head	1.5;
access;
symbols
	pkgsrc-2013Q2:1.5.0.8
	pkgsrc-2013Q2-base:1.5
	pkgsrc-2012Q4:1.5.0.6
	pkgsrc-2012Q4-base:1.5
	pkgsrc-2011Q4:1.5.0.4
	pkgsrc-2011Q4-base:1.5
	pkgsrc-2011Q2:1.5.0.2
	pkgsrc-2011Q2-base:1.5
	pkgsrc-2011Q1:1.4.0.24
	pkgsrc-2011Q1-base:1.4
	pkgsrc-2010Q4:1.4.0.22
	pkgsrc-2010Q4-base:1.4
	pkgsrc-2010Q3:1.4.0.20
	pkgsrc-2010Q3-base:1.4
	pkgsrc-2010Q2:1.4.0.18
	pkgsrc-2010Q2-base:1.4
	pkgsrc-2010Q1:1.4.0.16
	pkgsrc-2010Q1-base:1.4
	pkgsrc-2009Q4:1.4.0.14
	pkgsrc-2009Q4-base:1.4
	pkgsrc-2009Q3:1.4.0.12
	pkgsrc-2009Q3-base:1.4
	pkgsrc-2009Q2:1.4.0.10
	pkgsrc-2009Q2-base:1.4
	pkgsrc-2009Q1:1.4.0.8
	pkgsrc-2009Q1-base:1.4
	pkgsrc-2008Q4:1.4.0.6
	pkgsrc-2008Q4-base:1.4
	pkgsrc-2008Q3:1.4.0.4
	pkgsrc-2008Q3-base:1.4
	cube-native-xorg:1.4.0.2
	cube-native-xorg-base:1.4
	pkgsrc-2008Q2:1.3.0.4
	pkgsrc-2008Q2-base:1.3
	cwrapper:1.3.0.2
	pkgsrc-2008Q1:1.2.0.10
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.8
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.6
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.2.0.4
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.2.0.2
	pkgsrc-2007Q1-base:1.2
	pkgsrc-2006Q4:1.1.0.2
	pkgsrc-2006Q4-base:1.1;
locks; strict;
comment	@# @;


1.5
date	2011.05.27.10.55.26;	author adam;	state dead;
branches;
next	1.4;

1.4
date	2008.07.15.09.14.01;	author adam;	state Exp;
branches;
next	1.3;

1.3
date	2008.06.12.13.32.24;	author tron;	state Exp;
branches;
next	1.2;

1.2
date	2007.02.05.12.06.16;	author adam;	state Exp;
branches
	1.2.10.1;
next	1.1;

1.1
date	2006.10.01.20.08.29;	author seb;	state Exp;
branches;
next	;

1.2.10.1
date	2008.06.16.08.51.43;	author ghen;	state Exp;
branches;
next	;


desc
@@


1.5
log
@Changes 5.6.1.1:
* OID Typedef Bug Fix: The oid typedef was changed in 5.6.1 to an u_int32 from
  a u_long.  This broke binary compatibility and likely 3rd-party code. 5.6.1.1
  reverts this change and fixes an underlying OID printing problem in two agent
  modules that caused someone to change the typedef in the first place.

Changes 5.6.1:
* General:
  - The DTLS and TLS transports and the TSM security model are no
    longer "beta" (they've undergone rigorous interoperability testing).
  - Many Bug Fixes (see the CHANGES and ChangeLog files for full details)
* snmpd:
  - 0 Patch 3141462: from fenner: fix agentx subagent issues with
    multiple-object requests
  - Patch from Niels to fix VACM persistant storage.

