rpms
/
net-snmp
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolves: #2072230 - New upstream release 5.9.3

This commit is contained in:
Josef Řídký 2022-08-04 15:03:38 +02:00
parent 5567bd7e3e
commit f9c2f25179
14 changed files with 96 additions and 572 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -8,3 +8,4 @@ net-snmp-5.5.tar.gz
/net-snmp-5.8.tar.gz
/net-snmp-5.9.tar.gz
/net-snmp-5.9.1.tar.gz
/net-snmp-5.9.3.tar.gz

16
net-snmp-5.8-rpm-memory-leak.patch
View File

@ -1,6 +1,7 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
index 695c469..dd0e487 100644
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
SNMP_FREE(rpmdbpath);
@ -9,11 +10,12 @@ diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/
+ rpmFreeRpmrc();
+#endif
if (-1 == stat( pkg_directory, &stat_buf )) {
snmp_log(LOG_ERR, "Can't find directory of RPM packages");
snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
pkg_directory[0] = '\0';
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200
diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
index 1f52733..ccf1cab 100644
--- a/agent/mibgroup/host/hr_swinst.c
+++ b/agent/mibgroup/host/hr_swinst.c
@@ -231,6 +231,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;

98
net-snmp-5.9-ECC-cert.patch
View File

@ -1,98 +0,0 @@
From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001
From: minfrin <minfrin@users.noreply.github.com>
Date: Tue, 5 Jan 2021 23:17:14 +0000
Subject: [PATCH] Add support for digests detected from ECC certificates
Previously, the digest could be detected on RSA certificates only. This
patch adds detection for ECC certificates.
[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2
back to _htmap ]
---
snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++-------
1 file changed, 50 insertions(+), 10 deletions(-)
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index c092a007a..432cb5c27 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
}
}
-static int _htmap[NS_HASH_MAX + 1] = {
- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption,
- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption,
- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption };
+static const struct {
+ uint16_t nid;
+ uint16_t ht;
+} _htmap[] = {
+ { 0, NS_HASH_NONE },
+#ifdef NID_md5WithRSAEncryption
+ { NID_md5WithRSAEncryption, NS_HASH_MD5 },
+#endif
+#ifdef NID_sha1WithRSAEncryption
+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 },
+#endif
+#ifdef NID_ecdsa_with_SHA1
+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 },
+#endif
+#ifdef NID_sha224WithRSAEncryption
+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 },
+#endif
+#ifdef NID_ecdsa_with_SHA224
+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 },
+#endif
+#ifdef NID_sha256WithRSAEncryption
+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 },
+#endif
+#ifdef NID_ecdsa_with_SHA256
+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 },
+#endif
+#ifdef NID_sha384WithRSAEncryption
+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 },
+#endif
+#ifdef NID_ecdsa_with_SHA384
+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 },
+#endif
+#ifdef NID_sha512WithRSAEncryption
+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 },
+#endif
+#ifdef NID_ecdsa_with_SHA512
+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 },
+#endif
+};
int
_nid2ht(int nid)
{
int i;
- for (i=1; i<= NS_HASH_MAX; ++i) {
- if (nid == _htmap[i])
- return i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].nid == nid)
+ return _htmap[i].ht;
}
return 0;
}
@@ -541,9 +577,13 @@ _nid2ht(int nid)
int
_ht2nid(int ht)
{
- if ((ht < 0) || (ht > NS_HASH_MAX))
- return 0;
- return _htmap[ht];
+ int i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].ht == ht)
+ return _htmap[i].nid;
+ }
+ return 0;
}
#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */

36
net-snmp-5.9-autofs-skip.patch
View File

@ -1,5 +1,5 @@
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
index 4f78df3..fd25b3f 100644
index e7ca92f..80b3e0d 100644
--- a/agent/mibgroup/host/hr_filesys.c
+++ b/agent/mibgroup/host/hr_filesys.c
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
@ -10,37 +10,3 @@ index 4f78df3..fd25b3f 100644
"usbdevfs",
"usbfs",
#endif
diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c
index 6b459ec..f7a376b 100644
--- a/agent/mibgroup/host/hr_storage.c
+++ b/agent/mibgroup/host/hr_storage.c
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (Check_HR_FileSys_AutoFs())
return NULL;
diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c
index 8967d35..9bf2659 100644
--- a/agent/mibgroup/host/hrh_storage.c
+++ b/agent/mibgroup/host/hrh_storage.c
@@ -366,9 +366,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (HRFS_entry && Check_HR_FileSys_AutoFs())
return NULL;

