libnetsnmptrapd should be linked against MySQL client library

Bug #1814254 reported by Andreas Hasenack on 2019-02-01
This bug affects 1 person
Affects Status Importance Assigned to Milestone
net-snmp (Debian)
Fix Released
net-snmp (Ubuntu)
Andreas Hasenack

Bug Description

libnetsnmptrapd has mysql unresolved symbols:

root@disco-snmp:~# ldd -r /usr/lib/x86_64-linux-gnu/|grep ^undefined
undefined symbol: my_init (/usr/lib/x86_64-linux-gnu/
undefined symbol: my_load_defaults (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_sqlstate (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_stmt_errno (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_commit (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_stmt_init (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_stmt_prepare (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_errno (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_stmt_close (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_server_end (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_real_connect (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_close (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_stmt_error (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_init (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_insert_id (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_error (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_stmt_execute (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_stmt_bind_param (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_autocommit (/usr/lib/x86_64-linux-gnu/
undefined symbol: mysql_stmt_sqlstate (/usr/lib/x86_64-linux-gnu/

This doesn't seem to cause immediate problems in ubuntu at least, since snmptrapd (the daemon) is linked with mysql.

The other "consumer" of libnetsnmptrapd is libsnmp-perl, but that also doesn't seem to have problems loading the library.

Still, there are bugs in Fedora and Debian about this, and one was filed upstream too, and it seems correct to add the proper linking, as libnetsnmptrapd is not just a plugin that is dlopen()ed at runtime.

CVE References

Andreas Hasenack (ahasenack) wrote :

Debian added an attempted fix for this in commit, piggy backing on another unrelated fix.

I think Ubuntu should adopt the better fix proposed in Since the first part of the debian patch is a noop for ubuntu (we use mysql, not mariadb), and carrying a delta which drops or replaces just a part of a debian patch, we should probably drop the patch from the debian commit above entirely, and add a new ubuntu patch for the linking problem.

I linked the related Debian bug

Changed in net-snmp (Debian):
status: Unknown → New
Launchpad Janitor (janitor) wrote :
Download full text (4.0 KiB)

This bug was fixed in the package net-snmp - 5.7.3+dfsg-5ubuntu1

net-snmp (5.7.3+dfsg-5ubuntu1) disco; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Add apport hook.
      + d/control: add dh-apport to Build-Depends
      + d/rules: install the apport hook via debhelper
      + d/source.apport: apport hook
    - d/p/0001-swinst_apt.c-Fix-indexing-of-hrSWInstalledTable-to-s.patch:
      set first hrSWInstalledIndex to 1 to follow RFC 2790 (LP #1314760)
  * Drop:
    - SECURITY UPDATE: DoS via NULL pointer exception
      + debian/patches/CVE-2018-18065.patch: fix logic in
      + CVE-2018-18065
      [Fixed in 5.7.3+dfsg-4]
    - d/p/my_load_defaults: use my_load_defaults instead of the
      libmysqlclient-internal load_defaults (LP #1565003). Thanks to Lars
      [Replaced by a more complete patch]
    - debian/rules: Fix calculation of UPSTREAM_VERSION and COMPAT_VERSION.
      [No more needed since 5.7.3+dfsg-5]
  * Added:
    - d/p/snmptrapd_mysql_init: drop this patch. The first part fixes builds
      with newer mariadb, which Ubuntu doesn't use, and the second part is
      an unrelated change which we are fixing in another patch (see #1814254
      for details).
    - d/p/0001-Link-libnetsnmptrapd-against-MYSQL_LIBS.patch: Link
      libnetsnmptrapd against MYSQL_LIBS. Thanks to Adam
      Williamson <email address hidden>. (Closes: #886221, LP: #1814254)
    - Fix build with mysql-8 (LP: #1814270):
      + d/p/mysql8-replace-bool.patch: newer mysql dropped my_bool, use char
      + d/p/my-load-defaults.patch: properly detect (and use)
        my_load_defaults(). This replaces the previous
        my_load_defaults patch.
      + d/p/mysql8-headers.patch: detect if my_global.h and my_sys.h are
      + d/p/mysql-init.patch: handle the various mysql init functions
      + d/p/mysql-options.patch: use mysql_options if no {my_,}load_defaults
        was found.

net-snmp (5.7.3+dfsg-5) unstable; urgency=medium

  * Use debhelper macros for shlibs Closes: #912685
  * Relocate snmp.conf to libsnmp-base Closes: #914657

net-snmp (5.7.3+dfsg-4) unstable; urgency=medium

  [ Craig Small ]
  * Use correct snmpwalk args in snmpcheck Closes: #898197
  * Remove user only on purge Closes: #911216

  [ Ondřej Nový ]
  * d/copyright: Use https protocol in Format field
  * d/control: Removing redundant Priority field in binary package
  * d/changelog: Remove trailing whitespaces
  * d/control: Remove trailing whitespaces
  * d/watch: Use https protocol

  [ Salvatore Bonaccorso ]
  * snmpd crashes when receiving a GetNext PDU with multiple Varbinds
    (CVE-2018-18065) (Closes: #910638)

net-snmp (5.7.3+dfsg-3) unstable; urgency=medium

  * Compile perl module after library Closes: #894626

net-snmp (5.7.3+dfsg-2) unstable; urgency=medium

  [ Craig Small ]
  * New maintainer Closes: #835654
  * Imported old NMU diff Closes: #851343, #852479
  * Change VCS urls to salsa
  * Update to standards 4.1.3 - no change
  * Update to debhelper version 11
  * Remove empty copyright file for libsnmp30
  * snmp.prerm - remove killall
  * snm...


Changed in net-snmp (Ubuntu):
status: In Progress → Fix Released
Changed in net-snmp (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.