Compare commits

..

No commits in common. 'c9' and 'c8-beta' have entirely different histories.
c9 ... c8-beta

2
.gitignore vendored

@ -1 +1 @@
SOURCES/net-snmp-5.9.1.tar.gz SOURCES/net-snmp-5.8.tar.gz

@ -1 +1 @@
0326d0e07c86f52100ceadd42c875a446309a846 SOURCES/net-snmp-5.9.1.tar.gz 81654b086af051edbe7e03ba49672aa0c2ab1d38 SOURCES/net-snmp-5.8.tar.gz

@ -0,0 +1,70 @@
diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c
--- old/agent/mibgroup/agent/extend.c 2020-11-11 12:41:46.377115142 +0100
+++ new/agent/mibgroup/agent/extend.c 2020-11-11 12:50:28.047142105 +0100
@@ -16,6 +16,12 @@
#define SHELLCOMMAND 3
#endif
+/* This mib is potentially dangerous to turn on by default, since it
+ * allows arbitrary commands to be set by anyone with SNMP WRITE
+ * access to the MIB table. If all of your users are "root" level
+ * users, then it may be safe to turn on. */
+#define ENABLE_EXTEND_WRITE_ACCESS 0
+
netsnmp_feature_require(extract_table_row_data)
netsnmp_feature_require(table_data_delete_table)
#ifndef NETSNMP_NO_WRITE_SUPPORT
@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
*
**********/
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
case MODE_SET_RESERVE1:
/*
* Validate the new assignments
@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
break;
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
default:
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
/*
* If we're marking a given row as active,
* then we need to check that it's ready.
@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
@@ -1571,7 +1577,7 @@ fixExec2Error(int action,
idx = name[name_len-1] -1;
exten = &compatability_entries[ idx ];
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
switch (action) {
case MODE_SET_RESERVE1:
if (var_val_type != ASN_INTEGER) {
@@ -1592,7 +1598,7 @@ fixExec2Error(int action,
case MODE_SET_COMMIT:
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */

@ -0,0 +1,10 @@
926223 - net-snmp: Does not support aarch64 in f19 and rawhide
Update autoconf version to make the test suite happy.
diff -up net-snmp-5.7.2/dist/autoconf-version.autoreconf net-snmp-5.7.2/dist/autoconf-version
--- net-snmp-5.7.2/dist/autoconf-version.autoreconf 2013-03-25 13:00:15.002745347 +0100
+++ net-snmp-5.7.2/dist/autoconf-version 2013-03-25 13:00:17.207736442 +0100
@@ -1 +1 @@
-2.68
+2.69

@ -0,0 +1,128 @@
diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in
--- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200
@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@
diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in
--- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200
@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
--- a/apps/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/Makefile.in 2018-09-25 09:38:18.361298461 +0200
@@ -156,37 +156,37 @@ OTHERUNINSTALL=snmpinformuninstall snmpt
# build rules
#
snmpwalk$(EXEEXT): snmpwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkwalk$(EXEEXT): snmpbulkwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkget$(EXEEXT): snmpbulkget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptranslate$(EXEEXT): snmptranslate.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpstatus$(EXEEXT): snmpstatus.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpget$(EXEEXT): snmpget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdelta$(EXEEXT): snmpdelta.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptable$(EXEEXT): snmptable.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpinform$(EXEEXT): snmptrap$(EXEEXT)
rm -f snmpinform
@@ -197,34 +197,34 @@ snmptop$(EXEEXT): snmpps$(EXEEXT)
$(LN_S) snmpps$(EXEEXT) snmptop$(EXEEXT)
snmpset$(EXEEXT): snmpset.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpusm$(EXEEXT): snmpusm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpvacm$(EXEEXT): snmpvacm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptls$(EXEEXT): snmptls.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
agentxtrap$(EXEEXT): agentxtrap.$(OSUFFIX) $(USEAGENTLIBS)
$(LINK) ${CFLAGS} -o $@ agentxtrap.$(OSUFFIX) ${LDFLAGS} $(USEAGENTLIBS) $(PERLLDOPTS_FOR_APPS) ${LIBS}
snmpgetnext$(EXEEXT): snmpgetnext.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
encode_keychange$(EXEEXT): encode_keychange.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdf$(EXEEXT): snmpdf.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpps$(EXEEXT): snmpps.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
snmpping$(EXEEXT): snmpping.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
+ $(LINK) ${CFLAGS} -o $@ -pie snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
diff -urNp a/apps/snmpnetstat/Makefile.in b/apps/snmpnetstat/Makefile.in
--- a/apps/snmpnetstat/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/snmpnetstat/Makefile.in 2018-09-25 09:39:30.406458117 +0200
@@ -34,4 +34,4 @@ LIBS= ../../snmplib/libnetsnmp.$(LIB_EX
all: standardall
snmpnetstat$(EXEEXT): ${LOBJS} ${USELIBS}
- ${LINK} ${CFLAGS} -o $@ ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}
+ ${LINK} ${CFLAGS} -o $@ -pie ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}

@ -0,0 +1,100 @@
From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 27 Apr 2020 08:23:16 -0700
Subject: [PATCH] configure: Report supported authentication and encryption
modes correctly
Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
protocol constants handling") added support for several AES encryption modes.
Make the configure script report which modes are supported.
---
configure | 15 ++++++++++++++-
configure.d/config_os_misc2 | 15 ++++++++++++++-
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 46402589f..7481ebd07 100755
--- a/configure
+++ b/configure
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
$as_echo "Internal Crypto Support" >&6; }
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -26492,6 +26498,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
index 1df9bf0a2..be0bccec0 100644
--- a/configure.d/config_os_misc2
+++ b/configure.d/config_os_misc2
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
AC_MSG_RESULT(Internal Crypto Support)
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -86,6 +92,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
AC_SUBST(LNETSNMPLIBS)
AC_SUBST(LAGENTLIBS)
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200
+++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200
@@ -58,11 +58,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ DES|AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ des|aes|aes128|aes192|aes256)
Xalgorithm=`echo $1 | tr a-z A-Z`
shift
;;

@ -0,0 +1,122 @@
diff -urNp a/agent/agent_trap.c b/agent/agent_trap.c
--- a/agent/agent_trap.c 2019-02-13 13:10:36.862269252 +0100
+++ b/agent/agent_trap.c 2019-02-13 15:02:11.396042356 +0100
@@ -174,6 +174,11 @@ _trap_version_incr(int version)
case SNMP_VERSION_3:
++_v2_sessions;
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
@@ -201,6 +206,11 @@ _trap_version_decr(int version)
_v2_sessions = 0;
}
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
diff -urNp old/agent/mibgroup/agentx/master.c new/agent/mibgroup/agentx/master.c
--- old/agent/mibgroup/agentx/master.c 2019-04-03 12:13:55.115769783 +0200
+++ new/agent/mibgroup/agentx/master.c 2019-04-10 09:49:53.277168497 +0200
@@ -280,6 +280,11 @@ agentx_got_response(int operation,
netsnmp_free_delegated_cache(cache);
return 0;
+ case NETSNMP_CALLBACK_OP_RESEND:
+ DEBUGMSGTL(("agentx/master", "resend on session %8p req=0x%x\n",
+ session, (unsigned)reqid));
+ return 0;
+
case NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE:
/*
* This session is alive
diff -urNp old/snmplib/snmp_api.c new/snmplib/snmp_api.c
--- old/snmplib/snmp_api.c 2019-04-24 00:28:34.904357292 +0200
+++ new/snmplib/snmp_api.c 2019-04-24 00:24:40.101830685 +0200
@@ -352,6 +352,7 @@ static int snmpv3_build(u_char ** p
netsnmp_pdu *pdu);
static int snmp_parse_version(u_char *, size_t);
static int snmp_resend_request(struct session_list *slp,
+ netsnmp_request_list *orp,
netsnmp_request_list *rp,
int incr_retries);
static void register_default_handlers(void);
@@ -5717,7 +5718,7 @@ _sess_process_packet_handle_pdu(void *se
* * inifinite resend
*/
if (rp->retries <= sp->retries) {
- snmp_resend_request(slp, rp, TRUE);
+ snmp_resend_request(slp, orp, rp, TRUE);
break;
} else {
/* We're done with retries, so no longer waiting for a response */
@@ -6662,9 +6663,22 @@ snmp_timeout(void)
snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION);
}
+static void
+remove_request(struct snmp_internal_session *isp,
+ netsnmp_request_list *orp, netsnmp_request_list *rp)
+{
+ if (orp)
+ orp->next_request = rp->next_request;
+ else
+ isp->requests = rp->next_request;
+ if (isp->requestsEnd == rp)
+ isp->requestsEnd = orp;
+ snmp_free_pdu(rp->pdu);
+}
+
static int
-snmp_resend_request(struct session_list *slp, netsnmp_request_list *rp,
- int incr_retries)
+snmp_resend_request(struct session_list *slp, netsnmp_request_list *orp,
+ netsnmp_request_list *rp, int incr_retries)
{
struct snmp_internal_session *isp;
netsnmp_session *sp;
@@ -6731,9 +6745,11 @@ snmp_resend_request(struct session_list
sp->s_snmp_errno = SNMPERR_BAD_SENDTO;
sp->s_errno = errno;
snmp_set_detail(strerror(errno));
- if (rp->callback)
+ if (rp->callback) {
rp->callback(NETSNMP_CALLBACK_OP_SEND_FAILED, sp,
rp->pdu->reqid, rp->pdu, rp->cb_data);
+ remove_request(isp, orp, rp);
+ }
return -1;
} else {
netsnmp_get_monotonic_clock(&now);
@@ -6813,19 +6829,12 @@ snmp_sess_timeout(void *sessp)
callback(NETSNMP_CALLBACK_OP_TIMED_OUT, sp,
rp->pdu->reqid, rp->pdu, magic);
}
- if (orp)
- orp->next_request = rp->next_request;
- else
- isp->requests = rp->next_request;
- if (isp->requestsEnd == rp)
- isp->requestsEnd = orp;
- snmp_free_pdu(rp->pdu);
+ remove_request(isp, orp, rp);
freeme = rp;
continue; /* don't update orp below */
} else {
- if (snmp_resend_request(slp, rp, TRUE)) {
+ if (snmp_resend_request(slp, orp, rp, TRUE))
break;
- }
}
}
orp = rp;

@ -0,0 +1,12 @@
diff -urNp a/agent/mibgroup/agentx/master.c b/agent/mibgroup/agentx/master.c
--- a/agent/mibgroup/agentx/master.c 2018-07-18 12:13:49.953014652 +0200
+++ b/agent/mibgroup/agentx/master.c 2018-07-18 12:20:23.537626773 +0200
@@ -221,7 +221,7 @@ agentx_got_response(int operation,
/* response is too late, free the cache */
if (magic)
netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic);
- return 0;
+ return 1;
}
requests = cache->requests;

@ -0,0 +1,86 @@
From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 12:21:59 -0800
Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
Handle length zero correctly.
Fixes: https://github.com/net-snmp/net-snmp/issues/253
Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
---
snmplib/asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
index e983500e7..33c272768 100644
--- a/snmplib/asn1.c
+++ b/snmplib/asn1.c
@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
* long length; first byte is length of length (after masking high bit)
*/
len_len = (int) ((*pkt & ~0x80) + 1);
- if ((int) pkt_len <= len_len )
+ if (pkt_len < len_len)
return NULL; /* still too short for length and data */
/* now we know we have enough data to parse length */
From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 10:00:33 -0800
Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
test
Add a reproducer for the bug fixed by the previous patch.
---
.../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++
1 file changed, 41 insertions(+)
create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
new file mode 100644
index 000000000..5c21ccdc7
--- /dev/null
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
@@ -0,0 +1,41 @@
+/* HEADER Parsing of an SNMP trap with no varbinds */
+netsnmp_pdu pdu;
+int rc;
+static u_char trap_pdu[] = {
+ /* Sequence with length of 0x2d = 45 bytes. */
+ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
+ /* version = INTEGER 0 */
+ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
+ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
+ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
+ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
+ /* SNMP_MSG_TRAP; 32 bytes. */
+ [15] = 0xa4, [16] = 0x20,
+ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
+ [17] = 0x06, [18] = 0x08,
+ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
+ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
+ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
+ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
+ [31] = 0x01, [32] = 0x22,
+ /* generic-trap = INTEGER 0 */
+ [33] = 0x02, [34] = 0x01, [35] = 0x00,
+ /* specific-trap = INTEGER 0 */
+ [36] = 0x02, [37] = 0x01, [38] = 0x00,
+ /* ASN_TIMETICKS 0x117f243a */
+ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
+ [43] = 0x24, [44] = 0x3a,
+ /* varbind list */
+ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
+};
+static size_t trap_pdu_length = sizeof(trap_pdu);
+netsnmp_session session;
+
+snmp_set_do_debugging(TRUE);
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
+memset(&session, 0, sizeof(session));
+snmp_sess_init(&session);
+memset(&pdu, 0, sizeof(pdu));
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
+
+OKF((rc == 0), ("Parsing of a trap PDU"));

@ -0,0 +1,199 @@
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntctl.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:15:46.782859398 +0200
@@ -43,8 +43,9 @@ _fsys_type( int type)
case MNT_NFS:
case MNT_NFS3:
- case MNT_AUTOFS:
return NETSNMP_FS_TYPE_NFS;
+ case MNT_AUTOFS:
+ return NETSNMP_FS_TYPE_AUTOFS;
/*
* The following code covers selected filesystems
@@ -156,10 +157,12 @@ netsnmp_fsys_arch_load( void )
/*
* Optionally skip retrieving statistics for remote mounts
+ * AUTOFS is skipped by default
*/
- if ( (entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
+ if ( ((entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
- NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
+ NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES)) ||
+ entry->type == (NETSNMP_FS_TYPE_AUTOFS))
continue;
if ( statfs( entry->path, &stat_buf ) < 0 ) {
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:15:46.782859398 +0200
@@ -150,6 +150,13 @@ _fsys_type( char *typename )
!strcmp(typename, MNTTYPE_LOFS))
return NETSNMP_FS_TYPE_OTHER;
+ /* Detection of AUTOFS.
+ * This file system will be ignored by default
+ */
+ else if ( !strcmp(typename, MNTTYPE_AUTOFS))
+ return NETSNMP_FS_TYPE_AUTOFS;
+
+
/*
* All other types are silently skipped
*/
@@ -239,6 +246,10 @@ netsnmp_fsys_arch_load( void )
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
continue;
+ /* Skip AUTOFS enteries */
+ if ( entry->type == (NETSNMP_FS_TYPE_AUTOFS))
+ continue;
+
#ifdef irix6
if ( NSFS_STATFS( entry->path, &stat_buf, sizeof(struct statfs), 0) < 0 )
#else
diff -urNp b/agent/mibgroup/hardware/fsys/mnttypes.h net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h
--- b/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:15:46.782859398 +0200
@@ -165,6 +165,9 @@
#ifndef MNTTYPE_APP
#define MNTTYPE_APP "app"
#endif
+#ifndef MNTTYPE_AUTOFS
+#define MNTTYPE_AUTOFS "autofs"
+#endif
#ifndef MNTTYPE_DEVPTS
#define MNTTYPE_DEVPTS "devpts"
#endif
diff -urNp b/agent/mibgroup/host/hr_filesys.c net-snmp-5.8/agent/mibgroup/host/hr_filesys.c
--- b/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:15:46.783859399 +0200
@@ -834,6 +834,27 @@ Check_HR_FileSys_NFS (void)
return 0; /* no NFS file system */
}
+/* This function checks whether current file system is an AutoFs
+ * HRFS_entry must be valid prior to calling this function
+ * return 1 if AutoFs, 0 otherwise
+ */
+int
+Check_HR_FileSys_AutoFs (void)
+{
+#if HAVE_GETFSSTAT
+ if ( HRFS_entry->HRFS_type != NULL &&
+#if defined(MNTTYPE_AUTOFS)
+ !strcmp( HRFS_entry->HRFS_type, MNTTYPE_AUTOFS)
+#else
+ !strcmp( HRFS_entry->HRFS_type, "autofs")
+#endif
+ )
+#endif /* HAVE_GETFSSTAT */
+ return 1; /* AUTOFS */
+
+ return 0; /* no AUTOFS */
+}
+
void
End_HR_FileSys(void)
{
diff -urNp b/agent/mibgroup/host/hr_filesys.h net-snmp-5.8/agent/mibgroup/host/hr_filesys.h
--- b/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:15:46.784859400 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_filesys.c net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c
--- b/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:15:46.785859402 +0200
@@ -429,3 +429,9 @@ Check_HR_FileSys_NFS (void)
{
return (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) ? 1 : 0;
}
+
+int
+Check_HR_FileSys_AutoFs (void)
+{
+ return (HRFS_entry->type == (NETSNMP_FS_TYPE_AUTOFS)) ? 1 : 0;
+}
diff -urNp b/agent/mibgroup/host/hrh_filesys.h net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h
--- b/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:15:46.785859402 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrhfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_storage.c net-snmp-5.8/agent/mibgroup/host/hrh_storage.c
--- b/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -367,9 +367,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (store_idx <= NETSNMP_MEM_TYPE_MAX ) {
mem = (netsnmp_memory_info*)ptr;
@@ -508,7 +509,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/agent/mibgroup/host/hr_storage.c net-snmp-5.8/agent/mibgroup/host/hr_storage.c
--- b/agent/mibgroup/host/hr_storage.c 2018-07-18 16:12:20.670499644 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (HRFS_statfs(HRFS_entry->HRFS_mount, &stat_buf) < 0) {
snmp_log_perror(HRFS_entry->HRFS_mount);
@@ -683,7 +684,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/include/net-snmp/agent/hardware/fsys.h net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h
--- b/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:12:20.649499726 +0200
+++ net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:19:33.994918912 +0200
@@ -41,6 +41,7 @@ typedef struct netsnmp_fsys_info_s netsn
#define NETSNMP_FS_TYPE_SYSFS (4 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_TYPE_TMPFS (5 | _NETSNMP_FS_TYPE_LOCAL)
#define NETSNMP_FS_TYPE_USBFS (6 | _NETSNMP_FS_TYPE_LOCAL)
+#define NETSNMP_FS_TYPE_AUTOFS (7 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_FLAG_ACTIVE 0x01
#define NETSNMP_FS_FLAG_REMOTE 0x02

