Compare commits

..

No commits in common. 'c9' and 'cs10' have entirely different histories.
c9 ... cs10

2
.gitignore vendored

@ -1 +1 @@
SOURCES/net-snmp-5.9.1.tar.gz SOURCES/net-snmp-5.9.4.tar.gz

@ -1 +1 @@
0326d0e07c86f52100ceadd42c875a446309a846 SOURCES/net-snmp-5.9.1.tar.gz 2f5e96165890158c45e73f9e24c5682885355a57 SOURCES/net-snmp-5.9.4.tar.gz

@ -1,6 +1,7 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200 index 695c469..dd0e487 100644
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200 --- a/agent/mibgroup/host/data_access/swinst_rpm.c
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void) @@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath ); snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
SNMP_FREE(rpmdbpath); SNMP_FREE(rpmdbpath);
@ -9,11 +10,12 @@ diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/
+ rpmFreeRpmrc(); + rpmFreeRpmrc();
+#endif +#endif
if (-1 == stat( pkg_directory, &stat_buf )) { if (-1 == stat( pkg_directory, &stat_buf )) {
snmp_log(LOG_ERR, "Can't find directory of RPM packages"); snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
pkg_directory[0] = '\0'; pkg_directory[0] = '\0';
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200 index 1f52733..ccf1cab 100644
+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200 --- a/agent/mibgroup/host/hr_swinst.c
+++ b/agent/mibgroup/host/hr_swinst.c
@@ -231,6 +231,9 @@ init_hr_swinst(void) @@ -231,6 +231,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath); snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0; path[ sizeof(path)-1 ] = 0;

@ -1,163 +0,0 @@
From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Tue, 24 Aug 2021 07:55:00 -0700
Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
When a SET request includes a mix of delegated and
non-delegated requests (e.g., objects handled by master
agent and agentx sub-agent), the status can get lost while
waiting for the reply from the sub-agent. Recover the status
into the session from the requests even if it has already
been processed.
---
agent/snmp_agent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 84fbb42b47..095ee70985 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp,
if (requests->status != SNMP_ERR_NOERROR &&
(!look_for_specific || requests->status == look_for_specific)
&& (look_for_specific || asp->index == 0
- || requests->index < asp->index)) {
+ || requests->index <= asp->index)) {
asp->index = requests->index;
asp->status = requests->status;
}
From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Wed, 30 Jun 2021 14:00:28 -0700
Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB,
NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
---
agent/mibgroup/agent/nsLogging.c | 6 ++++++
agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++--
agent/mibgroup/mibII/vacm_vars.c | 3 +++
agent/mibgroup/snmpv3/usmUser.c | 2 --
4 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c
index 9abdeb5bb7..7f4290490a 100644
--- a/agent/mibgroup/agent/nsLogging.c
+++ b/agent/mibgroup/agent/nsLogging.c
@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
}
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c
index cc61fce7e6..6c43210074 100644
--- a/agent/mibgroup/agent/nsVacmAccessTable.c
+++ b/agent/mibgroup/agent/nsVacmAccessTable.c
@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
ret = SNMP_ERR_NOERROR;
switch (table_info->colnum) {
@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
* Extract the authType token from the list of indexes
*/
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
idx = idx->next_variable; model = *idx->val.integer;
idx = idx->next_variable; level = *idx->val.integer;
entry = vacm_createAccessEntry( gName, cPrefix, model, level );
- entry->storageType = ST_NONVOLATILE;
- netsnmp_insert_iterator_context(request, (void*)entry);
+ if (entry) {
+ entry->storageType = ST_NONVOLATILE;
+ netsnmp_insert_iterator_context(request, (void*)entry);
+ }
}
}
}
@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c
index 469a1eba59..62c9a3d051 100644
--- a/agent/mibgroup/mibII/vacm_vars.c
+++ b/agent/mibgroup/mibII/vacm_vars.c
@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen,
return 1;
}
groupNameL = oidIndex[0];
+ if ((groupNameL + 1) > (int) oidLen) {
+ return 1;
+ }
contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */
if ((int) oidLen != groupNameL + contextPrefixL + 4) {
return 1;
diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c
index 0f52aaba49..0edea53cfb 100644
--- a/agent/mibgroup/snmpv3/usmUser.c
+++ b/agent/mibgroup/snmpv3/usmUser.c
@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action,
if (usmStatusCheck(uptr)) {
uptr->userStatus = RS_ACTIVE;
} else {
- SNMP_FREE(engineID);
- SNMP_FREE(newName);
return SNMP_ERR_INCONSISTENTVALUE;
}
} else if (long_ret == RS_CREATEANDWAIT) {

@ -1,129 +0,0 @@
From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 08:41:24 -0800
Subject: [PATCH 1/3] snmp_agent: disallow SET with NULL varbind
---
agent/snmp_agent.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 867d0c166f..3f678fe2df 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
return 1;
}
+static int
+check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
+{
+ int i;
+ netsnmp_variable_list *v = NULL;
+
+ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
+ if (v->type == ASN_NULL) {
+ /*
+ * Protect SET implementations that do not protect themselves
+ * against wrong type.
+ */
+ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
+ asp->index = i;
+ return SNMP_ERR_WRONGTYPE;
+ }
+ }
+ return SNMP_ERR_NOERROR;
+}
+
int
handle_pdu(netsnmp_agent_session *asp)
{
int status, inclusives = 0;
netsnmp_variable_list *v = NULL;
+#ifndef NETSNMP_NO_WRITE_SUPPORT
+ /*
+ * Check for ASN_NULL in SET request
+ */
+ if (asp->pdu->command == SNMP_MSG_SET) {
+ status = check_set_pdu_for_null_varbind(asp);
+ if (status != SNMP_ERR_NOERROR) {
+ return status;
+ }
+ }
+#endif /* NETSNMP_NO_WRITE_SUPPORT */
+
/*
* for illegal requests, mark all nodes as ASN_NULL
*/
From 7f4ac4051cc7fec6a5944661923acb95cec359c7 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 08:41:46 -0800
Subject: [PATCH 2/3] apps: snmpset: allow SET with NULL varbind for testing
---
apps/snmpset.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/apps/snmpset.c b/apps/snmpset.c
index 48e14bd513..d542713e1b 100644
--- a/apps/snmpset.c
+++ b/apps/snmpset.c
@@ -182,6 +182,7 @@ main(int argc, char *argv[])
case 'x':
case 'd':
case 'b':
+ case 'n': /* undocumented */
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
case 'I':
case 'U':
From 15f9d7f7e5b90c9b419832ed8e6413feb6570d83 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 10:23:32 -0800
Subject: [PATCH 3/3] Add test for NULL varbind set
---
.../default/T0142snmpv2csetnull_simple | 31 +++++++++++++++++++
1 file changed, 31 insertions(+)
create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple
diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple
new file mode 100644
index 0000000000..0f1b8f386b
--- /dev/null
+++ b/testing/fulltests/default/T0142snmpv2csetnull_simple
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+. ../support/simple_eval_tools.sh
+
+HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
+
+SKIPIF NETSNMP_DISABLE_SET_SUPPORT
+SKIPIF NETSNMP_NO_WRITE_SUPPORT
+SKIPIF NETSNMP_DISABLE_SNMPV2C
+SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
+
+#
+# Begin test
+#
+
+# standard V2C configuration: testcomunnity
+snmp_write_access='all'
+. ./Sv2cconfig
+STARTAGENT
+
+CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
+
+CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
+
+CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
+
+CHECK "Reason: wrongType"
+
+STOPAGENT
+
+FINISHED

@ -1,98 +0,0 @@
From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001
From: minfrin <minfrin@users.noreply.github.com>
Date: Tue, 5 Jan 2021 23:17:14 +0000
Subject: [PATCH] Add support for digests detected from ECC certificates
Previously, the digest could be detected on RSA certificates only. This
patch adds detection for ECC certificates.
[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2
back to _htmap ]
---
snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++-------
1 file changed, 50 insertions(+), 10 deletions(-)
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index c092a007a..432cb5c27 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
}
}
-static int _htmap[NS_HASH_MAX + 1] = {
- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption,
- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption,
- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption };
+static const struct {
+ uint16_t nid;
+ uint16_t ht;
+} _htmap[] = {
+ { 0, NS_HASH_NONE },
+#ifdef NID_md5WithRSAEncryption
+ { NID_md5WithRSAEncryption, NS_HASH_MD5 },
+#endif
+#ifdef NID_sha1WithRSAEncryption
+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 },
+#endif
+#ifdef NID_ecdsa_with_SHA1
+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 },
+#endif
+#ifdef NID_sha224WithRSAEncryption
+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 },
+#endif
+#ifdef NID_ecdsa_with_SHA224
+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 },
+#endif
+#ifdef NID_sha256WithRSAEncryption
+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 },
+#endif
+#ifdef NID_ecdsa_with_SHA256
+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 },
+#endif
+#ifdef NID_sha384WithRSAEncryption
+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 },
+#endif
+#ifdef NID_ecdsa_with_SHA384
+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 },
+#endif
+#ifdef NID_sha512WithRSAEncryption
+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 },
+#endif
+#ifdef NID_ecdsa_with_SHA512
+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 },
+#endif
+};
int
_nid2ht(int nid)
{
int i;
- for (i=1; i<= NS_HASH_MAX; ++i) {
- if (nid == _htmap[i])
- return i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].nid == nid)
+ return _htmap[i].ht;
}
return 0;
}
@@ -541,9 +577,13 @@ _nid2ht(int nid)
int
_ht2nid(int ht)
{
- if ((ht < 0) || (ht > NS_HASH_MAX))
- return 0;
- return _htmap[ht];
+ int i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].ht == ht)
+ return _htmap[i].nid;
+ }
+ return 0;
}
#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */

