From dbd30b8409ed626dae5e9be093e9b60e12504bc7 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Apr 05 2022 13:43:22 +0000
Subject: import net-snmp-5.7.2-49.el7_9.2


---

diff --git a/SOURCES/net-snmp-5.7.2-bulk.patch b/SOURCES/net-snmp-5.7.2-bulk.patch
new file mode 100644
index 0000000..c6350a6
--- /dev/null
+++ b/SOURCES/net-snmp-5.7.2-bulk.patch
@@ -0,0 +1,103 @@
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c	2020-09-29 14:08:09.821479662 +0200
++++ b/snmplib/snmp_api.c	2020-10-01 10:15:46.607374362 +0200
+@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
+     /*
+      * build a scopedPDU structure into spdu_buf
+      */
+-    spdu_buf_len = SNMP_MAX_MSG_SIZE;
++    spdu_buf_len = sizeof(spdu_buf);
+     DEBUGDUMPSECTION("send", "ScopedPdu");
+     cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
+                                        &spdu_hdr_e);
+@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
+      */
+     DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
+     if (pdu_data) {
++        if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
++            snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
++                     __func__, pdu_data_len, sizeof(spdu_buf));
++            return -1;
++        }
+         memcpy(cp, pdu_data, pdu_data_len);
+         cp += pdu_data_len;
+     } else {
+@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
+      * re-encode the actual ASN.1 length of the scopedPdu
+      */
+     spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
+-    spdu_buf_len = SNMP_MAX_MSG_SIZE;
++    spdu_buf_len = sizeof(spdu_buf);
+     if (asn_build_sequence(spdu_buf, &spdu_buf_len,
+                            (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
+                            spdu_len) == NULL)
+@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
+      * message - the entire message to transmitted on the wire is returned
+      */
+     cp = NULL;
+-    *out_length = SNMP_MAX_MSG_SIZE;
++    *out_length = sizeof(spdu_buf);
+     DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
+     sptr = find_sec_mod(pdu->securityModel);
+     if (sptr && sptr->encode_forward) {
+
+diff -urNp a/include/net-snmp/library/default_store.h b/include/net-snmp/library/default_store.h
+--- a/include/net-snmp/library/default_store.h	2022-03-07 10:50:12.425997555 +0100
++++ b/include/net-snmp/library/default_store.h	2022-03-07 12:51:07.968771327 +0100
+@@ -96,7 +96,7 @@ extern          "C" {
+ #define NETSNMP_DS_LIB_DNSSEC_WARN_ONLY     41 /* tread DNSSEC errors as warnings */
+ #define NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT 42 /* NETSNMP_DS_LIB_CLIENT_ADDR includes address and also port */
+ #define NETSNMP_DS_LIB_MAX_BOOL_ID          48 /* match NETSNMP_DS_MAX_SUBIDS */
+-
++#define NETSNMP_DS_LIB_MSG_SEND_MAX        16
+     /*
+      * library integers 
+      */
+diff -urNp a/include/net-snmp/library/snmp.h b/include/net-snmp/library/snmp.h
+--- a/include/net-snmp/library/snmp.h	2012-10-10 00:28:58.000000000 +0200
++++ b/include/net-snmp/library/snmp.h	2022-03-07 11:27:16.462066135 +0100
+@@ -40,6 +40,7 @@ SOFTWARE.
+ 
+ #define SNMP_MAX_LEN	    1500        /* typical maximum message size */
+ #define SNMP_MIN_MAX_LEN    484 /* minimum maximum message size */
++#define SNMP_MAX_PACKET_LEN (0x7fffffff)
+ 
+     /*
+      * SNMP versions 
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c	2022-03-07 10:50:12.533998393 +0100
++++ b/snmplib/snmp_api.c	2022-03-07 11:18:17.857183065 +0100
+@@ -309,6 +309,24 @@ static const char *secLevelName[] = {
+ };
+ 
+ /*
++ * return configured max message size for outgoing packets
++ */
++int
++netsnmp_max_send_msg_size(void)
++{
++    u_int max = netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID,
++                                   NETSNMP_DS_LIB_MSG_SEND_MAX);
++    if (0 == max)
++        max = SNMP_MAX_PACKET_LEN;
++    else if (max < SNMP_MIN_MAX_LEN)
++        max = SNMP_MIN_MAX_LEN; /* minimum max size per SNMP specs */
++    else if (max > SNMP_MAX_PACKET_LEN)
++        max = SNMP_MAX_PACKET_LEN;
++
++    return max;
++}
++
++/*
+  * Multiple threads may changes these variables.
+  * Suggest using the Single API, which does not use Sessions.
+  *
+@@ -737,7 +755,7 @@ snmp_sess_init(netsnmp_session * session
+     session->retries = SNMP_DEFAULT_RETRIES;
+     session->version = SNMP_DEFAULT_VERSION;
+     session->securityModel = SNMP_DEFAULT_SECMODEL;
+-    session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
++    session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
+     session->flags |= SNMP_FLAGS_DONT_PROBE;
+ }
+ 
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index ceb3825..7dd664f 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -4,14 +4,14 @@
 %{!?netsnmp_check: %global netsnmp_check 1}
 
