pool/net-snmp
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 317257 from net-snmp:factory

Browse Source 
changes file modificatons after factory-auto reject (forwarded request 317256 from abergmann)

OBS-URL: https://build.opensuse.org/request/show/317257
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/net-snmp?expand=0&rev=75
This commit is contained in:
Stephan Kulow 2015-07-21 11:26:21 +00:00 committed by Git OBS Bridge
parent d7e9040eca
commit f9936db948
14 changed files with 486 additions and 464 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

446
net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch
View File

@ -1,446 +0,0 @@
commit 7f4a7b891332899cea26e95be0337aae01648742
Author: Jan Safranek <jsafranek@users.sourceforge.net>
Date: Thu Jul 31 13:46:49 2014 +0200
Added checks for printing variables with wrong types.
When -OQ command line argument is used, variable formatter preffers the type
of the varible parsed from a MIB file instead of checking type of the variable
as parsed from SNMP message.
This can lead to crashes when incoming packets contains a variable with
NULL type, while the MIB says the variable should be non-NULL, like Integer.
The formatter then tries to interpret the NULL (from packet) as Integer (from
MIB file).
Index: net-snmp-5.7.3.pre5/snmplib/mib.c
===================================================================
--- net-snmp-5.7.3.pre5.orig/snmplib/mib.c
+++ net-snmp-5.7.3.pre5/snmplib/mib.c
@@ -464,17 +464,16 @@ sprint_realloc_octet_string(u_char ** bu
u_char *cp;
int output_format, cnt;
- if ((var->type != ASN_OCTET_STR) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- const char str[] = "Wrong Type (should be OCTET STRING): ";
- if (snmp_cstrcat
- (buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_OCTET_STR) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ const char str[] = "Wrong Type (should be OCTET STRING): ";
+ if (!snmp_cstrcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
@@ -742,16 +741,16 @@ sprint_realloc_float(u_char ** buf, size
const struct enum_list *enums,
const char *hint, const char *units)
{
- if ((var->type != ASN_OPAQUE_FLOAT) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
- "Wrong Type (should be Float): ")) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_OPAQUE_FLOAT) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Float): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -812,17 +811,16 @@ sprint_realloc_double(u_char ** buf, siz
const struct enum_list *enums,
const char *hint, const char *units)
{
- if ((var->type != ASN_OPAQUE_DOUBLE) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- if (snmp_cstrcat
- (buf, buf_len, out_len, allow_realloc,
- "Wrong Type (should be Double): ")) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_OPAQUE_DOUBLE) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Double): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -887,20 +885,21 @@ sprint_realloc_counter64(u_char ** buf,
{
char a64buf[I64CHARSZ + 1];
- if ((var->type != ASN_COUNTER64
+ if (var->type != ASN_COUNTER64
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
&& var->type != ASN_OPAQUE_COUNTER64
&& var->type != ASN_OPAQUE_I64 && var->type != ASN_OPAQUE_U64
#endif
- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
- "Wrong Type (should be Counter64): ")) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ ) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Counter64): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -988,23 +987,25 @@ sprint_realloc_opaque(u_char ** buf, siz
const struct enum_list *enums,
const char *hint, const char *units)
{
- if ((var->type != ASN_OPAQUE
+ if (var->type != ASN_OPAQUE
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
&& var->type != ASN_OPAQUE_COUNTER64
&& var->type != ASN_OPAQUE_U64
&& var->type != ASN_OPAQUE_I64
&& var->type != ASN_OPAQUE_FLOAT && var->type != ASN_OPAQUE_DOUBLE
#endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */
- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
- "Wrong Type (should be Opaque): ")) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ ) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Opaque): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
+
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
switch (var->type) {
case ASN_OPAQUE_COUNTER64:
@@ -1080,17 +1081,16 @@ sprint_realloc_object_identifier(u_char
{
