!6 update package info

Merge pull request !6 from 周淦清/openkylin/yangtze

debian/changelog

@@ -1,3 +1,15 @@
+net-snmp (5.8+dfsg-ok8) yangtze; urgency=medium
+
+  * Update package info.
+
+ -- zhouganqing <zhouganqing@kylinos.cn>  Tue, 05 Sep 2023 16:40:20 +0800
+
+net-snmp (5.8+dfsg-ok7) yangtze; urgency=medium
+
+  * cooking-orange-cub CVE-2022-44792、CVE-2022-4479 安全更新
+
+ -- chenyuheng <cyh030619@bupt.edu.cn>  Thu, 09 Mar 2023 15:09:18 +0800
+
 net-snmp (5.8+dfsg-ok6) yangtze; urgency=medium
 
   * l491 repair CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810

debian/control

@@ -1,11 +1,7 @@
 Source: net-snmp
 Section: net
 Priority: optional
-Maintainer: Openkylin Developers <packaging@lists.openkylin.top>
-XSBC-Original-Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>
-Uploaders: Craig Small <csmall@debian.org>,
- Thomas Anders <tanders@users.sourceforge.net>,
- Noah Meyerhans <noahm@debian.org>
+Maintainer: openKylin Developers <packaging@lists.openkylin.top>
 Build-Depends: debhelper-compat (= 12),
  libtool, libwrap0-dev, libssl-dev, perl (>=5.8), libperl-dev,
  autoconf, automake, debianutils (>=1.13.1),
@@ -17,8 +13,8 @@ Build-Depends: debhelper-compat (= 12),
  default-libmysqlclient-dev, libpci-dev, dh-apport
 Build-Conflicts: libsnmp-dev
 Standards-Version: 4.4.1
-Vcs-Git: https://salsa.debian.org/debian/net-snmp.git
-Vcs-Browser: https://salsa.debian.org/debian/net-snmp
+Vcs-Git: https://gitee.com/openkylin/net-snmp.git
+Vcs-Browser: https://gitee.com/openkylin/net-snmp
 Homepage: http://net-snmp.sourceforge.net/
 