@ -1,18 +1,18 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index ac3c60f..177c00f 100644 index afd6fa4..07c26fe 100644
--- a/net-snmp-create-v3-user.in --- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in +++ b/net-snmp-create-v3-user.in
@@ -57,11 +57,11 @@ case $1 in @@ -58,11 +58,11 @@ case $1 in
exit 1 exit 1
fi fi
case $1 in case $1 in
- DES|AES|AES128) - DES|AES|AES128)
+ AES|AES128|AES192|AES256) + DES|AES|AES128|AES192|AES256)
Xalgorithm=$1 Xalgorithm=$1
shift shift
;; ;;
- des|aes|aes128) - des|aes|aes128)
+ aes|aes128|aes192|aes256) + des|aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z) Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift shift
;; ;;

@ -1,5 +1,5 @@
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
index 4f78df3..fd25b3f 100644 index e7ca92f..80b3e0d 100644
--- a/agent/mibgroup/host/hr_filesys.c --- a/agent/mibgroup/host/hr_filesys.c
+++ b/agent/mibgroup/host/hr_filesys.c +++ b/agent/mibgroup/host/hr_filesys.c
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = { @@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
@ -10,37 +10,3 @@ index 4f78df3..fd25b3f 100644
"usbdevfs", "usbdevfs",
"usbfs", "usbfs",
#endif #endif
diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c
index 6b459ec..f7a376b 100644
--- a/agent/mibgroup/host/hr_storage.c
+++ b/agent/mibgroup/host/hr_storage.c
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (Check_HR_FileSys_AutoFs())
return NULL;
diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c
index 8967d35..9bf2659 100644
--- a/agent/mibgroup/host/hrh_storage.c
+++ b/agent/mibgroup/host/hrh_storage.c
@@ -366,9 +366,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (HRFS_entry && Check_HR_FileSys_AutoFs())
return NULL;

@ -1,19 +1,3 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200 --- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200 +++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200

@ -1,43 +0,0 @@
diff -urNp a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c 2024-07-16 10:05:43.294653089 +0200
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c 2024-07-16 10:23:55.392041022 +0200
@@ -609,7 +609,6 @@ netsnmp_arch_interface_container_load(ne
{
FILE *devin;
char line[256];
- netsnmp_interface_entry *entry = NULL;
static char scan_expected = 0;
int fd;
int interfaces = 0;
@@ -690,6 +689,7 @@ netsnmp_arch_interface_container_load(ne
* and retrieve (or create) the corresponding data structure.
*/
while (fgets(line, sizeof(line), devin)) {
+ netsnmp_interface_entry *entry = NULL;
char *stats, *ifstart = line;
u_int flags;
oid if_index;
@@ -733,8 +733,13 @@ netsnmp_arch_interface_container_load(ne
* ip version is to look for ip addresses. If anyone
* knows a better way, put it here!
*/
-#ifdef NETSNMP_ENABLE_IPV6
if_index = netsnmp_arch_interface_index_find(ifstart);
+ if (if_index == 0) {
+ DEBUGMSGTL(("access:interface", "network interface %s is gone",
+ ifstart));
+ continue;
+ }
+#ifdef NETSNMP_ENABLE_IPV6
_arch_interface_has_ipv6(if_index, &flags, addr_container);
#endif
netsnmp_access_interface_ioctl_has_ipv4(fd, ifstart, 0, &flags, &ifc);
@@ -752,7 +757,7 @@ netsnmp_arch_interface_container_load(ne
continue;
}
- entry = netsnmp_access_interface_entry_create(ifstart, 0);
+ entry = netsnmp_access_interface_entry_create(ifstart, if_index);
if(NULL == entry) {
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

@ -1,5 +1,5 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index b0c71d9..ac3c60f 100644 index 19895a1..ac3c60f 100644
--- a/net-snmp-create-v3-user.in --- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in +++ b/net-snmp-create-v3-user.in
@@ -14,6 +14,10 @@ Xalgorithm="DES" @@ -14,6 +14,10 @@ Xalgorithm="DES"
@ -13,11 +13,17 @@ index b0c71d9..ac3c60f 100644
unset shifted unset shifted
case $1 in case $1 in
@@ -136,7 +140,7 @@ fi @@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
touch "$outfile"
fi
echo "$line" >> "$outfile" echo "$line" >> "$outfile"
# Avoid that configure complains that this script ignores @datarootdir@ -prefix=@prefix@
echo "@datarootdir@" >/dev/null -datarootdir=@datarootdir@
-# To suppress shellcheck complaints about $prefix and $datarootdir.
-: "$prefix" "$datarootdir"
-outfile="@datadir@/snmp/snmpd.conf" -outfile="@datadir@/snmp/snmpd.conf"
+# Avoid that configure complains that this script ignores @datarootdir@
+echo "@datarootdir@" >/dev/null
+outfile="/etc/snmp/snmpd.conf" +outfile="/etc/snmp/snmpd.conf"
line="$token $user" line="$token $user"
echo "adding the following line to $outfile:" echo "adding the following line to $outfile:"

@ -1,180 +0,0 @@
diff --git a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
index 7c756ff..ff22019 100644
--- a/agent/mibgroup/ucd-snmp/disk.c
+++ b/agent/mibgroup/ucd-snmp/disk.c
@@ -153,9 +153,10 @@ static void disk_free_config(void);
static void disk_parse_config(const char *, char *);
static void disk_parse_config_all(const char *, char *);
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
-static void find_and_add_allDisks(int minpercent);
+static void refresh_disk_table(int addNewDisks, int minpercent);
static void add_device(char *path, char *device,
- int minspace, int minpercent, int override);
+ int minspace, int minpercent, int addNewDisks,
+ int override);
static void modify_disk_parameters(int index, int minspace,
int minpercent);
static int disk_exists(char *path);
@@ -167,6 +168,7 @@ struct diskpart {
char path[STRMAX];
int minimumspace;
int minpercent;
+ int alive;
};
#define MAX_INT_32 0x7fffffff
@@ -174,6 +176,7 @@ struct diskpart {
unsigned int numdisks;
int allDisksIncluded = 0;
+int allDisksMinPercent = 0;
unsigned int maxdisks = 0;
struct diskpart *disks;
@@ -238,6 +241,7 @@ init_disk(void)
disk_free_config,
"minpercent%");
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -253,6 +257,7 @@ disk_free_config(void)
disks[i].minpercent = -1;
}
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, char *cptr)
* check if the disk already exists, if so then modify its
* parameters. if it does not exist then add it
*/
- add_device(path, find_device(path), minspace, minpercent, 1);
+ add_device(path, find_device(path), minspace, minpercent, 1, 1);
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
}
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token, char *cptr)
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
static void
-add_device(char *path, char *device, int minspace, int minpercent, int override)
+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override)
{
int index;
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
}
index = disk_exists(path);
- if((index != -1) && (index < maxdisks) && (override==1)) {
- modify_disk_parameters(index, minspace, minpercent);
+ if((index != -1) && (index < maxdisks)) {
+ /* the path is already in the table */
+ disks[index].alive = 1;
+ /* -> update its device */
+ strlcpy(disks[index].device, device, sizeof(disks[index].device));
+ if (override == 1) {
+ modify_disk_parameters(index, minspace, minpercent);
+ }
}
- else if(index == -1){
+ else if(index == -1 && addNewDisks){
/* add if and only if the device was found */
if(device[0] != 0) {
/* The following buffers are cleared above, no need to add '\0' */
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
disks[numdisks].minimumspace = minspace;
disks[numdisks].minpercent = minpercent;
+ disks[numdisks].alive = 1;
numdisks++;
}
else {
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
disks[numdisks].minpercent = -1;
disks[numdisks].path[0] = 0;
disks[numdisks].device[0] = 0;
+ disks[numdisks].alive = 0;
}
}
}
@@ -444,7 +457,7 @@ int disk_exists(char *path)
}
static void
-find_and_add_allDisks(int minpercent)
+refresh_disk_table(int addNewDisks, int minpercent)
{
#if HAVE_GETMNTENT
#if HAVE_SYS_MNTTAB_H
@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while (mntfp && NULL != (mntent = getmntent(mntfp))) {
- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
if (mntfp)
@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while ((i = getmntent(mntfp, &mnttab)) == 0) {
- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
fclose(mntfp);
@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1,
- minpercent, 0);
+ minpercent, addNewDisks 0);
}
}
#elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) {
- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
endfsent(); /* close /etc/fstab */
@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/"
*/
if (statfs("/", &statf) == 0) {
- add_device("/", statf.f_mntfromname, -1, minpercent, 0);
+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
}
#endif
else {
@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry)
#endif
#endif
+ if (disks[disknum].alive == 0){
+ return -1;
+ }
+
entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp,
static char *errmsg;
static char empty_str[1];
+ int i;
+ for (i = 0; i < numdisks; i++){
+ disks[i].alive = 0;
+ }
+ /* dynamically add new disks + update alive flag */
+ refresh_disk_table(allDisksIncluded, allDisksMinPercent);
+
tryAgain:
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numdisks))