int buf_overflow = 0;
- if ((var->type != ASN_OBJECT_ID) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] =
- "Wrong Type (should be OBJECT IDENTIFIER): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_OBJECT_ID) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be OBJECT IDENTIFIER): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1150,16 +1150,16 @@ sprint_realloc_timeticks(u_char ** buf,
{
char timebuf[40];
- if ((var->type != ASN_TIMETICKS) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be Timeticks): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_TIMETICKS) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Timeticks): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_NUMERIC_TIMETICKS)) {
@@ -1317,17 +1317,18 @@ sprint_realloc_integer(u_char ** buf, si
{
char *enum_string = NULL;
- if ((var->type != ASN_INTEGER) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be INTEGER): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_INTEGER) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be INTEGER): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
+
for (; enums; enums = enums->next) {
if (enums->value == *var->val.integer) {
enum_string = enums->label;
@@ -1420,16 +1421,16 @@ sprint_realloc_uinteger(u_char ** buf, s
{
char *enum_string = NULL;
- if ((var->type != ASN_UINTEGER) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be UInteger32): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_UINTEGER) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be UInteger32): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
for (; enums; enums = enums->next) {
@@ -1517,17 +1518,16 @@ sprint_realloc_gauge(u_char ** buf, size
{
char tmp[32];
- if ((var->type != ASN_GAUGE) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] =
- "Wrong Type (should be Gauge32 or Unsigned32): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_GAUGE) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Gauge32 or Unsigned32): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1590,16 +1590,16 @@ sprint_realloc_counter(u_char ** buf, si
{
char tmp[32];
- if ((var->type != ASN_COUNTER) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be Counter32): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_COUNTER) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Counter32): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1653,16 +1653,16 @@ sprint_realloc_networkaddress(u_char **
{
size_t i;
- if ((var->type != ASN_IPADDRESS) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be NetworkAddress): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_IPADDRESS) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be NetworkAddress): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1719,16 +1719,16 @@ sprint_realloc_ipaddress(u_char ** buf,
{
u_char *ip = var->val.string;
- if ((var->type != ASN_IPADDRESS) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be IpAddress): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_IPADDRESS) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be IpAddress): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1777,20 +1777,20 @@ sprint_realloc_null(u_char ** buf, size_
const struct enum_list *enums,
const char *hint, const char *units)
{
- if ((var->type != ASN_NULL) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be NULL): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_NULL) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be NULL): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
- } else {
- u_char str[] = "NULL";
- return snmp_strcat(buf, buf_len, out_len, allow_realloc, str);
}
+
+ u_char str[] = "NULL";
+ return snmp_strcat(buf, buf_len, out_len, allow_realloc, str);
}
@@ -1825,16 +1825,16 @@ sprint_realloc_bitstring(u_char ** buf,
u_char *cp;
char *enum_string;
- if ((var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be BITS): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be BITS): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1909,16 +1909,16 @@ sprint_realloc_nsapaddress(u_char ** buf
const struct enum_list *enums, const char *hint,
const char *units)
{
- if ((var->type != ASN_NSAP) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be NsapAddress): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_NSAP) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be NsapAddress): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {

0
net-snmp-5.7.2-fix-snmpd-crashing-when-an-agentx-disconnects.patch → net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch
View File

0
net-snmp-5.7.2-net-snmp-config-headercheck.patch → net-snmp-5.7.3-net-snmp-config-headercheck.patch
View File

286
net-snmp-5.7.3-netgroups.patch Normal file
View File

@ -0,0 +1,286 @@
diff -Nurp net-snmp-5.7.3.orig/configure.d/config_os_functions net-snmp-5.7.3/configure.d/config_os_functions
--- net-snmp-5.7.3.orig/configure.d/config_os_functions 2014-12-08 21:23:22.000000000 +0100
+++ net-snmp-5.7.3/configure.d/config_os_functions 2015-07-16 10:32:15.159643068 +0200
@@ -31,11 +31,12 @@ AC_CHECK_FUNCS([lrand48 rand
[signal sigset ] )
# Library:
-AC_CHECK_FUNCS([closedir fgetc_unlocked flockfile ] dnl
- [fork funlockfile getipnodebyname ] dnl
- [gettimeofday if_nametoindex mkstemp ] dnl
- [opendir readdir regcomp ] dnl
- [setenv setitimer setlocale ] dnl
+AC_CHECK_FUNCS([closedir endnetgrent fgetc_unlocked ] dnl
+ [flockfile fork funlockfile ] dnl
+ [getipnodebyname getnetgrent gettimeofday ] dnl
+ [if_nametoindex mkstemp opendir ] dnl
+ [readdir regcomp setenv ] dnl
+ [setitimer setlocale setnetgrent ] dnl
[setsid snprintf strcasestr ] dnl
[strdup strerror strncasecmp ] dnl
[sysconf times vsnprintf ] )
diff -Nurp net-snmp-5.7.3.orig/man/snmpd.conf.5.def net-snmp-5.7.3/man/snmpd.conf.5.def
--- net-snmp-5.7.3.orig/man/snmpd.conf.5.def 2014-12-08 21:23:22.000000000 +0100
+++ net-snmp-5.7.3/man/snmpd.conf.5.def 2015-07-16 10:41:34.337850287 +0200
@@ -389,7 +389,14 @@ map an SNMPv1 or SNMPv2c community strin
a particular range of source addresses, or globally (\fI"default"\fR).
A restricted source can either be a specific hostname (or address), or
a subnet - represented as IP/MASK (e.g. 10.10.10.0/255.255.255.0), or
-IP/BITS (e.g. 10.10.10.0/24), or the IPv6 equivalents.
+IP/BITS (e.g. 10.10.10.0/24), or the IPv6 equivalents. It is also possible
+to reference a specific \fInetgroup\fR starting with an '@' character (e.g.
+@adminhosts). The \fInetgroup\fR lookup is running through the NSS (Name
+Services Switch) making it possible to define the group locally or via
+NIS/LDAP.
+.IP
+Note: The hostname DNS lookup and \fInetgroup\fR resolution is done only
+during snmpd start or reload.
.IP
The same community string can be specified in several separate directives
(presumably with different source tokens), and the first source/community
diff -Nurp net-snmp-5.7.3.orig/snmplib/transports/snmpUDPDomain.c net-snmp-5.7.3/snmplib/transports/snmpUDPDomain.c
--- net-snmp-5.7.3.orig/snmplib/transports/snmpUDPDomain.c 2014-12-08 21:23:22.000000000 +0100
+++ net-snmp-5.7.3/snmplib/transports/snmpUDPDomain.c 2015-07-16 10:32:15.160643078 +0200
@@ -88,6 +88,11 @@ void _netsnmp_udp_sockopt_set(int fd, in
int
netsnmp_sockaddr_in2(struct sockaddr_in *addr,
const char *inpeername, const char *default_target);
+static void
+netsnmp_udp_com2SecList_add(char *secName, size_t secNameLen,
+ char *contextName, size_t contextNameLen,
+ char *community, size_t communityLen,
+ struct in_addr network, struct in_addr mask);
/*
* Return a string representing the address in data, or else the "far end"
