commit net-snmp for openSUSE:Factory

Source-Sync Thu, 07 Jul 2022 03:56:47 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package net-snmp for openSUSE:Factory 
checked in at 2022-07-07 12:56:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/net-snmp (Old)
 and      /work/SRC/openSUSE:Factory/.net-snmp.new.1523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "net-snmp"

Thu Jul  7 12:56:21 2022 rev:102 rq:987152 version:5.9.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/net-snmp/net-snmp.changes        2022-07-01 
13:43:47.254792920 +0200
+++ /work/SRC/openSUSE:Factory/.net-snmp.new.1523/net-snmp.changes      
2022-07-07 12:56:33.839251786 +0200
@@ -1,0 +2,28 @@
+Mon Jul  4 15:06:59 UTC 2022 - Alexander Bergmann <abergm...@suse.com>
+
+- update to 5.9.2 (bsc#1201103):
+  - security:
+    - These two CVEs can be exploited by a user with read-only credentials:
+      - CVE-2022-24805??A buffer overflow in the handling of the INDEX of
+        NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
+      - CVE-2022-24809??A malformed OID in a GET-NEXT to the nsVacmAccessTable
+        can cause a NULL pointer dereference.
+    - These CVEs can be exploited by a user with read-write credentials:
+      - CVE-2022-24806??Improper Input Validation when SETing malformed
+        OIDs in master agent and subagent simultaneously
+      - CVE-2022-24807??A malformed OID in a SET request to
+        SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
+        out-of-bounds memory access.
+      - CVE-2022-24808??A malformed OID in a SET request to
+        NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
+      - CVE-2022-24810??A malformed OID in a SET to the nsVacmAccessTable
+        can cause a NULL pointer dereference.
+- Refactor two patches to work with version number 5.9.2:
+  delete:
+  * net-snmp-5.9.1-pie.patch
+  * net-snmp-5.9.1-fix-create-v3-user-outfile.patch
+  add:
+  * net-snmp-5.9.2-pie.patch
+  * net-snmp-5.9.2-fix-create-v3-user-outfile.patch
+
+-------------------------------------------------------------------

Old:
----
  net-snmp-5.9.1-fix-create-v3-user-outfile.patch
  net-snmp-5.9.1-pie.patch
  net-snmp-5.9.1.tar.gz
  net-snmp-5.9.1.tar.gz.asc

New:
----
  net-snmp-5.9.2-fix-create-v3-user-outfile.patch
  net-snmp-5.9.2-pie.patch
  net-snmp-5.9.2.tar.gz
  net-snmp-5.9.2.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ net-snmp.spec ++++++
--- /var/tmp/diff_new_pack.6DcSZF/_old  2022-07-07 12:56:34.427252661 +0200
+++ /var/tmp/diff_new_pack.6DcSZF/_new  2022-07-07 12:56:34.431252668 +0200
@@ -30,7 +30,7 @@
 %define libname libsnmp40
 %bcond_without python2
 Name:           net-snmp
-Version:        5.9.1
+Version:        5.9.2
 Release:        0
 Summary:        SNMP Daemon
 License:        BSD-3-Clause AND MIT
@@ -50,7 +50,7 @@
 Source99:       baselibs.conf
 Patch1:         net-snmp-5.9.1-socket-path.patch
 Patch2:         net-snmp-5.9.1-testing-empty-arptable.patch
-Patch3:         net-snmp-5.9.1-pie.patch
+Patch3:         net-snmp-5.9.2-pie.patch
 Patch4:         net-snmp-5.9.1-net-snmp-config-headercheck.patch
 Patch5:         net-snmp-5.9.1-perl-tk-warning.patch
 Patch6:         net-snmp-5.9.1-velocity-mib.patch
@@ -61,7 +61,7 @@
 Patch11:        net-snmp-5.9.1-harden_snmpd.service.patch
 Patch12:        net-snmp-5.9.1-harden_snmptrapd.service.patch
 Patch13:        net-snmp-5.9.1-suse-systemd-service-files.patch
-Patch14:        net-snmp-5.9.1-fix-create-v3-user-outfile.patch
+Patch14:        net-snmp-5.9.2-fix-create-v3-user-outfile.patch
 Patch15:        net-snmp-5.9.1-subagent-set-response.patch
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module setuptools}

