diff --git a/SOURCES/net-snmp-5.7.2-SHA-fix.patch b/SOURCES/net-snmp-5.7.2-SHA-fix.patch
new file mode 100644
index 0000000..26a603c
--- /dev/null
+++ b/SOURCES/net-snmp-5.7.2-SHA-fix.patch
@@ -0,0 +1,46 @@
+diff -up net-snmp-5.7.2/configure.d/config_os_libs2.orig net-snmp-5.7.2/configure.d/config_os_libs2
+--- net-snmp-5.7.2/configure.d/config_os_libs2.orig 2019-11-20 14:04:21.531094867 +0100
++++ net-snmp-5.7.2/configure.d/config_os_libs2 2019-11-20 14:05:06.967796642 +0100
+@@ -317,12 +317,12 @@ elif test "x$askedpkcs" = "xyes"; then
+ fi
+ if test "x$TLSPROG" = "xyes"; then
+ AC_CHECK_DECL([EVP_sha224],
+- : ,
+ AC_DEFINE([HAVE_EVP_SHA224], [], [Define if you have EVP_sha224/256 in openssl]),
++ : ,
+ [[#include <openssl/evp.h>]])
+ AC_CHECK_DECL([EVP_sha384],
+- : ,
+ AC_DEFINE([HAVE_EVP_SHA384], [], [Define if you have EVP_sha384/256 in openssl]),
++ : ,
+ [[#include <openssl/evp.h>]])
+ fi
+
+diff -up net-snmp-5.7.2/configure.orig net-snmp-5.7.2/configure
+--- net-snmp-5.7.2/configure.orig 2019-11-20 15:39:21.930543804 +0100
++++ net-snmp-5.7.2/configure 2019-11-20 15:53:07.936262052 +0100
+@@ -22887,20 +22887,16 @@ if test "x$TLSPROG" = "xyes"; then
+ ac_fn_c_check_decl "$LINENO" "EVP_sha224" "ac_cv_have_decl_EVP_sha224" "#include <openssl/evp.h>
+ "
+ if test "x$ac_cv_have_decl_EVP_sha224" = xyes; then :
+- :
+-else
+-
+-$as_echo "#define HAVE_EVP_SHA224 /**/" >>confdefs.h
++ $as_echo "#define HAVE_EVP_SHA224 /**/" >>confdefs.h
++else :
+
+ fi
+
+ ac_fn_c_check_decl "$LINENO" "EVP_sha384" "ac_cv_have_decl_EVP_sha384" "#include <openssl/evp.h>
+ "
+ if test "x$ac_cv_have_decl_EVP_sha384" = xyes; then :
+- :
+-else
+-
+-$as_echo "#define HAVE_EVP_SHA384 /**/" >>confdefs.h
++ $as_echo "#define HAVE_EVP_SHA384 /**/" >>confdefs.h
++else :
+
+ fi
+
diff --git a/SOURCES/net-snmp-5.7.2-memory.patch b/SOURCES/net-snmp-5.7.2-memory.patch
index d353e70..2b5864f 100644
--- a/SOURCES/net-snmp-5.7.2-memory.patch
+++ b/SOURCES/net-snmp-5.7.2-memory.patch
@@ -24,24 +24,6 @@ diff -urNp c/agent/mibgroup/hardware/memory/memory_linux.c d/agent/mibgroup/hard
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
-@@ -147,7 +154,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
- mem->descr = strdup("Physical memory");
- mem->units = 1024;
- mem->size = memtotal;
-- mem->free = memfree;
-+ mem->free = memfree+buffers+cached+sreclaimable;
- mem->other = -1;
- }
-
-@@ -159,7 +166,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
- mem->descr = strdup("Virtual memory");
- mem->units = 1024;
- mem->size = memtotal+swaptotal;
-- mem->free = memfree +swapfree;
-+ mem->free = memfree+swapfree+buffers+cached+sreclaimable;
- mem->other = -1;
- }
-
@@ -182,7 +189,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (!mem->descr)
mem->descr = strdup("Cached memory");
diff --git a/SOURCES/net-snmp-5.7.2-sec-counter.patch b/SOURCES/net-snmp-5.7.2-sec-counter.patch
new file mode 100644
index 0000000..bdb016b
--- /dev/null
+++ b/SOURCES/net-snmp-5.7.2-sec-counter.patch
@@ -0,0 +1,145 @@
+diff -up net-snmp-5.7.2/include/net-snmp/library/snmpusm.h.bz1809076 net-snmp-5.7.2/include/net-snmp/library/snmpusm.h
+--- net-snmp-5.7.2/include/net-snmp/library/snmpusm.h.bz1809076 2020-03-02 14:11:34.000000000 +0100
++++ net-snmp-5.7.2/include/net-snmp/library/snmpusm.h 2020-03-02 14:05:12.000000000 +0100
+@@ -34,6 +34,7 @@ extern "C" {
+ * Structures.
