@ -130,6 +130,8 @@ static int _cert_fn_ncompare(netsnmp_ce
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
netsnmp_cert_common *rhs);
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
@ -52,7 +55,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
const char *directory);
static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
@@ -349,6 +351,8 @@ _get_cert_container(const char *use)
@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
{
netsnmp_container *c;
@ -61,7 +64,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
c = netsnmp_container_find("certs:binary_array");
if (NULL == c) {
snmp_log(LOG_ERR, "could not create container for %s\n", use);
@@ -358,6 +362,8 @@ _get_cert_container(const char *use)
@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
c->free_item = (netsnmp_container_obj_func*)_cert_free;
c->compare = (netsnmp_container_compare*)_cert_compare;
@ -70,7 +73,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return c;
}
@@ -366,6 +372,8 @@ _setup_containers(void)
@@ -362,6 +368,8 @@ _setup_containers(void)
{
netsnmp_container *additional_keys;
@ -79,7 +82,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
_certs = _get_cert_container("netsnmp certificates");
if (NULL == _certs)
return;
@@ -380,6 +388,7 @@ _setup_containers(void)
@@ -376,6 +384,7 @@ _setup_containers(void)
additional_keys->container_name = strdup("certs_cn");
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
@ -87,7 +90,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: subject name */
@@ -393,6 +402,7 @@ _setup_containers(void)
@@ -389,6 +398,7 @@ _setup_containers(void)
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
@ -95,7 +98,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: file name */
@@ -406,6 +416,7 @@ _setup_containers(void)
@@ -402,6 +412,7 @@ _setup_containers(void)
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
@ -103,7 +106,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_container_add_index(_certs, additional_keys);
_keys = netsnmp_container_find("cert_keys:binary_array");
@@ -428,9 +439,9 @@ netsnmp_cert_map_container(void)
@@ -424,9 +435,9 @@ netsnmp_cert_map_container(void)
}
static netsnmp_cert *
@ -116,7 +119,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
{
netsnmp_cert *cert;
@@ -450,8 +461,10 @@ _new_cert(const char *dirname, const cha
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
cert->info.dir = strdup(dirname);
cert->info.filename = strdup(filename);
@ -128,7 +131,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (fingerprint) {
cert->hash_type = hashType;
cert->fingerprint = strdup(fingerprint);
@@ -888,14 +901,86 @@ _certindex_new( const char *dirname )
@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
* certificate utility functions
*
*/
@ -217,7 +220,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == cert)
return NULL;
@@ -912,51 +997,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
}
}
@ -226,18 +229,18 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
- certbio = BIO_new(BIO_s_file());
- if (NULL == certbio) {
- snmp_log(LOG_ERR, "error creating BIO\n");
- return NULL;
- }
-
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
+ if (!certbio) {
return NULL;
}
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
- return NULL;
- }
-
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
- char *pos = strrchr(cert->info.filename, '.');
- if (NULL == pos)
@ -277,7 +280,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL != okey) {
netsnmp_key *key;
DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
@@ -983,7 +1050,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
break;
#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
case NS_CERT_TYPE_PKCS12:
@ -286,7 +289,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
PKCS12_verify_mac(p12, NULL, 0)))
@@ -1003,46 +1070,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
return NULL;
}
@ -334,7 +337,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return ocert;
}
@@ -1052,7 +1080,6 @@ netsnmp_okey_get(netsnmp_key *key)
@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key)
{
BIO *keybio;
EVP_PKEY *okey;
@ -342,7 +345,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == key)
return NULL;
@@ -1060,19 +1087,8 @@ netsnmp_okey_get(netsnmp_key *key)
@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key)
if (key->okey)
return key->okey;
@ -364,7 +367,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return NULL;
}
@@ -1158,7 +1174,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
cert->issuer_cert = _find_issuer(cert);
if (NULL == cert->issuer_cert) {
DEBUGMSGT(("cert:load:warn",
@ -373,7 +376,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1167,7 +1183,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
/** get issuer ocert */
if ((NULL == cert->issuer_cert->ocert) &&
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
@ -382,7 +385,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1188,7 +1204,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
}
@ -391,7 +394,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (key->cert) {
DEBUGMSGT(("cert:partner", "key already has partner\n"));
return;
@@ -1201,7 +1217,8 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
*pos = 0;
@ -401,7 +404,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return;
if (1 == matching->size) {
@@ -1221,7 +1238,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
key->info.filename));
}
@ -410,7 +413,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (cert->key) {
DEBUGMSGT(("cert:partner", "cert already has partner\n"));
return;
@@ -1259,76 +1276,189 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
}
}
@ -653,7 +656,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
}
return 0;
@@ -1342,8 +1472,10 @@ _cert_read_index(const char *dirname, st
@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
struct stat idx_stat;
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
@ -666,9 +669,9 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
netsnmp_cert *cert;
netsnmp_key *key;
netsnmp_container *newer, *found;
@@ -1386,7 +1518,8 @@ _cert_read_index(const char *dirname, st
(netsnmp_directory_filter*)
_time_filter,(void*)&idx_stat,
@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
netsnmp_directory_container_read_some(NULL, dirname,
_time_filter, &idx_stat,
NETSNMP_DIR_NSFILE |
- NETSNMP_DIR_NSFILE_STATS);
+ NETSNMP_DIR_NSFILE_STATS |
@ -676,7 +679,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (newer) {
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
CONTAINER_FREE_ALL(newer, NULL);
@@ -1430,6 +1563,8 @@ _cert_read_index(const char *dirname, st
@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
pos = &tmpstr[2];
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
@ -685,23 +688,23 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
(NULL == (pos=copy_nword(pos, fingerprint,
sizeof(fingerprint)))) ||
@@ -1442,9 +1577,11 @@ _cert_read_index(const char *dirname, st
@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
break;
}
type = atoi(type_str);
+ offset = atoi(offset_str);
+ allowed_uses = atoi(allowed_uses_str);
hash = atoi(hash_str);
- cert = (void*)_new_cert(dirname, filename, type, hash, fingerprint,
- common_name, subject);
- cert = _new_cert(dirname, filename, type, hash, fingerprint,
- common_name, subject);
+ cert = _new_cert(dirname, filename, type, offset, allowed_uses, hash,
+ fingerprint, common_name, subject);
if (cert && 0 == CONTAINER_INSERT(found, cert))
++count;
else {
@@ -1549,7 +1686,8 @@ _add_certdir(const char *dirname)
(netsnmp_directory_filter*)
&_cert_cert_filter, NULL,
@@ -1543,7 +1680,8 @@ _add_certdir(const char *dirname)
netsnmp_directory_container_read_some(NULL, dirname,
_cert_cert_filter, NULL,
NETSNMP_DIR_RELATIVE_PATH |
- NETSNMP_DIR_EMPTY_OK );
+ NETSNMP_DIR_EMPTY_OK |
@ -709,7 +712,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == cert_container) {
DEBUGMSGT(("cert:index:dir",
"error creating container for cert files\n"));
@@ -1637,7 +1775,7 @@ _cert_print(netsnmp_cert *c, void *conte
@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *context)
if (NULL == c)
return;
@ -718,7 +721,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
c->info.type, c->info.allowed_uses,
_mode_str(c->info.allowed_uses)));
@@ -1841,7 +1979,8 @@ netsnmp_cert_find(int what, int where, v
@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, void *hint)
netsnmp_void_array *matching;
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
@ -728,7 +731,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return NULL;
if (1 == matching->size)
@@ -1887,6 +2026,32 @@ netsnmp_cert_find(int what, int where, v
@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, void *hint)
return result;
}
@ -761,7 +764,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
#ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS
int
netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var)
@@ -2284,6 +2449,124 @@ _reduce_subset_dir(netsnmp_void_array *m
@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
}
}
@ -886,10 +889,25 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_void_array *
_cert_find_subset_common(const char *filename, netsnmp_container *container)
{
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-06-09 10:55:22.791954900 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-06-09 10:56:36.727272302 +0200
@@ -59,7 +59,7 @@ int openssl_local_index;
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
index c2dd989..e7145e4 100644
--- a/snmplib/dir_utils.c
+++ b/snmplib/dir_utils.c
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
/** default to unsorted */
if (! (flags & NETSNMP_DIR_SORTED))
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
+ /** default to duplicates not allowed */
+ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
}
dir = opendir(dirname);
diff --git a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
index a3a85bc..b9baeae 100644
--- a/snmplib/transports/snmpTLSBaseDomain.c
+++ b/snmplib/transports/snmpTLSBaseDomain.c
@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(const char **file, int *line,
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@ -898,7 +916,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
X509 *thecert;
netsnmp_cert *cert;
_netsnmp_verify_info *verify_info;
@@ -71,10 +71,12 @@ int verify_callback(int ok, X509_STORE_C
@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
/* things to do: */
@ -914,7 +932,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
fingerprint : "unknown"));
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -109,7 +111,7 @@ int verify_callback(int ok, X509_STORE_C
@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
} else {
DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n"));
/* log where we are and why called */
@ -923,7 +941,7 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
SNMP_FREE(fingerprint);
return 0;
}
@@ -425,23 +427,50 @@ netsnmp_tlsbase_extract_security_name(SS
@@ -434,21 +436,48 @@ netsnmp_tlsbase_extract_security_name(SSL *ssl, _netsnmpTLSBaseData *tlsdata) {
int
_trust_this_cert(SSL_CTX *the_ctx, char *certspec) {
netsnmp_cert *trustcert;
@ -972,95 +990,5 @@ diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLS
-
+
/* Add the certificate to the context */
- if (netsnmp_cert_trust_ca(the_ctx, trustcert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
LOGANDDIE("failed to load trust certificate");
return 1;
@@ -481,7 +510,7 @@ _sslctx_common_setup(SSL_CTX *the_ctx, _
NETSNMP_DS_LIB_X509_CRL_FILE);
if (NULL != crlFile) {
cert_store = SSL_CTX_get_cert_store(the_ctx);
- DEBUGMSGTL(("sslctx_client", "loading CRL: %s\n", crlFile));
+ DEBUGMSGTL(("sslctx_common", "loading CRL: %s\n", crlFile));
if (!cert_store)
LOGANDDIE("failed to find certificate store");
if (!(lookup = X509_STORE_add_lookup(cert_store, X509_LOOKUP_file())))
@@ -546,13 +575,19 @@ sslctx_client_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the client certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the client private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("client public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate client certificate");
+ }
if (tlsbase->their_identity)
peer_cert = netsnmp_cert_find(NS_CERT_REMOTE_PEER,
@@ -566,11 +601,11 @@ sslctx_client_setup(const SSL_METHOD *me
peer_cert ? peer_cert->info.filename : "none"));
/* Trust the expected certificate */
- if (netsnmp_cert_trust_ca(the_ctx, peer_cert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, peer_cert) != SNMPERR_SUCCESS)
LOGANDDIE ("failed to set verify paths");
}
- /* trust a certificate (possibly a CA) aspecifically passed in */
+ /* trust a certificate (possibly a CA) specifically passed in */
if (tlsbase->trust_cert) {
if (!_trust_this_cert(the_ctx, tlsbase->trust_cert))
return 0;
@@ -589,7 +624,7 @@ sslctx_server_setup(const SSL_METHOD *me
/* setting up for ssl */
SSL_CTX *the_ctx = SSL_CTX_new(NETSNMP_REMOVE_CONST(SSL_METHOD *, method));
if (!the_ctx) {
- LOGANDDIE("can't create a new context");
+ LOGANDDIE("can't create a new server context");
}
id_cert = netsnmp_cert_find(NS_CERT_IDENTITY, NS_CERTKEY_DEFAULT, NULL);
@@ -597,7 +632,7 @@ sslctx_server_setup(const SSL_METHOD *me
LOGANDDIE ("error finding server identity keys");
if (!id_cert->key || !id_cert->key->okey)
- LOGANDDIE("failed to load private key");
+ LOGANDDIE("failed to load server private key");
DEBUGMSGTL(("sslctx_server", "using public key: %s\n",
id_cert->info.filename));
@@ -605,13 +640,19 @@ sslctx_server_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the server certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the server private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("server public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate server certificate");
+ }
SSL_CTX_set_read_ahead(the_ctx, 1); /* XXX: DTLS only? */

