Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

.gitignore

@@ -1 +1,12 @@
-net-snmp-5.4.1.tar.gz
+net-snmp-5.5.tar.gz
+/net-snmp-5.6.tar.gz
+/net-snmp-5.6.1.tar.gz
+/net-snmp-5.7.tar.gz
+/net-snmp-5.7.1.tar.gz
+/net-snmp-5.7.2.tar.gz
+/net-snmp-5.7.3.tar.gz
+/net-snmp-5.8.tar.gz
+/net-snmp-5.9.tar.gz
+/net-snmp-5.9.1.tar.gz
+/net-snmp-5.9.3.tar.gz
+/net-snmp-5.9.4.tar.gz

IETF-MIB-LICENSE.txt

@@ -0,0 +1,41 @@
+MIBs included in this software taken from IETF Documents are considered 
+Code Components in accordance with the IETF Trust License Policy, as found
+here:
+
+http://trustee.ietf.org/license-info/
+
+They are available under the terms of the Simplified BSD license, a copy of
+which is included below.
+
+*****
+
+Copyright (c) 2013 IETF Trust and the persons identified as authors of 
+the code.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without 
+modification, are permitted provided that the following conditions are 
+met:
+
+· Redistributions of source code must retain the above copyright notice, 
+this list of conditions and the following disclaimer. 
+
+· Redistributions in binary form must reproduce the above copyright 
+notice, this list of conditions and the following disclaimer in the 
+documentation and/or other materials provided with the distribution.
+
+· Neither the name of Internet Society, IETF or IETF Trust, nor the 
+names of specific contributors, may be used to endorse or promote 
+products derived from this software without specific prior written 
+permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS 
+IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER 
+OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

net-snmp-5.0.8-ipv6-sock-close.patch

@@ -1,10 +0,0 @@
---- net-snmp-5.0.8/agent/mibgroup/mibII/ipv6.c.orig	2003-02-25 16:35:58.000000000 +0200
-+++ net-snmp-5.0.8/agent/mibgroup/mibII/ipv6.c	2003-02-25 16:36:30.000000000 +0200
-@@ -1961,6 +1961,7 @@
-                 break;
-             }
-             long_return = (ifr.ifr_flags & flag) ? 1 : 2;
-+            close(s);
-             return (u_char *) & long_return;
-         }
-     }

net-snmp-5.0.8-readonly.patch

@@ -1,15 +0,0 @@
---- net-snmp-5.0.8/agent/snmp_agent.c.readonly	2003-08-05 14:55:44.000000000 +0200
-+++ net-snmp-5.0.8/agent/snmp_agent.c	2003-08-06 16:05:56.000000000 +0200
-@@ -1133,6 +1133,12 @@
-     int             i, n = 0, r = 0;
- 
-     /*
-+     * Update asp->status if necessary. Fixes ro/rw problem.
-+     */
-+    if ( status != 0  && asp->status == 0 )
-+          asp->status = status;
-+
-+    /*
-      * if this request was a set, clear the global now that we are
-      * done.
-      */

net-snmp-5.1.2-dir-fix.patch

@@ -1,11 +0,0 @@
---- net-snmp-5.1.2/net-snmp-config.in.dir-fix	2004-06-17 15:39:28.000000000 +0200
-+++ net-snmp-5.1.2/net-snmp-config.in	2004-11-16 10:26:28.928414992 +0100
-@@ -249,7 +249,7 @@
-       echo "  " $line
-       echo $line >> $outfile
- 
--      outfile="@datadir@/snmp/snmpd.conf"
-+      outfile="/etc/snmp/snmpd.conf"
-       line="$token $user"
-       echo "adding the following line to $outfile:"
-       echo "  " $line

net-snmp-5.1.2-snmpconf-selinux.patch

@@ -1,10 +0,0 @@
---- net-snmp-5.1.2/local/snmpconf.orig	2004-04-20 16:20:51.000000000 +0200
-+++ net-snmp-5.1.2/local/snmpconf	2007-07-09 15:34:48.000000000 +0200
-@@ -585,6 +585,7 @@
- 	    }
- 	}
- 	close(O);
-+	system("restorecon $outputf");
-     }
- }
- 

net-snmp-5.2.1-file_offset.patch

@@ -1,44 +0,0 @@
---- net-snmp-5.2.1/include/net-snmp/agent/snmp_vars.h.long	2004-04-15 14:47:10.000000000 +0200
-+++ net-snmp-5.2.1/include/net-snmp/agent/snmp_vars.h	2005-03-21 17:03:29.909271960 +0100
-@@ -73,7 +73,7 @@
- 
-     struct nlist;
- 
--    extern long     long_return;
-+    extern fsblkcnt_t long_return;
-     extern u_char   return_buf[];
- 
-     extern oid      nullOid[];
---- net-snmp-5.2.1/agent/mibgroup/host/hr_filesys.c.long	2004-06-19 15:34:11.000000000 +0200
-+++ net-snmp-5.2.1/agent/mibgroup/host/hr_filesys.c	2005-03-21 17:03:29.910271808 +0100
-@@ -773,7 +773,7 @@
-     return 0;
- }
- 
--long
-+fsblkcnt_t
- Get_FSSize(char *dev)
- {
-     struct HRFS_statfs statfs_buf;
---- net-snmp-5.2.1/agent/mibgroup/host/hr_filesys.h.long	2002-07-04 14:56:35.000000000 +0200
-+++ net-snmp-5.2.1/agent/mibgroup/host/hr_filesys.h	2005-03-21 17:03:29.910271808 +0100
-@@ -12,7 +12,7 @@
- extern int      Check_HR_FileSys_NFS(void);
- 
- extern int      Get_FSIndex(char *);
--extern long     Get_FSSize(char *);     /* Temporary */
-+extern fsblkcnt_t     Get_FSSize(char *);     /* Temporary */
- 
- 
- #endif                          /* _MIBGROUP_HRFSYS_H */
---- net-snmp-5.2.1/agent/snmp_vars.c.long	2005-03-21 17:08:37.790466904 +0100
-+++ net-snmp-5.2.1/agent/snmp_vars.c	2005-03-21 17:08:37.790466904 +0100
-@@ -223,7 +223,7 @@
-  * int      name_len        IN - number of sub-ids in the name
-  */
- 
--long            long_return;
-+fsblkcnt_t            long_return;
- #ifndef ibm032
- u_char          return_buf[258];
- #else

net-snmp-5.3.1-multilib.patch

@@ -1,20 +0,0 @@
---- net-snmp-5.3.1.pre2/man/read_config.3.def.old	2003-04-25 16:02:55.000000000 +0200
-+++ net-snmp-5.3.1.pre2/man/read_config.3.def	2006-05-23 09:41:35.000000000 +0200
-@@ -257,7 +257,7 @@
- .I SNMPCONFPATH
- environment variable (or its default value, which will be
- SYSCONFDIR/snmp, followed by
--DATADIR/snmp, followed by LIBDIR/snmp, followed by $HOME/.snmp) and
-+DATADIR/snmp, followed by /usr/lib/snmp (or /usr/lib64/snmp), followed by $HOME/.snmp) and
- reading in the files found that match both the prefix registered and
- the two suffixes
- .I .conf
-@@ -285,7 +285,7 @@
- SNMPCONFPATH
- A colon separated list of directories to search for configuration
- files in.
--Default: SYSCONFDIR/snmp:DATADIR/snmp:LIBDIR/snmp:$HOME/.snmp
-+Default: SYSCONFDIR/snmp:DATADIR/snmp:/usr/lib(64)/snmp:$HOME/.snmp
- .SH "SEE ALSO"
- .BR mib_api "(3), " snmp_api (3)
- .\" Local Variables:

net-snmp-5.4-64bit.patch

@@ -1,227 +0,0 @@
---- net-snmp-5.4/agent/mibgroup/ucd-snmp/pass_persist.c.64bit	2006-10-18 04:59:10.000000000 +0200
-+++ net-snmp-5.4/agent/mibgroup/ucd-snmp/pass_persist.c	2006-11-27 13:56:30.000000000 +0100
-@@ -218,6 +218,7 @@
-     oid             newname[MAX_OID_LEN];
-     int             i, rtest, newlen;
-     static long     long_ret;
-+    static in_addr_t addr_ret;
-     char            buf[SNMP_MAXBUF];
-     static char     buf2[SNMP_MAXBUF];
-     static oid      objid[MAX_OID_LEN];
-@@ -366,13 +367,13 @@
-                         *var_len = 0;
-                         return (NULL);
-                     }
--                    long_ret =
-+                    addr_ret =
-                         (objid[0] << (8 * 3)) + (objid[1] << (8 * 2)) +
-                         (objid[2] << 8) + objid[3];
--                    long_ret = htonl(long_ret);
--                    *var_len = sizeof(long_ret);
-+                    addr_ret = htonl(addr_ret);
-+                    *var_len = sizeof(addr_ret);
-                     vp->type = ASN_IPADDRESS;
--                    return ((unsigned char *) &long_ret);
-+                    return ((unsigned char *) &addr_ret);
-                 }
-             }
-             *var_len = 0;
---- net-snmp-5.4/agent/mibgroup/ucd-snmp/pass.c.64bit	2005-08-18 02:44:02.000000000 +0200
-+++ net-snmp-5.4/agent/mibgroup/ucd-snmp/pass.c	2006-11-27 13:56:30.000000000 +0100
-@@ -287,6 +287,7 @@
-     oid             newname[MAX_OID_LEN];
-     int             i, rtest, fd, newlen;
-     static long     long_ret;
-+    static in_addr_t addr_ret;
-     char            buf[SNMP_MAXBUF];
-     static char     buf2[SNMP_MAXBUF];
-     static oid      objid[MAX_OID_LEN];
-@@ -412,13 +413,13 @@
-                         *var_len = 0;
-                         return (NULL);
-                     }
--                    long_ret =
-+                    addr_ret =
-                         (objid[0] << (8 * 3)) + (objid[1] << (8 * 2)) +
-                         (objid[2] << 8) + objid[3];
--                    long_ret = htonl(long_ret);
--                    *var_len = sizeof(long_ret);
-+                    addr_ret = htonl(addr_ret);
-+                    *var_len = sizeof(addr_ret);
-                     vp->type = ASN_IPADDRESS;
--                    return ((unsigned char *) &long_ret);
-+                    return ((unsigned char *) &addr_ret);
-                 }
-             }
-             *var_len = 0;
---- net-snmp-5.4/agent/mibgroup/mibII/at.c.64bit	2006-11-07 00:43:27.000000000 +0100
-+++ net-snmp-5.4/agent/mibgroup/mibII/at.c	2006-11-27 13:59:46.000000000 +0100
-@@ -126,9 +126,9 @@
- #ifndef solaris2
- static void     ARP_Scan_Init(void);
- #ifdef ARP_SCAN_FOUR_ARGUMENTS
--static int      ARP_Scan_Next(u_long *, char *, u_long *, u_short *);
-+static int      ARP_Scan_Next(u_int *, char *, u_long *, u_short *);
- #else
--static int      ARP_Scan_Next(u_long *, char *, u_long *);
-+static int      ARP_Scan_Next(u_int *, char *, u_long *);
- #endif
- #endif
- #endif
-@@ -204,7 +204,8 @@
-     oid             lowest[16];
-     oid             current[16];
-     static char     PhysAddr[6], LowPhysAddr[6];
--    u_long          Addr, LowAddr, foundone;
-+    u_int          Addr, LowAddr, foundone;
-+    static int      addr_ret;
- #ifdef ARP_SCAN_FOUR_ARGUMENTS
-     u_short         ifIndex, lowIfIndex = 0;
- #endif                          /* ARP_SCAN_FOUR_ARGUMENTS */
-@@ -314,9 +315,9 @@
-         *var_len = sizeof(LowPhysAddr);
-         return (u_char *) LowPhysAddr;
-     case IPMEDIANETADDRESS:    /* also ATNETADDRESS */
--	*var_len = sizeof(uint32_t);
--        long_return = LowAddr;
--        return (u_char *) & long_return;
-+	*var_len = sizeof addr_ret;
-+        addr_ret = LowAddr;
-+        return (u_char *) & addr_ret;
-     case IPMEDIATYPE:
-         *var_len = sizeof long_return;
-         long_return = lowIfType;
-@@ -707,11 +708,11 @@
- 
- #ifdef ARP_SCAN_FOUR_ARGUMENTS
- static int
--ARP_Scan_Next(u_long * IPAddr, char *PhysAddr, u_long * ifType,
-+ARP_Scan_Next(u_int * IPAddr, char *PhysAddr, u_long * ifType,
-               u_short * ifIndex)
- #else
- static int
--ARP_Scan_Next(u_long * IPAddr, char *PhysAddr, u_long * ifType)
-+ARP_Scan_Next(u_int * IPAddr, char *PhysAddr, u_long * ifType)
- #endif
- {
- #ifndef NETSNMP_CAN_USE_SYSCTL
---- net-snmp-5.4/agent/mibgroup/mibII/var_route.c.64bit	2006-11-07 00:43:27.000000000 +0100
-+++ net-snmp-5.4/agent/mibgroup/mibII/var_route.c	2006-11-27 14:13:13.000000000 +0100
-@@ -434,6 +434,7 @@
-     static oid      saveName[MAX_OID_LEN], Current[MAX_OID_LEN];
-     u_char         *cp;
-     oid            *op;
-+    static         in_addr_t addr_ret;
- #if NEED_KLGETSA
-     struct sockaddr_in *sa;
- #endif
-@@ -538,13 +539,13 @@
- 
-     switch (vp->magic) {
-     case IPROUTEDEST:
--	*var_len = sizeof(uint32_t);
-+	*var_len = sizeof(addr_ret);
- #if NEED_KLGETSA
-         sa = klgetsa((struct sockaddr_in *) rthead[RtIndex]->rt_dst);
-         return (u_char *) & (sa->sin_addr.s_addr);
- #elif defined(hpux11)
--        long_return = rt[RtIndex].Dest;
--        return (u_char *) & long_return;
-+        addr_ret = rt[RtIndex].Dest;
-+        return (u_char *) & addr_ret;
- #else
-         return (u_char *) & ((struct sockaddr_in *) &rthead[RtIndex]->
-                              rt_dst)->sin_addr.s_addr;
-@@ -597,13 +598,13 @@
-         long_return = -1;
-         return (u_char *) & long_return;
-     case IPROUTENEXTHOP:
--	*var_len = sizeof(uint32_t);
-+	*var_len = sizeof(addr_ret);
- #if NEED_KLGETSA
-         sa = klgetsa((struct sockaddr_in *) rthead[RtIndex]->rt_gateway);
-         return (u_char *) & (sa->sin_addr.s_addr);
- #elif defined(hpux11)
--        long_return = rt[RtIndex].NextHop;
--        return (u_char *) & long_return;
-+        addr_ret = rt[RtIndex].NextHop;
-+        return (u_char *) & addr_ret;
- #else
-         return (u_char *) & ((struct sockaddr_in *) &rthead[RtIndex]->
-                              rt_gateway)->sin_addr.s_addr;
-@@ -649,14 +650,14 @@
- #if NETSNMP_NO_DUMMY_VALUES
-         return NULL;
- #endif
--        long_return = 0;
-+        addr_ret = 0;
- #elif defined(hpux11)
--        long_return = rt[RtIndex].Mask;
--        return (u_char *) & long_return;
-+        addr_ret = rt[RtIndex].Mask;
-+        return (u_char *) & addr_ret;
- #else                           /* !NEED_KLGETSA && !hpux11 */
-         if (((struct sockaddr_in *) &rthead[RtIndex]->rt_dst)->sin_addr.
-             s_addr == 0)
--            long_return = 0;    /* Default route */
-+            addr_ret = 0;    /* Default route */
-         else {
- #ifndef linux
-             if (!NETSNMP_KLOOKUP(rthead[RtIndex]->rt_ifp,
-@@ -681,7 +682,7 @@
- #endif                          /* linux */
-         }
- #endif                          /* NEED_KLGETSA */
--        return (u_char *) & long_return;
-+        return (u_char *) & addr_ret;
-     case IPROUTEINFO:
-         *var_len = nullOidLen;
-         return (u_char *) nullOid;
---- net-snmp-5.4/agent/mibgroup/mibII/ipCidrRouteTable_access.c.64bit	2003-02-22 05:19:51.000000000 +0100
-+++ net-snmp-5.4/agent/mibgroup/mibII/ipCidrRouteTable_access.c	2006-11-27 13:56:30.000000000 +0100
-@@ -22,6 +22,7 @@
- /** a global static we'll make use of a lot to map to the right
-    datatype to return (which for SNMP integer's is always a long). */
- static u_long long_ret;
-+static in_addr_t addr_ret;
-   
- 
- /*
-@@ -32,18 +33,18 @@
- get_ipCidrRouteDest(void *data_context, size_t * ret_len)
- {
-     RTENTRY *ourroute = (RTENTRY *) data_context;
--    long_ret = ((struct sockaddr_in *) (&ourroute->rt_dst))->sin_addr.s_addr;
--    *ret_len = sizeof(long_ret);
--    return &long_ret;
-+    addr_ret = ((struct sockaddr_in *) (&ourroute->rt_dst))->sin_addr.s_addr;
-+    *ret_len = sizeof(addr_ret);
-+    return &addr_ret;
- }
- 
- u_long         *
- get_ipCidrRouteMask(void *data_context, size_t * ret_len)
- {
-     RTENTRY *ourroute = (RTENTRY *) data_context;
--    long_ret = ((struct sockaddr_in *) (&ourroute->rt_genmask))->sin_addr.s_addr;
--    *ret_len = sizeof(long_ret);
--    return &long_ret;
-+    addr_ret = ((struct sockaddr_in *) (&ourroute->rt_genmask))->sin_addr.s_addr;
-+    *ret_len = sizeof(addr_ret);
-+    return &addr_ret;
- }
- 
- long           *
-@@ -59,9 +60,9 @@
- get_ipCidrRouteNextHop(void *data_context, size_t * ret_len)
- {
-     RTENTRY *ourroute = (RTENTRY *) data_context;
--    long_ret = ((struct sockaddr_in *) (&ourroute->rt_gateway))->sin_addr.s_addr;
--    *ret_len = sizeof(long_ret);
--    return &long_ret;
-+    addr_ret = ((struct sockaddr_in *) (&ourroute->rt_gateway))->sin_addr.s_addr;
-+    *ret_len = sizeof(addr_ret);
-+    return &addr_ret;
- }
- 
- long           *

net-snmp-5.4-ethtool-config.patch

@@ -1,34 +0,0 @@
---- net-snmp-5.4/configure.ethtool-config	2007-01-11 17:26:28.000000000 +0100
-+++ net-snmp-5.4/configure	2007-01-11 17:26:28.000000000 +0100
-@@ -32741,10 +32741,10 @@
- /* end confdefs.h.  */
- 
- #include <sys/types.h>
--typedef unsigned long long u64;         /* hack, so we may include kernel's ethtool.h */
--typedef __uint32_t u32;         /* ditto */
--typedef __uint16_t u16;         /* ditto */
--typedef __uint8_t u8;           /* ditto */
-+typedef unsigned long long __u64;         /* hack, so we may include kernel's ethtool.h */
-+typedef __uint32_t __u32;         /* ditto */
-+typedef __uint16_t __u16;         /* ditto */
-+typedef __uint8_t __u8;           /* ditto */
- 
- 
- #include <$ac_header>
---- net-snmp-5.4/agent/mibgroup/if-mib/data_access/interface_linux.c.ethtool-config	2006-09-21 15:09:18.000000000 +0200
-+++ net-snmp-5.4/agent/mibgroup/if-mib/data_access/interface_linux.c	2007-01-11 17:27:32.000000000 +0100
-@@ -26,10 +26,10 @@
- #include <unistd.h>
- 
- #ifdef HAVE_LINUX_ETHTOOL_H
--typedef unsigned long long u64;         /* hack, so we may include kernel's ethtool.h */
--typedef __uint32_t u32;         /* ditto */
--typedef __uint16_t u16;         /* ditto */
--typedef __uint8_t u8;           /* ditto */
-+typedef unsigned long long __u64;         /* hack, so we may include kernel's ethtool.h */
-+typedef __uint32_t __u32;         /* ditto */
-+typedef __uint16_t __u16;         /* ditto */
-+typedef __uint8_t __u8;           /* ditto */
- #include <linux/ethtool.h>
- #endif /* HAVE_LINUX_ETHTOOL_H */
- #include <linux/sockios.h>

