Sync from SUSE:SLFO:Main net-snmp revision 84f4efdcb3d78f3ca00435a6cb1430aa

This commit is contained in:
Adrian Schröter 2024-11-25 20:47:17 +01:00
parent c7f7988915
commit b470139e10
27 changed files with 503 additions and 3905 deletions

File diff suppressed because it is too large Load Diff

View File

@ -1,94 +0,0 @@
diff -Nurp net-snmp-5.9.3-orig/agent/snmp_agent.c net-snmp-5.9.3/agent/snmp_agent.c
--- net-snmp-5.9.3-orig/agent/snmp_agent.c 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/agent/snmp_agent.c 2023-01-05 12:44:03.533604744 +0100
@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_ses
return 1;
}
+static int
+check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
+{
+ int i;
+ netsnmp_variable_list *v = NULL;
+
+ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
+ if (v->type == ASN_NULL) {
+ /*
+ * Protect SET implementations that do not protect themselves
+ * against wrong type.
+ */
+ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
+ asp->index = i;
+ return SNMP_ERR_WRONGTYPE;
+ }
+ }
+ return SNMP_ERR_NOERROR;
+}
+
int
handle_pdu(netsnmp_agent_session *asp)
{
int status, inclusives = 0;
netsnmp_variable_list *v = NULL;
+#ifndef NETSNMP_NO_WRITE_SUPPORT
+ /*
+ * Check for ASN_NULL in SET request
+ */
+ if (asp->pdu->command == SNMP_MSG_SET) {
+ status = check_set_pdu_for_null_varbind(asp);
+ if (status != SNMP_ERR_NOERROR) {
+ return status;
+ }
+ }
+#endif /* NETSNMP_NO_WRITE_SUPPORT */
+
/*
* for illegal requests, mark all nodes as ASN_NULL
*/
diff -Nurp net-snmp-5.9.3-orig/apps/snmpset.c net-snmp-5.9.3/apps/snmpset.c
--- net-snmp-5.9.3-orig/apps/snmpset.c 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/apps/snmpset.c 2023-01-05 12:44:06.377533268 +0100
@@ -182,6 +182,7 @@ main(int argc, char *argv[])
case 'x':
case 'd':
case 'b':
+ case 'n': /* undocumented */
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
case 'I':
case 'U':
diff -Nurp net-snmp-5.9.3-orig/testing/fulltests/default/T0142snmpv2csetnull_simple net-snmp-5.9.3/testing/fulltests/default/T0142snmpv2csetnull_simple
--- net-snmp-5.9.3-orig/testing/fulltests/default/T0142snmpv2csetnull_simple 1970-01-01 01:00:00.000000000 +0100
+++ net-snmp-5.9.3/testing/fulltests/default/T0142snmpv2csetnull_simple 2023-01-05 12:44:08.701474860 +0100
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+. ../support/simple_eval_tools.sh
+
+HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
+
+SKIPIF NETSNMP_DISABLE_SET_SUPPORT
+SKIPIF NETSNMP_NO_WRITE_SUPPORT
+SKIPIF NETSNMP_DISABLE_SNMPV2C
+SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
+
+#
+# Begin test
+#
+
+# standard V2C configuration: testcomunnity
+snmp_write_access='all'
+. ./Sv2cconfig
+STARTAGENT
+
+CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
+
+CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
+
+CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
+
+CHECK "Reason: wrongType"
+
+STOPAGENT
+
+FINISHED