12
net-snmp-5.9-ipv6-disable-leak.patch Normal file
View File

@ -0,0 +1,12 @@
diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100
+++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100
@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

11
SOURCES/net-snmp-5.8-libnetsnmptrapd-against-MYSQL_LIBS.patch → net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch
View File

@ -1,11 +1,12 @@
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
--- a/apps/Makefile.in 2018-07-18 15:39:28.069251000 +0200
+++ b/apps/Makefile.in 2018-07-18 15:54:52.261943123 +0200
@@ -230,7 +230,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX
diff --git a/apps/Makefile.in b/apps/Makefile.in
index d4529d3..175242b 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS)
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
$(RANLIB) $@

28
net-snmp-5.9-memory-reporting.patch Normal file
View File

@ -0,0 +1,28 @@
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86c..68b55d2 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
}
- b = strstr(buff, "SReclaimable: ");
- if (b)
- sscanf(b, "SReclaimable: %lu", &sreclaimable);
first = 0;

48
net-snmp-5.9-message-severity.patch Normal file
View File

@ -0,0 +1,48 @@
From 7330e3e3e08d9baff23332e764f9a53561939fff Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 2 Sep 2021 21:06:54 -0700
Subject: [PATCH] libsnmp: Log "Truncating integer value >32 bits" once
Log this message once instead of every time sysUpTime and/or
hrSystemUptime are accessed after snmpd is running for more than 497 days.
Fixes: https://github.com/net-snmp/net-snmp/issues/144
---
snmplib/snmp_client.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/snmplib/snmp_client.c b/snmplib/snmp_client.c
index 0f539c63fe..b00670d973 100644
--- a/snmplib/snmp_client.c
+++ b/snmplib/snmp_client.c
@@ -853,7 +853,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const u_long *) value;
*(vars->val.integer) = *val_ulong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -865,7 +866,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const unsigned long long *) value;
*(vars->val.integer) = (long) *val_ullong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -877,7 +879,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const uintmax_t *) value;
*(vars->val.integer) = (long) *val_uintmax_t;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}

27
SOURCES/net-snmp-5.8-multilib.patch → net-snmp-5.9-multilib.patch
View File

@ -1,6 +1,7 @@
diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
--- a/man/netsnmp_config_api.3.def 2018-07-18 11:18:06.196792766 +0200
+++ b/man/netsnmp_config_api.3.def 2018-07-18 11:20:04.631679886 +0200
diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
index 90b20d9..bd5abe1 100644
--- a/man/netsnmp_config_api.3.def
+++ b/man/netsnmp_config_api.3.def
@@ -295,7 +295,7 @@ for one particular machine.
.PP
The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
@ -10,7 +11,7 @@ diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
followed by \fC $HOME/.snmp\fP.
This list can be changed by setting the environmental variable
.I SNMPCONFPATH
@@ -367,7 +367,7 @@ A colon separated list of directories to
@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration
files in.
Default:
.br
@ -19,10 +20,11 @@ diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
.SH "SEE ALSO"
netsnmp_mib_api(3), snmp_api(3)
.\" Local Variables:
diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def
--- a/man/snmp_config.5.def 2018-07-18 11:18:06.194792767 +0200
+++ b/man/snmp_config.5.def 2018-07-18 11:20:56.423626117 +0200
@@ -10,7 +10,7 @@ First off, there are numerous places tha
diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def
index fd30873..c3437d6 100644
--- a/man/snmp_config.5.def
+++ b/man/snmp_config.5.def
@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
found and read from. By default, the applications look for
configuration files in the following 4 directories, in order:
SYSCONFDIR/snmp,
@ -31,10 +33,11 @@ diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def
directories, it looks for files snmp.conf, snmpd.conf and/or
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
and/or snmptrapd.local.conf. *.local.conf are always
diff -urNp a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
--- a/man/snmpd.conf.5.def 2018-07-18 11:18:06.196792766 +0200
+++ b/man/snmpd.conf.5.def 2018-07-18 11:21:44.263574388 +0200
@@ -1559,7 +1559,7 @@ filename), and call the initialisation r
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
index 7ce8a46..a4000f9 100644
--- a/man/snmpd.conf.5.def
+++ b/man/snmpd.conf.5.def
@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
.RS
.IP "Note:"
If the specified PATH is not a fully qualified filename, it will

