!75 Sync upstream patches to fix Buffer overflow

From: @XWwalker 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12

backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch

@@ -1,131 +0,0 @@
-From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001
-From: Bill Fenner <fenner@gmail.com>
-Date: Wed, 30 Jun 2021 14:00:28 -0700
-Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB,
- NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
-
-Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
-Fixes by: Arista Networks
----
- agent/mibgroup/agent/nsLogging.c         |  6 ++++++
- agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++--
- agent/mibgroup/mibII/vacm_vars.c         |  3 +++
- agent/mibgroup/snmpv3/usmUser.c          |  2 --
- 4 files changed, 23 insertions(+), 4 deletions(-)
-
-diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c
-index 9abdeb5bb7..7f4290490a 100644
---- a/agent/mibgroup/agent/nsLogging.c
-+++ b/agent/mibgroup/agent/nsLogging.c
-@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
-                 continue;
-             logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
-             table_info  =                netsnmp_extract_table_info(request);
-+            if (!table_info || !table_info->indexes)
-+                continue;
- 
-             switch (table_info->colnum) {
-             case NSLOGGING_TYPE:
-@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
-             }
-             logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
-             table_info  =                 netsnmp_extract_table_info(request);
-+            if (!table_info || !table_info->indexes)
-+                continue;
- 
-             switch (table_info->colnum) {
-             case NSLOGGING_TYPE:
-@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
-                 continue;
-             logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
-             table_info  =                 netsnmp_extract_table_info(request);
-+            if (!table_info || !table_info->indexes)
-+                continue;
- 
-             switch (table_info->colnum) {
-             case NSLOGGING_TYPE:
-diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c
-index cc61fce7e6..6c43210074 100644
---- a/agent/mibgroup/agent/nsVacmAccessTable.c
-+++ b/agent/mibgroup/agent/nsVacmAccessTable.c
-@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
-             entry = (struct vacm_accessEntry *)
-                 netsnmp_extract_iterator_context(request);
-             table_info = netsnmp_extract_table_info(request);
-+            if (!table_info || !table_info->indexes)
-+                continue;
- 
-             /* Extract the authType token from the list of indexes */
-             idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
-+            if (idx->val_len >= sizeof(atype))
-+                continue;
-             memset(atype, 0, sizeof(atype));
-             memcpy(atype, (char *)idx->val.string, idx->val_len);
-             viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
-@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
-             entry = (struct vacm_accessEntry *)
-                 netsnmp_extract_iterator_context(request);
-             table_info = netsnmp_extract_table_info(request);
-+            if (!table_info || !table_info->indexes)
-+                continue;
-             ret = SNMP_ERR_NOERROR;
- 
-             switch (table_info->colnum) {
-@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
-                  * Extract the authType token from the list of indexes
-                  */
-                 idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
-+                if (idx->val_len >= sizeof(atype))
-+                    continue;
-                 memset(atype, 0, sizeof(atype));
-                 memcpy(atype, (char *)idx->val.string, idx->val_len);
-                 viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
-@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
-                          idx = idx->next_variable;  model = *idx->val.integer;
-                          idx = idx->next_variable;  level = *idx->val.integer;
-                          entry = vacm_createAccessEntry( gName, cPrefix, model, level );
--                         entry->storageType = ST_NONVOLATILE;
--                         netsnmp_insert_iterator_context(request, (void*)entry);
-+                         if (entry) {
-+                             entry->storageType = ST_NONVOLATILE;
-+                             netsnmp_insert_iterator_context(request, (void*)entry);
-+                         }
-                     }
-                 }
-             }
-@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
- 
-             /* Extract the authType token from the list of indexes */
-             idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
-+            if (idx->val_len >= sizeof(atype))
-+                continue;
-             memset(atype, 0, sizeof(atype));
-             memcpy(atype, (char *)idx->val.string, idx->val_len);
-             viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
-diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c
-index 469a1eba59..62c9a3d051 100644
---- a/agent/mibgroup/mibII/vacm_vars.c
-+++ b/agent/mibgroup/mibII/vacm_vars.c
-@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen,
-         return 1;
-     }
-     groupNameL = oidIndex[0];
-+    if ((groupNameL + 1) > (int) oidLen) {
-+        return 1;
-+    }
-     contextPrefixL = oidIndex[groupNameL + 1];  /* the initial name length */
-     if ((int) oidLen != groupNameL + contextPrefixL + 4) {
-         return 1;
-diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c
-index 0f52aaba49..0edea53cfb 100644
---- a/agent/mibgroup/snmpv3/usmUser.c
-+++ b/agent/mibgroup/snmpv3/usmUser.c
-@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action,
-                 if (usmStatusCheck(uptr)) {
-                     uptr->userStatus = RS_ACTIVE;
-                 } else {
--                    SNMP_FREE(engineID);
--                    SNMP_FREE(newName);
-                     return SNMP_ERR_INCONSISTENTVALUE;
-                 }
-             } else if (long_ret == RS_CREATEANDWAIT) {

backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch

@@ -1,31 +0,0 @@
-From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001
-From: Bill Fenner <fenner@gmail.com>
-Date: Tue, 24 Aug 2021 07:55:00 -0700
-Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request
-
-Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
-Fixes by: Arista Networks
-
-When a SET request includes a mix of delegated and
-non-delegated requests (e.g., objects handled by master
-agent and agentx sub-agent), the status can get lost while
-waiting for the reply from the sub-agent.  Recover the status
-into the session from the requests even if it has already
-been processed.
----
- agent/snmp_agent.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
-index 84fbb42b47..095ee70985 100644
---- a/agent/snmp_agent.c
-+++ b/agent/snmp_agent.c
-@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp,
-         if (requests->status != SNMP_ERR_NOERROR &&
-             (!look_for_specific || requests->status == look_for_specific)
-             && (look_for_specific || asp->index == 0
--                || requests->index < asp->index)) {
-+                || requests->index <= asp->index)) {
-             asp->index = requests->index;
-             asp->status = requests->status;
-         }

backport-Add-Linux-6.7-compatibility-parsing-proc-net-snmp.patch

@@ -0,0 +1,123 @@
+From 49d60ba57f4b462df7dc5fd5b38b4425dab0982c Mon Sep 17 00:00:00 2001
+From: Philippe Troin <phil+github-commits@fifi.org>
+Date: Sat, 3 Feb 2024 10:30:30 -0800
+Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
+
+Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
+This breaks the hard-coded assumptions about the Ip line length.
+Add compatibility to parse Linux 6.7 Ip header while keep support
+for previous versions.
+
+Conflict:NA
+Reference:https://github.com/net-snmp/net-snmp/commit/49d60ba57f4b462df7dc5fd5b38b4425dab0982c
+
+---
+ .../ip-mib/data_access/systemstats_linux.c    | 46 +++++++++++++++----
+ 1 file changed, 37 insertions(+), 9 deletions(-)
+
+diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+index 49e0a34d5c..f04e828a94 100644
+--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
++++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
+ }
+ 
+ /*
+-  /proc/net/snmp
++  /proc/net/snmp - Linux 6.6 and lower
+ 
+   Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
+   Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
+@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
+   
+   Udp: InDatagrams NoPorts InErrors OutDatagrams
+   Udp: 1491094 122 0 1466178
++*
++  /proc/net/snmp - Linux 6.7 and higher
++
++  Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
++  Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
++
++  Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
++  Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
++
++  IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
++  IcmpMsg: 29953 17589 66905 66905 16610 59957 484
++
++  Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
++  Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
++
++  Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
++  Udp: 2257832 1422 0 2252835 0 0 0 84 0
++
++  UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
++  UdpLite: 0 0 0 0 0 0 0 0 0
+ */
+ 
+ 
+@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
+     FILE           *devin;
+     char            line[1024];
+     netsnmp_systemstats_entry *entry = NULL;
+-    int             scan_count;
++    int             scan_count, expected_scan_count;
+     char           *stats, *start = line;
+     int             len;
+-    unsigned long long scan_vals[19];
++    unsigned long long scan_vals[20];
+ 
+     DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
+                 load_flags));
+@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
+      */
+     NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
+     len = strlen(line);
+-    if (224 != len) {
++    switch (len) {
++    case 224:
++	expected_scan_count = 19;
++	break;
++    case 237:
++	expected_scan_count = 20;
++	break;
++    default:
+         fclose(devin);
+         snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
+-                 " %d != 224\n", len);
++                 " %d not in { 224, 237 } \n", len);
+         return -4;
+     }
+ 
+@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
+         memset(scan_vals, 0x0, sizeof(scan_vals));
+         scan_count = sscanf(stats,
+                             "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
+-                            "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
++                            "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
+                             &scan_vals[0],&scan_vals[1],&scan_vals[2],
+                             &scan_vals[3],&scan_vals[4],&scan_vals[5],
+                             &scan_vals[6],&scan_vals[7],&scan_vals[8],
+                             &scan_vals[9],&scan_vals[10],&scan_vals[11],
+                             &scan_vals[12],&scan_vals[13],&scan_vals[14],
+                             &scan_vals[15],&scan_vals[16],&scan_vals[17],
+-                            &scan_vals[18]);
++                            &scan_vals[18],&scan_vals[19]);
+         DEBUGMSGTL(("access:systemstats", "  read %d values\n", scan_count));
+ 
+-        if(scan_count != 19) {
++        if(scan_count != expected_scan_count) {
+             snmp_log(LOG_ERR,
+                      "error scanning systemstats data (expected %d, got %d)\n",
+-                     19, scan_count);
++                     expected_scan_count, scan_count);
+             netsnmp_access_systemstats_entry_free(entry);
+             return -4;
+         }
+@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
+         entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
+         entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
+         entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
++        /* entry->stats. = scan_vals[19]; / * OutTransmits */
+ 
+         entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
+         entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;

