Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem: After configuring net-snmp to accept an authenticated and encrypted request from the same host over SNMPv3, the connection fails with the message "security service 3 error parsing ScopedPDU". Version-Release number of selected component (if applicable): net-snmp-5.8-17.el8.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure /etc/snmp/snmpd.conf as follows: syslocation Somewhere syscontact postmaster dontLogTCPWrappersConnects yes agentaddress udp:161,udp6:161 includeAllDisks 10% engineID host.example.com rouser -s usm user1 rouser -s usm user2 2. Create users in /var/lib/net-snmp/snmpd.conf createUser "user1" "SHA256" "password" "AES256" "password" createUser "user2" "SHA256" "password" "AES256" "password" 3. Create client side config in /etc/snmp/snmp.conf defversion 3 defsecurityname user1 defsecuritylevel authPriv defauthtype SHA256 defauthpassphrase password defprivtype AES256 defprivpassphrase password 4. Run snmpwalk host.example.com Actual results: [root@host ~]# snmpwalk host.example.com security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU snmpwalk: Timeout (error parsing PDU Expected results: A successful connection. Additional info: Changing the encryption protocol from DES to AES to AES256 makes no difference, all options are broken. Recompiling the net-snmp SRPM using the net-snmp 5.9 release along with these modifications to the spec file below make no effect. It is possible that some changes to net-snmp depedencies like openssl have broken snmpv3, and this hasn't been picked up. Changes to spec file to make v5.9 build: [minfrin@localhost SPECS]$ diff -u net-snmp.spec net-snmp-5.9.spec --- net-snmp.spec 2020-08-11 10:33:04.000000000 +0100 +++ net-snmp-5.9.spec 2020-12-15 11:22:13.684807377 +0000 @@ -1,15 +1,15 @@ # use nestnmp_check 0 to speed up packaging by disabling 'make test' -%{!?netsnmp_check: %global netsnmp_check 1} +%{!?netsnmp_check: %global netsnmp_check 0} # Arches on which we need to prevent arch conflicts on net-snmp-config.h %global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 aarch64 # actual soname version -%global soname 35 +%global soname 40 Summary: A collection of SNMP protocol tools and libraries Name: net-snmp -Version: 5.8 +Version: 5.9 Release: 17%{?dist} Epoch: 1 @@ -179,38 +179,38 @@ rm -r python %ifnarch ia64 -%patch1 -p1 -b .pie +#%patch1 -p1 -b .pie %endif -%patch2 -p1 -b .dir-fix +#%patch2 -p1 -b .dir-fix %patch3 -p1 -b .multilib -%patch4 -p1 -%patch5 -p1 -b .autoreconf -%patch6 -p1 -b .agentx-disconnect-crash +#%patch4 -p1 +#%patch5 -p1 -b .autoreconf +#%patch6 -p1 -b .agentx-disconnect-crash %patch7 -p1 -b .cert-path -%patch8 -p1 -b .cflags +#%patch8 -p1 -b .cflags %patch9 -p1 -b .u64-remove -%patch10 -p1 -b .perlfix +#%patch10 -p1 -b .perlfix %patch11 -p1 -b .iterator-fix -%patch12 -p1 -b .autofs-skip +#%patch12 -p1 -b .autofs-skip %patch13 -p1 -b .usage-fix -%patch14 -p1 -b .coverity -%patch15 -p1 -b .ipv6-clientaddr -%patch16 -p1 -b .agent-of-death -%patch17 -p1 -b .trapsink -%patch18 -p1 -b .flood-messages -%patch19 -p1 -b .v3-forward -%patch20 -p1 -b .sec-counter +#%patch14 -p1 -b .coverity +#%patch15 -p1 -b .ipv6-clientaddr +#%patch16 -p1 -b .agent-of-death +#%patch17 -p1 -b .trapsink +#%patch18 -p1 -b .flood-messages +#%patch19 -p1 -b .v3-forward +#%patch20 -p1 -b .sec-counter %patch21 -p1 -b .proxy-getnext -%patch22 -p1 -b .dskTable-dynamic +#%patch22 -p1 -b .dskTable-dynamic %patch23 -p1 -b .expand-SNMPCONFPATH %patch24 -p1 -b .duplicate-ipAddress -%patch25 -p1 -b .memory-reporting +#%patch25 -p1 -b .memory-reporting %patch26 -p1 -b .man-page %patch27 -p1 -b .ipAddress-faster-load %patch28 -p1 -b .rpm-memory-leak -%patch29 -p1 -b .sec-memory-leak -%patch30 -p1 -b .aes-config +#%patch29 -p1 -b .sec-memory-leak +#%patch30 -p1 -b .aes-config %patch101 -p1 -b .modern-rpm-api @@ -419,6 +419,8 @@ %files devel %{_libdir}/lib*.so +%{_libdir}/pkgconfig/netsnmp-agent.pc +%{_libdir}/pkgconfig/netsnmp.pc /usr/include/* %attr(0644,root,root) %{_mandir}/man3/*.3.* %attr(0755,root,root) %{_bindir}/net-snmp-config*