| Age | Commit message (Collapse) | Author |
|---|
|
Avoid fuzz warnings
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Patch was copied from [https://sourceforge.net/p/net-snmp/patches/1336].
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
WARNING: net-snmp-5.7.3-r0 do_patch:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
Applying patch 0001-BUG-a2584-Fix-snmptrap-to-use-clientaddr-from-snmp.c.patch
patching file snmplib/transports/snmpUDPIPv6Domain.c
Hunk #1 succeeded at 286 with fuzz 2 (offset 30 lines).
Now at patch 0001-BUG-a2584-Fix-snmptrap-to-use-clientaddr-from-snmp.c.patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
options which involve paths into workspace are usually filtered out
with the sed command, however currently it does half the job and the
resulting config file gets partial replacements leaving the compiler
options with bad syntax e.g.
-fdebug-prefix-map option is left with -fdebug-prefix-map=
which is not correct syntax, the effect of this is seen in other
recipes which then invoke net-snmp-config script and add the
flags obtained from this script into its own configure scripts
and then tries to execute tests, these tests fail because of
bad compiler options e.g. keepalived where configure tests fails like
| configure: error: *** incorrect CFLAGS from net-snmp-config
this is because of wrong compiler options that it got from
recipe-sysroot/usr/bin/crossscripts/net-snmp-config
This patch tries to be specific about which options should
be skimmed and removes the options completely
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The previous path value to -fdebug-prefix-map
is null which may result in other package such as
quagga do_config error as below:
====================================================
add DISTRO_FEATURES_append = " snmp" to conf/local.conf
test@buildserver@ bitbake quagga
| checking for i586-poky-linux-net-snmp-config... no
| checking for net-snmp-config... $Prj/tmp/work/i586-poky-linux/quagga/1.2.1-r0/recipe-sysroot/usr/bin/crossscripts/net-snmp-config
| checking whether we can link to Net-SNMP... no
| configure: error: --enable-snmp given but not usable
| NOTE: The following config.log files may provide further information.
| NOTE: $Prj/tmp/work/i586-poky-linux/quagga/1.2.1-r0/build/config.log
| ERROR: configure failed
| WARNING: $Prj/tmp/work/i586-poky-linux/quagga/1.2.1-r0/temp/run.do_configure.80493:1 exit 1 from 'exit 1'
| ERROR: Function failed: do_configure (log file is located at $Prj/tmp/work/i586-poky-linux/quagga/1.2.1-r0/temp/log.do_configure.80493)
====================================================
Signed-off-by: Yu Mingli <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This allows us to build perl modules with recent versions
of perl.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Remove build host paths form target net-snmp-config.
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
net-snmp enables 3des support by default and fails to build with distro
feature openssl-no-weak-ciphers:
| ../../net-snmp-5.7.3/snmplib/scapi.c:82:25: fatal error: openssl/des.h: No such file or directory
| #include <openssl/des.h>
To fix the issue:
* add a patch to include des.h only if it's found in openssl
* disable des when openssl-no-weak-ciphers is enabled
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The recipe for net-snmp has snmpd and snmptrapd in seperate packages, so one or the other
or both could be installed. In a common case where only snmpd is installed, the startup
script will fail to run because the snmptrapd executable does not exist.
This patch simply qualifies the test by first checking to see if the executable is to
be used.
-Bill
Signed-off-by: Bill Randle <bill.randle@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Store the incremented engineBoots value on SIGHUP.
And don't reset engineBoots to 1 when oldEngineIDLength is 0.
For the first run, the oldEngineIDLength is 0.
When we say first run of the daemon, we talk about the
first run ever on the machine, not only first run of every boot.
Signed-off-by: Marian Florea <marian.florea@windriver.com>
Reviewed-by: Wenkuan Wang <Wenkuan.Wang@windriver.com>
Reviewed-by: Zhaolong Zhang <Zhaolong.Zhang@windriver.com>
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The patch solves two issues:
1. Supported cross compile for the perl embedded and perl modules.
2. Solved runtime depend issue.
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Backport a succeeding commit from net-snmp upstream to fix the issue
introduced by commit
<BUG#a2584: Fix snmptrap to use clientaddr from snmp.conf>.