16
net-snmp-5.9-dir-fix.patch
View File

@ -1,8 +1,8 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 452c269..afd6fa4 100644
index 19895a1..ac3c60f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -16,6 +16,10 @@ Xalgorithm="DES"
@@ -14,6 +14,10 @@ Xalgorithm="DES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
@ -13,11 +13,17 @@ index 452c269..afd6fa4 100644
unset shifted
case $1 in
@@ -136,7 +140,7 @@ fi
@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
touch "$outfile"
fi
echo "$line" >> "$outfile"
# Avoid that configure complains that this script ignores @datarootdir@
echo "@datarootdir@" >/dev/null
-prefix=@prefix@
-datarootdir=@datarootdir@
-# To suppress shellcheck complaints about $prefix and $datarootdir.
-: "$prefix" "$datarootdir"
-outfile="@datadir@/snmp/snmpd.conf"
+# Avoid that configure complains that this script ignores @datarootdir@
+echo "@datarootdir@" >/dev/null
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"

179
net-snmp-5.9-dskTable-dynamic.patch
View File

@ -1,179 +0,0 @@
diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2021-05-26 08:56:39.678900275 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-05-26 09:09:32.308731157 +0200
@@ -153,9 +153,10 @@ static void disk_free_config(void)
static void disk_parse_config(const char *, char *);
static void disk_parse_config_all(const char *, char *);
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
-static void find_and_add_allDisks(int minpercent);
+static void refresh_disk_table(int addNewDisks, int minpercent);
static void add_device(char *path, char *device,
- int minspace, int minpercent, int override);
+ int minspace, int minpercent, int addNewDisks,
+ int override);
static void modify_disk_parameters(int index, int minspace,
int minpercent);
static int disk_exists(char *path);
@@ -167,6 +168,7 @@ struct diskpart {
char path[STRMAX];
int minimumspace;
int minpercent;
+ int alive;
};
#define MAX_INT_32 0x7fffffff
@@ -174,6 +176,7 @@ struct diskpart {
unsigned int numdisks;
int allDisksIncluded = 0;
+int allDisksMinPercent = 0;
unsigned int maxdisks = 0;
struct diskpart *disks;
@@ -238,6 +241,7 @@ init_disk(void)
disk_free_config,
"minpercent%");
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -253,6 +257,7 @@ disk_free_config(void)
disks[i].minpercent = -1;
}
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
* check if the disk already exists, if so then modify its
* parameters. if it does not exist then add it
*/
- add_device(path, find_device(path), minspace, minpercent, 1);
+ add_device(path, find_device(path), minspace, minpercent, 1, 1);
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
}
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
static void
-add_device(char *path, char *device, int minspace, int minpercent, int override)
+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override)
{
int index;
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
}
index = disk_exists(path);
- if((index != -1) && (index < maxdisks) && (override==1)) {
- modify_disk_parameters(index, minspace, minpercent);
+ if((index != -1) && (index < maxdisks)) {
+ /* the path is already in the table */
+ disks[index].alive = 1;
+ /* -> update its device */
+ strlcpy(disks[index].device, device, sizeof(disks[index].device));
+ if (override == 1) {
+ modify_disk_parameters(index, minspace, minpercent);
+ }
}
- else if(index == -1){
+ else if(index == -1 && addNewDisks){
/* add if and only if the device was found */
if(device[0] != 0) {
/* The following buffers are cleared above, no need to add '\0' */
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
disks[numdisks].minimumspace = minspace;
disks[numdisks].minpercent = minpercent;
+ disks[numdisks].alive = 1;
numdisks++;
}
else {
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
disks[numdisks].minpercent = -1;
disks[numdisks].path[0] = 0;
disks[numdisks].device[0] = 0;
+ disks[numdisks].alive = 0;
}
}
}
@@ -444,7 +457,7 @@ int disk_exists(char *path)
}
static void
-find_and_add_allDisks(int minpercent)
+refresh_disk_table(int addNewDisks, int minpercent)
{
#if HAVE_GETMNTENT
#if HAVE_SYS_MNTTAB_H
@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while (mntfp && NULL != (mntent = getmntent(mntfp))) {
- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
if (mntfp)
@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while ((i = getmntent(mntfp, &mnttab)) == 0) {
- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
fclose(mntfp);
@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1,
- minpercent, 0);
+ minpercent, addNewDisks, 0);
}
}
#elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) {
- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
endfsent(); /* close /etc/fstab */
@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/"
*/
if (statfs("/", &statf) == 0) {
- add_device("/", statf.f_mntfromname, -1, minpercent, 0);
+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
}
#endif
else {
@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_e
#endif
#endif
+ if (disks[disknum].alive == 0){
+ return -1;
+ }
+
entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp,
static char *errmsg;
static char empty_str[1];
+ int i;
+ for (i = 0; i < numdisks; i++){
+ disks[i].alive = 0;
+ }
+ /* dynamically add new disks + update alive flag */
+ refresh_disk_table(allDisksIncluded, allDisksMinPercent);
+
tryAgain:
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numdisks))

