diff --git a/.gitignore b/.gitignore index 99fc27e..2467898 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ net-snmp-5.5.tar.gz /net-snmp-5.8.tar.gz /net-snmp-5.9.tar.gz /net-snmp-5.9.1.tar.gz +/net-snmp-5.9.3.tar.gz diff --git a/net-snmp-5.8-rpm-memory-leak.patch b/net-snmp-5.8-rpm-memory-leak.patch index 33b8d29..d337008 100644 --- a/net-snmp-5.8-rpm-memory-leak.patch +++ b/net-snmp-5.8-rpm-memory-leak.patch @@ -1,6 +1,7 @@ -diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c ---- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200 -+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200 +diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c +index 695c469..dd0e487 100644 +--- a/agent/mibgroup/host/data_access/swinst_rpm.c ++++ b/agent/mibgroup/host/data_access/swinst_rpm.c @@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void) snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath ); SNMP_FREE(rpmdbpath); @@ -9,11 +10,12 @@ diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/ + rpmFreeRpmrc(); +#endif if (-1 == stat( pkg_directory, &stat_buf )) { - snmp_log(LOG_ERR, "Can't find directory of RPM packages"); + snmp_log(LOG_ERR, "Can't find directory of RPM packages\n"); pkg_directory[0] = '\0'; -diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c ---- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200 -+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200 +diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c +index 1f52733..ccf1cab 100644 +--- a/agent/mibgroup/host/hr_swinst.c ++++ b/agent/mibgroup/host/hr_swinst.c @@ -231,6 +231,9 @@ init_hr_swinst(void) snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath); path[ sizeof(path)-1 ] = 0; diff --git a/net-snmp-5.9-ECC-cert.patch b/net-snmp-5.9-ECC-cert.patch deleted file mode 100644 index 5d43d4d..0000000 --- a/net-snmp-5.9-ECC-cert.patch +++ /dev/null @@ -1,98 +0,0 @@ -From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001 -From: minfrin -Date: Tue, 5 Jan 2021 23:17:14 +0000 -Subject: [PATCH] Add support for digests detected from ECC certificates - -Previously, the digest could be detected on RSA certificates only. This -patch adds detection for ECC certificates. - -[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2 - back to _htmap ] ---- - snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++------- - 1 file changed, 50 insertions(+), 10 deletions(-) - -diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c -index c092a007a..432cb5c27 100644 ---- a/snmplib/snmp_openssl.c -+++ b/snmplib/snmp_openssl.c -@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert) - } - } - --static int _htmap[NS_HASH_MAX + 1] = { -- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption, -- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption, -- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption }; -+static const struct { -+ uint16_t nid; -+ uint16_t ht; -+} _htmap[] = { -+ { 0, NS_HASH_NONE }, -+#ifdef NID_md5WithRSAEncryption -+ { NID_md5WithRSAEncryption, NS_HASH_MD5 }, -+#endif -+#ifdef NID_sha1WithRSAEncryption -+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 }, -+#endif -+#ifdef NID_ecdsa_with_SHA1 -+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 }, -+#endif -+#ifdef NID_sha224WithRSAEncryption -+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 }, -+#endif -+#ifdef NID_ecdsa_with_SHA224 -+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 }, -+#endif -+#ifdef NID_sha256WithRSAEncryption -+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 }, -+#endif -+#ifdef NID_ecdsa_with_SHA256 -+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 }, -+#endif -+#ifdef NID_sha384WithRSAEncryption -+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 }, -+#endif -+#ifdef NID_ecdsa_with_SHA384 -+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 }, -+#endif -+#ifdef NID_sha512WithRSAEncryption -+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 }, -+#endif -+#ifdef NID_ecdsa_with_SHA512 -+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 }, -+#endif -+}; - - int - _nid2ht(int nid) - { - int i; -- for (i=1; i<= NS_HASH_MAX; ++i) { -- if (nid == _htmap[i]) -- return i; -+ -+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) { -+ if (_htmap[i].nid == nid) -+ return _htmap[i].ht; - } - return 0; - } -@@ -541,9 +577,13 @@ _nid2ht(int nid) - int - _ht2nid(int ht) - { -- if ((ht < 0) || (ht > NS_HASH_MAX)) -- return 0; -- return _htmap[ht]; -+ int i; -+ -+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) { -+ if (_htmap[i].ht == ht) -+ return _htmap[i].nid; -+ } -+ return 0; - } - #endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */ - - diff --git a/net-snmp-5.9-autofs-skip.patch b/net-snmp-5.9-autofs-skip.patch index 0d054b2..bd5c560 100644 --- a/net-snmp-5.9-autofs-skip.patch +++ b/net-snmp-5.9-autofs-skip.patch @@ -1,5 +1,5 @@ diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c -index 4f78df3..fd25b3f 100644 +index e7ca92f..80b3e0d 100644 --- a/agent/mibgroup/host/hr_filesys.c +++ b/agent/mibgroup/host/hr_filesys.c @@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = { @@ -10,37 +10,3 @@ index 4f78df3..fd25b3f 100644 "usbdevfs", "usbfs", #endif -diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c -index 6b459ec..f7a376b 100644 ---- a/agent/mibgroup/host/hr_storage.c -+++ b/agent/mibgroup/host/hr_storage.c -@@ -540,9 +540,10 @@ really_try_next: - - store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ]; - if (store_idx > NETSNMP_MEM_TYPE_MAX ) { -- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, -+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, - NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && -- Check_HR_FileSys_NFS()) -+ Check_HR_FileSys_NFS()) || -+ Check_HR_FileSys_AutoFs()) - return NULL; /* or goto try_next; */ - if (Check_HR_FileSys_AutoFs()) - return NULL; -diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c -index 8967d35..9bf2659 100644 ---- a/agent/mibgroup/host/hrh_storage.c -+++ b/agent/mibgroup/host/hrh_storage.c -@@ -366,9 +366,10 @@ really_try_next: - store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ]; - if (HRFS_entry && - store_idx > NETSNMP_MEM_TYPE_MAX && -- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, -+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, - NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && -- Check_HR_FileSys_NFS()) -+ Check_HR_FileSys_NFS()) || -+ Check_HR_FileSys_AutoFs())) - return NULL; - if (HRFS_entry && Check_HR_FileSys_AutoFs()) - return NULL; diff --git a/net-snmp-5.9-dir-fix.patch b/net-snmp-5.9-dir-fix.patch index 00d531f..f7311ca 100644 --- a/net-snmp-5.9-dir-fix.patch +++ b/net-snmp-5.9-dir-fix.patch @@ -1,8 +1,8 @@ diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in -index 452c269..afd6fa4 100644 +index 19895a1..ac3c60f 100644 --- a/net-snmp-create-v3-user.in +++ b/net-snmp-create-v3-user.in -@@ -16,6 +16,10 @@ Xalgorithm="DES" +@@ -14,6 +14,10 @@ Xalgorithm="DES" token=rwuser while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do @@ -13,11 +13,17 @@ index 452c269..afd6fa4 100644 unset shifted case $1 in -@@ -136,7 +140,7 @@ fi +@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then + touch "$outfile" + fi echo "$line" >> "$outfile" - # Avoid that configure complains that this script ignores @datarootdir@ - echo "@datarootdir@" >/dev/null +-prefix=@prefix@ +-datarootdir=@datarootdir@ +-# To suppress shellcheck complaints about $prefix and $datarootdir. +-: "$prefix" "$datarootdir" -outfile="@datadir@/snmp/snmpd.conf" ++# Avoid that configure complains that this script ignores @datarootdir@ ++echo "@datarootdir@" >/dev/null +outfile="/etc/snmp/snmpd.conf" line="$token $user" echo "adding the following line to $outfile:" diff --git a/net-snmp-5.9-dskTable-dynamic.patch b/net-snmp-5.9-dskTable-dynamic.patch deleted file mode 100644 index 035bf55..0000000 --- a/net-snmp-5.9-dskTable-dynamic.patch +++ /dev/null @@ -1,179 +0,0 @@ -diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c ---- a/agent/mibgroup/ucd-snmp/disk.c 2021-05-26 08:56:39.678900275 +0200 -+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-05-26 09:09:32.308731157 +0200 -@@ -153,9 +153,10 @@ static void disk_free_config(void) - static void disk_parse_config(const char *, char *); - static void disk_parse_config_all(const char *, char *); - #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS --static void find_and_add_allDisks(int minpercent); -+static void refresh_disk_table(int addNewDisks, int minpercent); - static void add_device(char *path, char *device, -- int minspace, int minpercent, int override); -+ int minspace, int minpercent, int addNewDisks, -+ int override); - static void modify_disk_parameters(int index, int minspace, - int minpercent); - static int disk_exists(char *path); -@@ -167,6 +168,7 @@ struct diskpart { - char path[STRMAX]; - int minimumspace; - int minpercent; -+ int alive; - }; - - #define MAX_INT_32 0x7fffffff -@@ -174,6 +176,7 @@ struct diskpart { - - unsigned int numdisks; - int allDisksIncluded = 0; -+int allDisksMinPercent = 0; - unsigned int maxdisks = 0; - struct diskpart *disks; - -@@ -238,6 +241,7 @@ init_disk(void) - disk_free_config, - "minpercent%"); - allDisksIncluded = 0; -+ allDisksMinPercent = 0; - } - - static void -@@ -253,6 +257,7 @@ disk_free_config(void) - disks[i].minpercent = -1; - } - allDisksIncluded = 0; -+ allDisksMinPercent = 0; - } - - static void -@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha - * check if the disk already exists, if so then modify its - * parameters. if it does not exist then add it - */ -- add_device(path, find_device(path), minspace, minpercent, 1); -+ add_device(path, find_device(path), minspace, minpercent, 1, 1); - #endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */ - } - -@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token, - - #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS - static void --add_device(char *path, char *device, int minspace, int minpercent, int override) -+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override) - { - int index; - -@@ -402,10 +407,16 @@ add_device(char *path, char *device, int - } - - index = disk_exists(path); -- if((index != -1) && (index < maxdisks) && (override==1)) { -- modify_disk_parameters(index, minspace, minpercent); -+ if((index != -1) && (index < maxdisks)) { -+ /* the path is already in the table */ -+ disks[index].alive = 1; -+ /* -> update its device */ -+ strlcpy(disks[index].device, device, sizeof(disks[index].device)); -+ if (override == 1) { -+ modify_disk_parameters(index, minspace, minpercent); -+ } - } -- else if(index == -1){ -+ else if(index == -1 && addNewDisks){ - /* add if and only if the device was found */ - if(device[0] != 0) { - /* The following buffers are cleared above, no need to add '\0' */ -@@ -413,6 +424,7 @@ add_device(char *path, char *device, int - strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device)); - disks[numdisks].minimumspace = minspace; - disks[numdisks].minpercent = minpercent; -+ disks[numdisks].alive = 1; - numdisks++; - } - else { -@@ -420,6 +432,7 @@ add_device(char *path, char *device, int - disks[numdisks].minpercent = -1; - disks[numdisks].path[0] = 0; - disks[numdisks].device[0] = 0; -+ disks[numdisks].alive = 0; - } - } - } -@@ -444,7 +457,7 @@ int disk_exists(char *path) - } - - static void --find_and_add_allDisks(int minpercent) -+refresh_disk_table(int addNewDisks, int minpercent) - { - #if HAVE_GETMNTENT - #if HAVE_SYS_MNTTAB_H -@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent) - return; - } - while (mntfp && NULL != (mntent = getmntent(mntfp))) { -- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0); -+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0); - dummy = 1; - } - if (mntfp) -@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent) - return; - } - while ((i = getmntent(mntfp, &mnttab)) == 0) { -- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0); -+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0); - dummy = 1; - } - fclose(mntfp); -@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent) - mntsize = getmntinfo(&mntbuf, MNT_NOWAIT); - for (i = 0; i < mntsize; i++) { - add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, -- minpercent, 0); -+ minpercent, addNewDisks, 0); - } - } - #elif HAVE_FSTAB_H - setfsent(); /* open /etc/fstab */ - while((fstab1 = getfsent()) != NULL) { -- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0); -+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0); - dummy = 1; - } - endfsent(); /* close /etc/fstab */ -@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent) - * statfs we default to the root partition "/" - */ - if (statfs("/", &statf) == 0) { -- add_device("/", statf.f_mntfromname, -1, minpercent, 0); -+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0); - } - #endif - else { -@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_e - #endif - #endif - -+ if (disks[disknum].alive == 0){ -+ return -1; -+ } -+ - entry->dskPercentInode = -1; - - #if defined(HAVE_STATVFS) || defined(HAVE_STATFS) -@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp, - static char *errmsg; - static char empty_str[1]; - -+ int i; -+ for (i = 0; i < numdisks; i++){ -+ disks[i].alive = 0; -+ } -+ /* dynamically add new disks + update alive flag */ -+ refresh_disk_table(allDisksIncluded, allDisksMinPercent); -+ - tryAgain: - if (header_simple_table - (vp, name, length, exact, var_len, write_method, numdisks)) diff --git a/net-snmp-5.9-intermediate-certs.patch b/net-snmp-5.9-intermediate-certs.patch index 89815ef..6b5daf7 100644 --- a/net-snmp-5.9-intermediate-certs.patch +++ b/net-snmp-5.9-intermediate-certs.patch @@ -1,6 +1,7 @@ -diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h ---- a/include/net-snmp/library/cert_util.h 2021-05-26 09:17:40.338156603 +0200 -+++ b/include/net-snmp/library/cert_util.h 2021-05-26 09:19:25.396109268 +0200 +diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h +index 80e2a19..143adbb 100644 +--- a/include/net-snmp/library/cert_util.h ++++ b/include/net-snmp/library/cert_util.h @@ -55,7 +55,8 @@ extern "C" { char *common_name; @@ -19,9 +20,10 @@ diff -urNp a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cer int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var); -diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h ---- a/include/net-snmp/library/dir_utils.h 2021-05-26 09:17:40.337156594 +0200 -+++ b/include/net-snmp/library/dir_utils.h 2021-05-26 09:19:59.236416127 +0200 +diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h +index 471bb0b..ac7f69a 100644 +--- a/include/net-snmp/library/dir_utils.h ++++ b/include/net-snmp/library/dir_utils.h @@ -53,7 +53,8 @@ extern "C" { #define NETSNMP_DIR_NSFILE 0x0010 /** load stats in netsnmp_file */ @@ -32,10 +34,11 @@ diff -urNp a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir #ifdef __cplusplus -diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c ---- a/snmplib/cert_util.c 2021-05-26 09:17:40.182155189 +0200 -+++ b/snmplib/cert_util.c 2021-05-26 09:28:23.533539371 +0200 -@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint +diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c +index 210ad8b..b1f8144 100644 +--- a/snmplib/cert_util.c ++++ b/snmplib/cert_util.c +@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all); * bump this value whenever cert index format changes, so indexes * will be regenerated with new format. */ @@ -44,7 +47,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c static netsnmp_container *_certs = NULL; static netsnmp_container *_keys = NULL; -@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_ce +@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs, netsnmp_cert_common *rhs); static void _find_partner(netsnmp_cert *cert, netsnmp_key *key); static netsnmp_cert *_find_issuer(netsnmp_cert *cert); @@ -113,7 +116,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c int hashType, const char *fingerprint, const char *common_name, const char *subject) { -@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const cha +@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType, cert->info.dir = strdup(dirname); cert->info.filename = strdup(filename); @@ -361,7 +364,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c return NULL; } -@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer +@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) cert->issuer_cert = _find_issuer(cert); if (NULL == cert->issuer_cert) { DEBUGMSGT(("cert:load:warn", @@ -370,7 +373,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c cert->info.filename)); rc = CERT_LOAD_PARTIAL; break; -@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cer +@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) /** get issuer ocert */ if ((NULL == cert->issuer_cert->ocert) && (netsnmp_ocert_get(cert->issuer_cert) == NULL)) { @@ -379,7 +382,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c cert->info.filename)); rc = CERT_LOAD_PARTIAL; break; -@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnm +@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) return; } @@ -388,7 +391,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (key->cert) { DEBUGMSGT(("cert:partner", "key already has partner\n")); return; -@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnm +@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) return; *pos = 0; @@ -398,7 +401,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (!matching) return; if (1 == matching->size) { -@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnm +@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) DEBUGMSGT(("cert:partner", "%s matches multiple certs\n", key->info.filename)); } @@ -407,7 +410,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (cert->key) { DEBUGMSGT(("cert:partner", "cert already has partner\n")); return; -@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnm +@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) } } @@ -643,7 +646,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c } return 0; -@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, st +@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) struct stat idx_stat; char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX]; char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15]; @@ -653,7 +656,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c int count = 0, type, hash, version; netsnmp_cert *cert; netsnmp_key *key; -@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, st +@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) netsnmp_directory_container_read_some(NULL, dirname, _time_filter, &idx_stat, NETSNMP_DIR_NSFILE | @@ -663,7 +666,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (newer) { DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n")); CONTAINER_FREE_ALL(newer, NULL); -@@ -1425,6 +1550,7 @@ _cert_read_index(const char *dirname, st +@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat) pos = &tmpstr[2]; if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) || (NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) || @@ -671,7 +674,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c (NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) || (NULL == (pos=copy_nword(pos, fingerprint, sizeof(fingerprint)))) || -@@ -1437,8 +1563,9 @@ _cert_read_index(const char *dirname, st +@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat) break; } type = atoi(type_str); @@ -682,7 +685,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c common_name, subject); if (cert && 0 == CONTAINER_INSERT(found, cert)) ++count; -@@ -1543,7 +1670,8 @@ _add_certdir(const char *dirname) +@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname) netsnmp_directory_container_read_some(NULL, dirname, _cert_cert_filter, NULL, NETSNMP_DIR_RELATIVE_PATH | @@ -692,7 +695,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (NULL == cert_container) { DEBUGMSGT(("cert:index:dir", "error creating container for cert files\n")); -@@ -1631,7 +1759,7 @@ _cert_print(netsnmp_cert *c, void *conte +@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context) if (NULL == c) return; @@ -701,7 +704,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n", c->info.type, c->info.allowed_uses, _mode_str(c->info.allowed_uses))); -@@ -1835,7 +1963,8 @@ netsnmp_cert_find(int what, int where, v +@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint) netsnmp_void_array *matching; DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint)); @@ -711,7 +714,7 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c if (!matching) return NULL; if (1 == matching->size) -@@ -2278,6 +2407,124 @@ _reduce_subset_dir(netsnmp_void_array *m +@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory) } } @@ -836,10 +839,11 @@ diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c static netsnmp_void_array * _cert_find_subset_common(const char *filename, netsnmp_container *container) { -diff -urNp a/snmplib/dir_utils.c b/snmplib/dir_utils.c ---- a/snmplib/dir_utils.c 2021-05-26 09:17:40.203155379 +0200 -+++ b/snmplib/dir_utils.c 2021-05-26 09:27:39.721867913 +0200 -@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(ne +diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c +index c2dd989..e7145e4 100644 +--- a/snmplib/dir_utils.c ++++ b/snmplib/dir_utils.c +@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container, /** default to unsorted */ if (! (flags & NETSNMP_DIR_SORTED)) CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc); diff --git a/net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch b/net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch deleted file mode 100644 index 8f1f2ed..0000000 --- a/net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/apps/Makefile.in b/apps/Makefile.in -index d4529d3..175242b 100644 ---- a/apps/Makefile.in -+++ b/apps/Makefile.in -@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS) - $(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap - - libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS) -- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS) -+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS) - $(RANLIB) $@ - - snmpinforminstall: diff --git a/net-snmp-5.9-pie.patch b/net-snmp-5.9-pie.patch index cb2793d..a792904 100644 --- a/net-snmp-5.9-pie.patch +++ b/net-snmp-5.9-pie.patch @@ -1,8 +1,8 @@ diff --git a/agent/Makefile.in b/agent/Makefile.in -index b5d692d..1a30209 100644 +index 047d880..38d40aa 100644 --- a/agent/Makefile.in +++ b/agent/Makefile.in -@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c +@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) @@ -10,9 +10,9 @@ index b5d692d..1a30209 100644 + $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS) - $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ + $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ diff --git a/apps/Makefile.in b/apps/Makefile.in -index 43f3b9c..d4529d3 100644 +index 3dbb1d1..48ed23a 100644 --- a/apps/Makefile.in +++ b/apps/Makefile.in @@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS) diff --git a/net-snmp-5.9-usage-exit.patch b/net-snmp-5.9-usage-exit.patch deleted file mode 100644 index c43c846..0000000 --- a/net-snmp-5.9-usage-exit.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/agent/snmpd.c b/agent/snmpd.c -index ae73eda..f01b890 100644 ---- a/agent/snmpd.c -+++ b/agent/snmpd.c -@@ -289,6 +289,7 @@ usage(char *prog) - " -S d|i|0-7\t\tuse -Ls instead\n" - "\n" - ); -+ exit(1); - } - - static void diff --git a/net-snmp-5.9.1-python-usenumeric.patch b/net-snmp-5.9.1-python-usenumeric.patch deleted file mode 100644 index 2f1d1ae..0000000 --- a/net-snmp-5.9.1-python-usenumeric.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001 -From: Bart Van Assche -Date: Wed, 9 Jun 2021 14:19:46 -0700 -Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1 - -Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()") -Fixes: https://github.com/net-snmp/net-snmp/issues/303 ---- - python/netsnmp/client_intf.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c -index e5e7372303..94da39fe34 100644 ---- a/python/netsnmp/client_intf.c -+++ b/python/netsnmp/client_intf.c -@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args) - - static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars, - int varlist_ind, int sprintval_flag, int *len, -- char **str_buf) -+ char **str_buf, int getlabel_flag) - { - struct tree *tp; - int type; -@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars, - int buf_over = 0; - const char *tag; - const char *iid; -- int getlabel_flag = NO_FLAGS; - - if (!PyObject_HasAttrString(varbind, "tag")) - return TYPE_OTHER; -@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type, - - varbind = PySequence_GetItem(varlist, varlist_ind); - type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag, -- &len, &str_buf); -+ &len, &str_buf, getlabel_flag); - if (type != TYPE_OTHER) { - /* save in return tuple