head 1.7; access; symbols pkgsrc-2022Q3:1.6.0.78 pkgsrc-2022Q3-base:1.6 pkgsrc-2022Q2:1.6.0.76 pkgsrc-2022Q2-base:1.6 pkgsrc-2022Q1:1.6.0.74 pkgsrc-2022Q1-base:1.6 pkgsrc-2021Q4:1.6.0.72 pkgsrc-2021Q4-base:1.6 pkgsrc-2021Q3:1.6.0.70 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.6.0.68 pkgsrc-2021Q2-base:1.6 pkgsrc-2021Q1:1.6.0.66 pkgsrc-2021Q1-base:1.6 pkgsrc-2020Q4:1.6.0.64 pkgsrc-2020Q4-base:1.6 pkgsrc-2020Q3:1.6.0.62 pkgsrc-2020Q3-base:1.6 pkgsrc-2020Q2:1.6.0.58 pkgsrc-2020Q2-base:1.6 pkgsrc-2020Q1:1.6.0.38 pkgsrc-2020Q1-base:1.6 pkgsrc-2019Q4:1.6.0.60 pkgsrc-2019Q4-base:1.6 pkgsrc-2019Q3:1.6.0.56 pkgsrc-2019Q3-base:1.6 pkgsrc-2019Q2:1.6.0.54 pkgsrc-2019Q2-base:1.6 pkgsrc-2019Q1:1.6.0.52 pkgsrc-2019Q1-base:1.6 pkgsrc-2018Q4:1.6.0.50 pkgsrc-2018Q4-base:1.6 pkgsrc-2018Q3:1.6.0.48 pkgsrc-2018Q3-base:1.6 pkgsrc-2018Q2:1.6.0.46 pkgsrc-2018Q2-base:1.6 pkgsrc-2018Q1:1.6.0.44 pkgsrc-2018Q1-base:1.6 pkgsrc-2017Q4:1.6.0.42 pkgsrc-2017Q4-base:1.6 pkgsrc-2017Q3:1.6.0.40 pkgsrc-2017Q3-base:1.6 pkgsrc-2017Q2:1.6.0.36 pkgsrc-2017Q2-base:1.6 pkgsrc-2017Q1:1.6.0.34 pkgsrc-2017Q1-base:1.6 pkgsrc-2016Q4:1.6.0.32 pkgsrc-2016Q4-base:1.6 pkgsrc-2016Q3:1.6.0.30 pkgsrc-2016Q3-base:1.6 pkgsrc-2016Q2:1.6.0.28 pkgsrc-2016Q2-base:1.6 pkgsrc-2016Q1:1.6.0.26 pkgsrc-2016Q1-base:1.6 pkgsrc-2015Q4:1.6.0.24 pkgsrc-2015Q4-base:1.6 pkgsrc-2015Q3:1.6.0.22 pkgsrc-2015Q3-base:1.6 pkgsrc-2015Q2:1.6.0.20 pkgsrc-2015Q2-base:1.6 pkgsrc-2015Q1:1.6.0.18 pkgsrc-2015Q1-base:1.6 pkgsrc-2014Q4:1.6.0.16 pkgsrc-2014Q4-base:1.6 pkgsrc-2014Q3:1.6.0.14 pkgsrc-2014Q3-base:1.6 pkgsrc-2014Q2:1.6.0.12 pkgsrc-2014Q2-base:1.6 pkgsrc-2014Q1:1.6.0.10 pkgsrc-2014Q1-base:1.6 pkgsrc-2013Q4:1.6.0.8 pkgsrc-2013Q4-base:1.6 pkgsrc-2013Q3:1.6.0.6 pkgsrc-2013Q3-base:1.6 pkgsrc-2013Q2:1.6.0.4 pkgsrc-2013Q2-base:1.6 pkgsrc-2013Q1:1.6.0.2 pkgsrc-2013Q1-base:1.6 pkgsrc-2012Q4:1.5.0.14 pkgsrc-2012Q4-base:1.5 pkgsrc-2012Q3:1.5.0.12 pkgsrc-2012Q3-base:1.5 pkgsrc-2012Q2:1.5.0.10 pkgsrc-2012Q2-base:1.5 pkgsrc-2012Q1:1.5.0.8 pkgsrc-2012Q1-base:1.5 pkgsrc-2011Q4:1.5.0.6 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q3:1.5.0.4 pkgsrc-2011Q3-base:1.5 pkgsrc-2011Q2:1.5.0.2 pkgsrc-2011Q2-base:1.5 pkgsrc-2011Q1:1.4.0.28 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.26 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.4.0.24 pkgsrc-2010Q3-base:1.4 pkgsrc-2010Q2:1.4.0.22 pkgsrc-2010Q2-base:1.4 pkgsrc-2010Q1:1.4.0.20 pkgsrc-2010Q1-base:1.4 pkgsrc-2009Q4:1.4.0.18 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q3:1.4.0.16 pkgsrc-2009Q3-base:1.4 pkgsrc-2009Q2:1.4.0.14 pkgsrc-2009Q2-base:1.4 pkgsrc-2009Q1:1.4.0.12 pkgsrc-2009Q1-base:1.4 pkgsrc-2008Q4:1.4.0.10 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.8 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.6 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.4 pkgsrc-2008Q2-base:1.4 cwrapper:1.4.0.2 pkgsrc-2008Q1:1.3.0.18 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.16 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.14 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.12 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.10 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.8 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.6 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.4 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.2 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.2.0.4 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.2 pkgsrc-2005Q3-base:1.2; locks; strict; comment @# @; 1.7 date 2022.10.18.12.01.52; author adam; state dead; branches; next 1.6; commitid 1hob0RpCwfzracYD; 1.6 date 2013.03.17.00.15.29; author gdt; state