packages/net-snmp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update net-snmp to 5.9.3

Browse Source
This commit is contained in:
xingwei 2023-08-07 01:13:41 +00:00
parent 29c974c6dd
commit 0a81ebce5e
29 changed files with 110 additions and 1024 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch
View File

@ -1,131 +0,0 @@
From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Wed, 30 Jun 2021 14:00:28 -0700
Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB,
NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
---
agent/mibgroup/agent/nsLogging.c | 6 ++++++
agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++--
agent/mibgroup/mibII/vacm_vars.c | 3 +++
agent/mibgroup/snmpv3/usmUser.c | 2 --
4 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c
index 9abdeb5bb7..7f4290490a 100644
--- a/agent/mibgroup/agent/nsLogging.c
+++ b/agent/mibgroup/agent/nsLogging.c
@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
}
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c
index cc61fce7e6..6c43210074 100644
--- a/agent/mibgroup/agent/nsVacmAccessTable.c
+++ b/agent/mibgroup/agent/nsVacmAccessTable.c
@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
ret = SNMP_ERR_NOERROR;
switch (table_info->colnum) {
@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
* Extract the authType token from the list of indexes
*/
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
idx = idx->next_variable; model = *idx->val.integer;
idx = idx->next_variable; level = *idx->val.integer;
entry = vacm_createAccessEntry( gName, cPrefix, model, level );
- entry->storageType = ST_NONVOLATILE;
- netsnmp_insert_iterator_context(request, (void*)entry);
+ if (entry) {
+ entry->storageType = ST_NONVOLATILE;
+ netsnmp_insert_iterator_context(request, (void*)entry);
+ }
}
}
}
@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c
index 469a1eba59..62c9a3d051 100644
--- a/agent/mibgroup/mibII/vacm_vars.c
+++ b/agent/mibgroup/mibII/vacm_vars.c
@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen,
return 1;
}
groupNameL = oidIndex[0];
+ if ((groupNameL + 1) > (int) oidLen) {
+ return 1;
+ }
contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */
if ((int) oidLen != groupNameL + contextPrefixL + 4) {
return 1;
diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c
index 0f52aaba49..0edea53cfb 100644
--- a/agent/mibgroup/snmpv3/usmUser.c
+++ b/agent/mibgroup/snmpv3/usmUser.c
@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action,
if (usmStatusCheck(uptr)) {
uptr->userStatus = RS_ACTIVE;
} else {
- SNMP_FREE(engineID);
- SNMP_FREE(newName);
return SNMP_ERR_INCONSISTENTVALUE;
}
} else if (long_ret == RS_CREATEANDWAIT) {

31
backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch
View File

@ -1,31 +0,0 @@
From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Tue, 24 Aug 2021 07:55:00 -0700
Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
When a SET request includes a mix of delegated and
non-delegated requests (e.g., objects handled by master
agent and agentx sub-agent), the status can get lost while
waiting for the reply from the sub-agent. Recover the status
into the session from the requests even if it has already
been processed.
---
agent/snmp_agent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 84fbb42b47..095ee70985 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp,
if (requests->status != SNMP_ERR_NOERROR &&
(!look_for_specific || requests->status == look_for_specific)
&& (look_for_specific || asp->index == 0
- || requests->index < asp->index)) {
+ || requests->index <= asp->index)) {
asp->index = requests->index;
asp->status = requests->status;
}

34
backport-Fix-the-build-against-OpenSSL-3.0.patch
View File

@ -1,34 +0,0 @@
From 19e75743173cb8d49d49fd685b8e0249e83cc820 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 8 Sep 2021 20:39:42 -0700
Subject: [PATCH] libsnmp: Fix the build against OpenSSL 3.0
Fixes: https://github.com/net-snmp/net-snmp/issues/343
Origin: upstream, https://github.com/net-snmp/net-snmp/commit/19e75743173cb8d49d49fd685b8e0249e83cc820
Bug: https://github.com/net-snmp/net-snmp/issues/343
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1945960
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006511
---
snmplib/snmp_openssl.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index c092a007a..eb4856c57 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -899,6 +899,11 @@ netsnmp_openssl_cert_issued_by(X509 *issuer, X509 *cert)
#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
+#ifndef ERR_GET_FUNC
+/* removed in OpenSSL 3.0 */
+#define ERR_GET_FUNC(e) -1
+#endif
+
void
netsnmp_openssl_err_log(const char *prefix)
{
--
2.32.0

