pool/net-snmp
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1118370 from home:abergmann:net-snmp-5.9.4:net-snmp-network-utilities

Browse Source 
- Update to net-snmp-5.9.4 (bsc#1214364).
- Removing legacy MIBs used by Velocity Software (jira#PED-6416).
- Re-add support for hostname netgroups that was removed accidentally and
  previously added with FATE#316305 (bsc#1207697).
  '@hostgroup' can be specified for multiple hosts
- Hardening systemd services setting "ProtectHome=true" caused home directory
  size and allocation to be listed incorrectly (bsc#1206044).

OBS-URL: https://build.opensuse.org/request/show/1118370
OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-snmp?expand=0&rev=59
This commit is contained in:
Marcus Meissner 2023-10-19 08:41:14 +00:00 committed by Git OBS Bridge
parent 4d3e9392db
commit 529de9b9f0
26 changed files with 496 additions and 3900 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3373
net-snmp-5.9.1-velocity-mib.patch
View File

File diff suppressed because it is too large Load Diff

94
net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch
View File

@ -1,94 +0,0 @@
diff -Nurp net-snmp-5.9.3-orig/agent/snmp_agent.c net-snmp-5.9.3/agent/snmp_agent.c
--- net-snmp-5.9.3-orig/agent/snmp_agent.c 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/agent/snmp_agent.c 2023-01-05 12:44:03.533604744 +0100
@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_ses
return 1;
}
+static int
+check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
+{
+ int i;
+ netsnmp_variable_list *v = NULL;
+
+ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
+ if (v->type == ASN_NULL) {
+ /*
+ * Protect SET implementations that do not protect themselves
+ * against wrong type.
+ */
+ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
+ asp->index = i;
+ return SNMP_ERR_WRONGTYPE;
+ }
+ }
+ return SNMP_ERR_NOERROR;
+}
+
int
handle_pdu(netsnmp_agent_session *asp)
{
int status, inclusives = 0;
netsnmp_variable_list *v = NULL;
+#ifndef NETSNMP_NO_WRITE_SUPPORT
+ /*
+ * Check for ASN_NULL in SET request
+ */
+ if (asp->pdu->command == SNMP_MSG_SET) {
+ status = check_set_pdu_for_null_varbind(asp);
+ if (status != SNMP_ERR_NOERROR) {
+ return status;
+ }
+ }
+#endif /* NETSNMP_NO_WRITE_SUPPORT */
+
/*
* for illegal requests, mark all nodes as ASN_NULL
*/
diff -Nurp net-snmp-5.9.3-orig/apps/snmpset.c net-snmp-5.9.3/apps/snmpset.c
--- net-snmp-5.9.3-orig/apps/snmpset.c 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/apps/snmpset.c 2023-01-05 12:44:06.377533268 +0100
@@ -182,6 +182,7 @@ main(int argc, char *argv[])
case 'x':
case 'd':
case 'b':
+ case 'n': /* undocumented */
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
case 'I':
case 'U':
diff -Nurp net-snmp-5.9.3-orig/testing/fulltests/default/T0142snmpv2csetnull_simple net-snmp-5.9.3/testing/fulltests/default/T0142snmpv2csetnull_simple
--- net-snmp-5.9.3-orig/testing/fulltests/default/T0142snmpv2csetnull_simple 1970-01-01 01:00:00.000000000 +0100
+++ net-snmp-5.9.3/testing/fulltests/default/T0142snmpv2csetnull_simple 2023-01-05 12:44:08.701474860 +0100
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+. ../support/simple_eval_tools.sh
+
+HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
+
+SKIPIF NETSNMP_DISABLE_SET_SUPPORT
+SKIPIF NETSNMP_NO_WRITE_SUPPORT
+SKIPIF NETSNMP_DISABLE_SNMPV2C
+SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
+
+#
+# Begin test
+#
+
+# standard V2C configuration: testcomunnity
+snmp_write_access='all'
+. ./Sv2cconfig
+STARTAGENT
+
+CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
+
+CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
+
+CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
+
+CHECK "Reason: wrongType"
+
+STOPAGENT
+
+FINISHED

