dist-git conversion

#2781)

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: net-snmp
-# $Id: Makefile,v 1.1 2004/09/09 09:07:47 cvsdist Exp $
-NAME := net-snmp
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attempt a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

net-snmp-5.4.1-getbulk-crash.patch

@@ -0,0 +1,64 @@
+CVE-2008-4309: net-snmp: numresponses calculation integer overflow in snmp_agent.c
+
+Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17272
+
+Index: clean/agent/snmp_agent.c
+===================================================================
+--- clean.orig/agent/snmp_agent.c	2008-10-28 23:12:10.000000000 +0100
++++ clean/agent/snmp_agent.c	2008-10-28 23:15:11.000000000 +0100
+@@ -2234,7 +2234,6 @@
+             r = 0;
+             asp->bulkcache = NULL;
+         } else {
+-            int numresponses;
+             int           maxbulk =
+                 netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
+                                    NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
+@@ -2245,28 +2244,31 @@
+             if (maxresponses == 0)
+                 maxresponses = 100;   /* more than reasonable default */
+ 
+-            if (maxbulk == 0)
+-                maxbulk = -1;
++            /* ensure that the total number of responses fits in a mallocable
++             * result vector
++             */
++            if (maxresponses < 0 ||
++                maxresponses > INT_MAX / sizeof(struct varbind_list *))
++                maxresponses = INT_MAX / sizeof(struct varbind_list *);
++
++            /* ensure that the maximum number of repetitions will fit in the
++             * result vector
++             */
++            if (maxbulk <= 0 || maxbulk > maxresponses / r)
++                maxbulk = maxresponses / r;
+ 
+             /* limit getbulk number of repeats to a configured size */
+-            if (asp->pdu->errindex > maxbulk && maxbulk != -1) {
++            if (asp->pdu->errindex > maxbulk) {
+                 asp->pdu->errindex = maxbulk;
+-            }
+-
+-            numresponses = asp->pdu->errindex * r;
+-
+-            /* limit getbulk number of getbulk responses to a configured size */
+-            if (maxresponses != -1 && numresponses > maxresponses) {
+-                /* attempt to truncate this */
+-                asp->pdu->errindex = maxresponses/r;
+-                numresponses = asp->pdu->errindex * r;
+-                DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex));
++                DEBUGMSGTL(("snmp_agent",
++                            "truncating number of getbulk repeats to %d\n",
++                            asp->pdu->errindex));
+             }
+ 
+             asp->bulkcache =
+-                (netsnmp_variable_list **) malloc(numresponses *
+-                                                  sizeof(struct
+-                                                         varbind_list *));
++                (netsnmp_variable_list **) malloc(
++                    asp->pdu->errindex * r * sizeof(struct varbind_list *));
++
+             if (!asp->bulkcache) {
+                 DEBUGMSGTL(("snmp_agent", "Bulkcache malloc failed\n"));
+                 return SNMP_ERR_GENERR;

net-snmp-5.4.1-hmac-check.patch

@@ -0,0 +1,18 @@
+447974: CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)
+
+Source: upstream, https://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
+Reviewed-by: Jan Safranek <jsafrane@redhat.com>
+
+diff -up net-snmp-5.0.9/snmplib/scapi.c.orig net-snmp-5.0.9/snmplib/scapi.c
+--- net-snmp-5.0.9/snmplib/scapi.c.orig	2008-06-04 10:19:26.000000000 +0200
++++ net-snmp-5.0.9/snmplib/scapi.c	2008-06-04 10:20:45.000000000 +0200
+@@ -460,6 +460,9 @@ sc_check_keyed_hash(const oid * authtype
+         QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
+     }
+ 
++    if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
++        QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
++    }
+ 
+     /*
+      * Generate a full hash of the message, then compare