View File

@ -1,333 +0,0 @@
From 011de0e8fce88702619ba78cc80c900991a8e036 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:10:38 +0200
Subject: [PATCH 02/10] configure: change use of fgrep to AC detected tool
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -F
[ bvanassche: regenerated configure script ]
---
configure | 4 ++--
configure.d/config_modules_agent | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure b/configure
index 727164eb7..65b99c020 100755
--- a/configure
+++ b/configure
@@ -22257,8 +22257,8 @@ $as_echo "$NETSNMP_DEFAULT_MIBS" >&6; }
#
if echo " $agent_module_list " | \
- fgrep ' agentx/agentx_config ' | \
- fgrep ' agentx/protocol ' > /dev/null ; then
+ $FGREP ' agentx/agentx_config ' | \
+ $FGREP ' agentx/protocol ' > /dev/null ; then
NETSNMP_HAVE_AGENTX_LIBS_TRUE=''
NETSNMP_HAVE_AGENTX_LIBS_FALSE='#'
else
diff --git a/configure.d/config_modules_agent b/configure.d/config_modules_agent
index 1132da8d9..0169749d9 100644
--- a/configure.d/config_modules_agent
+++ b/configure.d/config_modules_agent
@@ -814,8 +814,8 @@ AC_MSG_RESULT($NETSNMP_DEFAULT_MIBS)
#
if echo " $agent_module_list " | \
- fgrep ' agentx/agentx_config ' | \
- fgrep ' agentx/protocol ' > /dev/null ; then
+ $FGREP ' agentx/agentx_config ' | \
+ $FGREP ' agentx/protocol ' > /dev/null ; then
NETSNMP_HAVE_AGENTX_LIBS_TRUE=''
NETSNMP_HAVE_AGENTX_LIBS_FALSE='#'
else
--
2.37.3
From 5ae5ad5234a8e0ef3661fe3ec3c77ae57b156bf5 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:34:17 +0200
Subject: [PATCH 03/10] Makefile.in: change use of egrep to AC detected tool
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -E
---
Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.in b/Makefile.in
index 9b0f0dbac..9fe3781e5 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -119,7 +119,7 @@ agentxtrap snmptrapd: @FEATURETARGS@
# local build rules
#
sedscript: sedscript.in include/net-snmp/net-snmp-config.h $(srcdir)/agent/mibgroup/mibdefs.h
- $(CPP) $(srcdir)/sedscript.in | egrep '^s[/#]' | sed 's/REMOVEME//g;s# */#/#g;s/ *#/#/g;s#/ *#/#g;s/# g/#g/;' > sedscript
+ $(CPP) $(srcdir)/sedscript.in | ${EGREP} '^s[/#]' | sed 's/REMOVEME//g;s# */#/#g;s/ *#/#/g;s#/ *#/#g;s/# g/#g/;' > sedscript
echo 's/VERSIONINFO/$(VERSION)/g' >> sedscript
echo 's#DATADIR#$(datadir)#g' >> sedscript
echo 's#LIBDIR#$(libdir)#g' >> sedscript
--
2.37.3
From 9a577171ce728b97aeb42c455f5d09a2c3e2b51f Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:35:22 +0200
Subject: [PATCH 04/10] dist: update instructions and scripts to use grep -E
GNU grep 3.8 started throwing warnings for direct usage of egrep,
deprecating it in favour of grep -E
---
dist/RELEASE-INSTRUCTIONS | 2 +-
dist/makerelease.xml | 4 ++--
dist/net-snmp-solaris-build/buildpackage-solaris | 2 +-
dist/nsb-functions | 4 ++--
dist/patme | 2 +-
5 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/dist/RELEASE-INSTRUCTIONS b/dist/RELEASE-INSTRUCTIONS
index 032a0c92e..a38e46a6d 100644
--- a/dist/RELEASE-INSTRUCTIONS
+++ b/dist/RELEASE-INSTRUCTIONS
@@ -87,7 +87,7 @@ STEP: 1.6: Check for changes
Commands to execute:
- svn -u status | egrep '^[^\?]'
+ svn -u status | grep -E '^[^\?]'
(Leaving Step: 1)
diff --git a/dist/makerelease.xml b/dist/makerelease.xml
index 0494fd098..f3c8bfa0e 100644
--- a/dist/makerelease.xml
+++ b/dist/makerelease.xml
@@ -21,7 +21,7 @@
them before continuing!
</text>
<commands>
- <command expectfailure="1">find . -name 'net-snmp-5*' | egrep '^[^\?]'</command>
+ <command expectfailure="1">find . -name 'net-snmp-5*' | grep -E '^[^\?]'</command>
</commands>
</step>
<step type="system" title="Setup Check">
@@ -130,7 +130,7 @@
this step finds outstanding modified files you need to check
them in or revert them before continuing!</text>
<commands>
- <command expectfailure="1">git status --porcelain | egrep '^[^\?]'</command>
+ <command expectfailure="1">git status --porcelain | grep -E '^[^\?]'</command>
</commands>
</step>
</steps>
diff --git a/dist/net-snmp-solaris-build/buildpackage-solaris b/dist/net-snmp-solaris-build/buildpackage-solaris
index 31f4f0c0e..72971111a 100644
--- a/dist/net-snmp-solaris-build/buildpackage-solaris
+++ b/dist/net-snmp-solaris-build/buildpackage-solaris
@@ -94,7 +94,7 @@ f snmp /etc/init.d/snmpd=./snmpd-init.d 0755 root sys
==
pkgproto -c snmp $TMP=/ |\
-egrep -v '^d .* / |^d .* /var |^d .* /opt |^ .*perllocal.pod=' |\
+grep -E -v '^d .* / |^d .* /var |^d .* /opt |^ .*perllocal.pod=' |\
sed -e "s/ $owner $group\$//" >> prototype || exit $?
# and ignore top level directories (must pre-exist)
diff --git a/dist/nsb-functions b/dist/nsb-functions
index 4865cc28a..f42a527a8 100644
--- a/dist/nsb-functions
+++ b/dist/nsb-functions
@@ -364,10 +364,10 @@ nsb_make()
# checking $? would only get us the rc from tee, which is useless
nsb_info "Checking for errors..."
- egrep -i "error|fail|warn|no such|exists|t find |ermission denied" $nsb_make_OUTPUT \
+ grep -E -i "error|fail|warn|no such|exists|t find |ermission denied" $nsb_make_OUTPUT \
> nsb_make-$target-allerrs.$NSB_DATE
# allow for a few exceptions
- egrep -v -i "^ok|testing .*failure|[a-z&_](fail|error)|warn|error(mib|\.3)|(LOG|SNMP)_ERR|In function|= FAILURE|DEBUGMSG|/\*|static library .* is not portable" nsb_make-$target-allerrs.$NSB_DATE \
+ grep -E -v -i "^ok|testing .*failure|[a-z&_](fail|error)|warn|error(mib|\.3)|(LOG|SNMP)_ERR|In function|= FAILURE|DEBUGMSG|/\*|static library .* is not portable" nsb_make-$target-allerrs.$NSB_DATE \
> nsb_make-$target-errs.$NSB_DATE
if [ -s nsb_make-$target-errs.$NSB_DATE ]; then
nsb_prompt "press enter to view errors"
diff --git a/dist/patme b/dist/patme
index 0fd50ee4a..6e62c80f9 100755
--- a/dist/patme
+++ b/dist/patme
@@ -101,7 +101,7 @@ sub load_primaries {
patch_info =>
qw_primary('check','Checking code directory status:', '',
