Up to [cvs.NetBSD.org] / pkgsrc / net / net-snmp
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
net-snmp: Support long fds_bits.
*net-snmp: update to 5.9.4 *5.9.4*: IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly in this release with various versions of OpenSSL and will be fixed in a future release. libsnmp: - Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not used in the Net-SNMP code base. - DISPLAY-HINT fixes - Miscellanious improvements to the transports - Handle multiple oldEngineID configuration lines - fixes for DNS names longer than 63 characters agent: - Added a ignoremount configuration option for the HOST-MIB - disallow SETs with a NULL varbind - fix the --enable-minimalist build apps: - snmpset: allow SET with NULL varbind for testing - snmptrapd: improved MySQL logging code general: - configure: Remove -Wno-deprecated as it is no longer needed - miscellanious ther bug fixes, build fixes and cleanups
handle merged inpcb code since 9.99.104: http://mail-index.netbsd.org/source-changes/2022/10/28/msg141800.html this is part 2 of fixes for net-snmp, and should work now (though i'm not sure how to test properly, but it builds on both pre-/post- merge.)
net-snmp: NetBSD >= 9.99.104 build fixes (part one) Address fallout from struct inpcb changes in NetBSD 9.99.104, as impacts ipv6.c, specifically. Note this is compile-tested only (on 9.99.108 and 9.3_STABLE), I don't use this package (nor any of its dependants) and haven't tested the functionality. (At least tcpTable.c and udpTable.c also need adjustments. I don't have the time or patience to deal with them at the moment, I'm so checking in what I've adjusted so far.) (The upstream code in ipv6.c uses two inconsistent approaches to handle differences in NetBSD versions. I opted for the more explicit code blocks everywhere, to avoid confusion. I didn't bother using the new macros added in 9.99.104 to fetch specific struct members, as they don't cover much of what's needed here anyway, and would arguably just make things look even more ugly.)
net-snmp py-netsnmp: updated to 5.9.3 *5.9.3*: security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously - CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. - To avoid these flaws, use strong SNMPv3 credentials and do not share them. If you must use SNMPv1 or SNMPv2c, use a complex community string and enhance the protection by restricting access to a given IP address range. - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for reporting the following CVEs that have been fixed in this release, and to Arista Networks for providing fixes. misc: - Snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is expanded in ${datarootdir} so datarootdir must be set before @datadir@ is used. general: Many bug fixes *5.9.2*: skipped due to a last minute library versioning found bug -- use 5.9.3 instead *5.9.1*: General: Many bug fixes *5.9* snmplib: - Add IPv6 support to DTLSUDP transport CHANGES: snmplib: use new netsnmp_sockaddr_storage in netsnmp_addr_pair CHANGES: snmplib: add base_transport ptr for tunneled transports snmpd: - Security vulnerabilty in the ping MIB reported by Christopher Ertl from Microsoft fixed - Changing to a different uid/gid can only be done once - The extend mib is now read-only by default snmptrap: - BUG: 2899: Patch from Drew Roedersheimer to set library engineboots/time values before sending unspecified: - Add pkg-config support for building applications and sub-agents Use the netsnmp package when building Net-SNMP applications. Use the netsnmp-agent package when building Net-SNMP subagents.
net-snmp: do not store configure options; remove Perl module entries from PLIST
net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch
net: Remove SHA1 hashes for distfiles
Update to net-snmp 5.8 *5.8* snmplib: - TLS/DTLS fixes - fix usm keychanges for new algorithms and longer keylengths - IP address formatting fixes - BUG: 2592: from Stuart Kendrick - increase MAXTC to 16384 - add new sha2 auth protocols - Restore AES-192 and AES-256 privacy protocols - from draft-blumenthal-aes-usm-04 (precursor to RFC 3826) - Use OIDs from http://www.snmp.com/eso/esoConsortiumMIB.txt - Some code borrowed from PATCH 1346, thanks to Alexander Ivanov and Vladimir Sukhorukov. - BUG: 2622: Fix excessive indents in log file - new config tokens: - sendMessageMaxSize - disableSNMPv1 / disableSNMPv2c - new api for dynamic debug log level (netsnmp_set_debug_log_level) snmpd: - SNMP-TARGET-MIB: Fix snmpTargetAddrTAddress - Com2sec and com2sec6 SOURCE values may deny sources as well as permit. - allow trap sinks to set Target-MIB characteristics (name, tag, profile) - add source addr/port option to trapsink/trap2sink/informsink - packet filtering by source ip (enableSourceFiltering/filtersource) - several getbulk handling improvements - several new APIs introduced for run-time configuration of agent: - netsnmp_vacm_simple_usm_add/del - usm_create_usmUser_* - netsnmp_udp_com2SecEntry_create/netsnmp_udp_com2SecList_remove - netsnmp_agent_listen_on to open agent port Win32: - Add support for the DTLS-UDP and TLS-TCP transports scripts: - A new 'checkbandwidth' script to check host min/max bandwidth snmptranslate: - Introduce bulk translation mode The special argument "-" causes snmptranslate to enter bulk translation mode, in which it expects one OID per line. Whitespace is treated as the end of the OID, and only that portion of the line is replaced, meaning that this can be used to translate, e.g., "snmpwalk" output without the proper MIBs loaded: snmptranslate -m all -OX < numeric.txt > symbolic.txt building: - Add Travis and Appveyor CI support - IPv6 support is now compiled by default. If you need an IPv4-only agent, use --disable-ipv6. - Fixed/improved support for several non-Linux platforms - Many fixes found by Coverity anf Fortify scans
net-snmp: Fix compilation on Solaris 11 and SmartOS.