@ -21,20 +21,21 @@ index 80e2a19..143adbb 100644
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var); int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
index 471bb0b..6c5a23f 100644 index 471bb0b..ac7f69a 100644
--- a/include/net-snmp/library/dir_utils.h --- a/include/net-snmp/library/dir_utils.h
+++ b/include/net-snmp/library/dir_utils.h +++ b/include/net-snmp/library/dir_utils.h
@@ -53,6 +53,8 @@ extern "C" { @@ -53,7 +53,8 @@ extern "C" {
#define NETSNMP_DIR_NSFILE 0x0010 #define NETSNMP_DIR_NSFILE 0x0010
/** load stats in netsnmp_file */ /** load stats in netsnmp_file */
#define NETSNMP_DIR_NSFILE_STATS 0x0020 #define NETSNMP_DIR_NSFILE_STATS 0x0020
-
+/** allow files to be indexed more than once */ +/** allow files to be indexed more than once */
+#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040 +#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040
#ifdef __cplusplus
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
index e7b7114..bee0b5f 100644 index 210ad8b..b1f8144 100644
--- a/snmplib/cert_util.c --- a/snmplib/cert_util.c
+++ b/snmplib/cert_util.c +++ b/snmplib/cert_util.c
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all); @@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
@ -106,26 +107,22 @@ index e7b7114..bee0b5f 100644
netsnmp_container_add_index(_certs, additional_keys); netsnmp_container_add_index(_certs, additional_keys);
_keys = netsnmp_container_find("cert_keys:binary_array"); _keys = netsnmp_container_find("cert_keys:binary_array");
@@ -424,9 +435,9 @@ netsnmp_cert_map_container(void) @@ -424,7 +435,7 @@ netsnmp_cert_map_container(void)
} }
static netsnmp_cert * static netsnmp_cert *
-_new_cert(const char *dirname, const char *filename, int certType, -_new_cert(const char *dirname, const char *filename, int certType,
- int hashType, const char *fingerprint, const char *common_name,
- const char *subject)
+_new_cert(const char *dirname, const char *filename, int certType, int offset, +_new_cert(const char *dirname, const char *filename, int certType, int offset,
+ int allowed_uses, int hashType, const char *fingerprint, int hashType, const char *fingerprint, const char *common_name,
+ const char *common_name, const char *subject) const char *subject)
{ {
netsnmp_cert *cert;
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType, @@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
cert->info.dir = strdup(dirname); cert->info.dir = strdup(dirname);
cert->info.filename = strdup(filename); cert->info.filename = strdup(filename);
- cert->info.allowed_uses = NS_CERT_REMOTE_PEER; - cert->info.allowed_uses = NS_CERT_REMOTE_PEER;
+ /* only the first certificate is allowed to be a remote peer */ + /* only the first certificate is allowed to be a remote peer */
+ cert->info.allowed_uses = allowed_uses; + cert->info.allowed_uses = offset ? 0 : NS_CERT_REMOTE_PEER;
cert->info.type = certType; cert->info.type = certType;
+ cert->offset = offset; + cert->offset = offset;
if (fingerprint) { if (fingerprint) {
@ -229,18 +226,18 @@ index e7b7114..bee0b5f 100644
- certbio = BIO_new(BIO_s_file()); - certbio = BIO_new(BIO_s_file());
- if (NULL == certbio) { - if (NULL == certbio) {
- snmp_log(LOG_ERR, "error creating BIO\n"); - snmp_log(LOG_ERR, "error creating BIO\n");
- return NULL;
- }
-
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename); + certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
+ if (!certbio) { + if (!certbio) {
return NULL; return NULL;
} }
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
- return NULL;
- }
-
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) { - if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
- char *pos = strrchr(cert->info.filename, '.'); - char *pos = strrchr(cert->info.filename, '.');
- if (NULL == pos) - if (NULL == pos)
@ -413,7 +410,7 @@ index e7b7114..bee0b5f 100644
if (cert->key) { if (cert->key) {
DEBUGMSGT(("cert:partner", "cert already has partner\n")); DEBUGMSGT(("cert:partner", "cert already has partner\n"));
return; return;
@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) @@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
} }
} }
@ -443,13 +440,11 @@ index e7b7114..bee0b5f 100644
+} +}
+ +
+static netsnmp_cert * +static netsnmp_cert *
+_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, +_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, FILE *index)
+ int allowed_uses, FILE *index)
+{ +{
+ netsnmp_cert *cert; + netsnmp_cert *cert;
+ +
+ cert = _new_cert(dirname, filename, type, offset, + cert = _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NULL);
+ allowed_uses, -1, NULL, NULL, NULL);
+ if (NULL == cert) + if (NULL == cert)
+ return NULL; + return NULL;
+ +
@ -467,9 +462,8 @@ index e7b7114..bee0b5f 100644
+ /** fingerprint max = 64*3=192 for sha512 */ + /** fingerprint max = 64*3=192 for sha512 */
+ /** common name / CN = 64 */ + /** common name / CN = 64 */
+ if (cert) + if (cert)
+ fprintf(index, "c:%s %d %d %d %d %s '%s' '%s'\n", filename, + fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename,
+ cert->info.type, cert->offset, cert->info.allowed_uses, + cert->info.type, cert->offset, cert->hash_type, cert->fingerprint,
+ cert->hash_type, cert->fingerprint,
+ cert->common_name, cert->subject); + cert->common_name, cert->subject);
+ } + }
+ +
@ -567,8 +561,7 @@ index e7b7114..bee0b5f 100644
+ +
+ ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */ + ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */
+ if (NULL != ocert) { + if (NULL != ocert) {
+ if (!_add_cert(ocert, dirname, filename, type, 0, + if (!_add_cert(ocert, dirname, filename, type, 0, index)) {
+ NS_CERT_REMOTE_PEER, index)) {
+ X509_free(ocert); + X509_free(ocert);
+ ocert = NULL; + ocert = NULL;
+ } + }
@ -584,18 +577,9 @@ index e7b7114..bee0b5f 100644
+ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n")); + DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
+ type = NS_CERT_TYPE_PEM; + type = NS_CERT_TYPE_PEM;
+ } + }
+
+ /* read the private key first so we can record this in the index */
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+
+ (void)BIO_reset(certbio);
+
+ /* certs are read after the key */
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); + ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+ if (NULL != ocert) { + if (NULL != ocert) {
+ cert = _add_cert(ncert, dirname, filename, type, 0, + cert = _add_cert(ncert, dirname, filename, type, offset, index);
+ okey ? NS_CERT_IDENTITY | NS_CERT_REMOTE_PEER :
+ NS_CERT_REMOTE_PEER, index);
+ if (NULL == cert) { + if (NULL == cert) {
+ X509_free(ocert); + X509_free(ocert);
+ ocert = ncert = NULL; + ocert = ncert = NULL;
@ -605,13 +589,18 @@ index e7b7114..bee0b5f 100644
+ offset = BIO_tell(certbio); + offset = BIO_tell(certbio);
+ ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); + ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+ if (ncert) { + if (ncert) {
+ if (NULL == _add_cert(ncert, dirname, filename, type, offset, 0, index)) { + if (NULL == _add_cert(ncert, dirname, filename, type, offset, index)) {
+ X509_free(ncert); + X509_free(ncert);
+ ncert = NULL; + ncert = NULL;
+ } + }
+ } + }
+ } + }
+ +
+ BIO_seek(certbio, offset);
+
+ /** check for private key too */
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+
+ if (NULL != okey) { + if (NULL != okey) {
+ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n", + DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
+ cert->info.filename)); + cert->info.filename));
@ -621,6 +610,7 @@ index e7b7114..bee0b5f 100644
+ cert->info.filename)); + cert->info.filename));
+ key->cert = cert; + key->cert = cert;
+ cert->key = key; + cert->key = key;
+ cert->info.allowed_uses |= NS_CERT_IDENTITY;
+ } + }
+ else { + else {
+ EVP_PKEY_free(okey); + EVP_PKEY_free(okey);
@ -656,20 +646,17 @@ index e7b7114..bee0b5f 100644
} }
return 0; return 0;
@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, struct stat *dirstat) @@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
struct stat idx_stat; struct stat idx_stat;
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX]; char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15]; char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
- char subject[SNMP_MAXBUF_SMALL], hash_str[15]; - char subject[SNMP_MAXBUF_SMALL], hash_str[15];
- int count = 0, type, hash, version;
+ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15]; + char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15];
+ char allowed_uses_str[15];
+ ssize_t offset; + ssize_t offset;
+ int count = 0, type, allowed_uses, hash, version; int count = 0, type, hash, version;
netsnmp_cert *cert; netsnmp_cert *cert;
netsnmp_key *key; netsnmp_key *key;
netsnmp_container *newer, *found; @@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
netsnmp_directory_container_read_some(NULL, dirname, netsnmp_directory_container_read_some(NULL, dirname,
_time_filter, &idx_stat, _time_filter, &idx_stat,
NETSNMP_DIR_NSFILE | NETSNMP_DIR_NSFILE |
@ -679,30 +666,26 @@ index e7b7114..bee0b5f 100644
if (newer) { if (newer) {
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n")); DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
CONTAINER_FREE_ALL(newer, NULL); CONTAINER_FREE_ALL(newer, NULL);
@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) @@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
pos = &tmpstr[2]; pos = &tmpstr[2];
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) || if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) || (NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
+ (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) || + (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) ||
+ (NULL == (pos=copy_nword(pos, allowed_uses_str, sizeof(allowed_uses_str)))) ||
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) || (NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
(NULL == (pos=copy_nword(pos, fingerprint, (NULL == (pos=copy_nword(pos, fingerprint,
sizeof(fingerprint)))) || sizeof(fingerprint)))) ||
@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, struct stat *dirstat) @@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
break; break;
} }
type = atoi(type_str); type = atoi(type_str);
+ offset = atoi(offset_str); + offset = atoi(offset_str);
+ allowed_uses = atoi(allowed_uses_str);
hash = atoi(hash_str); hash = atoi(hash_str);
- cert = _new_cert(dirname, filename, type, hash, fingerprint, - cert = _new_cert(dirname, filename, type, hash, fingerprint,
- common_name, subject); + cert = _new_cert(dirname, filename, type, offset, hash, fingerprint,
+ cert = _new_cert(dirname, filename, type, offset, allowed_uses, hash, common_name, subject);
+ fingerprint, common_name, subject);
if (cert && 0 == CONTAINER_INSERT(found, cert)) if (cert && 0 == CONTAINER_INSERT(found, cert))
++count; ++count;
else { @@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname)
@@ -1543,7 +1680,8 @@ _add_certdir(const char *dirname)
netsnmp_directory_container_read_some(NULL, dirname, netsnmp_directory_container_read_some(NULL, dirname,
_cert_cert_filter, NULL, _cert_cert_filter, NULL,
NETSNMP_DIR_RELATIVE_PATH | NETSNMP_DIR_RELATIVE_PATH |
@ -712,7 +695,7 @@ index e7b7114..bee0b5f 100644
if (NULL == cert_container) { if (NULL == cert_container) {
DEBUGMSGT(("cert:index:dir", DEBUGMSGT(("cert:index:dir",
"error creating container for cert files\n")); "error creating container for cert files\n"));
@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *context) @@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context)
if (NULL == c) if (NULL == c)
return; return;
@ -721,7 +704,7 @@ index e7b7114..bee0b5f 100644
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n", DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
c->info.type, c->info.allowed_uses, c->info.type, c->info.allowed_uses,
_mode_str(c->info.allowed_uses))); _mode_str(c->info.allowed_uses)));
@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, void *hint) @@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint)
netsnmp_void_array *matching; netsnmp_void_array *matching;
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint)); DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
@ -731,40 +714,7 @@ index e7b7114..bee0b5f 100644
if (!matching) if (!matching)
return NULL; return NULL;
if (1 == matching->size) if (1 == matching->size)
@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, void *hint) @@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
return result;
}
+netsnmp_void_array *
+netsnmp_certs_find(int what, int where, void *hint)
+{
+
+ DEBUGMSGT(("certs:find:params", "looking for %s(%d) in %s(0x%x), hint %p\n",
+ _mode_str(what), what, _where_str(where), where, hint));
+
+ if (NS_CERTKEY_FILE == where) {
+ /** hint == filename */
+ char *filename = (char*)hint;
+ netsnmp_void_array *matching;
+
+ DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
+ matching = _cert_reduce_subset_what(_cert_find_subset_fn(
+ filename, NULL ), what);
+
+ return matching;
+ } /* where = NS_CERTKEY_FILE */
+ else { /* unknown location */
+
+ DEBUGMSGT(("certs:find:err", "unhandled location %d for %d\n", where,
+ what));
+ return NULL;
+ }
+}
+
#ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS
int
netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var)
@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
} }
} }
@ -903,92 +853,3 @@ index c2dd989..e7145e4 100644
} }
dir = opendir(dirname); dir = opendir(dirname);
diff --git a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
index a3a85bc..b9baeae 100644
--- a/snmplib/transports/snmpTLSBaseDomain.c
+++ b/snmplib/transports/snmpTLSBaseDomain.c
@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(const char **file, int *line,
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
- char buf[1024], *fingerprint;
+ char subject[SNMP_MAXBUF_MEDIUM], issuer[SNMP_MAXBUF_MEDIUM], *fingerprint;
X509 *thecert;
netsnmp_cert *cert;
_netsnmp_verify_info *verify_info;
@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
/* things to do: */
- X509_NAME_oneline(X509_get_subject_name(thecert), buf, sizeof(buf));
+ X509_NAME_oneline(X509_get_subject_name(thecert), subject, sizeof(subject));
+ X509_NAME_oneline(X509_get_issuer_name(thecert), issuer, sizeof(issuer));
fingerprint = netsnmp_openssl_cert_get_fingerprint(thecert, -1);
- DEBUGMSGTL(("tls_x509:verify", "Cert: %s\n", buf));
- DEBUGMSGTL(("tls_x509:verify", " fp: %s\n", fingerprint ?
+ DEBUGMSGTL(("tls_x509:verify", " subject: %s\n", subject));
+ DEBUGMSGTL(("tls_x509:verify", " issuer: %s\n", issuer));
+ DEBUGMSGTL(("tls_x509:verify", " fp: %s\n", fingerprint ?
fingerprint : "unknown"));
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
} else {
DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n"));
/* log where we are and why called */
- snmp_log(LOG_ERR, "tls verification failure: ok=%d ctx=%p depth=%d err=%i:%s\n", ok, ctx, depth, err, X509_verify_cert_error_string(err));
+ snmp_log(LOG_ERR, "tls verification failure: ok=%d ctx=%p depth=%d fp=%s subject='%s' issuer='%s' err=%i:%s\n", ok, ctx, depth, fingerprint, subject, issuer, err, X509_verify_cert_error_string(err));
SNMP_FREE(fingerprint);
return 0;
}
@@ -434,21 +436,48 @@ netsnmp_tlsbase_extract_security_name(SSL *ssl, _netsnmpTLSBaseData *tlsdata) {
int
_trust_this_cert(SSL_CTX *the_ctx, char *certspec) {
netsnmp_cert *trustcert;
+ netsnmp_cert *candidate;
+ netsnmp_void_array *matching = NULL;
+
+ int i;
DEBUGMSGTL(("sslctx_client", "Trying to load a trusted certificate: %s\n",
certspec));
/* load this identifier into the trust chain */
trustcert = netsnmp_cert_find(NS_CERT_CA,
- NS_CERTKEY_MULTIPLE,
+ NS_CERTKEY_FINGERPRINT,
certspec);
+
+ /* loop through all CA certs in the given files */
+ if (!trustcert) {
+ matching = netsnmp_certs_find(NS_CERT_CA,
+ NS_CERTKEY_FILE,
+ certspec);
+ for (i = 0; (matching) && (i < matching->size); ++i) {
+ candidate = (netsnmp_cert*)matching->array[i];
+ if (netsnmp_cert_trust(the_ctx, candidate) != SNMPERR_SUCCESS) {
+ free(matching->array);
+ free(matching);
+ LOGANDDIE("failed to load trust certificate");
+ }
+ } /** matching loop */
+
+ if (matching) {
+ free(matching->array);
+ free(matching);
+ return 1;
+ }
+ }
+
+ /* fall back to trusting the remote peer certificate */
if (!trustcert)
trustcert = netsnmp_cert_find(NS_CERT_REMOTE_PEER,
NS_CERTKEY_MULTIPLE,
certspec);
if (!trustcert)
LOGANDDIE("failed to find requested certificate to trust");
-
+
/* Add the certificate to the context */
if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
LOGANDDIE("failed to load trust certificate");