as well */ - if ((type == SNMP_ENDOFMIBVIEW) || -@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args) - - varbind = py_netsnmp_construct_varbind(); - if (varbind && build_python_varbind(varbind, vars, varlist_ind, -- sprintval_flag, &len, &str_buf) != -+ sprintval_flag, &len, &str_buf, getlabel_flag) != - TYPE_OTHER) { - const int hex = is_hex(str_buf, len); - -@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args) - - varbind = py_netsnmp_construct_varbind(); - if (varbind && build_python_varbind(varbind, vars, varbind_ind, -- sprintval_flag, &len, &str_buf) != TYPE_OTHER) { -+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) { - const int hex = is_hex(str_buf, len); - - /* push varbind onto varbinds */ - diff --git a/net-snmp-5.9.1-remove-err-log.patch b/net-snmp-5.9.1-remove-err-log.patch deleted file mode 100644 index 42b17b2..0000000 --- a/net-snmp-5.9.1-remove-err-log.patch +++ /dev/null @@ -1,84 +0,0 @@ -diff -urNp a/include/net-snmp/library/snmp_openssl.h b/include/net-snmp/library/snmp_openssl.h ---- a/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:55:39.829901038 +0200 -+++ b/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:56:18.656412998 +0200 -@@ -44,7 +44,6 @@ extern "C" { - /* - * misc - */ -- void netsnmp_openssl_err_log(const char *prefix); - void netsnmp_openssl_null_checks(SSL *ssl, int *nullAuth, int *nullCipher); - - /* -diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c ---- a/snmplib/snmp_openssl.c 2021-09-15 07:55:39.785900458 +0200 -+++ b/snmplib/snmp_openssl.c 2021-09-15 07:57:30.914417600 +0200 -@@ -937,20 +937,6 @@ netsnmp_openssl_cert_issued_by(X509 *iss - return (X509_check_issued(issuer, cert) == X509_V_OK); - } - -- --#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG --void --netsnmp_openssl_err_log(const char *prefix) --{ -- unsigned long err; -- for (err = ERR_get_error(); err; err = ERR_get_error()) { -- snmp_log(LOG_ERR,"%s: %ld\n", prefix ? prefix: "openssl error", err); -- snmp_log(LOG_ERR, "library=%d, function=%d, reason=%d\n", -- ERR_GET_LIB(err), ERR_GET_FUNC(err), ERR_GET_REASON(err)); -- } --} --#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG */ -- - void - netsnmp_openssl_null_checks(SSL *ssl, int *null_auth, int *null_cipher) - { -diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c ---- a/snmplib/transports/snmpTLSBaseDomain.c 2021-09-15 07:55:39.784900445 +0200 -+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-10-04 15:35:48.157385970 +0200 -@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util); - - int openssl_local_index; - --#ifndef HAVE_ERR_GET_ERROR_ALL --/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */ --static unsigned long ERR_get_error_all(const char **file, int *line, -- const char **func, -- const char **data, int *flags) --{ -- *func = NULL; -- return ERR_get_error_line_data(file, line, data, flags); --} --#endif -- - /* this is called during negotiation */ - int verify_callback(int ok, X509_STORE_CTX *ctx) { - int err, depth; -@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con - ERR_reason_error_string(ERR_get_error())); - - } -- -- /* other errors */ -- while ((numerical_reason = -- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) { -- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n", -- ERR_error_string(numerical_reason, NULL), file, func, line); -- -- /* if we have a text translation: */ -- if (data && (flags & ERR_TXT_STRING)) { -- snmp_log(LOG_ERR, " Textual Error: %s\n", data); -- /* -- * per openssl man page: If it has been allocated by -- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true. -- * -- * arggh... stupid openssl prototype for ERR_get_error_line_data -- * wants a const char **, but returns something that we might -- * need to free?? -- */ -- if (flags & ERR_TXT_MALLOCED) -- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); } -- } - - snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n"); - } diff --git a/net-snmp.spec b/net-snmp.spec index b8aba36..5998a4b 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -9,8 +9,8 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp -Version: 5.9.1 -Release: 17%{?dist} +Version: 