@ -0,0 +1,90 @@
diff -urNp a/agent/mibgroup/host/hrh_filesys.c b/agent/mibgroup/host/hrh_filesys.c
--- a/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:30:07.744455758 +0200
+++ b/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:32:50.657160232 +0200
@@ -219,6 +219,7 @@ var_hrhfilesys(struct variable *vp,
{
int fsys_idx;
static char *string;
+ static char empty_str[1];
fsys_idx =
header_hrhfilesys(vp, name, length, exact, var_len, write_method);
@@ -235,7 +236,7 @@ var_hrhfilesys(struct variable *vp,
*var_len = 0;
if (asprintf(&string, "%s", HRFS_entry->path) >= 0)
*var_len = strlen(string);
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_RMOUNT:
free(string);
if (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) {
@@ -245,7 +246,7 @@ var_hrhfilesys(struct variable *vp,
string = strdup("");
}
*var_len = string ? strlen(string) : 0;
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_TYPE:
fsys_type_id[fsys_type_len - 1] =
diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:30:07.728455689 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:34:32.722597366 +0200
@@ -842,6 +842,7 @@ var_extensible_disk(struct variable *vp,
struct dsk_entry entry;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
int i;
for (i = 0; i < numdisks; i++){
@@ -950,7 +951,7 @@ tryAgain:
*var_len = strlen(errmsg);
}
}
- return (u_char *) (errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/disk_hw.c b/agent/mibgroup/ucd-snmp/disk_hw.c
--- a/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:30:07.727455684 +0200
+++ b/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:35:53.420943010 +0200
@@ -314,6 +314,7 @@ var_extensible_disk(struct variable *vp,
unsigned long long val;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
netsnmp_cache *cache;
/* Update the fsys H/W module */
@@ -432,7 +433,7 @@ tryAgain:
>= 0)) {
*var_len = strlen(errmsg);
}
- return (u_char *) errmsg;
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/proc.c b/agent/mibgroup/ucd-snmp/proc.c
--- a/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:30:07.725455676 +0200
+++ b/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:37:31.143361548 +0200
@@ -267,7 +267,7 @@ var_extensible_proc(struct variable *vp,
struct myproc *proc;
static long long_ret;
static char *errmsg;
-
+ static char empty_str[1];
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numprocs))
@@ -330,7 +330,7 @@ var_extensible_proc(struct variable *vp,
}
}
*var_len = errmsg ? strlen(errmsg) : 0;
- return ((u_char *) errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
case ERRORFIX:
*write_method = fixProcError;
long_return = fixproc.result;

@ -0,0 +1,51 @@
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-09-29 14:08:09.821479662 +0200
+++ b/snmplib/snmp_api.c 2020-10-01 10:15:46.607374362 +0200
@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session
session->retries = SNMP_DEFAULT_RETRIES;
session->version = SNMP_DEFAULT_VERSION;
session->securityModel = SNMP_DEFAULT_SECMODEL;
- session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
+ session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
session->sndMsgMaxSize = netsnmp_max_send_msg_size();
session->flags |= SNMP_FLAGS_DONT_PROBE;
}
@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
/*
* build a scopedPDU structure into spdu_buf
*/
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "ScopedPdu");
cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
&spdu_hdr_e);
@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
*/
DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
if (pdu_data) {
+ if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
+ snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
+ __func__, pdu_data_len, sizeof(spdu_buf));
+ return -1;
+ }
memcpy(cp, pdu_data, pdu_data_len);
cp += pdu_data_len;
} else {
@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
* re-encode the actual ASN.1 length of the scopedPdu
*/
spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
if (asn_build_sequence(spdu_buf, &spdu_buf_len,
(u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
spdu_len) == NULL)
@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
* message - the entire message to transmitted on the wire is returned
*/
cp = NULL;
- *out_length = SNMP_MAX_MSG_SIZE;
+ *out_length = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
sptr = find_sec_mod(pdu->securityModel);
if (sptr && sptr->encode_forward) {

@ -0,0 +1,12 @@
diff -urNp a/local/net-snmp-cert b/local/net-snmp-cert
--- a/local/net-snmp-cert 2021-10-11 09:08:53.451970484 +0200
+++ b/local/net-snmp-cert 2021-10-11 09:11:36.765386413 +0200
@@ -1002,7 +1002,7 @@ sub make_openssl_conf {
rdir = .
dir = $ENV::DIR
RANDFILE = $rdir/.rand
-MD = sha1
+MD = sha512
KSIZE = 2048
CN = net-snmp.org
EMAIL = admin@net-snmp.org

@ -0,0 +1,112 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/agent/default_store/Makefile.PL b/perl/agent/default_store/Makefile.PL
--- a/perl/agent/default_store/Makefile.PL 2018-07-18 13:43:12.170426290 +0200
+++ b/perl/agent/default_store/Makefile.PL 2018-07-18 13:51:31.812176486 +0200
@@ -83,7 +83,7 @@ sub AgentDefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Makefile.PL b/perl/agent/Makefile.PL
--- a/perl/agent/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Makefile.PL 2018-07-18 13:52:53.884973275 +0200
@@ -98,7 +98,7 @@ sub AgentInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . $Params{'LIBS'};
# $Params{'PREREQ_PM'} = {'NetSNMP::OID' => '0.1'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Support/Makefile.PL b/perl/agent/Support/Makefile.PL
--- a/perl/agent/Support/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Support/Makefile.PL 2018-07-18 13:53:11.414929921 +0200
@@ -90,7 +90,7 @@ sub SupportInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/ASN/Makefile.PL b/perl/ASN/Makefile.PL
--- a/perl/ASN/Makefile.PL 2018-07-18 13:43:12.171426287 +0200
+++ b/perl/ASN/Makefile.PL 2018-07-18 13:53:46.652842822 +0200
@@ -93,7 +93,7 @@ sub AsnInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/default_store/Makefile.PL b/perl/default_store/Makefile.PL
--- a/perl/default_store/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/default_store/Makefile.PL 2018-07-18 13:54:20.814758441 +0200
@@ -83,7 +83,7 @@ sub DefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/OID/Makefile.PL b/perl/OID/Makefile.PL
--- a/perl/OID/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/OID/Makefile.PL 2018-07-18 13:54:43.348702811 +0200
@@ -90,7 +90,7 @@ sub OidInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = {'SNMP' => '5.0'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/SNMP/Makefile.PL b/perl/SNMP/Makefile.PL
--- a/perl/SNMP/Makefile.PL 2018-07-18 13:43:12.173426282 +0200
+++ b/perl/SNMP/Makefile.PL 2018-07-18 13:55:07.220643903 +0200
@@ -103,7 +103,7 @@ sub SnmpInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = { 'NetSNMP::default_store' => 0.01 };
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if (!$ENV{'NETSNMP_PREFIX'}) {
$prefix = `$opts->{'nsconfig'} --prefix`;
diff -urNp a/perl/TrapReceiver/Makefile.PL b/perl/TrapReceiver/Makefile.PL
--- a/perl/TrapReceiver/Makefile.PL 2018-07-18 13:43:12.172426285 +0200
+++ b/perl/TrapReceiver/Makefile.PL 2018-07-18 13:55:43.100647233 +0200
@@ -132,7 +132,7 @@ sub TrapReceiverInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . " $Params{'LIBS'}";
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";

@ -30,6 +30,6 @@ diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snm
errno, strerror(errno))); errno, strerror(errno)));
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n", + NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
+ strerror(errno))); + strerror(errno)));
goto err; netsnmp_socketbase_close(t);
return 1;
} }

@ -0,0 +1,68 @@
diff -urNp a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
--- a/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 10:43:38.722444233 +0200
+++ b/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 11:01:46.503253963 +0200
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
diff -urNp a/agent/mibgroup/hardware/cpu/cpu_linux.c b/agent/mibgroup/hardware/cpu/cpu_linux.c
--- a/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 10:43:38.697444449 +0200
+++ b/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 11:12:07.109024625 +0200
@@ -122,6 +122,7 @@ int netsnmp_cpu_arch_load( netsnmp_cache
bsize = getpagesize()-1;
buff = (char*)malloc(bsize+1);
if (buff == NULL) {
+ close(statfd);
return -1;
}
}
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 10:43:38.711444328 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 11:16:45.532231535 +0200
@@ -543,15 +543,18 @@ netsnmp_access_ipaddress_extra_prefix_in
status = send (sd, &req, req.nlhdr.nlmsg_len, 0);
if (status < 0) {
snmp_log(LOG_ERR, "could not send netlink request\n");
+ close(sd);
return -1;
}
status = recv (sd, buf, sizeof(buf), 0);
if (status < 0) {
snmp_log (LOG_ERR, "could not recieve netlink request\n");
+ close(sd);
return -1;
}
if (status == 0) {
snmp_log (LOG_ERR, "nothing to read\n");
+ close(sd);
return -1;
}
for (nlmp = (struct nlmsghdr *)buf; status > sizeof(*nlmp); ){
@@ -561,11 +564,13 @@ netsnmp_access_ipaddress_extra_prefix_in
if (req_len < 0 || len > status) {
snmp_log (LOG_ERR, "invalid netlink message\n");
+ close(sd);
return -1;
}
if (!NLMSG_OK (nlmp, status)) {
snmp_log (LOG_ERR, "invalid NLMSG message\n");
+ close(sd);
return -1;
}
rtmp = (struct ifaddrmsg *)NLMSG_DATA(nlmp);

@ -1,15 +1,15 @@
diff -urNp a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c diff -up net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c 2024-07-16 10:05:43.294653089 +0200 --- net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original 2022-02-02 15:06:29.382119898 +0900
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c 2024-07-16 10:23:55.392041022 +0200 +++ net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c 2022-02-02 15:15:39.298280447 +0900
@@ -609,7 +609,6 @@ netsnmp_arch_interface_container_load(ne @@ -600,7 +600,6 @@ netsnmp_arch_interface_container_load(ne
{ {
FILE *devin; FILE *devin;
char line[256]; char line[256];
- netsnmp_interface_entry *entry = NULL; - netsnmp_interface_entry *entry = NULL;
static char scan_expected = 0; static char scan_expected = 0;
int fd; int fd;
int interfaces = 0; #ifdef NETSNMP_ENABLE_IPV6
@@ -690,6 +689,7 @@ netsnmp_arch_interface_container_load(ne @@ -669,6 +668,7 @@ netsnmp_arch_interface_container_load(ne
* and retrieve (or create) the corresponding data structure. * and retrieve (or create) the corresponding data structure.
*/ */
while (fgets(line, sizeof(line), devin)) { while (fgets(line, sizeof(line), devin)) {
@ -17,22 +17,19 @@ diff -urNp a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgrou
char *stats, *ifstart = line; char *stats, *ifstart = line;
u_int flags; u_int flags;
oid if_index; oid if_index;
@@ -733,8 +733,13 @@ netsnmp_arch_interface_container_load(ne @@ -701,6 +701,11 @@ netsnmp_arch_interface_container_load(ne
* ip version is to look for ip addresses. If anyone *stats++ = 0; /* null terminate name */
* knows a better way, put it here!
*/
-#ifdef NETSNMP_ENABLE_IPV6
if_index = netsnmp_arch_interface_index_find(ifstart); if_index = netsnmp_arch_interface_index_find(ifstart);
+ if (if_index == 0) { + if (if_index == 0) {
+ DEBUGMSGTL(("access:interface", "network interface %s is gone", + DEBUGMSGTL(("access:interface", "network interface %s is gone",
+ ifstart)); + ifstart));
+ continue; + continue;
+ } + }
+#ifdef NETSNMP_ENABLE_IPV6
_arch_interface_has_ipv6(if_index, &flags, addr_container); /*
#endif * set address type flags.
netsnmp_access_interface_ioctl_has_ipv4(fd, ifstart, 0, &flags, &ifc); @@ -726,7 +731,7 @@ netsnmp_arch_interface_container_load(ne
@@ -752,7 +757,7 @@ netsnmp_arch_interface_container_load(ne
continue; continue;
} }
@ -41,3 +38,4 @@ diff -urNp a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgrou
if(NULL == entry) { if(NULL == entry) {
#ifdef NETSNMP_ENABLE_IPV6 #ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0); netsnmp_access_ipaddress_container_free(addr_container, 0);

@ -0,0 +1,35 @@
From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:21:16 -0700
Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
The Linux kernel regenerates proc files in their entirety every time a 4 KiB
boundary is crossed. This can result in reading the same network interface
twice if network information changes while it is being read. Fix a memory
leak that can be triggered if /proc/net/dev changes while being read.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e99360a216..215b30e806 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
/*
* add to container
*/
- CONTAINER_INSERT(container, entry);
+ if (CONTAINER_INSERT(container, entry) != 0) {
+ netsnmp_interface_entry *existing =
+ CONTAINER_FIND(container, entry);
+ NETSNMP_LOGONCE((LOG_WARNING,
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ entry->index, existing ? existing->name : "(?)",
+ entry->name));
+ netsnmp_access_interface_entry_free(entry);
+ }
}
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

@ -13,7 +13,7 @@ patch adds detection for ECC certificates.
1 file changed, 50 insertions(+), 10 deletions(-) 1 file changed, 50 insertions(+), 10 deletions(-)
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index c092a007a..432cb5c27 100644 index c092a007af..432cb5c27c 100644
--- a/snmplib/snmp_openssl.c --- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c +++ b/snmplib/snmp_openssl.c
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert) @@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)

@ -0,0 +1,12 @@
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2018-07-18 11:11:53.227015237 +0200
+++ b/net-snmp-create-v3-user.in 2018-07-18 11:12:13.375010176 +0200
@@ -137,7 +137,7 @@ fi
echo $line >> $outfile
prefix="@prefix@"
datarootdir="@datarootdir@"
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " " $line

@ -0,0 +1,48 @@
From 1bb941d6fcd7ac2db5a54b95ee0ed07ec9861e70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Fri, 12 Mar 2021 10:15:30 +0100
Subject: [PATCH] Prevent parsing IP address twice (#199)
This fixes issue, that is caused by parsing IP address twice.
First as IPv4 and as IPv6 at second, even thow the address was
properly parsed as a valid IPv4 address.
---
snmplib/transports/snmpUDPDomain.c | 2 +-
snmplib/transports/snmpUDPIPv6Domain.c | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index b96497f3a3..b594a389b9 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -387,7 +387,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
/* Nope, wasn't a dotted quad. Must be a hostname. */
int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
if (ret < 0) {
- config_perror("cannot resolve source hostname");
+ config_perror("cannot resolve IPv4 source hostname");
return;
}
}
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index 238c8a9d63..7db19c5c02 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -736,7 +736,15 @@ netsnmp_udp6_parse_security(const char *token, char *param)
memset(&pton_addr.sin6_addr.s6_addr, '\0',
sizeof(struct in6_addr));
} else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) {
- /* Nope, wasn't a numeric address. Must be a hostname. */
+ /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */
+
+ /* Try interpreting as dotted quad - IPv4 */
+ struct in_addr network;
+ if (inet_pton(AF_INET, sourcep, &network) > 0){
+ /* Yes, it's IPv4 - so it's already parsed and we can return. */
+ DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n"));
+ return;
+ }
#if HAVE_GETADDRINFO
int gai_error;

@ -1,8 +1,7 @@
diff --git a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
index 7c756ff..ff22019 100644 --- a/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:29:35.867328760 +0200
--- a/agent/mibgroup/ucd-snmp/disk.c +++ b/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:44:13.053535421 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c @@ -153,9 +153,10 @@ static void disk_free_config(void)
@@ -153,9 +153,10 @@ static void disk_free_config(void);
static void disk_parse_config(const char *, char *); static void disk_parse_config(const char *, char *);
static void disk_parse_config_all(const char *, char *); static void disk_parse_config_all(const char *, char *);
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
@ -47,7 +46,7 @@ index 7c756ff..ff22019 100644
} }
static void static void
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, char *cptr) @@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
* check if the disk already exists, if so then modify its * check if the disk already exists, if so then modify its
* parameters. if it does not exist then add it * parameters. if it does not exist then add it
*/ */
@ -56,7 +55,7 @@ index 7c756ff..ff22019 100644
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */ #endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
} }
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token, char *cptr) @@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
static void static void
@ -65,7 +64,7 @@ index 7c756ff..ff22019 100644
{ {
int index; int index;
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int minspace, int minpercent, int override) @@ -402,10 +407,16 @@ add_device(char *path, char *device, int
} }
index = disk_exists(path); index = disk_exists(path);
@ -85,7 +84,7 @@ index 7c756ff..ff22019 100644
/* add if and only if the device was found */ /* add if and only if the device was found */
if(device[0] != 0) { if(device[0] != 0) {
/* The following buffers are cleared above, no need to add '\0' */ /* The following buffers are cleared above, no need to add '\0' */
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override) @@ -413,6 +424,7 @@ add_device(char *path, char *device, int
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device)); strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
disks[numdisks].minimumspace = minspace; disks[numdisks].minimumspace = minspace;
disks[numdisks].minpercent = minpercent; disks[numdisks].minpercent = minpercent;
@ -93,7 +92,7 @@ index 7c756ff..ff22019 100644
numdisks++; numdisks++;
} }
else { else {
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override) @@ -420,6 +432,7 @@ add_device(char *path, char *device, int
disks[numdisks].minpercent = -1; disks[numdisks].minpercent = -1;
disks[numdisks].path[0] = 0; disks[numdisks].path[0] = 0;
disks[numdisks].device[0] = 0; disks[numdisks].device[0] = 0;
@ -128,14 +127,7 @@ index 7c756ff..ff22019 100644
dummy = 1; dummy = 1;
} }
fclose(mntfp); fclose(mntfp);
@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent) @@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1,
- minpercent, 0);
+ minpercent, addNewDisks 0);
}
}
#elif HAVE_FSTAB_H #elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */ setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) { while((fstab1 = getfsent()) != NULL) {
@ -144,7 +136,16 @@ index 7c756ff..ff22019 100644
dummy = 1; dummy = 1;
} }
endfsent(); /* close /etc/fstab */ endfsent(); /* close /etc/fstab */
@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent) @@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) {
- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0);
+ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0);
}
}
}
@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/" * statfs we default to the root partition "/"
*/ */
if (statfs("/", &statf) == 0) { if (statfs("/", &statf) == 0) {
@ -153,7 +154,7 @@ index 7c756ff..ff22019 100644
} }
#endif #endif
else { else {
@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry) @@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_e
#endif #endif
#endif #endif
@ -164,9 +165,9 @@ index 7c756ff..ff22019 100644
entry->dskPercentInode = -1; entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS) #if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp, @@ -826,6 +843,13 @@ var_extensible_disk(struct variable *vp,
static long long_ret;
static char *errmsg; static char *errmsg;
static char empty_str[1];
+ int i; + int i;
+ for (i = 0; i < numdisks; i++){ + for (i = 0; i < numdisks; i++){

@ -0,0 +1,30 @@
From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
From: Josef Ridky <jridky@redhat.com>
Date: Wed, 18 Nov 2020 20:54:34 -0800
Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
See also https://github.com/net-snmp/net-snmp/issues/86.
Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
Reported-by: Chris Cheney
---
net-snmp-create-v3-user.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 452c2699d..31b4c58c1 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -120,7 +120,11 @@ fi
fi
outdir="@PERSISTENT_DIRECTORY@"
outfile="$outdir/snmpd.conf"
-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+if test "x$xpassphrase" = "x" ; then
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
+else
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+fi
echo "adding the following line to $outfile:"
echo " " $line
# in case it hasn't ever been started yet, start it.