@ -1,13 +0,0 @@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index d4529d3..175242b 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS)
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
$(RANLIB) $@
snmpinforminstall:

@ -1,48 +0,0 @@
From 7330e3e3e08d9baff23332e764f9a53561939fff Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 2 Sep 2021 21:06:54 -0700
Subject: [PATCH] libsnmp: Log "Truncating integer value >32 bits" once
Log this message once instead of every time sysUpTime and/or
hrSystemUptime are accessed after snmpd is running for more than 497 days.
Fixes: https://github.com/net-snmp/net-snmp/issues/144
---
snmplib/snmp_client.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/snmplib/snmp_client.c b/snmplib/snmp_client.c
index 0f539c63fe..b00670d973 100644
--- a/snmplib/snmp_client.c
+++ b/snmplib/snmp_client.c
@@ -853,7 +853,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const u_long *) value;
*(vars->val.integer) = *val_ulong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -865,7 +866,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const unsigned long long *) value;
*(vars->val.integer) = (long) *val_ullong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -877,7 +879,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const uintmax_t *) value;
*(vars->val.integer) = (long) *val_uintmax_t;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}

@ -1,84 +0,0 @@
diff -urNp a/include/net-snmp/library/snmp_openssl.h b/include/net-snmp/library/snmp_openssl.h
--- a/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:55:39.829901038 +0200
+++ b/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:56:18.656412998 +0200
@@ -44,7 +44,6 @@ extern "C" {
/*
* misc
*/
- void netsnmp_openssl_err_log(const char *prefix);
void netsnmp_openssl_null_checks(SSL *ssl, int *nullAuth, int *nullCipher);
/*
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-09-15 07:55:39.785900458 +0200
+++ b/snmplib/snmp_openssl.c 2021-09-15 07:57:30.914417600 +0200
@@ -937,20 +937,6 @@ netsnmp_openssl_cert_issued_by(X509 *iss
return (X509_check_issued(issuer, cert) == X509_V_OK);
}
-
-#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
-void
-netsnmp_openssl_err_log(const char *prefix)
-{
- unsigned long err;
- for (err = ERR_get_error(); err; err = ERR_get_error()) {
- snmp_log(LOG_ERR,"%s: %ld\n", prefix ? prefix: "openssl error", err);
- snmp_log(LOG_ERR, "library=%d, function=%d, reason=%d\n",
- ERR_GET_LIB(err), ERR_GET_FUNC(err), ERR_GET_REASON(err));
- }
-}
-#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG */
-
void
netsnmp_openssl_null_checks(SSL *ssl, int *null_auth, int *null_cipher)
{
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-05-18 11:15:09.247472175 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-05-24 09:39:29.297494727 +0200
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
int openssl_local_index;
-#ifndef HAVE_ERR_GET_ERROR_ALL
-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
-static unsigned long ERR_get_error_all(const char **file, int *line,
- const char **func,
- const char **data, int *flags)
-{
- *func = NULL;
- return ERR_get_error_line_data(file, line, data, flags);
-}
-#endif
-
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con
ERR_reason_error_string(ERR_get_error()));
}
-
- /* other errors */
- while ((numerical_reason =
- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
- ERR_error_string(numerical_reason, NULL), file, func, line);
-
- /* if we have a text translation: */
- if (data && (flags & ERR_TXT_STRING)) {
- snmp_log(LOG_ERR, " Textual Error: %s\n", data);
- /*
- * per openssl man page: If it has been allocated by
- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
- *
- * arggh... stupid openssl prototype for ERR_get_error_line_data
- * wants a const char **, but returns something that we might
- * need to free??
- */
- if (flags & ERR_TXT_MALLOCED)
- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); }
- }
snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
}