26
backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch
View File

@ -1,26 +0,0 @@
From 2cd0e7d72a76ba27a18315b9ae67e6ed6d2c464a Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 9 Aug 2021 13:38:36 -0700
Subject: [PATCH] IF-MIB: Add a trailing newline to an error message
Fixes: 8bb544fbd2d6 ("Linux: IF-MIB: Fix a memory leak")
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e56cadf46..5322ee937 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -927,7 +927,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
netsnmp_interface_entry *existing =
CONTAINER_FIND(container, entry);
NETSNMP_LOGONCE((LOG_WARNING,
- "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s\n",
entry->index, existing ? existing->name : "(?)",
entry->name));
netsnmp_access_interface_entry_free(entry);
--
2.33.0

54
backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch
View File

@ -1,54 +0,0 @@
From d4b58c60367a262d829eb33e7888d28cd4337481 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 5 Aug 2021 18:56:50 -0700
Subject: [PATCH] IF-MIB: Fix a recently introduced use-after-free
Do not free the netsnmp_interface_entry corresponding to the previous line
from /proc/dev/net if an interface disappeared. Additionally, reduce the
scope of the 'entry' variable.
Fixes: 600c54135b10 ("IF-MIB, IP-FORWARD-MIB: Improve robustness")
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index 9d9b2ceb3..ea7389682 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -609,7 +609,6 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
{
FILE *devin;
char line[256];
- netsnmp_interface_entry *entry = NULL;
static char scan_expected = 0;
int fd;
int interfaces = 0;
@@ -690,6 +689,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
* and retrieve (or create) the corresponding data structure.
*/
while (fgets(line, sizeof(line), devin)) {
+ netsnmp_interface_entry *entry = NULL;
char *stats, *ifstart = line;
u_int flags;
oid if_index;
@@ -738,7 +738,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
if (if_index == 0) {
DEBUGMSGTL(("access:interface", "network interface %s is gone",
ifstart));
- goto free_entry;
+ continue;
}
#ifdef NETSNMP_ENABLE_IPV6
_arch_interface_has_ipv6(if_index, &flags, addr_container);
@@ -933,7 +933,6 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
"Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
entry->index, existing ? existing->name : "(?)",
entry->name));
-free_entry:
netsnmp_access_interface_entry_free(entry);
}
}
--
2.33.0

80
backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch
View File

@ -1,80 +0,0 @@
From 600c54135b1015d56070f702d878772dd9f0d51e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 2 Aug 2021 19:04:31 -0700
Subject: [PATCH] IF-MIB, IP-FORWARD-MIB: Improve robustness
It can happen that a network interface disappears after scanning has started
and before netsnmp_arch_interface_index_find() or another query function is
called. If that happens, ignore the network interface silently.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 7 ++++++-
.../mibgroup/ip-forward-mib/data_access/route_linux.c | 11 ++++++-----
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index 215b30e80..7e4a35130 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -734,7 +734,11 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
* knows a better way, put it here!
*/
if_index = netsnmp_arch_interface_index_find(ifstart);
- netsnmp_assert(if_index != 0);
+ if (if_index == 0) {
+ DEBUGMSGTL(("access:interface", "network interface %s is gone",
+ ifstart));
+ goto free_entry;
+ }
#ifdef NETSNMP_ENABLE_IPV6
_arch_interface_has_ipv6(if_index, &flags, addr_container);
#endif
@@ -928,6 +932,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
"Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
entry->index, existing ? existing->name : "(?)",
entry->name));
+free_entry:
netsnmp_access_interface_entry_free(entry);
}
}
diff --git a/agent/mibgroup/ip-forward-mib/data_access/route_linux.c b/agent/mibgroup/ip-forward-mib/data_access/route_linux.c
index 956e127c9..9b6a63ead 100644
--- a/agent/mibgroup/ip-forward-mib/data_access/route_linux.c
+++ b/agent/mibgroup/ip-forward-mib/data_access/route_linux.c
@@ -97,9 +97,7 @@ _load_ipv4(netsnmp_container* container, u_long *index )
snmp_log(LOG_ERR,
"/proc/net/route data format error (%d!=8), line ==|%s|",
rc, line);
-
- netsnmp_access_route_entry_free(entry);
- continue;
+ goto free_entry;
}
/*
@@ -114,9 +112,12 @@ _load_ipv4(netsnmp_container* container, u_long *index )
* but since that will open/close a socket, and we might
* have a lot of routes, call the ioctl routine directly.
*/
- if ('*' != name[0])
+ if ('*' != name[0]) {
entry->if_index =
netsnmp_access_interface_ioctl_ifindex_get(fd,name);
+ if (entry->if_index == 0)
+ goto free_entry;
+ }
/*
* arbitrary index
@@ -186,8 +187,8 @@ _load_ipv4(netsnmp_container* container, u_long *index )
if (CONTAINER_INSERT(container, entry) < 0)
{
DEBUGMSGTL(("access:route:container", "error with route_entry: insert into container failed.\n"));
+free_entry:
netsnmp_access_route_entry_free(entry);
- continue;
}
}
--
2.33.0