Pullup ticket #5983 - requested by kamil net/net-snmp: build fix for PR pkg/54333 Revisions pulled up: - net/net-snmp/distinfo 1.94 - net/net-snmp/patches/patch-agent_mibgroup_host_data__access_swrun__kinfo.c 1.4 --- Module Name: pkgsrc Committed By: kamil Date: Sun Jun 30 21:43:25 UTC 2019 Modified Files: pkgsrc/net/net-snmp: distinfo pkgsrc/net/net-snmp/patches: patch-agent_mibgroup_host_data__access_swrun__kinfo.c Log Message: net-snmp: Fix build on NetBSD 8.99.49 Make usage of LSDEAD conditional.
net-snmp: Fix build on NetBSD 8.99.49 Make usage of LSDEAD conditional.
net-snmp: PR kern/52945: snmpd does not work under current 8.0_BETA it seems that configure cannot detect IP_PKTINFO correctly because of using SOL_IP. SOL_IP is not defined on *BSD. And on netbsd, struct ip_pktinfo has no ipi_spec_dst. From Ryo Shimizu. PKGREVISION++
net-snmp: fix build with openssl-1.1. Bump PKGREVISION.
net-snmp: Prevent crash on NetBSD/i386 A compiler bug causes incorrect compilation of the NetBSD-specific code in cpu_sysctl.c. This results in a crash shortly after startup if the machine has 2 or more CPUs. Disable optimisation in netsnmp_cpu_arch_load() only. This works around the problem reported in PR pkg/50939.
Fix compilation on Solaris 11.2. Patch by Joern Clausen in PR pkg/49984, also committed upstream: https://sourceforge.net/p/net-snmp/code/ci/e2ce8bb37819c9ae24d482ac4108772f7b2c9b8c/
Adopt FreeBSD's patches to make this build with perl 5.24, ref. https://svnweb.freebsd.org/ports/head/net-mgmt/net-snmp/files/patch-perl5.23?view=co https://rt.perl.org/Public/Bug/Display.html?id=125907#txn-1363270 https://bugs.gentoo.org/show_bug.cgi?id=582368 Bump PKGREVISION.
Fix for systems with RTF_LLDATA in place of RTF_LLINFO.
Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Support Crossbow VNICs. Patch by Ben Rockwood, previously of Joyent. Bump PKGREVISION.
patch from http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/ taking care of (among others) the vulnerability described in http://www.openwall.com/lists/oss-security/2015/04/13/1
Changes 5.7.3: Many many bug fixes and minor improvements snmpd, snmptrapd and apps: - Patch 2525: from Ryan Steinmetz: Fix argument length parsing of the host resources mib - Make ENV_SEPARATOR_CHAR configurable - SECURITY: a denial of service attack vector was discovered on the linux implementation of the ICMP-MIB. This release fixes this bug and all users are encouraged to update their SNMP agent if they make use of the ICMP-MIB table objects. perl: - BUG: 2402: Add support for SNMPv3 traps Windows: - Port batch build infrastructure to Visual Studio 2010 and later From Visual Studio 2010 on it is no longer possible to specify include or library directories globally - these have to be specified per project. Hence two additional menu entries in build.bat that allow to specify these directories. - Patch from Bart Van Assche to improve cygwin building
Fixed building on OS X 10.10; fixed CVE-2014-3565
Fix building on OS X 10.9 Mavericks
Pullup ticket #4371 - requested by taca net/net-snmp: security update Revisions pulled up: - net/net-snmp/Makefile 1.103 - net/net-snmp/distinfo 1.81 --- Module Name: pkgsrc Committed By: he Date: Tue Apr 8 14:10:25 UTC 2014 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo Log Message: Upgrade net-snmp to version 5.7.2.1. Upstream changes: * 5.{5,6,7}.2.1 * snmpd: - SECURITY: a denial of service attack vector was discovered on the linux implementation of the ICMP-MIB. This release fixes this bug and all users are encouraged to update their SNMP agent if they make use of the ICMP-MIB table objects. Fixes CVE-2014-2284.
Upgrade net-snmp to version 5.7.2.1. Upstream changes: * 5.{5,6,7}.2.1 * snmpd: - SECURITY: a denial of service attack vector was discovered on the linux implementation of the ICMP-MIB. This release fixes this bug and all users are encouraged to update their SNMP agent if they make use of the ICMP-MIB table objects. Fixes CVE-2014-2284.
patch (in 4 parts) for CVE-2012-6151 from http://sourceforge.net/p/net-snmp/patches/_discuss/thread/36675011/e98b/attachment/alt-cancel-next-walk-v2.patch
Fix build on -current, functionality is untested.
Link agent.so correctly against libperl.so.
