Resolves: #2072230 - New upstream release 5.9.3

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

.cvsignore

@@ -1 +0,0 @@
-net-snmp-5.5.tar.gz

.gitignore

@@ -0,0 +1,11 @@
+net-snmp-5.5.tar.gz
+/net-snmp-5.6.tar.gz
+/net-snmp-5.6.1.tar.gz
+/net-snmp-5.7.tar.gz
+/net-snmp-5.7.1.tar.gz
+/net-snmp-5.7.2.tar.gz
+/net-snmp-5.7.3.tar.gz
+/net-snmp-5.8.tar.gz
+/net-snmp-5.9.tar.gz
+/net-snmp-5.9.1.tar.gz
+/net-snmp-5.9.3.tar.gz

IETF-MIB-LICENSE.txt

@@ -0,0 +1,41 @@
+MIBs included in this software taken from IETF Documents are considered 
+Code Components in accordance with the IETF Trust License Policy, as found
+here:
+
+http://trustee.ietf.org/license-info/
+
+They are available under the terms of the Simplified BSD license, a copy of
+which is included below.
+
+*****
+
+Copyright (c) 2013 IETF Trust and the persons identified as authors of 
+the code.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without 
+modification, are permitted provided that the following conditions are 
+met:
+
+· Redistributions of source code must retain the above copyright notice, 
+this list of conditions and the following disclaimer. 
+
+· Redistributions in binary form must reproduce the above copyright 
+notice, this list of conditions and the following disclaimer in the 
+documentation and/or other materials provided with the distribution.
+
+· Neither the name of Internet Society, IETF or IETF Trust, nor the 
+names of specific contributors, may be used to endorse or promote 
+products derived from this software without specific prior written 
+permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS 
+IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER 
+OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: net-snmp
-# $Id: Makefile,v 1.2 2007/10/15 19:10:41 notting Exp $
-NAME := net-snmp
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attempt a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

net-snmp-5.4.1-pie.patch

@@ -1,24 +0,0 @@
-diff -up net-snmp-5.4.1/agent/Makefile.in.backup_patch_4 net-snmp-5.4.1/agent/Makefile.in
---- net-snmp-5.4.1/agent/Makefile.in.backup_patch_4	2007-07-05 01:26:56.000000000 +0200
-+++ net-snmp-5.4.1/agent/Makefile.in	2008-07-25 12:52:44.000000000 +0200
-@@ -139,7 +139,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
- 	$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? 
- 
- snmpd$(EXEEXT):	${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) 
--	$(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} $(LOCAL_LIBS) ${LDFLAGS} ${OUR_AGENT_LIBS}
-+	$(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} $(LOCAL_LIBS) ${LDFLAGS} ${OUR_AGENT_LIBS}
- 
- 
- libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION):    ${LLIBAGENTOBJS} $(USELIBS)
-diff -up net-snmp-5.4.1/apps/Makefile.in.backup_patch_4 net-snmp-5.4.1/apps/Makefile.in
---- net-snmp-5.4.1/apps/Makefile.in.backup_patch_4	2007-07-05 01:26:56.000000000 +0200
-+++ net-snmp-5.4.1/apps/Makefile.in	2008-07-25 12:52:44.000000000 +0200
-@@ -115,7 +115,7 @@ snmptest$(EXEEXT):    snmptest.$(OSUFFIX
- 	$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) $(LOCAL_LIBS) ${LDFLAGS} ${LIBS} 
- 
- snmptrapd$(EXEEXT):    $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
--	$(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) $(LOCAL_LIBS) ${LDFLAGS} ${TRAPLIBS}
-+	$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) $(LOCAL_LIBS) ${LDFLAGS} ${TRAPLIBS}
- 
- snmptrap$(EXEEXT):    snmptrap.$(OSUFFIX) $(USELIBS)
- 	$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) $(LOCAL_LIBS) ${LDFLAGS} ${LIBS} 

net-snmp-5.5-dir-fix.patch

@@ -1,14 +0,0 @@
-Let net-snmp-create-v3-user save settings into /etc/ instead of /usr/
-
-diff -up net-snmp-5.5/net-snmp-create-v3-user.in.orig net-snmp-5.5/net-snmp-create-v3-user.in
---- net-snmp-5.5/net-snmp-create-v3-user.in.orig	2008-07-22 16:33:25.000000000 +0200
-+++ net-snmp-5.5/net-snmp-create-v3-user.in	2009-09-29 16:30:36.000000000 +0200
-@@ -158,7 +158,7 @@ if test ! -d $outfile ; then
-     touch $outfile
- fi
- echo $line >> $outfile
--outfile="@datadir@/snmp/snmpd.conf"
-+outfile="/etc/snmp/snmpd.conf"
- line="$token $user"
- echo "adding the following line to $outfile:"
- echo "  " $line

net-snmp-5.5-missing-bcast.patch

@@ -1,27 +0,0 @@
-544849 -  snmpd segfaults when openvpn is running
-
-Source: upstream, svn rev. 17931
-
-Clear the bcastentry in every loop iteration. If not cleared, the bcastentry
-might be insterted into the container twice, when processing an interface
-without broadcast address (like OpenVPN's tun0).
-
-diff -up net-snmp-5.5/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c.new net-snmp-5.5/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c
---- net-snmp-5.5/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c.new	2009-05-06 23:59:20.000000000 +0200
-+++ net-snmp-5.5/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c	2009-12-21 15:58:02.000000000 +0100
-@@ -135,7 +135,6 @@ _netsnmp_ioctl_ipaddress_container_load_
-     struct ifreq   *ifrp;
-     struct sockaddr save_addr;
-     struct sockaddr_in * si;
--    netsnmp_ipaddress_entry *entry, *bcastentry = NULL;
-     struct address_flag_info addr_info;
-     in_addr_t       ipval;
-     _ioctl_extras           *extras;
-@@ -156,6 +155,7 @@ _netsnmp_ioctl_ipaddress_container_load_
- 
-     ifrp = ifc.ifc_req;
-     for(i=0; i < interfaces; ++i, ++ifrp) {
-+        netsnmp_ipaddress_entry *entry, *bcastentry = NULL;
- 
-         DEBUGMSGTL(("access:ipaddress:container",
-                     " interface %d, %s\n", i, ifrp->ifr_name));

net-snmp-5.5-multilib.patch

@@ -1,47 +0,0 @@
-Make the man pages multilib safe.
-
-diff -up net-snmp-5.5/man/config_api.3.def.orig net-snmp-5.5/man/config_api.3.def
---- net-snmp-5.5/man/config_api.3.def.orig	2009-04-21 11:36:52.000000000 +0200
-+++ net-snmp-5.5/man/config_api.3.def	2009-09-29 11:45:44.000000000 +0200
-@@ -256,7 +256,7 @@ machines and the second file can be used
- for one particular machine.
- .PP
- The default list of directories to search is
--SYSCONFDIR/snmp, followed by DATADIR/snmp, followed by LIBDIR/snmp,
-+SYSCONFDIR/snmp, followed by DATADIR/snmp, followed by /usr/lib(64)/snmp,
- followed by $HOME/.snmp.
- This list can be changed by setting the environmental variable
- .I SNMPCONFPATH
-@@ -326,7 +326,7 @@ function that it should abort the operat
- SNMPCONFPATH
- A colon separated list of directories to search for configuration
- files in.
--Default: SYSCONFDIR/snmp:DATADIR/snmp:LIBDIR/snmp:$HOME/.snmp
-+Default: SYSCONFDIR/snmp:DATADIR/snmp:/usr/lib(64)/snmp:$HOME/.snmp
- .SH "SEE ALSO"
- .BR mib_api "(3), " snmp_api (3)
- .\" Local Variables:
-diff -up net-snmp-5.5/man/snmp_config.5.def.orig net-snmp-5.5/man/snmp_config.5.def
---- net-snmp-5.5/man/snmp_config.5.def.orig	2007-06-18 23:17:15.000000000 +0200
-+++ net-snmp-5.5/man/snmp_config.5.def	2009-09-29 11:45:22.000000000 +0200
-@@ -11,7 +11,7 @@ First off, there are numerous places tha
- found and read from.  By default, the applications look for
- configuration files in the following 4 directories, in order:
- SYSCONFDIR/snmp,
--DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp.  In each of these
-+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp.  In each of these
- directories, it looks for files with the extension of both
- .IR conf " and " local.conf
- (reading the second ones last).  In this manner, there are
-diff -up net-snmp-5.5/man/snmpd.conf.5.def.orig net-snmp-5.5/man/snmpd.conf.5.def
---- net-snmp-5.5/man/snmpd.conf.5.def.orig	2009-06-01 17:53:30.000000000 +0200
-+++ net-snmp-5.5/man/snmpd.conf.5.def	2009-09-29 11:44:59.000000000 +0200
-@@ -1272,7 +1272,7 @@ filename), and call the initialisation r
- .RS
- .IP "Note:"
- If the specified PATH is not a fully qualified filename, it will
--be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
-+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
- will be appended to the filename.
- .RE
- .PP

net-snmp-5.5-sensors3.patch

@@ -1,14 +0,0 @@
-Compile with lm_sensors3.
-
-diff -up net-snmp-5.5/agent/mibgroup/hardware/sensors.h.orig net-snmp-5.5/agent/mibgroup/hardware/sensors.h
---- net-snmp-5.5/agent/mibgroup/hardware/sensors.h.orig	2009-04-24 00:53:26.000000000 +0200
-+++ net-snmp-5.5/agent/mibgroup/hardware/sensors.h	2009-09-29 12:00:18.000000000 +0200
-@@ -7,7 +7,7 @@ config_require(hardware/sensors/picld_se
- config_require(hardware/sensors/kstat_sensors)
- # endif
- #else
--config_require(hardware/sensors/lmsensors_v2)
-+config_require(hardware/sensors/lmsensors_v3)
- #endif
- 
- /* config_require(hardware/sensors/dummy_sensors) */

net-snmp-5.5-tcp-pid.patch

@@ -1,60 +0,0 @@
-551030 -  Memory corruption in TCP-MIB::tcpListenerProcess
-
-Source: upstream, SVN rev. 17861
-
-    CHANGES: snmpd: Fixed invalid access to memory in TCP-MIB
-
-diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
-index 7259bf8..e274d19 100644
---- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
-+++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
-@@ -155,6 +155,8 @@ tcpConnectionTable_rowreq_ctx_cleanup(tcpConnectionTable_rowreq_ctx *
-     /*
-      * TODO:211:o: |-> Perform extra tcpConnectionTable rowreq cleanup.
-      */
-+    netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
-+    rowreq_ctx->data = NULL;
- }                               /* tcpConnectionTable_rowreq_ctx_cleanup */
- 
- /**
-diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
-index 807dd9d..fec6bef 100644
---- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
-+++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
-@@ -256,7 +256,8 @@ tcpConnectionTable_container_load(netsnmp_container *container)
-      * free the container. we've either claimed each entry, or released it,
-      * so the dal function doesn't need to clear the container.
-      */
--    netsnmp_access_tcpconn_container_free(raw_data, 0);
-+    netsnmp_access_tcpconn_container_free(raw_data,
-+                                          NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
- 
-     DEBUGMSGT(("verbose:tcpConnectionTable:tcpConnectionTable_cache_load",
-                "%d records\n", (int)CONTAINER_SIZE(container)));
-diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
-index f3009dd..ebd672b 100644
---- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
-+++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
-@@ -154,6 +154,8 @@ tcpListenerTable_rowreq_ctx_cleanup(tcpListenerTable_rowreq_ctx *
-     /*
-      * TODO:211:o: |-> Perform extra tcpListenerTable rowreq cleanup.
-      */
-+    netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
-+    rowreq_ctx->data = NULL;
- }                               /* tcpListenerTable_rowreq_ctx_cleanup */
- 
- /**
-diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
-index 09ba655..b25d5db 100644
---- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
-+++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
-@@ -254,7 +254,8 @@ tcpListenerTable_container_load(netsnmp_container *container)
-      * free the container. we've either claimed each entry, or released it,
-      * so the dal function doesn't need to clear the container.
-      */
--    netsnmp_access_tcpconn_container_free(raw_data, 0);
-+    netsnmp_access_tcpconn_container_free(raw_data,
-+                                          NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
- 
-     DEBUGMSGT(("verbose:tcpListenerTable:tcpListenerTable_cache_load",
-                "%d records\n", (int)CONTAINER_SIZE(container)));