333
net-snmp-5.9.3-grep.patch
View File

@ -1,333 +0,0 @@
From 011de0e8fce88702619ba78cc80c900991a8e036 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:10:38 +0200
Subject: [PATCH 02/10] configure: change use of fgrep to AC detected tool
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -F
[ bvanassche: regenerated configure script ]
---
configure | 4 ++--
configure.d/config_modules_agent | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure b/configure
index 727164eb7..65b99c020 100755
--- a/configure
+++ b/configure
@@ -22257,8 +22257,8 @@ $as_echo "$NETSNMP_DEFAULT_MIBS" >&6; }
#
if echo " $agent_module_list " | \
- fgrep ' agentx/agentx_config ' | \
- fgrep ' agentx/protocol ' > /dev/null ; then
+ $FGREP ' agentx/agentx_config ' | \
+ $FGREP ' agentx/protocol ' > /dev/null ; then
NETSNMP_HAVE_AGENTX_LIBS_TRUE=''
NETSNMP_HAVE_AGENTX_LIBS_FALSE='#'
else
diff --git a/configure.d/config_modules_agent b/configure.d/config_modules_agent
index 1132da8d9..0169749d9 100644
--- a/configure.d/config_modules_agent
+++ b/configure.d/config_modules_agent
@@ -814,8 +814,8 @@ AC_MSG_RESULT($NETSNMP_DEFAULT_MIBS)
#
if echo " $agent_module_list " | \
- fgrep ' agentx/agentx_config ' | \
- fgrep ' agentx/protocol ' > /dev/null ; then
+ $FGREP ' agentx/agentx_config ' | \
+ $FGREP ' agentx/protocol ' > /dev/null ; then
NETSNMP_HAVE_AGENTX_LIBS_TRUE=''
NETSNMP_HAVE_AGENTX_LIBS_FALSE='#'
else
--
2.37.3
From 5ae5ad5234a8e0ef3661fe3ec3c77ae57b156bf5 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:34:17 +0200
Subject: [PATCH 03/10] Makefile.in: change use of egrep to AC detected tool
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -E
---
Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.in b/Makefile.in
index 9b0f0dbac..9fe3781e5 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -119,7 +119,7 @@ agentxtrap snmptrapd: @FEATURETARGS@
# local build rules
#
sedscript: sedscript.in include/net-snmp/net-snmp-config.h $(srcdir)/agent/mibgroup/mibdefs.h
- $(CPP) $(srcdir)/sedscript.in | egrep '^s[/#]' | sed 's/REMOVEME//g;s# */#/#g;s/ *#/#/g;s#/ *#/#g;s/# g/#g/;' > sedscript
+ $(CPP) $(srcdir)/sedscript.in | ${EGREP} '^s[/#]' | sed 's/REMOVEME//g;s# */#/#g;s/ *#/#/g;s#/ *#/#g;s/# g/#g/;' > sedscript
echo 's/VERSIONINFO/$(VERSION)/g' >> sedscript
echo 's#DATADIR#$(datadir)#g' >> sedscript
echo 's#LIBDIR#$(libdir)#g' >> sedscript
--
2.37.3
From 9a577171ce728b97aeb42c455f5d09a2c3e2b51f Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:35:22 +0200
Subject: [PATCH 04/10] dist: update instructions and scripts to use grep -E
GNU grep 3.8 started throwing warnings for direct usage of egrep,
deprecating it in favour of grep -E
---
dist/RELEASE-INSTRUCTIONS | 2 +-
dist/makerelease.xml | 4 ++--
dist/net-snmp-solaris-build/buildpackage-solaris | 2 +-
dist/nsb-functions | 4 ++--
dist/patme | 2 +-
5 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/dist/RELEASE-INSTRUCTIONS b/dist/RELEASE-INSTRUCTIONS
index 032a0c92e..a38e46a6d 100644
--- a/dist/RELEASE-INSTRUCTIONS
+++ b/dist/RELEASE-INSTRUCTIONS
@@ -87,7 +87,7 @@ STEP: 1.6: Check for changes
Commands to execute:
- svn -u status | egrep '^[^\?]'
+ svn -u status | grep -E '^[^\?]'
(Leaving Step: 1)
diff --git a/dist/makerelease.xml b/dist/makerelease.xml
index 0494fd098..f3c8bfa0e 100644
--- a/dist/makerelease.xml
+++ b/dist/makerelease.xml
@@ -21,7 +21,7 @@
them before continuing!
</text>
<commands>
- <command expectfailure="1">find . -name 'net-snmp-5*' | egrep '^[^\?]'</command>
+ <command expectfailure="1">find . -name 'net-snmp-5*' | grep -E '^[^\?]'</command>
</commands>
</step>
<step type="system" title="Setup Check">
@@ -130,7 +130,7 @@
this step finds outstanding modified files you need to check
them in or revert them before continuing!</text>
<commands>
- <command expectfailure="1">git status --porcelain | egrep '^[^\?]'</command>
+ <command expectfailure="1">git status --porcelain | grep -E '^[^\?]'</command>
</commands>
</step>
</steps>
diff --git a/dist/net-snmp-solaris-build/buildpackage-solaris b/dist/net-snmp-solaris-build/buildpackage-solaris
index 31f4f0c0e..72971111a 100644
--- a/dist/net-snmp-solaris-build/buildpackage-solaris
+++ b/dist/net-snmp-solaris-build/buildpackage-solaris
@@ -94,7 +94,7 @@ f snmp /etc/init.d/snmpd=./snmpd-init.d 0755 root sys
==
pkgproto -c snmp $TMP=/ |\
-egrep -v '^d .* / |^d .* /var |^d .* /opt |^ .*perllocal.pod=' |\
+grep -E -v '^d .* / |^d .* /var |^d .* /opt |^ .*perllocal.pod=' |\
sed -e "s/ $owner $group\$//" >> prototype || exit $?
# and ignore top level directories (must pre-exist)
diff --git a/dist/nsb-functions b/dist/nsb-functions
index 4865cc28a..f42a527a8 100644
--- a/dist/nsb-functions
+++ b/dist/nsb-functions
@@ -364,10 +364,10 @@ nsb_make()
# checking $? would only get us the rc from tee, which is useless
nsb_info "Checking for errors..."
- egrep -i "error|fail|warn|no such|exists|t find |ermission denied" $nsb_make_OUTPUT \
+ grep -E -i "error|fail|warn|no such|exists|t find |ermission denied" $nsb_make_OUTPUT \
> nsb_make-$target-allerrs.$NSB_DATE
# allow for a few exceptions
- egrep -v -i "^ok|testing .*failure|[a-z&_](fail|error)|warn|error(mib|\.3)|(LOG|SNMP)_ERR|In function|= FAILURE|DEBUGMSG|/\*|static library .* is not portable" nsb_make-$target-allerrs.$NSB_DATE \
+ grep -E -v -i "^ok|testing .*failure|[a-z&_](fail|error)|warn|error(mib|\.3)|(LOG|SNMP)_ERR|In function|= FAILURE|DEBUGMSG|/\*|static library .* is not portable" nsb_make-$target-allerrs.$NSB_DATE \
> nsb_make-$target-errs.$NSB_DATE
if [ -s nsb_make-$target-errs.$NSB_DATE ]; then
nsb_prompt "press enter to view errors"
diff --git a/dist/patme b/dist/patme
index 0fd50ee4a..6e62c80f9 100755
--- a/dist/patme
+++ b/dist/patme
@@ -101,7 +101,7 @@ sub load_primaries {
patch_info =>
qw_primary('check','Checking code directory status:', '',
[qw_paragraph('patch pieces:',