backport-Fix-the-build-against-OpenSSL-3.0.patch

@@ -1,34 +0,0 @@
-From 19e75743173cb8d49d49fd685b8e0249e83cc820 Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Wed, 8 Sep 2021 20:39:42 -0700
-Subject: [PATCH] libsnmp: Fix the build against OpenSSL 3.0
-
-Fixes: https://github.com/net-snmp/net-snmp/issues/343
-
-Origin: upstream, https://github.com/net-snmp/net-snmp/commit/19e75743173cb8d49d49fd685b8e0249e83cc820
-Bug: https://github.com/net-snmp/net-snmp/issues/343
-Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1945960
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006511
----
- snmplib/snmp_openssl.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
-index c092a007a..eb4856c57 100644
---- a/snmplib/snmp_openssl.c
-+++ b/snmplib/snmp_openssl.c
-@@ -899,6 +899,11 @@ netsnmp_openssl_cert_issued_by(X509 *issuer, X509 *cert)
- 
- 
- #ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
-+#ifndef ERR_GET_FUNC
-+/* removed in OpenSSL 3.0 */
-+#define ERR_GET_FUNC(e) -1
-+#endif
-+
- void
- netsnmp_openssl_err_log(const char *prefix)
- {
-
--- 
-2.32.0

backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch

@@ -1,26 +0,0 @@
-From 2cd0e7d72a76ba27a18315b9ae67e6ed6d2c464a Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Mon, 9 Aug 2021 13:38:36 -0700
-Subject: [PATCH] IF-MIB: Add a trailing newline to an error message
-
-Fixes: 8bb544fbd2d6 ("Linux: IF-MIB: Fix a memory leak")
----
- agent/mibgroup/if-mib/data_access/interface_linux.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
-index e56cadf46..5322ee937 100644
---- a/agent/mibgroup/if-mib/data_access/interface_linux.c
-+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
-@@ -927,7 +927,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
-             netsnmp_interface_entry *existing =
-                 CONTAINER_FIND(container, entry);
-             NETSNMP_LOGONCE((LOG_WARNING,
--                             "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
-+                             "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s\n",
-                              entry->index, existing ? existing->name : "(?)",
-                              entry->name));
-             netsnmp_access_interface_entry_free(entry);
--- 
-2.33.0
-

backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch

@@ -1,54 +0,0 @@
-From d4b58c60367a262d829eb33e7888d28cd4337481 Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Thu, 5 Aug 2021 18:56:50 -0700
-Subject: [PATCH] IF-MIB: Fix a recently introduced use-after-free
-
-Do not free the netsnmp_interface_entry corresponding to the previous line
-from /proc/dev/net if an interface disappeared. Additionally, reduce the
-scope of the 'entry' variable.
-
-Fixes: 600c54135b10 ("IF-MIB, IP-FORWARD-MIB: Improve robustness")
----
- agent/mibgroup/if-mib/data_access/interface_linux.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
-index 9d9b2ceb3..ea7389682 100644
---- a/agent/mibgroup/if-mib/data_access/interface_linux.c
-+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
-@@ -609,7 +609,6 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
- {
-     FILE           *devin;
-     char            line[256];
--    netsnmp_interface_entry *entry = NULL;
-     static char     scan_expected = 0;
-     int             fd;
-     int             interfaces = 0;
-@@ -690,6 +689,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
-      *   and retrieve (or create) the corresponding data structure.
-      */
-     while (fgets(line, sizeof(line), devin)) {
-+        netsnmp_interface_entry *entry = NULL;
-         char           *stats, *ifstart = line;
-         u_int           flags;
-         oid             if_index;
-@@ -738,7 +738,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
-         if (if_index == 0) {
-             DEBUGMSGTL(("access:interface", "network interface %s is gone",
-                         ifstart));
--            goto free_entry;
-+            continue;
-         }
- #ifdef NETSNMP_ENABLE_IPV6
-         _arch_interface_has_ipv6(if_index, &flags, addr_container);
-@@ -933,7 +933,6 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
-                              "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
-                              entry->index, existing ? existing->name : "(?)",
-                              entry->name));
--free_entry:
-             netsnmp_access_interface_entry_free(entry);
-         }
-     }
--- 
-2.33.0
-

backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch

@@ -1,80 +0,0 @@
-From 600c54135b1015d56070f702d878772dd9f0d51e Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Mon, 2 Aug 2021 19:04:31 -0700
-Subject: [PATCH] IF-MIB, IP-FORWARD-MIB: Improve robustness
-
-It can happen that a network interface disappears after scanning has started
-and before netsnmp_arch_interface_index_find() or another query function is
-called. If that happens, ignore the network interface silently.
----
- agent/mibgroup/if-mib/data_access/interface_linux.c   |  7 ++++++-
- .../mibgroup/ip-forward-mib/data_access/route_linux.c | 11 ++++++-----
- 2 files changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
-index 215b30e80..7e4a35130 100644
---- a/agent/mibgroup/if-mib/data_access/interface_linux.c
-+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
-@@ -734,7 +734,11 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
-          * knows a better way, put it here!
-          */
-         if_index = netsnmp_arch_interface_index_find(ifstart);
--        netsnmp_assert(if_index != 0);
-+        if (if_index == 0) {
-+            DEBUGMSGTL(("access:interface", "network interface %s is gone",
-+                        ifstart));
-+            goto free_entry;
-+        }
- #ifdef NETSNMP_ENABLE_IPV6
-         _arch_interface_has_ipv6(if_index, &flags, addr_container);
- #endif
-@@ -928,6 +932,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
-                              "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
-                              entry->index, existing ? existing->name : "(?)",
-                              entry->name));
-+free_entry:
-             netsnmp_access_interface_entry_free(entry);
-         }
-     }
-diff --git a/agent/mibgroup/ip-forward-mib/data_access/route_linux.c b/agent/mibgroup/ip-forward-mib/data_access/route_linux.c
-index 956e127c9..9b6a63ead 100644
---- a/agent/mibgroup/ip-forward-mib/data_access/route_linux.c
-+++ b/agent/mibgroup/ip-forward-mib/data_access/route_linux.c
-@@ -97,9 +97,7 @@ _load_ipv4(netsnmp_container* container, u_long *index )
-             snmp_log(LOG_ERR,
-                      "/proc/net/route data format error (%d!=8), line ==|%s|",
-                      rc, line);
--            
--            netsnmp_access_route_entry_free(entry);        
--            continue;
-+            goto free_entry;
-         }
- 
-         /*
-@@ -114,9 +112,12 @@ _load_ipv4(netsnmp_container* container, u_long *index )
-          * but since that will open/close a socket, and we might
-          * have a lot of routes, call the ioctl routine directly.
-          */
--        if ('*' != name[0])
-+        if ('*' != name[0]) {
-             entry->if_index =
-                 netsnmp_access_interface_ioctl_ifindex_get(fd,name);
-+            if (entry->if_index == 0)
-+                goto free_entry;
-+        }
- 
-         /*
-          * arbitrary index
-@@ -186,8 +187,8 @@ _load_ipv4(netsnmp_container* container, u_long *index )
-         if (CONTAINER_INSERT(container, entry) < 0)
-         {
-             DEBUGMSGTL(("access:route:container", "error with route_entry: insert into container failed.\n"));
-+free_entry:
-             netsnmp_access_route_entry_free(entry);
--            continue;
-         }
-     }
- 
--- 
-2.33.0
-