@ -0,0 +1,25 @@
From 79f014464ba761e2430cc767b021993ab9379822 Mon Sep 17 00:00:00 2001
From: Wes Hardaker <opensource@hardakers.net>
Date: Tue, 8 Jan 2019 08:52:29 -0800
Subject: [PATCH] NEWS: snmptrap: BUG: 2899: Patch from Drew Roedersheimer to
set library engineboots/time values before sending
---
apps/snmptrap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/apps/snmptrap.c b/apps/snmptrap.c
index d16d2fa671..12808d07e4 100644
--- a/apps/snmptrap.c
+++ b/apps/snmptrap.c
@@ -237,6 +237,9 @@ main(int argc, char *argv[])
session.engineBoots = 1;
if (session.engineTime == 0) /* not really correct, */
session.engineTime = get_uptime(); /* but it'll work. Sort of. */
+
+ set_enginetime(session.securityEngineID, session.securityEngineIDLen,
+ session.engineBoots, session.engineTime, TRUE);
}
ss = snmp_add(&session,

@ -0,0 +1,67 @@
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-06-09 12:38:23.196037329 +0200
+++ b/snmplib/snmp_openssl.c 2021-06-09 12:44:11.782503048 +0200
@@ -284,31 +284,30 @@ _cert_get_extension(X509_EXTENSION *oex
}
if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
snmp_log(LOG_ERR, "could not print extension!\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
space = BIO_get_mem_data(bio, &data);
if (buf && *buf) {
- if (*len < space)
- buf_ptr = NULL;
- else
- buf_ptr = *buf;
+ if (*len < space +1) {
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
+ goto out;
+ }
+ buf_ptr = *buf;
+ } else {
+ buf_ptr = calloc(1, space + 1);
}
- else
- buf_ptr = calloc(1,space + 1);
if (!buf_ptr) {
- snmp_log(LOG_ERR,
- "not enough space or error in allocation for extenstion\n");
- BIO_vfree(bio);
- return NULL;
+ snmp_log(LOG_ERR, "error in allocation for extenstion\n");
+ goto out;
}
memcpy(buf_ptr, data, space);
buf_ptr[space] = 0;
if (len)
*len = space;
+out:
BIO_vfree(bio);
return buf_ptr;
@@ -479,7 +478,7 @@ netsnmp_openssl_cert_dump_extensions(X50
{
X509_EXTENSION *extension;
const char *extension_name;
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
int i, num_extensions, buf_len, nid;
if (NULL == ocert)
@@ -499,6 +498,11 @@ netsnmp_openssl_cert_dump_extensions(X50
extension_name = OBJ_nid2sn(nid);
buf_len = sizeof(buf);
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
+ if (!str) {
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
+ extension_name));
+ continue;
+ }
lf = strchr(str, '\n'); /* look for multiline strings */
if (NULL != lf)
*lf = '\0'; /* only log first line of multiline here */

@ -0,0 +1,26 @@
From cd09fd82522861830aaf9d237b26eef5f9ba50d2 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 21 Nov 2018 20:47:42 -0800
Subject: [PATCH] MIB-II: Only log once that opening /proc/net/if_inet6 failed
If IPv6 has been disabled (ipv6.disable=1) then opening /proc/net/if_inet6
fails. Only log this once instead of thousand of times a day.
Reported-by: Fif <lefif@users.sourceforge.net>
---
agent/mibgroup/ip-mib/data_access/ipaddress_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
index 5ddead3e0..280575ce3 100644
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
@@ -234,7 +234,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- snmp_log_perror("ipaddress_linux: could not open " PROCFILE);
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
return -2;
}

@ -1,7 +1,6 @@
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
index 80e2a19..143adbb 100644 --- a/include/net-snmp/library/cert_util.h 2021-06-09 10:55:22.767954797 +0200
--- a/include/net-snmp/library/cert_util.h +++ b/include/net-snmp/library/cert_util.h 2021-06-09 10:56:36.725272293 +0200
+++ b/include/net-snmp/library/cert_util.h
@@ -55,7 +55,8 @@ extern "C" { @@ -55,7 +55,8 @@ extern "C" {
char *common_name; char *common_name;
@ -20,10 +19,9 @@ index 80e2a19..143adbb 100644
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var); int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
index 471bb0b..6c5a23f 100644 --- a/include/net-snmp/library/dir_utils.h 2021-06-09 10:55:22.767954797 +0200
--- a/include/net-snmp/library/dir_utils.h +++ b/include/net-snmp/library/dir_utils.h 2021-06-09 10:56:36.726272298 +0200
+++ b/include/net-snmp/library/dir_utils.h
@@ -53,6 +53,8 @@ extern "C" { @@ -53,6 +53,8 @@ extern "C" {
#define NETSNMP_DIR_NSFILE 0x0010 #define NETSNMP_DIR_NSFILE 0x0010
/** load stats in netsnmp_file */ /** load stats in netsnmp_file */
@ -33,11 +31,10 @@ index 471bb0b..6c5a23f 100644
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
index e7b7114..bee0b5f 100644 --- a/snmplib/cert_util.c 2021-06-09 10:55:22.785954874 +0200
--- a/snmplib/cert_util.c +++ b/snmplib/cert_util.c 2021-06-09 11:02:43.890848394 +0200
+++ b/snmplib/cert_util.c @@ -104,7 +104,7 @@ netsnmp_feature_child_of(tls_fingerprint
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
* bump this value whenever cert index format changes, so indexes * bump this value whenever cert index format changes, so indexes
* will be regenerated with new format. * will be regenerated with new format.
*/ */
@ -46,7 +43,7 @@ index e7b7114..bee0b5f 100644
static netsnmp_container *_certs = NULL; static netsnmp_container *_certs = NULL;
static netsnmp_container *_keys = NULL; static netsnmp_container *_keys = NULL;
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs, @@ -130,6 +130,8 @@ static int _cert_fn_ncompare(netsnmp_ce
netsnmp_cert_common *rhs); netsnmp_cert_common *rhs);
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key); static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
static netsnmp_cert *_find_issuer(netsnmp_cert *cert); static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
@ -55,7 +52,7 @@ index e7b7114..bee0b5f 100644
static netsnmp_void_array *_cert_find_subset_fn(const char *filename, static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
const char *directory); const char *directory);
static netsnmp_void_array *_cert_find_subset_sn(const char *subject); static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
@@ -345,6 +347,8 @@ _get_cert_container(const char *use) @@ -349,6 +351,8 @@ _get_cert_container(const char *use)
{ {
netsnmp_container *c; netsnmp_container *c;
@ -64,7 +61,7 @@ index e7b7114..bee0b5f 100644
c = netsnmp_container_find("certs:binary_array"); c = netsnmp_container_find("certs:binary_array");
if (NULL == c) { if (NULL == c) {
snmp_log(LOG_ERR, "could not create container for %s\n", use); snmp_log(LOG_ERR, "could not create container for %s\n", use);
@@ -354,6 +358,8 @@ _get_cert_container(const char *use) @@ -358,6 +362,8 @@ _get_cert_container(const char *use)
c->free_item = (netsnmp_container_obj_func*)_cert_free; c->free_item = (netsnmp_container_obj_func*)_cert_free;
c->compare = (netsnmp_container_compare*)_cert_compare; c->compare = (netsnmp_container_compare*)_cert_compare;
@ -73,7 +70,7 @@ index e7b7114..bee0b5f 100644
return c; return c;
} }
@@ -362,6 +368,8 @@ _setup_containers(void) @@ -366,6 +372,8 @@ _setup_containers(void)
{ {
netsnmp_container *additional_keys; netsnmp_container *additional_keys;
@ -82,7 +79,7 @@ index e7b7114..bee0b5f 100644
_certs = _get_cert_container("netsnmp certificates"); _certs = _get_cert_container("netsnmp certificates");
if (NULL == _certs) if (NULL == _certs)
return; return;
@@ -376,6 +384,7 @@ _setup_containers(void) @@ -380,6 +388,7 @@ _setup_containers(void)
additional_keys->container_name = strdup("certs_cn"); additional_keys->container_name = strdup("certs_cn");
additional_keys->free_item = NULL; additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare; additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
@ -90,7 +87,7 @@ index e7b7114..bee0b5f 100644
netsnmp_container_add_index(_certs, additional_keys); netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: subject name */ /** additional keys: subject name */
@@ -389,6 +398,7 @@ _setup_containers(void) @@ -393,6 +402,7 @@ _setup_containers(void)
additional_keys->free_item = NULL; additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare; additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare; additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
@ -98,7 +95,7 @@ index e7b7114..bee0b5f 100644
netsnmp_container_add_index(_certs, additional_keys); netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: file name */ /** additional keys: file name */
@@ -402,6 +412,7 @@ _setup_containers(void) @@ -406,6 +416,7 @@ _setup_containers(void)
additional_keys->free_item = NULL; additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare; additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare; additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
@ -106,7 +103,7 @@ index e7b7114..bee0b5f 100644
netsnmp_container_add_index(_certs, additional_keys); netsnmp_container_add_index(_certs, additional_keys);
_keys = netsnmp_container_find("cert_keys:binary_array"); _keys = netsnmp_container_find("cert_keys:binary_array");
@@ -424,9 +435,9 @@ netsnmp_cert_map_container(void) @@ -428,9 +439,9 @@ netsnmp_cert_map_container(void)
} }
static netsnmp_cert * static netsnmp_cert *
@ -119,7 +116,7 @@ index e7b7114..bee0b5f 100644
{ {
netsnmp_cert *cert; netsnmp_cert *cert;
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType, @@ -450,8 +461,10 @@ _new_cert(const char *dirname, const cha
cert->info.dir = strdup(dirname); cert->info.dir = strdup(dirname);
cert->info.filename = strdup(filename); cert->info.filename = strdup(filename);
@ -131,7 +128,7 @@ index e7b7114..bee0b5f 100644
if (fingerprint) { if (fingerprint) {
cert->hash_type = hashType; cert->hash_type = hashType;
cert->fingerprint = strdup(fingerprint); cert->fingerprint = strdup(fingerprint);
@@ -884,14 +897,86 @@ _certindex_new( const char *dirname ) @@ -888,14 +901,86 @@ _certindex_new( const char *dirname )
* certificate utility functions * certificate utility functions
* *
*/ */
@ -220,7 +217,7 @@ index e7b7114..bee0b5f 100644
if (NULL == cert) if (NULL == cert)
return NULL; return NULL;
@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert) @@ -912,51 +997,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
} }
} }
@ -229,18 +226,18 @@ index e7b7114..bee0b5f 100644
- certbio = BIO_new(BIO_s_file()); - certbio = BIO_new(BIO_s_file());
- if (NULL == certbio) { - if (NULL == certbio) {
- snmp_log(LOG_ERR, "error creating BIO\n"); - snmp_log(LOG_ERR, "error creating BIO\n");
- return NULL;
- }
-
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename); + certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
+ if (!certbio) { + if (!certbio) {
return NULL; return NULL;
} }
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
- return NULL;
- }
-
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) { - if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
- char *pos = strrchr(cert->info.filename, '.'); - char *pos = strrchr(cert->info.filename, '.');
- if (NULL == pos) - if (NULL == pos)
@ -280,7 +277,7 @@ index e7b7114..bee0b5f 100644
if (NULL != okey) { if (NULL != okey) {
netsnmp_key *key; netsnmp_key *key;
DEBUGMSGT(("cert:read:key", "found key with cert in %s\n", DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert) @@ -983,7 +1050,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
break; break;
#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER #ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
case NS_CERT_TYPE_PKCS12: case NS_CERT_TYPE_PKCS12:
@ -289,7 +286,7 @@ index e7b7114..bee0b5f 100644
PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL); PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) || if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
PKCS12_verify_mac(p12, NULL, 0))) PKCS12_verify_mac(p12, NULL, 0)))
@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert) @@ -1003,46 +1070,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
return NULL; return NULL;
} }
@ -337,7 +334,7 @@ index e7b7114..bee0b5f 100644
return ocert; return ocert;
} }
@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key) @@ -1052,7 +1080,6 @@ netsnmp_okey_get(netsnmp_key *key)
{ {
BIO *keybio; BIO *keybio;
EVP_PKEY *okey; EVP_PKEY *okey;
@ -345,7 +342,7 @@ index e7b7114..bee0b5f 100644
if (NULL == key) if (NULL == key)
return NULL; return NULL;
@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key) @@ -1060,19 +1087,8 @@ netsnmp_okey_get(netsnmp_key *key)
if (key->okey) if (key->okey)
return key->okey; return key->okey;
@ -367,7 +364,7 @@ index e7b7114..bee0b5f 100644
return NULL; return NULL;
} }
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) @@ -1158,7 +1174,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
cert->issuer_cert = _find_issuer(cert); cert->issuer_cert = _find_issuer(cert);
if (NULL == cert->issuer_cert) { if (NULL == cert->issuer_cert) {
DEBUGMSGT(("cert:load:warn", DEBUGMSGT(("cert:load:warn",
@ -376,7 +373,7 @@ index e7b7114..bee0b5f 100644
cert->info.filename)); cert->info.filename));
rc = CERT_LOAD_PARTIAL; rc = CERT_LOAD_PARTIAL;
break; break;
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) @@ -1167,7 +1183,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
/** get issuer ocert */ /** get issuer ocert */
if ((NULL == cert->issuer_cert->ocert) && if ((NULL == cert->issuer_cert->ocert) &&
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) { (netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
@ -385,7 +382,7 @@ index e7b7114..bee0b5f 100644
cert->info.filename)); cert->info.filename));
rc = CERT_LOAD_PARTIAL; rc = CERT_LOAD_PARTIAL;
break; break;
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) @@ -1188,7 +1204,7 @@ _find_partner(netsnmp_cert *cert, netsnm
return; return;
} }
@ -394,7 +391,7 @@ index e7b7114..bee0b5f 100644
if (key->cert) { if (key->cert) {
DEBUGMSGT(("cert:partner", "key already has partner\n")); DEBUGMSGT(("cert:partner", "key already has partner\n"));
return; return;
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) @@ -1201,7 +1217,8 @@ _find_partner(netsnmp_cert *cert, netsnm
return; return;
*pos = 0; *pos = 0;
@ -404,7 +401,7 @@ index e7b7114..bee0b5f 100644
if (!matching) if (!matching)
return; return;
if (1 == matching->size) { if (1 == matching->size) {
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) @@ -1221,7 +1238,7 @@ _find_partner(netsnmp_cert *cert, netsnm
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n", DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
key->info.filename)); key->info.filename));
} }
@ -413,7 +410,7 @@ index e7b7114..bee0b5f 100644
if (cert->key) { if (cert->key) {
DEBUGMSGT(("cert:partner", "cert already has partner\n")); DEBUGMSGT(("cert:partner", "cert already has partner\n"));
return; return;
@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) @@ -1259,76 +1276,189 @@ _find_partner(netsnmp_cert *cert, netsnm
} }
} }
@ -656,7 +653,7 @@ index e7b7114..bee0b5f 100644
} }
return 0; return 0;
@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, struct stat *dirstat) @@ -1342,8 +1472,10 @@ _cert_read_index(const char *dirname, st
struct stat idx_stat; struct stat idx_stat;
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX]; char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15]; char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
@ -669,9 +666,9 @@ index e7b7114..bee0b5f 100644
netsnmp_cert *cert; netsnmp_cert *cert;
netsnmp_key *key; netsnmp_key *key;
netsnmp_container *newer, *found; netsnmp_container *newer, *found;
@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) @@ -1386,7 +1518,8 @@ _cert_read_index(const char *dirname, st
netsnmp_directory_container_read_some(NULL, dirname, (netsnmp_directory_filter*)
_time_filter, &idx_stat, _time_filter,(void*)&idx_stat,
NETSNMP_DIR_NSFILE | NETSNMP_DIR_NSFILE |
- NETSNMP_DIR_NSFILE_STATS); - NETSNMP_DIR_NSFILE_STATS);
+ NETSNMP_DIR_NSFILE_STATS | + NETSNMP_DIR_NSFILE_STATS |
@ -679,7 +676,7 @@ index e7b7114..bee0b5f 100644
if (newer) { if (newer) {
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n")); DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
CONTAINER_FREE_ALL(newer, NULL); CONTAINER_FREE_ALL(newer, NULL);
@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) @@ -1430,6 +1563,8 @@ _cert_read_index(const char *dirname, st
pos = &tmpstr[2]; pos = &tmpstr[2];
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) || if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) || (NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
@ -688,23 +685,23 @@ index e7b7114..bee0b5f 100644
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) || (NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
(NULL == (pos=copy_nword(pos, fingerprint, (NULL == (pos=copy_nword(pos, fingerprint,
sizeof(fingerprint)))) || sizeof(fingerprint)))) ||
@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, struct stat *dirstat) @@ -1442,9 +1577,11 @@ _cert_read_index(const char *dirname, st
break; break;
} }
type = atoi(type_str); type = atoi(type_str);
+ offset = atoi(offset_str); + offset = atoi(offset_str);
+ allowed_uses = atoi(allowed_uses_str); + allowed_uses = atoi(allowed_uses_str);
hash = atoi(hash_str); hash = atoi(hash_str);
- cert = _new_cert(dirname, filename, type, hash, fingerprint, - cert = (void*)_new_cert(dirname, filename, type, hash, fingerprint,
- common_name, subject); - common_name, subject);
+ cert = _new_cert(dirname, filename, type, offset, allowed_uses, hash, + cert = _new_cert(dirname, filename, type, offset, allowed_uses, hash,
+ fingerprint, common_name, subject); + fingerprint, common_name, subject);
if (cert && 0 == CONTAINER_INSERT(found, cert)) if (cert && 0 == CONTAINER_INSERT(found, cert))
++count; ++count;
else { else {
@@ -1543,7 +1680,8 @@ _add_certdir(const char *dirname) @@ -1549,7 +1686,8 @@ _add_certdir(const char *dirname)
netsnmp_directory_container_read_some(NULL, dirname, (netsnmp_directory_filter*)
_cert_cert_filter, NULL, &_cert_cert_filter, NULL,
NETSNMP_DIR_RELATIVE_PATH | NETSNMP_DIR_RELATIVE_PATH |
- NETSNMP_DIR_EMPTY_OK ); - NETSNMP_DIR_EMPTY_OK );
+ NETSNMP_DIR_EMPTY_OK | + NETSNMP_DIR_EMPTY_OK |
@ -712,7 +709,7 @@ index e7b7114..bee0b5f 100644
if (NULL == cert_container) { if (NULL == cert_container) {
DEBUGMSGT(("cert:index:dir", DEBUGMSGT(("cert:index:dir",
"error creating container for cert files\n")); "error creating container for cert files\n"));
@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *context) @@ -1637,7 +1775,7 @@ _cert_print(netsnmp_cert *c, void *conte
if (NULL == c) if (NULL == c)
return; return;
@ -721,7 +718,7 @@ index e7b7114..bee0b5f 100644
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n", DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
c->info.type, c->info.allowed_uses, c->info.type, c->info.allowed_uses,
_mode_str(c->info.allowed_uses))); _mode_str(c->info.allowed_uses)));
@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, void *hint) @@ -1841,7 +1979,8 @@ netsnmp_cert_find(int what, int where, v
netsnmp_void_array *matching; netsnmp_void_array *matching;
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint)); DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
@ -731,7 +728,7 @@ index e7b7114..bee0b5f 100644
if (!matching) if (!matching)
return NULL; return NULL;
if (1 == matching->size) if (1 == matching->size)
@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, void *hint) @@ -1887,6 +2026,32 @@ netsnmp_cert_find(int what, int where, v
return result; return result;
} }
@ -764,7 +761,7 @@ index e7b7114..bee0b5f 100644
#ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS #ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS
int int
netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var) netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var)
@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory) @@ -2284,6 +2449,124 @@ _reduce_subset_dir(netsnmp_void_array *m
} }
} }
@ -889,25 +886,10 @@ index e7b7114..bee0b5f 100644
static netsnmp_void_array * static netsnmp_void_array *
_cert_find_subset_common(const char *filename, netsnmp_container *container) _cert_find_subset_common(const char *filename, netsnmp_container *container)
{ {
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
index c2dd989..e7145e4 100644 --- a/snmplib/transports/snmpTLSBaseDomain.c 2021-06-09 10:55:22.791954900 +0200
--- a/snmplib/dir_utils.c +++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-06-09 10:56:36.727272302 +0200
+++ b/snmplib/dir_utils.c @@ -59,7 +59,7 @@ int openssl_local_index;
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
/** default to unsorted */
if (! (flags & NETSNMP_DIR_SORTED))
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
+ /** default to duplicates not allowed */
+ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
}
dir = opendir(dirname);
diff --git a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
index a3a85bc..b9baeae 100644
--- a/snmplib/transports/snmpTLSBaseDomain.c
+++ b/snmplib/transports/snmpTLSBaseDomain.c
@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(const char **file, int *line,
/* this is called during negotiation */ /* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) { int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth; int err, depth;
@ -916,7 +898,7 @@ index a3a85bc..b9baeae 100644
X509 *thecert; X509 *thecert;
netsnmp_cert *cert; netsnmp_cert *cert;
_netsnmp_verify_info *verify_info; _netsnmp_verify_info *verify_info;
@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) { @@ -71,10 +71,12 @@ int verify_callback(int ok, X509_STORE_C
/* things to do: */ /* things to do: */
@ -932,7 +914,7 @@ index a3a85bc..b9baeae 100644
fingerprint : "unknown")); fingerprint : "unknown"));
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) { @@ -109,7 +111,7 @@ int verify_callback(int ok, X509_STORE_C
} else { } else {
DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n")); DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n"));
/* log where we are and why called */ /* log where we are and why called */
@ -941,7 +923,7 @@ index a3a85bc..b9baeae 100644
SNMP_FREE(fingerprint); SNMP_FREE(fingerprint);
return 0; return 0;
} }
@@ -434,21 +436,48 @@ netsnmp_tlsbase_extract_security_name(SSL *ssl, _netsnmpTLSBaseData *tlsdata) { @@ -425,23 +427,50 @@ netsnmp_tlsbase_extract_security_name(SS
int int
_trust_this_cert(SSL_CTX *the_ctx, char *certspec) { _trust_this_cert(SSL_CTX *the_ctx, char *certspec) {
netsnmp_cert *trustcert; netsnmp_cert *trustcert;
@ -990,5 +972,95 @@ index a3a85bc..b9baeae 100644
- -
+ +
/* Add the certificate to the context */ /* Add the certificate to the context */
if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS) - if (netsnmp_cert_trust_ca(the_ctx, trustcert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
LOGANDDIE("failed to load trust certificate"); LOGANDDIE("failed to load trust certificate");
return 1;
@@ -481,7 +510,7 @@ _sslctx_common_setup(SSL_CTX *the_ctx, _
NETSNMP_DS_LIB_X509_CRL_FILE);
if (NULL != crlFile) {
cert_store = SSL_CTX_get_cert_store(the_ctx);
- DEBUGMSGTL(("sslctx_client", "loading CRL: %s\n", crlFile));
+ DEBUGMSGTL(("sslctx_common", "loading CRL: %s\n", crlFile));
if (!cert_store)
LOGANDDIE("failed to find certificate store");
if (!(lookup = X509_STORE_add_lookup(cert_store, X509_LOOKUP_file())))
@@ -546,13 +575,19 @@ sslctx_client_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the client certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the client private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("client public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate client certificate");
+ }
if (tlsbase->their_identity)
peer_cert = netsnmp_cert_find(NS_CERT_REMOTE_PEER,
@@ -566,11 +601,11 @@ sslctx_client_setup(const SSL_METHOD *me
peer_cert ? peer_cert->info.filename : "none"));
/* Trust the expected certificate */
- if (netsnmp_cert_trust_ca(the_ctx, peer_cert) != SNMPERR_SUCCESS)
+ if (netsnmp_cert_trust(the_ctx, peer_cert) != SNMPERR_SUCCESS)
LOGANDDIE ("failed to set verify paths");
}
- /* trust a certificate (possibly a CA) aspecifically passed in */
+ /* trust a certificate (possibly a CA) specifically passed in */
if (tlsbase->trust_cert) {
if (!_trust_this_cert(the_ctx, tlsbase->trust_cert))
return 0;
@@ -589,7 +624,7 @@ sslctx_server_setup(const SSL_METHOD *me
/* setting up for ssl */
SSL_CTX *the_ctx = SSL_CTX_new(NETSNMP_REMOVE_CONST(SSL_METHOD *, method));
if (!the_ctx) {
- LOGANDDIE("can't create a new context");
+ LOGANDDIE("can't create a new server context");
}
id_cert = netsnmp_cert_find(NS_CERT_IDENTITY, NS_CERTKEY_DEFAULT, NULL);
@@ -597,7 +632,7 @@ sslctx_server_setup(const SSL_METHOD *me
LOGANDDIE ("error finding server identity keys");
if (!id_cert->key || !id_cert->key->okey)
- LOGANDDIE("failed to load private key");
+ LOGANDDIE("failed to load server private key");
DEBUGMSGTL(("sslctx_server", "using public key: %s\n",
id_cert->info.filename));
@@ -605,13 +640,19 @@ sslctx_server_setup(const SSL_METHOD *me
id_cert->key->info.filename));
if (SSL_CTX_use_certificate(the_ctx, id_cert->ocert) <= 0)
- LOGANDDIE("failed to set the certificate to use");
+ LOGANDDIE("failed to set the server certificate to use");
if (SSL_CTX_use_PrivateKey(the_ctx, id_cert->key->okey) <= 0)
- LOGANDDIE("failed to set the private key to use");
+ LOGANDDIE("failed to set the server private key to use");
if (!SSL_CTX_check_private_key(the_ctx))
- LOGANDDIE("public and private keys incompatible");
+ LOGANDDIE("server public and private keys incompatible");
+
+ while (id_cert->issuer_cert) {
+ id_cert = id_cert->issuer_cert;
+ if (!SSL_CTX_add_extra_chain_cert(the_ctx, id_cert->ocert))
+ LOGANDDIE("failed to add intermediate server certificate");
+ }
SSL_CTX_set_read_ahead(the_ctx, 1); /* XXX: DTLS only? */

