mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-16 05:53:00 +02:00
0915078267
- Update from version 5.9.1 to 5.9.3
- Version 5.9.4 exists but it is indicated that SNMP over TLS and/or DTLS is not
functioning properly with various versions of OpenSSL. However I could not find which
versions mentioned in the News or Changelog. The problem will be fixed in a future
version. There are no CVE fixes in 5.9.4, only a relatively few bug fixes so I
decided to wait for the fixed version in case there are users using TLS with SNMP.
- Update of rootfile
- 6 CVE fixes in 5.9.3
- Changelog
5.9.3
security:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.
- These CVEs can be exploited by a user with read-write credentials:
- CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously
- CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.
- CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.
- To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address
range.
- Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.
misc:
- Snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.
general: Many bug fixes
5.9.2
skipped due to a last minute library versioning found bug -- use 5.9.3 instead
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
117 lines
4.3 KiB
Plaintext
117 lines
4.3 KiB
Plaintext
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
###############################################################################
|
|
# Definitions
|
|
###############################################################################
|
|
|
|
include Config
|
|
|
|
SUMMARY = SNMP Daemon
|
|
|
|
VER = 5.9.3
|
|
|
|
THISAPP = net-snmp-$(VER)
|
|
DL_FILE = $(THISAPP).tar.gz
|
|
DL_FROM = $(URL_IPFIRE)
|
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
|
TARGET = $(DIR_INFO)/$(THISAPP)
|
|
PROG = netsnmpd
|
|
PAK_VER = 15
|
|
|
|
DEPS =
|
|
|
|
SERVICES = netsnmpd
|
|
|
|
###############################################################################
|
|
# Top-level Rules
|
|
###############################################################################
|
|
|
|
objects = $(DL_FILE)
|
|
|
|
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
|
|
|
|
$(DL_FILE)_BLAKE2 = b8e3de60e178ec16ad2848ad77f3bd4cbd35eaa9be103c0fa5d17514c29df4e69015ac53b54c9e565e3032b0c0bb47c19729e65310a6acefae901e101ea49451
|
|
|
|
install : $(TARGET)
|
|
|
|
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
|
|
|
|
download :$(patsubst %,$(DIR_DL)/%,$(objects))
|
|
|
|
b2 : $(subst %,%_BLAKE2,$(objects))
|
|
|
|
dist:
|
|
@$(PAK)
|
|
|
|
###############################################################################
|
|
# Downloading, checking, b2sum
|
|
###############################################################################
|
|
|
|
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
|
|
@$(CHECK)
|
|
|
|
$(patsubst %,$(DIR_DL)/%,$(objects)) :
|
|
@$(LOAD)
|
|
|
|
$(subst %,%_BLAKE2,$(objects)) :
|
|
@$(B2SUM)
|
|
|
|
###############################################################################
|
|
# Installation Details
|
|
###############################################################################
|
|
|
|
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
|
@$(PREBUILD)
|
|
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
|
|
|
|
$(UPDATE_AUTOMAKE)
|
|
cd $(DIR_APP) && ./configure \
|
|
--prefix=/usr \
|
|
--with-default-snmp-version="2" \
|
|
--with-sys-contact="root@" \
|
|
--with-sys-location="localhost" \
|
|
--with-logfile="/var/log/snmpd.log" \
|
|
--with-persistent-directory="/var/net-snmp" \
|
|
--with-mib-modules="host agentx smux \
|
|
ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \
|
|
ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
|
|
ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \
|
|
ip-mib/ipDefaultRouterTable/ipDefaultRouterTable \
|
|
ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \
|
|
sctp-mib rmon-mib etherlike-mib ucd-snmp/lmsensorsMib"
|
|
--libdir=/usr/lib \
|
|
--sysconfdir="/etc"
|
|
|
|
cd $(DIR_APP) && make #$(MAKETUNING)
|
|
cd $(DIR_APP) && make install
|
|
install -v -m 644 $(DIR_SRC)/config/netsnmpd/snmpd.conf /etc/snmpd.conf
|
|
install -v -m 644 $(DIR_SRC)/config/backup/includes/netsnmpd \
|
|
/var/ipfire/backup/addons/includes/netsnmpd
|
|
|
|
# install initscripts
|
|
$(call INSTALL_INITSCRIPTS,$(SERVICES))
|
|
|
|
ln -sf ../init.d/netsnmpd /etc/rc.d/rc3.d/S65netsnmpd
|
|
ln -sf ../init.d/netsnmpd /etc/rc.d/rc0.d/K02netsnmpd
|
|
ln -sf ../init.d/netsnmpd /etc/rc.d/rc6.d/K02netsnmpd
|
|
@rm -rf $(DIR_APP)
|
|
@$(POSTBUILD)
|