backport-Linux-IF-MIB-Fix-a-memory-leak.patch

@@ -1,37 +0,0 @@
-From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Sat, 31 Jul 2021 16:21:16 -0700
-Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
-
-The Linux kernel regenerates proc files in their entirety every time a 4 KiB
-boundary is crossed. This can result in reading the same network interface
-twice if network information changes while it is being read. Fix a memory
-leak that can be triggered if /proc/net/dev changes while being read.
----
- agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
-index e99360a21..215b30e80 100644
---- a/agent/mibgroup/if-mib/data_access/interface_linux.c
-+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
-@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
-         /*
-          * add to container
-          */
--        CONTAINER_INSERT(container, entry);
-+        if (CONTAINER_INSERT(container, entry) != 0) {
-+            netsnmp_interface_entry *existing =
-+                CONTAINER_FIND(container, entry);
-+            NETSNMP_LOGONCE((LOG_WARNING,
-+                             "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
-+                             entry->index, existing ? existing->name : "(?)",
-+                             entry->name));
-+            netsnmp_access_interface_entry_free(entry);
-+        }
-     }
- #ifdef NETSNMP_ENABLE_IPV6
-     netsnmp_access_ipaddress_container_free(addr_container, 0);
--- 
-2.33.0
-

backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch

@@ -1,40 +0,0 @@
-From 8da919e4ad66dec376f54a6d2f7dd7a7fe68b8f0 Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Sat, 31 Jul 2021 16:01:11 -0700
-Subject: [PATCH] Linux: IF-MIB: Pass the network interface index to
- netsnmp_access_interface_entry_create()
-
-Instead of letting netsnmp_access_interface_entry_create() call
-netsnmp_arch_interface_index_find() a second time, pass the network interface
-index to that function.
----
- agent/mibgroup/if-mib/data_access/interface_linux.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
-index 9c96eb92d..e99360a21 100644
---- a/agent/mibgroup/if-mib/data_access/interface_linux.c
-+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
-@@ -733,8 +733,9 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
-          * ip version is to look for ip addresses. If anyone
-          * knows a better way, put it here!
-          */
--#ifdef NETSNMP_ENABLE_IPV6
-         if_index = netsnmp_arch_interface_index_find(ifstart);
-+        netsnmp_assert(if_index != 0);
-+#ifdef NETSNMP_ENABLE_IPV6
-         _arch_interface_has_ipv6(if_index, &flags, addr_container);
- #endif
-         netsnmp_access_interface_ioctl_has_ipv4(fd, ifstart, 0, &flags, &ifc);
-@@ -752,7 +753,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
-             continue;
-         }
- 
--        entry = netsnmp_access_interface_entry_create(ifstart, 0);
-+        entry = netsnmp_access_interface_entry_create(ifstart, if_index);
-         if(NULL == entry) {
- #ifdef NETSNMP_ENABLE_IPV6
-             netsnmp_access_ipaddress_container_free(addr_container, 0);
--- 
-2.33.0
-

backport-Python-Fix-snmpwalk-with-UseNumeric-1.patch

@@ -1,60 +0,0 @@
-From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Wed, 9 Jun 2021 14:19:46 -0700
-Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1
-
-Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()")
-Fixes: https://github.com/net-snmp/net-snmp/issues/303
----
- python/netsnmp/client_intf.c | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c
-index e5e7372303..94da39fe34 100644
---- a/python/netsnmp/client_intf.c
-+++ b/python/netsnmp/client_intf.c
-@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args)
- 
- static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
-                                 int varlist_ind, int sprintval_flag, int *len,
--                                char **str_buf)
-+                                char **str_buf, int getlabel_flag)
- {
-     struct tree *tp;
-     int type;
-@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
-     int buf_over = 0;
-     const char *tag;
-     const char *iid;
--    int getlabel_flag = NO_FLAGS;
- 
-     if (!PyObject_HasAttrString(varbind, "tag"))
-         return TYPE_OTHER;
-@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type,
- 
-       varbind = PySequence_GetItem(varlist, varlist_ind);
-       type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag,
--                                  &len, &str_buf);
-+                                  &len, &str_buf, getlabel_flag);
-       if (type != TYPE_OTHER) {
-           /* save in return tuple as well */
-           if ((type == SNMP_ENDOFMIBVIEW) ||
-@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args)
- 
-               varbind = py_netsnmp_construct_varbind();
-               if (varbind && build_python_varbind(varbind, vars, varlist_ind,
--                                       sprintval_flag, &len, &str_buf) !=
-+                                       sprintval_flag, &len, &str_buf, getlabel_flag) !=
-                   TYPE_OTHER) {
-                   const int hex = is_hex(str_buf, len);
- 
-@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args)
- 
- 	  varbind = py_netsnmp_construct_varbind();
-           if (varbind && build_python_varbind(varbind, vars, varbind_ind,
--                              sprintval_flag, &len, &str_buf) != TYPE_OTHER) {
-+                              sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) {
-             const int hex = is_hex(str_buf, len);
- 
-             /* push varbind onto varbinds */
-

backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch

@@ -0,0 +1,33 @@
+From fbdf2ed2e0bb06050d314e008a34d9ecdb84be17 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Mon, 28 Oct 2024 09:21:45 -0700
+Subject: [PATCH] libsnmp: Fix a buffer overflow in setup_engineID()
+
+See also https://github.com/net-snmp/net-snmp/issues/732.
+
+Conflict:NA
+Reference:https://github.com/net-snmp/net-snmp/commit/fbdf2ed2e0bb06050d314e008a34d9ecdb84be17
+
+diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c
+index ebb9a9caef..f453ad8fbe 100644
+--- a/snmplib/snmpv3.c
++++ b/snmplib/snmpv3.c
+@@ -580,8 +580,13 @@ setup_engineID(u_char ** eidp, const char *text)
+     /*
+      * Allocate memory and store enterprise ID.
+      */
+-    if ((bufp = (u_char *) calloc(1, len)) == NULL) {
+-        snmp_log_perror("setup_engineID malloc");
++    if (len == 0) {
++        snmp_log(LOG_ERR, "%s(): len == 0\n", __func__);
++        return -1;
++    }
++    bufp = calloc(1, len);
++    if (bufp == NULL) {
++        snmp_log_perror("setup_engineID() calloc()");
+         return -1;
+     }
+     if (localEngineIDType == ENGINEID_TYPE_NETSNMP_RND)
+-- 
+2.33.0
+

backport-libsnmp-Fix-a-memory-leak-in-a-MIB-parser-error-path.patch

@@ -1,81 +0,0 @@
-From d0277ca1ccd6ec8d786355a433717a9dbf41112e Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Sat, 7 Aug 2021 08:32:03 -0700
-Subject: [PATCH] libsnmp: Fix a memory leak in a MIB parser error path
-
-This patch should fix
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36879.
----
- snmplib/parse.c | 29 ++++++++++++++++++++---------
- 1 file changed, 20 insertions(+), 9 deletions(-)
-
-diff --git a/snmplib/parse.c b/snmplib/parse.c
-index 6d9d84a..5eb675b 100644
---- a/snmplib/parse.c
-+++ b/snmplib/parse.c
-@@ -1865,18 +1865,22 @@ do_linkup(struct module *mp, struct node *np)
- }
- 
- 
--/*
-+/**
-+ * Read an OID from a file.
-+ * @param[in]  file   File to read from.
-+ * @param[out] id_arg Array to store the OID in.
-+ * @param[in]  length Number of elements in the @id_arg array.
-+ *
-  * Takes a list of the form:
-  * { iso org(3) dod(6) 1 }
-  * and creates several nodes, one for each parent-child pair.
-  * Returns 0 on error.
-  */
- static int
--getoid(FILE * fp, struct subid_s *id,   /* an array of subids */
--       int length)
--{                               /* the length of the array */
--    register int    count;
--    int             type;
-+getoid(FILE * fp, struct subid_s *id_arg, int length)
-+{
-+    struct subid_s *id = id_arg;
-+    int             i, count, type;
-     char            token[MAXTOKEN];
- 
-     if ((type = get_token(fp, token, MAXTOKEN)) != LEFTBRACKET) {
-@@ -1904,11 +1908,11 @@ getoid(FILE * fp, struct subid_s *id,   /* an array of subids */
-                          get_token(fp, token, MAXTOKEN)) != RIGHTPAREN) {
-                         print_error("Expected a closing parenthesis",
-                                     token, type);
--                        return 0;
-+                        goto free_labels;
-                     }
-                 } else {
-                     print_error("Expected a number", token, type);
--                    return 0;
-+                    goto free_labels;
-                 }
-             } else {
-                 continue;
-@@ -1920,11 +1924,18 @@ getoid(FILE * fp, struct subid_s *id,   /* an array of subids */
-             id->subid = strtoul(token, NULL, 10);
-         } else {
-             print_error("Expected label or number", token, type);
--            return 0;
-+            goto free_labels;
-         }
-         type = get_token(fp, token, MAXTOKEN);
-     }
-     print_error("Too long OID", token, type);
-+
-+free_labels:
-+    for (i = 0; i < count; i++) {
-+        free(id[i].label);
-+        id[i].label = NULL;
-+    }
-+
-     return 0;
- }
- 
--- 
-1.8.3.1
-

