Merge ~ahasenack/ubuntu/+source/net-snmp:focal-snmp-double-free-2012926 into ubuntu/+source/net-snmp:ubuntu/focal-devel
Proposed by
Andreas Hasenack
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | git-ubuntu bot | ||||
Approved revision: | not available | ||||
Merged at revision: | c9c7d7288ea02d39599a07ae48565d6da1d9530f | ||||
Proposed branch: | ~ahasenack/ubuntu/+source/net-snmp:focal-snmp-double-free-2012926 | ||||
Merge into: | ubuntu/+source/net-snmp:ubuntu/focal-devel | ||||
Diff against target: |
207 lines (+167/-0) 6 files modified
debian/changelog (+14/-0) debian/patches/double-free-agentx_got_response.patch (+36/-0) debian/patches/double-free-delegated-cache.patch (+33/-0) debian/patches/double-free-failed-transport.patch (+40/-0) debian/patches/double-free-when-NETSNMP_CALLBACK_OP_RESEND-is-set.patch (+40/-0) debian/patches/series (+4/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Sergio Durigan Junior (community) | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+445445@code.launchpad.net |
Description of the change
Multiple double free fixes for net-snmp in focal.
The easiest and most reliable way to reproduce the snmpd crash was to use a custom agentx subagent in python and inject an artificial delay just over the snmpd agentx timeout of 1s.
Testing instructions are in the bug.
PPA: https:/
The DEP8 test is trivial/
To post a comment you must log in.
Thanks, Andreas.
Package builds fine. dep8 is too superficial to be considered useful here, as you said. I verified each patch, did some investigation to make sure that they are minimally correct, and everything seems OK. As you said, there are other commits fixing double frees in the repository, but they're unrelated to agentx.
A small comment about the PPA: you did not enable all architectures there. I really think it's useful to at least make sure nothing strange happens when building on other arches, especially if it's an SRU like this one.
So, in a nutshell: LGTM assuming that the package builds fine on all supported architectures. +1