- sub { capture("egrep '^(---|\\+\\+\\+)' " .
+ sub { capture("grep -E '^(---|\\+\\+\\+)' " .
qwparam('patchfile'))},
width => 80,
height => 30),
--
2.37.3
From 1023b76d53a279d44fa0629c1fd3a3b82d39eb42 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:36:57 +0200
Subject: [PATCH 05/10] local: convert direct usage of egrep to grep -E
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -E
[ bvanassche: changed one occurrence of egrep into grep -F instead of grep ]
---
local/gittools/shell-functions | 6 +++---
local/mib2c-update | 4 ++--
local/minimalist/feature-remove | 6 +++---
local/snmp-ucd.sh | 2 +-
4 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/local/gittools/shell-functions b/local/gittools/shell-functions
index eafcbfdb4..0b09df323 100644
--- a/local/gittools/shell-functions
+++ b/local/gittools/shell-functions
@@ -26,7 +26,7 @@ _ns_switchtobuilddir () {
_ns_getbuilddir() {
nssuffix=${1:-$nssuffix}
- nsbranch=`git branch | egrep '^\*' | sed 's/^..//'`
+ nsbranch=`git branch | grep -E '^\*' | sed 's/^..//'`
NSBUILDDIR="$nsbuildroot/$nsbranch"
NSSRCDIR="$PWD"
@@ -334,7 +334,7 @@ nsrollup() {
fi
if [ -f dist/release ] ; then
- if [ "`egrep ^$branch dist/release`" = "$branch rc" ] ; then
+ if [ "`grep -E ^$branch dist/release`" = "$branch rc" ] ; then
$nsverbose Skipping: branch is in rc phase of release
nsbranchesnotdone="$nsbranchesnotdone $branch"
@@ -411,7 +411,7 @@ nsrollup() {
}
nspull() {
- nscurrentbranch=`git branch | egrep '^\*' | sed 's/^..//'`
+ nscurrentbranch=`git branch | grep -E '^\*' | sed 's/^..//'`
_ns_checkclean
if [ $NSCLEAN != 1 ]; then
return
diff --git a/local/mib2c-update b/local/mib2c-update
index 4282f3332..5fe5fd33d 100755
--- a/local/mib2c-update
+++ b/local/mib2c-update
@@ -157,7 +157,7 @@ do_cp()
die "src $src is not a directory"
fi
safecd "$src"
- files=`ls ./*"$UPDATE_OID"* 2>/dev/null| egrep "(file|onf|m2d|txt|\.c|\.h)$"`
+ files=`ls ./*"$UPDATE_OID"* 2>/dev/null| grep -E "(file|onf|m2d|txt|\.c|\.h)$"`
if [ -z "$files" ]; then
echo " no files to copy from $src"
else
@@ -174,7 +174,7 @@ do_cp()
save_diff()
{
echo "Creating patch for your custom code"
- cnt=`ls ./"$UPDATE_CURR/"*"$UPDATE_OID"* 2>/dev/null | egrep "(file|onf|m2d|txt|\.c|\.h)$" | wc -l`
+ cnt=`ls ./"$UPDATE_CURR/"*"$UPDATE_OID"* 2>/dev/null | grep -E "(file|onf|m2d|txt|\.c|\.h)$" | wc -l`
if [ "$cnt" -eq 0 ]; then
echo " no custom code!"
FIRST_RUN=1
diff --git a/local/minimalist/feature-remove b/local/minimalist/feature-remove
index aae340d93..504f26e0b 100755
--- a/local/minimalist/feature-remove
+++ b/local/minimalist/feature-remove
@@ -99,15 +99,15 @@ for i in `grep NETSNMP_FEATURE_PROVIDE_ $featureheaderin | sed 's/.*FEATURE_PROV
#
# check to see if something required a parent
#
- elif egrep NETSNMP_FEATURE_${i}_CHILD_OF $featureheaderglobal > /dev/null ; then
- parentnames=`egrep NETSNMP_FEATURE_${i}_CHILD_OF $featureheaderglobal | sed 's/.*CHILD_OF_//;s/ .*//;'`
+ elif grep -E NETSNMP_FEATURE_${i}_CHILD_OF $featureheaderglobal > /dev/null ; then
+ parentnames=`grep -E NETSNMP_FEATURE_${i}_CHILD_OF $featureheaderglobal | sed 's/.*CHILD_OF_//;s/ .*//;'`
foundone=0
for parentname in $parentnames ; do
# if the parent was desired, then we are too:
if test $foundone = 0 ; then
- if egrep "NETSNMP_FEATURE_HAS_${parentname} " $featureheader > /dev/null ; then
+ if grep -E "NETSNMP_FEATURE_HAS_${parentname} " $featureheader > /dev/null ; then
echo "#define NETSNMP_FEATURE_HAS_$i 1" >> $featureheader
haslist="${haslist}${i} "
foundone=1
diff --git a/local/snmp-ucd.sh b/local/snmp-ucd.sh
index 7d16b746a..98d4094d0 100755
--- a/local/snmp-ucd.sh
+++ b/local/snmp-ucd.sh
@@ -60,7 +60,7 @@ killproc() { # <program> [signal]
#
pid=`pidofproc $base 2>/dev/null`
[ -z "$pid" ] && {
- pid=`ps $PSARGS | egrep $base | egrep -v egrep | egrep -v $0 | awk '{ print $2 }'`;
+ pid=`ps $PSARGS | grep -F "$base" | grep -v grep | grep -v $0 | awk '{ print $2 }'`;
}
[ -z "$pid" ] && {
echo "`basename $0`: killproc: Could not find process ID."
--
2.37.3
From 2b048bbe20d0e17ed6091c7ee75abc78e27423b5 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:38:37 +0200
Subject: [PATCH 06/10] net-snmp-create-v3-user: convert egrep to grep -E
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -E
---
net-snmp-create-v3-user.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 19895a178..87121b9a1 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -3,7 +3,7 @@
# this shell script is designed to add new SNMPv3 users
# to Net-SNMP config file.
-if @PSCMD@ | egrep ' snmpd *$' > /dev/null 2>&1 ; then
+if @PSCMD@ | @EGREP@ ' snmpd *$' > /dev/null 2>&1 ; then
echo "Apparently at least one snmpd demon is already running."
echo "You must stop them in order to use this command."
exit 1
--
2.37.3
From bc314524507e39cc283904e69d2a670e1ee7a6be Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Sun, 2 Oct 2022 16:39:57 +0200
Subject: [PATCH 07/10] testing/fulltests/support/simple_eval_tools.sh: egrep
to grep -E
GNU grep 3.8 started throwing warnings for direct usage,
deprecating it in favour of grep -E
---
testing/fulltests/support/simple_eval_tools.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/testing/fulltests/support/simple_eval_tools.sh b/testing/fulltests/support/simple_eval_tools.sh
index 4b2178618..858c20f75 100644
--- a/testing/fulltests/support/simple_eval_tools.sh
+++ b/testing/fulltests/support/simple_eval_tools.sh
@@ -474,7 +474,7 @@ CHECKANDDIE() {
# Returns: Count of matched lines.
#
CHECKEXACT() { # <pattern_to_match_exactly>
- rval=`egrep -c "^$*\$|^$*[^a-zA-Z0-9_]|[^a-zA-Z0-9_]$*\$|[^a-zA-Z0-9_]$*[^a-zA-Z0-9_]" "$junkoutputfile" 2>/dev/null`
+ rval=`grep -E -c "^$*\$|^$*[^a-zA-Z0-9_]|[^a-zA-Z0-9_]$*\$|[^a-zA-Z0-9_]$*[^a-zA-Z0-9_]" "$junkoutputfile" 2>/dev/null`
snmp_last_test_result=$rval
EXPECTRESULT 1 # default
return $rval
--
2.37.3