@ -0,0 +1,12 @@
diff -urNp a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
--- a/snmplib/transports/snmpUDPIPv6Domain.c 2019-01-24 09:03:05.606441678 +0100
+++ b/snmplib/transports/snmpUDPIPv6Domain.c 2019-02-07 08:59:26.434587244 +0100
@@ -464,7 +464,7 @@ netsnmp_udp6_transport(const struct sock
NETSNMP_DS_LIB_CLIENT_ADDR);
if (client_socket) {
struct sockaddr_in6 client_addr;
- if(!netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
+ if(netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
return netsnmp_udp6_transport_with_source(addr, local,
&client_addr);
}

@ -0,0 +1,38 @@
diff -up net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
--- net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 2022-10-13 11:10:12.206072210 +0200
+++ net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c 2022-10-13 11:10:40.893111569 +0200
@@ -566,6 +566,7 @@ _systemstats_v6_load_systemstats(netsnmp
DEBUGMSGTL(("access:systemstats",
"Failed to load Systemstats Table (linux1), cannot open %s\n",
filename));
+ netsnmp_access_systemstats_entry_free(entry);
return 0;
}
diff --git a/agent/mibgroup/ucd-snmp/lmsensorsMib.c b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
index f709812fdc..ef93eeedc9 100644
--- a/agent/mibgroup/ucd-snmp/lmsensorsMib.c
+++ b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
@@ -94,7 +94,9 @@ initialize_lmSensorsTable(const char *tableName, const oid *tableOID,
netsnmp_table_helper_add_indexes(table_info, ASN_INTEGER, 0);
table_info->min_column = COLUMN_LMSENSORS_INDEX;
table_info->max_column = COLUMN_LMSENSORS_VALUE;
- netsnmp_container_table_register( reg, table_info, container, 0 );
+ if (netsnmp_container_table_register(reg, table_info, container, 0) !=
+ SNMPERR_SUCCESS)
+ return;
/*
* If the HAL sensors module was configured as an on-demand caching
diff -up net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 net-snmp-5.7.2/snmplib/snmp_logging.c
--- net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 2022-10-13 11:11:25.599172905 +0200
+++ net-snmp-5.7.2/snmplib/snmp_logging.c 2022-10-13 11:12:26.986257126 +0200
@@ -534,7 +534,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

@ -0,0 +1,31 @@
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-09-29 14:08:09.742478965 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-10-01 14:20:25.575174851 +0200
@@ -19,6 +19,7 @@
#include <errno.h>
#include <sys/ioctl.h>
+#include <sys/stat.h>
netsnmp_feature_require(prefix_info)
netsnmp_feature_require(find_prefix_info)
@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+
+ /*
+ * If PROCFILE exists, but isn't readable, file ERROR message.
+ * Otherwise log nothing, due of IPv6 support on this machine is
+ * intentionaly disabled/unavailable.
+ */
+
+ struct stat filestat;
+
+ if(stat(PROCFILE, &filestat) == 0){
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+ }
return -2;
}

@ -1,12 +1,11 @@
diff --git a/apps/Makefile.in b/apps/Makefile.in diff -urNp a/apps/Makefile.in b/apps/Makefile.in
index d4529d3..175242b 100644 --- a/apps/Makefile.in 2018-07-18 15:39:28.069251000 +0200
--- a/apps/Makefile.in +++ b/apps/Makefile.in 2018-07-18 15:54:52.261943123 +0200
+++ b/apps/Makefile.in @@ -230,7 +230,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX
@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap $(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS) libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS) - $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS)
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS) + $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
$(RANLIB) $@ $(RANLIB) $@

@ -0,0 +1,143 @@
From 5b8bf5d4130761c3374f9ad618e8a76bb75eb634 Mon Sep 17 00:00:00 2001
From: Yuwei Ba <i@xiaoba.me>
Date: Fri, 21 Aug 2020 15:06:10 +0800
Subject: [PATCH] snmpd: support MemAvailable on Linux
See also https://github.com/net-snmp/net-snmp/pull/167 .
[bvanassche: modified the behavior of this patch]
---
agent/mibgroup/hardware/memory/memory_linux.c | 20 ++++++++++++++++++-
agent/mibgroup/ucd-snmp/memory.c | 12 ++++++++++-
agent/mibgroup/ucd-snmp/memory.h | 1 +
include/net-snmp/agent/hardware/memory.h | 1 +
mibs/UCD-SNMP-MIB.txt | 16 +++++++++++++++
5 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86cde4..4ae235c2d0 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -24,7 +24,8 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
static int first = 1;
ssize_t bytes_read;
char *b;
- unsigned long memtotal = 0, memfree = 0, memshared = 0,
+ int have_memavail = 0;
+ unsigned long memtotal = 0, memavail = 0, memfree = 0, memshared = 0,
buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
@@ -81,6 +82,11 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No MemTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "MemAvailable: ");
+ if (b) {
+ have_memavail = 1;
+ sscanf(b, "MemAvailable: %lu", &memavail);
+ }
b = strstr(buff, "MemFree: ");
if (b)
sscanf(b, "MemFree: %lu", &memfree);
@@ -151,6 +157,18 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
mem->other = -1;
}
+ if (have_memavail) {
+ mem = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 1);
+ if (mem) {
+ if (!mem->descr)
+ mem->descr = strdup("Available memory");
+ mem->units = 1024;
+ mem->size = memavail;
+ mem->free = memavail;
+ mem->other = -1;
+ }
+ }
+
mem = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_VIRTMEM, 1 );
if (!mem) {
snmp_log_perror("No Virtual Memory info entry");
diff --git a/agent/mibgroup/ucd-snmp/memory.c b/agent/mibgroup/ucd-snmp/memory.c
index 371a77e9a5..158b28e67b 100644
--- a/agent/mibgroup/ucd-snmp/memory.c
+++ b/agent/mibgroup/ucd-snmp/memory.c
@@ -26,7 +26,7 @@ init_memory(void)
netsnmp_create_handler_registration("memory", handle_memory,
memory_oid, OID_LENGTH(memory_oid),
HANDLER_CAN_RONLY),
- 1, 26);
+ 1, 27);
netsnmp_register_scalar(
netsnmp_create_handler_registration("memSwapError", handle_memory,
memSwapError_oid, OID_LENGTH(memSwapError_oid),
@@ -272,6 +272,16 @@ handle_memory(netsnmp_mib_handler *handler,
c64.low = val & 0xFFFFFFFF;
c64.high = val >>32;
break;
+ case MEMORY_SYS_AVAIL:
+ type = ASN_COUNTER64;
+ mem_info = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 0);
+ if (!mem_info)
+ goto NOSUCH;
+ val = mem_info->size; /* memavail */
+ val *= (mem_info->units/1024);
+ c64.low = val & 0xFFFFFFFF;
+ c64.high = val >> 32;
+ break;
case MEMORY_SWAP_ERROR:
mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 );
if (!mem_info)
diff --git a/agent/mibgroup/ucd-snmp/memory.h b/agent/mibgroup/ucd-snmp/memory.h
index ded2140227..54a56a2fdb 100644
--- a/agent/mibgroup/ucd-snmp/memory.h
+++ b/agent/mibgroup/ucd-snmp/memory.h
@@ -41,6 +41,7 @@ Netsnmp_Node_Handler handle_memory;
#define MEMORY_SHARED_X 24
#define MEMORY_BUFFER_X 25
#define MEMORY_CACHED_X 26
+#define MEMORY_SYS_AVAIL 27
#define MEMORY_SWAP_ERROR 100
#define MEMORY_SWAP_ERRMSG 101
#endif /* MEMORY_H */
diff --git a/include/net-snmp/agent/hardware/memory.h b/include/net-snmp/agent/hardware/memory.h
index 54265cf22a..aca3a4d00d 100644
--- a/include/net-snmp/agent/hardware/memory.h
+++ b/include/net-snmp/agent/hardware/memory.h
@@ -10,6 +10,7 @@ typedef struct netsnmp_memory_info_s netsnmp_memory_info;
#define NETSNMP_MEM_TYPE_SHARED 8
#define NETSNMP_MEM_TYPE_SHARED2 9
#define NETSNMP_MEM_TYPE_SWAP 10
+#define NETSNMP_MEM_TYPE_AVAILMEM 11
/* Leave space for individual swap devices */
#define NETSNMP_MEM_TYPE_MAX 30
diff --git a/mibs/UCD-SNMP-MIB.txt b/mibs/UCD-SNMP-MIB.txt
index cde67feb50..d360bad025 100644
--- a/mibs/UCD-SNMP-MIB.txt
+++ b/mibs/UCD-SNMP-MIB.txt
@@ -746,6 +746,22 @@ memCachedX OBJECT-TYPE
memory as specifically reserved for this purpose."
::= { memory 26 }
+memSysAvail OBJECT-TYPE
+ SYNTAX CounterBasedGauge64
+ UNITS "kB"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total amount of available memory, which is an estimate
+ of how much memory is available for starting new applications,
+ without swapping.
+
+ This object will not be implemented on hosts where the
+ underlying operating system does not explicitly identify
+ memory as specifically reserved for this purpose."
+ ::= { memory 27 }
+
+
memSwapError OBJECT-TYPE
SYNTAX UCDErrorFlag
MAX-ACCESS read-only