37
backport-Linux-IF-MIB-Fix-a-memory-leak.patch
View File

@ -1,37 +0,0 @@
From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:21:16 -0700
Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
The Linux kernel regenerates proc files in their entirety every time a 4 KiB
boundary is crossed. This can result in reading the same network interface
twice if network information changes while it is being read. Fix a memory
leak that can be triggered if /proc/net/dev changes while being read.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e99360a21..215b30e80 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
/*
* add to container
*/
- CONTAINER_INSERT(container, entry);
+ if (CONTAINER_INSERT(container, entry) != 0) {
+ netsnmp_interface_entry *existing =
+ CONTAINER_FIND(container, entry);
+ NETSNMP_LOGONCE((LOG_WARNING,
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ entry->index, existing ? existing->name : "(?)",
+ entry->name));
+ netsnmp_access_interface_entry_free(entry);
+ }
}
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);
--
2.33.0

40
backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch
View File

@ -1,40 +0,0 @@
From 8da919e4ad66dec376f54a6d2f7dd7a7fe68b8f0 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:01:11 -0700
Subject: [PATCH] Linux: IF-MIB: Pass the network interface index to
netsnmp_access_interface_entry_create()
Instead of letting netsnmp_access_interface_entry_create() call
netsnmp_arch_interface_index_find() a second time, pass the network interface
index to that function.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index 9c96eb92d..e99360a21 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -733,8 +733,9 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
* ip version is to look for ip addresses. If anyone
* knows a better way, put it here!
*/
-#ifdef NETSNMP_ENABLE_IPV6
if_index = netsnmp_arch_interface_index_find(ifstart);
+ netsnmp_assert(if_index != 0);
+#ifdef NETSNMP_ENABLE_IPV6
_arch_interface_has_ipv6(if_index, &flags, addr_container);
#endif
netsnmp_access_interface_ioctl_has_ipv4(fd, ifstart, 0, &flags, &ifc);
@@ -752,7 +753,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
continue;
}
- entry = netsnmp_access_interface_entry_create(ifstart, 0);
+ entry = netsnmp_access_interface_entry_create(ifstart, if_index);
if(NULL == entry) {
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);
--
2.33.0

60
backport-Python-Fix-snmpwalk-with-UseNumeric-1.patch
View File

@ -1,60 +0,0 @@
From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 9 Jun 2021 14:19:46 -0700
Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1
Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()")
Fixes: https://github.com/net-snmp/net-snmp/issues/303
---
python/netsnmp/client_intf.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c
index e5e7372303..94da39fe34 100644
--- a/python/netsnmp/client_intf.c
+++ b/python/netsnmp/client_intf.c
@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args)
static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int varlist_ind, int sprintval_flag, int *len,
- char **str_buf)
+ char **str_buf, int getlabel_flag)
{
struct tree *tp;
int type;
@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int buf_over = 0;
const char *tag;
const char *iid;
- int getlabel_flag = NO_FLAGS;
if (!PyObject_HasAttrString(varbind, "tag"))
return TYPE_OTHER;
@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type,
varbind = PySequence_GetItem(varlist, varlist_ind);
type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag,
- &len, &str_buf);
+ &len, &str_buf, getlabel_flag);
if (type != TYPE_OTHER) {
/* save in return tuple as well */
if ((type == SNMP_ENDOFMIBVIEW) ||
@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varlist_ind,
- sprintval_flag, &len, &str_buf) !=
+ sprintval_flag, &len, &str_buf, getlabel_flag) !=
TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varbind_ind,
- sprintval_flag, &len, &str_buf) != TYPE_OTHER) {
+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
/* push varbind onto varbinds */