Always return a value from a non-void function (hi christos!).
welcome to pl2. - support for multi-cpu state reporting - fix bug with storage calculation (use frsize instead bsize)
Correct filename in new patch file to fix the build.
update for multi-cpu load.
bump patchlevel
Include uvm/uvm_extern.h if it exists. Required for NetBSD/current.
Fix nit in patch; ride previous bump
Update to 5.7.2. This is a major update in terms of pkgsrc patches, of which there are far far too many. Analysis of patches was done by Karen Sirois of BBN, and I have remvoed patches that have been applied upstream. This builds fine and passes tests on NetBSD 6 i386. If you look after some other platform (Dragonfly, Darwin, FreeBSD, etc.), please make sure any problems are filed as upstream tickets; pkgsrc is not appropriate to carry patches long-term that should be fixed upstream, and this package has gotten out of hand. (OK by adam@ to do the update, but he has not reviewed the changes, so errors are my fault. It's quite likely there are issues on other platforms.) Upstream NEWS: *5.7.2* snmp: - BUG: 3526549: CVE-2012-2141 Array index error leading to crash snmpd: - BUG: 3532090: Fix high ifIndex values crashing hrDeviceDescr building: - PATCH: 2091156: correctly declare dependencies in Makefile. 'make -j <N>' should work now. Backport this to V5-4 as it is needed for correct operation in the single threaded case of make miblib as well. Many other miscellaneous minor bug fixes *5.7.1* libnetsnmp: - Fixed the mib-parsing-bug introduced shortly before 5.7 agent: - fixed rounding errors for disk percentage calculations openbsd: - better support for recent openbsd releases features: - bug fixes with minimalist support after additional user feedback Many other miscellaneous minor bug fixes *5.7* snmpd: - Delivery of data via regularily scheduled notifications. (see "Data Delivery via Notfications" in snmpd.conf) - Many time-based config options can take (m)ins, (h)ours, ... arguments (see the snmpd.conf manual page) - The PING and TRACEROUTE MIBs now compile and work-ish on linux http://www.net-snmp.org/wiki/index.php/DISMAN - Mib handlers can now implement a data_clone function for cloning the myvoid structure variable to avoid dangling pointers - Fixed persistent storage of VACM MIB configuration - Multi-homed agents send UDP responses from the proper IP address - The hrStorageTable implementation now supports large filesystems better - optimizations for large route tables - Added a deliveryByNotify config token for regular data delivery (see the snmpd.conf manual page and the NET-SNMP-PERIODIC-NOTIFY-MIB) - [PATCH 3141462]: fix agentx subagent issues with multiple-object requests - [PATCH 3057093]: linux uses libpci for creating useful ifDescr strings - [PATCH 3131397]: huge speedups of the TCP/UDP Tables libnetsnmp: - Removed the older CMU compatibility support - The SSH transport is now configurable TLS/DTLS support: - The SNMP over DTLS transport now properly supports IPv6 - Introduced new configuration tokens: localCert/peerCert (deprecating serverCert, clientCert, defX509ServerPub, defX509ClientPub) - Various fixes for the TLS/DTLS transports apps: - Added a per-variable timed output support to snmpwalk using -CT - snmpinform now correctly uses the local engineID for informs - A number of mib2c bug fixes - New snmp.conf tokens for timeouts and retries building: - New flags to reduce the amount of compiled code to bare minimums. This is provided by a new generic feature marking/selection mechanism. http://www.net-snmp.org/wiki/index.php/Feature_Marking_and_Selection - It's now possible to build without SNMPv3/USM (e.g., if you only want TLS/DTLS with SNMPv3/TSM) - It's possible to build the suite with no SET support configure using --enable-read-only - It's possible to build the agent as a notify-only agent configure using --enable-notify-only - Added a script to test memory usage with various config options (see the local/minimalist/sizetests script) - Net-SNMP can now be built to perform local DNSSEC validation (install DNSSEC-Tools' libval and use --with-local-dnssec-validation) testing: - a number of new API unit-tests have been added to the suite (to run the tests: cd testing && ./RUNFULLTESTS -g unit-tests) - The unit tests can be more easily run under valgrind (See http://bit.ly/jsgRnv for details) openbsd: - Support for updating the routing table via SNMP win32: - The testing suite works better under win32 environments - Many building fixes for the win32 environment(s) solaris: - Net-SNMP now supports the SCTP-MIB DragonFlyBSD, FreeBSD8: - Net-SNMP should now work on DragonFlyBSD and FreeBSD8 And of course: - Many other bug fixes. See the CHANGES and ChangeLog for details.
Make this compile on historical NetBSD.
Forgot to regenerate distinfo. Sorry!
Requires _KMEMUSER and uvm/uvm_extern.h on NetBSD/current.
net/net-snmp: Fix IPv6 option on DragonFly Another victim of _KERNEL STRUCTURES...
add a patch by Jan Safranek <jsafranek@users.sourceforge.net> for CVE-2012-2141 from https://bugzilla.redhat.com/attachment.cgi?id=580443 : Check out-of-index conditions in ExtendOutput2Table.
