Fix snmptrapd buffer overflow (bsc#1255491, CVE-2025-68615).

net-snmp-5.9.4-fix-out-of-bounds-trapOid-access.patch

@@ -0,0 +1,16 @@
+diff -Nurp net-snmp-5.9.4-orig/apps/snmptrapd_handlers.c net-snmp-5.9.4/apps/snmptrapd_handlers.c
+--- net-snmp-5.9.4-orig/apps/snmptrapd_handlers.c	2026-01-12 08:08:23.751152850 +0000
++++ net-snmp-5.9.4/apps/snmptrapd_handlers.c	2026-01-12 08:10:29.907152850 +0000
+@@ -1112,6 +1112,12 @@ snmp_input(int op, netsnmp_session *sess
+ 	     */
+             if (pdu->trap_type == SNMP_TRAP_ENTERPRISESPECIFIC) {
+                 trapOidLen = pdu->enterprise_length;
++                /*
++                 * Drop packets that would trigger an out-of-bounds trapOid[]
++                 * access.
++                 */
++                if (trapOidLen < 1 || trapOidLen > OID_LENGTH(trapOid) - 2)
++                    return 1;
+                 memcpy(trapOid, pdu->enterprise, sizeof(oid) * trapOidLen);
+                 if (trapOid[trapOidLen - 1] != 0) {
+                     trapOid[trapOidLen++] = 0;

net-snmp-5.9.4-systemd-no-utmp.patch

@@ -1,49 +0,0 @@
-diff -uwr net-snmp-5.9.3.old/agent/Makefile.in net-snmp-5.9.3/agent/Makefile.in
---- net-snmp-5.9.3.old/agent/Makefile.in	2022-07-13 23:14:14.000000000 +0200
-+++ net-snmp-5.9.3/agent/Makefile.in	2023-06-16 11:31:16.049538400 +0200
-@@ -116,7 +116,7 @@
- MIBLIB		= libnetsnmpmibs.$(LIB_EXTENSION)$(LIB_VERSION)
- 
- LAGENTLIBS	= @LAGENTLIBS@
--LMIBLIBS	= @LMIBLIBS@
-+LMIBLIBS	= @LMIBLIBS@ -lsystemd
- VAL_LIBS	= @VAL_LIBS@
- PERLLDOPTS_FOR_APPS = @PERLLDOPTS_FOR_APPS@
- PERLLDOPTS_FOR_LIBS = @PERLLDOPTS_FOR_LIBS@
-diff -uwr net-snmp-5.9.3.old/agent/mibgroup/host/hr_system.c net-snmp-5.9.3/agent/mibgroup/host/hr_system.c
---- net-snmp-5.9.3.old/agent/mibgroup/host/hr_system.c	2022-07-13 23:14:14.000000000 +0200
-+++ net-snmp-5.9.3/agent/mibgroup/host/hr_system.c	2023-06-16 10:38:58.916026706 +0200
-@@ -79,6 +79,11 @@
- #include <sys/sysctl.h>
- #endif
- 
-+#ifndef NETSNMP_NO_SYSTEMD
-+#include <systemd/sd-daemon.h>
-+#include <systemd/sd-login.h>
-+#endif
-+
- netsnmp_feature_require(date_n_time);
- 
- #if !defined(UTMP_FILE) && defined(_PATH_UTMP)
-@@ -686,6 +691,11 @@
-     struct utmp    *utmp_p;
- #endif
- 
-+#ifndef NETSNMP_NO_SYSTEMD
-+    if (sd_booted () > 0)
-+        total = sd_get_sessions (NULL);
-+    else {
-+#endif
-     setutent();
-     while ((utmp_p = getutent()) != NULL) {
- #ifndef UTMP_HAS_NO_TYPE
-@@ -704,6 +714,9 @@
-             ++total;
-     }
-     endutent();
-+#ifndef NETSNMP_NO_SYSTEMD
-+    }
-+#endif
- #else /* WIN32 */
-    /* 
-     * TODO - Error checking.

net-snmp.changes

@@ -1,26 +1,16 @@
 -------------------------------------------------------------------
-Wed Jan 22 15:48:36 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+Mon Jan 12 11:35:23 UTC 2026 - Alexander Bergmann <abergmann@suse.com>
 
-- Drop rcFOO symlinks for CODE16 (PED-266).
+- Fix snmptrapd buffer overflow (bsc#1255491, CVE-2025-68615).
+  Add net-snmp-5.9.4-fix-out-of-bounds-trapOid-access.patch
 
 -------------------------------------------------------------------
-Fri Nov 15 07:20:59 UTC 2024 - Alexander Bergmann <abergmann@suse.com>
-
-- logrotate should use reload instead of restart (bsc#1232030) 
-
--------------------------------------------------------------------
-Fri Oct 20 09:01:42 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
-
-- net-snmp-5.9.4-systemd-no-utmp.patch: prefer systemd-logind over
-  utmp to count number of logged in users, utmp is not reliable for
-  this and has a Y2038 problem (jsc#PED-3144) 
-
--------------------------------------------------------------------
-Tue Oct 17 13:56:01 UTC 2023 - Alexander Bergmann <abergmann@suse.com>
+Thu Nov 14 16:53:39 UTC 2024 - Alexander Bergmann <abergmann@suse.com>
 