81
backport-libsnmp-Fix-a-memory-leak-in-a-MIB-parser-error-path.patch
View File

@ -1,81 +0,0 @@
From d0277ca1ccd6ec8d786355a433717a9dbf41112e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 7 Aug 2021 08:32:03 -0700
Subject: [PATCH] libsnmp: Fix a memory leak in a MIB parser error path
This patch should fix
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36879.
---
snmplib/parse.c | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/snmplib/parse.c b/snmplib/parse.c
index 6d9d84a..5eb675b 100644
--- a/snmplib/parse.c
+++ b/snmplib/parse.c
@@ -1865,18 +1865,22 @@ do_linkup(struct module *mp, struct node *np)
}
-/*
+/**
+ * Read an OID from a file.
+ * @param[in] file File to read from.
+ * @param[out] id_arg Array to store the OID in.
+ * @param[in] length Number of elements in the @id_arg array.
+ *
* Takes a list of the form:
* { iso org(3) dod(6) 1 }
* and creates several nodes, one for each parent-child pair.
* Returns 0 on error.
*/
static int
-getoid(FILE * fp, struct subid_s *id, /* an array of subids */
- int length)
-{ /* the length of the array */
- register int count;
- int type;
+getoid(FILE * fp, struct subid_s *id_arg, int length)
+{
+ struct subid_s *id = id_arg;
+ int i, count, type;
char token[MAXTOKEN];
if ((type = get_token(fp, token, MAXTOKEN)) != LEFTBRACKET) {
@@ -1904,11 +1908,11 @@ getoid(FILE * fp, struct subid_s *id, /* an array of subids */
get_token(fp, token, MAXTOKEN)) != RIGHTPAREN) {
print_error("Expected a closing parenthesis",
token, type);
- return 0;
+ goto free_labels;
}
} else {
print_error("Expected a number", token, type);
- return 0;
+ goto free_labels;
}
} else {
continue;
@@ -1920,11 +1924,18 @@ getoid(FILE * fp, struct subid_s *id, /* an array of subids */
id->subid = strtoul(token, NULL, 10);
} else {
print_error("Expected label or number", token, type);
- return 0;
+ goto free_labels;
}
type = get_token(fp, token, MAXTOKEN);
}
print_error("Too long OID", token, type);
+
+free_labels:
+ for (i = 0; i < count; i++) {
+ free(id[i].label);
+ id[i].label = NULL;
+ }
+
return 0;
}
--
1.8.3.1

29
backport-libsnmp-Fix-more-undefined-behavior-in-asn_build_int.patch
View File

@ -1,29 +0,0 @@
From b9308221b1d0c1f77c8b2511e196376dc2870211 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sun, 29 Aug 2021 09:25:06 -0700
Subject: [PATCH] libsnmp: Fix more undefined behavior in asn_build_int()
According to the C standard, triggering an overflow by shifting a signed
integer left results in undefined behavior. Fix this by inserting a cast.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37808
---
snmplib/asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
index 959ae21..07bdcc6 100644
--- a/snmplib/asn1.c
+++ b/snmplib/asn1.c
@@ -771,7 +771,7 @@ asn_build_int(u_char * data,
while ((((integer & mask) == 0) || ((integer & mask) == mask))
&& intsize > 1) {
intsize--;
- integer <<= 8;
+ integer = (u_long)integer << 8;
}
data = asn_build_header(data, datalength, type, intsize);
if (_asn_build_header_check(errpre, data, *datalength, intsize))
--
1.8.3.1

