diff --git a/backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch b/backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch deleted file mode 100644 index 8e39f87b54a8e172969e025debdc66f70a9f6be9..0000000000000000000000000000000000000000 --- a/backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001 -From: Bill Fenner -Date: Wed, 30 Jun 2021 14:00:28 -0700 -Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB, - NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB - -Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE -Fixes by: Arista Networks ---- - agent/mibgroup/agent/nsLogging.c | 6 ++++++ - agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++-- - agent/mibgroup/mibII/vacm_vars.c | 3 +++ - agent/mibgroup/snmpv3/usmUser.c | 2 -- - 4 files changed, 23 insertions(+), 4 deletions(-) - -diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c -index 9abdeb5bb7..7f4290490a 100644 ---- a/agent/mibgroup/agent/nsLogging.c -+++ b/agent/mibgroup/agent/nsLogging.c -@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler, - continue; - logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request); - table_info = netsnmp_extract_table_info(request); -+ if (!table_info || !table_info->indexes) -+ continue; - - switch (table_info->colnum) { - case NSLOGGING_TYPE: -@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler, - } - logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request); - table_info = netsnmp_extract_table_info(request); -+ if (!table_info || !table_info->indexes) -+ continue; - - switch (table_info->colnum) { - case NSLOGGING_TYPE: -@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler, - continue; - logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request); - table_info = netsnmp_extract_table_info(request); -+ if (!table_info || !table_info->indexes) -+ continue; - - switch (table_info->colnum) { - case NSLOGGING_TYPE: -diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c -index cc61fce7e6..6c43210074 100644 ---- a/agent/mibgroup/agent/nsVacmAccessTable.c -+++ b/agent/mibgroup/agent/nsVacmAccessTable.c -@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, - entry = (struct vacm_accessEntry *) - netsnmp_extract_iterator_context(request); - table_info = netsnmp_extract_table_info(request); -+ if (!table_info || !table_info->indexes) -+ continue; - - /* Extract the authType token from the list of indexes */ - idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable; -+ if (idx->val_len >= sizeof(atype)) -+ continue; - memset(atype, 0, sizeof(atype)); - memcpy(atype, (char *)idx->val.string, idx->val_len); - viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype); -@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, - entry = (struct vacm_accessEntry *) - netsnmp_extract_iterator_context(request); - table_info = netsnmp_extract_table_info(request); -+ if (!table_info || !table_info->indexes) -+ continue; - ret = SNMP_ERR_NOERROR; - - switch (table_info->colnum) { -@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, - * Extract the authType token from the list of indexes - */ - idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable; -+ if (idx->val_len >= sizeof(atype)) -+ continue; - memset(atype, 0, sizeof(atype)); - memcpy(atype, (char *)idx->val.string, idx->val_len); - viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype); -@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, - idx = idx->next_variable; model = *idx->val.integer; - idx = idx->next_variable; level = *idx->val.integer; - entry = vacm_createAccessEntry( gName, cPrefix, model, level ); -- entry->storageType = ST_NONVOLATILE; -- netsnmp_insert_iterator_context(request, (void*)entry); -+ if (entry) { -+ entry->storageType = ST_NONVOLATILE; -+ netsnmp_insert_iterator_context(request, (void*)entry); -+ } - } - } - } -@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, - - /* Extract the authType token from the list of indexes */ - idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable; -+ if (idx->val_len >= sizeof(atype)) -+ continue; - memset(atype, 0, sizeof(atype)); - memcpy(atype, (char *)idx->val.string, idx->val_len); - viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype); -diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c -index 469a1eba59..62c9a3d051 100644 ---- a/agent/mibgroup/mibII/vacm_vars.c -+++ b/agent/mibgroup/mibII/vacm_vars.c -@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen, - return 1; - } - groupNameL = oidIndex[0]; -+ if ((groupNameL + 1) > (int) oidLen) { -+ return 1; -+ } - contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */ - if ((int) oidLen != groupNameL + contextPrefixL + 4) { - return 1; -diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c -index 0f52aaba49..0edea53cfb 100644 ---- a/agent/mibgroup/snmpv3/usmUser.c -+++ b/agent/mibgroup/snmpv3/usmUser.c -@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action, - if (usmStatusCheck(uptr)) { - uptr->userStatus = RS_ACTIVE; - } else { -- SNMP_FREE(engineID); -- SNMP_FREE(newName); - return SNMP_ERR_INCONSISTENTVALUE; - } - } else if (long_ret == RS_CREATEANDWAIT) { diff --git a/backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch b/backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch deleted file mode 100644 index cf95e48db1af1756ea13abdbd0a1295c95d3d0c8..0000000000000000000000000000000000000000 --- a/backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001 -From: Bill Fenner -Date: Tue, 24 Aug 2021 07:55:00 -0700 -Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request - -Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE -Fixes by: Arista Networks - -When a SET request includes a mix of delegated and -non-delegated requests (e.g., objects handled by master -agent and agentx sub-agent), the status can get lost while -waiting for the reply from the sub-agent. Recover the status -into the session from the requests even if it has already -been processed. ---- - agent/snmp_agent.