 - Update to net-snmp-5.9.4 (bsc#1214364).
   add (rename):
   * net-snmp-5.9.4-add-lustre-fs-support.patch
+  * net-snmp-5.9.4-add-netgroups-functionality.patch
   * net-snmp-5.9.4-fix-create-v3-user-outfile.patch
   * net-snmp-5.9.4-fixed-python2-bindings.patch
   * net-snmp-5.9.4-fix-Makefile.PL.patch
@@ -38,26 +28,23 @@ Tue Oct 17 13:56:01 UTC 2023 - Alexander Bergmann <abergmann@suse.com>
   * net-snmp-5.9.3-grep.patch
   delete (rename):
   * net-snmp-5.9.1-add-lustre-fs-support.patch
-  * net-snmp-5.9.2-fix-create-v3-user-outfile.patch
-  * net-snmp-5.9.3-fixed-python2-bindings.patch
   * net-snmp-5.9.1-fix-Makefile.PL.patch
   * net-snmp-5.9.1-modern-rpm-api.patch
   * net-snmp-5.9.1-net-snmp-config-headercheck.patch
   * net-snmp-5.9.1-perl-tk-warning.patch
-  * net-snmp-5.9.2-pie.patch
   * net-snmp-5.9.1-snmpstatus-suppress-output.patch
   * net-snmp-5.9.1-socket-path.patch
   * net-snmp-5.9.1-subagent-set-response.patch
   * net-snmp-5.9.1-suse-systemd-service-files.patch
   * net-snmp-5.9.1-testing-empty-arptable.patch
-- Removing legacy MIBs used by Velocity Software (jira#PED-6416).
-  delete:
   * net-snmp-5.9.1-velocity-mib.patch
+  * net-snmp-5.9.2-fix-create-v3-user-outfile.patch
+  * net-snmp-5.9.2-pie.patch
+  * net-snmp-5.9.3-fixed-python2-bindings.patch
+- Removing legacy MIBs used by Velocity Software (jira#PED-6416).
 - Re-add support for hostname netgroups that was removed accidentally and
   previously added with FATE#316305 (bsc#1207697).
   '@hostgroup' can be specified for multiple hosts
-  add:
-  * net-snmp-5.9.4-add-netgroups-functionality.patch
 - Hardening systemd services setting "ProtectHome=true" caused home directory
   size and allocation to be listed incorrectly (bsc#1206044).
   add (rename):
@@ -66,6 +53,7 @@ Tue Oct 17 13:56:01 UTC 2023 - Alexander Bergmann <abergmann@suse.com>
   delete (rename):
   * net-snmp-5.9.1-harden_snmpd.service.patch
   * net-snmp-5.9.1-harden_snmptrapd.service.patch
+- logrotate should use reload instead of restart (bsc#1232030)
 
 -------------------------------------------------------------------
 Thu Jan  5 11:49:22 UTC 2023 - Alexander Bergmann <abergmann@suse.com>

net-snmp.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package net-snmp
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -64,7 +64,7 @@ Patch13:        net-snmp-5.9.4-fix-create-v3-user-outfile.patch
 Patch14:        net-snmp-5.9.4-subagent-set-response.patch
 Patch15:        net-snmp-5.9.4-fixed-python2-bindings.patch
 Patch16:        net-snmp-5.9.4-add-netgroups-functionality.patch
-Patch17:        net-snmp-5.9.4-systemd-no-utmp.patch
+Patch17:        net-snmp-5.9.4-fix-out-of-bounds-trapOid-access.patch
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  autoconf
@@ -75,13 +75,13 @@ BuildRequires:  openssl-devel
 BuildRequires:  procps
 BuildRequires:  python-rpm-macros
 BuildRequires:  rpm-devel
-BuildRequires:  systemd-devel
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  tcpd-devel
 Requires:       logrotate
 Requires:       perl-SNMP = %{version}
 Requires:       perl-TermReadKey
 Requires(post): %fillup_prereq
+%{?systemd_requires}
 %if 0%{?netsnmp_with_sensors}
 BuildRequires:  libsensors4-devel
 %endif
@@ -277,9 +277,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
 	--with-transports=TLSTCP,DTLSUDP \
 	--with-systemd \
 	--with-openssl \
-	--enable-blumenthal-aes \
-	--disable-des \
-	--disable-md5
+	--enable-blumenthal-aes
 
 # Parallel build deps not properly stated
 %make_build -j1
@@ -302,10 +300,8 @@ install -D -m 0644 %{SOURCE3} %{buildroot}%{_distconfdir}/logrotate.d/net-snmp
 install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/net-snmp
 %endif
 install -m 0744 %{SOURCE4} testing/
-%if 0%{?suse_version} < 1600
 ln -sf service %{buildroot}%{_sbindir}/rcsnmpd
 ln -sf service %{buildroot}%{_sbindir}/rcsnmptrapd
-%endif
 install -m 0644 /dev/null  %{buildroot}%{netsnmp_logfile}
 pushd perl
     %perl_make_install