On Sat, 20 Sep 2014 18:09:50 +0100
"Adam D. Barratt" <a...@adam-barratt.org.uk> wrote:
> Control: tags -1 + confirmed
>
> On Sun, 2014-05-04 at 10:44 +0900, Hideki Yamane wrote:
> > I'd like to upload net-snmp/5.4.3~dfsg-2.8+deb7u1 to
> > stable-proposed-updates
> > to fix Bug#721224, error happens when Executables/scripts entries is over
> > 50
> > in snmpd.conf.
>
> Apologies for the delay in getting back to you. Please go ahead.
Thanks!
And I want to push more changes with three CVE fixes for
net-snmp/5.4.3~dfsg-2.8+deb7u1
Is it possible? debdiff is attached below.
diff -Nru net-snmp-5.4.3~dfsg/debian/changelog
net-snmp-5.4.3~dfsg/debian/changelog
--- net-snmp-5.4.3~dfsg/debian/changelog 2014-03-18 05:02:49.000000000
+0900
+++ net-snmp-5.4.3~dfsg/debian/changelog 2014-09-21 19:32:08.000000000
+0900
@@ -1,3 +1,18 @@
+net-snmp (5.4.3~dfsg-2.8+deb7u1) stable-proposed-updates; urgency=medium
+
+ * debian/patches
+ - add bug#721224_entries_over50.patch to fix "snmpd: produces error if the
+ Executables/scripts entries in snmpd.conf is over 50" taken patch from
+ Red Hat Bugzilla.
+ Thanks to "Christian Ruppert" <c.rupp...@babiel.com> for the report
+ (Closes: #721224)
+ - add TrapReceiver.patch to fix CVE-2014-2285
+ - add CVE-2014-3565.patch taken from upstream to fix CVE-2014-3565
+ (Closes: #760132)
+ - add CVE-2012-6151.patch taken from Fedora to fix CVE-2012-6151
+
+ -- Hideki Yamane <henr...@debian.org> Tue, 16 Sep 2014 00:27:07 +0900
+
net-snmp (5.4.3~dfsg-2.8) stable; urgency=medium
* Non-maintainer upload.
diff -Nru net-snmp-5.4.3~dfsg/debian/patches/CVE-2012-6151.patch
net-snmp-5.4.3~dfsg/debian/patches/CVE-2012-6151.patch
--- net-snmp-5.4.3~dfsg/debian/patches/CVE-2012-6151.patch 1970-01-01
09:00:00.000000000 +0900
+++ net-snmp-5.4.3~dfsg/debian/patches/CVE-2012-6151.patch 2014-09-21
19:32:08.000000000 +0900
@@ -0,0 +1,46 @@
+Index: pkg-net-snmp/agent/mibgroup/agentx/master.c
+===================================================================
+--- pkg-net-snmp.orig/agent/mibgroup/agentx/master.c 2014-09-21
19:07:43.820073097 +0900
++++ pkg-net-snmp/agent/mibgroup/agentx/master.c 2014-09-21
19:27:42.611687481 +0900
+@@ -236,6 +236,9 @@
+ if (!cache) {
+ DEBUGMSGTL(("agentx/master", "response too late on session %08p\n",
+ session));
++ /* response is too late, free the cache */
++ if (magic)
++ netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic);
+ return 0;
+ }
+ requests = cache->requests;
+@@ -621,6 +624,8 @@
+
+ if (result == 0 ) {
+ snmp_free_pdu( pdu );
++ if (cb_data)
++ netsnmp_free_delegated_cache((netsnmp_delegated_cache*) cb_data);
+ }
+
+ return SNMP_ERR_NOERROR;
+Index: pkg-net-snmp/agent/mibgroup/agentx/master_admin.c
+===================================================================
+--- pkg-net-snmp.orig/agent/mibgroup/agentx/master_admin.c 2014-09-21
19:07:43.820073097 +0900
++++ pkg-net-snmp/agent/mibgroup/agentx/master_admin.c 2014-09-21
19:11:08.660690270 +0900
+@@ -139,11 +139,16 @@
+ * requests, so that the delegated request will be completed and
+ * further requests can be processed
+ */
+- netsnmp_remove_delegated_requests_for_session(session);
++ while (netsnmp_remove_delegated_requests_for_session(session)) {
++ DEBUGMSGTL(("agentx/master", "Continue removing delegated
reqests\n"));
++ }
++
+ if (session->subsession != NULL) {
+ netsnmp_session *subsession = session->subsession;
+ for(; subsession; subsession = subsession->next) {
+- netsnmp_remove_delegated_requests_for_session(subsession);
++ while
(netsnmp_remove_delegated_requests_for_session(subsession)) {
++ DEBUGMSGTL(("agentx/master", "Continue removing
delegated subsession reqests\n"));
++ }
+ }
+ }
+
diff -Nru net-snmp-5.4.3~dfsg/debian/patches/CVE-2014-3565.patch
net-snmp-5.4.3~dfsg/debian/patches/CVE-2014-3565.patch
