* OID Typedef Bug Fix: The oid typedef was changed in 5.6.1 to an u_int32 from
a u_long. This broke binary compatibility and likely 3rd-party code. 5.6.1.1
reverts this change and fixes an underlying OID printing problem in two agent
modules that caused someone to change the typedef in the first place.
Changes 5.6.1:
* General:
- The DTLS and TLS transports and the TSM security model are no
longer "beta" (they've undergone rigorous interoperability testing).
- Many Bug Fixes (see the CHANGES and ChangeLog files for full details)
* snmpd:
- 0 Patch 3141462: from fenner: fix agentx subagent issues with
multiple-object requests
- Patch from Niels to fix VACM persistant storage.
Changes 5.6:
* all:
- Implemented the SNMP over TLS and SNMP over DTLS protocols [RFC-to-be]
- Implemented the "Transport Security Model" [RFC5591]
- Generic host-specific configuration .conf files are now read.
- Include statements can now be used in .conf files.
* snmpd:
- Fix handling of multiple matching VACM entries. (Use the "best"
match, rather than the first one). Reported by Adam Lewis. Note
that this could potentially affect the behaviour of existing access
control configurations.
- Agent will no longer call table handlers if a set request for the
handler has invalid indexes
- table_data/tdata next handler will not be called during get
processing if no valid rows are found for the handler
- [PATCH 2952708]: Added Perl implementation of BRIDGE-MIB
- moved all functions defined in libnetsnmphelpers to
libnetsnmpagent. libnetsnmphelpers is now an empty library.
- Implemented the TSM-MIB and the TLSTM-MIB
- new API for indicating that persistent store needs to be saved
after the current request finishes processing
- [PATCH 2931446]: make the load averages writable.
* apps:
- A new tool 'net-snmp-cert' that easily creates and manages
X.509 certificates for use with the SNMP over (D)TLS protocols.
- Added an 'agentxtrap' command to send notifications via AgentX
- -T command line flag can be used to pass configuration
directly to transports that can accept configuration tokens
- A new 'snmptls' command for manipulating the agent's TLS configuration
* snmplib:
- A more modular transport subsystem that allows third party
extensions and dependencies for code reuse.
- New transport functions: f_config, f_open, f_copy and f_setup_session
- Transports can now specify session defaults
- [PATCH 2942940]: Add a new function, netsnmp_parse_args, that is
like snmp_parse_args but takes an additional bitmask, flags, to
affect the behaviour. Also remove the magic handling of some
application names.
- A new X.509 certificate API for indexing and reading certificates
- new experimental row creation API which uses a state machine
to try really hard to create a row from a given varbind list
- netsnmp_container enhancements:
- added a free_item function
- added a CONTAINER_FREE_ALL macro/function
- added an interface for duplicating a container (CONTAINER_DUP)
- added a remove function to container_iterators
- added an ability to set options on binary_array containers
- new snmp token logOption allows specifying log destinations
via configuration conf files
- A very significant reduction in compiler warning output
- new experimental simple state machine handling API
snmpd:
- Change default AgentX target from 0.0.0.0:705 to localhost:705
- Fix CVE-2008-4309 (GETBULK issue reported by Oscar Mira-Sanchez)
- Fix handling of multiple matching VACM entries
(Use the "best" match, rather than the first one).
Note that this could potentially affect the behaviour of
existing access control configurations.
- Latch large-disk statistics at 2Tb (rather than wrapping)
Linux:
- Fix build on modern distributions (using rpm-4.6)
Windows:
- Fix various builds (recent MSVC, MinGW, IPv6, winExtDLL)
snmplib:
- [BUG 1619827]: link libraries against needed external libraries
- [PATCH 1616912]: fix memory leak in UDP transport code
- [PATCH 1592706]: fix memory leak when cloning varbinds
- Change snmp_sess_add_ex to consistently close and delete the
transport argument on failure, earlier the liveness of the
transport argument was undecided.
snmpd:
- [BUG 1558823]: fix ipAddressTable memory leak
- [BUG 1596638]: fix memory leak in ipCidrRouteTable, inetCidrRouteTable
- [BUG 1611524]: fix tcp connection table file descriptor leak
- handle row deletion issues in dataset tables
- [BUG 1712988]: default and configurable maximum number of
varbinds returnable to a GETBULK request.
- [PATCH 1666737]: include ipv6 counts in
udpInDatagrams, udpNoPorts, udpInErrors, udpOutDatagrams
- [PATCH 1700157]: fixes ordering of exec tokens in the resulting mib tree
- [PATCH 1719253]: fix skipNFSInHostResources so it does not break on the
second walk of the table.
perl:
- link Perl modules against the exact set of libraries needed
- [BUG 1619827]: properly link against libperl when configured with --enable-as-needed
- [PATCH 1725049]: fix bulkwalk in cases of non-repeater
python:
- [PATCH 1716114]: Let python build in the Net-SNMP source tree
MacOSX:
- [PATCH 1600522]: CPU Hardware Abstraction Layer (HAL)
implementation for mach/darwin
- IF-MIB rewrite now enabled by default
Win32:
- fix AES support
- [PATCH 1706344]: fix compilation with cygwin
IRIX:
- [PATCH 1709748]: Optimized IRIX cpu stats
AIX:
- Fix default shared library building instead of forcing static use
FreeBSD:
- [BUG 1633483]: Support CPU HAL on FreeBSD4.x
- The default configuration now enables embedded Perl and the Perl
modules by default when possible unless explicitly disabled. You
may use the --disable-embedded-perl and --without-perl-modules
configure options, respectively, to revert to the former default
configuration.
*** Security Fix ***
Changes 5.3:
*** Important Notes ***
Several very significant changes have been made in Net-SNMP for this
release that warrant special attention.
