* OID Typedef Bug Fix: The oid typedef was changed in 5.6.1 to an u_int32 from
a u_long. This broke binary compatibility and likely 3rd-party code. 5.6.1.1
reverts this change and fixes an underlying OID printing problem in two agent
modules that caused someone to change the typedef in the first place.
Changes 5.6.1:
* General:
- The DTLS and TLS transports and the TSM security model are no
longer "beta" (they've undergone rigorous interoperability testing).
- Many Bug Fixes (see the CHANGES and ChangeLog files for full details)
* snmpd:
- 0 Patch 3141462: from fenner: fix agentx subagent issues with
multiple-object requests
- Patch from Niels to fix VACM persistant storage.
Changes 5.6:
* all:
- Implemented the SNMP over TLS and SNMP over DTLS protocols [RFC-to-be]
- Implemented the "Transport Security Model" [RFC5591]
- Generic host-specific configuration .conf files are now read.
- Include statements can now be used in .conf files.
* snmpd:
- Fix handling of multiple matching VACM entries. (Use the "best"
match, rather than the first one). Reported by Adam Lewis. Note
that this could potentially affect the behaviour of existing access
control configurations.
- Agent will no longer call table handlers if a set request for the
handler has invalid indexes
- table_data/tdata next handler will not be called during get
processing if no valid rows are found for the handler
- [PATCH 2952708]: Added Perl implementation of BRIDGE-MIB
- moved all functions defined in libnetsnmphelpers to
libnetsnmpagent. libnetsnmphelpers is now an empty library.
- Implemented the TSM-MIB and the TLSTM-MIB
- new API for indicating that persistent store needs to be saved
after the current request finishes processing
- [PATCH 2931446]: make the load averages writable.
* apps:
- A new tool 'net-snmp-cert' that easily creates and manages
X.509 certificates for use with the SNMP over (D)TLS protocols.
- Added an 'agentxtrap' command to send notifications via AgentX
- -T command line flag can be used to pass configuration
directly to transports that can accept configuration tokens
- A new 'snmptls' command for manipulating the agent's TLS configuration
* snmplib:
- A more modular transport subsystem that allows third party
extensions and dependencies for code reuse.
- New transport functions: f_config, f_open, f_copy and f_setup_session
- Transports can now specify session defaults
- [PATCH 2942940]: Add a new function, netsnmp_parse_args, that is
like snmp_parse_args but takes an additional bitmask, flags, to
affect the behaviour. Also remove the magic handling of some
application names.
- A new X.509 certificate API for indexing and reading certificates
- new experimental row creation API which uses a state machine
to try really hard to create a row from a given varbind list
- netsnmp_container enhancements:
- added a free_item function
- added a CONTAINER_FREE_ALL macro/function
- added an interface for duplicating a container (CONTAINER_DUP)
- added a remove function to container_iterators
- added an ability to set options on binary_array containers
- new snmp token logOption allows specifying log destinations
via configuration conf files
- A very significant reduction in compiler warning output
- new experimental simple state machine handling API
Previous patch for NetBSD wasn't really for netbsd4 but 4.99.58 and later.
So, I changed "#ifdef netbsd4" to "#ifdef NETBSD_STATS_VIA_SYSCTL" and
clean up patches. Should be fix PR pkg/43288.
It is fix of build problem only, so no PKG_REVISION bump.
snmpd:
- Change default AgentX target from 0.0.0.0:705 to localhost:705
- Fix CVE-2008-4309 (GETBULK issue reported by Oscar Mira-Sanchez)
- Fix handling of multiple matching VACM entries
(Use the "best" match, rather than the first one).
Note that this could potentially affect the behaviour of
existing access control configurations.
- Latch large-disk statistics at 2Tb (rather than wrapping)
Linux:
- Fix build on modern distributions (using rpm-4.6)
Windows:
- Fix various builds (recent MSVC, MinGW, IPv6, winExtDLL)
a tv_nsec field measured in nanoseconds), while other systems
define it as struct timeval (with a tv_usec field measured in
microseconds). Add a configure test and conditional code in
agent/mibgroup/mibII/interfaces.c.orig. This should fix PR 40990.
Bump PKGREVISION to 2.
* An increment only in the version number that was failing to be
reported properly by the tools.