@ -0,0 +1,92 @@
From c6facf2f080c9e1ea803e4884dc92889ec83d990 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Wed, 10 Oct 2018 21:42:35 -0700
Subject: [PATCH] snmplib/keytools: Fix a memory leak
Avoid that Valgrind reports the following memory leak:
17,328 bytes in 361 blocks are definitely lost in loss record 696 of 704
at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
by 0x52223B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x52DDB06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x4E9885D: generate_Ku (keytools.c:186)
by 0x40171F: asynchronous (leaktest.c:276)
by 0x400FE7: main (leaktest.c:356)
---
snmplib/keytools.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/snmplib/keytools.c b/snmplib/keytools.c
index 2cf0240abf..dcdae044ac 100644
--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
@@ -186,11 +186,15 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
ctx = EVP_MD_CTX_create();
#else
ctx = malloc(sizeof(*ctx));
- if (!EVP_MD_CTX_init(ctx))
- return SNMPERR_GENERR;
+ if (!EVP_MD_CTX_init(ctx)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#endif
- if (!EVP_DigestInit(ctx, hashfn))
- return SNMPERR_GENERR;
+ if (!EVP_DigestInit(ctx, hashfn)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#elif NETSNMP_USE_INTERNAL_CRYPTO
#ifndef NETSNMP_DISABLE_MD5
From 67726f2a74007b5b4117fe49ca1e02c86110b624 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Tue, 9 Oct 2018 23:28:25 +0000
Subject: [PATCH] snmplib: Fix a memory leak in scapi.c
This patch avoids that Valgrind reports the following leak:
==1069== 3,456 bytes in 72 blocks are definitely lost in loss record 1,568 of 1,616
==1069== at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==1069== by 0x70A63B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x7161B06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x4EA3017: sc_hash (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1CD8: hash_engineID (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1DEC: search_enginetime_list (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA2256: set_enginetime (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC495E: usm_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC58CA: usm_secmod_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7B91D: snmpv3_parse (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7C1F6: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7CE94: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
[ bvanassche: minimized diffs / edited commit message ]
---
snmplib/scapi.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/snmplib/scapi.c b/snmplib/scapi.c
index 8ad1d70d90..54310099d8 100644
--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
/* requested hash function is not available */
- return SNMPERR_SC_NOT_CONFIGURED;
+ rval = SNMPERR_SC_NOT_CONFIGURED;
+ goto sc_hash_type_quit;
}
/** pass the data */
@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
+
+sc_hash_type_quit:
#if defined(HAVE_EVP_MD_CTX_FREE)
EVP_MD_CTX_free(cptr);
#elif defined(HAVE_EVP_MD_CTX_DESTROY)

@ -0,0 +1,35 @@
diff -urNp a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
--- a/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:36:40.164588176 +0200
+++ b/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:38:59.398944829 +0200
@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
ssize_t bytes_read;
char *b;
unsigned long memtotal = 0, memfree = 0, memshared = 0,
- buffers = 0, cached = 0,
+ buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
netsnmp_memory_info *mem;
@@ -127,6 +127,13 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -183,7 +190,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (!mem->descr)
mem->descr = strdup("Cached memory");
mem->units = 1024;
- mem->size = cached;
+ mem->size = cached+sreclaimable;
mem->free = 0; /* Report cached size/used as equal */
mem->other = -1;
}

@ -1,7 +1,6 @@
diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
index 90b20d9..bd5abe1 100644 --- a/man/netsnmp_config_api.3.def 2018-07-18 11:18:06.196792766 +0200
--- a/man/netsnmp_config_api.3.def +++ b/man/netsnmp_config_api.3.def 2018-07-18 11:20:04.631679886 +0200
+++ b/man/netsnmp_config_api.3.def
@@ -295,7 +295,7 @@ for one particular machine. @@ -295,7 +295,7 @@ for one particular machine.
.PP .PP
The default list of directories to search is \fC SYSCONFDIR/snmp\fP, The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
@ -11,7 +10,7 @@ index 90b20d9..bd5abe1 100644
followed by \fC $HOME/.snmp\fP. followed by \fC $HOME/.snmp\fP.
This list can be changed by setting the environmental variable This list can be changed by setting the environmental variable
.I SNMPCONFPATH .I SNMPCONFPATH
@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration @@ -367,7 +367,7 @@ A colon separated list of directories to
files in. files in.
Default: Default:
.br .br
@ -20,11 +19,10 @@ index 90b20d9..bd5abe1 100644
.SH "SEE ALSO" .SH "SEE ALSO"
netsnmp_mib_api(3), snmp_api(3) netsnmp_mib_api(3), snmp_api(3)
.\" Local Variables: .\" Local Variables:
diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def
index fd30873..c3437d6 100644 --- a/man/snmp_config.5.def 2018-07-18 11:18:06.194792767 +0200
--- a/man/snmp_config.5.def +++ b/man/snmp_config.5.def 2018-07-18 11:20:56.423626117 +0200
+++ b/man/snmp_config.5.def @@ -10,7 +10,7 @@ First off, there are numerous places tha
@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
found and read from. By default, the applications look for found and read from. By default, the applications look for
configuration files in the following 4 directories, in order: configuration files in the following 4 directories, in order:
SYSCONFDIR/snmp, SYSCONFDIR/snmp,
@ -33,11 +31,10 @@ index fd30873..c3437d6 100644
directories, it looks for files snmp.conf, snmpd.conf and/or directories, it looks for files snmp.conf, snmpd.conf and/or
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
and/or snmptrapd.local.conf. *.local.conf are always and/or snmptrapd.local.conf. *.local.conf are always
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def diff -urNp a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
index 7ce8a46..a4000f9 100644 --- a/man/snmpd.conf.5.def 2018-07-18 11:18:06.196792766 +0200
--- a/man/snmpd.conf.5.def +++ b/man/snmpd.conf.5.def 2018-07-18 11:21:44.263574388 +0200
+++ b/man/snmpd.conf.5.def @@ -1559,7 +1559,7 @@ filename), and call the initialisation r
@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
.RS .RS
.IP "Note:" .IP "Note:"
If the specified PATH is not a fully qualified filename, it will If the specified PATH is not a fully qualified filename, it will

@ -0,0 +1,12 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
--- a/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:24:24.933347483 +0200
+++ b/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:25:49.007148474 +0200
@@ -460,7 +460,7 @@ proxy_handler(netsnmp_mib_handler *handl
if (sp->base_len &&
reqinfo->mode == MODE_GETNEXT &&
(snmp_oid_compare(ourname, ourlength,
- sp->base, sp->base_len) < 0)) {
+ sp->name, sp->name_len) < 0)) {
DEBUGMSGTL(( "proxy", "request is out of registered range\n"));
/*
* Create GETNEXT request with an OID so the

@ -0,0 +1,33 @@
From 6fd7499ccaafdf244a74306972562b2091cb91b1 Mon Sep 17 00:00:00 2001
From: fisabelle <fisabelle@broadsoft.com>
Date: Thu, 9 Jul 2020 15:49:35 -0400
Subject: [PATCH] Issue#147: Net-SNMP not responding when proxy requests times
out
---
agent/mibgroup/ucd-snmp/proxy.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index 24ae9322bd..e0ee96b29a 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -572,6 +572,17 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
}
switch (operation) {
+ case NETSNMP_CALLBACK_OP_RESEND:
+ /*
+ * Issue#147: Net-SNMP not responding when proxy requests times out
+ *
+ * When snmp_api issue a resend, the default case was hit and the
+ * delagated cache was freed.
+ * As a result, the NETSNMP_CALLBACK_OP_TIMED_OUT never came in.
+ */
+ DEBUGMSGTL(("proxy", "pdu has been resent for request = %8p\n", requests));
+ return SNMP_ERR_NOERROR;
+
case NETSNMP_CALLBACK_OP_TIMED_OUT:
/*
* WWWXXX: don't leave requests delayed if operation is

@ -0,0 +1,146 @@
diff -urNp a/include/net-snmp/library/snmpusm.h b/include/net-snmp/library/snmpusm.h
--- a/include/net-snmp/library/snmpusm.h 2020-03-16 09:54:29.883655600 +0100
+++ b/include/net-snmp/library/snmpusm.h 2020-03-16 09:55:24.142944520 +0100
@@ -43,6 +43,7 @@ extern "C" {
* Structures.
*/
struct usmStateReference {
+ int refcnt;
char *usr_name;
size_t usr_name_length;
u_char *usr_engine_id;
diff -urNp a/snmplib/snmp_client.c b/snmplib/snmp_client.c
--- a/snmplib/snmp_client.c 2020-03-16 09:54:29.892655813 +0100
+++ b/snmplib/snmp_client.c 2020-03-16 09:58:13.214021890 +0100
@@ -402,27 +402,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
return NULL;
}
- if (pdu->securityStateRef &&
- pdu->command == SNMP_MSG_TRAP2) {
-
- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
- (struct usmStateReference **) &newpdu->securityStateRef );
-
- if (ret)
- {
+ sptr = find_sec_mod(newpdu->securityModel);
+ if (sptr && sptr->pdu_clone) {
+ /* call security model if it needs to know about this */
+ ret = sptr->pdu_clone(pdu, newpdu);
+ if (ret) {
snmp_free_pdu(newpdu);
return NULL;
}
}
- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
- sptr->pdu_clone != NULL) {
- /*
- * call security model if it needs to know about this
- */
- (*sptr->pdu_clone) (pdu, newpdu);
- }
-
return newpdu;
}
diff -urNp a/snmplib/snmpusm.c b/snmplib/snmpusm.c
--- a/snmplib/snmpusm.c 2020-03-16 09:54:29.894655860 +0100
+++ b/snmplib/snmpusm.c 2020-03-16 10:03:38.870027530 +0100
@@ -285,43 +285,64 @@ free_enginetime_on_shutdown(int majorid,
struct usmStateReference *
usm_malloc_usmStateReference(void)
{
- struct usmStateReference *retval = (struct usmStateReference *)
- calloc(1, sizeof(struct usmStateReference));
+ struct usmStateReference *retval;
+
+ retval = calloc(1, sizeof(struct usmStateReference));
+ if (retval)
+ retval->refcnt = 1;
return retval;
} /* end usm_malloc_usmStateReference() */
+static int
+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
+{
+ struct usmStateReference *ref = pdu->securityStateRef;
+ struct usmStateReference **new_ref =
+ (struct usmStateReference **)&new_pdu->securityStateRef;
+ int ret = 0;
+
+ if (!ref)
+ return ret;
+
+ if (pdu->command == SNMP_MSG_TRAP2) {
+ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
+ ret = usm_clone_usmStateReference(ref, new_ref);
+ } else {
+ netsnmp_assert(ref == *new_ref);
+ ref->refcnt++;
+ }
+
+ return ret;
+}
+
void
usm_free_usmStateReference(void *old)
{
- struct usmStateReference *old_ref = (struct usmStateReference *) old;
+ struct usmStateReference *ref = old;
- if (old_ref) {
+ if (!ref)
+ return;
- if (old_ref->usr_name_length)
- SNMP_FREE(old_ref->usr_name);
- if (old_ref->usr_engine_id_length)
- SNMP_FREE(old_ref->usr_engine_id);
- if (old_ref->usr_auth_protocol_length)
- SNMP_FREE(old_ref->usr_auth_protocol);
- if (old_ref->usr_priv_protocol_length)
- SNMP_FREE(old_ref->usr_priv_protocol);
-
- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
- SNMP_FREE(old_ref->usr_auth_key);
- }
- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
- SNMP_FREE(old_ref->usr_priv_key);
- }
+ if (--ref->refcnt > 0)
+ return;
- SNMP_ZERO(old_ref, sizeof(*old_ref));
- SNMP_FREE(old_ref);
+ SNMP_FREE(ref->usr_name);
+ SNMP_FREE(ref->usr_engine_id);
+ SNMP_FREE(ref->usr_auth_protocol);
+ SNMP_FREE(ref->usr_priv_protocol);
+ if (ref->usr_auth_key_length && ref->usr_auth_key) {
+ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
+ SNMP_FREE(ref->usr_auth_key);
+ }
+ if (ref->usr_priv_key_length && ref->usr_priv_key) {
+ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
+ SNMP_FREE(ref->usr_priv_key);
}
+ SNMP_FREE(ref);
} /* end usm_free_usmStateReference() */
struct usmUser *
@@ -3316,6 +3337,7 @@ init_usm(void)
def->encode_reverse = usm_secmod_rgenerate_out_msg;
def->encode_forward = usm_secmod_generate_out_msg;
def->decode = usm_secmod_process_in_msg;
+ def->pdu_clone = usm_clone;
def->pdu_free_state_ref = usm_free_usmStateReference;
def->session_setup = usm_session_init;
def->handle_report = usm_handle_report;

@ -0,0 +1,84 @@
diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
--- a/agent/snmp_agent.c 2020-06-11 10:20:31.646339191 +0200
+++ b/agent/snmp_agent.c 2020-06-11 10:23:41.178056889 +0200
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
- /* Clean up securityStateRef here to prevent a double free */
- if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
- snmp_free_securityStateRef(asp->orig_pdu);
- if (asp->pdu && asp->pdu->securityStateRef)
- snmp_free_securityStateRef(asp->pdu);
-
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
--- a/include/net-snmp/pdu_api.h 2020-06-11 10:20:31.631339058 +0200
+++ b/include/net-snmp/pdu_api.h 2020-06-11 10:24:17.261390028 +0200
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
-NETSNMP_IMPORT
-void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-06-11 10:20:31.695339627 +0200
+++ b/snmplib/snmp_api.c 2020-06-11 10:33:55.510891945 +0200
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
-/*
- * This function is here to provide a separate call to
- * free the securityStateRef memory. This is needed to prevent
- * a double free if this memory is freed in snmp_free_pdu.
- */
-void
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
-{
- free_securityStateRef(pdu);
-}
-
#define ERROR_STAT_LENGTH 11
int
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
if (!pdu)
return;
+ free_securityStateRef(pdu);
+
/*
* If the command field is empty, that probably indicates
* that this PDU structure has already been freed.
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
}
if (ret != SNMP_ERR_NOERROR) {
- /*
- * Call the security model to free any securityStateRef supplied w/ msg.
- */
- if (pdu->securityStateRef != NULL) {
- free_securityStateRef(pdu);
- }
snmp_free_pdu(pdu);
return NULL;
}
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
}
}
- /*
- * Call USM to free any securityStateRef supplied with the message.
- */
- if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
- free_securityStateRef(pdu);
-
if (!handled) {
if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
return -2;

@ -0,0 +1,12 @@
diff -urNp a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
--- a/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:20:56.776099134 +0200
+++ b/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:23:18.921323874 +0200
@@ -293,7 +293,7 @@ int netsnmp_udpbase_sendto(int fd, const
}
rc = sendmsg(fd, &m, MSG_NOSIGNAL|MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

@ -0,0 +1,30 @@
Don't check tests which depend on DNS - it's disabled in Koji
diff -urNp a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
--- a/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:52:56.081185545 +0200
+++ b/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:54:18.843968880 +0200
@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
CHECKAGENT '<"c408a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then
CHECKAGENT 'line 32: Error:'
diff -urNp a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
--- a/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:52:56.080185548 +0200
+++ b/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:55:17.779818732 +0200
@@ -132,6 +132,10 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
# 608
CHECKAGENT '<"c608a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then

@ -0,0 +1,21 @@
diff -urNp old/snmplib/transports/snmpUDPIPv4BaseDomain.c new/snmplib/transports/snmpUDPIPv4BaseDomain.c
--- old/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:40:48.663969034 +0200
+++ new/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:42:05.293723487 +0200
@@ -317,7 +317,7 @@ netsnmp_udpipv4base_tspec_transport(nets
if (NULL != tspec->source) {
struct sockaddr_in src_addr, *srcp = &src_addr;
/** get sockaddr from source */
- if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, NULL))
+ if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, ":0"))
return NULL;
return netsnmp_udpipv4base_transport_with_source(&addr, local, srcp);
} else {
@@ -364,7 +364,7 @@ netsnmp_udpipv4base_transport(const stru
strcat(client_address, ":0");
have_port = 1;
}
- rc = netsnmp_sockaddr_in2(&client_addr, client_socket, NULL);
+ rc = netsnmp_sockaddr_in2(&client_addr, client_socket, ":0");
if (client_address != client_socket)
free(client_address);
if(rc) {

@ -0,0 +1,11 @@
diff -urNp a/agent/snmpd.c b/agent/snmpd.c
--- a/agent/snmpd.c 2018-10-04 10:34:10.939728847 +0200
+++ b/agent/snmpd.c 2018-10-04 10:34:43.910625603 +0200
@@ -325,6 +325,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

@ -0,0 +1,13 @@
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-12-09 08:45:23.217942229 +0100
+++ b/snmplib/cert_util.c 2021-12-09 08:46:56.567562352 +0100
@@ -1368,8 +1368,7 @@ _add_certfile(const char* dirname, const
okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
if (NULL == okey)
- snmp_log(LOG_ERR, "error parsing key file %s\n",
- key->info.filename);
+ snmp_log(LOG_ERR, "error parsing key file %s\n", filename);
else {
key = _add_key(okey, dirname, filename, index);
if (NULL == key) {