[qw_paragraph('patch pieces:',
- sub { capture("egrep '^(---|\\+\\+\\+)' " .
+ sub { capture("grep -E '^(---|\\+\\+\\+)' " .
qwparam('patchfile'))},
width => 80,
height => 30),
--
2.37.3
From 1023b76d53a279d44fa0629c1fd3a3b82d39eb42 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:36:57 +0200
Subject: [PATCH 05/10] local: convert direct usage of egrep to grep -E
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -E
[ bvanassche: changed one occurrence of egrep into grep -F instead of grep ]
---
local/gittools/shell-functions | 6 +++---
local/mib2c-update | 4 ++--
local/minimalist/feature-remove | 6 +++---
local/snmp-ucd.sh | 2 +-
4 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/local/gittools/shell-functions b/local/gittools/shell-functions
index eafcbfdb4..0b09df323 100644
--- a/local/gittools/shell-functions
+++ b/local/gittools/shell-functions
@@ -26,7 +26,7 @@ _ns_switchtobuilddir () {
_ns_getbuilddir() {
nssuffix=${1:-$nssuffix}
- nsbranch=`git branch | egrep '^\*' | sed 's/^..//'`
+ nsbranch=`git branch | grep -E '^\*' | sed 's/^..//'`
NSBUILDDIR="$nsbuildroot/$nsbranch"
NSSRCDIR="$PWD"
@@ -334,7 +334,7 @@ nsrollup() {
fi
if [ -f dist/release ] ; then
- if [ "`egrep ^$branch dist/release`" = "$branch rc" ] ; then
+ if [ "`grep -E ^$branch dist/release`" = "$branch rc" ] ; then
$nsverbose Skipping: branch is in rc phase of release
nsbranchesnotdone="$nsbranchesnotdone $branch"
@@ -411,7 +411,7 @@ nsrollup() {
}
nspull() {
- nscurrentbranch=`git branch | egrep '^\*' | sed 's/^..//'`
+ nscurrentbranch=`git branch | grep -E '^\*' | sed 's/^..//'`
_ns_checkclean
if [ $NSCLEAN != 1 ]; then
return
diff --git a/local/mib2c-update b/local/mib2c-update
index 4282f3332..5fe5fd33d 100755
--- a/local/mib2c-update
+++ b/local/mib2c-update
@@ -157,7 +157,7 @@ do_cp()
die "src $src is not a directory"
fi
safecd "$src"
- files=`ls ./*"$UPDATE_OID"* 2>/dev/null| egrep "(file|onf|m2d|txt|\.c|\.h)$"`
+ files=`ls ./*"$UPDATE_OID"* 2>/dev/null| grep -E "(file|onf|m2d|txt|\.c|\.h)$"`
if [ -z "$files" ]; then
echo " no files to copy from $src"
else
@@ -174,7 +174,7 @@ do_cp()
save_diff()
{
echo "Creating patch for your custom code"
- cnt=`ls ./"$UPDATE_CURR/"*"$UPDATE_OID"* 2>/dev/null | egrep "(file|onf|m2d|txt|\.c|\.h)$" | wc -l`
+ cnt=`ls ./"$UPDATE_CURR/"*"$UPDATE_OID"* 2>/dev/null | grep -E "(file|onf|m2d|txt|\.c|\.h)$" | wc -l`
if [ "$cnt" -eq 0 ]; then
echo " no custom code!"
FIRST_RUN=1
diff --git a/local/minimalist/feature-remove b/local/minimalist/feature-remove
index aae340d93..504f26e0b 100755
--- a/local/minimalist/feature-remove
+++ b/local/minimalist/feature-remove
@@ -99,15 +99,15 @@ for i in `grep NETSNMP_FEATURE_PROVIDE_ $featureheaderin | sed 's/.*FEATURE_PROV
#
# check to see if something required a parent
#
- elif egrep NETSNMP_FEATURE_${i}_CHILD_OF $featureheaderglobal > /dev/null ; then
- parentnames=`egrep NETSNMP_FEATURE_${i}_CHILD_OF $featureheaderglobal | sed 's/.*CHILD_OF_//;s/ .*//;'`
+ elif grep -E NETSNMP_FEATURE_${i}_CHILD_OF $featureheaderglobal > /dev/null ; then
+ parentnames=`grep -E NETSNMP_FEATURE_${i}_CHILD_OF $featureheaderglobal | sed 's/.*CHILD_OF_//;s/ .*//;'`
foundone=0
for parentname in $parentnames ; do
# if the parent was desired, then we are too:
if test $foundone = 0 ; then
- if egrep "NETSNMP_FEATURE_HAS_${parentname} " $featureheader > /dev/null ; then
+ if grep -E "NETSNMP_FEATURE_HAS_${parentname} " $featureheader > /dev/null ; then
echo "#define NETSNMP_FEATURE_HAS_$i 1" >> $featureheader
haslist="${haslist}${i} "
foundone=1
diff --git a/local/snmp-ucd.sh b/local/snmp-ucd.sh
index 7d16b746a..98d4094d0 100755
--- a/local/snmp-ucd.sh
+++ b/local/snmp-ucd.sh
@@ -60,7 +60,7 @@ killproc() { # <program> [signal]
#
pid=`pidofproc $base 2>/dev/null`
[ -z "$pid" ] && {
- pid=`ps $PSARGS | egrep $base | egrep -v egrep | egrep -v $0 | awk '{ print $2 }'`;
+ pid=`ps $PSARGS | grep -F "$base" | grep -v grep | grep -v $0 | awk '{ print $2 }'`;
}
[ -z "$pid" ] && {
echo "`basename $0`: killproc: Could not find process ID."
--
2.37.3
From 2b048bbe20d0e17ed6091c7ee75abc78e27423b5 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:38:37 +0200
Subject: [PATCH 06/10] net-snmp-create-v3-user: convert egrep to grep -E
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -E
---
net-snmp-create-v3-user.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 19895a178..87121b9a1 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -3,7 +3,7 @@
# this shell script is designed to add new SNMPv3 users
# to Net-SNMP config file.
-if @PSCMD@ | egrep ' snmpd *$' > /dev/null 2>&1 ; then
+if @PSCMD@ | @EGREP@ ' snmpd *$' > /dev/null 2>&1 ; then
echo "Apparently at least one snmpd demon is already running."
echo "You must stop them in order to use this command."
exit 1
--
2.37.3
From bc314524507e39cc283904e69d2a670e1ee7a6be Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:39:57 +0200
Subject: [PATCH 07/10] testing/fulltests/support/simple_eval_tools.sh: egrep
to grep -E
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -E
---
testing/fulltests/support/simple_eval_tools.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/testing/fulltests/support/simple_eval_tools.sh b/testing/fulltests/support/simple_eval_tools.sh
index 4b2178618..858c20f75 100644
--- a/testing/fulltests/support/simple_eval_tools.sh
+++ b/testing/fulltests/support/simple_eval_tools.sh
@@ -474,7 +474,7 @@ CHECKANDDIE() {
# Returns: Count of matched lines.
#
CHECKEXACT() { # <pattern_to_match_exactly>
- rval=`egrep -c "^$*\$|^$*[^a-zA-Z0-9_]|[^a-zA-Z0-9_]$*\$|[^a-zA-Z0-9_]$*[^a-zA-Z0-9_]" "$junkoutputfile" 2>/dev/null`
+ rval=`grep -E -c "^$*\$|^$*[^a-zA-Z0-9_]|[^a-zA-Z0-9_]$*\$|[^a-zA-Z0-9_]$*[^a-zA-Z0-9_]" "$junkoutputfile" 2>/dev/null`
snmp_last_test_result=$rval
EXPECTRESULT 1 # default
return $rval
--
2.37.3