Changes 5.6:
* all:
  - Implemented the SNMP over TLS and SNMP over DTLS protocols [RFC-to-be]
  - Implemented the "Transport Security Model" [RFC5591]
  - Generic host-specific configuration .conf files are now read.
  - Include statements can now be used in .conf files.
* snmpd:
  - Fix handling of multiple matching VACM entries. (Use the "best"
    match, rather than the first one). Reported by Adam Lewis. Note
    that this could potentially affect the behaviour of existing access
    control configurations.
  - Agent will no longer call table handlers if a set request for the
    handler has invalid indexes
  - table_data/tdata next handler will not be called during get
    processing if no valid rows are found for the handler
  - [PATCH 2952708]: Added Perl implementation of BRIDGE-MIB
  - moved all functions defined in libnetsnmphelpers to
    libnetsnmpagent. libnetsnmphelpers is now an empty library.
  - Implemented the TSM-MIB and the TLSTM-MIB
  - new API for indicating that persistent store needs to be saved
    after the current request finishes processing
  - [PATCH 2931446]: make the load averages writable.
* apps:
  - A new tool 'net-snmp-cert' that easily creates and manages
    X.509 certificates for use with the SNMP over (D)TLS protocols.
  - Added an 'agentxtrap' command to send notifications via AgentX
  - -T command line flag can be used to pass configuration
    directly to transports that can accept configuration tokens
  - A new 'snmptls' command for manipulating the agent's TLS configuration
* snmplib:
  - A more modular transport subsystem that allows third party
    extensions and dependencies for code reuse.
  - New transport functions: f_config, f_open, f_copy and f_setup_session
  - Transports can now specify session defaults
  - [PATCH 2942940]: Add a new function, netsnmp_parse_args, that is
    like snmp_parse_args but takes an additional bitmask, flags, to
    affect the behaviour. Also remove the magic handling of some
    application names.
  - A new X.509 certificate API for indexing and reading certificates
  - new experimental row creation API which uses a state machine
    to try really hard to create a row from a given varbind list
  - netsnmp_container enhancements:
    - added a free_item function
    - added a CONTAINER_FREE_ALL macro/function
    - added an interface for duplicating a container (CONTAINER_DUP)
    - added a remove function to container_iterators
    - added an ability to set options on binary_array containers
  - new snmp token logOption allows specifying log destinations
    via configuration conf files
  - A very significant reduction in compiler warning output
  - new experimental simple state machine handling API
@
text
@$NetBSD: patch-ep,v 1.4 2008/07/15 09:14:01 adam Exp $

--- snmplib/scapi.c.orig	2008-06-09 21:20:35.000000000 +0200
+++ snmplib/scapi.c
@@@@ -272,7 +272,7 @@@@ sc_generate_keyed_hash(const oid * autht
 
     u_char          buf[SNMP_MAXBUF_SMALL];
 #if  defined(NETSNMP_USE_OPENSSL) || defined(NETSNMP_USE_PKCS11)
-    size_t             buf_len = sizeof(buf);
+    unsigned int    buf_len = sizeof(buf);
 #endif
 
     DEBUGTRACE;
@@@@ -553,6 +553,10 @@@@ sc_check_keyed_hash(const oid * authtype
     }
 #endif                          /* NETSNMP_ENABLE_TESTING_CODE */
 
+    if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
+        QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
+    }
+    
     /*
      * Sanity check.
      */
@


1.4
log
@Changes 5.4.1.2:
* An increment only in the version number that was failing to be
  reported properly by the tools.

Changes 5.4.1.1:
* SECURITY BUG: A portion of SNMPv3 code had significantly weakened
  authentication cryptography and unauthenticated access to a system
  is a possibility.
* It is critical that all users update their installations bases
  IMMEDIATELY.
* If you were only using SNMPv1 or SNMPv2c you were already insecure
  beyond a level that this vulnerability affects.
@
text
@d1 1
a1 1
$NetBSD$
@


1.3
log
@Add patch for CVE-2008-0960 from the Net-SNMP project page on Sourceforge.
@
text
@d3 3
a5 3
--- snmplib/scapi.c.orig	2006-09-15 13:47:01.000000000 +0100
+++ snmplib/scapi.c	2008-06-12 13:58:35.000000000 +0100
@@@@ -272,7 +272,7 @@@@
d14 1
a14 1
@@@@ -563,6 +563,10 @@@@
d16 1
a16 1
 
d23 2
a24 2
      * Generate a full hash of the message, then compare
      * the result with the given MAC which may shorter than
@