BIN
net-snmp-5.9.3.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

16
net-snmp-5.9.3.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAmLPNbAACgkQ8HudLayx
n9ZoYRAAutAiZ4PzrWLkK2OUssCCbacKd+mswSuPsDOGe9OiJLedXGvI2+0iApba
avm3QZUDVID4LbHlNNHZxUWjQbCfl994pu5N0RHbJUZL9lLunkUDKZHv7AY/UCc4
cb35s0n8OTPpud7q3z+T1cmFV4C/mXaji2f/CAHu4biWqT1SUE3eMADgT/9hxJES
0wEk1vVus0Y7qj6J2WQ5TepmuTwMB22ynWs1ffIxSrGtMm7YRigblCeNwCwXEeMY
vdwoxeTNAloJB6xzcjJ9sHYU6fHdlghNg1fwJZ/F6zAiVeRSij/jvNNWYVMYnsuC
Nwqa2RnhQv/OzIqyjo5rn/h7X0WI5XXT4x1XQQzOCKr4nb2tPYl+Me3sT/56nMRU
nUJK8Mak+0ygt0FUeRv5UUsWryXZyoDNxbF+fBxR2/S9RWGaSliIddld9KSImAYW
Y6EO71tqYX137jJ0/KcXF7BOVZ8EvEkVcaphz236vYJoa15XgDm1MEg92Dv2QFtU
CevMidbtMew0+9LxI3ZpAasGlbzC1t7WO/iKgHtGku67Ke+n+eB95ZYnTkCPLEtd
185Ln5ZylhvHpMvYrxDhIEiKvDyTO/lefN/ovLwhQNNmDtUntiKvQh5jdiFwos4/
RxhzVnVdGGKSfLXwfZakU4QACfL/5YxxPtm/6h05dy/TIflZWAA=
=nlF8
-----END PGP SIGNATURE-----