BIN
net-snmp-5.9.3.tar.gz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAmLPNbAACgkQ8HudLayx
n9ZoYRAAutAiZ4PzrWLkK2OUssCCbacKd+mswSuPsDOGe9OiJLedXGvI2+0iApba
avm3QZUDVID4LbHlNNHZxUWjQbCfl994pu5N0RHbJUZL9lLunkUDKZHv7AY/UCc4
cb35s0n8OTPpud7q3z+T1cmFV4C/mXaji2f/CAHu4biWqT1SUE3eMADgT/9hxJES
0wEk1vVus0Y7qj6J2WQ5TepmuTwMB22ynWs1ffIxSrGtMm7YRigblCeNwCwXEeMY
vdwoxeTNAloJB6xzcjJ9sHYU6fHdlghNg1fwJZ/F6zAiVeRSij/jvNNWYVMYnsuC
Nwqa2RnhQv/OzIqyjo5rn/h7X0WI5XXT4x1XQQzOCKr4nb2tPYl+Me3sT/56nMRU
nUJK8Mak+0ygt0FUeRv5UUsWryXZyoDNxbF+fBxR2/S9RWGaSliIddld9KSImAYW
Y6EO71tqYX137jJ0/KcXF7BOVZ8EvEkVcaphz236vYJoa15XgDm1MEg92Dv2QFtU
CevMidbtMew0+9LxI3ZpAasGlbzC1t7WO/iKgHtGku67Ke+n+eB95ZYnTkCPLEtd
185Ln5ZylhvHpMvYrxDhIEiKvDyTO/lefN/ovLwhQNNmDtUntiKvQh5jdiFwos4/
RxhzVnVdGGKSfLXwfZakU4QACfL/5YxxPtm/6h05dy/TIflZWAA=
=nlF8
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,402 @@
commit d047b54f874f392f97ffce8d51f49729e1c78225
Author: Alexander Bergmann <abergmann@suse.com>
Date: Fri Mar 10 15:23:35 2023 +0100
Create sub-function to parse source address and network mask
Function netsnmp_udp_resolve_source was introduced to handle the source
address and network mask parsing into in_addr structures.
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index 2724cf2191..3ad33d4bc5 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -98,6 +98,58 @@ netsnmp_udp_fmtaddr(netsnmp_transport *t, const void *data, int len)
return netsnmp_ipv4_fmtaddr("UDP", t, data, len);
}
+static int
+netsnmp_udp_resolve_source(char *source, struct in_addr *network,
+ struct in_addr *mask)
+{
+ /* Split the source/netmask parts */
+ char *strmask = strchr(source, '/');
+ if (strmask != NULL)
+ /* Mask given. */
+ *strmask++ = '\0';
+
+ /* Try interpreting as a dotted quad. */
+ if (inet_pton(AF_INET, source, network) == 0) {
+ /* Nope, wasn't a dotted quad. Must be a hostname. */
+ int ret = netsnmp_gethostbyname_v4(source, &(network->s_addr));
+ if (ret < 0) {
+ config_perror("cannot resolve source hostname");
+ return ret;
+ }
+ }
+
+ /* Now work out the mask. */
+ if (strmask == NULL || *strmask == '\0') {
+ /* No mask was given. Assume /32 */
+ mask->s_addr = (in_addr_t)(~0UL);
+ } else {
+ /* Try to interpret mask as a "number of 1 bits". */
+ char* cp;
+ long maskLen = strtol(strmask, &cp, 10);
+ if (*cp == '\0') {
+ if (0 < maskLen && maskLen <= 32)
+ mask->s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen)));
+ else if (maskLen == 0)
+ mask->s_addr = 0;
+ else {
+ config_perror("bad mask length");
+ return -1;
+ }
+ }
+ /* Try to interpret mask as a dotted quad. */
+ else if (inet_pton(AF_INET, strmask, mask) == 0) {
+ config_perror("bad mask");
+ return -1;
+ }
+
+ /* Check that the network and mask are consistent. */
+ if (network->s_addr & ~mask->s_addr) {
+ config_perror("source/mask mismatch");
+ return -1;
+ }
+ }
+ return 0;
+}
#if defined(HAVE_IP_PKTINFO) || (defined(HAVE_IP_RECVDSTADDR) && defined(HAVE_IP_SENDSRCADDR))
@@ -375,52 +427,10 @@ netsnmp_udp_parse_security(const char *token, char *param)
negate = 0;
sourcep = source;
}
-
- /* Split the source/netmask parts */
- strmask = strchr(sourcep, '/');
- if (strmask != NULL)
- /* Mask given. */
- *strmask++ = '\0';
-
- /* Try interpreting as a dotted quad. */
- if (inet_pton(AF_INET, sourcep, &network) == 0) {
- /* Nope, wasn't a dotted quad. Must be a hostname. */
- int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
- if (ret < 0) {
- config_perror("cannot resolve IPv4 source hostname");
- return;
- }
- }
-
- /* Now work out the mask. */
- if (strmask == NULL || *strmask == '\0') {
- /* No mask was given. Assume /32 */
- mask.s_addr = (in_addr_t)(~0UL);
- } else {
- /* Try to interpret mask as a "number of 1 bits". */
- char* cp;
- long maskLen = strtol(strmask, &cp, 10);
- if (*cp == '\0') {
- if (0 < maskLen && maskLen <= 32)
- mask.s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen)));
- else if (0 == maskLen)
- mask.s_addr = 0;
- else {
- config_perror("bad mask length");
- return;
- }
- }
- /* Try to interpret mask as a dotted quad. */
- else if (inet_pton(AF_INET, strmask, &mask) == 0) {
- config_perror("bad mask");
- return;
- }
-
- /* Check that the network and mask are consistent. */
- if (network.s_addr & ~mask.s_addr) {
- config_perror("source/mask mismatch");
- return;
- }
+ /* Parse source address and network mask. */
+ if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) {
+ config_perror("source address/network mask parsing issue");
+ return;
}
}
commit a2559914d8d8132f155a81c0852cbbd2090d2d40
Author: Alexander Bergmann <abergmann@suse.com>
Date: Fri Mar 10 15:25:10 2023 +0100
Create sub-function to check the com2SecEntry_create return code
The return code interpretation of the netsnmp_udp_com2SecEntry_create
function is now done inside a new sub-function.
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index 3ad33d4bc5..5904a1b423 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -346,6 +346,33 @@ netsnmp_udp_com2SecEntry_create(com2SecEntry **entryp, const char *community,
return C2SE_ERR_SUCCESS;
}
+void
+netsnmp_udp_com2SecEntry_check_return_code(int rc)
+{
+ /*
+ * Check return code of the newly created com2Sec entry.
+ */
+ switch(rc) {
+ case C2SE_ERR_SUCCESS:
+ break;
+ case C2SE_ERR_CONTEXT_TOO_LONG:
+ config_perror("context name too long");
+ break;
+ case C2SE_ERR_COMMUNITY_TOO_LONG:
+ config_perror("community name too long");
+ break;
+ case C2SE_ERR_SECNAME_TOO_LONG:
+ config_perror("security name too long");
+ break;
+ case C2SE_ERR_MASK_MISMATCH:
+ config_perror("source/mask mismatch");
+ break;
+ case C2SE_ERR_MISSING_ARG:
+ default:
+ config_perror("unexpected error; could not create com2SecEntry");
+ }
+}
+
void
netsnmp_udp_parse_security(const char *token, char *param)
{
@@ -440,25 +467,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
*/
rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
&network, &mask, negate);
- switch(rc) {
- case C2SE_ERR_SUCCESS:
- break;
- case C2SE_ERR_CONTEXT_TOO_LONG:
- config_perror("context name too long");
- break;
- case C2SE_ERR_COMMUNITY_TOO_LONG:
- config_perror("community name too long");
- break;
- case C2SE_ERR_SECNAME_TOO_LONG:
- config_perror("security name too long");
- break;
- case C2SE_ERR_MASK_MISMATCH:
- config_perror("source/mask mismatch");
- break;
- case C2SE_ERR_MISSING_ARG:
- default:
- config_perror("unexpected error; could not create com2SecEntry");
- }
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
}
void