net-snmp-5.4-exec-crash.patch

@@ -1,12 +0,0 @@
---- net-snmp-5.4/agent/mibgroup/agent/extend.c.orig	2006-10-18 21:07:35.000000000 +0200
-+++ net-snmp-5.4/agent/mibgroup/agent/extend.c	2007-06-27 14:30:08.000000000 +0200
-@@ -448,6 +448,9 @@
-         extension->command  = strdup( exec_command );
-         if (cptr)
-             extension->args = strdup( cptr );
-+    } else {
-+    	snmp_log(LOG_ERR, "Duplicate MIBOID '%s' detected in exec statement, only the first one will be used.\n", exec_name);
-+    	return;
-     }
- 
- #ifndef USING_UCD_SNMP_EXTENSIBLE_MODULE

net-snmp-5.4.1-config_libdir.patch

@@ -1,100 +0,0 @@
---- net-snmp-5.4/configure.libdir	2006-11-27 14:27:52.000000000 +0100
-+++ net-snmp-5.4/configure	2006-11-27 14:31:34.000000000 +0100
-@@ -5161,7 +5161,7 @@
-       # Let's accept both of them until this is cleared up.
-       lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
-       lt_cv_file_magic_cmd=/usr/bin/file
--      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-+      lt_cv_file_magic_test_file=`echo $LIBDIR/libc.so.*`
-       ;;
-     esac
-   else
-@@ -5178,15 +5178,15 @@
-   case $host_cpu in
-   ia64*)
-     lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
--    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-+    lt_cv_file_magic_test_file=$LIBDIR/hpux32/libc.so
-     ;;
-   hppa*64*)
-     lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
--    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-+    lt_cv_file_magic_test_file=$LIBDIR/pa20_64/libc.sl
-     ;;
-   *)
-     lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
--    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-+    lt_cv_file_magic_test_file=$LIBDIR/libc.sl
-     ;;
-   esac
-   ;;
-@@ -5222,7 +5222,7 @@
- newos6*)
-   lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
-   lt_cv_file_magic_cmd=/usr/bin/file
--  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-+  lt_cv_file_magic_test_file=$LIBDIR/libnls.so
-   ;;
- 
- nto-qnx*)
-@@ -5249,7 +5249,7 @@
-   case $host_vendor in
-   motorola)
-     lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
--    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-+    lt_cv_file_magic_test_file=`echo $LIBDIR/libc.so*`
-     ;;
-   ncr)
-     lt_cv_deplibs_check_method=pass_all
-@@ -8761,13 +8761,13 @@
- fi
- rm -f conftest.err conftest.$ac_objext \
-       conftest$ac_exeext conftest.$ac_ext
--if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-+if test -z "$aix_libpath"; then aix_libpath="$LIBDIR:/lib"; fi
- 
-        hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
- 	archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-        else
- 	if test "$host_cpu" = ia64; then
--	  hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
-+	  hardcode_libdir_flag_spec='${wl}-R $libdir:$LIBDIR:/lib'
- 	  allow_undefined_flag="-z nodefs"
- 	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
- 	else
-@@ -8822,7 +8822,7 @@
- fi
- rm -f conftest.err conftest.$ac_objext \
-       conftest$ac_exeext conftest.$ac_ext
--if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-+if test -z "$aix_libpath"; then aix_libpath="$LIBDIR:/lib"; fi
- 
- 	 hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
- 	  # Warning - without using the other run time loading flags,
-@@ -8936,7 +8936,7 @@
-     # does not break anything, and helps significantly (at the cost of a little
-     # extra space).
-     freebsd2.2*)
--      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-+      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags $LIBDIR/c++rt0.o'
-       hardcode_libdir_flag_spec='-R$libdir'
-       hardcode_direct=yes
-       hardcode_shlibpath_var=no
-@@ -9504,7 +9504,7 @@
- shlibpath_overrides_runpath=unknown
- version_type=none
- dynamic_linker="$host_os ld.so"
--sys_lib_dlsearch_path_spec="/lib /usr/lib"
-+sys_lib_dlsearch_path_spec="/lib $LIBDIR"
-
- if test "$GCC" = yes; then
-   case $host_os in
-@@ -9363,7 +9363,7 @@
-     sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-   fi
- else
--  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-+  sys_lib_search_path_spec="/lib $LIBDIR /usr/local/lib"
- fi
- need_lib_prefix=unknown
- hardcode_into_libs=no

net-snmp-5.4.1-getbulk-crash.patch

@@ -1,64 +0,0 @@
-CVE-2008-4309: net-snmp: numresponses calculation integer overflow in snmp_agent.c
-
-Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17272
-
-Index: clean/agent/snmp_agent.c
-===================================================================
---- clean.orig/agent/snmp_agent.c	2008-10-28 23:12:10.000000000 +0100
-+++ clean/agent/snmp_agent.c	2008-10-28 23:15:11.000000000 +0100
-@@ -2234,7 +2234,6 @@
-             r = 0;
-             asp->bulkcache = NULL;
-         } else {
--            int numresponses;
-             int           maxbulk =
-                 netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
-                                    NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
-@@ -2245,28 +2244,31 @@
-             if (maxresponses == 0)
-                 maxresponses = 100;   /* more than reasonable default */
- 
--            if (maxbulk == 0)
--                maxbulk = -1;
-+            /* ensure that the total number of responses fits in a mallocable
-+             * result vector
-+             */
-+            if (maxresponses < 0 ||
-+                maxresponses > INT_MAX / sizeof(struct varbind_list *))
-+                maxresponses = INT_MAX / sizeof(struct varbind_list *);
-+
-+            /* ensure that the maximum number of repetitions will fit in the
-+             * result vector
-+             */
-+            if (maxbulk <= 0 || maxbulk > maxresponses / r)
-+                maxbulk = maxresponses / r;
- 
-             /* limit getbulk number of repeats to a configured size */
--            if (asp->pdu->errindex > maxbulk && maxbulk != -1) {
-+            if (asp->pdu->errindex > maxbulk) {
-                 asp->pdu->errindex = maxbulk;
--            }
--
--            numresponses = asp->pdu->errindex * r;
--
--            /* limit getbulk number of getbulk responses to a configured size */
--            if (maxresponses != -1 && numresponses > maxresponses) {
--                /* attempt to truncate this */
--                asp->pdu->errindex = maxresponses/r;
--                numresponses = asp->pdu->errindex * r;
--                DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex));
-+                DEBUGMSGTL(("snmp_agent",
-+                            "truncating number of getbulk repeats to %d\n",
-+                            asp->pdu->errindex));
-             }
- 
-             asp->bulkcache =
--                (netsnmp_variable_list **) malloc(numresponses *
--                                                  sizeof(struct
--                                                         varbind_list *));
-+                (netsnmp_variable_list **) malloc(
-+                    asp->pdu->errindex * r * sizeof(struct varbind_list *));
-+
-             if (!asp->bulkcache) {
-                 DEBUGMSGTL(("snmp_agent", "Bulkcache malloc failed\n"));
-                 return SNMP_ERR_GENERR;

net-snmp-5.4.1-hmac-check.patch

@@ -1,18 +0,0 @@
-447974: CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)
-
-Source: upstream, https://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
-Reviewed-by: Jan Safranek <jsafrane@redhat.com>
-
-diff -up net-snmp-5.0.9/snmplib/scapi.c.orig net-snmp-5.0.9/snmplib/scapi.c
---- net-snmp-5.0.9/snmplib/scapi.c.orig	2008-06-04 10:19:26.000000000 +0200
-+++ net-snmp-5.0.9/snmplib/scapi.c	2008-06-04 10:20:45.000000000 +0200
-@@ -460,6 +460,9 @@ sc_check_keyed_hash(const oid * authtype
-         QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
-     }
- 
-+    if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
-+        QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
-+    }
- 
-     /*
-      * Generate a full hash of the message, then compare

net-snmp-5.4.1-hostname.patch

@@ -1,212 +0,0 @@
---- net-snmp-5.4/snmplib/snmpUDPDomain.c.orig	2006-09-20 01:42:17.000000000 +0200
-+++ net-snmp-5.4/snmplib/snmpUDPDomain.c	2007-05-03 12:17:30.000000000 +0200
-@@ -87,6 +87,7 @@
- netsnmp_udp_fmtaddr(netsnmp_transport *t, void *data, int len)
- {
-     netsnmp_udp_addr_pair *addr_pair = NULL;
-+    struct hostent *host;
- 
-     if (data != NULL && len == sizeof(netsnmp_udp_addr_pair)) {
- 	addr_pair = (netsnmp_udp_addr_pair *) data;
-@@ -104,6 +105,10 @@
-             return strdup("UDP: unknown");
-         }
- 
-+        if ( t && t->flags & NETSNMP_TRANSPORT_FLAG_HOSTNAME ) {
-+            host = gethostbyaddr((char *)&to->sin_addr, 4, AF_INET);
-+            return (host ? strdup(host->h_name) : NULL);
-+        }
-         sprintf(tmp, "UDP: [%s]:%hu",
-                 inet_ntoa(to->sin_addr), ntohs(to->sin_port));
-         return strdup(tmp);
---- net-snmp-5.3.1/include/net-snmp/library/snmp_transport.h.orig	2005-09-15 15:46:58.000000000 +0200
-+++ net-snmp-5.3.1/include/net-snmp/library/snmp_transport.h	2007-05-02 17:21:30.000000000 +0200
-@@ -19,6 +19,7 @@
- #define		NETSNMP_TRANSPORT_FLAG_STREAM	0x01
- #define		NETSNMP_TRANSPORT_FLAG_LISTEN	0x02
- #define		NETSNMP_TRANSPORT_FLAG_TUNNELED	0x04
-+#define 	NETSNMP_TRANSPORT_FLAG_HOSTNAME 0x80  /* for fmtaddr hook */
- 
- /*  The standard SNMP domains.  */
- 
---- net-snmp-5.4.1/apps/snmptrapd_log.c.orig	2007-05-31 16:39:14.000000000 +0200
-+++ net-snmp-5.4.1/apps/snmptrapd_log.c	2007-08-07 13:46:40.000000000 +0200
-@@ -626,6 +626,8 @@ realloc_handle_ip_fmt(u_char ** buf, siz
-     char            fmt_cmd = options->cmd;     /* what we're formatting */
-     u_char         *temp_buf = NULL;
-     size_t          temp_buf_len = 64, temp_out_len = 0;
-+    char           *tstr;
-+    unsigned int    oflags;
- 
-     if ((temp_buf = calloc(temp_buf_len, 1)) == NULL) {
-         return 0;
-@@ -681,130 +683,59 @@ realloc_handle_ip_fmt(u_char ** buf, siz
-          * Write the numerical transport information.  
-          */
-         if (transport != NULL && transport->f_fmtaddr != NULL) {
--            char           *tstr =
--                transport->f_fmtaddr(transport, pdu->transport_data,
--                                     pdu->transport_data_length);
--            if (!snmp_strcat
--                (&temp_buf, &temp_buf_len, &temp_out_len, 1, (u_char *)tstr)) {
--                if (tstr != NULL) {
--                    free(tstr);
--                }
--                if (temp_buf != NULL) {
--                    free(temp_buf);
--                }
-+            oflags = transport->flags;
-+            transport->flags &= ~NETSNMP_TRANSPORT_FLAG_HOSTNAME;
-+            tstr = transport->f_fmtaddr(transport, pdu->transport_data,
-+                                        pdu->transport_data_length);
-+            transport->flags = oflags;
-+
-+            if (!tstr) goto noip;
-+            if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len,
-+                             1, (u_char *)tstr)) {
-+                SNMP_FREE(temp_buf);
-+                SNMP_FREE(tstr);
-                 return 0;
-             }
--            if (tstr != NULL) {
--                free(tstr);
--            }
-+            SNMP_FREE(tstr);
-         } else {
--            if (!snmp_strcat
--                (&temp_buf, &temp_buf_len, &temp_out_len, 1,
--                 (const u_char*)"<UNKNOWN>")) {
--                if (temp_buf != NULL) {
--                    free(temp_buf);
--                }
-+noip:
-+            if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len, 1,
-+                             (const u_char*)"<UNKNOWN>")) {
-+                SNMP_FREE(temp_buf);
-                 return 0;
--            }
-+             }
-         }
-         break;
- 
--        /*
--         * Write a host name.  
--         */
-     case CHR_PDU_NAME:
-         /*
--         * Right, apparently a name lookup is wanted.  This is only reasonable
--         * for the UDP and TCP transport domains (we don't want to try to be
--         * too clever here).  
-+         * Try to convert the numerical transport information
-+         *  into a hostname.  Or rather, have the transport-specific
-+         *  address formatting routine do this.
-+         * Otherwise falls back to the numeric address format.
-          */
--#ifdef NETSNMP_TRANSPORT_TCP_DOMAIN
--        if (transport != NULL && (transport->domain == netsnmpUDPDomain ||
--                                  transport->domain ==
--                                  netsnmp_snmpTCPDomain)) {
--#else
--        if (transport != NULL && transport->domain == netsnmpUDPDomain) {
--#endif
--            /*
--             * This is kind of bletcherous -- it breaks the opacity of
--             * transport_data but never mind -- the alternative is a lot of
--             * munging strings from f_fmtaddr.  
--             */
--typedef struct netsnmp_udp_addr_pair_s {   /* From snmpUDPDomain.c */
--    struct sockaddr_in remote_addr;
--    struct in_addr local_addr;
--} netsnmp_udp_addr_pair;
--
--            netsnmp_udp_addr_pair *addr =
--                (netsnmp_udp_addr_pair *) pdu->transport_data;
--            if (addr != NULL
--                && pdu->transport_data_length ==
--                sizeof(netsnmp_udp_addr_pair)) {
--                if (!netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, 
--                                            NETSNMP_DS_APP_NUMERIC_IP)) {
--                    host =
--                        gethostbyaddr((char *) &(addr->remote_addr.sin_addr),
--                                      sizeof(struct in_addr), AF_INET);
--                }
--                if (host != NULL) {
--                    if (!snmp_strcat
--                        (&temp_buf, &temp_buf_len, &temp_out_len, 1,
--                         (u_char *)host->h_name)) {
--                        if (temp_buf != NULL) {
--                            free(temp_buf);
--                        }
--                        return 0;
--                    }
--                } else {
--                    if (!snmp_strcat
--                        (&temp_buf, &temp_buf_len, &temp_out_len, 1,
--                         (u_char *)inet_ntoa(addr->remote_addr.sin_addr))) {
--                        if (temp_buf != NULL) {
--                            free(temp_buf);
--                        }
--                        return 0;
--                    }
--                }
--            } else {
--                if (!snmp_strcat
--                    (&temp_buf, &temp_buf_len, &temp_out_len, 1,
--                     (const u_char*)"<UNKNOWN>")) {
--                    if (temp_buf != NULL) {
--                        free(temp_buf);
--                    }
--                    return 0;
--                }
--            }
--        } else if (transport != NULL && transport->f_fmtaddr != NULL) {
--            /*
--             * Some other domain for which we do not know how to do a name
--             * lookup.  Fall back to the formatted transport address.  
--             */
--            char           *tstr =
--                transport->f_fmtaddr(transport, pdu->transport_data,
--                                     pdu->transport_data_length);
--            if (!snmp_strcat
--                (&temp_buf, &temp_buf_len, &temp_out_len, 1, (u_char *)tstr)) {
--                if (tstr != NULL) {
--                    free(tstr);
--                }
--                if (temp_buf != NULL) {
--                    free(temp_buf);
--                }
-+        if (transport != NULL && transport->f_fmtaddr != NULL) {
-+            oflags = transport->flags;
-+            if (!netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
-+                                        NETSNMP_DS_APP_NUMERIC_IP))
-+                transport->flags |= NETSNMP_TRANSPORT_FLAG_HOSTNAME;
-+            tstr = transport->f_fmtaddr(transport, pdu->transport_data,
-+                                        pdu->transport_data_length);
-+            transport->flags = oflags;
-+
-+            if (!tstr) goto nohost;
-+            if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len,
-+                             1, (u_char *)tstr)) {
-+                SNMP_FREE(temp_buf);
-+                SNMP_FREE(tstr);
-                 return 0;
-             }
--            if (tstr != NULL) {
--                free(tstr);
--            }
--        } else {
--            /*
--             * We are kind of stuck!  
--             */
-+            SNMP_FREE(tstr);
-+       } else {
-+nohost:
-             if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len, 1,
-                              (const u_char*)"<UNKNOWN>")) {
--                if (temp_buf != NULL) {
--                    free(temp_buf);
--                }
-+                SNMP_FREE(temp_buf);
-                 return 0;
-             }
-         }

net-snmp-5.4.1-long-iface-names.patch

@@ -1,51 +0,0 @@
-468045: Interface name too long: "ioctl 35123 returned -1"
-
-Source: upstream, svn rev. 16797
-
-Support longer interface names.
-
-diff --git a/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
-index 51cde1b..72c1d2d 100644
---- a/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
-+++ b/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
-@@ -189,7 +189,8 @@ _load_v6(netsnmp_container *container, int idx_offset)
-     return -1;
- #else
-     FILE           *in;
--    char            line[80], addr[40], if_name[IFNAMSIZ];
-+    char            line[80], addr[40];
-+    char            if_name[IFNAMSIZ+1];/* +1 for '\0' because of the ugly sscanf below */ 
-     u_char          *buf;
-     int             if_index, pfx_len, scope, flags, rc = 0;
-     size_t          in_len, out_len;
-@@ -229,7 +230,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
-          * F: flags (see include/linux/rtnetlink.h, net/ipv6/addrconf.c)
-          * I: interface
-          */
--        rc = sscanf(line, "%39s %02x %02x %02x %02x %8s\n",
-+        rc = sscanf(line, "%39s %02x %02x %02x %02x %" SNMP_MACRO_VAL_TO_STR(IFNAMSIZ) "s\n",
-                     addr, &if_index, &pfx_len, &scope, &flags, if_name);
-         if( 6 != rc ) {
-             snmp_log(LOG_ERR, PROCFILE " data format error (%d!=6), line ==|%s|\n",
-diff --git a/net-snmp/include/net-snmp/library/tools.h b/net-snmp/include/net-snmp/library/tools.h
-index 7822855..e57d1ac 100644
---- a/net-snmp/include/net-snmp/library/tools.h
-+++ b/net-snmp/include/net-snmp/library/tools.h
-@@ -88,6 +88,17 @@ extern          "C" {
-     Computers the minimum of a and b. */
- #define SNMP_MIN(a,b) ((a) > (b) ? (b) : (a))
- 
-+/** @def SNMP_MACRO_VAL_TO_STR(s)
-+ *  Expands to string with value of the s. 
-+ *  If s is macro, the resulting string is value of the macro.
-+ *  Example: 
-+ *   #define TEST 1234
-+ *   SNMP_MACRO_VAL_TO_STR(TEST) expands to "1234"
-+ *   SNMP_MACRO_VAL_TO_STR(TEST+1) expands to "1234+1"
-+ */
-+#define SNMP_MACRO_VAL_TO_STR(s) SNMP_MACRO_VAL_TO_STR_PRIV(s)  
-+#define SNMP_MACRO_VAL_TO_STR_PRIV(s) #s
-+	
- #ifndef FALSE
- #define FALSE 0
- #endif

