zabbix/zabbix-6.0.12-netsnmp-fixes.patch

Index: m4/netsnmp.m4
===================================================================
--- m4/netsnmp.m4.orig	2023-09-25 12:26:59.951273749 +0200
+++ m4/netsnmp.m4	2023-10-17 22:18:29.154010921 +0200
@@ -169,7 +169,22 @@ session.securityAuthProto = usmHMAC384SH
 		],[
 		AC_MSG_RESULT(no)
 		])
-
+################## monkey patching....
+               dnl Check if MD5 auth is removed
+               AC_MSG_CHECKING(for disabled MD5 auth protocol support)
+               AC_TRY_LINK([
+#include <net-snmp/net-snmp-config.h>
+#include <net-snmp/net-snmp-includes.h>
+               ],[
+struct snmp_session session;
+session.securityAuthProto = usmHMACMD5AuthProtocol;
+               ],[
+               AC_DEFINE(HAVE_NETSNMP_NO_MD5_AUTH, 1, [Define to 1 if MD5 auth protocols is disabled.])
+               AC_MSG_RESULT(yes)
+               ],[
+               AC_MSG_RESULT(no)
+               ])
+################## end monkey patching....
 		dnl Check for AES192/256 protocol support for privacy
 		AC_MSG_CHECKING(for strong AES privacy protocol support)
 		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
Index: src/zabbix_server/poller/checks_snmp.c
===================================================================
--- src/zabbix_server/poller/checks_snmp.c.orig	2023-09-25 12:27:00.031274243 +0200
+++ src/zabbix_server/poller/checks_snmp.c	2023-10-17 22:18:29.154010921 +0200
@@ -356,10 +356,12 @@ static int	zbx_snmpv3_set_auth_protocol(
 