backport-libsnmp-Fix-more-undefined-behavior-in-asn_build_int.patch

@@ -1,29 +0,0 @@
-From b9308221b1d0c1f77c8b2511e196376dc2870211 Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Sun, 29 Aug 2021 09:25:06 -0700
-Subject: [PATCH] libsnmp: Fix more undefined behavior in asn_build_int()
-
-According to the C standard, triggering an overflow by shifting a signed
-integer left results in undefined behavior. Fix this by inserting a cast.
-
-Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37808
----
- snmplib/asn1.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/snmplib/asn1.c b/snmplib/asn1.c
-index 959ae21..07bdcc6 100644
---- a/snmplib/asn1.c
-+++ b/snmplib/asn1.c
-@@ -771,7 +771,7 @@ asn_build_int(u_char * data,
-     while ((((integer & mask) == 0) || ((integer & mask) == mask))
-            && intsize > 1) {
-         intsize--;
--        integer <<= 8;
-+        integer = (u_long)integer << 8;
-     }
-     data = asn_build_header(data, datalength, type, intsize);
-     if (_asn_build_header_check(errpre, data, *datalength, intsize))
--- 
-1.8.3.1
-

backport-libsnmp-Fix-the-getoid-error-path.patch

@@ -1,33 +0,0 @@
-From 413b17eecd6af8e8247501805b5a366b709828bf Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Mon, 9 Aug 2021 14:07:20 -0700
-Subject: [PATCH] libsnmp: Fix the getoid() error path
-
-Fixes: d0277ca1ccd6 ("libsnmp: Fix a memory leak in a MIB parser error path")
----
- snmplib/parse.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/snmplib/parse.c b/snmplib/parse.c
-index 5eb675b..19ccc0f 100644
---- a/snmplib/parse.c
-+++ b/snmplib/parse.c
-@@ -1929,11 +1929,12 @@ getoid(FILE * fp, struct subid_s *id_arg, int length)
-         type = get_token(fp, token, MAXTOKEN);
-     }
-     print_error("Too long OID", token, type);
-+    --count;
- 
- free_labels:
--    for (i = 0; i < count; i++) {
--        free(id[i].label);
--        id[i].label = NULL;
-+    for (i = 0; i <= count; i++) {
-+        free(id_arg[i].label);
-+        id_arg[i].label = NULL;
-     }
- 
-     return 0;
--- 
-1.8.3.1
-

backport-libsnmp-Fix-undefined-behavior-in-asn_build_int.patch

@@ -1,29 +0,0 @@
-From 277d75633d8008cde468d026694289ca32f2cb6d Mon Sep 17 00:00:00 2001
-From: Bart Van Assche <bvanassche@acm.org>
-Date: Thu, 26 Aug 2021 10:17:11 -0700
-Subject: [PATCH] libsnmp: Fix undefined behavior in asn_build_int()
-
-According to the C standard, triggering an overflow by shifting a signed
-integer results in undefined behavior. Fix this by inserting a cast.
-
-Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37579
----
- snmplib/asn1.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/snmplib/asn1.c b/snmplib/asn1.c
-index d5d7eb6..959ae21 100644
---- a/snmplib/asn1.c
-+++ b/snmplib/asn1.c
-@@ -784,7 +784,7 @@ asn_build_int(u_char * data,
-      */
-     while (intsize--) {
-         *data++ = (u_char) ((integer & mask) >> (8 * (sizeof(long) - 1)));
--        integer <<= 8;
-+        integer = (u_long)integer << 8;
-     }
-     DEBUGDUMPSETUP("send", initdatap, data - initdatap);
-     DEBUGMSG(("dumpv_send", "  Integer:\t%ld (0x%.2lX)\n", *intp, *intp));
--- 
-1.8.3.1
-

backport-net-snmp-5.7.2-cert-path.patch

@@ -1,9 +1,9 @@
 1134475 - dependency in perl package
-
+ 
 Use hardcoded path to configuration directories instead of net-snmp-config.
 net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
 depending on -devel.
-
+ 
 diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
 --- net-snmp-5.7.2/local/net-snmp-cert.cert-path	2012-10-10 00:28:58.000000000 +0200
 +++ net-snmp-5.7.2/local/net-snmp-cert	2014-09-01 12:05:10.582427036 +0200
@@ -28,3 +28,5 @@ diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-s
  }
  
  sub initOpts {
+
+

backport-net-snmp-5.8-rpm-memory-leak.patch

@@ -1,6 +1,7 @@
-diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
---- a/agent/mibgroup/host/data_access/swinst_rpm.c	2020-06-10 14:32:43.330486233 +0200
-+++ b/agent/mibgroup/host/data_access/swinst_rpm.c	2020-06-10 14:35:46.672298741 +0200
+diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
+index 695c469..dd0e487 100644
+--- a/agent/mibgroup/host/data_access/swinst_rpm.c
++++ b/agent/mibgroup/host/data_access/swinst_rpm.c
 @@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
      snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
      SNMP_FREE(rpmdbpath);
@@ -9,11 +10,12 @@ diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/
 +    rpmFreeRpmrc();
 +#endif
      if (-1 == stat( pkg_directory, &stat_buf )) {
-         snmp_log(LOG_ERR, "Can't find directory of RPM packages");
+         snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
          pkg_directory[0] = '\0';
-diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
---- a/agent/mibgroup/host/hr_swinst.c	2020-06-10 14:32:43.325486184 +0200
-+++ b/agent/mibgroup/host/hr_swinst.c	2020-06-10 14:36:44.423872418 +0200
+diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
+index 1f52733..ccf1cab 100644
+--- a/agent/mibgroup/host/hr_swinst.c
++++ b/agent/mibgroup/host/hr_swinst.c
 @@ -231,6 +231,9 @@ init_hr_swinst(void)
              snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
          path[ sizeof(path)-1 ] = 0;
@@ -24,3 +26,5 @@ diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
      }
  #else
  #  ifdef _PATH_HRSW_directory
+
+

backport-net-snmp-5.9-autofs-skip.patch

@@ -1,5 +1,5 @@
 diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
-index 4f78df3..fd25b3f 100644
+index e7ca92f..80b3e0d 100644
 --- a/agent/mibgroup/host/hr_filesys.c
 +++ b/agent/mibgroup/host/hr_filesys.c
 @@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
@@ -10,37 +10,5 @@ index 4f78df3..fd25b3f 100644
      "usbdevfs",
      "usbfs",
  #endif
-diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c
-index 6b459ec..f7a376b 100644
---- a/agent/mibgroup/host/hr_storage.c
-+++ b/agent/mibgroup/host/hr_storage.c
-@@ -540,9 +540,10 @@ really_try_next:
- 
-         store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
-         if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
--            if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
-+            if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
-                                         NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
--                 Check_HR_FileSys_NFS())
-+                 Check_HR_FileSys_NFS()) ||
-+                 Check_HR_FileSys_AutoFs())
-                 return NULL;  /* or goto try_next; */
-             if (Check_HR_FileSys_AutoFs())
-                 return NULL;
-diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c
-index 8967d35..9bf2659 100644
---- a/agent/mibgroup/host/hrh_storage.c
-+++ b/agent/mibgroup/host/hrh_storage.c
-@@ -366,9 +366,10 @@ really_try_next:
-         store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
-         if (HRFS_entry &&
- 	    store_idx > NETSNMP_MEM_TYPE_MAX &&
--            netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
-+            ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
-                                    NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
--            Check_HR_FileSys_NFS())
-+            Check_HR_FileSys_NFS()) ||
-+            Check_HR_FileSys_AutoFs()))
-             return NULL;
-         if (HRFS_entry && Check_HR_FileSys_AutoFs())
-             return NULL;
+
+

