diff --git a/SOURCES/net-snmp-5.7.2-SHA-fix.patch b/SOURCES/net-snmp-5.7.2-SHA-fix.patch
new file mode 100644
index 0000000..26a603c
--- /dev/null
+++ b/SOURCES/net-snmp-5.7.2-SHA-fix.patch
@@ -0,0 +1,46 @@
+diff -up net-snmp-5.7.2/configure.d/config_os_libs2.orig net-snmp-5.7.2/configure.d/config_os_libs2
+--- net-snmp-5.7.2/configure.d/config_os_libs2.orig 2019-11-20 14:04:21.531094867 +0100
++++ net-snmp-5.7.2/configure.d/config_os_libs2 2019-11-20 14:05:06.967796642 +0100
+@@ -317,12 +317,12 @@ elif test "x$askedpkcs" = "xyes"; then
+ fi
+ if test "x$TLSPROG" = "xyes"; then
+ AC_CHECK_DECL([EVP_sha224],
+- : ,
+ AC_DEFINE([HAVE_EVP_SHA224], [], [Define if you have EVP_sha224/256 in openssl]),
++ : ,
+ [[#include <openssl/evp.h>]])
+ AC_CHECK_DECL([EVP_sha384],
+- : ,
+ AC_DEFINE([HAVE_EVP_SHA384], [], [Define if you have EVP_sha384/256 in openssl]),
++ : ,
+ [[#include <openssl/evp.h>]])
+ fi
+
+diff -up net-snmp-5.7.2/configure.orig net-snmp-5.7.2/configure
+--- net-snmp-5.7.2/configure.orig 2019-11-20 15:39:21.930543804 +0100
++++ net-snmp-5.7.2/configure 2019-11-20 15:53:07.936262052 +0100
+@@ -22887,20 +22887,16 @@ if test "x$TLSPROG" = "xyes"; then
+ ac_fn_c_check_decl "$LINENO" "EVP_sha224" "ac_cv_have_decl_EVP_sha224" "#include <openssl/evp.h>
+ "
+ if test "x$ac_cv_have_decl_EVP_sha224" = xyes; then :
+- :
+-else
+-
+-$as_echo "#define HAVE_EVP_SHA224 /**/" >>confdefs.h
++ $as_echo "#define HAVE_EVP_SHA224 /**/" >>confdefs.h
++else :
+
+ fi
+
+ ac_fn_c_check_decl "$LINENO" "EVP_sha384" "ac_cv_have_decl_EVP_sha384" "#include <openssl/evp.h>
+ "
+ if test "x$ac_cv_have_decl_EVP_sha384" = xyes; then :
+- :
+-else
+-
+-$as_echo "#define HAVE_EVP_SHA384 /**/" >>confdefs.h
++ $as_echo "#define HAVE_EVP_SHA384 /**/" >>confdefs.h
++else :
+
+ fi
+
diff --git a/SOURCES/net-snmp-5.7.2-pass_common.patch b/SOURCES/net-snmp-5.7.2-pass_common.patch
new file mode 100644
index 0000000..93927af
--- /dev/null
+++ b/SOURCES/net-snmp-5.7.2-pass_common.patch
@@ -0,0 +1,24 @@
+diff -ruNp a/agent/mibgroup/ucd-snmp/pass_common.c b/agent/mibgroup/ucd-snmp/pass_common.c
+--- a/agent/mibgroup/ucd-snmp/pass_common.c 2019-07-23 14:24:40.378049638 +0200
++++ b/agent/mibgroup/ucd-snmp/pass_common.c 2019-07-23 14:26:27.862983889 +0200
+@@ -250,15 +250,15 @@ netsnmp_internal_pass_set_format(char *b
+ sprintf(buf, "string \"\"\n");
+ else if (netsnmp_internal_bin2asc(buf2, var_val_len) ==
+ (int) var_val_len)
+- snprintf(buf, sizeof(buf), "string \"%s\"\n", buf2);
++ snprintf(buf, SNMP_MAXBUF, "string \"%s\"\n", buf2);
+ else
+- snprintf(buf, sizeof(buf), "octet \"%s\"\n", buf2);
+- buf[ sizeof(buf)-1 ] = 0;
++ snprintf(buf, SNMP_MAXBUF, "octet \"%s\"\n", buf2);
++ buf[ SNMP_MAXBUF-1 ] = 0;
+ break;
+ case ASN_OBJECT_ID:
+ sprint_mib_oid(buf2, (const oid *) var_val, var_val_len/sizeof(oid));
