diff --git a/SOURCES/net-snmp-5.8-sec-counter.patch b/SOURCES/net-snmp-5.8-sec-counter.patch new file mode 100644 index 0000000..9514e5b --- /dev/null +++ b/SOURCES/net-snmp-5.8-sec-counter.patch @@ -0,0 +1,146 @@ +diff -urNp a/include/net-snmp/library/snmpusm.h b/include/net-snmp/library/snmpusm.h +--- a/include/net-snmp/library/snmpusm.h 2020-03-16 09:54:29.883655600 +0100 ++++ b/include/net-snmp/library/snmpusm.h 2020-03-16 09:55:24.142944520 +0100 +@@ -43,6 +43,7 @@ extern "C" { + * Structures. + */ + struct usmStateReference { ++ int refcnt; + char *usr_name; + size_t usr_name_length; + u_char *usr_engine_id; +diff -urNp a/snmplib/snmp_client.c b/snmplib/snmp_client.c +--- a/snmplib/snmp_client.c 2020-03-16 09:54:29.892655813 +0100 ++++ b/snmplib/snmp_client.c 2020-03-16 09:58:13.214021890 +0100 +@@ -402,27 +402,16 @@ _clone_pdu_header(netsnmp_pdu *pdu) + return NULL; + } + +- if (pdu->securityStateRef && +- pdu->command == SNMP_MSG_TRAP2) { +- +- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef, +- (struct usmStateReference **) &newpdu->securityStateRef ); +- +- if (ret) +- { ++ sptr = find_sec_mod(newpdu->securityModel); ++ if (sptr && sptr->pdu_clone) { ++ /* call security model if it needs to know about this */ ++ ret = sptr->pdu_clone(pdu, newpdu); ++ if (ret) { + snmp_free_pdu(newpdu); + return NULL; + } + } + +- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL && +- sptr->pdu_clone != NULL) { +- /* +- * call security model if it needs to know about this +- */ +- (*sptr->pdu_clone) (pdu, newpdu); +- } +- + return newpdu; + } + +diff -urNp a/snmplib/snmpusm.c b/snmplib/snmpusm.c +--- a/snmplib/snmpusm.c 2020-03-16 09:54:29.894655860 +0100 ++++ b/snmplib/snmpusm.c 2020-03-16 10:03:38.870027530 +0100 +@@ -285,43 +285,64 @@ free_enginetime_on_shutdown(int majorid, + struct usmStateReference * + usm_malloc_usmStateReference(void) + { +- struct usmStateReference *retval = (struct usmStateReference *) +- calloc(1, sizeof(struct usmStateReference)); ++ struct usmStateReference *retval; ++ ++ retval = calloc(1, sizeof(struct usmStateReference)); ++ if (retval) ++ retval->refcnt = 1; + + return retval; + } /* end usm_malloc_usmStateReference() */ + ++static int ++usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu) ++{ ++ struct usmStateReference *ref = pdu->securityStateRef; ++ struct usmStateReference **new_ref = ++ (struct usmStateReference **)&new_pdu->securityStateRef; ++ int ret = 0; ++ ++ if (!ref) ++ return ret; ++ ++ if (pdu->command == SNMP_MSG_TRAP2) { ++ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL); ++ ret = usm_clone_usmStateReference(ref, new_ref); ++ } else { ++ netsnmp_assert(ref == *new_ref); ++ ref->refcnt++; ++ } ++ ++ return ret; ++} ++ + + void + usm_free_usmStateReference(void *old) + { +- struct usmStateReference *old_ref = (struct usmStateReference *) old; ++ struct usmStateReference *ref = old; + +- if (old_ref) { ++ if (!ref) ++ return; + +- if (old_ref->usr_name_length) +- SNMP_FREE(old_ref->usr_name); +- if (old_ref->usr_engine_id_length) +- SNMP_FREE(old_ref->usr_engine_id); +- if (old_ref->usr_auth_protocol_length) +- SNMP_FREE(old_ref->usr_auth_protocol); +- if (old_ref->usr_priv_protocol_length) +- SNMP_FREE(old_ref->usr_priv_protocol); +- +- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) { +- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length); +- SNMP_FREE(old_ref->usr_auth_key); +- } +- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) { +- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length); +- SNMP_FREE(old_ref->usr_priv_key); +- } ++ if (--ref->refcnt > 0) ++ return; + +- SNMP_ZERO(old_ref, sizeof(*old_ref)); +- SNMP_FREE(old_ref); ++ SNMP_FREE(ref->usr_name); ++ SNMP_FREE(ref->usr_engine_id); ++ SNMP_FREE(ref->usr_auth_protocol); ++ SNMP_FREE(ref->usr_priv_protocol); + ++ if (ref->usr_auth_key_length && ref->usr_auth_key) { ++ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length); ++ SNMP_FREE(ref->usr_auth_key); ++ } ++ if (ref->usr_priv_key_length && ref->usr_priv_key) { ++ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length); ++ SNMP_FREE(ref->usr_priv_key); + } + ++ SNMP_FREE(ref); + } /* end usm_free_usmStateReference() */ + + struct usmUser * +@@ -3316,6 +3337,7 @@ init_usm(void) + def->encode_reverse = usm_secmod_rgenerate_out_msg; + def->encode_forward = usm_secmod_generate_out_msg; + def->decode = usm_secmod_process_in_msg; ++ def->pdu_clone = usm_clone; + def->pdu_free_state_ref = usm_free_usmStateReference; + def->session_setup = usm_session_init; + def->handle_report = usm_handle_report; diff --git a/SOURCES/net-snmp-5.8-v3-forward.patch b/SOURCES/net-snmp-5.8-v3-forward.patch new file mode 100644 index 0000000..24ac379 --- /dev/null +++ b/SOURCES/net-snmp-5.8-v3-forward.patch @@ -0,0 +1,357 @@ +diff -urNp c/agent/snmp_agent.c d/agent/snmp_agent.c +--- c/agent/snmp_agent.c 2019-09-18 08:44:53.833601845 +0200 ++++ d/agent/snmp_agent.c 2019-09-18 08:46:38.176595597 +0200 +@@ -1604,6 +1604,13 @@ free_agent_snmp_session(netsnmp_agent_se + + DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n", + asp, asp->reqinfo)); ++ ++ /* Clean up securityStateRef here to prevent a double free */ ++ if (asp->orig_pdu && asp->orig_pdu->securityStateRef) ++ snmp_free_securityStateRef(asp->orig_pdu); ++ if (asp->pdu && asp->pdu->securityStateRef) ++ snmp_free_securityStateRef(asp->pdu); ++ + if (asp->orig_pdu) + snmp_free_pdu(asp->orig_pdu); + if (asp->pdu) +diff -urNp c/include/net-snmp/pdu_api.h d/include/net-snmp/pdu_api.h +--- c/include/net-snmp/pdu_api.h 2019-09-18 08:44:53.822601740 +0200 ++++ d/include/net-snmp/pdu_api.h 2019-09-18 08:47:03.620838212 +0200 +@@ -19,6 +19,8 @@ NETSNMP_IMPORT + netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx); + NETSNMP_IMPORT + void snmp_free_pdu( netsnmp_pdu *pdu); ++NETSNMP_IMPORT ++void snmp_free_securityStateRef( netsnmp_pdu *pdu); + + #ifdef __cplusplus + } +diff -urNp c/snmplib/snmp_api.c d/snmplib/snmp_api.c +--- c/snmplib/snmp_api.c 2019-09-18 08:44:53.807601597 +0200 ++++ d/snmplib/snmp_api.c 2019-09-18 08:53:19.937435576 +0200 +@@ -4012,7 +4012,12 @@ snmpv3_parse(netsnmp_pdu *pdu, + static void + free_securityStateRef(netsnmp_pdu* pdu) + { +- struct snmp_secmod_def *sptr = find_sec_mod(pdu->securityModel); ++ struct snmp_secmod_def *sptr; ++ ++ if(!pdu->securityStateRef) ++ return; ++ ++ sptr = find_sec_mod(pdu->securityModel); + if (sptr) { + if (sptr->pdu_free_state_ref) { + (*sptr->pdu_free_state_ref) (pdu->securityStateRef); +@@ -4029,6 +4034,17 @@ free_securityStateRef(netsnmp_pdu* pdu) + pdu->securityStateRef = NULL; + } + ++/* ++ * This function is here to provide a separate call to ++ * free the securityStateRef memory. This is needed to prevent ++ * a double free if this memory is freed in snmp_free_pdu. ++ */ ++void ++snmp_free_securityStateRef(netsnmp_pdu* pdu) ++{ ++ free_securityStateRef(pdu); ++} ++ + #define ERROR_STAT_LENGTH 11 + + int +diff -urNp c/snmplib/snmpusm.c d/snmplib/snmpusm.c +--- c/snmplib/snmpusm.c 2019-09-18 08:44:53.802601550 +0200 ++++ d/snmplib/snmpusm.c 2019-09-18 08:57:35.696872662 +0200 +@@ -299,16 +299,20 @@ usm_free_usmStateReference(void *old) + + if (old_ref) { + +- SNMP_FREE(old_ref->usr_name); +- SNMP_FREE(old_ref->usr_engine_id); +- SNMP_FREE(old_ref->usr_auth_protocol); +- SNMP_FREE(old_ref->usr_priv_protocol); ++ if (old_ref->usr_name_length) ++ SNMP_FREE(old_ref->usr_name); ++ if (old_ref->usr_engine_id_length) ++ SNMP_FREE(old_ref->usr_engine_id); ++ if (old_ref->usr_auth_protocol_length) ++ SNMP_FREE(old_ref->usr_auth_protocol); ++ if (old_ref->usr_priv_protocol_length) ++ SNMP_FREE(old_ref->usr_priv_protocol); + +- if (old_ref->usr_auth_key) { ++ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) { + SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length); + SNMP_FREE(old_ref->usr_auth_key); + } +- if (old_ref->usr_priv_key) { ++ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) { + SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length); + SNMP_FREE(old_ref->usr_priv_key); + } +@@ -1039,7 +1043,6 @@ usm_generate_out_msg(int msgProcModel, + if ((user = usm_get_user(secEngineID, secEngineIDLen, secName)) + == NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) { + DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName)); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_UNKNOWNSECURITYNAME; + } + +@@ -1091,7 +1094,6 @@ usm_generate_out_msg(int msgProcModel, + thePrivProtocolLength) == 1) { + DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n", + theSecLevel)); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL; + } + +@@ -1121,7 +1123,6 @@ usm_generate_out_msg(int msgProcModel, + &msgAuthParmLen, &msgPrivParmLen, &otstlen, + &seq_len, &msgSecParmLen) == -1) { + DEBUGMSGTL(("usm", "Failed calculating offsets.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + +@@ -1143,7 +1144,6 @@ usm_generate_out_msg(int msgProcModel, + ptr = *wholeMsg = globalData; + if (theTotalLength > *wholeMsgLen) { + DEBUGMSGTL(("usm", "Message won't fit in buffer.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + +@@ -1169,7 +1169,6 @@ usm_generate_out_msg(int msgProcModel, + htonl(boots_uint), htonl(time_uint), + &ptr[privParamsOffset]) == -1) { + DEBUGMSGTL(("usm", "Can't set AES iv.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + } +@@ -1185,7 +1184,6 @@ usm_generate_out_msg(int msgProcModel, + &ptr[privParamsOffset]) + == -1)) { + DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + } +@@ -1198,7 +1196,6 @@ usm_generate_out_msg(int msgProcModel, + &ptr[dataOffset], &encrypted_length) + != SNMP_ERR_NOERROR) { + DEBUGMSGTL(("usm", "encryption error.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_ENCRYPTIONERROR; + } + #ifdef NETSNMP_ENABLE_TESTING_CODE +@@ -1226,7 +1223,6 @@ usm_generate_out_msg(int msgProcModel, + if ((encrypted_length != (theTotalLength - dataOffset)) + || (salt_length != msgPrivParmLen)) { + DEBUGMSGTL(("usm", "encryption length error.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_ENCRYPTIONERROR; + } + +@@ -1362,7 +1358,6 @@ usm_generate_out_msg(int msgProcModel, + + if (temp_sig == NULL) { + DEBUGMSGTL(("usm", "Out of memory.