@@ -100,6 +105,59 @@ netsnmp_udp_fmtaddr(netsnmp_transport *t
return netsnmp_ipv4_fmtaddr("UDP", t, data, len);
}
+static int
+netsnmp_udp_resolve_source(char *source, struct in_addr *network,
+ struct in_addr *mask)
+{
+ /* Split the source/netmask parts */
+ char *strmask = strchr(source, '/');
+ if (strmask != NULL)
+ /* Mask given. */
+ *strmask++ = '\0';
+
+ /* Try interpreting as a dotted quad. */
+ if (inet_pton(AF_INET, source, network) == 0) {
+ /* Nope, wasn't a dotted quad. Must be a hostname. */
+ int ret = netsnmp_gethostbyname_v4(source, &(network->s_addr));
+ if (ret < 0) {
+ config_perror("cannot resolve source hostname");
+ return ret;
+ }
+ }
+
+ /* Now work out the mask. */
+ if (strmask == NULL || *strmask == '\0') {
+ /* No mask was given. Assume /32 */
+ mask->s_addr = (in_addr_t)(~0UL);
+ } else {
+ /* Try to interpret mask as a "number of 1 bits". */
+ char* cp;
+ long maskLen = strtol(strmask, &cp, 10);
+ if (*cp == '\0') {
+ if (0 < maskLen && maskLen <= 32)
+ mask->s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen)));
+ else if (maskLen == 0)
+ mask->s_addr = 0;
+ else {
+ config_perror("bad mask length");
+ return -1;
+ }
+ }
+ /* Try to interpret mask as a dotted quad. */
+ else if (inet_pton(AF_INET, strmask, mask) == 0) {
+ config_perror("bad mask");
+ return -1;
+ }
+
+ /* Check that the network and mask are consistent. */
+ if (network->s_addr & ~mask->s_addr) {
+ config_perror("source/mask mismatch");
+ return -1;
+ }
+ }
+ return 0;
+}
+
#if defined(HAVE_IP_PKTINFO) || defined(HAVE_IP_RECVDSTADDR)
@@ -259,102 +317,85 @@ netsnmp_udp_parse_security(const char *t
if (strcmp(source, "default") == 0) {
network.s_addr = 0;
mask.s_addr = 0;
+ netsnmp_udp_com2SecList_add(secName, secNameLen, contextName,
+ contextNameLen, community, communityLen, network, mask);
} else {
- /* Split the source/netmask parts */
- char *strmask = strchr(source, '/');
- if (strmask != NULL)
- /* Mask given. */
- *strmask++ = '\0';
-
- /* Try interpreting as a dotted quad. */
- if (inet_pton(AF_INET, source, &network) == 0) {
- /* Nope, wasn't a dotted quad. Must be a hostname. */
- int ret = netsnmp_gethostbyname_v4(source, &network.s_addr);
- if (ret < 0) {
- config_perror("cannot resolve source hostname");
- return;
- }
- }
-
- /* Now work out the mask. */
- if (strmask == NULL || *strmask == '\0') {
- /* No mask was given. Assume /32 */
- mask.s_addr = (in_addr_t)(~0UL);
- } else {
- /* Try to interpret mask as a "number of 1 bits". */
- char* cp;
- long maskLen = strtol(strmask, &cp, 10);
- if (*cp == '\0') {
- if (0 < maskLen && maskLen <= 32)
- mask.s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen)));
- else if (maskLen == 0)
- mask.s_addr = 0;
- else {
- config_perror("bad mask length");
- return;
+#if HAVE_ENDNETGRENT && HAVE_GETNETGRENT && HAVE_SETNETGRENT
+ /* Interpret as netgroup */
+ if (*source == '@') {
+ char *netgroup = source+1;
+ char *host, *user, *domain;
+ setnetgrent(netgroup);
+ while (getnetgrent(&host, &user, &domain)) {
+ if (netsnmp_udp_resolve_source(host, &network, &mask) == 0) {
+ netsnmp_udp_com2SecList_add(secName, secNameLen, contextName,