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c -index 84fbb42b47..095ee70985 100644 ---- a/agent/snmp_agent.c -+++ b/agent/snmp_agent.c -@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp, - if (requests->status != SNMP_ERR_NOERROR && - (!look_for_specific || requests->status == look_for_specific) - && (look_for_specific || asp->index == 0 -- || requests->index < asp->index)) { -+ || requests->index <= asp->index)) { - asp->index = requests->index; - asp->status = requests->status; - } diff --git a/backport-Fix-the-build-against-OpenSSL-3.0.patch b/backport-Fix-the-build-against-OpenSSL-3.0.patch deleted file mode 100644 index b6237905dec6fc79ae18fc2a3350f943358780e5..0000000000000000000000000000000000000000 --- a/backport-Fix-the-build-against-OpenSSL-3.0.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 19e75743173cb8d49d49fd685b8e0249e83cc820 Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Wed, 8 Sep 2021 20:39:42 -0700 -Subject: [PATCH] libsnmp: Fix the build against OpenSSL 3.0 - -Fixes: https://github.com/net-snmp/net-snmp/issues/343 - -Origin: upstream, https://github.com/net-snmp/net-snmp/commit/19e75743173cb8d49d49fd685b8e0249e83cc820 -Bug: https://github.com/net-snmp/net-snmp/issues/343 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1945960 -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006511 ---- - snmplib/snmp_openssl.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c -index c092a007a..eb4856c57 100644 ---- a/snmplib/snmp_openssl.c -+++ b/snmplib/snmp_openssl.c -@@ -899,6 +899,11 @@ netsnmp_openssl_cert_issued_by(X509 *issuer, X509 *cert) - - - #ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG -+#ifndef ERR_GET_FUNC -+/* removed in OpenSSL 3.0 */ -+#define ERR_GET_FUNC(e) -1 -+#endif -+ - void - netsnmp_openssl_err_log(const char *prefix) - { - --- -2.32.0 \ No newline at end of file diff --git a/backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch b/backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch deleted file mode 100644 index 78976e32b5772e05367fa58d7ce0a234fd6916f9..0000000000000000000000000000000000000000 --- a/backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 2cd0e7d72a76ba27a18315b9ae67e6ed6d2c464a Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Mon, 9 Aug 2021 13:38:36 -0700 -Subject: [PATCH] IF-MIB: Add a trailing newline to an error message - -Fixes: 8bb544fbd2d6 ("Linux: IF-MIB: Fix a memory leak") ---- - agent/mibgroup/if-mib/data_access/interface_linux.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c -index e56cadf46..5322ee937 100644 ---- a/agent/mibgroup/if-mib/data_access/interface_linux.c -+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c -@@ -927,7 +927,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - netsnmp_interface_entry *existing = - CONTAINER_FIND(container, entry); - NETSNMP_LOGONCE((LOG_WARNING, -- "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s", -+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s\n", - entry->index, existing ? existing->name : "(?)", - entry->name)); - netsnmp_access_interface_entry_free(entry); --- -2.33.0 - diff --git a/backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch b/backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch deleted file mode 100644 index 86e56d9794ba02783be6f763c1ecd7c3f32014da..0000000000000000000000000000000000000000 --- a/backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch +++ /dev/null @@ -1,54 +0,0 @@ -From d4b58c60367a262d829eb33e7888d28cd4337481 Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Thu, 5 Aug 2021 18:56:50 -0700 -Subject: [PATCH] IF-MIB: Fix a recently introduced use-after-free - -Do not free the netsnmp_interface_entry corresponding to the previous line -from /proc/dev/net if an interface disappeared. Additionally, reduce the -scope of the 'entry' variable. - -Fixes: 600c54135b10 ("IF-MIB, IP-FORWARD-MIB: Improve robustness") ---- - agent/mibgroup/if-mib/data_access/interface_linux.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c -index 9d9b2ceb3..ea7389682 100644 ---- a/agent/mibgroup/if-mib/data_access/interface_linux.c -+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c -@@ -609,7 +609,6 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - { - FILE *devin; - char line[256]; -- netsnmp_interface_entry *entry = NULL; - static char scan_expected = 0; - int fd; - int interfaces = 0; -@@ -690,6 +689,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - * and retrieve (or create) the corresponding data structure. - */ - while (fgets(line, sizeof(line), devin)) { -+ netsnmp_interface_entry *entry = NULL; - char *stats, *ifstart = line; - u_int flags; - oid if_index; -@@ -738,7 +738,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - if (if_index == 0) { - DEBUGMSGTL(("access:interface", "network interface %s is gone", - ifstart)); -- goto free_entry; -+ continue; - } - #ifdef NETSNMP_ENABLE_IPV6 - _arch_interface_has_ipv6(if_index, &flags, addr_container); -@@ -933,7 +933,6 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s", - entry->index, existing ? existing->name : "(?)", - entry->name)); --free_entry: - netsnmp_access_interface_entry_free(entry); - } - } --- -2.33.0 - diff --git a/backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch b/backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch deleted file mode 100644 index ea36f9a8822a37caf674044143186ae4b543433d..0000000000000000000000000000000000000000 --- a/backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 600c54135b1015d56070f702d878772dd9f0d51e Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Mon, 2 Aug 2021 19:04:31 -0700 -Subject: [PATCH] IF-MIB, IP-FORWARD-MIB: Improve robustness - -It can happen that a network interface disappears after scanning has started -and before netsnmp_arch_interface_index_find() or another query function is -called. If that happens, ignore the network interface silently. ---- - agent/mibgroup/if-mib/data_access/interface_linux.c | 7 ++++++- - .../mibgroup/ip-forward-mib/data_access/route_linux.c | 11 ++++++----- - 2 files changed, 12 insertions(+), 6 deletions(-) - -diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c -index 215b30e80..7e4a35130 100644 ---- a/agent/mibgroup/if-mib/data_access/interface_linux.c -+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c -@@ -734,7 +734,11 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - * knows