commit 20e2bb7d75c391f5cfde1eb8b8676aff68f3a5f5
Author: Alexander Bergmann <abergmann@suse.com>
Date: Fri Mar 10 15:31:41 2023 +0100
Add '@' netgroup functionality
Allow access control via netgroups defined in /etc/netgroup or NIS/LDAP
via the '@' sign inside the configuration file. Same as IP addresses and
host names.
diff --git a/configure b/configure
index 575b60c4d2..82414664cf 100755
--- a/configure
+++ b/configure
@@ -31221,6 +31221,12 @@ if test "x$ac_cv_func_closedir" = xyes
then :
printf "%s\n" "#define HAVE_CLOSEDIR 1" >>confdefs.h
+fi
+ac_fn_c_check_func "$LINENO" "endnetgrent" "ac_cv_func_endnetgrent"
+if test "x$ac_cv_func_endnetgrent" = xyes
+then :
+ printf "%s\n" "#define HAVE_ENDNETGRENT 1" >>confdefs.h
+
fi
ac_fn_c_check_func "$LINENO" "fgetc_unlocked" "ac_cv_func_fgetc_unlocked"
if test "x$ac_cv_func_fgetc_unlocked" = xyes
@@ -31257,6 +31263,12 @@ if test "x$ac_cv_func_getlogin" = xyes
then :
printf "%s\n" "#define HAVE_GETLOGIN 1" >>confdefs.h
+fi
+ac_fn_c_check_func "$LINENO" "getnetgrent" "ac_cv_func_getnetgrent"
+if test "x$ac_cv_func_getnetgrent" = xyes
+then :
+ printf "%s\n" "#define HAVE_GETNETGRENT 1" >>confdefs.h
+
fi
ac_fn_c_check_func "$LINENO" "if_nametoindex" "ac_cv_func_if_nametoindex"
if test "x$ac_cv_func_if_nametoindex" = xyes
@@ -31305,6 +31317,12 @@ if test "x$ac_cv_func_setlocale" = xyes
then :
printf "%s\n" "#define HAVE_SETLOCALE 1" >>confdefs.h
+fi
+ac_fn_c_check_func "$LINENO" "setnetgrent" "ac_cv_func_setnetgrent"
+if test "x$ac_cv_func_setnetgrent" = xyes
+then :
+ printf "%s\n" "#define HAVE_SETNETGRENT 1" >>confdefs.h
+
fi
ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid"
if test "x$ac_cv_func_setsid" = xyes
diff --git a/configure.d/config_os_functions b/configure.d/config_os_functions
index b921f8cd7b..0915928e21 100644
--- a/configure.d/config_os_functions
+++ b/configure.d/config_os_functions
@@ -25,12 +25,14 @@ AC_TYPE_SIGNAL
AC_CHECK_FUNCS([rand random srand srandom lrand48 srand48])
# Library:
-AC_CHECK_FUNCS([asprintf closedir fgetc_unlocked ] dnl
+AC_CHECK_FUNCS([asprintf closedir endnetgrent ] dnl
+ [fgetc_unlocked ] dnl
[flockfile funlockfile getipnodebyname ] dnl
- [gettimeofday getlogin ] dnl
+ [gettimeofday getlogin getnetgrent ] dnl
[if_nametoindex mkstemp ] dnl
[opendir readdir regcomp ] dnl
[setenv setitimer setlocale ] dnl
+ [setnetgrent ] dnl
[setsid snprintf strcasestr ] dnl
[strdup strerror strncasecmp ] dnl
[sysconf times vsnprintf ] )
diff --git a/include/net-snmp/net-snmp-config.h.in b/include/net-snmp/net-snmp-config.h.in
index 89b2ca116d..5efbf12400 100644
--- a/include/net-snmp/net-snmp-config.h.in
+++ b/include/net-snmp/net-snmp-config.h.in
@@ -183,6 +183,9 @@
/* Define to 1 if you have the `endfsent' function. */
#undef HAVE_ENDFSENT
+/* Define to 1 if you have the `endnetgrent' function. */
+#undef HAVE_ENDNETGRENT
+
/* Define to 1 if you have the `ERR_get_error_all' function. */
#undef HAVE_ERR_GET_ERROR_ALL
@@ -294,6 +297,9 @@
/* Define to 1 if you have the `getmntinfo' function. */
#undef HAVE_GETMNTINFO
+/* Define to 1 if you have the `getnetgrent' function. */
+#undef HAVE_GETNETGRENT
+
/* Define to 1 if you have the `getopt' function. */
#undef HAVE_GETOPT
@@ -883,6 +889,9 @@
/* Define to 1 if you have the `setmntent' function. */
#undef HAVE_SETMNTENT
+/* Define to 1 if you have the `setnetgrent' function. */
+#undef HAVE_SETNETGRENT
+
/* Define to 1 if you have the `setsid' function. */
#undef HAVE_SETSID
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
index 2a9abd5b51..6060ed51d1 100644
--- a/man/snmpd.conf.5.def
+++ b/man/snmpd.conf.5.def
@@ -434,6 +434,14 @@ com2sec sec1 10.0.0.0/8 public
.IP
Access from outside of 10.0.0.0/8 would still be denied.
.IP
+It is also possible to reference a specific \fInetgroup\fR starting with an
+'@' character (e.g. @adminhosts). The \fInetgroup\fR lookup is running
+through the NSS (Name Services Switch) making it possible to define the
+group locally or via NIS/LDAP.
+.IP
+Note: The hostname DNS lookup and \fInetgroup\fR resolution is done only
+during snmpd start or reload.
+.IP
The same community string can be specified in several separate directives
(presumably with different source tokens), and the first source/community
combination that matches the incoming request will be selected.
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index 5904a1b423..8f98398704 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -445,6 +445,10 @@ netsnmp_udp_parse_security(const char *token, char *param)
network.s_addr = 0;
mask.s_addr = 0;
negate = 0;
+ /* Create a new com2Sec entry. */
+ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+ &network, &mask, negate);
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
} else {
char *strmask;
if (*source == '!') {
@@ -454,20 +458,44 @@ netsnmp_udp_parse_security(const char *token, char *param)
negate = 0;
sourcep = source;
}
- /* Parse source address and network mask. */
- if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) {
- config_perror("source address/network mask parsing issue");
- return;
+#if HAVE_ENDNETGRENT && HAVE_GETNETGRENT && HAVE_SETNETGRENT
+ /* Interpret as netgroup */
+ if (*sourcep == '@') {
+ char *netgroup = sourcep+1;
+ char *host, *user, *domain;
+ if(setnetgrent(netgroup)) {
+ while (getnetgrent(&host, &user, &domain)) {
+ /* Parse source address and network mask for each netgroup host. */
+ if (netsnmp_udp_resolve_source(host, &network, &mask) == 0) {
+ /* Create a new com2Sec entry. */
+ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+ &network, &mask, negate);
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
+ } else {
+ config_perror("netgroup host address parsing issue");
+ break;
+ }
+ }
+ endnetgrent();
+ } else {
+ config_perror("netgroup could not be found");
+ }
+ }
+ /* Without '@' it has to be an address or hostname */
+ else
+#endif
+ {
+ /* Parse source address and network mask. */
+ if(netsnmp_udp_resolve_source(sourcep, &network, &mask) == 0) {
+ /* Create a new com2Sec entry. */
+ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+ &network, &mask, negate);
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
+ } else {
+ config_perror("source address/network mask parsing issue");
+ }
}
}
-
- /*
- * Everything is okay. Copy the parameters to the structure allocated
- * above and add it to END of the list.
- */
- rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
- &network, &mask, negate);
- netsnmp_udp_com2SecEntry_check_return_code(rc);
}
void

