Merge PR "[AUTO-CHERRYPICK] [CRITICAL] Upgrade net-snmp to 5.9.5.2 for CVE-2025-68615 - branch main" #15420

Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>

Author: 4 people

SPECS/frr/0001-Fix-frr-c90-complaint-error.patch

@@ -0,0 +1,38 @@
+diff --git a/isisd/isis_snmp.c b/isisd/isis_snmp.c
+index a184b5b..de56b85 100644
+--- a/isisd/isis_snmp.c
++++ b/isisd/isis_snmp.c
+@@ -859,6 +859,7 @@ static int isis_snmp_area_addr_lookup_exact(oid *oid_idx, size_t oid_idx_len,
+ 	struct area_addr *addr = NULL;
+ 	struct listnode *addr_node;
+ 	struct isis *isis = isis_lookup_by_vrfid(VRF_DEFAULT);
++	int res;
+ 
+ 	if (isis == NULL)
+ 		return 0;
+@@ -870,7 +871,7 @@ static int isis_snmp_area_addr_lookup_exact(oid *oid_idx, size_t oid_idx_len,
+ 
+ 	area = listgetdata(listhead(isis->area_list));
+ 
+-	int res = isis_snmp_conv_exact(cmp_buf, sizeof(cmp_buf), &addr_len,
++	res = isis_snmp_conv_exact(cmp_buf, sizeof(cmp_buf), &addr_len,
+ 				       oid_idx, oid_idx_len);
+ 
+ 
+@@ -909,6 +910,7 @@ static int isis_snmp_area_addr_lookup_next(oid *oid_idx, size_t oid_idx_len,
+ 	struct area_addr *addr = NULL;
+ 	struct listnode *addr_node;
+ 	struct isis *isis = isis_lookup_by_vrfid(VRF_DEFAULT);
++	int res;
+ 
+ 	if (isis == NULL)
+ 		return 0;
+@@ -920,7 +922,7 @@ static int isis_snmp_area_addr_lookup_next(oid *oid_idx, size_t oid_idx_len,
+ 
+ 	area = listgetdata(listhead(isis->area_list));
+ 
+-	int res = isis_snmp_conv_next(cmp_buf, sizeof(cmp_buf), &addr_len,
++	res = isis_snmp_conv_next(cmp_buf, sizeof(cmp_buf), &addr_len,
+ 				      &try_exact, oid_idx, oid_idx_len);
+ 
+ 	if (!res)

SPECS/frr/frr.spec

@@ -3,7 +3,7 @@
 Summary:        Routing daemon
 Name:           frr
 Version:        8.5.5
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPL-2.0-or-later
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -18,6 +18,7 @@ Patch3:         0003-fips-mode.patch
 Patch4:         0004-remove-grpc-test.patch
 Patch5:         CVE-2024-44070.patch
 Patch6:         CVE-2024-55553.patch
+Patch7:         0001-Fix-frr-c90-complaint-error.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -200,6 +201,9 @@ rm tests/lib/*grpc*
 %{_sysusersdir}/%{name}.conf
 
 %changelog
+* Mon Dec 29 2025 Archana Shettigar <v-shettigara@microsoft.com> - 8.5.5-4
+- Rebuilt for net-snmp version up with c90 fix
+
 * Fri Jun 13 2025 Kanishk Bansal <kanbansal@microsoft.com> - 8.5.5-3
 - Backport Patch CVE-2024-55553
 

SPECS/net-snmp/net-snmp.signatures.json

@@ -2,6 +2,6 @@
   "Signatures": {
     "snmpd.service": "5e17bf9f66f2b77e1a6c6dff7356cecb8ed488ce3df361738a72b4436096b694",
     "snmptrapd.service": "ef3e3dbe80c8ab455b30cd83db23db136263c1295ce2f23dcc4a1a1b60799229",
-    "net-snmp-5.9.4.tar.gz": "8b4de01391e74e3c7014beb43961a2d6d6fa03acc34280b9585f4930745b0544"
+    "net-snmp-5.9.5.2.tar.gz": "16707719f833184a4b72835dac359ae188123b06b5e42817c00790d7dc1384bf"
   }
 }

SPECS/net-snmp/net-snmp.spec

@@ -1,7 +1,7 @@
 %global __requires_exclude perl\\(.*\\)
 Summary:        Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6.
 Name:           net-snmp
-Version:        5.9.4
+Version:        5.9.5.2
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -123,10 +123,13 @@ popd
 %{_localstatedir}/run/net-snmp
 
 %changelog
+* Mon Dec 29 2025 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.9.5.2-1
+- Auto-upgrade to 5.9.5.2 - for CVE-2025-68615
+
 * Tue Apr 23 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.9.4-1
 - Auto-upgrade to 5.9.4 - Fixes for CVE-2022-44792 and CVE-2022-44793
 
-* Fri Apr 07 2022 Minghe Ren <mingheren@microsoft.com> - 5.9.1-2
+* Thu Apr 07 2022 Minghe Ren <mingheren@microsoft.com> - 5.9.1-2
 - Add net-snmp-lib subpackage and UCD-SNMP
 
 * Fri Mar 04 2022 Minghe Ren <mingheren@microsoft.com> - 5.9.1-1

cgmanifest.json

@@ -14133,8 +14133,8 @@
         "type": "other",
         "other": {
           "name": "net-snmp",
-          "version": "5.9.4",
-          "downloadUrl": "https://sourceforge.net/projects/net-snmp/files/net-snmp/5.9.4/net-snmp-5.9.4.tar.gz"
+          "version": "5.9.5.2",
+          "downloadUrl": "https://sourceforge.net/projects/net-snmp/files/net-snmp/5.9.5.2/net-snmp-5.9.5.2.tar.gz"
         }
       }
     },