64
net-snmp-5.9-intermediate-certs.patch
View File

@ -1,6 +1,7 @@
diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
--- a/include/net-snmp/library/cert_util.h 2021-05-26 09:17:40.338156603 +0200
+++ b/include/net-snmp/library/cert_util.h 2021-05-26 09:19:25.396109268 +0200
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
index 80e2a19..143adbb 100644
--- a/include/net-snmp/library/cert_util.h
+++ b/include/net-snmp/library/cert_util.h
@@ -55,7 +55,8 @@ extern "C" {
char *common_name;
@ -19,9 +20,10 @@ diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cer
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
--- a/include/net-snmp/library/dir_utils.h 2021-05-26 09:17:40.337156594 +0200
+++ b/include/net-snmp/library/dir_utils.h 2021-05-26 09:19:59.236416127 +0200
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
index 471bb0b..ac7f69a 100644
--- a/include/net-snmp/library/dir_utils.h
+++ b/include/net-snmp/library/dir_utils.h
@@ -53,7 +53,8 @@ extern "C" {
#define NETSNMP_DIR_NSFILE 0x0010
/** load stats in netsnmp_file */
@ -32,10 +34,11 @@ diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir
#ifdef __cplusplus
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-05-26 09:17:40.182155189 +0200
+++ b/snmplib/cert_util.c 2021-05-26 09:28:23.533539371 +0200
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
index 210ad8b..b1f8144 100644
--- a/snmplib/cert_util.c
+++ b/snmplib/cert_util.c
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
* bump this value whenever cert index format changes, so indexes
* will be regenerated with new format.
*/
@ -44,7 +47,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_container *_certs = NULL;
static netsnmp_container *_keys = NULL;
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_ce
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
netsnmp_cert_common *rhs);
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
@ -113,7 +116,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
int hashType, const char *fingerprint, const char *common_name,
const char *subject)
{
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const cha
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
cert->info.dir = strdup(dirname);
cert->info.filename = strdup(filename);
@ -361,7 +364,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
return NULL;
}
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
cert->issuer_cert = _find_issuer(cert);
if (NULL == cert->issuer_cert) {
DEBUGMSGT(("cert:load:warn",
@ -370,7 +373,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
/** get issuer ocert */
if ((NULL == cert->issuer_cert->ocert) &&
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
@ -379,7 +382,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
}
@ -388,7 +391,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (key->cert) {
DEBUGMSGT(("cert:partner", "key already has partner\n"));
return;
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
*pos = 0;
@ -398,7 +401,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return;
if (1 == matching->size) {
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
key->info.filename));
}
@ -407,7 +410,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (cert->key) {
DEBUGMSGT(("cert:partner", "cert already has partner\n"));
return;
@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnm
@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
}
}
@ -643,7 +646,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
}
return 0;
@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, st
@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
struct stat idx_stat;
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
@ -653,7 +656,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
int count = 0, type, hash, version;
netsnmp_cert *cert;
netsnmp_key *key;
@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, st
@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
netsnmp_directory_container_read_some(NULL, dirname,
_time_filter, &idx_stat,
NETSNMP_DIR_NSFILE |
@ -663,7 +666,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (newer) {
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
CONTAINER_FREE_ALL(newer, NULL);
@@ -1425,6 +1550,7 @@ _cert_read_index(const char *dirname, st
@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
pos = &tmpstr[2];
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
@ -671,7 +674,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
(NULL == (pos=copy_nword(pos, fingerprint,
sizeof(fingerprint)))) ||
@@ -1437,8 +1563,9 @@ _cert_read_index(const char *dirname, st
@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
break;
}
type = atoi(type_str);
@ -682,7 +685,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
common_name, subject);
if (cert && 0 == CONTAINER_INSERT(found, cert))
++count;
@@ -1543,7 +1670,8 @@ _add_certdir(const char *dirname)
@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname)
netsnmp_directory_container_read_some(NULL, dirname,
_cert_cert_filter, NULL,
NETSNMP_DIR_RELATIVE_PATH |
@ -692,7 +695,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (NULL == cert_container) {
DEBUGMSGT(("cert:index:dir",
"error creating container for cert files\n"));
@@ -1631,7 +1759,7 @@ _cert_print(netsnmp_cert *c, void *conte
@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context)
if (NULL == c)
return;
@ -701,7 +704,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
c->info.type, c->info.allowed_uses,
_mode_str(c->info.allowed_uses)));
@@ -1835,7 +1963,8 @@ netsnmp_cert_find(int what, int where, v
@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint)
netsnmp_void_array *matching;
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
@ -711,7 +714,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
if (!matching)
return NULL;
if (1 == matching->size)
@@ -2278,6 +2407,124 @@ _reduce_subset_dir(netsnmp_void_array *m
@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
}
}
@ -836,10 +839,11 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
static netsnmp_void_array *
_cert_find_subset_common(const char *filename, netsnmp_container *container)
{
diff -urNp a/snmplib/dir_utils.c b/snmplib/dir_utils.c
--- a/snmplib/dir_utils.c 2021-05-26 09:17:40.203155379 +0200
+++ b/snmplib/dir_utils.c 2021-05-26 09:27:39.721867913 +0200
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(ne
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
index c2dd989..e7145e4 100644
--- a/snmplib/dir_utils.c
+++ b/snmplib/dir_utils.c
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
/** default to unsorted */
if (! (flags & NETSNMP_DIR_SORTED))
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);