a better way, put it here! - */ - if_index = netsnmp_arch_interface_index_find(ifstart); -- netsnmp_assert(if_index != 0); -+ if (if_index == 0) { -+ DEBUGMSGTL(("access:interface", "network interface %s is gone", -+ ifstart)); -+ goto free_entry; -+ } - #ifdef NETSNMP_ENABLE_IPV6 - _arch_interface_has_ipv6(if_index, &flags, addr_container); - #endif -@@ -928,6 +932,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s", - entry->index, existing ? existing->name : "(?)", - entry->name)); -+free_entry: - netsnmp_access_interface_entry_free(entry); - } - } -diff --git a/agent/mibgroup/ip-forward-mib/data_access/route_linux.c b/agent/mibgroup/ip-forward-mib/data_access/route_linux.c -index 956e127c9..9b6a63ead 100644 ---- a/agent/mibgroup/ip-forward-mib/data_access/route_linux.c -+++ b/agent/mibgroup/ip-forward-mib/data_access/route_linux.c -@@ -97,9 +97,7 @@ _load_ipv4(netsnmp_container* container, u_long *index ) - snmp_log(LOG_ERR, - "/proc/net/route data format error (%d!=8), line ==|%s|", - rc, line); -- -- netsnmp_access_route_entry_free(entry); -- continue; -+ goto free_entry; - } - - /* -@@ -114,9 +112,12 @@ _load_ipv4(netsnmp_container* container, u_long *index ) - * but since that will open/close a socket, and we might - * have a lot of routes, call the ioctl routine directly. - */ -- if ('*' != name[0]) -+ if ('*' != name[0]) { - entry->if_index = - netsnmp_access_interface_ioctl_ifindex_get(fd,name); -+ if (entry->if_index == 0) -+ goto free_entry; -+ } - - /* - * arbitrary index -@@ -186,8 +187,8 @@ _load_ipv4(netsnmp_container* container, u_long *index ) - if (CONTAINER_INSERT(container, entry) < 0) - { - DEBUGMSGTL(("access:route:container", "error with route_entry: insert into container failed.\n")); -+free_entry: - netsnmp_access_route_entry_free(entry); -- continue; - } - } - --- -2.33.0 - diff --git a/backport-Linux-IF-MIB-Fix-a-memory-leak.patch b/backport-Linux-IF-MIB-Fix-a-memory-leak.patch deleted file mode 100644 index 44bdc09d1ad8e8b8d4eddadd0f45f0fbb6e371b5..0000000000000000000000000000000000000000 --- a/backport-Linux-IF-MIB-Fix-a-memory-leak.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Sat, 31 Jul 2021 16:21:16 -0700 -Subject: [PATCH] Linux: IF-MIB: Fix a memory leak - -The Linux kernel regenerates proc files in their entirety every time a 4 KiB -boundary is crossed. This can result in reading the same network interface -twice if network information changes while it is being read. Fix a memory -leak that can be triggered if /proc/net/dev changes while being read. ---- - agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c -index e99360a21..215b30e80 100644 ---- a/agent/mibgroup/if-mib/data_access/interface_linux.c -+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c -@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - /* - * add to container - */ -- CONTAINER_INSERT(container, entry); -+ if (CONTAINER_INSERT(container, entry) != 0) { -+ netsnmp_interface_entry *existing = -+ CONTAINER_FIND(container, entry); -+ NETSNMP_LOGONCE((LOG_WARNING, -+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s", -+ entry->index, existing ? existing->name : "(?)", -+ entry->name)); -+ netsnmp_access_interface_entry_free(entry); -+ } - } - #ifdef NETSNMP_ENABLE_IPV6 - netsnmp_access_ipaddress_container_free(addr_container, 0); --- -2.33.0 - diff --git a/backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch b/backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch deleted file mode 100644 index 4e4840fc0fabf1d99fd975365a18d7f27ea92f80..0000000000000000000000000000000000000000 --- a/backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8da919e4ad66dec376f54a6d2f7dd7a7fe68b8f0 Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Sat, 31 Jul 2021 16:01:11 -0700 -Subject: [PATCH] Linux: IF-MIB: Pass the network interface index to - netsnmp_access_interface_entry_create() - -Instead of letting netsnmp_access_interface_entry_create() call -netsnmp_arch_interface_index_find() a second time, pass the network interface -index to that function. ---- - agent/mibgroup/if-mib/data_access/interface_linux.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c -index 9c96eb92d..e99360a21 100644 ---- a/agent/mibgroup/if-mib/data_access/interface_linux.c -+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c -@@ -733,8 +733,9 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - * ip version is to look for ip addresses. If anyone - * knows a better way, put it here! - */ --#ifdef NETSNMP_ENABLE_IPV6 - if_index = netsnmp_arch_interface_index_find(ifstart); -+ netsnmp_assert(if_index != 0); -+#ifdef NETSNMP_ENABLE_IPV6 - _arch_interface_has_ipv6(if_index, &flags, addr_container); - #endif - netsnmp_access_interface_ioctl_has_ipv4(fd, ifstart, 0, &flags, &ifc); -@@ -752,7 +753,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container, - continue; - } - -- entry = netsnmp_access_interface_entry_create(ifstart, 0); -+ entry = netsnmp_access_interface_entry_create(ifstart, if_index); - if(NULL == entry) { - #ifdef NETSNMP_ENABLE_IPV6 - netsnmp_access_ipaddress_container_free(addr_container, 0); --- -2.33.0 - diff --git a/backport-Python-Fix-snmpwalk-with-UseNumeric-1.patch b/backport-Python-Fix-snmpwalk-with-UseNumeric-1.patch deleted file mode 100644 index 2f1d1aed61469d6838f4b00ed2304ba994f57f42..0000000000000000000000000000000000000000 --- a/backport-Python-Fix-snmpwalk-with-UseNumeric-1.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Wed, 9 Jun 2021 14:19:46 -0700 -Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1 - -Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()") -Fixes: https://github.com/net-snmp/net-snmp/issues/303 ---- - python/netsnmp/client_intf.