 # allow compilation on Fedora 11 and older
-%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
+%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 # Arches on which we need to prevent arch conflicts on net-snmp-config.h
 %global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64
 
 Summary: A collection of SNMP protocol tools and libraries
 Name: net-snmp
 Version: 5.7.2
-Release: 49%{?dist}.1
+Release: 49%{?dist}.2
 Epoch: 1
 
 License: BSD
@@ -126,6 +126,7 @@ Patch90: net-snmp-5.7.2-memory-leak.patch
 Patch91: net-snmp-5.7.2-flood-messages.patch
 Patch92: net-snmp-5.7.2-proc-whitespace.patch
 Patch93: net-snmp-5.7.2-CVE-2020-15862.patch
+Patch94: net-snmp-5.7.2-bulk.patch
 
 Requires(post): chkconfig
 Requires(preun): chkconfig
@@ -373,6 +374,7 @@ The net-snmp-sysvinit package provides SysV init scripts for Net-SNMP daemons.
 %patch91 -p1 -b .flood-messages
 %patch92 -p1 -b .proc-whitespace
 %patch93 -p1 -b .CVE-2020-15862
+%patch94 -p1 -b .bulk
 
 %ifarch sparc64 s390 s390x
 # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
@@ -436,7 +438,7 @@ find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \;
 
 # compile python module
 pushd python
-%{__python} setup.py --basedir="../" build
+%{__python2} setup.py --basedir="../" build
 popd
 
 
@@ -502,7 +504,7 @@ install -m 644 local/mib2c.*.conf ${RPM_BUILD_ROOT}%{_datadir}/snmp
 
 # install python module
 pushd python
-%{__python} setup.py --basedir=.. install -O1 --skip-build --root $RPM_BUILD_ROOT 
+%{__python2} setup.py --basedir=.. install -O1 --skip-build --root $RPM_BUILD_ROOT 
 popd
 
 find $RPM_BUILD_ROOT -name '*.so' | xargs chmod 0755
@@ -641,7 +643,7 @@ rm -rf ${RPM_BUILD_ROOT}
 
 %files python
 %doc python/README
-%{python_sitearch}/*
+%{python2_sitearch}/*
 
 %files gui
 %{_bindir}/tkmib
@@ -668,6 +670,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_initrddir}/snmptrapd
 
 %changelog
+* Mon Mar 07 2022 Josef Ridky <jridky@redhat.com> - 1:5.7.2-49.2
+- fix send response: Too long error (#2008696)
+
 * Wed Nov 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.7.2-49.1
 - fix CVE-2020-15862 (#1875496)