13
net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch
View File

@ -1,13 +0,0 @@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index d4529d3..175242b 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS)
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
$(RANLIB) $@
snmpinforminstall:

8
net-snmp-5.9-pie.patch
View File

@ -1,8 +1,8 @@
diff --git a/agent/Makefile.in b/agent/Makefile.in
index b5d692d..1a30209 100644
index 047d880..38d40aa 100644
--- a/agent/Makefile.in
+++ b/agent/Makefile.in
@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
@ -10,9 +10,9 @@ index b5d692d..1a30209 100644
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index 43f3b9c..d4529d3 100644
index 3dbb1d1..48ed23a 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)

12
net-snmp-5.9-usage-exit.patch
View File

@ -1,12 +0,0 @@
diff --git a/agent/snmpd.c b/agent/snmpd.c
index ae73eda..f01b890 100644
--- a/agent/snmpd.c
+++ b/agent/snmpd.c
@@ -289,6 +289,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

60
net-snmp-5.9.1-python-usenumeric.patch
View File

@ -1,60 +0,0 @@
From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 9 Jun 2021 14:19:46 -0700
Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1
Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()")
Fixes: https://github.com/net-snmp/net-snmp/issues/303
---
python/netsnmp/client_intf.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c
index e5e7372303..94da39fe34 100644
--- a/python/netsnmp/client_intf.c
+++ b/python/netsnmp/client_intf.c
@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args)
static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int varlist_ind, int sprintval_flag, int *len,
- char **str_buf)
+ char **str_buf, int getlabel_flag)
{
struct tree *tp;
int type;
@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
int buf_over = 0;
const char *tag;
const char *iid;
- int getlabel_flag = NO_FLAGS;
if (!PyObject_HasAttrString(varbind, "tag"))
return TYPE_OTHER;
@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type,
varbind = PySequence_GetItem(varlist, varlist_ind);
type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag,
- &len, &str_buf);
+ &len, &str_buf, getlabel_flag);
if (type != TYPE_OTHER) {
/* save in return tuple as well */
if ((type == SNMP_ENDOFMIBVIEW) ||
@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varlist_ind,
- sprintval_flag, &len, &str_buf) !=
+ sprintval_flag, &len, &str_buf, getlabel_flag) !=
TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args)
varbind = py_netsnmp_construct_varbind();
if (varbind && build_python_varbind(varbind, vars, varbind_ind,
- sprintval_flag, &len, &str_buf) != TYPE_OTHER) {
+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) {
const int hex = is_hex(str_buf, len);
/* push varbind onto varbinds */

