2024-02-21 11:21:01 by Thomas Klausner | Files touched by this commit (20) | |
Log message:
*net-snmp: update to 5.9.4
*5.9.4*:
IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
in this release with various versions of OpenSSL and will be fixed
in a future release.
libsnmp:
- Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not
used in the Net-SNMP code base.
- DISPLAY-HINT fixes
- Miscellanious improvements to the transports
- Handle multiple oldEngineID configuration lines
- fixes for DNS names longer than 63 characters
agent:
- Added a ignoremount configuration option for the HOST-MIB
- disallow SETs with a NULL varbind
- fix the --enable-minimalist build
apps:
- snmpset: allow SET with NULL varbind for testing
- snmptrapd: improved MySQL logging code
general:
- configure: Remove -Wno-deprecated as it is no longer needed
- miscellanious ther bug fixes, build fixes and cleanups
|
2024-01-16 14:37:12 by Thomas Klausner | Files touched by this commit (1) |
Log message:
py-netsnmp: builds with Python 3 too, remove restriction to Python 2
|
2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message:
*: bump for openssl 3
|
2022-10-18 14:01:53 by Adam Ciarcinski | Files touched by this commit (43) | |
Log message:
net-snmp py-netsnmp: updated to 5.9.3
*5.9.3*:
security:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.
- These CVEs can be exploited by a user with read-write credentials:
- CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously
- CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.
- CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.
- To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address range.
- Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.
misc:
- Snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.
general: Many bug fixes
*5.9.2*:
skipped due to a last minute library versioning found bug -- use 5.9.3 instead
*5.9.1*:
General: Many bug fixes
*5.9*
snmplib:
- Add IPv6 support to DTLSUDP transport CHANGES: snmplib: use new
netsnmp_sockaddr_storage in netsnmp_addr_pair CHANGES: snmplib: add
base_transport ptr for tunneled transports
snmpd:
- Security vulnerabilty in the ping MIB reported by Christopher Ertl
from Microsoft fixed
- Changing to a different uid/gid can only be done once
- The extend mib is now read-only by default
snmptrap:
- BUG: 2899: Patch from Drew Roedersheimer to set library
engineboots/time values before sending
unspecified:
- Add pkg-config support for building applications and sub-agents Use
the netsnmp package when building Net-SNMP applications. Use the
netsnmp-agent package when building Net-SNMP subagents.
|
2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message:
*: bump PKGREVISION for egg.mk users
They now have a tool dependency on py-setuptools instead of a DEPENDS
|
2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255) |
Log message:
net: align variable assignments
pkglint -Wall -F --only aligned --only indent -r
No manual corrections.
|
2019-09-02 15:20:22 by Adam Ciarcinski | Files touched by this commit (415) |
Log message:
Changed PYTHON_VERSIONS_INCOMPATIBLE to PYTHON_VERSIONS_ACCEPTED; needed for \
future Python 3.8
|
2019-04-26 15:14:25 by Maya Rashish | Files touched by this commit (473) |
Log message:
Omit mentions of python 34 and 35, after those were removed.
- Includes some whitespace changes, to be handled in a separate commit.
|
2018-07-03 07:03:44 by Adam Ciarcinski | Files touched by this commit (495) |
Log message:
extend PYTHON_VERSIONS_ for Python 3.7
|
2017-01-01 15:44:09 by Thomas Klausner | Files touched by this commit (577) |
Log message:
Add python-3.6 to incompatible versions.
|