pool/net-snmp
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 926819 from home:abergmann:net-snmp:Factory2

Browse Source 
- update to 5.9.1:
  - General: Many bug fixes
- Change to use systemd service files directly from net-snmp package.
  Patch clean-up and renaming.
  Add:
  * net-snmp-5.9.1-suse-systemd-service-files.patch
  * net-snmp-5.9.1-harden_snmpd.service.patch
  * net-snmp-5.9.1-harden_snmptrapd.service.patch
  * net-snmp-5.9.1-add-lustre-fs-support.patch
  Remove:
  * snmpd.service
  * snmptrapd.service
  * harden_snmpd.service.patch
  * harden_snmptrapd.service.patch
  * net-snmp-5.8-add-lustre-fs-support.patch

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_snmpd.service.patch
  * harden_snmptrapd.service.patch
  Modified:
  * snmpd.service
  * snmptrapd.service

OBS-URL: https://build.opensuse.org/request/show/926819
OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-snmp?expand=0&rev=38
This commit is contained in:
Alexander Bergmann 2021-10-22 15:22:52 +00:00 committed by Git OBS Bridge
parent e0705f9663
commit ad02a1aeeb
11 changed files with 153 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
net-snmp-5.8-add-lustre-fs-support.patch
View File

@ -1,24 +0,0 @@
diff -Nurp net-snmp-5.8-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c
--- net-snmp-5.8-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-16 16:33:40.000000000 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c 2019-07-04 10:03:38.611004672 +0200
@@ -144,6 +144,7 @@ _fsys_type( char *typename )
!strcmp(typename, MNTTYPE_CVFS) ||
!strcmp(typename, MNTTYPE_SIMFS) ||
!strcmp(typename, MNTTYPE_BTRFS) ||
+ !strcmp(typename, MNTTYPE_LUSTRE) ||
!strcmp(typename, MNTTYPE_ZFS) ||
!strcmp(typename, MNTTYPE_NVMFS) ||
!strcmp(typename, MNTTYPE_ACFS) ||
diff -Nurp net-snmp-5.8-orig/agent/mibgroup/hardware/fsys/mnttypes.h net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h
--- net-snmp-5.8-orig/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-16 16:33:40.000000000 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h 2019-07-04 10:04:25.607004626 +0200
@@ -148,6 +148,9 @@
#ifndef MNTTYPE_BTRFS
#define MNTTYPE_BTRFS "btrfs"
#endif
+#ifndef MNTTYPE_LUSTRE
+#define MNTTYPE_LUSTRE "lustre"
+#endif
#ifndef MNTTYPE_ZFS
#define MNTTYPE_ZFS "zfs"
#endif

11
net-snmp-5.9.1-add-lustre-fs-support.patch Normal file
View File

@ -0,0 +1,11 @@
diff -Nurp net-snmp-5.9.1-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.9.1/agent/mibgroup/hardware/fsys/fsys_mntent.c
--- net-snmp-5.9.1-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c 2021-10-14 10:41:53.432186916 +0000
+++ net-snmp-5.9.1/agent/mibgroup/hardware/fsys/fsys_mntent.c 2021-10-18 06:24:35.385893383 +0000
@@ -75,6 +75,7 @@ static const char *other_fs[] = {
"jfs",
"jffs2",
"lofs",
+ "lustre",
"mvfs",
"nsspool",
"nssvol",

21
net-snmp-5.9.1-harden_snmpd.service.patch Normal file
View File

@ -0,0 +1,21 @@
Index: net-snmp-5.9/dist/snmpd.service
===================================================================
--- net-snmp-5.9.orig/dist/snmpd.service
+++ net-snmp-5.9/dist/snmpd.service
@@ -10,6 +10,16 @@ Description=Simple Network Management Pr
After=syslog.target network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
# Type=notify is also supported. It should be set when snmpd.socket is not used.
Type=simple
ExecStart=/usr/sbin/snmpd -f

21
net-snmp-5.9.1-harden_snmptrapd.service.patch Normal file
View File

@ -0,0 +1,21 @@
Index: net-snmp-5.9/dist/snmptrapd.service
===================================================================
--- net-snmp-5.9.orig/dist/snmptrapd.service
+++ net-snmp-5.9/dist/snmptrapd.service
@@ -7,6 +7,16 @@ Description=Simple Network Management Pr
After=syslog.target network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
# Type=notify is also supported. It should be set when snmptrapd.socket is not
# used.
Type=simple