+- snprintf(buf, sizeof(buf), "objectid \"%s\"\n", buf2);
+- buf[ sizeof(buf)-1 ] = 0;
++ snprintf(buf, SNMP_MAXBUF, "objectid \"%s\"\n", buf2);
++ buf[ SNMP_MAXBUF-1 ] = 0;
+ break;
+ }
+ }
diff --git a/SOURCES/net-snmp-5.7.2-v3-forward.patch b/SOURCES/net-snmp-5.7.2-v3-forward.patch
index c23d4e8..9b51b7a 100644
--- a/SOURCES/net-snmp-5.7.2-v3-forward.patch
+++ b/SOURCES/net-snmp-5.7.2-v3-forward.patch
@@ -1,12 +1,476 @@
-diff -urNp N/snmplib/snmpusm.c M/snmplib/snmpusm.c
---- N/snmplib/snmpusm.c 2019-03-04 13:02:27.989775985 +0100
-+++ M/snmplib/snmpusm.c 2019-03-04 14:16:50.977619867 +0100
-@@ -1842,7 +1842,7 @@ usm_rgenerate_out_msg(int msgProcModel,
+diff -urNp x/agent/snmp_agent.c y/agent/snmp_agent.c
+--- x/agent/snmp_agent.c 2019-09-12 10:07:52.536297633 +0200
++++ y/agent/snmp_agent.c 2019-09-12 10:10:10.900666975 +0200
+@@ -1428,6 +1428,13 @@ free_agent_snmp_session(netsnmp_agent_se
+
+ DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
+ asp, asp->reqinfo));
++
++ /* Clean up securityStateRef here to prevent a double free */
++ if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
++ snmp_free_securityStateRef(asp->orig_pdu);
++ if (asp->pdu && asp->pdu->securityStateRef)
++ snmp_free_securityStateRef(asp->pdu);
++
+ if (asp->orig_pdu)
+ snmp_free_pdu(asp->orig_pdu);
+ if (asp->pdu)
+diff -urNp x/include/net-snmp/pdu_api.h y/include/net-snmp/pdu_api.h
+--- x/include/net-snmp/pdu_api.h 2019-09-12 10:07:52.548297751 +0200
++++ y/include/net-snmp/pdu_api.h 2019-09-12 10:11:26.562411701 +0200
+@@ -19,6 +19,8 @@ NETSNMP_IMPORT
+ netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
+ NETSNMP_IMPORT
+ void snmp_free_pdu( netsnmp_pdu *pdu);
++NETSNMP_IMPORT
++void snmp_free_securityStateRef( netsnmp_pdu *pdu);
+
+ #ifdef __cplusplus
+ }
+diff -urNp x/snmplib/snmp_api.c y/snmplib/snmp_api.c
+--- x/snmplib/snmp_api.c 2019-09-12 10:07:52.570297968 +0200
++++ y/snmplib/snmp_api.c 2019-09-13 08:53:53.734689426 +0200
+@@ -3837,6 +3837,42 @@ snmpv3_parse(netsnmp_pdu *pdu,
+ return SNMPERR_SUCCESS;
+ } /* end snmpv3_parse() */
+
++static void
++free_securityStateRef(netsnmp_pdu* pdu)
++{
++ struct snmp_secmod_def *sptr;
++
++ if(!pdu->securityStateRef)
++ return;
++
++ sptr = find_sec_mod(pdu->securityModel);
++ if (sptr) {
++ if (sptr->pdu_free_state_ref) {
++ (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
++ } else {
++ snmp_log(LOG_ERR,
++ "Security Model %d can't free state references\n",
++ pdu->securityModel);
++ }
++ } else {
++ snmp_log(LOG_ERR,
++ "Can't find security model to free ptr: %d\n",
++ pdu->securityModel);
++ }
++ pdu->securityStateRef = NULL;
++}
++
++/*
++ * This function is here to provide a separate call to
++ * free the securityStateRef memory. This is needed to prevent
++ * a double free if this memory is freed in snmp_free_pdu.
