netsnmpd: Update to version 5.9.5.2

Message ID 20260701113444.3425761-4-adolf.belka@ipfire.org
State Staged
Commit eecec62b793e2fec3fbf3d8f31bdf73a28e50c76
Headers
Series netsnmpd: Update to version 5.9.5.2 |

Commit Message

Adolf Belka 1 Jul 2026, 11:34 a.m. UTC
- Update from version 5.9.3 to 5.9.5.2
- Update of rootfile
- Move the symlink generation and removal from the lfs to the instal/uninstall pak
   file to be aligned with the majority of packages.
- Version 5.9.4 has the note
    IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
    in this release with various versions of OpenSSL and will be fixed
    in a future release.
- This issue has been in place since Aug 2023 and does not look to have been fixed as
   far as I have been able to tell. The developers also say that this tool should only
   be used on trusted local networks anyway. Additionally version 5.9.5 has a CVE fix.
  Based on this I am submitting the update patch for review and decision. I think it is
   better to do the update because it does not look like the OpenSSL issue will be
   fixed anytime soon. It doesn't appear that anyone is working on it.
   https://github.com/net-snmp/net-snmp/issues/828
- Changelog
5.9.5.2
    building:
      - Fix an issue with needing limits.h included.
      - update to autoconf 2.72
5.9.5.1
	Only a version numbering fix.
5.9.5
    snmptrapd:
      - fixed a critical vulnerability (CVE-2025-68615) which can be triggered
        by a specially crafted trap
    snmplib:
      - Add support for IPV6_RECVPKTINFO
      - Port the SSH domain transport to FreeBSD
      - Improve error handling in parse_enumlist and other parsing functions
      - Filter out non-ASCII characters from output
      - Fix multiple memory leaks in MIB parsing, OID handling, and transport filters
      - Fix multiple buffer overflows triggered when creating ASN packets
      - Fix handling of large/negative values (integer underflows/overflows)
      - Fix segmentation faults when `varbind` cannot be constructed or buf is null
      - Fix crash in netsnmp_parse_args when passing invalid argument lists
      - Fix SNMPv3 multithreading support for snmp_sess_open()
    snmpd:
      - Make UCD-SNMP::dskTable dynamic if includeAllDisks is set.") added
	a verification that drops all filesystems not present in other_fs[]
	table. So add 'ubifs' in other_fs[] to fix it.
      - Fix SIGHUP handling for engineID changes and agent port changes
      - Fix a use-after-free in unregister_mib_context()
      - Fix regression of memory leak when using RPMDB macros
      - Improve cache management: clear timer_id on stop, keep cache flags unchanged
      - Always open libkvm in "safe mode" on FreeBSD
      - Fix crash when snmptrapd subagent terminates the TCP connection
    apps:
      - snmpusm: Improve error handling and fix memory leaks
      - sshtosnmp: Avoid EINVAL when passing credentials over SSH unix domain socket
      - snmptest: Plug a possible memory leak
      - snmpget: Avoid leak if parsing OID fails
    MIBs:
      - EtherLike-MIB: Optimize Linux implementation to use netlink statistics
      - IP-MIB: Add Linux 6.7 compatibility for parsing /proc/net/snmp
      - LM-SENSORS-MIB: Support negative temperatures
      - SNMP-TLS-TM-MIB: Update to RFC 9456 and allow TLS protocols higher than TLS1.0
      - HOST-RESOURCES-MIB: Add support for RPM SQLite DB background
    building:
      - Add support for Windows on ARM
      - Support OpenBSD 8, FreeBSD 15/16, and DragonflyBSD
      - Fix build for OS/X versions prior to 10.6.0
      - Windows: Bump OpenSSL version and fix library paths
      - MinGW64: Switch from pkg-config to pkgconf
      - Add --with-wolfssl Add support for building and linking with the
	wolfSSL library instead of OpenSSL. Other changes that have been
	included in this patch are: - Only enable AES support if
	EVP_aes_128_cfb() is available. - Add support for detecting SSL
	functions if these have been defined as macros.
5.9.4
    IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
    in this release with various versions of OpenSSL and will be fixed
    in a future release.
    libsnmp:
      - Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not
	used in the Net-SNMP code base.
      - DISPLAY-HINT fixes
      - Miscellanious improvements to the transports
      - Handle multiple oldEngineID configuration lines
      - fixes for DNS names longer than 63 characters
    agent:
      - Added a ignoremount configuration option for the HOST-MIB
      - disallow SETs with a NULL varbind
      - fix the --enable-minimalist build
    apps:
      - snmpset: allow SET with NULL varbind for testing
      - snmptrapd: improved MySQL logging code
    general:
      - configure: Remove -Wno-deprecated as it is no longer needed
      - miscellanious ther bug fixes, build fixes and cleanups

