[Pkg-net-snmp-devel] Bug#966544: Bug#966544: snmpd: extend option broken after update

Christian Balzer chibi at gol.com
Fri Jul 31 04:32:05 BST 2020 

Hello Craig,

These issues, do they warrant utterly breaking things w/o any recourse
short of recompiling things for many, many users that use the extend
feature?
Especially given the fact that SNMP traffic tends to be on private
networks and the feature not being enabled by default in the config.

At the very least a "this will break things, abort now" missive during
upgrade would have been nice.

If upstream can't/won't fix this snmpd has lost it's usefulness for me in
the long run compared to other data collectors.

Regards,

Christian


On Fri, 31 Jul 2020 10:46:29 +1000 Craig Small <csmall at debian.org> wrote:
> Hi James,
>   That would have been intentional, the EXTEND MIB has major security
> issues.
> 
>  - Craig
> 
> 
> On Thu, 30 Jul 2020 at 23:03, James Greig <james at host-it.co.uk> wrote:
> 
> > Package: snmpd
> > Version: 5.7.3+dfsg-1.7+deb9u2
> > Severity: important
> >
> > Dear Maintainer,
> >
> > *** Reporter, please consider answering these questions, where appropriate
> > ***
> >
> > Updating snmpd from deb9u1 to deb9u2 via apt on any stretch system
> > breaks the ability to use 'extend' in snmpd.
> >
> > After updating on any stretch system and restarting snmpd this error will
> > appear:-
> >
> > Warning: Unknown token: extend
> >
> > It's likely the latest binary build of this package has not included
> > options to
> > enable extend and/or other extras.
> >
> > *** End of the template - remove these template lines ***
> >
> >
> > -- System Information:
> > Debian Release: 9.13
> >   APT prefers oldstable-updates
> >   APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
> > Architecture: amd64 (x86_64)
> >
> > Kernel: Linux 4.9.0-13-amd64 (SMP w/8 CPU cores)
> > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
> > LANGUAGE=en_GB:en (charmap=UTF-8)
> > Shell: /bin/sh linked to /bin/dash
> > Init: systemd (via /run/systemd/system)
> >
> > Versions of packages snmpd depends on:
> > ii  adduser                3.115
> > ii  debconf [debconf-2.0]  1.5.61
> > ii  init-system-helpers    1.48
> > ii  libc6                  2.24-11+deb9u4
> > ii  libsnmp-base           5.7.3+dfsg-1.7+deb9u2
> > ii  libsnmp30              5.7.3+dfsg-1.7+deb9u2
> > ii  lsb-base               9.20161125
> >
> > snmpd recommends no packages.
> >
> > Versions of packages snmpd suggests:
> > pn  snmptrapd  <none>
> >
> > -- debconf information excluded

-- 
Christian Balzer        Network/Systems Engineer                
chibi at gol.com   	Rakuten Mobile Inc.

More information about the Pkg-net-snmp-devel mailing list