84
net-snmp-5.9.1-remove-err-log.patch
View File

@ -1,84 +0,0 @@
diff -urNp a/include/net-snmp/library/snmp_openssl.h b/include/net-snmp/library/snmp_openssl.h
--- a/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:55:39.829901038 +0200
+++ b/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:56:18.656412998 +0200
@@ -44,7 +44,6 @@ extern "C" {
/*
* misc
*/
- void netsnmp_openssl_err_log(const char *prefix);
void netsnmp_openssl_null_checks(SSL *ssl, int *nullAuth, int *nullCipher);
/*
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-09-15 07:55:39.785900458 +0200
+++ b/snmplib/snmp_openssl.c 2021-09-15 07:57:30.914417600 +0200
@@ -937,20 +937,6 @@ netsnmp_openssl_cert_issued_by(X509 *iss
return (X509_check_issued(issuer, cert) == X509_V_OK);
}
-
-#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
-void
-netsnmp_openssl_err_log(const char *prefix)
-{
- unsigned long err;
- for (err = ERR_get_error(); err; err = ERR_get_error()) {
- snmp_log(LOG_ERR,"%s: %ld\n", prefix ? prefix: "openssl error", err);
- snmp_log(LOG_ERR, "library=%d, function=%d, reason=%d\n",
- ERR_GET_LIB(err), ERR_GET_FUNC(err), ERR_GET_REASON(err));
- }
-}
-#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG */
-
void
netsnmp_openssl_null_checks(SSL *ssl, int *null_auth, int *null_cipher)
{
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-09-15 07:55:39.784900445 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-10-04 15:35:48.157385970 +0200
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
int openssl_local_index;
-#ifndef HAVE_ERR_GET_ERROR_ALL
-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
-static unsigned long ERR_get_error_all(const char **file, int *line,
- const char **func,
- const char **data, int *flags)
-{
- *func = NULL;
- return ERR_get_error_line_data(file, line, data, flags);
-}
-#endif
-
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con
ERR_reason_error_string(ERR_get_error()));
}
-
- /* other errors */
- while ((numerical_reason =
- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
- ERR_error_string(numerical_reason, NULL), file, func, line);
-
- /* if we have a text translation: */
- if (data && (flags & ERR_TXT_STRING)) {
- snmp_log(LOG_ERR, " Textual Error: %s\n", data);
- /*
- * per openssl man page: If it has been allocated by
- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
- *
- * arggh... stupid openssl prototype for ERR_get_error_line_data
- * wants a const char **, but returns something that we might
- * need to free??
- */
- if (flags & ERR_TXT_MALLOCED)
- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); }
- }
snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
}

