Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package net-snmp for openSUSE:Factory checked in at 2023-10-24 20:07:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/net-snmp (Old) and /work/SRC/openSUSE:Factory/.net-snmp.new.24901 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "net-snmp" Tue Oct 24 20:07:48 2023 rev:108 rq:1119911 version:5.9.4 Changes: -------- --- /work/SRC/openSUSE:Factory/net-snmp/net-snmp.changes 2023-01-07 17:16:54.761153092 +0100 +++ /work/SRC/openSUSE:Factory/.net-snmp.new.24901/net-snmp.changes 2023-10-24 20:07:59.279719171 +0200 @@ -1,0 +2,52 @@ +Tue Oct 17 13:56:01 UTC 2023 - Alexander Bergmann <[email protected]> + +- Update to net-snmp-5.9.4 (bsc#1214364). + add (rename): + * net-snmp-5.9.4-add-lustre-fs-support.patch + * net-snmp-5.9.4-fix-create-v3-user-outfile.patch + * net-snmp-5.9.4-fixed-python2-bindings.patch + * net-snmp-5.9.4-fix-Makefile.PL.patch + * net-snmp-5.9.4-modern-rpm-api.patch + * net-snmp-5.9.4-net-snmp-config-headercheck.patch + * net-snmp-5.9.4-perl-tk-warning.patch + * net-snmp-5.9.4-pie.patch + * net-snmp-5.9.4-snmpstatus-suppress-output.patch + * net-snmp-5.9.4-socket-path.patch + * net-snmp-5.9.4-subagent-set-response.patch + * net-snmp-5.9.4-suse-systemd-service-files.patch + * net-snmp-5.9.4-testing-empty-arptable.patch + delete (now part of v5.9.4): + * net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch + * net-snmp-5.9.3-grep.patch + delete (rename): + * net-snmp-5.9.1-add-lustre-fs-support.patch + * net-snmp-5.9.2-fix-create-v3-user-outfile.patch + * net-snmp-5.9.3-fixed-python2-bindings.patch + * net-snmp-5.9.1-fix-Makefile.PL.patch + * net-snmp-5.9.1-modern-rpm-api.patch + * net-snmp-5.9.1-net-snmp-config-headercheck.patch + * net-snmp-5.9.1-perl-tk-warning.patch + * net-snmp-5.9.2-pie.patch + * net-snmp-5.9.1-snmpstatus-suppress-output.patch + * net-snmp-5.9.1-socket-path.patch + * net-snmp-5.9.1-subagent-set-response.patch + * net-snmp-5.9.1-suse-systemd-service-files.patch + * net-snmp-5.9.1-testing-empty-arptable.patch +- Removing legacy MIBs used by Velocity Software (jira#PED-6416). + delete: + * net-snmp-5.9.1-velocity-mib.patch +- Re-add support for hostname netgroups that was removed accidentally and + previously added with FATE#316305 (bsc#1207697). + '@hostgroup' can be specified for multiple hosts + add: + * net-snmp-5.9.4-add-netgroups-functionality.patch +- Hardening systemd services setting "ProtectHome=true" caused home directory + size and allocation to be listed incorrectly (bsc#1206044). + add (rename): + * net-snmp-5.9.4-harden_snmpd.service.patch + * net-snmp-5.9.4-harden_snmptrapd.service.patch + delete (rename): + * net-snmp-5.9.1-harden_snmpd.service.patch + * net-snmp-5.9.1-harden_snmptrapd.service.patch + +------------------------------------------------------------------- Old: ---- net-snmp-5.9.1-add-lustre-fs-support.patch net-snmp-5.9.1-fix-Makefile.PL.patch net-snmp-5.9.1-harden_snmpd.service.patch net-snmp-5.9.1-harden_snmptrapd.service.patch net-snmp-5.9.1-modern-rpm-api.patch net-snmp-5.9.1-net-snmp-config-headercheck.patch net-snmp-5.9.1-perl-tk-warning.patch net-snmp-5.9.1-snmpstatus-suppress-output.patch net-snmp-5.9.1-socket-path.patch net-snmp-5.9.1-subagent-set-response.patch net-snmp-5.9.1-suse-systemd-service-files.patch net-snmp-5.9.1-testing-empty-arptable.patch net-snmp-5.9.1-velocity-mib.patch