+ contextNameLen, community, communityLen, network, mask);
}
}
- /* Try to interpret mask as a dotted quad. */
- else if (inet_pton(AF_INET, strmask, &mask) == 0) {
- config_perror("bad mask");
- return;
- }
-
- /* Check that the network and mask are consistent. */
- if (network.s_addr & ~mask.s_addr) {
- config_perror("source/mask mismatch");
- return;
+ endnetgrent();
+ }
+ /* Without '@' it has to be an address or hostname */
+ else
+#endif
+ {
+ if (netsnmp_udp_resolve_source(source, &network, &mask) == 0) {
+ netsnmp_udp_com2SecList_add(secName, secNameLen, contextName,
+ contextNameLen, community, communityLen, network, mask);
}
}
}
+}
- {
- void* v = malloc(offsetof(com2SecEntry, community) + communityLen +
- secNameLen + contextNameLen);
-
- com2SecEntry* e = (com2SecEntry*)v;
- char* last = ((char*)v) + offsetof(com2SecEntry, community);
+static void
+netsnmp_udp_com2SecList_add(char *secName, size_t secNameLen, char *contextName,
+ size_t contextNameLen, char *community, size_t communityLen,
+ struct in_addr network, struct in_addr mask)
+{
+ void *v = malloc(offsetof(com2SecEntry, community) + communityLen +
+ secNameLen + contextNameLen);
- if (v == NULL) {
- config_perror("memory error");
- return;
- }
+ com2SecEntry* e = (com2SecEntry*)v;
+ char* last = ((char*)v) + offsetof(com2SecEntry, community);
- /*
- * Everything is okay. Copy the parameters to the structure allocated
- * above and add it to END of the list.
- */
+ if (v == NULL) {
+ config_perror("memory error");
+ return;
+ }
- {
- char buf1[INET_ADDRSTRLEN];
- char buf2[INET_ADDRSTRLEN];
- DEBUGMSGTL(("netsnmp_udp_parse_security",
- "<\"%s\", %s/%s> => \"%s\"\n", community,
- inet_ntop(AF_INET, &network, buf1, sizeof(buf1)),
- inet_ntop(AF_INET, &mask, buf2, sizeof(buf2)),
- secName));
- }
+ /*
+ * Everything is okay. Copy the parameters to the structure allocated
+ * above and add it to END of the list.
+ */
- memcpy(last, community, communityLen);
- last += communityLen;
- memcpy(last, secName, secNameLen);
- e->secName = last;
- last += secNameLen;
- if (contextNameLen) {
- memcpy(last, contextName, contextNameLen);
- e->contextName = last;
- } else
- e->contextName = last - 1;
- e->network = network.s_addr;
- e->mask = mask.s_addr;
- e->next = NULL;
-
- if (com2SecListLast != NULL) {
- com2SecListLast->next = e;
- com2SecListLast = e;
- } else {
- com2SecListLast = com2SecList = e;
- }
+ {
+ char buf1[INET_ADDRSTRLEN];
+ char buf2[INET_ADDRSTRLEN];
+ DEBUGMSGTL(("netsnmp_udp_parse_security",
+ "<\"%s\", %s/%s> => \"%s\"\n", community,
+ inet_ntop(AF_INET, &network, buf1, sizeof(buf1)),
+ inet_ntop(AF_INET, &mask, buf2, sizeof(buf2)),
+ secName));
+ }
+
+ memcpy(last, community, communityLen);
+ last += communityLen;
+ memcpy(last, secName, secNameLen);
+ e->secName = last;
+ last += secNameLen;
+ if (contextNameLen) {
+ memcpy(last, contextName, contextNameLen);
+ e->contextName = last;
+ } else
+ e->contextName = last - 1;
+ e->network = network.s_addr;
+ e->mask = mask.s_addr;
+ e->next = NULL;
+
+ if (com2SecListLast != NULL) {
+ com2SecListLast->next = e;
+ com2SecListLast = e;
+ } else {
+ com2SecListLast = com2SecList = e;
}
}