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c -index e5e7372303..94da39fe34 100644 ---- a/python/netsnmp/client_intf.c -+++ b/python/netsnmp/client_intf.c -@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args) - - static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars, - int varlist_ind, int sprintval_flag, int *len, -- char **str_buf) -+ char **str_buf, int getlabel_flag) - { - struct tree *tp; - int type; -@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars, - int buf_over = 0; - const char *tag; - const char *iid; -- int getlabel_flag = NO_FLAGS; - - if (!PyObject_HasAttrString(varbind, "tag")) - return TYPE_OTHER; -@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type, - - varbind = PySequence_GetItem(varlist, varlist_ind); - type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag, -- &len, &str_buf); -+ &len, &str_buf, getlabel_flag); - if (type != TYPE_OTHER) { - /* save in return tuple as well */ - if ((type == SNMP_ENDOFMIBVIEW) || -@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args) - - varbind = py_netsnmp_construct_varbind(); - if (varbind && build_python_varbind(varbind, vars, varlist_ind, -- sprintval_flag, &len, &str_buf) != -+ sprintval_flag, &len, &str_buf, getlabel_flag) != - TYPE_OTHER) { - const int hex = is_hex(str_buf, len); - -@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args) - - varbind = py_netsnmp_construct_varbind(); - if (varbind && build_python_varbind(varbind, vars, varbind_ind, -- sprintval_flag, &len, &str_buf) != TYPE_OTHER) { -+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) { - const int hex = is_hex(str_buf, len); - - /* push varbind onto varbinds */ - diff --git a/backport-libsnmp-Fix-a-memory-leak-in-a-MIB-parser-error-path.patch b/backport-libsnmp-Fix-a-memory-leak-in-a-MIB-parser-error-path.patch deleted file mode 100644 index c8859268931c697d71c43dade6ee0b32a5d7658e..0000000000000000000000000000000000000000 --- a/backport-libsnmp-Fix-a-memory-leak-in-a-MIB-parser-error-path.patch +++ /dev/null @@ -1,81 +0,0 @@ -From d0277ca1ccd6ec8d786355a433717a9dbf41112e Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Sat, 7 Aug 2021 08:32:03 -0700 -Subject: [PATCH] libsnmp: Fix a memory leak in a MIB parser error path - -This patch should fix -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36879. ---- - snmplib/parse.c | 29 ++++++++++++++++++++--------- - 1 file changed, 20 insertions(+), 9 deletions(-) - -diff --git a/snmplib/parse.c b/snmplib/parse.c -index 6d9d84a..5eb675b 100644 ---- a/snmplib/parse.c -+++ b/snmplib/parse.c -@@ -1865,18 +1865,22 @@ do_linkup(struct module *mp, struct node *np) - } - - --/* -+/** -+ * Read an OID from a file. -+ * @param[in] file File to read from. -+ * @param[out] id_arg Array to store the OID in. -+ * @param[in] length Number of elements in the @id_arg array. -+ * - * Takes a list of the form: - * { iso org(3) dod(6) 1 } - * and creates several nodes, one for each parent-child pair. - * Returns 0 on error. - */ - static int --getoid(FILE * fp, struct subid_s *id, /* an array of subids */ -- int length) --{ /* the length of the array */ -- register int count; -- int type; -+getoid(FILE * fp, struct subid_s *id_arg, int length) -+{ -+ struct subid_s *id = id_arg; -+ int i, count, type; - char token[MAXTOKEN]; - - if ((type = get_token(fp, token, MAXTOKEN)) != LEFTBRACKET) { -@@ -1904,11 +1908,11 @@ getoid(FILE * fp, struct subid_s *id, /* an array of subids */ - get_token(fp, token, MAXTOKEN)) != RIGHTPAREN) { - print_error("Expected a closing parenthesis", - token, type); -- return 0; -+ goto free_labels; - } - } else { - print_error("Expected a number", token, type); -- return 0; -+ goto free_labels; - } - } else { - continue; -@@ -1920,11 +1924,18 @@ getoid(FILE * fp, struct subid_s *id, /* an array of subids */ - id->subid = strtoul(token, NULL, 10); - } else { - print_error("Expected label or number", token, type); -- return 0; -+ goto free_labels; - } - type = get_token(fp, token, MAXTOKEN); - } - print_error("Too long OID", token, type); -+ -+free_labels: -+ for (i = 0; i < count; i++) { -+ free(id[i].label); -+ id[i].label = NULL; -+ } -+ - return 0; - } - --- -1.8.3.1 - diff --git a/backport-libsnmp-Fix-more-undefined-behavior-in-asn_build_int.patch b/backport-libsnmp-Fix-more-undefined-behavior-in-asn_build_int.patch deleted file mode 100644 index 6a362ade886c077d1c2fb4fe5e7351a0ebe33b46..0000000000000000000000000000000000000000 --- a/backport-libsnmp-Fix-more-undefined-behavior-in-asn_build_int.patch +++ /dev/null @@ -1,29 +0,0 @@ -From b9308221b1d0c1f77c8b2511e196376dc2870211 Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Sun, 29 Aug 2021 09:25:06 -0700 -Subject: [PATCH] libsnmp: Fix more undefined behavior in asn_build_int() - -According to the C standard, triggering an overflow by shifting a signed -integer left results in undefined behavior. Fix this by inserting a cast. - -Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37808 ---- - snmplib/asn1.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/snmplib/asn1.c b/snmplib/asn1.c -index 959ae21..07bdcc6 100644 ---- a/snmplib/asn1.c -+++ b/snmplib/asn1.c -@@ -771,7 +771,7 @@ asn_build_int(u_char * data, - while ((((integer & mask) == 0) || ((integer & mask) == mask)) - && intsize > 1) { - intsize--; -- integer <<= 8; -+ integer = (u_long)integer << 8; - } - data = asn_build_header(data, datalength, type, intsize); - if (_asn_build_header_check(errpre, data, *datalength, intsize)) --- -1.8.3.1 - diff --git a/backport-libsnmp-Fix-the-getoid-error-path.patch b/backport-libsnmp-Fix-the-getoid-error-path.patch deleted file mode 100644 index 001053f1e9ebf9010771e0f22fb06ccbc65290ea..0000000000000000000000000000000000000000 --- a/backport-libsnmp-Fix-the-getoid-error-path.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 413b17eecd6af8e8247501805b5a366b709828bf Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Mon, 9 Aug 2021 14:07:20 -0700 -Subject: [PATCH] libsnmp: Fix the getoid() error path - -Fixes: d0277ca1ccd6 ("libsnmp: Fix a memory leak in a MIB parser error path") ---- - snmplib/parse.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/snmplib/parse.c b/snmplib/parse.c -index 5eb675b..19ccc0f 100644 ---- a/snmplib/parse.c -+++ b/snmplib/parse.c -@@ -1929,11 +1929,12 @@ getoid(FILE * fp, struct subid_s *id_arg, int length) - type = get_token(fp, token, MAXTOKEN); - } - print_error("Too long OID", token, type); -+ --count; - - free_labels: -- for (i = 0; i < count; i++) { -- free(id[i].label); -- id[i].label = NULL; -+ for (i = 0; i <= count; i++) { -+ free(id_arg[i].label); -+ id_arg[i].label = NULL; - } - - return 0; --- -1.8.3.1 - diff --git a/backport-libsnmp-Fix-undefined-behavior-in-asn_build_int.patch b/backport-libsnmp-Fix-undefined-behavior-in-asn_build_int.patch deleted file mode 100644 index 5a796a8b56edad1854fc5f5c8d408a03baf528af..0000000000000000000000000000000000000000 --- a/backport-libsnmp-Fix-undefined-behavior-in-asn_build_int.