This file contains a list of specific bugs that have been fixed, and patches that have been applied in released versions. Please see the NEWS file for a summary of the major changes, and the ChangeLog file for a comprehensive listing of all changes made to the code. *5.6.2.1* snmpd: - SECURITY: a denial of service attack vector was discovered on the linux implementation of the ICMP-MIB. This release fixes this bug and all users are encouraged to update their SNMP agent if they make use of the ICMP-MIB table objects. *5.6.2* snmplib: - [PATCH 2835577]: Replace SNMP_ZERO of arrays with a memset. - [PATCH 3510454]: Allow the use of 0.0.0.0/0 as alias for default - [PATCH 3526599]: Don't hang on retried failing SNMPv3 responses - [BUG 3134323]: Fix crash when comparing invalid OIDs - Avoid unnecessary casts when using netsnmp_set_row_column() - Eliminate assorted dead variables snmpd: - [PATCH 2941811]: Handle successful requests with reqID 0 - [PATCH 3096725]: sysORTable registation for notification log mib - [PATCH 3479740]: Fix hrSWRunPerf statistics - [PATCH 3487867]: Don't skip missing ifXTable entries (ifConnectorPresent FALSE) - [PATCH 3487919]: Fix compilation when caching is disabled - [PATCH 3495697]: Store persistent snmpTarget table changes - [BUG 3526549]: CVE-2012-2141 Array index error leading to crash - [BUG 3532090]: Fix high ifIndex values crashing hrDeviceDescr - Added OCFS2 (Oracle Cluster FS) to hrStorageTable and hrFSTable - Eliminate assorted dead variables - UDP-MIB: Report proper udpLocalAddress (instead of 0.0.0.0) snmpdx: - [PATCH 3445437]: Log AgentX disconnections (in line with connections) snmptrapd: - [BUG 3151254]: Fix crash with invalid traphandle directive - Avoid crash during shutdown due to invoking perl_destruct(NULL) - Don't invoke shutdown_perl() from SIGTERM handler - Handle changes to libmysqlclient API (affects Fedora 15/16) - Remove superfluous casts apps: - [PATCH 2835577]: Replace SNMP_ZERO of arrays with a memset. build/install: - [BUG 3152841]: Install util_funcs subheaders - OpenBSD: Fix order of headers when checking - Add target to build agentxtrap from the toplevel - Build fix for systems lacking field msg_control in struct msghdr - Fix static builds using net-snmp-config and -*libs flags man: - [BUG 3190725]: Document snmp{,_sess}synch_response and snmp_async_send mib2c: - Make the mib2c foreach ranges work as advertised in the comments. perl: - Fix spelling in the documentation of the SNMP module - Fixed segmentation fault when handler registration fails. - Don't open stderr unnecessarily (affects embedded agent) python: - [PATCH 3185085]: Fix segfault on 64-bit systems testing: - [BUG 3474590]: Don't match underscores within the source root filename - Add a test for se_store_list() - Fix Perl regression test failures - Don't fail skipped Perl tests. - Remove unused variables AIX: - Eliminate configure warning regarding libperfstat.h (AIX 6.1ff) Cygwin: - Make date_n_time() produce time zone information - Fix get_uptime() / hrSystemUptime implementation FreeBSD: - [PATCH 3489387]: Install FreeBSD 10 header file (plus other missing versions) - Restore IP_RECVDSTADDR functionality. Linux: - [PATCH 3205811]: Option to skip fd/loop/ram devices in diskIOTable - [PATCH 3525998]: Don't use an uninitialised value in error message MinGW: - Avoid "pragma comment" warnings in - Made regression test output independent of Windows registry settings NetBSD: - Update memory and CPU statistics handling OpenBSD: - Support updating the routing table Windows: - Avoid problems if Net-SNMP Perl modules are built with a different version of Microsoft Visual Studio than that used for ActivePerl - Avoid problems with PACKAGE_* macros when using GNU autotools. - Now builds correctly with a 64-bit compiler. - build.bat: Generate PDB files in release mode. - build.bat: Install netsnmp.dll before running Perl regression tests - Deprecated libsnmp.def - use NETSNMP_IMPORT instead - Fix winExtDLL compiler warnings (following u_long oid typedef) - Make linking with recent OpenSSL binaries succeed. - Make netsnmp_large_fd_set_resize() robust against memalloc failures. - Perl modules build now with IPv6 enabled. - Snmpd: Remove dlmod - Snmptrapd: Make the IP address to hostname conversion work *5.6.1* general: - Upgraded DTLS support from alpha to full; mention that tsm is needed for TLS too snmplib: - Added function netsnmp_delete_table_data_set(). - Added function netsnmp_delete_table_data_set(). Added declaration for the function netsnmp_table_data_delete_table() in a public agent header file. - Added function netsnmp_delete_table_data_set(). Added declaration for the function netsnmp_table_data_delete_table() in a public agent header file. Fixed memory leak in netsnmp_table_data_delete_table(). (Backported r19450 and r19454 from trunk.) - Added macro netsnmp_static_assert(). - Added snmp_sess_session_lookup(). - Avoid that Valgrind complains about uninitialized data for the buffers returned by netsnmp_callback_recv() and netsnmp_callback_hook_build(). - Be const correct over calls to str* functions. - Changed the argument type of debug_register_tokens() from char * into const char *. (Backported r19665 and r19666 from the trunk.) - Check the return value of strdup in netsnmp_create_data_list and fail if strdup fails. - Correct the extern "C" declarations to be consistent. Remove commented out code. - Fixed bugs in asn_parse_unsigned_int64(), asn_build_unsigned_int64(), asn_parse_signed_int64() and asn_build_signed_int64(). Most but not all of these bugs were specific to 64-bit systems. Fixes bug #3093199. - Fixed memory leak triggered by calling se_add_pair_to_list() with a value that already existed in the list. - Invoking se_clear_slist() does no longer create a dangling pointer. - Invoking se_clear_slist() does no longer create a dangling pointer. Fixed leaks-at-exit triggered by using the snmp_enum code. - Invoking se_clear_slist() does no longer create a dangling pointer. Fixed leaks-at-exit triggered by using the snmp_enum code. Documented behavior of se_add_pair(), se_add_pair_to_slist() and clear_snmp_enum(). Made snmp_enum example consistent with the rest of the code by adding strdup() calls and added a call to se_clear_all_lists(). - Invoking se_clear_slist() does no longer create a dangling pointer. Fixed leaks-at-exit triggered by using the snmp_enum code. Documented behavior of se_add_pair(), se_add_pair_to_slist() and clear_snmp_enum(). Made snmp_enum example consistent with the rest of the code by adding strdup() calls and added a call to se_clear_all_lists(). Fixed a memory corruption problem triggered by the (undocumented) snmpd.conf "enum" keyword handler - storing pointers to strings allocated on the stack in a global list does not work. - Invoking se_clear_slist() does no longer create a dangling pointer. Fixed leaks-at-exit triggered by using the snmp_enum code. Documented behavior of se_add_pair(), se_add_pair_to_slist() and clear_snmp_enum(). Made snmp_enum example consistent with the rest of the code by adding strdup() calls and added a call to se_clear_all_lists(). Fixed a memory corruption problem triggered by the (undocumented) snmpd.conf "enum" keyword handler - storing pointers to strings allocated on the stack in a global list does not work. - force a ; at the end of the static_assert macro. - netsnmp_handler_dup(): freeing the duplicated handler no longer causes a crash (double free) when handler->myvoid of the original handler was non-NULL. snmpd: - Patch 3141462: from fenner: fix agentx subagent issues with multiple-object requests - Patch from Niels to fix VACM persistant storage. - Added snmp_sess_session_lookup(). Call shutdown_master_agent() and shutdown_agent() during shutdown. - Added snmp_sess_session_lookup(). Call shutdown_master_agent() and shutdown_agent() during shutdown. The function clean_subtree() does no longer trigger double frees and invalid memory reads. Note: this function was already wrong at the time it was introduced (patch #724925 / r8531, July 2003). - Added snmp_sess_session_lookup(). Call shutdown_master_agent() and shutdown_agent() during shutdown. The function clean_subtree() does no longer trigger double frees and invalid memory reads. Note: this function was already wrong at the time it was introduced (patch #724925 / r8531, July 2003). Removed a comment in netsnmp_handler_free() that is now obsolete because of the clean_subtree() changes. - Added snmp_sess_session_lookup(). Call shutdown_master_agent() and shutdown_agent() during shutdown. The function clean_subtree() does no longer trigger double frees and invalid memory reads. Note: this function was already wrong at the time it was introduced (patch #724925 / r8531, July 2003). Removed a comment in netsnmp_handler_free() that is now obsolete because of the clean_subtree() changes. Modified netsnmp_deregister_agent_nsap() such that it never examines sessions that already have been closed. It is for this change that it was necessary to introduce the new function snmp_sess_session_lookup(). - Fixed a double free at exit that was triggered by cleaning up the data structures used for embedded Perl support. - Fixed order of rpmlib detection and agent module configuration (backported r19621 from trunk). - Removing the last cache via netsnmp_cache_remove() does no longer trigger a crash. - Update the length of sysObjectID as well as the data when it is set from a configuration file. - Use the same autoconf symbol to decide both if strcasecmp should be declared and if it should be defined. - [BUG 1840230]: Don't include the index object as (pseudo-)accessible column. - [BUG 3058101]: Writeable 'long' instances work on 64-bit systems, but not writable 'int's - [BUG 3062538]: Fix com2sec* handling of non-default contexts - [BUG ]: enforce max length on TLS secName maps - [PATCH 2119725]: Fix skipNFSInHostResources handling of hrStorageTable - [PATCH 3053436]: from: takevos: fix: tcpConnectionTable_data_access invalid memory access - [PATCH 3057090]: make ethtool support on linux use the high speed struct info for 100G+. - [PATCH 3096725]: Don't register v1Trap callback, if SNMPv1 is not supported - [PATCH 3096725]: Include SNMPv1 trap OIDs in nlmLogNotificationID column - add debug for cert find hint as string/int - add debug for ssl ciphers, clarify fingerprint match debug - com2sec6 directive: If configure has not found getaddrinfo(), non-numeric IPv6 addresses do now trigger an error message. (Backported r19650.) - don't second-guess cache handler (waves hand) this is not the function you are looking for. netsnmp_cache_is_valid() is not meant for mib modules - fix double free in TLS error handling - host/data_access/swinst_rpm: Fixed a memory leak in netsnm_swinst_arch_init(). - host/data_access/swinst_rpm: Pass correct path to rpmdbOpen() such that opening the database succeeds. - host/data_access/swinst_rpm: Pass correct path to rpmdbOpen() such that opening the database succeeds. host/data_access/swinst_rpm: Log an error message if rpmdbOpen() fails. - instead of relying on NETSNMP_DS_LIB_APPTYPE, break out cert table inits to new agent cert init function, called from init_agent. - netsnmp_cache_free(): A more detailed message is now logged when attempting to free a cache that is still in the cache list. (Backported r19524.) - snmpd is again single-threaded. [PATCH 2959811]: Safranek: Reimplement Linux Netlink IPv6 prefix listener. - use cache-unique id instead of handler name for shared cache reload protection - Patch from Claus Klein to fix engineid generation on outgoing v3 traps from the agent - add newly created/destroyed interfaces to ipv6IfTable The list of interfaces was never refreshed, now it is reloaded every time the table is accessed. I've also fixed a memory leak and optimized the loading of the list a bit. snmptrapd: - Fixed a double free at exit that was triggered by cleaning up the data structures used for embedded Perl support. Fixed a double free at exit that was triggered by cleaning up the data structures used for embedded Perl support. Valgrind reported that double free as follows: Invalid read of size 4 at 0x59D0501: perl_destruct (in /usr/lib/perl5/5.12.1/x86_64-linux-thread-multi/CORE/libperl.so) by 0x544DF8E: shutdown_perl (snmp_perl.c:166) by 0x403966: term_handler (snmptrapd.c:318) by 0x6D43A5F: ??? (in /lib64/libc-2.11.2.so) Address 0x7660f88 is 56 bytes inside a block of size 2,912 free'd at 0x4C26496: free (vg_replace_malloc.c:366) by 0x544DF9A: shutdown_perl (snmp_perl.c:167) by 0x6DDADF2: __select_nocancel (in /lib64/libc-2.11.2.so) by 0x404E20: main (snmptrapd.c:1258) snmpinform: - fix contextEngineIDs for outgoing informs from snmpinform to be the local engineID build: - [BUG 3088360]: Ensure python modules are built against the correct libraries building: - Some systems do not support the -E flag to grep, use autoconf to find the right egrep at all times. perl: - 0 patch 3049029: from fennec: fix a memory leak with snmp bulkwalks testing: - Generate a normal #line directive as per C99 instead of the compiler-specific #-directive. - Introduced new test type next to capp and clib: cagentlib. - It is again possible to run an individual test via the script testing/RUNTESTS. - It is now possible to analyze the unit tests with Valgrind by setting the environment variables SNMP_SAVE_TMPDIR and DYNAMIC_ANALYZER. An example: (export SNMP_SAVE_TMPDIR=yes DYNAMIC_ANALYZER="valgrind --trace-children=yes --leak-check=full"; cd testing && ./RUNFULLTESTS -g unit-tests) - Test 71 (com2sec6_simple) does now succeed even if IPv6 DNS resolution is not available. (Backported r19648.) - Test T030 does now pass on MinGW. - Unit tests can now invoke functions from libagent. - Unit tests can now invoke functions from libagent. Added unit test for table_dataset. (Backported from r19450 from the trunk.) unspecified: - [BUG 3102904]: All Net-SNMP C source files are now compiled with -fno-st rict-aliasing, at least if the configured compiler supports this flag. - [PATCH 3074918]: from weizheng: check for CONTAINER_INSERT failures and react appropriately to avoid memory leaks Cygwin: Linux: - [PATCH 3083027]: Fix RPM spec file to support CentOS - agent: ipNetToPhysicalTable: Do not log an error message if one or more interfaces are present that do not have such information (NUD_NOARP), e.g. tunnels. Reported by Stephen Hemminger. See also patch #3107003. - snmpd is again single-threaded. MinGW: - configure: Detection of the functions gai_strerror(), getaddrinfo(), gethostname() and gethostname() does now succeed. (Backported r19646 from the trunk.) - testing: If the agent has been asked to stop, wait until the snmpd process disappeared before proceeding. Win32: - Avoid that MSVC reports a warning message about redefinition of the malloc() macro during building the Net-SNMP source code. - When snmpd.exe is started in a command prompt window, the snmpd process now stops upon the first key press. This makes it easier to debug snmpd.exe for memory leaks. - [PATCH 3085187]: Building via the Microsoft Visual Studio project file (.dsw/.dsp) works again. - building: Avoid that MSVC 2010 prints a warning message about redefining EADDRINUSE. - building: Builds now correctly with a 64-bit compiler. - building: batch build with OpenSSL enabled and with recent OpenSSL development files works again. - shutdown_snmpNotifyFilterTable() and shutdown_winExtDLL() are now invoked when the Net-SNMP service is stopped. (Partially backported r19515 from the trunk.) - testing: Avoid that T200 fails on known Microsoft SNMP extension DLL bugs. *5.6* snmplib: - Add const declarations to the disabled versions of the debugging code as well. - Add missing dependencies between transports. - Add missing symbol netsnmp_snmpSSHDomain_len, make netsnmp_snmpSSHDomain const. - Change oid to be a 32-bit type on ILP64 and LP64 platforms. - Change the parsing of ranges to accept all valid values. - Correct dependencies between transports. Remove unnecessary includes. - Correct the spelling of __cplusplus when checking if the file should be wrapped in extern "C". - Do not require that the UDP transport is included. - Fix agent crash when sending encrypted SNMPv3 traps. Reported by Srikapilan Gandhi - Fix responding to broadcast requests. UDP responses are sent with source IP address which was destination of appropriate requests (implemented in SVN rev. 15215). But if the destination of a request is broadcast IP address, the request was sent with the broadcast address as source. sendmsg() on Linux does not support this and returns error -> response is not sent. In order to send responses from the same interface, interface index of the appropriate interface must be used. - Install library/oid.h. Thanks to "Tomasz Lis" who spotted the bug. - Make the context argument of send_v3trap, send_trap_vars_with_context and netsnmp_send_traps refer to a const char*. - Make the name argument to find_varbind_in_list const - Prevent gcc ped-warning for NETSNMP_REMOVE_CONST - Remove declarations of functions that don't exist or are declared elsewhere. - Remove the oid typedef from . It is still present in , use that file. - Replace the debugging functions with dummies when debugging is disabled. - Revert 17808, instead factor out the declaration of oid to it's own file and include that file from both types.h and asn1.h - Use a void argument for the data argument of xdump. - [BUG 2919320]: Avoid accessing freed memory Reported by Tomasz Lis - [BUG 2922390]: Fix test for missing contextName parameter - [PATCH 2871747]: plug memory leak in OID processing. The memory leaked when small OID, which could fit pre-allocated vp->name_loc, was placed in different (allocated) one. - [PATCH 2942940]: Add a new function, netsnmp_parse_args, that is like snmp_parse_args but takes an additional bitmask, flags, to affect the behaviour. Also remove the magic handling of some application names. - [PATCH 2971270]: refuse to parse ASN.1 tokens with wrong type field. This may yield to problems with third-party applications which may depend on parsing ugly ASN.1 data - we'll see... - add function to validate RowStatus and StorageType varbinds - also remove some duplicate code and fix comments indent mangled - add functions to remove list/row data from request list - add interface for duplicating a container - add interface for duplicating a container container changes: add flags field to container meta-data; chg binary_array container to use container meta-data flags - add remove function to container iterator; implement it for binary_array - added the functions netsnmp_malloc(), netsnmp_calloc(), netsnmp_realloc(), netsnmp_strdup() and netsnmp_free(). - builds again when HAVE_GETADDRINFO is not defined. - conf files can now include other conf files - also tweaked debug tokens here and there - create indexes for certificates in config path - directory container enhancements - fix potential memory leak - add filter callback to filter files returned - add option to return relative and not full paths - add option to sort returned list - add option to return empty container instead of NULL if no files found - change default container name to directory that was scanned - tweak debug/log messages - enhance file utils and dir utils - add optional stats struct to netsnmp_file - generalize dir container filter, add context to callback - add option to store netsnmp_files (w/stats) in container instead of just name - fix potential double free in CONTAINER_FREE - also added several compare routines - netsnmp_container enhancements: - add free_item function; defaults to netsnmp_container_simple_free - add CONTAINER_FREE_ALL macro/function (like CONTAINER_CLEAR but calls container free_item for each item in primary container) - add ability to set options on binary_array containers - new certificate api to support tls/dtls - new snmp token logOption allows specifying log destinations vi conf files - if stderr log enabled because of no log destination, turn it off when a log destination is enabled - don't call netsnmp_enable_stderrlog() from apps anymore - obsoleted NETSNMP_DS_LIB_ALARM_DONT_USE_SIG. From now on using SIGALRM to trigger Net-SNMP alarm handlers is no longer supported. Motivation: as known libnetsnmp supports time-based alarms via the functions snmp_alarm_register(), run_alarms() and other functions. Two different ways to trigger the function run_alarms() are supported inside libnetsnmp: 1. By making sure that the timeout argument of select() is small enough such that select() returns before the next alarm must be handled (when the variable NETSNMP_DS_LIB_ALARM_DONT_USE_SIG is set to one, which is the default). 2. By making sure that the kernel fires SIGALRM at the time when run_alarms() should be called (when the variable NETSNMP_DS_LIB_ALARM_DONT_USE_SIG is set to zero, which has to be configured explicitly). The following issues are associated with the second approach: 1. Alarm functions are used inside Net-SNMP to e.g. refresh cached table contents. As far as I can see there is nothing in the Net-SNMP source code that prevents the following from happening: a table refresh triggered via SIGALRM while a row is being removed from a cached table. This can result in dangling pointer dereferences and even a crash. 