 Package: snmpd

debian/patches/0043-6-update-package-info.patch

@@ -0,0 +1,250 @@
+From: =?utf-8?b?5ZGo5rem5riF?= <zhouganqing@kylinos.cn>
+Date: Tue, 5 Sep 2023 08:45:58 +0000
+Subject: =?utf-8?q?!6_update_package_info_Merge_pull_request_!6_from_?=
+ =?utf-8?q?=E5=91=A8=E6=B7=A6=E6=B8=85/openkylin/yangtze?=
+
+---
+ agent/snmp_agent.c                                 | 32 ++++++++++++++++++++++
+ apps/snmpset.c                                     |  1 +
+ apps/snmptrapd_sql.c                               | 17 ++++++++----
+ configure                                          | 20 ++++++--------
+ configure.d/config_os_libs2                        |  9 +-----
+ include/net-snmp/net-snmp-config.h.in              |  7 +++--
+ .../fulltests/default/T0142snmpv2csetnull_simple   | 31 +++++++++++++++++++++
+ 7 files changed, 91 insertions(+), 26 deletions(-)
+ create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple
+
+diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
+index e3f06d6..6e5b5ce 100644
+--- a/agent/snmp_agent.c
++++ b/agent/snmp_agent.c
+@@ -3708,12 +3708,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
+     return 1;
+ }
+ 
++static int
++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
++{
++    int i;
++    netsnmp_variable_list *v = NULL;
++
++    for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
++	if (v->type == ASN_NULL) {
++	    /*
++	     * Protect SET implementations that do not protect themselves
++	     * against wrong type.
++	     */
++	    DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
++	    asp->index = i;
++	    return SNMP_ERR_WRONGTYPE;
++	}
++    }
++    return SNMP_ERR_NOERROR;
++}
++
+ int
+ handle_pdu(netsnmp_agent_session *asp)
+ {
+     int             status, inclusives = 0;
+     netsnmp_variable_list *v = NULL;
+ 
++#ifndef NETSNMP_NO_WRITE_SUPPORT
++    /*
++     * Check for ASN_NULL in SET request
++     */
++    if (asp->pdu->command == SNMP_MSG_SET) {
++	status = check_set_pdu_for_null_varbind(asp);
++	if (status != SNMP_ERR_NOERROR) {
++	    return status;
++	}
++    }
++#endif /* NETSNMP_NO_WRITE_SUPPORT */
++
+     /*
+      * for illegal requests, mark all nodes as ASN_NULL 
+      */
+diff --git a/apps/snmpset.c b/apps/snmpset.c
+index a2374bc..cd01b9a 100644
+--- a/apps/snmpset.c
++++ b/apps/snmpset.c
+@@ -182,6 +182,7 @@ main(int argc, char *argv[])
+             case 'x':
+             case 'd':
+             case 'b':
++            case 'n': /* undocumented */
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+             case 'I':
+             case 'U':
+diff --git a/apps/snmptrapd_sql.c b/apps/snmptrapd_sql.c
+index 32a3b17..2a422d9 100644
+--- a/apps/snmptrapd_sql.c
++++ b/apps/snmptrapd_sql.c
+@@ -421,9 +421,6 @@ netsnmp_mysql_connect(void)
+ int
+ netsnmp_mysql_init(void)
+ {
+-    int not_argc = 0, i;
+-    char *not_args[] = { NULL };
+-    char **not_argv = not_args;
+     netsnmp_trapd_handler *traph;
+ 
+     DEBUGMSGTL(("sql:init","called\n"));
+@@ -450,14 +447,22 @@ netsnmp_mysql_init(void)
+     my_init();
+ #endif
+ 
++#if !defined(HAVE_MYSQL_OPTIONS)
++    {
++    int not_argc = 0, i;
++    char *not_args[] = { NULL };
++    char **not_argv = not_args;
++
+     /** load .my.cnf values */
+ #if HAVE_MY_LOAD_DEFAULTS
+     my_load_defaults ("my", _sql.groups, &not_argc, &not_argv, 0);
+ #elif defined(HAVE_LOAD_DEFAULTS)
+     load_defaults ("my", _sql.groups, &not_argc, &not_argv);
++#else
++#error Neither load_defaults() nor mysql_options() are available.
+ #endif
+ 
+-    for(i=0; i < not_argc; ++i) {
++    for (i = 0; i < not_argc; ++i) {
+         if (NULL == not_argv[i])
+             continue;
+         if (strncmp(not_argv[i],"--password=",11) == 0)
+@@ -475,6 +480,8 @@ netsnmp_mysql_init(void)
+         else
+             snmp_log(LOG_WARNING, "unknown argument[%d] %s\n", i, not_argv[i]);
+     }
++    }
++#endif /* !defined(HAVE_MYSQL_OPTIONS) */
+ 
+     /** init bind structures */
+     memset(_tbind, 0x0, sizeof(_tbind));
+@@ -554,7 +561,7 @@ netsnmp_mysql_init(void)