33
backport-libsnmp-Fix-the-getoid-error-path.patch
View File

@ -1,33 +0,0 @@
From 413b17eecd6af8e8247501805b5a366b709828bf Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 9 Aug 2021 14:07:20 -0700
Subject: [PATCH] libsnmp: Fix the getoid() error path
Fixes: d0277ca1ccd6 ("libsnmp: Fix a memory leak in a MIB parser error path")
---
snmplib/parse.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/snmplib/parse.c b/snmplib/parse.c
index 5eb675b..19ccc0f 100644
--- a/snmplib/parse.c
+++ b/snmplib/parse.c
@@ -1929,11 +1929,12 @@ getoid(FILE * fp, struct subid_s *id_arg, int length)
type = get_token(fp, token, MAXTOKEN);
}
print_error("Too long OID", token, type);
+ --count;
free_labels:
- for (i = 0; i < count; i++) {
- free(id[i].label);
- id[i].label = NULL;
+ for (i = 0; i <= count; i++) {
+ free(id_arg[i].label);
+ id_arg[i].label = NULL;
}
return 0;
--
1.8.3.1

29
backport-libsnmp-Fix-undefined-behavior-in-asn_build_int.patch
View File

@ -1,29 +0,0 @@
From 277d75633d8008cde468d026694289ca32f2cb6d Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 26 Aug 2021 10:17:11 -0700
Subject: [PATCH] libsnmp: Fix undefined behavior in asn_build_int()
According to the C standard, triggering an overflow by shifting a signed
integer results in undefined behavior. Fix this by inserting a cast.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37579
---
snmplib/asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
index d5d7eb6..959ae21 100644
--- a/snmplib/asn1.c
+++ b/snmplib/asn1.c
@@ -784,7 +784,7 @@ asn_build_int(u_char * data,
*/
while (intsize--) {
*data++ = (u_char) ((integer & mask) >> (8 * (sizeof(long) - 1)));
- integer <<= 8;
+ integer = (u_long)integer << 8;
}
DEBUGDUMPSETUP("send", initdatap, data - initdatap);
DEBUGMSG(("dumpv_send", " Integer:\t%ld (0x%.2lX)\n", *intp, *intp));
--
1.8.3.1

6
backport-net-snmp-5.7.2-cert-path.patch
View File

@ -1,9 +1,9 @@
1134475 - dependency in perl package
Use hardcoded path to configuration directories instead of net-snmp-config.
net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
depending on -devel.
diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
--- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200
@ -28,3 +28,5 @@ diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-s
}
sub initOpts {

18
backport-net-snmp-5.8-rpm-memory-leak.patch
View File

@ -1,6 +1,7 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
index 695c469..dd0e487 100644
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
SNMP_FREE(rpmdbpath);
@ -9,11 +10,12 @@ diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/
+ rpmFreeRpmrc();
+#endif
if (-1 == stat( pkg_directory, &stat_buf )) {
snmp_log(LOG_ERR, "Can't find directory of RPM packages");
snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
pkg_directory[0] = '\0';
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200
diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
index 1f52733..ccf1cab 100644
--- a/agent/mibgroup/host/hr_swinst.c
+++ b/agent/mibgroup/host/hr_swinst.c
@@ -231,6 +231,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;
@ -24,3 +26,5 @@ diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
}
#else
# ifdef _PATH_HRSW_directory

38
backport-net-snmp-5.9-autofs-skip.patch
View File

@ -1,5 +1,5 @@
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
index 4f78df3..fd25b3f 100644
index e7ca92f..80b3e0d 100644
--- a/agent/mibgroup/host/hr_filesys.c
+++ b/agent/mibgroup/host/hr_filesys.c
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
@ -10,37 +10,5 @@ index 4f78df3..fd25b3f 100644
"usbdevfs",
"usbfs",
#endif
diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c
index 6b459ec..f7a376b 100644
--- a/agent/mibgroup/host/hr_storage.c
+++ b/agent/mibgroup/host/hr_storage.c
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (Check_HR_FileSys_AutoFs())
return NULL;
diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c
index 8967d35..9bf2659 100644
--- a/agent/mibgroup/host/hrh_storage.c
+++ b/agent/mibgroup/host/hrh_storage.c
@@ -366,9 +366,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (HRFS_entry && Check_HR_FileSys_AutoFs())
return NULL;

19
backport-net-snmp-5.9-cflags.patch
View File

@ -1,19 +1,4 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200
@ -34,3 +19,5 @@ diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
append($Params->{'CCFLAGS'}, '-Wformat');
}
}