84
net-snmp-5.9-openssl-3.0.patch Normal file
View File

@ -0,0 +1,84 @@
diff -urNp a/include/net-snmp/library/snmp_openssl.h b/include/net-snmp/library/snmp_openssl.h
--- a/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:55:39.829901038 +0200
+++ b/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:56:18.656412998 +0200
@@ -44,7 +44,6 @@ extern "C" {
/*
* misc
*/
- void netsnmp_openssl_err_log(const char *prefix);
void netsnmp_openssl_null_checks(SSL *ssl, int *nullAuth, int *nullCipher);
/*
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-09-15 07:55:39.785900458 +0200
+++ b/snmplib/snmp_openssl.c 2021-09-15 07:57:30.914417600 +0200
@@ -937,20 +937,6 @@ netsnmp_openssl_cert_issued_by(X509 *iss
return (X509_check_issued(issuer, cert) == X509_V_OK);
}
-
-#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
-void
-netsnmp_openssl_err_log(const char *prefix)
-{
- unsigned long err;
- for (err = ERR_get_error(); err; err = ERR_get_error()) {
- snmp_log(LOG_ERR,"%s: %ld\n", prefix ? prefix: "openssl error", err);
- snmp_log(LOG_ERR, "library=%d, function=%d, reason=%d\n",
- ERR_GET_LIB(err), ERR_GET_FUNC(err), ERR_GET_REASON(err));
- }
-}
-#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG */
-
void
netsnmp_openssl_null_checks(SSL *ssl, int *null_auth, int *null_cipher)
{
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-05-18 11:15:09.247472175 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-05-24 09:39:29.297494727 +0200
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
int openssl_local_index;
-#ifndef HAVE_ERR_GET_ERROR_ALL
-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
-static unsigned long ERR_get_error_all(const char **file, int *line,
- const char **func,
- const char **data, int *flags)
-{
- *func = NULL;
- return ERR_get_error_line_data(file, line, data, flags);
-}
-#endif
-
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con
ERR_reason_error_string(ERR_get_error()));
}
-
- /* other errors */
- while ((numerical_reason =
- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
- ERR_error_string(numerical_reason, NULL), file, func, line);
-
- /* if we have a text translation: */
- if (data && (flags & ERR_TXT_STRING)) {
- snmp_log(LOG_ERR, " Textual Error: %s\n", data);
- /*
- * per openssl man page: If it has been allocated by
- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
- *
- * arggh... stupid openssl prototype for ERR_get_error_line_data
- * wants a const char **, but returns something that we might
- * need to free??
- */
- if (flags & ERR_TXT_MALLOCED)
- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); }
- }
snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
}

26
net-snmp-5.9-pie.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/agent/Makefile.in b/agent/Makefile.in
index b5d692d..1a30209 100644
--- a/agent/Makefile.in
+++ b/agent/Makefile.in
@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index 43f3b9c..d4529d3 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}

38
net-snmp-5.9-python3.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git a/Makefile.in b/Makefile.in
index 912f6b2..862fb5f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -227,7 +227,7 @@ perlcleanfeatures:
# python specific build rules
#
-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
+PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
pythonmodules: subdirs
@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
if test $$? != 0 ; then \
diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
index daf11a4..3a30a64 100644
--- a/python/netsnmp/client.py
+++ b/python/netsnmp/client.py
@@ -56,7 +56,7 @@ class Varbind(object):
def __init__(self, tag=None, iid=None, val=None, type_arg=None):
self.tag = STR(tag)
self.iid = STR(iid)
- self.val = STR(val)
+ self.val = val
self.type = STR(type_arg)
# parse iid out of tag if needed
if iid is None and tag is not None:
@@ -66,7 +66,10 @@ class Varbind(object):
(self.tag, self.iid) = match.group(1, 2)
def __setattr__(self, name, val):
- self.__dict__[name] = STR(val)
+ if name == 'val':
+ self.__dict__[name] = val
+ else:
+ self.__dict__[name] = STR(val)
def __str__(self):
return obj_to_str(self)

42
net-snmp-5.9-rpmdb.patch Normal file
View File

@ -0,0 +1,42 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2023-10-23 16:59:37.392368620 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2023-10-23 17:01:59.760640169 +0200
@@ -73,15 +73,21 @@ netsnmp_swinst_arch_init(void)
#endif
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+
+ /* check for SQLite DB backend */
+ snprintf( pkg_directory, SNMP_MAXPATH, "%s/rpmdb.sqlite", dbpath );
+
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+ snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
+ pkg_directory[0] = '\0';
+ }
+ }
SNMP_FREE(rpmdbpath);
dbpath = NULL;
#ifdef HAVE_RPMGETPATH
rpmFreeRpmrc();
#endif
- if (-1 == stat( pkg_directory, &stat_buf )) {
- snmp_log(LOG_ERR, "Can't find directory of RPM packages");
- pkg_directory[0] = '\0';
- }
}
void
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2023-10-23 16:59:37.391368611 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2023-10-23 17:02:47.159063503 +0200
@@ -229,6 +229,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath);
if (stat(path, &stat_buf) == -1)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
+ /* check for SQLite DB backend */
+ if (stat(path, &stat_buf) == -1)
+ snprintf(path, sizeof(path), "%s/rpmdb.sqlite", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;
swi->swi_directory = strdup(path);
#ifdef HAVE_RPMGETPATH

31
net-snmp-5.9-sendmsg-error-code.patch Normal file
View File

@ -0,0 +1,31 @@
From 298c8103db80b292791616af4fd497342a71867f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Wed, 24 May 2023 10:49:41 +0200
Subject: [PATCH] libsnmp, UDP transport: Fix sendmsg() error code handling
This change has been made because of Linux kernel commit "ipv4: Return
-ENETUNREACH if we can't create route but saddr is valid"
(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=595e0651d029)
Fixes: https://github.com/net-snmp/net-snmp/issues/564
Fixes: https://github.com/net-snmp/net-snmp/pull/576
[ bvanassche: edited commit message ]
---
snmplib/transports/snmpUDPBaseDomain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
index ca8f9a5554..cd6b15e2ad 100644
--- a/snmplib/transports/snmpUDPBaseDomain.c
+++ b/snmplib/transports/snmpUDPBaseDomain.c
@@ -315,7 +315,7 @@ int netsnmp_udpbase_sendto_unix(int fd, const struct in_addr *srcip,
sizeof(struct sockaddr));
else
rc = sendmsg(fd, &m, MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