Pullup ticket #3565 - requested by obache net/net-snmp build fix Revisions pulled up: - net/net-snmp/distinfo 1.63 - net/net-snmp/patches/patch-ao 1.3 --- Module Name: pkgsrc Committed By: obache Date: Sun Oct 16 09:30:40 UTC 2011 Modified Files: pkgsrc/net/net-snmp: distinfo pkgsrc/net/net-snmp/patches: patch-ao Log Message: Fixes build on DragonFly BSD (missing IFM_TOKEN). Based on PR pkg/45474 by Samuel J. Greear.
PR/44479 -- disable use of nlist() if we're using sysctl() to get IP stats.
Fixes build on DragonFly BSD (missing IFM_TOKEN). Based on PR pkg/45474 by Samuel J. Greear.
patch-aq has been evil; exorcism performed
Fix building on NetBSD-i386
Changes 5.6.1.1: * OID Typedef Bug Fix: The oid typedef was changed in 5.6.1 to an u_int32 from a u_long. This broke binary compatibility and likely 3rd-party code. 5.6.1.1 reverts this change and fixes an underlying OID printing problem in two agent modules that caused someone to change the typedef in the first place. Changes 5.6.1: * General: - The DTLS and TLS transports and the TSM security model are no longer "beta" (they've undergone rigorous interoperability testing). - Many Bug Fixes (see the CHANGES and ChangeLog files for full details) * snmpd: - 0 Patch 3141462: from fenner: fix agentx subagent issues with multiple-object requests - Patch from Niels to fix VACM persistant storage. Changes 5.6: * all: - Implemented the SNMP over TLS and SNMP over DTLS protocols [RFC-to-be] - Implemented the "Transport Security Model" [RFC5591] - Generic host-specific configuration .conf files are now read. - Include statements can now be used in .conf files. * snmpd: - Fix handling of multiple matching VACM entries. (Use the "best" match, rather than the first one). Reported by Adam Lewis. Note that this could potentially affect the behaviour of existing access control configurations. - Agent will no longer call table handlers if a set request for the handler has invalid indexes - table_data/tdata next handler will not be called during get processing if no valid rows are found for the handler - [PATCH 2952708]: Added Perl implementation of BRIDGE-MIB - moved all functions defined in libnetsnmphelpers to libnetsnmpagent. libnetsnmphelpers is now an empty library. - Implemented the TSM-MIB and the TLSTM-MIB - new API for indicating that persistent store needs to be saved after the current request finishes processing - [PATCH 2931446]: make the load averages writable. * apps: - A new tool 'net-snmp-cert' that easily creates and manages X.509 certificates for use with the SNMP over (D)TLS protocols. - Added an 'agentxtrap' command to send notifications via AgentX - -T command line flag can be used to pass configuration directly to transports that can accept configuration tokens - A new 'snmptls' command for manipulating the agent's TLS configuration * snmplib: - A more modular transport subsystem that allows third party extensions and dependencies for code reuse. - New transport functions: f_config, f_open, f_copy and f_setup_session - Transports can now specify session defaults - [PATCH 2942940]: Add a new function, netsnmp_parse_args, that is like snmp_parse_args but takes an additional bitmask, flags, to affect the behaviour. Also remove the magic handling of some application names. - A new X.509 certificate API for indexing and reading certificates - new experimental row creation API which uses a state machine to try really hard to create a row from a given varbind list - netsnmp_container enhancements: - added a free_item function - added a CONTAINER_FREE_ALL macro/function - added an interface for duplicating a container (CONTAINER_DUP) - added a remove function to container_iterators - added an ability to set options on binary_array containers - new snmp token logOption allows specifying log destinations via configuration conf files - A very significant reduction in compiler warning output - new experimental simple state machine handling API
Pull memory statistics properly, and fix an overflow in the CPU statistics. ("netbsdelf3", indeed ... )
Fix divide-by-zero error in CPU performance statistics. Inspired by Red Hat Bugzilla Bug #501210.
Pullup ticket #3284 - requested by taca net/net-snmp: build fix Revisions pulled up: - net/net-snmp/distinfo 1.57 - net/net-snmp/patches/patch-et 1.5 - net/net-snmp/patches/patch-eu 1.2 - net/net-snmp/patches/patch-ev 1.2 - net/net-snmp/patches/patch-ew 1.2 - net/net-snmp/patches/patch-ex 1.2 - net/net-snmp/patches/patch-ey 1.3 - net/net-snmp/patches/patch-ez 1.2 - net/net-snmp/patches/patch-fa 1.2 --- Module Name: pkgsrc Committed By: taca Date: Wed Nov 17 00:59:07 UTC 2010 Modified Files: pkgsrc/net/net-snmp: distinfo pkgsrc/net/net-snmp/patches: patch-et patch-eu patch-ev patch-ew patch-ex patch-ey patch-ez patch-fa Log Message: Fix build problem on NetBSD 4. Previous patch for NetBSD wasn't really for netbsd4 but 4.99.58 and later. So, I changed "#ifdef netbsd4" to "#ifdef NETBSD_STATS_VIA_SYSCTL" and clean up patches. Should be fix PR pkg/43288. It is fix of build problem only, so no PKG_REVISION bump.
