Hello community, here is the log from the commit of package net-snmp for openSUSE:Factory checked in at 2014-09-17 17:24:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/net-snmp (Old) and /work/SRC/openSUSE:Factory/.net-snmp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "net-snmp" Changes: -------- --- /work/SRC/openSUSE:Factory/net-snmp/net-snmp.changes 2014-07-10 08:16:52.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.net-snmp.new/net-snmp.changes 2014-09-17 17:24:24.000000000 +0200 @@ -1,0 +2,10 @@ +Wed Sep 3 19:35:54 UTC 2014 - abergmann@suse.com + +- added net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch: + fix remote denial of service problem inside snmptrapd when started + with the "-OQ" option (CVE-2014-3565)(bnc#894361) +- added net-snmp-5.7.2-fix-perl-trap-handler.patch: fix potential + remote denial of service problem inside the snmptrapd Perl trap + handler (CVE-2014-2285)(bnc#866942) + +------------------------------------------------------------------- New: ---- net-snmp-5.7.2-fix-perl-trap-handler.patch net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ net-snmp.spec ++++++ --- /var/tmp/diff_new_pack.3kRZMY/_old 2014-09-17 17:24:26.000000000 +0200 +++ /var/tmp/diff_new_pack.3kRZMY/_new 2014-09-17 17:24:26.000000000 +0200 @@ -69,6 +69,8 @@ Patch8: net-snmp-5.7.2-build-fix-for-strlcat.patch Patch9: net-snmp-5.7.2-fix-snmpd-crashing-when-an-agentx-disconnects.patch Patch10: net-snmp-5.7.2-fix-mib-representation-of-timeout-values.patch +Patch11: net-snmp-5.7.2-fix-perl-trap-handler.patch +Patch12: net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch # Summary: SNMP Daemon License: BSD-3-Clause and MIT @@ -203,6 +205,8 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 +%patch12 -p1 %build MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \ ++++++ net-snmp-5.7.2-fix-perl-trap-handler.patch ++++++ diff -Nur net-snmp-5.7.2.1-orig/perl/TrapReceiver/TrapReceiver.xs net-snmp-5.7.2.1/perl/TrapReceiver/TrapReceiver.xs --- net-snmp-5.7.2.1-orig/perl/TrapReceiver/TrapReceiver.xs 2014-02-20 01:36:42.000000000 +0100 +++ net-snmp-5.7.2.1/perl/TrapReceiver/TrapReceiver.xs 2014-09-02 12:06:50.070037000 +0200 @@ -81,18 +81,18 @@ STOREPDUi("securitymodel", pdu->securityModel); STOREPDUi("securitylevel", pdu->securityLevel); STOREPDU("contextName", - newSVpv(pdu->contextName, pdu->contextNameLen)); + newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen)); STOREPDU("contextEngineID", - newSVpv((char *) pdu->contextEngineID, + newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "", pdu->contextEngineIDLen)); STOREPDU("securityEngineID", - newSVpv((char *) pdu->securityEngineID, + newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "", pdu->securityEngineIDLen)); STOREPDU("securityName", - newSVpv((char *) pdu->securityName, pdu->securityNameLen)); + newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen)); } else { STOREPDU("community", - newSVpv((char *) pdu->community, pdu->community_len)); + newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len)); } if (transport && transport->f_fmtaddr) { ++++++ net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch ++++++ --- net-snmp-5.7.2.1-orig/snmplib/mib.c 2014-02-20 01:36:42.000000000 +0100 +++ net-snmp-5.7.2.1-patched/snmplib/mib.c 2014-09-02 15:07:17.902832000 +0200 @@ -464,17 +464,16 @@ u_char *cp; int output_format, cnt; - if ((var->type != ASN_OCTET_STR) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - const char str[] = "Wrong Type (should be OCTET STRING): "; - if (snmp_cstrcat - (buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_OCTET_STR) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + const char str[] = "Wrong Type (should be OCTET STRING): "; + if (!snmp_cstrcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } @@ -742,16 +741,16 @@ const struct enum_list *enums, const char *hint, const char *units) { - if ((var->type != ASN_OPAQUE_FLOAT) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc, - "Wrong Type (should be Float): ")) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_OPAQUE_FLOAT) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be Float): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { @@ -812,17 +811,16 @@ const struct enum_list *enums, const char *hint, const char *units) { - if ((var->type != ASN_OPAQUE_DOUBLE) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - if (snmp_cstrcat - (buf, buf_len, out_len, allow_realloc, - "Wrong Type (should be Double): ")) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_OPAQUE_DOUBLE) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be Double): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { @@ -887,20 +885,21 @@ { char a64buf[I64CHARSZ + 1]; - if ((var->type != ASN_COUNTER64 + if (var->type != ASN_COUNTER64 #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES && var->type != ASN_OPAQUE_COUNTER64 && var->type != ASN_OPAQUE_I64 && var->type != ASN_OPAQUE_U64 #endif - ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc, - "Wrong Type (should be Counter64): ")) { - return sprint_realloc_by_type(buf, buf_len, out_len, + ) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be Counter64): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { @@ -988,23 +987,25 @@ const struct enum_list *enums, const char *hint, const char *units) { - if ((var->type != ASN_OPAQUE + if (var->type != ASN_OPAQUE #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES && var->type != ASN_OPAQUE_COUNTER64 && var->type != ASN_OPAQUE_U64 && var->type != ASN_OPAQUE_I64 && var->type != ASN_OPAQUE_FLOAT && var->type != ASN_OPAQUE_DOUBLE #endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */ - ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc, - "Wrong Type (should be Opaque): ")) { - return sprint_realloc_by_type(buf, buf_len, out_len, + ) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be Opaque): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES switch (var->type) { case ASN_OPAQUE_COUNTER64: @@ -1080,17 +1081,16 @@ { int buf_overflow = 0; - if ((var->type != ASN_OBJECT_ID) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = - "Wrong Type (should be OBJECT IDENTIFIER): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_OBJECT_ID) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be OBJECT IDENTIFIER): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { @@ -1150,16 +1150,16 @@ { char timebuf[40]; - if ((var->type != ASN_TIMETICKS) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = "Wrong Type (should be Timeticks): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_TIMETICKS) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be Timeticks): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_NUMERIC_TIMETICKS)) { @@ -1298,17 +1298,18 @@ { char *enum_string = NULL; - if ((var->type != ASN_INTEGER) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = "Wrong Type (should be INTEGER): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_INTEGER) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be INTEGER): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } + for (; enums; enums = enums->next) { if (enums->value == *var->val.integer) { enum_string = enums->label; @@ -1401,16 +1402,16 @@ { char *enum_string = NULL; - if ((var->type != ASN_UINTEGER) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = "Wrong Type (should be UInteger32): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_UINTEGER) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be UInteger32): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } for (; enums; enums = enums->next) { @@ -1498,17 +1499,16 @@ { char tmp[32]; - if ((var->type != ASN_GAUGE) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = - "Wrong Type (should be Gauge32 or Unsigned32): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_GAUGE) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be Gauge32 or Unsigned32): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { @@ -1571,16 +1571,16 @@ { char tmp[32]; - if ((var->type != ASN_COUNTER) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = "Wrong Type (should be Counter32): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_COUNTER) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be Counter32): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { @@ -1634,16 +1634,16 @@ { size_t i; - if ((var->type != ASN_IPADDRESS) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = "Wrong Type (should be NetworkAddress): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_IPADDRESS) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be NetworkAddress): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { @@ -1700,16 +1700,16 @@ { u_char *ip = var->val.string; - if ((var->type != ASN_IPADDRESS) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = "Wrong Type (should be IpAddress): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_IPADDRESS) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be IpAddress): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { @@ -1758,20 +1758,20 @@ const struct enum_list *enums, const char *hint, const char *units) { - if ((var->type != ASN_NULL) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = "Wrong Type (should be NULL): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_NULL) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be NULL): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } - } else { - u_char str[] = "NULL"; - return snmp_strcat(buf, buf_len, out_len, allow_realloc, str); } + + u_char str[] = "NULL"; + return snmp_strcat(buf, buf_len, out_len, allow_realloc, str); } @@ -1806,16 +1806,16 @@ u_char *cp; char *enum_string; - if ((var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = "Wrong Type (should be BITS): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be BITS): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { @@ -1890,16 +1890,16 @@ const struct enum_list *enums, const char *hint, const char *units) { - if ((var->type != ASN_NSAP) && - (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { - u_char str[] = "Wrong Type (should be NsapAddress): "; - if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { - return sprint_realloc_by_type(buf, buf_len, out_len, + if (var->type != ASN_NSAP) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { + u_char str[] = "Wrong Type (should be NsapAddress): "; + if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) + return 0; + } + return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, var, NULL, NULL, NULL); - } else { - return 0; - } } if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org