backport-net-snmp-5.9-cflags.patch

@@ -1,19 +1,4 @@
-diff -urNp a/net-snmp-config.in b/net-snmp-config.in
---- a/net-snmp-config.in	2018-07-18 13:43:12.264426052 +0200
-+++ b/net-snmp-config.in	2018-07-18 13:52:06.917089518 +0200
-@@ -140,10 +140,10 @@ else
-       ;;
-     #################################################### compile
-     --base-cflags)
--      echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
-+      echo -I${NSC_INCLUDEDIR}
-       ;;
-     --cflags|--cf*)
--      echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
-+      echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
-       ;;
-     --srcdir)
-       echo $NSC_SRCDIR
+	
 diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
 --- a/perl/Makefile.PL	2020-08-26 08:32:52.498909823 +0200
 +++ b/perl/Makefile.PL	2020-08-26 09:30:45.584951552 +0200
@@ -34,3 +19,5 @@ diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
  	append($Params->{'CCFLAGS'}, '-Wformat');
      }
  }
+
+

backport-net-snmp-5.9-dir-fix.patch

@@ -1,24 +1,32 @@
 diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
-index 452c269..afd6fa4 100644
+index 19895a1..ac3c60f 100644
 --- a/net-snmp-create-v3-user.in
 +++ b/net-snmp-create-v3-user.in
-@@ -16,6 +16,10 @@ Xalgorithm="DES"
+@@ -14,6 +14,10 @@ Xalgorithm="DES"
  token=rwuser
- 
+
  while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
 +case "$1" in
 +    -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
 +    *) optarg= ;;
 +esac
- 
+
  unset shifted
  case $1 in
-@@ -136,7 +140,7 @@ fi
+@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
+     touch "$outfile"
+ fi
  echo "$line" >> "$outfile"
- # Avoid that configure complains that this script ignores @datarootdir@
- echo "@datarootdir@" >/dev/null
+-prefix=@prefix@
+-datarootdir=@datarootdir@
+-# To suppress shellcheck complaints about $prefix and $datarootdir.
+-: "$prefix" "$datarootdir"
 -outfile="@datadir@/snmp/snmpd.conf"
++# Avoid that configure complains that this script ignores @datarootdir@
++echo "@datarootdir@" >/dev/null
 +outfile="/etc/snmp/snmpd.conf"
  line="$token $user"
  echo "adding the following line to $outfile:"
  echo "   $line"
+
+

backport-net-snmp-5.9-dskTable-dynamic.patch

@@ -1,179 +0,0 @@
-diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
---- a/agent/mibgroup/ucd-snmp/disk.c	2021-05-26 08:56:39.678900275 +0200
-+++ b/agent/mibgroup/ucd-snmp/disk.c	2021-05-26 09:09:32.308731157 +0200
-@@ -153,9 +153,10 @@ static void       disk_free_config(void)
- static void       disk_parse_config(const char *, char *);
- static void       disk_parse_config_all(const char *, char *);
- #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
--static void       find_and_add_allDisks(int minpercent);
-+static void       refresh_disk_table(int addNewDisks, int minpercent);
- static void       add_device(char *path, char *device,
--	                     int minspace, int minpercent, int override);
-+	                     int minspace, int minpercent, int addNewDisks,
-+                         int override);
- static void       modify_disk_parameters(int index, int minspace,
- 	                                 int minpercent);
- static int        disk_exists(char *path);
-@@ -167,6 +168,7 @@ struct diskpart {
-     char            path[STRMAX];
-     int             minimumspace;
-     int             minpercent;
-+    int             alive;
- };
- 
- #define MAX_INT_32 0x7fffffff
-@@ -174,6 +176,7 @@ struct diskpart {
- 
- unsigned int    numdisks;
- int             allDisksIncluded = 0;
-+int             allDisksMinPercent = 0;
- unsigned int    maxdisks = 0;
- struct diskpart *disks;
- 
-@@ -238,6 +241,7 @@ init_disk(void)
- 				disk_free_config,
- 				"minpercent%");
-   allDisksIncluded = 0;
-+  allDisksMinPercent = 0;
- }
- 
- static void
-@@ -253,6 +257,7 @@ disk_free_config(void)
-     disks[i].minpercent = -1;
-   }
-   allDisksIncluded = 0;
-+  allDisksMinPercent = 0;
- }
- 
- static void 
-@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
-    * check if the disk already exists, if so then modify its
-    * parameters. if it does not exist then add it
-    */
--  add_device(path, find_device(path), minspace, minpercent, 1);
-+  add_device(path, find_device(path), minspace, minpercent, 1, 1);
- #endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
- }
- 
-@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
- 
- #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
- static void
--add_device(char *path, char *device, int minspace, int minpercent, int override) 
-+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override) 
- {
-   int index;
- 
-@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
-   }
- 
-   index = disk_exists(path);
--  if((index != -1) && (index < maxdisks) && (override==1)) {
--    modify_disk_parameters(index, minspace, minpercent);
-+  if((index != -1) && (index < maxdisks)) {
-+    /* the path is already in the table */
-+    disks[index].alive = 1;
-+    /* -> update its device */
-+    strlcpy(disks[index].device, device, sizeof(disks[index].device));
-+    if (override == 1) {
-+        modify_disk_parameters(index, minspace, minpercent);
-+    }
-   }
--  else if(index == -1){
-+  else if(index == -1 && addNewDisks){
-     /* add if and only if the device was found */
-     if(device[0] != 0) {
-       /* The following buffers are cleared above, no need to add '\0' */
-@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
-       strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
-       disks[numdisks].minimumspace = minspace;
-       disks[numdisks].minpercent   = minpercent;
-+      disks[numdisks].alive        = 1;
-       numdisks++;  
-     }
-     else {
-@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
-       disks[numdisks].minpercent = -1;
-       disks[numdisks].path[0] = 0;
-       disks[numdisks].device[0] = 0;
-+      disks[numdisks].alive = 0;
-     }
-   }
- }
-@@ -444,7 +457,7 @@ int disk_exists(char *path)
- }
- 
- static void 
--find_and_add_allDisks(int minpercent)
-+refresh_disk_table(int addNewDisks, int minpercent)
- {
- #if HAVE_GETMNTENT
- #if HAVE_SYS_MNTTAB_H
-@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
-       return;
-   }
-   while (mntfp && NULL != (mntent = getmntent(mntfp))) {
--    add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
-+    add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
-     dummy = 1;
-   }
-   if (mntfp)
-@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
-       return;
-   }
-   while ((i = getmntent(mntfp, &mnttab)) == 0) {
--    add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
-+    add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
-     dummy = 1;
-   }
-   fclose(mntfp);
-@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent)
-     mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
-     for (i = 0; i < mntsize; i++) {
- 	add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1,
--                   minpercent, 0);
-+                   minpercent, addNewDisks, 0);
-     }
-   }
- #elif HAVE_FSTAB_H
-   setfsent();			/* open /etc/fstab */
-   while((fstab1 = getfsent()) != NULL) {
--    add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
-+    add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
-     dummy = 1;
-   }
-   endfsent();			/* close /etc/fstab */
-@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent)
-    * statfs we default to the root partition "/"
-    */
-   if (statfs("/", &statf) == 0) {
--    add_device("/", statf.f_mntfromname, -1, minpercent, 0);
-+    add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
-   }
- #endif
-   else {
-@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_e
- #endif
- #endif
- 
-+    if (disks[disknum].alive == 0){
-+        return -1;
-+    }
-+
-     entry->dskPercentInode = -1;
- 
- #if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
-@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp,
-     static char    *errmsg;
-     static char     empty_str[1];
- 
-+    int i;
-+    for (i = 0; i < numdisks; i++){
-+        disks[i].alive = 0;
-+    }
-+    /* dynamically add new disks + update alive flag */
-+    refresh_disk_table(allDisksIncluded, allDisksMinPercent);
-+
- tryAgain:
-     if (header_simple_table
-         (vp, name, length, exact, var_len, write_method, numdisks))

backport-net-snmp-5.9-ipv6-disable-leak.patch

@@ -0,0 +1,12 @@
+diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
+--- a/snmplib/snmp_logging.c	2023-02-15 10:19:15.691827254 +0100
++++ b/snmplib/snmp_logging.c	2023-02-15 10:24:41.006642974 +0100
+@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
+ char *
+ snmp_log_syslogname(const char *pstr)
+ {
+-  if (pstr)
++  if (pstr && (pstr != syslogname))
+     strlcpy (syslogname, pstr, sizeof(syslogname));
+ 
+   return syslogname;

backport-net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch

@@ -1,13 +0,0 @@
-diff --git a/apps/Makefile.in b/apps/Makefile.in
-index d4529d3..175242b 100644
---- a/apps/Makefile.in
-+++ b/apps/Makefile.in
-@@ -237,7 +237,7 @@ snmppcap$(EXEEXT):    snmppcap.$(OSUFFIX) $(USELIBS)
- 	$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
- 
- libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
--	$(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS)
-+	$(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
- 	$(RANLIB) $@
- 
- snmpinforminstall:

backport-net-snmp-5.9-pie.patch

@@ -1,8 +1,8 @@
 diff --git a/agent/Makefile.in b/agent/Makefile.in
-index b5d692d..1a30209 100644
+index 047d880..38d40aa 100644
 --- a/agent/Makefile.in
 +++ b/agent/Makefile.in
-@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
+@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
  	$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? 
  