net-snmp-5.4.1-perl-set.patch

@@ -1,43 +0,0 @@
-452131: net-snmp-perl is broken for 5.10, cannot set oids
-
-Source: jbjohnso@us.ibm.com, accepted upstream, SVN rev. 17097
-
-diff -urN net-snmp-5.4.1/perl/SNMP/SNMP.xs net-snmp-5.4.1-f9fix/perl/SNMP/SNMP.xs
---- net-snmp-5.4.1/perl/SNMP/SNMP.xs	2008-06-13 15:48:46.000000000 -0500
-+++ net-snmp-5.4.1-f9fix/perl/SNMP/SNMP.xs	2008-06-13 15:48:05.000000000 -0500
-@@ -3072,7 +3072,7 @@
-                     res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
- 				     (varbind_val_f && SvOK(*varbind_val_f) ?
- 				      SvPV(*varbind_val_f,na):NULL),
--				      (varbind_val_f && SvOK(*varbind_val_f) ?
-+				      (varbind_val_f && SvPOK(*varbind_val_f) ?
- 				       SvCUR(*varbind_val_f):0), type);
- 
- 		    if (verbose && res == FAILURE)
-@@ -4266,7 +4266,7 @@
-                     res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
-                                   (varbind_val_f && SvOK(*varbind_val_f) ?
-                                    SvPV(*varbind_val_f,na):NULL),
--                                  (varbind_val_f && SvOK(*varbind_val_f) ?
-+                                  (varbind_val_f && SvPOK(*varbind_val_f) ?
-                                    SvCUR(*varbind_val_f):0),
-                                   type);
- 
-@@ -4424,7 +4424,7 @@
-                     res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
-                                   (varbind_val_f && SvOK(*varbind_val_f) ?
-                                    SvPV(*varbind_val_f,na):NULL),
--                                  (varbind_val_f && SvOK(*varbind_val_f) ?
-+                                  (varbind_val_f && SvPOK(*varbind_val_f) ?
-                                    SvCUR(*varbind_val_f):0),
-                                   type);
- 
-@@ -4563,7 +4563,7 @@
-                     res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
-                                   (varbind_val_f && SvOK(*varbind_val_f) ?
-                                    SvPV(*varbind_val_f,na):NULL),
--                                  (varbind_val_f && SvOK(*varbind_val_f) ?
-+                                  (varbind_val_f && SvPOK(*varbind_val_f) ?
-                                    SvCUR(*varbind_val_f):0),
-                                   type);
- 

net-snmp-5.4.1-perl-snprintf.patch

@@ -1,106 +0,0 @@
-447262: CVE-2008-2292 net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
-
-Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&sortby=date&revision=16770
-Reviewed-By: Jan Safranek <jsafrane@redhat.com>
-
---- branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs	2007/12/21 23:19:29	16769
-+++ branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs	2007/12/22 19:22:44	16770
-@@ -470,14 +470,16 @@
-            if (flag == USE_ENUMS) {
-               for(ep = tp->enums; ep; ep = ep->next) {
-                  if (ep->value == *var->val.integer) {
--                    strcpy(buf, ep->label);
-+                    strncpy(buf, ep->label, buf_len);
-+                    buf[buf_len-1] = '\0';
-                     len = strlen(buf);
-                     break;
-                  }
-               }
-            }
-            if (!len) {
--              sprintf(buf,"%ld", *var->val.integer);
-+              snprintf(buf, buf_len, "%ld", *var->val.integer);
-+              buf[buf_len-1] = '\0';
-               len = strlen(buf);
-            }
-            break;
-@@ -486,21 +488,25 @@
-         case ASN_COUNTER:
-         case ASN_TIMETICKS:
-         case ASN_UINTEGER:
--           sprintf(buf,"%lu", (unsigned long) *var->val.integer);
-+           snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
-+           buf[buf_len-1] = '\0';
-            len = strlen(buf);
-            break;
- 
-         case ASN_OCTET_STR:
-         case ASN_OPAQUE:
--           memcpy(buf, (char*)var->val.string, var->val_len);
-            len = var->val_len;
-+           if ( len > buf_len )
-+               len = buf_len;
-+           memcpy(buf, (char*)var->val.string, len);
-            break;
- 
-         case ASN_IPADDRESS:
--          ip = (u_char*)var->val.string;
--          sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
--          len = strlen(buf);
--          break;
-+           ip = (u_char*)var->val.string;
-+           snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
-+           buf[buf_len-1] = '\0';
-+           len = strlen(buf);
-+           break;
- 
-         case ASN_NULL:
-            break;
-@@ -512,14 +518,14 @@
-           break;
- 
- 	case SNMP_ENDOFMIBVIEW:
--          sprintf(buf,"%s", "ENDOFMIBVIEW");
--	  break;
-+           snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
-+	   break;
- 	case SNMP_NOSUCHOBJECT:
--	  sprintf(buf,"%s", "NOSUCHOBJECT");
--	  break;
-+	   snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
-+	   break;
- 	case SNMP_NOSUCHINSTANCE:
--	  sprintf(buf,"%s", "NOSUCHINSTANCE");
--	  break;
-+	   snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
-+	   break;
- 
-         case ASN_COUNTER64:
- #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
-@@ -538,19 +544,19 @@
- #endif
- 
-         case ASN_BIT_STR:
--            snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
-+            snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
-             len = strlen(buf);
-             break;
- #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
-         case ASN_OPAQUE_FLOAT:
--	  if (var->val.floatVal)
--	    sprintf(buf,"%f", *var->val.floatVal);
--         break;
-+           if (var->val.floatVal)
-+              snprintf(buf, buf_len, "%f", *var->val.floatVal);
-+           break;
-          
-         case ASN_OPAQUE_DOUBLE:
--	  if (var->val.doubleVal)
--	    sprintf(buf,"%f", *var->val.doubleVal);
--         break;
-+           if (var->val.doubleVal)
-+              snprintf(buf, buf_len, "%f", *var->val.doubleVal);
-+           break;
- #endif
-          
-         case ASN_NSAP:

net-snmp-5.4.1-pie.patch

@@ -1,22 +0,0 @@
---- net-snmp-5.4.1/apps/Makefile.in.orig	2007-07-05 01:26:56.000000000 +0200
-+++ net-snmp-5.4.1/apps/Makefile.in	2007-08-07 11:05:41.000000000 +0200
-@@ -115,7 +115,7 @@ snmptest$(EXEEXT):    snmptest.$(OSUFFIX
- 	$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) $(LOCAL_LIBS) ${LDFLAGS} ${LIBS} 
- 
- snmptrapd$(EXEEXT):    $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
--	$(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) $(LOCAL_LIBS) ${LDFLAGS} ${TRAPLIBS}
-+	$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) $(LOCAL_LIBS) ${LDFLAGS} ${TRAPLIBS}
- 
- snmptrap$(EXEEXT):    snmptrap.$(OSUFFIX) $(USELIBS)
- 	$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) $(LOCAL_LIBS) ${LDFLAGS} ${LIBS} 
---- net-snmp-5.4.1/agent/Makefile.in.orig	2007-07-05 01:26:56.000000000 +0200
-+++ net-snmp-5.4.1/agent/Makefile.in	2007-08-07 11:05:19.000000000 +0200
-@@ -139,7 +139,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
- 	$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? 
- 
- snmpd$(EXEEXT):	${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) 
--	$(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} $(LOCAL_LIBS) ${LDFLAGS} ${OUR_AGENT_LIBS}
-+	$(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} $(LOCAL_LIBS) ${LDFLAGS} ${OUR_AGENT_LIBS}
- 
- 
- libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION):    ${LLIBAGENTOBJS} $(USELIBS)

net-snmp-5.4.1-shared-ip.patch

@@ -1,111 +0,0 @@
---- net-snmp-5.3.1/include/net-snmp/library/container.h.orig	2005-12-04 19:43:04.000000000 +0100
-+++ net-snmp-5.3.1/include/net-snmp/library/container.h	2007-05-04 10:01:38.000000000 +0200
-@@ -370,8 +370,32 @@
-             }
-         }
-         return rc;
--    }
-+    }    
-+
--    
-+     NETSNMP_STATIC_INLINE
-+    int CONTAINER_TRY_INSERT(netsnmp_container *x, const void *k)
-+    {
-+        const void *res = NULL;
-+
-+        netsnmp_container *start;
-+        /** start at first container */
-+        while(x->prev)
-+            x = x->prev;
-+
-+       start = x;
-+
-+       for(; x; x = x->next) {
-+            if ((NULL != x->insert_filter) &&
-+               (x->insert_filter(x,k) == 1))
-+                continue;
-+            res = x->find(x,k);
-+	    if (res) {
-+               return -1;
-+            }
-+        }
-+        return CONTAINER_INSERT(start, k);
-+    }
-+
-     /*------------------------------------------------------------------
-      * These functions should EXACTLY match the function version in
-      * container.c. If you change one, change them both.
---- net-snmp-5.3.1/snmplib/container.c.orig	2006-04-21 02:24:47.000000000 +0200
-+++ net-snmp-5.3.1/snmplib/container.c	2007-05-04 10:34:23.000000000 +0200
-@@ -286,6 +286,29 @@
-     return rc;
- }
- 
-+int CONTAINER_TRY_INSERT(netsnmp_container *x, const void *k)
-+{
-+    const void *res = NULL;
-+
-+    netsnmp_container *start;
-+    /** start at first container */
-+    while(x->prev)
-+        x = x->prev;
-+
-+    start = x;
-+
-+    for(; x; x = x->next) {
-+        if ((NULL != x->insert_filter) &&
-+            (x->insert_filter(x,k) == 1))
-+            continue;
-+        res = x->find(x,k);
-+        if (res) {
-+            return -1;
-+        }
-+    }
-+    return CONTAINER_INSERT(start, k);
-+}
-+
- /*------------------------------------------------------------------
-  * These functions should EXACTLY match the inline version in
-  * container.h. If you change one, change them both.
---- net-snmp-5.4.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c.orig	2007-05-17 23:53:28.000000000 +0200
-+++ net-snmp-5.4.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c	2007-08-07 13:49:49.000000000 +0200
-@@ -272,11 +272,15 @@ _netsnmp_ioctl_ipaddress_container_load_
-         /*
-          * add entry to container
-          */
--        if (CONTAINER_INSERT(container, entry) < 0)
--        {
--            DEBUGMSGTL(("access:ipaddress:container","error with ipaddress_entry: insert into container failed.\n"));
-+        rc = CONTAINER_TRY_INSERT(container, entry);
-+        if (rc < 0) {
-+            static int logged = 0;
-+            if (!logged) {
-+                snmp_log(LOG_NOTICE, "Duplicate IP address detected, some interfaces may not be visible in IP-MIB\n");
-+                logged = 1;
-+            }
-+            rc = 0;
-             netsnmp_access_ipaddress_entry_free(entry);
--            continue;
-         }
-     }
- 
---- net-snmp-5.4.1/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c.orig	2006-09-15 02:48:50.000000000 +0200
-+++ net-snmp-5.4.1/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c	2007-08-07 13:47:55.000000000 +0200
-@@ -324,7 +324,16 @@ _load_v6(netsnmp_container *container, i
-         /*
-          * add entry to container
-          */
--        CONTAINER_INSERT(container, entry);
-+        rc = CONTAINER_TRY_INSERT(container, entry);
-+        if (rc < 0) {
-+            static int logged = 0;
-+            if (!logged) {
-+                snmp_log(LOG_NOTICE, "Duplicate IP address detected, some interfaces may not be visible in IP-MIB\n");
-+                logged = 1;
-+            }
-+            netsnmp_access_ipaddress_entry_free(entry);
-+        }
-+                                    
-     }
- 
-     fclose(in);

net-snmp-5.4.1-strange_libpath.patch

@@ -1,145 +0,0 @@
---- net-snmp-5.4.1/configure.mnttab.orig	2007-07-27 19:04:19.000000000 +0200
-+++ net-snmp-5.4.1/configure.mnttab	2007-08-07 13:32:45.000000000 +0200
-@@ -27930,7 +27930,7 @@ if test "${with_libwrap+set}" = set; the
-   if test "$with_libwrap" != "no"; then
-     if test "$with_libwrap" != "yes"; then
-       CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
--      LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
-+      LDFLAGS="${LDFLAGS} -L$with_libwrap"
-     fi
- 
-     _libs=${LIBS}
-@@ -28134,7 +28134,7 @@ echo "${ECHO_T}yes" >&6
- #define NETSNMP_USE_LIBWRAP 1
- _ACEOF
- 
--	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 	    _wraplibs="$_wraplibs -lwrap"
- else
-   echo "$as_me: failed program was:" >&5
-@@ -28362,7 +28362,7 @@ echo "${ECHO_T}yes" >&6
- #define NETSNMP_USE_LIBWRAP 1
- _ACEOF
- 
--			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 			_wraplibs="$_wraplibs -lwrap -lnsl"
- else
-   echo "$as_me: failed program was:" >&5
---- net-snmp-5.4.1/configure.libdir.orig	2007-08-07 13:31:31.000000000 +0200
-+++ net-snmp-5.4.1/configure.libdir	2007-08-07 13:32:05.000000000 +0200
-@@ -27922,7 +27922,7 @@ if test "${with_libwrap+set}" = set; the
-   if test "$with_libwrap" != "no"; then
-     if test "$with_libwrap" != "yes"; then
-       CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
--      LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
-+      LDFLAGS="${LDFLAGS} -L$with_libwrap"
-     fi
- 
-     _libs=${LIBS}
-@@ -28126,7 +28126,7 @@ echo "${ECHO_T}yes" >&6
- #define NETSNMP_USE_LIBWRAP 1
- _ACEOF
- 
--	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 	    _wraplibs="$_wraplibs -lwrap"
- else
-   echo "$as_me: failed program was:" >&5
-@@ -28354,7 +28354,7 @@ echo "${ECHO_T}yes" >&6
- #define NETSNMP_USE_LIBWRAP 1
- _ACEOF
- 
--			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 			_wraplibs="$_wraplibs -lwrap -lnsl"
- else
-   echo "$as_me: failed program was:" >&5
---- net-snmp-5.4.1/configure.orig	2007-08-07 13:31:31.000000000 +0200
-+++ net-snmp-5.4.1/configure	2007-08-07 13:33:29.000000000 +0200
-@@ -27922,7 +27922,7 @@ if test "${with_libwrap+set}" = set; the
-   if test "$with_libwrap" != "no"; then
-     if test "$with_libwrap" != "yes"; then
-       CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
--      LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
-+      LDFLAGS="${LDFLAGS} -L$with_libwrap"
-     fi
- 
-     _libs=${LIBS}
-@@ -28126,7 +28126,7 @@ echo "${ECHO_T}yes" >&6
- #define NETSNMP_USE_LIBWRAP 1
- _ACEOF
- 
--	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 	    _wraplibs="$_wraplibs -lwrap"
- else
-   echo "$as_me: failed program was:" >&5
-@@ -28354,7 +28354,7 @@ echo "${ECHO_T}yes" >&6
- #define NETSNMP_USE_LIBWRAP 1
- _ACEOF
- 
--			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 			_wraplibs="$_wraplibs -lwrap -lnsl"
- else
-   echo "$as_me: failed program was:" >&5
---- net-snmp-5.4.1/configure.in.orig	2007-07-27 19:02:00.000000000 +0200
-+++ net-snmp-5.4.1/configure.in	2007-08-07 13:33:55.000000000 +0200
-@@ -2714,7 +2714,7 @@ AC_ARG_WITH(libwrap,
-   if test "$with_libwrap" != "no"; then
-     if test "$with_libwrap" != "yes"; then
-       CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
--      LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
-+      LDFLAGS="${LDFLAGS} -L$with_libwrap"
-     fi
- 
-     _libs=${LIBS}
-@@ -2732,7 +2732,7 @@ AC_ARG_WITH(libwrap,
- 
- 	    AC_MSG_RESULT([yes])
- 	    AC_DEFINE(NETSNMP_USE_LIBWRAP)
--	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 	    _wraplibs="$_wraplibs -lwrap"],
-         [
- 	    AC_MSG_RESULT([no])
-@@ -2748,7 +2748,7 @@ AC_ARG_WITH(libwrap,
- 
- 			AC_MSG_RESULT(yes)
- 			AC_DEFINE(NETSNMP_USE_LIBWRAP)
--			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 			_wraplibs="$_wraplibs -lwrap -lnsl",
- 
- 			AC_MSG_RESULT(no)
---- net-snmp-5.4.1/configure.libpath.orig	2007-08-07 13:31:31.000000000 +0200
-+++ net-snmp-5.4.1/configure.libpath	2007-08-07 13:34:52.000000000 +0200
-@@ -27922,7 +27922,7 @@ if test "${with_libwrap+set}" = set; the
-   if test "$with_libwrap" != "no"; then
-     if test "$with_libwrap" != "yes"; then
-       CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
--      LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
-+      LDFLAGS="${LDFLAGS} -L$with_libwrap"
-     fi
- 
-     _libs=${LIBS}
-@@ -28126,7 +28126,7 @@ echo "${ECHO_T}yes" >&6
- #define NETSNMP_USE_LIBWRAP 1
- _ACEOF
- 
--	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+	    test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 	    _wraplibs="$_wraplibs -lwrap"
- else
-   echo "$as_me: failed program was:" >&5
-@@ -28354,7 +28354,7 @@ echo "${ECHO_T}yes" >&6
- #define NETSNMP_USE_LIBWRAP 1
- _ACEOF
- 
--			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
-+			test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
- 			_wraplibs="$_wraplibs -lwrap -lnsl"
- else
-   echo "$as_me: failed program was:" >&5