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 277d75633d8008cde468d026694289ca32f2cb6d Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Thu, 26 Aug 2021 10:17:11 -0700 -Subject: [PATCH] libsnmp: Fix undefined behavior in asn_build_int() - -According to the C standard, triggering an overflow by shifting a signed -integer results in undefined behavior. Fix this by inserting a cast. - -Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37579 ---- - snmplib/asn1.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/snmplib/asn1.c b/snmplib/asn1.c -index d5d7eb6..959ae21 100644 ---- a/snmplib/asn1.c -+++ b/snmplib/asn1.c -@@ -784,7 +784,7 @@ asn_build_int(u_char * data, - */ - while (intsize--) { - *data++ = (u_char) ((integer & mask) >> (8 * (sizeof(long) - 1))); -- integer <<= 8; -+ integer = (u_long)integer << 8; - } - DEBUGDUMPSETUP("send", initdatap, data - initdatap); - DEBUGMSG(("dumpv_send", " Integer:\t%ld (0x%.2lX)\n", *intp, *intp)); --- -1.8.3.1 - diff --git a/backport-net-snmp-5.7.2-cert-path.patch b/backport-net-snmp-5.7.2-cert-path.patch index 495fccba67ffb70595286a4969a2db1f58490cdc..9fc17006dd28d62b63af4dc8398f0599d2d1cb92 100644 --- a/backport-net-snmp-5.7.2-cert-path.patch +++ b/backport-net-snmp-5.7.2-cert-path.patch @@ -1,9 +1,9 @@ 1134475 - dependency in perl package - + Use hardcoded path to configuration directories instead of net-snmp-config. net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl depending on -devel. - + diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert --- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200 +++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200 @@ -28,3 +28,5 @@ diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-s } sub initOpts { + + diff --git a/backport-net-snmp-5.8-rpm-memory-leak.patch b/backport-net-snmp-5.8-rpm-memory-leak.patch index 33b8d299375d67bd5c04863537cdcb08ff708d9e..a10ec711678789c7e1bcbd4f1e95e04f141b43f4 100644 --- a/backport-net-snmp-5.8-rpm-memory-leak.patch +++ b/backport-net-snmp-5.8-rpm-memory-leak.patch @@ -1,6 +1,7 @@ -diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c ---- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200 -+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200 +diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c +index 695c469..dd0e487 100644 +--- a/agent/mibgroup/host/data_access/swinst_rpm.c ++++ b/agent/mibgroup/host/data_access/swinst_rpm.c @@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void) snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath ); SNMP_FREE(rpmdbpath); @@ -9,11 +10,12 @@ diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/ + rpmFreeRpmrc(); +#endif if (-1 == stat( pkg_directory, &stat_buf )) { - snmp_log(LOG_ERR, "Can't find directory of RPM packages"); + snmp_log(LOG_ERR, "Can't find directory of RPM packages\n"); pkg_directory[0] = '\0'; -diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c ---- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200 -+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200 +diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c +index 1f52733..ccf1cab 100644 +--- a/agent/mibgroup/host/hr_swinst.c ++++ b/agent/mibgroup/host/hr_swinst.c @@ -231,6 +231,9 @@ init_hr_swinst(void) snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath); path[ sizeof(path)-1 ] = 0; @@ -24,3 +26,5 @@ diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c } #else # ifdef _PATH_HRSW_directory + + diff --git a/backport-net-snmp-5.9-autofs-skip.patch b/backport-net-snmp-5.9-autofs-skip.patch index 0d054b29c6c83c700b63d1cbd71cdae6d9db513b..448c1d479b5c3daa4292dfd38f38fcedb4ee68f8 100644 --- a/backport-net-snmp-5.9-autofs-skip.patch +++ b/backport-net-snmp-5.9-autofs-skip.patch @@ -1,5 +1,5 @@ diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c -index 4f78df3..fd25b3f 100644 +index e7ca92f..80b3e0d 100644 --- a/agent/mibgroup/host/hr_filesys.c +++ b/agent/mibgroup/host/hr_filesys.c @@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = { @@ -10,37 +10,5 @@ index 4f78df3..fd25b3f 100644 "usbdevfs", "usbfs", #endif -diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c -index 6b459ec..f7a376b 100644 ---- a/agent/mibgroup/host/hr_storage.c -+++ b/agent/mibgroup/host/hr_storage.c -@@ -540,9 +540,10 @@ really_try_next: - - store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ]; - if (store_idx > NETSNMP_MEM_TYPE_MAX ) { -- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, -+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, - NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && -- Check_HR_FileSys_NFS()) -+ Check_HR_FileSys_NFS()) || -+ Check_HR_FileSys_AutoFs()) - return NULL; /* or goto try_next; */ - if (Check_HR_FileSys_AutoFs()) - return NULL; -diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c -index 8967d35..9bf2659 100644 ---- a/agent/mibgroup/host/hrh_storage.c -+++ b/agent/mibgroup/host/hrh_storage.c -@@ -366,9 +366,10 @@ really_try_next: - store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ]; - if (HRFS_entry && - store_idx > NETSNMP_MEM_TYPE_MAX && -- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, -+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, - NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && -- Check_HR_FileSys_NFS()) -+ Check_HR_FileSys_NFS()) || -+ Check_HR_FileSys_AutoFs())) - return NULL; - if (HRFS_entry && Check_HR_FileSys_AutoFs()) - return NULL; + + diff --git a/backport-net-snmp-5.9-cflags.patch b/backport-net-snmp-5.9-cflags.patch index 5099cde95dbbc6b7f7b6ffd9db720e81f1d93c3e..bfb0a4b9f339252b735e2bbc265da0df3f600adb 100644 --- a/backport-net-snmp-5.9-cflags.patch +++ b/backport-net-snmp-5.9-cflags.patch @@ -1,19 +1,4 @@ -diff -urNp a/net-snmp-config.in b/net-snmp-config.in ---- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200 -+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200 -@@ -140,10 +140,10 @@ else - ;; - #################################################### compile - --base-cflags) -- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR} -+ echo -I${NSC_INCLUDEDIR} - ;; - --cflags|--cf*) -- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR} -+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR} - ;; - --srcdir) - echo $NSC_SRCDIR + diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL --- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200 +++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200 @@ -34,3 +19,5 @@ diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm append($Params->{'CCFLAGS'}, '-Wformat'); } } + + diff --git a/backport-net-snmp-5.9-dir-fix.patch b/backport-net-snmp-5.9-dir-fix.patch index 00d531f7e68fc085c817025738bdd4d890f0c847..0037c88bc831e4622cc2f37fdd79b1fde4c79256 100644 --- a/backport-net-snmp-5.9-dir-fix.patch +++ b/backport-net-snmp-5.9-dir-fix.patch @@ -1,24 +1,32 @@ diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in -index 452c269..afd6fa4 100644 +index 19895a1..ac3c60f 100644 --- a/net-snmp-create-v3-user.in +++ b/net-snmp-create-v3-user.in -@@ -16,6 +16,10 @@ Xalgorithm="DES" +@@ -14,6 +14,10 @@ Xalgorithm="DES" token=rwuser - + while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do +case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; +esac - + unset shifted case $1 in -@@ -136,7 +140,7 @@ fi +@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then + touch "$outfile" + fi echo "$line" >> "$outfile" - # Avoid that configure complains that this script ignores @datarootdir@ - echo "@datarootdir@" >/dev/null +-prefix=@prefix@ +-datarootdir=@datarootdir@ +-# To suppress shellcheck complaints about $prefix and $datarootdir. +-: "$prefix" "$datarootdir" -outfile="@datadir@/snmp/snmpd.conf" ++# Avoid that configure complains that this script ignores @datarootdir@ ++echo "@datarootdir@" >/dev/null +outfile="/etc/snmp/snmpd.conf" line="$token $user" echo "adding the following line to $outfile:" echo " $line" + + diff --git a/backport-net-snmp-5.9-dskTable-dynamic.patch b/backport-net-snmp-5.9-dskTable-dynamic.patch deleted file mode 100644 index 035bf553286d13f980c2a93e489bf13128530dfa..0000000000000000000000000000000000000000 --- a/backport-net-snmp-5.9-dskTable-dynamic.patch +++ /dev/null @@ -1,179 +0,0 @@ -diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c ---- a/agent/mibgroup/ucd-snmp/disk.c 2021-05-26 08:56:39.678900275 +0200 -+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-05-26 09:09:32.308731157 +0200 -@@ -153,9 +153,10 @@ static void disk_free_config(void) - static void disk_parse_config(const char *, char *); - static void disk_parse_config_all(const char *, char *); - #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS --static void find_and_add_allDisks(int minpercent); -+static void refresh_disk_table(int addNewDisks, int minpercent); - static void add_device(char *path, char *device, -- int minspace, int minpercent, int override); -+ int minspace, int minpercent, int addNewDisks, -+ int override); - static void modify_disk_parameters(int index, int minspace, - int minpercent); - static int disk_exists(char *path); -@@ -167,6 +168,7 @@ struct diskpart { - char path[STRMAX]; - int minimumspace; - int minpercent; -+ int alive; - }; - - #define MAX_INT_32 0x7fffffff -@@ -174,6 +176,7 @@ struct diskpart { - - unsigned int numdisks; - int allDisksIncluded = 0; -+int allDisksMinPercent = 0; - unsigned int maxdisks = 0; - struct diskpart *disks; - -@@ -238,6 +241,7 @@ init_disk(void) - disk_free_config, - "minpercent%"); - allDisksIncluded = 0; -+ allDisksMinPercent = 0; - } - - static void -@@ -253,6 +257,7 @@ disk_free_config(void) - disks[i].minpercent = -1; - } - allDisksIncluded = 0; -+ allDisksMinPercent = 0; - } - - static void -@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha - * check if the disk already exists, if so then modify its - * parameters. if it does not exist then add it - */ -- add_device(path, find_device(path), minspace, minpercent, 1); -+ add_device(path, find_device(path), minspace, minpercent, 1, 1); - #endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */ - } - -@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token, - - #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS - static void --add_device(char *path, char *device, int minspace, int minpercent, int override) -+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override) - { - int index; - -@@ -402,10 +407,16 @@ add_device(char *path, char *device, int - } - - index = disk_exists(path); -- if((index != -1) && (index < maxdisks) && (override==1)) { -- modify_disk_parameters(index, minspace, minpercent); -+ if((index != -1) && (index < maxdisks)) { -+ /* the path is already in the table */ -+ disks[index].alive = 1; -+ /* -> update its device */ -+ strlcpy(disks[index].device, device, sizeof(disks[index].device)); -+ if (override == 1) { -+ modify_disk_parameters(index, minspace, minpercent); -+ } - } -- else if(index == -1){ -+ else if(index == -1 && addNewDisks){ - /* add if and only if the device was found */ - if(device[0] != 0) { - /* The following buffers are cleared above, no need to add '\0' */ -@@ -413,6 +424,7 @@ add_device(char *path, char *device, int - strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device)); - disks[numdisks].minimumspace = minspace; - disks[numdisks].minpercent = minpercent; -+ disks[numdisks].alive = 1; - numdisks++; - } - else { -@@ -420,6 +432,7 @@ add_device(char *path, char *device, int - disks[numdisks].minpercent = -1; - disks[numdisks].path[0] = 0; - disks[numdisks].device[0] = 0; -+ disks[numdisks].alive = 0; - } - } - } -@@ -444,7 +457,7 @@ int disk_exists(char *path) - } - - static void --find_and_add_allDisks(int minpercent) -+refresh_disk_table(int addNewDisks, int minpercent) - { - #if HAVE_GETMNTENT - #if HAVE_SYS_MNTTAB_H -@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent) - return; - } - while (mntfp && NULL != (mntent = getmntent(mntfp))) { -- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0); -+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0); - dummy = 