5.9.3 +Release: 1%{?dist} Epoch: 1 License: BSD @@ -34,33 +34,27 @@ Patch4: net-snmp-5.9-test-debug.patch Patch5: net-snmp-5.7.2-cert-path.patch Patch6: net-snmp-5.9-cflags.patch Patch7: net-snmp-5.8-Remove-U64-typedef.patch -Patch8: net-snmp-5.9-libnetsnmptrapd-against-MYSQL_LIBS.patch -Patch9: net-snmp-5.7.3-iterator-fix.patch -Patch10: net-snmp-5.9-autofs-skip.patch -Patch11: net-snmp-5.9-usage-exit.patch -Patch12: net-snmp-5.9-coverity.patch -Patch13: net-snmp-5.9-dskTable-dynamic.patch -Patch14: net-snmp-5.8-expand-SNMPCONFPATH.patch -Patch15: net-snmp-5.8-duplicate-ipAddress.patch -Patch16: net-snmp-5.9-memory-reporting.patch -Patch17: net-snmp-5.8-man-page.patch -Patch18: net-snmp-5.8-ipAddress-faster-load.patch -Patch19: net-snmp-5.8-rpm-memory-leak.patch -Patch20: net-snmp-5.9-aes-config.patch -Patch21: net-snmp-5.8-clientaddr-error-message.patch -Patch22: net-snmp-5.9-ECC-cert.patch -Patch23: net-snmp-5.9-intermediate-certs.patch -Patch24: net-snmp-5.9.1-remove-des.patch -Patch25: net-snmp-5.9.1-autoconf.patch -Patch26: net-snmp-5.9.1-remove-err-log.patch -Patch27: net-snmp-libs-misunderstanding.patch +Patch8: net-snmp-5.7.3-iterator-fix.patch +Patch9: net-snmp-5.9-autofs-skip.patch +Patch10: net-snmp-5.9-coverity.patch +Patch11: net-snmp-5.8-expand-SNMPCONFPATH.patch +Patch12: net-snmp-5.8-duplicate-ipAddress.patch +Patch13: net-snmp-5.9-memory-reporting.patch +Patch14: net-snmp-5.8-man-page.patch +Patch15: net-snmp-5.8-ipAddress-faster-load.patch +Patch16: net-snmp-5.8-rpm-memory-leak.patch +Patch17: net-snmp-5.9-aes-config.patch +Patch18: net-snmp-5.8-clientaddr-error-message.patch +Patch19: net-snmp-5.9-intermediate-certs.patch +Patch20: net-snmp-5.9.1-remove-des.patch +Patch21: net-snmp-5.9.1-autoconf.patch +Patch22: net-snmp-libs-misunderstanding.patch # Modern RPM API means at least EL6 Patch101: net-snmp-5.8-modern-rpm-api.patch #disable this patch due compatibility issues Patch102: net-snmp-5.9-python3.patch -Patch103: net-snmp-5.9.1-python-usenumeric.patch Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -214,30 +208,24 @@ cp %{SOURCE10} . %patch5 -p1 -b .cert-path %patch6 -p1 -b .cflags %patch7 -p1 -b .u64-remove -%patch8 -p1 -b .perlfix -%patch9 -p1 -b .iterator-fix -%patch10 -p1 -b .autofs-skip -%patch11 -p1 -b .usage-fix -%patch12 -p1 -b .coverity -%patch13 -p1 -b .dskTable-dynamic -%patch14 -p1 -b .expand-SNMPCONFPATH -%patch15 -p1 -b .duplicate-ipAddress -%patch16 -p1 -b .memory-reporting -%patch17 -p1 -b .man-page -%patch18 -p1 -b .ipAddress-faster-load -%patch19 -p1 -b .rpm-memory-leak -%patch20 -p1 -b .aes-config -%patch21 -p1 -b .clientaddr-error-message -%patch22 -p1 -b .ECC-cert -%patch23 -p1 -b .intermediate-certs -%patch24 -p1 -b .remove-des -%patch25 -p1 -b .autoconf -%patch26 -p1 -b .remove-err-log -%patch27 -p1 +%patch8 -p1 -b .iterator-fix +%patch9 -p1 -b .autofs-skip +%patch10 -p1 -b .coverity +%patch11 -p1 -b .expand-SNMPCONFPATH +%patch12 -p1 -b .duplicate-ipAddress +%patch13 -p1 -b .memory-reporting +%patch14 -p1 -b .man-page +%patch15 -p1 -b .ipAddress-faster-load +%patch16 -p1 -b .rpm-memory-leak +%patch17 -p1 -b .aes-config +%patch18 -p1 -b .clientaddr-error-message +%patch19 -p1 -b .intermediate-certs +%patch20 -p1 -b .remove-des +%patch21 -p1 -b .autoconf +%patch22 -p1 %patch101 -p1 -b .modern-rpm-api %patch102 -p1 -%patch103 -p1 # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697 rm testing/fulltests/default/T200* @@ -503,6 +491,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_libdir}/libnetsnmptrapd*.so.%{soname}* %changelog +* Thu Aug 04 2022 Josef Ridky - 1:5.9.3-1 +- New upstream release 5.9.3 (#2072230) + * Fri Jul 22 2022 Fedora Release Engineering - 1:5.9.1-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild diff --git a/sources b/sources index 30f421d..6889744 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (net-snmp-5.9.1.tar.gz) = 7d73b2085863b1c063d7eaee488d806cc07da79c070f702068846e43d8e5c67673b86357600f2c1f774c30c24b0561cb566c64ea4588b073bf6906a9c6949ab7 +SHA512 (net-snmp-5.9.3.tar.gz) = a476df4967029a2eb03d27b0e250170785d0a8c143d49b900ee958c3cbdfaccd415b70af40f6fbed9cb8819d522c35a6073a431091d908ccc7c018fa0aaa2abc