net-snmp-5.4.1-long-iface-names.patch

@@ -0,0 +1,51 @@
+468045: Interface name too long: "ioctl 35123 returned -1"
+
+Source: upstream, svn rev. 16797
+
+Support longer interface names.
+
+diff --git a/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
+index 51cde1b..72c1d2d 100644
+--- a/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
++++ b/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
+@@ -189,7 +189,8 @@ _load_v6(netsnmp_container *container, int idx_offset)
+     return -1;
+ #else
+     FILE           *in;
+-    char            line[80], addr[40], if_name[IFNAMSIZ];
++    char            line[80], addr[40];
++    char            if_name[IFNAMSIZ+1];/* +1 for '\0' because of the ugly sscanf below */ 
+     u_char          *buf;
+     int             if_index, pfx_len, scope, flags, rc = 0;
+     size_t          in_len, out_len;
+@@ -229,7 +230,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
+          * F: flags (see include/linux/rtnetlink.h, net/ipv6/addrconf.c)
+          * I: interface
+          */
+-        rc = sscanf(line, "%39s %02x %02x %02x %02x %8s\n",
++        rc = sscanf(line, "%39s %02x %02x %02x %02x %" SNMP_MACRO_VAL_TO_STR(IFNAMSIZ) "s\n",
+                     addr, &if_index, &pfx_len, &scope, &flags, if_name);
+         if( 6 != rc ) {
+             snmp_log(LOG_ERR, PROCFILE " data format error (%d!=6), line ==|%s|\n",
+diff --git a/net-snmp/include/net-snmp/library/tools.h b/net-snmp/include/net-snmp/library/tools.h
+index 7822855..e57d1ac 100644
+--- a/net-snmp/include/net-snmp/library/tools.h
++++ b/net-snmp/include/net-snmp/library/tools.h
+@@ -88,6 +88,17 @@ extern          "C" {
+     Computers the minimum of a and b. */
+ #define SNMP_MIN(a,b) ((a) > (b) ? (b) : (a))
+ 
++/** @def SNMP_MACRO_VAL_TO_STR(s)
++ *  Expands to string with value of the s. 
++ *  If s is macro, the resulting string is value of the macro.
++ *  Example: 
++ *   #define TEST 1234
++ *   SNMP_MACRO_VAL_TO_STR(TEST) expands to "1234"
++ *   SNMP_MACRO_VAL_TO_STR(TEST+1) expands to "1234+1"
++ */
++#define SNMP_MACRO_VAL_TO_STR(s) SNMP_MACRO_VAL_TO_STR_PRIV(s)  
++#define SNMP_MACRO_VAL_TO_STR_PRIV(s) #s
++	
+ #ifndef FALSE
+ #define FALSE 0
+ #endif

net-snmp-5.4.1-perl-set.patch

@@ -0,0 +1,43 @@
+452131: net-snmp-perl is broken for 5.10, cannot set oids
+
+Source: jbjohnso@us.ibm.com, accepted upstream, SVN rev. 17097
+
+diff -urN net-snmp-5.4.1/perl/SNMP/SNMP.xs net-snmp-5.4.1-f9fix/perl/SNMP/SNMP.xs
+--- net-snmp-5.4.1/perl/SNMP/SNMP.xs	2008-06-13 15:48:46.000000000 -0500
++++ net-snmp-5.4.1-f9fix/perl/SNMP/SNMP.xs	2008-06-13 15:48:05.000000000 -0500
+@@ -3072,7 +3072,7 @@
+                     res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
+ 				     (varbind_val_f && SvOK(*varbind_val_f) ?
+ 				      SvPV(*varbind_val_f,na):NULL),
+-				      (varbind_val_f && SvOK(*varbind_val_f) ?
++				      (varbind_val_f && SvPOK(*varbind_val_f) ?
+ 				       SvCUR(*varbind_val_f):0), type);
+ 
+ 		    if (verbose && res == FAILURE)
+@@ -4266,7 +4266,7 @@
+                     res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
+                                   (varbind_val_f && SvOK(*varbind_val_f) ?
+                                    SvPV(*varbind_val_f,na):NULL),
+-                                  (varbind_val_f && SvOK(*varbind_val_f) ?
++                                  (varbind_val_f && SvPOK(*varbind_val_f) ?
+                                    SvCUR(*varbind_val_f):0),
+                                   type);
+ 
+@@ -4424,7 +4424,7 @@
+                     res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
+                                   (varbind_val_f && SvOK(*varbind_val_f) ?
+                                    SvPV(*varbind_val_f,na):NULL),
+-                                  (varbind_val_f && SvOK(*varbind_val_f) ?
++                                  (varbind_val_f && SvPOK(*varbind_val_f) ?
+                                    SvCUR(*varbind_val_f):0),
+                                   type);
+ 
+@@ -4563,7 +4563,7 @@
+                     res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
+                                   (varbind_val_f && SvOK(*varbind_val_f) ?
+                                    SvPV(*varbind_val_f,na):NULL),
+-                                  (varbind_val_f && SvOK(*varbind_val_f) ?
++                                  (varbind_val_f && SvPOK(*varbind_val_f) ?
+                                    SvCUR(*varbind_val_f):0),
+                                   type);
+ 