Fix build problem on NetBSD 4. Previous patch for NetBSD wasn't really for netbsd4 but 4.99.58 and later. So, I changed "#ifdef netbsd4" to "#ifdef NETBSD_STATS_VIA_SYSCTL" and clean up patches. Should be fix PR pkg/43288. It is fix of build problem only, so no PKG_REVISION bump.
Changes 5.4.3: snmpd: - Change default AgentX target from 0.0.0.0:705 to localhost:705 - Fix CVE-2008-4309 (GETBULK issue reported by Oscar Mira-Sanchez) - Fix handling of multiple matching VACM entries (Use the "best" match, rather than the first one). Note that this could potentially affect the behaviour of existing access control configurations. - Latch large-disk statistics at 2Tb (rather than wrapping) Linux: - Fix build on modern distributions (using rpm-4.6) Windows: - Fix various builds (recent MSVC, MinGW, IPv6, winExtDLL)
Added patches, courtesy of Mike Bowie: * Address changes in sysctl() storage, which has yielded values such as IP-MIB::ipForwarding.0 invalid. * RAM reporting on 64-bit systems.
regen distinfo after editing comments in a patch file
Some systems define ifnet.if_lastchange as struct timespec (with a tv_nsec field measured in nanoseconds), while other systems define it as struct timeval (with a tv_usec field measured in microseconds). Add a configure test and conditional code in agent/mibgroup/mibII/interfaces.c.orig. This should fix PR 40990. Bump PKGREVISION to 2.
pullup ticket #2700 - requested by tron net-snmp: security fix revisions pulled up: pkgsrc/net/net-snmp/Makefile 1.76 pkgsrc/net/net-snmp/distinfo 1.52 pkgsrc/net/net-snmp/patches/patch-ad 1.7 Module Name: pkgsrc Committed By: tron Date: Sun Feb 15 11:31:51 UTC 2009 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo Added Files: pkgsrc/net/net-snmp/patches: patch-ad Log Message: Add a patch from the "net-snmp" repository to close the vulnerability reported in SA33884/CVE-2008-6123.
Add a patch from the "net-snmp" repository to close the vulnerability reported in SA33884/CVE-2008-6123.
Changes 5.4.2.1: snmpd: - SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal access crash the agent.
Fix build on DragonFly. From PR 39566.
Changes 5.4.2: snmplib: - [PATCH 1921861]: Avoid endless loop after truncating 64bit int - Better handling of CONTAINER_INSERT failures with multiple indices snmpd: - [PATCH 2023633]: add SCTP-MIB implementation (Linux only) - suppress annoying "registration != duplicate" warning for root oids build: - [BUG 2023803]: Compilation problems on HP-UX 11.31 - Update to libtool 1.5.26 AIX: - Add support for AIX 6.x.
Changes 5.4.1.2: * An increment only in the version number that was failing to be reported properly by the tools. Changes 5.4.1.1: * SECURITY BUG: A portion of SNMPv3 code had significantly weakened authentication cryptography and unauthenticated access to a system is a possibility. * It is critical that all users update their installations bases IMMEDIATELY. * If you were only using SNMPv1 or SNMPv2c you were already insecure beyond a level that this vulnerability affects.
bump version for new tcp stats
Pullup ticket 2424 - requested by tron security patch + build fixes for net-snmp - pkgsrc/net/net-snmp/Makefile 1.69-1.70 - pkgsrc/net/net-snmp/distinfo 1.44-1.46 - pkgsrc/net/net-snmp/files/cpu_dragonfly.c 1.3 - pkgsrc/net/net-snmp/patches/patch-ai 1.4-1.5 - pkgsrc/net/net-snmp/patches/patch-aj 1.5 - pkgsrc/net/net-snmp/patches/patch-ak 1.4 - pkgsrc/net/net-snmp/patches/patch-am 1.7 - pkgsrc/net/net-snmp/patches/patch-de 1.5 - pkgsrc/net/net-snmp/patches/patch-dk removed - pkgsrc/net/net-snmp/patches/patch-ep 1.3 Module Name: pkgsrc Committed By: christos Date: Thu Jun 5 19:09:41 UTC 2008 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo pkgsrc/net/net-snmp/files: cpu_dragonfly.c pkgsrc/net/net-snmp/patches: patch-am patch-de Added Files: pkgsrc/net/net-snmp/patches: patch-ai patch-aj patch-ak Log Message: PR/36978: Hasso Tepper: Make net-snmp work on dragonfly. While I am here make it run again on NetBSD (hi clown boy) --- Module Name: pkgsrc Committed By: tron Date: Fri Jun 6 16:18:04 UTC 2008 Modified Files: pkgsrc/net/net-snmp: distinfo pkgsrc/net/net-snmp/patches: patch-ai Removed Files: pkgsrc/net/net-snmp/patches: patch-dk Log Message: Combine the to patches for "agent/mibgroup/mibII/ip.c" to make this actually build. --- Module Name: pkgsrc Committed By: tron Date: Thu Jun 12 13:32:24 UTC 2008 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo pkgsrc/net/net-snmp/patches: patch-ep Log Message: Add patch for CVE-2008-0960 from the Net-SNMP project page on Sourceforge.
Add patch for CVE-2008-0960 from the Net-SNMP project page on Sourceforge.
Combine the to patches for "agent/mibgroup/mibII/ip.c" to make this actually build.