110
net-snmp-5.9-test-debug.patch Normal file
View File

@ -0,0 +1,110 @@
diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
index 6c07f74..7df0b51 100644
--- a/testing/fulltests/default/T070com2sec_simple
+++ b/testing/fulltests/default/T070com2sec_simple
@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- CHECKAGENT '<"c408a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 32: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+CHECKAGENT '<"c408a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 32: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
+ FINISHED
+fi
- CHECKAGENT '<"c408b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 33: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+CHECKAGENT '<"c408b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 33: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
fi
-
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
fi
FINISHED
diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
index 76da70b..bc2d432 100644
--- a/testing/fulltests/default/T071com2sec6_simple
+++ b/testing/fulltests/default/T071com2sec6_simple
@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- # 608
- CHECKAGENT '<"c608a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 29: Error:'
- errnum=`expr $errnum - 1`
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+# 608
+CHECKAGENT '<"c608a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 29: Error:'
+ errnum=`expr $errnum - 1`
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ FINISHED
+fi
- CHECKAGENTCOUNT atleastone '<"c608b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 30: Error:'
- if [ "$snmp_last_test_result" -eq 1 ] ; then
- errnum=`expr $errnum - 1`
- fi
+CHECKAGENTCOUNT atleastone '<"c608b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 30: Error:'
+ if [ "$snmp_last_test_result" -eq 1 ] ; then
+ errnum=`expr $errnum - 1`
fi
fi

16
net-snmp-5.9-twice-IP-parsing.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index e6f5b20..41a5e01 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -34,6 +34,11 @@
#if HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
+
+#if defined(HAVE_WINSOCK_H) && !defined(mingw32)
+static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
+#endif
+
#if HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif

12
net-snmp-5.9-usage-exit.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/agent/snmpd.c b/agent/snmpd.c
index ae73eda..f01b890 100644
--- a/agent/snmpd.c
+++ b/agent/snmpd.c
@@ -289,6 +289,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

60
net-snmp-5.9.1-python-usenumeric.patch Normal file
View File

@ -0,0 +1,60 @@
From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 9 Jun 2021 14:19:46 -0700
Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1
Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()")
Fixes: https://github.com/net-snmp/net-snmp/issues/303
---
python/netsnmp/client_intf.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c
index e5e7372303..94da39fe34 100644
--- a/python/netsnmp/client_intf.c
+++ b/python/netsnmp/client_intf.c
@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args)
static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int varlist_ind, int sprintval_flag, int *len,
- char **str_buf)
+ char **str_buf, int getlabel_flag)
{
struct tree *tp;
int type;
@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int buf_over = 0;
const char *tag;
const char *iid;
- int getlabel_flag = NO_FLAGS;
if (!PyObject_HasAttrString(varbind, "tag"))
return TYPE_OTHER;
@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type,
varbind = PySequence_GetItem(varlist, varlist_ind);
type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag,
- &len, &str_buf);
+ &len, &str_buf, getlabel_flag);
if (type != TYPE_OTHER) {
/* save in return tuple as well */
if ((type == SNMP_ENDOFMIBVIEW) ||
@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varlist_ind,
- sprintval_flag, &len, &str_buf) !=
+ sprintval_flag, &len, &str_buf, getlabel_flag) !=
TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varbind_ind,
- sprintval_flag, &len, &str_buf) != TYPE_OTHER) {
+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
/* push varbind onto varbinds */

22
SOURCES/net-snmp-config → net-snmp-config
View File

@ -16,47 +16,47 @@
arch=`arch`
echo $arch | grep -q i.86
if [ $? -eq 0 ] ; then
net-snmp-config-i386 $*
net-snmp-config-i386 "$@"
exit 0
fi
if [ "$arch" = "ia64" ] ; then
net-snmp-config-ia64 $*
net-snmp-config-ia64 "$@"
exit 0
fi
if [ "$arch" = "ppc" ] ; then
net-snmp-config-ppc $*
net-snmp-config-ppc "$@"
exit 0
fi
if [ "$arch" = "ppc64" ] ; then
net-snmp-config-ppc64 $*
net-snmp-config-ppc64 "$@"
exit 0
fi
if [ "$arch" = "s390" ] ; then
net-snmp-config-s390 $*
net-snmp-config-s390 "$@"
exit 0
fi
if [ "$arch" = "s390x" ] ; then
net-snmp-config-s390x $*
net-snmp-config-s390x "$@"
exit 0
fi
if [ "$arch" = "x86_64" ] ; then
net-snmp-config-x86_64 $*
net-snmp-config-x86_64 "$@"
exit 0
fi
if [ "$arch" = "alpha" ] ; then
net-snmp-config-alpha $*
net-snmp-config-alpha "$@"
exit 0
fi
if [ "$arch" = "sparc" ] ; then
net-snmp-config-sparc $*
net-snmp-config-sparc "$@"
exit 0
fi
if [ "$arch" = "sparc64" ] ; then
net-snmp-config-sparc64 $*
net-snmp-config-sparc64 "$@"
exit 0
fi
if [ "$arch" = "aarch64" ] ; then
net-snmp-config-aarch64 $*
net-snmp-config-aarch64 "$@"
exit 0
fi
echo "Cannot determine architecture"