net-snmp-5.4.1-perl-snprintf.patch

@@ -0,0 +1,106 @@
+447262: CVE-2008-2292 net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
+
+Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&sortby=date&revision=16770
+Reviewed-By: Jan Safranek <jsafrane@redhat.com>
+
+--- branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs	2007/12/21 23:19:29	16769
++++ branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs	2007/12/22 19:22:44	16770
+@@ -470,14 +470,16 @@
+            if (flag == USE_ENUMS) {
+               for(ep = tp->enums; ep; ep = ep->next) {
+                  if (ep->value == *var->val.integer) {
+-                    strcpy(buf, ep->label);
++                    strncpy(buf, ep->label, buf_len);
++                    buf[buf_len-1] = '\0';
+                     len = strlen(buf);
+                     break;
+                  }
+               }
+            }
+            if (!len) {
+-              sprintf(buf,"%ld", *var->val.integer);
++              snprintf(buf, buf_len, "%ld", *var->val.integer);
++              buf[buf_len-1] = '\0';
+               len = strlen(buf);
+            }
+            break;
+@@ -486,21 +488,25 @@
+         case ASN_COUNTER:
+         case ASN_TIMETICKS:
+         case ASN_UINTEGER:
+-           sprintf(buf,"%lu", (unsigned long) *var->val.integer);
++           snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
++           buf[buf_len-1] = '\0';
+            len = strlen(buf);
+            break;
+ 
+         case ASN_OCTET_STR:
+         case ASN_OPAQUE:
+-           memcpy(buf, (char*)var->val.string, var->val_len);
+            len = var->val_len;
++           if ( len > buf_len )
++               len = buf_len;
++           memcpy(buf, (char*)var->val.string, len);
+            break;
+ 
+         case ASN_IPADDRESS:
+-          ip = (u_char*)var->val.string;
+-          sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+-          len = strlen(buf);
+-          break;
++           ip = (u_char*)var->val.string;
++           snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
++           buf[buf_len-1] = '\0';
++           len = strlen(buf);
++           break;
+ 
+         case ASN_NULL:
+            break;
+@@ -512,14 +518,14 @@
+           break;
+ 
+ 	case SNMP_ENDOFMIBVIEW:
+-          sprintf(buf,"%s", "ENDOFMIBVIEW");
+-	  break;
++           snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
++	   break;
+ 	case SNMP_NOSUCHOBJECT:
+-	  sprintf(buf,"%s", "NOSUCHOBJECT");
+-	  break;
++	   snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
++	   break;
+ 	case SNMP_NOSUCHINSTANCE:
+-	  sprintf(buf,"%s", "NOSUCHINSTANCE");
+-	  break;
++	   snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
++	   break;
+ 
+         case ASN_COUNTER64:
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+@@ -538,19 +544,19 @@
+ #endif
+ 
+         case ASN_BIT_STR:
+-            snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
++            snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
+             len = strlen(buf);
+             break;
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+         case ASN_OPAQUE_FLOAT:
+-	  if (var->val.floatVal)
+-	    sprintf(buf,"%f", *var->val.floatVal);
+-         break;
++           if (var->val.floatVal)
++              snprintf(buf, buf_len, "%f", *var->val.floatVal);
++           break;
+          
+         case ASN_OPAQUE_DOUBLE:
+-	  if (var->val.doubleVal)
+-	    sprintf(buf,"%f", *var->val.doubleVal);
+-         break;
++           if (var->val.doubleVal)
++              snprintf(buf, buf_len, "%f", *var->val.doubleVal);
++           break;
+ #endif
+          
+         case ASN_NSAP:

net-snmp-config

@@ -11,7 +11,7 @@
 # this particular shell script calls arch specific script to avoid
 # multilib conflicts
 
-# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha
+# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha sparc sparc64
 
 arch=`arch`
 echo $arch | grep -q i.86
@@ -47,5 +47,12 @@ if [ "$arch" = "alpha" ] ; then
     net-snmp-config-alpha $*
     exit 0
 fi
-
+if [ "$arch" = "sparc" ] ; then
+    net-snmp-config-sparc $*
+    exit 0
+fi
+if [ "$arch" = "sparc64" ] ; then
+    net-snmp-config-sparc64 $*
+    exit 0
+fi
 echo "Cannot determine architecture"

net-snmp-config.h

@@ -25,6 +25,10 @@
 #include "net-snmp-config-x86_64.h"
 #elif defined(__alpha__)
 #include "net-snmp-config-alpha.h"
+#elif defined(__sparc__) && defined (__arch64__)
+#include "net-snmp-config-sparc64.h"
+#elif defined(__sparc__)
+#include "net-snmp-config-sparc.h"
 #else
 #error "net-snmp-devel package does not work on your architecture"
 #endif

net-snmp.spec

@@ -1,13 +1,13 @@
 %{!?tcp_wrappers:%define tcp_wrappers 1}
 
 # Arches on which we need to prevent arch conflicts on net-snmp-config.h
-%define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64
+%define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 
 %define major_ver 5.4.1
 
 Summary: A collection of SNMP protocol tools and libraries
 Name: net-snmp
 Version: %{major_ver}
-Release: 14%{?dist}
+Release: 19%{?dist}
 Epoch: 1
 