@ -1,8 +1,8 @@
diff --git a/agent/Makefile.in b/agent/Makefile.in diff --git a/agent/Makefile.in b/agent/Makefile.in
index b5d692d..1a30209 100644 index 047d880..38d40aa 100644
--- a/agent/Makefile.in --- a/agent/Makefile.in
+++ b/agent/Makefile.in +++ b/agent/Makefile.in
@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c @@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
@ -10,9 +10,9 @@ index b5d692d..1a30209 100644
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} + $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS) libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
diff --git a/apps/Makefile.in b/apps/Makefile.in diff --git a/apps/Makefile.in b/apps/Makefile.in
index 43f3b9c..d4529d3 100644 index 3dbb1d1..48ed23a 100644
--- a/apps/Makefile.in --- a/apps/Makefile.in
+++ b/apps/Makefile.in +++ b/apps/Makefile.in
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS) @@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)

@ -1,10 +1,31 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c From ed4ee14af5b83fa4a86dfaa783f841d3e8545ce4 Mon Sep 17 00:00:00 2001
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2023-10-23 16:59:37.392368620 +0200 From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2023-10-23 17:01:59.760640169 +0200 Date: Wed, 9 Aug 2023 16:51:28 +0200
@@ -73,15 +73,21 @@ netsnmp_swinst_arch_init(void) Subject: [PATCH] Add support for RPM SQLite DB background.
From RPM 4.16 the SQLite support is available for RPM DB.
After https://fedoraproject.org/wiki/Changes/Sqlite_Rpmdb, rpm changed
it's background DB from Berkeley to SQLite in Fedora.
Net-SNMP is using hard coded paths to determine where RPM DB files are.
This update is adding check for rpmdb.sqlite file in order to be able
invalidate internal cache after system package change.
Closes #596
---
agent/mibgroup/host/data_access/swinst_rpm.c | 18 +++++++++++++-----
agent/mibgroup/host/hr_swinst.c | 3 +++
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
index 050edff307..7ad91a3194 100644
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
@@ -73,15 +73,23 @@ netsnmp_swinst_arch_init(void)
#endif #endif
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath ); snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
+
+ if (-1 == stat( pkg_directory, &stat_buf )) { + if (-1 == stat( pkg_directory, &stat_buf )) {
+ +
+ /* check for SQLite DB backend */ + /* check for SQLite DB backend */
@ -15,21 +36,23 @@ diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/
+ pkg_directory[0] = '\0'; + pkg_directory[0] = '\0';
+ } + }
+ } + }
+
SNMP_FREE(rpmdbpath); SNMP_FREE(rpmdbpath);
dbpath = NULL; dbpath = NULL;
#ifdef HAVE_RPMGETPATH #ifdef HAVE_RPMGETPATH
rpmFreeRpmrc(); rpmFreeRpmrc();
#endif -#endif
- if (-1 == stat( pkg_directory, &stat_buf )) { - if (-1 == stat( pkg_directory, &stat_buf )) {
- snmp_log(LOG_ERR, "Can't find directory of RPM packages"); - snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
- pkg_directory[0] = '\0'; - pkg_directory[0] = '\0';
- } - }
+#endif
} }
void void
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2023-10-23 16:59:37.391368611 +0200 --- a/agent/mibgroup/host/hr_swinst.c 2023-07-31 11:37:44.855071535 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2023-10-23 17:02:47.159063503 +0200 +++ b/agent/mibgroup/host/hr_swinst.c 2023-08-14 12:45:14.846357019 +0200
@@ -229,6 +229,9 @@ init_hr_swinst(void) @@ -229,6 +229,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath); snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath);
if (stat(path, &stat_buf) == -1) if (stat(path, &stat_buf) == -1)

@ -1,31 +0,0 @@
From 298c8103db80b292791616af4fd497342a71867f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Wed, 24 May 2023 10:49:41 +0200
Subject: [PATCH] libsnmp, UDP transport: Fix sendmsg() error code handling
This change has been made because of Linux kernel commit "ipv4: Return
-ENETUNREACH if we can't create route but saddr is valid"
(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=595e0651d029)
Fixes: https://github.com/net-snmp/net-snmp/issues/564
Fixes: https://github.com/net-snmp/net-snmp/pull/576
[ bvanassche: edited commit message ]
---
snmplib/transports/snmpUDPBaseDomain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
index ca8f9a5554..cd6b15e2ad 100644
--- a/snmplib/transports/snmpUDPBaseDomain.c
+++ b/snmplib/transports/snmpUDPBaseDomain.c
@@ -315,7 +315,7 @@ int netsnmp_udpbase_sendto_unix(int fd, const struct in_addr *srcip,
sizeof(struct sockaddr));
else
rc = sendmsg(fd, &m, MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

@ -1,16 +0,0 @@
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index e6f5b20..41a5e01 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -34,6 +34,11 @@
#if HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
+
+#if defined(HAVE_WINSOCK_H) && !defined(mingw32)
+static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
+#endif
+
#if HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif

@ -1,12 +0,0 @@
diff --git a/agent/snmpd.c b/agent/snmpd.c
index ae73eda..f01b890 100644
--- a/agent/snmpd.c
+++ b/agent/snmpd.c
@@ -289,6 +289,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

@ -1,60 +0,0 @@
From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 9 Jun 2021 14:19:46 -0700
Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1
Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()")
Fixes: https://github.com/net-snmp/net-snmp/issues/303
---
python/netsnmp/client_intf.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c
index e5e7372303..94da39fe34 100644
--- a/python/netsnmp/client_intf.c
+++ b/python/netsnmp/client_intf.c
@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args)
static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int varlist_ind, int sprintval_flag, int *len,
- char **str_buf)
+ char **str_buf, int getlabel_flag)
{
struct tree *tp;
int type;
@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int buf_over = 0;
const char *tag;
const char *iid;
- int getlabel_flag = NO_FLAGS;
if (!PyObject_HasAttrString(varbind, "tag"))
return TYPE_OTHER;
@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type,
varbind = PySequence_GetItem(varlist, varlist_ind);
type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag,
- &len, &str_buf);
+ &len, &str_buf, getlabel_flag);
if (type != TYPE_OTHER) {
/* save in return tuple as well */
if ((type == SNMP_ENDOFMIBVIEW) ||
@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varlist_ind,
- sprintval_flag, &len, &str_buf) !=
+ sprintval_flag, &len, &str_buf, getlabel_flag) !=
TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varbind_ind,
- sprintval_flag, &len, &str_buf) != TYPE_OTHER) {
+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
/* push varbind onto varbinds */