0
SOURCES/net-snmp-config.h → net-snmp-config.h
View File

0
SOURCES/net-snmp-tmpfs.conf → net-snmp-tmpfs.conf
View File

0
SOURCES/net-snmp-trapd.redhat.conf → net-snmp-trapd.redhat.conf
View File

0
SOURCES/net-snmp.redhat.conf → net-snmp.redhat.conf
View File

496
SPECS/net-snmp.spec → net-snmp.spec
View File

@ -5,12 +5,12 @@
%global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 aarch64
# actual soname version
%global soname 35
%global soname 40
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.8
Release: 28%{?dist}
Version: 5.9.1
Release: 15%{?dist}
Epoch: 1
License: BSD
@ -26,70 +26,55 @@ Source7: net-snmp-tmpfs.conf
Source8: snmpd.service
Source9: snmptrapd.service
Source10: IETF-MIB-LICENSE.txt
Patch1: net-snmp-5.7.2-pie.patch
Patch2: net-snmp-5.8-dir-fix.patch
Patch3: net-snmp-5.8-multilib.patch
Patch4: net-snmp-5.8-test-debug.patch
Patch5: net-snmp-5.7.2-autoreconf.patch
Patch6: net-snmp-5.8-agentx-disconnect-crash.patch
Patch7: net-snmp-5.7.2-cert-path.patch
Patch8: net-snmp-5.8-cflags.patch
Patch9: net-snmp-5.8-Remove-U64-typedef.patch
Patch10: net-snmp-5.8-libnetsnmptrapd-against-MYSQL_LIBS.patch
Patch11: net-snmp-5.7.3-iterator-fix.patch
Patch12: net-snmp-5.8-autofs-skip.patch
Patch13: net-snmp-5.8-usage-exit.patch
Patch14: net-snmp-5.8-coverity.patch
Patch15: net-snmp-5.8-ipv6-clientaddr.patch
Patch16: net-snmp-5.8-agent-of-death.patch
Patch17: net-snmp-5.8-trapsink.patch
Patch18: net-snmp-5.8-flood-messages.patch
Patch19: net-snmp-5.8-v3-forward.patch
Patch20: net-snmp-5.8-sec-counter.patch
Patch21: net-snmp-5.8-proxy-getnext.patch
Patch22: net-snmp-5.8-dskTable-dynamic.patch
Patch23: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch24: net-snmp-5.8-duplicate-ipAddress.patch
Patch25: net-snmp-5.8-memory-reporting.patch
Patch26: net-snmp-5.8-man-page.patch
Patch27: net-snmp-5.8-ipAddress-faster-load.patch
Patch28: net-snmp-5.8-rpm-memory-leak.patch
Patch29: net-snmp-5.8-sec-memory-leak.patch
Patch30: net-snmp-5.8-aes-config.patch
Patch31: net-snmp-5.7.2-CVE-2020-15862.patch
Patch32: net-snmp-5.8-bulk.patch
Patch33: net-snmp-5.8-clientaddr-error-message.patch
Patch34: net-snmp-5.8-ipv6-disabled.patch
Patch35: net-snmp-5.8-empty-passphrase.patch
Patch36: net-snmp-5.8-asn-parse-nlength.patch
Patch37: net-snmp-5.8-double-IP-parsing.patch
Patch38: net-snmp-5.8-digest-from-ECC.patch
Patch39: net-snmp-5.8-broken-errmsg.patch
Patch40: net-snmp-5.8-intermediate-certs.patch
Patch41: net-snmp-5.8-fix-cert-crash.patch
Patch42: net-snmp-5.8-engine-id.patch
Patch43: net-snmp-5.8-certs.patch
Patch44: net-snmp-5.8-util-fix.patch
Patch45: net-snmp-5.8-deleted-iface.patch
Patch46: net-snmp-5.8-memleak-backport.patch
Patch47: net-snmp-5.8-dev-mem-leak.patch
Patch48: net-snmp-5.8-CVE-2022-44792-44793.patch
Patch49: net-snmp-5.8-ipv6-disable-leak.patch
Patch50: net-snmp-5.8-proxy-time-out.patch
Patch51: net-snmp-5.8-sendmsg-error-code.patch
Patch1: net-snmp-5.9-pie.patch
Patch2: net-snmp-5.9-dir-fix.patch
Patch3: net-snmp-5.9-multilib.patch
Patch4: net-snmp-5.9-test-debug.patch
Patch5: net-snmp-5.7.2-cert-path.patch
Patch6: net-snmp-5.9-cflags.patch
Patch7: net-snmp-5.8-Remove-U64-typedef.patch
Patch8: net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch
Patch9: net-snmp-5.7.3-iterator-fix.patch
Patch10: net-snmp-5.9-autofs-skip.patch
Patch11: net-snmp-5.9-usage-exit.patch
Patch12: net-snmp-5.9-coverity.patch
Patch13: net-snmp-5.9-dskTable-dynamic.patch
Patch14: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch15: net-snmp-5.8-duplicate-ipAddress.patch
Patch16: net-snmp-5.9-memory-reporting.patch
Patch17: net-snmp-5.8-man-page.patch
Patch18: net-snmp-5.8-ipAddress-faster-load.patch
Patch19: net-snmp-5.8-rpm-memory-leak.patch
Patch20: net-snmp-5.9-aes-config.patch
Patch21: net-snmp-5.8-clientaddr-error-message.patch
Patch22: net-snmp-5.9-ECC-cert.patch
Patch23: net-snmp-5.9-intermediate-certs.patch
Patch24: net-snmp-5.9-twice-IP-parsing.patch
Patch25: net-snmp-5.9-openssl-3.0.patch
Patch26: net-snmp-5.9-CVE-2022-44792-44793.patch
Patch27: net-snmp-5.9-ipv6-disable-leak.patch
Patch28: net-snmp-5.9-sendmsg-error-code.patch
Patch29: net-snmp-5.9-message-severity.patch
Patch30: net-snmp-5.9-rpmdb.patch
Patch31: net-snmp-5.9-CVE-2022-24805-24810.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
#disable this patch due compatibility issues
Patch102: net-snmp-5.9-python3.patch
Patch103: net-snmp-5.9.1-python-usenumeric.patch
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: gcc
# This is actually needed for the %%triggerun script but Requires(triggerun)
# is not valid. We can use %%post because this particular %%triggerun script
# should fire just after this package is installed.
%{?systemd_requires}
BuildRequires: systemd
BuildRequires: make
BuildRequires: systemd
BuildRequires: gcc
BuildRequires: openssl-devel, bzip2-devel, elfutils-devel
BuildRequires: libselinux-devel, elfutils-libelf-devel, rpm-devel
BuildRequires: perl-devel, perl(ExtUtils::Embed), procps
@ -99,7 +84,17 @@ BuildRequires: mariadb-connector-c-devel
# for netstat, needed by 'make test'
BuildRequires: net-tools
# for make test
BuildRequires: perl(:VERSION) >= 5.6
BuildRequires: perl(AutoLoader)
BuildRequires: perl(blib)
BuildRequires: perl(Carp)
BuildRequires: perl(DynaLoader)
BuildRequires: perl(Exporter)
BuildRequires: perl(overload)
BuildRequires: perl(strict)
BuildRequires: perl(TAP::Harness)
BuildRequires: perl(vars)
BuildRequires: perl(warnings)
%ifnarch s390 s390x ppc64le
BuildRequires: lm_sensors-devel >= 3
%endif
@ -120,7 +115,6 @@ which contains NET-SNMP utilities.
%package utils
Summary: Network management utilities using SNMP, from the NET-SNMP project
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: gcc
%description utils
The net-snmp-utils package contains various utilities for use with the
@ -139,7 +133,7 @@ Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel
Requires: lm_sensors-devel
%endif
# pull perl development libraries, net-snmp agent libraries may link to them
Requires: perl-devel%{?_isa}, gcc
Requires: perl-devel%{?_isa}
%description devel
The net-snmp-devel package contains the development libraries and
@ -155,6 +149,7 @@ packages installed.
Summary: The perl NET-SNMP module and the mib2c tool
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}, perl-interpreter
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: perl-interpreter
BuildRequires: perl-generators
@ -194,10 +189,23 @@ Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
The net-snmp-agent-libs package contains the runtime agent libraries for shared
binaries and applications.
%package -n python3-net-snmp
%{?python_provide:%python_provide python3-net-snmp}
# Remove before F30
Provides: %{name}-python = %{epoch}:%{version}-%{release}
Provides: %{name}-python%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-python < %{epoch}:%{version}-%{release}
Summary: The Python 'netsnmp' module for the Net-SNMP
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description -n python3-net-snmp
The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3,
SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the
Net-SNMP toolkit library.
%prep
%setup -q
cp %{SOURCE10} .
rm -r python
%ifnarch ia64
%patch1 -p1 -b .pie
@ -206,60 +214,40 @@ rm -r python
%patch2 -p1 -b .dir-fix
%patch3 -p1 -b .multilib
%patch4 -p1
%patch5 -p1 -b .autoreconf
%patch6 -p1 -b .agentx-disconnect-crash
%patch7 -p1 -b .cert-path
%patch8 -p1 -b .cflags
%patch9 -p1 -b .u64-remove
%patch10 -p1 -b .perlfix
%patch11 -p1 -b .iterator-fix
%patch12 -p1 -b .autofs-skip
%patch13 -p1 -b .usage-fix
%patch14 -p1 -b .coverity
%patch15 -p1 -b .ipv6-clientaddr
%patch16 -p1 -b .agent-of-death
%patch17 -p1 -b .trapsink
%patch18 -p1 -b .flood-messages
%patch19 -p1 -b .v3-forward
%patch20 -p1 -b .sec-counter
%patch21 -p1 -b .proxy-getnext
%patch22 -p1 -b .dskTable-dynamic
%patch23 -p1 -b .expand-SNMPCONFPATH
%patch24 -p1 -b .duplicate-ipAddress
%patch25 -p1 -b .memory-reporting
%patch26 -p1 -b .man-page
%patch27 -p1 -b .ipAddress-faster-load
%patch28 -p1 -b .rpm-memory-leak
%patch29 -p1 -b .sec-memory-leak