View File

@ -1,15 +1,13 @@
Index: net-snmp-5.9/dist/snmpd.service diff -Nurp net-snmp-5.9.3-orig/dist/snmpd.service net-snmp-5.9.3/dist/snmpd.service
=================================================================== --- net-snmp-5.9.3-orig/dist/snmpd.service 2022-07-13 23:14:14.000000000 +0200
--- net-snmp-5.9.orig/dist/snmpd.service +++ net-snmp-5.9.3/dist/snmpd.service 2023-01-09 12:11:47.508668095 +0100
+++ net-snmp-5.9/dist/snmpd.service @@ -10,6 +10,15 @@ Description=Simple Network Management Pr
@@ -10,6 +10,16 @@ Description=Simple Network Management Pr
After=syslog.target network.target After=syslog.target network.target
[Service] [Service]
+# added automatically, for details please see +# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full +ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true +ProtectHostname=true
+ProtectKernelTunables=true +ProtectKernelTunables=true
+ProtectKernelModules=true +ProtectKernelModules=true

View File

@ -1,15 +1,13 @@
Index: net-snmp-5.9/dist/snmptrapd.service diff -Nurp net-snmp-5.9.3-orig/dist/snmptrapd.service net-snmp-5.9.3/dist/snmptrapd.service
=================================================================== --- net-snmp-5.9.3-orig/dist/snmptrapd.service 2022-07-13 23:14:14.000000000 +0200
--- net-snmp-5.9.orig/dist/snmptrapd.service +++ net-snmp-5.9.3/dist/snmptrapd.service 2023-01-09 12:13:40.120216602 +0100
+++ net-snmp-5.9/dist/snmptrapd.service @@ -7,6 +7,15 @@ Description=Simple Network Management Pr
@@ -7,6 +7,16 @@ Description=Simple Network Management Pr
After=syslog.target network.target After=syslog.target network.target
[Service] [Service]
+# added automatically, for details please see +# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full +ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true +ProtectHostname=true
+ProtectKernelTunables=true +ProtectKernelTunables=true
+ProtectKernelModules=true +ProtectKernelModules=true

BIN
net-snmp-5.9.4.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRuZxiu8etcZcMtGyo1a8C1UtU8qwUCZNvg2QAKCRA1a8C1UtU8
qw8qAQDETiafcfGE3SBySaKHBbF29I0JoCgyQkMZcohhulta0gEA3VXykAg9M0S9
q/bjRz8lPTdz9tpYmiza9eXcYmQZcAA=
=PJkj
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,54 @@
-------------------------------------------------------------------
Thu Nov 14 16:53:39 UTC 2024 - Alexander Bergmann <abergmann@suse.com>
- Update to net-snmp-5.9.4 (bsc#1214364).
add (rename):
* net-snmp-5.9.4-add-lustre-fs-support.patch
* net-snmp-5.9.4-add-netgroups-functionality.patch
* net-snmp-5.9.4-fix-create-v3-user-outfile.patch
* net-snmp-5.9.4-fixed-python2-bindings.patch
* net-snmp-5.9.4-fix-Makefile.PL.patch
* net-snmp-5.9.4-modern-rpm-api.patch
* net-snmp-5.9.4-net-snmp-config-headercheck.patch
* net-snmp-5.9.4-perl-tk-warning.patch
* net-snmp-5.9.4-pie.patch
* net-snmp-5.9.4-snmpstatus-suppress-output.patch
* net-snmp-5.9.4-socket-path.patch
* net-snmp-5.9.4-subagent-set-response.patch
* net-snmp-5.9.4-suse-systemd-service-files.patch
* net-snmp-5.9.4-testing-empty-arptable.patch
delete (now part of v5.9.4):
* net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch
* net-snmp-5.9.3-grep.patch
delete (rename):
* net-snmp-5.9.1-add-lustre-fs-support.patch
* net-snmp-5.9.1-fix-Makefile.PL.patch
* net-snmp-5.9.1-modern-rpm-api.patch
* net-snmp-5.9.1-net-snmp-config-headercheck.patch
* net-snmp-5.9.1-perl-tk-warning.patch
* net-snmp-5.9.1-snmpstatus-suppress-output.patch
* net-snmp-5.9.1-socket-path.patch
* net-snmp-5.9.1-subagent-set-response.patch
* net-snmp-5.9.1-suse-systemd-service-files.patch
* net-snmp-5.9.1-testing-empty-arptable.patch
* net-snmp-5.9.1-velocity-mib.patch
* net-snmp-5.9.2-fix-create-v3-user-outfile.patch
* net-snmp-5.9.2-pie.patch
* net-snmp-5.9.3-fixed-python2-bindings.patch
- Removing legacy MIBs used by Velocity Software (jira#PED-6416).
- Re-add support for hostname netgroups that was removed accidentally and
previously added with FATE#316305 (bsc#1207697).
'@hostgroup' can be specified for multiple hosts
- Hardening systemd services setting "ProtectHome=true" caused home directory
size and allocation to be listed incorrectly (bsc#1206044).
add (rename):
* net-snmp-5.9.4-harden_snmpd.service.patch
* net-snmp-5.9.4-harden_snmptrapd.service.patch
delete (rename):
* net-snmp-5.9.1-harden_snmpd.service.patch
* net-snmp-5.9.1-harden_snmptrapd.service.patch
- logrotate should use reload instead of restart (bsc#1232030)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 5 11:49:22 UTC 2023 - Alexander Bergmann <abergmann@suse.com> Thu Jan 5 11:49:22 UTC 2023 - Alexander Bergmann <abergmann@suse.com>