79
net-snmp.spec
View File

@ -9,8 +9,8 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.9.1
Release: 17%{?dist}
Version: 5.9.3
Release: 1%{?dist}
Epoch: 1
License: BSD
@ -34,33 +34,27 @@ Patch4: net-snmp-5.9-test-debug.patch
Patch5: net-snmp-5.7.2-cert-path.patch
Patch6: net-snmp-5.9-cflags.patch
Patch7: net-snmp-5.8-Remove-U64-typedef.patch
Patch8: net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch
Patch9: net-snmp-5.7.3-iterator-fix.patch
Patch10: net-snmp-5.9-autofs-skip.patch
Patch11: net-snmp-5.9-usage-exit.patch
Patch12: net-snmp-5.9-coverity.patch
Patch13: net-snmp-5.9-dskTable-dynamic.patch
Patch14: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch15: net-snmp-5.8-duplicate-ipAddress.patch
Patch16: net-snmp-5.9-memory-reporting.patch
Patch17: net-snmp-5.8-man-page.patch
Patch18: net-snmp-5.8-ipAddress-faster-load.patch
Patch19: net-snmp-5.8-rpm-memory-leak.patch
Patch20: net-snmp-5.9-aes-config.patch
Patch21: net-snmp-5.8-clientaddr-error-message.patch
Patch22: net-snmp-5.9-ECC-cert.patch
Patch23: net-snmp-5.9-intermediate-certs.patch
Patch24: net-snmp-5.9.1-remove-des.patch
Patch25: net-snmp-5.9.1-autoconf.patch
Patch26: net-snmp-5.9.1-remove-err-log.patch
Patch27: net-snmp-libs-misunderstanding.patch
Patch8: net-snmp-5.7.3-iterator-fix.patch
Patch9: net-snmp-5.9-autofs-skip.patch
Patch10: net-snmp-5.9-coverity.patch
Patch11: net-snmp-5.8-expand-SNMPCONFPATH.patch
Patch12: net-snmp-5.8-duplicate-ipAddress.patch
Patch13: net-snmp-5.9-memory-reporting.patch
Patch14: net-snmp-5.8-man-page.patch
Patch15: net-snmp-5.8-ipAddress-faster-load.patch
Patch16: net-snmp-5.8-rpm-memory-leak.patch
Patch17: net-snmp-5.9-aes-config.patch
Patch18: net-snmp-5.8-clientaddr-error-message.patch
Patch19: net-snmp-5.9-intermediate-certs.patch
Patch20: net-snmp-5.9.1-remove-des.patch
Patch21: net-snmp-5.9.1-autoconf.patch
Patch22: net-snmp-libs-misunderstanding.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
#disable this patch due compatibility issues
Patch102: net-snmp-5.9-python3.patch
Patch103: net-snmp-5.9.1-python-usenumeric.patch
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -214,30 +208,24 @@ cp %{SOURCE10} .
%patch5 -p1 -b .cert-path
%patch6 -p1 -b .cflags
%patch7 -p1 -b .u64-remove
%patch8 -p1 -b .perlfix
%patch9 -p1 -b .iterator-fix
%patch10 -p1 -b .autofs-skip
%patch11 -p1 -b .usage-fix
%patch12 -p1 -b .coverity
%patch13 -p1 -b .dskTable-dynamic
%patch14 -p1 -b .expand-SNMPCONFPATH
%patch15 -p1 -b .duplicate-ipAddress
%patch16 -p1 -b .memory-reporting
%patch17 -p1 -b .man-page
%patch18 -p1 -b .ipAddress-faster-load
%patch19 -p1 -b .rpm-memory-leak
%patch20 -p1 -b .aes-config
%patch21 -p1 -b .clientaddr-error-message
%patch22 -p1 -b .ECC-cert
%patch23 -p1 -b .intermediate-certs
%patch24 -p1 -b .remove-des
%patch25 -p1 -b .autoconf
%patch26 -p1 -b .remove-err-log
%patch27 -p1
%patch8 -p1 -b .iterator-fix
%patch9 -p1 -b .autofs-skip
%patch10 -p1 -b .coverity
%patch11 -p1 -b .expand-SNMPCONFPATH
%patch12 -p1 -b .duplicate-ipAddress
%patch13 -p1 -b .memory-reporting
%patch14 -p1 -b .man-page
%patch15 -p1 -b .ipAddress-faster-load
%patch16 -p1 -b .rpm-memory-leak
%patch17 -p1 -b .aes-config
%patch18 -p1 -b .clientaddr-error-message
%patch19 -p1 -b .intermediate-certs
%patch20 -p1 -b .remove-des
%patch21 -p1 -b .autoconf
%patch22 -p1
%patch101 -p1 -b .modern-rpm-api
%patch102 -p1
%patch103 -p1
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
rm testing/fulltests/default/T200*
@ -503,6 +491,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
* Thu Aug 04 2022 Josef Ridky <jridky@redhat.com> - 1:5.9.3-1
- New upstream release 5.9.3 (#2072230)
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9.1-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (net-snmp-5.9.1.tar.gz) = 7d73b2085863b1c063d7eaee488d806cc07da79c070f702068846e43d8e5c67673b86357600f2c1f774c30c24b0561cb566c64ea4588b073bf6906a9c6949ab7
SHA512 (net-snmp-5.9.3.tar.gz) = a476df4967029a2eb03d27b0e250170785d0a8c143d49b900ee958c3cbdfaccd415b70af40f6fbed9cb8819d522c35a6073a431091d908ccc7c018fa0aaa2abc