netsnmpd: Update to version 5.9.5.2
Commit Message
- Update from version 5.9.3 to 5.9.5.2
- Update of rootfile
- Move the symlink generation and removal from the lfs to the instal/uninstall pak
file to be aligned with the majority of packages.
- Version 5.9.4 has the note
IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
in this release with various versions of OpenSSL and will be fixed
in a future release.
- This issue has been in place since Aug 2023 and does not look to have been fixed as
far as I have been able to tell. The developers also say that this tool should only
be used on trusted local networks anyway. Additionally version 5.9.5 has a CVE fix.
Based on this I am submitting the update patch for review and decision. I think it is
better to do the update because it does not look like the OpenSSL issue will be
fixed anytime soon. It doesn't appear that anyone is working on it.
https://github.com/net-snmp/net-snmp/issues/828
- Changelog
5.9.5.2
building:
- Fix an issue with needing limits.h included.
- update to autoconf 2.72
5.9.5.1
Only a version numbering fix.
5.9.5
snmptrapd:
- fixed a critical vulnerability (CVE-2025-68615) which can be triggered
by a specially crafted trap
snmplib:
- Add support for IPV6_RECVPKTINFO
- Port the SSH domain transport to FreeBSD
- Improve error handling in parse_enumlist and other parsing functions
- Filter out non-ASCII characters from output
- Fix multiple memory leaks in MIB parsing, OID handling, and transport filters
- Fix multiple buffer overflows triggered when creating ASN packets
- Fix handling of large/negative values (integer underflows/overflows)
- Fix segmentation faults when `varbind` cannot be constructed or buf is null
- Fix crash in netsnmp_parse_args when passing invalid argument lists
- Fix SNMPv3 multithreading support for snmp_sess_open()
snmpd:
- Make UCD-SNMP::dskTable dynamic if includeAllDisks is set.") added
a verification that drops all filesystems not present in other_fs[]
table. So add 'ubifs' in other_fs[] to fix it.
- Fix SIGHUP handling for engineID changes and agent port changes
- Fix a use-after-free in unregister_mib_context()
- Fix regression of memory leak when using RPMDB macros
- Improve cache management: clear timer_id on stop, keep cache flags unchanged
- Always open libkvm in "safe mode" on FreeBSD
- Fix crash when snmptrapd subagent terminates the TCP connection
apps:
- snmpusm: Improve error handling and fix memory leaks
- sshtosnmp: Avoid EINVAL when passing credentials over SSH unix domain socket
- snmptest: Plug a possible memory leak
- snmpget: Avoid leak if parsing OID fails
MIBs:
- EtherLike-MIB: Optimize Linux implementation to use netlink statistics
- IP-MIB: Add Linux 6.7 compatibility for parsing /proc/net/snmp
- LM-SENSORS-MIB: Support negative temperatures
- SNMP-TLS-TM-MIB: Update to RFC 9456 and allow TLS protocols higher than TLS1.0
- HOST-RESOURCES-MIB: Add support for RPM SQLite DB background
building:
- Add support for Windows on ARM
- Support OpenBSD 8, FreeBSD 15/16, and DragonflyBSD
- Fix build for OS/X versions prior to 10.6.0
- Windows: Bump OpenSSL version and fix library paths
- MinGW64: Switch from pkg-config to pkgconf
- Add --with-wolfssl Add support for building and linking with the
wolfSSL library instead of OpenSSL. Other changes that have been
included in this patch are: - Only enable AES support if
EVP_aes_128_cfb() is available. - Add support for detecting SSL
functions if these have been defined as macros.
5.9.4
IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
in this release with various versions of OpenSSL and will be fixed
in a future release.
libsnmp:
- Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not
used in the Net-SNMP code base.
- DISPLAY-HINT fixes
- Miscellanious improvements to the transports
- Handle multiple oldEngineID configuration lines
- fixes for DNS names longer than 63 characters
agent:
- Added a ignoremount configuration option for the HOST-MIB
- disallow SETs with a NULL varbind
- fix the --enable-minimalist build
apps:
- snmpset: allow SET with NULL varbind for testing
- snmptrapd: improved MySQL logging code
general:
- configure: Remove -Wno-deprecated as it is no longer needed
- miscellanious ther bug fixes, build fixes and cleanups
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/packages/netsnmpd | 26 +++++++++---------
lfs/netsnmpd | 42 ++++++++++++++----------------
src/paks/netsnmpd/install.sh | 8 +++++-
src/paks/netsnmpd/uninstall.sh | 5 +++-
4 files changed, 42 insertions(+), 39 deletions(-)
@@ -1,7 +1,4 @@
etc/rc.d/init.d/netsnmpd
-etc/rc.d/rc0.d/K02netsnmpd
-etc/rc.d/rc3.d/S65netsnmpd
-etc/rc.d/rc6.d/K02netsnmpd
etc/snmpd.conf
usr/bin/agentxtrap
usr/bin/checkbandwidth
@@ -130,7 +127,6 @@ usr/bin/traptoemail
#usr/include/net-snmp/library/snmp.h
#usr/include/net-snmp/library/snmpAliasDomain.h
#usr/include/net-snmp/library/snmpCallbackDomain.h
-#usr/include/net-snmp/library/snmpIPBaseDomain.h