++ */
++void
++snmp_free_securityStateRef(netsnmp_pdu* pdu)
++{
++ free_securityStateRef(pdu);
++}
++
+ #define ERROR_STAT_LENGTH 11
+
+ int
+@@ -3858,7 +3894,6 @@ snmpv3_make_report(netsnmp_pdu *pdu, int
+ oid *err_var;
+ int err_var_len;
+ int stat_ind;
+- struct snmp_secmod_def *sptr;
+
+ switch (error) {
+ case SNMPERR_USM_UNKNOWNENGINEID:
+@@ -3919,21 +3954,7 @@ snmpv3_make_report(netsnmp_pdu *pdu, int
+ * which cached values to use
+ */
+ if (pdu->securityStateRef) {
+- sptr = find_sec_mod(pdu->securityModel);
+- if (sptr) {
+- if (sptr->pdu_free_state_ref) {
+- (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
+- } else {
+- snmp_log(LOG_ERR,
+- "Security Model %d can't free state references\n",
+- pdu->securityModel);
+- }
+- } else {
+- snmp_log(LOG_ERR,
+- "Can't find security model to free ptr: %d\n",
+- pdu->securityModel);
+- }
+- pdu->securityStateRef = NULL;
++ free_securityStateRef(pdu);
+ }
+
+ if (error == SNMPERR_USM_NOTINTIMEWINDOW) {
+@@ -5192,7 +5213,6 @@ _sess_process_packet(void *sessp, netsnm
+ struct session_list *slp = (struct session_list *) sessp;
+ netsnmp_pdu *pdu;
+ netsnmp_request_list *rp, *orp = NULL;
+- struct snmp_secmod_def *sptr;
+ int ret = 0, handled = 0;
+
+ DEBUGMSGTL(("sess_process_packet",
+@@ -5262,21 +5282,7 @@ _sess_process_packet(void *sessp, netsnm
+ * Call the security model to free any securityStateRef supplied w/ msg.
+ */
+ if (pdu->securityStateRef != NULL) {
+- sptr = find_sec_mod(pdu->securityModel);
+- if (sptr != NULL) {
+- if (sptr->pdu_free_state_ref != NULL) {
+- (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
+- } else {
+- snmp_log(LOG_ERR,
+- "Security Model %d can't free state references\n",
+- pdu->securityModel);
+- }
+- } else {
+- snmp_log(LOG_ERR,
+- "Can't find security model to free ptr: %d\n",
+- pdu->securityModel);
+- }
+- pdu->securityStateRef = NULL;
++ free_securityStateRef(pdu);
+ }
+ snmp_free_pdu(pdu);
+ return -1;
+@@ -5287,21 +5293,7 @@ _sess_process_packet(void *sessp, netsnm
+ * Call USM to free any securityStateRef supplied with the message.