net-snmp-5.9.2-fix-create-v3-user-outfile.patch net-snmp-5.9.2-pie.patch net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch net-snmp-5.9.3-fixed-python2-bindings.patch net-snmp-5.9.3-grep.patch net-snmp-5.9.3.tar.gz net-snmp-5.9.3.tar.gz.asc New: ---- net-snmp-5.9.4-add-lustre-fs-support.patch net-snmp-5.9.4-add-netgroups-functionality.patch net-snmp-5.9.4-fix-Makefile.PL.patch net-snmp-5.9.4-fix-create-v3-user-outfile.patch net-snmp-5.9.4-fixed-python2-bindings.patch net-snmp-5.9.4-harden_snmpd.service.patch net-snmp-5.9.4-harden_snmptrapd.service.patch net-snmp-5.9.4-modern-rpm-api.patch net-snmp-5.9.4-net-snmp-config-headercheck.patch net-snmp-5.9.4-perl-tk-warning.patch net-snmp-5.9.4-pie.patch net-snmp-5.9.4-snmpstatus-suppress-output.patch net-snmp-5.9.4-socket-path.patch net-snmp-5.9.4-subagent-set-response.patch net-snmp-5.9.4-suse-systemd-service-files.patch net-snmp-5.9.4-testing-empty-arptable.patch net-snmp-5.9.4.tar.gz net-snmp-5.9.4.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ net-snmp.spec ++++++ --- /var/tmp/diff_new_pack.Y1NDPt/_old 2023-10-24 20:08:00.415760473 +0200 +++ /var/tmp/diff_new_pack.Y1NDPt/_new 2023-10-24 20:08:00.415760473 +0200 @@ -30,7 +30,7 @@ %define libname libsnmp40 %bcond_without python2 Name: net-snmp -Version: 5.9.3 +Version: 5.9.4 Release: 0 Summary: SNMP Daemon License: BSD-3-Clause AND MIT @@ -48,24 +48,22 @@ Source20: net-snmp-tmpfs.conf Source98: net-snmp-rpmlintrc Source99: baselibs.conf -Patch1: net-snmp-5.9.1-socket-path.patch -Patch2: net-snmp-5.9.1-testing-empty-arptable.patch -Patch3: net-snmp-5.9.2-pie.patch -Patch4: net-snmp-5.9.1-net-snmp-config-headercheck.patch -Patch5: net-snmp-5.9.1-perl-tk-warning.patch -Patch6: net-snmp-5.9.1-velocity-mib.patch -Patch7: net-snmp-5.9.1-snmpstatus-suppress-output.patch -Patch8: net-snmp-5.9.1-fix-Makefile.PL.patch -Patch9: net-snmp-5.9.1-modern-rpm-api.patch -Patch10: net-snmp-5.9.1-add-lustre-fs-support.patch -Patch11: net-snmp-5.9.1-harden_snmpd.service.patch -Patch12: net-snmp-5.9.1-harden_snmptrapd.service.patch -Patch13: net-snmp-5.9.1-suse-systemd-service-files.patch -Patch14: net-snmp-5.9.2-fix-create-v3-user-outfile.patch -Patch15: net-snmp-5.9.1-subagent-set-response.patch -Patch16: net-snmp-5.9.3-fixed-python2-bindings.patch -Patch17: net-snmp-5.9.3-grep.patch -Patch18: net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch +Patch1: net-snmp-5.9.4-socket-path.patch +Patch2: net-snmp-5.9.4-testing-empty-arptable.patch +Patch3: net-snmp-5.9.4-pie.patch +Patch4: net-snmp-5.9.4-net-snmp-config-headercheck.patch +Patch5: net-snmp-5.9.4-perl-tk-warning.patch +Patch6: net-snmp-5.9.4-snmpstatus-suppress-output.patch +Patch7: net-snmp-5.9.4-fix-Makefile.PL.patch +Patch8: net-snmp-5.9.4-modern-rpm-api.patch +Patch9: net-snmp-5.9.4-add-lustre-fs-support.patch +Patch10: net-snmp-5.9.4-harden_snmpd.service.patch +Patch11: net-snmp-5.9.4-harden_snmptrapd.service.patch +Patch12: net-snmp-5.9.4-suse-systemd-service-files.patch +Patch13: net-snmp-5.9.4-fix-create-v3-user-outfile.patch +Patch14: net-snmp-5.9.4-subagent-set-response.patch +Patch15: net-snmp-5.9.4-fixed-python2-bindings.patch +Patch16: net-snmp-5.9.4-add-netgroups-functionality.patch BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} BuildRequires: autoconf @@ -241,7 +239,7 @@ %autopatch -p1 %build -MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \ +MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib smux \ ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \ ip-mib/ipDefaultRouterTable ip-mib/ipAddressPrefixTable \ ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \ @@ -251,7 +249,6 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" %endif -autoreconf -fvi %configure \ --with-sys-contact="root@localhost" \ --with-sys-location="unknown" \ ++++++ net-snmp-5.9.1-add-lustre-fs-support.patch -> net-snmp-5.9.4-add-lustre-fs-support.patch ++++++ ++++++ net-snmp-5.9.4-add-netgroups-functionality.patch ++++++ commit d047b54f874f392f97ffce8d51f49729e1c78225 Author: Alexander Bergmann <[email protected]> Date: Fri Mar 10 15:23:35 2023 +0100 Create sub-function to parse source address and network mask Function netsnmp_udp_resolve_source was introduced to handle the source address and network mask parsing into in_addr structures. diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c index 2724cf2191..3ad33d4bc5 100644 --- a/snmplib/transports/snmpUDPDomain.c +++ b/snmplib/transports/snmpUDPDomain.c @@ -98,6 +98,58 @@ netsnmp_udp_fmtaddr(netsnmp_transport *t, const void *data, int len) return netsnmp_ipv4_fmtaddr("UDP", t, data, len); } +static int +netsnmp_udp_resolve_source(char *source, struct in_addr *network, + struct in_addr *mask) +{ + /* Split the source/netmask parts */ + char *strmask = strchr(source, '/'); + if (strmask != NULL) + /* Mask given. */ + *strmask++ = '\0'; + + /* Try interpreting as a dotted quad. */ + if (inet_pton(AF_INET, source, network) == 0) { + /* Nope, wasn't a dotted quad. Must be a hostname. */ + int ret = netsnmp_gethostbyname_v4(source, &(network->s_addr)); + if (ret < 0) { + config_perror("cannot resolve source hostname"); + return ret; + } + } + + /* Now work out the mask. */ + if (strmask == NULL || *strmask == '\0') { + /* No mask was given. Assume /32 */ + mask->s_addr = (in_addr_t)(~0UL); + } else { + /* Try to interpret mask as a "number of 1 bits". */ + char* cp; + long maskLen = strtol(strmask, &cp, 10); + if (*cp == '\0') { + if (0 < maskLen && maskLen <= 32) + mask->s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen))); + else if (maskLen == 0) + mask->s_addr = 0; + else { + config_perror("bad mask length"); + return -1; + } + } + /* Try to interpret mask as a dotted quad. */ + else if (inet_pton(AF_INET, strmask, mask) == 0) { + config_perror("bad mask"); + return -1; + } + + /* Check that the network and mask are consistent. */ + if (network->s_addr & ~mask->s_addr) { + config_perror("source/mask mismatch"); + return -1; + } + } + return 0; +} #if defined(HAVE_IP_PKTINFO) || (defined(HAVE_IP_RECVDSTADDR) && defined(HAVE_IP_SENDSRCADDR)) @@ -375,52 +427,10 @@ netsnmp_udp_parse_security(const char *token, char *param) negate = 0; sourcep = source; } - - /* Split the source/netmask parts */ - strmask = strchr(sourcep, '/'); - if (strmask != NULL) - /* Mask given. */ - *strmask++ = '\0'; - - /* Try interpreting as a dotted quad. */ - if (inet_pton(AF_INET, sourcep, &network) == 0) { - /* Nope, wasn't a dotted quad. Must be a hostname. */ - int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr); - if (ret < 0) { - config_perror("cannot resolve IPv4 source hostname"); - return; - } - } - - /* Now work out the mask. */ - if (strmask == NULL || *strmask == '\0') { - /* No mask was given. Assume /32 */ - mask.s_addr = (in_addr_t)(~0UL); - } else { - /* Try to