0
net-snmp-5.7.2-perl-tk-warning.patch → net-snmp-5.7.3-perl-tk-warning.patch
View File

0
net-snmp-5.7.2-pie.patch → net-snmp-5.7.3-pie.patch
View File

140
net-snmp-5.7.3-snmpstatus-suppress-output.patch Normal file
View File

@ -0,0 +1,140 @@
diff -Nurp net-snmp-5.7.3.orig/apps/snmpstatus.c net-snmp-5.7.3/apps/snmpstatus.c
--- net-snmp-5.7.3.orig/apps/snmpstatus.c 2015-07-14 22:06:08.938851077 +0200
+++ net-snmp-5.7.3/apps/snmpstatus.c 2015-07-14 22:06:23.905980889 +0200
@@ -96,6 +96,15 @@ size_t length_ipOutRequests =
#define NETSNMP_DS_APP_DONT_FIX_PDUS 0
+/* Flags to control which additional information to request and print */
+#define NETSNMP_STATUS_REQ_NETSTAT 0x0001
+#define NETSNMP_STATUS_REQ_NETOPER 0x0002
+#define NETSNMP_STATUS_REQ_ALL 0xffff
+
+/* By default request and print everything and let the user decide what
+ to suppress */
+static unsigned int rq_status = NETSNMP_STATUS_REQ_ALL;
+
static void
optProc(int argc, char *const *argv, int opt)
{
@@ -114,6 +123,22 @@ optProc(int argc, char *const *argv, int
}
}
break;
+ case 'S': /* 'S' == 'Suppress' */
+ while (*optarg) {
+ switch (*optarg++) {
+ case 'n':
+ rq_status &= ~NETSNMP_STATUS_REQ_NETSTAT;
+ break;
+ case 'i':
+ rq_status &= ~NETSNMP_STATUS_REQ_NETOPER;
+ break;
+ default:
+ fprintf(stderr, "Unknown flag passed to -S: %c\n",
+ optarg[-1]);
+ exit(1);
+ }
+ }
+ break;
}
}
@@ -128,6 +153,12 @@ usage(void)
" -C APPOPTS\t\tSet various application specific behaviours:\n");
fprintf(stderr,
"\t\t\t f: do not fix errors and retry the request\n");
+ fprintf(stderr,
+ " -S REQOPTS\t\tDo not request and print information about:\n");
+ fprintf(stderr,
+ "\t\t\t n: network (packets sent/received, operational status)\n");
+ fprintf(stderr,
+ "\t\t\t i: interface operational status\n");
}
@@ -152,7 +183,7 @@ main(int argc, char *argv[])
/*
* get the common command line arguments
*/
- switch (snmp_parse_args(argc, argv, &session, "C:", &optProc)) {
+ switch (snmp_parse_args(argc, argv, &session, "C:S:", &optProc)) {
case NETSNMP_PARSE_ARGS_ERROR:
exit(1);
case NETSNMP_PARSE_ARGS_SUCCESS_EXIT:
@@ -185,8 +216,10 @@ main(int argc, char *argv[])
pdu = snmp_pdu_create(SNMP_MSG_GET);
snmp_add_null_var(pdu, objid_sysDescr, length_sysDescr);
snmp_add_null_var(pdu, objid_sysUpTime, length_sysUpTime);
- snmp_add_null_var(pdu, objid_ipInReceives, length_ipInReceives);
- snmp_add_null_var(pdu, objid_ipOutRequests, length_ipOutRequests);
+ if (rq_status & NETSNMP_STATUS_REQ_NETSTAT) {
+ snmp_add_null_var(pdu, objid_ipInReceives, length_ipInReceives);
+ snmp_add_null_var(pdu, objid_ipOutRequests, length_ipOutRequests);
+ }
/*
* do the request
@@ -278,6 +311,10 @@ main(int argc, char *argv[])
if (response)
snmp_free_pdu(response);
+ /* Suppress request to retrieve network statistics */
+ if (!(rq_status & NETSNMP_STATUS_REQ_NETSTAT))
+ goto done;
+
/*
* create PDU for GET request and add object names to request
*/
@@ -375,11 +412,11 @@ main(int argc, char *argv[])
}
printf("Interfaces: %d, Recv/Trans packets: %d/%d | IP: %d/%d\n",
interfaces, ipackets, opackets, ipin, ipout);
- if (down_interfaces > 0) {
+ if ((rq_status & NETSNMP_STATUS_REQ_NETOPER) && (down_interfaces > 0)) {
printf("%d interface%s down!\n",
down_interfaces, down_interfaces > 1 ? "s are" : " is");
}
-
+ done:
snmp_close(ss);
SOCK_CLEANUP;
return exitval;
diff -Nurp net-snmp-5.7.3.orig/man/snmpstatus.1.def net-snmp-5.7.3/man/snmpstatus.1.def
--- net-snmp-5.7.3.orig/man/snmpstatus.1.def 2015-07-14 22:06:08.838850210 +0200
+++ net-snmp-5.7.3/man/snmpstatus.1.def 2015-07-14 22:13:19.891588792 +0200
@@ -32,7 +32,7 @@
snmpstatus - retrieves a fixed set of management information from a network entity
.SH SYNOPSIS
.B snmpstatus
-[COMMON OPTIONS] [\-Cf] AGENT
+[COMMON OPTIONS] [\-Cf] [\-Sni] AGENT
.SH DESCRIPTION
.B snmpstatus
is an SNMP application that retrieves several important statistics
@@ -94,6 +94,11 @@ variable (unless the
option is given, see below), but this variable will then be missing
from the displayed data.
.PP
+It is also possible to suppress parts of the default output by
+using the option
+.B \-S
+(see below).
+.PP
.SH OPTIONS
.TP
.B COMMON OPTIONS
@@ -108,5 +113,13 @@ by the agent and retry a request. In thi
the command will display the data that it can. If the \-Cf option
is specified, then snmpstatus will not try to fix
errors, and the error will cause the command to terminate.
+.TP
+.B \-Sn
+Do not retrieve and print network statistics such as packets
+sent and received and the number of network interfaces that
+are down.
+.TP
+.B \-Si
+Do not print the number of network interfaces that are down.
.SH "SEE ALSO"
snmpcmd(1), snmpget(1)