2. POSIX restricts signal handlers to calling functions that are either reentrant or non-interruptible (http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02 _04.html#tag_02_04). Standard I/O functions like printf() and fprintf() are neither reentrant nor non-interruptible. run_alarms() is called from inside a signal handler, which means that this restriction applies to the function run_alarms() itself and all functions called by it (which includes the alarm callback functions). Or: e.g. snmp_log() and its callers must not be called from inside run_alarms() when this function is invoked from inside a signal handler. This is a severe restriction, and one that is hard to work with. 3. Not all software developers know how to make sure that signal delivery works correctly in a multithreaded context. POSIX does not guarantee to which thread a signal like SIGALRM will be delivered, unless that signal has been blocked before thread creation and is unblocked after thread creation (see also http://www.opengroup.org/onlinepubs/009695399/functions/pthread_sig mask.html). This is relevant for the Net-SNMP project not only because a worker thread is created inside agent/mibgroup/if-mib/data_access/interface_linux.c but also because libnetsnmp is often used inside multithreaded software. Currently no attempt is made to make sure that SIGALRM is processed by the Net-SNMP event processing loop thread. If SIGALRM is processed by another thread, this will result in one or more data races. Because all the difficulties associated with processing alarms from inside a signal handler function, and because fixing these would require more effort than it is worth, NETSNMP_DS_LIB_ALARM_DONT_USE_SIG has been deprecated and from now on approach (1) is the only supported approach to trigger alarm handlers. - plit snmpIPBaseDomain and move the IPv4 parts to IPv4Base and the socket generic parts to SocketBase. - when freeing a cache, stop timer and call cache free func - also add netsnmp_cache_remove - new experimental simple state machine - new experimental simple state machine new experimental row creation API which uses a state machine to try really hard to create a row from a given varbind list - fix issue with USM using inactive users - fixed potential buffer overflow when generating temp. file names - implemented a fix for the issue reported in patch #3042770. Created a snmp_select_info_flags function, and similar, that allow for alarms to not be run. This is then used in the synch_response functions to avoid 100% CPU loops - patch: 3042770: from mehaf: Made run_alarms() reentrant - when displaying a byte as single digit hex value, default to prefixing with 0 unless there is a seperator or addition hint data - 0 patch 3058645: from jorisesaturnus: modified version of the patch to use MSG_DONTWAIT for the unix domain socket - [PATCH 3067540]: Fix IPv4 OID indexes on 64-bit big-endian systems. snmplib, snmpd: - Do not check if values of type size_t are less than 0. - Make sure that a mask is given to open when O_CREAT is specified snmplib, snmpd, snmpnetstat: - Add correct size prefixes when printing variables of type oid. snmpd: - Add support of network interfaces with HW address bigger than 6 bytes to ipNetToMediaTable and ipNetToPhysicalTable. Some HW, like InfiniBand, uses HW addresses with 9 and more bytes. Snmpd on Linux was not able to parse /proc/net/arp then and produced ugly 'ioctl 35123 returned -1' to log. - Check the range of oid values towards the maximum oid value, notULONG_MAX - Extract the Exit and restart* subroutines from util_func in order to make it possible to build less code for the minimal case. - Fixed creation of views using snmpusm, OIDs with indexes > 255 are allowed now. This reverts SVN commit #7492. - Fixed invalid access to memory in TCP-MIB This partly reverts patch 17719 - the entries *are* used after raw_data container is freed. These entries should be freed when associated rowreq_ctx is freed. - Fixed logging of 'truncating integer value > 32 bits' in IP-MIB and TCP-MIB The counters, which grow fast are now cut to 32bits. - Fixed udpTable indexes on big-endian 64bit Linux. The index was always '0.0.0.0' instead of real local IP address. - Made subtree_context_cache::context_name a const char*. - Make all the oids and oid lengths in agent_trap.c const and use them from everywhere. - Make the enterprise argument of netsnmp_send_traps and send_enterprise_trap_vars const - Only enable hostSwInst rpm support on linux hosts with librpm. This makes it possible to build on non-rpm linux distributions. - Removed the unused function xx_tokenize_exec_command from utilities/execute. - [BUG 2822360]: Fix memory leak when building table OIDs - [BUG 2841008]: Protect against crash following failed AgentX response - [BUG 2873858]: Fix handling of schedOwner index. Patch provided by Max Schubert. - [BUG 2894059]: Handle errors when counting interfaces - [BUG 2897000]: Suppress 32-bit counter truncation warnings. - [BUG 2900078]: Add support for OID variables with size in elements instead of bytes, correct sysObjectID to use this. - [PATCH 2835576]: Fix endianness issues in pass/pass_persist - [PATCH 2877518]: Fix handling of scoped AgentX variables - [PATCH 2883092]: Support monitoring processes that should not be running. Patch provided by Christian (cg75). Qn: Should this functionality be back-ported to earlier lines? - [PATCH 2883220]: Fix compilation problems when ifXTable is not included. - [PATCH 2887816]: Protect against division-by-zero crash - [PATCH 2901029]: Fix compiler warning on CloseHandle() Endian problems already addressed by patch #2835576 - [PATCH 2903092]: Fix broken handling of broadcast entries. - [PATCH 2911323]: Fix agent lockup when monitoring AgentX-delegated information - [PATCH 2911970]: Properly terminate linked list of registrations. Patch provided by Mirko Deckert. - [PATCH 2956657]: Handle over-length AgentX OIDs. Patch provided by Rob West - [PATCH 2967400]: Retrieve error counters for the EtherLike-MIB Patch supplied by Josef Moellers. - [PATCH 2968642]: Catch overflow of pass-through command buffer. Patch from Andreas Jaeger/Leonardo Chiquitto - agent will no longer call table handlers if a set request for the handler has invalid indexes - agent will no longer call table handlers if a set request for the handler has invalid indexes don't call cleanup on first request on bad indexes. instead, set actual error later, and free request data sets on first request for sets - define and use new NETSNMP_LOGONCE macro - fix crash in IF-MIB and IP-MIB when there are some interfaces with broadcast IP address and some without. Reset the bcastentry in the loop, so it cannot be inserted to the twice. Without this patch, when an interface without broadcast address is processed, the bcastaddress from previous loop is inserted into the container. This obviously fails and the bcastentry is freed, but the container still contains reference to it -> SIGSEGV. - fix memory leak in ipAddressPrefixTable - net_snmp_search_update_prefix_info returns different code, when the entry was not inserted to list and can be freed. - fix rare race condition when reading RPM database. Old rpm versions return NULL instead of Header when another RPM instance holds database locks. I.e. snmpd sometimes crashes when reading hr_swInst and rpm is installing/updating/removing another package. As a solution, whole RPM cache is thrown away and re-read when we got an error from librpm. The whole process is restarted only three times, to prevent endless loop. - fixed a memory leak in TCP-MIB. - fixed filedescriptor leak in Etherlike-MIB and RMON-MIB - fixed memory leak when reading sensors for LM-SENSORS-MIB. - fixed one leak-at-exit. - include local port number in packet dumps. An example: Received 36 byte packet from UDP: [127.0.0.1]:53909->[127.0.0.1]:1161 0000: 30 22 02 01 01 04 06 70 75 62 6C 69 63 A1 15 02 0".....public... 0016: 04 37 F2 D4 9B 02 01 00 02 01 00 30 07 30 05 06 .7.........0.0.. 0032: 01 01 05 00 .... Received SNMP packet(s) from UDP: GETNEXT message -- ccitt.1 Sending 118 bytes to UDP: [127.0.0.1]:53909->[127.0.0.1]:1161 0000: 30 74 02 01 01 04 06 70 75 62 6C 69 63 A2 67 02 0t.....public.g. 0016: 04 37 F2 D4 9B 02 01 00 02 01 00 30 59 30 57 06 .7.........0Y0W. 0032: 08 2B 06 01 02 01 01 01 00 04 4B 4C 69 6E 75 78 .+........KLinux 0048: 20 61 73 75 73 20 32 2E 36 2E 33 33 2E 32 2D 73 asus 2.6.33.2-s 0064: 63 73 74 20 23 31 20 53 4D 50 20 50 52 45 45 4D cst #1 SMP PREEM 0080: 50 54 20 53 61 74 20 41 70 72 20 33 20 32 31 3A PT Sat Apr 3 21: 0096: 31 30 3A 35 38 20 43 45 53 54 20 32 30 31 30 20 10:58 CEST 2010 0112: 78 38 36 5F 36 34 x86_64 - made sure that handler registration failure does not create dangling pointers in the MIB subtree registry. - report real ifSpeed of network interface even it is down. Some interfaces can report their real speed, even they are down. And if they can't, the fallback to 10Mbps is still there. - table_data/tdata next handler will not be called during get processing if no valid rows are found for the handler - tdata helper now saves flags passed during creation; add tdata flag to NOT create the table container - translate NOSUCH*/ENDOFMIB errors during RESERVE1 to NOCREATION - utilities/execute do not need anything from util_funcs, so stop depending on it. - fixed value of IP-MIB::ipv6InterfaceForwarding on Linux The value was 0 (not forwarding) or 1 (forwarding), should be 2 and 1 instead - netsnmp_interface_entry.forwarding_v6 is boolean, not TruthValue. - new API for indicating that persistent store needs to be saved after the current request finishes processing - [BUG 3003981]: Protect against buffer overflow - [BUG 3019243]: Register execFix compatability directive correctly. - patch 2912520: from listom: Free kmem references on shutdown - patch: 3028923: from jenso: new copy of the bridge-mib perl implementation - report gfs filesystems in hrStorageTable and hrFSTable. - [PATCH 2904900]: Documentation plus assorted handler code fixes - [PATCH 2911361]: Documentation (Provided by Tomasz Lis) - [PATCH 2911361]: Re-order code to group related functions together - [PATCH 2911361]: Remove redundant variables - [PATCH 2931446]: make the load averages writable. - [PATCH 3044512]: fix sysobjectid directive. - patch 2790249: from willpwillp: reduce cache time for the iftable to 3seconds to increase accuracy - patch 2825653: from bru5ce: fix sendmail.cf parsing in certain conditions - Log before returning. - [PATCH 3053428]: fix get_pid_from_inode when the inode is not found. - [PATCH 3058140]: check that inode is non-zero - patch 3062526: from mariog85: fix security engineID setting in the trapsess directive snmpdlib: - new functions to make stash ptr and newrow available to table_dataset handlers nonews: fix typo; tabs to spaces; use sizeof instead of constant snmpdx: - changed default TCP target from 0.0.0.0:705 to localhost:705. This is not only a more secure choice but it also makes it possible on Windows systems to let an AgentX subagent connect to an AgentX master agent running on the same system without having to set the variable NETSNMP_DS_AGENT_X_SOCKET. snmptable: - [BUG 2837998]: Handle missing instance subidentifiers in results - [PATCH 2850067]: Suppress extraneous "index" header token Patch supplied by Dan Nelson snmpusm: - Prefer to use a variable of the right type over an ugly cast. Lessen