+ */
+ if (pdu->securityStateRef) {
+- sptr = find_sec_mod(pdu->securityModel);
+- if (sptr) {
+- if (sptr->pdu_free_state_ref) {
+- (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
+- } else {
+- snmp_log(LOG_ERR,
+- "Security Model %d can't free state references\n",
+- pdu->securityModel);
+- }
+- } else {
+- snmp_log(LOG_ERR,
+- "Can't find security model to free ptr: %d\n",
+- pdu->securityModel);
+- }
+- pdu->securityStateRef = NULL;
++ free_securityStateRef(pdu);
+ }
+
+ for (rp = isp->requests; rp; orp = rp, rp = rp->next_request) {
+@@ -5454,21 +5446,7 @@ _sess_process_packet(void *sessp, netsnm
+ */
+ if (pdu != NULL && pdu->securityStateRef &&
+ pdu->command == SNMP_MSG_TRAP2) {
+- sptr = find_sec_mod(pdu->securityModel);
+- if (sptr) {
+- if (sptr->pdu_free_state_ref) {
+- (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
+- } else {
+- snmp_log(LOG_ERR,
+- "Security Model %d can't free state references\n",
+- pdu->securityModel);
+- }
+- } else {
+- snmp_log(LOG_ERR,
+- "Can't find security model to free ptr: %d\n",
+- pdu->securityModel);
+- }
+- pdu->securityStateRef = NULL;
++ free_securityStateRef(pdu);
+ }
+
+ if (!handled) {
+diff -urNp x/snmplib/snmpusm.c y/snmplib/snmpusm.c
+--- x/snmplib/snmpusm.c 2019-09-12 10:07:52.567297938 +0200
++++ y/snmplib/snmpusm.c 2019-09-12 10:57:52.780861077 +0200
+@@ -206,16 +206,20 @@ usm_free_usmStateReference(void *old)
+
+ if (old_ref) {
+
+- SNMP_FREE(old_ref->usr_name);
+- SNMP_FREE(old_ref->usr_engine_id);
+- SNMP_FREE(old_ref->usr_auth_protocol);
+- SNMP_FREE(old_ref->usr_priv_protocol);
++ if (old_ref->usr_name_length)
++ SNMP_FREE(old_ref->usr_name);
++ if (old_ref->usr_engine_id_length)
++ SNMP_FREE(old_ref->usr_engine_id);
++ if (old_ref->usr_auth_protocol_length)
++ SNMP_FREE(old_ref->usr_auth_protocol);
++ if (old_ref->usr_priv_protocol_length)
++ SNMP_FREE(old_ref->usr_priv_protocol);
+
+- if (old_ref->usr_auth_key) {
++ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
+ SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
+ SNMP_FREE(old_ref->usr_auth_key);
+ }
+- if (old_ref->usr_priv_key) {
++ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
+ SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
+ SNMP_FREE(old_ref->usr_priv_key);
+ }
+@@ -946,7 +950,6 @@ usm_generate_out_msg(int msgProcModel,
+ if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
+ == NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
+ DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_UNKNOWNSECURITYNAME;
+ }
+
+@@ -998,7 +1001,6 @@ usm_generate_out_msg(int msgProcModel,
+ thePrivProtocolLength) == 1) {
+ DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n",
+ theSecLevel));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
+ }
+
+@@ -1028,7 +1030,6 @@ usm_generate_out_msg(int msgProcModel,
+ &msgAuthParmLen, &msgPrivParmLen, &otstlen,
+ &seq_len, &msgSecParmLen) == -1) {
+ DEBUGMSGTL(("usm", "Failed calculating offsets.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_GENERICERROR;
+ }
+
+@@ -1050,7 +1051,6 @@ usm_generate_out_msg(int msgProcModel,
+ ptr = *wholeMsg = globalData;
+ if (theTotalLength > *wholeMsgLen) {
+ DEBUGMSGTL(("usm", "Message won't fit in buffer.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_GENERICERROR;
+ }
+
+@@ -1078,7 +1078,6 @@ usm_generate_out_msg(int msgProcModel,
+ htonl(boots_uint), htonl(time_uint),
+ &ptr[privParamsOffset]) == -1) {
+ DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_GENERICERROR;
+ }
+ }
+@@ -1091,7 +1090,6 @@ usm_generate_out_msg(int msgProcModel,
+ &ptr[privParamsOffset])
+ == -1)) {
+ DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_GENERICERROR;
+ }
+ }
+@@ -1104,7 +1102,6 @@ usm_generate_out_msg(int msgProcModel,
+ &ptr[dataOffset], &encrypted_length)