0
net-snmp-5.7.2-socket-path.patch → net-snmp-5.7.3-socket-path.patch
View File

0
net-snmp-5.7.2-testing-empty-arptable.patch → net-snmp-5.7.3-testing-empty-arptable.patch
View File

0
net-snmp-5.7.2-velocity-mib.patch → net-snmp-5.7.3-velocity-mib.patch
View File

3
net-snmp-5.7.3.pre5.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bcc6ab55f90e963b51bb34941c846979ecf62a5b385835d090ecdca5efad32e0
size 6375630

3
net-snmp-5.7.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:12ef89613c7707dc96d13335f153c1921efc9d61d3708ef09f3fc4a7014fb4f0
size 6382428

35
net-snmp.changes
View File

@ -1,3 +1,38 @@
-------------------------------------------------------------------
Tue Jul 14 09:43:16 UTC 2015 - abergmann@suse.com
- update to upstream version 5.7.3
- remove patch that is now present in the upstream release:
* net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch
- rename patches to new version number 5.7.3:
delete:
* net-snmp-5.7.2-fix-snmpd-crashing-when-an-agentx-disconnects.patch
* net-snmp-5.7.2-net-snmp-config-headercheck.patch
* net-snmp-5.7.2-perl-tk-warning.patch
* net-snmp-5.7.2-pie.patch
* net-snmp-5.7.2-socket-path.patch
* net-snmp-5.7.2-testing-empty-arptable.patch
* net-snmp-5.7.2-velocity-mib.patch
add:
* net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch
* net-snmp-5.7.3-net-snmp-config-headercheck.patch
* net-snmp-5.7.3-perl-tk-warning.patch
* net-snmp-5.7.3-pie.patch
* net-snmp-5.7.3-socket-path.patch
* net-snmp-5.7.3-testing-empty-arptable.patch
* net-snmp-5.7.3-velocity-mib.patch
- add build requirement 'procps' to fix a net-snmp-config error
(bsc#935863)
- enable DTLS and TLS support (FATE#318789)
new binary 'snmptls' was added
- add support for hostname netgroups (FATE#316305)
'@hostgroup' can be specified for multiple hosts
* net-snmp-5.7.3-netgroups.patch
- suppress network statistics output in snmpstatus (FATE#316289)
'-Sn' don't print any info about the network
'-Si' don't print the operational status of network interfaces
* net-snmp-5.7.3-snmpstatus-suppress-output.patch
-------------------------------------------------------------------
Sun Nov 30 15:52:36 UTC 2014 - cobexer@gmail.com