Exp; branches; next 1.5; 1.5 date 2011.05.27.10.55.25; author adam; state Exp; branches; next 1.4; 1.4 date 2008.06.05.19.09.41; author christos; state Exp; branches; next 1.3; 1.3 date 2006.01.24.22.16.55; author adam; state dead; branches 1.3.18.1; next 1.2; 1.2 date 2005.08.01.11.56.54; author wiz; state Exp; branches; next 1.1; 1.1 date 2005.07.31.02.30.18; author rtr; state Exp; branches; next ; 1.3.18.1 date 2008.06.16.08.51.43; author ghen; state Exp; branches; next ; desc @@ 1.7 log @net-snmp py-netsnmp: updated to 5.9.3 *5.9.3*: security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously - CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. - To avoid these flaws, use strong SNMPv3 credentials and do not share them. If you must use SNMPv1 or SNMPv2c, use a complex community string and enhance the protection by restricting access to a given IP address range. - Thanks are due to Yu Zhang of VARAS@@IIE and Nanyu Zhong of VARAS@@IIE for reporting the following CVEs that have been fixed in this release, and to Arista Networks for providing fixes. misc: - Snmp-create-v3-user: Fix the snmpd.conf path @@datadir@@ is expanded in ${datarootdir} so datarootdir must be set before @@datadir@@ is used. general: Many bug fixes *5.9.2*: skipped due to a last minute library versioning found bug -- use 5.9.3 instead *5.9.1*: General: Many bug fixes *5.9* snmplib: - Add IPv6 support to DTLSUDP transport CHANGES: snmplib: use new netsnmp_sockaddr_storage in netsnmp_addr_pair CHANGES: snmplib: add base_transport ptr for tunneled transports snmpd: - Security vulnerabilty in the ping MIB reported by Christopher Ertl from Microsoft fixed - Changing to a different uid/gid can only be done once - The extend mib is now read-only by default snmptrap: - BUG: 2899: Patch from Drew Roedersheimer to set library engineboots/time values before sending unspecified: - Add pkg-config support for building applications and sub-agents Use the netsnmp package when building Net-SNMP applications. Use the netsnmp-agent package when building Net-SNMP subagents. @ text @$NetBSD: patch-ak,v 1.6 2013/03/17 00:15:29 gdt Exp $ --- agent/mibgroup/mibII/icmp.c.orig 2012-10-09 22:28:58.000000000 +0000 +++ agent/mibgroup/mibII/icmp.c @@@@ -621,6 +621,13 @@@@ bail: #define USES_TRADITIONAL_ICMPSTAT #endif +#ifdef ICMP_NSTATS +struct icmpstat { + uint64_t st[ICMP_NSTATS]; +}; +#define ICMP_STAT_STRUCTURE struct icmpstat +#endif + #if !defined(ICMP_STAT_STRUCTURE) #define ICMP_STAT_STRUCTURE struct icmpstat #define USES_TRADITIONAL_ICMPSTAT @ 1.6 log @Update to 5.7.2. This is a major update in terms of pkgsrc patches, of which there are far far too many. Analysis of patches was done by Karen Sirois of BBN, and I have remvoed patches that have been applied upstream. This builds fine and passes tests on NetBSD 6 i386. If you look after some other platform (Dragonfly, Darwin, FreeBSD, etc.), please make sure any problems are filed as upstream tickets; pkgsrc is not appropriate to carry patches long-term that should be fixed upstream, and this package has gotten out of hand. (OK by adam@@ to do the update, but he has not reviewed the changes, so errors are my fault. It's quite likely there are issues on other platforms.) Upstream NEWS: *5.7.2* snmp: - BUG: 3526549: CVE-2012-2141 Array index error leading to crash snmpd: - BUG: 3532090: Fix high ifIndex values crashing hrDeviceDescr building: - PATCH: 2091156: correctly declare dependencies in Makefile. 