PR/36978: Hasso Tepper: Make net-snmp work on dragonfly. While I am here make it run again on NetBSD (hi clown boy)
Pullup ticket 2387 - requested by tron security update for net-snmp Revisions pulled up: - pkgsrc/net/net-snmp/Makefile 1.68 - pkgsrc/net/net-snmp/distinfo 1.43 - pkgsrc/net/net-snmp/patches/patch-ad 1.5 Module Name: pkgsrc Committed By: tron Date: Sun May 18 11:59:54 UTC 2008 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo Added Files: pkgsrc/net/net-snmp/patches: patch-ad Log Message: Add patch from the Net-SNMP SVN repository to fix a buffer overflow in the Perl SNMP module reported in SA30187. To generate a diff of this commit: cvs rdiff -r1.67 -r1.68 pkgsrc/net/net-snmp/Makefile cvs rdiff -r1.42 -r1.43 pkgsrc/net/net-snmp/distinfo cvs rdiff -r0 -r1.5 pkgsrc/net/net-snmp/patches/patch-ad Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Add patch from the Net-SNMP SVN repository to fix a buffer overflow in the Perl SNMP module reported in SA30187.
Fix floating point exception on NetBSD/sparc64 by applying the same fix (and error checking) on agent/mibgroup/hardware/memory/memory_netbsd.c:netsnmp_mem_arch_load() via new patch file patch-ah as the one applied on agent/mibgroup/ucd-snmp/memory_netbsd1.c:var_extensible_mem() by patch file patch-es. Sorry I missed this in november 2006... Bump PKGREVISION to 1.
Remove dragonfly.h, it is included upstream now. Restore patch-dt (MIB_SYSTEM_LIBS), still needed for DragonFly.
Chagesn 5.4.1: snmplib: - [BUG 1619827]: link libraries against needed external libraries - [PATCH 1616912]: fix memory leak in UDP transport code - [PATCH 1592706]: fix memory leak when cloning varbinds - Change snmp_sess_add_ex to consistently close and delete the transport argument on failure, earlier the liveness of the transport argument was undecided. snmpd: - [BUG 1558823]: fix ipAddressTable memory leak - [BUG 1596638]: fix memory leak in ipCidrRouteTable, inetCidrRouteTable - [BUG 1611524]: fix tcp connection table file descriptor leak - handle row deletion issues in dataset tables - [BUG 1712988]: default and configurable maximum number of varbinds returnable to a GETBULK request. - [PATCH 1666737]: include ipv6 counts in udpInDatagrams, udpNoPorts, udpInErrors, udpOutDatagrams - [PATCH 1700157]: fixes ordering of exec tokens in the resulting mib tree - [PATCH 1719253]: fix skipNFSInHostResources so it does not break on the second walk of the table. perl: - link Perl modules against the exact set of libraries needed - [BUG 1619827]: properly link against libperl when configured with --enable-as-needed - [PATCH 1725049]: fix bulkwalk in cases of non-repeater python: - [PATCH 1716114]: Let python build in the Net-SNMP source tree MacOSX: - [PATCH 1600522]: CPU Hardware Abstraction Layer (HAL) implementation for mach/darwin - IF-MIB rewrite now enabled by default Win32: - fix AES support - [PATCH 1706344]: fix compilation with cygwin IRIX: - [PATCH 1709748]: Optimized IRIX cpu stats AIX: - Fix default shared library building instead of forcing static use FreeBSD: - [BUG 1633483]: Support CPU HAL on FreeBSD4.x
Fix build on NetBSD-current which dropped MFSNAMELEN: pretend this CPP macro is still there. Bump PKGREVISION to 2.
Fix build on recent NetBSD current: net/route.h needs to be included before netinet6/in6_pcb.h.h and net/if.h needs to be included before netinet6/in6_var.h. While here add a patch file on the source of the configure script which IMHO should have been added earlier. Bump PKGREVISION to 1. Note: I supposed the libdes related hunk in patches/patch-af had been generated by an older than 2.59 autoconf script and carried over from one net-snmp version update to the next. This would explain the slight differences about this hunk between the revision I'm committing and the previous one.
Fix DragonFly build changes. I have no clue to add an optional file into the build system, so override cpu_nlist on DragonFly.
Changes 5.4: - The default configuration now enables embedded Perl and the Perl modules by default when possible unless explicitly disabled. You may use the --disable-embedded-perl and --without-perl-modules configure options, respectively, to revert to the former default configuration.
Apply patch from net-snmp CVS repository to fix Perl module SNMP's bulkwalk function. - patch from http://net-snmp.cvs.sourceforge.net/net-snmp/net-snmp/perl/SNMP/SNMP.xs?r1=5.50.2.6&r2=5.50.2.7&view=patch&pathrev=V5-3-patches - revision log http://net-snmp.cvs.sourceforge.net/net-snmp/net-snmp/perl/SNMP/SNMP.xs?view=log&pathrev=V5-3-patches#rev5.50.2.7 - bug reference http://sourceforge.net/tracker/?func=detail&atid=112694&aid=1533078&group_id=12694 Bump PKGREVISION to 2
Removed an RCS Id.
Fixed "test ==".