1; - } - if (mntfp) -@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent) - return; - } - while ((i = getmntent(mntfp, &mnttab)) == 0) { -- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0); -+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0); - dummy = 1; - } - fclose(mntfp); -@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent) - mntsize = getmntinfo(&mntbuf, MNT_NOWAIT); - for (i = 0; i < mntsize; i++) { - add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, -- minpercent, 0); -+ minpercent, addNewDisks, 0); - } - } - #elif HAVE_FSTAB_H - setfsent(); /* open /etc/fstab */ - while((fstab1 = getfsent()) != NULL) { -- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0); -+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0); - dummy = 1; - } - endfsent(); /* close /etc/fstab */ -@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent) - * statfs we default to the root partition "/" - */ - if (statfs("/", &statf) == 0) { -- add_device("/", statf.f_mntfromname, -1, minpercent, 0); -+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0); - } - #endif - else { -@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_e - #endif - #endif - -+ if (disks[disknum].alive == 0){ -+ return -1; -+ } -+ - entry->dskPercentInode = -1; - - #if defined(HAVE_STATVFS) || defined(HAVE_STATFS) -@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp, - static char *errmsg; - static char empty_str[1]; - -+ int i; -+ for (i = 0; i < numdisks; i++){ -+ disks[i].alive = 0; -+ } -+ /* dynamically add new disks + update alive flag */ -+ refresh_disk_table(allDisksIncluded, allDisksMinPercent); -+ - tryAgain: - if (header_simple_table - (vp, name, length, exact, var_len, write_method, numdisks)) diff --git a/backport-net-snmp-5.9-ipv6-disable-leak.patch b/backport-net-snmp-5.9-ipv6-disable-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..f8c20fd8c22b11ad53a2b4e2a70643055517d5ea --- /dev/null +++ b/backport-net-snmp-5.9-ipv6-disable-leak.patch @@ -0,0 +1,12 @@ +diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c +--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100 ++++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100 +@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc, + char * + snmp_log_syslogname(const char *pstr) + { +- if (pstr) ++ if (pstr && (pstr != syslogname)) + strlcpy (syslogname, pstr, sizeof(syslogname)); + + return syslogname; diff --git a/backport-net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch b/backport-net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch deleted file mode 100644 index 8f1f2ed8bb86ba0ea2e96b3621d821f0285efad6..0000000000000000000000000000000000000000 --- a/backport-net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/apps/Makefile.in b/apps/Makefile.in -index d4529d3..175242b 100644 ---- a/apps/Makefile.in -+++ b/apps/Makefile.in -@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS) - $(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap - - libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS) -- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS) -+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS) - $(RANLIB) $@ - - snmpinforminstall: diff --git a/backport-net-snmp-5.9-pie.patch b/backport-net-snmp-5.9-pie.patch index cb2793d3f663589782ecd87769d35a5989b7f586..a79290413a4afdd0004db1801e3984eb8681c53d 100644 --- a/backport-net-snmp-5.9-pie.patch +++ b/backport-net-snmp-5.9-pie.patch @@ -1,8 +1,8 @@ diff --git a/agent/Makefile.in b/agent/Makefile.in -index b5d692d..1a30209 100644 +index 047d880..38d40aa 100644 --- a/agent/Makefile.in +++ b/agent/Makefile.in -@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c +@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) @@ -10,9 +10,9 @@ index b5d692d..1a30209 100644 + $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS) - $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ + $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ diff --git a/apps/Makefile.in b/apps/Makefile.in -index 43f3b9c..d4529d3 100644 +index 3dbb1d1..48ed23a 100644 --- a/apps/Makefile.in +++ b/apps/Makefile.in @@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS) diff --git a/backport-net-snmp-5.9-sendmsg-error-code.patch b/backport-net-snmp-5.9-sendmsg-error-code.patch new file mode 100644 index 0000000000000000000000000000000000000000..57c8b76a67d0acd7da9dcf5d3a40072fcf926d46 --- /dev/null +++ b/backport-net-snmp-5.9-sendmsg-error-code.patch @@ -0,0 +1,32 @@ +From 298c8103db80b292791616af4fd497342a71867f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= +Date: Wed, 24 May 2023 10:49:41 +0200 +Subject: [PATCH] libsnmp, UDP transport: Fix sendmsg() error code handling + +This change has been made because of Linux kernel commit "ipv4: Return +-ENETUNREACH if we can't create route but saddr is valid" +(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=595e0651d029) + +Fixes: https://github.com/net-snmp/net-snmp/issues/564 +Fixes: https://github.com/net-snmp/net-snmp/pull/576 + +[ bvanassche: edited commit message ] +--- + snmplib/transports/snmpUDPBaseDomain.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c +index ca8f9a5554..cd6b15e2ad 100644 +--- a/snmplib/transports/snmpUDPBaseDomain.c ++++ b/snmplib/transports/snmpUDPBaseDomain.c +@@ -315,7 +315,7 @@ int netsnmp_udpbase_sendto_unix(int fd, const struct in_addr *srcip, + sizeof(struct sockaddr)); + else + rc = sendmsg(fd, &m, MSG_DONTWAIT); +- if (rc >= 0 || errno != EINVAL) ++ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH)) + return rc; + + /* + + diff --git a/backport-net-snmp-5.9-usage-exit.patch b/backport-net-snmp-5.9-usage-exit.patch deleted file mode 100644 index c43c8462435a8acbfcddbca3c629ef256f729d31..0000000000000000000000000000000000000000 --- a/backport-net-snmp-5.9-usage-exit.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/agent/snmpd.c b/agent/snmpd.c -index ae73eda..f01b890 100644 ---- a/agent/snmpd.c -+++ b/agent/snmpd.c -@@ -289,6 +289,7 @@ usage(char *prog) - " -S d|i|0-7\t\tuse -Ls instead\n" - "\n" - ); -+ exit(1); - } - - static void diff --git a/backport-net-snmp-5.9.1-remove-err-log.patch b/backport-net-snmp-5.9.1-remove-err-log.patch deleted file mode 100644 index 5bacc4e7447275e49da3cbe71bfce0900f469ffd..0000000000000000000000000000000000000000 --- a/backport-net-snmp-5.9.1-remove-err-log.