From 32216b6e548730956aadd8e27e314d3052897d39 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 23 2024 16:00:18 +0000
Subject: import net-snmp-5.7.2-49.el7_9.4


---

diff --git a/SOURCES/net-snmp-5.7.2-wrong-passphrase.patch b/SOURCES/net-snmp-5.7.2-wrong-passphrase.patch
new file mode 100644
index 0000000..97b2322
--- /dev/null
+++ b/SOURCES/net-snmp-5.7.2-wrong-passphrase.patch
@@ -0,0 +1,33 @@
+diff -urNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
+--- a/agent/mibgroup/ucd-snmp/proxy.c	2024-01-09 09:18:50.973734843 +0100
++++ b/agent/mibgroup/ucd-snmp/proxy.c	2024-01-09 09:20:02.594499668 +0100
+@@ -650,8 +650,6 @@ proxy_got_response(int operation, netsnm
+                                  "proxy OID return length too long.\n");
+                         netsnmp_set_request_error(cache->reqinfo, requests,
+                                                   SNMP_ERR_GENERR);
+-                        if (pdu)
+-                            snmp_free_pdu(pdu);
+                         netsnmp_free_delegated_cache(cache);
+                         return 1;
+                     }
+@@ -675,8 +673,6 @@ proxy_got_response(int operation, netsnm
+              * ack, this is bad.  The # of varbinds don't match and
+              * there is no way to fix the problem 
+              */
+-            if (pdu)
+-                snmp_free_pdu(pdu);
+             snmp_log(LOG_ERR,
+                      "response to proxy request illegal.  We're screwed.\n");
+             netsnmp_set_request_error(cache->reqinfo, requests,
+@@ -687,11 +683,6 @@ proxy_got_response(int operation, netsnm
+         if (cache->reqinfo->mode == MODE_GETBULK)
+             netsnmp_bulk_to_next_fix_requests(requests);
+         
+-        /*
+-         * free the response 
+-         */
+-        if (pdu && 0)
+-            snmp_free_pdu(pdu);
+ 	break;
+ 
+     default:
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index cc64602..7928edb 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -11,7 +11,7 @@
 Summary: A collection of SNMP protocol tools and libraries
 Name: net-snmp
 Version: 5.7.2
-Release: 49%{?dist}.3
+Release: 49%{?dist}.4
 Epoch: 1
 
 License: BSD
@@ -128,6 +128,7 @@ Patch92: net-snmp-5.7.2-proc-whitespace.patch
 Patch93: net-snmp-5.7.2-CVE-2020-15862.patch
 Patch94: net-snmp-5.7.2-bulk.patch
 Patch95: net-snmp-5.7.2-sendmsg-error-code.patch
+Patch96: net-snmp-5.7.2-wrong-passphrase.patch
 
 Requires(post): chkconfig
 Requires(preun): chkconfig
@@ -377,6 +378,7 @@ The net-snmp-sysvinit package provides SysV init scripts for Net-SNMP daemons.
 %patch93 -p1 -b .CVE-2020-15862
 %patch94 -p1 -b .bulk
 %patch95 -p1 -b .sendmsg-error-code
+%patch96 -p1 -b .wrong-passphrase
 
 %ifarch sparc64 s390 s390x
 # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
@@ -672,6 +674,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_initrddir}/snmptrapd
 
 %changelog
+* Tue Jan 09 2024 Josef Ridky <jridky@redhat.com> - 1:5.7.2-49.4
+- fix a crash triggered by a wrong passphrase (RHEL-2882)
+
 * Thu Aug 10 2023 Josef Ridky <jridky@redhat.com> - 1:5.7.2-49.3
 - fix sendmsg error code for new kernel (#2229858)