the scope of the variable as well. - patch from Martin Bjorklund to add a -Cw option to use createAndWait for agents that are strict about not allowing a row to be set to active until the authentication password has been changed; plus white-space clean up, manual additions and help output modifications by hardaker - Correct ifdefs, remove dead variables. man: - clean up manual pages (from Debian patch 56_manpage) snmpwalk: - Handle the case when the end oid is longer than the current oid correctly apps: - Add command to send AgentX notify requests to a master agent. - Generic host-specific configuration snmp.conf files are now read. See the HOST-SPECIFIC FILES section of the snmp.conf manual page. - Only build agentxtrap if the agentx libraries are built. Add a test case for agentxtrap. The enablement/disablement is inspired by automake conditionals - T command line flag can be used to configure transports - A new 'snmptls' command for manipulating the agent's TLS configuration apps, snmplib: - [PATCH 2835577]: identified by "Bart Van Assche": Replace SNMP_ZERO of arrays with a memset. snmptranslate: - fixed printing of ranges with UNSIGNED type. build: - [PATCH 2952020]: Explicitly set permission on temporary testing output directories. Patch provided by Leonardo Chiquitto. - run rpm configure checks for hr_swinst rewrite (rpm version only) - Do not call vacm_standard_views() or init_vacm_config_tokens() if the corresponding module was not compiled (from Debian patch 61_vacm_missing_dependency_check) - Fix ipv6 generic case so test matches verification building: - 'make test TESTOPTS="-P tcp"' works fine now - 0 In case exec_prefix is unset then set it to '${prefix}' in order to pick up overrides of $prefix in make install. - Building Net-SNMP with dmalloc support enabled is again possible. - Do not link with libnetsnmphelpers any more as it is empty. - Fixed compilation with rpm-4.6. Turn on the legacy API when rpm-4.6 is detected. - Introduced the variable 'with_socklib' in the configure script. This variable is set to "winsock2" for MinGW and to "default" for all other systems. Winsock2 tests are only run if this variable is set to "winsock2" (MinGW). - OS header detection check is now run before IPv6 stack detection. - Use AC_REPLACE_FUNCS to handle code that is missing on some platforms. - Use autoconf to decide if inet_ntop.c and inet_pton.c are to be compiled. - Use the same compiler command and flags for building of tests as for building of the code, thus enabling test of e.g. 32-bit code compiled on a 64-bit platform. - abort if the file program could not be found, since this is essential for proper operation of libtool. - added detection of lm_sensors version. I am not Autoconf guru, so I hope I got it right. The goal is to define NETSNMP_USE_SENSORS_V3 *before* config_modules_agent processes agent/mibgroup/hardware/sensors.h. - made sure that the configure script does no longer invoke "tail -1", which is not POSIX-compliant. - save configure cache every once in while - update Version-Munge for renamed configure.ac - when generating a default value for the system location and no domain name is found in /etc/resolv.conf, use "@no.where" instead of "". - Add new test* entries from the testing Makefile.in to the top-level Makefile.in building, Win32: - Remove a few unused configure symbols hpux: - fix build error on HP-UX 10.20 libnetsnmp: - Support for a stream-line stripped down version of internal OpenSSL support using --with-openssl=internal libnetsnmpagent, libnetsnmphelpers: - moved the functions netsnmp_bulk_to_next_fix_requests(), netsnmp_get_bulk_to_next_handler(), netsnmp_register_null(), netsnmp_register_null_context() and netsnmp_register_old_api() from libnetsnmphelpers to libnetsnmpagent. Notes: - This does not affect backwards compatibility for applications that link with $(net-snmp-config --agent-libs) since this involves linking with both libnetsnmphelpers and libnetsnmpagent. - Functions have been moved between libraries by moving entire source files. library: - [PATCH 2952140]: Overflow counter32 and gauge32 on 64bit systems correctly Patch provided by Leonardo Chiquitto libsnmp: - changed the type of the fourth argument of netsnmp_set_row_column() from const char* to const void* such that no cast is necessary when passing another datatype then char* or const char*. man: - [BUG 2972860]: Update broken references mib2c: - Remove unnecessary casts to u_char* - [BUG 2888569]: Fix generation of table columns array - mib2c can now optionally run sed on generated code - table_data template enhancements - add error checks during table init - create cache earlier so we can bail on failure - add option to create/delete row w/out adding/removing from container - update inline documentation; add storagetype test for columns mibs: - [BUG 2973890]: Fix imports, DiskIOEntry list and revision histories - patch 2974716: from bvassche: fix issues in the SMUX-MIB misc: - [PATCH 2836112]: Use the right modifier when printing size_t and ssize_t variables. - [PATCH 2952708]: Osterkamp: Added Perl implementation of BRIDGE-MIB perl: - NetSNMP::agent::netsnmp_request_infoPtr::getValue(): don't return a pointer to a buffer on the stack. How can this have worked reliably ?? NetSNMP::agent::netsnmp_request_infoPtr::setValue(), ASN_COUNTER64: fixed bug that could cause this method to fail even when a valid number was provided. - [PATCH 2890931]: Better handling of Counter64 values. Patch provided by Max Romanov. - fixed a memory leak triggered by destroying a NetSNMP::agent::netsnmp_handler_registration object. - fixed a memory leak triggered by destroying a NetSNMP::agent::netsnmp_handler_registration object. fixed a memory leak triggered by failure of creating a NetSNMP::OID object. - fixed a memory leak triggered by destroying a NetSNMP::agent::netsnmp_handler_registration object. fixed a memory leak triggered by failure of creating a NetSNMP::OID object. fixed a memory leak triggered by the NetSNMP::OID::gettable() subroutine. - fixed a memory leak triggered by destroying a NetSNMP::agent::netsnmp_handler_registration object. fixed a memory leak triggered by failure of creating a NetSNMP::OID object. fixed a memory leak triggered by the NetSNMP::OID::gettable() subroutine. fixed an out-of-bounds array access triggered by the implementation of NetSNMP::SNMP. fixed a memory leak triggered by a PDU processing error in NetSNMP::SNMP. fixed memory leaks triggered by creating an SNMPv3 session via NetSNMP::SNMP. Also fixed the uninitialized variable accesses triggered by adding a varbind to a PDU via NetSNMP::SNMP introduced a few days ago. The bugs mentioned above have been found by inspecting the output of the following shell command: cd perl && valgrind --trace-children=yes --leak-check=full make test python: - [BUG 2919379]: Initialise SNMP sessions properly Provided by Diego Billi - [PATCH 2001656]: Handle null-termination of string values properly. Based on the principles of the patch from Tommy Beadle. - Support null-bytes in octet strings Patch supplied by Tommy Beadle - [PATCH 3035328]: from: sws: check the results of session creation for a failure case. - patch 3035578: from sws: keep error codes up to date testing: - Brand new test suite desigened to eventually test more functionality, provide for support of unit-tests and support of API tests - Change the test suite to work even if mib lookup is disabled. - Check the size of sun_path and use that to generate the maximal size strings for stressing com2secunix. - Make it possible to run the test suite from anywhere. Change the -D option to expect the path of the top source directory. Add an -srcdir option that is an alias for -D. Add an -builddir option to designate the directory where the test object is. Put srcdir and builddir in the environment for the test scripts Factor out the grep part of SKIPIF and SKIPIFNOT to ISDEFINED Use more readable keys in the opts hash in RUNFULLTESTS Adjust everything to use srcdir and builddir - Move the setting of MIBDIRS from the support script to the drivers since it is needed for the C tests as well. - Use olducd_run, not run_olducd. Change srcdir to refer to the top directory and not the testing subdirectory as that is what is expected in the test scripts. - add the test name to the start of the file "invoked". - made it possible to analyze all code covered by the regression tests with a dynamic analyzer, at least if that analyzer supports following child processes. An example: rm -rf /tmp/snmp-test-* make -s SNMP_SAVE_TMPDIR=yes DYNAMIC_ANALYZER="valgrind --trace-children=yes --track-origins=yes" make -s test grep -i uninitialised /tmp/snmp-test-* | xargs less unspecified: - Change the types of the return values of netsnmp_*_getSecName from char* to const char* since they point into internal structures. - Hide most functions and variables in the logmatch module. Cleaned up the header accordingly. Remove the need for forward declarations by reordering the functions. - Make the lists of com2Sec*Entries static - [BUG 2838243]: Correct the output of unsigned values. Thanks to Jack Huang of Qualcomm who pointed out this bug. - [BUG 2969872]: made sure that SOCK_STARTUP is invoked before init_agent() on Windows. - [BUG 2971257]: Fixed winExtDLL handling of multi-varbind getNext requests with OIDs in reverse lexicographical order. - [PATCH 2926374]: from Ed Swierk: fixed reading of ipAddressTable from /proc/net/if_inet6 on Linux The kernel might provide longer fields, especially on 64-bit systems. - [PATCH 2952034]: Return of the Great SuSE 'sprintf' Hunt... Patch supplied by Leonardo Chiquitto - add functions to get fingerprint from cert and log openssl errs - added a new DEBUGTRACETOK() macro - correctly calculate ifXTable.ifHCInUcastPkts on 32-bit Linux Linux does not provide standalone counter for incoming unicast packets (iucast) - it provides counter of all packets (iall) + separate counter for the multicast ones (imcast). Previous implementation of ifTable read these counters and calculated iucast = iall - imcast *before* these values were expanded into 64bits. This produced errors on 32bit systems when iall overflowed to zero and imcast was nozero -> iucast got negative and 'c64 32 bit check failed' error in snmpd log. Now the agent expands these values to 64bits first and * *then* performs the calculation, using a new flag. 2010-05-27 08:18 magfr - fixed memory leak in RMON-MIB and ETHERLIKE-MIB when there are multiple aliases of an network interface Rationale: the aliased interfaces have the same ifIndex -> CONTAINER_INSERT fails, but the rejected entry was not freed. - generate the transport initialization function list dynamically and use it - moved all functions defined in libnetsnmphelpers to libnetsnmpagent. libnetsnmphelpers is now an empty library. - moved transport code into a separate subdirectory in snmplib - [BUG 3027900]: when cross-compiling it is now assumed that memcmp() is available instead of assuming that it is not available. - Do no double declare the index values. - Handle embedded %'s in the result message. - ilence some compilation warnings from test cases. Cygwin: - IPv6 is only supported under Cygwin 1.7 or later. The old implementation of IPv6 support in Net-SNMP under Cygwin involved a strange mixture of Cygwin and Winsock2 socket calls, which was too hard to maintain. - IPv6 is only supported under Cygwin 1.7 or later. The old implementation of IPv6 support in Net-SNMP under Cygwin involved a strange mixture of Cygwin and Winsock2 socket calls, which was too hard to maintain. builds again with IPv6 support enabled (--enable-ipv6). At least Net-SNMP 5.5 doesn't build under Cygwin with IPv6 support enabled. The configure script reported "checking ipv6 stack type ... result: "unknown, no" ... error: IPv6 transports not available if IPv6 support is not enabled". - [BUG 2939168]: byte order of udpLocalPort is now correct. - [BUG 2939168]: fixed test infrastructure ("make test"). This has been fixed by using the proper environment separator character and by adding the path of the netstat executable for Cygwin in testing/TESTCONF.sh. - abort if the file program could not be found, since this is essential for proper operation of libtool. neither compile nor link winpipe.c. - building with another OpenSSL package than the Cygwin-provided packages openssl and openssl-devel is again possible. - builds now also when the source files are located on a Samba filesystem instead of a local filesystem. - enabled Unix transport. (Forward-ported r18687 from the V5.5 branch). - libnetsnmp does now build as a DLL when configured with --enable-shared. - libnetsnmp does now build as a DLL when configured with --enable-shared. perl modules do now build (--with-perl-modules). Note: the T060trapdperl_olducd, T061agentperl_olducd and T115agentxperl_olducd tests still fail. - libnetsnmpmibs, libnetsnmphelpers and libnetsnmpagent do now build as a DLL when configured with --enable-shared. - perl: building the Perl modules with the Cygwin Perl package is now possible. (Forward-ported r18688 from the V5.5 branch.) - the message "configure: WARNING: winsock.h: present but cannot be compiled" does no longer appear when running the configure script. Follow-up for r18050: re-enabled libiphlpapi and iphlpapi.h tests for non-MinGW platforms since the Cygwin build needs these. - corrected error handling in mibII/at. Linux: - Improved EtherLike-MIB support Patch supplied by Josef Moellers - builds again with embedded Perl disabled (bug 2985915). MinGW: - building with another OpenSSL package than the Cygwin-provided packages openssl and openssl-devel is again possible. building with OpenSSL works again. - running the regression test suite is again possible ('make test'). - struct sockaddr_in6.sin6_scope_id configure test does now work. - winExtDLL compiles now under MinGW. building Net-SNMP works again. Detailed overview: * Changes in the configure script: - refuse to run the regression tests if kill.exe cannot be found. - run_shell_command() with either input or output (but not both) does now work. This did not work until now because on MinGW mkstemp() generates a MinGW-style path (/tmp/...) while system() invokes cmd.exe and hence expects a Windows-style path (C:\...). - testing: skip the tests that require SIGHUP since MinGW does not support SIGHUP. - tests T059 and T065 do now pass. - tests T110, T111, T112, T120, T121 and T122 do now pass when snmpd is built with winExtDLL support enabled. Solaris: - OS header detection check is now run before IPv6 stack detection. sockaddr_in6.sin6_addr configure test does now work. - Protect against missing package version information crashing the agent. Problem reported by Inyaven Sakarai. Win32: - Fix batch build using recent versions of Visual Studio. Partial back port of SVN revisions 17573 and 17696. - The header file is no longer included from . Or: the header file will have to be included explicitly in source files that need the declaration of the function ftime(). Note: compared to r18024 and before, this change does not affect BSD systems -- was only included from on BSD systems in revisions r18025..r18152. - added #include in win32/net-snmp/net-snmp-config.h such that the MSVC compiler doesn't get confused by the malloc redefinition when building libsnmp as a DLL. - added the functions netsnmp_malloc(), netsnmp_calloc(), netsnmp_realloc(), netsnmp_strdup() and netsnmp_free(). snmplib: removed the troublesome #define malloc netsnmp_malloc etc. This means that when calling functions from the Net-SNMP DLL from C or C++ code that is being linked against another version of the MSVC runtime DLL than the Net-SNMP DLL, and when allocating memory that will be freed by the Net-SNMP DLL, you will either have to call the Net-SNMP memory allocation functions explicitly or redefine malloc() etc. yourself. - batch build: replaced the obsolete /GX by the equivalent /EHsc. - batch build: replaced the obsolete /GX by the equivalent /EHsc. batch build: added /D "_CRT_SECURE_NO_WARNINGS" /D "_CRT_NONSTDC_NO_WARNINGS" to make building with MSVC 2008 more silent. - batch build: replaced the obsolete /GX by the equivalent /EHsc. batch build: added /D "_CRT_SECURE_NO_WARNINGS" /D "_CRT_NONSTDC_NO_WARNINGS" to make building with MSVC 2008 more silent. batch build: removed /Fp... and /YX. These options influence how precompiled header files are generated, which are not used inside the Net-SNMP project. /YX is not supported by MSVC 2008. - batch build: replaced the obsolete /GX by the equivalent /EHsc. batch build: added /D "_CRT_SECURE_NO_WARNINGS" /D "_CRT_NONSTDC_NO_WARNINGS" to make building with MSVC 2008 more silent. batch build: removed /Fp... and /YX. These options influence how precompiled header files are generated, which are not used inside the Net-SNMP project. /YX is not supported by MSVC 2008. batch build: removed a duplicate occurrence of strtoull.obj. - building: Added libsnmp.def to the list of libsnmp_dll.dsp source files such that the DLL is rebuilt when the .def file has been modified. - building: building NetSNMP.pm does no longer trigger compiler warnings about redefining _WIN32_WINNT nor NTDDI_VERSION. - building: converted .dsp/.dsw files to .vcproj/.sln files. This implies that support for MSVC 6.0 has been dropped and the minimum Microsoft Visual Studio version required to build the Net-SNMP source code is Microsoft Visual Studio .NET (2002). - building: made building NetSNMP.pm more silent by adding the MSVC compiler flags -D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_WARNINGS. - building: made building more silent by not redefining malloc() or free() during compilation of Perl extensions (resulted in warnings about malloc() / free() redefinition in the Perl header CORE/XSUB.h). - building: renamed libsdll.dsw into win32dll.dsw. - building: renamed libsdll.dsw into win32dll.dsw. building: simplified linking the Net-SNMP applications with netsnmp.dll by adding all application projects to the same workspace that is used for building the DLL. - building: renamed libsdll.dsw into win32dll.dsw. building: simplified linking the Net-SNMP applications with netsnmp.dll by adding all application projects to the same workspace that is used for building the DLL. building: made building netsnmp.dll less error prone by letting the compiler print an error message if the preprocessor symbol NETSNMP_USE_DLL has not been defined. - building: simplified the build process by removing the file win32/libsnmp_dll/libsnmp.def.in. Which IPv6 functions are exported from netsnmp.dll is now determined by which of the functions in this DLL have been declared as NETSNMP_IMPORT. - building: simplified the procedure for building with SNMPv3 support enabled (OpenSSL). - changed the type of the fourth argument of netsnmp_set_row_column() from const char* to const void* such that no cast is necessary when passing another datatype then char* or const char*. changed in_addr_t from u_int to u_long such that it matches the datatype of sockaddr_in::sin_addr. Also, fixed several compiler warnings (mostly char * <> u_char * mismatches) and removed some casts. - declared all functions that are exported from the Net-SNMP DLL as NETSNMP_IMPORT. The result is a minor optimization: code that uses the Net-SNMP DLL will now call the DLL-exported functions directly instead of indirectly via the stub in the import library. - exported netsnmp_read_module() from netsnmp.dll such that NetSNMP.pm builds again. - exported netsnmp_set_line_buffering() from netsnmp.dll. - libsnmp builds again as a DLL when IPv6 is enabled. - perl: fixed several "Free to wrong pool" errors. Note: since calloc() is not redefined in using calloc() directly or indirectly leads to "Free to wrong pool" errors, at least on Windows. - winExtDLL: don't trigger a netsnmp_assert() when no extension DLLs have been loaded. - winExtDLL: fixed a bug in getNext handling that could cause the MIB output to be truncated. - winExtDLL: multiple varbind set requests are now processed correctly. - winExtDLL: multiple varbind set requests are now processed correctly. winExtDLL: made error codes in SNMP response PDUs as RFC-compliant as possible. - winExtDLL: multiple varbind set requests are now processed correctly. winExtDLL: made error codes in SNMP response PDUs as RFC-compliant as possible. winExtDLL: if loading an extension DLL fails, the reason why loading failed is now logged. - winExtDLL: multiple varbind set requests are now processed correctly. winExtDLL: made error codes in SNMP response PDUs as RFC-compliant as possible. winExtDLL: if loading an extension DLL fails, the reason why loading failed is now logged. winExtDLL: fixed a memory leak that occurred when SnmpExtensionQuery(Ex) failed. This memory leak has been found via source reading. Note: it is not clear whether it was possible to trigger this memory leak. This leak is certainly not triggered by every request for which a response with non-zero error status is sent back. - Suppressed "implicit cast from int to u_char" warnings generated by MSVC. - made sure that accessing the mibII interfaces table does not trigger out-of-range array accesses (was detected by BoundsChecker). - Fix build under MinGW back/forward port of revision 18631 *5.5* snmplib: - [BUG 1171904]: fix recvfrom hangs (already closed) - [BUG 1345296]: fix recvfrom hangs (already closed) - [BUG 1600171]: Support longer community strings in VACM config. - [BUG 1619827]: improve handling of link dependencies - [BUG 1660061]: Validate engineIDs more strictly. - [BUG 1795840]: Signed 32-bit truncation logged as debug message - [BUG 1866655]: Handle parsing invalid OID subidentifiers - [BUG 1898198]: Avoid a segfault when parsing broken mibs. - [BUG 1958041]: Ensure IDs are not