34
net-snmp-5.9.1-suse-systemd-service-files.patch Normal file
View File

@ -0,0 +1,34 @@
diff -Nrup net-snmp-5.9.1-orig/dist/snmpd.service net-snmp-5.9.1/dist/snmpd.service
--- net-snmp-5.9.1-orig/dist/snmpd.service 2021-10-21 15:22:42.168690298 +0000
+++ net-snmp-5.9.1/dist/snmpd.service 2021-10-21 15:23:10.579979496 +0000
@@ -21,8 +21,11 @@ ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
# Type=notify is also supported. It should be set when snmpd.socket is not used.
-Type=simple
-ExecStart=/usr/sbin/snmpd -f
+Type=notify
+Environment=OPTIONS="-LS0-6d"
+EnvironmentFile=-/etc/sysconfig/snmpd
+ExecStart=/usr/sbin/snmpd $OPTIONS -f
+ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
diff -Nrup net-snmp-5.9.1-orig/dist/snmptrapd.service net-snmp-5.9.1/dist/snmptrapd.service
--- net-snmp-5.9.1-orig/dist/snmptrapd.service 2021-10-21 15:22:42.184689898 +0000
+++ net-snmp-5.9.1/dist/snmptrapd.service 2021-10-21 15:24:50.933468801 +0000
@@ -19,8 +19,11 @@ RestrictRealtime=true
# end of automatic additions
# Type=notify is also supported. It should be set when snmptrapd.socket is not
# used.
-Type=simple
-ExecStart=/usr/sbin/snmptrapd -f
+Type=notify
+Environment=OPTIONS="-Lsd"
+EnvironmentFile=-/etc/sysconfig/snmptrapd
+ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
+ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

3
net-snmp-5.9.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f
size 6711774

16
net-snmp-5.9.1.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAmCtd/sACgkQ8HudLayx
n9bnoQ/+PdEgmx034Qjc6EqMOqiRnsucnpXomB3e19gGeiCYhNUsIcBPeyV5pDbQ
P4O9vQaKFi5g+X8s4cwm+ebL62cgz+L+Ow8Aepg/VFP8JXuCCZVd01j8nHgXx44y
RTssH1EFkCDWAs3I4lKihw3rjDkzM68tQBgFvhFmPxsprb4423koj12elpxV+m1W
vEbbP+a4HLPHrbTBWAUs8V9KZlVWXx55CQzwYV0bSzvF5CbzQE5WFjXkTj5zmdYD
VcRIg4jHs0WfR6d7mPfMRXI3m15viyo43UDduUiZs6I97pXROy5Z4QL7krjP2rOn
eUlVs9L4RsGB5J5IiUsSGhoBIUHVesArFNPWokFaVEwFmCKZQNiRPlGt9PVdNnRO
A7gwvImj5/SSbhYvB1eUVJZvk223LewdpX3eFTUlu8QOlYn6ZSOACx4R/tWIMdSN
bBhq+DOipWIRFg59oP6DTjWd9OQbcENxiSj3qkURmFPAz/m3mlPA59mqRouj1Pab
uxWvYKb+bnmREOXYKSMD4FbA3D8ysMWyd0qxZ8wXOoaQ9G484viGfyCdeoXUsQeE
ejCZJE7uC/3hytWS3qtsZCCzMsyn0JwzhdCwG4q7cvrbE/RPt//rpd5J1cA0mBsY
eV9DncpCGGEYsLWPIvsjGUMgp61Dz/3fFiFDnpa27gy6QfXTR+s=
=Kfs+
-----END PGP SIGNATURE-----

3
net-snmp-5.9.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:04303a66f85d6d8b16d3cc53bde50428877c82ab524e17591dfceaeb94df6071
size 6690435

16
net-snmp-5.9.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAl9AQFAACgkQ8HudLayx
n9ZprA/+Mu1xigQbSC6it42bEzAAkSsFMYcpEh6SnxNUZEPOXPlKmDv9rGP9x/09
/HpD86R42YJq+Z9z+UoccEKr4vQJq2CDL4Npje5u0u+kiv+WoYUSyyn1jX3QrF4s
+dDEpyxVHYLk4I5LaWybZXZ1f52useaYVaBKYKp/TEPfEk6yS1VCjDq2Z0V1Xdlx
SEN4fYczNzC9RA1Z0riOVTjjw79dW2anAyxf2nGNpWfVf5ZcEgmUubhfxBl8anJu
kwlUGab+3vVTKw+xKmXQR821+rYXhwy9NLKE+sXwTbGjoZhfxuvaqjCwlloFydwQ
SxIBq9l5ErVvoiCFa8GvWiJbU06ko9L1RuBvtiz5/bcZHMnZOUZKMrkWttFUSojw
3D0nwsBs1dnxYA56lCIqMQUOYzr76EJRtLg0tALhRA6N9WNxFOuW8T+x+35fRp9R
7bt1Jr9RmB6iSnSsQ1UME82CblkKEAWhMWB7Gnwei8LAw6ITpyguFx4KSw0x8Vad
UAtJ5PjkakAQ29GxQs73faKkBnihWagWqujNI7ifBUgdrWHmM/gPQg/kNqZYEbbn
WTFENfm+dAhF1zEPin/JWe5EHoJcoEwhM9ITf9gOMJ9KukFnrQ09la7VFU/JkOim
skt7syHrk27c4C589HViB0uVe89ZT3xMpkERuWHAdMjWYHqf7LA=
=3n5O
-----END PGP SIGNATURE-----