+ != SNMP_ERR_NOERROR) {
+ DEBUGMSGTL(("usm", "encryption error.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_ENCRYPTIONERROR;
+ }
+ #ifdef NETSNMP_ENABLE_TESTING_CODE
+@@ -1132,7 +1129,6 @@ usm_generate_out_msg(int msgProcModel,
+ if ((encrypted_length != (theTotalLength - dataOffset))
+ || (salt_length != msgPrivParmLen)) {
+ DEBUGMSGTL(("usm", "encryption length error.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_ENCRYPTIONERROR;
+ }
+
+@@ -1268,7 +1264,6 @@ usm_generate_out_msg(int msgProcModel,
+
+ if (temp_sig == NULL) {
+ DEBUGMSGTL(("usm", "Out of memory.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_GENERICERROR;
+ }
+
+@@ -1282,7 +1277,6 @@ usm_generate_out_msg(int msgProcModel,
+ SNMP_ZERO(temp_sig, temp_sig_len);
+ SNMP_FREE(temp_sig);
+ DEBUGMSGTL(("usm", "Signing failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_AUTHENTICATIONFAILURE;
+ }
+
+@@ -1290,7 +1284,6 @@ usm_generate_out_msg(int msgProcModel,
+ SNMP_ZERO(temp_sig, temp_sig_len);
+ SNMP_FREE(temp_sig);
+ DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_AUTHENTICATIONFAILURE;
+ }
+
+@@ -1304,7 +1297,6 @@ usm_generate_out_msg(int msgProcModel,
+ /*
+ * endif -- create keyed hash
+ */
+- usm_free_usmStateReference(secStateRef);
+
+ DEBUGMSGTL(("usm", "USM processing completed.\n"));
+
+@@ -1458,7 +1450,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
+ == NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
+ DEBUGMSGTL(("usm", "Unknown User\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_UNKNOWNSECURITYNAME;
+ }
+
+@@ -1511,7 +1502,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n",
+ theSecLevel));
+
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
+ }
+
+@@ -1544,7 +1534,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ DEBUGMSGTL(("usm",
+ "couldn't malloc %d bytes for encrypted PDU\n",
+ (int)ciphertextlen));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_MALLOC;
+ }
+
+@@ -1560,7 +1549,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ htonl(boots_uint), htonl(time_uint),
+ iv) == -1) {
+ DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
+- usm_free_usmStateReference(secStateRef);
+ SNMP_FREE(ciphertext);
+ return SNMPERR_USM_GENERICERROR;
+ }
+@@ -1575,7 +1563,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ thePrivKeyLength - 8,
+ iv) == -1)) {
+ DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
+- usm_free_usmStateReference(secStateRef);
+ SNMP_FREE(ciphertext);
+ return SNMPERR_USM_GENERICERROR;
+ }
+@@ -1594,7 +1581,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ scopedPdu, scopedPduLen,
+ ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) {
+ DEBUGMSGTL(("usm", "encryption error.\n"));
+- usm_free_usmStateReference(secStateRef);
+ SNMP_FREE(ciphertext);
+ return SNMPERR_USM_ENCRYPTIONERROR;
+ }
+@@ -1614,7 +1600,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ ciphertext, ciphertextlen);
+ if (rc == 0) {
+ DEBUGMSGTL(("usm", "Encryption failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ SNMP_FREE(ciphertext);
+ return SNMPERR_USM_ENCRYPTIONERROR;
+ }
+@@ -1654,7 +1639,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ DEBUGINDENTLESS();
+ if (rc == 0) {
+ DEBUGMSGTL(("usm", "building privParams failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+
+@@ -1675,7 +1659,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ DEBUGINDENTLESS();
+ if (rc == 0) {
+ DEBUGMSGTL(("usm", "building authParams failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+
+@@ -1698,7 +1681,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ DEBUGINDENTLESS();
+ if (rc == 0) {
+ DEBUGMSGTL(("usm", "building authParams failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+