truncated. - [BUG 1976772]: Changed mib parser to handle long binary/hex strings. - [BUG 2001124]: Allow embedded NUL characters in usmUserPublic - [BUG 2027834]: Extend string print buffer by the minimum necessary. - [BUG 2099985]: Added const qualifiers to time conversion routins - [PATCH 2827722]: Improve strtoull to be less MSVC-specific - [BUG Coverity #183]: fix memory leak if IP_PKTINFO fails - [PATCH 700681]: limited support for UDPv4 broadcast addresses - [PATCH 1548670]: Fix range checks for unsigned integers (Debian bug #383380) - [PATCH 1592706]: Fix memory leak when cloning varbinds. - [PATCH 1616912]: fix memory leak in snmp_udp_transport - [PATCH 1620424]: Honor NETSNMP_DS_LIB_DEFAULT_PORT over the default system - [PATCH 1627049]: New API to handle large numbers of file descriptors. - [PATCH 1634620]: Fix leaks from create_user_from_session failure. - [PATCH 1640114]: Don't store trailing null character. - [PATCH 1641895]: Extend short view masks (as per RFC specs) - [PATCH 1641972]: add missing const - [PATCH 1642071]: Don't fiddle with the storage of pre-existing users. - [PATCH 1645698]: fix 64-bit signed integer encoding - [PATCH 1653670]: Consistent SNMPv3 behaviour when opening sessions. - [PATCH 1665543]: Handle VACM checks correctly. - [PATCH 1681030]: Better handling of empty apptype configs. - [PATCH 1681977]: Add callbacks prior to reading config. - [PATCH 1687316]: Don't drop const from casts. - [PATCH 1687317]: Remove an unused local variable - [PATCH 1687318]: Make _sess_selpol_info static. - [PATCH 1687319]: Declare snmp_sess_read_extd() - [PATCH 1687325]: Fix problem with operator precedence. - [PATCH 1687337]: Implement _sess_open in terms of snmp_sess_add - [PATCH 1728247]: Clean up int64 type checking and usage for building packets - [PATCH 1737085]: fix the -M switch for mib parsing vs defaults - [PATCH 1768285]: Count MIB files correctly in add_mibdir() - [PATCH 1775124]: Fix clientaddr functionality - [PATCH 1806336]: fix -LS option parsing - [PATCH 1807489]: fix ignoring of display hints. - [PATCH 1811469]: read_config_files_in_path() reads past malloc'd buffer - [PATCH 1875022]: improve callback locking mechanisms - [PATCH 1882069]: Add token for specifying an exact SNMPv3 engineID - [PATCH 1895927]: change obsolete recv/send to recvfrom/sendto - [PATCH 1898204]: Avoid a segfault when parsing broken mibs. - [PATCH 1916840]: new config option to set SNMPv1 trap agent address [PATCH 1916840]: introduce netsnmp_gethostbyname_v4 - [PATCH 1921861]: Avoid endless loop after truncating 64bit int - [PATCH 2003450]: Fix a couple of 64-bit problems. - [PATCH 2043018]: fix recvfrom hangs - [PATCH 2258229]: Remove misleading comment - [PATCH 2479700]: Fix zoned IP address used as table indices - [PATCH 2492377]: Fix typo/bug in snmp_enable_callback() - [PATCH 2505488]: Fix alarms not triggered due to large clock skews. - [PATCH 2538169]: Prevent infinite retries for an invalid error-index. - [PATCH 2689362]: Fix handling of IPv6 hostnames. - [PATCH 2713841]: Fix runtime errors triggered by high-ASCII chars - [PATCH 2772787]: Cleaner approach to handling large fd_sets. - [PATCH 2780411]: Fix compiler warnings - [FEATURES 454028]: Detect empty MIB index files. - [FEATURES 851887]: Report range information for invalid SET requests. - [FEATURES 1041888]: Check directory paths for config files. - [FEATURES 1407476]: Rename 'strictCommentTerm' to reflect actual behaviour. - Add GCC format checking attributes to the debug functions. - Add iterator for singly linked lists - Correct MAX_ENGINEID_LENGTH to 32 (as per SnmpEngineID TC) - Correct registration of multiple premib config handlers. - Deallocate various resources in shutdown_mib - Do not leak memory whenever an udp address is formatted. - Do not try to look up empty strings as hostnames for IPv6 - Fix forwarding encoding - Fix potential buffer overflow in sprintf for UDP/IPv6 - Handle mapping complex transport strings to simple name definitions - Hardcode default port numbers (rather than use getservbyname) - Implement RFC5343 contextEngineID probing. - Improve CONTAINER_INSERT handling of partial failure with multiple indexes - Improve netsnmp_watcher_info to handle statically allocated data. - Introduce printf-like versions of config_perror and config_pwarn - Library layering improvements - Read def{Target,Domain} from snmp.conf as well as .conf - rename MIB macro to NETSNMP_MIB2_OID, MIB is too generic and may conflict with applications. The old MIB macro is kept for backward compatibility, unless NETSNMP_NO_LEGACY_DEFINITIONS is defined. snmpd: - [BUG 902610]: Don't discard pending data following a TRAP. - [BUG 902801]: Fix ordering of SMUX-registered subtrees. - [BUG 1046327]: Reset "includeAllDisks" flag when reloading. - [BUG 1102058]: Skip non-mounted disks (e.g. swap partitions) - [BUG 1397895]: include missing interface declarations - [BUG 1400101]: remove deleted interfaces from ifTable - [BUG 1413728]: Reference index values in debug output correctly. - [BUG 1416276]: Handle dependency on MIB parsing API. - [BUG 1546817]: Fix snmpEnterprise varbind when forwarding v1 traps. - [BUG 1558823]: fix ipAddressTable memory leak - [BUG 1600261]: Handle non-x86 /proc/cpuinfo format - [BUG 1600432]: Handle signals properly when restarting the agent. - [BUG 1602286]: Don't let table holes block later rows. - [BUG 1628613]: Restore memTotalFree.0 on Solaris - [BUG 1633595]: Fix AgentX handling of Counter64 values - [BUG 1677063]: Check for failed malloc calls. - [BUG 1685067]: More precise handling of SNMPv3-admin MIB tables. - [BUG 1685081]: Check for valid OID on Free/Undo passes. - [BUG 1693039]: be silent when insert fails. - [BUG 1712988]: default/configurable max # varbinds returned by GETBULK - [BUG 1745113]: Handle single-line output in UCD compatability mode. - [BUG 1748206]: Protect against failures to open /etc/mtab (or equiv) - [BUG 1758212]: Handle missing variable types (IpAddress,Counter,Opaque) - [BUG 1760633]: fix typo in debug message - [BUG 1771221]: Retain ifLastChange information on data reload. - [BUG 1792890]: include CIFS mounts when skipping remote filesystems - [BUG 1822360]: Fix spinlock helper error handling. - [BUG 1912647]: Fix memory leak following failed requests. - [BUG 1931391]: Fix reporting of Memory buffers and cached memory. - [BUG 2001124]: Allow embedded NUL characters in usmUserPublic - [BUG 2003144]: Increase size of AgentX packet build buffer - [BUG 2006786]: Interface name can have more than 8 characters. - [BUG 2018031]: Don't probe engineID in internal monitor sessions. - [BUG 2693670]: Don't open (& clobber) AgentX socket if other transports fail - [BUG 2822355]: Fix memory leaks on udpEndpointTable (linux) Patch supplied by Frank Lichtenheld - [PATCH 1225440]: Delay sighup till it is safe. - [PATCH 1257347]: Non-fixed size connection buffer - [PATCH 1550730]: Report errors from iterator-based handlers. - [PATCH 1585146]: Extend range of available error codes - [PATCH 1595568]: fix delegated SET requests from agentx subagents - [PATCH 1601188]: Handle signals properly when restarting the agent. - [PATCH 1601453]: Dynamic Memory failure handling improvements - [PATCH 1617255]: fix length of the history array to match code. - [PATCH 1620424]: Fix default port for sending notification - [PATCH 1625069]: speed improvements for solaris routing table access - [PATCH 1639282]: Save persistent snmpTargetParamsTable settings correctly. - [PATCH 1639726]: Report physical memory correctly on *BSD - [PATCH 1641332]: Include missing agent config definitions. - [PATCH 1641685]: Handle unresponsive AgentX subagents more reliably. - [PATCH 1641865]: Don't double check snmpTrapOID in the filter table. - [PATCH 1642255]: Handle saving long snmpNotifyFilterTable entries. - [PATCH 1644280]: Don't automatically probe for v3 EngineIDs. - [PATCH 1644280]: Use the correct engineID when sending v3 traps. - [PATCH 1644714]: replace last use of deprecated copy_word by copy_nword - [PATCH 1654424]: Handle row deletion issues in dataset tables - [PATCH 1657741]: Handle 64-bit types via pass mechanism. - [PATCH 1659623]: Handle SMUX peers with an empty password. - [PATCH 1665543]: Handle VACM checks correctly. - [PATCH 1665549]: Handle creating VACM entries correctly. - [PATCH 1665985]: Implement ipReasmTimeout - [PATCH 1666737]: include IPv6 traffic in various UDP counters. - [PATCH 1668193]: Fix check for v6 ReasmMaxSize support. - [PATCH 1668193]: Update registration of ReasmMaxSize support. - [PATCH 1668952]: Ignore zombie processes. - [PATCH 1669048]: Add support for ipv6InterfaceIdentifier - [PATCH 1676478]: fix udpEndpointRemoteAddress - [PATCH 1678301]: Deallocate domain registry at shutdown - [PATCH 1678305]: Deallocate cache in hardware/cpu/cpu on shutdown - [PATCH 1678306]: Deallocate log in notification-log-mib/notification_log - [PATCH 1678788]: Better handling of SMUX socket descriptors. - [PATCH 1681043]: clean up helper includes - [PATCH 1683054]: set udpEndpointInstance to identify different processes. - [PATCH 1687336]: Start using the enhanced read_config interface - [PATCH 1692768]: Fix copying of non-octet-aligned IP address prefixes. - [PATCH 1692817]: Improved RFC 4293 support (inc. non-unicast/random IP addresses) - [PATCH 1698184]: Register non-default context integers as writable. - [PATCH 1700157]: Fix ordering of exec tokens in MIB output - [PATCH 1700730]: Remove unused extern declaration. - [PATCH 1700732]: Fix debug output statements. - [PATCH 1700737]: Tidy up setSerialNo implementations. - [PATCH 1702361]: Read stats from /proc/net/snmp6 - [PATCH 1702366]: Support for icmpStatsTable - [PATCH 1703004]: Consolidate snmp6 handling. - [PATCH 1710632]: fix memory leak on broken container insertions for the ipAddressTable - [PATCH 1715395]: fix icmp table errors in new icmp code - [PATCH 1715406]: registration ordering fixes for icmpStatsTable - [PATCH 1716548]: Fix help output so no space is printed between -D and arguments. - [PATCH 1719253]: fix skipNFSInHostResources for multiple walks - [PATCH 1721096]: remove unused variable stats from kernel extraction for better portability. - [PATCH 1723611]: New implementation of the RMON alarmTable - [PATCH 1729629]: Fix memory leak in disman agent. - [PATCH 1737439]: automatic link up/down traps on a walk - [PATCH 1744157]: Report duplicate "extend/exec" identifiers. - [PATCH 1746831]: fix process checking race condition under Linux and platform #ifdefs - [PATCH 1752934]: Fix off-by-one qsort error in table utilities. - [PATCH 1753437]: Fix error index on failing SET requests - [PATCH 1753449]: Fix AgentX error propagation - [PATCH 1753463]: Fix AgentX subagent ping alarm handling - [PATCH 1758208]: Fix memory leak - [PATCH 1783733]: Put the package version number into the hrSWInst table for solaris. - [PATCH 1784747]: Fix long usage for ip adresses on 64 bit systems in various