%patch30 -p1 -b .aes-config
%patch31 -p1 -b .CVE-2020-15862
%patch32 -p1 -b .bulk
%patch33 -p1 -b .clientaddr-error-message
%patch34 -p1 -b .ipv6-disabled
%patch35 -p1 -b .empty-passphrase
%patch36 -p1 -b .asn-parse-nlength
%patch37 -p1 -b .double-IP-parsing
%patch38 -p1 -b .digest-from-ECC
%patch39 -p1 -b .broken-errmsg
%patch40 -p1 -b .intermediate-certs
%patch41 -p1 -b .fix-cert-crash
%patch42 -p1 -b .engine-id
%patch43 -p1 -b .certs
%patch44 -p1 -b .utils
%patch45 -p1 -b .ifaces
%patch46 -p1 -b .memleak-backport
%patch47 -p1 -b .dev-mem-leak
%patch48 -p1
%patch49 -p1 -b .ipv6-disable-leak
%patch50 -p1 -b .proxy-time-out
%patch51 -p1 -b .sendmsg-error-code
%patch5 -p1 -b .cert-path
%patch6 -p1 -b .cflags
%patch7 -p1 -b .u64-remove
%patch8 -p1 -b .perlfix
%patch9 -p1 -b .iterator-fix
%patch10 -p1 -b .autofs-skip
%patch11 -p1 -b .usage-fix
%patch12 -p1 -b .coverity
%patch13 -p1 -b .dskTable-dynamic
%patch14 -p1 -b .expand-SNMPCONFPATH
%patch15 -p1 -b .duplicate-ipAddress
%patch16 -p1 -b .memory-reporting
%patch17 -p1 -b .man-page
%patch18 -p1 -b .ipAddress-faster-load
%patch19 -p1 -b .rpm-memory-leak
%patch20 -p1 -b .aes-config
%patch21 -p1 -b .clientaddr-error-message
%patch22 -p1 -b .ECC-cert
%patch23 -p1 -b .intermediate-certs
%patch24 -p1 -b .twice-IP-parsing
%patch25 -p1 -b .openssl-3-0
%patch26 -p1
%patch27 -p1 -b .ipv6-disable-leak
%patch28 -p1 -b .sendmsg-error-code
%patch29 -p1 -b .message-severity
%patch30 -p1 -b .rpmdb
%patch31 -p1 -b .CVE-2022-24805-24810
%patch101 -p1 -b .modern-rpm-api
%patch102 -p1
%patch103 -p1
%ifarch sparc64 s390 s390x
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
rm testing/fulltests/default/T200*
%endif
%build
@ -288,9 +276,10 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--enable-local-smux \
--enable-mfd-rewrites \
--enable-ucd-snmp-compatibility \
--disable-des \
--sysconfdir=%{_sysconfdir} \
--with-cflags="$RPM_OPT_FLAGS" \
--with-ldflags="-Wl,-z,relro -Wl,-z,now -lm" \
--with-cflags="$RPM_OPT_FLAGS -fPIE" \
--with-ldflags="$RPM_LD_FLAGS -lm" \
--with-logfile="/var/log/snmpd.log" \
--with-mib-modules="$MIBS" \
--with-mysql \
@ -303,7 +292,8 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--with-systemd \
--with-temp-file-pattern=/run/net-snmp/snmp-tmp-XXXXXX \
--with-transports="DTLSUDP TLSTCP" \
--with-sys-contact="root@localhost" <<EOF
--with-sys-contact="root@localhost" \
--without-pcre <<EOF
EOF
# store original libtool file, we will need it later
@ -313,11 +303,17 @@ sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
# the package is not %%_smp_mflags safe
make
%{__make}
# remove rpath from compiled perl libs
find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \;
# compile python module
pushd python
%{__python3} setup.py --basedir="../" build
popd
%install
make install DESTDIR=%{buildroot}
@ -373,6 +369,11 @@ rm -f README.aix README.hpux11 README.osX README.Panasonic_AM3X.txt README.solar
# copy missing mib2c.conf files
install -m 644 local/mib2c.*.conf %{buildroot}%{_datadir}/snmp
# install python module
pushd python
%{__python3} setup.py --basedir=.. install -O1 --skip-build --root %{buildroot}
popd
find %{buildroot} -name '*.so' | xargs chmod 0755
# trim down massive ChangeLog
@ -387,10 +388,6 @@ done
# remove executable bit from documentation samples
chmod 644 local/passtest local/ipf-mod.pl
# dirty hack for #603243, until it's fixed properly upstream
install -m 755 -d %{buildroot}/usr/include/net-snmp/agent/util_funcs
install -m 644 agent/mibgroup/util_funcs/*.h %{buildroot}/usr/include/net-snmp/agent/util_funcs
# systemd stuff
install -m 755 -d %{buildroot}/%{_tmpfilesdir}
install -m 644 %SOURCE7 %{buildroot}/%{_tmpfilesdir}/net-snmp.conf
@ -408,6 +405,7 @@ cp -f libtool.orig libtool
chmod 755 local/passtest
LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%endif
@ -461,7 +459,8 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%files devel
%{_libdir}/lib*.so
/usr/include/*
%{_libdir}/pkgconfig/*
%{_includedir}/*
%attr(0644,root,root) %{_mandir}/man3/*.3.*
%attr(0755,root,root) %{_bindir}/net-snmp-config*
%attr(0644,root,root) %{_mandir}/man1/net-snmp-config*.1.*
@ -485,6 +484,10 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{perl_vendorarch}/auto/Bundle/*SNMP*
%{perl_vendorarch}/Bundle/MakefileSubs.pm
%files -n python3-net-snmp
%doc README
%{python3_sitearch}/*
%files gui
%{_bindir}/tkmib
%attr(0644,root,root) %{_mandir}/man1/tkmib.1*
@ -507,115 +510,210 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
* Wed Aug 02 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-28
- fix sendmsg error code for new kernel (#2185787)
* Tue Apr 09 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-15
- fix changelog issue
* Tue Jan 31 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-27
- fix memory leak due of proc file creating (#2105957)
- fix CVE-2022-44792 and CVE-2022-44793 (#2141901) and (#2141905)
- fix memory leak when ipv6 disable set to 1 (#2151537)
- fix proxy timeout issue (#2160723)
* Tue Apr 09 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-14
- fix CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808,
CVE-2022-24809 and CVE-2022-24810 (RHEL-26649)
* Mon Oct 17 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-26
- backport two memory leaks from upstream (#2134635)
* Thu Oct 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-13
- add support for SQLite db background of rpm (RHEL-6854)
* Mon Feb 21 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-25
- fix segfault with error on subcontainer (#2051370)
* Thu Oct 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-12
- fix message severity issue (RHEL-13960)
* Thu Dec 09 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-24
- fix dereferencing null pointer (#2021403)
* Thu Aug 03 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-11
- fix python3 missing epoch
* Mon Oct 11 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-23
- net-snmp-cert gencert create SHA512 (#1908331)
* Wed Aug 02 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-10
- fix sendmsg error code for new kernel (#2210892)
* Mon Jun 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-22
- update engineTime when sending traps (#1973252)
* Wed Feb 15 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-9
- fix CVE-2022-44792 and CVE-2022-44793 (#2141902) and (#2141906)
- fix memory leak when ipv6 disable set to 1 (#2151540)
* Wed Jun 09 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-21
- prevent parsing IP address twice (#1768908)
- add support for digests detected from ECC certs (#1919714)
- fix broken ErrorMsg at ucd-snmp (#1933150)
- add support for intermediate certs (#1914656)
- fix crash of certs with longer extension (#1908718)
* Thu Apr 07 2022 Josef Ridky <jridky@redhat.com> - 1:5.9.1-8
- fix default snmpd.conf file content (#2067954)
* Tue Jan 05 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-20
- fix issue with parsing of long traps (#1912242)
- modify fix for #1877375
* Wed Oct 13 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-7
- fix FTBFS due of OpenSSL update (#2001430)
* Tue Dec 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-19
- revert permission of config files to 600 (#1601060)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9.1-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Aug 6 2021 Florian Weimer <fweimer@redhat.com> - 1:5.9.1-5
- Rebuild to pick up new build flags from redhat-rpm-config (#1984652)
* Mon Jul 19 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-4
- fix UseNumeric in Python library (#1970938)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9.1-3
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Jun 03 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-2
- Upload new source tarball
* Thu May 27 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-1
- New upstream release 5.9.1 (#1964963)
* Wed May 26 2021 Josef Ridky <jridky@redhat.com> 1:5.9-11
- disable DES and port for OpenSSL 3.0 (#1958073)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9-10
