net-snmp: upgrade 5.9.3 -> 5.9.4

2024-03-08T18:07:26+00:00

ChangeLog: https://github.com/net-snmp/net-snmp/blob/V5-9-patches/CHANGES * Refresh patches * Drop backport CVE patch * Drop 0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch as the issue has been fixed upstream. * Add a patch to fix build on musl Signed-off-by: Yi Zhao Signed-off-by: Khem Raj

ntpsec, net-snmp: drop ${PE}, ${PR} from /usr/src/debug paths

2023-11-20T17:30:39+00:00

Signed-off-by: Martin Jansa Signed-off-by: Khem Raj

net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception

2023-02-09T23:56:25+00:00

References: https://nvd.nist.gov/vuln/detail/CVE-2022-44792 https://nvd.nist.gov/vuln/detail/CVE-2022-44793 Signed-off-by: Narpat Mali Signed-off-by: Khem Raj

net-snmp: Fix build with clang16

2023-01-21T18:02:02+00:00

Signed-off-by: Khem Raj

net-snmp: upgrade 5.9.1 -> 5.9.3

2022-08-12T08:24:27+00:00

Upgrade summary: ---------------- - drop 0002-configure-fix-a-cc-check-issue.patch, as it was replaced with upstream commit https://github.com/net-snmp/net-snmp/commit/dbb49acfa2af - drop 0001-snmpd-always-exit-after-displaying-usage.patch backport - rebase net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch manually - refresh patches with devtool to get rid of fuzz Changelog: ---------- *5.9.3*: security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously - CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. - To avoid these flaws, use strong SNMPv3 credentials and do not share them. If you must use SNMPv1 or SNMPv2c, use a complex community string and enhance the protection by restricting access to a given IP address range. - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for reporting the following CVEs that have been fixed in this release, and to Arista Networks for providing fixes. Windows: - WinExtDLL: Fix multiple compiler warnings - WinExtDLL: Make long strings occupy a single line Make it easier to look up error messages in the source code by making long strings occupy a single source code line. - WinExtDLL: Restore MIB-II support Make winExtDLL work on 64-bit Windows systems") caused snmpd to skip MIB-II on 64-bit systems. IF-MIB: Update ifTable entries even if the interface name has changed At least on Linux a network interface index may be reused for a network interface with a different name. Hence this patch that enables replacing network interface information even if the network interface name has changed. unspecified: - Moved transport code into a separate subdirectory in snmplib - Snmplib: remove inline versions of container funcs". misc: - snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is expanded in ${datarootdir} so datarootdir must be set before @datadir@ is used. *5.9.2*: skipped due to a last minute library versioning found bug -- use 5.9.3 instead Signed-off-by: Ovidiu Panait Signed-off-by: Khem Raj

linux/meta-openembedded.git/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb, branch master

net-snmp: upgrade 5.9.3 -> 5.9.4

ntpsec, net-snmp: drop ${PE}, ${PR} from /usr/src/debug paths

net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception

net-snmp: Fix build with clang16

net-snmp: upgrade 5.9.1 -> 5.9.3