interpret mask as a "number of 1 bits". */ - char* cp; - long maskLen = strtol(strmask, &cp, 10); - if (*cp == '\0') { - if (0 < maskLen && maskLen <= 32) - mask.s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen))); - else if (0 == maskLen) - mask.s_addr = 0; - else { - config_perror("bad mask length"); - return; - } - } - /* Try to interpret mask as a dotted quad. */ - else if (inet_pton(AF_INET, strmask, &mask) == 0) { - config_perror("bad mask"); - return; - } - - /* Check that the network and mask are consistent. */ - if (network.s_addr & ~mask.s_addr) { - config_perror("source/mask mismatch"); - return; - } + /* Parse source address and network mask. */ + if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) { + config_perror("source address/network mask parsing issue"); + return; } } commit a2559914d8d8132f155a81c0852cbbd2090d2d40 Author: Alexander Bergmann <[email protected]> Date: Fri Mar 10 15:25:10 2023 +0100 Create sub-function to check the com2SecEntry_create return code The return code interpretation of the netsnmp_udp_com2SecEntry_create function is now done inside a new sub-function. diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c index 3ad33d4bc5..5904a1b423 100644 --- a/snmplib/transports/snmpUDPDomain.c +++ b/snmplib/transports/snmpUDPDomain.c @@ -346,6 +346,33 @@ netsnmp_udp_com2SecEntry_create(com2SecEntry **entryp, const char *community, return C2SE_ERR_SUCCESS; } +void +netsnmp_udp_com2SecEntry_check_return_code(int rc) +{ + /* + * Check return code of the newly created com2Sec entry. + */ + switch(rc) { + case C2SE_ERR_SUCCESS: + break; + case C2SE_ERR_CONTEXT_TOO_LONG: + config_perror("context name too long"); + break; + case C2SE_ERR_COMMUNITY_TOO_LONG: + config_perror("community name too long"); + break; + case C2SE_ERR_SECNAME_TOO_LONG: + config_perror("security name too long"); + break; + case C2SE_ERR_MASK_MISMATCH: + config_perror("source/mask mismatch"); + break; + case C2SE_ERR_MISSING_ARG: + default: + config_perror("unexpected error; could not create com2SecEntry"); + } +} + void netsnmp_udp_parse_security(const char *token, char *param) { @@ -440,25 +467,7 @@ netsnmp_udp_parse_security(const char *token, char *param) */ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, &network, &mask, negate); - switch(rc) { - case C2SE_ERR_SUCCESS: - break; - case C2SE_ERR_CONTEXT_TOO_LONG: - config_perror("context name too long"); - break; - case C2SE_ERR_COMMUNITY_TOO_LONG: - config_perror("community name too long"); - break; - case C2SE_ERR_SECNAME_TOO_LONG: - config_perror("security name too long"); - break; - case C2SE_ERR_MASK_MISMATCH: - config_perror("source/mask mismatch"); - break; - case C2SE_ERR_MISSING_ARG: - default: - config_perror("unexpected error; could not create com2SecEntry"); - } + netsnmp_udp_com2SecEntry_check_return_code(rc); } void commit 20e2bb7d75c391f5cfde1eb8b8676aff68f3a5f5 Author: Alexander Bergmann <[email protected]> Date: Fri Mar 10 15:31:41 2023 +0100 Add '@' netgroup functionality Allow access control via netgroups defined in /etc/netgroup or NIS/LDAP via the '@' sign inside the configuration file. Same as IP addresses and host names. diff --git a/configure b/configure index 575b60c4d2..82414664cf 100755 --- a/configure +++ b/configure @@ -31221,6 +31221,12 @@ if test "x$ac_cv_func_closedir" = xyes then : printf "%s\n" "#define HAVE_CLOSEDIR 1" >>confdefs.h +fi +ac_fn_c_check_func "$LINENO" "endnetgrent" "ac_cv_func_endnetgrent" +if test "x$ac_cv_func_endnetgrent" = xyes +then : + printf "%s\n" "#define HAVE_ENDNETGRENT 1" >>confdefs.h + fi ac_fn_c_check_func "$LINENO" "fgetc_unlocked" "ac_cv_func_fgetc_unlocked" if test "x$ac_cv_func_fgetc_unlocked" = xyes @@ -31257,6 +31263,12 @@ if test "x$ac_cv_func_getlogin" = xyes then : printf "%s\n" "#define HAVE_GETLOGIN 1" >>confdefs.h +fi +ac_fn_c_check_func "$LINENO" "getnetgrent" "ac_cv_func_getnetgrent" +if test "x$ac_cv_func_getnetgrent" = xyes +then : + printf "%s\n" "#define HAVE_GETNETGRENT 1" >>confdefs.h + fi ac_fn_c_check_func "$LINENO" "if_nametoindex" "ac_cv_func_if_nametoindex" if test "x$ac_cv_func_if_nametoindex" = xyes @@ -31305,6 +31317,12 @@ if test "x$ac_cv_func_setlocale" = xyes then : printf "%s\n" "#define HAVE_SETLOCALE 1" >>confdefs.h +fi +ac_fn_c_check_func "$LINENO" "setnetgrent" "ac_cv_func_setnetgrent" +if test "x$ac_cv_func_setnetgrent" = xyes +then : + printf "%s\n" "#define HAVE_SETNETGRENT 1" >>confdefs.h + fi ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid" if test "x$ac_cv_func_setsid" = xyes diff --git a/configure.d/config_os_functions b/configure.d/config_os_functions index b921f8cd7b..0915928e21 100644 --- a/configure.d/config_os_functions +++ b/configure.d/config_os_functions @@ -25,12 +25,14 @@ AC_TYPE_SIGNAL AC_CHECK_FUNCS([rand random srand srandom lrand48 srand48]) # Library: -AC_CHECK_FUNCS([asprintf closedir fgetc_unlocked ] dnl +AC_CHECK_FUNCS([asprintf closedir endnetgrent ] dnl + [fgetc_unlocked ] dnl [flockfile funlockfile getipnodebyname ] dnl - [gettimeofday getlogin ] dnl + [gettimeofday getlogin getnetgrent ] dnl [if_nametoindex mkstemp ] dnl [opendir readdir regcomp ] dnl [setenv setitimer setlocale ] dnl + [setnetgrent ] dnl [setsid snprintf strcasestr ] dnl [strdup strerror strncasecmp ] dnl [sysconf times vsnprintf ] ) diff --git a/include/net-snmp/net-snmp-config.h.in b/include/net-snmp/net-snmp-config.h.in index 89b2ca116d..5efbf12400 100644 --- a/include/net-snmp/net-snmp-config.h.in +++ b/include/net-snmp/net-snmp-config.h.in @@ -183,6 +183,9 @@ /* Define to 1 if you have the `endfsent' function. */ #undef HAVE_ENDFSENT +/* Define to 1 if you have the `endnetgrent' function. */ +#undef HAVE_ENDNETGRENT + /* Define to 1 if you have the `ERR_get_error_all' function. */ #undef HAVE_ERR_GET_ERROR_ALL @@ -294,6 +297,9 @@ /* Define to 1 if you have the `getmntinfo' function. */ #undef HAVE_GETMNTINFO +/* Define to 1 if you have the `getnetgrent' function. */ +#undef HAVE_GETNETGRENT + /* Define to 1 if you have the `getopt' function. */ #undef HAVE_GETOPT @@ -883,6 +889,9 @@ /* Define to 1 if you have the `setmntent' function. */ #undef HAVE_SETMNTENT +/* Define to 1 if you have the `setnetgrent' function. */ +#undef HAVE_SETNETGRENT + /* Define to 1 if you have the `setsid' function. */ #undef HAVE_SETSID diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def index 2a9abd5b51..6060ed51d1 100644 --- a/man/snmpd.conf.5.def +++ b/man/snmpd.conf.5.def @@ -434,6 +434,14 @@ com2sec sec1 10.0.0.0/8 public .IP Access from outside of 10.0.0.0/8 would still be denied. .IP +It is also possible to reference a specific \fInetgroup\fR starting with an +'@' character (e.g. @adminhosts). The \fInetgroup\fR lookup is running +through the NSS (Name Services Switch) making it possible to define the +group