The missing return will cause crash when binding to a non-exist IPv6
address.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Under IPv6 IP-multihomed environment, the socket does not bind to the
clientaddr indicated in snmp.conf when sending snmptrap and it might
choose a random one.
Backport the patch from net-snmp upstream to fix it.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
limits.h is needed for PATH_MAX and NAME_MAX
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The net-snmp-server package is a meta-package requiring
net-snmp-server-snmpd and net-snmp-server-snmptrapd package.
The net-snmp-server-snmpd package provides the startup scripts
not the meta net-snmp-server package.
Signed-off-by: Anders Wallin <anders.wallin@windriver.com>
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
backport a patch to fixed snmpd crashing when an AgentX
subagent disconnect in the middle of processing of a request.
Signed-off-by: Zhu Yanjun <yanjun.zhu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Add packageconfig for ipv6 and enable it when it's defined in distro_features.
Signed-off-by: Zhu Yanjun <yanjun.zhu@windriver.com>
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Because the package is not built in place @srcdir@ is
an absolute path to the source directory instead of ".".
Because of this some target scripts like net-snmp-create-v3-user
and net-snmp-config that are using thisvariable in their *.in
files (NSC_SRCDIR=@srcdir@) contain invalid paths.
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Only net-snmp-config used for sysroot should have sysroot
specific paths.
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
* Using "cp -a" leaks UID of user running the builds, causing
many QA warnings.
* See this thread for details:
http://lists.openembedded.org/pipermail/openembedded-core/2015-November/112904.html
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This patch enhances a previously unapplied patch on jethro, plus adds
some flexibility in terms of required deps and a few cleanups.
Signed-off-by: Stephen Arnold <stephen.arnold42@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
when net-snmp-config is used to configure by other package, and fail since
/libnl3 is not found, in fact, it should be -I/usr/include/libnl3, and is
modified as /libnl3 incorrectly.
instead of modify the net-snmp-config for target, the one under
${bindir_crossscripts} should be replaced with ${TAGING_INCDIR}
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
7fb5479 added the patch but did not apply it
Rename patch to explicit it differentiate it from other patches
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
7fb5479 added the patch but did not apply it
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Add "-a" parameter in snmpd.service,it is needed to address logs.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Fix errors seen with gcc5
Change-Id: I9c4361f3a9c25342f5c740263f551c162dce8faf
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
* Dropped backported patches
--ifmib.patch
--0001-Added-checks-for-printing-variables-with-wrong-types.patch
--0001-Fix-CVE-2014-2285.patch
--net-snmp-5.7.2-fix-mib-timeout-values.patch
* Update patches
--dont-return-incompletely-parsed-varbinds.patch
--systemd-support.patch
* Add a new patch to avoid build Errors.
--0001-config_os_headers-Error-Fix.patch
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Fix mib representation of timeout values,correct conversion
factor from microseconds to centiseconds.
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
the snmp_pdu_parse() function could leave incompletely parsed varBind
variables in the list of variables in case the parsing of the SNMP
PDU failed. If later processing tries to operate on the stale and
incompletely processed varBind (e.g. when printing the variables),
this can lead to e.g. crashes or, possibly, execution of arbitrary
code.
The snmp_pdu_parse() function stores varBind variables in a list of
netsnmp_variable_list structures. Each time the function parses a new
varBind, a new netsnmp_variable_list item is allocated on the heap
and linked to the list of variables. The problem is that this item
is not removed from the list, even if snmp_pdu_parse() fails to
complete the parsing.
The "type" member of the stale netsnmp_variable_list is not
properly initialized in case snmp_pdu_parse() returns early from the
parsing. However, the "type" member is used to determine later code
paths, which is why we see crashes in a variety of functions,
although the root cause for all of these is the same.