0
net-snmp-5.9.1-add-lustre-fs-support.patch → net-snmp-5.9.4-add-lustre-fs-support.patch
View File

402
net-snmp-5.9.4-add-netgroups-functionality.patch Normal file
View File

@ -0,0 +1,402 @@
commit d047b54f874f392f97ffce8d51f49729e1c78225
Author: Alexander Bergmann <abergmann@suse.com>
Date: Fri Mar 10 15:23:35 2023 +0100
Create sub-function to parse source address and network mask
Function netsnmp_udp_resolve_source was introduced to handle the source
address and network mask parsing into in_addr structures.
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index 2724cf2191..3ad33d4bc5 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -98,6 +98,58 @@ netsnmp_udp_fmtaddr(netsnmp_transport *t, const void *data, int len)
return netsnmp_ipv4_fmtaddr("UDP", t, data, len);
}
+static int
+netsnmp_udp_resolve_source(char *source, struct in_addr *network,
+ struct in_addr *mask)
+{
+ /* Split the source/netmask parts */
+ char *strmask = strchr(source, '/');
+ if (strmask != NULL)
+ /* Mask given. */
+ *strmask++ = '\0';
+
+ /* Try interpreting as a dotted quad. */
+ if (inet_pton(AF_INET, source, network) == 0) {
+ /* Nope, wasn't a dotted quad. Must be a hostname. */
+ int ret = netsnmp_gethostbyname_v4(source, &(network->s_addr));
+ if (ret < 0) {
+ config_perror("cannot resolve source hostname");
+ return ret;
+ }
+ }
+
+ /* Now work out the mask. */
+ if (strmask == NULL || *strmask == '\0') {
+ /* No mask was given. Assume /32 */
+ mask->s_addr = (in_addr_t)(~0UL);
+ } else {
+ /* Try to interpret mask as a "number of 1 bits". */
+ char* cp;
+ long maskLen = strtol(strmask, &cp, 10);
+ if (*cp == '\0') {
+ if (0 < maskLen && maskLen <= 32)
+ mask->s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen)));
+ else if (maskLen == 0)
+ mask->s_addr = 0;
+ else {
+ config_perror("bad mask length");
+ return -1;
+ }
+ }
+ /* Try to interpret mask as a dotted quad. */
+ else if (inet_pton(AF_INET, strmask, mask) == 0) {
+ config_perror("bad mask");
+ return -1;
+ }
+
+ /* Check that the network and mask are consistent. */
+ if (network->s_addr & ~mask->s_addr) {
+ config_perror("source/mask mismatch");
+ return -1;
+ }
+ }
+ return 0;
+}
#if defined(HAVE_IP_PKTINFO) || (defined(HAVE_IP_RECVDSTADDR) && defined(HAVE_IP_SENDSRCADDR))
@@ -375,52 +427,10 @@ netsnmp_udp_parse_security(const char *token, char *param)
negate = 0;
sourcep = source;
}
-
- /* Split the source/netmask parts */
- strmask = strchr(sourcep, '/');
- if (strmask != NULL)
- /* Mask given. */
- *strmask++ = '\0';
-
- /* Try interpreting as a dotted quad. */
- if (inet_pton(AF_INET, sourcep, &network) == 0) {
- /* Nope, wasn't a dotted quad. Must be a hostname. */
- int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
- if (ret < 0) {
- config_perror("cannot resolve IPv4 source hostname");
- return;
- }
- }
-
- /* Now work out the mask. */
- if (strmask == NULL || *strmask == '\0') {
- /* No mask was given. Assume /32 */
- mask.s_addr = (in_addr_t)(~0UL);
- } else {
- /* Try to interpret mask as a "number of 1 bits". */
- char* cp;
- long maskLen = strtol(strmask, &cp, 10);
- if (*cp == '\0') {
- if (0 < maskLen && maskLen <= 32)
- mask.s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen)));
- else if (0 == maskLen)
- mask.s_addr = 0;
- else {
- config_perror("bad mask length");
- return;
- }
- }
- /* Try to interpret mask as a dotted quad. */
- else if (inet_pton(AF_INET, strmask, &mask) == 0) {
- config_perror("bad mask");
- return;
- }
-
- /* Check that the network and mask are consistent. */
- if (network.s_addr & ~mask.s_addr) {
- config_perror("source/mask mismatch");
- return;
- }
+ /* Parse source address and network mask. */
+ if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) {
+ config_perror("source address/network mask parsing issue");
+ return;
}
}
commit a2559914d8d8132f155a81c0852cbbd2090d2d40
Author: Alexander Bergmann <abergmann@suse.com>
Date: Fri Mar 10 15:25:10 2023 +0100
Create sub-function to check the com2SecEntry_create return code
The return code interpretation of the netsnmp_udp_com2SecEntry_create
function is now done inside a new sub-function.
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index 3ad33d4bc5..5904a1b423 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -346,6 +346,33 @@ netsnmp_udp_com2SecEntry_create(com2SecEntry **entryp, const char *community,
return C2SE_ERR_SUCCESS;
}
+void
+netsnmp_udp_com2SecEntry_check_return_code(int rc)
+{
+ /*
+ * Check return code of the newly created com2Sec entry.
+ */
+ switch(rc) {
+ case C2SE_ERR_SUCCESS:
+ break;
+ case C2SE_ERR_CONTEXT_TOO_LONG:
+ config_perror("context name too long");
+ break;
+ case C2SE_ERR_COMMUNITY_TOO_LONG:
+ config_perror("community name too long");
+ break;
+ case C2SE_ERR_SECNAME_TOO_LONG:
+ config_perror("security name too long");
+ break;
+ case C2SE_ERR_MASK_MISMATCH:
+ config_perror("source/mask mismatch");
+ break;
+ case C2SE_ERR_MISSING_ARG:
+ default:
+ config_perror("unexpected error; could not create com2SecEntry");
+ }
+}
+
void
netsnmp_udp_parse_security(const char *token, char *param)
{
@@ -440,25 +467,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
*/
rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
&network, &mask, negate);
- switch(rc) {
- case C2SE_ERR_SUCCESS:
- break;
- case C2SE_ERR_CONTEXT_TOO_LONG:
- config_perror("context name too long");
- break;
- case C2SE_ERR_COMMUNITY_TOO_LONG:
- config_perror("community name too long");
- break;
- case C2SE_ERR_SECNAME_TOO_LONG:
- config_perror("security name too long");
- break;
- case C2SE_ERR_MASK_MISMATCH:
- config_perror("source/mask mismatch");
- break;
- case C2SE_ERR_MISSING_ARG:
- default:
- config_perror("unexpected error; could not create com2SecEntry");
- }
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
}
void
commit 20e2bb7d75c391f5cfde1eb8b8676aff68f3a5f5
Author: Alexander Bergmann <abergmann@suse.com>
Date: Fri Mar 10 15:31:41 2023 +0100
Add '@' netgroup functionality
Allow access control via netgroups defined in /etc/netgroup or NIS/LDAP
via the '@' sign inside the configuration file. Same as IP addresses and
host names.
diff --git a/configure b/configure
index 575b60c4d2..82414664cf 100755
--- a/configure
+++ b/configure
@@ -31221,6 +31221,12 @@ if test "x$ac_cv_func_closedir" = xyes
then :
printf "%s\n" "#define HAVE_CLOSEDIR 1" >>confdefs.h
+fi
+ac_fn_c_check_func "$LINENO" "endnetgrent" "ac_cv_func_endnetgrent"
+if test "x$ac_cv_func_endnetgrent" = xyes
+then :
+ printf "%s\n" "#define HAVE_ENDNETGRENT 1" >>confdefs.h
+
fi
ac_fn_c_check_func "$LINENO" "fgetc_unlocked" "ac_cv_func_fgetc_unlocked"
if test "x$ac_cv_func_fgetc_unlocked" = xyes
@@ -31257,6 +31263,12 @@ if test "x$ac_cv_func_getlogin" = xyes
then :
printf "%s\n" "#define HAVE_GETLOGIN 1" >>confdefs.h
+fi
+ac_fn_c_check_func "$LINENO" "getnetgrent" "ac_cv_func_getnetgrent"
+if test "x$ac_cv_func_getnetgrent" = xyes
+then :
+ printf "%s\n" "#define HAVE_GETNETGRENT 1" >>confdefs.h
+
fi
ac_fn_c_check_func "$LINENO" "if_nametoindex" "ac_cv_func_if_nametoindex"
if test "x$ac_cv_func_if_nametoindex" = xyes
@@ -31305,6 +31317,12 @@ if test "x$ac_cv_func_setlocale" = xyes
then :
printf "%s\n" "#define HAVE_SETLOCALE 1" >>confdefs.h
+fi
+ac_fn_c_check_func "$LINENO" "setnetgrent" "ac_cv_func_setnetgrent"
+if test "x$ac_cv_func_setnetgrent" = xyes
+then :
+ printf "%s\n" "#define HAVE_SETNETGRENT 1" >>confdefs.h
+
fi
ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid"
if test "x$ac_cv_func_setsid" = xyes
diff --git a/configure.d/config_os_functions b/configure.d/config_os_functions
index b921f8cd7b..0915928e21 100644
--- a/configure.d/config_os_functions
+++ b/configure.d/config_os_functions
@@ -25,12 +25,14 @@ AC_TYPE_SIGNAL
AC_CHECK_FUNCS([rand random srand srandom lrand48 srand48])
# Library:
-AC_CHECK_FUNCS([asprintf closedir fgetc_unlocked ] dnl
+AC_CHECK_FUNCS([asprintf closedir endnetgrent ] dnl
+ [fgetc_unlocked ] dnl
[flockfile funlockfile getipnodebyname ] dnl
- [gettimeofday getlogin ] dnl
+ [gettimeofday getlogin getnetgrent ] dnl
[if_nametoindex mkstemp ] dnl
[opendir readdir regcomp ] dnl
[setenv setitimer setlocale ] dnl
+ [setnetgrent ] dnl
[setsid snprintf strcasestr ] dnl
[strdup strerror strncasecmp ] dnl
[sysconf times vsnprintf ] )
diff --git a/include/net-snmp/net-snmp-config.h.in b/include/net-snmp/net-snmp-config.h.in
index 89b2ca116d..5efbf12400 100644
--- a/include/net-snmp/net-snmp-config.h.in
+++ b/include/net-snmp/net-snmp-config.h.in
@@ -183,6 +183,9 @@
/* Define to 1 if you have the `endfsent' function. */
#undef HAVE_ENDFSENT
+/* Define to 1 if you have the `endnetgrent' function. */
+#undef HAVE_ENDNETGRENT
+
/* Define to 1 if you have the `ERR_get_error_all' function. */
#undef HAVE_ERR_GET_ERROR_ALL
@@ -294,6 +297,9 @@
/* Define to 1 if you have the `getmntinfo' function. */
#undef HAVE_GETMNTINFO
+/* Define to 1 if you have the `getnetgrent' function. */
+#undef HAVE_GETNETGRENT
+
/* Define to 1 if you have the `getopt' function. */
#undef HAVE_GETOPT
@@ -883,6 +889,9 @@
/* Define to 1 if you have the `setmntent' function. */
#undef HAVE_SETMNTENT
+/* Define to 1 if you have the `setnetgrent' function. */
+#undef HAVE_SETNETGRENT
+
/* Define to 1 if you have the `setsid' function. */
#undef HAVE_SETSID
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
index 2a9abd5b51..6060ed51d1 100644
--- a/man/snmpd.conf.5.def
+++ b/man/snmpd.conf.5.def
@@ -434,6 +434,14 @@ com2sec sec1 10.0.0.0/8 public
.IP
Access from outside of 10.0.0.0/8 would still be denied.
.IP
+It is also possible to reference a specific \fInetgroup\fR starting with an
+'@' character (e.g. @adminhosts). The \fInetgroup\fR lookup is running
+through the NSS (Name Services Switch) making it possible to define the
+group locally or via NIS/LDAP.
+.IP
+Note: The hostname DNS lookup and \fInetgroup\fR resolution is done only
+during snmpd start or reload.
+.IP
The same community string can be specified in several separate directives
(presumably with different source tokens), and the first source/community
combination that matches the incoming request will be selected.
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index 5904a1b423..8f98398704 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -445,6 +445,10 @@ netsnmp_udp_parse_security(const char *token, char *param)
network.s_addr = 0;
mask.s_addr = 0;
negate = 0;
+ /* Create a new com2Sec entry. */
+ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+ &network, &mask, negate);
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
} else {
char *strmask;
if (*source == '!') {
@@ -454,20 +458,44 @@ netsnmp_udp_parse_security(const char *token, char *param)
negate = 0;
sourcep = source;
}
- /* Parse source address and network mask. */
- if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) {
- config_perror("source address/network mask parsing issue");
- return;
+#if HAVE_ENDNETGRENT && HAVE_GETNETGRENT && HAVE_SETNETGRENT
+ /* Interpret as netgroup */
+ if (*sourcep == '@') {
+ char *netgroup = sourcep+1;
+ char *host, *user, *domain;
+ if(setnetgrent(netgroup)) {
+ while (getnetgrent(&host, &user, &domain)) {
+ /* Parse source address and network mask for each netgroup host. */
+ if (netsnmp_udp_resolve_source(host, &network, &mask) == 0) {
+ /* Create a new com2Sec entry. */
+ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+ &network, &mask, negate);
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
+ } else {
+ config_perror("netgroup host address parsing issue");
+ break;
+ }
+ }
+ endnetgrent();
+ } else {
+ config_perror("netgroup could not be found");
+ }
+ }
+ /* Without '@' it has to be an address or hostname */
+ else
+#endif
+ {
+ /* Parse source address and network mask. */
+ if(netsnmp_udp_resolve_source(sourcep, &network, &mask) == 0) {
+ /* Create a new com2Sec entry. */
+ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+ &network, &mask, negate);
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
+ } else {
+ config_perror("source address/network mask parsing issue");
+ }
}
}
-
- /*
- * Everything is okay. Copy the parameters to the structure allocated
- * above and add it to END of the list.
- */
- rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
- &network, &mask, negate);
- netsnmp_udp_com2SecEntry_check_return_code(rc);
}
void