+ */
+ struct usmStateReference {
++ int refcnt;
+ char *usr_name;
+ size_t usr_name_length;
+ u_char *usr_engine_id;
+diff -up net-snmp-5.7.2/snmplib/snmp_client.c.bz1809076 net-snmp-5.7.2/snmplib/snmp_client.c
+--- net-snmp-5.7.2/snmplib/snmp_client.c.bz1809076 2020-03-02 14:11:27.000000000 +0100
++++ net-snmp-5.7.2/snmplib/snmp_client.c 2020-03-02 14:03:40.000000000 +0100
+@@ -391,27 +391,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
+ return NULL;
+ }
+
+- if (pdu != NULL && pdu->securityStateRef &&
+- pdu->command == SNMP_MSG_TRAP2) {
+-
+- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
+- (struct usmStateReference **) &newpdu->securityStateRef );
+-
+- if (ret)
+- {
++ sptr = find_sec_mod(newpdu->securityModel);
++ if (sptr && sptr->pdu_clone) {
++ /* call security model if it needs to know about this */
++ ret = sptr->pdu_clone(pdu, newpdu);
++ if (ret) {
+ snmp_free_pdu(newpdu);
+ return 0;
+ }
+ }
+
+- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
+- sptr->pdu_clone != NULL) {
+- /*
+- * call security model if it needs to know about this
+- */
+- (*sptr->pdu_clone) (pdu, newpdu);
+- }
+-
+ return newpdu;
+ }
+
+diff -up net-snmp-5.7.2/snmplib/snmpusm.c.bz1809076 net-snmp-5.7.2/snmplib/snmpusm.c
+--- net-snmp-5.7.2/snmplib/snmpusm.c.bz1809076 2020-03-02 14:11:20.000000000 +0100
++++ net-snmp-5.7.2/snmplib/snmpusm.c 2020-03-02 14:08:30.000000000 +0100
+@@ -192,43 +192,63 @@ free_enginetime_on_shutdown(int majorid,
+ struct usmStateReference *
+ usm_malloc_usmStateReference(void)
+ {
+- struct usmStateReference *retval = (struct usmStateReference *)
+- calloc(1, sizeof(struct usmStateReference));
++ struct usmStateReference *retval;
++
++ retval = calloc(1, sizeof(struct usmStateReference));
++ if (retval)
++ retval->refcnt = 1;
+
+ return retval;
+ } /* end usm_malloc_usmStateReference() */
+
++static int
++usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
++{
++ struct usmStateReference *ref = pdu->securityStateRef;
++ struct usmStateReference **new_ref =
++ (struct usmStateReference **)&new_pdu->securityStateRef;
++ int ret = 0;
++
++ if (!ref)
++ return ret;
++
++ if (pdu->command == SNMP_MSG_TRAP2) {
++ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
++ ret = usm_clone_usmStateReference(ref, new_ref);
++ } else {
++ netsnmp_assert(ref == *new_ref);
++ ref->refcnt++;
++ }
++
++ return ret;
++}
+
+ void
+ usm_free_usmStateReference(void *old)
+ {
+- struct usmStateReference *old_ref = (struct usmStateReference *) old;
++ struct usmStateReference *ref = old;
+
+- if (old_ref) {
++ if (!ref)
++ return;
+
+- if (old_ref->usr_name_length)
+- SNMP_FREE(old_ref->usr_name);
+- if (old_ref->usr_engine_id_length)
+- SNMP_FREE(old_ref->usr_engine_id);
+- if (old_ref->usr_auth_protocol_length)
+- SNMP_FREE(old_ref->usr_auth_protocol);
+- if (old_ref->usr_priv_protocol_length)