View File

@ -1,51 +1,14 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFn1UdoBEADUagdPrU/tmcctszdv2JsrPotrNyD6mn3sXU3pJ2GdL83rMmRX mDMEZCtJmhYJKwYBBAHaRw8BAQdADrR3+vAhB8AXYe9RztKtuRKMRN1Dp/mQLqey
2vcNsJsyyJwPFnrBVTDPYfoCsD671ccW6JVC9QfPwpNQAJRuJCwZ50bpk3P/0DX2 Tg6X/Iq0P05ldC1TTk1QIEFkbWluaXN0cmF0b3JzIDxuZXQtc25tcC1hZG1pbnNA
0YjED6chUF+OnnsnA1CK8eDDJ58QlmDCCd/wiG20UcipwTnUd7w8MBCJ/Y8ly54w bGlzdHMuc291cmNlZm9yZ2UubmV0PoiZBBMWCgBBFiEEbmcYrvHrXGXDLRsqNWvA
M9DxYP2YuPKd3AGasINwPGOdhOIjb9xpmL4Wxgc5rYFCxugYfxFEKnvOmZ34EUiQ tVLVPKsFAmQrSZoCGwMFCRLMAwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
zj15LWpLSH1ZcP2CgbyrttODeftDbG/my4SMqCjINDcS1xI03h2UGsTOcR6816XU CgkQNWvAtVLVPKtF1wEAk1Cs77LtOWb34kjLiVfZU4/RtbjpzhJAbjczgQAzRLwB
tXTk/MLk8QKbX9CV2E80GSuPgolgH16tldGafwJ4rzasoorChefVovUsGoDf4nH+ AJSr6kJ2UgVgTar5Rtuyd9jFKiopH56h46IFG79XkvQIuDgEZCtJmhIKKwYBBAGX
2WwUB/ZR2hmOa2MLKqNeJQSJH06o7dMsanYrSA8TKeLL6Xv2Gr9372JoVGazVrLi VQEFAQEHQBOKL1xzf/uUQOqpRWR6CbbIpSc/aFDRxiF/o85gN78aAwEIB4h+BBgW
DnylUcn35/gsM6oQk4DtrPwiV71f3eJkQk8mC8xS43bdn9DzbVbxYlSIw9X8nMLj CgAmFiEEbmcYrvHrXGXDLRsqNWvAtVLVPKsFAmQrSZoCGwwFCRLMAwAACgkQNWvA
klHqnSm9+kIASud3YlV/tizR67Ph+Yh5nyxxZDZWLf9LUNgMdqc58LgmrXnrt9hk tVLVPKuwlwEAxpTW8jjFkZXqo7MKxbdI5tGUfvhOAbcBDZpzqpOyCGkBAOMY/Am/
AEVW4/MV3H/DTedLZA8aH/SWiyM3Z8+N5cUV82vBy4rGnkvMADWdrOnteizgnRLg oAfYd5+tds3nCWhlvYGX/NuIvplVZSzNhsEA
zgMGIvFH/UfzqhSJNFe/nk3ee4K9q5ZuWo5xwxwjvyIofPRAZ9wsYTGxZQARAQAB =lV4S
tD9OZXQtU05NUCBBZG1pbmlzdHJhdG9ycyA8bmV0LXNubXAtYWRtaW5zQGxpc3Rz
LnNvdXJjZWZvcmdlLm5ldD6JAj4EEwECACgFAln1UdoCGwMFCQlmAYAGCwkIBwMC
BhUIAgkKCwQWAgMBAh4BAheAAAoJEPB7nS2ssZ/WxqoP/3Ay9ECsxnHjYWN/tGo/
1cfnJLhCq3+eBmJL6nJDXFR/AiK0XmYZkoiOpWV9MU0lc40u+gkcOf44TL4q/q9v
P2PvH5wDZIXy9Kt3pKcFw6eUFQcwmta5ZZbGtbraCmsp2rZnU7RABnWkjVYoISZi
Y11G90mn1uOcGTtXLLb+hrWxaVeJZ5RZGFWmO9nbEr2+L1sX72e2U01c6SMOqQle
jUbz5vt6hq3hW+32oXpffaZ06M6QX4Vq5H66m5W3cZLZrbSCKDzmsXdvMJ5a8JG9
DQZ3SXbNLscQXDAHt8UKoc7GC6xd293j5RsiL+UMp08AAvn07rAIH+JLTtqJjt7J
b40K8RoHN5bQvXbmow3wXoyJCF4se+IgJEjnjhDZahwJvA4wZGVkzYQz70+dG79V
AdoDpkQJvk2Fp8FgknDqvnbPCZZmaI0k4RfULLZgbVBN24tf8utxK4hB7KUgAcO7
J31iP+hY6Xu1PQHp1AXEbxOJoj2OQ0RBPNnvF6xEr0/Qt3xdJgNN7RaDewttXcOe
klU9jl7NpFxEVjsZv8/yjp9oSOFnxLG8UPs+wAl+GLqzvkl0ArZu9xRfT82NfCMz
LoQpbu6QjRvDumiQfTropgJj+ekhfnn79W8ttPMpPJwhKSM5o9mHGDWXlHd6DaOt
jAXGa0MN8hVVmLKRpQp1fT3kuQINBFn1UdoBEADDmqitK1hnrTC94icxDwSdYuyR
D1Cq9wZSm40/Qpbr49/tAu2qWYadFaVzG+t3u6ELoYJkb31jEeBWmGZUGxWLxttP
Hja8cj2JSdI/qaQ0OeemxP4CHZucnxiEJ/g49dNbAxgoinq/wJewbU1GBHl0fInp
drZRAJdKB4/1bA1ILRWar29kQTMBsRX8OCBux+vYW1duDkvDD19I0FCH89dxAwsE
89KdMRc7nrrNRKNr9hG84V/GWvBib36amOHwPQlQVkYvVQ2J6GEa/juhpuKsWX2B
dxcYfGJQamXO7naaJySPGBzzGXkRmdrn7mOclqq4jwjNfWt9Tb3k3jfBW8sfUfKh
bXkvnLWr6l/ic1PkkxjPFuGJdfCYLPfXtNEgjn2Eg+EZ+t/H4T3w5CR9A/Kz91hv
pdGN4Np7gUMBftr+ZvRHGQn72KmMK+QqZuhu4NDfhIB7JtU8mR4LjEFHZL9rARs2
QrV6Xg+jcgzRtJu6YGieZTVkiYiMv/ujrCehMoX/h64xWKBodbaBu+XrXdYT79nB
B1BhtLcApq08Wj46KX49KwEmoWBPqJj3BjFC4UrcnjCvk1R8ZkBA/Jy4Yma0hSoL
wMjlotBIWbHSaE8XA+ASwq3CBn+6BDF/u6SoUYG2yvV0yvEMWQOfKsDXWD8P5yyK
PbG+Nl2MIylg2q2TNwARAQABiQIlBBgBAgAPBQJZ9VHaAhsMBQkJZgGAAAoJEPB7
nS2ssZ/WWPkQAJ7xUSSvNgUj441kKqrIgDMS0ZrVuwsuD8q95Y8juOR35QR1di0F
lPOhr6wSNIxAaJrUtmKsHWdAUwRGe+xQ0ab/sGht1U7loWUKwcunjNh16VE6m2cg
qEWg/InsPko8gBzBBiyRrY13lNWXoCPx3WX0ueNsFzlTOddIzOqClFEg8e5fhNHx
WAzwBrJOxtmmnhF17FKaZcHYScUNLE/okhsz4AZUUhj6PbSHfh4aLHLhh8//oArn
jQCQdIJngx8BqYOp8SNjyp6i6GNKnGP80J+sVRHtEAvcwiBDoJD7E1L47zBXkecY
8EfWHCopGue2kqMEUdtANKLHJS9b9EBRZwne4uXuq87/qTKzHQJlAs1xqpLPX5tr
0UzFNMxUnO5BD1XVEomuZBlloltRZ6DTbfTtog4wniDZLFWpfJZUu9vPJyvSj0Zc
7B3WAzj3IsSTy8KT8PKn7o0oZnLpQ2NQGKhhmp4ggrHuStf/t734SLiHgF17P5hK
LokQzwdMyyUhvdj3rVbEKItOKV8z/2j5qb+Og5W5YxcQGa4XaZykhr7C/jjwBAkR
2sZKQaHydhqZKqQ1cUCzzat69KtFwqhHPVxazEMrUqZdibW1jij8G8uGY6TAVi1b
iWL4rwllv1xTXnIA6LGu+gPHkk32ClNfgQyl2B5pulfGP0fvXBEmCKKH
=fpTJ
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