0
net-snmp-5.9.1-fix-Makefile.PL.patch → net-snmp-5.9.4-fix-Makefile.PL.patch
View File

0
net-snmp-5.9.2-fix-create-v3-user-outfile.patch → net-snmp-5.9.4-fix-create-v3-user-outfile.patch
View File

0
net-snmp-5.9.3-fixed-python2-bindings.patch → net-snmp-5.9.4-fixed-python2-bindings.patch
View File

10
net-snmp-5.9.1-harden_snmpd.service.patch → net-snmp-5.9.4-harden_snmpd.service.patch
View File

@ -1,15 +1,13 @@
Index: net-snmp-5.9/dist/snmpd.service
===================================================================
--- net-snmp-5.9.orig/dist/snmpd.service
+++ net-snmp-5.9/dist/snmpd.service
@@ -10,6 +10,16 @@ Description=Simple Network Management Pr
diff -Nurp net-snmp-5.9.3-orig/dist/snmpd.service net-snmp-5.9.3/dist/snmpd.service
--- net-snmp-5.9.3-orig/dist/snmpd.service 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/dist/snmpd.service 2023-01-09 12:11:47.508668095 +0100
@@ -10,6 +10,15 @@ Description=Simple Network Management Pr
After=syslog.target network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true

10
net-snmp-5.9.1-harden_snmptrapd.service.patch → net-snmp-5.9.4-harden_snmptrapd.service.patch
View File

@ -1,15 +1,13 @@
Index: net-snmp-5.9/dist/snmptrapd.service
===================================================================
--- net-snmp-5.9.orig/dist/snmptrapd.service
+++ net-snmp-5.9/dist/snmptrapd.service
@@ -7,6 +7,16 @@ Description=Simple Network Management Pr
diff -Nurp net-snmp-5.9.3-orig/dist/snmptrapd.service net-snmp-5.9.3/dist/snmptrapd.service
--- net-snmp-5.9.3-orig/dist/snmptrapd.service 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/dist/snmptrapd.service 2023-01-09 12:13:40.120216602 +0100
@@ -7,6 +7,15 @@ Description=Simple Network Management Pr
After=syslog.target network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true

0
net-snmp-5.9.1-modern-rpm-api.patch → net-snmp-5.9.4-modern-rpm-api.patch
View File

0
net-snmp-5.9.1-net-snmp-config-headercheck.patch → net-snmp-5.9.4-net-snmp-config-headercheck.patch
View File

0
net-snmp-5.9.1-perl-tk-warning.patch → net-snmp-5.9.4-perl-tk-warning.patch
View File

0
net-snmp-5.9.2-pie.patch → net-snmp-5.9.4-pie.patch
View File

0
net-snmp-5.9.1-snmpstatus-suppress-output.patch → net-snmp-5.9.4-snmpstatus-suppress-output.patch
View File

0
net-snmp-5.9.1-socket-path.patch → net-snmp-5.9.4-socket-path.patch
View File

0
net-snmp-5.9.1-subagent-set-response.patch → net-snmp-5.9.4-subagent-set-response.patch
View File

0
net-snmp-5.9.1-suse-systemd-service-files.patch → net-snmp-5.9.4-suse-systemd-service-files.patch
View File

0
net-snmp-5.9.1-testing-empty-arptable.patch → net-snmp-5.9.4-testing-empty-arptable.patch
View File

3
net-snmp-5.9.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8b4de01391e74e3c7014beb43961a2d6d6fa03acc34280b9585f4930745b0544
size 6681606

7
net-snmp-5.9.4.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRuZxiu8etcZcMtGyo1a8C1UtU8qwUCZNvg2QAKCRA1a8C1UtU8
qw8qAQDETiafcfGE3SBySaKHBbF29I0JoCgyQkMZcohhulta0gEA3VXykAg9M0S9
q/bjRz8lPTdz9tpYmiza9eXcYmQZcAA=
=PJkj
-----END PGP SIGNATURE-----