net-snmp-5.4.1-xen-crash.patch

@@ -1,157 +0,0 @@
-386611: snmpd segfaults on xen network interfaces
-Source: http://sourceforge.net/tracker/index.php?func=detail&aid=1794532&group_id=12694&atid=112694
-Reviewed-By: Jan Safranek <jsafrane@redhat.com>
-
-Index: agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c
-===================================================================
---- agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c	(revision 16711)
-+++ agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c	(working copy)
-@@ -258,9 +258,10 @@
-     if ((NULL != rowreq_ctx) &&
-         (MFD_SUCCESS ==
-          ipAddressTable_indexes_set(rowreq_ctx,
-+                                    ipaddress_entry->ia_address_len + 1,
-+                                    ipaddress_entry->ia_address,
-                                     ipaddress_entry->ia_address_len,
--                                    ipaddress_entry->ia_address,
--                                    ipaddress_entry->ia_address_len))) {
-+                                    ipaddress_entry->if_index))) {
-         if (CONTAINER_INSERT(container, rowreq_ctx) < 0) {
-             DEBUGMSGTL (("ipAddressTable:access","container insert failed for new entry\n"));
-             ipAddressTable_release_rowreq_ctx(rowreq_ctx);
-Index: agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.c
-===================================================================
---- agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.c	(revision 16711)
-+++ agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.c	(working copy)
-@@ -348,10 +348,18 @@
-         *mib_ipAddressAddrType_val_ptr = INETADDRESSTYPE_IPV4;
-         break;
- 
-+    case INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV4Z:
-+        *mib_ipAddressAddrType_val_ptr = INETADDRESSTYPE_IPV4Z;
-+        break;
-+
-     case INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV6:
-         *mib_ipAddressAddrType_val_ptr = INETADDRESSTYPE_IPV6;
-         break;
- 
-+    case INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV6Z:
-+        *mib_ipAddressAddrType_val_ptr = INETADDRESSTYPE_IPV6Z;
-+        break;
-+
-     default:
-         snmp_log(LOG_ERR, "couldn't map value %ld for ipAddressAddrType\n",
-                  raw_ipAddressAddrType_val);
-@@ -382,8 +390,11 @@
- ipAddressTable_indexes_set_tbl_idx(ipAddressTable_mib_index * tbl_idx,
-                                    u_long ipAddressAddrType_val,
-                                    char *ipAddressAddr_val_ptr,
--                                   size_t ipAddressAddr_val_ptr_len)
-+                                   size_t ipAddressAddr_val_ptr_len,
-+                                   u_long ipAddressAddr_ifIndex)
- {
-+    uint32_t zone = htonl(ipAddressAddr_ifIndex);
-+
-     DEBUGMSGTL(("verbose:ipAddressTable:ipAddressTable_indexes_set_tbl_idx", "called\n"));
- 
-     /*
-@@ -409,6 +420,11 @@
-     memcpy(tbl_idx->ipAddressAddr, ipAddressAddr_val_ptr,
-            ipAddressAddr_val_ptr_len * sizeof(ipAddressAddr_val_ptr[0]));
- 
-+    /** zone */
-+    tbl_idx->ipAddressAddr_len += sizeof(zone);
-+    memcpy(&tbl_idx->ipAddressAddr[ipAddressAddr_val_ptr_len *
-+                                   sizeof(ipAddressAddr_val_ptr[0])],
-+           &zone, sizeof(zone));
- 
-     return MFD_SUCCESS;
- }                               /* ipAddressTable_indexes_set_tbl_idx */
-@@ -430,7 +446,8 @@
- ipAddressTable_indexes_set(ipAddressTable_rowreq_ctx * rowreq_ctx,
-                            u_long ipAddressAddrType_val,
-                            char *ipAddressAddr_val_ptr,
--                           size_t ipAddressAddr_val_ptr_len)
-+                           size_t ipAddressAddr_val_ptr_len,
-+                           u_long ipAddressAddr_ifIndex)
- {
-     DEBUGMSGTL(("verbose:ipAddressTable:ipAddressTable_indexes_set",
-                 "called\n"));
-@@ -439,7 +456,8 @@
-         ipAddressTable_indexes_set_tbl_idx(&rowreq_ctx->tbl_idx,
-                                            ipAddressAddrType_val,
-                                            ipAddressAddr_val_ptr,
--                                           ipAddressAddr_val_ptr_len))
-+                                           ipAddressAddr_val_ptr_len,
-+                                           ipAddressAddr_ifIndex))
-         return MFD_ERROR;
- 
-     /*
-Index: agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_constants.h
-===================================================================
---- agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_constants.h	(revision 16711)
-+++ agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_constants.h	(working copy)
-@@ -106,7 +106,9 @@
-      * simplistic map of address length to type
-      */
- #define INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV4  4
-+#define INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV4Z 5
- #define INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV6  16
-+#define INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV6Z 17
- 
- 
- /*************************************************************
-Index: agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.h
-===================================================================
---- agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.h	(revision 16711)
-+++ agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.h	(working copy)
-@@ -273,14 +273,16 @@
-                                            u_long ipAddressAddrType_val,
-                                            char *ipAddressAddr_val_ptr,
-                                            size_t
--                                           ipAddressAddr_val_ptr_len);
-+                                           ipAddressAddr_val_ptr_len,
-+                                           u_long ipAddressAddr_ifIndex);
-     int             ipAddressTable_indexes_set(ipAddressTable_rowreq_ctx *
-                                                rowreq_ctx,
-                                                u_long
-                                                ipAddressAddrType_val,
-                                                char *ipAddressAddr_val_ptr,
-                                                size_t
--                                               ipAddressAddr_val_ptr_len);
-+                                               ipAddressAddr_val_ptr_len,
-+                                               u_long ipAddressAddr_ifIndex);
- 
- 
- 
-Index: agent/mibgroup/ip-mib/data_access/ipaddress_common.c
-===================================================================
---- agent/mibgroup/ip-mib/data_access/ipaddress_common.c	(revision 16711)
-+++ agent/mibgroup/ip-mib/data_access/ipaddress_common.c	(working copy)
-@@ -411,6 +415,7 @@
- {
-     const netsnmp_ipaddress_entry *lh = (const netsnmp_ipaddress_entry *)lhs;
-     const netsnmp_ipaddress_entry *rh = (const netsnmp_ipaddress_entry *)rhs;
-+    int   rc;
- 
-     netsnmp_assert(NULL != lhs);
-     netsnmp_assert(NULL != rhs);
-@@ -426,5 +431,17 @@
-     /*
-      * length equal, compare address
-      */
--    return memcmp(lh->ia_address, rh->ia_address, lh->ia_address_len);
-+    rc = memcmp(lh->ia_address, rh->ia_address, lh->ia_address_len);
-+    if (rc)
-+        return rc;
-+
-+    /*
-+     * address same, compare ifIndex
-+     */
-+    if (lh->if_index < rh->if_index)
-+        return -1;
-+    else if (lh->if_index > rh->if_index)
-+        return 1;
-+
-+    return 0;
- }

net-snmp-5.7.2-cert-path.patch

@@ -0,0 +1,30 @@
+1134475 - dependency in perl package
+
+Use hardcoded path to configuration directories instead of net-snmp-config.
+net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
+depending on -devel.
+
+diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
+--- net-snmp-5.7.2/local/net-snmp-cert.cert-path	2012-10-10 00:28:58.000000000 +0200
++++ net-snmp-5.7.2/local/net-snmp-cert	2014-09-01 12:05:10.582427036 +0200
+@@ -819,8 +819,7 @@ sub set_default {
+ sub cfg_path {
+   my $path;
+ 
+-  $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`;
+-  chomp $path;
++  $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp";
+   return (wantarray ? split(':', $path) : $path);
+ }
+ 
+@@ -1414,8 +1413,8 @@ sub checkReqs {
+   die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later")
+     if ($ossl_ver cmp $ossl_min_ver) < 0;
+ 
+-  die("$NetSNMP::Cert::CFGTOOL not found: please install")
+-    if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
++#  die("$NetSNMP::Cert::CFGTOOL not found: please install")
++#    if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
+ }
+ 
+ sub initOpts {

net-snmp-5.7.3-iterator-fix.patch

@@ -0,0 +1,14 @@
+diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
+--- old/agent/mibgroup/host/data_access/swrun.c	2017-07-18 09:44:00.626109526 +0200
++++ new/agent/mibgroup/host/data_access/swrun.c	2017-07-19 15:27:50.452255836 +0200
+@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
+         return 0;    /* or -1 */
+ 
+     it = CONTAINER_ITERATOR( swrun_container );
++    if((entry  = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
++        if (0 == strcmp( entry->hrSWRunName, name ))
++            i++;
++    }
+     while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
+         if (0 == strcmp( entry->hrSWRunName, name ))
+             i++;

net-snmp-5.8-Remove-U64-typedef.patch

@@ -0,0 +1,12 @@
+diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h
+--- a/include/net-snmp/library/int64.h	2018-07-18 14:37:16.543348832 +0200
++++ b/include/net-snmp/library/int64.h	2018-07-18 15:31:31.516999288 +0200
+@@ -10,7 +10,7 @@ extern          "C" {
+      * Note: using the U64 typedef is deprecated because this typedef conflicts
+      * with a typedef with the same name defined in the Perl header files.
+      */
+-    typedef struct counter64 U64;
++//    typedef struct counter64 U64;
+ #endif
+ 
+ #define I64CHARSZ 21

net-snmp-5.8-clientaddr-error-message.patch

@@ -0,0 +1,35 @@
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c	2020-11-26 11:05:51.084788775 +0100
++++ b/snmplib/snmp_api.c	2020-11-26 11:08:27.850751397 +0100
+@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
+     "No error",                 /* SNMPERR_SUCCESS */
+     "Generic error",            /* SNMPERR_GENERR */
+     "Invalid local port",       /* SNMPERR_BAD_LOCPORT */
+-    "Unknown host",             /* SNMPERR_BAD_ADDRESS */
++    "Invalid address",          /* SNMPERR_BAD_ADDRESS */
+     "Unknown session",          /* SNMPERR_BAD_SESSION */
+     "Too long",                 /* SNMPERR_TOO_LONG */
+     "No socket",                /* SNMPERR_NO_SOCKET */
+@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
+         DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
+         in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
+         in_session->s_errno = errno;
+-        snmp_set_detail(in_session->peername);
++        if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
++                                    NETSNMP_DS_LIB_CLIENT_ADDR))
++            snmp_set_detail(in_session->peername);
+         return NULL;
+     }
+ 
+diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
+--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c	2021-01-06 12:51:51.948106797 +0100
++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c	2021-01-06 14:17:31.029745744 +0100
+@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
+         DEBUGMSGTL(("netsnmp_udpbase",
+                     "failed to bind for clientaddr: %d %s\n",
+                     errno, strerror(errno)));
++        NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
++                    strerror(errno)));
+         goto err;
+     }
+ 

net-snmp-5.8-duplicate-ipAddress.patch

@@ -0,0 +1,11 @@
+diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
+--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c	2020-06-10 13:27:03.213904398 +0200
++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c	2020-06-10 13:28:41.025863050 +0200
+@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
+ 	for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
+ 		if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
+ 			/* 'entry' is duplicate of the previous one -> delete it */
++            NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
+ 			netsnmp_access_ipaddress_entry_free(entry);
+ 		} else {
+ 			CONTAINER_INSERT(ret, entry);

net-snmp-5.8-expand-SNMPCONFPATH.patch

@@ -0,0 +1,12 @@
+diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
+--- a/snmplib/read_config.c	2020-06-10 09:51:57.184786510 +0200
++++ b/snmplib/read_config.c	2020-06-10 09:53:13.257507112 +0200
+@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
+      * save a warning header to the top of the new file 
+      */
+     snprintf(fileold, sizeof(fileold),
+-            "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
++            "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
+             "#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
+             "#\n#          **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
+             type, type, type,

net-snmp-5.8-ipAddress-faster-load.patch

@@ -0,0 +1,82 @@
+diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
+--- a/agent/mibgroup/mibII/ipAddr.c	2020-06-10 14:14:30.113696471 +0200
++++ b/agent/mibgroup/mibII/ipAddr.c	2020-06-10 14:27:15.345354018 +0200
+@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
+ }
+ 
+ #elif defined(linux)
++#include <errno.h>
+ static struct ifreq *ifr;
+ static int ifr_counter;
+ 
+ static void
+ Address_Scan_Init(void)
+ {
+-    int num_interfaces = 0;
++    int i;
+     int fd;
++    int lastlen = 0;
+ 
+     /* get info about all interfaces */
+ 
+@@ -510,28 +512,45 @@ Address_Scan_Init(void)
+     SNMP_FREE(ifc.ifc_buf);
+     ifr_counter = 0;
+ 
+-    do
+-    {
+ 	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+ 	{
+ 	    DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
+ 	    return;
+ 	}
+-	num_interfaces += 16;
+ 
+-	ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
+-	ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
+-	
+-	    if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
+-	    {
+-		ifr=NULL;
+-		close(fd);
+-	   	return;
+-	    }
+-	    close(fd);
++    /*
++     * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
++     * on some platforms; see W. R. Stevens, ``Unix Network Programming
++     * Volume I'', p.435...
++     */
++
++    for (i = 8;; i *= 2) {
++        ifc.ifc_len = sizeof(struct ifreq) * i;
++        ifc.ifc_req = calloc(i, sizeof(struct ifreq));
++
++        if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
++            if (errno != EINVAL || lastlen != 0) {
++                /*
++                 * Something has gone genuinely wrong...
++                 */
++                snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
++                SNMP_FREE(ifc.ifc_buf);
++                close(fd);
++                return;
++            }
++        } else {
++            if (ifc.ifc_len == lastlen) {
++                /*
++                 * The length is the same as the last time; we're done...
++                 */
++                break;
++            }
++            lastlen = ifc.ifc_len;
++        }
++        free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
+     }
+-    while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
+-    
++
++    close(fd);
+     ifr = ifc.ifc_req;
+ }
+ 

net-snmp-5.8-man-page.patch

@@ -0,0 +1,36 @@
+diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
+--- a/man/net-snmp-create-v3-user.1.def	2020-06-10 13:43:18.443070961 +0200
++++ b/man/net-snmp-create-v3-user.1.def	2020-06-10 13:49:25.975363441 +0200
+@@ -3,7 +3,7 @@
+ net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
+ .SH SYNOPSIS
+ .PP
+-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
+ .B [username]
+ .SH DESCRIPTION
+ .PP
+@@ -16,13 +16,16 @@ new user in net-snmp configuration file
+ displays the net-snmp version number
+ .TP
+ \fB\-ro\fR
+-create an user with read-only permissions
++creates a user with read-only permissions
+ .TP
+-\fB\-a authpass\fR
+-specify authentication password
++\fB\-A authpass\fR
++specifies the authentication password
+ .TP
+-\fB\-x privpass\fR
+-specify encryption password
++\fB\-a MD5|SHA\fR
++specifies the authentication password hashing algorithm
+ .TP
+-\fB\-X DES|AES\fR
+-specify encryption algorithm
++\fB\-X privpass\fR
++specifies the encryption password
++.TP
++\fB\-x DES|AES\fR
++specifies the encryption algorithm

net-snmp-5.8-modern-rpm-api.patch

@@ -0,0 +1,83 @@
+diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
+--- a/agent/mibgroup/host/data_access/swinst_rpm.c	2018-07-18 16:12:19.583503903 +0200
++++ b/agent/mibgroup/host/data_access/swinst_rpm.c	2018-07-18 16:50:38.599703588 +0200
+@@ -102,7 +102,6 @@ netsnmp_swinst_arch_load( netsnmp_contai
+     rpmtd                 td_name, td_version, td_release, td_group, td_time;
+ #else
+     char                 *n, *v, *r, *g;
+-    int32_t              *t;
+ #endif
+     time_t                install_time;
+     size_t                date_len;
+@@ -146,14 +145,13 @@ netsnmp_swinst_arch_load( netsnmp_contai
+         install_time = rpmtdGetNumber(td_time);
+         g = rpmtdGetString(td_group);
+ #else
+-        headerGetEntry( h, RPMTAG_NAME,        NULL, (void**)&n, NULL);
+-        headerGetEntry( h, RPMTAG_VERSION,     NULL, (void**)&v, NULL);
+-        headerGetEntry( h, RPMTAG_RELEASE,     NULL, (void**)&r, NULL);
+-        headerGetEntry( h, RPMTAG_GROUP,       NULL, (void**)&g, NULL);
+-        headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL);
++        n = headerGetString( h, RPMTAG_NAME);
++        v = headerGetString( h, RPMTAG_VERSION);
++        r = headerGetString( h, RPMTAG_RELEASE);
++        g = headerGetString( h, RPMTAG_GROUP);
++        install_time = headerGetNumber( h, RPMTAG_INSTALLTIME);
+         entry->swName_len = snprintf( entry->swName, sizeof(entry->swName),
+                                       "%s-%s-%s", n, v, r);
+-        install_time = *t;
+ #endif
+         entry->swType = (g && NULL != strstr( g, "System Environment"))
+                         ? 2      /* operatingSystem */
+diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
+--- a/agent/mibgroup/host/hr_swinst.c	2018-07-18 16:12:19.582503907 +0200
++++ b/agent/mibgroup/host/hr_swinst.c	2018-07-18 17:09:29.716564197 +0200
+@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp,
+             }
+ #else
+ # ifdef HAVE_LIBRPM
+-            char *rpm_groups;
+-            if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) {
+-                if ( strstr(rpm_groups, "System Environment") != NULL )
++            const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP);	
++            if ( NULL != rpm_group ) {
++                if ( strstr(rpm_group, "System Environment") != NULL )
+                     long_return = 2;	/* operatingSystem */
+                 else
+                     long_return = 4;	/* applcation */
+@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp,
+     case HRSWINST_DATE:
+         {
+ #ifdef HAVE_LIBRPM
+-            int32_t         *rpm_data;
+-            if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) {
+-                time_t          installTime = *rpm_data;
++            time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME);
++            if ( 0 != installTime ) {
+                 ret = date_n_time(&installTime, var_len);
+             } else {
+                 ret = date_n_time(NULL, var_len);
+@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix)
+     if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) {
+         int             offset;
+         Header          h;
+-        char           *n, *v, *r;
++        const char     *n, *v, *r;
+ 
+         offset = swi->swi_recs[ix - 1];
+ 
+@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix)
+         swi->swi_h = h;
+         swi->swi_prevx = ix;
+ 
+-        headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL);
+-        headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v,
+-                       NULL);
+-        headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r,
+-                       NULL);
++        n = headerGetString(swi->swi_h, RPMTAG_NAME);
++        v = headerGetString(swi->swi_h, RPMTAG_VERSION);
++        r = headerGetString(swi->swi_h, RPMTAG_RELEASE);
+         snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r);
+         swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
+     }

net-snmp-5.8-rpm-memory-leak.patch

@@ -0,0 +1,28 @@
+diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
+index 695c469..dd0e487 100644
+--- a/agent/mibgroup/host/data_access/swinst_rpm.c
++++ b/agent/mibgroup/host/data_access/swinst_rpm.c
+@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
+     snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
+     SNMP_FREE(rpmdbpath);
+     dbpath = NULL;
++#ifdef HAVE_RPMGETPATH
++    rpmFreeRpmrc();
++#endif
+     if (-1 == stat( pkg_directory, &stat_buf )) {
+         snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
+         pkg_directory[0] = '\0';
+diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
+index 1f52733..ccf1cab 100644
+--- a/agent/mibgroup/host/hr_swinst.c
++++ b/agent/mibgroup/host/hr_swinst.c
+@@ -231,6 +231,9 @@ init_hr_swinst(void)
+             snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
+         path[ sizeof(path)-1 ] = 0;
+         swi->swi_directory = strdup(path);
++#ifdef HAVE_RPMGETPATH
++        rpmFreeRpmrc();
++#endif
+     }
+ #else
+ #  ifdef _PATH_HRSW_directory

net-snmp-5.9-aes-config.patch

@@ -0,0 +1,18 @@
+diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+index afd6fa4..07c26fe 100644
+--- a/net-snmp-create-v3-user.in
++++ b/net-snmp-create-v3-user.in
+@@ -58,11 +58,11 @@ case $1 in
+ 	    exit 1
+ 	fi
+         case $1 in
+-            DES|AES|AES128)
++            DES|AES|AES128|AES192|AES256)
+ 	    Xalgorithm=$1
+ 	    shift
+ 	    ;;
+-            des|aes|aes128)
++            des|aes|aes128|aes192|aes256)
+ 	    Xalgorithm=$(echo "$1" | tr a-z A-Z)
+ 	    shift
+ 	    ;;

net-snmp-5.9-autofs-skip.patch

@@ -0,0 +1,12 @@
+diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
+index e7ca92f..80b3e0d 100644
+--- a/agent/mibgroup/host/hr_filesys.c
++++ b/agent/mibgroup/host/hr_filesys.c
+@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
+     "shm",
+     "sockfs",
+     "sysfs",
++    "tmpfs",
+     "usbdevfs",
+     "usbfs",
+ #endif

