[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/net-snmp/FC-3 net-snmp-5.1-mktemp.diff, NONE, 1.1 net-snmp-5.1.2-free_session.patch, NONE, 1.1 net-snmp-5.2.1-clear_callback3.patch, NONE, 1.1 net-snmp-5.2.1-ethtool.patch, NONE, 1.1 net-snmp.spec, 1.25, 1.26



Author: rvokal

Update of /cvs/dist/rpms/net-snmp/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv855

Modified Files:
	net-snmp.spec 
Added Files:
	net-snmp-5.1-mktemp.diff net-snmp-5.1.2-free_session.patch 
	net-snmp-5.2.1-clear_callback3.patch 
	net-snmp-5.2.1-ethtool.patch 
Log Message:
 - CAN-2005-2177 new upstream version fixing DoS (#162908)
 - CAN-2005-1740 net-snmp insecure temporary file usage (#158770)
 - session free fixed, agentx modules build fine (#157851)
 - report gigabit Ethernet speeds using Ethtool (#152480)



net-snmp-5.1-mktemp.diff:
 fixproc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE net-snmp-5.1-mktemp.diff ---
--- local/fixproc
+++ local/fixproc
@@ -231,7 +231,7 @@
     {
       # it must be "shell", so execute the shell script defined in database
 
-      local ($tmpfile) = "/tmp/fix_$$";
+      local ($tmpfile) = `mktemp /tmp/fix.XXXXXXXX`;
 
       &create_sh_script ($fix{$proc}, $tmpfile);
 
@@ -262,7 +262,7 @@
       # if not "exist", then it must be "shell", so execute the shell script
       # defined in database
 
-      local ($tmpfile) = "/tmp/check_$$";
+      local ($tmpfile) = `mktemp /tmp/check.XXXXXXXX`;
 
       &create_sh_script ($check{$proc}, $tmpfile);
 

net-snmp-5.1.2-free_session.patch:
 include/net-snmp/library/callback.h |    1 +
 snmplib/callback.c                  |    8 ++++++++
 snmplib/snmp_api.c                  |    2 ++
 3 files changed, 11 insertions(+)

--- NEW FILE net-snmp-5.1.2-free_session.patch ---
diff -Naurp net-snmp-5.1.2/include/net-snmp/library/callback.h net-snmp-5.1.2.n/include/net-snmp/library/callback.h
--- net-snmp-5.1.2/include/net-snmp/library/callback.h	2003-07-14 03:19:23.000000000 +0900
+++ net-snmp-5.1.2.n/include/net-snmp/library/callback.h	2005-04-14 13:47:33.266223350 +0900
@@ -57,6 +57,7 @@ extern          "C" {
                                              SNMPCallback * new_callback,
                                              void *arg, int matchargs);
     void            clear_callback (void);
+    void            clear_callback_session (void *session);
     struct snmp_gen_callback *snmp_callback_list(int major, int minor);
 
 #ifdef __cplusplus
diff -Naurp net-snmp-5.1.2/snmplib/callback.c net-snmp-5.1.2.n/snmplib/callback.c
--- net-snmp-5.1.2/snmplib/callback.c	2005-04-14 13:48:19.368930822 +0900
+++ net-snmp-5.1.2.n/snmplib/callback.c	2005-04-14 13:47:21.231636714 +0900
@@ -341,6 +341,14 @@ clear_callback(void)
     }
 }
 
+void
+clear_callback_session(void*session)
+{
+
+    _remove_duplicates(session, 0, 0);
+
+}
+
 struct snmp_gen_callback *
 snmp_callback_list(int major, int minor)
 {
diff -Naurp net-snmp-5.1.2/snmplib/snmp_api.c net-snmp-5.1.2.n/snmplib/snmp_api.c
--- net-snmp-5.1.2/snmplib/snmp_api.c	2004-06-21 19:02:15.000000000 +0900
+++ net-snmp-5.1.2.n/snmplib/snmp_api.c	2005-04-14 13:47:21.233589438 +0900
@@ -1690,6 +1690,8 @@ snmp_free_session(netsnmp_session * s)
         SNMP_FREE(s->securityName);
         SNMP_FREE(s->securityAuthProto);
         SNMP_FREE(s->securityPrivProto);
+        /* session information already frees in snmp_shutdown. */
+        clear_callback_session(s);
         free((char *) s);
     }
 }

net-snmp-5.2.1-clear_callback3.patch:
 callback.c |   46 ++++++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 44 insertions(+), 2 deletions(-)

