From ad02a1aeeb9b2da6caa62f91422d090616f1e09b09d9d0a2c6ba416ccc21efae Mon Sep 17 00:00:00 2001 From: Alexander Bergmann Date: Fri, 22 Oct 2021 15:22:52 +0000 Subject: [PATCH] Accepting request 926819 from home:abergmann:net-snmp:Factory2 - update to 5.9.1: - General: Many bug fixes - Change to use systemd service files directly from net-snmp package. Patch clean-up and renaming. Add: * net-snmp-5.9.1-suse-systemd-service-files.patch * net-snmp-5.9.1-harden_snmpd.service.patch * net-snmp-5.9.1-harden_snmptrapd.service.patch * net-snmp-5.9.1-add-lustre-fs-support.patch Remove: * snmpd.service * snmptrapd.service * harden_snmpd.service.patch * harden_snmptrapd.service.patch * net-snmp-5.8-add-lustre-fs-support.patch - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_snmpd.service.patch * harden_snmptrapd.service.patch Modified: * snmpd.service * snmptrapd.service OBS-URL: https://build.opensuse.org/request/show/926819 OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-snmp?expand=0&rev=38 --- net-snmp-5.8-add-lustre-fs-support.patch | 24 ------------- net-snmp-5.9.1-add-lustre-fs-support.patch | 11 ++++++ net-snmp-5.9.1-harden_snmpd.service.patch | 21 +++++++++++ net-snmp-5.9.1-harden_snmptrapd.service.patch | 21 +++++++++++ ...nmp-5.9.1-suse-systemd-service-files.patch | 34 ++++++++++++++++++ net-snmp-5.9.1.tar.gz | 3 ++ net-snmp-5.9.1.tar.gz.asc | 16 +++++++++ net-snmp-5.9.tar.gz | 3 -- net-snmp-5.9.tar.gz.asc | 16 --------- net-snmp.changes | 29 +++++++++++++++ net-snmp.spec | 36 +++++++++---------- 11 files changed, 153 insertions(+), 61 deletions(-) delete mode 100644 net-snmp-5.8-add-lustre-fs-support.patch create mode 100644 net-snmp-5.9.1-add-lustre-fs-support.patch create mode 100644 net-snmp-5.9.1-harden_snmpd.service.patch create mode 100644 net-snmp-5.9.1-harden_snmptrapd.service.patch create mode 100644 net-snmp-5.9.1-suse-systemd-service-files.patch create mode 100644 net-snmp-5.9.1.tar.gz create mode 100644 net-snmp-5.9.1.tar.gz.asc delete mode 100644 net-snmp-5.9.tar.gz delete mode 100644 net-snmp-5.9.tar.gz.asc diff --git a/net-snmp-5.8-add-lustre-fs-support.patch b/net-snmp-5.8-add-lustre-fs-support.patch deleted file mode 100644 index b5a12c8..0000000 --- a/net-snmp-5.8-add-lustre-fs-support.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -Nurp net-snmp-5.8-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c ---- net-snmp-5.8-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-16 16:33:40.000000000 +0200 -+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c 2019-07-04 10:03:38.611004672 +0200 -@@ -144,6 +144,7 @@ _fsys_type( char *typename ) - !strcmp(typename, MNTTYPE_CVFS) || - !strcmp(typename, MNTTYPE_SIMFS) || - !strcmp(typename, MNTTYPE_BTRFS) || -+ !strcmp(typename, MNTTYPE_LUSTRE) || - !strcmp(typename, MNTTYPE_ZFS) || - !strcmp(typename, MNTTYPE_NVMFS) || - !strcmp(typename, MNTTYPE_ACFS) || -diff -Nurp net-snmp-5.8-orig/agent/mibgroup/hardware/fsys/mnttypes.h net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h ---- net-snmp-5.8-orig/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-16 16:33:40.000000000 +0200 -+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h 2019-07-04 10:04:25.607004626 +0200 -@@ -148,6 +148,9 @@ - #ifndef MNTTYPE_BTRFS - #define MNTTYPE_BTRFS "btrfs" - #endif -+#ifndef MNTTYPE_LUSTRE -+#define MNTTYPE_LUSTRE "lustre" -+#endif - #ifndef MNTTYPE_ZFS - #define MNTTYPE_ZFS "zfs" - #endif diff --git a/net-snmp-5.9.1-add-lustre-fs-support.patch b/net-snmp-5.9.1-add-lustre-fs-support.patch new file mode 100644 index 0000000..6a3fb9b --- /dev/null +++ b/net-snmp-5.9.1-add-lustre-fs-support.patch @@ -0,0 +1,11 @@ +diff -Nurp net-snmp-5.9.1-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.9.1/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- net-snmp-5.9.1-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c 2021-10-14 10:41:53.432186916 +0000 ++++ net-snmp-5.9.1/agent/mibgroup/hardware/fsys/fsys_mntent.c 2021-10-18 06:24:35.385893383 +0000 +@@ -75,6 +75,7 @@ static const char *other_fs[] = { + "jfs", + "jffs2", + "lofs", ++ "lustre", + "mvfs", + "nsspool", + "nssvol", diff --git a/net-snmp-5.9.1-harden_snmpd.service.patch b/net-snmp-5.9.1-harden_snmpd.service.patch new file mode 100644 index 0000000..9d6b8d9 --- /dev/null +++ b/net-snmp-5.9.1-harden_snmpd.service.patch @@ -0,0 +1,21 @@ +Index: net-snmp-5.9/dist/snmpd.service +=================================================================== +--- net-snmp-5.9.orig/dist/snmpd.service ++++ net-snmp-5.9/dist/snmpd.service +@@ -10,6 +10,16 @@ Description=Simple Network Management Pr + After=syslog.target network.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++ProtectHostname=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + # Type=notify is also supported. It should be set when snmpd.socket is not used. + Type=simple + ExecStart=/usr/sbin/snmpd -f diff --git a/net-snmp-5.9.1-harden_snmptrapd.service.patch b/net-snmp-5.9.1-harden_snmptrapd.service.patch new file mode 100644 index 0000000..d1b66a0 --- /dev/null +++ b/net-snmp-5.9.1-harden_snmptrapd.service.patch @@ -0,0 +1,21 @@ +Index: net-snmp-5.9/dist/snmptrapd.service +=================================================================== +--- net-snmp-5.9.orig/dist/snmptrapd.service ++++ net-snmp-5.9/dist/snmptrapd.service +@@ -7,6 +7,16 @@ Description=Simple Network Management Pr + After=syslog.target network.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++ProtectHostname=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + # Type=notify is also supported. It should be set when snmptrapd.socket is not + # used. + Type=simple diff --git a/net-snmp-5.9.1-suse-systemd-service-files.patch b/net-snmp-5.9.1-suse-systemd-service-files.patch new file mode 100644 index 0000000..e820848 --- /dev/null +++ b/net-snmp-5.9.1-suse-systemd-service-files.patch @@ -0,0 +1,34 @@ +diff -Nrup net-snmp-5.9.1-orig/dist/snmpd.service net-snmp-5.9.1/dist/snmpd.service +--- net-snmp-5.9.1-orig/dist/snmpd.service 2021-10-21 15:22:42.168690298 +0000 ++++ net-snmp-5.9.1/dist/snmpd.service 2021-10-21 15:23:10.579979496 +0000 +@@ -21,8 +21,11 @@ ProtectControlGroups=true + RestrictRealtime=true + # end of automatic additions + # Type=notify is also supported. It should be set when snmpd.socket is not used. +-Type=simple +-ExecStart=/usr/sbin/snmpd -f ++Type=notify ++Environment=OPTIONS="-LS0-6d" ++EnvironmentFile=-/etc/sysconfig/snmpd ++ExecStart=/usr/sbin/snmpd $OPTIONS -f ++ExecReload=/bin/kill -HUP $MAINPID + + [Install] + WantedBy=multi-user.target +diff -Nrup net-snmp-5.9.1-orig/dist/snmptrapd.service net-snmp-5.9.1/dist/snmptrapd.service +--- net-snmp-5.9.1-orig/dist/snmptrapd.service 2021-10-21 15:22:42.184689898 +0000 ++++ net-snmp-5.9.1/dist/snmptrapd.service 2021-10-21 15:24:50.933468801 +0000 +@@ -19,8 +19,11 @@ RestrictRealtime=true + # end of automatic additions + # Type=notify is also supported. It should be set when snmptrapd.socket is not + # used. +-Type=simple +-ExecStart=/usr/sbin/snmptrapd -f ++Type=notify ++Environment=OPTIONS="-Lsd" ++EnvironmentFile=-/etc/sysconfig/snmptrapd ++ExecStart=/usr/sbin/snmptrapd $OPTIONS -f ++ExecReload=/bin/kill -HUP $MAINPID + + [Install] + WantedBy=multi-user.target diff --git a/net-snmp-5.9.1.tar.gz b/net-snmp-5.9.1.tar.gz new file mode 100644 index 0000000..7167b2b --- /dev/null +++ b/net-snmp-5.9.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f +size 6711774 diff --git a/net-snmp-5.9.1.tar.gz.asc b/net-snmp-5.9.1.tar.gz.asc new file mode 100644 index 0000000..e9048ef --- /dev/null +++ b/net-snmp-5.9.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAmCtd/sACgkQ8HudLayx +n9bnoQ/+PdEgmx034Qjc6EqMOqiRnsucnpXomB3e19gGeiCYhNUsIcBPeyV5pDbQ +P4O9vQaKFi5g+X8s4cwm+ebL62cgz+L+Ow8Aepg/VFP8JXuCCZVd01j8nHgXx44y +RTssH1EFkCDWAs3I4lKihw3rjDkzM68tQBgFvhFmPxsprb4423koj12elpxV+m1W +vEbbP+a4HLPHrbTBWAUs8V9KZlVWXx55CQzwYV0bSzvF5CbzQE5WFjXkTj5zmdYD +VcRIg4jHs0WfR6d7mPfMRXI3m15viyo43UDduUiZs6I97pXROy5Z4QL7krjP2rOn +eUlVs9L4RsGB5J5IiUsSGhoBIUHVesArFNPWokFaVEwFmCKZQNiRPlGt9PVdNnRO +A7gwvImj5/SSbhYvB1eUVJZvk223LewdpX3eFTUlu8QOlYn6ZSOACx4R/tWIMdSN +bBhq+DOipWIRFg59oP6DTjWd9OQbcENxiSj3qkURmFPAz/m3mlPA59mqRouj1Pab +uxWvYKb+bnmREOXYKSMD4FbA3D8ysMWyd0qxZ8wXOoaQ9G484viGfyCdeoXUsQeE +ejCZJE7uC/3hytWS3qtsZCCzMsyn0JwzhdCwG4q7cvrbE/RPt//rpd5J1cA0mBsY +eV9DncpCGGEYsLWPIvsjGUMgp61Dz/3fFiFDnpa27gy6QfXTR+s= +=Kfs+ +-----END PGP SIGNATURE----- diff --git a/net-snmp-5.9.tar.gz b/net-snmp-5.9.tar.gz deleted file mode 100644 index b02380b..0000000 --- a/net-snmp-5.9.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:04303a66f85d6d8b16d3cc53bde50428877c82ab524e17591dfceaeb94df6071 -size 6690435 diff --git a/net-snmp-5.9.tar.gz.asc b/net-snmp-5.9.tar.gz.asc deleted file mode 100644 index 3690f03..0000000 --- a/net-snmp-5.9.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAl9AQFAACgkQ8HudLayx -n9ZprA/+Mu1xigQbSC6it42bEzAAkSsFMYcpEh6SnxNUZEPOXPlKmDv9rGP9x/09 -/HpD86R42YJq+Z9z+UoccEKr4vQJq2CDL4Npje5u0u+kiv+WoYUSyyn1jX3QrF4s -+dDEpyxVHYLk4I5LaWybZXZ1f52useaYVaBKYKp/TEPfEk6yS1VCjDq2Z0V1Xdlx -SEN4fYczNzC9RA1Z0riOVTjjw79dW2anAyxf2nGNpWfVf5ZcEgmUubhfxBl8anJu -kwlUGab+3vVTKw+xKmXQR821+rYXhwy9NLKE+sXwTbGjoZhfxuvaqjCwlloFydwQ -SxIBq9l5ErVvoiCFa8GvWiJbU06ko9L1RuBvtiz5/bcZHMnZOUZKMrkWttFUSojw -3D0nwsBs1dnxYA56lCIqMQUOYzr76EJRtLg0tALhRA6N9WNxFOuW8T+x+35fRp9R -7bt1Jr9RmB6iSnSsQ1UME82CblkKEAWhMWB7Gnwei8LAw6ITpyguFx4KSw0x8Vad -UAtJ5PjkakAQ29GxQs73faKkBnihWagWqujNI7ifBUgdrWHmM/gPQg/kNqZYEbbn -WTFENfm+dAhF1zEPin/JWe5EHoJcoEwhM9ITf9gOMJ9KukFnrQ09la7VFU/JkOim -skt7syHrk27c4C589HViB0uVe89ZT3xMpkERuWHAdMjWYHqf7LA= -=3n5O ------END PGP SIGNATURE----- diff --git a/net-snmp.changes b/net-snmp.changes index c0a2503..f62414a 100644 --- a/net-snmp.changes +++ b/net-snmp.