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/packages/netsnmpd | 26 +++++++++---------
 lfs/netsnmpd                       | 42 ++++++++++++++----------------
 src/paks/netsnmpd/install.sh       |  8 +++++-
 src/paks/netsnmpd/uninstall.sh     |  5 +++-
 4 files changed, 42 insertions(+), 39 deletions(-)
  

Patch

diff --git a/config/rootfiles/packages/netsnmpd b/config/rootfiles/packages/netsnmpd
index 510f4a0cf..34e4eb30a 100644
--- a/config/rootfiles/packages/netsnmpd
+++ b/config/rootfiles/packages/netsnmpd
@@ -1,7 +1,4 @@ 
 etc/rc.d/init.d/netsnmpd
-etc/rc.d/rc0.d/K02netsnmpd
-etc/rc.d/rc3.d/S65netsnmpd
-etc/rc.d/rc6.d/K02netsnmpd
 etc/snmpd.conf
 usr/bin/agentxtrap
 usr/bin/checkbandwidth
@@ -130,7 +127,6 @@  usr/bin/traptoemail
 #usr/include/net-snmp/library/snmp.h
 #usr/include/net-snmp/library/snmpAliasDomain.h
 #usr/include/net-snmp/library/snmpCallbackDomain.h
-#usr/include/net-snmp/library/snmpIPBaseDomain.h
 #usr/include/net-snmp/library/snmpIPv4BaseDomain.h
 #usr/include/net-snmp/library/snmpIPv6BaseDomain.h
 #usr/include/net-snmp/library/snmpSocketBaseDomain.h
@@ -214,6 +210,8 @@  usr/bin/traptoemail
 #usr/include/net-snmp/system/openbsd4.h
 #usr/include/net-snmp/system/openbsd5.h
 #usr/include/net-snmp/system/openbsd6.h
+#usr/include/net-snmp/system/openbsd7.h
+#usr/include/net-snmp/system/openbsd8.h
 #usr/include/net-snmp/system/osf5.h
 #usr/include/net-snmp/system/solaris.h
 #usr/include/net-snmp/system/solaris2.3.h
@@ -231,28 +229,28 @@  usr/bin/traptoemail
 #usr/lib/libnetsnmp.a
 #usr/lib/libnetsnmp.la
 #usr/lib/libnetsnmp.so
-usr/lib/libnetsnmp.so.40
-usr/lib/libnetsnmp.so.40.2.0
+usr/lib/libnetsnmp.so.45
+usr/lib/libnetsnmp.so.45.0.0
 #usr/lib/libnetsnmpagent.a
 #usr/lib/libnetsnmpagent.la
 #usr/lib/libnetsnmpagent.so
-usr/lib/libnetsnmpagent.so.40
-usr/lib/libnetsnmpagent.so.40.2.0
+usr/lib/libnetsnmpagent.so.45
+usr/lib/libnetsnmpagent.so.45.0.0
 #usr/lib/libnetsnmphelpers.a
 #usr/lib/libnetsnmphelpers.la
 #usr/lib/libnetsnmphelpers.so
-usr/lib/libnetsnmphelpers.so.40
-usr/lib/libnetsnmphelpers.so.40.2.0
+usr/lib/libnetsnmphelpers.so.45
+usr/lib/libnetsnmphelpers.so.45.0.0
 #usr/lib/libnetsnmpmibs.a
 #usr/lib/libnetsnmpmibs.la
 #usr/lib/libnetsnmpmibs.so
-usr/lib/libnetsnmpmibs.so.40
-usr/lib/libnetsnmpmibs.so.40.2.0
+usr/lib/libnetsnmpmibs.so.45
+usr/lib/libnetsnmpmibs.so.45.0.0
 #usr/lib/libnetsnmptrapd.a
 #usr/lib/libnetsnmptrapd.la
 #usr/lib/libnetsnmptrapd.so
-usr/lib/libnetsnmptrapd.so.40
-usr/lib/libnetsnmptrapd.so.40.2.0
+usr/lib/libnetsnmptrapd.so.45
+usr/lib/libnetsnmptrapd.so.45.0.0
 #usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle
 usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle/MakefileSubs.pm
 #usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/NetSNMP
diff --git a/lfs/netsnmpd b/lfs/netsnmpd
index 5605d6307..a27440cff 100644
--- a/lfs/netsnmpd
+++ b/lfs/netsnmpd
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@  include Config
 