View File

@ -10,8 +10,8 @@
su root root su root root
sharedscripts sharedscripts
postrotate postrotate
/usr/bin/systemctl try-restart snmpd.service >/dev/null /usr/bin/systemctl try-reload-or-restart snmpd.service >/dev/null
/usr/bin/systemctl try-restart snmptrapd.service >/dev/null /usr/bin/systemctl try-reload-or-restart snmptrapd.service >/dev/null
endscript endscript
} }

View File

@ -30,7 +30,7 @@
%define libname libsnmp40 %define libname libsnmp40
%bcond_without python2 %bcond_without python2
Name: net-snmp Name: net-snmp
Version: 5.9.3 Version: 5.9.4
Release: 0 Release: 0
Summary: SNMP Daemon Summary: SNMP Daemon
License: BSD-3-Clause AND MIT License: BSD-3-Clause AND MIT
@ -48,24 +48,22 @@ Source11: snmptrapd.sysconfig
Source20: net-snmp-tmpfs.conf Source20: net-snmp-tmpfs.conf
Source98: net-snmp-rpmlintrc Source98: net-snmp-rpmlintrc
Source99: baselibs.conf Source99: baselibs.conf
Patch1: net-snmp-5.9.1-socket-path.patch Patch1: net-snmp-5.9.4-socket-path.patch
Patch2: net-snmp-5.9.1-testing-empty-arptable.patch Patch2: net-snmp-5.9.4-testing-empty-arptable.patch
Patch3: net-snmp-5.9.2-pie.patch Patch3: net-snmp-5.9.4-pie.patch
Patch4: net-snmp-5.9.1-net-snmp-config-headercheck.patch Patch4: net-snmp-5.9.4-net-snmp-config-headercheck.patch
Patch5: net-snmp-5.9.1-perl-tk-warning.patch Patch5: net-snmp-5.9.4-perl-tk-warning.patch
Patch6: net-snmp-5.9.1-velocity-mib.patch Patch6: net-snmp-5.9.4-snmpstatus-suppress-output.patch
Patch7: net-snmp-5.9.1-snmpstatus-suppress-output.patch Patch7: net-snmp-5.9.4-fix-Makefile.PL.patch
Patch8: net-snmp-5.9.1-fix-Makefile.PL.patch Patch8: net-snmp-5.9.4-modern-rpm-api.patch
Patch9: net-snmp-5.9.1-modern-rpm-api.patch Patch9: net-snmp-5.9.4-add-lustre-fs-support.patch
Patch10: net-snmp-5.9.1-add-lustre-fs-support.patch Patch10: net-snmp-5.9.4-harden_snmpd.service.patch
Patch11: net-snmp-5.9.1-harden_snmpd.service.patch Patch11: net-snmp-5.9.4-harden_snmptrapd.service.patch
Patch12: net-snmp-5.9.1-harden_snmptrapd.service.patch Patch12: net-snmp-5.9.4-suse-systemd-service-files.patch
Patch13: net-snmp-5.9.1-suse-systemd-service-files.patch Patch13: net-snmp-5.9.4-fix-create-v3-user-outfile.patch
Patch14: net-snmp-5.9.2-fix-create-v3-user-outfile.patch Patch14: net-snmp-5.9.4-subagent-set-response.patch
Patch15: net-snmp-5.9.1-subagent-set-response.patch Patch15: net-snmp-5.9.4-fixed-python2-bindings.patch
Patch16: net-snmp-5.9.3-fixed-python2-bindings.patch Patch16: net-snmp-5.9.4-add-netgroups-functionality.patch
Patch17: net-snmp-5.9.3-grep.patch
Patch18: net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch
BuildRequires: %{python_module devel} BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools} BuildRequires: %{python_module setuptools}
BuildRequires: autoconf BuildRequires: autoconf
@ -241,7 +239,7 @@ Net-SNMP toolkit library.
%autopatch -p1 %autopatch -p1
%build %build
MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \ MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib smux \
ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \ ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
ip-mib/ipDefaultRouterTable ip-mib/ipAddressPrefixTable \ ip-mib/ipDefaultRouterTable ip-mib/ipAddressPrefixTable \
ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \ ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \
@ -251,7 +249,6 @@ MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \
MIBS="$MIBS ucd-snmp/lmsensorsMib" MIBS="$MIBS ucd-snmp/lmsensorsMib"
%endif %endif
autoreconf -fvi
%configure \ %configure \
--with-sys-contact="root@localhost" \ --with-sys-contact="root@localhost" \
--with-sys-location="unknown" \ --with-sys-location="unknown" \
@ -279,9 +276,7 @@ autoreconf -fvi
--with-transports=TLSTCP,DTLSUDP \ --with-transports=TLSTCP,DTLSUDP \
--with-systemd \ --with-systemd \
--with-openssl \ --with-openssl \
--enable-blumenthal-aes \ --enable-blumenthal-aes
--disable-des \
--disable-md5
# Parallel build deps not properly stated # Parallel build deps not properly stated
%make_build -j1 %make_build -j1