Accepting request 986781 from home:abergmann:net-snmp:Factory

- update to 5.9.2 (bsc#1201103): - security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously - CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. - Refactor two patches to work with version number 5.9.2: delete: * net-snmp-5.9.1-pie.patch * net-snmp-5.9.1-fix-create-v3-user-outfile.patch add: * net-snmp-5.9.2-pie.patch * net-snmp-5.9.2-fix-create-v3-user-outfile.patch OBS-URL: https://build.opensuse.org/request/show/986781 OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-snmp?expand=0&rev=46
2022-07-06 11:22:09 +00:00 · 2022-07-06 11:22:09 +00:00 · ce2dd41ca5
commit ce2dd41ca5
parent 6aec332b8f
9 changed files with 70 additions and 44 deletions
--- a/net-snmp-5.9.1-fix-create-v3-user-outfile.patch
+++ b/net-snmp-5.9.1-fix-create-v3-user-outfile.patch
@ -1,12 +0,0 @@
-diff -Nurp net-snmp-5.9.1-orig/net-snmp-create-v3-user.in net-snmp-5.9.1/net-snmp-create-v3-user.in
--- net-snmp-5.9.1-orig/net-snmp-create-v3-user.in	2021-05-26 00:19:35.000000000 +0200
-+++ net-snmp-5.9.1/net-snmp-create-v3-user.in	2022-03-09 16:15:47.782006944 +0100
-@@ -136,7 +136,7 @@ fi
- echo "$line" >> "$outfile"
- # Avoid that configure complains that this script ignores @datarootdir@
- echo "@datarootdir@" >/dev/null
-outfile="@datadir@/snmp/snmpd.conf"
-+outfile="/etc/snmp/snmpd.conf"
- line="$token $user"
- echo "adding the following line to $outfile:"
- echo "   $line"
--- a/net-snmp-5.9.1.tar.gz
+++ b/net-snmp-5.9.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f
-size 6711774
--- a/net-snmp-5.9.1.tar.gz.asc
+++ b/net-snmp-5.9.1.tar.gz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAmCtd/sACgkQ8HudLayx
-n9bnoQ/+PdEgmx034Qjc6EqMOqiRnsucnpXomB3e19gGeiCYhNUsIcBPeyV5pDbQ
-P4O9vQaKFi5g+X8s4cwm+ebL62cgz+L+Ow8Aepg/VFP8JXuCCZVd01j8nHgXx44y
-RTssH1EFkCDWAs3I4lKihw3rjDkzM68tQBgFvhFmPxsprb4423koj12elpxV+m1W
-vEbbP+a4HLPHrbTBWAUs8V9KZlVWXx55CQzwYV0bSzvF5CbzQE5WFjXkTj5zmdYD
-VcRIg4jHs0WfR6d7mPfMRXI3m15viyo43UDduUiZs6I97pXROy5Z4QL7krjP2rOn
-eUlVs9L4RsGB5J5IiUsSGhoBIUHVesArFNPWokFaVEwFmCKZQNiRPlGt9PVdNnRO
-A7gwvImj5/SSbhYvB1eUVJZvk223LewdpX3eFTUlu8QOlYn6ZSOACx4R/tWIMdSN
-bBhq+DOipWIRFg59oP6DTjWd9OQbcENxiSj3qkURmFPAz/m3mlPA59mqRouj1Pab
-uxWvYKb+bnmREOXYKSMD4FbA3D8ysMWyd0qxZ8wXOoaQ9G484viGfyCdeoXUsQeE
-ejCZJE7uC/3hytWS3qtsZCCzMsyn0JwzhdCwG4q7cvrbE/RPt//rpd5J1cA0mBsY
-eV9DncpCGGEYsLWPIvsjGUMgp61Dz/3fFiFDnpa27gy6QfXTR+s=
-=Kfs+
-----END PGP SIGNATURE-----
--- a/net-snmp-5.9.2-fix-create-v3-user-outfile.patch
+++ b/net-snmp-5.9.2-fix-create-v3-user-outfile.patch
@ -0,0 +1,12 @@
+diff -Nurp net-snmp-5.9.2-orig/net-snmp-create-v3-user.in net-snmp-5.9.2/net-snmp-create-v3-user.in
+--- net-snmp-5.9.2-orig/net-snmp-create-v3-user.in	2022-07-04 16:55:43.067366177 +0200
+++ net-snmp-5.9.2/net-snmp-create-v3-user.in	2022-07-04 16:57:54.927367685 +0200
+@@ -138,7 +138,7 @@ prefix=@prefix@
+ datarootdir=@datarootdir@
+ # To suppress shellcheck complaints about $prefix and $datarootdir.
+ : "$prefix" "$datarootdir"
+-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
+ line="$token $user"
+ echo "adding the following line to $outfile:"
+ echo "   $line"
--- a/net-snmp-5.9.2-pie.patch
+++ b/net-snmp-5.9.2-pie.patch
@ -1,8 +1,7 @@
-Index: net-snmp-5.9/agent/Makefile.in
-===================================================================
--- net-snmp-5.9.orig/agent/Makefile.in
-+++ net-snmp-5.9/agent/Makefile.in
-@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
+diff -Nurp net-snmp-5.9.2-orig/agent/Makefile.in net-snmp-5.9.2/agent/Makefile.in
+--- net-snmp-5.9.2-orig/agent/Makefile.in	2022-07-01 01:49:40.000000000 +0200
+++ net-snmp-5.9.2/agent/Makefile.in	2022-07-04 16:48:54.951361517 +0200
+@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
 	$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? 
 