net-snmp-5.9-cflags.patch

@@ -0,0 +1,20 @@
+diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
+--- a/perl/Makefile.PL	2020-08-26 08:32:52.498909823 +0200
++++ b/perl/Makefile.PL	2020-08-26 09:30:45.584951552 +0200
+@@ -1,3 +1,4 @@
++use lib '.';
+ use strict;
+ use warnings;
+ use ExtUtils::MakeMaker;
+diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
+--- a/perl/MakefileSubs.pm	2020-08-26 08:32:52.498909823 +0200
++++ b/perl/MakefileSubs.pm	2020-08-26 08:36:44.097218448 +0200
+@@ -116,7 +116,7 @@ sub AddCommonParams {
+ 	append($Params->{'CCFLAGS'}, $cflags);
+ 	append($Params->{'CCFLAGS'}, $Config{'ccflags'});
+ 	# Suppress known Perl header shortcomings.
+-	$Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
++	$Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
+ 	append($Params->{'CCFLAGS'}, '-Wformat');
+     }
+ }

net-snmp-5.9-coverity.patch

@@ -0,0 +1,22 @@
+diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
+index e9a8831..5a1d8e7 100644
+--- a/agent/mibgroup/disman/event/mteTrigger.c
++++ b/agent/mibgroup/disman/event/mteTrigger.c
+@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
+                      * Similarly, if no fallEvent is configured,
+                      *  there's no point in trying to fire it either.
+                      */
+-                    if (entry->mteTThRiseEvent[0] != '\0' ) {
++                    if (entry->mteTThFallEvent[0] != '\0' ) {
+                         entry->mteTriggerXOwner   = entry->mteTThObjOwner;
+                         entry->mteTriggerXObjects = entry->mteTThObjects;
+                         entry->mteTriggerFired    = vp1;
+@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
+                      * Similarly, if no fallEvent is configured,
+                      *  there's no point in trying to fire it either.
+                      */
+-                    if (entry->mteTThDRiseEvent[0] != '\0' ) {
++                    if (entry->mteTThDFallEvent[0] != '\0' ) {
+                         entry->mteTriggerXOwner   = entry->mteTThObjOwner;
+                         entry->mteTriggerXObjects = entry->mteTThObjects;
+                         entry->mteTriggerFired    = vp1;

net-snmp-5.9-dir-fix.patch

@@ -0,0 +1,30 @@
+diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+index 19895a1..ac3c60f 100644
+--- a/net-snmp-create-v3-user.in
++++ b/net-snmp-create-v3-user.in
+@@ -14,6 +14,10 @@ Xalgorithm="DES"
+ token=rwuser
+ 
+ while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
++case "$1" in
++    -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
++    *) optarg= ;;
++esac
+ 
+ unset shifted
+ case $1 in
+@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
+     touch "$outfile"
+ fi
+ echo "$line" >> "$outfile"
+-prefix=@prefix@
+-datarootdir=@datarootdir@
+-# To suppress shellcheck complaints about $prefix and $datarootdir.
+-: "$prefix" "$datarootdir"
+-outfile="@datadir@/snmp/snmpd.conf"
++# Avoid that configure complains that this script ignores @datarootdir@
++echo "@datarootdir@" >/dev/null
++outfile="/etc/snmp/snmpd.conf"
+ line="$token $user"
+ echo "adding the following line to $outfile:"
+ echo "   $line"

net-snmp-5.9-intermediate-certs.patch

@@ -0,0 +1,855 @@
+diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
+index 80e2a19..143adbb 100644
+--- a/include/net-snmp/library/cert_util.h
++++ b/include/net-snmp/library/cert_util.h
+@@ -55,7 +55,8 @@ extern "C" {
+         char           *common_name;
+ 
+         u_char          hash_type;
+-        u_char          _pad[3]; /* for future use */
++        u_char          _pad[1]; /* for future use */
++        u_short         offset;
+     } netsnmp_cert;
+ 
+ /** types */
+@@ -100,6 +101,7 @@ extern "C" {
+ 
+     NETSNMP_IMPORT
+     netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint);
++    netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint);
+ 
+     int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
+ 
+diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
+index 471bb0b..ac7f69a 100644
+--- a/include/net-snmp/library/dir_utils.h
++++ b/include/net-snmp/library/dir_utils.h
+@@ -53,7 +53,8 @@ extern "C" {
+ #define NETSNMP_DIR_NSFILE                            0x0010
+ /** load stats in netsnmp_file */
+ #define NETSNMP_DIR_NSFILE_STATS                      0x0020
+-
++/** allow files to be indexed more than once */
++#define NETSNMP_DIR_ALLOW_DUPLICATES                  0x0040
+     
+         
+ #ifdef __cplusplus
+diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
+index 210ad8b..b1f8144 100644
+--- a/snmplib/cert_util.c
++++ b/snmplib/cert_util.c
+@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
+  * bump this value whenever cert index format changes, so indexes
+  * will be regenerated with new format.
+  */
+-#define CERT_INDEX_FORMAT  1
++#define CERT_INDEX_FORMAT  2
+ 
+ static netsnmp_container *_certs = NULL;
+ static netsnmp_container *_keys = NULL;
+@@ -126,6 +126,8 @@ static int  _cert_fn_ncompare(netsnmp_cert_common *lhs,
+                               netsnmp_cert_common *rhs);
+ static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
+ static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
++static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *matching);
++static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *matching, int what);
+ static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
+                                                 const char *directory);
+ static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
+@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
+ {
+     netsnmp_container *c;
+ 
++    int rc;
++
+     c = netsnmp_container_find("certs:binary_array");
+     if (NULL == c) {
+         snmp_log(LOG_ERR, "could not create container for %s\n", use);
+@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
+     c->free_item = (netsnmp_container_obj_func*)_cert_free;
+     c->compare = (netsnmp_container_compare*)_cert_compare;
+ 
++    CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
++
+     return c;
+ }
+ 
+@@ -362,6 +368,8 @@ _setup_containers(void)
+ {
+     netsnmp_container *additional_keys;
+ 
++    int rc;
++
+     _certs = _get_cert_container("netsnmp certificates");
+     if (NULL == _certs)
+         return;
+@@ -376,6 +384,7 @@ _setup_containers(void)
+     additional_keys->container_name = strdup("certs_cn");
+     additional_keys->free_item = NULL;
+     additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
++    CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+     netsnmp_container_add_index(_certs, additional_keys);
+ 
+     /** additional keys: subject name */
+@@ -389,6 +398,7 @@ _setup_containers(void)
+     additional_keys->free_item = NULL;
+     additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
+     additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
++    CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+     netsnmp_container_add_index(_certs, additional_keys);
+ 
+     /** additional keys: file name */
+@@ -402,6 +412,7 @@ _setup_containers(void)
+     additional_keys->free_item = NULL;
+     additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
+     additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
++    CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+     netsnmp_container_add_index(_certs, additional_keys);
+ 
+     _keys = netsnmp_container_find("cert_keys:binary_array");
+@@ -424,7 +435,7 @@ netsnmp_cert_map_container(void)
+ }
+ 
+ static netsnmp_cert *
+-_new_cert(const char *dirname, const char *filename, int certType,
++_new_cert(const char *dirname, const char *filename, int certType, int offset,
+           int hashType, const char *fingerprint, const char *common_name,
+           const char *subject)
+ {
+@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
+ 
+     cert->info.dir = strdup(dirname);
+     cert->info.filename = strdup(filename);
+-    cert->info.allowed_uses = NS_CERT_REMOTE_PEER;
++    /* only the first certificate is allowed to be a remote peer */
++    cert->info.allowed_uses = offset ? 0 : NS_CERT_REMOTE_PEER;
+     cert->info.type = certType;
++    cert->offset = offset;
+     if (fingerprint) {
+         cert->hash_type = hashType;
+         cert->fingerprint = strdup(fingerprint);
+@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
+  * certificate utility functions
+  *
+  */
++static BIO *
++netsnmp_open_bio(const char *dir, const char *filename)
++{
++    BIO            *certbio;
++    char            file[SNMP_MAXPATH];
++
++    DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename));
++
++    certbio = BIO_new(BIO_s_file());
++    if (NULL == certbio) {
++        snmp_log(LOG_ERR, "error creating BIO\n");
++        return NULL;
++    }
++
++    snprintf(file, sizeof(file),"%s/%s", dir, filename);
++    if (BIO_read_filename(certbio, file) <=0) {
++        snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", file);
++        BIO_vfree(certbio);
++        return NULL;
++    }
++
++    return certbio;
++}
++
++static void
++netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert)
++{
++    int             is_ca;
++
++    cert->ocert = ocert;
++
++    /*
++     * X509_check_ca return codes:
++     * 0 not a CA
++     * 1 is a CA
++     * 2 basicConstraints absent so "maybe" a CA
++     * 3 basicConstraints absent but self signed V1.
++     * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
++     * 5 outdated Netscape Certificate Type CA extension.
++     */
++    is_ca = X509_check_ca(ocert);
++    if (1 == is_ca)
++        cert->info.allowed_uses |= NS_CERT_CA;
++
++    if (NULL == cert->subject) {
++        cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
++                                          0);
++        DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
++    }
++
++    if (NULL == cert->issuer) {
++        cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
++        if (strcmp(cert->subject, cert->issuer) == 0) {
++            free(cert->issuer);
++            cert->issuer = strdup("self-signed");
++        }
++        DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
++    }
++
++    if (NULL == cert->fingerprint) {
++        cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
++        cert->fingerprint =
++            netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
++    }
++
++    if (NULL == cert->common_name) {
++        cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
++                                                               NULL);
++        DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
++    }
++
++}
++
+ static X509 *
+ netsnmp_ocert_get(netsnmp_cert *cert)
+ {
+     BIO            *certbio;
+     X509           *ocert = NULL;
++    X509           *ncert = NULL;
+     EVP_PKEY       *okey = NULL;
+-    char            file[SNMP_MAXPATH];
+-    int             is_ca;
+ 
+     if (NULL == cert)
+         return NULL;
+@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
+         }
+     }
+ 
+-    DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename));
+-
+-    certbio = BIO_new(BIO_s_file());
+-    if (NULL == certbio) {
+-        snmp_log(LOG_ERR, "error creating BIO\n");
+-        return NULL;
+-    }
+-
+-    snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
+-    if (BIO_read_filename(certbio, file) <=0) {
+-        snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
+-        BIO_vfree(certbio);
++    certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
++    if (!certbio) {
+         return NULL;
+     }
+ 
+-    if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
+-        char *pos = strrchr(cert->info.filename, '.');
+-        if (NULL == pos)
+-            return NULL;
+-        cert->info.type = _cert_ext_type(++pos);
+-        netsnmp_assert(cert->info.type != NS_CERT_TYPE_UNKNOWN);
+-    }
+-
+     switch (cert->info.type) {
+ 
+         case NS_CERT_TYPE_DER:
++            (void)BIO_seek(certbio, cert->offset);
+             ocert = d2i_X509_bio(certbio,NULL); /* DER/ASN1 */
+             if (NULL != ocert)
+                 break;
+-            (void)BIO_reset(certbio);
+             /* Check for PEM if DER didn't work */
+             /* FALLTHROUGH */
+ 
+         case NS_CERT_TYPE_PEM:
+-            ocert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
++            (void)BIO_seek(certbio, cert->offset);
++            ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+             if (NULL == ocert)
+                 break;
+             if (NS_CERT_TYPE_DER == cert->info.type) {
+                 DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
+                 cert->info.type = NS_CERT_TYPE_PEM;
+             }
+-            /** check for private key too */
+-            if (NULL == cert->key) {
+-                (void)BIO_reset(certbio);
+-                okey =  PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
++            /** check for private key too, but only if we're the first certificate */
++            if (0 == cert->offset && NULL == cert->key) {
++                okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+                 if (NULL != okey) {
+                     netsnmp_key  *key;
+                     DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
+@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
+             break;
+ #ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
+         case NS_CERT_TYPE_PKCS12:
+-            (void)BIO_reset(certbio);
++            (void)BIO_seek(certbio, cert->offset);
+             PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
+             if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
+                                    PKCS12_verify_mac(p12, NULL, 0)))
+@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
+         return NULL;
+     }
+ 
+-    cert->ocert = ocert;
+-    /*
+-     * X509_check_ca return codes:
+-     * 0 not a CA
+-     * 1 is a CA
+-     * 2 basicConstraints absent so "maybe" a CA
+-     * 3 basicConstraints absent but self signed V1.
+-     * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+-     * 5 outdated Netscape Certificate Type CA extension.
+-     */
+-    is_ca = X509_check_ca(ocert);
+-    if (1 == is_ca)
+-        cert->info.allowed_uses |= NS_CERT_CA;
+-
+-    if (NULL == cert->subject) {
+-        cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
+-                                          0);
+-        DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
+-    }
+-
+-    if (NULL == cert->issuer) {
+-        cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
+-        if (strcmp(cert->subject, cert->issuer) == 0) {
+-            free(cert->issuer);
+-            cert->issuer = strdup("self-signed");
+-        }
+-        DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
+-    }
+-    
+-    if (NULL == cert->fingerprint) {
+-        cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
+-        cert->fingerprint =
+-            netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
+-    }
+-    
+-    if (NULL == cert->common_name) {
+-        cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
+-                                                               NULL);
+-        DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
+-    }
++    netsnmp_ocert_parse(cert, ocert);
+ 
+     return ocert;
+ }
+@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key  *key)
+ {
+     BIO            *keybio;
+     EVP_PKEY       *okey;
+-    char            file[SNMP_MAXPATH];
+ 
+     if (NULL == key)
+         return NULL;
+@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key  *key)
+     if (key->okey)
+         return key->okey;
+ 
+-    snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename);
+-    DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename));
+-
+-    keybio = BIO_new(BIO_s_file());
+-    if (NULL == keybio) {
+-        snmp_log(LOG_ERR, "error creating BIO\n");
+-        return NULL;
+-    }
+-
+-    if (BIO_read_filename(keybio, file) <=0) {
+-        snmp_log(LOG_ERR, "error reading certificate %s into BIO\n",
+-                 key->info.filename);
+-        BIO_vfree(keybio);
++    keybio = netsnmp_open_bio(key->info.dir, key->info.filename);
++    if (!keybio) {
+         return NULL;
+     }
+ 
+@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
+             cert->issuer_cert =  _find_issuer(cert);
+             if (NULL == cert->issuer_cert) {
+                 DEBUGMSGT(("cert:load:warn",
+-                           "couldn't load CA chain for cert %s\n",
++                           "couldn't load full CA chain for cert %s\n",
+                            cert->info.filename));
+                 rc = CERT_LOAD_PARTIAL;
+                 break;
+@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
+         /** get issuer ocert */
+         if ((NULL == cert->issuer_cert->ocert) &&
+             (netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
+-            DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n",
++            DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for %s\n",
+                        cert->info.filename));
+             rc = CERT_LOAD_PARTIAL;
+             break;
+@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+         return;
+     }
+ 
+-    if(key) {
++    if (key) {
+         if (key->cert) {
+             DEBUGMSGT(("cert:partner", "key already has partner\n"));
+             return;
+@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+             return;
+         *pos = 0;
+ 
+-        matching = _cert_find_subset_fn( filename, key->info.dir );
++        matching = _cert_reduce_subset_first(_cert_find_subset_fn( filename,
++                                             key->info.dir ));
+         if (!matching)
+             return;
+         if (1 == matching->size) {
+@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+             DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
+                           key->info.filename));
+     }
+-    else if(cert) {
++    else if (cert) {
+         if (cert->key) {
+             DEBUGMSGT(("cert:partner", "cert already has partner\n"));
+             return;
+@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+     }
+ }
+ 
++static netsnmp_key *
++_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *index)
++{
++    netsnmp_key  *key;
++
++    key = _new_key(dirname, filename);
++    if (NULL == key) {
++        return NULL;
++    }
++
++    key->okey = okey;
++
++    if (-1 == CONTAINER_INSERT(_keys, key)) {
++        DEBUGMSGT(("cert:key:file:add:err",
++                   "error inserting key into container\n"));
++        netsnmp_key_free(key);
++        key = NULL;
++    }
++    if (index) {
++        fprintf(index, "k:%s\n", filename);
++    }
++
++    return key;
++}
++
++static netsnmp_cert *
++_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, FILE *index)
++{
++    netsnmp_cert *cert;
++
++    cert = _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NULL);
++    if (NULL == cert)
++        return NULL;
++
++    netsnmp_ocert_parse(cert, ocert);
++
++    if (-1 == CONTAINER_INSERT(_certs, cert)) {
++        DEBUGMSGT(("cert:file:add:err",
++                   "error inserting cert into container\n"));
++        netsnmp_cert_free(cert);
++        return NULL;
++    }
++
++    if (index) {
++        /** filename = NAME_MAX = 255 */
++        /** fingerprint max = 64*3=192 for sha512 */
++        /** common name / CN  = 64 */
++        if (cert)
++            fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename,
++                    cert->info.type, cert->offset, cert->hash_type, cert->fingerprint,
++                    cert->common_name, cert->subject);
++    }
++
++    return cert;
++}
++
+ static int
+ _add_certfile(const char* dirname, const char* filename, FILE *index)
+ {
+-    X509         *ocert;
+-    EVP_PKEY     *okey;
++    BIO          *certbio;
++    X509         *ocert = NULL;
++    X509         *ncert;
++    EVP_PKEY     *okey = NULL;
+     netsnmp_cert *cert = NULL;
+     netsnmp_key  *key = NULL;
+     char          certfile[SNMP_MAXPATH];
+     int           type;
++    int           offset = 0;
+ 
+     if (((const void*)NULL == dirname) || (NULL == filename))
+         return -1;
+ 
+     type = _type_from_filename(filename);
+-    netsnmp_assert(type != NS_CERT_TYPE_UNKNOWN);
++    if (type == NS_CERT_TYPE_UNKNOWN) {
++        snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignoring\n", filename);
++        return -1;
++    }
+ 
+-    snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename);
++    certbio = netsnmp_open_bio(dirname, filename);
++    if (!certbio) {
++        return -1;
++    }
+ 
+-    DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename,
+-               type));
++    switch (type) {
+ 
+-    if (NS_CERT_TYPE_KEY == type) {
+-        key = _new_key(dirname, filename);
+-        if (NULL == key)
+-            return -1;
+-        okey = netsnmp_okey_get(key);
+-        if (NULL == okey) {
+-            netsnmp_key_free(key);
+-            return -1;
+-        }
+-        key->okey = okey;
+-        if (-1 == CONTAINER_INSERT(_keys, key)) {
+-            DEBUGMSGT(("cert:key:file:add:err",
+-                       "error inserting key into container\n"));
+-            netsnmp_key_free(key);
+-            key = NULL;
+-        }
+-    }
+-    else {
+-        cert = _new_cert(dirname, filename, type, -1, NULL, NULL, NULL);
+-        if (NULL == cert)
+-            return -1;
+-        ocert = netsnmp_ocert_get(cert);
+-        if (NULL == ocert) {
+-            netsnmp_cert_free(cert);
+-            return -1;
+-        }
+-        cert->ocert = ocert;
+-        if (-1 == CONTAINER_INSERT(_certs, cert)) {
+-            DEBUGMSGT(("cert:file:add:err",
+-                       "error inserting cert into container\n"));
+-            netsnmp_cert_free(cert);
+-            cert = NULL;
+-        }
+-    }
+-    if ((NULL == cert) && (NULL == key)) {
+-        DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile));
+-        return -1;
++       case NS_CERT_TYPE_KEY: 
++
++           okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
++           if (NULL == okey)
++               snmp_log(LOG_ERR, "error parsing key file %s\n",
++                     key->info.filename);
++           else {
++               key = _add_key(okey, dirname, filename, index);
++               if (NULL == key) {
++                   EVP_PKEY_free(okey);
++                      okey = NULL;
++               }
++           }
++           break;
++
++        case NS_CERT_TYPE_DER:
++
++            ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */
++            if (NULL != ocert) {
++                if (!_add_cert(ocert, dirname, filename, type, 0, index)) {
++                    X509_free(ocert);
++                    ocert = NULL;
++                }
++                break;
++            }
++            (void)BIO_reset(certbio);
++            /* Check for PEM if DER didn't work */
++            /* FALLTHROUGH */
++
++        case NS_CERT_TYPE_PEM:
++
++            if (NS_CERT_TYPE_DER == type) {
++                DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
++                type = NS_CERT_TYPE_PEM;
++            }
++            ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
++            if (NULL != ocert) {
++                cert = _add_cert(ncert, dirname, filename, type, offset, index);
++                if (NULL == cert) {
++                    X509_free(ocert);
++                    ocert = ncert = NULL;
++                }
++            }
++            while (NULL != ncert) {
++                offset = BIO_tell(certbio);
++                ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
++                if (ncert) {
++                    if (NULL == _add_cert(ncert, dirname, filename, type, offset, index)) {
++                        X509_free(ncert);
++                        ncert = NULL;
++                    }
++                }
++            }
++
++            BIO_seek(certbio, offset);
++
++            /** check for private key too */
++            okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
++
++            if (NULL != okey) {
++                DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
++                           cert->info.filename));
++                key = _add_key(okey, dirname, filename, NULL);
++                if (NULL != key) {
++                    DEBUGMSGT(("cert:read:partner", "%s match found!\n",
++                               cert->info.filename));
++                    key->cert = cert;
++                    cert->key = key;
++                    cert->info.allowed_uses |= NS_CERT_IDENTITY;
++                }
++                else {
++                    EVP_PKEY_free(okey);
++                    okey = NULL;
++                }
++            }
++
++            break;
++
++#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
++        case NS_CERT_TYPE_PKCS12:
++#endif
++
++        default:
++            break;
+     }
+ 
+-    if (index) {
+-        /** filename = NAME_MAX = 255 */
+-        /** fingerprint max = 64*3=192 for sha512 */
+-        /** common name / CN  = 64 */
+-        if (cert)
+-            fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename,
+-                    cert->info.type, cert->hash_type, cert->fingerprint,
+-                    cert->common_name, cert->subject);
+-        else if (key)
+-            fprintf(index, "k:%s\n", filename);
++    BIO_vfree(certbio);
++
++    if ((NULL == ocert) && (NULL == okey)) {
++        snmp_log(LOG_ERR, "certificate file '%s' contained neither certificate nor key, ignoring\n", certfile);
++        return -1;
+     }
+ 
+     return 0;
+@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+     struct stat     idx_stat;
+     char            tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
+     char            fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
+-    char            subject[SNMP_MAXBUF_SMALL], hash_str[15];
++    char            subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15];
++    ssize_t         offset;
+     int             count = 0, type, hash, version;
+     netsnmp_cert    *cert;
+     netsnmp_key     *key;
+@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+         netsnmp_directory_container_read_some(NULL, dirname,
+                                               _time_filter, &idx_stat,
+                                               NETSNMP_DIR_NSFILE |
+-                                              NETSNMP_DIR_NSFILE_STATS);
++                                              NETSNMP_DIR_NSFILE_STATS |
++                                              NETSNMP_DIR_ALLOW_DUPLICATES);
+     if (newer) {
+         DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
+         CONTAINER_FREE_ALL(newer, NULL);
+@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+             pos = &tmpstr[2];
+             if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
+                 (NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
++                (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) ||
+                 (NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
+                 (NULL == (pos=copy_nword(pos, fingerprint,
+                                          sizeof(fingerprint)))) ||
+@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+                 break;
+             }
+             type = atoi(type_str);
++            offset = atoi(offset_str);
+             hash = atoi(hash_str);
+-            cert = _new_cert(dirname, filename, type, hash, fingerprint,
++            cert = _new_cert(dirname, filename, type, offset, hash, fingerprint,
+                              common_name, subject);
+             if (cert && 0 == CONTAINER_INSERT(found, cert))
+                 ++count;
+@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname)
+         netsnmp_directory_container_read_some(NULL, dirname,
+                                               _cert_cert_filter, NULL,
+                                               NETSNMP_DIR_RELATIVE_PATH |
+-                                              NETSNMP_DIR_EMPTY_OK );
++                                              NETSNMP_DIR_EMPTY_OK |
++                                              NETSNMP_DIR_ALLOW_DUPLICATES);
+     if (NULL == cert_container) {
+         DEBUGMSGT(("cert:index:dir",
+                     "error creating container for cert files\n"));
+@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context)
+     if (NULL == c)
+         return;
+ 
+-    DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.dir));
++    DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filename, c->info.dir, c->offset));
+     DEBUGMSGT(("cert:dump", "   type %d flags 0x%x (%s)\n",
+              c->info.type, c->info.allowed_uses,
+               _mode_str(c->info.allowed_uses)));
+@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint)
+         netsnmp_void_array *matching;
+ 
+         DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
+-        matching = _cert_find_subset_fn( filename, NULL );
++        matching = _cert_reduce_subset_what(_cert_find_subset_fn(
++                                            filename, NULL ), what);
+         if (!matching)
+             return NULL;
+         if (1 == matching->size)
+@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
+     }
+ }
+ 
++/*
++ * reduce subset by eliminating any certificates that are not the
++ * first certficate in a file. This allows us to ignore certificate
++ * chains when testing for specific certificates, and to match keys
++ * to the first certificate only.
++ */
++static netsnmp_void_array *
++_cert_reduce_subset_first(netsnmp_void_array *matching)
++{
++    netsnmp_cert *cc;
++    int i = 0, j, newsize;
++
++    if ((NULL == matching))
++        return matching;
++
++    newsize = matching->size;
++
++    for( ; i < matching->size; ) {
++        /*
++         * if we've shifted matches down we'll hit a NULL entry before
++         * we hit the end of the array.
++         */
++        if (NULL == matching->array[i])
++            break;
++        /*
++         * skip over valid matches. The first entry has an offset of zero.
++         */
++        cc = (netsnmp_cert*)matching->array[i];
++        if (0 == cc->offset) {
++            ++i;
++            continue;
++        }
++        /*
++         * shrink array by shifting everything down a spot. Might not be
++         * the most efficient soloution, but this is just happening at
++         * startup and hopefully most certs won't have common prefixes.
++         */
++        --newsize;
++        for ( j=i; j < newsize; ++j )
++            matching->array[j] = matching->array[j+1];
++        matching->array[j] = NULL;
++        /** no ++i; just shifted down, need to look at same position again */
++    }
++    /*
++     * if we shifted, set the new size
++     */
++    if (newsize != matching->size) {
++        DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d to %d\n",
++                   matching->size, newsize));
++        matching->size = newsize;
++    }
++
++    if (0 == matching->size) {
++        free(matching->array);
++        SNMP_FREE(matching);
++    }
++
++    return matching;
++}
++
++/*
++ * reduce subset by eliminating any certificates that do not match
++ * purpose specified.
++ */
++static netsnmp_void_array *
++_cert_reduce_subset_what(netsnmp_void_array *matching, int what)
++{
++    netsnmp_cert_common *cc;
++    int i = 0, j, newsize;
++
++    if ((NULL == matching))
++        return matching;
++
++    newsize = matching->size;
++
++    for( ; i < matching->size; ) {
++        /*
++         * if we've shifted matches down we'll hit a NULL entry before
++         * we hit the end of the array.
++         */
++        if (NULL == matching->array[i])
++            break;
++        /*
++         * skip over valid matches. The first entry has an offset of zero.
++         */
++        cc = (netsnmp_cert_common *)matching->array[i];
++        if ((cc->allowed_uses & what)) {
++            ++i;
++            continue;
++        }
++        /*
++         * shrink array by shifting everything down a spot. Might not be
++         * the most efficient soloution, but this is just happening at
++         * startup and hopefully most certs won't have common prefixes.
++         */
++        --newsize;
++        for ( j=i; j < newsize; ++j )
++            matching->array[j] = matching->array[j+1];
++        matching->array[j] = NULL;
++        /** no ++i; just shifted down, need to look at same position again */
++    }
++    /*
++     * if we shifted, set the new size
++     */
++    if (newsize != matching->size) {
++        DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to %d\n",
++                   matching->size, newsize));
++        matching->size = newsize;
++    }
++
++    if (0 == matching->size) {
++        free(matching->array);
++        SNMP_FREE(matching);
++    }
++
++    return matching;
++}
++
+ static netsnmp_void_array *
+ _cert_find_subset_common(const char *filename, netsnmp_container *container)
+ {
+diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
+index c2dd989..e7145e4 100644
+--- a/snmplib/dir_utils.c
++++ b/snmplib/dir_utils.c
+@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
+         /** default to unsorted */
+         if (! (flags & NETSNMP_DIR_SORTED))
+             CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
++        /** default to duplicates not allowed */
++        if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
++           CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+     }
+ 
+     dir = opendir(dirname);