net-snmp-5.5-test-tmpdir.patch

@@ -1,18 +0,0 @@
-Source: upstream, SVN rev. 18090
-
-Fix the test suite - /var/run/net-snmp does not exist at the time
-'make test' is running. So we need another place to put temporary
-files - let it be /tmp. SELinux allows it, snmpd during tests is
-unconfined.
-
-diff -up net-snmp-5.5/testing/tests/T059trapdtraphandle.orig net-snmp-5.5/testing/tests/T059trapdtraphandle
---- net-snmp-5.5/testing/tests/T059trapdtraphandle.orig	2007-12-19 23:31:28.000000000 +0100
-+++ net-snmp-5.5/testing/tests/T059trapdtraphandle	2010-01-29 19:57:30.000000000 +0100
-@@ -22,6 +22,7 @@ snmp_version=v2c
- TESTCOMMUNITY=testcommunity
- 
- CONFIGTRAPD [snmp] persistentDir $SNMP_TMP_PERSISTENTDIR
-+CONFIGTRAPD [snmp] tempFilePattern /tmp/snmpd-tmp-XXXXXX
- CONFIGTRAPD authcommunity execute $TESTCOMMUNITY
- CONFIGTRAPD doNotLogTraps true
- CONFIGTRAPD traphandle default $0 $1 traphandle

net-snmp-5.5-udptable-index.patch

@@ -1,27 +0,0 @@
-543352:  'make test' fails on big endian system
-
-Source: upstream, SVN rev. 17860
-
-Fix udpTable indexes.
-Index: net-snmp/agent/mibgroup/mibII/udpTable.c
-===================================================================
---- net-snmp/agent/mibgroup/mibII/udpTable.c	(revision 17859)
-+++ net-snmp/agent/mibgroup/mibII/udpTable.c	(revision 17860)
-@@ -361,7 +361,7 @@
- {
-     UDPTABLE_ENTRY_TYPE	 *entry = (UDPTABLE_ENTRY_TYPE *)*loop_context;
-     long port;
--    in_addr_t addr;
-+    long addr;
- 
-     if (!entry)
-         return NULL;
-@@ -376,7 +376,7 @@
- #else
-     addr = UDP_ADDRESS_TO_NETWORK_ORDER((in_addr_t)entry->UDPTABLE_LOCALADDRESS);
-     snmp_set_var_value(index, (u_char *)&addr,
--                                 sizeof(entry->UDPTABLE_LOCALADDRESS));
-+                                 sizeof(addr));
- #endif
-     port = UDP_PORT_TO_HOST_ORDER(entry->UDPTABLE_LOCALPORT);
-     snmp_set_var_value(index->next_variable,

net-snmp-5.7.2-cert-path.patch

@@ -0,0 +1,30 @@
+1134475 - dependency in perl package
+
+Use hardcoded path to configuration directories instead of net-snmp-config.
+net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
+depending on -devel.
+
+diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
+--- net-snmp-5.7.2/local/net-snmp-cert.cert-path	2012-10-10 00:28:58.000000000 +0200
++++ net-snmp-5.7.2/local/net-snmp-cert	2014-09-01 12:05:10.582427036 +0200
+@@ -819,8 +819,7 @@ sub set_default {
+ sub cfg_path {
+   my $path;
+ 
+-  $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`;
+-  chomp $path;
++  $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp";
+   return (wantarray ? split(':', $path) : $path);
+ }
+ 
+@@ -1414,8 +1413,8 @@ sub checkReqs {
+   die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later")
+     if ($ossl_ver cmp $ossl_min_ver) < 0;
+ 
+-  die("$NetSNMP::Cert::CFGTOOL not found: please install")
+-    if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
++#  die("$NetSNMP::Cert::CFGTOOL not found: please install")
++#    if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
+ }
+ 
+ sub initOpts {

net-snmp-5.7.3-iterator-fix.patch

@@ -0,0 +1,14 @@
+diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
+--- old/agent/mibgroup/host/data_access/swrun.c	2017-07-18 09:44:00.626109526 +0200
++++ new/agent/mibgroup/host/data_access/swrun.c	2017-07-19 15:27:50.452255836 +0200
+@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
+         return 0;    /* or -1 */
+ 
+     it = CONTAINER_ITERATOR( swrun_container );
++    if((entry  = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
++        if (0 == strcmp( entry->hrSWRunName, name ))
++            i++;
++    }
+     while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
+         if (0 == strcmp( entry->hrSWRunName, name ))
+             i++;

net-snmp-5.8-Remove-U64-typedef.patch

@@ -0,0 +1,12 @@
+diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h
+--- a/include/net-snmp/library/int64.h	2018-07-18 14:37:16.543348832 +0200
++++ b/include/net-snmp/library/int64.h	2018-07-18 15:31:31.516999288 +0200
+@@ -10,7 +10,7 @@ extern          "C" {
+      * Note: using the U64 typedef is deprecated because this typedef conflicts
+      * with a typedef with the same name defined in the Perl header files.
+      */
+-    typedef struct counter64 U64;
++//    typedef struct counter64 U64;
+ #endif
+ 
+ #define I64CHARSZ 21

net-snmp-5.8-clientaddr-error-message.patch

@@ -0,0 +1,35 @@
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c	2020-11-26 11:05:51.084788775 +0100
++++ b/snmplib/snmp_api.c	2020-11-26 11:08:27.850751397 +0100
+@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
+     "No error",                 /* SNMPERR_SUCCESS */
+     "Generic error",            /* SNMPERR_GENERR */
+     "Invalid local port",       /* SNMPERR_BAD_LOCPORT */
+-    "Unknown host",             /* SNMPERR_BAD_ADDRESS */
++    "Invalid address",          /* SNMPERR_BAD_ADDRESS */
+     "Unknown session",          /* SNMPERR_BAD_SESSION */
+     "Too long",                 /* SNMPERR_TOO_LONG */
+     "No socket",                /* SNMPERR_NO_SOCKET */
+@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
+         DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
+         in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
+         in_session->s_errno = errno;
+-        snmp_set_detail(in_session->peername);
++        if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
++                                    NETSNMP_DS_LIB_CLIENT_ADDR))
++            snmp_set_detail(in_session->peername);
+         return NULL;
+     }
+ 
+diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
+--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c	2021-01-06 12:51:51.948106797 +0100
++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c	2021-01-06 14:17:31.029745744 +0100
+@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
+         DEBUGMSGTL(("netsnmp_udpbase",
+                     "failed to bind for clientaddr: %d %s\n",
+                     errno, strerror(errno)));
++        NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
++                    strerror(errno)));
+         goto err;
+     }
+ 

net-snmp-5.8-duplicate-ipAddress.patch

@@ -0,0 +1,11 @@
+diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
+--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c	2020-06-10 13:27:03.213904398 +0200
++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c	2020-06-10 13:28:41.025863050 +0200
+@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
+ 	for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
+ 		if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
+ 			/* 'entry' is duplicate of the previous one -> delete it */
++            NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
+ 			netsnmp_access_ipaddress_entry_free(entry);
+ 		} else {
+ 			CONTAINER_INSERT(ret, entry);

net-snmp-5.8-expand-SNMPCONFPATH.patch

@@ -0,0 +1,12 @@
+diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
+--- a/snmplib/read_config.c	2020-06-10 09:51:57.184786510 +0200
++++ b/snmplib/read_config.c	2020-06-10 09:53:13.257507112 +0200
+@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
+      * save a warning header to the top of the new file 
+      */
+     snprintf(fileold, sizeof(fileold),
+-            "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
++            "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
+             "#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
+             "#\n#          **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
+             type, type, type,

net-snmp-5.8-ipAddress-faster-load.patch

@@ -0,0 +1,82 @@
+diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
+--- a/agent/mibgroup/mibII/ipAddr.c	2020-06-10 14:14:30.113696471 +0200
++++ b/agent/mibgroup/mibII/ipAddr.c	2020-06-10 14:27:15.345354018 +0200
+@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
+ }
+ 
+ #elif defined(linux)
++#include <errno.h>
+ static struct ifreq *ifr;
+ static int ifr_counter;
+ 
+ static void
+ Address_Scan_Init(void)
+ {
+-    int num_interfaces = 0;
++    int i;
+     int fd;
++    int lastlen = 0;
+ 
+     /* get info about all interfaces */
+ 
+@@ -510,28 +512,45 @@ Address_Scan_Init(void)
+     SNMP_FREE(ifc.ifc_buf);
+     ifr_counter = 0;
+ 
+-    do
+-    {
+ 	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+ 	{
+ 	    DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
+ 	    return;
+ 	}
+-	num_interfaces += 16;
+ 
+-	ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
+-	ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
+-	
+-	    if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
+-	    {
+-		ifr=NULL;
+-		close(fd);
+-	   	return;
+-	    }
+-	    close(fd);
++    /*
++     * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
++     * on some platforms; see W. R. Stevens, ``Unix Network Programming
++     * Volume I'', p.435...
++     */
++
++    for (i = 8;; i *= 2) {
++        ifc.ifc_len = sizeof(struct ifreq) * i;
++        ifc.ifc_req = calloc(i, sizeof(struct ifreq));
++
++        if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
++            if (errno != EINVAL || lastlen != 0) {
++                /*
++                 * Something has gone genuinely wrong...
++                 */
++                snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
++                SNMP_FREE(ifc.ifc_buf);
++                close(fd);
++                return;
++            }
++        } else {
++            if (ifc.ifc_len == lastlen) {
++                /*
++                 * The length is the same as the last time; we're done...
++                 */
++                break;
++            }
++            lastlen = ifc.ifc_len;
++        }
++        free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
+     }
+-    while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
+-    
++
++    close(fd);
+     ifr = ifc.ifc_req;
+ }
+ 

net-snmp-5.8-man-page.patch

@@ -0,0 +1,36 @@
+diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
+--- a/man/net-snmp-create-v3-user.1.def	2020-06-10 13:43:18.443070961 +0200
++++ b/man/net-snmp-create-v3-user.1.def	2020-06-10 13:49:25.975363441 +0200
+@@ -3,7 +3,7 @@
+ net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
+ .SH SYNOPSIS
+ .PP
+-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
+ .B [username]
+ .SH DESCRIPTION
+ .PP
+@@ -16,13 +16,16 @@ new user in net-snmp configuration file
+ displays the net-snmp version number
+ .TP
+ \fB\-ro\fR
+-create an user with read-only permissions
++creates a user with read-only permissions
+ .TP
+-\fB\-a authpass\fR
+-specify authentication password
++\fB\-A authpass\fR
++specifies the authentication password
+ .TP
+-\fB\-x privpass\fR
+-specify encryption password
++\fB\-a MD5|SHA\fR
++specifies the authentication password hashing algorithm
+ .TP
+-\fB\-X DES|AES\fR
+-specify encryption algorithm
++\fB\-X privpass\fR
++specifies the encryption password
++.TP
++\fB\-x DES|AES\fR
++specifies the encryption algorithm