 snmpd$(EXEEXT):	${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) 
@ -10,11 +9,10 @@ Index: net-snmp-5.9/agent/Makefile.in
 +	$(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
 
 libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION):    ${LLIBAGENTOBJS} $(USELIBS)
- 	$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
-Index: net-snmp-5.9/apps/Makefile.in
-===================================================================
--- net-snmp-5.9.orig/apps/Makefile.in
-+++ net-snmp-5.9/apps/Makefile.in
+ 	$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
+diff -Nurp net-snmp-5.9.2-orig/apps/Makefile.in net-snmp-5.9.2/apps/Makefile.in
+--- net-snmp-5.9.2-orig/apps/Makefile.in	2022-07-01 01:49:40.000000000 +0200
+++ net-snmp-5.9.2/apps/Makefile.in	2022-07-04 16:48:54.951361517 +0200
@@ -190,7 +190,7 @@ snmptest$(EXEEXT):    snmptest.$(OSUFFIX
 	$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
 
--- a/net-snmp-5.9.2.tar.gz
+++ b/net-snmp-5.9.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:21e86b06c8b54639f915781c9bf6433a79da5b7aa109087ea47a9b5378a6c5fd
+size 6646200
--- a/net-snmp-5.9.2.tar.gz.asc
+++ b/net-snmp-5.9.2.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAmK+Np4ACgkQ8HudLayx
+n9ahDQ//eAyWxwbhIjhAlOltO4/nqO3HgJiyfaAgE4UopMDLs4RLEreMZFrBsLiO
+R0NYkkwJMFzX2OIl0u0kA+2syXDwpIHJ4oNESGhGti825f0LBpptGxXHhEXFfxeY
+ecpzyO+SFWkcJli71XLQ2y9LLOk3YrnF2PtySvluNFCJ85n8yW+oA4Rkz4d+7L/X
+K7ywTofcpKBMOcR/uVqtuKMDiWSFwifZUOECDPjXkt/rnm9QhigWwp/TbtomD2Wh
+rS82yAjcdGVHpE4aGVAEQR3TFXFwwZv+Lr1byaAXYtAoYUoyzR39U7t7vArfGGnB
+Pe3Eui4R6g/tcczBz0pE2mbzMgIYjZamuPFhcd62ZWyjsHS+2/bkF3pfZddVMWqp
+CSzw6kzjY3L3GpihhSUVc7avLnrSi+T6j09zSX5RHFdZVbClm3/loaKtCAd5HI4v
+dyd3oQRm/L3ML6fuGld6YrwV9znq4BOJp564H0uJjzfN223MHP6bZei2OuHbCgsS
+vEzt1RIbZRPO1k2OlPrUmbTSgM09Ki8srIVSAJLWmXKA18WHjHqXy9H09A0beLxP
+ki9chY9Y9N4PCXILwkcSyRkAO0St5XW4DMmjUdIzGi7KYVJMLMME/ViF+IJnwYLa
+Ze7VA84FvSYIUPSkG/OvTkT6zgtH6XOHKcXNvJLq5gTJh4Zkt7Q=
+=TTtu
+-----END PGP SIGNATURE-----
--- a/net-snmp.changes
+++ b/net-snmp.changes
@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Mon Jul  4 15:06:59 UTC 2022 - Alexander Bergmann <abergmann@suse.com>
+
+- update to 5.9.2 (bsc#1201103):
+  - security:
+    - These two CVEs can be exploited by a user with read-only credentials:
+      - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