net-snmp-5.9-ipv6-disable-leak.patch

@@ -0,0 +1,12 @@
+diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
+--- a/snmplib/snmp_logging.c	2023-02-15 10:19:15.691827254 +0100
++++ b/snmplib/snmp_logging.c	2023-02-15 10:24:41.006642974 +0100
+@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
+ char *
+ snmp_log_syslogname(const char *pstr)
+ {
+-  if (pstr)
++  if (pstr && (pstr != syslogname))
+     strlcpy (syslogname, pstr, sizeof(syslogname));
+ 
+   return syslogname;

net-snmp-5.9-memory-reporting.patch

@@ -0,0 +1,28 @@
+diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
+index 6d5e86c..68b55d2 100644
+--- a/agent/mibgroup/hardware/memory/memory_linux.c
++++ b/agent/mibgroup/hardware/memory/memory_linux.c
+@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
+         if (first)
+             snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
+     }
++    b = strstr(buff, "SReclaimable: ");
++    if (b)
++        sscanf(b, "SReclaimable: %lu", &sreclaimable);
++    else {
++        if (first)
++            snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
++    }
+     b = strstr(buff, "SwapFree: ");
+     if (b)
+         sscanf(b, "SwapFree: %lu", &swapfree);
+@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
+         if (first)
+             snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
+     }
+-    b = strstr(buff, "SReclaimable: ");
+-    if (b)
+-        sscanf(b, "SReclaimable: %lu", &sreclaimable);
+     first = 0;
+ 
+ 

net-snmp-5.9-multilib.patch

@@ -0,0 +1,48 @@
+diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
+index 90b20d9..bd5abe1 100644
+--- a/man/netsnmp_config_api.3.def
++++ b/man/netsnmp_config_api.3.def
+@@ -295,7 +295,7 @@ for one particular machine.
+ .PP
+ The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
+ followed by \fC DATADIR/snmp\fP,
+-followed by \fC LIBDIR/snmp\fP,
++followed by \fC /usr/lib(64)/snmp\fP,
+ followed by \fC $HOME/.snmp\fP.
+ This list can be changed by setting the environmental variable
+ .I SNMPCONFPATH
+@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration
+ files in.
+ Default:
+ .br
+-SYSCONFDIR/snmp:\:DATADIR/snmp:\:LIBDIR/snmp:\:$HOME/.snmp
++SYSCONFDIR/snmp:\:DATADIR/snmp:\:/usr/lib(64)/snmp:\:$HOME/.snmp
+ .SH "SEE ALSO"
+ netsnmp_mib_api(3), snmp_api(3)
+ .\" Local Variables:
+diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def
+index fd30873..c3437d6 100644
+--- a/man/snmp_config.5.def
++++ b/man/snmp_config.5.def
+@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
+ found and read from.  By default, the applications look for
+ configuration files in the following 4 directories, in order:
+ SYSCONFDIR/snmp,
+-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp.  In each of these
++DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp.  In each of these
+ directories, it looks for files snmp.conf, snmpd.conf and/or
+ snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
+ and/or snmptrapd.local.conf. *.local.conf are always
+diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
+index 7ce8a46..a4000f9 100644
+--- a/man/snmpd.conf.5.def
++++ b/man/snmpd.conf.5.def
+@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
+ .RS
+ .IP "Note:"
+ If the specified PATH is not a fully qualified filename, it will
+-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
++be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
+ will be appended to the filename.
+ .RE
+ .PP

net-snmp-5.9-pie.patch

@@ -0,0 +1,26 @@
+diff --git a/agent/Makefile.in b/agent/Makefile.in
+index 047d880..38d40aa 100644
+--- a/agent/Makefile.in
++++ b/agent/Makefile.in
+@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
+ 	$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? 
+ 
+ snmpd$(EXEEXT):	${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) 
+-	$(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
++	$(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ 
+ libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION):    ${LLIBAGENTOBJS} $(USELIBS)
+ 	$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
+diff --git a/apps/Makefile.in b/apps/Makefile.in
+index 3dbb1d1..48ed23a 100644
+--- a/apps/Makefile.in
++++ b/apps/Makefile.in
+@@ -190,7 +190,7 @@ snmptest$(EXEEXT):    snmptest.$(OSUFFIX) $(USELIBS)
+ 	$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ 
+ snmptrapd$(EXEEXT):    $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
+-	$(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
++	$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ 
+ snmptrap$(EXEEXT):    snmptrap.$(OSUFFIX) $(USELIBS)
+ 	$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}

net-snmp-5.9-python3.patch

@@ -0,0 +1,38 @@
+diff --git a/Makefile.in b/Makefile.in
+index 912f6b2..862fb5f 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -227,7 +227,7 @@ perlcleanfeatures:
+ 
+ # python specific build rules
+ #
+-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
++PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
+ pythonmodules: subdirs
+ 	@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
+         if test $$? != 0 ; then \
+diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
+index daf11a4..3a30a64 100644
+--- a/python/netsnmp/client.py
++++ b/python/netsnmp/client.py
+@@ -56,7 +56,7 @@ class Varbind(object):
+     def __init__(self, tag=None, iid=None, val=None, type_arg=None):
+         self.tag = STR(tag)
+         self.iid = STR(iid)
+-        self.val = STR(val)
++        self.val = val
+         self.type = STR(type_arg)
+         # parse iid out of tag if needed
+         if iid is None and tag is not None:
+@@ -66,7 +66,10 @@ class Varbind(object):
+                 (self.tag, self.iid) = match.group(1, 2)
+ 
+     def __setattr__(self, name, val):
+-        self.__dict__[name] = STR(val)
++        if name == 'val':
++            self.__dict__[name] = val
++        else:
++            self.__dict__[name] = STR(val)
+ 
+     def __str__(self):
+         return obj_to_str(self)

net-snmp-5.9-rpmdb.patch

@@ -0,0 +1,65 @@
+From ed4ee14af5b83fa4a86dfaa783f841d3e8545ce4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
+Date: Wed, 9 Aug 2023 16:51:28 +0200
+Subject: [PATCH] Add support for RPM SQLite DB background.
+
+From RPM 4.16 the SQLite support is available for RPM DB.
+After https://fedoraproject.org/wiki/Changes/Sqlite_Rpmdb, rpm changed
+it's background DB from Berkeley to SQLite in Fedora.
+Net-SNMP is using hard coded paths to determine where RPM DB files are.
+
+This update is adding check for rpmdb.sqlite file in order to be able
+invalidate internal cache after system package change.
+
+Closes #596
+---
+ agent/mibgroup/host/data_access/swinst_rpm.c | 18 +++++++++++++-----
+ agent/mibgroup/host/hr_swinst.c              |  3 +++
+ 2 files changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
+index 050edff307..7ad91a3194 100644
+--- a/agent/mibgroup/host/data_access/swinst_rpm.c
++++ b/agent/mibgroup/host/data_access/swinst_rpm.c
+@@ -73,15 +73,23 @@ netsnmp_swinst_arch_init(void)
+ #endif
+ 
+     snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
++    
++    if (-1 == stat( pkg_directory, &stat_buf )) {
++
++        /* check for SQLite DB backend */
++        snprintf( pkg_directory, SNMP_MAXPATH, "%s/rpmdb.sqlite", dbpath );
++        
++        if (-1 == stat( pkg_directory, &stat_buf )) {
++            snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
++            pkg_directory[0] = '\0';
++        }
++    }
++
+     SNMP_FREE(rpmdbpath);
+     dbpath = NULL;
+ #ifdef HAVE_RPMGETPATH
+     rpmFreeRpmrc();
+-#endif
+-    if (-1 == stat( pkg_directory, &stat_buf )) {
+-        snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
+-        pkg_directory[0] = '\0';
+-    }
++#endif    
+ }
+ 
+ void
+diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
+--- a/agent/mibgroup/host/hr_swinst.c	2023-07-31 11:37:44.855071535 +0200
++++ b/agent/mibgroup/host/hr_swinst.c	2023-08-14 12:45:14.846357019 +0200
+@@ -229,6 +229,9 @@ init_hr_swinst(void)
+         snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath);
+         if (stat(path, &stat_buf) == -1)
+             snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
++        /* check for SQLite DB backend */
++        if (stat(path, &stat_buf) == -1)
++            snprintf(path, sizeof(path), "%s/rpmdb.sqlite", swi->swi_dbpath);
+         path[ sizeof(path)-1 ] = 0;
+         swi->swi_directory = strdup(path);
+ #ifdef HAVE_RPMGETPATH

net-snmp-5.9-test-debug.patch

@@ -0,0 +1,110 @@
+diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
+index 6c07f74..7df0b51 100644
+--- a/testing/fulltests/default/T070com2sec_simple
++++ b/testing/fulltests/default/T070com2sec_simple
+@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
+ SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
+ SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
+ 
+-if false; then
+-  # The two tests below have been disabled because these rely on resolving a
+-  # domain name into a local IP address. Such DNS replies are filtered out by
+-  # many security devices because to avoid DNS rebinding attacks. See also
+-  # https://en.wikipedia.org/wiki/DNS_rebinding.
+-
+-  CHECKAGENT '<"c408a"'
+-  if [ "$snmp_last_test_result" -eq 0 ] ; then
+-    CHECKAGENT 'line 32: Error:'
+-    if [ "$snmp_last_test_result" -ne 1 ] ; then
+-      return_value=1
+-      FINISHED
+-    fi
+-  elif [ "$snmp_last_test_result" -ne 1 ] ; then
++FINISHED
++
++# don't test the rest, it depends on DNS, which is not available in Koji
++
++CHECKAGENT '<"c408a"'
++if [ "$snmp_last_test_result" -eq 0 ] ; then
++  CHECKAGENT 'line 32: Error:'
++  if [ "$snmp_last_test_result" -ne 1 ] ; then
+     return_value=1
+     FINISHED
+   fi
++elif [ "$snmp_last_test_result" -ne 1 ] ; then
++  return_value=1
++  FINISHED
++fi
+ 
+-  CHECKAGENT '<"c408b"'
+-  if [ "$snmp_last_test_result" -eq 0 ] ; then
+-    CHECKAGENT 'line 33: Error:'
+-    if [ "$snmp_last_test_result" -ne 1 ] ; then
+-      return_value=1
+-    fi
+-  elif [ "$snmp_last_test_result" -ne 1 ] ; then
++CHECKAGENT '<"c408b"'
++if [ "$snmp_last_test_result" -eq 0 ] ; then
++  CHECKAGENT 'line 33: Error:'
++  if [ "$snmp_last_test_result" -ne 1 ] ; then
+     return_value=1
+   fi
+-
++elif [ "$snmp_last_test_result" -ne 1 ] ; then
++  return_value=1
+ fi
+ 
+ FINISHED
+diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
+index 76da70b..bc2d432 100644
+--- a/testing/fulltests/default/T071com2sec6_simple
++++ b/testing/fulltests/default/T071com2sec6_simple
+@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
+ SAVECHECKAGENT 'line 27: Error:'
+ SAVECHECKAGENT 'line 28: Error:'
+ 
+-if false; then
+-  # The two tests below have been disabled because these rely on resolving a
+-  # domain name into a local IP address. Such DNS replies are filtered out by
+-  # many security devices because to avoid DNS rebinding attacks. See also
+-  # https://en.wikipedia.org/wiki/DNS_rebinding.
+-
+-  # 608
+-  CHECKAGENT '<"c608a"'
+-  if [ "$snmp_last_test_result" -eq 0 ] ; then
+-    CHECKAGENT 'line 29: Error:'
+-    errnum=`expr $errnum - 1`
+-    if [ "$snmp_last_test_result" -ne 1 ] ; then
+-      FINISHED
+-    fi
+-  elif [ "$snmp_last_test_result" -ne 1 ] ; then
++FINISHED
++
++# don't test the rest, it depends on DNS, which is not available in Koji
++
++# 608
++CHECKAGENT '<"c608a"'
++if [ "$snmp_last_test_result" -eq 0 ] ; then
++  CHECKAGENT 'line 29: Error:'
++  errnum=`expr $errnum - 1`
++  if [ "$snmp_last_test_result" -ne 1 ] ; then
+     FINISHED
+   fi
++elif [ "$snmp_last_test_result" -ne 1 ] ; then
++  FINISHED
++fi
+ 
+-  CHECKAGENTCOUNT atleastone '<"c608b"'
+-  if [ "$snmp_last_test_result" -eq 0 ] ; then
+-    CHECKAGENT 'line 30: Error:'
+-    if [ "$snmp_last_test_result" -eq 1 ] ; then
+-      errnum=`expr $errnum - 1`
+-    fi
++CHECKAGENTCOUNT atleastone '<"c608b"'
++if [ "$snmp_last_test_result" -eq 0 ] ; then
++  CHECKAGENT 'line 30: Error:'
++  if [ "$snmp_last_test_result" -eq 1 ] ; then
++    errnum=`expr $errnum - 1`
+   fi
+ fi
+ 