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Mon Oct 18 06:31:40 UTC 2021 - Alexander Bergmann + +- update to 5.9.1: + - General: Many bug fixes +- Change to use systemd service files directly from net-snmp package. + Patch clean-up and renaming. + Add: + * net-snmp-5.9.1-suse-systemd-service-files.patch + * net-snmp-5.9.1-harden_snmpd.service.patch + * net-snmp-5.9.1-harden_snmptrapd.service.patch + * net-snmp-5.9.1-add-lustre-fs-support.patch + Remove: + * snmpd.service + * snmptrapd.service + * harden_snmpd.service.patch + * harden_snmptrapd.service.patch + * net-snmp-5.8-add-lustre-fs-support.patch + +------------------------------------------------------------------- +Fri Oct 15 07:26:28 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_snmpd.service.patch + * harden_snmptrapd.service.patch + Modified: + * snmpd.service + * snmptrapd.service + ------------------------------------------------------------------- Sun Sep 19 18:54:20 UTC 2021 - Andreas Stieger diff --git a/net-snmp.spec b/net-snmp.spec index 1ca5382..c3cba26 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -30,19 +30,17 @@ %define libname libsnmp30 %bcond_without python2 Name: net-snmp -Version: 5.9 +Version: 5.9.1 Release: 0 Summary: SNMP Daemon License: BSD-3-Clause AND MIT Group: Productivity/Networking/Other URL: https://sourceforge.net/projects/net-snmp Source: https://sourceforge.net/projects/net-snmp/files/net-snmp/%{version}/%{name}-%{version}.tar.gz -Source1: snmpd.service -Source2: snmpd.conf -Source3: README.SUSE -Source4: snmptrapd.service -Source5: net-snmp.logrotate -Source6: test_installed +Source1: snmpd.conf +Source2: README.SUSE +Source3: net-snmp.logrotate +Source4: test_installed Source7: https://sourceforge.net/projects/net-snmp/files/net-snmp/%{version}/%{name}-%{version}.tar.gz.asc Source8: http://www.net-snmp.org/net-snmp-admin.asc#/%{name}.keyring Source10: snmpd.sysconfig @@ -56,10 +54,13 @@ Patch3: net-snmp-5.8-pie.patch Patch4: net-snmp-5.8-net-snmp-config-headercheck.patch Patch5: net-snmp-5.8-perl-tk-warning.patch Patch6: net-snmp-5.8-velocity-mib.patch -Patch8: net-snmp-5.8-snmpstatus-suppress-output.patch -Patch9: net-snmp-5.8-fix-Makefile.PL.patch -Patch10: net-snmp-5.8-modern-rpm-api.patch -Patch12: net-snmp-5.8-add-lustre-fs-support.patch +Patch7: net-snmp-5.8-snmpstatus-suppress-output.patch +Patch8: net-snmp-5.8-fix-Makefile.PL.patch +Patch9: net-snmp-5.8-modern-rpm-api.patch +Patch10: net-snmp-5.9.1-add-lustre-fs-support.patch +Patch11: net-snmp-5.9.1-harden_snmpd.service.patch +Patch12: net-snmp-5.9.1-harden_snmptrapd.service.patch +Patch13: net-snmp-5.9.1-suse-systemd-service-files.patch BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} BuildRequires: autoconf @@ -278,13 +279,12 @@ popd %install %make_install INSTALL_PREFIX=%{buildroot} install -Dd %{buildroot}%{_localstatedir}/log %{buildroot}%{_localstatedir}/lib/net-snmp %{buildroot}%{_libexecdir}/net-snmp/agents %{buildroot}%{netsnmp_agentx_socket_dir_fhs} -install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/snmpd.service -install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/snmptrapd.service -install -D -m 0600 %{SOURCE2} %{buildroot}%{_sysconfdir}/snmp/snmpd.conf -install -m 0644 %{SOURCE3} . -install -m 0644 %{SOURCE4} . -install -D -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/net-snmp -install -m 0744 %{SOURCE6} testing/ +install -D -m 0644 dist/snmpd.service %{buildroot}%{_unitdir}/snmpd.service +install -D -m 0644 dist/snmptrapd.service %{buildroot}%{_unitdir}/snmptrapd.service +install -D -m 0600 %{SOURCE1} %{buildroot}%{_sysconfdir}/snmp/snmpd.conf +install -m 0644 %{SOURCE2} . +install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/net-snmp +install -m 0744 %{SOURCE4} testing/ ln -sf service %{buildroot}%{_sbindir}/rcsnmpd ln -sf service %{buildroot}%{_sbindir}/rcsnmptrapd install -m 0644 /dev/null %{buildroot}%{netsnmp_logfile}