- Update from version 5.9.1 to 5.9.3
- Version 5.9.4 exists but it is indicated that SNMP over TLS and/or DTLS is not
   functioning properly with various versions of OpenSSL. However I could not find which
   versions mentioned in the News or Changelog. The problem will be fixed in a future
   version. There are no CVE fixes in 5.9.4, only a relatively few bug fixes so I
   decided to wait for the fixed version in case there are users using TLS with SNMP.
- Update of rootfile
- 6 CVE fixes in 5.9.3
- Changelog
    5.9.3
	    security:
	      - These two CVEs can be exploited by a user with read-only credentials:
	          - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
	            NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
	          - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
	            can cause a NULL pointer dereference.
	      - These CVEs can be exploited by a user with read-write credentials:
	          - CVE-2022-24806 Improper Input Validation when SETing malformed
	            OIDs in master agent and subagent simultaneously
	          - CVE-2022-24807 A malformed OID in a SET request to
	            SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
	            out-of-bounds memory access.
	          - CVE-2022-24808 A malformed OID in a SET request to
	            NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
	          - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
	            can cause a NULL pointer dereference.
	      - To avoid these flaws, use strong SNMPv3 credentials and do not share them.
	        If you must use SNMPv1 or SNMPv2c, use a complex community string
	        and enhance the protection by restricting access to a given IP address
		range.
	      - Thanks are due to Yu Zhang of VARAS(a)IIE and Nanyu Zhong of VARAS(a)IIE for
	        reporting the following CVEs that have been fixed in this release, and
	        to Arista Networks for providing fixes.
	    misc:
	      - Snmp-create-v3-user: Fix the snmpd.conf path   @datadir@ is
		expanded in ${datarootdir} so datarootdir must be set before
		@datadir@ is used.
	    general: Many bug fixes
    5.9.2
	    skipped due to a last minute library versioning found bug -- use 5.9.3 instead

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/packages/netsnmpd | 11 +++++------
 lfs/netsnmpd                       |  8 ++++----
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/config/rootfiles/packages/netsnmpd b/config/rootfiles/packages/netsnmpd
index 8e1814886..510f4a0cf 100644
--- a/config/rootfiles/packages/netsnmpd
+++ b/config/rootfiles/packages/netsnmpd
@@ -110,7 +110,6 @@ usr/bin/traptoemail
 #usr/include/net-snmp/library/data_list.h
 #usr/include/net-snmp/library/default_store.h
 #usr/include/net-snmp/library/dir_utils.h
-#usr/include/net-snmp/library/factory.h
 #usr/include/net-snmp/library/fd_event_manager.h
 #usr/include/net-snmp/library/file_utils.h
 #usr/include/net-snmp/library/getopt.h
@@ -233,27 +232,27 @@ usr/bin/traptoemail
 #usr/lib/libnetsnmp.la
 #usr/lib/libnetsnmp.so
 usr/lib/libnetsnmp.so.40
-usr/lib/libnetsnmp.so.40.1.0
+usr/lib/libnetsnmp.so.40.2.0
 #usr/lib/libnetsnmpagent.a
 #usr/lib/libnetsnmpagent.la
 #usr/lib/libnetsnmpagent.so
 usr/lib/libnetsnmpagent.so.40
-usr/lib/libnetsnmpagent.so.40.1.0
+usr/lib/libnetsnmpagent.so.40.2.0
 #usr/lib/libnetsnmphelpers.a
 #usr/lib/libnetsnmphelpers.la
 #usr/lib/libnetsnmphelpers.so
 usr/lib/libnetsnmphelpers.so.40
-usr/lib/libnetsnmphelpers.so.40.1.0
+usr/lib/libnetsnmphelpers.so.40.2.0
 #usr/lib/libnetsnmpmibs.a
 #usr/lib/libnetsnmpmibs.la
 #usr/lib/libnetsnmpmibs.so
 usr/lib/libnetsnmpmibs.so.40
-usr/lib/libnetsnmpmibs.so.40.1.0
+usr/lib/libnetsnmpmibs.so.40.2.0
 #usr/lib/libnetsnmptrapd.a
 #usr/lib/libnetsnmptrapd.la
 #usr/lib/libnetsnmptrapd.so
 usr/lib/libnetsnmptrapd.so.40
-usr/lib/libnetsnmptrapd.so.40.1.0
+usr/lib/libnetsnmptrapd.so.40.2.0
 #usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle
 usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle/MakefileSubs.pm
 #usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/NetSNMP
diff --git a/lfs/netsnmpd b/lfs/netsnmpd
index 7724cd7de..5605d6307 100644
--- a/lfs/netsnmpd
+++ b/lfs/netsnmpd
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2019  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = SNMP Daemon
 
-VER        = 5.9.1
+VER        = 5.9.3
 
 THISAPP    = net-snmp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = netsnmpd
-PAK_VER    = 14
+PAK_VER    = 15
 
 DEPS       =
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 6f4d5d279a81aa5f62628d3dd5221620590ad1dceec15fdc5e39705f7b08456b84aed4cf7376cbb807dd5b77dfe4162e47f2c9d29133f04ba321dfaf4aa7aaaa
+$(DL_FILE)_BLAKE2 = b8e3de60e178ec16ad2848ad77f3bd4cbd35eaa9be103c0fa5d17514c29df4e69015ac53b54c9e565e3032b0c0bb47c19729e65310a6acefae901e101ea49451
 
 install : $(TARGET)
 
-- 
2.46.0