net-snmp-5.8-modern-rpm-api.patch

@@ -0,0 +1,83 @@
+diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
+--- a/agent/mibgroup/host/data_access/swinst_rpm.c	2018-07-18 16:12:19.583503903 +0200
++++ b/agent/mibgroup/host/data_access/swinst_rpm.c	2018-07-18 16:50:38.599703588 +0200
+@@ -102,7 +102,6 @@ netsnmp_swinst_arch_load( netsnmp_contai
+     rpmtd                 td_name, td_version, td_release, td_group, td_time;
+ #else
+     char                 *n, *v, *r, *g;
+-    int32_t              *t;
+ #endif
+     time_t                install_time;
+     size_t                date_len;
+@@ -146,14 +145,13 @@ netsnmp_swinst_arch_load( netsnmp_contai
+         install_time = rpmtdGetNumber(td_time);
+         g = rpmtdGetString(td_group);
+ #else
+-        headerGetEntry( h, RPMTAG_NAME,        NULL, (void**)&n, NULL);
+-        headerGetEntry( h, RPMTAG_VERSION,     NULL, (void**)&v, NULL);
+-        headerGetEntry( h, RPMTAG_RELEASE,     NULL, (void**)&r, NULL);
+-        headerGetEntry( h, RPMTAG_GROUP,       NULL, (void**)&g, NULL);
+-        headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL);
++        n = headerGetString( h, RPMTAG_NAME);
++        v = headerGetString( h, RPMTAG_VERSION);
++        r = headerGetString( h, RPMTAG_RELEASE);
++        g = headerGetString( h, RPMTAG_GROUP);
++        install_time = headerGetNumber( h, RPMTAG_INSTALLTIME);
+         entry->swName_len = snprintf( entry->swName, sizeof(entry->swName),
+                                       "%s-%s-%s", n, v, r);
+-        install_time = *t;
+ #endif
+         entry->swType = (g && NULL != strstr( g, "System Environment"))
+                         ? 2      /* operatingSystem */
+diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
+--- a/agent/mibgroup/host/hr_swinst.c	2018-07-18 16:12:19.582503907 +0200
++++ b/agent/mibgroup/host/hr_swinst.c	2018-07-18 17:09:29.716564197 +0200
+@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp,
+             }
+ #else
+ # ifdef HAVE_LIBRPM
+-            char *rpm_groups;
+-            if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) {
+-                if ( strstr(rpm_groups, "System Environment") != NULL )
++            const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP);	
++            if ( NULL != rpm_group ) {
++                if ( strstr(rpm_group, "System Environment") != NULL )
+                     long_return = 2;	/* operatingSystem */
+                 else
+                     long_return = 4;	/* applcation */
+@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp,
+     case HRSWINST_DATE:
+         {
+ #ifdef HAVE_LIBRPM
+-            int32_t         *rpm_data;
+-            if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) {
+-                time_t          installTime = *rpm_data;
++            time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME);
++            if ( 0 != installTime ) {
+                 ret = date_n_time(&installTime, var_len);
+             } else {
+                 ret = date_n_time(NULL, var_len);
+@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix)
+     if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) {
+         int             offset;
+         Header          h;
+-        char           *n, *v, *r;
++        const char     *n, *v, *r;
+ 
+         offset = swi->swi_recs[ix - 1];
+ 
+@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix)
+         swi->swi_h = h;
+         swi->swi_prevx = ix;
+ 
+-        headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL);
+-        headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v,
+-                       NULL);
+-        headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r,
+-                       NULL);
++        n = headerGetString(swi->swi_h, RPMTAG_NAME);
++        v = headerGetString(swi->swi_h, RPMTAG_VERSION);
++        r = headerGetString(swi->swi_h, RPMTAG_RELEASE);
+         snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r);
+         swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
+     }

net-snmp-5.8-rpm-memory-leak.patch

@@ -0,0 +1,28 @@
+diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
+index 695c469..dd0e487 100644
+--- a/agent/mibgroup/host/data_access/swinst_rpm.c
++++ b/agent/mibgroup/host/data_access/swinst_rpm.c
+@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
+     snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
+     SNMP_FREE(rpmdbpath);
+     dbpath = NULL;
++#ifdef HAVE_RPMGETPATH
++    rpmFreeRpmrc();
++#endif
+     if (-1 == stat( pkg_directory, &stat_buf )) {
+         snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
+         pkg_directory[0] = '\0';
+diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
+index 1f52733..ccf1cab 100644
+--- a/agent/mibgroup/host/hr_swinst.c
++++ b/agent/mibgroup/host/hr_swinst.c
+@@ -231,6 +231,9 @@ init_hr_swinst(void)
+             snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
+         path[ sizeof(path)-1 ] = 0;
+         swi->swi_directory = strdup(path);
++#ifdef HAVE_RPMGETPATH
++        rpmFreeRpmrc();
++#endif
+     }
+ #else
+ #  ifdef _PATH_HRSW_directory

net-snmp-5.9-aes-config.patch

@@ -0,0 +1,18 @@
+diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+index afd6fa4..07c26fe 100644
+--- a/net-snmp-create-v3-user.in
++++ b/net-snmp-create-v3-user.in
+@@ -58,11 +58,11 @@ case $1 in
+ 	    exit 1
+ 	fi
+         case $1 in
+-            DES|AES|AES128)
++            DES|AES|AES128|AES192|AES256)
+ 	    Xalgorithm=$1
+ 	    shift
+ 	    ;;
+-            des|aes|aes128)
++            des|aes|aes128|aes192|aes256)
+ 	    Xalgorithm=$(echo "$1" | tr a-z A-Z)
+ 	    shift
+ 	    ;;

net-snmp-5.9-autofs-skip.patch

@@ -0,0 +1,12 @@
+diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
+index e7ca92f..80b3e0d 100644
+--- a/agent/mibgroup/host/hr_filesys.c
++++ b/agent/mibgroup/host/hr_filesys.c
+@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
+     "shm",
+     "sockfs",
+     "sysfs",
++    "tmpfs",
+     "usbdevfs",
+     "usbfs",
+ #endif

net-snmp-5.9-cflags.patch

@@ -0,0 +1,20 @@
+diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
+--- a/perl/Makefile.PL	2020-08-26 08:32:52.498909823 +0200
++++ b/perl/Makefile.PL	2020-08-26 09:30:45.584951552 +0200
+@@ -1,3 +1,4 @@
++use lib '.';
+ use strict;
+ use warnings;
+ use ExtUtils::MakeMaker;
+diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
+--- a/perl/MakefileSubs.pm	2020-08-26 08:32:52.498909823 +0200
++++ b/perl/MakefileSubs.pm	2020-08-26 08:36:44.097218448 +0200
+@@ -116,7 +116,7 @@ sub AddCommonParams {
+ 	append($Params->{'CCFLAGS'}, $cflags);
+ 	append($Params->{'CCFLAGS'}, $Config{'ccflags'});
+ 	# Suppress known Perl header shortcomings.
+-	$Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
++	$Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
+ 	append($Params->{'CCFLAGS'}, '-Wformat');
+     }
+ }

net-snmp-5.9-coverity.patch

@@ -0,0 +1,22 @@
+diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
+index e9a8831..5a1d8e7 100644
+--- a/agent/mibgroup/disman/event/mteTrigger.c
++++ b/agent/mibgroup/disman/event/mteTrigger.c
+@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
+                      * Similarly, if no fallEvent is configured,
+                      *  there's no point in trying to fire it either.
+                      */
+-                    if (entry->mteTThRiseEvent[0] != '\0' ) {
++                    if (entry->mteTThFallEvent[0] != '\0' ) {
+                         entry->mteTriggerXOwner   = entry->mteTThObjOwner;
+                         entry->mteTriggerXObjects = entry->mteTThObjects;
+                         entry->mteTriggerFired    = vp1;
+@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
+                      * Similarly, if no fallEvent is configured,
+                      *  there's no point in trying to fire it either.
+                      */
+-                    if (entry->mteTThDRiseEvent[0] != '\0' ) {
++                    if (entry->mteTThDFallEvent[0] != '\0' ) {
+                         entry->mteTriggerXOwner   = entry->mteTThObjOwner;
+                         entry->mteTriggerXObjects = entry->mteTThObjects;
+                         entry->mteTriggerFired    = vp1;

net-snmp-5.9-dir-fix.patch

@@ -0,0 +1,30 @@
+diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+index 19895a1..ac3c60f 100644
+--- a/net-snmp-create-v3-user.in
++++ b/net-snmp-create-v3-user.in
+@@ -14,6 +14,10 @@ Xalgorithm="DES"
+ token=rwuser
+ 
+ while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
++case "$1" in
++    -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
++    *) optarg= ;;
++esac
+ 
+ unset shifted
+ case $1 in
+@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
+     touch "$outfile"
+ fi
+ echo "$line" >> "$outfile"
+-prefix=@prefix@
+-datarootdir=@datarootdir@
+-# To suppress shellcheck complaints about $prefix and $datarootdir.
+-: "$prefix" "$datarootdir"
+-outfile="@datadir@/snmp/snmpd.conf"
++# Avoid that configure complains that this script ignores @datarootdir@
++echo "@datarootdir@" >/dev/null
++outfile="/etc/snmp/snmpd.conf"
+ line="$token $user"
+ echo "adding the following line to $outfile:"
+ echo "   $line"