+        NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
+      - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
+        can cause a NULL pointer dereference.
+    - These CVEs can be exploited by a user with read-write credentials:
+      - CVE-2022-24806 Improper Input Validation when SETing malformed
+        OIDs in master agent and subagent simultaneously
+      - CVE-2022-24807 A malformed OID in a SET request to
+        SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
+        out-of-bounds memory access.
+      - CVE-2022-24808 A malformed OID in a SET request to
+        NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
+      - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
+        can cause a NULL pointer dereference.
+- Refactor two patches to work with version number 5.9.2:
+  delete:
+  * net-snmp-5.9.1-pie.patch
+  * net-snmp-5.9.1-fix-create-v3-user-outfile.patch
+  add:
+  * net-snmp-5.9.2-pie.patch
+  * net-snmp-5.9.2-fix-create-v3-user-outfile.patch
+
 -------------------------------------------------------------------
 Wed Jun 29 11:21:07 UTC 2022 - Stefan Schubert <schubi@suse.com>

--- a/net-snmp.spec
+++ b/net-snmp.spec
@ -30,7 +30,7 @@
 %define libname libsnmp40
 %bcond_without python2
 Name:           net-snmp
-Version:        5.9.1
+Version:        5.9.2
 Release:        0
 Summary:        SNMP Daemon
 License:        BSD-3-Clause AND MIT
@ -50,7 +50,7 @@ Source98:       net-snmp-rpmlintrc
 Source99:       baselibs.conf
 Patch1:         net-snmp-5.9.1-socket-path.patch
 Patch2:         net-snmp-5.9.1-testing-empty-arptable.patch
-Patch3:         net-snmp-5.9.1-pie.patch
+Patch3:         net-snmp-5.9.2-pie.patch
 Patch4:         net-snmp-5.9.1-net-snmp-config-headercheck.patch
 Patch5:         net-snmp-5.9.1-perl-tk-warning.patch
 Patch6:         net-snmp-5.9.1-velocity-mib.patch
@ -61,7 +61,7 @@ Patch10:        net-snmp-5.9.1-add-lustre-fs-support.patch
 Patch11:        net-snmp-5.9.1-harden_snmpd.service.patch
 Patch12:        net-snmp-5.9.1-harden_snmptrapd.service.patch
 Patch13:        net-snmp-5.9.1-suse-systemd-service-files.patch
-Patch14:        net-snmp-5.9.1-fix-create-v3-user-outfile.patch
+Patch14:        net-snmp-5.9.2-fix-create-v3-user-outfile.patch
 Patch15:        net-snmp-5.9.1-subagent-set-response.patch
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module setuptools}