SHA256
1
0
forked from pool/zabbix
zabbix/zabbix-6.0.12-netsnmp-fixes.patch
Boris Manojlovic 107ec0f10f Accepting request 1118375 from home:bmanojlovic:branches:server:monitoring:zabbix
- updated to latest upstream release 6.0.22
- this version fixes CVE-2023-32722 and CVE-2023-32722 bsc#1216211 and bsc#1216222
- removed patches zabbix-6.0.12-new-m4-pgsql.patch zabbix-6.0.12-curl-fixes.patch
  honestly was tired of patching for correct way doing postgresql detection
  now added postgresql-server-devel which does not make sense but hey
  upstream does not care

OBS-URL: https://build.opensuse.org/request/show/1118375
OBS-URL: https://build.opensuse.org/package/show/server:monitoring:zabbix/zabbix?expand=0&rev=47
2023-10-17 21:02:55 +00:00

46 lines
1.8 KiB
Diff

Index: m4/netsnmp.m4
===================================================================
--- m4/netsnmp.m4.orig 2023-09-25 12:26:59.951273749 +0200
+++ m4/netsnmp.m4 2023-10-17 22:18:29.154010921 +0200
@@ -169,7 +169,22 @@ session.securityAuthProto = usmHMAC384SH
],[
AC_MSG_RESULT(no)
])
-
+################## monkey patching....
+ dnl Check if MD5 auth is removed
+ AC_MSG_CHECKING(for disabled MD5 auth protocol support)
+ AC_TRY_LINK([
+#include <net-snmp/net-snmp-config.h>
+#include <net-snmp/net-snmp-includes.h>
+ ],[
+struct snmp_session session;
+session.securityAuthProto = usmHMACMD5AuthProtocol;
+ ],[
+ AC_DEFINE(HAVE_NETSNMP_NO_MD5_AUTH, 1, [Define to 1 if MD5 auth protocols is disabled.])
+ AC_MSG_RESULT(yes)
+ ],[
+ AC_MSG_RESULT(no)
+ ])
+################## end monkey patching....
dnl Check for AES192/256 protocol support for privacy
AC_MSG_CHECKING(for strong AES privacy protocol support)
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
Index: src/zabbix_server/poller/checks_snmp.c
===================================================================
--- src/zabbix_server/poller/checks_snmp.c.orig 2023-09-25 12:27:00.031274243 +0200
+++ src/zabbix_server/poller/checks_snmp.c 2023-10-17 22:18:29.154010921 +0200
@@ -356,10 +356,12 @@ static int zbx_snmpv3_set_auth_protocol(
switch (item->snmpv3_authprotocol)
{
+#ifdef usmHMACMD5AuthProtocol
case ITEM_SNMPV3_AUTHPROTOCOL_MD5:
session->securityAuthProto = usmHMACMD5AuthProtocol;
session->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
break;
+#endif
case ITEM_SNMPV3_AUTHPROTOCOL_SHA1:
session->securityAuthProto = usmHMACSHA1AuthProtocol;
session->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;