SECURITY update to fix CVE-2008-0960, http://secunia.com/advisories/30574/

A vulnerability has been reported in Net-SNMP, which can be exploited
by malicious people to spoof authenticated SNMPv3 packets.

The authentication code reads the length to be checked from sender
input, this allows the sender to supply single byte HMAC code and
have a 1 in 256 chance of matching the correct HMAC and authenticating,
as only the first byte will be checked. The sender would need to
know a valid username.

ok rui (maintainer)

net/net-snmp/Makefile

@@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.27 2008/06/09 21:28:56 sturm Exp $
+# $OpenBSD: Makefile,v 1.28 2008/06/10 18:00:35 sthen Exp $
 
 COMMENT-main=	extendable SNMP implementation
 COMMENT-perl=	SNMP modules for Perl
 
-DISTNAME=	net-snmp-5.4.1
-PKGNAME-main=	${DISTNAME}p1
-PKGNAME-perl=	p5-SNMP-5.4.1p0
+DISTNAME=	net-snmp-5.4.1.1
+PKGNAME-main=	${DISTNAME}
+PKGNAME-perl=	p5-SNMP-5.4.1.1
 SHARED_LIBS=	netsnmp		7.0	\
 		netsnmpagent	7.0	\
 		netsnmphelpers	7.0	\

net/net-snmp/distinfo

@@ -1,5 +1,5 @@
-MD5 (net-snmp-5.4.1.tar.gz) = bJdN96WlsVefchFeawRb2g==
-RMD160 (net-snmp-5.4.1.tar.gz) = NyNIjauNFkcCp9VcnHLursB91Qw=
-SHA1 (net-snmp-5.4.1.tar.gz) = rFugM8ENU9MFdBUSH4xJNsZDwgg=
-SHA256 (net-snmp-5.4.1.tar.gz) = Dql2ciyZPIfe3o62NI5v6wWeOFG77y3oJL8YrJfNtWU=
-SIZE (net-snmp-5.4.1.tar.gz) = 5122455
+MD5 (net-snmp-5.4.1.1.tar.gz) = AKze8kv96U7FopEjPiYRtg==
+RMD160 (net-snmp-5.4.1.1.tar.gz) = hwtqPk6yjfPL3w3zTSP0a9feiWE=
+SHA1 (net-snmp-5.4.1.1.tar.gz) = z+73SPJCp7Ja2O6pWXf/J3mE42g=
+SHA256 (net-snmp-5.4.1.1.tar.gz) = si7LXn8JB8IMx/yfHh8xsbSy3YGr3D4uC/3fjQYACKI=
+SIZE (net-snmp-5.4.1.1.tar.gz) = 5123861

net/net-snmp/patches/patch-snmplib_snmp_version_c

@@ -0,0 +1,12 @@
+$OpenBSD: patch-snmplib_snmp_version_c,v 1.1 2008/06/10 18:00:35 sthen Exp $
+--- snmplib/snmp_version.c.orig	Tue Jun 10 10:16:25 2008
++++ snmplib/snmp_version.c	Tue Jun 10 10:16:33 2008
+@@ -5,7 +5,7 @@
+ #ifndef UCD_COMPATIBLE
+ static
+ #endif
+-const char     *NetSnmpVersionInfo = "5.4.1";
++const char     *NetSnmpVersionInfo = "5.4.1.1";
+ 
+ const char     *
+ netsnmp_get_version()

net/net-snmp/pkg/PLIST-main

@@ -1,31 +1,31 @@
-@comment $OpenBSD: PLIST-main,v 1.3 2008/06/05 15:52:21 okan Exp $
+@comment $OpenBSD: PLIST-main,v 1.4 2008/06/10 18:00:35 sthen Exp $
 @pkgpath net/net-snmp
 %%SHARED%%
-bin/encode_keychange
+@bin bin/encode_keychange
 bin/fixproc
 @comment bin/ipf-mod.pl
 bin/mib2c
 bin/mib2c-update
 bin/net-snmp-config
-bin/snmpbulkget
-bin/snmpbulkwalk
+@bin bin/snmpbulkget
+@bin bin/snmpbulkwalk
 bin/snmpcheck
 bin/snmpconf
-bin/snmpdelta
-bin/snmpdf
-bin/snmpget
-bin/snmpgetnext
-bin/snmpinform
-bin/snmpnetstat
-bin/snmpset
-bin/snmpstatus
-bin/snmptable
-bin/snmptest
-bin/snmptranslate
-bin/snmptrap
-bin/snmpusm
-bin/snmpvacm
-bin/snmpwalk
+@bin bin/snmpdelta
+@bin bin/snmpdf
+@bin bin/snmpget
+@bin bin/snmpgetnext
+@bin bin/snmpinform
+@bin bin/snmpnetstat
+@bin bin/snmpset
+@bin bin/snmpstatus
+@bin bin/snmptable
+@bin bin/snmptest
+@bin bin/snmptranslate
+@bin bin/snmptrap
+@bin bin/snmpusm
+@bin bin/snmpvacm
+@bin bin/snmpwalk
 bin/tkmib
 bin/traptoemail
 include/net-snmp/
@@ -344,8 +344,8 @@ lib/libnetsnmptrapd.la
 @man man/man5/variables.5
 @man man/man8/snmpd.8
 @man man/man8/snmptrapd.8
-sbin/snmpd
-sbin/snmptrapd
+@bin sbin/snmpd
+@bin sbin/snmptrapd
 share/doc/net-snmp/
 share/doc/net-snmp/AGENT.txt
 share/doc/net-snmp/FAQ