--- NEW FILE net-snmp-5.2.1-clear_callback3.patch ---
--- net-snmp-5.2.1/snmplib/callback.c.callback3	2005-05-18 11:17:59.000000000 +0200
+++ net-snmp-5.2.1/snmplib/callback.c	2005-05-18 11:25:36.000000000 +0200
@@ -45,6 +45,10 @@
 #include <net-snmp/library/callback.h>
 #include <net-snmp/library/snmp_api.h>
 
+
+static void _remove_duplicates(void *ptr, int x, int y);
+
+
 static struct snmp_gen_callback
                *thecallbacks[MAX_CALLBACK_IDS][MAX_CALLBACK_SUBIDS];
 
@@ -335,11 +339,34 @@
     return count;
 }
 
+static void
+_remove_duplicates(void *ptr, int x, int y)
+{
+    struct snmp_gen_callback *scp = NULL, *next = NULL;
+    int i,j;
+    for (i=x; i < MAX_CALLBACK_IDS; i++) {
+	for (j=y; j < MAX_CALLBACK_SUBIDS; j++) {
+	    scp = thecallbacks[i][j]; 
+	    while (scp != NULL) {
+                next=scp->next;
+		if ((NULL != scp->sc_callback) &&
+		      (scp->sc_client_arg != NULL) &&
+		      (scp->sc_client_arg == ptr)) {
+		    DEBUGMSGTL(("callback", "duplicate client arg\n"));
+		    scp->sc_client_arg = NULL;
+		}
+		scp = next;
+	    }
+	}
+    }
+}
+
 void
 clear_callback(void)
 {
     unsigned int i = 0, j = 0; 
     struct snmp_gen_callback *scp = NULL, *next = NULL;
+    void *tmp_arg;
 
     if(++_lock > 1) {
         snmp_log(LOG_WARNING,
@@ -352,8 +379,23 @@
 	    scp = thecallbacks[i][j]; 
 	    while (scp != NULL) {
 		next = scp->next;
-		if ((NULL != scp->sc_callback) && (scp->sc_client_arg != NULL))
-		    SNMP_FREE(scp->sc_client_arg);
+		/*
+		 * if there is a client arg, check for duplicates
+		 * and then free it.
+		 */
+		if ((NULL != scp->sc_callback) &&
+			(scp->sc_client_arg != NULL)) {
+                      /*
+                       * save the client arg, then set it to null so that it
+                       * won't look like a duplicate, then check for duplicates
+                       * starting at the current i,j (earlier dups should have
+                       * already been found) and free the pointer.
+                       */
+			tmp_arg = scp->sc_client_arg;
+			scp->sc_client_arg = NULL;
+			_remove_duplicates(tmp_arg, i, j);
+			free(tmp_arg);
+		}
 		SNMP_FREE(scp);
 		scp = next;
 	    }

net-snmp-5.2.1-ethtool.patch:
 interface_linux.c |   50 ++++++++++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 48 insertions(+), 2 deletions(-)

--- NEW FILE net-snmp-5.2.1-ethtool.patch ---
--- net-snmp-5.2.1/agent/mibgroup/if-mib/data_access/interface_linux.c.ethtool	2004-10-18 05:49:50.000000000 +0200
+++ net-snmp-5.2.1/agent/mibgroup/if-mib/data_access/interface_linux.c	2005-05-04 10:26:56.000000000 +0200
@@ -20,8 +20,25 @@
 #include "if-mib/data_access/interface.h"
 #include "interface_ioctl.h"
 
+#include <sys/types.h>
+#ifndef u8
+typedef __uint8_t u8;
+#endif
+#ifndef u16
+typedef __uint16_t u16;
+#endif
+#ifndef u32
+typedef __uint32_t u32;
+#endif
+
+#include <linux/ethtool.h>
+#include <linux/sockios.h>
+
 unsigned int
 netsnmp_arch_interface_get_if_speed(int fd, const char *name);
+/* old mii version */
+unsigned int
+netsnmp_arch_interface_get_if_speed_mii(int fd, const char *name);
 