29
net-snmp.changes
View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Mon Oct 18 06:31:40 UTC 2021 - Alexander Bergmann <abergmann@suse.com>
- update to 5.9.1:
- General: Many bug fixes
- Change to use systemd service files directly from net-snmp package.
Patch clean-up and renaming.
Add:
* net-snmp-5.9.1-suse-systemd-service-files.patch
* net-snmp-5.9.1-harden_snmpd.service.patch
* net-snmp-5.9.1-harden_snmptrapd.service.patch
* net-snmp-5.9.1-add-lustre-fs-support.patch
Remove:
* snmpd.service
* snmptrapd.service
* harden_snmpd.service.patch
* harden_snmptrapd.service.patch
* net-snmp-5.8-add-lustre-fs-support.patch
-------------------------------------------------------------------
Fri Oct 15 07:26:28 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_snmpd.service.patch
* harden_snmptrapd.service.patch
Modified:
* snmpd.service
* snmptrapd.service
-------------------------------------------------------------------
Sun Sep 19 18:54:20 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>

36
net-snmp.spec
View File

@ -30,19 +30,17 @@
%define libname libsnmp30
%bcond_without python2
Name: net-snmp
Version: 5.9
Version: 5.9.1
Release: 0
Summary: SNMP Daemon
License: BSD-3-Clause AND MIT
Group: Productivity/Networking/Other
URL: https://sourceforge.net/projects/net-snmp
Source: https://sourceforge.net/projects/net-snmp/files/net-snmp/%{version}/%{name}-%{version}.tar.gz
Source1: snmpd.service
Source2: snmpd.conf
Source3: README.SUSE
Source4: snmptrapd.service
Source5: net-snmp.logrotate
Source6: test_installed
Source1: snmpd.conf
Source2: README.SUSE
Source3: net-snmp.logrotate
Source4: test_installed
Source7: https://sourceforge.net/projects/net-snmp/files/net-snmp/%{version}/%{name}-%{version}.tar.gz.asc
Source8: http://www.net-snmp.org/net-snmp-admin.asc#/%{name}.keyring
Source10: snmpd.sysconfig
@ -56,10 +54,13 @@ Patch3: net-snmp-5.8-pie.patch
Patch4: net-snmp-5.8-net-snmp-config-headercheck.patch
Patch5: net-snmp-5.8-perl-tk-warning.patch
Patch6: net-snmp-5.8-velocity-mib.patch
Patch8: net-snmp-5.8-snmpstatus-suppress-output.patch
Patch9: net-snmp-5.8-fix-Makefile.PL.patch
Patch10: net-snmp-5.8-modern-rpm-api.patch
Patch12: net-snmp-5.8-add-lustre-fs-support.patch
Patch7: net-snmp-5.8-snmpstatus-suppress-output.patch
Patch8: net-snmp-5.8-fix-Makefile.PL.patch
Patch9: net-snmp-5.8-modern-rpm-api.patch
Patch10: net-snmp-5.9.1-add-lustre-fs-support.patch
Patch11: net-snmp-5.9.1-harden_snmpd.service.patch
Patch12: net-snmp-5.9.1-harden_snmptrapd.service.patch
Patch13: net-snmp-5.9.1-suse-systemd-service-files.patch
BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
BuildRequires: autoconf
@ -278,13 +279,12 @@ popd
%install
%make_install INSTALL_PREFIX=%{buildroot}
install -Dd %{buildroot}%{_localstatedir}/log %{buildroot}%{_localstatedir}/lib/net-snmp %{buildroot}%{_libexecdir}/net-snmp/agents %{buildroot}%{netsnmp_agentx_socket_dir_fhs}
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/snmpd.service
install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/snmptrapd.service
install -D -m 0600 %{SOURCE2} %{buildroot}%{_sysconfdir}/snmp/snmpd.conf
install -m 0644 %{SOURCE3} .
install -m 0644 %{SOURCE4} .
install -D -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/net-snmp
install -m 0744 %{SOURCE6} testing/
install -D -m 0644 dist/snmpd.service %{buildroot}%{_unitdir}/snmpd.service
install -D -m 0644 dist/snmptrapd.service %{buildroot}%{_unitdir}/snmptrapd.service
install -D -m 0600 %{SOURCE1} %{buildroot}%{_sysconfdir}/snmp/snmpd.conf
install -m 0644 %{SOURCE2} .
install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/net-snmp
install -m 0744 %{SOURCE4} testing/
ln -sf service %{buildroot}%{_sbindir}/rcsnmpd
ln -sf service %{buildroot}%{_sbindir}/rcsnmptrapd
install -m 0644 /dev/null %{buildroot}%{netsnmp_logfile}