  snmpd$(EXEEXT):	${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) 
@@ -10,9 +10,9 @@ index b5d692d..1a30209 100644
 +	$(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
  
  libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION):    ${LLIBAGENTOBJS} $(USELIBS)
- 	$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
+ 	$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
 diff --git a/apps/Makefile.in b/apps/Makefile.in
-index 43f3b9c..d4529d3 100644
+index 3dbb1d1..48ed23a 100644
 --- a/apps/Makefile.in
 +++ b/apps/Makefile.in
 @@ -190,7 +190,7 @@ snmptest$(EXEEXT):    snmptest.$(OSUFFIX) $(USELIBS)

backport-net-snmp-5.9-sendmsg-error-code.patch

@@ -0,0 +1,32 @@
+From 298c8103db80b292791616af4fd497342a71867f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
+Date: Wed, 24 May 2023 10:49:41 +0200
+Subject: [PATCH] libsnmp, UDP transport: Fix sendmsg() error code handling
+ 
+This change has been made because of Linux kernel commit "ipv4: Return
+-ENETUNREACH if we can't create route but saddr is valid"
+(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=595e0651d029)
+ 
+Fixes: https://github.com/net-snmp/net-snmp/issues/564
+Fixes: https://github.com/net-snmp/net-snmp/pull/576
+ 
+[ bvanassche: edited commit message ]
+---
+ snmplib/transports/snmpUDPBaseDomain.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+ 
+diff --git a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
+index ca8f9a5554..cd6b15e2ad 100644
+--- a/snmplib/transports/snmpUDPBaseDomain.c
++++ b/snmplib/transports/snmpUDPBaseDomain.c
+@@ -315,7 +315,7 @@ int netsnmp_udpbase_sendto_unix(int fd, const struct in_addr *srcip,
+                         sizeof(struct sockaddr));
+         else
+             rc = sendmsg(fd, &m, MSG_DONTWAIT);
+-        if (rc >= 0 || errno != EINVAL)
++        if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
+             return rc;
+ 
+         /*
+
+

backport-net-snmp-5.9-usage-exit.patch

@@ -1,12 +0,0 @@
-diff --git a/agent/snmpd.c b/agent/snmpd.c
-index ae73eda..f01b890 100644
---- a/agent/snmpd.c
-+++ b/agent/snmpd.c
-@@ -289,6 +289,7 @@ usage(char *prog)
-            "  -S d|i|0-7\t\tuse -Ls <facility> instead\n"
-            "\n"
-            );
-+           exit(1);
- }
- 
- static void

backport-net-snmp-5.9.1-remove-err-log.patch

@@ -1,49 +0,0 @@
-diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
---- a/snmplib/transports/snmpTLSBaseDomain.c	2021-09-15 07:55:39.784900445 +0200
-+++ b/snmplib/transports/snmpTLSBaseDomain.c	2021-10-04 15:35:48.157385970 +0200
-@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
- 
- int openssl_local_index;
- 
--#ifndef HAVE_ERR_GET_ERROR_ALL
--/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
--static unsigned long ERR_get_error_all(const char **file, int *line,
--                                       const char **func,
--                                       const char **data, int *flags)
--{
--    *func = NULL;
--    return ERR_get_error_line_data(file, line, data, flags);
--}
--#endif
--
- /* this is called during negotiation */
- int verify_callback(int ok, X509_STORE_CTX *ctx) {
-     int err, depth;
-@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con
-                  ERR_reason_error_string(ERR_get_error()));
- 
-     }
--
--    /* other errors */
--    while ((numerical_reason =
--            ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
--        snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
--                 ERR_error_string(numerical_reason, NULL), file, func, line);
--
--        /* if we have a text translation: */
--        if (data && (flags & ERR_TXT_STRING)) {
--            snmp_log(LOG_ERR, "  Textual Error: %s\n", data);
--            /*
--             * per openssl man page: If it has been allocated by
--             * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
--             *
--             * arggh... stupid openssl prototype for ERR_get_error_line_data
--             * wants a const char **, but returns something that we might
--             * need to free??
--             */
--            if (flags & ERR_TXT_MALLOCED)
--                OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data));        }
--    }
-     
-     snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
- }

backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch

@@ -0,0 +1,28 @@
+From 20879e824851a7a188eac50fd34aac04113d7432 Mon Sep 17 00:00:00 2001
+From: Niels Baggesen <nba@users.sourceforge.net>
+Date: Thu, 1 Jun 2023 11:12:34 +0200
+Subject: [PATCH] snmplib: Handle two oldEngineID lines in snmpd.conf. Fixes
+ #578
+
+Conflict:NA
+Reference:https://github.com/net-snmp/net-snmp/commit/20879e824851a7a188eac50fd34aac04113d7432
+
+diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c
+index 2dd527544f..be9256fa11 100644
+--- a/snmplib/snmpv3.c
++++ b/snmplib/snmpv3.c
+@@ -862,6 +862,11 @@ version_conf(const char *word, char *cptr)
+ void
+ oldengineID_conf(const char *word, char *cptr)
+ {
++    if (oldEngineID) {
++        free(oldEngineID);
++        oldEngineID = NULL;
++        oldEngineIDLength = 0;
++    }
+     read_config_read_octet_string(cptr, &oldEngineID, &oldEngineIDLength);
+ }
+ 
+-- 
+2.33.0
+

dump-space-around-the-equal-for-shellcheck-sc1068.patch

@@ -0,0 +1,23 @@
+From b9e84bfcfdbfabc83024e7fdcf31172a3d36311b Mon Sep 17 00:00:00 2001
+From: songzifeng <songzifeng1@huawei.com>
+Date: Mon, 8 Jun 2020 16:30:09 +0800
+Subject: dump space around the "=" 
+
+
+diff --git a/agent/mibgroup/Rmon/test_alarm.sh b/agent/mibgroup/Rmon/test_alarm.sh
+index b6046c7..0a0863a 100755
+--- a/agent/mibgroup/Rmon/test_alarm.sh
++++ b/agent/mibgroup/Rmon/test_alarm.sh
+@@ -27,7 +27,7 @@ ETHIND=3
+ EVNIND=7
+ ALRIND=2
+ LOWLIMIT=4800
+-HILIMIT =4900
++HILIMIT=4900
+ INTERVAL=3
+ WAITTIME=17
+ 
+-- 
+2.23.0
+
+