 License: BSD and MIT
@@ -40,6 +40,11 @@ Patch14: net-snmp-5.4-exec-crash.patch
 Patch15: net-snmp-5.1.2-snmpconf-selinux.patch
 Patch16: net-snmp-5.4.1-sensors3.patch
 Patch17: net-snmp-5.4.1-xen-crash.patch
+Patch18: net-snmp-5.4.1-hmac-check.patch
+Patch19: net-snmp-5.4.1-perl-snprintf.patch
+Patch20: net-snmp-5.4.1-perl-set.patch
+Patch21: net-snmp-5.4.1-long-iface-names.patch
+Patch22: net-snmp-5.4.1-getbulk-crash.patch
 
 Requires(pre): chkconfig
 Requires(post): chkconfig
@@ -48,6 +53,7 @@ Requires(preun): chkconfig
 Requires(preun): initscripts
 # for /bin/rm
 Requires(preun): coreutils
+Requires: %{name}-libs = %{epoch}:%{version}-%{release}
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: openssl-devel, bzip2-devel, elfutils-devel
@@ -82,7 +88,7 @@ Building option:
 %package utils
 Group: Applications/System
 Summary: Network management utilities using SNMP, from the NET-SNMP project
-Requires: %{name} = %{epoch}:%{version}
+Requires: %{name} = %{epoch}:%{version}-%{release}
 
 %description utils
 The net-snmp-utils package contains various utilities for use with the
@@ -95,7 +101,7 @@ package.
 %package devel
 Group: Development/Libraries
 Summary: The development environment for the NET-SNMP project
-Requires: %{name} = %{epoch}:%{version}
+Requires: %{name} = %{epoch}:%{version}-%{release}
 Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel
 %if %{tcp_wrappers}
 Requires: tcp_wrappers-devel
@@ -117,7 +123,7 @@ packages installed.
 %package perl
 Group: Development/Libraries
 Summary: The perl NET-SNMP module and the mib2c tool
-Requires: %{name} = %{epoch}:%{version}, perl >= 5
+Requires: %{name} = %{epoch}:%{version}-%{release}, perl >= 5
 BuildRequires: perl >= 5
 
 %description perl
@@ -130,7 +136,7 @@ with perl.
 %package gui
 Group: Applications/System
 Summary: An interactive graphical MIB browser for SNMP
-Requires: perl-Tk, net-snmp-perl
+Requires: perl-Tk, net-snmp-perl = %{epoch}:%{version}-%{release}
 
 %description gui
 The net-snmp-gui package contains tkmib utility, which is a graphical user 
@@ -171,12 +177,17 @@ and applications.
 %patch15 -p1 -b .selinux
 %patch16 -p0 -b .sensors
 %patch17 -p0 -b .xen-crash
+%patch18 -p1 -b .hmac-check
+%patch19 -p3 -b .perl-snprintf
+%patch20 -p1 -b .perl-set
+%patch21 -p2 -b .long-iface-names
+%patch22 -p1 -b .getbulk-crash
 
 # Do this patch with a perl hack...
 perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
 
 %build
-%ifarch ia64 x86_64 s390x ppc64
+%ifarch ia64 x86_64 s390x ppc64 sparc64
 export LDFLAGS="-L%{_libdir}"
 %endif
 export LIBDIR="%{_libdir}"
@@ -387,6 +398,26 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_libdir}/lib*.so.*
 
 %changelog
+* Tue Jul 22 2008 Jan Safranek <jsafranek@redhat.com> 5.4.1-19
+- fix perl SNMP::Session::set (#452131)
+- support interface names longer than 8 characters (#468045)
+- explicitly require the right version and release of net-snmp and
+  net-snmp-libs
+- fix CVE-2008-4309
+
+* Tue Jun 10 2008 Jan Safranek <jsafranek@redhat.com> 5.4.1-18
+- explicitly require lm_sensor > 3 for build (#442718)
+- fix various flaws (CVE-2008-2292 CVE-2008-0960)
+
+* Sat May 31 2008 Dennis Gilmore <dennis@ausil.us> 5.4.1-17
+- fix sparc handling in /usr/bin/net-snmp-config
+
+* Thu May 29 2008 Dennis Gilmore <dennis@ausil.us> 5.4.1-16
+- fix /usr/include/net-snmp-config.h for sparc
+
+* Sun May 25 2008 Dennis Gilmore <dennis@ausil.us> 5.4.1-15
+- sparc multilib handling
+
 * Tue Mar 18 2008 Tom "spot" Callaway <tcallawa@redhat.com> 5.4.1-14
 - add Requires for versioned perl (libperl.so)
 - get rid of silly file Requires