37
net-snmp.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package net-snmp
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -32,13 +32,14 @@
%define netsnmp_agentx_socket_dir_fhs %{_rundir}/agentx
%define netsnmp_agentx_socket_dir_rfc /var/agentx
%define tarver 5.7.3.pre5
Name: net-snmp
Version: 5.7.3
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: openssl-devel
BuildRequires: procps
BuildRequires: python-devel
BuildRequires: python-setuptools
BuildRequires: rpm-devel
@ -52,7 +53,7 @@ Requires: perl-TermReadKey
PreReq: %insserv_prereq %fillup_prereq /sbin/chkconfig
Url: http://sourceforge.net/projects/net-snmp
#Source: http://sourceforge.net/projects/net-snmp/files/net-snmp/%{version}/%{pkg_name}-%{version}.tar.gz
Source: %{pkg_name}-%{tarver}.tar.gz
Source: %{pkg_name}-%{version}.tar.gz
Source1: rc.snmpd
Source2: snmpd.conf
Source3: README.SUSE
@ -62,14 +63,15 @@ Source6: test_installed
Source7: net-snmp.sysconfig
Source8: net-snmp-rpmlintrc
Source9: baselibs.conf
Patch1: net-snmp-5.7.2-socket-path.patch
Patch2: net-snmp-5.7.2-testing-empty-arptable.patch
Patch3: net-snmp-5.7.2-pie.patch
Patch5: net-snmp-5.7.2-net-snmp-config-headercheck.patch
Patch6: net-snmp-5.7.2-perl-tk-warning.patch
Patch7: net-snmp-5.7.2-velocity-mib.patch
Patch9: net-snmp-5.7.2-fix-snmpd-crashing-when-an-agentx-disconnects.patch
Patch12: net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch
Patch1: net-snmp-5.7.3-socket-path.patch
Patch2: net-snmp-5.7.3-testing-empty-arptable.patch
Patch3: net-snmp-5.7.3-pie.patch
Patch4: net-snmp-5.7.3-net-snmp-config-headercheck.patch
Patch5: net-snmp-5.7.3-perl-tk-warning.patch
Patch6: net-snmp-5.7.3-velocity-mib.patch
Patch7: net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch
Patch8: net-snmp-5.7.3-netgroups.patch
Patch9: net-snmp-5.7.3-snmpstatus-suppress-output.patch
#
Summary: SNMP Daemon
License: BSD-3-Clause and MIT
@ -194,15 +196,16 @@ Net-SNMP toolkit library.
%prep
%setup -q -n %{pkg_name}-%{tarver}
%setup -q -n %{pkg_name}-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch12 -p1
%build
MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \
@ -214,6 +217,7 @@ MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \
MIBS="$MIBS ucd-snmp/lmsensorsMib"
%endif
autoreconf
%configure \
--with-sys-contact="root@localhost" \
--with-sys-location="unknown" \
@ -231,7 +235,9 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--without-root-access \
--enable-local-smux \
--enable-ipv6 \
--enable-ucd-snmp-compatibility
--enable-ucd-snmp-compatibility \
--with-security-modules=tsm \
--with-transports=TLSTCP,DTLSUDP
# Parallel building is disabled because dependencies between the Perl
# module and libnetsnmp are not correctly defined.
make #%{?_smp_mflags}
@ -326,6 +332,7 @@ rm -f "%buildroot/%_libdir"/*.la
%{_bindir}/snmpstatus
%{_bindir}/snmptable
%{_bindir}/snmptest
%{_bindir}/snmptls
%{_bindir}/snmptranslate
%{_bindir}/snmptrap
%{_bindir}/snmpusm