22
backport-net-snmp-5.9-dir-fix.patch
View File

@ -1,24 +1,32 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 452c269..afd6fa4 100644
index 19895a1..ac3c60f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -16,6 +16,10 @@ Xalgorithm="DES"
@@ -14,6 +14,10 @@ Xalgorithm="DES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
+case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+esac
unset shifted
case $1 in
@@ -136,7 +140,7 @@ fi
@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
touch "$outfile"
fi
echo "$line" >> "$outfile"
# Avoid that configure complains that this script ignores @datarootdir@
echo "@datarootdir@" >/dev/null
-prefix=@prefix@
-datarootdir=@datarootdir@
-# To suppress shellcheck complaints about $prefix and $datarootdir.
-: "$prefix" "$datarootdir"
-outfile="@datadir@/snmp/snmpd.conf"
+# Avoid that configure complains that this script ignores @datarootdir@
+echo "@datarootdir@" >/dev/null
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " $line"

179
backport-net-snmp-5.9-dskTable-dynamic.patch
View File

@ -1,179 +0,0 @@
diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2021-05-26 08:56:39.678900275 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-05-26 09:09:32.308731157 +0200
@@ -153,9 +153,10 @@ static void disk_free_config(void)
static void disk_parse_config(const char *, char *);
static void disk_parse_config_all(const char *, char *);
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
-static void find_and_add_allDisks(int minpercent);
+static void refresh_disk_table(int addNewDisks, int minpercent);
static void add_device(char *path, char *device,
- int minspace, int minpercent, int override);
+ int minspace, int minpercent, int addNewDisks,
+ int override);
static void modify_disk_parameters(int index, int minspace,
int minpercent);
static int disk_exists(char *path);
@@ -167,6 +168,7 @@ struct diskpart {
char path[STRMAX];
int minimumspace;
int minpercent;
+ int alive;
};
#define MAX_INT_32 0x7fffffff
@@ -174,6 +176,7 @@ struct diskpart {
unsigned int numdisks;
int allDisksIncluded = 0;
+int allDisksMinPercent = 0;
unsigned int maxdisks = 0;
struct diskpart *disks;
@@ -238,6 +241,7 @@ init_disk(void)
disk_free_config,
"minpercent%");
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -253,6 +257,7 @@ disk_free_config(void)
disks[i].minpercent = -1;
}
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
* check if the disk already exists, if so then modify its
* parameters. if it does not exist then add it
*/
- add_device(path, find_device(path), minspace, minpercent, 1);
+ add_device(path, find_device(path), minspace, minpercent, 1, 1);
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
}
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
static void
-add_device(char *path, char *device, int minspace, int minpercent, int override)
+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override)
{
int index;
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
}
index = disk_exists(path);
- if((index != -1) && (index < maxdisks) && (override==1)) {
- modify_disk_parameters(index, minspace, minpercent);
+ if((index != -1) && (index < maxdisks)) {
+ /* the path is already in the table */
+ disks[index].alive = 1;
+ /* -> update its device */
+ strlcpy(disks[index].device, device, sizeof(disks[index].device));
+ if (override == 1) {
+ modify_disk_parameters(index, minspace, minpercent);
+ }
}
- else if(index == -1){
+ else if(index == -1 && addNewDisks){
/* add if and only if the device was found */
if(device[0] != 0) {
/* The following buffers are cleared above, no need to add '\0' */
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
disks[numdisks].minimumspace = minspace;
disks[numdisks].minpercent = minpercent;
+ disks[numdisks].alive = 1;
numdisks++;
}
else {
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
disks[numdisks].minpercent = -1;
disks[numdisks].path[0] = 0;
disks[numdisks].device[0] = 0;
+ disks[numdisks].alive = 0;
}
}
}
@@ -444,7 +457,7 @@ int disk_exists(char *path)
}
static void
-find_and_add_allDisks(int minpercent)
+refresh_disk_table(int addNewDisks, int minpercent)
{
#if HAVE_GETMNTENT
#if HAVE_SYS_MNTTAB_H
@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while (mntfp && NULL != (mntent = getmntent(mntfp))) {
- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
if (mntfp)
@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while ((i = getmntent(mntfp, &mnttab)) == 0) {
- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
fclose(mntfp);
@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1,
- minpercent, 0);
+ minpercent, addNewDisks, 0);
}
}
#elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) {
- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
endfsent(); /* close /etc/fstab */
@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/"
*/
if (statfs("/", &statf) == 0) {
- add_device("/", statf.f_mntfromname, -1, minpercent, 0);
+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
}
#endif
else {
@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_e
#endif
#endif
+ if (disks[disknum].alive == 0){
+ return -1;
+ }
+
entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp,
static char *errmsg;
static char empty_str[1];
+ int i;
+ for (i = 0; i < numdisks; i++){
+ disks[i].alive = 0;
+ }
+ /* dynamically add new disks + update alive flag */
+ refresh_disk_table(allDisksIncluded, allDisksMinPercent);
+
tryAgain:
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numdisks))