++++++ net-snmp-5.9.1-fix-create-v3-user-outfile.patch -> 
net-snmp-5.9.2-fix-create-v3-user-outfile.patch ++++++
--- 
/work/SRC/openSUSE:Factory/net-snmp/net-snmp-5.9.1-fix-create-v3-user-outfile.patch
 2022-04-04 19:25:47.256953348 +0200
+++ 
/work/SRC/openSUSE:Factory/.net-snmp.new.1523/net-snmp-5.9.2-fix-create-v3-user-outfile.patch
       2022-07-07 12:56:33.459251221 +0200
@@ -1,10 +1,10 @@
-diff -Nurp net-snmp-5.9.1-orig/net-snmp-create-v3-user.in 
net-snmp-5.9.1/net-snmp-create-v3-user.in
---- net-snmp-5.9.1-orig/net-snmp-create-v3-user.in     2021-05-26 
00:19:35.000000000 +0200
-+++ net-snmp-5.9.1/net-snmp-create-v3-user.in  2022-03-09 16:15:47.782006944 
+0100
-@@ -136,7 +136,7 @@ fi
- echo "$line" >> "$outfile"
- # Avoid that configure complains that this script ignores @datarootdir@
- echo "@datarootdir@" >/dev/null
+diff -Nurp net-snmp-5.9.2-orig/net-snmp-create-v3-user.in 
net-snmp-5.9.2/net-snmp-create-v3-user.in
+--- net-snmp-5.9.2-orig/net-snmp-create-v3-user.in     2022-07-04 
16:55:43.067366177 +0200
++++ net-snmp-5.9.2/net-snmp-create-v3-user.in  2022-07-04 16:57:54.927367685 
+0200
+@@ -138,7 +138,7 @@ prefix=@prefix@
+ datarootdir=@datarootdir@
+ # To suppress shellcheck complaints about $prefix and $datarootdir.
+ : "$prefix" "$datarootdir"
 -outfile="@datadir@/snmp/snmpd.conf"
 +outfile="/etc/snmp/snmpd.conf"
  line="$token $user"

++++++ net-snmp-5.9.1-pie.patch -> net-snmp-5.9.2-pie.patch ++++++
--- /work/SRC/openSUSE:Factory/net-snmp/net-snmp-5.9.1-pie.patch        
2022-04-04 19:25:47.672948578 +0200
+++ /work/SRC/openSUSE:Factory/.net-snmp.new.1523/net-snmp-5.9.2-pie.patch      
2022-07-07 12:56:33.551251357 +0200
@@ -1,8 +1,7 @@
-Index: net-snmp-5.9/agent/Makefile.in
-===================================================================
---- net-snmp-5.9.orig/agent/Makefile.in
-+++ net-snmp-5.9/agent/Makefile.in
-@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
+diff -Nurp net-snmp-5.9.2-orig/agent/Makefile.in 
net-snmp-5.9.2/agent/Makefile.in
+--- net-snmp-5.9.2-orig/agent/Makefile.in      2022-07-01 01:49:40.000000000 
+0200
++++ net-snmp-5.9.2/agent/Makefile.in   2022-07-04 16:48:54.951361517 +0200
+@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
        $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? 
  
  snmpd$(EXEEXT):       ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) 
$(MIBLIB) $(LIBTARG) 
@@ -10,11 +9,10 @@
 +      $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
  
  libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION):    ${LLIBAGENTOBJS} $(USELIBS)
-       $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} 
@LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
-Index: net-snmp-5.9/apps/Makefile.in
-===================================================================
---- net-snmp-5.9.orig/apps/Makefile.in
-+++ net-snmp-5.9/apps/Makefile.in
+       $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} 
$(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
+diff -Nurp net-snmp-5.9.2-orig/apps/Makefile.in net-snmp-5.9.2/apps/Makefile.in
+--- net-snmp-5.9.2-orig/apps/Makefile.in       2022-07-01 01:49:40.000000000 
+0200
++++ net-snmp-5.9.2/apps/Makefile.in    2022-07-04 16:48:54.951361517 +0200
 @@ -190,7 +190,7 @@ snmptest$(EXEEXT):    snmptest.$(OSUFFIX
        $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
  

++++++ net-snmp-5.9.1.tar.gz -> net-snmp-5.9.2.tar.gz ++++++
/work/SRC/openSUSE:Factory/net-snmp/net-snmp-5.9.1.tar.gz 
/work/SRC/openSUSE:Factory/.net-snmp.new.1523/net-snmp-5.9.2.tar.gz differ: 
char 13, line 1

commit net-snmp for openSUSE:Factory

Reply via email to