 SUMMARY    = SNMP Daemon
 
-VER        = 5.9.3
+VER        = 5.9.5.2
 
 THISAPP    = net-snmp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = netsnmpd
-PAK_VER    = 15
+PAK_VER    = 16
 
 DEPS       =
 
@@ -48,7 +48,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = b8e3de60e178ec16ad2848ad77f3bd4cbd35eaa9be103c0fa5d17514c29df4e69015ac53b54c9e565e3032b0c0bb47c19729e65310a6acefae901e101ea49451
+$(DL_FILE)_BLAKE2 = 417b337ac32d19db55494b97742fab6f28fc64d488896efd943d6f65ca563b0385d6160923d064e3bf04e3197790c7834d7b644973a426dfa3cb7e81f6465c4c
 
 install : $(TARGET)
 
@@ -84,22 +84,21 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
 	$(UPDATE_AUTOMAKE)
 	cd $(DIR_APP) && ./configure \
-		--prefix=/usr \
-		--with-default-snmp-version="2" \
-		--with-sys-contact="root@" \
-		--with-sys-location="localhost" \
-		--with-logfile="/var/log/snmpd.log" \
-		--with-persistent-directory="/var/net-snmp" \
-		--with-mib-modules="host agentx smux \
-		ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \
-		ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
-		ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \
-		ip-mib/ipDefaultRouterTable/ipDefaultRouterTable \
-		ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \
-		sctp-mib rmon-mib etherlike-mib ucd-snmp/lmsensorsMib"
-		--libdir=/usr/lib \
-		--sysconfdir="/etc"
-
+				--prefix=/usr \
+				--with-default-snmp-version="2" \
+				--with-sys-contact="root@" \
+				--with-sys-location="localhost" \
+				--with-logfile="/var/log/snmpd.log" \
+				--with-persistent-directory="/var/net-snmp" \
+				--with-mib-modules="host agentx smux \
+				ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \
+				ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
+				ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \
+				ip-mib/ipDefaultRouterTable/ipDefaultRouterTable \
+				ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \
+				sctp-mib rmon-mib etherlike-mib ucd-snmp/lmsensorsMib"
+				--libdir=/usr/lib \
+				--sysconfdir="/etc"
 	cd $(DIR_APP) && make #$(MAKETUNING)
 	cd $(DIR_APP) && make install
 	install -v -m 644 $(DIR_SRC)/config/netsnmpd/snmpd.conf /etc/snmpd.conf
@@ -109,8 +108,5 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# install initscripts
 	$(call INSTALL_INITSCRIPTS,$(SERVICES))
 
-	ln -sf ../init.d/netsnmpd /etc/rc.d/rc3.d/S65netsnmpd
-	ln -sf ../init.d/netsnmpd /etc/rc.d/rc0.d/K02netsnmpd
-	ln -sf ../init.d/netsnmpd /etc/rc.d/rc6.d/K02netsnmpd
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
diff --git a/src/paks/netsnmpd/install.sh b/src/paks/netsnmpd/install.sh
index 31c5fecae..5baa2ffee 100644
--- a/src/paks/netsnmpd/install.sh
+++ b/src/paks/netsnmpd/install.sh
@@ -17,11 +17,17 @@ 
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
-# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+# Copyright (C) 2007-2026 IPFire-Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
 extract_files
 restore_backup ${NAME}
+
+# Create symlinks for runlevel interaction.
+ln -sf ../init.d/netsnmpd /etc/rc.d/rc3.d/S65netsnmpd
+ln -sf ../init.d/netsnmpd /etc/rc.d/rc0.d/K02netsnmpd
+ln -sf ../init.d/netsnmpd /etc/rc.d/rc6.d/K02zabbix_agentd
+
 start_service --background ${NAME}
diff --git a/src/paks/netsnmpd/uninstall.sh b/src/paks/netsnmpd/uninstall.sh
index a7b8a5370..ffd74217b 100644
--- a/src/paks/netsnmpd/uninstall.sh
+++ b/src/paks/netsnmpd/uninstall.sh
@@ -17,7 +17,7 @@ 
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
-# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+# Copyright (C) 2007-2026 IPFire-Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #
@@ -25,3 +25,6 @@ 
 stop_service ${NAME}
 make_backup ${NAME}
 remove_files
+
+# Remove init-scripts and symlinks
+rm -rfv /etc/rc.d/rc*.d/*netsnmpd