--- net-snmp-5.4.3~dfsg/debian/patches/CVE-2014-3565.patch 1970-01-01
09:00:00.000000000 +0900
+++ net-snmp-5.4.3~dfsg/debian/patches/CVE-2014-3565.patch 2014-09-21
19:32:08.000000000 +0900
@@ -0,0 +1,431 @@
+Index: pkg-net-snmp/snmplib/mib.c
+===================================================================
+--- pkg-net-snmp.orig/snmplib/mib.c 2014-09-16 00:32:14.887917977 +0900
++++ pkg-net-snmp/snmplib/mib.c 2014-09-16 00:32:14.883917965 +0900
+@@ -436,17 +436,16 @@
+ u_char *cp;
+ int output_format, len_needed;
+
+- if ((var->type != ASN_OCTET_STR) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- const char str[] = "Wrong Type (should be OCTET STRING): ";
+- if (snmp_cstrcat
+- (buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_OCTET_STR) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ const char str[] = "Wrong Type (should be OCTET STRING): ";
++ if (!snmp_cstrcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+
+@@ -706,16 +705,16 @@
+ const struct enum_list *enums,
+ const char *hint, const char *units)
+ {
+- if ((var->type != ASN_OPAQUE_FLOAT) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
+- "Wrong Type (should be Float): ")) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_OPAQUE_FLOAT) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Float): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -776,17 +775,16 @@
+ const struct enum_list *enums,
+ const char *hint, const char *units)
+ {
+- if ((var->type != ASN_OPAQUE_DOUBLE) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- if (snmp_cstrcat
+- (buf, buf_len, out_len, allow_realloc,
+- "Wrong Type (should be Double): ")) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_OPAQUE_DOUBLE) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Double): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -851,20 +849,21 @@
+ {
+ char a64buf[I64CHARSZ + 1];
+
+- if ((var->type != ASN_COUNTER64
++ if (var->type != ASN_COUNTER64
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+ && var->type != ASN_OPAQUE_COUNTER64
+ && var->type != ASN_OPAQUE_I64 && var->type != ASN_OPAQUE_U64
+ #endif
+- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
+- "Wrong Type (should be Counter64): ")) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ ) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Counter64): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -952,23 +951,25 @@
+ const struct enum_list *enums,
+ const char *hint, const char *units)
+ {
+- if ((var->type != ASN_OPAQUE
++ if (var->type != ASN_OPAQUE
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+ && var->type != ASN_OPAQUE_COUNTER64
+ && var->type != ASN_OPAQUE_U64
+ && var->type != ASN_OPAQUE_I64
+ && var->type != ASN_OPAQUE_FLOAT && var->type != ASN_OPAQUE_DOUBLE
+ #endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */
+- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
+- "Wrong Type (should be Opaque): ")) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ ) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Opaque): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
++
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+ switch (var->type) {
+ case ASN_OPAQUE_COUNTER64:
+@@ -1044,17 +1045,16 @@
+ {
+ int buf_overflow = 0;
+
+- if ((var->type != ASN_OBJECT_ID) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] =
+- "Wrong Type (should be OBJECT IDENTIFIER): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_OBJECT_ID) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be OBJECT
IDENTIFIER): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1114,16 +1114,16 @@
+ {
+ char timebuf[40];
+
+- if ((var->type != ASN_TIMETICKS) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be Timeticks): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_TIMETICKS) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Timeticks): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_NUMERIC_TIMETICKS)) {