+@@ -1714,7 +1696,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ if (rc == 0) {
+ DEBUGMSGTL(("usm",
+ "building msgAuthoritativeEngineTime failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+
+@@ -1730,7 +1711,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ if (rc == 0) {
+ DEBUGMSGTL(("usm",
+ "building msgAuthoritativeEngineBoots failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+
+@@ -1742,7 +1722,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ DEBUGINDENTLESS();
+ if (rc == 0) {
+ DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+
+@@ -1755,7 +1734,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ *offset - sp_offset);
+ if (rc == 0) {
+ DEBUGMSGTL(("usm", "building usm security parameters failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+
+@@ -1769,7 +1747,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+
+ if (rc == 0) {
+ DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+
+@@ -1779,7 +1756,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ while ((*wholeMsgLen - *offset) < globalDataLen) {
+ if (!asn_realloc(wholeMsg, wholeMsgLen)) {
+ DEBUGMSGTL(("usm", "building global data failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+ }
+@@ -1795,7 +1771,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+ ASN_CONSTRUCTOR), *offset);
+ if (rc == 0) {
+ DEBUGMSGTL(("usm", "building master packet sequence failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_TOO_LONG;
+ }
+
+@@ -1813,7 +1788,6 @@ usm_rgenerate_out_msg(int msgProcModel,
+
+ if (temp_sig == NULL) {
+ DEBUGMSGTL(("usm", "Out of memory.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_GENERICERROR;
+ }
+
+@@ -1824,14 +1798,12 @@ usm_rgenerate_out_msg(int msgProcModel,
+ != SNMP_ERR_NOERROR) {
+ SNMP_FREE(temp_sig);
+ DEBUGMSGTL(("usm", "Signing failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_AUTHENTICATIONFAILURE;
+ }
+
+ if (temp_sig_len != msgAuthParmLen) {
+ SNMP_FREE(temp_sig);
+ DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
+- usm_free_usmStateReference(secStateRef);
+ return SNMPERR_USM_AUTHENTICATIONFAILURE;
+ }
+
+@@ -1842,7 +1814,6 @@ usm_rgenerate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
-+// usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
return SNMPERR_SUCCESS;
} /* end usm_rgenerate_out_msg() */
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index a6f8c91..148d75b 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -11,7 +11,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.7.2
-Release: 43%{?dist}
+Release: 43%{?dist}.3
Epoch: 1
License: BSD
@@ -114,6 +114,8 @@ Patch78: net-snmp-5.7.2-traptomail.patch
Patch79: net-snmp-5.7.2-null-magic.patch
Patch80: net-snmp-5.7.2-v3-forward.patch
Patch81: net-snmp-5.7.2-memory.patch
+Patch82: net-snmp-5.7.2-pass_common.patch
+Patch83: net-snmp-5.7.2-SHA-fix.patch
Requires(post): chkconfig
Requires(preun): chkconfig
@@ -348,6 +350,8 @@ The net-snmp-sysvinit package provides SysV init scripts for Net-SNMP daemons.
%patch79 -p1 -b .null-magic
%patch80 -p1 -b .v3-forward
%patch81 -p1 -b .memory
+%patch82 -p1 -b .pass_common
+%patch83 -p1 -b .SHA-fix
%ifarch sparc64 s390 s390x
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
@@ -643,6 +647,15 @@ rm -rf ${RPM_BUILD_ROOT}
%{_initrddir}/snmptrapd
%changelog
+* Mon Dec 02 2019 Josef Ridky <jridky@redhat.com> - 1:5.7.2-43.3
+- fix sha224 and sha384 declaration check (#1778733)
+
+* Tue Sep 17 2019 Josef Ridky <jridky@redhat.com> - 1:5.7.2-43.2
+- fix memory leak introduced by trap v3 forwarding fix (#1752778)
+
+* Mon Aug 19 2019 Josef Ridky <jridky@redhat.com> - 1:5.7.2-43.1
+- fix buffer size in pass_common.c file (#1741925)
+
* Wed May 22 2019 Josef Ridky <jridky@redhat.com> - 1:5.7.2-43
- fix available memory calculation (#1250060)