'make -j ' should work now. Backport this to V5-4 as it is needed for correct operation in the single threaded case of make miblib as well. Many other miscellaneous minor bug fixes *5.7.1* libnetsnmp: - Fixed the mib-parsing-bug introduced shortly before 5.7 agent: - fixed rounding errors for disk percentage calculations openbsd: - better support for recent openbsd releases features: - bug fixes with minimalist support after additional user feedback Many other miscellaneous minor bug fixes *5.7* snmpd: - Delivery of data via regularily scheduled notifications. (see "Data Delivery via Notfications" in snmpd.conf) - Many time-based config options can take (m)ins, (h)ours, ... arguments (see the snmpd.conf manual page) - The PING and TRACEROUTE MIBs now compile and work-ish on linux http://www.net-snmp.org/wiki/index.php/DISMAN - Mib handlers can now implement a data_clone function for cloning the myvoid structure variable to avoid dangling pointers - Fixed persistent storage of VACM MIB configuration - Multi-homed agents send UDP responses from the proper IP address - The hrStorageTable implementation now supports large filesystems better - optimizations for large route tables - Added a deliveryByNotify config token for regular data delivery (see the snmpd.conf manual page and the NET-SNMP-PERIODIC-NOTIFY-MIB) - [PATCH 3141462]: fix agentx subagent issues with multiple-object requests - [PATCH 3057093]: linux uses libpci for creating useful ifDescr strings - [PATCH 3131397]: huge speedups of the TCP/UDP Tables libnetsnmp: - Removed the older CMU compatibility support - The SSH transport is now configurable TLS/DTLS support: - The SNMP over DTLS transport now properly supports IPv6 - Introduced new configuration tokens: localCert/peerCert (deprecating serverCert, clientCert, defX509ServerPub, defX509ClientPub) - Various fixes for the TLS/DTLS transports apps: - Added a per-variable timed output support to snmpwalk using -CT - snmpinform now correctly uses the local engineID for informs - A number of mib2c bug fixes - New snmp.conf tokens for timeouts and retries building: - New flags to reduce the amount of compiled code to bare minimums. This is provided by a new generic feature marking/selection mechanism. http://www.net-snmp.org/wiki/index.php/Feature_Marking_and_Selection - It's now possible to build without SNMPv3/USM (e.g., if you only want TLS/DTLS with SNMPv3/TSM) - It's possible to build the suite with no SET support configure using --enable-read-only - It's possible to build the agent as a notify-only agent configure using --enable-notify-only - Added a script to test memory usage with various config options (see the local/minimalist/sizetests script) - Net-SNMP can now be built to perform local DNSSEC validation (install DNSSEC-Tools' libval and use --with-local-dnssec-validation) testing: - a number of new API unit-tests have been added to the suite (to run the tests: cd testing && ./RUNFULLTESTS -g unit-tests) - The unit tests can be more easily run under valgrind (See http://bit.ly/jsgRnv for details) openbsd: - Support for updating the routing table via SNMP win32: - The testing suite works better under win32 environments - Many building fixes for the win32 environment(s) solaris: - Net-SNMP now supports the SCTP-MIB DragonFlyBSD, FreeBSD8: - Net-SNMP should now work on DragonFlyBSD and FreeBSD8 And of course: - Many other bug fixes. See the CHANGES and ChangeLog for details. @ text @d1 1 a1 1 $NetBSD: patch-ak,v 1.5 2011/05/27 10:55:25 adam Exp $ @ 1.5 log @Changes 5.6.1.1: * OID Typedef Bug Fix: The oid typedef was changed in 5.6.1 to an u_int32 from a u_long. This broke binary compatibility and likely 3rd-party code. 5.6.1.1 reverts this change and fixes an underlying OID printing problem in two agent modules that caused someone to