net-snmp-5.9-intermediate-certs.patch

@@ -0,0 +1,855 @@
+diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
+index 80e2a19..143adbb 100644
+--- a/include/net-snmp/library/cert_util.h
++++ b/include/net-snmp/library/cert_util.h
+@@ -55,7 +55,8 @@ extern "C" {
+         char           *common_name;
+ 
+         u_char          hash_type;
+-        u_char          _pad[3]; /* for future use */
++        u_char          _pad[1]; /* for future use */
++        u_short         offset;
+     } netsnmp_cert;
+ 
+ /** types */
+@@ -100,6 +101,7 @@ extern "C" {
+ 
+     NETSNMP_IMPORT
+     netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint);
++    netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint);
+ 
+     int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
+ 
+diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
+index 471bb0b..ac7f69a 100644
+--- a/include/net-snmp/library/dir_utils.h
++++ b/include/net-snmp/library/dir_utils.h
+@@ -53,7 +53,8 @@ extern "C" {
+ #define NETSNMP_DIR_NSFILE                            0x0010
+ /** load stats in netsnmp_file */
+ #define NETSNMP_DIR_NSFILE_STATS                      0x0020
+-
++/** allow files to be indexed more than once */
++#define NETSNMP_DIR_ALLOW_DUPLICATES                  0x0040
+     
+         
+ #ifdef __cplusplus
+diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
+index 210ad8b..b1f8144 100644
+--- a/snmplib/cert_util.c
++++ b/snmplib/cert_util.c
+@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
+  * bump this value whenever cert index format changes, so indexes
+  * will be regenerated with new format.
+  */
+-#define CERT_INDEX_FORMAT  1
++#define CERT_INDEX_FORMAT  2
+ 
+ static netsnmp_container *_certs = NULL;
+ static netsnmp_container *_keys = NULL;
+@@ -126,6 +126,8 @@ static int  _cert_fn_ncompare(netsnmp_cert_common *lhs,
+                               netsnmp_cert_common *rhs);
+ static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
+ static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
++static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *matching);
++static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *matching, int what);
+ static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
+                                                 const char *directory);
+ static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
+@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
+ {
+     netsnmp_container *c;
+ 
++    int rc;
++
+     c = netsnmp_container_find("certs:binary_array");
+     if (NULL == c) {
+         snmp_log(LOG_ERR, "could not create container for %s\n", use);
+@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
+     c->free_item = (netsnmp_container_obj_func*)_cert_free;
+     c->compare = (netsnmp_container_compare*)_cert_compare;
+ 
++    CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
++
+     return c;
+ }
+ 
+@@ -362,6 +368,8 @@ _setup_containers(void)
+ {
+     netsnmp_container *additional_keys;
+ 
++    int rc;
++
+     _certs = _get_cert_container("netsnmp certificates");
+     if (NULL == _certs)
+         return;
+@@ -376,6 +384,7 @@ _setup_containers(void)
+     additional_keys->container_name = strdup("certs_cn");
+     additional_keys->free_item = NULL;
+     additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
++    CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+     netsnmp_container_add_index(_certs, additional_keys);
+ 
+     /** additional keys: subject name */
+@@ -389,6 +398,7 @@ _setup_containers(void)
+     additional_keys->free_item = NULL;
+     additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
+     additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
++    CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+     netsnmp_container_add_index(_certs, additional_keys);
+ 
+     /** additional keys: file name */
+@@ -402,6 +412,7 @@ _setup_containers(void)
+     additional_keys->free_item = NULL;
+     additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
+     additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
++    CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+     netsnmp_container_add_index(_certs, additional_keys);
+ 
+     _keys = netsnmp_container_find("cert_keys:binary_array");
+@@ -424,7 +435,7 @@ netsnmp_cert_map_container(void)
+ }
+ 
+ static netsnmp_cert *
+-_new_cert(const char *dirname, const char *filename, int certType,
++_new_cert(const char *dirname, const char *filename, int certType, int offset,
+           int hashType, const char *fingerprint, const char *common_name,
+           const char *subject)
+ {
+@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
+ 
+     cert->info.dir = strdup(dirname);
+     cert->info.filename = strdup(filename);
+-    cert->info.allowed_uses = NS_CERT_REMOTE_PEER;
++    /* only the first certificate is allowed to be a remote peer */
++    cert->info.allowed_uses = offset ? 0 : NS_CERT_REMOTE_PEER;
+     cert->info.type = certType;
++    cert->offset = offset;
+     if (fingerprint) {
+         cert->hash_type = hashType;
+         cert->fingerprint = strdup(fingerprint);
+@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
+  * certificate utility functions
+  *
+  */
++static BIO *
++netsnmp_open_bio(const char *dir, const char *filename)
++{
++    BIO            *certbio;
++    char            file[SNMP_MAXPATH];
++
++    DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename));
++
++    certbio = BIO_new(BIO_s_file());
++    if (NULL == certbio) {
++        snmp_log(LOG_ERR, "error creating BIO\n");
++        return NULL;
++    }
++
++    snprintf(file, sizeof(file),"%s/%s", dir, filename);
++    if (BIO_read_filename(certbio, file) <=0) {
++        snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", file);
++        BIO_vfree(certbio);
++        return NULL;
++    }
++
++    return certbio;
++}
++
++static void
++netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert)
++{
++    int             is_ca;
++
++    cert->ocert = ocert;
++
++    /*
++     * X509_check_ca return codes:
++     * 0 not a CA
++     * 1 is a CA
++     * 2 basicConstraints absent so "maybe" a CA
++     * 3 basicConstraints absent but self signed V1.
++     * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
++     * 5 outdated Netscape Certificate Type CA extension.
++     */
++    is_ca = X509_check_ca(ocert);
++    if (1 == is_ca)
++        cert->info.allowed_uses |= NS_CERT_CA;
++
++    if (NULL == cert->subject) {
++        cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
++                                          0);
++        DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
++    }
++
++    if (NULL == cert->issuer) {
++        cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
++        if (strcmp(cert->subject, cert->issuer) == 0) {
++            free(cert->issuer);
++            cert->issuer = strdup("self-signed");
++        }
++        DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
++    }
++
++    if (NULL == cert->fingerprint) {
++        cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
++        cert->fingerprint =
++            netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
++    }
++
++    if (NULL == cert->common_name) {
++        cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
++                                                               NULL);
++        DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
++    }
++
++}
++
+ static X509 *
+ netsnmp_ocert_get(netsnmp_cert *cert)
+ {
+     BIO            *certbio;
+     X509           *ocert = NULL;
++    X509           *ncert = NULL;
+     EVP_PKEY       *okey = NULL;
+-    char            file[SNMP_MAXPATH];
+-    int             is_ca;
+ 
+     if (NULL == cert)
+         return NULL;
+@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
+         }
+     }
+ 
+-    DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename));
+-
+-    certbio = BIO_new(BIO_s_file());
+-    if (NULL == certbio) {
+-        snmp_log(LOG_ERR, "error creating BIO\n");
+-        return NULL;
+-    }
+-
+-    snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
+-    if (BIO_read_filename(certbio, file) <=0) {
+-        snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
+-        BIO_vfree(certbio);
++    certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
++    if (!certbio) {
+         return NULL;
+     }
+ 
+-    if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
+-        char *pos = strrchr(cert->info.filename, '.');
+-        if (NULL == pos)
+-            return NULL;
+-        cert->info.type = _cert_ext_type(++pos);
+-        netsnmp_assert(cert->info.type != NS_CERT_TYPE_UNKNOWN);
+-    }
+-
+     switch (cert->info.type) {
+ 
+         case NS_CERT_TYPE_DER:
++            (void)BIO_seek(certbio, cert->offset);
+             ocert = d2i_X509_bio(certbio,NULL); /* DER/ASN1 */
+             if (NULL != ocert)
+                 break;
+-            (void)BIO_reset(certbio);
+             /* Check for PEM if DER didn't work */
+             /* FALLTHROUGH */
+ 
+         case NS_CERT_TYPE_PEM:
+-            ocert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
++            (void)BIO_seek(certbio, cert->offset);
++            ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+             if (NULL == ocert)
+                 break;
+             if (NS_CERT_TYPE_DER == cert->info.type) {
+                 DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
+                 cert->info.type = NS_CERT_TYPE_PEM;
+             }
+-            /** check for private key too */
+-            if (NULL == cert->key) {
+-                (void)BIO_reset(certbio);
+-                okey =  PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
++            /** check for private key too, but only if we're the first certificate */
++            if (0 == cert->offset && NULL == cert->key) {
++                okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+                 if (NULL != okey) {
+                     netsnmp_key  *key;
+                     DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
+@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
+             break;
+ #ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
+         case NS_CERT_TYPE_PKCS12:
+-            (void)BIO_reset(certbio);
++            (void)BIO_seek(certbio, cert->offset);
+             PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
+             if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
+                                    PKCS12_verify_mac(p12, NULL, 0)))
+@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
+         return NULL;
+     }
+ 
+-    cert->ocert = ocert;
+-    /*
+-     * X509_check_ca return codes:
+-     * 0 not a CA
+-     * 1 is a CA
+-     * 2 basicConstraints absent so "maybe" a CA
+-     * 3 basicConstraints absent but self signed V1.
+-     * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+-     * 5 outdated Netscape Certificate Type CA extension.
+-     */
+-    is_ca = X509_check_ca(ocert);
+-    if (1 == is_ca)
+-        cert->info.allowed_uses |= NS_CERT_CA;
+-
+-    if (NULL == cert->subject) {
+-        cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
+-                                          0);
+-        DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
+-    }
+-
+-    if (NULL == cert->issuer) {
+-        cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
+-        if (strcmp(cert->subject, cert->issuer) == 0) {
+-            free(cert->issuer);
+-            cert->issuer = strdup("self-signed");
+-        }
+-        DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
+-    }
+-    
+-    if (NULL == cert->fingerprint) {
+-        cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
+-        cert->fingerprint =
+-            netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
+-    }
+-    
+-    if (NULL == cert->common_name) {
+-        cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
+-                                                               NULL);
+-        DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
+-    }
++    netsnmp_ocert_parse(cert, ocert);
+ 
+     return ocert;
+ }
+@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key  *key)
+ {
+     BIO            *keybio;
+     EVP_PKEY       *okey;
+-    char            file[SNMP_MAXPATH];
+ 
+     if (NULL == key)
+         return NULL;
+@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key  *key)
+     if (key->okey)
+         return key->okey;
+ 
+-    snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename);
+-    DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename));
+-
+-    keybio = BIO_new(BIO_s_file());
+-    if (NULL == keybio) {
+-        snmp_log(LOG_ERR, "error creating BIO\n");
+-        return NULL;
+-    }
+-
+-    if (BIO_read_filename(keybio, file) <=0) {
+-        snmp_log(LOG_ERR, "error reading certificate %s into BIO\n",
+-                 key->info.filename);
+-        BIO_vfree(keybio);
++    keybio = netsnmp_open_bio(key->info.dir, key->info.filename);
++    if (!keybio) {
+         return NULL;
+     }
+ 
+@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
+             cert->issuer_cert =  _find_issuer(cert);
+             if (NULL == cert->issuer_cert) {
+                 DEBUGMSGT(("cert:load:warn",
+-                           "couldn't load CA chain for cert %s\n",
++                           "couldn't load full CA chain for cert %s\n",
+                            cert->info.filename));
+                 rc = CERT_LOAD_PARTIAL;
+                 break;
+@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
+         /** get issuer ocert */
+         if ((NULL == cert->issuer_cert->ocert) &&
+             (netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
+-            DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n",
++            DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for %s\n",
+                        cert->info.filename));
+             rc = CERT_LOAD_PARTIAL;
+             break;
+@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+         return;
+     }
+ 
+-    if(key) {
++    if (key) {
+         if (key->cert) {
+             DEBUGMSGT(("cert:partner", "key already has partner\n"));
+             return;
+@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+             return;
+         *pos = 0;
+ 
+-        matching = _cert_find_subset_fn( filename, key->info.dir );
++        matching = _cert_reduce_subset_first(_cert_find_subset_fn( filename,
++                                             key->info.dir ));
+         if (!matching)
+             return;
+         if (1 == matching->size) {
+@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+             DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
+                           key->info.filename));
+     }
+-    else if(cert) {
++    else if (cert) {
+         if (cert->key) {
+             DEBUGMSGT(("cert:partner", "cert already has partner\n"));
+             return;
+@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+     }
+ }
+ 
++static netsnmp_key *
++_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *index)
++{
++    netsnmp_key  *key;
++
++    key = _new_key(dirname, filename);
++    if (NULL == key) {
++        return NULL;