1.2
log
@Changes 5.4:
- The default configuration now enables embedded Perl and the Perl
  modules by default when possible unless explicitly disabled. You
  may use the --disable-embedded-perl and --without-perl-modules
  configure options, respectively, to revert to the former default
  configuration.
@
text
@d3 3
a5 3
--- snmplib/scapi.c.orig	2006-09-15 14:47:00.000000000 +0200
+++ snmplib/scapi.c
@@@@ -272,7 +272,7 @@@@ sc_generate_keyed_hash(const oid * autht
d14 11
@


1.2.10.1
log
@Pullup ticket 2424 - requested by tron
security patch + build fixes for net-snmp

- pkgsrc/net/net-snmp/Makefile				1.69-1.70
- pkgsrc/net/net-snmp/distinfo				1.44-1.46
- pkgsrc/net/net-snmp/files/cpu_dragonfly.c		1.3
- pkgsrc/net/net-snmp/patches/patch-ai			1.4-1.5
- pkgsrc/net/net-snmp/patches/patch-aj			1.5
- pkgsrc/net/net-snmp/patches/patch-ak			1.4
- pkgsrc/net/net-snmp/patches/patch-am			1.7
- pkgsrc/net/net-snmp/patches/patch-de			1.5
- pkgsrc/net/net-snmp/patches/patch-dk			removed
- pkgsrc/net/net-snmp/patches/patch-ep			1.3

   Module Name:		pkgsrc
   Committed By:	christos
   Date:		Thu Jun  5 19:09:41 UTC 2008

   Modified Files:
	   pkgsrc/net/net-snmp: Makefile distinfo
	   pkgsrc/net/net-snmp/files: cpu_dragonfly.c
	   pkgsrc/net/net-snmp/patches: patch-am patch-de
   Added Files:
	   pkgsrc/net/net-snmp/patches: patch-ai patch-aj patch-ak

   Log Message:
   PR/36978: Hasso Tepper: Make net-snmp work on dragonfly.
   While I am here make it run again on NetBSD (hi clown boy)
---
   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Fri Jun  6 16:18:04 UTC 2008

   Modified Files:
	   pkgsrc/net/net-snmp: distinfo
	   pkgsrc/net/net-snmp/patches: patch-ai
   Removed Files:
	   pkgsrc/net/net-snmp/patches: patch-dk

   Log Message:
   Combine the to patches for "agent/mibgroup/mibII/ip.c" to make this
   actually build.
---
   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Thu Jun 12 13:32:24 UTC 2008

   Modified Files:
	   pkgsrc/net/net-snmp: Makefile distinfo
	   pkgsrc/net/net-snmp/patches: patch-ep

   Log Message:
   Add patch for CVE-2008-0960 from the Net-SNMP project page on Sourceforge.
@
text
@d1 1
a1 1
$NetBSD: patch-ep,v 1.2 2007/02/05 12:06:16 adam Exp $
d3 3
a5 3
--- snmplib/scapi.c.orig	2006-09-15 13:47:01.000000000 +0100
+++ snmplib/scapi.c	2008-06-12 13:58:35.000000000 +0100
@@@@ -272,7 +272,7 @@@@
a13 11
@@@@ -563,6 +563,10 @@@@
     }
 
 
+    if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
+        QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
+    }
+    
     /*
      * Generate a full hash of the message, then compare
      * the result with the given MAC which may shorter than
@


1.1
log
@Split LP64 related patch file (patch-ea) from christos@@ so that there is
one patched file per patch file.
@
text
@d3 1
a3 1
--- snmplib/scapi.c.orig	2006-01-30 12:08:15.000000000 +0000
d8 1
a8 1
 #if  defined(USE_OPENSSL) || defined(USE_PKCS)
@