@ -0,0 +1,175 @@
diff -urNp a/man/net-snmp-config.1.def b/man/net-snmp-config.1.def
--- a/man/net-snmp-config.1.def 2021-05-26 09:30:07.430790003 +0200
+++ b/man/net-snmp-config.1.def 2021-05-26 09:35:36.703673542 +0200
@@ -30,7 +30,7 @@ code for a list of available debug token
SNMP Setup commands:
.TP
\fB\-\-create\-snmpv3\-user\fR [\-ro] [\-a authpass] [\-x privpass]
-[\-X DES|AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
+[\-X AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
.PP
These options produce the various compilation flags needed when
building external SNMP applications:
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
--- a/man/net-snmp-create-v3-user.1.def 2021-05-26 09:30:07.430790003 +0200
+++ b/man/net-snmp-create-v3-user.1.def 2021-05-26 09:34:23.702034230 +0200
@@ -3,7 +3,7 @@
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
.SH SYNOPSIS
.PP
-.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x AES]
.B [username]
.SH DESCRIPTION
.PP
@@ -27,5 +27,5 @@ specifies the authentication password ha
\fB\-X privpass\fR
specifies the encryption password
.TP
-\fB\-x DES|AES\fR
+\fB\-x AES\fR
specifies the encryption algorithm
diff -urNp a/man/snmpcmd.1.def b/man/snmpcmd.1.def
--- a/man/snmpcmd.1.def 2021-05-26 09:30:07.429789994 +0200
+++ b/man/snmpcmd.1.def 2021-05-26 09:37:51.104850500 +0200
@@ -311,7 +311,7 @@ Overrides the \fIdefSecurityName\fR toke
file.
.TP
.BI \-x " privProtocol"
-Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages.
+Set the privacy protocol (AES) used for encrypted SNMPv3 messages.
Overrides the \fIdefPrivType\fR token in the
.I snmp.conf
file. This option is only valid if the Net-SNMP software was build
diff -urNp a/man/snmp.conf.5.def b/man/snmp.conf.5.def
--- a/man/snmp.conf.5.def 2021-05-26 09:30:07.429789994 +0200
+++ b/man/snmp.conf.5.def 2021-05-26 09:40:03.730011937 +0200
@@ -221,13 +221,13 @@ The
value will be used for the authentication and/or privacy pass phrases
if either of the other directives are not specified.
.IP "defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224"
-.IP "defPrivType DES|AES"
+.IP "defPrivType AES"
define the default authentication and privacy protocols to use for
SNMPv3 requests.
These can be overridden using the \fB\-a\fR and \fB\-x\fR options respectively.
.IP
If not specified, SNMPv3 requests will default to MD5 authentication
-and DES encryption.
+and AES encryption.
.RS
.IP "Note:
If the software has not been compiled to use the OpenSSL libraries,
@@ -262,8 +262,7 @@ master keys which have been converted to
suitable for on particular SNMP engine (agent). The length of the key
needs to be appropriate for the authentication or encryption type
being used (auth keys: MD5=16 bytes, SHA1=20 bytes;
-priv keys: DES=16 bytes (8
-bytes of which is used as an IV and not a key), and AES=16 bytes).
+priv keys: AES=16 bytes).
.IP "sshtosnmpsocket PATH"
Sets the path of the \fBsshtosnmp\fR socket created by an application
(e.g. snmpd) listening for incoming ssh connections through the
diff -urNp a/man/snmpd.examples.5.def b/man/snmpd.examples.5.def
--- a/man/snmpd.examples.5.def 2021-05-26 09:30:07.429789994 +0200
+++ b/man/snmpd.examples.5.def 2021-05-26 09:41:29.170761436 +0200
@@ -87,8 +87,8 @@ the same authentication and encryption s
.RS
.nf
createUser me MD5 "single pass phrase"
-createUser myself MD5 "single pass phrase" DES
-createUser andI MD5 "single pass phrase" DES "single pass phrase"
+createUser myself MD5 "single pass phrase" AES
+createUser andI MD5 "single pass phrase" AES "single pass phrase"
.fi
.RE
Note that this defines three \fIdistinct\fR users, who could be granted
diff -urNp a/man/snmptrapd.conf.5.def b/man/snmptrapd.conf.5.def
--- a/man/snmptrapd.conf.5.def 2021-05-26 09:30:07.428789985 +0200
+++ b/man/snmptrapd.conf.5.def 2021-05-26 09:42:02.963064029 +0200
@@ -117,7 +117,7 @@ to trigger the types of processing liste
See
.IR snmpd.conf (5)
for more details.
-.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES]"
+.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [AES]"
See the
.IR snmpd.conf (5)
manual page for a description of how to create SNMPv3 users. This
diff -urNp a/man/snmpusm.1.def b/man/snmpusm.1.def
--- a/man/snmpusm.1.def 2021-05-26 09:30:07.430790003 +0200
+++ b/man/snmpusm.1.def 2021-05-26 09:42:24.178253990 +0200
@@ -216,7 +216,7 @@ rwuser initial
# lets add the new user we'll create too:
rwuser wes
# USM configuration entries
-createUser initial MD5 setup_passphrase DES
+createUser initial MD5 setup_passphrase AES
.fi
.RE
.PP
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2021-05-26 09:30:07.369789468 +0200
+++ b/net-snmp-create-v3-user.in 2021-05-26 09:33:23.966511123 +0200
@@ -10,7 +10,7 @@ if @PSCMD@ | egrep ' snmpd *$' > /dev/nu
fi
Aalgorithm="MD5"
-Xalgorithm="DES"
+Xalgorithm="AES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
@@ -57,11 +57,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128|AES192|AES256)
+ AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128|aes192|aes256)
+ aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift
;;
@@ -90,7 +90,7 @@ if test "x$usage" = "xyes"; then
echo ""
echo "Usage:"
echo " net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]"
- echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x DES|AES] [username]"
+ echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x AES] [username]"
echo ""
exit
fi
diff -urNp a/README.snmpv3 b/README.snmpv3
--- a/README.snmpv3 2021-05-26 09:30:07.352789320 +0200
+++ b/README.snmpv3 2021-05-26 09:44:49.109551728 +0200
@@ -4,7 +4,7 @@ How to setup SNMPv3, a very brief docume
do a better job on since I suck at writing documentation and he
doesn't ;-) --Wes:
-Note: SHA authentication and DES/AES encryption support is only available
+Note: SHA authentication and AES encryption support is only available
if you have OpenSSL installed or if you've compiled using
--with-openssl=internal. If you use --with-openssl=internal please
read the documentation in snmplib/openssl/README for important details.
@@ -27,7 +27,7 @@ CREATING THE FIRST USER:
WARNING: SNMPv3 pass phrases must be at least 8 characters long!
The above line creates the user "myuser" with a password of
- "my_password" (and uses MD5 and DES for protection). (Note that
+ "my_password" (and uses MD5 and AES for protection). (Note that
encryption support isn't enabled in the binary releases downloadable
from the net-snmp web site.) net-snmp-config will also add a line
to your snmpd.conf file to let that user have read/write access to
@@ -44,7 +44,7 @@ CREATING THE FIRST USER:
[ this should return information about how long your agent has been up]
snmpget -v 3 -u myuser -l authPriv -a MD5 -A my_password
- -x DES -X my_password localhost sysUpTime.0
+ -x AES -X my_password localhost sysUpTime.0
[ this should return similar information, but encrypts the transmission ]
CREATING A SECOND USER:

@ -0,0 +1,43 @@
diff -urNp a/local/checkbandwidth b/local/checkbandwidth
--- a/local/checkbandwidth 2024-06-21 21:17:01.675417287 +0200
+++ b/local/checkbandwidth 2024-06-21 21:19:40.107746544 +0200
@@ -326,7 +326,6 @@ See the Net-SNMP COPYING file for licens
use JSON;
use Data::Dumper;
-use Mail::Sender;
use SNMP;
use Fcntl ':flock';
@@ -744,19 +743,19 @@ sub send_rate_message($$$$$$) {
sub send_message($$$) {
my ($to, $subject, $text) = @_;
- my $sender = new Mail::Sender { smtp => $opts{'S'} ,
- port => $opts{'P'},
- from => $opts{'F'},
- };
-
- my $status =
- $sender->MailMsg({
- to => $to,
- subject => $subject,
- msg => $text
- });
+# my $sender = new Mail::Sender { smtp => $opts{'S'} ,
+# port => $opts{'P'},
+# from => $opts{'F'},
+# };
+
+ my $status = -1;
+# $sender->MailMsg({
+# to => $to,
+# subject => $subject,
+# msg => $text
+# });
if ($status < 0) {
- Log("Failed to send mail with error code $status: $Mail::Sender::Error");
+ Log("Failed to send mail with error code $status: Mail::Sender is not available");
}
}

@ -0,0 +1,29 @@
diff -ruNp a/testing/fulltests/support/simple_eval_tools.sh b/testing/fulltests/support/simple_eval_tools.sh
--- a/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:36:03.641432345 +0100
+++ b/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:38:15.946855878 +0100
@@ -525,7 +525,6 @@ STARTPROG() {
if test -f $CFG_FILE; then
COMMAND="$COMMAND -C -c $CFG_FILE"
fi
- COMMAND="$COMMAND -f"
if [ "x$PORT_SPEC" != "x" ]; then
COMMAND="$COMMAND $PORT_SPEC"
fi
@@ -537,10 +536,13 @@ STARTPROG() {
OUTPUTENVVARS $LOG_FILE.command
echo $COMMAND >> $LOG_FILE.command
fi
- {
- { $COMMAND; } >$LOG_FILE.stdout 2>&1
- echo $? >$LOG_FILE.exitcode
- } &
+ if [ "x$OSTYPE" = "xmsys" ]; then
+ $COMMAND > $LOG_FILE.stdout 2>&1 &
+ ## COMMAND="cmd.exe //c start //min $COMMAND"
+ ## start $COMMAND > $LOG_FILE.stdout 2>&1
+ else
+ $COMMAND > $LOG_FILE.stdout 2>&1
+ fi
}
#------------------------------------ -o-

@ -0,0 +1,59 @@
Libs.private should contain a list of libraries the library that the package
exposes is linked too. So let's filter out unrelated link flags.
diff --git net-snmp-5.9.1/netsnmp.pc.in~ net-snmp-5.9.1/netsnmp.pc.in
index 0a1f5785a4..524ca91d82 100644
--- net-snmp-5.9.1/netsnmp.pc.in~
+++ net-snmp-5.9.1/netsnmp.pc.in
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lnetsnmp
-Libs.private: @LDFLAGS@ @LNETSNMPLIBS@ @LIBS@ @PERLLDOPTS_FOR_APPS@
+Libs.private: @LNETSNMPLIBS@ @LIBS@
diff --git net-snmp-5.9.1/netsnmp-agent.pc.in~ net-snmp-5.9.1/netsnmp-agent.pc.in
index 3a1c77bbf8..3d3b308d21 100644
--- net-snmp-5.9.1/netsnmp-agent.pc.in~
+++ net-snmp-5.9.1/netsnmp-agent.pc.in
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lnetsnmpmibs -lnetsnmpagent -lnetsnmp
-Libs.private: @LDFLAGS@ @LMIBLIBS@ @LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@ @LNETSNMPLIBS@ @LIBS@
+Libs.private: @LMIBLIBS@ @LAGENTLIBS@ @LNETSNMPLIBS@ @LIBS@
diff --git net-snmp-5.9.1/net-snmp-config.in~ net-snmp-5.9.1/net-snmp-config.in
index 6b5abf8f83..ee81ce98fa 100644
--- net-snmp-5.9.1/net-snmp-config.in~
+++ net-snmp-5.9.1/net-snmp-config.in
@@ -193,13 +193,13 @@ else
#################################################### client lib
--libs)
# use this one == --netsnmp-libs + --external-libs
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
+ echo $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
;;
--netsnmp-libs)
echo $NSC_LIBDIR $NSC_BASE_SNMP_LIBS
;;
--external-libs)
- echo $NSC_LDFLAGS $NSC_LNETSNMPLIBS $NSC_LIBS @PERLLDOPTS_FOR_APPS@
+ echo $NSC_LNETSNMPLIBS $NSC_LIBS
;;
#################################################### agent lib
--base-agent-libs)
@@ -210,13 +210,13 @@ else
;;
--agent-libs)
# use this one == --netsnmp-agent-libs + --external-libs
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
+ echo $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
;;
--netsnmp-agent-libs)
echo $NSC_LIBDIR $NSC_BASE_AGENT_LIBS
;;
--external-agent-libs)
- echo $NSC_LDFLAGS $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
+ echo $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
;;
####################################################
--version|--ver*)