change the typedef in the first place. Changes 5.6.1: * General: - The DTLS and TLS transports and the TSM security model are no longer "beta" (they've undergone rigorous interoperability testing). - Many Bug Fixes (see the CHANGES and ChangeLog files for full details) * snmpd: - 0 Patch 3141462: from fenner: fix agentx subagent issues with multiple-object requests - Patch from Niels to fix VACM persistant storage. Changes 5.6: * all: - Implemented the SNMP over TLS and SNMP over DTLS protocols [RFC-to-be] - Implemented the "Transport Security Model" [RFC5591] - Generic host-specific configuration .conf files are now read. - Include statements can now be used in .conf files. * snmpd: - Fix handling of multiple matching VACM entries. (Use the "best" match, rather than the first one). Reported by Adam Lewis. Note that this could potentially affect the behaviour of existing access control configurations. - Agent will no longer call table handlers if a set request for the handler has invalid indexes - table_data/tdata next handler will not be called during get processing if no valid rows are found for the handler - [PATCH 2952708]: Added Perl implementation of BRIDGE-MIB - moved all functions defined in libnetsnmphelpers to libnetsnmpagent. libnetsnmphelpers is now an empty library. - Implemented the TSM-MIB and the TLSTM-MIB - new API for indicating that persistent store needs to be saved after the current request finishes processing - [PATCH 2931446]: make the load averages writable. * apps: - A new tool 'net-snmp-cert' that easily creates and manages X.509 certificates for use with the SNMP over (D)TLS protocols. - Added an 'agentxtrap' command to send notifications via AgentX - -T command line flag can be used to pass configuration directly to transports that can accept configuration tokens - A new 'snmptls' command for manipulating the agent's TLS configuration * snmplib: - A more modular transport subsystem that allows third party extensions and dependencies for code reuse. - New transport functions: f_config, f_open, f_copy and f_setup_session - Transports can now specify session defaults - [PATCH 2942940]: Add a new function, netsnmp_parse_args, that is like snmp_parse_args but takes an additional bitmask, flags, to affect the behaviour. Also remove the magic handling of some application names. - A new X.509 certificate API for indexing and reading certificates - new experimental row creation API which uses a state machine to try really hard to create a row from a given varbind list - netsnmp_container enhancements: - added a free_item function - added a CONTAINER_FREE_ALL macro/function - added an interface for duplicating a container (CONTAINER_DUP) - added a remove function to container_iterators - added an ability to set options on binary_array containers - new snmp token logOption allows specifying log destinations via configuration conf files - A very significant reduction in compiler warning output - new experimental simple state machine handling API @ text @d1 1 a1 1 $NetBSD: patch-ak,v 1.4 2008/06/05 19:09:41 christos Exp $ d3 3 a5 3 --- agent/mibgroup/mibII/icmp.c.orig 2007-07-16 19:59:44.000000000 -0400 +++ agent/mibgroup/mibII/icmp.c 2008-06-04 19:42:01.000000000 -0400 @@@@ -455,6 +455,13 @@@@ @ 1.4 log @PR/36978: Hasso Tepper: Make net-snmp work on dragonfly. While I am here make it run again on NetBSD (hi clown boy) @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 @@@@ -140,6 +140,13 @@@@ @ 1.3 log @Changes 5.3.0.1: *** Security Fix *** Changes 5.3: *** Important Notes *** Several very significant changes have been made in Net-SNMP for this release that warrant