12
backport-net-snmp-5.9-ipv6-disable-leak.patch Normal file
View File

@ -0,0 +1,12 @@
diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100
+++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100
@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

13
backport-net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch
View File

@ -1,13 +0,0 @@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index d4529d3..175242b 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS)
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
$(RANLIB) $@
snmpinforminstall:

8
backport-net-snmp-5.9-pie.patch
View File

@ -1,8 +1,8 @@
diff --git a/agent/Makefile.in b/agent/Makefile.in
index b5d692d..1a30209 100644
index 047d880..38d40aa 100644
--- a/agent/Makefile.in
+++ b/agent/Makefile.in
@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
@ -10,9 +10,9 @@ index b5d692d..1a30209 100644
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index 43f3b9c..d4529d3 100644
index 3dbb1d1..48ed23a 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)

32
backport-net-snmp-5.9-sendmsg-error-code.patch Normal file
View File

@ -0,0 +1,32 @@
From 298c8103db80b292791616af4fd497342a71867f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Wed, 24 May 2023 10:49:41 +0200
Subject: [PATCH] libsnmp, UDP transport: Fix sendmsg() error code handling
This change has been made because of Linux kernel commit "ipv4: Return
-ENETUNREACH if we can't create route but saddr is valid"
(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=595e0651d029)
Fixes: https://github.com/net-snmp/net-snmp/issues/564
Fixes: https://github.com/net-snmp/net-snmp/pull/576
[ bvanassche: edited commit message ]
---
snmplib/transports/snmpUDPBaseDomain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
index ca8f9a5554..cd6b15e2ad 100644
--- a/snmplib/transports/snmpUDPBaseDomain.c
+++ b/snmplib/transports/snmpUDPBaseDomain.c
@@ -315,7 +315,7 @@ int netsnmp_udpbase_sendto_unix(int fd, const struct in_addr *srcip,
sizeof(struct sockaddr));
else
rc = sendmsg(fd, &m, MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

12
backport-net-snmp-5.9-usage-exit.patch
View File

@ -1,12 +0,0 @@
diff --git a/agent/snmpd.c b/agent/snmpd.c
index ae73eda..f01b890 100644
--- a/agent/snmpd.c
+++ b/agent/snmpd.c
@@ -289,6 +289,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

49
backport-net-snmp-5.9.1-remove-err-log.patch
View File

@ -1,49 +0,0 @@
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-09-15 07:55:39.784900445 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-10-04 15:35:48.157385970 +0200
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
int openssl_local_index;
-#ifndef HAVE_ERR_GET_ERROR_ALL
-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
-static unsigned long ERR_get_error_all(const char **file, int *line,
- const char **func,
- const char **data, int *flags)
-{
- *func = NULL;
- return ERR_get_error_line_data(file, line, data, flags);
-}
-#endif
-
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con
ERR_reason_error_string(ERR_get_error()));
}
-
- /* other errors */
- while ((numerical_reason =
- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
- ERR_error_string(numerical_reason, NULL), file, func, line);
-
- /* if we have a text translation: */
- if (data && (flags & ERR_TXT_STRING)) {
- snmp_log(LOG_ERR, " Textual Error: %s\n", data);
- /*
- * per openssl man page: If it has been allocated by
- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
- *
- * arggh... stupid openssl prototype for ERR_get_error_line_data
- * wants a const char **, but returns something that we might
- * need to free??
- */
- if (flags & ERR_TXT_MALLOCED)
- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); }
- }
snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
}

BIN
net-snmp-5.9.1.tar.gz
View File

Binary file not shown.

BIN
net-snmp-5.9.3.tar.gz Normal file
View File

Binary file not shown.