Fix a NetBSD/sparc64 bug: give sysctl() a pointer on a size_t not on an int! While here check for sysctl() return value. Now snmpd on NetBSD/sparc64 should report more meaningful values for OIDs like UCD-SNMP-MIB::memAvailReal.0. Bump PKGREVISION.
Split LP64 related patch file (patch-ea) from christos@ so that there is one patched file per patch file.
Don't use bmake feature in Makefile, use MAKE_ENV instead.
Fix a crapload of 64 bit inconsistencies (int <-> ptr, int * <-> size_t *) This now has a chance to work on sparc64.
Revive patch-dt for the sake of DragonFly.
DiskIO fix, courtesy of Jan Andres
Fix building on Darwin (and some other platforms?)
Changes 5.3.1: snmpd: - fix trap processing from SMUX peers - fix disman/event monitoring crashes - fix bug 1399369: ifNumber broken - fix re-init of daemons after SIGHUP snmptrapd: - fix bug 1420758/1458815: snmptrapd aborts/loops in select() - fix re-init of daemons after SIGHUP snmplib: - fix OID lookups for fully qualified object names (eg .iso.org) snmpusm: - performance improvement when changing localized keys perl: - The perl modules now check to make sure they're building against the proper Net-SNMP version. misc: - Coverity fixes
regen
- don't use getfsstat, use getvfsstat. - add code to do disk i/o statistics for NetBSD and enable it.
Add DragonFly support. Bump revision due to PLIST changes.
Removed the unconditional dependency to bash. Also removed the bashisms from the mib2c-update program. Bumped PKGREVISION.
Remove a duplicate case value on Darwin 8.x.
Changes 5.3.0.1: *** Security Fix *** Changes 5.3: *** Important Notes *** Several very significant changes have been made in Net-SNMP for this release that warrant special attention. - shared library version number no longer matches the release number. We now follow the versioning scheme recommended by libtool. For the 5.3 release this means that the libraries now have a SONAME ending with ".so.10", e.g. libnetsnmp.so.10. - snmpd has not been truncating log files at startup, as documented in the man pages, for a while now. This default behaviour has been restored. Please use the '-A' flag if you want to continue appending to your log files at startup. - snmptrapd will no longer accept all traps by default. It must be configured with authorized SNMPv1/v2c community strings and/or SNMPv3 users. Non-authorized traps/informs will be dropped. - Due to a copyright statement that didn't allow modifications, snmpnetstat has been completely rewritten. The new version now accepts the same command-line options as the other tools, which has introduced a number of incompatible changes. However, it does now finally support SNMPv3.
fix a couple of broken #ifdefs, making this build on Solaris.
make net-snmp build on darwin 8.2.0. these patches shouldn't break netbsd.
Pullup ticket 604 - requested by Adrian Portelli security update for net-snmp Revisions pulled up: - pkgsrc/net/net-snmp/Makefile 1.31 - pkgsrc/net/net-snmp/distinfo 1.16 - pkgsrc/net/net-snmp/buildlink3.mk 1.6 Module Name: pkgsrc Committed By: adam Date: Fri Jul 8 07:49:27 UTC 2005 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo Log Message: Changes 5.2.1.2: * Security fix: denial of serivce when stream sockets are used ---- Module Name: pkgsrc Committed By: adrianp Date: Thu Jul 14 20:49:49 UTC 2005 Modified Files: pkgsrc/net/net-snmp: buildlink3.mk Log Message: Bump BUILDLINK_RECOMMENDED to 5.2.1.2 for recent security issue.
Changes 5.2.1.2: * Security fix: denial of serivce when stream sockets are used
Pullup ticket 513 - requested by Matthias Scheler security fix for net-snmp Revisions pulled up: - pkgsrc/net/net-snmp/Makefile patched by hand - pkgsrc/net/net-snmp/buildlink3.mk patched by hand - pkgsrc/net/net-snmp/distinfo patched by hand - pkgsrc/net/net-snmp/patches/patch-ab 1.5 Module Name: pkgsrc Committed By: tron Date: Wed May 25 13:49:10 UTC 2005 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo Added Files: pkgsrc/net/net-snmp/patches: patch-ab Log Message: Replace "fixproc" script with version from "net-snmp" CVS respository. This fixes the security problem documented in SA15471. Bump package revision because of this change.
Replace "fixproc" script with version from "net-snmp" CVS respository. This fixes the security problem documented in SA15471. Bump package revision because of this change.
Changes 5.2.1: Fixes: Building: - configure --disable-snmpv2c now works - fix make test tests for rfc1213 - bug 1049607: net-snmp-config --compile-subagent broken library: - bug 1084413: Can't disable file logging - bug 1072406: invalid operator precedence in opendir() agent library: - disconnected AgentX subagents now reconnect with correct context - fix table_array row insert/delete during set processing agent: - don't override clientAddr setting for local trapsinks - bug 1088765: Agent fails to send traps to remote target - bug 1034008: memory leak using SET for table_dataset - patch 1052460: fix agent deadlock on exec - bug 1055781: get-next fails to step into interfaces group correctly - bug 1056760: agent ignores ifspeed, type settings in snmpd.conf - bug 1062986: pass and pass_persist fail and crash snmpd - fix snmpd.conf table token to handle augments tables snmptrapd: - bug 1085981: snmptrapd complains about logging and access control - bug 1040711: snmptrapd: SIGHUP duplicates traphandlers (repeatedly) MFD: - Misc updates to MFD templates - add auto-handling of cache update for row insert/delete Ports: - Win32 - fixes for compiling without the Microsoft PSDK installed - fix Win32 getenv crash - Mac OS X compile error fix - HP-UX configure now detects and won't use unavailable function - Linux - patch 1055036: if-mib init order fix - patch 1057057: ipSystemStatsTable index fix, add ipv6 - patch 1073897: fix if-mib data access 64bit counter wrap detection MIBs: - update IP-FORWARD-MIB from an ID set to become an RFC
Add RMD160 digests.