@ -38,14 +38,14 @@
# First, map the community name "public" into a "security name" # First, map the community name "public" into a "security name"
# sec.name source community # sec.name source community
com2sec notConfigUser default public #com2sec notConfigUser default public
#### ####
# Second, map the security name into a group name: # Second, map the security name into a group name:
# groupName securityModel securityName # groupName securityModel securityName
group notConfigGroup v1 notConfigUser #group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser #group notConfigGroup v2c notConfigUser
#### ####
# Third, create a view for us to let the group have rights to: # Third, create a view for us to let the group have rights to:

@ -9,11 +9,11 @@
Summary: A collection of SNMP protocol tools and libraries Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp Name: net-snmp
Version: 5.9.1 Version: 5.9.4
Release: 13%{?dist}.3 Release: 14%{?dist}
Epoch: 1 Epoch: 1
License: BSD License: MIT-CMU and BSD-3-Clause and MIT and OpenSSL
URL: http://net-snmp.sourceforge.net/ URL: http://net-snmp.sourceforge.net/
Source0: https://downloads.sourceforge.net/project/net-snmp/net-snmp/%{version}/net-snmp-%{version}.tar.gz Source0: https://downloads.sourceforge.net/project/net-snmp/net-snmp/%{version}/net-snmp-%{version}.tar.gz
Source1: net-snmp.redhat.conf Source1: net-snmp.redhat.conf
@ -34,39 +34,31 @@ Patch4: net-snmp-5.9-test-debug.patch
Patch5: net-snmp-5.7.2-cert-path.patch Patch5: net-snmp-5.7.2-cert-path.patch
Patch6: net-snmp-5.9-cflags.patch Patch6: net-snmp-5.9-cflags.patch
Patch7: net-snmp-5.8-Remove-U64-typedef.patch Patch7: net-snmp-5.8-Remove-U64-typedef.patch
Patch8: net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch Patch8: net-snmp-5.7.3-iterator-fix.patch
Patch9: net-snmp-5.7.3-iterator-fix.patch Patch9: net-snmp-5.9-autofs-skip.patch
Patch10: net-snmp-5.9-autofs-skip.patch Patch10: net-snmp-5.9-coverity.patch
Patch11: net-snmp-5.9-usage-exit.patch Patch11: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch12: net-snmp-5.9-coverity.patch Patch12: net-snmp-5.8-duplicate-ipAddress.patch
Patch13: net-snmp-5.9-dskTable-dynamic.patch Patch13: net-snmp-5.9-memory-reporting.patch
Patch14: net-snmp-5.8-expand-SNMPCONFPATH.patch Patch14: net-snmp-5.8-man-page.patch
Patch15: net-snmp-5.8-duplicate-ipAddress.patch Patch15: net-snmp-5.8-ipAddress-faster-load.patch
Patch16: net-snmp-5.9-memory-reporting.patch Patch16: net-snmp-5.8-rpm-memory-leak.patch
Patch17: net-snmp-5.8-man-page.patch Patch17: net-snmp-5.9-aes-config.patch
Patch18: net-snmp-5.8-ipAddress-faster-load.patch Patch18: net-snmp-5.8-clientaddr-error-message.patch
Patch19: net-snmp-5.8-rpm-memory-leak.patch Patch19: net-snmp-5.9-intermediate-certs.patch
Patch20: net-snmp-5.9-aes-config.patch Patch20: net-snmp-5.9.1-remove-des.patch
Patch21: net-snmp-5.8-clientaddr-error-message.patch Patch21: net-snmp-libs-misunderstanding.patch
Patch22: net-snmp-5.9-ECC-cert.patch Patch22: net-snmp-5.9-ipv6-disable-leak.patch
Patch23: net-snmp-5.9-intermediate-certs.patch Patch23: net-snmp-5.9-rpmdb.patch
Patch24: net-snmp-5.9-twice-IP-parsing.patch Patch24: net-snmp-5.9.4-test-fix.patch
Patch25: net-snmp-5.9-openssl-3.0.patch Patch25: net-snmp-5.9.4-kernel-6.7.patch
Patch26: net-snmp-5.9-CVE-2022-44792-44793.patch Patch26: net-snmp-5.9.4-remove-mail-sender.patch
Patch27: net-snmp-5.9-ipv6-disable-leak.patch
Patch28: net-snmp-5.9-sendmsg-error-code.patch
Patch29: net-snmp-5.9-message-severity.patch
Patch30: net-snmp-5.9-rpmdb.patch
Patch31: net-snmp-5.9-kernel-6.7.patch
Patch32: net-snmp-5.9-deleted-iface.patch
Patch33: net-snmp-5.9-CVE-2022-24805-24810.patch
# Modern RPM API means at least EL6 # Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch Patch101: net-snmp-5.8-modern-rpm-api.patch
#disable this patch due compatibility issues #disable this patch due compatibility issues
Patch102: net-snmp-5.9-python3.patch Patch102: net-snmp-5.9-python3.patch
Patch103: net-snmp-5.9.1-python-usenumeric.patch
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -131,6 +123,7 @@ Summary: The development environment for the NET-SNMP project
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel
Requires: redhat-rpm-config
%ifnarch s390 s390x ppc64le %ifnarch s390 s390x ppc64le
Requires: lm_sensors-devel Requires: lm_sensors-devel
%endif %endif
@ -147,8 +140,21 @@ applications for use with the NET-SNMP project's network management
tools. You'll also need to have the net-snmp and net-snmp-utils tools. You'll also need to have the net-snmp and net-snmp-utils
packages installed. packages installed.
%package perl-module
Summary: The perl NET-SNMP module
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}, perl-interpreter
BuildRequires: perl-interpreter
BuildRequires: perl-generators
%description perl-module
The net-snmp-perl package contains the perl files to use SNMP from within
Perl.
Install the net-snmp-perl package, if you want to use SNMP with perl.
%package perl %package perl
Summary: The perl NET-SNMP module and the mib2c tool Summary: The perl-based utilities and the mib2c tool
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}, perl-interpreter Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}, perl-interpreter
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
@ -156,15 +162,17 @@ BuildRequires: perl-interpreter
BuildRequires: perl-generators BuildRequires: perl-generators
%description perl %description perl
The net-snmp-perl package contains the perl files to use SNMP from within The net-snmp-perl package contains the utilities written in perl.
Perl.
Install the net-snmp-perl package, if you want to use mib2c or SNMP Install the net-snmp-perl package, if you want to use mib2c or other
with perl. perl utilities. Use the net-snmp-perl-module package instead to get the
SNMP perl module.
%package gui %package gui
Summary: An interactive graphical MIB browser for SNMP Summary: An interactive graphical MIB browser for SNMP
Requires: perl-Tk, net-snmp-perl%{?_isa} = %{epoch}:%{version}-%{release} Requires: perl-Tk, %{name}-perl-module%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: perl-interpreter
BuildRequires: perl-generators
%description gui %description gui
The net-snmp-gui package contains tkmib utility, which is a graphical user The net-snmp-gui package contains tkmib utility, which is a graphical user
@ -184,7 +192,6 @@ binaries and applications.
%package agent-libs %package agent-libs
Summary: The NET-SNMP runtime agent libraries Summary: The NET-SNMP runtime agent libraries
# the libs link against libperl.so: # the libs link against libperl.so:
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description agent-libs %description agent-libs
@ -194,9 +201,9 @@ binaries and applications.
%package -n python3-net-snmp %package -n python3-net-snmp
%{?python_provide:%python_provide python3-net-snmp} %{?python_provide:%python_provide python3-net-snmp}
# Remove before F30 # Remove before F30
Provides: %{name}-python = %{epoch}:%{version}-%{release} Provides: %{name}-python = %{version}-%{release}
Provides: %{name}-python%{?_isa} = %{epoch}:%{version}-%{release} Provides: %{name}-python%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python < %{epoch}:%{version}-%{release} Obsoletes: %{name}-python < %{version}-%{release}
Summary: The Python 'netsnmp' module for the Net-SNMP Summary: The Python 'netsnmp' module for the Net-SNMP
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -219,36 +226,28 @@ cp %{SOURCE10} .
%patch 5 -p1 -b .cert-path %patch 5 -p1 -b .cert-path
%patch 6 -p1 -b .cflags %patch 6 -p1 -b .cflags
%patch 7 -p1 -b .u64-remove %patch 7 -p1 -b .u64-remove
%patch8 -p1 -b .perlfix %patch 8 -p1 -b .iterator-fix
%patch9 -p1 -b .iterator-fix %patch 9 -p1 -b .autofs-skip
%patch10 -p1 -b .autofs-skip %patch 10 -p1 -b .coverity
%patch11 -p1 -b .usage-fix %patch 11 -p1 -b .expand-SNMPCONFPATH
%patch12 -p1 -b .coverity %patch 12 -p1 -b .duplicate-ipAddress
%patch13 -p1 -b .dskTable-dynamic %patch 13 -p1 -b .memory-reporting
%patch14 -p1 -b .expand-SNMPCONFPATH %patch 14 -p1 -b .man-page
%patch15 -p1 -b .duplicate-ipAddress %patch 15 -p1 -b .ipAddress-faster-load
%patch16 -p1 -b .memory-reporting %patch 16 -p1 -b .rpm-memory-leak
%patch17 -p1 -b .man-page %patch 17 -p1 -b .aes-config
%patch18 -p1 -b .ipAddress-faster-load %patch 18 -p1 -b .clientaddr-error-message
%patch19 -p1 -b .rpm-memory-leak %patch 19 -p1 -b .intermediate-certs
%patch20 -p1 -b .aes-config %patch 20 -p1 -b .remove-des
%patch21 -p1 -b .clientaddr-error-message %patch 21 -p1
%patch22 -p1 -b .ECC-cert %patch 22 -p1 -b .ipv6-disable-leak
%patch23 -p1 -b .intermediate-certs %patch 23 -p1 -b .rpmdbpatch
%patch24 -p1 -b .twice-IP-parsing %patch 24 -p1 -b .test-fix
%patch25 -p1 -b .openssl-3-0 %patch 25 -p1 -b .kernel-fix
%patch26 -p1 %patch 26 -p1 -b .remove-mail-sender
%patch27 -p1 -b .ipv6-disable-leak
%patch28 -p1 -b .sendmsg-error-code
%patch29 -p1 -b .message-severity