net-snmp-5.9.1-IdeaUI_antic_attack.patch

@@ -0,0 +1,202 @@
+From e194c8fbe2cc2b1085a3da97ddb94eb329558446 Mon Sep 17 00:00:00 2001
+From: chenrufeng <chenrufeng4@huawei.com>
+Date: Fri, 5 Jan 2024 10:38:35 +0800
+Subject: [PATCH] add support for IDEAUI_ANTI_ATTACK
+
+---
+ agent/snmp_agent.c                  |  2 +
+ include/net-snmp/library/snmp_api.h |  5 ++
+ include/net-snmp/output_api.h       | 18 ++++++++
+ include/net-snmp/types.h            |  6 +++
+ snmplib/snmp_api.c                  | 72 +++++++++++++++++++++++++++++
+ 5 files changed, 103 insertions(+)
+
+diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
+index 273b46772..bff663d32 100644
+--- a/agent/snmp_agent.c
++++ b/agent/snmp_agent.c
+@@ -2214,7 +2214,9 @@ handle_snmp_packet(int op, netsnmp_session * session, int reqid,
+      */
+     if (pdu->version  == SNMP_VERSION_3 && 
+         session->s_snmp_errno == SNMPERR_USM_AUTHENTICATIONFAILURE) {
++#ifndef IDEAUI_ANTI_ATTACK
+            send_easy_trap(SNMP_TRAP_AUTHFAIL, 0);
++#endif
+            return 1;
+     } 
+ 	
+diff --git a/include/net-snmp/library/snmp_api.h b/include/net-snmp/library/snmp_api.h
+index 6b4fad6ab..419f44764 100644
+--- a/include/net-snmp/library/snmp_api.h
++++ b/include/net-snmp/library/snmp_api.h
+@@ -384,6 +384,11 @@ typedef struct request_list {
+     NETSNMP_IMPORT
+     void            init_snmp(const char *);
+ 
++#if defined(IDEAUI_ANTI_ATTACK)
++    NETSNMP_IMPORT
++    void            netsnmp_init_antiattack_callback(struct snmp_s_anti_attack* callbacklist);
++#endif
++
+     NETSNMP_IMPORT
+     int
+     snmp_build(u_char ** pkt, size_t * pkt_len, size_t * offset,
+diff --git a/include/net-snmp/output_api.h b/include/net-snmp/output_api.h
+index 3b142850c..9bce8d704 100644
+--- a/include/net-snmp/output_api.h
++++ b/include/net-snmp/output_api.h
+@@ -184,4 +184,22 @@ netsnmp_debug_no_dumpsetup(const char *token, const void *buf, size_t len)
+ #define ERROR_MSG(string)	snmp_set_detail(string)
+ #endif
+ 
++#if defined(IDEAUI_ANTI_ATTACK)
++typedef struct snmp_s_anti_info {
++    char *userName;
++    char *peerName;
++    int antiRes;
++} snmp_anti_info;
++
++/*
++ * anti attack
++ */
++struct snmp_s_anti_attack {
++    void (*cb_init_attack_info)(void);
++    void (*cb_uninit_attack_info)(void);
++    unsigned int (*cb_add_attack_info) (char *, const char *);
++    void (*cb_clear_attack_info) (char *, const char *);
++    int (*cb_is_attack_lock) (char *, const char *);
++};
++#endif /* IDEAUI_ANTI_ATTACK */
+ #endif                          /* NET_SNMP_OUTPUT_API_H */
+diff --git a/include/net-snmp/types.h b/include/net-snmp/types.h
+index d489f37b1..830d3b93f 100644
+--- a/include/net-snmp/types.h
++++ b/include/net-snmp/types.h
+@@ -17,6 +17,12 @@
+      */
+ 
+ #include <stdio.h>
++#if defined(IDEAUI_OS_ANDROID)
++#include <sys/select.h>
++typedef unsigned long int ulong;
++typedef unsigned short int ushort;
++typedef unsigned int uint;
++#endif
+ 
+ #ifndef NET_SNMP_CONFIG_H
+ #error "Please include <net-snmp/net-snmp-config.h> before this file"
+diff --git a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+index 4042f8046..96e7eeb5b 100644
+--- a/snmplib/snmp_api.c
++++ b/snmplib/snmp_api.c
+@@ -329,6 +329,13 @@ int             snmp_errno = 0;
+  * END MTCRITICAL_RESOURCE
+  */
+ 
++#if defined(IDEAUI_ANTI_ATTACK)
++ /*
++ * anti attack
++ */
++struct snmp_s_anti_attack g_stAntiAttack = {NULL, NULL, NULL, NULL, NULL};
++#endif
++
+ /*
+  * global error detail storage
+  */
+@@ -863,6 +870,20 @@ register_default_handlers(void)
+     netsnmp_register_service_handlers();
+ }
+ 
++#if defined(IDEAUI_ANTI_ATTACK)
++void netsnmp_init_antiattack_callback(struct snmp_s_anti_attack* callbacklist)
++{
++    if (callbacklist == NULL) {
++        return;
++    }
++    g_stAntiAttack.cb_init_attack_info = callbacklist->cb_init_attack_info;
++    g_stAntiAttack.cb_uninit_attack_info = callbacklist->cb_uninit_attack_info;
++    g_stAntiAttack.cb_add_attack_info = callbacklist->cb_add_attack_info;
++    g_stAntiAttack.cb_clear_attack_info = callbacklist->cb_clear_attack_info;
++    g_stAntiAttack.cb_is_attack_lock = callbacklist->cb_is_attack_lock;
++}
++#endif
++
+ static int init_snmp_init_done = 0; /* To prevent double init's. */
+ /**
+  * Calls the functions to do config file loading and  mib module parsing
+@@ -4287,10 +4308,33 @@ _snmp_parse(void *sessp,
+     static size_t   ourEngineID_len = sizeof(ourEngineID);
+ 
+     netsnmp_pdu    *pdu2 = NULL;
++#if defined(IDEAUI_ANTI_ATTACK)
++    char* peerName = NULL;
++    const int ipMaxLen = 256;
++    char szRemoteAddr[ipMaxLen] = {0};
++    char unknownPeer[ipMaxLen] = {0};
++    strcpy(unknownPeer, "UnkownHost");
++    snmp_anti_info antiInfo = {0};
++#endif
+ 
+     session->s_snmp_errno = 0;
+     session->s_errno = 0;
+ 
++#if defined(IDEAUI_ANTI_ATTACK)
++    if (pdu->transport_data_length != 0) {
++       struct sockaddr_in *from_in = (struct sockaddr_in *)pdu->transport_data;
++        if (AF_INET6 == from_in->sin_family) {
++            struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)pdu->transport_data;
++            inet_ntop(AF_INET6, (void *) &(from_in6->sin6_addr), szRemoteAddr, sizeof(szRemoteAddr));
++            } else {
++           inet_ntop(AF_INET, (void *) &(from_in->sin_addr), szRemoteAddr, sizeof(szRemoteAddr));
++        }
++        peerName = szRemoteAddr;
++    } else {
++        peerName = unknownPeer;
++    }
++#endif
++
+     /*
+      * Ensure all incoming PDUs have a unique means of identification 
+      * (This is not restricted to AgentX handling,
+@@ -4391,6 +4435,16 @@ _snmp_parse(void *sessp,
+                     snmp_api_errstring(result)));
+ 
+         if (result) {
++#if defined(IDEAUI_ANTI_ATTACK)
++            antiInfo.userName = pdu->securityName;
++            antiInfo.peerName = peerName;
++            antiInfo.antiRes = result;
++            if (g_stAntiAttack.cb_add_attack_info != NULL &&
++                ((pdu->securityLevel == SNMP_SEC_LEVEL_AUTHNOPRIV) ||
++                (pdu->securityLevel == SNMP_SEC_LEVEL_AUTHPRIV))) {
++                g_stAntiAttack.cb_add_attack_info((char *)&antiInfo, (const char*)peerName);
++            }
++#endif
+             struct snmp_secmod_def *secmod =
+                 find_sec_mod(pdu->securityModel);
+             if (!sessp) {
+@@ -4408,6 +4462,24 @@ _snmp_parse(void *sessp,
+             }
+             free_securityStateRef(pdu);
+         }
++#if defined(IDEAUI_ANTI_ATTACK)
++        else {
++            if ((g_stAntiAttack.cb_is_attack_lock != NULL) &&
++                ((pdu->securityLevel == SNMP_SEC_LEVEL_AUTHNOPRIV) ||
++                (pdu->securityLevel == SNMP_SEC_LEVEL_AUTHPRIV))) {
++                antiInfo.userName = pdu->securityName;
++                antiInfo.peerName = peerName;
++                antiInfo.antiRes = result;
++                if (g_stAntiAttack.cb_is_attack_lock((char *)&antiInfo, (const char*)peerName) != 0) {
++                    result = SNMPERR_ASN_PARSE_ERR;
++                } else {
++                    if (g_stAntiAttack.cb_clear_attack_info != NULL) {
++                        g_stAntiAttack.cb_clear_attack_info((char *)&antiInfo, (const char*)peerName);
++                    }
++                }
++            }
++        }
++#endif
+ 
+         /* Implement RFC5343 here for two reasons:
+            1) From a security perspective it handles this otherwise

net-snmp-5.9.1-IdeaUI_reset_last_engineTime.patch

@@ -0,0 +1,47 @@
+From e194c8fbe2cc2b1085a3da97ddb94eb329558446 Mon Sep 17 00:00:00 2001
+From: chenrufeng <chenrufeng4@huawei.com>
+Date: Fri, 5 Jan 2024 10:38:35 +0800
+Subject: [PATCH] Reset last_engineTime when calling init_snmpv3()
+
+---
+ snmplib/snmpv3.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c
+index 29c2a0ffc..d9b9eb7d6 100644
+--- a/snmplib/snmpv3.c
++++ b/snmplib/snmpv3.c
+@@ -99,6 +99,10 @@ static struct timeval snmpv3starttime;
+ static int      getHwAddress(const char *networkDevice, char *addressOut);
+ #endif
+ 
++#ifdef IDEAUI_RESET_LAST_ENGINETIME
++    static uint32_t last_engineTime = 0;
++#endif
++
+ /*******************************************************************-o-******
+  * snmpv3_secLevel_conf
+  *
+@@ -949,6 +953,9 @@ init_snmpv3(const char *type)
+ {
+     netsnmp_get_monotonic_clock(&snmpv3starttime);
+ 
++#ifdef IDEAUI_RESET_LAST_ENGINETIME
++    last_engineTime = 0;
++#endif
+     if (!type)
+         type = "__snmpapp__";
+ 
+@@ -1249,7 +1256,9 @@ snmpv3_local_snmpEngineTime(void)
+     netsnmp_feature_require(calculate_sectime_diff)
+ #endif /* NETSNMP_FEATURE_CHECKING */
+ 
++#ifndef IDEAUI_RESET_LAST_ENGINETIME
+     static uint32_t last_engineTime;
++#endif
+     struct timeval  now;
+     uint32_t engineTime;
+ 
+-- 
+2.34.1
+