++    }
++
++    key->okey = okey;
++
++    if (-1 == CONTAINER_INSERT(_keys, key)) {
++        DEBUGMSGT(("cert:key:file:add:err",
++                   "error inserting key into container\n"));
++        netsnmp_key_free(key);
++        key = NULL;
++    }
++    if (index) {
++        fprintf(index, "k:%s\n", filename);
++    }
++
++    return key;
++}
++
++static netsnmp_cert *
++_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, FILE *index)
++{
++    netsnmp_cert *cert;
++
++    cert = _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NULL);
++    if (NULL == cert)
++        return NULL;
++
++    netsnmp_ocert_parse(cert, ocert);
++
++    if (-1 == CONTAINER_INSERT(_certs, cert)) {
++        DEBUGMSGT(("cert:file:add:err",
++                   "error inserting cert into container\n"));
++        netsnmp_cert_free(cert);
++        return NULL;
++    }
++
++    if (index) {
++        /** filename = NAME_MAX = 255 */
++        /** fingerprint max = 64*3=192 for sha512 */
++        /** common name / CN  = 64 */
++        if (cert)
++            fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename,
++                    cert->info.type, cert->offset, cert->hash_type, cert->fingerprint,
++                    cert->common_name, cert->subject);
++    }
++
++    return cert;
++}
++
+ static int
+ _add_certfile(const char* dirname, const char* filename, FILE *index)
+ {
+-    X509         *ocert;
+-    EVP_PKEY     *okey;
++    BIO          *certbio;
++    X509         *ocert = NULL;
++    X509         *ncert;
++    EVP_PKEY     *okey = NULL;
+     netsnmp_cert *cert = NULL;
+     netsnmp_key  *key = NULL;
+     char          certfile[SNMP_MAXPATH];
+     int           type;
++    int           offset = 0;
+ 
+     if (((const void*)NULL == dirname) || (NULL == filename))
+         return -1;
+ 
+     type = _type_from_filename(filename);
+-    netsnmp_assert(type != NS_CERT_TYPE_UNKNOWN);
++    if (type == NS_CERT_TYPE_UNKNOWN) {
++        snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignoring\n", filename);
++        return -1;
++    }
+ 
+-    snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename);
++    certbio = netsnmp_open_bio(dirname, filename);
++    if (!certbio) {
++        return -1;
++    }
+ 
+-    DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename,
+-               type));
++    switch (type) {
+ 
+-    if (NS_CERT_TYPE_KEY == type) {
+-        key = _new_key(dirname, filename);
+-        if (NULL == key)
+-            return -1;
+-        okey = netsnmp_okey_get(key);
+-        if (NULL == okey) {
+-            netsnmp_key_free(key);
+-            return -1;
+-        }
+-        key->okey = okey;
+-        if (-1 == CONTAINER_INSERT(_keys, key)) {
+-            DEBUGMSGT(("cert:key:file:add:err",
+-                       "error inserting key into container\n"));
+-            netsnmp_key_free(key);
+-            key = NULL;
+-        }
+-    }
+-    else {
+-        cert = _new_cert(dirname, filename, type, -1, NULL, NULL, NULL);
+-        if (NULL == cert)
+-            return -1;
+-        ocert = netsnmp_ocert_get(cert);
+-        if (NULL == ocert) {
+-            netsnmp_cert_free(cert);
+-            return -1;
+-        }
+-        cert->ocert = ocert;
+-        if (-1 == CONTAINER_INSERT(_certs, cert)) {
+-            DEBUGMSGT(("cert:file:add:err",
+-                       "error inserting cert into container\n"));
+-            netsnmp_cert_free(cert);
+-            cert = NULL;
+-        }
+-    }
+-    if ((NULL == cert) && (NULL == key)) {
+-        DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile));
+-        return -1;
++       case NS_CERT_TYPE_KEY: 
++
++           okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
++           if (NULL == okey)
++               snmp_log(LOG_ERR, "error parsing key file %s\n",
++                     key->info.filename);
++           else {
++               key = _add_key(okey, dirname, filename, index);
++               if (NULL == key) {
++                   EVP_PKEY_free(okey);
++                      okey = NULL;
++               }
++           }
++           break;
++
++        case NS_CERT_TYPE_DER:
++
++            ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */
++            if (NULL != ocert) {
++                if (!_add_cert(ocert, dirname, filename, type, 0, index)) {
++                    X509_free(ocert);
++                    ocert = NULL;
++                }
++                break;
++            }
++            (void)BIO_reset(certbio);
++            /* Check for PEM if DER didn't work */
++            /* FALLTHROUGH */
++
++        case NS_CERT_TYPE_PEM:
++
++            if (NS_CERT_TYPE_DER == type) {
++                DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
++                type = NS_CERT_TYPE_PEM;
++            }
++            ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
++            if (NULL != ocert) {
++                cert = _add_cert(ncert, dirname, filename, type, offset, index);
++                if (NULL == cert) {
++                    X509_free(ocert);
++                    ocert = ncert = NULL;
++                }
++            }
++            while (NULL != ncert) {
++                offset = BIO_tell(certbio);
++                ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
++                if (ncert) {
++                    if (NULL == _add_cert(ncert, dirname, filename, type, offset, index)) {
++                        X509_free(ncert);
++                        ncert = NULL;
++                    }
++                }
++            }
++
++            BIO_seek(certbio, offset);
++
++            /** check for private key too */
++            okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
++
++            if (NULL != okey) {
++                DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
++                           cert->info.filename));
++                key = _add_key(okey, dirname, filename, NULL);
++                if (NULL != key) {
++                    DEBUGMSGT(("cert:read:partner", "%s match found!\n",
++                               cert->info.filename));
++                    key->cert = cert;
++                    cert->key = key;
++                    cert->info.allowed_uses |= NS_CERT_IDENTITY;
++                }
++                else {
++                    EVP_PKEY_free(okey);
++                    okey = NULL;
++                }
++            }
++
++            break;
++
++#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
++        case NS_CERT_TYPE_PKCS12:
++#endif
++
++        default:
++            break;
+     }
+ 
+-    if (index) {
+-        /** filename = NAME_MAX = 255 */
+-        /** fingerprint max = 64*3=192 for sha512 */
+-        /** common name / CN  = 64 */
+-        if (cert)
+-            fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename,
+-                    cert->info.type, cert->hash_type, cert->fingerprint,
+-                    cert->common_name, cert->subject);
+-        else if (key)
+-            fprintf(index, "k:%s\n", filename);
++    BIO_vfree(certbio);
++
++    if ((NULL == ocert) && (NULL == okey)) {
++        snmp_log(LOG_ERR, "certificate file '%s' contained neither certificate nor key, ignoring\n", certfile);
++        return -1;
+     }
+ 
+     return 0;
+@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+     struct stat     idx_stat;
+     char            tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
+     char            fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
+-    char            subject[SNMP_MAXBUF_SMALL], hash_str[15];
++    char            subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15];
++    ssize_t         offset;
+     int             count = 0, type, hash, version;
+     netsnmp_cert    *cert;
+     netsnmp_key     *key;
+@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+         netsnmp_directory_container_read_some(NULL, dirname,
+                                               _time_filter, &idx_stat,
+                                               NETSNMP_DIR_NSFILE |
+-                                              NETSNMP_DIR_NSFILE_STATS);
++                                              NETSNMP_DIR_NSFILE_STATS |
++                                              NETSNMP_DIR_ALLOW_DUPLICATES);
+     if (newer) {
+         DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
+         CONTAINER_FREE_ALL(newer, NULL);
+@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+             pos = &tmpstr[2];
+             if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
+                 (NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
++                (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) ||
+                 (NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
+                 (NULL == (pos=copy_nword(pos, fingerprint,
+                                          sizeof(fingerprint)))) ||
+@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+                 break;
+             }
+             type = atoi(type_str);
++            offset = atoi(offset_str);
+             hash = atoi(hash_str);
+-            cert = _new_cert(dirname, filename, type, hash, fingerprint,
++            cert = _new_cert(dirname, filename, type, offset, hash, fingerprint,
+                              common_name, subject);
+             if (cert && 0 == CONTAINER_INSERT(found, cert))
+                 ++count;
+@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname)
+         netsnmp_directory_container_read_some(NULL, dirname,
+                                               _cert_cert_filter, NULL,
+                                               NETSNMP_DIR_RELATIVE_PATH |
+-                                              NETSNMP_DIR_EMPTY_OK );
++                                              NETSNMP_DIR_EMPTY_OK |
++                                              NETSNMP_DIR_ALLOW_DUPLICATES);
+     if (NULL == cert_container) {
+         DEBUGMSGT(("cert:index:dir",
+                     "error creating container for cert files\n"));
+@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context)
+     if (NULL == c)
+         return;
+ 
+-    DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.dir));
++    DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filename, c->info.dir, c->offset));
+     DEBUGMSGT(("cert:dump", "   type %d flags 0x%x (%s)\n",
+              c->info.type, c->info.allowed_uses,
+               _mode_str(c->info.allowed_uses)));
+@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint)
+         netsnmp_void_array *matching;
+ 
+         DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
+-        matching = _cert_find_subset_fn( filename, NULL );
++        matching = _cert_reduce_subset_what(_cert_find_subset_fn(
++                                            filename, NULL ), what);
+         if (!matching)
+             return NULL;
+         if (1 == matching->size)
+@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
+     }
+ }
+ 
++/*
++ * reduce subset by eliminating any certificates that are not the
++ * first certficate in a file. This allows us to ignore certificate
++ * chains when testing for specific certificates, and to match keys
++ * to the first certificate only.
++ */
++static netsnmp_void_array *
++_cert_reduce_subset_first(netsnmp_void_array *matching)
++{
++    netsnmp_cert *cc;
++    int i = 0, j, newsize;
++
++    if ((NULL == matching))
++        return matching;
++
++    newsize = matching->size;
++
++    for( ; i < matching->size; ) {
++        /*
++         * if we've shifted matches down we'll hit a NULL entry before
++         * we hit the end of the array.
++         */
++        if (NULL == matching->array[i])
++            break;
++        /*
++         * skip over valid matches. The first entry has an offset of zero.
++         */
++        cc = (netsnmp_cert*)matching->array[i];
++        if (0 == cc->offset) {
++            ++i;
++            continue;
++        }
++        /*
++         * shrink array by shifting everything down a spot. Might not be
++         * the most efficient soloution, but this is just happening at
++         * startup and hopefully most certs won't have common prefixes.
++         */
++        --newsize;
++        for ( j=i; j < newsize; ++j )
++            matching->array[j] = matching->array[j+1];
++        matching->array[j] = NULL;
++        /** no ++i; just shifted down, need to look at same position again */
++    }
++    /*
++     * if we shifted, set the new size
++     */
++    if (newsize != matching->size) {
++        DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d to %d\n",
++                   matching->size, newsize));
++        matching->size = newsize;
++    }
++
++    if (0 == matching->size) {
++        free(matching->array);
++        SNMP_FREE(matching);
++    }
++
++    return matching;
++}
++
++/*
++ * reduce subset by eliminating any certificates that do not match
++ * purpose specified.
++ */
++static netsnmp_void_array *
++_cert_reduce_subset_what(netsnmp_void_array *matching, int what)
++{
++    netsnmp_cert_common *cc;
++    int i = 0, j, newsize;
++
++    if ((NULL == matching))
++        return matching;
++
++    newsize = matching->size;
++
++    for( ; i < matching->size; ) {
++        /*
++         * if we've shifted matches down we'll hit a NULL entry before
++         * we hit the end of the array.
++         */
++        if (NULL == matching->array[i])
++            break;
++        /*
++         * skip over valid matches. The first entry has an offset of zero.
++         */
++        cc = (netsnmp_cert_common *)matching->array[i];
++        if ((cc->allowed_uses & what)) {
++            ++i;
++            continue;
++        }
++        /*
++         * shrink array by shifting everything down a spot. Might not be
++         * the most efficient soloution, but this is just happening at
++         * startup and hopefully most certs won't have common prefixes.
++         */
++        --newsize;
++        for ( j=i; j < newsize; ++j )
++            matching->array[j] = matching->array[j+1];
++        matching->array[j] = NULL;
++        /** no ++i; just shifted down, need to look at same position again */
++    }
++    /*
++     * if we shifted, set the new size
++     */
++    if (newsize != matching->size) {
++        DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to %d\n",
++                   matching->size, newsize));
++        matching->size = newsize;
++    }
++
++    if (0 == matching->size) {
++        free(matching->array);
++        SNMP_FREE(matching);
++    }
++
++    return matching;
++}
++
+ static netsnmp_void_array *
+ _cert_find_subset_common(const char *filename, netsnmp_container *container)
+ {
+diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
+index c2dd989..e7145e4 100644
+--- a/snmplib/dir_utils.c
++++ b/snmplib/dir_utils.c
+@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
+         /** default to unsorted */
+         if (! (flags & NETSNMP_DIR_SORTED))
+             CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
++        /** default to duplicates not allowed */
++        if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
++           CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+     }
+ 
+     dir = opendir(dirname);