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 15 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-9
- fix issue with parsing IPv4 address twice
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1:5.9-8
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Thu Feb 04 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-7
- remove file with unsupported license
- use make and make install macros
* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-6
- add support for digests detected from ECC certificates
- add support for intermediate certificates
- fix crash caused by small buffer size
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-4
- fix issue with parsing long trap headers (#1912725)
- fix error message when the address specified by clientaddr option
is wrong or cannot be bound (#1877375)
- log error with /proc/net/if_inet6 only when IPv6 is enabled (#1824367)
- fix issue with quoting empty passphrase (#1817225)
is wrong or cannot be bound
- fix issue with quoting empty passphrase
* Wed Nov 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18
- fix CVE-2020-15862 (#1875497)
- fix bulk responses for invalid PID (#1817190)
* Wed Nov 18 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-3
- update net-snmp-tmpfs.conf for /var/run to /run (#1893471)
* Tue Aug 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
- add math library in LDFLAGS (#1846252)
* Tue Sep 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-2
- Disable pcre binding
- Add support for available memory report
* Thu Jul 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-16
- remove file due licensing issues (#1690936)
* Mon Aug 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-1
- New upstream release 5.9
* Wed Jun 10 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-15
- proxied OIDs unspecified in proxy statement in snmpd.conf (#1658134)
- UCD-SNMP-MIB::dskTable doesn't update dynamically (#1658185)
- expand SNMPCONFPATH variable (#1660146)
- remove file with Apple license (#1690936)
- log meningful message on duplicate IP address (#1692286)
- memory reporting adjustment (#1695497 and #1766521)
- fix typos in man page (#1700262)
- speedup ipAddressTable loading(#1700391)
- fix memory leak when shut down librpm (#1763008)
- services starts after network-online.target (#1775304)
- add missing part of memory leak patch (#1829860)
- add support for AES192 and AES256 (#1846252)
* Tue Aug 04 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-25
- link math library to fix FTBFS for hplip (#1863855)
* Mon Mar 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-14
- fix double free or corruption error when freeing security context (#1809077)
- remove deprecated CFLAG
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Feb 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-13
- fix double free or corruption error (#1726373)
* Tue Jul 07 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-23
- change /var/run/net-snmp to /run/net-snmp (#1737631)
* Wed Nov 06 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-12
- fix tmpfiles path (#1710784)
* Tue Jul 07 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-22
- proxied OIDs unspecified in proxy statement in snmpd.conf
- UCD-SNMP-MIB::dskTable doesn't update dynamically
- expand SNMPCONFPATH variable
- log meningful message on duplicate IP address
- memory reporting adjustment
- fix typos in man page
- speedup ipAddressTable loading
- fix memory leak when shut down librpm
- services starts after network-online.target
- add missing part of memory leak patch
- add support for AES192 and AES256
- fix net-snmp-config wrapper script (#1815984)
* Tue Oct 15 2019 Jiri Kucera <jkucera@redhat.com> - 1:5.8-11
- fix issue with flood messages (#1719350)
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.8-21
- Perl 5.32 rebuild
* Thu Jun 27 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-10
- fix trapsink port issue (#1677192)
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-20
- Rebuilt for Python 3.9
* Fri May 24 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-9
- rebuild for autoconf
* Thu Apr 09 2020 Josef Ridky <jridky@redhat.com> -1:5.8-19
- update skip_autofs patch (#1810104)
- exit snmpd after snmpd -h command
- fix issues found by coverity scan
- fix issue with flood messages
- fix double free or corruption error when freeing security context
* Tue May 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-8
- fix daemon crash on resend request (#1694047)
* Tue Mar 24 2020 Petr Pisar <ppisar@redhat.com> - 1:5.8-18
- Build-require Perl dependencies for running the tests
* Thu Feb 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-7
- fix address assigning for IPv6 clientaddr option (#1672668)
* Wed Feb 26 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
- fix config error with RPM library (#1807274)
* Wed Dec 05 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-6
- fix discovered issues from coverity scan (#1602630)
* Mon Feb 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-16
- set net-snmp-devel as requirement for net-snmp-perl
* Thu Oct 04 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-5
- exit snmpd after snmpd -h command (#1634811)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Sep 25 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-4
- fix annocheck distro flag failures (#1624151)
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-14
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Tue Sep 04 2018 Josh Boyer <jwboyer@redhat.com> - 1:5.8-3
- Change gcc Requires to BuildRequires (#1625189)
* Thu Sep 19 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-13
- Fix snmpv3 trap forwarding (#1753506)
* Mon Aug 13 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
- fix default configuration file (#1589480 and #1594147)
- modify permissions for config files (#1601060)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-12
- Rebuilt for Python 3.8
* Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
- remove python package and update to the last upstream version (#1584510)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jun 28 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-10
- remove file with unsupported license
- fix daemon crash on resend request (#1663027)
- fix issue with trapsink default port
* Mon Jun 10 22:13:21 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:5.8-9
- Rebuild for RPM 4.15
* Mon Jun 10 15:42:03 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:5.8-8
- Rebuild for RPM 4.15
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.8-7
- Perl 5.30 rebuild
* Thu Feb 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-6
- fix IPv6 address assignment for clientaddr option (#1673272)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:5.8-4
- Rebuilt for libcrypt.so.2 (#1666033)
* Tue Nov 27 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-3
- backport memory leak fixes from upstream
- add fPIE to CFLAGS (#1543853)
- use default LDFLAGS
* Mon Jul 23 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
- fix unresoved error with mysql functions
- implement changes to announce soname changes
* Wed Jul 18 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
- New upstream release 5.8
- remove APSL downstream patch due this copyright is already
coveret by part 8 in COPYING file
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.7.3-42
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat Jul 07 2018 Miro Hrončok <mhroncok@redhat.com> - 1:5.7.3-41
- Rebuilt for Python 3.7
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.7.3-40
- Perl 5.28 rebuild
* Mon May 21 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-39
- python3 support draft
* Mon May 21 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-38
- revert Python3 support
* Tue Mar 27 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-37
- backport upstream patch for structure iterator
* Thu Mar 08 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-36
- CVE-2018-1000116 Heap corruption in snmp_pdu_parse (#1552844)