47
net-snmp.changes
View File

@ -1,3 +1,50 @@
-------------------------------------------------------------------
Tue Oct 17 13:56:01 UTC 2023 - Alexander Bergmann <abergmann@suse.com>
- Update to net-snmp-5.9.4 (bsc#1214364).
- Removing legacy MIBs used by Velocity Software (jira#PED-6416).
- Re-add support for hostname netgroups that was removed accidentally and
previously added with FATE#316305 (bsc#1207697).
'@hostgroup' can be specified for multiple hosts
- Hardening systemd services setting "ProtectHome=true" caused home directory
size and allocation to be listed incorrectly (bsc#1206044).
add:
* net-snmp-5.9.4-add-lustre-fs-support.patch
* net-snmp-5.9.4-add-netgroups-functionality.patch
* net-snmp-5.9.4-fix-create-v3-user-outfile.patch
* net-snmp-5.9.4-fixed-python2-bindings.patch
* net-snmp-5.9.4-fix-Makefile.PL.patch
* net-snmp-5.9.4-harden_snmpd.service.patch
* net-snmp-5.9.4-harden_snmptrapd.service.patch
* net-snmp-5.9.4-modern-rpm-api.patch
* net-snmp-5.9.4-net-snmp-config-headercheck.patch
* net-snmp-5.9.4-perl-tk-warning.patch
* net-snmp-5.9.4-pie.patch
* net-snmp-5.9.4-snmpstatus-suppress-output.patch
* net-snmp-5.9.4-socket-path.patch
* net-snmp-5.9.4-subagent-set-response.patch
* net-snmp-5.9.4-suse-systemd-service-files.patch
* net-snmp-5.9.4-testing-empty-arptable.patch
delete:
* net-snmp-5.9.1-add-lustre-fs-support.patch
* net-snmp-5.9.1-fix-Makefile.PL.patch
* net-snmp-5.9.1-harden_snmpd.service.patch
* net-snmp-5.9.1-harden_snmptrapd.service.patch
* net-snmp-5.9.1-modern-rpm-api.patch
* net-snmp-5.9.1-net-snmp-config-headercheck.patch
* net-snmp-5.9.1-perl-tk-warning.patch
* net-snmp-5.9.1-snmpstatus-suppress-output.patch
* net-snmp-5.9.1-socket-path.patch
* net-snmp-5.9.1-subagent-set-response.patch
* net-snmp-5.9.1-suse-systemd-service-files.patch
* net-snmp-5.9.1-testing-empty-arptable.patch
* net-snmp-5.9.1-velocity-mib.patch
* net-snmp-5.9.2-fix-create-v3-user-outfile.patch
* net-snmp-5.9.2-pie.patch
* net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch
* net-snmp-5.9.3-fixed-python2-bindings.patch
* net-snmp-5.9.3-grep.patch
-------------------------------------------------------------------
Thu Jan 5 11:49:22 UTC 2023 - Alexander Bergmann <abergmann@suse.com>

59
net-snmp.keyring
View File

@ -1,51 +1,14 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFn1UdoBEADUagdPrU/tmcctszdv2JsrPotrNyD6mn3sXU3pJ2GdL83rMmRX
2vcNsJsyyJwPFnrBVTDPYfoCsD671ccW6JVC9QfPwpNQAJRuJCwZ50bpk3P/0DX2
0YjED6chUF+OnnsnA1CK8eDDJ58QlmDCCd/wiG20UcipwTnUd7w8MBCJ/Y8ly54w
M9DxYP2YuPKd3AGasINwPGOdhOIjb9xpmL4Wxgc5rYFCxugYfxFEKnvOmZ34EUiQ
zj15LWpLSH1ZcP2CgbyrttODeftDbG/my4SMqCjINDcS1xI03h2UGsTOcR6816XU
tXTk/MLk8QKbX9CV2E80GSuPgolgH16tldGafwJ4rzasoorChefVovUsGoDf4nH+
2WwUB/ZR2hmOa2MLKqNeJQSJH06o7dMsanYrSA8TKeLL6Xv2Gr9372JoVGazVrLi
DnylUcn35/gsM6oQk4DtrPwiV71f3eJkQk8mC8xS43bdn9DzbVbxYlSIw9X8nMLj
klHqnSm9+kIASud3YlV/tizR67Ph+Yh5nyxxZDZWLf9LUNgMdqc58LgmrXnrt9hk
AEVW4/MV3H/DTedLZA8aH/SWiyM3Z8+N5cUV82vBy4rGnkvMADWdrOnteizgnRLg
zgMGIvFH/UfzqhSJNFe/nk3ee4K9q5ZuWo5xwxwjvyIofPRAZ9wsYTGxZQARAQAB
tD9OZXQtU05NUCBBZG1pbmlzdHJhdG9ycyA8bmV0LXNubXAtYWRtaW5zQGxpc3Rz
LnNvdXJjZWZvcmdlLm5ldD6JAj4EEwECACgFAln1UdoCGwMFCQlmAYAGCwkIBwMC
BhUIAgkKCwQWAgMBAh4BAheAAAoJEPB7nS2ssZ/WxqoP/3Ay9ECsxnHjYWN/tGo/
1cfnJLhCq3+eBmJL6nJDXFR/AiK0XmYZkoiOpWV9MU0lc40u+gkcOf44TL4q/q9v
P2PvH5wDZIXy9Kt3pKcFw6eUFQcwmta5ZZbGtbraCmsp2rZnU7RABnWkjVYoISZi
Y11G90mn1uOcGTtXLLb+hrWxaVeJZ5RZGFWmO9nbEr2+L1sX72e2U01c6SMOqQle
jUbz5vt6hq3hW+32oXpffaZ06M6QX4Vq5H66m5W3cZLZrbSCKDzmsXdvMJ5a8JG9
DQZ3SXbNLscQXDAHt8UKoc7GC6xd293j5RsiL+UMp08AAvn07rAIH+JLTtqJjt7J
b40K8RoHN5bQvXbmow3wXoyJCF4se+IgJEjnjhDZahwJvA4wZGVkzYQz70+dG79V
AdoDpkQJvk2Fp8FgknDqvnbPCZZmaI0k4RfULLZgbVBN24tf8utxK4hB7KUgAcO7
J31iP+hY6Xu1PQHp1AXEbxOJoj2OQ0RBPNnvF6xEr0/Qt3xdJgNN7RaDewttXcOe
klU9jl7NpFxEVjsZv8/yjp9oSOFnxLG8UPs+wAl+GLqzvkl0ArZu9xRfT82NfCMz
LoQpbu6QjRvDumiQfTropgJj+ekhfnn79W8ttPMpPJwhKSM5o9mHGDWXlHd6DaOt
jAXGa0MN8hVVmLKRpQp1fT3kuQINBFn1UdoBEADDmqitK1hnrTC94icxDwSdYuyR
D1Cq9wZSm40/Qpbr49/tAu2qWYadFaVzG+t3u6ELoYJkb31jEeBWmGZUGxWLxttP
Hja8cj2JSdI/qaQ0OeemxP4CHZucnxiEJ/g49dNbAxgoinq/wJewbU1GBHl0fInp
drZRAJdKB4/1bA1ILRWar29kQTMBsRX8OCBux+vYW1duDkvDD19I0FCH89dxAwsE
89KdMRc7nrrNRKNr9hG84V/GWvBib36amOHwPQlQVkYvVQ2J6GEa/juhpuKsWX2B
dxcYfGJQamXO7naaJySPGBzzGXkRmdrn7mOclqq4jwjNfWt9Tb3k3jfBW8sfUfKh
bXkvnLWr6l/ic1PkkxjPFuGJdfCYLPfXtNEgjn2Eg+EZ+t/H4T3w5CR9A/Kz91hv
pdGN4Np7gUMBftr+ZvRHGQn72KmMK+QqZuhu4NDfhIB7JtU8mR4LjEFHZL9rARs2
QrV6Xg+jcgzRtJu6YGieZTVkiYiMv/ujrCehMoX/h64xWKBodbaBu+XrXdYT79nB
B1BhtLcApq08Wj46KX49KwEmoWBPqJj3BjFC4UrcnjCvk1R8ZkBA/Jy4Yma0hSoL
wMjlotBIWbHSaE8XA+ASwq3CBn+6BDF/u6SoUYG2yvV0yvEMWQOfKsDXWD8P5yyK
PbG+Nl2MIylg2q2TNwARAQABiQIlBBgBAgAPBQJZ9VHaAhsMBQkJZgGAAAoJEPB7
nS2ssZ/WWPkQAJ7xUSSvNgUj441kKqrIgDMS0ZrVuwsuD8q95Y8juOR35QR1di0F
lPOhr6wSNIxAaJrUtmKsHWdAUwRGe+xQ0ab/sGht1U7loWUKwcunjNh16VE6m2cg
qEWg/InsPko8gBzBBiyRrY13lNWXoCPx3WX0ueNsFzlTOddIzOqClFEg8e5fhNHx
WAzwBrJOxtmmnhF17FKaZcHYScUNLE/okhsz4AZUUhj6PbSHfh4aLHLhh8//oArn
jQCQdIJngx8BqYOp8SNjyp6i6GNKnGP80J+sVRHtEAvcwiBDoJD7E1L47zBXkecY
8EfWHCopGue2kqMEUdtANKLHJS9b9EBRZwne4uXuq87/qTKzHQJlAs1xqpLPX5tr
0UzFNMxUnO5BD1XVEomuZBlloltRZ6DTbfTtog4wniDZLFWpfJZUu9vPJyvSj0Zc
7B3WAzj3IsSTy8KT8PKn7o0oZnLpQ2NQGKhhmp4ggrHuStf/t734SLiHgF17P5hK
LokQzwdMyyUhvdj3rVbEKItOKV8z/2j5qb+Og5W5YxcQGa4XaZykhr7C/jjwBAkR
2sZKQaHydhqZKqQ1cUCzzat69KtFwqhHPVxazEMrUqZdibW1jij8G8uGY6TAVi1b
iWL4rwllv1xTXnIA6LGu+gPHkk32ClNfgQyl2B5pulfGP0fvXBEmCKKH
=fpTJ
mDMEZCtJmhYJKwYBBAHaRw8BAQdADrR3+vAhB8AXYe9RztKtuRKMRN1Dp/mQLqey
Tg6X/Iq0P05ldC1TTk1QIEFkbWluaXN0cmF0b3JzIDxuZXQtc25tcC1hZG1pbnNA
bGlzdHMuc291cmNlZm9yZ2UubmV0PoiZBBMWCgBBFiEEbmcYrvHrXGXDLRsqNWvA
tVLVPKsFAmQrSZoCGwMFCRLMAwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQNWvAtVLVPKtF1wEAk1Cs77LtOWb34kjLiVfZU4/RtbjpzhJAbjczgQAzRLwB
AJSr6kJ2UgVgTar5Rtuyd9jFKiopH56h46IFG79XkvQIuDgEZCtJmhIKKwYBBAGX
VQEFAQEHQBOKL1xzf/uUQOqpRWR6CbbIpSc/aFDRxiF/o85gN78aAwEIB4h+BBgW
CgAmFiEEbmcYrvHrXGXDLRsqNWvAtVLVPKsFAmQrSZoCGwwFCRLMAwAACgkQNWvA
tVLVPKuwlwEAxpTW8jjFkZXqo7MKxbdI5tGUfvhOAbcBDZpzqpOyCGkBAOMY/Am/
oAfYd5+tds3nCWhlvYGX/NuIvplVZSzNhsEA
=lV4S
-----END PGP PUBLIC KEY BLOCK-----

