Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
*5.9.3*:
security:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.
- These CVEs can be exploited by a user with read-write credentials:
- CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously
- CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.
- CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.
- To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address range.
- Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.
misc:
- Snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.
general: Many bug fixes
*5.9.2*:
skipped due to a last minute library versioning found bug -- use 5.9.3 instead
*5.9.1*:
General: Many bug fixes
*5.9*
snmplib:
- Add IPv6 support to DTLSUDP transport CHANGES: snmplib: use new
netsnmp_sockaddr_storage in netsnmp_addr_pair CHANGES: snmplib: add
base_transport ptr for tunneled transports
snmpd:
- Security vulnerabilty in the ping MIB reported by Christopher Ertl
from Microsoft fixed
- Changing to a different uid/gid can only be done once
- The extend mib is now read-only by default
snmptrap:
- BUG: 2899: Patch from Drew Roedersheimer to set library
engineboots/time values before sending
unspecified:
- Add pkg-config support for building applications and sub-agents Use
the netsnmp package when building Net-SNMP applications. Use the
netsnmp-agent package when building Net-SNMP subagents.
|
|
|
|
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Do not install perllocal.pod to avoid file conflict.
|
|
|
|
- Pull in libpcap on platforms without system-wide one
- Adjust LDFLAGS for SunOS
|
|
|
|
*5.8*
snmplib:
- TLS/DTLS fixes
- fix usm keychanges for new algorithms and longer keylengths
- IP address formatting fixes
- BUG: 2592: from Stuart Kendrick - increase MAXTC to 16384
- add new sha2 auth protocols
- Restore AES-192 and AES-256 privacy protocols - from
draft-blumenthal-aes-usm-04 (precursor to RFC 3826)
- Use OIDs from http://www.snmp.com/eso/esoConsortiumMIB.txt
- Some code borrowed from PATCH 1346, thanks to
Alexander Ivanov and Vladimir Sukhorukov.
- BUG: 2622: Fix excessive indents in log file
- new config tokens:
- sendMessageMaxSize
- disableSNMPv1 / disableSNMPv2c
- new api for dynamic debug log level (netsnmp_set_debug_log_level)
snmpd:
- SNMP-TARGET-MIB: Fix snmpTargetAddrTAddress
- Com2sec and com2sec6 SOURCE values may deny sources as well as
permit.
- allow trap sinks to set Target-MIB characteristics (name, tag, profile)
- add source addr/port option to trapsink/trap2sink/informsink
- packet filtering by source ip (enableSourceFiltering/filtersource)
- several getbulk handling improvements
- several new APIs introduced for run-time configuration of agent:
- netsnmp_vacm_simple_usm_add/del
- usm_create_usmUser_*
- netsnmp_udp_com2SecEntry_create/netsnmp_udp_com2SecList_remove
- netsnmp_agent_listen_on to open agent port
Win32:
- Add support for the DTLS-UDP and TLS-TCP transports
scripts:
- A new 'checkbandwidth' script to check host min/max bandwidth
snmptranslate:
- Introduce bulk translation mode The special argument "-" causes
snmptranslate to enter bulk translation mode, in which it expects
one OID per line. Whitespace is treated as the end of the OID, and
only that portion of the line is replaced, meaning that this can be
used to translate, e.g., "snmpwalk" output without the proper MIBs
loaded: snmptranslate -m all -OX < numeric.txt > symbolic.txt
building:
- Add Travis and Appveyor CI support
- IPv6 support is now compiled by default. If you need an IPv4-only
agent, use --disable-ipv6.
- Fixed/improved support for several non-Linux platforms
- Many fixes found by Coverity anf Fortify scans
|
|
|
|
|
|
pkglint -Wall -F --only aligned --only indent -r
No manual corrections.
|
|
|
|
|
|
Make usage of LSDEAD conditional.
|
|
|
|
|
|
it seems that configure cannot detect IP_PKTINFO correctly
because of using SOL_IP. SOL_IP is not defined on *BSD.
And on netbsd, struct ip_pktinfo has no ipi_spec_dst.
From Ryo Shimizu.
PKGREVISION++
|
|
Bump PKGREVISION.
|
|
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
|
|
A compiler bug causes incorrect compilation of the NetBSD-specific
code in cpu_sysctl.c. This results in a crash shortly after startup if
the machine has 2 or more CPUs.
Disable optimisation in netsnmp_cpu_arch_load() only.
This works around the problem reported in PR pkg/50939.
|
|
|
|
|
|
Patch by Joern Clausen in PR pkg/49984, also committed upstream:
https://sourceforge.net/p/net-snmp/code/ci/e2ce8bb37819c9ae24d482ac4108772f7b2c9b8c/
|
|
|
|
|
|
|
|
original manifest.xml file and the output from "svccfg export".
|
|
https://svnweb.freebsd.org/ports/head/net-mgmt/net-snmp/files/patch-perl5.23?view=co
https://rt.perl.org/Public/Bug/Display.html?id=125907#txn-1363270
https://bugs.gentoo.org/show_bug.cgi?id=582368
Bump PKGREVISION.
|
|
|
|
|
|
|
|
Problems found with existing digests:
Package haproxy distfile haproxy-1.5.14.tar.gz
159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package bsddip: missing distfile bsddip-1.02.tar.Z
Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
Package djbdns: missing distfile djbdns-cachestats.patch
Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
Package gated: missing distfile gated-3-5-11.tar.gz
Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
Package poink: missing distfile poink-1.6.tar.gz
Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
Package waste: missing distfile waste-source.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
Bump PKGREVISION.
|
|
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|
|
http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
taking care of (among others) the vulnerability described in
http://www.openwall.com/lists/oss-security/2015/04/13/1
|
|
|
|
Many many bug fixes and minor improvements
snmpd, snmptrapd and apps:
- Patch 2525: from Ryan Steinmetz: Fix argument length parsing of the
host resources mib
- Make ENV_SEPARATOR_CHAR configurable
- SECURITY: a denial of service attack vector was discovered on
the linux implementation of the ICMP-MIB. This release fixes
this bug and all users are encouraged to update their SNMP
agent if they make use of the ICMP-MIB table objects.
perl:
- BUG: 2402: Add support for SNMPv3 traps
Windows:
- Port batch build infrastructure to Visual Studio 2010 and later
From Visual Studio 2010 on it is no longer possible to specify
include or library directories globally - these have to be
specified per project. Hence two additional menu entries in
build.bat that allow to specify these directories.
- Patch from Bart Van Assche to improve cygwin building
|
|
|
|
|