net-snmp-tmpfs.conf

@@ -1 +1 @@
-d	/var/run/net-snmp	0755	root	root
+d	/run/net-snmp	0755	root	root

net-snmp.spec

@@ -2,8 +2,8 @@
 %global multilib_arches  x86_64  aarch64
 
 Name:            net-snmp
-Version:         5.9.1
-Release:         7
+Version:         5.9.3
+Release:         4
 Epoch:           1
 Summary:         SNMP Daemon
 License:         BSD
@@ -26,42 +26,34 @@ Patch4:          backport-net-snmp-5.9-test-debug.patch
 Patch5:          backport-net-snmp-5.7.2-cert-path.patch
 Patch6:          backport-net-snmp-5.9-cflags.patch
 Patch7:          backport-net-snmp-5.8-Remove-U64-typedef.patch
-Patch8:          backport-net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch
-Patch9:          backport-net-snmp-5.7.3-iterator-fix.patch
-Patch10:         backport-net-snmp-5.9-autofs-skip.patch
-Patch12:         backport-net-snmp-5.9-usage-exit.patch
-Patch13:         backport-net-snmp-5.9-coverity.patch
-Patch15:         backport-net-snmp-5.9-dskTable-dynamic.patch
-Patch16:         backport-net-snmp-5.8-expand-SNMPCONFPATH.patch
-Patch17:         backport-net-snmp-5.8-duplicate-ipAddress.patch
-Patch18:         backport-net-snmp-5.9-memory-reporting.patch
-Patch19:         backport-net-snmp-5.8-man-page.patch
-Patch20:         backport-net-snmp-5.8-ipAddress-faster-load.patch
-Patch21:         backport-net-snmp-5.8-rpm-memory-leak.patch
-Patch22:         backport-net-snmp-5.9-aes-config.patch
-Patch23:         backport-net-snmp-5.8-modern-rpm-api.patch
-Patch24:         backport-net-snmp-5.9-python3.patch
-Patch25:         backport-libsnmp-Fix-more-undefined-behavior-in-asn_build_int.patch
-Patch26:         backport-libsnmp-Fix-undefined-behavior-in-asn_build_int.patch
-Patch30:         backport-libsnmp-Fix-a-memory-leak-in-a-MIB-parser-error-path.patch
-Patch31:         backport-libsnmp-Fix-the-getoid-error-path.patch
-Patch32:         backport-Python-Fix-snmpwalk-with-UseNumeric-1.patch
-Patch33:         backport-net-snmp-5.9.1-autoconf.patch
-Patch34:         backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch
-Patch35:         backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch
-Patch36:         backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch
-Patch37:         backport-Linux-IF-MIB-Fix-a-memory-leak.patch
-Patch38:         backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch
-Patch39:         backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch
-Patch40:         backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch
-Patch41:         backport-CVE-2022-44792_CVE-2022-44793.patch
-Patch42:         backport-Fix-the-build-against-OpenSSL-3.0.patch
-Patch43:         backport-libsnmp-Remove-netsnmp_openssl_err_log.patch
-Patch44:         backport-net-snmp-5.9.1-remove-err-log.patch
+Patch8:          backport-net-snmp-5.7.3-iterator-fix.patch
+Patch9:          backport-net-snmp-5.9-autofs-skip.patch
+Patch10:         backport-net-snmp-5.9-coverity.patch
+Patch11:         backport-net-snmp-5.8-expand-SNMPCONFPATH.patch
+Patch12:         backport-net-snmp-5.8-duplicate-ipAddress.patch
+Patch13:         backport-net-snmp-5.9-memory-reporting.patch
+Patch14:         backport-net-snmp-5.8-man-page.patch
+Patch15:         backport-net-snmp-5.8-ipAddress-faster-load.patch
+Patch16:         backport-net-snmp-5.8-rpm-memory-leak.patch
+Patch17:         backport-net-snmp-5.9-aes-config.patch
+Patch18:         backport-net-snmp-5.8-modern-rpm-api.patch
+Patch19:         backport-net-snmp-5.9-python3.patch
+Patch20:         backport-net-snmp-5.9.1-autoconf.patch
+Patch21:         backport-CVE-2022-44792_CVE-2022-44793.patch
+Patch22:         backport-libsnmp-Remove-netsnmp_openssl_err_log.patch
+Patch23:         backport-net-snmp-5.9-ipv6-disable-leak.patch
+Patch24:         backport-net-snmp-5.9-sendmsg-error-code.patch
+
+patch25:         dump-space-around-the-equal-for-shellcheck-sc1068.patch
+Patch26:         net-snmp-5.9.1-IdeaUI_antic_attack.patch
+Patch27:         net-snmp-5.9.1-IdeaUI_reset_last_engineTime.patch
+Patch28:         backport-Add-Linux-6.7-compatibility-parsing-proc-net-snmp.patch
+Patch29:         backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch
+Patch30:         backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch
 
 %{?systemd_requires}
 BuildRequires:   systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel
-BuildRequires:   elfutils-libelf-devel rpm-devel perl-devel perl(ExtUtils::Embed) procps pcre-devel
+BuildRequires:   elfutils-libelf-devel rpm-devel perl-devel perl(ExtUtils::Embed) procps
 BuildRequires:   python3-devel python3-setuptools chrpath mariadb-connector-c-devel net-tools
 BuildRequires:   perl(TAP::Harness) lm_sensors-devel autoconf automake
 Requires:        perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@@ -147,7 +139,7 @@ MIBS="host agentx smux \
      ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \
      sctp-mib rmon-mib etherlike-mib"
 MIBS="$MIBS ucd-snmp/lmsensorsMib"
-%configure  --enable-shared --enable-as-needed  --enable-embedded-perl \
+%configure --with-pcre=no  --enable-shared --enable-as-needed  --enable-embedded-perl \
     --enable-ipv6  --enable-local-smux --enable-mfd-rewrites \
     --enable-ucd-snmp-compatibility --sysconfdir=%{_sysconfdir} \
     --with-cflags="$RPM_OPT_FLAGS -D_RPM_4_4_COMPAT" \
@@ -216,8 +208,7 @@ for file in README COPYING; do
     iconv -f 8859_1 -t UTF-8 <$file >$file.utf8
     mv $file.utf8 $file
 done
-chmod 644 local/ipf-mod.pl
-chmod 755 local/passtest
+chmod 644 local/passtest local/ipf-mod.pl
 
 mkdir -p %{buildroot}/%{_tmpfilesdir}
 install -m 644 %SOURCE7 %{buildroot}/%{_tmpfilesdir}/net-snmp.conf
@@ -230,6 +221,7 @@ cp -f libtool.orig libtool
 rm -vf testing/fulltests/default/T200snmpv2cwalkall_simple
 chmod 755 local/passtest
 LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
+chmod 644 local/passtest
 %endif
 
 %post
@@ -337,6 +329,38 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_mandir}/man1/fixproc*
 
 %changelog
+* Tue Oct 29 2024 xingwei <xingwei14@h-partners.com> - 1:5.9.3-4
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Sync upstream patches to fix Buffer overflow
+
+* Wed Sep 25 2024 xingwei <xingwei14@h-partners.com> - 1:5.9.3-3
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Migration patch from upstream, add compatibility to parse
+Linux 6.7 Ip header while keep support for previous versions.
+
+* Fri May 10 2024 gaihuiying <eaglegai@163.com> - 1:5.9.3-2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Customized the anti-attacki/reset-last_engineTime function for IdeaUI
+       change the permissions of passtest
+
+* Mon Aug 07 2023 xingwei <xingwei14@h-partners.com> - 1:5.9.3-1
+- Type:requirement
+- CVE:NA
+- SUG:NA
+- DESC:update net-snmp to 5.9.3
+
+* Wed May 24 2023 xingwei <xingwei14@h-partners.com> - 1:5.9.1-8
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:remove pcre dependency
+
 * Fri Feb 03 2023 gaihuiying <eaglegai@163.com> - 1:5.9.1-7
 - Type:bugfix
 - CVE:NA