+- SNMP_FREE(old_ref->usr_priv_protocol);
+-
+- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
+- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
+- SNMP_FREE(old_ref->usr_auth_key);
+- }
+- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
+- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
+- SNMP_FREE(old_ref->usr_priv_key);
+- }
++ if (--ref->refcnt > 0)
++ return;
+
+- SNMP_ZERO(old_ref, sizeof(*old_ref));
+- SNMP_FREE(old_ref);
++ SNMP_FREE(ref->usr_name);
++ SNMP_FREE(ref->usr_engine_id);
++ SNMP_FREE(ref->usr_auth_protocol);
++ SNMP_FREE(ref->usr_priv_protocol);
+
++ if (ref->usr_auth_key_length && ref->usr_auth_key) {
++ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
++ SNMP_FREE(ref->usr_auth_key);
++ }
++ if (ref->usr_priv_key_length && ref->usr_priv_key) {
++ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
++ SNMP_FREE(ref->usr_priv_key);
+ }
+
++ SNMP_FREE(ref);
+ } /* end usm_free_usmStateReference() */
+
+ struct usmUser *
+@@ -3184,6 +3204,7 @@ init_usm(void)
+ def->encode_reverse = usm_secmod_rgenerate_out_msg;
+ def->encode_forward = usm_secmod_generate_out_msg;
+ def->decode = usm_secmod_process_in_msg;
++ def->pdu_clone = usm_clone;
+ def->pdu_free_state_ref = usm_free_usmStateReference;
+ def->session_setup = usm_session_init;
+ def->handle_report = usm_handle_report;
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 0c02dec..e0ecf9e 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -11,7 +11,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.7.2
-Release: 45%{?dist}
+Release: 48%{?dist}
Epoch: 1
License: BSD
@@ -120,6 +120,8 @@ Patch84: net-snmp-5.7.2-icmp.patch
Patch85: net-snmp-5.7.2-pass_common.patch
Patch86: net-snmp-5.7.2-CVE-2018-18066.patch
Patch87: net-snmp-5.7.2-counter64.patch
+Patch88: net-snmp-5.7.2-SHA-fix.patch
+Patch89: net-snmp-5.7.2-sec-counter.patch
Requires(post): chkconfig
Requires(preun): chkconfig
@@ -360,6 +362,8 @@ The net-snmp-sysvinit package provides SysV init scripts for Net-SNMP daemons.
%patch85 -p1 -b .pass_common
%patch86 -p1 -b .CVE-2018-18066
%patch87 -p1 -b .counter64
+%patch88 -p1 -b .SHA-fix
+%patch89 -p1 -b .sec-counter
%ifarch sparc64 s390 s390x
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
@@ -655,6 +659,15 @@ rm -rf ${RPM_BUILD_ROOT}
%{_initrddir}/snmptrapd
%changelog
+* Wed Mar 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.7.2-48
+- fix crash due of double-free of security context (#1809076)
+
+* Mon Dec 09 2019 Josef Ridky <jridky@redhat.com> - 1:5.7.2-47
+- revert calculation of free space (#1779609)
+
+* Mon Dec 02 2019 Josef Ridky <jridky@redhat.com> - 1:5.7.2-46
+- fix sha224 and sha384 declaration check (#1774693)
+
* Tue Sep 17 2019 Josef Ridky <jridky@redhat.com> - 1:5.7.2-45
- fix memory leak introduced by fix of snmp v3 traps forwarding (#1751195)