net-snmp-5.9-memory-reporting.patch

@@ -0,0 +1,28 @@
+diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
+index 6d5e86c..68b55d2 100644
+--- a/agent/mibgroup/hardware/memory/memory_linux.c
++++ b/agent/mibgroup/hardware/memory/memory_linux.c
+@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
+         if (first)
+             snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
+     }
++    b = strstr(buff, "SReclaimable: ");
++    if (b)
++        sscanf(b, "SReclaimable: %lu", &sreclaimable);
++    else {
++        if (first)
++            snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
++    }
+     b = strstr(buff, "SwapFree: ");
+     if (b)
+         sscanf(b, "SwapFree: %lu", &swapfree);
+@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
+         if (first)
+             snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
+     }
+-    b = strstr(buff, "SReclaimable: ");
+-    if (b)
+-        sscanf(b, "SReclaimable: %lu", &sreclaimable);
+     first = 0;
+ 
+ 

net-snmp-5.9-multilib.patch

@@ -0,0 +1,48 @@
+diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
+index 90b20d9..bd5abe1 100644
+--- a/man/netsnmp_config_api.3.def
++++ b/man/netsnmp_config_api.3.def
+@@ -295,7 +295,7 @@ for one particular machine.
+ .PP
+ The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
+ followed by \fC DATADIR/snmp\fP,
+-followed by \fC LIBDIR/snmp\fP,
++followed by \fC /usr/lib(64)/snmp\fP,
+ followed by \fC $HOME/.snmp\fP.
+ This list can be changed by setting the environmental variable
+ .I SNMPCONFPATH
+@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration
+ files in.
+ Default:
+ .br
+-SYSCONFDIR/snmp:\:DATADIR/snmp:\:LIBDIR/snmp:\:$HOME/.snmp
++SYSCONFDIR/snmp:\:DATADIR/snmp:\:/usr/lib(64)/snmp:\:$HOME/.snmp
+ .SH "SEE ALSO"
+ netsnmp_mib_api(3), snmp_api(3)
+ .\" Local Variables:
+diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def
+index fd30873..c3437d6 100644
+--- a/man/snmp_config.5.def
++++ b/man/snmp_config.5.def
+@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
+ found and read from.  By default, the applications look for
+ configuration files in the following 4 directories, in order:
+ SYSCONFDIR/snmp,
+-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp.  In each of these
++DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp.  In each of these
+ directories, it looks for files snmp.conf, snmpd.conf and/or
+ snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
+ and/or snmptrapd.local.conf. *.local.conf are always
+diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
+index 7ce8a46..a4000f9 100644
+--- a/man/snmpd.conf.5.def
++++ b/man/snmpd.conf.5.def
+@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
+ .RS
+ .IP "Note:"
+ If the specified PATH is not a fully qualified filename, it will
+-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
++be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
+ will be appended to the filename.
+ .RE
+ .PP

net-snmp-5.9-pie.patch

@@ -0,0 +1,26 @@
+diff --git a/agent/Makefile.in b/agent/Makefile.in
+index 047d880..38d40aa 100644
+--- a/agent/Makefile.in
++++ b/agent/Makefile.in
+@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
+ 	$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? 
+ 
+ snmpd$(EXEEXT):	${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) 
+-	$(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
++	$(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ 
+ libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION):    ${LLIBAGENTOBJS} $(USELIBS)
+ 	$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
+diff --git a/apps/Makefile.in b/apps/Makefile.in
+index 3dbb1d1..48ed23a 100644
+--- a/apps/Makefile.in
++++ b/apps/Makefile.in
+@@ -190,7 +190,7 @@ snmptest$(EXEEXT):    snmptest.$(OSUFFIX) $(USELIBS)
+ 	$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ 
+ snmptrapd$(EXEEXT):    $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
+-	$(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
++	$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ 
+ snmptrap$(EXEEXT):    snmptrap.$(OSUFFIX) $(USELIBS)
+ 	$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}

net-snmp-5.9-python3.patch

@@ -0,0 +1,38 @@
+diff --git a/Makefile.in b/Makefile.in
+index 912f6b2..862fb5f 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -227,7 +227,7 @@ perlcleanfeatures:
+ 
+ # python specific build rules
+ #
+-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
++PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
+ pythonmodules: subdirs
+ 	@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
+         if test $$? != 0 ; then \
+diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
+index daf11a4..3a30a64 100644
+--- a/python/netsnmp/client.py
++++ b/python/netsnmp/client.py
+@@ -56,7 +56,7 @@ class Varbind(object):
+     def __init__(self, tag=None, iid=None, val=None, type_arg=None):
+         self.tag = STR(tag)
+         self.iid = STR(iid)
+-        self.val = STR(val)
++        self.val = val
+         self.type = STR(type_arg)
+         # parse iid out of tag if needed
+         if iid is None and tag is not None:
+@@ -66,7 +66,10 @@ class Varbind(object):
+                 (self.tag, self.iid) = match.group(1, 2)
+ 
+     def __setattr__(self, name, val):
+-        self.__dict__[name] = STR(val)
++        if name == 'val':
++            self.__dict__[name] = val
++        else:
++            self.__dict__[name] = STR(val)
+ 
+     def __str__(self):
+         return obj_to_str(self)

net-snmp-5.9-test-debug.patch

@@ -0,0 +1,110 @@
+diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
+index 6c07f74..7df0b51 100644
+--- a/testing/fulltests/default/T070com2sec_simple
++++ b/testing/fulltests/default/T070com2sec_simple
+@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
+ SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
+ SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
+ 
+-if false; then
+-  # The two tests below have been disabled because these rely on resolving a
+-  # domain name into a local IP address. Such DNS replies are filtered out by
+-  # many security devices because to avoid DNS rebinding attacks. See also
+-  # https://en.wikipedia.org/wiki/DNS_rebinding.
+-
+-  CHECKAGENT '<"c408a"'
+-  if [ "$snmp_last_test_result" -eq 0 ] ; then
+-    CHECKAGENT 'line 32: Error:'
+-    if [ "$snmp_last_test_result" -ne 1 ] ; then
+-      return_value=1
+-      FINISHED
+-    fi
+-  elif [ "$snmp_last_test_result" -ne 1 ] ; then
++FINISHED
++
++# don't test the rest, it depends on DNS, which is not available in Koji
++
++CHECKAGENT '<"c408a"'
++if [ "$snmp_last_test_result" -eq 0 ] ; then
++  CHECKAGENT 'line 32: Error:'
++  if [ "$snmp_last_test_result" -ne 1 ] ; then
+     return_value=1
+     FINISHED
+   fi
++elif [ "$snmp_last_test_result" -ne 1 ] ; then
++  return_value=1
++  FINISHED
++fi
+ 
+-  CHECKAGENT '<"c408b"'
+-  if [ "$snmp_last_test_result" -eq 0 ] ; then
+-    CHECKAGENT 'line 33: Error:'
+-    if [ "$snmp_last_test_result" -ne 1 ] ; then
+-      return_value=1
+-    fi
+-  elif [ "$snmp_last_test_result" -ne 1 ] ; then
++CHECKAGENT '<"c408b"'
++if [ "$snmp_last_test_result" -eq 0 ] ; then
++  CHECKAGENT 'line 33: Error:'
++  if [ "$snmp_last_test_result" -ne 1 ] ; then
+     return_value=1
+   fi
+-
++elif [ "$snmp_last_test_result" -ne 1 ] ; then
++  return_value=1
+ fi
+ 
+ FINISHED
+diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
+index 76da70b..bc2d432 100644
+--- a/testing/fulltests/default/T071com2sec6_simple
++++ b/testing/fulltests/default/T071com2sec6_simple
+@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
+ SAVECHECKAGENT 'line 27: Error:'
+ SAVECHECKAGENT 'line 28: Error:'
+ 
+-if false; then
+-  # The two tests below have been disabled because these rely on resolving a
+-  # domain name into a local IP address. Such DNS replies are filtered out by
+-  # many security devices because to avoid DNS rebinding attacks. See also
+-  # https://en.wikipedia.org/wiki/DNS_rebinding.
+-
+-  # 608
+-  CHECKAGENT '<"c608a"'
+-  if [ "$snmp_last_test_result" -eq 0 ] ; then
+-    CHECKAGENT 'line 29: Error:'
+-    errnum=`expr $errnum - 1`
+-    if [ "$snmp_last_test_result" -ne 1 ] ; then
+-      FINISHED
+-    fi
+-  elif [ "$snmp_last_test_result" -ne 1 ] ; then
++FINISHED
++
++# don't test the rest, it depends on DNS, which is not available in Koji
++
++# 608
++CHECKAGENT '<"c608a"'
++if [ "$snmp_last_test_result" -eq 0 ] ; then
++  CHECKAGENT 'line 29: Error:'
++  errnum=`expr $errnum - 1`
++  if [ "$snmp_last_test_result" -ne 1 ] ; then
+     FINISHED
+   fi
++elif [ "$snmp_last_test_result" -ne 1 ] ; then
++  FINISHED
++fi
+ 
+-  CHECKAGENTCOUNT atleastone '<"c608b"'
+-  if [ "$snmp_last_test_result" -eq 0 ] ; then
+-    CHECKAGENT 'line 30: Error:'
+-    if [ "$snmp_last_test_result" -eq 1 ] ; then
+-      errnum=`expr $errnum - 1`
+-    fi
++CHECKAGENTCOUNT atleastone '<"c608b"'
++if [ "$snmp_last_test_result" -eq 0 ] ; then
++  CHECKAGENT 'line 30: Error:'
++  if [ "$snmp_last_test_result" -eq 1 ] ; then
++    errnum=`expr $errnum - 1`
+   fi
+ fi
+ 

net-snmp-5.9.1-autoconf.patch

@@ -0,0 +1,6 @@
+diff -urNp a/dist/autoconf-version b/dist/autoconf-version
+--- a/dist/autoconf-version	2021-09-01 11:18:14.582110773 +0200
++++ b/dist/autoconf-version	2021-09-01 11:20:16.804369533 +0200
+@@ -1 +1 @@
+-2.69
++2.71

