@@ -5,25 +5,123 @@ listing of all changes made to the code.
55
66*5.10*:
77
8- Many changes beyond the small set listed below:
9-
108 snmptrapd:
119 - fixed a critical vulnerability triggered by a specially crafted trap
1210
11+ snmplib:
12+ - Reject invalid input in asn_realloc_rbuild_string to prevent
13+ NULL dereference
14+ - Fix memory leaks in parse_enumlist, netsnmp_transport_filter_add,
15+ and se_add_pair_to_list
16+ - Optimize init_snmp_enum to be faster by calling calloc once
17+ - Do not truncate AGENT-CAPABILITIES descriptions
18+ - Use libssh2_session_handshake when available instead of deprecated
19+ startup function
20+ - Rework se_add_pair_to_slist to insert into storage before adding to list
21+ - Check env_var before reading MIB
22+ - Fix parsing of OIDs 0.40.x and 1.40.x
23+ - Fix buffer overflow in ASN_OCTET_STR index allocation
24+ - Fix stack buffer overflow in se_read_conf and other buffer overflows
25+ - Fix out-of-bounds access in netsnmp_hex_to_binary and snmp_log_options
26+ - Fix NULL pointer dereferences in netsnmp_ds_handle_config and
27+ netsnmp_ds_parse_boolean
28+
1329 snmpd:
14- - Invoke a callback upon authentication failure This allows detecting
15- failed authentication attempts in a custom SNMP agent. [
16- bvanassche: edited commit message ]
30+ - systemstats_linux: Improve support of "Ip:" fields list from
31+ kernel /proc/net/snmp
32+ - diskio: Use snprintf for device path generation on Linux and add
33+ malloc checks for BSDs
34+ - pingCtlTable: Unified handling of memory allocation errors and releases
35+ - Revert exclusion of certain MIBs if Netlink library is not available
36+ - Fix segfaults when varbind cannot be constructed (null pointer)
37+ - Fix use-after-free in unregister_mib_context
38+ - Fix crash caused by buf being a null pointer in snmp_agent.c
39+ - Fix loadave.c out-of-bounds access
40+ - Fix possible unix socket path overflow with strncpy
41+ - Fix write_vacmAccessStatus use-after-free in mibII
1742 - Security vulnerabilty in the ping MIB reported by Christopher Ertl
1843 from Microsoft fixed
1944
20- configure:
45+ apps:
46+ - mib2c-update: Fix broken search path and allow specifying
47+ generated file name
48+ - mib2c: Install correct filename for generic-get-in_addr_t
49+ - snmpset/agentxtrap: Fix memory leaks
50+
51+ perl:
52+ - Do not send callbacks upon failures to avoid double-frees
53+ - Do not crash on resend callbacks
54+ - Revert "fix resource leaks" patch because it introduced crashes
55+ - Suppress warning message for Socket6
56+
57+ building:
58+ - Support FreeBSD 15 and 16
59+ - Support OpenBSD 8
60+ - Add build support for Windows on ARM
61+ - MinGW64: Switch from pkg-config to pkgconf
62+ - Remove NOAUTODEPS support from Makefile.in
63+ - Make --disable-des work
2164 - Add --with-wolfssl Add support for building and linking with the
2265 wolfSSL library instead of OpenSSL. Other changes that have been
2366 included in this patch are: - Only enable AES support if
2467 EVP_aes_128_cfb() is available. - Add support for detecting SSL
2568 functions if these have been defined as macros.
2669
70+
71+ *5.9.5*
72+
73+ snmptrapd:
74+ - fixed a critical vulnerability (CVE-2025-68615) which can be triggered
75+ by a specially crafted trap
76+
77+ snmplib:
78+ - Add support for IPV6_RECVPKTINFO
79+ - Port the SSH domain transport to FreeBSD
80+ - Improve error handling in parse_enumlist and other parsing functions
81+ - Filter out non-ASCII characters from output
82+ - Fix multiple memory leaks in MIB parsing, OID handling, and transport filters
83+ - Fix multiple buffer overflows triggered when creating ASN packets
84+ - Fix handling of large/negative values (integer underflows/overflows)
85+ - Fix segmentation faults when `varbind` cannot be constructed or buf is null
86+ - Fix crash in netsnmp_parse_args when passing invalid argument lists
87+ - Fix SNMPv3 multithreading support for snmp_sess_open()
88+
89+ snmpd:
90+ - Make UCD-SNMP::dskTable dynamic if includeAllDisks is set.") added
91+ a verification that drops all filesystems not present in other_fs[]
92+ table. So add 'ubifs' in other_fs[] to fix it.
93+ - Fix SIGHUP handling for engineID changes and agent port changes
94+ - Fix a use-after-free in unregister_mib_context()
95+ - Fix regression of memory leak when using RPMDB macros
96+ - Improve cache management: clear timer_id on stop, keep cache flags unchanged
97+ - Always open libkvm in "safe mode" on FreeBSD
98+ - Fix crash when snmptrapd subagent terminates the TCP connection
99+
100+ apps:
101+ - snmpusm: Improve error handling and fix memory leaks
102+ - sshtosnmp: Avoid EINVAL when passing credentials over SSH unix domain socket
103+ - snmptest: Plug a possible memory leak
104+ - snmpget: Avoid leak if parsing OID fails
105+
106+ MIBs:
107+ - EtherLike-MIB: Optimize Linux implementation to use netlink statistics
108+ - IP-MIB: Add Linux 6.7 compatibility for parsing /proc/net/snmp
109+ - LM-SENSORS-MIB: Support negative temperatures
110+ - SNMP-TLS-TM-MIB: Update to RFC 9456 and allow TLS protocols higher than TLS1.0
111+ - HOST-RESOURCES-MIB: Add support for RPM SQLite DB background
112+
113+ building:
114+ - Add support for Windows on ARM
115+ - Support OpenBSD 8, FreeBSD 15/16, and DragonflyBSD
116+ - Fix build for OS/X versions prior to 10.6.0
117+ - Windows: Bump OpenSSL version and fix library paths
118+ - MinGW64: Switch from pkg-config to pkgconf
119+ - Add --with-wolfssl Add support for building and linking with the
120+ wolfSSL library instead of OpenSSL. Other changes that have been
121+ included in this patch are: - Only enable AES support if
122+ EVP_aes_128_cfb() is available. - Add support for detecting SSL
123+ functions if these have been defined as macros.
124+
27125*5.9.4*:
28126
29127 IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
0 commit comments