Changes 5.1.2: * Minor improvements to snmpdelta * Minor improvements to snmpnetstat (IPv6 output) * Fixes
In snmp_vars.h, use in_addr_t rather than uint32_t for ipaddr_return; the former is provided by system or private header files, and the latter may not be.
Changes 5.1.1: New: - test suite supports testing over other transports (tcp, udp6, unix, ...) (see the -P switch to the testing/RUNTESTS script) - Solaris supports the use of it's PKCS#11 library for supporting cryptographic functions (OpenSSL isn't required if PKCS#11 is available) (see configure's --with-pkcs flag) Fixes: - Improvements on 64 bit architectures. - A few minor memory leaks fixed. - An extremely large number of minor bug fixes. - Many perl module specific bug fixes. - snmpd will safely handle more signals. Ports: - Many many significant Windows improvements. - A win32 build script in win32/build.pl - Support for the MinGW compiler - (see the README.win32 file for details on new ports) - Various helpful win32/*.bat files for installation, etc. - Some linux 2.6 support improvements
Make this build under NetBSD 2.0D and above with statvfs(2).
Fix configure to look for des_cbc_encrypt in -ldes. I did not commit all 7K lines of diff that autoconf produced because of the changed line numbers, just the relevant ones.
Make this build on Darwin. pkg/23325
Argh! Who tested this? vm and memory stats did not work.
Include <sys/param.h> to get __NetBSD_Version__ defined. Also undefine TOTAL_MEMORY_SYMBOL, since we don't have it (or at least there is no "total" or "_total").
- account for in_ifaddr -> in_ifaddrbase in 1.6ZD (I think). - XXX: whoever ported this needs to revisit it and fix issues such as utmp support etc.
Fix build problem under NetBSD-1.6Y and newer. This patch was contributed by Jun-ichiro itojun Hagino.
Update to 5.0.9. PR19939 by Greg A. Woods. Changes from NEWS file: --------8<--------8<--------8<--------8<--------8<--------8<--------8< *5.0.9* SECURITY: - An existing user/community could get access to data in MIB objects that were explicitly excluded from their view. Fixes: - Perl build environment should better under Windows - Misc kerberos support fixes. - Improvements on various manual pages. - A annoying bug with SETs being passed to pass scripts was fixed. - The often talked about VACM optimization improvement was fixed again. - mib2c handles augmentation tables better now. - Various 64 bit issues have been addressed. *5.0.8* New: - No new features will be added to the 5.0.x line. Ports: - Update libtool to version 1.4.3, for the benefit of Darwin - diskio support for Darwin - Updates for OpenBSD 3. - Updates to solaris README Fixes: - find libwrap w/nsl on RedHat - fix for openssl 0.9.7 - Fix some AgentX memory leaks - use macro for inline function prototypes - Attempt to find unused port before running tests - Use SNMP_SLEEP environment variable when running tests - calculate a proper ifSpeed under linux when possible - better daemonization of snmpd - close and reopen snmptrapd log files on HUP - support for 16 bit reuqest ids - Recognize new 't' code in display hints - misc other fixes *5.0.7* New: - VACM (access control) optimizations which will greatly benefit people who wish to exclude large portions of the MIB tree from some people. Previously this was a large resource drain. - Add command line option to snmpd to set syslog facility - Reverse DISPLAY-HINT processing, i.e. it allows you to input data formatted like a DISPLAY-HINT prescribes - Support setting of sysDescr and sysObjectID via snmpd.conf configuration directives - New output option to force display of strings as hex - Persistent directory can be specified at runtime - Add support for Linux virtual interfaces in the ipAddressTable. - implemented the mteEventTable and the mteEventNotificationTable form the DISMAN-EVENT-MIB. Fixes: - AgentX no longer flagged as experimental - A few memory leak fixes for the table_iterator agent API. - Processed flag cleared before each pass of a set request - Remove snmpd pid file on exit - Restore default behaviour of building shared libraries - misc other fixes --------8<--------8<--------8<--------8<--------8<--------8<--------8<
Initial import of net-snmp-5.0.6 as net/net-snmp. This package is based on net/net-snmp-current and on the FreeBSD net-snmp port, and may be considered as an update to ucd-snmp. Changes since ucd-snmp include: * complete rewrite of the agent internals * new agent module API * SNMPv3 * improved AgentX subagent handling * many, many bugfixes in plugged memory leaks * prevent DoS attacks from authenticated users
Initial revision