This patch come from
http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
Written-by: Robert Story
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in
Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows
remote attackers to cause a denial of service (snmptrapd crash) via an
empty community string in an SNMP trap, which triggers a NULL pointer
dereference within the newSVpv function in Perl.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Issue: TA79430
- Change to use append for PACKAGES so that:
* ptest package is added from ptest bbcalss
* the PN is back, allow empty and add rdepends on net-snmp-client
in case the user try to add net-snmp to the image
- Add a patch to fix the output format for ptest
- Add run-ptest
- Add rdepends on perl for ptest
(LOCAL REV: NOT UPSTREAM) -- Sent to meta-networking on 20150114
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Since net-snmp-config is a common tool, move it from dev package
to client package.
Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Changes:
1. Add source function and status command.
2. make it possible to change the start arguments with a default file
in the same way as debian.
3. change the default INITSCRIPT_PARAMS
4. Add PIDFILE and fix restart
5. remove the postrm sicne we use the one from update-rc.d
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
LIB_LDCONFIG_CMD failed since it is using a host dir $(libdir)
which is /usr/lib64 does not exist on host when compile 64bit
image.
In fact, configuring dynamic linker run-time bindings is meaningless
at this step, If it is needed, Poky would write ldconfig scripts to
rpm-postinst for each recipe while do_package, in package.bbclass.
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Move persistent dir to /var/lib/net-snmp and fix security contexts for
them.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
According to the following commit, net-snmp needs to have
mib-modules=smux enabled:
commit f64db3011c04ada0a8ac04b9eddde05b67d21eec
Author: Aws Ismail <aws.ismail@windriver.com>
Date: Mon Mar 25 11:30:06 2013 -0400
Quagga has no snmp support, unrecognized options --enable-tcp-md5
1. Quagga's tcp-md5 has been renamed to linux24-tcp-md5
2. net-snmp needs to have mib-modules=smux enabled to enable
quagga to support snmp. Make the net-snmp option dependent
on the DISTRO_FEATURE snmp.
3. Misc: install the sample conf files for quagga. Also,
Make sure that the post install script is being run
on the target rather than during the rootfs creation
stage.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Aws Ismail <aws.ismail@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Previously, it still was checked when there was no nlish.h in sysroots directory.
Add knob to decide whether nlist.h are checked or not.
Fixed by using PACKAGECONFIG to check elf, with default disabled set.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Option -LS does not work, we should instead it by -Ls as usage said.
Deprecated options:
-l FILE use -Lf <FILE> instead
-P use -p instead
-s use -Lsd instead
-S d|i|0-7 use -Ls <facility> instead
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used,
allows remote attackers to cause a denial of service (snmptrapd crash) via
a crafted SNMP trap message, which triggers a conversion to the variable
type designated in the MIB file, as demonstrated by a NULL type in an ifMtu
trap message.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3565
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
There have been occasions that net-snmp sees valgrind and then later it's
not available, adding this setting ensures determinism by disabling it by
default
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This recipe was installing net-snmp-config script to STAGING_BINDIR
instead of STAGING_BINDIR_CROSS, during the do_install. It is not
recommended and must be done after staging.
Changes:
* Remove STAGING_BINDIR manipulations from do_install_append
* Add net_snmp_sysroot_preprocess function instead
* Append net_snmp_sysroot_preprocess to SYSROOT_PREPROCESS_FUNCS
Signed-off-by: Alexandre Fournier <alexandre.fournier@kiplink.fr>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs
in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions,
allows remote attackers to cause a denial of service (snmptrapd
crash) via an empty community string in an SNMP trap, which triggers
a NULL pointer dereference within the newSVpv function in Perl.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2285
Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before
5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does
not properly validate input, which allows remote attackers
to cause a denial of service via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2284
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
Khem Raj
Andrej Valek
Yi Zhao
Armin Kuster
Yu Mingli
Slater, Joseph
Martin Jansa
Ovidiu Panait
Jackie Huang
Bill Randle
Li Zhou
Wenlin Kang
Peter Kjellerstedt
Li Wang
Ross Burton
Zhu Yanjun
Catalin Enache
Stephen Arnold
Roy Li
Rafaël Carré
Li Xin
Jian Liu
Joe MacDonald
Junling Zheng
Chong.Lu@windriver.com
Bian Naimeng
Alexandre Fournier