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + +@@ -1376,7 +1371,6 @@ usm_generate_out_msg(int msgProcModel, + SNMP_ZERO(temp_sig, temp_sig_len); + SNMP_FREE(temp_sig); + DEBUGMSGTL(("usm", "Signing failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_AUTHENTICATIONFAILURE; + } + +@@ -1384,7 +1378,6 @@ usm_generate_out_msg(int msgProcModel, + SNMP_ZERO(temp_sig, temp_sig_len); + SNMP_FREE(temp_sig); + DEBUGMSGTL(("usm", "Signing lengths failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_AUTHENTICATIONFAILURE; + } + +@@ -1398,7 +1391,6 @@ usm_generate_out_msg(int msgProcModel, + /* + * endif -- create keyed hash + */ +- usm_free_usmStateReference(secStateRef); + + DEBUGMSGTL(("usm", "USM processing completed.\n")); + +@@ -1548,7 +1540,6 @@ usm_rgenerate_out_msg(int msgProcModel, + if ((user = usm_get_user(secEngineID, secEngineIDLen, secName)) + == NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) { + DEBUGMSGTL(("usm", "Unknown User\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_UNKNOWNSECURITYNAME; + } + +@@ -1601,7 +1592,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n", + theSecLevel)); + +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL; + } + +@@ -1636,7 +1626,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGMSGTL(("usm", + "couldn't malloc %d bytes for encrypted PDU\n", + (int)ciphertextlen)); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_MALLOC; + } + +@@ -1652,7 +1641,6 @@ usm_rgenerate_out_msg(int msgProcModel, + htonl(boots_uint), htonl(time_uint), + iv) == -1) { + DEBUGMSGTL(("usm", "Can't set AES iv.\n")); +- usm_free_usmStateReference(secStateRef); + SNMP_FREE(ciphertext); + return SNMPERR_USM_GENERICERROR; + } +@@ -1667,7 +1655,6 @@ usm_rgenerate_out_msg(int msgProcModel, + thePrivKeyLength - 8, + iv) == -1)) { + DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n")); +- usm_free_usmStateReference(secStateRef); + SNMP_FREE(ciphertext); + return SNMPERR_USM_GENERICERROR; + } +@@ -1686,7 +1673,6 @@ usm_rgenerate_out_msg(int msgProcModel, + scopedPdu, scopedPduLen, + ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) { + DEBUGMSGTL(("usm", "encryption error.\n")); +- usm_free_usmStateReference(secStateRef); + SNMP_FREE(ciphertext); + return SNMPERR_USM_ENCRYPTIONERROR; + } +@@ -1703,7 +1689,6 @@ usm_rgenerate_out_msg(int msgProcModel, + ciphertext, ciphertextlen); + if (rc == 0) { + DEBUGMSGTL(("usm", "Encryption failed.\n")); +- usm_free_usmStateReference(secStateRef); + SNMP_FREE(ciphertext); + return SNMPERR_USM_ENCRYPTIONERROR; + } +@@ -1743,7 +1728,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGINDENTLESS(); + if (rc == 0) { + DEBUGMSGTL(("usm", "building privParams failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1766,7 +1750,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGINDENTLESS(); + if (rc == 0) { + DEBUGMSGTL(("usm", "building authParams failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1789,7 +1772,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGINDENTLESS(); + if (rc == 0) { + DEBUGMSGTL(("usm", "building authParams failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1805,7 +1787,6 @@ usm_rgenerate_out_msg(int msgProcModel, + if (rc == 0) { + DEBUGMSGTL(("usm", + "building msgAuthoritativeEngineTime failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1821,7 +1802,6 @@ usm_rgenerate_out_msg(int msgProcModel, + if (rc == 0) { + DEBUGMSGTL(("usm", + "building msgAuthoritativeEngineBoots failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1833,7 +1813,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGINDENTLESS(); + if (rc == 0) { + DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1846,7 +1825,6 @@ usm_rgenerate_out_msg(int msgProcModel, + *offset - sp_offset); + if (rc == 0) { + DEBUGMSGTL(("usm", "building usm security parameters failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1860,7 +1838,6 @@ usm_rgenerate_out_msg(int msgProcModel, + + if (rc == 0) { + DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1870,7 +1847,6 @@ usm_rgenerate_out_msg(int msgProcModel, + while ((*wholeMsgLen - *offset) < globalDataLen) { + if (!asn_realloc(wholeMsg, wholeMsgLen)) { + DEBUGMSGTL(("usm", "building global data failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + } +@@ -1886,7 +1862,6 @@ usm_rgenerate_out_msg(int msgProcModel, + ASN_CONSTRUCTOR), *offset); + if (rc == 0) { + DEBUGMSGTL(("usm", "building master packet sequence failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1904,7 +1879,6 @@ usm_rgenerate_out_msg(int msgProcModel, + + if (temp_sig == NULL) { + DEBUGMSGTL(("usm", "Out of memory.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + +@@ -1915,14 +1889,12 @@ usm_rgenerate_out_msg(int msgProcModel, + != SNMP_ERR_NOERROR) { + SNMP_FREE(temp_sig); + DEBUGMSGTL(("usm", "Signing failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_AUTHENTICATIONFAILURE; + } + + if (temp_sig_len != msgAuthParmLen) { + SNMP_FREE(temp_sig); + DEBUGMSGTL(("usm", "Signing lengths failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_AUTHENTICATIONFAILURE; + } + +@@ -1933,7 +1905,6 @@ usm_rgenerate_out_msg(int msgProcModel, + /* + * endif -- create keyed hash + */ +- usm_free_usmStateReference(secStateRef); + DEBUGMSGTL(("usm", "USM processing completed.\n")); + return SNMPERR_SUCCESS; + } /* end usm_rgenerate_out_msg() */ diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec index 88e4dd6..e949f1c 100644 --- a/SPECS/net-snmp.spec +++ b/SPECS/net-snmp.spec @@ -10,7 +10,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.8 -Release: 12%{?dist} +Release: 12%{?dist}.1 Epoch: 1 License: BSD @@ -44,6 +44,8 @@ Patch15: net-snmp-5.8-ipv6-clientaddr.patch Patch16: net-snmp-5.8-agent-of-death.patch Patch17: net-snmp-5.8-trapsink.patch Patch18: net-snmp-5.8-flood-messages.patch +Patch19: net-snmp-5.8-v3-forward.patch +Patch20: net-snmp-5.8-sec-counter.patch # Modern RPM API means at least EL6 Patch101: net-snmp-5.8-modern-rpm-api.patch @@ -187,6 +189,8 @@ rm -r python %patch16 -p1 -b .agent-of-death %patch17 -p1 -b .trapsink %patch18 -p1 -b .flood-messages +%patch19 -p1 -b .v3-forward +%patch20 -p1 -b .sec-counter %patch101 -p1 -b .modern-rpm-api @@ -222,7 +226,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" --enable-mfd-rewrites \ --enable-ucd-snmp-compatibility \ --sysconfdir=%{_sysconfdir} \ - --with-cflags="$RPM_OPT_FLAGS -D_RPM_4_4_COMPAT" \ + --with-cflags="$RPM_OPT_FLAGS" \ --with-ldflags="-Wl,-z,relro -Wl,-z,now" \ --with-logfile="/var/log/snmpd.log" \ --with-mib-modules="$MIBS" \ @@ -440,6 +444,10 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_libdir}/libnetsnmptrapd*.so.%{soname}* %changelog +* Mon Mar 16 2020 Josef Ridky - 1:5.8-12.1 +- fix double free or corruption error caused by freeing security context (#1802055) +- remove deprecated CFLAG + * Wed Oct 16 2019 Jiri Kucera - 1:5.8-12 - rebuild to ensure correct disttag (#1755359)