@ -0,0 +1,357 @@
diff -urNp c/agent/snmp_agent.c d/agent/snmp_agent.c
--- c/agent/snmp_agent.c 2019-09-18 08:44:53.833601845 +0200
+++ d/agent/snmp_agent.c 2019-09-18 08:46:38.176595597 +0200
@@ -1604,6 +1604,13 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
+
+ /* Clean up securityStateRef here to prevent a double free */
+ if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->orig_pdu);
+ if (asp->pdu && asp->pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->pdu);
+
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp c/include/net-snmp/pdu_api.h d/include/net-snmp/pdu_api.h
--- c/include/net-snmp/pdu_api.h 2019-09-18 08:44:53.822601740 +0200
+++ d/include/net-snmp/pdu_api.h 2019-09-18 08:47:03.620838212 +0200
@@ -19,6 +19,8 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
+NETSNMP_IMPORT
+void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp c/snmplib/snmp_api.c d/snmplib/snmp_api.c
--- c/snmplib/snmp_api.c 2019-09-18 08:44:53.807601597 +0200
+++ d/snmplib/snmp_api.c 2019-09-18 08:53:19.937435576 +0200
@@ -4012,7 +4012,12 @@ snmpv3_parse(netsnmp_pdu *pdu,
static void
free_securityStateRef(netsnmp_pdu* pdu)
{
- struct snmp_secmod_def *sptr = find_sec_mod(pdu->securityModel);
+ struct snmp_secmod_def *sptr;
+
+ if(!pdu->securityStateRef)
+ return;
+
+ sptr = find_sec_mod(pdu->securityModel);
if (sptr) {
if (sptr->pdu_free_state_ref) {
(*sptr->pdu_free_state_ref) (pdu->securityStateRef);
@@ -4029,6 +4034,17 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
+/*
+ * This function is here to provide a separate call to
+ * free the securityStateRef memory. This is needed to prevent
+ * a double free if this memory is freed in snmp_free_pdu.
+ */
+void
+snmp_free_securityStateRef(netsnmp_pdu* pdu)
+{
+ free_securityStateRef(pdu);
+}
+
#define ERROR_STAT_LENGTH 11
int
diff -urNp c/snmplib/snmpusm.c d/snmplib/snmpusm.c
--- c/snmplib/snmpusm.c 2019-09-18 08:44:53.802601550 +0200
+++ d/snmplib/snmpusm.c 2019-09-18 08:57:35.696872662 +0200
@@ -299,16 +299,20 @@ usm_free_usmStateReference(void *old)
if (old_ref) {
- SNMP_FREE(old_ref->usr_name);
- SNMP_FREE(old_ref->usr_engine_id);
- SNMP_FREE(old_ref->usr_auth_protocol);
- SNMP_FREE(old_ref->usr_priv_protocol);
+ if (old_ref->usr_name_length)
+ SNMP_FREE(old_ref->usr_name);
+ if (old_ref->usr_engine_id_length)
+ SNMP_FREE(old_ref->usr_engine_id);
+ if (old_ref->usr_auth_protocol_length)
+ SNMP_FREE(old_ref->usr_auth_protocol);
+ if (old_ref->usr_priv_protocol_length)
+ SNMP_FREE(old_ref->usr_priv_protocol);
- if (old_ref->usr_auth_key) {
+ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
SNMP_FREE(old_ref->usr_auth_key);
}
- if (old_ref->usr_priv_key) {
+ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
SNMP_FREE(old_ref->usr_priv_key);
}
@@ -1039,7 +1043,6 @@ usm_generate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1091,7 +1094,6 @@ usm_generate_out_msg(int msgProcModel,
thePrivProtocolLength) == 1) {
DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1121,7 +1123,6 @@ usm_generate_out_msg(int msgProcModel,
&msgAuthParmLen, &msgPrivParmLen, &otstlen,
&seq_len, &msgSecParmLen) == -1) {
DEBUGMSGTL(("usm", "Failed calculating offsets.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1143,7 +1144,6 @@ usm_generate_out_msg(int msgProcModel,
ptr = *wholeMsg = globalData;
if (theTotalLength > *wholeMsgLen) {
DEBUGMSGTL(("usm", "Message won't fit in buffer.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1169,7 +1169,6 @@ usm_generate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
&ptr[privParamsOffset]) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1185,7 +1184,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[privParamsOffset])
== -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1198,7 +1196,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[dataOffset], &encrypted_length)
!= SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
#ifdef NETSNMP_ENABLE_TESTING_CODE
@@ -1226,7 +1223,6 @@ usm_generate_out_msg(int msgProcModel,
if ((encrypted_length != (theTotalLength - dataOffset))
|| (salt_length != msgPrivParmLen)) {
DEBUGMSGTL(("usm", "encryption length error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1362,7 +1358,6 @@ usm_generate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1376,7 +1371,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1384,7 +1378,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1398,7 +1391,6 @@ usm_generate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
@@ -1548,7 +1540,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1601,7 +1592,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1636,7 +1626,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm",
"couldn't malloc %d bytes for encrypted PDU\n",
(int)ciphertextlen));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_MALLOC;
}
@@ -1652,7 +1641,6 @@ usm_rgenerate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
iv) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1667,7 +1655,6 @@ usm_rgenerate_out_msg(int msgProcModel,
thePrivKeyLength - 8,
iv) == -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1686,7 +1673,6 @@ usm_rgenerate_out_msg(int msgProcModel,
scopedPdu, scopedPduLen,
ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1703,7 +1689,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ciphertext, ciphertextlen);
if (rc == 0) {
DEBUGMSGTL(("usm", "Encryption failed.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1743,7 +1728,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building privParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1766,7 +1750,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1789,7 +1772,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1805,7 +1787,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineTime failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1821,7 +1802,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineBoots failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1833,7 +1813,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1846,7 +1825,6 @@ usm_rgenerate_out_msg(int msgProcModel,
*offset - sp_offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building usm security parameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1860,7 +1838,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1870,7 +1847,6 @@ usm_rgenerate_out_msg(int msgProcModel,
while ((*wholeMsgLen - *offset) < globalDataLen) {
if (!asn_realloc(wholeMsg, wholeMsgLen)) {
DEBUGMSGTL(("usm", "building global data failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
}
@@ -1886,7 +1862,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ASN_CONSTRUCTOR), *offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building master packet sequence failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1904,7 +1879,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1915,14 +1889,12 @@ usm_rgenerate_out_msg(int msgProcModel,
!= SNMP_ERR_NOERROR) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
if (temp_sig_len != msgAuthParmLen) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1933,7 +1905,6 @@ usm_rgenerate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
return SNMPERR_SUCCESS;
} /* end usm_rgenerate_out_msg() */

@ -1,163 +0,0 @@
From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Tue, 24 Aug 2021 07:55:00 -0700
Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
When a SET request includes a mix of delegated and
non-delegated requests (e.g., objects handled by master
agent and agentx sub-agent), the status can get lost while
waiting for the reply from the sub-agent. Recover the status
into the session from the requests even if it has already
been processed.
---
agent/snmp_agent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 84fbb42b47..095ee70985 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp,
if (requests->status != SNMP_ERR_NOERROR &&
(!look_for_specific || requests->status == look_for_specific)
&& (look_for_specific || asp->index == 0
- || requests->index < asp->index)) {
+ || requests->index <= asp->index)) {
asp->index = requests->index;
asp->status = requests->status;
}
From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Wed, 30 Jun 2021 14:00:28 -0700
Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB,
NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
---
agent/mibgroup/agent/nsLogging.c | 6 ++++++
agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++--
agent/mibgroup/mibII/vacm_vars.c | 3 +++
agent/mibgroup/snmpv3/usmUser.c | 2 --
4 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c
index 9abdeb5bb7..7f4290490a 100644
--- a/agent/mibgroup/agent/nsLogging.c
+++ b/agent/mibgroup/agent/nsLogging.c
@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
}
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c
index cc61fce7e6..6c43210074 100644
--- a/agent/mibgroup/agent/nsVacmAccessTable.c
+++ b/agent/mibgroup/agent/nsVacmAccessTable.c
@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
ret = SNMP_ERR_NOERROR;
switch (table_info->colnum) {
@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
* Extract the authType token from the list of indexes
*/
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
idx = idx->next_variable; model = *idx->val.integer;
idx = idx->next_variable; level = *idx->val.integer;
entry = vacm_createAccessEntry( gName, cPrefix, model, level );
- entry->storageType = ST_NONVOLATILE;
- netsnmp_insert_iterator_context(request, (void*)entry);
+ if (entry) {
+ entry->storageType = ST_NONVOLATILE;
+ netsnmp_insert_iterator_context(request, (void*)entry);
+ }
}
}
}
@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c
index 469a1eba59..62c9a3d051 100644
--- a/agent/mibgroup/mibII/vacm_vars.c
+++ b/agent/mibgroup/mibII/vacm_vars.c
@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen,
return 1;
}
groupNameL = oidIndex[0];
+ if ((groupNameL + 1) > (int) oidLen) {
+ return 1;
+ }
contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */
if ((int) oidLen != groupNameL + contextPrefixL + 4) {
return 1;
diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c
index 0f52aaba49..0edea53cfb 100644
--- a/agent/mibgroup/snmpv3/usmUser.c
+++ b/agent/mibgroup/snmpv3/usmUser.c
@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action,
if (usmStatusCheck(uptr)) {
uptr->userStatus = RS_ACTIVE;
} else {
- SNMP_FREE(engineID);
- SNMP_FREE(newName);
return SNMP_ERR_INCONSISTENTVALUE;
}
} else if (long_ret == RS_CREATEANDWAIT) {

@ -1,18 +0,0 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index ac3c60f..177c00f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -57,11 +57,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift
;;

@ -1,46 +0,0 @@
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
index 4f78df3..fd25b3f 100644
--- a/agent/mibgroup/host/hr_filesys.c
+++ b/agent/mibgroup/host/hr_filesys.c
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
"shm",
"sockfs",
"sysfs",
+ "tmpfs",
"usbdevfs",
"usbfs",
#endif
diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c
index 6b459ec..f7a376b 100644
--- a/agent/mibgroup/host/hr_storage.c
+++ b/agent/mibgroup/host/hr_storage.c
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (Check_HR_FileSys_AutoFs())
return NULL;
diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c
index 8967d35..9bf2659 100644
--- a/agent/mibgroup/host/hrh_storage.c
+++ b/agent/mibgroup/host/hrh_storage.c
@@ -366,9 +366,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (HRFS_entry && Check_HR_FileSys_AutoFs())
return NULL;

@ -1,36 +0,0 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200
@@ -1,3 +1,4 @@
+use lib '.';
use strict;
use warnings;
use ExtUtils::MakeMaker;
diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
--- a/perl/MakefileSubs.pm 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/MakefileSubs.pm 2020-08-26 08:36:44.097218448 +0200
@@ -116,7 +116,7 @@ sub AddCommonParams {
append($Params->{'CCFLAGS'}, $cflags);
append($Params->{'CCFLAGS'}, $Config{'ccflags'});
# Suppress known Perl header shortcomings.
- $Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
+ $Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
append($Params->{'CCFLAGS'}, '-Wformat');
}
}

@ -1,22 +0,0 @@
diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
index e9a8831..5a1d8e7 100644
--- a/agent/mibgroup/disman/event/mteTrigger.c
+++ b/agent/mibgroup/disman/event/mteTrigger.c
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;

@ -1,24 +0,0 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index b0c71d9..ac3c60f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -14,6 +14,10 @@ Xalgorithm="DES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
+case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+esac
unset shifted
case $1 in
@@ -136,7 +140,7 @@ fi
echo "$line" >> "$outfile"
# Avoid that configure complains that this script ignores @datarootdir@
echo "@datarootdir@" >/dev/null
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " $line"

@ -1,12 +0,0 @@
diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100
+++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100
@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

@ -1,120 +0,0 @@
From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
From: Philippe Troin <phil+github-commits@fifi.org>
Date: Sat, 3 Feb 2024 10:30:30 -0800
Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
This breaks the hard-coded assumptions about the Ip line length.
Add compatibility to parse Linux 6.7 Ip header while keep support
for previous versions.
---
.../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++----
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
index 49e0a34d5c..f04e828a94 100644
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
}
/*
- /proc/net/snmp
+ /proc/net/snmp - Linux 6.6 and lower
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
Udp: InDatagrams NoPorts InErrors OutDatagrams
Udp: 1491094 122 0 1466178
+*
+ /proc/net/snmp - Linux 6.7 and higher
+
+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
+
+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
+
+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484
+
+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
+
+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ Udp: 2257832 1422 0 2252835 0 0 0 84 0
+
+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ UdpLite: 0 0 0 0 0 0 0 0 0
*/
@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
FILE *devin;
char line[1024];
netsnmp_systemstats_entry *entry = NULL;
- int scan_count;
+ int scan_count, expected_scan_count;
char *stats, *start = line;
int len;
- unsigned long long scan_vals[19];
+ unsigned long long scan_vals[20];
DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
load_flags));
@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
*/
NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
len = strlen(line);
- if (224 != len) {
+ switch (len) {
+ case 224:
+ expected_scan_count = 19;
+ break;
+ case 237:
+ expected_scan_count = 20;
+ break;
+ default:
fclose(devin);
snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
- " %d != 224\n", len);
+ " %d not in { 224, 237 } \n", len);
return -4;
}
@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
memset(scan_vals, 0x0, sizeof(scan_vals));
scan_count = sscanf(stats,
"%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
- "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
&scan_vals[0],&scan_vals[1],&scan_vals[2],
&scan_vals[3],&scan_vals[4],&scan_vals[5],
&scan_vals[6],&scan_vals[7],&scan_vals[8],
&scan_vals[9],&scan_vals[10],&scan_vals[11],
&scan_vals[12],&scan_vals[13],&scan_vals[14],
&scan_vals[15],&scan_vals[16],&scan_vals[17],
- &scan_vals[18]);
+ &scan_vals[18],&scan_vals[19]);
DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count));
- if(scan_count != 19) {
+ if(scan_count != expected_scan_count) {
snmp_log(LOG_ERR,
"error scanning systemstats data (expected %d, got %d)\n",
- 19, scan_count);
+ expected_scan_count, scan_count);
netsnmp_access_systemstats_entry_free(entry);
return -4;
}
@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
+ /* entry->stats. = scan_vals[19]; / * OutTransmits */
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;

@ -1,28 +0,0 @@
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86c..68b55d2 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
}
- b = strstr(buff, "SReclaimable: ");
- if (b)
- sscanf(b, "SReclaimable: %lu", &sreclaimable);
first = 0;

@ -1,48 +0,0 @@
From 7330e3e3e08d9baff23332e764f9a53561939fff Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 2 Sep 2021 21:06:54 -0700
Subject: [PATCH] libsnmp: Log "Truncating integer value >32 bits" once
Log this message once instead of every time sysUpTime and/or
hrSystemUptime are accessed after snmpd is running for more than 497 days.
Fixes: https://github.com/net-snmp/net-snmp/issues/144
---
snmplib/snmp_client.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/snmplib/snmp_client.c b/snmplib/snmp_client.c
index 0f539c63fe..b00670d973 100644
--- a/snmplib/snmp_client.c
+++ b/snmplib/snmp_client.c
@@ -853,7 +853,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const u_long *) value;
*(vars->val.integer) = *val_ulong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -865,7 +866,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const unsigned long long *) value;
*(vars->val.integer) = (long) *val_ullong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -877,7 +879,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const uintmax_t *) value;
*(vars->val.integer) = (long) *val_uintmax_t;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}

@ -1,84 +0,0 @@
diff -urNp a/include/net-snmp/library/snmp_openssl.h b/include/net-snmp/library/snmp_openssl.h
--- a/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:55:39.829901038 +0200
+++ b/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:56:18.656412998 +0200
@@ -44,7 +44,6 @@ extern "C" {
/*
* misc
*/
- void netsnmp_openssl_err_log(const char *prefix);
void netsnmp_openssl_null_checks(SSL *ssl, int *nullAuth, int *nullCipher);
/*
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-09-15 07:55:39.785900458 +0200
+++ b/snmplib/snmp_openssl.c 2021-09-15 07:57:30.914417600 +0200
@@ -937,20 +937,6 @@ netsnmp_openssl_cert_issued_by(X509 *iss
return (X509_check_issued(issuer, cert) == X509_V_OK);
}
-
-#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
-void
-netsnmp_openssl_err_log(const char *prefix)
-{
- unsigned long err;
- for (err = ERR_get_error(); err; err = ERR_get_error()) {
- snmp_log(LOG_ERR,"%s: %ld\n", prefix ? prefix: "openssl error", err);
- snmp_log(LOG_ERR, "library=%d, function=%d, reason=%d\n",
- ERR_GET_LIB(err), ERR_GET_FUNC(err), ERR_GET_REASON(err));
- }
-}
-#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG */
-
void
netsnmp_openssl_null_checks(SSL *ssl, int *null_auth, int *null_cipher)
{
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-05-18 11:15:09.247472175 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-05-24 09:39:29.297494727 +0200
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
int openssl_local_index;
-#ifndef HAVE_ERR_GET_ERROR_ALL
-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
-static unsigned long ERR_get_error_all(const char **file, int *line,
- const char **func,
- const char **data, int *flags)
-{
- *func = NULL;
- return ERR_get_error_line_data(file, line, data, flags);
-}
-#endif
-
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con
ERR_reason_error_string(ERR_get_error()));
}
-
- /* other errors */
- while ((numerical_reason =
- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
- ERR_error_string(numerical_reason, NULL), file, func, line);
-
- /* if we have a text translation: */
- if (data && (flags & ERR_TXT_STRING)) {
- snmp_log(LOG_ERR, " Textual Error: %s\n", data);
- /*
- * per openssl man page: If it has been allocated by
- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
- *
- * arggh... stupid openssl prototype for ERR_get_error_line_data
- * wants a const char **, but returns something that we might
- * need to free??
- */
- if (flags & ERR_TXT_MALLOCED)
- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); }
- }
snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
}

@ -1,26 +0,0 @@
diff --git a/agent/Makefile.in b/agent/Makefile.in
index b5d692d..1a30209 100644
--- a/agent/Makefile.in
+++ b/agent/Makefile.in
@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index 43f3b9c..d4529d3 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}

@ -1,38 +0,0 @@
diff --git a/Makefile.in b/Makefile.in
index 912f6b2..862fb5f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -227,7 +227,7 @@ perlcleanfeatures:
# python specific build rules
#
-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
+PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
pythonmodules: subdirs
@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
if test $$? != 0 ; then \
diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
index daf11a4..3a30a64 100644
--- a/python/netsnmp/client.py
+++ b/python/netsnmp/client.py
@@ -56,7 +56,7 @@ class Varbind(object):
def __init__(self, tag=None, iid=None, val=None, type_arg=None):
self.tag = STR(tag)
self.iid = STR(iid)
- self.val = STR(val)
+ self.val = val
self.type = STR(type_arg)
# parse iid out of tag if needed
if iid is None and tag is not None:
@@ -66,7 +66,10 @@ class Varbind(object):
(self.tag, self.iid) = match.group(1, 2)
def __setattr__(self, name, val):
- self.__dict__[name] = STR(val)
+ if name == 'val':
+ self.__dict__[name] = val
+ else:
+ self.__dict__[name] = STR(val)
def __str__(self):
return obj_to_str(self)