39
net-snmp.spec
View File

@ -30,7 +30,7 @@
%define libname libsnmp40
%bcond_without python2
Name: net-snmp
Version: 5.9.3
Version: 5.9.4
Release: 0
Summary: SNMP Daemon
License: BSD-3-Clause AND MIT
@ -48,24 +48,22 @@ Source11: snmptrapd.sysconfig
Source20: net-snmp-tmpfs.conf
Source98: net-snmp-rpmlintrc
Source99: baselibs.conf
Patch1: net-snmp-5.9.1-socket-path.patch
Patch2: net-snmp-5.9.1-testing-empty-arptable.patch
Patch3: net-snmp-5.9.2-pie.patch
Patch4: net-snmp-5.9.1-net-snmp-config-headercheck.patch
Patch5: net-snmp-5.9.1-perl-tk-warning.patch
Patch6: net-snmp-5.9.1-velocity-mib.patch
Patch7: net-snmp-5.9.1-snmpstatus-suppress-output.patch
Patch8: net-snmp-5.9.1-fix-Makefile.PL.patch
Patch9: net-snmp-5.9.1-modern-rpm-api.patch
Patch10: net-snmp-5.9.1-add-lustre-fs-support.patch
Patch11: net-snmp-5.9.1-harden_snmpd.service.patch
Patch12: net-snmp-5.9.1-harden_snmptrapd.service.patch
Patch13: net-snmp-5.9.1-suse-systemd-service-files.patch
Patch14: net-snmp-5.9.2-fix-create-v3-user-outfile.patch
Patch15: net-snmp-5.9.1-subagent-set-response.patch
Patch16: net-snmp-5.9.3-fixed-python2-bindings.patch
Patch17: net-snmp-5.9.3-grep.patch
Patch18: net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch
Patch1: net-snmp-5.9.4-socket-path.patch
Patch2: net-snmp-5.9.4-testing-empty-arptable.patch
Patch3: net-snmp-5.9.4-pie.patch
Patch4: net-snmp-5.9.4-net-snmp-config-headercheck.patch
Patch5: net-snmp-5.9.4-perl-tk-warning.patch
Patch6: net-snmp-5.9.4-snmpstatus-suppress-output.patch
Patch7: net-snmp-5.9.4-fix-Makefile.PL.patch
Patch8: net-snmp-5.9.4-modern-rpm-api.patch
Patch9: net-snmp-5.9.4-add-lustre-fs-support.patch
Patch10: net-snmp-5.9.4-harden_snmpd.service.patch
Patch11: net-snmp-5.9.4-harden_snmptrapd.service.patch
Patch12: net-snmp-5.9.4-suse-systemd-service-files.patch
Patch13: net-snmp-5.9.4-fix-create-v3-user-outfile.patch
Patch14: net-snmp-5.9.4-subagent-set-response.patch
Patch15: net-snmp-5.9.4-fixed-python2-bindings.patch
Patch16: net-snmp-5.9.4-add-netgroups-functionality.patch
BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
BuildRequires: autoconf
@ -241,7 +239,7 @@ Net-SNMP toolkit library.
%autopatch -p1
%build
MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \
MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib smux \
ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
ip-mib/ipDefaultRouterTable ip-mib/ipAddressPrefixTable \
ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \
@ -251,7 +249,6 @@ MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \
MIBS="$MIBS ucd-snmp/lmsensorsMib"
%endif
autoreconf -fvi
%configure \
--with-sys-contact="root@localhost" \
--with-sys-location="unknown" \