special attention. - shared library version number no longer matches the release number. We now follow the versioning scheme recommended by libtool. For the 5.3 release this means that the libraries now have a SONAME ending with ".so.10", e.g. libnetsnmp.so.10. - snmpd has not been truncating log files at startup, as documented in the man pages, for a while now. This default behaviour has been restored. Please use the '-A' flag if you want to continue appending to your log files at startup. - snmptrapd will no longer accept all traps by default. It must be configured with authorized SNMPv1/v2c community strings and/or SNMPv3 users. Non-authorized traps/informs will be dropped. - Due to a copyright statement that didn't allow modifications, snmpnetstat has been completely rewritten. The new version now accepts the same command-line options as the other tools, which has introduced a number of incompatible changes. However, it does now finally support SNMPv3. @ text @d1 6 a6 17 $NetBSD: patch-ak,v 1.2 2005/08/01 11:56:54 wiz Exp $ --- agent/mibgroup/ucd-snmp/disk.c.orig 2005-07-30 18:48:29.000000000 +1000 +++ agent/mibgroup/ucd-snmp/disk.c 2005-07-30 18:49:20.000000000 +1000 @@@@ -73,15 +73,17 @@@@ #if HAVE_SYS_VFS_H #include #endif -#if (!defined(HAVE_STATVFS)) && defined(HAVE_STATFS) +#ifdef HAVE_STATFS #if HAVE_SYS_MOUNT_H #include #endif #if HAVE_SYS_SYSCTL_H #include #endif +#ifndef HAVE_STATVFS #define statvfs statfs d8 6 d15 4 a18 3 #if HAVE_VM_VM_H #include #endif @ 1.3.18.1 log @Pullup ticket 2424 - requested by tron security patch + build fixes for net-snmp - pkgsrc/net/net-snmp/Makefile 1.69-1.70 - pkgsrc/net/net-snmp/distinfo 1.44-1.46 - pkgsrc/net/net-snmp/files/cpu_dragonfly.c 1.3 - pkgsrc/net/net-snmp/patches/patch-ai 1.4-1.5 - pkgsrc/net/net-snmp/patches/patch-aj 1.5 - pkgsrc/net/net-snmp/patches/patch-ak 1.4 - pkgsrc/net/net-snmp/patches/patch-am 1.7 - pkgsrc/net/net-snmp/patches/patch-de 1.5 - pkgsrc/net/net-snmp/patches/patch-dk removed - pkgsrc/net/net-snmp/patches/patch-ep 1.3 Module Name: pkgsrc Committed By: christos Date: Thu Jun 5 19:09:41 UTC 2008 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo pkgsrc/net/net-snmp/files: cpu_dragonfly.c pkgsrc/net/net-snmp/patches: patch-am patch-de Added Files: pkgsrc/net/net-snmp/patches: patch-ai patch-aj patch-ak Log Message: PR/36978: Hasso Tepper: Make net-snmp work on dragonfly. While I am here make it run again on NetBSD (hi clown boy) --- Module Name: pkgsrc Committed By: tron Date: Fri Jun 6 16:18:04 UTC 2008 Modified Files: pkgsrc/net/net-snmp: distinfo pkgsrc/net/net-snmp/patches: patch-ai Removed Files: pkgsrc/net/net-snmp/patches: patch-dk Log Message: Combine the to patches for "agent/mibgroup/mibII/ip.c" to make this actually build. --- Module Name: pkgsrc Committed By: tron Date: Thu Jun 12 13:32:24 UTC 2008 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo pkgsrc/net/net-snmp/patches: patch-ep Log Message: Add patch for CVE-2008-0960 from the Net-SNMP project page on Sourceforge. @ text @d1 17 a17 6 $NetBSD$ --- agent/mibgroup/mibII/icmp.c.orig 2007-07-16 19:59:44.000000000 -0400 +++ agent/mibgroup/mibII/icmp.c 2008-06-04 19:42:01.000000000 -0400 @@@@ -140,6 +140,13 @@@@ #define USES_TRADITIONAL_ICMPSTAT a18 6 +#ifdef ICMP_NSTATS +struct icmpstat { + uint64_t st[ICMP_NSTATS]; +}; +#define ICMP_STAT_STRUCTURE struct icmpstat d20 3 a22 4 + #if !defined(ICMP_STAT_STRUCTURE) #define ICMP_STAT_STRUCTURE struct icmpstat #define USES_TRADITIONAL_ICMPSTAT @ 1.2 log @Add RCS Id. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @make net-snmp build on darwin 8.2.0 patches from darwin sources @ text @d1 1 @