pool/net-snmp
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
281727dba7
net-snmp/net-snmp-5.8-netgroups.patch

42 lines
2.6 KiB
Diff
Raw Normal View History

Accepting request 641283 from home:abergmann:branches:network:utilities - Update to net-snmp-5.8. Fixes included: * Fix remote DoS in agent/helpers/table.c (bsc#1111122, CVE-2018-18065) * Fix agentx freezing on timeout (bsc#1027353) * swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Rename and refactor patches and remove those that are already included inside the new version. Added: * net-snmp-5.8-socket-path.patch * net-snmp-5.8-testing-empty-arptable.patch * net-snmp-5.8-pie.patch * net-snmp-5.8-net-snmp-config-headercheck.patch * net-snmp-5.8-perl-tk-warning.patch * net-snmp-5.8-velocity-mib.patch * net-snmp-5.8-netgroups.patch * net-snmp-5.8-snmpstatus-suppress-output.patch * net-snmp-5.8-fix-Makefile.PL.patch * net-snmp-5.8-modern-rpm-api.patch * net-snmp-5.8-fix-python3.patch Removed: * net-snmp-5.7.3-socket-path.patch * net-snmp-5.7.3-testing-empty-arptable.patch * net-snmp-5.7.3-pie.patch * net-snmp-5.7.3-net-snmp-config-headercheck.patch * net-snmp-5.7.3-perl-tk-warning.patch * net-snmp-5.7.3-velocity-mib.patch * net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch * net-snmp-5.7.3-netgroups.patch * net-snmp-5.7.3-snmpstatus-suppress-output.patch OBS-URL: https://build.opensuse.org/request/show/641283 OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-snmp?expand=0&rev=16
2018-10-15 17:40:54 +02:00
diff -Nurp net-snmp-5.8-orig/configure.d/config_os_functions net-snmp-5.8/configure.d/config_os_functions
--- net-snmp-5.8-orig/configure.d/config_os_functions 2018-10-10 09:45:14.899075003 +0000
+++ net-snmp-5.8/configure.d/config_os_functions 2018-10-10 10:06:55.326988809 +0000
@@ -37,11 +37,12 @@ AC_CHECK_FUNCS([rand random srand sran
# Library:
AC_CHECK_FUNCS([asprintf ] dnl
- [closedir fgetc_unlocked flockfile ] dnl
- [fork funlockfile getipnodebyname ] dnl
- [gettimeofday if_nametoindex mkstemp ] dnl
- [opendir readdir regcomp ] dnl
- [setenv setitimer setlocale ] dnl
+ [closedir endnetgrent fgetc_unlocked ] dnl
+ [flockfile fork funlockfile ] dnl
+ [getipnodebyname getnetgrent gettimeofday ] dnl
+ [if_nametoindex mkstemp opendir ] dnl
+ [readdir regcomp setenv ] dnl
+ [setitimer setlocale setnetgrent ] dnl
[setsid snprintf strcasestr ] dnl
[strdup strerror strncasecmp ] dnl
[sysconf times vsnprintf ] )
diff -Nurp net-snmp-5.8-orig/man/snmpd.conf.5.def net-snmp-5.8/man/snmpd.conf.5.def
--- net-snmp-5.8-orig/man/snmpd.conf.5.def 2018-10-10 09:45:14.951075479 +0000
+++ net-snmp-5.8/man/snmpd.conf.5.def 2018-10-10 10:10:44.057084311 +0000
@@ -390,7 +390,15 @@ map an SNMPv1 or SNMPv2c community strin
a particular range of source addresses, or globally (\fI"default"\fR).
A restricted source can either be a specific hostname (or address), or
a subnet - represented as IP/MASK (e.g. 10.10.10.0/255.255.255.0), or
-IP/BITS (e.g. 10.10.10.0/24), or the IPv6 equivalents.
+IP/BITS (e.g. 10.10.10.0/24), or the IPv6 equivalents. It is also possible
+to reference a specific \fInetgroup\fR starting with an '@' character (e.g.
+@adminhosts). The \fInetgroup\fR lookup is running through the NSS (Name
+Services Switch) making it possible to define the group locally or via
+NIS/LDAP.
+.IP
+Note: The hostname DNS lookup and \fInetgroup\fR resolution is done only
+during snmpd start or reload.
+.IP
A restriction preceded by an exclamation mark (!) denies access from
that address or subnet, e.g., !10.10.10.0/24 denies requests from
that sources in that subnet. Deny restrictions must be before
Reference in New Issue Copy Permalink