net-snmp-5.9.1-remove-des.patch

@@ -0,0 +1,175 @@
+diff -urNp a/man/net-snmp-config.1.def b/man/net-snmp-config.1.def
+--- a/man/net-snmp-config.1.def	2021-05-26 09:30:07.430790003 +0200
++++ b/man/net-snmp-config.1.def	2021-05-26 09:35:36.703673542 +0200
+@@ -30,7 +30,7 @@ code for a list of available debug token
+ SNMP Setup commands:
+ .TP
+ \fB\-\-create\-snmpv3\-user\fR [\-ro] [\-a authpass] [\-x privpass]
+-[\-X DES|AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
++[\-X AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
+ .PP
+ These options produce the various compilation flags needed when
+ building external SNMP applications:
+diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
+--- a/man/net-snmp-create-v3-user.1.def	2021-05-26 09:30:07.430790003 +0200
++++ b/man/net-snmp-create-v3-user.1.def	2021-05-26 09:34:23.702034230 +0200
+@@ -3,7 +3,7 @@
+ net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
+ .SH SYNOPSIS
+ .PP
+-.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x AES]
+ .B [username]
+ .SH DESCRIPTION
+ .PP
+@@ -27,5 +27,5 @@ specifies the authentication password ha
+ \fB\-X privpass\fR
+ specifies the encryption password
+ .TP
+-\fB\-x DES|AES\fR
++\fB\-x AES\fR
+ specifies the encryption algorithm
+diff -urNp a/man/snmpcmd.1.def b/man/snmpcmd.1.def
+--- a/man/snmpcmd.1.def	2021-05-26 09:30:07.429789994 +0200
++++ b/man/snmpcmd.1.def	2021-05-26 09:37:51.104850500 +0200
+@@ -311,7 +311,7 @@ Overrides the \fIdefSecurityName\fR toke
+ file.
+ .TP
+ .BI \-x " privProtocol"
+-Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages. 
++Set the privacy protocol (AES) used for encrypted SNMPv3 messages. 
+ Overrides the \fIdefPrivType\fR token in the
+ .I snmp.conf
+ file. This option is only valid if the Net-SNMP software was build
+diff -urNp a/man/snmp.conf.5.def b/man/snmp.conf.5.def
+--- a/man/snmp.conf.5.def	2021-05-26 09:30:07.429789994 +0200
++++ b/man/snmp.conf.5.def	2021-05-26 09:40:03.730011937 +0200
+@@ -221,13 +221,13 @@ The
+ value will be used for the authentication and/or privacy pass phrases
+ if either of the other directives are not specified.
+ .IP "defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224"
+-.IP "defPrivType DES|AES"
++.IP "defPrivType AES"
+ define the default authentication and privacy protocols to use for
+ SNMPv3 requests.
+ These can be overridden using the \fB\-a\fR and \fB\-x\fR options respectively.
+ .IP
+ If not specified, SNMPv3 requests will default to MD5 authentication
+-and DES encryption.
++and AES encryption.
+ .RS
+ .IP "Note:
+ If the software has not been compiled to use the OpenSSL libraries,
+@@ -262,8 +262,7 @@ master keys which have been converted to
+ suitable for on particular SNMP engine (agent).  The length of the key
+ needs to be appropriate for the authentication or encryption type
+ being used (auth keys: MD5=16 bytes, SHA1=20 bytes;
+-priv keys: DES=16 bytes (8
+-bytes of which is used as an IV and not a key), and AES=16 bytes).
++priv keys: AES=16 bytes).
+ .IP "sshtosnmpsocket PATH"
+ Sets the path of the \fBsshtosnmp\fR socket created by an application
+ (e.g. snmpd) listening for incoming ssh connections through the
+diff -urNp a/man/snmpd.examples.5.def b/man/snmpd.examples.5.def
+--- a/man/snmpd.examples.5.def	2021-05-26 09:30:07.429789994 +0200
++++ b/man/snmpd.examples.5.def	2021-05-26 09:41:29.170761436 +0200
+@@ -87,8 +87,8 @@ the same authentication and encryption s
+ .RS
+ .nf
+ createUser me     MD5 "single pass phrase"
+-createUser myself MD5 "single pass phrase" DES
+-createUser andI   MD5 "single pass phrase" DES "single pass phrase"
++createUser myself MD5 "single pass phrase" AES
++createUser andI   MD5 "single pass phrase" AES "single pass phrase"
+ .fi
+ .RE
+ Note that this defines three \fIdistinct\fR users, who could be granted
+diff -urNp a/man/snmptrapd.conf.5.def b/man/snmptrapd.conf.5.def
+--- a/man/snmptrapd.conf.5.def	2021-05-26 09:30:07.428789985 +0200
++++ b/man/snmptrapd.conf.5.def	2021-05-26 09:42:02.963064029 +0200
+@@ -117,7 +117,7 @@ to trigger the types of processing liste
+ See
+ .IR snmpd.conf (5)
+ for more details.
+-.IP "createUser [-e  ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES]"
++.IP "createUser [-e  ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [AES]"
+ See the 
+ .IR snmpd.conf (5)
+ manual page for a description of how to create SNMPv3 users.  This
+diff -urNp a/man/snmpusm.1.def b/man/snmpusm.1.def
+--- a/man/snmpusm.1.def	2021-05-26 09:30:07.430790003 +0200
++++ b/man/snmpusm.1.def	2021-05-26 09:42:24.178253990 +0200
+@@ -216,7 +216,7 @@ rwuser initial
+ # lets add the new user we'll create too:
+ rwuser wes
+ # USM configuration entries
+-createUser initial MD5 setup_passphrase DES
++createUser initial MD5 setup_passphrase AES
+ .fi
+ .RE
+ .PP
+diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+--- a/net-snmp-create-v3-user.in	2021-05-26 09:30:07.369789468 +0200
++++ b/net-snmp-create-v3-user.in	2021-05-26 09:33:23.966511123 +0200
+@@ -10,7 +10,7 @@ if @PSCMD@ | egrep ' snmpd *$' > /dev/nu
+ fi
+ 
+ Aalgorithm="MD5"
+-Xalgorithm="DES"
++Xalgorithm="AES"
+ token=rwuser
+ 
+ while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
+@@ -57,11 +57,11 @@ case $1 in
+ 	    exit 1
+ 	fi
+         case $1 in
+-            DES|AES|AES128|AES192|AES256)
++            AES|AES128|AES192|AES256)
+ 	    Xalgorithm=$1
+ 	    shift
+ 	    ;;
+-            des|aes|aes128|aes192|aes256)
++            aes|aes128|aes192|aes256)
+ 	    Xalgorithm=$(echo "$1" | tr a-z A-Z)
+ 	    shift
+ 	    ;;
+@@ -90,7 +90,7 @@ if test "x$usage" = "xyes"; then
+     echo ""
+     echo "Usage:"
+     echo "  net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]"
+-    echo "                          [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x DES|AES] [username]"
++    echo "                          [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x AES] [username]"
+     echo ""
+     exit
+ fi
+diff -urNp a/README.snmpv3 b/README.snmpv3
+--- a/README.snmpv3	2021-05-26 09:30:07.352789320 +0200
++++ b/README.snmpv3	2021-05-26 09:44:49.109551728 +0200
+@@ -4,7 +4,7 @@ How to setup SNMPv3, a very brief docume
+ do a better job on since I suck at writing documentation and he
+ doesn't ;-) --Wes:
+ 
+-Note: SHA authentication and DES/AES encryption support is only available
++Note: SHA authentication and AES encryption support is only available
+ if you have OpenSSL installed or if you've compiled using
+ --with-openssl=internal.  If you use --with-openssl=internal please
+ read the documentation in snmplib/openssl/README for important details.
+@@ -27,7 +27,7 @@ CREATING THE FIRST USER:
+   WARNING: SNMPv3 pass phrases must be at least 8 characters long!
+ 
+   The above line creates the user "myuser" with a password of
+-  "my_password" (and uses MD5 and DES for protection).  (Note that
++  "my_password" (and uses MD5 and AES for protection).  (Note that
+   encryption support isn't enabled in the binary releases downloadable
+   from the net-snmp web site.)  net-snmp-config will also add a line
+   to your snmpd.conf file to let that user have read/write access to
+@@ -44,7 +44,7 @@ CREATING THE FIRST USER:
+        [ this should return information about how long your agent has been up]
+   
+     snmpget -v 3 -u myuser -l authPriv   -a MD5 -A my_password
+-                                         -x DES -X my_password localhost sysUpTime.0
++                                         -x AES -X my_password localhost sysUpTime.0
+        [ this should return similar information, but encrypts the transmission ]
+ 
+ CREATING A SECOND USER:

net-snmp-5.9.4-autoconf.patch

@@ -0,0 +1,6 @@
+diff -urNp a/dist/autoconf-version b/dist/autoconf-version
+--- a/dist/autoconf-version	2024-02-16 08:21:36.551729028 +0100
++++ b/dist/autoconf-version	2024-02-16 08:24:39.035608191 +0100
+@@ -1 +1 @@
+-2.71
++2.72

net-snmp-5.9.4-kernel-6.7.patch

@@ -0,0 +1,120 @@
+From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
+From: Philippe Troin <phil+github-commits@fifi.org>
+Date: Sat, 3 Feb 2024 10:30:30 -0800
+Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
+
+Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
+This breaks the hard-coded assumptions about the Ip line length.
+Add compatibility to parse Linux 6.7 Ip header while keep support
+for previous versions.
+---
+ .../ip-mib/data_access/systemstats_linux.c    | 46 +++++++++++++++----
+ 1 file changed, 37 insertions(+), 9 deletions(-)
+
+diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+index 49e0a34d5c..f04e828a94 100644
+--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
++++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
+ }
+ 
+ /*
+-  /proc/net/snmp
++  /proc/net/snmp - Linux 6.6 and lower
+ 
+   Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
+   Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
+@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
+   
+   Udp: InDatagrams NoPorts InErrors OutDatagrams
+   Udp: 1491094 122 0 1466178
++*
++  /proc/net/snmp - Linux 6.7 and higher
++
++  Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
++  Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
++
++  Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
++  Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
++
++  IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
++  IcmpMsg: 29953 17589 66905 66905 16610 59957 484
++
++  Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
++  Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
++
++  Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
++  Udp: 2257832 1422 0 2252835 0 0 0 84 0
++
++  UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
++  UdpLite: 0 0 0 0 0 0 0 0 0
+ */
+ 
+ 
+@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
+     FILE           *devin;
+     char            line[1024];
+     netsnmp_systemstats_entry *entry = NULL;
+-    int             scan_count;
++    int             scan_count, expected_scan_count;
+     char           *stats, *start = line;
+     int             len;
+-    unsigned long long scan_vals[19];
++    unsigned long long scan_vals[20];
+ 
+     DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
+                 load_flags));
+@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
+      */
+     NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
+     len = strlen(line);
+-    if (224 != len) {
++    switch (len) {
++    case 224:
++	expected_scan_count = 19;
++	break;
++    case 237:
++	expected_scan_count = 20;
++	break;
++    default:
+         fclose(devin);
+         snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
+-                 " %d != 224\n", len);
++                 " %d not in { 224, 237 } \n", len);
+         return -4;
+     }
+ 
+@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
+         memset(scan_vals, 0x0, sizeof(scan_vals));
+         scan_count = sscanf(stats,
+                             "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
+-                            "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
++                            "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
+                             &scan_vals[0],&scan_vals[1],&scan_vals[2],
+                             &scan_vals[3],&scan_vals[4],&scan_vals[5],
+                             &scan_vals[6],&scan_vals[7],&scan_vals[8],
+                             &scan_vals[9],&scan_vals[10],&scan_vals[11],
+                             &scan_vals[12],&scan_vals[13],&scan_vals[14],
+                             &scan_vals[15],&scan_vals[16],&scan_vals[17],
+-                            &scan_vals[18]);
++                            &scan_vals[18],&scan_vals[19]);
+         DEBUGMSGTL(("access:systemstats", "  read %d values\n", scan_count));
+ 
+-        if(scan_count != 19) {
++        if(scan_count != expected_scan_count) {
+             snmp_log(LOG_ERR,
+                      "error scanning systemstats data (expected %d, got %d)\n",
+-                     19, scan_count);
++                     expected_scan_count, scan_count);
+             netsnmp_access_systemstats_entry_free(entry);
+             return -4;
+         }
+@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
+         entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
+         entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
+         entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
++        /* entry->stats. = scan_vals[19]; / * OutTransmits */
+ 
+         entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
+         entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;
+

net-snmp-config

@@ -16,43 +16,47 @@
 arch=`arch`
 echo $arch | grep -q i.86
 if [ $? -eq 0 ] ; then
-    net-snmp-config-i386 $*
+    net-snmp-config-i386 "$@"
     exit 0
 fi
 if [ "$arch" = "ia64" ] ; then
-    net-snmp-config-ia64 $*
+    net-snmp-config-ia64 "$@"
     exit 0
 fi
 if [ "$arch" = "ppc" ] ; then
-    net-snmp-config-ppc $*
+    net-snmp-config-ppc "$@"
     exit 0
 fi
 if [ "$arch" = "ppc64" ] ; then
-    net-snmp-config-ppc64 $*
+    net-snmp-config-ppc64 "$@"
     exit 0
 fi
 if [ "$arch" = "s390" ] ; then
-    net-snmp-config-s390 $*
+    net-snmp-config-s390 "$@"
     exit 0
 fi
 if [ "$arch" = "s390x" ] ; then
-    net-snmp-config-s390x $*
+    net-snmp-config-s390x "$@"
     exit 0
 fi
 if [ "$arch" = "x86_64" ] ; then
-    net-snmp-config-x86_64 $*
+    net-snmp-config-x86_64 "$@"
     exit 0
 fi
 if [ "$arch" = "alpha" ] ; then
-    net-snmp-config-alpha $*
+    net-snmp-config-alpha "$@"
     exit 0
 fi
 if [ "$arch" = "sparc" ] ; then
-    net-snmp-config-sparc $*
+    net-snmp-config-sparc "$@"
     exit 0
 fi
 if [ "$arch" = "sparc64" ] ; then
-    net-snmp-config-sparc64 $*
+    net-snmp-config-sparc64 "$@"
+    exit 0
+fi
+if [ "$arch" = "aarch64" ] ; then
+    net-snmp-config-aarch64 "$@"
     exit 0
 fi
 echo "Cannot determine architecture"

net-snmp-config.h

@@ -4,10 +4,10 @@
  * out) in net-snmp-config.h.  The original net-snmp-config.h has been renamed.
  * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
 
-#ifdef net-snmp-config_multilib_redirection_h
-#error "Do not define net-snmp-config_multilib_redirection_h!"
+#ifdef net_snmp_config_multilib_redirection_h
+#error "Do not define net_snmp_config_multilib_redirection_h!"
 #endif
-#define net-snmp-config_multilib_redirection_h
+#define net_snmp_config_multilib_redirection_h
 
 #if defined(__i386__)
 #include "net-snmp-config-i386.h"
@@ -29,8 +29,10 @@
 #include "net-snmp-config-sparc64.h"
 #elif defined(__sparc__)
 #include "net-snmp-config-sparc.h"
+#elif defined(__aarch64__)
+#include "net-snmp-config-aarch64.h"
 #else
 #error "net-snmp-devel package does not work on your architecture"
 #endif
 
-#undef net-snmp-config_multilib_redirection_h
+#undef net_snmp_config_multilib_redirection_h

net-snmp-libs-misunderstanding.patch

@@ -0,0 +1,59 @@
+Libs.private should contain a list of libraries the library that the package
+exposes is linked too. So let's filter out unrelated link flags.
+
+diff --git net-snmp-5.9.1/netsnmp.pc.in~ net-snmp-5.9.1/netsnmp.pc.in
+index 0a1f5785a4..524ca91d82 100644
+--- net-snmp-5.9.1/netsnmp.pc.in~
++++ net-snmp-5.9.1/netsnmp.pc.in
+@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
+ Version: @PACKAGE_VERSION@
+ Cflags: -I${includedir}
+ Libs: -L${libdir} -lnetsnmp
+-Libs.private: @LDFLAGS@ @LNETSNMPLIBS@ @LIBS@ @PERLLDOPTS_FOR_APPS@
++Libs.private: @LNETSNMPLIBS@ @LIBS@
+diff --git net-snmp-5.9.1/netsnmp-agent.pc.in~ net-snmp-5.9.1/netsnmp-agent.pc.in
+index 3a1c77bbf8..3d3b308d21 100644
+--- net-snmp-5.9.1/netsnmp-agent.pc.in~
++++ net-snmp-5.9.1/netsnmp-agent.pc.in
+@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
+ Version: @PACKAGE_VERSION@
+ Cflags: -I${includedir}
+ Libs: -L${libdir} -lnetsnmpmibs -lnetsnmpagent -lnetsnmp
+-Libs.private: @LDFLAGS@ @LMIBLIBS@ @LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@ @LNETSNMPLIBS@ @LIBS@
++Libs.private: @LMIBLIBS@ @LAGENTLIBS@ @LNETSNMPLIBS@ @LIBS@
+diff --git net-snmp-5.9.1/net-snmp-config.in~ net-snmp-5.9.1/net-snmp-config.in
+index 6b5abf8f83..ee81ce98fa 100644
+--- net-snmp-5.9.1/net-snmp-config.in~
++++ net-snmp-5.9.1/net-snmp-config.in
+@@ -193,13 +193,13 @@ else
+     #################################################### client lib
+     --libs)
+       # use this one == --netsnmp-libs + --external-libs
+-      echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
++      echo $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
+       ;;
+     --netsnmp-libs)
+       echo $NSC_LIBDIR $NSC_BASE_SNMP_LIBS
+       ;;
+     --external-libs)
+-      echo $NSC_LDFLAGS $NSC_LNETSNMPLIBS $NSC_LIBS @PERLLDOPTS_FOR_APPS@
++      echo $NSC_LNETSNMPLIBS $NSC_LIBS
+       ;;
+     #################################################### agent lib
+     --base-agent-libs)
+@@ -210,13 +210,13 @@ else
+       ;;
+     --agent-libs)
+       # use this one == --netsnmp-agent-libs + --external-libs
+-      echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
++      echo $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
+       ;;
+     --netsnmp-agent-libs)
+       echo $NSC_LIBDIR $NSC_BASE_AGENT_LIBS
+       ;;
+     --external-agent-libs)
+-      echo $NSC_LDFLAGS $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
++      echo $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
+       ;;
+     ####################################################
+     --version|--ver*)

net-snmp-tmpfs.conf

@@ -0,0 +1 @@
+d	/run/net-snmp	0755	root	root

net-snmp.redhat.conf

@@ -38,14 +38,14 @@
 # First, map the community name "public" into a "security name"
 
 #       sec.name  source          community
-com2sec notConfigUser  default       public
+#com2sec notConfigUser  default       public
 
 ####
 # Second, map the security name into a group name:
 
 #       groupName      securityModel securityName
-group   notConfigGroup v1           notConfigUser
-group   notConfigGroup v2c           notConfigUser
+#group   notConfigGroup v1           notConfigUser
+#group   notConfigGroup v2c           notConfigUser
 
 ####
 # Third, create a view for us to let the group have rights to:
@@ -173,6 +173,16 @@ syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
 #   system.sysServices.0 = 72
 
 
+###############################################################################
+# Logging
+#
+
+# We do not want annoying "Connection from UDP: " messages in syslog.
+# If the following option is commented out, snmpd will print each incoming
+# connection, which can be useful for debugging.
+
+dontLogTCPWrappersConnects yes
+
 # -----------------------------------------------------------------------------
 
 
@@ -446,9 +456,6 @@ syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
 # For specific usage information, see the man/snmpd.conf.5 manual page
 # as well as the local/passtest script used in the above example.
 