locally or via NIS/LDAP. +.IP +Note: The hostname DNS lookup and \fInetgroup\fR resolution is done only +during snmpd start or reload. +.IP The same community string can be specified in several separate directives (presumably with different source tokens), and the first source/community combination that matches the incoming request will be selected. diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c index 5904a1b423..8f98398704 100644 --- a/snmplib/transports/snmpUDPDomain.c +++ b/snmplib/transports/snmpUDPDomain.c @@ -445,6 +445,10 @@ netsnmp_udp_parse_security(const char *token, char *param) network.s_addr = 0; mask.s_addr = 0; negate = 0; + /* Create a new com2Sec entry. */ + rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, + &network, &mask, negate); + netsnmp_udp_com2SecEntry_check_return_code(rc); } else { char *strmask; if (*source == '!') { @@ -454,20 +458,44 @@ netsnmp_udp_parse_security(const char *token, char *param) negate = 0; sourcep = source; } - /* Parse source address and network mask. */ - if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) { - config_perror("source address/network mask parsing issue"); - return; +#if HAVE_ENDNETGRENT && HAVE_GETNETGRENT && HAVE_SETNETGRENT + /* Interpret as netgroup */ + if (*sourcep == '@') { + char *netgroup = sourcep+1; + char *host, *user, *domain; + if(setnetgrent(netgroup)) { + while (getnetgrent(&host, &user, &domain)) { + /* Parse source address and network mask for each netgroup host. */ + if (netsnmp_udp_resolve_source(host, &network, &mask) == 0) { + /* Create a new com2Sec entry. */ + rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, + &network, &mask, negate); + netsnmp_udp_com2SecEntry_check_return_code(rc); + } else { + config_perror("netgroup host address parsing issue"); + break; + } + } + endnetgrent(); + } else { + config_perror("netgroup could not be found"); + } + } + /* Without '@' it has to be an address or hostname */ + else +#endif + { + /* Parse source address and network mask. */ + if(netsnmp_udp_resolve_source(sourcep, &network, &mask) == 0) { + /* Create a new com2Sec entry. */ + rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, + &network, &mask, negate); + netsnmp_udp_com2SecEntry_check_return_code(rc); + } else { + config_perror("source address/network mask parsing issue"); + } } } - - /* - * Everything is okay. Copy the parameters to the structure allocated - * above and add it to END of the list. - */ - rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, - &network, &mask, negate); - netsnmp_udp_com2SecEntry_check_return_code(rc); } void ++++++ net-snmp-5.9.1-fix-Makefile.PL.patch -> net-snmp-5.9.4-fix-Makefile.PL.patch ++++++ ++++++ net-snmp-5.9.2-fix-create-v3-user-outfile.patch -> net-snmp-5.9.4-fix-create-v3-user-outfile.patch ++++++ ++++++ net-snmp-5.9.3-fixed-python2-bindings.patch -> net-snmp-5.9.4-fixed-python2-bindings.patch ++++++ ++++++ net-snmp-5.9.1-harden_snmpd.service.patch -> net-snmp-5.9.4-harden_snmpd.service.patch ++++++ --- /work/SRC/openSUSE:Factory/net-snmp/net-snmp-5.9.1-harden_snmpd.service.patch 2021-10-29 22:33:13.407659235 +0200 +++ /work/SRC/openSUSE:Factory/.net-snmp.new.24901/net-snmp-5.9.4-harden_snmpd.service.patch 2023-10-24 20:07:56.979635549 +0200 @@ -1,15 +1,13 @@ -Index: net-snmp-5.9/dist/snmpd.service -=================================================================== ---- net-snmp-5.9.orig/dist/snmpd.service -+++ net-snmp-5.9/dist/snmpd.service -@@ -10,6 +10,16 @@ Description=Simple Network Management Pr +diff -Nurp net-snmp-5.9.3-orig/dist/snmpd.service net-snmp-5.9.3/dist/snmpd.service +--- net-snmp-5.9.3-orig/dist/snmpd.service 2022-07-13 23:14:14.000000000 +0200 ++++ net-snmp-5.9.3/dist/snmpd.service 2023-01-09 12:11:47.508668095 +0100 +@@ -10,6 +10,15 @@ Description=Simple Network Management Pr After=syslog.target network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full -+ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true ++++++ net-snmp-5.9.1-harden_snmptrapd.service.patch -> net-snmp-5.9.4-harden_snmptrapd.service.patch ++++++ --- /work/SRC/openSUSE:Factory/net-snmp/net-snmp-5.9.1-harden_snmptrapd.service.patch 2021-10-29 22:33:13.423659242 +0200 +++ /work/SRC/openSUSE:Factory/.net-snmp.new.24901/net-snmp-5.9.4-harden_snmptrapd.service.patch 2023-10-24 20:07:57.143641512 +0200 @@ -1,15 +1,13 @@ -Index: net-snmp-5.9/dist/snmptrapd.service -=================================================================== ---- net-snmp-5.9.orig/dist/snmptrapd.service -+++ net-snmp-5.9/dist/snmptrapd.service -@@ -7,6 +7,16 @@ Description=Simple Network Management Pr +diff -Nurp net-snmp-5.9.3-orig/dist/snmptrapd.service net-snmp-5.9.3/dist/snmptrapd.service +--- net-snmp-5.9.3-orig/dist/snmptrapd.service 2022-07-13 23:14:14.000000000 +0200 ++++ net-snmp-5.9.3/dist/snmptrapd.service 2023-01-09 12:13:40.120216602 +0100 +@@ -7,6 +7,15 @@ Description=Simple Network Management Pr After=syslog.target network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full -+ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true ++++++ net-snmp-5.9.1-modern-rpm-api.patch -> net-snmp-5.9.4-modern-rpm-api.patch ++++++ ++++++ net-snmp-5.9.1-net-snmp-config-headercheck.patch -> net-snmp-5.9.4-net-snmp-config-headercheck.patch ++++++ ++++++ net-snmp-5.9.1-perl-tk-warning.patch -> net-snmp-5.9.4-perl-tk-warning.patch ++++++ ++++++ net-snmp-5.9.2-pie.patch -> net-snmp-5.9.4-pie.patch ++++++ ++++++ net-snmp-5.9.1-snmpstatus-suppress-output.patch -> net-snmp-5.9.4-snmpstatus-suppress-output.patch ++++++ ++++++ net-snmp-5.9.1-socket-path.patch -> net-snmp-5.9.4-socket-path.patch ++++++ ++++++ net-snmp-5.9.1-subagent-set-response.patch -> net-snmp-5.9.4-subagent-set-response.patch ++++++ ++++++ net-snmp-5.9.1-suse-systemd-service-files.patch -> net-snmp-5.9.4-suse-systemd-service-files.patch ++++++ ++++++ net-snmp-5.9.1-testing-empty-arptable.patch -> net-snmp-5.9.4-testing-empty-arptable.patch ++++++ ++++++ net-snmp-5.9.3.tar.gz -> net-snmp-5.9.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/net-snmp/net-snmp-5.9.3.tar.gz /work/SRC/openSUSE:Factory/.net-snmp.new.24901/net-snmp-5.9.4.tar.gz differ: char 13, line 1 ++++++ net-snmp.keyring ++++++ --- /var/tmp/diff_new_pack.Y1NDPt/_old 2023-10-24 20:08:00.595767018 +0200 +++ /var/tmp/diff_new_pack.Y1NDPt/_new 2023-10-24 20:08:00.599767163 +0200 @@ -1,52 +1,15 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFn1UdoBEADUagdPrU/tmcctszdv2JsrPotrNyD6mn3sXU3pJ2GdL83rMmRX -2vcNsJsyyJwPFnrBVTDPYfoCsD671ccW6JVC9QfPwpNQAJRuJCwZ50bpk3P/0DX2 -0YjED6chUF+OnnsnA1CK8eDDJ58QlmDCCd/wiG20UcipwTnUd7w8MBCJ/Y8ly54w -M9DxYP2YuPKd3AGasINwPGOdhOIjb9xpmL4Wxgc5rYFCxugYfxFEKnvOmZ34EUiQ -zj15LWpLSH1ZcP2CgbyrttODeftDbG/my4SMqCjINDcS1xI03h2UGsTOcR6816XU -tXTk/MLk8QKbX9CV2E80GSuPgolgH16tldGafwJ4rzasoorChefVovUsGoDf4nH+ -2WwUB/ZR2hmOa2MLKqNeJQSJH06o7dMsanYrSA8TKeLL6Xv2Gr9372JoVGazVrLi -DnylUcn35/gsM6oQk4DtrPwiV71f3eJkQk8mC8xS43bdn9DzbVbxYlSIw9X8nMLj -klHqnSm9+kIASud3YlV/tizR67Ph+Yh5nyxxZDZWLf9LUNgMdqc58LgmrXnrt9hk -AEVW4/MV3H/DTedLZA8aH/SWiyM3Z8+N5cUV82vBy4rGnkvMADWdrOnteizgnRLg -zgMGIvFH/UfzqhSJNFe/nk3ee4K9q5ZuWo5xwxwjvyIofPRAZ9wsYTGxZQARAQAB -tD9OZXQtU05NUCBBZG1pbmlzdHJhdG9ycyA8bmV0LXNubXAtYWRtaW5zQGxpc3Rz -LnNvdXJjZWZvcmdlLm5ldD6JAj4EEwECACgFAln1UdoCGwMFCQlmAYAGCwkIBwMC -BhUIAgkKCwQWAgMBAh4BAheAAAoJEPB7nS2ssZ/WxqoP/3Ay9ECsxnHjYWN/tGo/ -1cfnJLhCq3+eBmJL6nJDXFR/AiK0XmYZkoiOpWV9MU0lc40u+gkcOf44TL4q/q9v -P2PvH5wDZIXy9Kt3pKcFw6eUFQcwmta5ZZbGtbraCmsp2rZnU7RABnWkjVYoISZi -Y11G90mn1uOcGTtXLLb+hrWxaVeJZ5RZGFWmO9nbEr2+L1sX72e2U01c6SMOqQle -jUbz5vt6hq3hW+32oXpffaZ06M6QX4Vq5H66m5W3cZLZrbSCKDzmsXdvMJ5a8JG9 -DQZ3SXbNLscQXDAHt8UKoc7GC6xd293j5RsiL+UMp08AAvn07rAIH+JLTtqJjt7J -b40K8RoHN5bQvXbmow3wXoyJCF4se+IgJEjnjhDZahwJvA4wZGVkzYQz70+dG79V -AdoDpkQJvk2Fp8FgknDqvnbPCZZmaI0k4RfULLZgbVBN24tf8utxK4hB7KUgAcO7 -J31iP+hY6Xu1PQHp1AXEbxOJoj2OQ0RBPNnvF6xEr0/Qt3xdJgNN7RaDewttXcOe -klU9jl7NpFxEVjsZv8/yjp9oSOFnxLG8UPs+wAl+GLqzvkl0ArZu9xRfT82NfCMz -LoQpbu6QjRvDumiQfTropgJj+ekhfnn79W8ttPMpPJwhKSM5o9mHGDWXlHd6DaOt -jAXGa0MN8hVVmLKRpQp1fT3kuQINBFn1UdoBEADDmqitK1hnrTC94icxDwSdYuyR -D1Cq9wZSm40/Qpbr49/tAu2qWYadFaVzG+t3u6ELoYJkb31jEeBWmGZUGxWLxttP -Hja8cj2JSdI/qaQ0OeemxP4CHZucnxiEJ/g49dNbAxgoinq/wJewbU1GBHl0fInp -drZRAJdKB4/1bA1ILRWar29kQTMBsRX8OCBux+vYW1duDkvDD19I0FCH89dxAwsE -89KdMRc7nrrNRKNr9hG84V/GWvBib36amOHwPQlQVkYvVQ2J6GEa/juhpuKsWX2B -dxcYfGJQamXO7naaJySPGBzzGXkRmdrn7mOclqq4jwjNfWt9Tb3k3jfBW8sfUfKh -bXkvnLWr6l/ic1PkkxjPFuGJdfCYLPfXtNEgjn2Eg+EZ+t/H4T3w5CR9A/Kz91hv -pdGN4Np7gUMBftr+ZvRHGQn72KmMK+QqZuhu4NDfhIB7JtU8mR4LjEFHZL9rARs2 -QrV6Xg+jcgzRtJu6YGieZTVkiYiMv/ujrCehMoX/h64xWKBodbaBu+XrXdYT79nB -B1BhtLcApq08Wj46KX49KwEmoWBPqJj3BjFC4UrcnjCvk1R8ZkBA/Jy4Yma0hSoL -wMjlotBIWbHSaE8XA+ASwq3CBn+6BDF/u6SoUYG2yvV0yvEMWQOfKsDXWD8P5yyK -PbG+Nl2MIylg2q2TNwARAQABiQIlBBgBAgAPBQJZ9VHaAhsMBQkJZgGAAAoJEPB7 -nS2ssZ/WWPkQAJ7xUSSvNgUj441kKqrIgDMS0ZrVuwsuD8q95Y8juOR35QR1di0F -lPOhr6wSNIxAaJrUtmKsHWdAUwRGe+xQ0ab/sGht1U7loWUKwcunjNh16VE6m2cg -qEWg/InsPko8gBzBBiyRrY13lNWXoCPx3WX0ueNsFzlTOddIzOqClFEg8e5fhNHx -WAzwBrJOxtmmnhF17FKaZcHYScUNLE/okhsz4AZUUhj6PbSHfh4aLHLhh8//oArn -jQCQdIJngx8BqYOp8SNjyp6i6GNKnGP80J+sVRHtEAvcwiBDoJD7E1L47zBXkecY -8EfWHCopGue2kqMEUdtANKLHJS9b9EBRZwne4uXuq87/qTKzHQJlAs1xqpLPX5tr -0UzFNMxUnO5BD1XVEomuZBlloltRZ6DTbfTtog4wniDZLFWpfJZUu9vPJyvSj0Zc -7B3WAzj3IsSTy8KT8PKn7o0oZnLpQ2NQGKhhmp4ggrHuStf/t734SLiHgF17P5hK -LokQzwdMyyUhvdj3rVbEKItOKV8z/2j5qb+Og5W5YxcQGa4XaZykhr7C/jjwBAkR -2sZKQaHydhqZKqQ1cUCzzat69KtFwqhHPVxazEMrUqZdibW1jij8G8uGY6TAVi1b -iWL4rwllv1xTXnIA6LGu+gPHkk32ClNfgQyl2B5pulfGP0fvXBEmCKKH -=fpTJ +mDMEZCtJmhYJKwYBBAHaRw8BAQdADrR3+vAhB8AXYe9RztKtuRKMRN1Dp/mQLqey +Tg6X/Iq0P05ldC1TTk1QIEFkbWluaXN0cmF0b3JzIDxuZXQtc25tcC1hZG1pbnNA +bGlzdHMuc291cmNlZm9yZ2UubmV0PoiZBBMWCgBBFiEEbmcYrvHrXGXDLRsqNWvA +tVLVPKsFAmQrSZoCGwMFCRLMAwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA +CgkQNWvAtVLVPKtF1wEAk1Cs77LtOWb34kjLiVfZU4/RtbjpzhJAbjczgQAzRLwB +AJSr6kJ2UgVgTar5Rtuyd9jFKiopH56h46IFG79XkvQIuDgEZCtJmhIKKwYBBAGX +VQEFAQEHQBOKL1xzf/uUQOqpRWR6CbbIpSc/aFDRxiF/o85gN78aAwEIB4h+BBgW +CgAmFiEEbmcYrvHrXGXDLRsqNWvAtVLVPKsFAmQrSZoCGwwFCRLMAwAACgkQNWvA +tVLVPKuwlwEAxpTW8jjFkZXqo7MKxbdI5tGUfvhOAbcBDZpzqpOyCGkBAOMY/Am/ +oAfYd5+tds3nCWhlvYGX/NuIvplVZSzNhsEA +=lV4S -----END PGP PUBLIC KEY BLOCK-----