#usr/include/net-snmp/library/snmpIPv4BaseDomain.h
#usr/include/net-snmp/library/snmpIPv6BaseDomain.h
#usr/include/net-snmp/library/snmpSocketBaseDomain.h
@@ -214,6 +210,8 @@ usr/bin/traptoemail
#usr/include/net-snmp/system/openbsd4.h
#usr/include/net-snmp/system/openbsd5.h
#usr/include/net-snmp/system/openbsd6.h
+#usr/include/net-snmp/system/openbsd7.h
+#usr/include/net-snmp/system/openbsd8.h
#usr/include/net-snmp/system/osf5.h
#usr/include/net-snmp/system/solaris.h
#usr/include/net-snmp/system/solaris2.3.h
@@ -231,28 +229,28 @@ usr/bin/traptoemail
#usr/lib/libnetsnmp.a
#usr/lib/libnetsnmp.la
#usr/lib/libnetsnmp.so
-usr/lib/libnetsnmp.so.40
-usr/lib/libnetsnmp.so.40.2.0
+usr/lib/libnetsnmp.so.45
+usr/lib/libnetsnmp.so.45.0.0
#usr/lib/libnetsnmpagent.a
#usr/lib/libnetsnmpagent.la
#usr/lib/libnetsnmpagent.so
-usr/lib/libnetsnmpagent.so.40
-usr/lib/libnetsnmpagent.so.40.2.0
+usr/lib/libnetsnmpagent.so.45
+usr/lib/libnetsnmpagent.so.45.0.0
#usr/lib/libnetsnmphelpers.a
#usr/lib/libnetsnmphelpers.la
#usr/lib/libnetsnmphelpers.so
-usr/lib/libnetsnmphelpers.so.40
-usr/lib/libnetsnmphelpers.so.40.2.0
+usr/lib/libnetsnmphelpers.so.45
+usr/lib/libnetsnmphelpers.so.45.0.0
#usr/lib/libnetsnmpmibs.a
#usr/lib/libnetsnmpmibs.la
#usr/lib/libnetsnmpmibs.so
-usr/lib/libnetsnmpmibs.so.40
-usr/lib/libnetsnmpmibs.so.40.2.0
+usr/lib/libnetsnmpmibs.so.45
+usr/lib/libnetsnmpmibs.so.45.0.0
#usr/lib/libnetsnmptrapd.a
#usr/lib/libnetsnmptrapd.la
#usr/lib/libnetsnmptrapd.so
-usr/lib/libnetsnmptrapd.so.40
-usr/lib/libnetsnmptrapd.so.40.2.0
+usr/lib/libnetsnmptrapd.so.45
+usr/lib/libnetsnmptrapd.so.45.0.0
#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle
usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle/MakefileSubs.pm
#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/NetSNMP
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = SNMP Daemon
-VER = 5.9.3
+VER = 5.9.5.2
THISAPP = net-snmp-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = netsnmpd
-PAK_VER = 15
+PAK_VER = 16
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = b8e3de60e178ec16ad2848ad77f3bd4cbd35eaa9be103c0fa5d17514c29df4e69015ac53b54c9e565e3032b0c0bb47c19729e65310a6acefae901e101ea49451
+$(DL_FILE)_BLAKE2 = 417b337ac32d19db55494b97742fab6f28fc64d488896efd943d6f65ca563b0385d6160923d064e3bf04e3197790c7834d7b644973a426dfa3cb7e81f6465c4c
install : $(TARGET)
@@ -84,22 +84,21 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --with-default-snmp-version="2" \
- --with-sys-contact="root@" \
- --with-sys-location="localhost" \
- --with-logfile="/var/log/snmpd.log" \
- --with-persistent-directory="/var/net-snmp" \
- --with-mib-modules="host agentx smux \
- ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \
- ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
- ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \
- ip-mib/ipDefaultRouterTable/ipDefaultRouterTable \
- ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \
- sctp-mib rmon-mib etherlike-mib ucd-snmp/lmsensorsMib"
- --libdir=/usr/lib \
- --sysconfdir="/etc"
-
+ --prefix=/usr \
+ --with-default-snmp-version="2" \
+ --with-sys-contact="root@" \
+ --with-sys-location="localhost" \
+ --with-logfile="/var/log/snmpd.log" \
+ --with-persistent-directory="/var/net-snmp" \
+ --with-mib-modules="host agentx smux \
+ ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \
+ ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
+ ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \
+ ip-mib/ipDefaultRouterTable/ipDefaultRouterTable \
+ ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \
+ sctp-mib rmon-mib etherlike-mib ucd-snmp/lmsensorsMib"
+ --libdir=/usr/lib \
+ --sysconfdir="/etc"
cd $(DIR_APP) && make #$(MAKETUNING)
cd $(DIR_APP) && make install
install -v -m 644 $(DIR_SRC)/config/netsnmpd/snmpd.conf /etc/snmpd.conf
@@ -109,8 +108,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# install initscripts
$(call INSTALL_INITSCRIPTS,$(SERVICES))
- ln -sf ../init.d/netsnmpd /etc/rc.d/rc3.d/S65netsnmpd
- ln -sf ../init.d/netsnmpd /etc/rc.d/rc0.d/K02netsnmpd
- ln -sf ../init.d/netsnmpd /etc/rc.d/rc6.d/K02netsnmpd
@rm -rf $(DIR_APP)
@$(POSTBUILD)
@@ -17,11 +17,17 @@
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
-# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# Copyright (C) 2007-2026 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
extract_files
restore_backup ${NAME}
+
+# Create symlinks for runlevel interaction.
+ln -sf ../init.d/netsnmpd /etc/rc.d/rc3.d/S65netsnmpd
+ln -sf ../init.d/netsnmpd /etc/rc.d/rc0.d/K02netsnmpd
+ln -sf ../init.d/netsnmpd /etc/rc.d/rc6.d/K02zabbix_agentd
+
start_service --background ${NAME}
@@ -17,7 +17,7 @@
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
-# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# Copyright (C) 2007-2026 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
@@ -25,3 +25,6 @@
stop_service ${NAME}
make_backup ${NAME}
remove_files
+
+# Remove init-scripts and symlinks
+rm -rfv /etc/rc.d/rc*.d/*netsnmpd