head 1.6; access; symbols pkgsrc-2026Q1:1.6.0.2 pkgsrc-2026Q1-base:1.6 pkgsrc-2025Q4:1.5.0.16 pkgsrc-2025Q4-base:1.5 pkgsrc-2025Q3:1.5.0.14 pkgsrc-2025Q3-base:1.5 pkgsrc-2025Q2:1.5.0.12 pkgsrc-2025Q2-base:1.5 pkgsrc-2025Q1:1.5.0.10 pkgsrc-2025Q1-base:1.5 pkgsrc-2024Q4:1.5.0.8 pkgsrc-2024Q4-base:1.5 pkgsrc-2024Q3:1.5.0.6 pkgsrc-2024Q3-base:1.5 pkgsrc-2024Q2:1.5.0.4 pkgsrc-2024Q2-base:1.5 pkgsrc-2024Q1:1.5.0.2 pkgsrc-2024Q1-base:1.5 pkgsrc-2023Q4:1.3.0.10 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.8 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.6 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.4 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.2 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.2.0.2 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.1.0.18 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.16 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.14 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.12 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.10 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.8 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.6 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.4 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.2 pkgsrc-2020Q2-base:1.1; locks; strict; comment @# @; 1.6 date 2026.01.11.05.08.00; author wiz; state Exp; branches; next 1.5; commitid f5PBo8LCtb5SUVpG; 1.5 date 2024.03.06.09.37.00; author jperkin; state Exp; branches; next 1.4; commitid PHstbiNHCvWo851F; 1.4 date 2024.02.21.10.21.01; author wiz; state Exp; branches; next 1.3; commitid aqgX0UGDsJjmPhZE; 1.3 date 2022.10.18.12.01.52; author adam; state Exp; branches; next 1.2; commitid 1hob0RpCwfzracYD; 1.2 date 2022.08.05.10.55.01; author adam; state Exp; branches; next 1.1; commitid kimV2dCBbSO5bGOD; 1.1 date 2020.06.12.02.22.08; author sevan; state Exp; branches; next ; commitid FaWD0tqe6gSVwSbC; desc @@ 1.6 log @net-snmp: update to 5.9.5. *5.9.5*: snmptrapd: - fixed a critical vulnerability triggered by a specially crafted trap snmpd: - Make UCD-SNMP::dskTable dynamic if includeAllDisks is set.") added a verification that drops all filesystems not present in other_fs[] table. So add 'ubifs' in other_fs[] to fix it. configure: - Change the default OpenSSL path into /usr Change the default OpenSSL path from /usr/local/ssl into /usr since that is the default location for all current Linux distributions. unspecified: - Remove redundant declarations These changes aim to remove redundant declarations from the Net-SNMP source code. They are most easily exposed with adding -Wredundant-decls to CPPFLAGS for the gcc compiler. Redundant declarations in other used modules and mib2c generated code are left in place. The changes consist of: - Removal of duplicate declarations in header files, other or the same. - Removal of duplicate declarations in source files, where the prototype already exists in the appropriate header file. - Fixing declaration of register log handler functions. - Use of forward declared struct, rather than extern function or char. " prefix to subject and ran autoreconf ] Add: - Wredundant-decls to the developer options Remove: - Wredundant-decls from the developer options Revert commit ad80e335b8af because this option causes a lot of noise for the Perl header files. Win32: - WinExtDLL: Fix the build Fix the following build error: mibgroup/winExtDLL.c:360:14: error: implicit declaration of function 'should_init' [-Wimplicit-function-declaration] 360 | if (!should_init(dll_basename)) { | ^~~~~~~~~~~ configure: - Add --with-wolfssl Add support for building and linking with the wolfSSL library instead of OpenSSL. Other changes that have been included in this patch are: - Only enable AES support if EVP_aes_128_cfb() is available. - Add support for detecting SSL functions if these have been defined as macros. @ text @$NetBSD: patch-configure,v 1.5 2024/03/06 09:37:00 jperkin Exp $ - Do not store configure options as these might be polluted with workdir. - Support long fds_bits. --- configure.orig 2025-12-20 15:03:44.000000000 +0000 +++ configure @@@@ -3800,7 +3800,7 @@@@ ac_config_headers="$ac_config_headers include/net-snmp # save the configure arguments # -printf "%s\n" "#define NETSNMP_CONFIGURE_OPTIONS \"${NETSNMP_CONFIGURE_OPTIONS-$ac_configure_args}\"" >>confdefs.h +printf "%s\n" "#define NETSNMP_CONFIGURE_OPTIONS \"\"" >>confdefs.h CONFIGURE_OPTIONS="\"$ac_configure_args\"" @ 1.5 log @net-snmp: Support long fds_bits. @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.4 2024/02/21 10:21:01 wiz Exp $ d6 1 a6 1 --- configure.orig 2023-08-15 20:32:24.000000000 +0000 d8 1 a8 1 @@@@ -3752,7 +3752,7 @@@@ ac_config_headers="$ac_config_headers in a16 9 @@@@ -31638,7 +31638,7 @@@@ CFLAGS="$CFLAGS -Werror" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the type of fd_set::fds_bits" >&5 printf %s "checking for the type of fd_set::fds_bits... " >&6; } -for type in __fd_mask __int32_t unknown; do +for type in __fd_mask __int32_t long unknown; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @ 1.4 log @*net-snmp: update to 5.9.4 *5.9.4*: IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly in this release with various versions of OpenSSL and will be fixed in a future release. libsnmp: - Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not used in the Net-SNMP code base. - DISPLAY-HINT fixes - Miscellanious improvements to the transports - Handle multiple oldEngineID configuration lines - fixes for DNS names longer than 63 characters agent: - Added a ignoremount configuration option for the HOST-MIB - disallow SETs with a NULL varbind - fix the --enable-minimalist build apps: - snmpset: allow SET with NULL varbind for testing - snmptrapd: improved MySQL logging code general: - configure: Remove -Wno-deprecated as it is no longer needed - miscellanious ther bug fixes, build fixes and cleanups @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.3 2022/10/18 12:01:52 adam Exp $ d4 1 d6 1 a6 1 --- configure.orig 2024-02-21 09:11:27.578146251 +0000 d17 9 @ 1.3 log @net-snmp py-netsnmp: updated to 5.9.3 *5.9.3*: security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously - CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. - To avoid these flaws, use strong SNMPv3 credentials and do not share them. If you must use SNMPv1 or SNMPv2c, use a complex community string and enhance the protection by restricting access to a given IP address range. - Thanks are due to Yu Zhang of VARAS@@IIE and Nanyu Zhong of VARAS@@IIE for reporting the following CVEs that have been fixed in this release, and to Arista Networks for providing fixes. misc: - Snmp-create-v3-user: Fix the snmpd.conf path @@datadir@@ is expanded in ${datarootdir} so datarootdir must be set before @@datadir@@ is used. general: Many bug fixes *5.9.2*: skipped due to a last minute library versioning found bug -- use 5.9.3 instead *5.9.1*: General: Many bug fixes *5.9* snmplib: - Add IPv6 support to DTLSUDP transport CHANGES: snmplib: use new netsnmp_sockaddr_storage in netsnmp_addr_pair CHANGES: snmplib: add base_transport ptr for tunneled transports snmpd: - Security vulnerabilty in the ping MIB reported by Christopher Ertl from Microsoft fixed - Changing to a different uid/gid can only be done once - The extend mib is now read-only by default snmptrap: - BUG: 2899: Patch from Drew Roedersheimer to set library engineboots/time values before sending unspecified: - Add pkg-config support for building applications and sub-agents Use the netsnmp package when building Net-SNMP applications. Use the netsnmp-agent package when building Net-SNMP subagents. @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.2 2022/08/05 10:55:01 adam Exp $ a3 1 - Fix configure to look for des_cbc_encrypt in -ldes d5 1 a5 1 --- configure.orig 2022-07-13 21:14:22.000000000 +0000 d7 2 a8 1 @@@@ -3350,10 +3350,10 @@@@ ac_config_headers="$ac_config_headers in d11 2 a12 4 cat >>confdefs.h <<_ACEOF -#define NETSNMP_CONFIGURE_OPTIONS "${NETSNMP_CONFIGURE_OPTIONS-$ac_configure_args}" +#define NETSNMP_CONFIGURE_OPTIONS "" _ACEOF d14 1 a14 2 -CONFIGURE_OPTIONS="\"$ac_configure_args\"" +CONFIGURE_OPTIONS="\"\"" a15 84 # @@@@ -23440,6 +23440,81 @@@@ fi ## ######################################### + +echo "$as_me:$LINENO: checking for des_cbc_encrypt in -ldes" >&5 +echo $ECHO_N "checking for des_cbc_encrypt in -ldes... $ECHO_C" >&6 +if test "${ac_cv_lib_des_des_cbc_encrypt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldes $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char des_cbc_encrypt (); +int +main () +{ +des_cbc_encrypt (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_des_des_cbc_encrypt=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_des_des_cbc_encrypt=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_des_des_cbc_encrypt" >&5 +echo "${ECHO_T}$ac_cv_lib_des_des_cbc_encrypt" >&6 +if test $ac_cv_lib_des_des_cbc_encrypt = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDES 1 +_ACEOF + + LIBS="-ldes $LIBS" + +fi + + ## # Compilation-related ## @ 1.2 log @net-snmp: do not store configure options; remove Perl module entries from PLIST @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.1 2020/06/12 02:22:08 sevan Exp $ a4 2 - Fix configure on FreeBSD 10 & newer - Fix portability bug in test d6 1 a6 1 --- configure.orig 2018-07-16 14:33:50.000000000 +0000 d8 1 a8 1 @@@@ -3312,10 +3312,10 @@@@ ac_config_headers="$ac_config_headers in d12 1 a12 1 -#define NETSNMP_CONFIGURE_OPTIONS "$ac_configure_args" d21 1 a21 37 @@@@ -13923,7 +13923,7 @@@@ fi hardcode_shlibpath_var=no ;; - freebsd1*) + freebsd1.*) ld_shlibs=no ;; @@@@ -14917,7 +14917,7 @@@@ dgux*) shlibpath_var=LD_LIBRARY_PATH ;; -freebsd1*) +freebsd1.*) dynamic_linker=no ;; @@@@ -14928,7 +14928,7 @@@@ freebsd* | dragonfly*) objformat=`/usr/bin/objformat` else case $host_os in - freebsd[123]*) objformat=aout ;; + freebsd[123].*) objformat=aout ;; *) objformat=elf ;; esac fi @@@@ -19637,7 +19637,7 @@@@ if test "x$PARTIALTARGETOS" = "xmingw32" fi # Linux systemd -if test "x$with_systemd" == "xyes"; then +if test "x$with_systemd" = "xyes"; then other_src_list="$other_src_list sd-daemon.c" other_objs_list="$other_objs_list sd-daemon.o" other_lobjs_list="$other_lobjs_list sd-daemon.lo" @@@@ -22715,6 +22715,81 @@@@ fi @ 1.1 log @Update to net-snmp 5.8 *5.8* snmplib: - TLS/DTLS fixes - fix usm keychanges for new algorithms and longer keylengths - IP address formatting fixes - BUG: 2592: from Stuart Kendrick - increase MAXTC to 16384 - add new sha2 auth protocols - Restore AES-192 and AES-256 privacy protocols - from draft-blumenthal-aes-usm-04 (precursor to RFC 3826) - Use OIDs from http://www.snmp.com/eso/esoConsortiumMIB.txt - Some code borrowed from PATCH 1346, thanks to Alexander Ivanov and Vladimir Sukhorukov. - BUG: 2622: Fix excessive indents in log file - new config tokens: - sendMessageMaxSize - disableSNMPv1 / disableSNMPv2c - new api for dynamic debug log level (netsnmp_set_debug_log_level) snmpd: - SNMP-TARGET-MIB: Fix snmpTargetAddrTAddress - Com2sec and com2sec6 SOURCE values may deny sources as well as permit. - allow trap sinks to set Target-MIB characteristics (name, tag, profile) - add source addr/port option to trapsink/trap2sink/informsink - packet filtering by source ip (enableSourceFiltering/filtersource) - several getbulk handling improvements - several new APIs introduced for run-time configuration of agent: - netsnmp_vacm_simple_usm_add/del - usm_create_usmUser_* - netsnmp_udp_com2SecEntry_create/netsnmp_udp_com2SecList_remove - netsnmp_agent_listen_on to open agent port Win32: - Add support for the DTLS-UDP and TLS-TCP transports scripts: - A new 'checkbandwidth' script to check host min/max bandwidth snmptranslate: - Introduce bulk translation mode The special argument "-" causes snmptranslate to enter bulk translation mode, in which it expects one OID per line. Whitespace is treated as the end of the OID, and only that portion of the line is replaced, meaning that this can be used to translate, e.g., "snmpwalk" output without the proper MIBs loaded: snmptranslate -m all -OX < numeric.txt > symbolic.txt building: - Add Travis and Appveyor CI support - IPv6 support is now compiled by default. If you need an IPv4-only agent, use --disable-ipv6. - Fixed/improved support for several non-Linux platforms - Many fixes found by Coverity anf Fortify scans @ text @d1 1 a1 1 $NetBSD$ d3 1 d8 16 a23 3 --- configure.orig 2018-07-16 15:33:50.000000000 +0100 +++ configure 2020-06-12 00:08:19.741995000 +0100 @@@@ -13923,7 +13923,7 @@@@ d32 1 a32 1 @@@@ -14917,7 +14917,7 @@@@ d41 1 a41 1 @@@@ -14928,7 +14928,7 @@@@ d50 1 a50 1 @@@@ -19637,7 +19637,7 @@@@ d59 1 a59 1 @@@@ -22715,6 +22715,81 @@@@ a140 11 @@@@ -32360,6 +32435,10 @@@@ case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + : Avoid regenerating within pkgsrc + exit 0 + : Avoid regenerating within pkgsrc + exit 0 ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; @