snmpd:
- Change default AgentX target from 0.0.0.0:705 to localhost:705
- Fix CVE-2008-4309 (GETBULK issue reported by Oscar Mira-Sanchez)
- Fix handling of multiple matching VACM entries
(Use the "best" match, rather than the first one).
Note that this could potentially affect the behaviour of
existing access control configurations.
- Latch large-disk statistics at 2Tb (rather than wrapping)
Linux:
- Fix build on modern distributions (using rpm-4.6)
Windows:
- Fix various builds (recent MSVC, MinGW, IPv6, winExtDLL)
a tv_nsec field measured in nanoseconds), while other systems
define it as struct timeval (with a tv_usec field measured in
microseconds). Add a configure test and conditional code in
agent/mibgroup/mibII/interfaces.c.orig. This should fix PR 40990.
Bump PKGREVISION to 2.
* An increment only in the version number that was failing to be
reported properly by the tools.
Changes 5.4.1.1:
* SECURITY BUG: A portion of SNMPv3 code had significantly weakened
authentication cryptography and unauthenticated access to a system
is a possibility.
* It is critical that all users update their installations bases
IMMEDIATELY.
* If you were only using SNMPv1 or SNMPv2c you were already insecure
beyond a level that this vulnerability affects.
fix (and error checking) on
agent/mibgroup/hardware/memory/memory_netbsd.c:netsnmp_mem_arch_load()
via new patch file patch-ah as the one applied on
agent/mibgroup/ucd-snmp/memory_netbsd1.c:var_extensible_mem() by
patch file patch-es. Sorry I missed this in november 2006...
Bump PKGREVISION to 1.
snmplib:
- [BUG 1619827]: link libraries against needed external libraries
- [PATCH 1616912]: fix memory leak in UDP transport code
- [PATCH 1592706]: fix memory leak when cloning varbinds
- Change snmp_sess_add_ex to consistently close and delete the
transport argument on failure, earlier the liveness of the
transport argument was undecided.
snmpd:
- [BUG 1558823]: fix ipAddressTable memory leak
- [BUG 1596638]: fix memory leak in ipCidrRouteTable, inetCidrRouteTable
- [BUG 1611524]: fix tcp connection table file descriptor leak
- handle row deletion issues in dataset tables
- [BUG 1712988]: default and configurable maximum number of
varbinds returnable to a GETBULK request.
- [PATCH 1666737]: include ipv6 counts in
udpInDatagrams, udpNoPorts, udpInErrors, udpOutDatagrams
- [PATCH 1700157]: fixes ordering of exec tokens in the resulting mib tree
- [PATCH 1719253]: fix skipNFSInHostResources so it does not break on the
second walk of the table.
perl:
- link Perl modules against the exact set of libraries needed
- [BUG 1619827]: properly link against libperl when configured with --enable-as-needed
- [PATCH 1725049]: fix bulkwalk in cases of non-repeater
python:
- [PATCH 1716114]: Let python build in the Net-SNMP source tree
MacOSX:
- [PATCH 1600522]: CPU Hardware Abstraction Layer (HAL)
implementation for mach/darwin
- IF-MIB rewrite now enabled by default
Win32:
- fix AES support
- [PATCH 1706344]: fix compilation with cygwin
IRIX:
- [PATCH 1709748]: Optimized IRIX cpu stats
AIX:
- Fix default shared library building instead of forcing static use
FreeBSD:
- [BUG 1633483]: Support CPU HAL on FreeBSD4.x
net/route.h needs to be included before netinet6/in6_pcb.h.h and
net/if.h needs to be included before netinet6/in6_var.h.
While here add a patch file on the source of the configure script
which IMHO should have been added earlier.
Bump PKGREVISION to 1.
Note: I supposed the libdes related hunk in patches/patch-af had
been generated by an older than 2.59 autoconf script and carried
over from one net-snmp version update to the next. This would
explain the slight differences about this hunk between the revision
I'm committing and the previous one.
- The default configuration now enables embedded Perl and the Perl
modules by default when possible unless explicitly disabled. You
may use the --disable-embedded-perl and --without-perl-modules
configure options, respectively, to revert to the former default
configuration.
While here check for sysctl() return value.
Now snmpd on NetBSD/sparc64 should report more meaningful values
for OIDs like UCD-SNMP-MIB::memAvailReal.0.
Bump PKGREVISION.
*** Security Fix ***
Changes 5.3:
*** Important Notes ***
Several very significant changes have been made in Net-SNMP for this
release that warrant special attention.
- shared library version number no longer matches the release number. We
now follow the versioning scheme recommended by libtool. For the 5.3
release this means that the libraries now have a SONAME ending with
".so.10", e.g. libnetsnmp.so.10.
- snmpd has not been truncating log files at startup, as documented in
the man pages, for a while now. This default behaviour has been restored.
Please use the '-A' flag if you want to continue appending to your log
files at startup.
- snmptrapd will no longer accept all traps by default. It must be
configured with authorized SNMPv1/v2c community strings and/or SNMPv3
users. Non-authorized traps/informs will be dropped.
- Due to a copyright statement that didn't allow modifications,
snmpnetstat has been completely rewritten. The new version now
accepts the same command-line options as the other tools, which
has introduced a number of incompatible changes. However, it
does now finally support SNMPv3.
Fixes:
Building:
- configure --disable-snmpv2c now works
- fix make test tests for rfc1213
- bug 1049607: net-snmp-config --compile-subagent broken
library:
- bug 1084413: Can't disable file logging
- bug 1072406: invalid operator precedence in opendir()
agent library:
- disconnected AgentX subagents now reconnect with correct context
- fix table_array row insert/delete during set processing
agent:
- don't override clientAddr setting for local trapsinks
- bug 1088765: Agent fails to send traps to remote target
- bug 1034008: memory leak using SET for table_dataset
- patch 1052460: fix agent deadlock on exec
- bug 1055781: get-next fails to step into interfaces group correctly
- bug 1056760: agent ignores ifspeed, type settings in snmpd.conf
- bug 1062986: pass and pass_persist fail and crash snmpd
- fix snmpd.conf table token to handle augments tables
snmptrapd:
- bug 1085981: snmptrapd complains about logging and access control
- bug 1040711: snmptrapd: SIGHUP duplicates traphandlers (repeatedly)
MFD:
- Misc updates to MFD templates
- add auto-handling of cache update for row insert/delete
Ports:
- Win32
- fixes for compiling without the Microsoft PSDK installed
- fix Win32 getenv crash
- Mac OS X compile error fix
- HP-UX configure now detects and won't use unavailable function
- Linux
- patch 1055036: if-mib init order fix
- patch 1057057: ipSystemStatsTable index fix, add ipv6
- patch 1073897: fix if-mib data access 64bit counter wrap detection
MIBs:
- update IP-FORWARD-MIB from an ID set to become an RFC
New:
- test suite supports testing over other transports (tcp, udp6, unix, ...)
(see the -P switch to the testing/RUNTESTS script)
- Solaris supports the use of it's PKCS#11 library for supporting
cryptographic functions (OpenSSL isn't required if PKCS#11 is available)
(see configure's --with-pkcs flag)
Fixes:
- Improvements on 64 bit architectures.
- A few minor memory leaks fixed.
- An extremely large number of minor bug fixes.
- Many perl module specific bug fixes.
- snmpd will safely handle more signals.
Ports:
- Many many significant Windows improvements.
- A win32 build script in win32/build.pl
- Support for the MinGW compiler
- (see the README.win32 file for details on new ports)
- Various helpful win32/*.bat files for installation, etc.
- Some linux 2.6 support improvements