 	switch (item->snmpv3_authprotocol)
 	{
+#ifdef usmHMACMD5AuthProtocol
 		case ITEM_SNMPV3_AUTHPROTOCOL_MD5:
 			session->securityAuthProto = usmHMACMD5AuthProtocol;
 			session->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
 			break;
+#endif
 		case ITEM_SNMPV3_AUTHPROTOCOL_SHA1:
 			session->securityAuthProto = usmHMACSHA1AuthProtocol;
 			session->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;
Accepting request 1061411 from home:bmanojlovic:branches:server:monitoring:zabbix - updated to 6.0.12 - for changes in this major release please consult 6.0.html in /usr/share/doc/packages/zabbix/ - removed CVE-2022-35230.patch and zabbix-3.0.25-new-m4-pgsql.patch - added fixed zabbix-6.0.12-new-m4-pgsql.patch patch OBS-URL: https://build.opensuse.org/request/show/1061411 OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=39 2023-01-26 21:22:07 +01:00			`Index: m4/netsnmp.m4`
			`===================================================================`
Accepting request 1118375 from home:bmanojlovic:branches:server:monitoring:zabbix - updated to latest upstream release 6.0.22 - this version fixes CVE-2023-32722 and CVE-2023-32722 bsc#1216211 and bsc#1216222 - removed patches zabbix-6.0.12-new-m4-pgsql.patch zabbix-6.0.12-curl-fixes.patch honestly was tired of patching for correct way doing postgresql detection now added postgresql-server-devel which does not make sense but hey upstream does not care OBS-URL: https://build.opensuse.org/request/show/1118375 OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=47 2023-10-17 23:02:55 +02:00			`--- m4/netsnmp.m4.orig 2023-09-25 12:26:59.951273749 +0200`
			`+++ m4/netsnmp.m4 2023-10-17 22:18:29.154010921 +0200`
			`@@ -169,7 +169,22 @@ session.securityAuthProto = usmHMAC384SH`
Accepting request 1061411 from home:bmanojlovic:branches:server:monitoring:zabbix - updated to 6.0.12 - for changes in this major release please consult 6.0.html in /usr/share/doc/packages/zabbix/ - removed CVE-2022-35230.patch and zabbix-3.0.25-new-m4-pgsql.patch - added fixed zabbix-6.0.12-new-m4-pgsql.patch patch OBS-URL: https://build.opensuse.org/request/show/1061411 OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=39 2023-01-26 21:22:07 +01:00			`],[`
			`AC_MSG_RESULT(no)`
			`])`
			`-`
			`+################## monkey patching....`
			`+ dnl Check if MD5 auth is removed`
			`+ AC_MSG_CHECKING(for disabled MD5 auth protocol support)`
			`+ AC_TRY_LINK([`
			`+#include <net-snmp/net-snmp-config.h>`
			`+#include <net-snmp/net-snmp-includes.h>`
			`+ ],[`
			`+struct snmp_session session;`
			`+session.securityAuthProto = usmHMACMD5AuthProtocol;`
			`+ ],[`
			`+ AC_DEFINE(HAVE_NETSNMP_NO_MD5_AUTH, 1, [Define to 1 if MD5 auth protocols is disabled.])`
			`+ AC_MSG_RESULT(yes)`
			`+ ],[`
			`+ AC_MSG_RESULT(no)`
			`+ ])`
			`+################## end monkey patching....`
			`dnl Check for AES192/256 protocol support for privacy`
			`AC_MSG_CHECKING(for strong AES privacy protocol support)`
Accepting request 1118375 from home:bmanojlovic:branches:server:monitoring:zabbix - updated to latest upstream release 6.0.22 - this version fixes CVE-2023-32722 and CVE-2023-32722 bsc#1216211 and bsc#1216222 - removed patches zabbix-6.0.12-new-m4-pgsql.patch zabbix-6.0.12-curl-fixes.patch honestly was tired of patching for correct way doing postgresql detection now added postgresql-server-devel which does not make sense but hey upstream does not care OBS-URL: https://build.opensuse.org/request/show/1118375 OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=47 2023-10-17 23:02:55 +02:00			`AC_LINK_IFELSE([AC_LANG_PROGRAM([[`
Accepting request 1061411 from home:bmanojlovic:branches:server:monitoring:zabbix - updated to 6.0.12 - for changes in this major release please consult 6.0.html in /usr/share/doc/packages/zabbix/ - removed CVE-2022-35230.patch and zabbix-3.0.25-new-m4-pgsql.patch - added fixed zabbix-6.0.12-new-m4-pgsql.patch patch OBS-URL: https://build.opensuse.org/request/show/1061411 OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=39 2023-01-26 21:22:07 +01:00			`Index: src/zabbix_server/poller/checks_snmp.c`
			`===================================================================`
Accepting request 1118375 from home:bmanojlovic:branches:server:monitoring:zabbix - updated to latest upstream release 6.0.22 - this version fixes CVE-2023-32722 and CVE-2023-32722 bsc#1216211 and bsc#1216222 - removed patches zabbix-6.0.12-new-m4-pgsql.patch zabbix-6.0.12-curl-fixes.patch honestly was tired of patching for correct way doing postgresql detection now added postgresql-server-devel which does not make sense but hey upstream does not care OBS-URL: https://build.opensuse.org/request/show/1118375 OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=47 2023-10-17 23:02:55 +02:00			`--- src/zabbix_server/poller/checks_snmp.c.orig 2023-09-25 12:27:00.031274243 +0200`
			`+++ src/zabbix_server/poller/checks_snmp.c 2023-10-17 22:18:29.154010921 +0200`
Accepting request 1061411 from home:bmanojlovic:branches:server:monitoring:zabbix - updated to 6.0.12 - for changes in this major release please consult 6.0.html in /usr/share/doc/packages/zabbix/ - removed CVE-2022-35230.patch and zabbix-3.0.25-new-m4-pgsql.patch - added fixed zabbix-6.0.12-new-m4-pgsql.patch patch OBS-URL: https://build.opensuse.org/request/show/1061411 OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=39 2023-01-26 21:22:07 +01:00			`@@ -356,10 +356,12 @@ static int zbx_snmpv3_set_auth_protocol(`

			`switch (item->snmpv3_authprotocol)`
			`{`
			`+#ifdef usmHMACMD5AuthProtocol`
			`case ITEM_SNMPV3_AUTHPROTOCOL_MD5:`
			`session->securityAuthProto = usmHMACMD5AuthProtocol;`
			`session->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;`
			`break;`
			`+#endif`
			`case ITEM_SNMPV3_AUTHPROTOCOL_SHA1:`
			`session->securityAuthProto = usmHMACSHA1AuthProtocol;`
			`session->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;`