Port to net-snmp without DES support (#1958073)

Related: #1958073
This commit is contained in:
Florian Weimer 2021-06-16 11:49:54 +02:00
parent 31c70664e9
commit e5b582b990
2 changed files with 46 additions and 1 deletions

View File

@ -0,0 +1,39 @@
This patch is required because net-smp is not build with DES support,
so usmDESPrivProtocol is not available.
diff -ur pegasus.orig/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp
--- pegasus.orig/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp 2021-06-16 11:22:58.855254567 +0200
+++ pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp 2021-06-16 11:37:33.012733834 +0200
@@ -247,6 +247,16 @@
#ifdef PEGASUS_ENABLE_NET_SNMPV3
case _SNMPv3_TRAP:
{
+ if(snmpSecPrivProto == 1)
+ {
+ //DES is no longer supported.
+ PEG_METHOD_EXIT();
+ throw PEGASUS_CIM_EXCEPTION_L(CIM_ERR_NOT_SUPPORTED,
+ MessageLoaderParms(
+ _MSG_VERSION_NOT_SUPPORTED_KEY,
+ _MSG_VERSION_NOT_SUPPORTED));
+ }
+
snmpSession.version = SNMP_VERSION_3;
CString securityNameCStr = securityName.getCString();
size_t securityNameLen = strlen(securityNameCStr);
@@ -321,14 +331,7 @@
SNMP_FREE(snmpSession.securityPrivProto);
//Privacy
- if(snmpSecPrivProto == 1) //DES
- {
- snmpSession.securityPrivProto = snmp_duplicate_objid(
- usmDESPrivProtocol,
- USM_PRIV_PROTO_DES_LEN);
- snmpSession.securityPrivProtoLen = USM_PRIV_PROTO_DES_LEN;
- }
- else if(snmpSecPrivProto == 2) // AES
+ if(snmpSecPrivProto == 2) // AES
{
snmpSession.securityPrivProto = snmp_duplicate_objid(
usmAESPrivProtocol,

View File

@ -8,7 +8,7 @@
Name: tog-pegasus Name: tog-pegasus
Version: %{major_ver}.1 Version: %{major_ver}.1
Release: 60%{?dist} Release: 61%{?dist}
Epoch: 2 Epoch: 2
Summary: OpenPegasus WBEM Services for Linux Summary: OpenPegasus WBEM Services for Linux
@ -104,6 +104,8 @@ Patch43: pegasus-2.14.1-fix-Wreserved-user-defined-literal.patch
Patch44: pegasus-2.14.1-crypto-policy-compliance.patch Patch44: pegasus-2.14.1-crypto-policy-compliance.patch
# 45: add required lib to fix FTBS # 45: add required lib to fix FTBS
Patch45: pegasus-2.14.1-add-pegwsmserver-to-ldd-libs.patch Patch45: pegasus-2.14.1-add-pegwsmserver-to-ldd-libs.patch
# 46: Remove DES support.
Patch46: pegasus-snmp-disable-des.patch
BuildRequires: procps, libstdc++, pam-devel BuildRequires: procps, libstdc++, pam-devel
BuildRequires: openssl, openssl-devel BuildRequires: openssl, openssl-devel
@ -257,6 +259,7 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0
%patch43 -p1 -b .Wreserved-user-defined-literal-fix %patch43 -p1 -b .Wreserved-user-defined-literal-fix
%patch44 -p1 -b .crypto-policy-compliance %patch44 -p1 -b .crypto-policy-compliance
%patch45 -p1 -b .add-pegwsmserver-to-ldd-libs %patch45 -p1 -b .add-pegwsmserver-to-ldd-libs
%patch46 -p1 -b .snmp-disable-des
%build %build
@ -558,6 +561,9 @@ fi
%changelog %changelog
* Wed Jun 16 2021 Florian Weimer <fweimer@redhat.com> - 2:2.14.1-61
- Port to net-snmp without DES support (#1958073)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:2.14.1-60 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:2.14.1-60
- Rebuilt for RHEL 9 BETA for openssl 3.0 - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065 Related: rhbz#1971065