rpms/net-snmp/devel net-snmp-5.3-5.3.0.1.patch, NONE, 1.1 net-snmp.spec, 1.61, 1.62

Wed Jan 18 09:07:14 UTC 2006

Author: rvokal

Update of /cvs/dist/rpms/net-snmp/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv26841

Modified Files:
	net-snmp.spec 
Added Files:
	net-snmp-5.3-5.3.0.1.patch 
Log Message:

    Security fix. Bug granting write access to read-only users
    or communities which were configured  using the "rocommunity"
    or "rouser" snmpd.conf tokens fixed



net-snmp-5.3-5.3.0.1.patch:
 agent/mibgroup/mibII/vacm_conf.c     |    6 +++---
 testing/tests/T030snmpv3usercreation |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

--- NEW FILE net-snmp-5.3-5.3.0.1.patch ---
diff -rdu net-snmp-5.3/agent/mibgroup/mibII/vacm_conf.c net-snmp-5.3.0.1/agent/mibgroup/mibII/vacm_conf.c
--- net-snmp-5.3/agent/mibgroup/mibII/vacm_conf.c	2005-12-20 02:46:11.000000000 +0100
+++ net-snmp-5.3.0.1/agent/mibgroup/mibII/vacm_conf.c	2006-01-14 00:23:36.000000000 +0100
@@ -927,7 +927,7 @@
         view_ptr = NULL;
     }
 
-    if (viewtypes & VACM_VIEW_WRITE)
+    if (viewtypes & VACM_VIEW_WRITE_BIT)
         rw = viewname;
 
     commcount++;
@@ -1008,8 +1008,8 @@
     /*
      * map everything together 
      */
-    if (viewtypes == VACM_VIEW_READ ||
-        viewtypes == (VACM_VIEW_READ || VACM_VIEW_WRITE)) {
+    if ((viewtypes == VACM_VIEW_READ_BIT) ||
+        (viewtypes == (VACM_VIEW_READ_BIT | VACM_VIEW_WRITE_BIT))) {
         /* Use the simple line access command */
         /*
          * access  anonymousGroupNameNUM  "" MODEL AUTHTYPE prefix anonymousViewNUM [none/anonymousViewNUM] [none/anonymousViewNUM] 
diff -rdu net-snmp-5.3/testing/tests/T030snmpv3usercreation net-snmp-5.3.0.1/testing/tests/T030snmpv3usercreation
--- net-snmp-5.3/testing/tests/T030snmpv3usercreation	2005-11-25 00:14:38.000000000 +0100
+++ net-snmp-5.3.0.1/testing/tests/T030snmpv3usercreation	2006-01-14 02:05:18.000000000 +0100
@@ -24,7 +24,7 @@
 NEWAUTHPRIVPASS=newauthprivpass
 
 # configure agent
-CONFIGAGENT rouser $NEWUSER
+CONFIGAGENT rwuser $NEWUSER
 
 # Start the agent
 STARTAGENT


Index: net-snmp.spec
===================================================================
RCS file: /cvs/dist/rpms/net-snmp/devel/net-snmp.spec,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- net-snmp.spec	2 Jan 2006 12:00:12 -0000	1.61
+++ net-snmp.spec	18 Jan 2006 09:06:56 -0000	1.62
@@ -3,7 +3,7 @@
 Summary: A collection of SNMP protocol tools and libraries.
 Name: net-snmp
 Version: 5.3
-Release: 1
+Release: 2
 License: BSDish
 Group: System Environment/Daemons
 URL: http://net-snmp.sourceforge.net/
@@ -25,6 +25,7 @@
 #Patch10: net-snmp-5.1.1-ipAdEntIfIndex.patch
 Patch12: net-snmp-5.1.2-dir-fix.patch
 Patch19: net-snmp-5.2.1-file_offset.patch
+Patch20: net-snmp-5.3-5.3.0.1.patch
 
 Prereq: /sbin/chkconfig
 Obsoletes: ucd-snmp
@@ -124,6 +125,7 @@
 %patch9  -b .64bit
 %patch12 -p1 -b .dir-fix
 %patch19 -p1 -b .file_offset
+%patch20 -p1 -b .5.3.0.1
 
 # Do this patch with a perl hack...
 perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
@@ -307,6 +309,11 @@
 %{_libdir}/*.a
 
 %changelog
+* Wed Jan 18 2006 Radek Vokal <rvokal at redhat.com> 5.3-2
+-  Security fix. Bug granting write access to read-only users 
+   or communities which were configured  using the "rocommunity" 
+   or "rouser" snmpd.conf tokens fixed
+
 * Fri Dec 30 2005 Radek Vokal <rvokal at redhat.com>
 - upgrade to 5.3 
 