@ -1,42 +0,0 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2023-10-23 16:59:37.392368620 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2023-10-23 17:01:59.760640169 +0200
@@ -73,15 +73,21 @@ netsnmp_swinst_arch_init(void)
#endif
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+
+ /* check for SQLite DB backend */
+ snprintf( pkg_directory, SNMP_MAXPATH, "%s/rpmdb.sqlite", dbpath );
+
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+ snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
+ pkg_directory[0] = '\0';
+ }
+ }
SNMP_FREE(rpmdbpath);
dbpath = NULL;
#ifdef HAVE_RPMGETPATH
rpmFreeRpmrc();
#endif
- if (-1 == stat( pkg_directory, &stat_buf )) {
- snmp_log(LOG_ERR, "Can't find directory of RPM packages");
- pkg_directory[0] = '\0';
- }
}
void
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2023-10-23 16:59:37.391368611 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2023-10-23 17:02:47.159063503 +0200
@@ -229,6 +229,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath);
if (stat(path, &stat_buf) == -1)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
+ /* check for SQLite DB backend */
+ if (stat(path, &stat_buf) == -1)
+ snprintf(path, sizeof(path), "%s/rpmdb.sqlite", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;
swi->swi_directory = strdup(path);
#ifdef HAVE_RPMGETPATH

@ -1,31 +0,0 @@
From 298c8103db80b292791616af4fd497342a71867f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Wed, 24 May 2023 10:49:41 +0200
Subject: [PATCH] libsnmp, UDP transport: Fix sendmsg() error code handling
This change has been made because of Linux kernel commit "ipv4: Return
-ENETUNREACH if we can't create route but saddr is valid"
(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=595e0651d029)
Fixes: https://github.com/net-snmp/net-snmp/issues/564
Fixes: https://github.com/net-snmp/net-snmp/pull/576
[ bvanassche: edited commit message ]
---
snmplib/transports/snmpUDPBaseDomain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
index ca8f9a5554..cd6b15e2ad 100644
--- a/snmplib/transports/snmpUDPBaseDomain.c
+++ b/snmplib/transports/snmpUDPBaseDomain.c
@@ -315,7 +315,7 @@ int netsnmp_udpbase_sendto_unix(int fd, const struct in_addr *srcip,
sizeof(struct sockaddr));
else
rc = sendmsg(fd, &m, MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

@ -1,110 +0,0 @@
diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
index 6c07f74..7df0b51 100644
--- a/testing/fulltests/default/T070com2sec_simple
+++ b/testing/fulltests/default/T070com2sec_simple
@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- CHECKAGENT '<"c408a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 32: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+CHECKAGENT '<"c408a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 32: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
+ FINISHED
+fi
- CHECKAGENT '<"c408b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 33: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+CHECKAGENT '<"c408b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 33: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
fi
-
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
fi
FINISHED
diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
index 76da70b..bc2d432 100644
--- a/testing/fulltests/default/T071com2sec6_simple
+++ b/testing/fulltests/default/T071com2sec6_simple
@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- # 608
- CHECKAGENT '<"c608a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 29: Error:'
- errnum=`expr $errnum - 1`
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+# 608
+CHECKAGENT '<"c608a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 29: Error:'
+ errnum=`expr $errnum - 1`
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ FINISHED
+fi
- CHECKAGENTCOUNT atleastone '<"c608b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 30: Error:'
- if [ "$snmp_last_test_result" -eq 1 ] ; then
- errnum=`expr $errnum - 1`
- fi
+CHECKAGENTCOUNT atleastone '<"c608b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 30: Error:'
+ if [ "$snmp_last_test_result" -eq 1 ] ; then
+ errnum=`expr $errnum - 1`
fi
fi

@ -1,16 +0,0 @@
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index e6f5b20..41a5e01 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -34,6 +34,11 @@
#if HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
+
+#if defined(HAVE_WINSOCK_H) && !defined(mingw32)
+static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
+#endif
+
#if HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif

@ -1,12 +0,0 @@
diff --git a/agent/snmpd.c b/agent/snmpd.c
index ae73eda..f01b890 100644
--- a/agent/snmpd.c
+++ b/agent/snmpd.c
@@ -289,6 +289,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

@ -1,60 +0,0 @@
From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 9 Jun 2021 14:19:46 -0700
Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1
Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()")
Fixes: https://github.com/net-snmp/net-snmp/issues/303
---
python/netsnmp/client_intf.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c
index e5e7372303..94da39fe34 100644
--- a/python/netsnmp/client_intf.c
+++ b/python/netsnmp/client_intf.c
@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args)
static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int varlist_ind, int sprintval_flag, int *len,
- char **str_buf)
+ char **str_buf, int getlabel_flag)
{
struct tree *tp;
int type;
@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int buf_over = 0;
const char *tag;
const char *iid;
- int getlabel_flag = NO_FLAGS;
if (!PyObject_HasAttrString(varbind, "tag"))
return TYPE_OTHER;
@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type,
varbind = PySequence_GetItem(varlist, varlist_ind);
type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag,
- &len, &str_buf);
+ &len, &str_buf, getlabel_flag);
if (type != TYPE_OTHER) {
/* save in return tuple as well */
if ((type == SNMP_ENDOFMIBVIEW) ||
@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varlist_ind,
- sprintval_flag, &len, &str_buf) !=
+ sprintval_flag, &len, &str_buf, getlabel_flag) !=
TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varbind_ind,
- sprintval_flag, &len, &str_buf) != TYPE_OTHER) {
+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
/* push varbind onto varbinds */

@ -16,47 +16,47 @@
arch=`arch` arch=`arch`
echo $arch | grep -q i.86 echo $arch | grep -q i.86
if [ $? -eq 0 ] ; then if [ $? -eq 0 ] ; then
net-snmp-config-i386 "$@" net-snmp-config-i386 $*
exit 0 exit 0
fi fi
if [ "$arch" = "ia64" ] ; then if [ "$arch" = "ia64" ] ; then
net-snmp-config-ia64 "$@" net-snmp-config-ia64 $*
exit 0 exit 0
fi fi
if [ "$arch" = "ppc" ] ; then if [ "$arch" = "ppc" ] ; then
net-snmp-config-ppc "$@" net-snmp-config-ppc $*
exit 0 exit 0
fi fi
if [ "$arch" = "ppc64" ] ; then if [ "$arch" = "ppc64" ] ; then
net-snmp-config-ppc64 "$@" net-snmp-config-ppc64 $*
exit 0 exit 0
fi fi
if [ "$arch" = "s390" ] ; then if [ "$arch" = "s390" ] ; then
net-snmp-config-s390 "$@" net-snmp-config-s390 $*
exit 0 exit 0
fi fi
if [ "$arch" = "s390x" ] ; then if [ "$arch" = "s390x" ] ; then
net-snmp-config-s390x "$@" net-snmp-config-s390x $*
exit 0 exit 0
fi fi
if [ "$arch" = "x86_64" ] ; then if [ "$arch" = "x86_64" ] ; then
net-snmp-config-x86_64 "$@" net-snmp-config-x86_64 $*
exit 0 exit 0
fi fi
if [ "$arch" = "alpha" ] ; then if [ "$arch" = "alpha" ] ; then
net-snmp-config-alpha "$@" net-snmp-config-alpha $*
exit 0 exit 0
fi fi
if [ "$arch" = "sparc" ] ; then if [ "$arch" = "sparc" ] ; then
net-snmp-config-sparc "$@" net-snmp-config-sparc $*
exit 0 exit 0
fi fi
if [ "$arch" = "sparc64" ] ; then if [ "$arch" = "sparc64" ] ; then
net-snmp-config-sparc64 "$@" net-snmp-config-sparc64 $*
exit 0 exit 0
fi fi
if [ "$arch" = "aarch64" ] ; then if [ "$arch" = "aarch64" ] ; then
net-snmp-config-aarch64 "$@" net-snmp-config-aarch64 $*
exit 0 exit 0
fi fi
echo "Cannot determine architecture" echo "Cannot determine architecture"