+         return -1;
+     }
+ 
+-#if MYSQL_VERSION_ID >= 100000
++#if HAVE_MYSQL_OPTIONS
+     mysql_options(_sql.conn, MYSQL_READ_DEFAULT_GROUP, "snmptrapd");
+ #endif
+ 
+diff --git a/configure b/configure
+index cad6b74..390f8a8 100755
+--- a/configure
++++ b/configure
+@@ -25214,19 +25214,17 @@ $as_echo "no" >&6; }
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+     conftest$ac_exeext conftest.$ac_ext
+-  ac_fn_c_check_func "$LINENO" "mysql_init" "ac_cv_func_mysql_init"
+-if test "x$ac_cv_func_mysql_init" = xyes; then :
+-
+-$as_echo "#define HAVE_MYSQL_INIT 1" >>confdefs.h
+-
+-fi
+-
+-  ac_fn_c_check_func "$LINENO" "load_defaults" "ac_cv_func_load_defaults"
+-if test "x$ac_cv_func_load_defaults" = xyes; then :
+-
+-$as_echo "#define HAVE_LOAD_DEFAULTS 1" >>confdefs.h
++  for ac_func in load_defaults mysql_init mysql_options
++do :
++  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
++if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
++  cat >>confdefs.h <<_ACEOF
++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
++_ACEOF
+ 
+ fi
++done
+ 
+   CPPFLAGS="${_cppflags}"
+   LIBS="${_libs}"
+diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2
+index 088687d..364218a 100644
+--- a/configure.d/config_os_libs2
++++ b/configure.d/config_os_libs2
+@@ -563,14 +563,7 @@ if test "x$with_mysql" = "xyes" ; then
+        AC_DEFINE([HAVE_MY_LOAD_DEFAULTS], 1,
+                  [Define if having my_load_defaults()])],
+       [AC_MSG_RESULT(no)])
+-  AC_CHECK_FUNC(
+-    [mysql_init],
+-    AC_DEFINE([HAVE_MYSQL_INIT], 1,
+-              [Define if mysql_init() is available in libmysqlclient]))
+-  AC_CHECK_FUNC(
+-    [load_defaults],
+-    AC_DEFINE([HAVE_LOAD_DEFAULTS], 1,
+-              [Define if load_defaults() is available in libmysqlclient]))
++  AC_CHECK_FUNCS([load_defaults mysql_init mysql_options])
+   CPPFLAGS="${_cppflags}"
+   LIBS="${_libs}"
+   AC_MSG_CACHE_ADD(MYSQL Trap Logging:         enabled)
+diff --git a/include/net-snmp/net-snmp-config.h.in b/include/net-snmp/net-snmp-config.h.in
+index 298fb3e..1f54c32 100644
+--- a/include/net-snmp/net-snmp-config.h.in
++++ b/include/net-snmp/net-snmp-config.h.in
+@@ -462,7 +462,7 @@
+ /* Define to 1 if you have the <linux/tasks.h> header file. */
+ #undef HAVE_LINUX_TASKS_H
+ 
+-/* Define if load_defaults() is available in libmysqlclient */
++/* Define to 1 if you have the `load_defaults' function. */
+ #undef HAVE_LOAD_DEFAULTS
+ 
+ /* Define to 1 if you have the <locale.h> header file. */
+@@ -513,9 +513,12 @@
+ /* Define to 1 if you have the <mtab.h> header file. */
+ #undef HAVE_MTAB_H
+ 
+-/* Define if mysql_init() is available in libmysqlclient */
++/* Define to 1 if you have the `mysql_init' function. */
+ #undef HAVE_MYSQL_INIT
+ 
++/* Define to 1 if you have the `mysql_options' function. */
++#undef HAVE_MYSQL_OPTIONS
++
+ /* Define if MY_INIT() is availabe in libmysqlclient */
+ #undef HAVE_MY_INIT
+ 
+diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple
+new file mode 100644
+index 0000000..0f1b8f3
+--- /dev/null
++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple
+@@ -0,0 +1,31 @@
++#!/bin/sh
++
++. ../support/simple_eval_tools.sh
++
++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
++
++SKIPIF NETSNMP_DISABLE_SET_SUPPORT
++SKIPIF NETSNMP_NO_WRITE_SUPPORT
++SKIPIF NETSNMP_DISABLE_SNMPV2C
++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
++
++#
++# Begin test
++#
++
++# standard V2C configuration: testcomunnity
++snmp_write_access='all'
++. ./Sv2cconfig
++STARTAGENT
++
++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
++
++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
++
++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
++
++CHECK "Reason: wrongType"
++
++STOPAGENT
++
++FINISHED

debian/patches/series

@@ -40,3 +40,4 @@ lp1871307-log-once-proc-net-if_inet6-failure.patch
 0040-CVE-2020-15861-Net-SNMP-5.7.3-root.patch
 0041-CVE-2020-15862-Net-SNMP-5.7.3.patch
 0042-repair-CVE-2022-24805-CVE-2022-24806-CVE-2022-24807-.patch
+0043-6-update-package-info.patch