- shared library version number no longer matches the release number. We
now follow the versioning scheme recommended by libtool. For the 5.3
release this means that the libraries now have a SONAME ending with
".so.10", e.g. libnetsnmp.so.10.
- snmpd has not been truncating log files at startup, as documented in
the man pages, for a while now. This default behaviour has been restored.
Please use the '-A' flag if you want to continue appending to your log
files at startup.
- snmptrapd will no longer accept all traps by default. It must be
configured with authorized SNMPv1/v2c community strings and/or SNMPv3
users. Non-authorized traps/informs will be dropped.
- Due to a copyright statement that didn't allow modifications,
snmpnetstat has been completely rewritten. The new version now
accepts the same command-line options as the other tools, which
has introduced a number of incompatible changes. However, it
does now finally support SNMPv3.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
Fixes:
Building:
- configure --disable-snmpv2c now works
- fix make test tests for rfc1213
- bug 1049607: net-snmp-config --compile-subagent broken
library:
- bug 1084413: Can't disable file logging
- bug 1072406: invalid operator precedence in opendir()
agent library:
- disconnected AgentX subagents now reconnect with correct context
- fix table_array row insert/delete during set processing
agent:
- don't override clientAddr setting for local trapsinks
- bug 1088765: Agent fails to send traps to remote target
- bug 1034008: memory leak using SET for table_dataset
- patch 1052460: fix agent deadlock on exec
- bug 1055781: get-next fails to step into interfaces group correctly
- bug 1056760: agent ignores ifspeed, type settings in snmpd.conf
- bug 1062986: pass and pass_persist fail and crash snmpd
- fix snmpd.conf table token to handle augments tables
snmptrapd:
- bug 1085981: snmptrapd complains about logging and access control
- bug 1040711: snmptrapd: SIGHUP duplicates traphandlers (repeatedly)
MFD:
- Misc updates to MFD templates
- add auto-handling of cache update for row insert/delete
Ports:
- Win32
- fixes for compiling without the Microsoft PSDK installed
- fix Win32 getenv crash
- Mac OS X compile error fix
- HP-UX configure now detects and won't use unavailable function
- Linux
- patch 1055036: if-mib init order fix
- patch 1057057: ipSystemStatsTable index fix, add ipv6
- patch 1073897: fix if-mib data access 64bit counter wrap detection
MIBs:
- update IP-FORWARD-MIB from an ID set to become an RFC
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
New:
- test suite supports testing over other transports (tcp, udp6, unix, ...)
(see the -P switch to the testing/RUNTESTS script)
- Solaris supports the use of it's PKCS#11 library for supporting
cryptographic functions (OpenSSL isn't required if PKCS#11 is available)
(see configure's --with-pkcs flag)
Fixes:
- Improvements on 64 bit architectures.
- A few minor memory leaks fixed.
- An extremely large number of minor bug fixes.
- Many perl module specific bug fixes.
- snmpd will safely handle more signals.
Ports:
- Many many significant Windows improvements.
- A win32 build script in win32/build.pl
- Support for the MinGW compiler
- (see the README.win32 file for details on new ports)
- Various helpful win32/*.bat files for installation, etc.
- Some linux 2.6 support improvements
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Changes from NEWS file:
--------8<--------8<--------8<--------8<--------8<--------8<--------8<
*5.0.9*
SECURITY:
- An existing user/community could get access to data in MIB
objects that were explicitly excluded from their view.
Fixes:
- Perl build environment should better under Windows
- Misc kerberos support fixes.
- Improvements on various manual pages.
- A annoying bug with SETs being passed to pass scripts was fixed.
- The often talked about VACM optimization improvement was fixed again.
- mib2c handles augmentation tables better now.
- Various 64 bit issues have been addressed.
*5.0.8*
New:
- No new features will be added to the 5.0.x line.
Ports:
- Update libtool to version 1.4.3, for the benefit of Darwin
- diskio support for Darwin
- Updates for OpenBSD 3.
- Updates to solaris README
Fixes:
- find libwrap w/nsl on RedHat
- fix for openssl 0.9.7
- Fix some AgentX memory leaks
- use macro for inline function prototypes
- Attempt to find unused port before running tests
- Use SNMP_SLEEP environment variable when running tests
- calculate a proper ifSpeed under linux when possible
- better daemonization of snmpd
- close and reopen snmptrapd log files on HUP
- support for 16 bit reuqest ids
- Recognize new 't' code in display hints
- misc other fixes
*5.0.7*
New:
- VACM (access control) optimizations which will greatly benefit
people who wish to exclude large portions of the MIB tree from
some people. Previously this was a large resource drain.
- Add command line option to snmpd to set syslog facility
- Reverse DISPLAY-HINT processing, i.e. it allows you to input data
formatted like a DISPLAY-HINT prescribes
- Support setting of sysDescr and sysObjectID via snmpd.conf
configuration directives
- New output option to force display of strings as hex
- Persistent directory can be specified at runtime
- Add support for Linux virtual interfaces in the ipAddressTable.
- implemented the mteEventTable and the mteEventNotificationTable
form the DISMAN-EVENT-MIB.
Fixes:
- AgentX no longer flagged as experimental
- A few memory leak fixes for the table_iterator agent API.
- Processed flag cleared before each pass of a set request
- Remove snmpd pid file on exit
- Restore default behaviour of building shared libraries
- misc other fixes
--------8<--------8<--------8<--------8<--------8<--------8<--------8<
on net/net-snmp-current and on the FreeBSD net-snmp port, and may be
considered as an update to ucd-snmp. Changes since ucd-snmp include:
* complete rewrite of the agent internals
* new agent module API
* SNMPv3
* improved AgentX subagent handling
* many, many bugfixes in plugged memory leaks
* prevent DoS attacks from authenticated users