net-snmp-5.9.1-remove-des.patch

@@ -0,0 +1,175 @@
+diff -urNp a/man/net-snmp-config.1.def b/man/net-snmp-config.1.def
+--- a/man/net-snmp-config.1.def	2021-05-26 09:30:07.430790003 +0200
++++ b/man/net-snmp-config.1.def	2021-05-26 09:35:36.703673542 +0200
+@@ -30,7 +30,7 @@ code for a list of available debug token
+ SNMP Setup commands:
+ .TP
+ \fB\-\-create\-snmpv3\-user\fR [\-ro] [\-a authpass] [\-x privpass]
+-[\-X DES|AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
++[\-X AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
+ .PP
+ These options produce the various compilation flags needed when
+ building external SNMP applications:
+diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
+--- a/man/net-snmp-create-v3-user.1.def	2021-05-26 09:30:07.430790003 +0200
++++ b/man/net-snmp-create-v3-user.1.def	2021-05-26 09:34:23.702034230 +0200
+@@ -3,7 +3,7 @@
+ net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
+ .SH SYNOPSIS
+ .PP
+-.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x AES]
+ .B [username]
+ .SH DESCRIPTION
+ .PP
+@@ -27,5 +27,5 @@ specifies the authentication password ha
+ \fB\-X privpass\fR
+ specifies the encryption password
+ .TP
+-\fB\-x DES|AES\fR
++\fB\-x AES\fR
+ specifies the encryption algorithm
+diff -urNp a/man/snmpcmd.1.def b/man/snmpcmd.1.def
+--- a/man/snmpcmd.1.def	2021-05-26 09:30:07.429789994 +0200
++++ b/man/snmpcmd.1.def	2021-05-26 09:37:51.104850500 +0200
+@@ -311,7 +311,7 @@ Overrides the \fIdefSecurityName\fR toke
+ file.
+ .TP
+ .BI \-x " privProtocol"
+-Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages. 
++Set the privacy protocol (AES) used for encrypted SNMPv3 messages. 
+ Overrides the \fIdefPrivType\fR token in the
+ .I snmp.conf
+ file. This option is only valid if the Net-SNMP software was build
+diff -urNp a/man/snmp.conf.5.def b/man/snmp.conf.5.def
+--- a/man/snmp.conf.5.def	2021-05-26 09:30:07.429789994 +0200
++++ b/man/snmp.conf.5.def	2021-05-26 09:40:03.730011937 +0200
+@@ -221,13 +221,13 @@ The
+ value will be used for the authentication and/or privacy pass phrases
+ if either of the other directives are not specified.
+ .IP "defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224"
+-.IP "defPrivType DES|AES"
++.IP "defPrivType AES"
+ define the default authentication and privacy protocols to use for
+ SNMPv3 requests.
+ These can be overridden using the \fB\-a\fR and \fB\-x\fR options respectively.
+ .IP
+ If not specified, SNMPv3 requests will default to MD5 authentication
+-and DES encryption.
++and AES encryption.
+ .RS
+ .IP "Note:
+ If the software has not been compiled to use the OpenSSL libraries,
+@@ -262,8 +262,7 @@ master keys which have been converted to
+ suitable for on particular SNMP engine (agent).  The length of the key
+ needs to be appropriate for the authentication or encryption type
+ being used (auth keys: MD5=16 bytes, SHA1=20 bytes;
+-priv keys: DES=16 bytes (8
+-bytes of which is used as an IV and not a key), and AES=16 bytes).
++priv keys: AES=16 bytes).
+ .IP "sshtosnmpsocket PATH"
+ Sets the path of the \fBsshtosnmp\fR socket created by an application
+ (e.g. snmpd) listening for incoming ssh connections through the
+diff -urNp a/man/snmpd.examples.5.def b/man/snmpd.examples.5.def
+--- a/man/snmpd.examples.5.def	2021-05-26 09:30:07.429789994 +0200
++++ b/man/snmpd.examples.5.def	2021-05-26 09:41:29.170761436 +0200
+@@ -87,8 +87,8 @@ the same authentication and encryption s
+ .RS
+ .nf
+ createUser me     MD5 "single pass phrase"
+-createUser myself MD5 "single pass phrase" DES
+-createUser andI   MD5 "single pass phrase" DES "single pass phrase"
++createUser myself MD5 "single pass phrase" AES
++createUser andI   MD5 "single pass phrase" AES "single pass phrase"
+ .fi
+ .RE
+ Note that this defines three \fIdistinct\fR users, who could be granted
+diff -urNp a/man/snmptrapd.conf.5.def b/man/snmptrapd.conf.5.def
+--- a/man/snmptrapd.conf.5.def	2021-05-26 09:30:07.428789985 +0200
++++ b/man/snmptrapd.conf.5.def	2021-05-26 09:42:02.963064029 +0200
+@@ -117,7 +117,7 @@ to trigger the types of processing liste
+ See
+ .IR snmpd.conf (5)
+ for more details.
+-.IP "createUser [-e  ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES]"
++.IP "createUser [-e  ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [AES]"
+ See the 
+ .IR snmpd.conf (5)
+ manual page for a description of how to create SNMPv3 users.  This
+diff -urNp a/man/snmpusm.1.def b/man/snmpusm.1.def
+--- a/man/snmpusm.1.def	2021-05-26 09:30:07.430790003 +0200
++++ b/man/snmpusm.1.def	2021-05-26 09:42:24.178253990 +0200
+@@ -216,7 +216,7 @@ rwuser initial
+ # lets add the new user we'll create too:
+ rwuser wes
+ # USM configuration entries
+-createUser initial MD5 setup_passphrase DES
++createUser initial MD5 setup_passphrase AES
+ .fi
+ .RE
+ .PP
+diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+--- a/net-snmp-create-v3-user.in	2021-05-26 09:30:07.369789468 +0200
++++ b/net-snmp-create-v3-user.in	2021-05-26 09:33:23.966511123 +0200
+@@ -10,7 +10,7 @@ if @PSCMD@ | egrep ' snmpd *$' > /dev/nu
+ fi
+ 
+ Aalgorithm="MD5"
+-Xalgorithm="DES"
++Xalgorithm="AES"
+ token=rwuser
+ 
+ while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
+@@ -57,11 +57,11 @@ case $1 in
+ 	    exit 1
+ 	fi
+         case $1 in
+-            DES|AES|AES128|AES192|AES256)
++            AES|AES128|AES192|AES256)
+ 	    Xalgorithm=$1
+ 	    shift
+ 	    ;;
+-            des|aes|aes128|aes192|aes256)
++            aes|aes128|aes192|aes256)
+ 	    Xalgorithm=$(echo "$1" | tr a-z A-Z)
+ 	    shift
+ 	    ;;
+@@ -90,7 +90,7 @@ if test "x$usage" = "xyes"; then
+     echo ""
+     echo "Usage:"
+     echo "  net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]"
+-    echo "                          [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x DES|AES] [username]"
++    echo "                          [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x AES] [username]"
+     echo ""
+     exit
+ fi
+diff -urNp a/README.snmpv3 b/README.snmpv3
+--- a/README.snmpv3	2021-05-26 09:30:07.352789320 +0200
++++ b/README.snmpv3	2021-05-26 09:44:49.109551728 +0200
+@@ -4,7 +4,7 @@ How to setup SNMPv3, a very brief docume
+ do a better job on since I suck at writing documentation and he
+ doesn't ;-) --Wes:
+ 
+-Note: SHA authentication and DES/AES encryption support is only available
++Note: SHA authentication and AES encryption support is only available
+ if you have OpenSSL installed or if you've compiled using
+ --with-openssl=internal.  If you use --with-openssl=internal please
+ read the documentation in snmplib/openssl/README for important details.
+@@ -27,7 +27,7 @@ CREATING THE FIRST USER:
+   WARNING: SNMPv3 pass phrases must be at least 8 characters long!
+ 
+   The above line creates the user "myuser" with a password of
+-  "my_password" (and uses MD5 and DES for protection).  (Note that
++  "my_password" (and uses MD5 and AES for protection).  (Note that
+   encryption support isn't enabled in the binary releases downloadable
+   from the net-snmp web site.)  net-snmp-config will also add a line
+   to your snmpd.conf file to let that user have read/write access to
+@@ -44,7 +44,7 @@ CREATING THE FIRST USER:
+        [ this should return information about how long your agent has been up]
+   
+     snmpget -v 3 -u myuser -l authPriv   -a MD5 -A my_password
+-                                         -x DES -X my_password localhost sysUpTime.0
++                                         -x AES -X my_password localhost sysUpTime.0
+        [ this should return similar information, but encrypts the transmission ]
+ 
+ CREATING A SECOND USER:

net-snmp-config

@@ -16,43 +16,47 @@
 arch=`arch`
 echo $arch | grep -q i.86
 if [ $? -eq 0 ] ; then
-    net-snmp-config-i386 $*
+    net-snmp-config-i386 "$@"
     exit 0
 fi
 if [ "$arch" = "ia64" ] ; then
-    net-snmp-config-ia64 $*
+    net-snmp-config-ia64 "$@"
     exit 0
 fi
 if [ "$arch" = "ppc" ] ; then
-    net-snmp-config-ppc $*
+    net-snmp-config-ppc "$@"
     exit 0
 fi
 if [ "$arch" = "ppc64" ] ; then
-    net-snmp-config-ppc64 $*
+    net-snmp-config-ppc64 "$@"
     exit 0
 fi
 if [ "$arch" = "s390" ] ; then
-    net-snmp-config-s390 $*
+    net-snmp-config-s390 "$@"
     exit 0
 fi
 if [ "$arch" = "s390x" ] ; then
-    net-snmp-config-s390x $*
+    net-snmp-config-s390x "$@"
     exit 0
 fi
 if [ "$arch" = "x86_64" ] ; then
-    net-snmp-config-x86_64 $*
+    net-snmp-config-x86_64 "$@"
     exit 0
 fi
 if [ "$arch" = "alpha" ] ; then
-    net-snmp-config-alpha $*
+    net-snmp-config-alpha "$@"
     exit 0
 fi
 if [ "$arch" = "sparc" ] ; then
-    net-snmp-config-sparc $*
+    net-snmp-config-sparc "$@"
     exit 0
 fi
 if [ "$arch" = "sparc64" ] ; then
-    net-snmp-config-sparc64 $*
+    net-snmp-config-sparc64 "$@"
+    exit 0
+fi
+if [ "$arch" = "aarch64" ] ; then
+    net-snmp-config-aarch64 "$@"
     exit 0
 fi
 echo "Cannot determine architecture"

net-snmp-config.h

@@ -4,10 +4,10 @@
  * out) in net-snmp-config.h.  The original net-snmp-config.h has been renamed.
  * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
 
-#ifdef net-snmp-config_multilib_redirection_h
-#error "Do not define net-snmp-config_multilib_redirection_h!"
+#ifdef net_snmp_config_multilib_redirection_h
+#error "Do not define net_snmp_config_multilib_redirection_h!"
 #endif
-#define net-snmp-config_multilib_redirection_h
+#define net_snmp_config_multilib_redirection_h
 
 #if defined(__i386__)
 #include "net-snmp-config-i386.h"
@@ -29,8 +29,10 @@
 #include "net-snmp-config-sparc64.h"
 #elif defined(__sparc__)
 #include "net-snmp-config-sparc.h"
+#elif defined(__aarch64__)
+#include "net-snmp-config-aarch64.h"
 #else
 #error "net-snmp-devel package does not work on your architecture"
 #endif
 