+@@ -1262,17 +1262,18 @@
+ {
+ char *enum_string = NULL;
+
+- if ((var->type != ASN_INTEGER) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be INTEGER): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_INTEGER) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be INTEGER): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
++
+ for (; enums; enums = enums->next) {
+ if (enums->value == *var->val.integer) {
+ enum_string = enums->label;
+@@ -1365,16 +1366,16 @@
+ {
+ char *enum_string = NULL;
+
+- if ((var->type != ASN_UINTEGER) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be UInteger32): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_UINTEGER) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be UInteger32): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ for (; enums; enums = enums->next) {
+@@ -1462,17 +1463,16 @@
+ {
+ char tmp[32];
+
+- if ((var->type != ASN_GAUGE) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] =
+- "Wrong Type (should be Gauge32 or Unsigned32): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_GAUGE) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Gauge32 or
Unsigned32): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1535,16 +1535,16 @@
+ {
+ char tmp[32];
+
+- if ((var->type != ASN_COUNTER) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be Counter32): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_COUNTER) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Counter32): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1598,16 +1598,16 @@
+ {
+ size_t i;
+
+- if ((var->type != ASN_IPADDRESS) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be NetworkAddress): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_IPADDRESS) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be NetworkAddress): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1664,16 +1664,16 @@
+ {
+ u_char *ip = var->val.string;
+
+- if ((var->type != ASN_IPADDRESS) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be IpAddress): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_IPADDRESS) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be IpAddress): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1722,20 +1722,20 @@
+ const struct enum_list *enums,
+ const char *hint, const char *units)
+ {
+- if ((var->type != ASN_NULL) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be NULL): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_NULL) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be NULL): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+- } else {
+- u_char str[] = "NULL";
+- return snmp_strcat(buf, buf_len, out_len, allow_realloc, str);
+ }
++
++ u_char str[] = "NULL";
++ return snmp_strcat(buf, buf_len, out_len, allow_realloc, str);
+ }
+
+
+@@ -1770,16 +1770,16 @@
+ u_char *cp;
+ char *enum_string;
+
+- if ((var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be BITS): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be BITS): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1854,16 +1854,16 @@
+ const struct enum_list *enums, const char *hint,
+ const char *units)
+ {
+- if ((var->type != ASN_NSAP) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be NsapAddress): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_NSAP) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be NsapAddress): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_QUICK_PRINT)) {
diff -Nru net-snmp-5.4.3~dfsg/debian/patches/TrapReceiver.patch
net-snmp-5.4.3~dfsg/debian/patches/TrapReceiver.patch
--- net-snmp-5.4.3~dfsg/debian/patches/TrapReceiver.patch 1970-01-01
09:00:00.000000000 +0900
+++ net-snmp-5.4.3~dfsg/debian/patches/TrapReceiver.patch 2014-09-21