@ -5,12 +5,12 @@
%global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 aarch64 %global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 aarch64
# actual soname version # actual soname version
%global soname 40 %global soname 35
Summary: A collection of SNMP protocol tools and libraries Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp Name: net-snmp
Version: 5.9.1 Version: 5.8
Release: 13%{?dist}.3 Release: 29%{?dist}
Epoch: 1 Epoch: 1
License: BSD License: BSD
@ -26,57 +26,71 @@ Source7: net-snmp-tmpfs.conf
Source8: snmpd.service Source8: snmpd.service
Source9: snmptrapd.service Source9: snmptrapd.service
Source10: IETF-MIB-LICENSE.txt Source10: IETF-MIB-LICENSE.txt
Patch1: net-snmp-5.7.2-pie.patch
Patch1: net-snmp-5.9-pie.patch Patch2: net-snmp-5.8-dir-fix.patch
Patch2: net-snmp-5.9-dir-fix.patch Patch3: net-snmp-5.8-multilib.patch
Patch3: net-snmp-5.9-multilib.patch Patch4: net-snmp-5.8-test-debug.patch
Patch4: net-snmp-5.9-test-debug.patch Patch5: net-snmp-5.7.2-autoreconf.patch
Patch5: net-snmp-5.7.2-cert-path.patch Patch6: net-snmp-5.8-agentx-disconnect-crash.patch
Patch6: net-snmp-5.9-cflags.patch Patch7: net-snmp-5.7.2-cert-path.patch
Patch7: net-snmp-5.8-Remove-U64-typedef.patch Patch8: net-snmp-5.8-cflags.patch
Patch8: net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch Patch9: net-snmp-5.8-Remove-U64-typedef.patch
Patch9: net-snmp-5.7.3-iterator-fix.patch Patch10: net-snmp-5.8-libnetsnmptrapd-against-MYSQL_LIBS.patch
Patch10: net-snmp-5.9-autofs-skip.patch Patch11: net-snmp-5.7.3-iterator-fix.patch
Patch11: net-snmp-5.9-usage-exit.patch Patch12: net-snmp-5.8-autofs-skip.patch
Patch12: net-snmp-5.9-coverity.patch Patch13: net-snmp-5.8-usage-exit.patch
Patch13: net-snmp-5.9-dskTable-dynamic.patch Patch14: net-snmp-5.8-coverity.patch
Patch14: net-snmp-5.8-expand-SNMPCONFPATH.patch Patch15: net-snmp-5.8-ipv6-clientaddr.patch
Patch15: net-snmp-5.8-duplicate-ipAddress.patch Patch16: net-snmp-5.8-agent-of-death.patch
Patch16: net-snmp-5.9-memory-reporting.patch Patch17: net-snmp-5.8-trapsink.patch
Patch17: net-snmp-5.8-man-page.patch Patch18: net-snmp-5.8-flood-messages.patch
Patch18: net-snmp-5.8-ipAddress-faster-load.patch Patch19: net-snmp-5.8-v3-forward.patch
Patch19: net-snmp-5.8-rpm-memory-leak.patch Patch20: net-snmp-5.8-sec-counter.patch
Patch20: net-snmp-5.9-aes-config.patch Patch21: net-snmp-5.8-proxy-getnext.patch
Patch21: net-snmp-5.8-clientaddr-error-message.patch Patch22: net-snmp-5.8-dskTable-dynamic.patch
Patch22: net-snmp-5.9-ECC-cert.patch Patch23: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch23: net-snmp-5.9-intermediate-certs.patch Patch24: net-snmp-5.8-duplicate-ipAddress.patch
Patch24: net-snmp-5.9-twice-IP-parsing.patch Patch25: net-snmp-5.8-memory-reporting.patch
Patch25: net-snmp-5.9-openssl-3.0.patch Patch26: net-snmp-5.8-man-page.patch
Patch26: net-snmp-5.9-CVE-2022-44792-44793.patch Patch27: net-snmp-5.8-ipAddress-faster-load.patch
Patch27: net-snmp-5.9-ipv6-disable-leak.patch Patch28: net-snmp-5.8-rpm-memory-leak.patch
Patch28: net-snmp-5.9-sendmsg-error-code.patch Patch29: net-snmp-5.8-sec-memory-leak.patch
Patch29: net-snmp-5.9-message-severity.patch Patch30: net-snmp-5.8-aes-config.patch
Patch30: net-snmp-5.9-rpmdb.patch Patch31: net-snmp-5.7.2-CVE-2020-15862.patch
Patch31: net-snmp-5.9-kernel-6.7.patch Patch32: net-snmp-5.8-bulk.patch
Patch32: net-snmp-5.9-deleted-iface.patch Patch33: net-snmp-5.8-clientaddr-error-message.patch
Patch33: net-snmp-5.9-CVE-2022-24805-24810.patch Patch34: net-snmp-5.8-ipv6-disabled.patch
Patch35: net-snmp-5.8-empty-passphrase.patch
Patch36: net-snmp-5.8-asn-parse-nlength.patch
Patch37: net-snmp-5.8-double-IP-parsing.patch
Patch38: net-snmp-5.8-digest-from-ECC.patch
Patch39: net-snmp-5.8-broken-errmsg.patch
Patch40: net-snmp-5.8-intermediate-certs.patch
Patch41: net-snmp-5.8-fix-cert-crash.patch
Patch42: net-snmp-5.8-engine-id.patch
Patch43: net-snmp-5.8-certs.patch
Patch44: net-snmp-5.8-util-fix.patch
Patch45: net-snmp-5.8-deleted-iface.patch
Patch46: net-snmp-5.8-memleak-backport.patch
Patch47: net-snmp-5.8-dev-mem-leak.patch
Patch48: net-snmp-5.8-CVE-2022-44792-44793.patch
Patch49: net-snmp-5.8-ipv6-disable-leak.patch
Patch50: net-snmp-5.8-proxy-time-out.patch
Patch51: net-snmp-5.8-sendmsg-error-code.patch
Patch52: net-snmp-5.8-memavailable.patch
# Modern RPM API means at least EL6 # Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch Patch101: net-snmp-5.8-modern-rpm-api.patch
#disable this patch due compatibility issues
Patch102: net-snmp-5.9-python3.patch
Patch103: net-snmp-5.9.1-python-usenumeric.patch
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: gcc
# This is actually needed for the %%triggerun script but Requires(triggerun) # This is actually needed for the %%triggerun script but Requires(triggerun)
# is not valid. We can use %%post because this particular %%triggerun script # is not valid. We can use %%post because this particular %%triggerun script
# should fire just after this package is installed. # should fire just after this package is installed.
%{?systemd_requires} %{?systemd_requires}
BuildRequires: make BuildRequires: systemd
BuildRequires: systemd
BuildRequires: gcc
BuildRequires: openssl-devel, bzip2-devel, elfutils-devel BuildRequires: openssl-devel, bzip2-devel, elfutils-devel
BuildRequires: libselinux-devel, elfutils-libelf-devel, rpm-devel BuildRequires: libselinux-devel, elfutils-libelf-devel, rpm-devel
BuildRequires: perl-devel, perl(ExtUtils::Embed), procps BuildRequires: perl-devel, perl(ExtUtils::Embed), procps
@ -86,17 +100,7 @@ BuildRequires: mariadb-connector-c-devel
# for netstat, needed by 'make test' # for netstat, needed by 'make test'
BuildRequires: net-tools BuildRequires: net-tools
# for make test # for make test
BuildRequires: perl(:VERSION) >= 5.6
BuildRequires: perl(AutoLoader)
BuildRequires: perl(blib)
BuildRequires: perl(Carp)
BuildRequires: perl(DynaLoader)
BuildRequires: perl(Exporter)
BuildRequires: perl(overload)
BuildRequires: perl(strict)
BuildRequires: perl(TAP::Harness) BuildRequires: perl(TAP::Harness)
BuildRequires: perl(vars)
BuildRequires: perl(warnings)
%ifnarch s390 s390x ppc64le %ifnarch s390 s390x ppc64le
BuildRequires: lm_sensors-devel >= 3 BuildRequires: lm_sensors-devel >= 3
%endif %endif
@ -117,6 +121,7 @@ which contains NET-SNMP utilities.
%package utils %package utils
Summary: Network management utilities using SNMP, from the NET-SNMP project Summary: Network management utilities using SNMP, from the NET-SNMP project
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: gcc
%description utils %description utils
The net-snmp-utils package contains various utilities for use with the The net-snmp-utils package contains various utilities for use with the
@ -135,7 +140,7 @@ Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel
Requires: lm_sensors-devel Requires: lm_sensors-devel
%endif %endif
# pull perl development libraries, net-snmp agent libraries may link to them # pull perl development libraries, net-snmp agent libraries may link to them
Requires: perl-devel%{?_isa} Requires: perl-devel%{?_isa}, gcc
%description devel %description devel
The net-snmp-devel package contains the development libraries and The net-snmp-devel package contains the development libraries and
@ -151,7 +156,6 @@ packages installed.
Summary: The perl NET-SNMP module and the mib2c tool Summary: The perl NET-SNMP module and the mib2c tool
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}, perl-interpreter Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}, perl-interpreter
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: perl-interpreter BuildRequires: perl-interpreter
BuildRequires: perl-generators BuildRequires: perl-generators
@ -191,23 +195,10 @@ Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
The net-snmp-agent-libs package contains the runtime agent libraries for shared The net-snmp-agent-libs package contains the runtime agent libraries for shared
binaries and applications. binaries and applications.
%package -n python3-net-snmp
%{?python_provide:%python_provide python3-net-snmp}
# Remove before F30
Provides: %{name}-python = %{epoch}:%{version}-%{release}
Provides: %{name}-python%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-python < %{epoch}:%{version}-%{release}
Summary: The Python 'netsnmp' module for the Net-SNMP
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description -n python3-net-snmp
The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3,
SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the
Net-SNMP toolkit library.
%prep %prep
%setup -q %setup -q
cp %{SOURCE10} . cp %{SOURCE10} .
rm -r python
%ifnarch ia64 %ifnarch ia64
%patch1 -p1 -b .pie %patch1 -p1 -b .pie
@ -216,42 +207,61 @@ cp %{SOURCE10} .
%patch2 -p1 -b .dir-fix %patch2 -p1 -b .dir-fix
%patch3 -p1 -b .multilib %patch3 -p1 -b .multilib
%patch4 -p1 %patch4 -p1
%patch5 -p1 -b .cert-path %patch5 -p1 -b .autoreconf
%patch6 -p1 -b .cflags %patch6 -p1 -b .agentx-disconnect-crash
%patch7 -p1 -b .u64-remove %patch7 -p1 -b .cert-path
%patch8 -p1 -b .perlfix %patch8 -p1 -b .cflags
%patch9 -p1 -b .iterator-fix %patch9 -p1 -b .u64-remove
%patch10 -p1 -b .autofs-skip %patch10 -p1 -b .perlfix
%patch11 -p1 -b .usage-fix %patch11 -p1 -b .iterator-fix
%patch12 -p1 -b .coverity %patch12 -p1 -b .autofs-skip
%patch13 -p1 -b .dskTable-dynamic %patch13 -p1 -b .usage-fix
%patch14 -p1 -b .expand-SNMPCONFPATH %patch14 -p1 -b .coverity
%patch15 -p1 -b .duplicate-ipAddress %patch15 -p1 -b .ipv6-clientaddr
%patch16 -p1 -b .memory-reporting %patch16 -p1 -b .agent-of-death
%patch17 -p1 -b .man-page %patch17 -p1 -b .trapsink
%patch18 -p1 -b .ipAddress-faster-load %patch18 -p1 -b .flood-messages
%patch19 -p1 -b .rpm-memory-leak %patch19 -p1 -b .v3-forward
%patch20 -p1 -b .aes-config %patch20 -p1 -b .sec-counter
%patch21 -p1 -b .clientaddr-error-message %patch21 -p1 -b .proxy-getnext
%patch22 -p1 -b .ECC-cert %patch22 -p1 -b .dskTable-dynamic
%patch23 -p1 -b .intermediate-certs %patch23 -p1 -b .expand-SNMPCONFPATH
%patch24 -p1 -b .twice-IP-parsing %patch24 -p1 -b .duplicate-ipAddress
%patch25 -p1 -b .openssl-3-0 %patch25 -p1 -b .memory-reporting
%patch26 -p1 %patch26 -p1 -b .man-page
%patch27 -p1 -b .ipv6-disable-leak %patch27 -p1 -b .ipAddress-faster-load
%patch28 -p1 -b .sendmsg-error-code %patch28 -p1 -b .rpm-memory-leak
%patch29 -p1 -b .message-severity %patch29 -p1 -b .sec-memory-leak
%patch30 -p1 -b .rpmdb %patch30 -p1 -b .aes-config
%patch31 -p1 -b .kernel-patch %patch31 -p1 -b .CVE-2020-15862
%patch32 -p1 -b .iface %patch32 -p1 -b .bulk
%patch33 -p1 -b .CVE-2022-24805-24810 %patch33 -p1 -b .clientaddr-error-message
%patch34 -p1 -b .ipv6-disabled
%patch35 -p1 -b .empty-passphrase
%patch36 -p1 -b .asn-parse-nlength
%patch37 -p1 -b .double-IP-parsing
%patch38 -p1 -b .digest-from-ECC
%patch39 -p1 -b .broken-errmsg
%patch40 -p1 -b .intermediate-certs
%patch41 -p1 -b .fix-cert-crash
%patch42 -p1 -b .engine-id
%patch43 -p1 -b .certs
%patch44 -p1 -b .utils
%patch45 -p1 -b .ifaces
%patch46 -p1 -b .memleak-backport
%patch47 -p1 -b .dev-mem-leak
%patch48 -p1
%patch49 -p1 -b .ipv6-disable-leak
%patch50 -p1 -b .proxy-time-out
%patch51 -p1 -b .sendmsg-error-code
%patch52 -p1 -b .memavailable
%patch101 -p1 -b .modern-rpm-api %patch101 -p1 -b .modern-rpm-api
%patch102 -p1
%patch103 -p1
%ifarch sparc64 s390 s390x
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697 # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
rm testing/fulltests/default/T200* rm testing/fulltests/default/T200*
%endif
%build %build
@ -280,10 +290,9 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--enable-local-smux \ --enable-local-smux \
--enable-mfd-rewrites \ --enable-mfd-rewrites \
--enable-ucd-snmp-compatibility \ --enable-ucd-snmp-compatibility \
--disable-des \
--sysconfdir=%{_sysconfdir} \ --sysconfdir=%{_sysconfdir} \
--with-cflags="$RPM_OPT_FLAGS -fPIE" \ --with-cflags="$RPM_OPT_FLAGS" \
--with-ldflags="$RPM_LD_FLAGS -lm" \ --with-ldflags="-Wl,-z,relro -Wl,-z,now -lm" \
--with-logfile="/var/log/snmpd.log" \ --with-logfile="/var/log/snmpd.log" \
--with-mib-modules="$MIBS" \ --with-mib-modules="$MIBS" \
--with-mysql \ --with-mysql \
@ -296,8 +305,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--with-systemd \ --with-systemd \
--with-temp-file-pattern=/run/net-snmp/snmp-tmp-XXXXXX \ --with-temp-file-pattern=/run/net-snmp/snmp-tmp-XXXXXX \
--with-transports="DTLSUDP TLSTCP" \ --with-transports="DTLSUDP TLSTCP" \
--with-sys-contact="root@localhost" \ --with-sys-contact="root@localhost" <<EOF
--without-pcre <<EOF
EOF EOF
# store original libtool file, we will need it later # store original libtool file, we will need it later
@ -307,17 +315,11 @@ sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
# the package is not %%_smp_mflags safe # the package is not %%_smp_mflags safe
%{__make} make
# remove rpath from compiled perl libs # remove rpath from compiled perl libs
find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \; find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \;
# compile python module
pushd python
%{__python3} setup.py --basedir="../" build
popd
%install %install
make install DESTDIR=%{buildroot} make install DESTDIR=%{buildroot}
@ -373,11 +375,6 @@ rm -f README.aix README.hpux11 README.osX README.Panasonic_AM3X.txt README.solar
# copy missing mib2c.conf files # copy missing mib2c.conf files
install -m 644 local/mib2c.*.conf %{buildroot}%{_datadir}/snmp install -m 644 local/mib2c.*.conf %{buildroot}%{_datadir}/snmp
# install python module
pushd python
%{__python3} setup.py --basedir=.. install -O1 --skip-build --root %{buildroot}
popd
find %{buildroot} -name '*.so' | xargs chmod 0755 find %{buildroot} -name '*.so' | xargs chmod 0755
# trim down massive ChangeLog # trim down massive ChangeLog
@ -392,6 +389,10 @@ done
# remove executable bit from documentation samples # remove executable bit from documentation samples
chmod 644 local/passtest local/ipf-mod.pl chmod 644 local/passtest local/ipf-mod.pl
# dirty hack for #603243, until it's fixed properly upstream
install -m 755 -d %{buildroot}/usr/include/net-snmp/agent/util_funcs
install -m 644 agent/mibgroup/util_funcs/*.h %{buildroot}/usr/include/net-snmp/agent/util_funcs
# systemd stuff # systemd stuff
install -m 755 -d %{buildroot}/%{_tmpfilesdir} install -m 755 -d %{buildroot}/%{_tmpfilesdir}
install -m 644 %SOURCE7 %{buildroot}/%{_tmpfilesdir}/net-snmp.conf install -m 644 %SOURCE7 %{buildroot}/%{_tmpfilesdir}/net-snmp.conf
@ -409,7 +410,6 @@ cp -f libtool.orig libtool
chmod 755 local/passtest chmod 755 local/passtest
LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%endif %endif
@ -463,8 +463,7 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%files devel %files devel
%{_libdir}/lib*.so %{_libdir}/lib*.so
%{_libdir}/pkgconfig/* /usr/include/*
%{_includedir}/*
%attr(0644,root,root) %{_mandir}/man3/*.3.* %attr(0644,root,root) %{_mandir}/man3/*.3.*
%attr(0755,root,root) %{_bindir}/net-snmp-config* %attr(0755,root,root) %{_bindir}/net-snmp-config*
%attr(0644,root,root) %{_mandir}/man1/net-snmp-config*.1.* %attr(0644,root,root) %{_mandir}/man1/net-snmp-config*.1.*
@ -488,10 +487,6 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{perl_vendorarch}/auto/Bundle/*SNMP* %{perl_vendorarch}/auto/Bundle/*SNMP*
%{perl_vendorarch}/Bundle/MakefileSubs.pm %{perl_vendorarch}/Bundle/MakefileSubs.pm
%files -n python3-net-snmp
%doc README
%{python3_sitearch}/*
%files gui %files gui
%{_bindir}/tkmib %{_bindir}/tkmib
%attr(0644,root,root) %{_mandir}/man1/tkmib.1* %attr(0644,root,root) %{_mandir}/man1/tkmib.1*
@ -514,213 +509,118 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}* %{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog %changelog
* Fri Sep 20 2024 Stepan Broz <sbroz@redhat.com> - 1:5.9.1-13.3 * Tue Jan 23 2024 Josef Ridky <jridky@redhat.com> - 1:5.8-29
- fix CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, - backport MemAvailable report from upstream (RHEL-21780)
CVE-2022-24809 and CVE-2022-24810 (RHEL-32062)
* Tue Jul 16 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-13.2
- fix segfault with error on subcontainer (RHEL-46039)
* Thu Jun 27 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-13.1
- fix unexpected header length with new kernel (RHEL-40403)
* Thu Oct 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-13
- add support for SQLite db background of rpm (RHEL-6854)
* Thu Oct 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-12
- fix message severity issue (RHEL-13960)
* Thu Aug 03 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-11
- fix python3 missing epoch
* Wed Aug 02 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-10
- fix sendmsg error code for new kernel (#2210892)
* Wed Feb 15 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-9
- fix CVE-2022-44792 and CVE-2022-44793 (#2141902) and (#2141906)
- fix memory leak when ipv6 disable set to 1 (#2151540)
* Thu Apr 07 2022 Josef Ridky <jridky@redhat.com> - 1:5.9.1-8 * Wed Aug 02 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-28
- fix default snmpd.conf file content (#2067954) - fix sendmsg error code for new kernel (#2185787)
* Wed Oct 13 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-7 * Tue Jan 31 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-27
- fix FTBFS due of OpenSSL update (#2001430) - fix memory leak due of proc file creating (#2105957)
- fix CVE-2022-44792 and CVE-2022-44793 (#2141901) and (#2141905)
- fix memory leak when ipv6 disable set to 1 (#2151537)
- fix proxy timeout issue (#2160723)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9.1-6 * Mon Oct 17 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-26
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - backport two memory leaks from upstream (#2134635)
Related: rhbz#1991688
* Fri Aug 6 2021 Florian Weimer <fweimer@redhat.com> - 1:5.9.1-5 * Mon Feb 21 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-25
- Rebuild to pick up new build flags from redhat-rpm-config (#1984652) - fix segfault with error on subcontainer (#2051370)
* Mon Jul 19 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-4 * Thu Dec 09 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-24
- fix UseNumeric in Python library (#1970938) - fix dereferencing null pointer (#2021403)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9.1-3 * Mon Oct 11 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-23
- Rebuilt for RHEL 9 BETA for openssl 3.0 - net-snmp-cert gencert create SHA512 (#1908331)
Related: rhbz#1971065
* Thu Jun 03 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-2 * Mon Jun 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-22
- Upload new source tarball - update engineTime when sending traps (#1973252)
* Thu May 27 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-1 * Wed Jun 09 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-21
- New upstream release 5.9.1 (#1964963) - prevent parsing IP address twice (#1768908)
- add support for digests detected from ECC certs (#1919714)
- fix broken ErrorMsg at ucd-snmp (#1933150)
- add support for intermediate certs (#1914656)
- fix crash of certs with longer extension (#1908718)
* Wed May 26 2021 Josef Ridky <jridky@redhat.com> 1:5.9-11 * Tue Jan 05 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-20
- disable DES and port for OpenSSL 3.0 (#1958073) - fix issue with parsing of long traps (#1912242)
- modify fix for #1877375
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9-10 * Tue Dec 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-19
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - revert permission of config files to 600 (#1601060)
* Mon Mar 15 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-9
- fix issue with parsing IPv4 address twice
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1:5.9-8
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Thu Feb 04 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-7
- remove file with unsupported license
- use make and make install macros
* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-6
- add support for digests detected from ECC certificates
- add support for intermediate certificates
- fix crash caused by small buffer size
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-4
- fix issue with parsing long trap headers (#1912725)
- fix error message when the address specified by clientaddr option - fix error message when the address specified by clientaddr option
is wrong or cannot be bound is wrong or cannot be bound (#1877375)
- fix issue with quoting empty passphrase - log error with /proc/net/if_inet6 only when IPv6 is enabled (#1824367)
- fix issue with quoting empty passphrase (#1817225)
* Wed Nov 18 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-3
- update net-snmp-tmpfs.conf for /var/run to /run (#1893471)
* Tue Sep 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-2
- Disable pcre binding
- Add support for available memory report
* Mon Aug 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-1
- New upstream release 5.9
* Tue Aug 04 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-25
- link math library to fix FTBFS for hplip (#1863855)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 07 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-23
- change /var/run/net-snmp to /run/net-snmp (#1737631)
* Tue Jul 07 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-22
- proxied OIDs unspecified in proxy statement in snmpd.conf
- UCD-SNMP-MIB::dskTable doesn't update dynamically
- expand SNMPCONFPATH variable
- log meningful message on duplicate IP address
- memory reporting adjustment
- fix typos in man page
- speedup ipAddressTable loading
- fix memory leak when shut down librpm
- services starts after network-online.target
- add missing part of memory leak patch
- add support for AES192 and AES256
- fix net-snmp-config wrapper script (#1815984)
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.8-21
- Perl 5.32 rebuild
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-20
- Rebuilt for Python 3.9
* Thu Apr 09 2020 Josef Ridky <jridky@redhat.com> -1:5.8-19
- update skip_autofs patch (#1810104)
- exit snmpd after snmpd -h command
- fix issues found by coverity scan
- fix issue with flood messages
- fix double free or corruption error when freeing security context
* Tue Mar 24 2020 Petr Pisar <ppisar@redhat.com> - 1:5.8-18
- Build-require Perl dependencies for running the tests
* Wed Feb 26 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
- fix config error with RPM library (#1807274)
* Mon Feb 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-16
- set net-snmp-devel as requirement for net-snmp-perl
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-14
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Thu Sep 19 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-13
- Fix snmpv3 trap forwarding (#1753506)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1:5.8-12 * Wed Nov 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18
- Rebuilt for Python 3.8 - fix CVE-2020-15862 (#1875497)
- fix bulk responses for invalid PID (#1817190)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-11 * Tue Aug 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - add math library in LDFLAGS (#1846252)
* Fri Jun 28 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-10 * Thu Jul 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-16
- remove file with unsupported license - remove file due licensing issues (#1690936)
- fix daemon crash on resend request (#1663027)
- fix issue with trapsink default port
* Mon Jun 10 22:13:21 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:5.8-9 * Wed Jun 10 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-15
- Rebuild for RPM 4.15 - proxied OIDs unspecified in proxy statement in snmpd.conf (#1658134)
- UCD-SNMP-MIB::dskTable doesn't update dynamically (#1658185)
- expand SNMPCONFPATH variable (#1660146)
- remove file with Apple license (#1690936)
- log meningful message on duplicate IP address (#1692286)
- memory reporting adjustment (#1695497 and #1766521)
- fix typos in man page (#1700262)
- speedup ipAddressTable loading(#1700391)
- fix memory leak when shut down librpm (#1763008)
- services starts after network-online.target (#1775304)
- add missing part of memory leak patch (#1829860)
- add support for AES192 and AES256 (#1846252)
* Mon Jun 10 15:42:03 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:5.8-8 * Mon Mar 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-14
- Rebuild for RPM 4.15 - fix double free or corruption error when freeing security context (#1809077)
- remove deprecated CFLAG
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.8-7 * Mon Feb 17 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-13
- Perl 5.30 rebuild - fix double free or corruption error (#1726373)
* Thu Feb 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-6 * Wed Nov 06 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-12
- fix IPv6 address assignment for clientaddr option (#1673272) - fix tmpfiles path (#1710784)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.8-5 * Tue Oct 15 2019 Jiri Kucera <jkucera@redhat.com> - 1:5.8-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - fix issue with flood messages (#1719350)
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:5.8-4 * Thu Jun 27 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-10
- Rebuilt for libcrypt.so.2 (#1666033) - fix trapsink port issue (#1677192)
* Tue Nov 27 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-3 * Fri May 24 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-9
- backport memory leak fixes from upstream - rebuild for autoconf
- add fPIE to CFLAGS (#1543853)
- use default LDFLAGS
* Mon Jul 23 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2 * Tue May 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-8
- fix unresoved error with mysql functions - fix daemon crash on resend request (#1694047)
- implement changes to announce soname changes
* Wed Jul 18 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1 * Thu Feb 07 2019 Josef Ridky <jridky@redhat.com> - 1:5.8-7
- New upstream release 5.8 - fix address assigning for IPv6 clientaddr option (#1672668)
- remove APSL downstream patch due this copyright is already
coveret by part 8 in COPYING file
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.7.3-42 * Wed Dec 05 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - fix discovered issues from coverity scan (#1602630)
* Sat Jul 07 2018 Miro Hrončok <mhroncok@redhat.com> - 1:5.7.3-41 * Thu Oct 04 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-5
- Rebuilt for Python 3.7 - exit snmpd after snmpd -h command (#1634811)
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.7.3-40 * Tue Sep 25 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-4
- Perl 5.28 rebuild - fix annocheck distro flag failures (#1624151)
* Mon May 21 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-39 * Tue Sep 04 2018 Josh Boyer <jwboyer@redhat.com> - 1:5.8-3
- python3 support draft - Change gcc Requires to BuildRequires (#1625189)
* Mon May 21 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-38 * Mon Aug 13 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
- revert Python3 support - fix default configuration file (#1589480 and #1594147)
- modify permissions for config files (#1601060)
* Tue Mar 27 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-37 * Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
- backport upstream patch for structure iterator - remove python package and update to the last upstream version (#1584510)
* Thu Mar 08 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-36 * Thu Mar 08 2018 Josef Ridky <jridky@redhat.com> - 1:5.7.3-36
- CVE-2018-1000116 Heap corruption in snmp_pdu_parse (#1552844) - CVE-2018-1000116 Heap corruption in snmp_pdu_parse (#1552844)

Loading…
Cancel
Save