-# Added for support of bcm5820 cards.
-pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
-
 ###############################################################################
 # Further Information
 #

net-snmpd.init

@@ -1,115 +0,0 @@
-#!/bin/bash
-# ucd-snmp init file for snmpd
-#
-# chkconfig: - 50 50
-# description: Simple Network Management Protocol (SNMP) Daemon
-#
-# processname: /usr/sbin/snmpd
-# config: /etc/snmp/snmpd.conf
-# config: /usr/share/snmp/snmpd.conf
-# pidfile: /var/run/snmpd.pid
-
-### BEGIN INIT INFO
-# Provides: snmpd
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Should-Start: 
-# Should-Stop: 
-# Default-Start: 
-# Default-Stop: 
-# Short-Description: start and stop Net-SNMP daemon
-# Description: Simple Network Management Protocol (SNMP) Daemon
-### END INIT INFO
-
-# source function library
-. /etc/init.d/functions
-
-
-OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
-if [ -e /etc/sysconfig/snmpd ]; then
-  . /etc/sysconfig/snmpd
-fi
-
-RETVAL=0
-prog="snmpd"
-binary=/usr/sbin/snmpd
-pidfile=/var/run/snmpd.pid
-
-start() {
-        [ -x $binary ] || exit 5
-        echo -n $"Starting $prog: "
-        if [ $UID -ne 0 ]; then
-                RETVAL=1
-                failure
-        else
-                daemon --pidfile=$pidfile $binary $OPTIONS
-                RETVAL=$?
-                [ $RETVAL -eq 0 ] && touch /var/lock/subsys/snmpd
-        fi;
-        echo 
-        return $RETVAL
-}
-
-stop() {
-        echo -n $"Stopping $prog: "
-        if [ $UID -ne 0 ]; then
-                RETVAL=1
-                failure
-        else
-                killproc -p $pidfile $binary
-                RETVAL=$?
-                [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/snmpd
-        fi;
-        echo
-        return $RETVAL
-}
-
-reload(){
-        echo -n $"Reloading $prog: "
-        killproc -p $pidfile $binary -HUP
-        RETVAL=$?
-        echo
-        return $RETVAL
-}
-
-restart(){
-	stop
-	start
-}
-
-condrestart(){
-    [ -e /var/lock/subsys/snmpd ] && restart
-    return 0
-}
-
-case "$1" in
-  start)
-	start
-	RETVAL=$?
-	;;
-  stop)
-	stop
-	RETVAL=$?
-	;;
-  restart)
-	restart
-	RETVAL=$?
-        ;;
-  reload)
-	reload
-	RETVAL=$?
-        ;;
-  condrestart|try-restart)
-	condrestart
-	RETVAL=$?
-	;;
-  status)
-        status snmpd
-	RETVAL=$?
-        ;;
-  *)
-	echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
-	RETVAL=2
-esac
-
-exit $RETVAL

net-snmpd.logrotate

@@ -1,7 +0,0 @@
-/var/log/snmpd.log {
-    notifempty
-    missingok
-    postrotate
-        /sbin/service snmpd condrestart 2> /dev/null > /dev/null || true
-    endscript
-}

net-snmpd.sysconfig

@@ -1,2 +1,3 @@
 # snmpd command line options
-# OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
+# '-f' is implicitly added by snmpd systemd unit file
+# OPTIONS="-LS0-6d"

net-snmptrapd.init

@@ -1,104 +0,0 @@
-#!/bin/bash
-
-# ucd-snmp init file for snmptrapd
-#
-# chkconfig: - 50 50
-# description: Simple Network Management Protocol (SNMP) Trap Daemon
-#
-# processname: /usr/sbin/snmptrapd
-# config: /etc/snmp/snmptrapd.conf
-# config: /usr/share/snmp/snmptrapd.conf
-# pidfile: /var/run/snmptrapd.pid
-
-
-### BEGIN INIT INFO
-# Provides: snmptrapd
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Should-Start:
-# Should-Stop:
-# Default-Start:
-# Default-Stop:
-# Short-Description: start and stop Net-SNMP trap daemon
-# Description: Simple Network Management Protocol (SNMP) trap daemon
-### END INIT INFO
-
-# source function library
-. /etc/init.d/functions
-
-if [ -e /etc/snmp/snmptrapd.options ]; then
-  . /etc/snmp/snmptrapd.options
-else
-   OPTIONS="-Lsd -p /var/run/snmptrapd.pid"
-fi
-
-RETVAL=0
-prog="snmptrapd"
-binary=/usr/sbin/snmptrapd
-pidfile=/var/run/snmptrapd.pid
-
-start() {
-	[ -x $binary ] || exit 5
-	echo -n $"Starting $prog: "
-        daemon --pidfile=$pidfile /usr/sbin/snmptrapd $OPTIONS
-	RETVAL=$?
-	echo
-	touch /var/lock/subsys/snmptrapd
-	return $RETVAL
-}
-
-stop() {
-	echo -n $"Stopping $prog: "
-	killproc -p $pidfile /usr/sbin/snmptrapd
-	RETVAL=$?
-	echo
-	rm -f /var/lock/subsys/snmptrapd
-	return $RETVAL
-}
-
-reload(){
-	stop
-	start
-}
-
-restart(){
-	stop
-	start
-}
-
-condrestart(){
-    [ -e /var/lock/subsys/snmptrapd ] && restart
-    return 0
-}
-
-case "$1" in
-  start)
-	start
-	RETVAL=$?
-	;;
-  stop)
-	stop
-	RETVAL=$?
-	;;
-  restart)
-	restart
-	RETVAL=$?
-        ;;
-  reload)
-	reload
-	RETVAL=$?
-        ;;
-  condrestart|try-restart)
-	condrestart
-	RETVAL=$?
-	;;
-  status)
-        status snmptrapd
-	RETVAL=$?
-        ;;
-  *)
-	echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
-	RETVAL=2
-esac
-
-exit $RETVAL

net-snmptrapd.sysconfig

@@ -0,0 +1,3 @@
+# snmptrapd command line options
+# '-f' is implicitly added by snmptrapd systemd unit file
+# OPTIONS="-Lsd"

snmpd.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Simple Network Management Protocol (SNMP) Daemon.
+After=syslog.target network-online.target
+
+[Service]
+Type=notify
+Environment=OPTIONS="-LS0-6d"
+EnvironmentFile=-/etc/sysconfig/snmpd
+ExecStart=/usr/sbin/snmpd $OPTIONS -f
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

snmptrapd.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Simple Network Management Protocol (SNMP) Trap Daemon.
+After=syslog.target network-online.target
+
+[Service]
+Type=notify
+Environment=OPTIONS="-Lsd"
+EnvironmentFile=-/etc/sysconfig/snmptrapd
+ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

sources

@@ -1 +1 @@
-6c974df7a5a5b1579f72115e6b045bda  net-snmp-5.4.1.tar.gz
+SHA512 (net-snmp-5.9.4.tar.gz) = a510fa91a21e9ddc86a12fd1d0bc6b356e63f3ea53f184d2e31439004d41d902390664134dc40b3b828eabb4282eaf3da628a07c4d480fa00eff7e700950c423

tests/integration-tests/Makefile

@@ -0,0 +1,36 @@
+# SPDX-License-Identifier: LGPL-2.1+
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/net-snmp
+#   Description: Test if net-snmp working ok
+#   Author: Susant Sahani<susant@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+export TEST=/CoreOS/net-snmp
+export TESTVERSION=1.0
+BUILT_FILES=
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+.PHONY: all install download clean
+run: $(FILES) build
+	./runtest.sh
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+clean:
+	rm -f *~ $(BUILT_FILES)
+include /usr/share/rhts/lib/rhts-make.include
+$(METADATA): Makefile
+	@echo "Owner:           Susant Sahani<susant@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Test snmpd" >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        5m" >> $(METADATA)
+	@echo "RunFor:          net-snmp" >> $(METADATA)
+	@echo "Requires:        net=snmp" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+	@echo "Releases:        -Fedora 28" >> $(METADATA)
+	rhts-lint $(METADATA)

tests/integration-tests/PURPOSE

@@ -0,0 +1,3 @@
+PURPOSE of /CoreOS/net-snmp
+Description: tests for net-snmp
+Author: Susant Sahani<susant@redhat.com>

tests/integration-tests/net-snmp-tests.py

@@ -0,0 +1,175 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: LGPL-2.1+
+# ~~~
+#   Description: Tests for snmpd
+#
+#   Author: Susant Sahani <susant@redhat.com>
+#   Copyright (c) 2018 Red Hat, Inc.
+# ~~~
+
+import errno
+import os
+import sys
+import time
+import unittest
+import subprocess
+import signal
+import shutil
+import psutil
+import socket
+import platform
+import re
+from pyroute2 import IPRoute
+from psutil import virtual_memory
+from collections import OrderedDict
+
+HOST='192.168.111.50'
+
+def setUpModule():
+    """Initialize the environment, and perform sanity checks on it."""
+
+    if shutil.which('snmpd') is None:
+        raise OSError(errno.ENOENT, 'snmpd not found')
+
+    if shutil.which('snmpwalk') is None:
+        raise OSError(errno.ENOENT, 'snmpwalk not found')
+
+def tearDownModule():
+        pass
+
+class GenericUtilities():
+    """Provide a set of utility functions start stop daemons. write config files etc """
+
+    def StartSnmpd(self):
+        """Start snmpd"""
+        subprocess.check_output(['systemctl', 'start', 'snmpd'])
+
+    def StopSnmpd(self):
+        """Stop snmpd"""
+        subprocess.check_output(['systemctl', 'stop', 'snmpd'])
+
+    def SetupVethInterface(self):
+        """Setup veth interface"""
+
+        ip = IPRoute()
+
+        ip.link('add', ifname='veth-test', peer='veth-peer', kind='veth')
+        idx_veth_test = ip.link_lookup(ifname='veth-test')[0]
+        idx_veth_peer = ip.link_lookup(ifname='veth-peer')[0]
+
+        ip.link('set', index=idx_veth_test, address='12:11:12:13:14:18')
+        ip.link('set', index=idx_veth_peer, address='22:21:22:23:24:29')
+        ip.link('set', index=idx_veth_test, state='up')
+        ip.link('set', index=idx_veth_peer, state='up')
+        ip.addr('add', index=idx_veth_test, address='192.168.111.50')
+        ip.addr('add', index=idx_veth_peer, address='192.168.111.51')
+
+        ip.close()
+
+    def TearDownVethInterface(self):
+        ip = IPRoute()
+
+        ip.link('del', index=ip.link_lookup(ifname='veth-test')[0])
+        ip.close()
+
+class SnmpdTests(unittest.TestCase, GenericUtilities):
+
+    def setUp(self):
+        self.SetupVethInterface()
+        time.sleep(1)
+        self.StartSnmpd()
+
+    def tearDown(self):
+        self.StopSnmpd()
+        self.TearDownVethInterface()
+
+    def test_UCD_SNMP_MIB_memory(self):
+        ''' UCD-SNMP-MIB::memory '''
+
+        subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public',  HOST,  'UCD-SNMP-MIB::memory'])
+
+        meminfo=OrderedDict()
+        with open('/proc/meminfo') as f:
+            for line in f:
+                meminfo[line.split(':')[0]] = line.split(':')[1].strip()
+
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public',  HOST,  'UCD-SNMP-MIB::memTotalReal.0']).rstrip().decode('utf-8')
+        self.assertRegex(output, meminfo['MemTotal'])
+
+    def test_SNMP_hrSWRunPath(self):
+        """ process id """
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public',  HOST,  'HOST-RESOURCES-MIB::hrSWRunPath.1']).rstrip().decode('utf-8')
+        self.assertRegex(output, 'systemd')
+
+    def test_SNMP_IF_MIB_network_interface(self):
+        """ verify network interface (1.3.6.1.2.1.2.2.1) SNMP variables """
+
+        ip = IPRoute()
+
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1'])
+
+        # 1.3.6.1.2.1.2.2.1.1 IF-MIB::ifIndex
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.1']).rstrip().decode('utf-8')
+        self.assertRegex(output, 'IF-MIB::ifIndex.1 = INTEGER: 1')
+
+        # 1.3.6.1.2.1.2.2.1.1 IF-MIB::ifDescr
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.2']).rstrip().decode('utf-8')
+        for link in ip.get_links():
+            self.assertRegex(output, link.get_attr('IFLA_IFNAME'))
+
+        # IP-MIB::ipAdEntAddr 1.3.6.1.2.1.4.20.1.1
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.4.20.1.1']).rstrip().decode('utf-8')
+        for addr in ip.get_addr():
+            if addr.get_attr('IFA_ADDRESS'):
+                if addr.get_attr('IFA_ADDRESS') != '::1' and addr.get_attr('Ifamily') == 2:
+                    self.assertRegex(output, addr.get_attr('IFA_ADDRESS'))
+
+        # IF-MIB::ifPhysAddress. 1.3.6.1.2.1.2.2.1.6
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.6']).rstrip().decode('utf-8')
+        for link in ip.get_links():
+            if link.get_attr('IFLA_ADDRESS') and link.get_attr('IFLA_ADDRESS') != '00:00:00:00:00:00':
+                snmp_mac = re.sub(r'\b0+(\d)', r'\1', link.get_attr('IFLA_ADDRESS')).lstrip('0')
+                self.assertRegex(output, snmp_mac)
+
+        ip.close()
+
+    def test_SNMP_MIB_2_System(self):
+        """ verify RFC 1213 System (1.3.6.1.2.1.1) SNMP variables"""
+
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1']).rstrip().decode('utf-8')
+
+        # 1.3.6.1.2.1.1.1 - sysDescr
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.1']).rstrip().decode('utf-8')
+        self.assertRegex(output, platform.machine())
+        self.assertRegex(output, platform.node())
+        self.assertRegex(output, platform.processor())
+        self.assertRegex(output, platform.release())
+        self.assertRegex(output, platform.version())
+
+        # 1.3.6.1.2.1.1.2 - sysObjectID
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.2'])
+
+        # 1.3.6.1.2.1.1.3 - sysUpTime
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.3'])
+
+        # 1.3.6.1.2.1.1.4 - sysContact
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.4']).rstrip().decode('utf-8')
+        self.assertRegex(output, 'fedora-ci <fedoraci@fedoraproject.org>')
+
+        # 1.3.6.1.2.1.1.5 - sysName
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.5']).rstrip().decode('utf-8')
+        self.assertRegex(output, socket.gethostname())
+
+        # 1.3.6.1.2.1.1.6 - sysLocation
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.6']).rstrip().decode('utf-8')
+        self.assertRegex(output, 'Pune, IN')
+
+    def test_basic_snmpwalk(self):
+        """ verify snmpwalk getting success snmpwalk -v2c -c public localhost """
+
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST])
+
+
+if __name__ == '__main__':
+    unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+                                                     verbosity=3))

tests/integration-tests/runtest.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1+
+# ~~~
+#   runtest.sh of net-snmp
+#   Description:  net-snmp tests
+#
+#   Author: Susant Sahani <susant@redhat.com>
+#   Copyright (c) 2018 Red Hat, Inc.
+# ~~~
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE_NET_SNMP="net-snmp"
+PACKAGE_NET_SNMP_UTILS="net-snmp-utils"
+
+NET_SNMP_CONF_FILE="/etc/snmp/snmpd.conf"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE_NET_SNMP
+        rlAssertRpm $PACKAGE_NET_SNMP_UTILS
+
+        rlRun "systemctl stop firewalld" 0,5
+        rlRun "setenforce 0" 0,1
+
+        rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
+        rlRun "cp net-snmp-tests.py /usr/bin/"
+
+        rlFileBackup "$NET_SNMP_CONF_FILE"
+        rlRun "cp snmpd.conf $NET_SNMP_CONF_FILE"
+
+    rlPhaseEnd
+
+    rlPhaseStartTest
+        rlLog "Starting net-snmp tests ..."
+        rlRun "/usr/bin/python3 /usr/bin/net-snmp-tests.py"
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlRun "rm /usr/bin/net-snmp-tests.py  $NET_SNMP_CONFIG_FILE"
+        rlRun "systemctl daemon-reload"
+        rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
+        rlFileRestore
+        rlRun "setenforce 1" 0,1
+        rlLog "net-snmp tests done"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd
+
+rlGetTestState

tests/integration-tests/snmpd.conf

@@ -0,0 +1,7 @@
+agentAddress  udp:192.168.111.50:161
+
+syslocation Pune, IN
+syscontact fedora-ci <fedoraci@fedoraproject.org>
+
+dontLogTCPWrappersConnects yes
+rocommunity public

tests/tests.yml

@@ -0,0 +1,14 @@
+- hosts: localhost
+  roles:
+    - role: standard-test-beakerlib
+      tags:
+      - classic
+      tests:
+      - integration-tests
+      required_packages:
+      - python3
+      - systemd
+      - iproute
+      - python3-pyroute2
+      - net-snmp
+      - net-snmp-utils

ucd-snmp-4.2.4.pre3-mnttab.patch

@@ -1,19 +0,0 @@
---- ucd-snmp-4.2.4.pre3/configure.mnttab	Tue Apr  9 13:56:13 2002
-+++ ucd-snmp-4.2.4.pre3/configure	Tue Apr  9 13:58:14 2002
-@@ -7148,15 +7148,7 @@
- if eval "test \"`echo '$''{'ac_cv_ETC_MNTTAB'+set}'`\" = set"; then
-   echo $ac_n "(cached) $ac_c" 1>&6
- else
--  ac_cv_ETC_MNTTAB="unknown"
--for i in /etc/mnttab /etc/mtab /etc/filesystems
--  do
--  if test -f $i; then
--    ac_cv_ETC_MNTTAB="$i"
--    break;
--  fi
--done
--
-+  ac_cv_ETC_MNTTAB="/etc/mtab"
- fi
- 
- echo "$ac_t""$ac_cv_ETC_MNTTAB" 1>&6

ucd5820stat

@@ -1,2 +0,0 @@
-#!/bin/sh -f
-[ -x /usr/bin/get5820stats ] && /usr/bin/get5820stats $@