0
SOURCES/net-snmpd.sysconfig → net-snmpd.sysconfig
View File

0
SOURCES/net-snmptrapd.sysconfig → net-snmptrapd.sysconfig
View File

0
SOURCES/snmpd.service → snmpd.service
View File

0
SOURCES/snmptrapd.service → snmptrapd.service
View File

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (net-snmp-5.9.1.tar.gz) = 93232601704461c0278b9be9d496e739765ce24d05401ad4b1f232bae8fcbf2fbbaea8c375d8359935531c8358f2eb4515b4540a5aaaded19b372a9866a3bdb0

36
tests/integration-tests/Makefile Normal file
View File

@ -0,0 +1,36 @@
# SPDX-License-Identifier: LGPL-2.1+
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/net-snmp
# Description: Test if net-snmp working ok
# Author: Susant Sahani<susant@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/net-snmp
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Susant Sahani<susant@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test snmpd" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: net-snmp" >> $(METADATA)
@echo "Requires: net=snmp" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -Fedora 28" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/integration-tests/PURPOSE Normal file
View File

@ -0,0 +1,3 @@
PURPOSE of /CoreOS/net-snmp
Description: tests for net-snmp
Author: Susant Sahani<susant@redhat.com>

175
tests/integration-tests/net-snmp-tests.py Executable file
View File

@ -0,0 +1,175 @@
#!/usr/bin/env python3
# SPDX-License-Identifier: LGPL-2.1+
# ~~~
# Description: Tests for snmpd
#
# Author: Susant Sahani <susant@redhat.com>
# Copyright (c) 2018 Red Hat, Inc.
# ~~~
import errno
import os
import sys
import time
import unittest
import subprocess
import signal
import shutil
import psutil
import socket
import platform
import re
from pyroute2 import IPRoute
from psutil import virtual_memory
from collections import OrderedDict
HOST='192.168.111.50'
def setUpModule():
"""Initialize the environment, and perform sanity checks on it."""
if shutil.which('snmpd') is None:
raise OSError(errno.ENOENT, 'snmpd not found')
if shutil.which('snmpwalk') is None:
raise OSError(errno.ENOENT, 'snmpwalk not found')
def tearDownModule():
pass
class GenericUtilities():
"""Provide a set of utility functions start stop daemons. write config files etc """
def StartSnmpd(self):
"""Start snmpd"""
subprocess.check_output(['systemctl', 'start', 'snmpd'])
def StopSnmpd(self):
"""Stop snmpd"""
subprocess.check_output(['systemctl', 'stop', 'snmpd'])
def SetupVethInterface(self):
"""Setup veth interface"""
ip = IPRoute()
ip.link('add', ifname='veth-test', peer='veth-peer', kind='veth')
idx_veth_test = ip.link_lookup(ifname='veth-test')[0]
idx_veth_peer = ip.link_lookup(ifname='veth-peer')[0]
ip.link('set', index=idx_veth_test, address='12:11:12:13:14:18')
ip.link('set', index=idx_veth_peer, address='22:21:22:23:24:29')
ip.link('set', index=idx_veth_test, state='up')
ip.link('set', index=idx_veth_peer, state='up')
ip.addr('add', index=idx_veth_test, address='192.168.111.50')
ip.addr('add', index=idx_veth_peer, address='192.168.111.51')
ip.close()
def TearDownVethInterface(self):
ip = IPRoute()
ip.link('del', index=ip.link_lookup(ifname='veth-test')[0])
ip.close()
class SnmpdTests(unittest.TestCase, GenericUtilities):
def setUp(self):
self.SetupVethInterface()
time.sleep(1)
self.StartSnmpd()
def tearDown(self):
self.StopSnmpd()
self.TearDownVethInterface()
def test_UCD_SNMP_MIB_memory(self):
''' UCD-SNMP-MIB::memory '''
subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public', HOST, 'UCD-SNMP-MIB::memory'])
meminfo=OrderedDict()
with open('/proc/meminfo') as f:
for line in f:
meminfo[line.split(':')[0]] = line.split(':')[1].strip()
output=subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public', HOST, 'UCD-SNMP-MIB::memTotalReal.0']).rstrip().decode('utf-8')
self.assertRegex(output, meminfo['MemTotal'])
def test_SNMP_hrSWRunPath(self):
""" process id """
output=subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public', HOST, 'HOST-RESOURCES-MIB::hrSWRunPath.1']).rstrip().decode('utf-8')
self.assertRegex(output, 'systemd')
def test_SNMP_IF_MIB_network_interface(self):
""" verify network interface (1.3.6.1.2.1.2.2.1) SNMP variables """
ip = IPRoute()
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1'])
# 1.3.6.1.2.1.2.2.1.1 IF-MIB::ifIndex
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.1']).rstrip().decode('utf-8')
self.assertRegex(output, 'IF-MIB::ifIndex.1 = INTEGER: 1')
# 1.3.6.1.2.1.2.2.1.1 IF-MIB::ifDescr
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.2']).rstrip().decode('utf-8')
for link in ip.get_links():
self.assertRegex(output, link.get_attr('IFLA_IFNAME'))
# IP-MIB::ipAdEntAddr 1.3.6.1.2.1.4.20.1.1
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.4.20.1.1']).rstrip().decode('utf-8')
for addr in ip.get_addr():
if addr.get_attr('IFA_ADDRESS'):
if addr.get_attr('IFA_ADDRESS') != '::1' and addr.get_attr('Ifamily') == 2:
self.assertRegex(output, addr.get_attr('IFA_ADDRESS'))
# IF-MIB::ifPhysAddress. 1.3.6.1.2.1.2.2.1.6
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.6']).rstrip().decode('utf-8')
for link in ip.get_links():
if link.get_attr('IFLA_ADDRESS') and link.get_attr('IFLA_ADDRESS') != '00:00:00:00:00:00':
snmp_mac = re.sub(r'\b0+(\d)', r'\1', link.get_attr('IFLA_ADDRESS')).lstrip('0')
self.assertRegex(output, snmp_mac)
ip.close()
def test_SNMP_MIB_2_System(self):
""" verify RFC 1213 System (1.3.6.1.2.1.1) SNMP variables"""
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1']).rstrip().decode('utf-8')
# 1.3.6.1.2.1.1.1 - sysDescr
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.1']).rstrip().decode('utf-8')
self.assertRegex(output, platform.machine())
self.assertRegex(output, platform.node())
self.assertRegex(output, platform.processor())
self.assertRegex(output, platform.release())
self.assertRegex(output, platform.version())
# 1.3.6.1.2.1.1.2 - sysObjectID
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.2'])
# 1.3.6.1.2.1.1.3 - sysUpTime
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.3'])
# 1.3.6.1.2.1.1.4 - sysContact
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.4']).rstrip().decode('utf-8')
self.assertRegex(output, 'fedora-ci <fedoraci@fedoraproject.org>')
# 1.3.6.1.2.1.1.5 - sysName
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.5']).rstrip().decode('utf-8')
self.assertRegex(output, socket.gethostname())
# 1.3.6.1.2.1.1.6 - sysLocation
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.6']).rstrip().decode('utf-8')
self.assertRegex(output, 'Pune, IN')
def test_basic_snmpwalk(self):
""" verify snmpwalk getting success snmpwalk -v2c -c public localhost """
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST])
if __name__ == '__main__':
unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
verbosity=3))

51
tests/integration-tests/runtest.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1+
# ~~~
# runtest.sh of net-snmp
# Description: net-snmp tests
#
# Author: Susant Sahani <susant@redhat.com>
# Copyright (c) 2018 Red Hat, Inc.
# ~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE_NET_SNMP="net-snmp"
PACKAGE_NET_SNMP_UTILS="net-snmp-utils"
NET_SNMP_CONF_FILE="/etc/snmp/snmpd.conf"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE_NET_SNMP
rlAssertRpm $PACKAGE_NET_SNMP_UTILS
rlRun "systemctl stop firewalld" 0,5
rlRun "setenforce 0" 0,1
rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
rlRun "cp net-snmp-tests.py /usr/bin/"
rlFileBackup "$NET_SNMP_CONF_FILE"
rlRun "cp snmpd.conf $NET_SNMP_CONF_FILE"
rlPhaseEnd
rlPhaseStartTest
rlLog "Starting net-snmp tests ..."
rlRun "/usr/bin/python3 /usr/bin/net-snmp-tests.py"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rm /usr/bin/net-snmp-tests.py $NET_SNMP_CONFIG_FILE"
rlRun "systemctl daemon-reload"
rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
rlFileRestore
rlRun "setenforce 1" 0,1
rlLog "net-snmp tests done"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd
rlGetTestState

7
tests/integration-tests/snmpd.conf Normal file
View File

@ -0,0 +1,7 @@
agentAddress udp:192.168.111.50:161
syslocation Pune, IN
syscontact fedora-ci <fedoraci@fedoraproject.org>
dontLogTCPWrappersConnects yes
rocommunity public

14
tests/tests.yml Normal file
View File

@ -0,0 +1,14 @@
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
tests:
- integration-tests
required_packages:
- python3
- systemd
- iproute
- python3-pyroute2
- net-snmp
- net-snmp-utils