Changes 5.4.1.1:
* SECURITY BUG: A portion of SNMPv3 code had significantly weakened
authentication cryptography and unauthenticated access to a system
is a possibility.
* It is critical that all users update their installations bases
IMMEDIATELY.
* If you were only using SNMPv1 or SNMPv2c you were already insecure
beyond a level that this vulnerability affects.
fix (and error checking) on
agent/mibgroup/hardware/memory/memory_netbsd.c:netsnmp_mem_arch_load()
via new patch file patch-ah as the one applied on
agent/mibgroup/ucd-snmp/memory_netbsd1.c:var_extensible_mem() by
patch file patch-es. Sorry I missed this in november 2006...
Bump PKGREVISION to 1.
snmplib:
- [BUG 1619827]: link libraries against needed external libraries
- [PATCH 1616912]: fix memory leak in UDP transport code
- [PATCH 1592706]: fix memory leak when cloning varbinds
- Change snmp_sess_add_ex to consistently close and delete the
transport argument on failure, earlier the liveness of the
transport argument was undecided.
snmpd:
- [BUG 1558823]: fix ipAddressTable memory leak
- [BUG 1596638]: fix memory leak in ipCidrRouteTable, inetCidrRouteTable
- [BUG 1611524]: fix tcp connection table file descriptor leak
- handle row deletion issues in dataset tables
- [BUG 1712988]: default and configurable maximum number of
varbinds returnable to a GETBULK request.
- [PATCH 1666737]: include ipv6 counts in
udpInDatagrams, udpNoPorts, udpInErrors, udpOutDatagrams
- [PATCH 1700157]: fixes ordering of exec tokens in the resulting mib tree
- [PATCH 1719253]: fix skipNFSInHostResources so it does not break on the
second walk of the table.
perl:
- link Perl modules against the exact set of libraries needed
- [BUG 1619827]: properly link against libperl when configured with --enable-as-needed
- [PATCH 1725049]: fix bulkwalk in cases of non-repeater
python:
- [PATCH 1716114]: Let python build in the Net-SNMP source tree
MacOSX:
- [PATCH 1600522]: CPU Hardware Abstraction Layer (HAL)
implementation for mach/darwin
- IF-MIB rewrite now enabled by default
Win32:
- fix AES support
- [PATCH 1706344]: fix compilation with cygwin
IRIX:
- [PATCH 1709748]: Optimized IRIX cpu stats
AIX:
- Fix default shared library building instead of forcing static use
FreeBSD:
- [BUG 1633483]: Support CPU HAL on FreeBSD4.x
net/route.h needs to be included before netinet6/in6_pcb.h.h and
net/if.h needs to be included before netinet6/in6_var.h.
While here add a patch file on the source of the configure script
which IMHO should have been added earlier.
Bump PKGREVISION to 1.
Note: I supposed the libdes related hunk in patches/patch-af had
been generated by an older than 2.59 autoconf script and carried
over from one net-snmp version update to the next. This would
explain the slight differences about this hunk between the revision
I'm committing and the previous one.
- The default configuration now enables embedded Perl and the Perl
modules by default when possible unless explicitly disabled. You
may use the --disable-embedded-perl and --without-perl-modules
configure options, respectively, to revert to the former default
configuration.
While here check for sysctl() return value.
Now snmpd on NetBSD/sparc64 should report more meaningful values
for OIDs like UCD-SNMP-MIB::memAvailReal.0.
Bump PKGREVISION.
*** Security Fix ***
Changes 5.3:
*** Important Notes ***
Several very significant changes have been made in Net-SNMP for this
release that warrant special attention.
- shared library version number no longer matches the release number. We
now follow the versioning scheme recommended by libtool. For the 5.3
release this means that the libraries now have a SONAME ending with
".so.10", e.g. libnetsnmp.so.10.
- snmpd has not been truncating log files at startup, as documented in
the man pages, for a while now. This default behaviour has been restored.
Please use the '-A' flag if you want to continue appending to your log
files at startup.
- snmptrapd will no longer accept all traps by default. It must be
configured with authorized SNMPv1/v2c community strings and/or SNMPv3
users. Non-authorized traps/informs will be dropped.
- Due to a copyright statement that didn't allow modifications,
snmpnetstat has been completely rewritten. The new version now
accepts the same command-line options as the other tools, which
has introduced a number of incompatible changes. However, it
does now finally support SNMPv3.