19:32:08.000000000 +0900
@@ -0,0 +1,33 @@
+Description: Fixes Perl Trap Handler Segfault with old Perl (e.g. Perl 5.8.8)
(CVE-2014-2285)
+Origin: upstream
+Bug:
http://sourceforge.net/p/net-snmp/code/ci/76e8d6d100320629d8a23be4b0128619600c919d/
+Last-Update: 2014-03-30
+
+Index: pkg-net-snmp/perl/TrapReceiver/TrapReceiver.xs
+===================================================================
+--- pkg-net-snmp.orig/perl/TrapReceiver/TrapReceiver.xs 2014-09-21
18:38:01.290693687 +0900
++++ pkg-net-snmp/perl/TrapReceiver/TrapReceiver.xs 2014-09-21
18:42:26.667495077 +0900
+@@ -76,18 +76,18 @@
+ STOREPDUi("securitymodel", pdu->securityModel);
+ STOREPDUi("securitylevel", pdu->securityLevel);
+ STOREPDU("contextName",
+- newSVpv(pdu->contextName, pdu->contextNameLen));
++ newSVpv(pdu->contextName ? pdu->contextName : "",
pdu->contextNameLen));
+ STOREPDU("contextEngineID",
+- newSVpv(pdu->contextEngineID,
++ newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID
: "",
+ pdu->contextEngineIDLen));
+ STOREPDU("securityEngineID",
+- newSVpv(pdu->securityEngineID,
++ newSVpv(pdu->securityEngineID ? (char *)
pdu->securityEngineID : "",
+ pdu->securityEngineIDLen));
+ STOREPDU("securityName",
+- newSVpv(pdu->securityName, pdu->securityNameLen));
++ newSVpv(pdu->securityName ? (char *) pdu->securityName : "",
pdu->securityNameLen));
+ } else {
+ STOREPDU("community",
+- newSVpv(pdu->community, pdu->community_len));
++ newSVpv(pdu->community ? (char *) pdu->community : "",
pdu->community_len));
+ }
+
+ if (transport && transport->f_fmtaddr) {
diff -Nru net-snmp-5.4.3~dfsg/debian/patches/bug#721224_entries_over50.patch
net-snmp-5.4.3~dfsg/debian/patches/bug#721224_entries_over50.patch
--- net-snmp-5.4.3~dfsg/debian/patches/bug#721224_entries_over50.patch
1970-01-01 09:00:00.000000000 +0900
+++ net-snmp-5.4.3~dfsg/debian/patches/bug#721224_entries_over50.patch
2014-09-21 19:32:08.000000000 +0900
@@ -0,0 +1,29 @@
+Index: net-snmp/agent/mibgroup/agent/extend.c
+===================================================================
+--- net-snmp.orig/agent/mibgroup/agent/extend.c 2014-05-04
07:53:51.731755326 +0900
++++ net-snmp/agent/mibgroup/agent/extend.c 2014-05-04 07:54:28.075895631
+0900
+@@ -476,10 +476,21 @@
+
+ } else if (!strcmp( token, "sh" ) ||
+ !strcmp( token, "exec" )) {
+- if ( num_compatability_entries == max_compatability_entries )
++ if ( num_compatability_entries == max_compatability_entries ) {
+ /* XXX - should really use dynamic allocation */
+- config_perror("No further UCD-compatible entries" );
+- else
++ netsnmp_old_extend *new_compatability_entries;
++ new_compatability_entries = realloc(compatability_entries,
++
max_compatability_entries*2*sizeof(netsnmp_old_extend));
++ if (!new_compatability_entries)
++ config_perror("No further UCD-compatible entries" );
++ else {
++ memset(new_compatability_entries+num_compatability_entries, 0,
++ sizeof(netsnmp_old_extend)*max_compatability_entries);
++ max_compatability_entries *= 2;
++ compatability_entries = new_compatability_entries;
++ }
++ }
++ if (num_compatability_entries != max_compatability_entries)
+ compatability_entries[
+ num_compatability_entries++ ].exec_entry = extension;
+ }
diff -Nru net-snmp-5.4.3~dfsg/debian/patches/series
net-snmp-5.4.3~dfsg/debian/patches/series
--- net-snmp-5.4.3~dfsg/debian/patches/series 2014-03-18 05:33:32.000000000
+0900
+++ net-snmp-5.4.3~dfsg/debian/patches/series 2014-09-21 19:32:08.000000000
+0900
@@ -1,3 +1,4 @@
+bug#721224_entries_over50.patch
02_statistics.patch
03_makefiles.patch
05_searchdirs.patch
@@ -18,3 +19,6 @@
65_CVE-2012-2141.patch
66_formatstrings.patch
67_CVE-2014-2310.patch
+TrapReceiver.patch
+CVE-2014-3565.patch
+CVE-2012-6151.patch
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/20140921193742.8fc70ef01bc53b682abc3...@debian.or.jp