 void
 netsnmp_arch_interface_init(void)
@@ -373,10 +390,39 @@
 
 
 /**
- * Determines network interface speed.
+ * Determines network interface speed from ETHTOOL_GSET
+ */
+unsigned int
+netsnmp_arch_interface_get_if_speed(int fd, const char *name) {
+	struct ifreq ifr;
+	struct ethtool_cmd edata;	
+                                                                                
+	memset(&ifr, 0, sizeof(ifr));
+	edata.cmd = ETHTOOL_GSET;
+
+	strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)-1);
+	ifr.ifr_data = (char *) &edata;
+                                                                                
+	if (ioctl(fd, SIOCETHTOOL, &ifr) == -1)
+	{
+		DEBUGMSGTL(("mibII/interfaces", "ETHTOOL_GSET on %s failed\n",
+                    ifr.ifr_name));
+		return netsnmp_arch_interface_get_if_speed_mii(fd,name);
+	}
+          
+	if (edata.speed != SPEED_10 && edata.speed != SPEED_100 &&
+		edata.speed != SPEED_1000) 
+	 	/* try MII */
+		return netsnmp_arch_interface_get_if_speed_mii(fd,name);
+	else   /* return in bps */
+		return edata.speed*1000*1000;
+}
+
+/**
+ * Determines network interface speed from MII
  */
 unsigned int
-netsnmp_arch_interface_get_if_speed(int fd, const char *name)
+netsnmp_arch_interface_get_if_speed_mii(int fd, const char *name)
 {
     unsigned int retspeed = 10000000;
     struct ifreq ifr;


Index: net-snmp.spec
===================================================================
RCS file: /cvs/dist/rpms/net-snmp/FC-3/net-snmp.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- net-snmp.spec	25 Apr 2005 07:56:53 -0000	1.25
+++ net-snmp.spec	13 Jul 2005 10:31:28 -0000	1.26
@@ -2,8 +2,8 @@
 
 Summary: A collection of SNMP protocol tools and libraries.
 Name: net-snmp
-Version: 5.2.1
-Release: 10.FC3
+Version: 5.2.1.2
+Release: FC3.1
 License: BSDish
 Group: System Environment/Daemons
 URL: http://net-snmp.sourceforge.net/
@@ -33,8 +33,11 @@
 Patch15: net-snmp-5.2.1-trim.patch
 Patch16: net-snmp-5.1.2-ASN-unsigned64.patch
 Patch17: net-snmp-5.2.1-typeclash.diff
-Patch18: net-snmp-5.1.2-agentx_register_callbacks_entry.patch
 Patch19: net-snmp-5.2.1-file_offset.patch
+Patch20: net-snmp-5.2.1-ethtool.patch
+Patch21: net-snmp-5.1.2-free_session.patch
+Patch22: net-snmp-5.2.1-clear_callback3.patch
+Patch23: net-snmp-5.1-mktemp.diff
 
 Prereq: /sbin/chkconfig
 Obsoletes: ucd-snmp
@@ -149,8 +152,11 @@
 %patch15 -p1 -b .trim
 %patch16 -p1 -b .ASN-unsigned64
 %patch17 -b .typeclash
-%patch18 -p1 -b .reg_callbacks
 %patch19 -p1 -b .file_offset
+%patch20 -p1 -b .ethtool
+%patch21 -p1 -b .free_session
+%patch22 -p1 -b .callback3
+%patch23 -b .mktemp
 
 # Do this patch with a perl hack...
 perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
@@ -161,7 +167,8 @@
 %endif
 %configure \
 	--enable-static --enable-shared			\
-	--with-cflags="$RPM_OPT_FLAGS -g"		\
+	--with-cflags="$RPM_OPT_FLAGS -lcrypto"		\
+	--with-ldflags="$LDFLAGS"			\
 	--with-sys-location="Unknown"			\
 	--with-logfile="/var/log/snmpd.log"		\
 	--with-persistent-directory="/var/net-snmp"	\
@@ -328,6 +335,12 @@
 %{_libdir}/*.la
 
 %changelog
+* Wed Jul 13 2005 Radek Vokal <rvokal redhat com> 
+- CAN-2005-2177 new upstream version fixing DoS (#162908)
+- CAN-2005-1740 net-snmp insecure temporary file usage (#158770)
+- session free fixed, agentx modules build fine (#157851)
+- report gigabit Ethernet speeds using Ethtool (#152480)
+
 * Mon Apr 25 2005 Radek Vokal <rvokal redhat com> - 5.2.1-10.FC3
 - fixed missing requires for devel package (#155221)
 - 64bit problems are hopefully gone for a while


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]