%patch30 -p1 -b .rpmdb
%patch31 -p1 -b .kernel-patch
%patch32 -p1 -b .iface
%patch33 -p1 -b .CVE-2022-24805-24810
%patch 101 -p1 -b .modern-rpm-api %patch 101 -p1 -b .modern-rpm-api
%patch 102 -p1 %patch 102 -p1
%patch103 -p1
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697 # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
rm testing/fulltests/default/T200* rm testing/fulltests/default/T200*
@ -360,6 +359,7 @@ rm -f %{buildroot}/%{_mandir}/man1/fixproc*
rm -f %{buildroot}/%{_bindir}/ipf-mod.pl rm -f %{buildroot}/%{_bindir}/ipf-mod.pl
rm -f %{buildroot}/%{_libdir}/*.la rm -f %{buildroot}/%{_libdir}/*.la
rm -f %{buildroot}/%{_libdir}/libsnmp* rm -f %{buildroot}/%{_libdir}/libsnmp*
rm -f %{buildroot}/%{_libdir}/perl5/vendor_perl/Bundle/MakefileSubs.pm
# remove special perl files # remove special perl files
find %{buildroot} -name perllocal.pod \ find %{buildroot} -name perllocal.pod \
@ -469,6 +469,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%attr(0755,root,root) %{_bindir}/net-snmp-config* %attr(0755,root,root) %{_bindir}/net-snmp-config*
%attr(0644,root,root) %{_mandir}/man1/net-snmp-config*.1.* %attr(0644,root,root) %{_mandir}/man1/net-snmp-config*.1.*
%files perl-module
%attr(0644,root,root) %{_mandir}/man3/*.3pm.*
%{perl_vendorarch}/*SNMP*
%{perl_vendorarch}/auto/*SNMP*
%{perl_vendorarch}/auto/Bundle/*SNMP*
%files perl %files perl
%{_bindir}/mib2c-update %{_bindir}/mib2c-update
%{_bindir}/mib2c %{_bindir}/mib2c
@ -480,13 +486,8 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_datadir}/snmp/*.pl %{_datadir}/snmp/*.pl
%{_bindir}/traptoemail %{_bindir}/traptoemail
%attr(0644,root,root) %{_mandir}/man[15]/mib2c* %attr(0644,root,root) %{_mandir}/man[15]/mib2c*
%attr(0644,root,root) %{_mandir}/man3/*.3pm.*
%attr(0644,root,root) %{_mandir}/man1/traptoemail*.1* %attr(0644,root,root) %{_mandir}/man1/traptoemail*.1*
%attr(0644,root,root) %{_mandir}/man1/snmp-bridge-mib.1* %attr(0644,root,root) %{_mandir}/man1/snmp-bridge-mib.1*
%{perl_vendorarch}/*SNMP*
%{perl_vendorarch}/auto/*SNMP*
%{perl_vendorarch}/auto/Bundle/*SNMP*
%{perl_vendorarch}/Bundle/MakefileSubs.pm
%files -n python3-net-snmp %files -n python3-net-snmp
%doc README %doc README
@ -514,63 +515,133 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}* %{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog %changelog
* Fri Sep 20 2024 Stepan Broz <sbroz@redhat.com> - 1:5.9.1-13.3 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:5.9.4-14
- fix CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, - Bump release for October 2024 mass rebuild:
CVE-2022-24809 and CVE-2022-24810 (RHEL-32062) Resolves: RHEL-64018
* Thu Aug 08 2024 Troy Dawson <tdawson@redhat.com> - 1:5.9.4-13
- Bump release for Aug 2024 java mass rebuild
* Tue Jul 16 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-12
- update license tag and remove tests folder
* Wed Jul 10 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-11
- Fix licensing issue in source code (RHEL-46905)
* Wed Jun 26 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-10
- Add gating.yaml file
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:5.9.4-9
- Bump release for June 2024 mass rebuild
* Fri Jun 21 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-8
- add missing gating.yaml file
* Fri Jun 21 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-7
- remove dependency issue for Mail::Sender perl module (RHEL-44478)
* Fri Jun 21 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-6
- add missing patch application
* Fri Jun 21 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-5
- fix unexpected header length in /proc/net/snmp (RHEL-44354)
* Mon Feb 26 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.4-4
- Fix FTBFS in com2sec tests (RHEL-26443)
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Aug 16 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.4-1
- New upstream release 5.9.4 (#2184202)
* Mon Aug 14 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.3-8
- Fix warning for RPM DB
- split perl module into separate package that doesn't pull in gcc and
other build dependencies (thanks Chris Adams)
- don't install MakefileSubs.pm - it's just needed at module build time
(thanks Chris Adams)
* Tue Aug 01 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.3-7
- Sync fixes with RHEL
- Fix sendmesg error code change for new kernel
* Wed Jul 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.3-6
- Migrate to SPDX license format
* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.9.3-5
- Perl 5.38 rebuild
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 1:5.9.3-4
- Rebuilt for Python 3.12
* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 1:5.9.3-3
- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Aug 04 2022 Josef Ridky <jridky@redhat.com> - 1:5.9.3-1
- New upstream release 5.9.3 (#2072230)
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.1-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 16 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-13.2 * Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 1:5.9.1-16
- fix segfault with error on subcontainer (RHEL-46039) - Rebuilt for Python 3.11
* Thu Jun 27 2024 Josef Ridky <jridky@redhat.com> - 1:5.9.1-13.1 * Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.9.1-15
- fix unexpected header length with new kernel (RHEL-40403) - Perl 5.36 rebuild
* Thu Oct 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-13 * Sat Jan 29 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1:5.9.1-14
- add support for SQLite db background of rpm (RHEL-6854) - Remove linker flags from Libs.private (#2043092)
* Thu Oct 19 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-12 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.1-13
- fix message severity issue (RHEL-13960) - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Aug 03 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-11 * Mon Oct 04 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-12
- fix python3 missing epoch - fix FTBFS of ERR_get_error (#2008781)
* Wed Aug 02 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-10 * Wed Sep 15 2021 Sahana Prasad <sahana@redhat.com> - 1:5.9.1-11
- fix sendmsg error code for new kernel (#2210892) - Rebuilt with OpenSSL 3.0.0
* Wed Feb 15 2023 Josef Ridky <jridky@redhat.com> - 1:5.9.1-9 * Wed Sep 15 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-10
- fix CVE-2022-44792 and CVE-2022-44793 (#2141902) and (#2141906) - Remove ERR_GET_FUNC from code (#2004351)
- fix memory leak when ipv6 disable set to 1 (#2151540)
* Thu Apr 07 2022 Josef Ridky <jridky@redhat.com> - 1:5.9.1-8 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:5.9.1-9
- fix default snmpd.conf file content (#2067954) - Rebuilt with OpenSSL 3.0.0
* Wed Oct 13 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-7 * Wed Sep 01 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-8
- fix FTBFS due of OpenSSL update (#2001430) - fix FTBFS (#1999475)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9.1-6 * Thu Jul 29 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - revert cflags modification in net-snmp-config as was reverted in upstream
Related: rhbz#1991688 and add proper dependency to net-snmp-devel sub-package (#1544527)
* Fri Aug 6 2021 Florian Weimer <fweimer@redhat.com> - 1:5.9.1-5 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.1-6
- Rebuild to pick up new build flags from redhat-rpm-config (#1984652) - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jul 19 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-4 * Mon Jul 19 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-5
- fix UseNumeric in Python library (#1970938) - fix UseNumeric in Python library (#1970937)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9.1-3 * Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1:5.9.1-4
- Rebuilt for RHEL 9 BETA for openssl 3.0 - Rebuilt for Python 3.10
Related: rhbz#1971065
* Thu Jun 03 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-2 * Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-3
- Upload new source tarball - disable DES for F35+
* Thu May 27 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-1 * Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-2
- New upstream release 5.9.1 (#1964963) - restore DES for F34 and F33
* Wed May 26 2021 Josef Ridky <jridky@redhat.com> 1:5.9-11 * Wed May 26 2021 Josef Ridky <jridky@redhat.com> - 1:5.9.1-1
- disable DES and port for OpenSSL 3.0 (#1958073) - New upstream release 5.9.1 (#1946399)
- remove DES support
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9-10 * Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.9-10
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Perl 5.34 rebuild
* Mon Mar 15 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-9 * Mon Mar 15 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-9
- fix issue with parsing IPv4 address twice - fix issue with parsing IPv4 address twice

Loading…
Cancel
Save