[AUTOPATCHER-CORE] Upgrade net-snmp to 5.9.5 for CVE-2025-68615 [Critical]
#15382
Conversation
microsoft-github-policy-service
bot
added
Packaging
fasttrack/3.0
Kanishk-Bansal
changed the title
net-snmp to 5.9.5 for CVE-2025-68615 [Critical]
jslobodzian
left a comment
jslobodzian
left a comment
There was a problem hiding this comment.
Build failed:
time="2025-12-23T14:29:27Z" level=debug msg="Net-SNMP installed version: 5.9.4 => 5.0904"
time="2025-12-23T14:29:27Z" level=debug msg="Perl Module Version: 5.0905"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg="These versions must match for perfect support of the module. It is possible"
time="2025-12-23T14:29:27Z" level=debug msg="that different versions may work together, but it is strongly recommended"
time="2025-12-23T14:29:27Z" level=debug msg="that you make these two versions identical. You can get the Net-SNMP"
time="2025-12-23T14:29:27Z" level=debug msg="source code and the associated perl modules directly from"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg=" http://www.net-snmp.org/"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg="If you want to continue anyway please set the NETSNMP_DONT_CHECK_VERSION"
time="2025-12-23T14:29:27Z" level=debug msg="environmental variable to 1 and re-run the Makefile.PL script."
time="2025-12-23T14:29:27Z" level=debug msg="make: *** [Makefile:308: perl/Makefile] Error 1"
time="2025-12-23T14:29:27Z" level=debug msg="error: Bad exit status from /var/tmp/rpm-tmp.ZxMdIK (%build)"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg="RPM build warnings:"
time="2025-12-23T14:29:27Z" level=debug msg=" bogus date in %changelog: Fri Apr 07 2022 Minghe Ren mingheren@microsoft.com - 5.9.1-2"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg="RPM build errors:"
time="2025-12-23T14:29:27Z" level=debug msg=" Bad exit status from /var/tmp/rpm-tmp.ZxMdIK (%build)"
Kanishk-Bansal
force-pushed
the
cblmargh/net-snmp-upgrade-to-5.9.5-fasttrack/3.0
branch
from
cb4ca0f to
b2aeee8
Compare
SPECS/net-snmp/net-snmp.spec
Outdated
|
|
||
| %build | ||
| MIBS="ucd-snmp/diskio" | ||
| export NETSNMP_DONT_CHECK_VERSION=1 |
There was a problem hiding this comment.
I don’t think we want to do this. This is to check that the Perl module version matches this version.
There was a problem hiding this comment.
@jslobodzian & @Kanishk-Bansal I believe the real issue is with the configure file under https://sourceforge.net/projects/net-snmp/files/net-snmp/5.9.5/net-snmp-5.9.5.tar.gz. In the configure file the version value is still set to 5.9.4
Identity of this package.
PACKAGE_NAME='Net-SNMP'
PACKAGE_TARNAME='net-snmp'
PACKAGE_VERSION='5.9.4'
PACKAGE_STRING='Net-SNMP 5.9.4'
PACKAGE_BUGREPORT='net-snmp-coders@lists.sourceforge.net'
PACKAGE_URL=''
There was a problem hiding this comment.
I have already made the changes @aninda-al at https://github.com/microsoft/azurelinux/commits/81731717fb226a42b1697b7fe224f83355884fec
Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Exclude the COPYING license file from the package.
|
Buddy Build |
Kanishk-Bansal
added
the
CVEFixReadyForMaintainerReview
|
@Kanishk-Bansal it looks like the build break for net-snmp is fixed now, but frr, which is and n+1 dependency, fails to build with that upgrade. time="2025-12-25T07:03:56Z" level=debug msg="make[1]: Leaving directory '/usr/src/azl/BUILD/frr-frr-9.1.1'" |
jslobodzian
left a comment
jslobodzian
left a comment
There was a problem hiding this comment.
build for frr now breaks.
|
closing in favour of #15408 |
[AUTOPATCHER-CORE] Upgrade net-snmp to 5.9.5 for CVE-2025-68615
Upgrade pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1011146&view=results