MIB-II tables. - [PATCH 1797111]: implement IP-MIB::ipIfStatsTable - [PATCH 1804445]: High order bits of HCInOctets not set on Solaris - [PATCH 1806501]: Add API for sending traps with a snmpv3 context - [PATCH 1823465]: fix icmp cache registration - [PATCH 1823800]: release and reload all trap destinations on SIGHUP - [PATCH 1826088]: Use the right interface to read the netmask - [PATCH 1828839]: to provide better handling of disks mounted on paths with embedded spaces - [PATCH 1849903]: do not spam log with asserts when XEN is used - [PATCH 1866823]: truncate 32 bit counter values on 64 bit machines to avoid bogus warnings. - [PATCH 1879261]: Add in inactive memory to the cached report for freebsd - [PATCH 1882621]: Add LVM support to the partition table - [PATCH 1893468]: fixed registration of OIDs with ranges - [PATCH 1901764]: for supporting logwatch files that are date based - [PATCH 1909813]: fix table_iterator handling of SORTED hint - [PATCH 1916840]: new config option to set SNMPv1 trap agent address - [PATCH 1944581]: Protect against core dumps with long string index values. - [PATCH 1967194]: Recognise NFS4 mounts - [PATCH 1977439]: Fix pass/_persist bug with SET oid value - [PATCH 1995753]: minor cleanup agent/auto_nlist.c - [PATCH 2012402]: don't fail on failure to look up interface error counters. - [PATCH 2014204]: Support -g {groupname} - [PATCH 2022936]: Fix AgentX Counter64 decoding on 64-bit architectures - [PATCH 2082726]: correctly report NIC speeds higher than 4Gbit/s - [PATCH 2103492]: implement RMON-MIB::etherStatsJabbers - [PATCH 2124288]: Fix setting of usmUserPrivProtocol at creation. - [PATCH 2162652]: patch to fix simple hrfs checks when NFS is in use. - [PATCH 2384779]: Fix handling of GetBulk with N>0,M==0 - [PATCH 2406378]: Fix hrSWRunPerfMem on 64-bit Solaris systems - [PATCH 2431353]: Make some C++ compilers happier - [PATCH 2435681]: Enable if-mib rewrite (with sysctl backend) on NetBSD - [PATCH 2435793]: Support 64-bit IF-MIB counters on sysctl (*BSD) system. - [PATCH 2449210]: add 64-bit disk usage statistics to UCD-SNMP-MIB::dskTable - [PATCH 2564552]: provide libnetlink support for loading the tcp table - [PATCH 2686280]: Report duplicate registrations as an error - [PATCH 2791417]: fix snmpd segfault when run with -DALL Patch - [PATCH 2822337]: Fix memory leak in ipAddressPrefixTable - [FEATURES 1019429]: Set supplementary groups via initgroups(3) - Add missing function declarations & include files. - Add support for a user provided length variable and C string values to the watcher helper. - Allow "monitor" to handle negative threshold values. - Automatically reregister sysORTable entries from AgentX subagents. - Clean up notification registrations during Event MIB cleanup - Enforce the lower limit on scalar_groups - Fix CVE-2008-4309 (GETBULK issue reported by Oscar Mira-Sanchez) - Fix memory leak when multiple interfaces have the same IPv6 address - Fix two bugs with smux password support. - Handle device names with embedded spaces in UCD-SNMP-MIB::dskDevice - Implement ipNetToPhysicalLastUpdated - Implement ipAddressSpinLock - Improve efficiency of scalar_group helper. - Improve parsing of -LS command line argument - Register CPU/memory hardware modules with nsCacheTable. - Reimplementation of LM-SENSORS-MIB - Reimplementation of snmpMPDStats. - Reimplementation of usmStats. - Remove unused variables. - Suppress annoying "registration != duplicate" warning for root oids - Unify all snmpd statistic variables with a common handler. - Use the worker helpers from the register_*_instance helpers and schedule the instance helpers for removal in 5.6 - Use static watcher_info for all watched variables and in int_watch. - fix possible crash when 64-bit counters in ipSystemStatsTable get bigger than 2^32 snmptrapd: - [BUG 1638225]: Fix interpretation of transport address data. - [BUG 1955227]: Memory leak for embedded Perl on x86_64 - [PATCH 1746992]: Improve snmptrapd access-control error messages. - [PATCH 1767725]: Close all non standard file handles - [PATCH 1908288]: Run perl END block on termination - [PATCH 2726302]: Pass results of Perl trap handlers to trap daemon - [PATCH 1225440]: Delay sighup till it is safe. - [FEATURE 741375]: Extend -F flag to cover syslog/execute format strings. - [FEATURE 1159947]: Allow control of traphandle data format - Add trap handler for logging traps to a mysql database - Support for forwarding traps by OID subtree. - Support per-trap format specifications - Withdraw deprecated options. apps: - [BUG 1964136]: Drop NULL type from snmpset usage message. - [BUG 2811577]: Fix bug in GetBulk handling. Don't get confused by index values that contain a ':' character. - [PATCH 1529523]: Close SNMP session on failure. - Improve parsing of -LS command line argument snmpnetstat: - [PATCH 2564538]: Support GETBULK in v2c+ snmp versions snmpusm: - [PATCH 1591355]: Allow cloning to arbitrary engineIDs snmpwalk: - [PATCH 1723620]: Specify an explicit end-point for the walk. build: - [BUG 1096166]: Handle --without-logfile correctly. - [BUG 1567324]: Clarify prompting for user-supplied values. - [BUG 1600093]: autoconf 2.60 breaks the build - [BUG 1647976]: Cygwin/MinGW Windows build fails due to libtool error - [BUG 1707469]: Win32: snmpv3-security-includes.h not installed - [BUG 1802833]: Ensure snmptrapd builds with --disable-snmpv1/2c - [BUG 1823381]: Use a sensible default MIBDIR path on Cygwin/MinGW - [BUG 1823381]: Valid MIB directory search path on Windows - [BUG 1872266]: PERLCC check fails for CC with options - [BUG 1995172]: fix --without-elf configure usage message - [BUG 2014526]: Win32: snmpv3-security-includes.h not installed - [BUG 2023803]: Compilation problems on HP-UX 11.31 - [BUG 2095983]: fix syntax/permissing error in find-requires helper script - [BUG 2168180]: Improve handling of various --enable/--disable options. - [BUG 2782700]: build failure when using --with-pkcs on Solaris - [PATCH 1577917]:Simplify makefile target references (patch from Apple) - [PATCH 1600453]: Fix cross-compile builds in apples build environment. - [PATCH 1624406]: option to hardcode location of mount table - [PATCH 1625135]: configure location of python interpreter - [PATCH 1678300]: compile-subagent doesn't call shutdown_ methods - [PATCH 1681073]: #ifdef based config_error instead of special cases - [PATCH 1728241]: Add configure check for - [PATCH 1728230]: add configure check for gai_strerror() - [PATCH 1728233]: make sure type nfds_t is defined - [PATCH 1728237]: Move variable declaration at the top of netsnmp_udp_sendto - [PATCH 1728244]: Add configure check for sin6_scope_id - [PATCH 1728247]: Add type check for int??_t and uint??_t - [PATCH 1899762]: Tweak embedded_perl configure checks. - [PATCH 2000874]: Cleanup transport selection. - [PATCH 2091156]: correctly declare dependencies in Makefile. 'make -j ' should work now. - [PATCH 2184039]: Fixes for freeing memory during error conditions. - [PATCH 2797251]: Support multiple initialisation/shutdown, fix memory leaks - Add a variation of AC_SEARCH_LIBS where the result is settable. - Add "BuildRequires: perl-ExtUtils-Embed" to the spec file - Add '--with-temp-file-pattern' configure option - Assume target platform supports mem{cpy,move,set} & str{,r}chr - Disable inlining on solaris (due to linking errors) - Disable MIB-specific tests if the agent omits the necessary modules. - '--disable-as-needed' reverts to linking system libs into applications - Do not config_require(util_funcs) if nothing from util_funcs is used - Do not require use of --with-endianness when cross-compiling. - Fix build issues with ethtool (on RH9). - Fix checks for support of static inline functions - Fix compilation on IRIX - Fix macro for '--with-features-of' - Improve library layering & dependency handling when linking apps - Improve robustness of sed/grep/etc commans (using autoconf macros) - Improve RPM spec files, for consistency with vendor-provided packages. - Mechanism for selecting build environment based on version - New NETSNMP_ARG_WITH/ENABLE macros to catch incorrect 'with/enable' usage - '--enable-ipv6' should only enable 'mibII/ipv6' on supported systems - Remove Net-SNMP special-case handling of standard functionality. - Restructure configure template - Stricter checks on '--with-persistent-mask' values - Update to autoconf 2.63 & libtool 2.2.6 - Use 'config_error' to generate error messages at configure time. - Use LDFLAGS when building agent, helpers and mib lib - Use "libtool clean" to ensure removal of all libtool temp files. - allow building with Perl versions that lack PERL_EXIT_DESTRUCT_END - build fix for Tru64 Unix and IRIX: move _XOPEN* definitions to where they are in 5.4.x and earlier documentation: - [BUG 1247164]: Document use of OID macros - [BUG 1407476]: Clarify MIB parsing toggle options & comment handling. - [BUG 1614104]: broken snmpd(8) manual page in 5.4 - [BUG 2027129]: fix typo in snmpcmd.1 - [PATCH 1604580]: SNMP(3) manual page corrections - [PATCH 1644735]: Add gcc build instructions for IRIX - Fix minor documentation bugs (patch from Apple) mib2c: - [BUG 833673]: More focused size checks. - [BUG 1429472]: Protect against missing instances (and invalid objects) - [BUG 1582972]: Handle @while@/@end@ properly. - [BUG 1737068]: Handle MIB objects with embedded hyphens - [BUG 1874059]: Handle MIB objects with embedded hyphens - [PATCH 1668171]: skip unknown cols in min/max range for tables - [PATCH 1719244]: Fix mfd generating map function - [PATCH 1914398]: install mib2c.perl.conf - [PATCH 2136437]: Improve FLAG defines for huge tables on 64bit systems - [PATCH 2316127]: Fix bug in iterate_access generated code. misc: - [PATCH 1737727]: Add a NETSNMP_OLDAPI_ prefix to old-api access macros. - [PATCH 1737727]: Replace NETSNMP_CLEAN_NAMESPACE with NETSNMP_NO_LEGACY_DEFINITIONS - Add config reread support to "net-snmp-config --compile-subagent" code. - Avoid calling debug macros with wrong number of arguments. - Don't use the legacy symbol SNMPTRAPD_DISABLE_AGENTX - Preliminary (alpha) support for SNMP over SSH and DTLS/UDP. - Preliminary (alpha) support for the TSM security model - Separate user management into new net-snmp-create-v3-user script unspecified: - [BUG 1596638]: memory leak in ipCidrRouteTable, inetCidrRouteTable - [BUG 1611524]: fix tcp connection table fd leak - [BUG 1793545]: Take the name from the sockaddr_un in order to avoid transport specifiers and other decorations. - [BUG 1801835]: Multiple default transports for an application. - [BUG 1851047]: Don't continue to process a corrupt watched value. - [PATCH 1601453]: Dynamic Memory failure handling improvements - [PATCH 1674298]: Remove unused sinkport variable - [PATCH 1674299]: Lessen scope of zone variable in dump_realloc_oid_to_inetaddress - [PATCH 1674302]: Lessen scope of len variable in convert_v2pdu_to_v1 - [PATCH 1678298]: compile-subagent checks for bad HAVE_SIGNAL_H - [PATCH 1678302]: netsnmp_mibindex_load leaks memory - [PATCH 1681035]: Improve net-snmp-config /bin/sh compatibility - [PATCH 1902105]: Hide and improve debug log messages - [PATCH 1902113]: Fix error log in inetNetToMediatable - Fix for refs to OBJECT-GROUP in another MIB - Initalize log subsystem - Remove support for use of varargs.h. perl: - [BUG 1450669]: a perl agentx consumes memory - [BUG 1554817]: Fix class assigment so getRootOID works properly. - [BUG 1606062]: perl bulkwalk (async) coredump - [BUG 1619827]: improve handling of link dependencies - [BUG 1747733]: More robust handling of undefined values. - [BUG 1834539]: Consistent handling of OID parsing. - [PATCH 1627949]: a perl agentx consumes memory - [PATCH 1725049]: Fix bulkwalk in cases of non-repeater usage. - [PATCH 1811463]: perl async callback coredump - [PATCH 1834983]: Consistent handling of OID parsing. - [PATCH 1914393]: registerAgent can now be run multiple times - [PATCH 1914643]: fix issues with embedded perl - [PATCH 1914645]: better end of mib support - [PATCH 1920390]: fix registration of tables with .0 as IIDs - [PATCH 1956193]: beta threadable perl module code for SNMPv1/2c usage. - [PATCH 2021444]: Support SNMPv2c in gettable processing - [PATCH 2022948]: Fix for Counter64 in perl subagent - [PATCH 2182079]: Fix various perl warnings & allow use of "use strict" - [PATCH 2272347]: Implement "implied" in MIB hash - [PATCH 2361712]: Fix getbulk optimization during walks - [PATCH 2709705]: Retrieve src/target IP address in Perl-based agents - [PATCH 2763717]: Allow perl to use OPAQUEs - [PATCH 2793857]: Report failed asynchronous requests. - fix SNMP SET for IP addresses on 64-bit - fix prerequisites for NetSNMP::TrapReceiver - fix syntax error in NetSNMP::agent::Support - install embedded perl init files with correct permissions python: - [BUG 1826174]: Check for buffer overflow when printing values. Addresses CVE-2008-2292 - [BUG 1868278]: Python segfault - [BUG 2258935]: Python Extension Module fails on Solaris - [PATCH 1716114]: Let python build in source tree (Debian patch#38) - [PATCH 1862177]: made code more windows/cygwin compiler friendly - [PATCH 1877840]: Fix MIB label and indexing due to sl, broken regexp - [PATCH 2074817]: Fix regexp engine CPU performance issues - [PATCH 2260828]: Fix python snmpwalk memory leak - [PATCH 2580979]: Fix python session pointers on 64-bit systems. - [PATCH 2667415]: Support "UseNumeric" option. - [PATCH 2775800]: Allow threading to continue when a request is sent test: - enhance snmpnetstat test to check tcpTable in TCP mode - support a -n flag to RUNTESTS to print the test number found in the test file as opposed to the numerical count - Do not terminate on SIGCHLD since dash and soume bourne shells will exit the main shell when a subshell terminates in that case. Ports: - [BUG 1710910]: initial support for DragonFly BSD - [PATCH 1623874]: add GNU/kFreeBSD support AIX: - [PATCH 1665079]: AIX patches for cpu stats and process monitoring - Add support for AIX 6.x - Build fixes for embedded Perl - Fix default shared library building instead of forcing static - Use "-Wl,-brtl" when compiling with gcc - [PATCH 2886598]: Header fixes for compiling on AIX6 FreeBSD: - [BUG 1073782]: Restore PerfStat values for FreeBSD 5.x systems. - [BUG 1633483]: Support CPU HAL on FreeBSD4.x - [PATCH 1951996]: Fix for CPU stats on FreeBSD - [PATCH 2507249]: sctp-mib support for FreeBSD. - Add initial support for upcoming FreeBSD 7 - Fix configure warning for sys/conf.h - patch from Cezary Morga to fix a make test on freebsd HP-UX: - [BUG 2779472]: Filesystems missing in hrStorage table - [PATCH 2088726]: Fix an issue reporting memory in negative values. - Needs _REENTRANT defined to pick up strtok_r. IRIX: - [PATCH 1675869]: CPU statistics for IRIX based on PCP - [PATCH 1709748]: Optimized IRIX cpu stats Linux: - [BUG 1666005]: Fail to walk ipv6InterfaceTable on Linux - [PATCH 1581294]: host-resources improvements - [PATCH 1969627]: Handle install with empty /etc/sysconfig/network file - [PATCH 1704105]: Add IPv6 support to the inetNetToMediaTable - [PATCH 1705594]: Various fixes to ipAddressPrefixTable reporting - [PATCH 1708243]: Implement ipDefaultRouteTable - [PATCH 1715405]: Implement ipv6ScopeZoneIndexTable - [PATCH 1719254]: update HRFS_ignore list to current linux likelyhoods - [PATCH 1724602]: MfD-based ipDefaultRouterTable implementation - [PATCH 1783423]: return a correct ipv6InterfaceIdentifier of loopback - [PATCH 1826102]: support longer interface names - [PATCH 1828602]: Support ipDefaultTTL and ipForwarding SETs - [PATCH 1896118]: Fix ifTable 32bit counters - [PATCH 1927751]: Implement icmpMsgStatsTable - [PATCH 2023633]: Implement SCTP-MIB - [PATCH 2053273]: Implement EtherLike MIB MacOSX: - [PATCH 1600453]: OS X compile-time endian determination - [PATCH 1600522]: CPU HAL implementation for mach/darwin - Improve memory reporting (patch from Apple) Solaris: - [BUG 1626153]: No hrSWRun informations on Solaris zones - [BUG 1810814]: tcpTable missing entries and wrong ports - [BUG 1819189]: {ifOperStatus,ipAdEntIfIndex} reported incorrectly - [BUG 1822275]: {ifOperStatus,ipAdEntIfIndex} reported incorrectly - [PATCH 1623447]: Fix hrSWRun for terminated processes - [PATCH 1719730]: Support for ipSystemStatsTable and ipAddressTable - [PATCH 1824196]: {ifOperStatus,ipAdEntIfIndex} reported incorrectly - [PATCH 1834699]: Fix 1833294: DLPI problems on Solaris 2.6 - [PATCH 2012404]: Deal with more than 10 interfaces. - [PATCH 2751588]: Inconsistent data can be reported on Solaris 10U4+ - #define NEW_MIB_COMPLIANT to support Solaris 10U4+ - IF-MIB fix: add missing return at end of get_if_stats Win32: - [BUG 1662987]: compile error on Cygwin - [BUG 2779541]: Fixed handle leak in pass_persist. - [PATCH 1622080]: A: pass Win32 handles remain open. - [PATCH 1706344]: Fix compilation with cygwin - [PATCH 2686248]: Fix several winExtDLL bugs. - [PATCH 2688342]: Fix VS2005 various compiler warning - [PATCH 2691876]: Allow compiling the services using unicode. - [PATCH 2693746]: improved socket startup support - Add support for winExtDLL to build.bat - Build fixes for MSVC 2008. - fix AES support - fix win32/Configure --with-ipv6 *5.4* build: - [BUG 1416481]: Support specifying an explicit linker. - enable-as-needed will try to link built libraries against needed libraries at library link time, rather than application link time. snmplib: - [PATCH 1282566]: to rework transport creation to allow for alternative interpretations of the address and a more flexible transport registration system - [BUGS: 1537459, BUGS: 1540745] Fix missing MIB parsing tokens - [PATCH 1562168]: check for a sock fd less than 0. - [PATCH 1570650]: create a logging shutdown function to propelry clean up log registrations if needed. - [PATCH 1565293]: UDPIPv6 transport reports wrong port number - rename init_mib to netsnmp_init_mib to avoid symbol clash with HP-UX's libnm - [PATCH 1509943]: responses will get sent from the original dest IP address when possible. snmpd: - [PATCH 1550725]: A new uint instance helper to match the existing int, long and ulong helpers - [BUG 1527930]: fix smux authentication - [PATCH 1561277]: use net.ipv6.neigh.lo.base_reachable_time_ms instead of deprecated base_reachable_time - [BUG 1474468]: ifConnectorPresent always returns 0 - [PATCH 1524755]: to better support the UDPTable for unknown address types - [PATCH 1534877]: to add support for skipping NFS entries in the host resources hrStorageTable. See the skipNFSInHostResources token in the snmpd.conf file for details. - [PATCH 1557514 ]: Do not attempt to collect data during SET processing. - [BUG 1535903]: Support spaces within security names - Agent builds default module list from a default_mibs.h rather than a hard coded configure list - [BUG 1559358]: check scanf results for diskio scanning - [BUG 1564233]: Have configure test for rpm headers not just the libraries - [PATCH 1579364]: Updated darwin patch to fix compilation on Tiger and Leapord - [PATCH 1565703]: patch to fix rapid registrations/deregistration issues - [PATCH 1562688]: fix ping/reattach agentx code - [PATCH 1551948]: Make pass_persist usable on uClinux - [PATCH 1568150]: Extend pass_persist error messages that can be passed back from the script - [PATCH 1570650]: make delete table function public - [PATCH 1575984]: block SIGHUP during reconfig - [PATCH 1570982 ]: Solaris IF-MIB: Support for IPv6-only interfaces - memTotalFree should report total virtual instead of physical memory - build fix for --without-kmem-usage - [BUG 1585815]: fix mfd bits length calculation - [BUG 1427410]: Set auth engineID for SNMPv3 traps. - [BUG 1502267]: Build access list in the correct order. - [PATCH 1554827]: from rtyle: fix handling of failed proxy SET requests - [PATCH 1598966]: Fix bug #1598927: #elif build fix snmptrapd: - the traphandle directive now supports a -t switch to indicate matching any OID in the tree below the specified OID - [PATCH 1536773]: support partial oid matching - [PATCH 1598968]: Fix bug #1587759: snmptrapd doesn't recognize -A option snmpdf: - [BUG 1515507]: Handle failed requests better perl: - Fixed the perl bulkwalk function - [PATCH 1575937]: fix usenumeric output in async varbinds so they return OIDs instead of empty strings. - update default_store module to latest default_store c-binding tokens - make perltest fixes for Solaris 2.6 and earlier - fixes for 64-bit platforms - make perltest fixes for HP-UX - make perltest fixes for IRIX - [PATCH 2995098]: Fix creation of SNMPv3 sessions with API_SINGLE - patch 3046371: from christophb4: Fix memory leak in SNMPv1 trap handling. mib2c: - [BUG 1479916]: Restore consistency in row creation code. - [BUG 2827269]: Suppress non-ordered TODO comments. misc: - Most net-snmp specific defines are now (also) available under a proper NETSNMP_ prefix. The older, potentially conflicting names as well as the autoconf variables can now be turned off by a special define. - [BUG 1585250]: don't use deprecated options in start script - "make test" fixes for non-UDP transports - [BUG 1577913]: add missing manual pages for executables, supplied by Debian - [PATCH 1596028]: from "Stephen J. Friedl": const fixes for the mib_api(3) manual page - RPM spec file fixes for 64-bit platforms MacOSX: - [PATCH 1566777]: build fixes for memory_darwin.c - build fix for mibII/udpTable Tru64: - fix "auto_nlist failed on arptab_size at location 0" errors IRIX: - proper implementation for UCD-SNMP-MIB::laTable (avoiding nlist) Solaris: - [PATCH 1569537,1569539]: new UDP-MIB and TCP-MIB implementation (enable through --with-mib-modules=udp-mib,tcp-mib) AIX: - use correct ARPTAB_SYMBOL and ARPTAB_SIZE_SYMBOL - [BUG 1205300]: nlist err: neither nproc nor _nproc found (same for rt_table, rthashsize, rthost, rtnet) qnx6: - [PATCH 2836895]: support for QNX6