2
net-snmp-tmpfs.conf
View File

@ -1 +1 @@
d /var/run/net-snmp 0755 root root
d /run/net-snmp 0755 root root

59
net-snmp.spec
View File

@ -2,8 +2,8 @@
%global multilib_arches x86_64 aarch64
Name: net-snmp
Version: 5.9.1
Release: 8
Version: 5.9.3
Release: 1
Epoch: 1
Summary: SNMP Daemon
License: BSD
@ -26,38 +26,23 @@ Patch4: backport-net-snmp-5.9-test-debug.patch
Patch5: backport-net-snmp-5.7.2-cert-path.patch
Patch6: backport-net-snmp-5.9-cflags.patch
Patch7: backport-net-snmp-5.8-Remove-U64-typedef.patch
Patch8: backport-net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch
Patch9: backport-net-snmp-5.7.3-iterator-fix.patch
Patch10: backport-net-snmp-5.9-autofs-skip.patch
Patch12: backport-net-snmp-5.9-usage-exit.patch
Patch13: backport-net-snmp-5.9-coverity.patch
Patch15: backport-net-snmp-5.9-dskTable-dynamic.patch
Patch16: backport-net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch17: backport-net-snmp-5.8-duplicate-ipAddress.patch
Patch18: backport-net-snmp-5.9-memory-reporting.patch
Patch19: backport-net-snmp-5.8-man-page.patch
Patch20: backport-net-snmp-5.8-ipAddress-faster-load.patch
Patch21: backport-net-snmp-5.8-rpm-memory-leak.patch
Patch22: backport-net-snmp-5.9-aes-config.patch
Patch23: backport-net-snmp-5.8-modern-rpm-api.patch
Patch24: backport-net-snmp-5.9-python3.patch
Patch25: backport-libsnmp-Fix-more-undefined-behavior-in-asn_build_int.patch
Patch26: backport-libsnmp-Fix-undefined-behavior-in-asn_build_int.patch
Patch30: backport-libsnmp-Fix-a-memory-leak-in-a-MIB-parser-error-path.patch
Patch31: backport-libsnmp-Fix-the-getoid-error-path.patch
Patch32: backport-Python-Fix-snmpwalk-with-UseNumeric-1.patch
Patch33: backport-net-snmp-5.9.1-autoconf.patch
Patch34: backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch
Patch35: backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch
Patch36: backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch
Patch37: backport-Linux-IF-MIB-Fix-a-memory-leak.patch
Patch38: backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch
Patch39: backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch
Patch40: backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch
Patch41: backport-CVE-2022-44792_CVE-2022-44793.patch
Patch42: backport-Fix-the-build-against-OpenSSL-3.0.patch
Patch43: backport-libsnmp-Remove-netsnmp_openssl_err_log.patch
Patch44: backport-net-snmp-5.9.1-remove-err-log.patch
Patch8: backport-net-snmp-5.7.3-iterator-fix.patch
Patch9: backport-net-snmp-5.9-autofs-skip.patch
Patch10: backport-net-snmp-5.9-coverity.patch
Patch11: backport-net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch12: backport-net-snmp-5.8-duplicate-ipAddress.patch
Patch13: backport-net-snmp-5.9-memory-reporting.patch
Patch14: backport-net-snmp-5.8-man-page.patch
Patch15: backport-net-snmp-5.8-ipAddress-faster-load.patch
Patch16: backport-net-snmp-5.8-rpm-memory-leak.patch
Patch17: backport-net-snmp-5.9-aes-config.patch
Patch18: backport-net-snmp-5.8-modern-rpm-api.patch
Patch19: backport-net-snmp-5.9-python3.patch
Patch20: backport-net-snmp-5.9.1-autoconf.patch
Patch21: backport-CVE-2022-44792_CVE-2022-44793.patch
Patch22: backport-libsnmp-Remove-netsnmp_openssl_err_log.patch
Patch23: backport-net-snmp-5.9-ipv6-disable-leak.patch
Patch24: backport-net-snmp-5.9-sendmsg-error-code.patch
%{?systemd_requires}
BuildRequires: systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel
@ -337,6 +322,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_mandir}/man1/fixproc*
%changelog
* Mon Aug 07 2023 xingwei <xingwei14@h-partners.com> - 1:5.9.3-1
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:update net-snmp to 5.9.3
* Wed May 24 2023 xingwei <xingwei14@h-partners.com> - 1:5.9.1-8
- Type:bugfix
- CVE:NA