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c ---- a/snmplib/transports/snmpTLSBaseDomain.c 2021-09-15 07:55:39.784900445 +0200 -+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-10-04 15:35:48.157385970 +0200 -@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util); - - int openssl_local_index; - --#ifndef HAVE_ERR_GET_ERROR_ALL --/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */ --static unsigned long ERR_get_error_all(const char **file, int *line, -- const char **func, -- const char **data, int *flags) --{ -- *func = NULL; -- return ERR_get_error_line_data(file, line, data, flags); --} --#endif -- - /* this is called during negotiation */ - int verify_callback(int ok, X509_STORE_CTX *ctx) { - int err, depth; -@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con - ERR_reason_error_string(ERR_get_error())); - - } -- -- /* other errors */ -- while ((numerical_reason = -- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) { -- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n", -- ERR_error_string(numerical_reason, NULL), file, func, line); -- -- /* if we have a text translation: */ -- if (data && (flags & ERR_TXT_STRING)) { -- snmp_log(LOG_ERR, " Textual Error: %s\n", data); -- /* -- * per openssl man page: If it has been allocated by -- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true. -- * -- * arggh... stupid openssl prototype for ERR_get_error_line_data -- * wants a const char **, but returns something that we might -- * need to free?? -- */ -- if (flags & ERR_TXT_MALLOCED) -- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); } -- } - - snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n"); - } diff --git a/net-snmp-5.9.1.tar.gz b/net-snmp-5.9.3.tar.gz similarity index 47% rename from net-snmp-5.9.1.tar.gz rename to net-snmp-5.9.3.tar.gz index 6f647ae9c4021af5ca1226156d4d04cb1e490426..3645629a9edd542c46b003279e7e9c0ec7972551 100644 Binary files a/net-snmp-5.9.1.tar.gz and b/net-snmp-5.9.3.tar.gz differ diff --git a/net-snmp-tmpfs.conf b/net-snmp-tmpfs.conf index 382f8ebfa5911780ccbecdf99b1d0152b84bfda9..9f782d67830b14b0f316887f74b3bca258d7ae3d 100644 --- a/net-snmp-tmpfs.conf +++ b/net-snmp-tmpfs.conf @@ -1 +1 @@ -d /var/run/net-snmp 0755 root root +d /run/net-snmp 0755 root root diff --git a/net-snmp.spec b/net-snmp.spec index 31010cdd8d8c9df2bdbd262e3026083f57fefc0e..b4c9821ac539c135cf1109da7312cf88b3f58aa5 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -2,8 +2,8 @@ %global multilib_arches x86_64 aarch64 Name: net-snmp -Version: 5.9.1 -Release: 8 +Version: 5.9.3 +Release: 1 Epoch: 1 Summary: SNMP Daemon License: BSD @@ -26,38 +26,23 @@ Patch4: backport-net-snmp-5.9-test-debug.patch Patch5: backport-net-snmp-5.7.2-cert-path.patch Patch6: backport-net-snmp-5.9-cflags.patch Patch7: backport-net-snmp-5.8-Remove-U64-typedef.patch -Patch8: backport-net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch -Patch9: backport-net-snmp-5.7.3-iterator-fix.patch -Patch10: backport-net-snmp-5.9-autofs-skip.patch -Patch12: backport-net-snmp-5.9-usage-exit.patch -Patch13: backport-net-snmp-5.9-coverity.patch -Patch15: backport-net-snmp-5.9-dskTable-dynamic.patch -Patch16: backport-net-snmp-5.8-expand-SNMPCONFPATH.patch -Patch17: backport-net-snmp-5.8-duplicate-ipAddress.patch -Patch18: backport-net-snmp-5.9-memory-reporting.patch -Patch19: backport-net-snmp-5.8-man-page.patch -Patch20: backport-net-snmp-5.8-ipAddress-faster-load.patch -Patch21: backport-net-snmp-5.8-rpm-memory-leak.patch -Patch22: backport-net-snmp-5.9-aes-config.patch -Patch23: backport-net-snmp-5.8-modern-rpm-api.patch -Patch24: backport-net-snmp-5.9-python3.patch -Patch25: backport-libsnmp-Fix-more-undefined-behavior-in-asn_build_int.patch -Patch26: backport-libsnmp-Fix-undefined-behavior-in-asn_build_int.patch -Patch30: backport-libsnmp-Fix-a-memory-leak-in-a-MIB-parser-error-path.patch -Patch31: backport-libsnmp-Fix-the-getoid-error-path.patch -Patch32: backport-Python-Fix-snmpwalk-with-UseNumeric-1.patch -Patch33: backport-net-snmp-5.9.1-autoconf.patch -Patch34: backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch -Patch35: backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch -Patch36: backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch -Patch37: backport-Linux-IF-MIB-Fix-a-memory-leak.patch -Patch38: backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch -Patch39: backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch -Patch40: backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch -Patch41: backport-CVE-2022-44792_CVE-2022-44793.patch -Patch42: backport-Fix-the-build-against-OpenSSL-3.0.patch -Patch43: backport-libsnmp-Remove-netsnmp_openssl_err_log.patch -Patch44: backport-net-snmp-5.9.1-remove-err-log.patch +Patch8: backport-net-snmp-5.7.3-iterator-fix.patch +Patch9: backport-net-snmp-5.9-autofs-skip.patch +Patch10: backport-net-snmp-5.9-coverity.patch +Patch11: backport-net-snmp-5.8-expand-SNMPCONFPATH.patch +Patch12: backport-net-snmp-5.8-duplicate-ipAddress.patch +Patch13: backport-net-snmp-5.9-memory-reporting.patch +Patch14: backport-net-snmp-5.8-man-page.patch +Patch15: backport-net-snmp-5.8-ipAddress-faster-load.patch +Patch16: backport-net-snmp-5.8-rpm-memory-leak.patch +Patch17: backport-net-snmp-5.9-aes-config.patch +Patch18: backport-net-snmp-5.8-modern-rpm-api.patch +Patch19: backport-net-snmp-5.9-python3.patch +Patch20: backport-net-snmp-5.9.1-autoconf.patch +Patch21: backport-CVE-2022-44792_CVE-2022-44793.patch +Patch22: backport-libsnmp-Remove-netsnmp_openssl_err_log.patch +Patch23: backport-net-snmp-5.9-ipv6-disable-leak.patch +Patch24: backport-net-snmp-5.9-sendmsg-error-code.patch %{?systemd_requires} BuildRequires: systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel @@ -337,6 +322,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_mandir}/man1/fixproc* %changelog +* Mon Aug 07 2023 xingwei - 1:5.9.3-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update net-snmp to 5.9.3 + * Wed May 24 2023 xingwei - 1:5.9.1-8 - Type:bugfix - CVE:NA