-#undef net-snmp-config_multilib_redirection_h
+#undef net_snmp_config_multilib_redirection_h

net-snmp-libs-misunderstanding.patch

@@ -0,0 +1,59 @@
+Libs.private should contain a list of libraries the library that the package
+exposes is linked too. So let's filter out unrelated link flags.
+
+diff --git net-snmp-5.9.1/netsnmp.pc.in~ net-snmp-5.9.1/netsnmp.pc.in
+index 0a1f5785a4..524ca91d82 100644
+--- net-snmp-5.9.1/netsnmp.pc.in~
++++ net-snmp-5.9.1/netsnmp.pc.in
+@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
+ Version: @PACKAGE_VERSION@
+ Cflags: -I${includedir}
+ Libs: -L${libdir} -lnetsnmp
+-Libs.private: @LDFLAGS@ @LNETSNMPLIBS@ @LIBS@ @PERLLDOPTS_FOR_APPS@
++Libs.private: @LNETSNMPLIBS@ @LIBS@
+diff --git net-snmp-5.9.1/netsnmp-agent.pc.in~ net-snmp-5.9.1/netsnmp-agent.pc.in
+index 3a1c77bbf8..3d3b308d21 100644
+--- net-snmp-5.9.1/netsnmp-agent.pc.in~
++++ net-snmp-5.9.1/netsnmp-agent.pc.in
+@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
+ Version: @PACKAGE_VERSION@
+ Cflags: -I${includedir}
+ Libs: -L${libdir} -lnetsnmpmibs -lnetsnmpagent -lnetsnmp
+-Libs.private: @LDFLAGS@ @LMIBLIBS@ @LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@ @LNETSNMPLIBS@ @LIBS@
++Libs.private: @LMIBLIBS@ @LAGENTLIBS@ @LNETSNMPLIBS@ @LIBS@
+diff --git net-snmp-5.9.1/net-snmp-config.in~ net-snmp-5.9.1/net-snmp-config.in
+index 6b5abf8f83..ee81ce98fa 100644
+--- net-snmp-5.9.1/net-snmp-config.in~
++++ net-snmp-5.9.1/net-snmp-config.in
+@@ -193,13 +193,13 @@ else
+     #################################################### client lib
+     --libs)
+       # use this one == --netsnmp-libs + --external-libs
+-      echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
++      echo $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
+       ;;
+     --netsnmp-libs)
+       echo $NSC_LIBDIR $NSC_BASE_SNMP_LIBS
+       ;;
+     --external-libs)
+-      echo $NSC_LDFLAGS $NSC_LNETSNMPLIBS $NSC_LIBS @PERLLDOPTS_FOR_APPS@
++      echo $NSC_LNETSNMPLIBS $NSC_LIBS
+       ;;
+     #################################################### agent lib
+     --base-agent-libs)
+@@ -210,13 +210,13 @@ else
+       ;;
+     --agent-libs)
+       # use this one == --netsnmp-agent-libs + --external-libs
+-      echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
++      echo $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
+       ;;
+     --netsnmp-agent-libs)
+       echo $NSC_LIBDIR $NSC_BASE_AGENT_LIBS
+       ;;
+     --external-agent-libs)
+-      echo $NSC_LDFLAGS $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
++      echo $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
+       ;;
+     ####################################################
+     --version|--ver*)

net-snmp-tmpfs.conf

@@ -0,0 +1 @@
+d	/run/net-snmp	0755	root	root

net-snmp.redhat.conf

@@ -38,14 +38,14 @@
 # First, map the community name "public" into a "security name"
 
 #       sec.name  source          community
-com2sec notConfigUser  default       public
+#com2sec notConfigUser  default       public
 
 ####
 # Second, map the security name into a group name:
 
 #       groupName      securityModel securityName
-group   notConfigGroup v1           notConfigUser
-group   notConfigGroup v2c           notConfigUser
+#group   notConfigGroup v1           notConfigUser
+#group   notConfigGroup v2c           notConfigUser
 
 ####
 # Third, create a view for us to let the group have rights to:

net-snmpd.init

@@ -1,115 +0,0 @@
-#!/bin/bash
-# ucd-snmp init file for snmpd
-#
-# chkconfig: - 50 50
-# description: Simple Network Management Protocol (SNMP) Daemon
-#
-# processname: /usr/sbin/snmpd
-# config: /etc/snmp/snmpd.conf
-# config: /usr/share/snmp/snmpd.conf
-# pidfile: /var/run/snmpd.pid
-
-### BEGIN INIT INFO
-# Provides: snmpd
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Should-Start: 
-# Should-Stop: 
-# Default-Start: 
-# Default-Stop: 
-# Short-Description: start and stop Net-SNMP daemon
-# Description: Simple Network Management Protocol (SNMP) Daemon
-### END INIT INFO
-
-# source function library
-. /etc/init.d/functions
-
-
-OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"
-if [ -e /etc/sysconfig/snmpd ]; then
-  . /etc/sysconfig/snmpd
-fi
-
-RETVAL=0
-prog="snmpd"
-binary=/usr/sbin/snmpd
-pidfile=/var/run/snmpd.pid
-
-start() {
-        [ -x $binary ] || exit 5
-        echo -n $"Starting $prog: "
-        if [ $UID -ne 0 ]; then
-                RETVAL=1
-                failure
-        else
-                daemon --pidfile=$pidfile $binary $OPTIONS
-                RETVAL=$?
-                [ $RETVAL -eq 0 ] && touch /var/lock/subsys/snmpd
-        fi;
-        echo 
-        return $RETVAL
-}
-
-stop() {
-        echo -n $"Stopping $prog: "
-        if [ $UID -ne 0 ]; then
-                RETVAL=1
-                failure
-        else
-                killproc -p $pidfile $binary
-                RETVAL=$?
-                [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/snmpd
-        fi;
-        echo
-        return $RETVAL
-}
-
-reload(){
-        echo -n $"Reloading $prog: "
-        killproc -p $pidfile $binary -HUP
-        RETVAL=$?
-        echo
-        return $RETVAL
-}
-
-restart(){
-	stop
-	start
-}
-
-condrestart(){
-    [ -e /var/lock/subsys/snmpd ] && restart
-    return 0
-}
-
-case "$1" in
-  start)
-	start
-	RETVAL=$?
-	;;
-  stop)
-	stop
-	RETVAL=$?
-	;;
-  restart)
-	restart
-	RETVAL=$?
-        ;;
-  reload|force-reload)
-	reload
-	RETVAL=$?
-        ;;
-  condrestart|try-restart)
-	condrestart
-	RETVAL=$?
-	;;
-  status)
-        status snmpd
-	RETVAL=$?
-        ;;
-  *)
-	echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload}"
-	RETVAL=2
-esac
-
-exit $RETVAL

net-snmpd.sysconfig

@@ -1,2 +1,3 @@
 # snmpd command line options
-# OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"
+# '-f' is implicitly added by snmpd systemd unit file
+# OPTIONS="-LS0-6d"

net-snmptrapd.init

@@ -1,103 +0,0 @@
-#!/bin/bash
-
-# ucd-snmp init file for snmptrapd
-#
-# chkconfig: - 50 50
-# description: Simple Network Management Protocol (SNMP) Trap Daemon
-#
-# processname: /usr/sbin/snmptrapd
-# config: /etc/snmp/snmptrapd.conf
-# config: /usr/share/snmp/snmptrapd.conf
-# pidfile: /var/run/snmptrapd.pid
-
-
-### BEGIN INIT INFO
-# Provides: snmptrapd
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Should-Start:
-# Should-Stop:
-# Default-Start:
-# Default-Stop:
-# Short-Description: start and stop Net-SNMP trap daemon
-# Description: Simple Network Management Protocol (SNMP) trap daemon
-### END INIT INFO
-
-# source function library
-. /etc/init.d/functions
-
-OPTIONS="-Lsd -p /var/run/snmptrapd.pid"
-if [ -e /etc/sysconfig/snmptrapd ]; then
-  . /etc/sysconfig/snmptrapd
-fi
-
-RETVAL=0
-prog="snmptrapd"
-binary=/usr/sbin/snmptrapd
-pidfile=/var/run/snmptrapd.pid
-
-start() {
-	[ -x $binary ] || exit 5
-	echo -n $"Starting $prog: "
-        daemon --pidfile=$pidfile /usr/sbin/snmptrapd $OPTIONS
-	RETVAL=$?
-	echo
-	touch /var/lock/subsys/snmptrapd
-	return $RETVAL
-}
-
-stop() {
-	echo -n $"Stopping $prog: "
-	killproc -p $pidfile /usr/sbin/snmptrapd
-	RETVAL=$?
-	echo
-	rm -f /var/lock/subsys/snmptrapd
-	return $RETVAL
-}
-
-reload(){
-	stop
-	start
-}
-
-restart(){
-	stop
-	start
-}
-
-condrestart(){
-    [ -e /var/lock/subsys/snmptrapd ] && restart
-    return 0
-}
-
-case "$1" in
-  start)
-	start
-	RETVAL=$?
-	;;
-  stop)
-	stop
-	RETVAL=$?
-	;;
-  restart)
-	restart
-	RETVAL=$?
-        ;;
-  reload|force-reload)
-	reload
-	RETVAL=$?
-        ;;
-  condrestart|try-restart)
-	condrestart
-	RETVAL=$?
-	;;
-  status)
-        status snmptrapd
-	RETVAL=$?
-        ;;
-  *)
-	echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload}"
-	RETVAL=2
-esac
-
-exit $RETVAL

net-snmptrapd.sysconfig

@@ -1,2 +1,3 @@
 # snmptrapd command line options
-# OPTIONS="-Lsd -p /var/run/snmptrapd.pid"
+# '-f' is implicitly added by snmptrapd systemd unit file
+# OPTIONS="-Lsd"

snmpd.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Simple Network Management Protocol (SNMP) Daemon.
+After=syslog.target network-online.target
+
+[Service]
+Type=notify
+Environment=OPTIONS="-LS0-6d"
+EnvironmentFile=-/etc/sysconfig/snmpd
+ExecStart=/usr/sbin/snmpd $OPTIONS -f
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

snmptrapd.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Simple Network Management Protocol (SNMP) Trap Daemon.
+After=syslog.target network-online.target
+
+[Service]
+Type=notify
+Environment=OPTIONS="-Lsd"
+EnvironmentFile=-/etc/sysconfig/snmptrapd
+ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

sources

@@ -1 +1 @@
-5b2551e7bd024fbbee84dca22a5f13a1  net-snmp-5.5.tar.gz
+SHA512 (net-snmp-5.9.3.tar.gz) = a476df4967029a2eb03d27b0e250170785d0a8c143d49b900ee958c3cbdfaccd415b70af40f6fbed9cb8819d522c35a6073a431091d908ccc7c018fa0aaa2abc

tests/integration-tests/Makefile

@@ -0,0 +1,36 @@
+# SPDX-License-Identifier: LGPL-2.1+
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/net-snmp
+#   Description: Test if net-snmp working ok
+#   Author: Susant Sahani<susant@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+export TEST=/CoreOS/net-snmp
+export TESTVERSION=1.0
+BUILT_FILES=
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+.PHONY: all install download clean
+run: $(FILES) build
+	./runtest.sh
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+clean:
+	rm -f *~ $(BUILT_FILES)
+include /usr/share/rhts/lib/rhts-make.include
+$(METADATA): Makefile
+	@echo "Owner:           Susant Sahani<susant@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Test snmpd" >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        5m" >> $(METADATA)
+	@echo "RunFor:          net-snmp" >> $(METADATA)
+	@echo "Requires:        net=snmp" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+	@echo "Releases:        -Fedora 28" >> $(METADATA)
+	rhts-lint $(METADATA)

tests/integration-tests/PURPOSE

@@ -0,0 +1,3 @@
+PURPOSE of /CoreOS/net-snmp
+Description: tests for net-snmp
+Author: Susant Sahani<susant@redhat.com>

tests/integration-tests/net-snmp-tests.py

@@ -0,0 +1,175 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: LGPL-2.1+
+# ~~~
+#   Description: Tests for snmpd
+#
+#   Author: Susant Sahani <susant@redhat.com>
+#   Copyright (c) 2018 Red Hat, Inc.
+# ~~~
+
+import errno
+import os
+import sys
+import time
+import unittest
+import subprocess
+import signal
+import shutil
+import psutil
+import socket
+import platform
+import re
+from pyroute2 import IPRoute
+from psutil import virtual_memory
+from collections import OrderedDict
+
+HOST='192.168.111.50'
+
+def setUpModule():
+    """Initialize the environment, and perform sanity checks on it."""
+
+    if shutil.which('snmpd') is None:
+        raise OSError(errno.ENOENT, 'snmpd not found')
+
+    if shutil.which('snmpwalk') is None:
+        raise OSError(errno.ENOENT, 'snmpwalk not found')
+
+def tearDownModule():
+        pass
+
+class GenericUtilities():
+    """Provide a set of utility functions start stop daemons. write config files etc """
+
+    def StartSnmpd(self):
+        """Start snmpd"""
+        subprocess.check_output(['systemctl', 'start', 'snmpd'])
+
+    def StopSnmpd(self):
+        """Stop snmpd"""
+        subprocess.check_output(['systemctl', 'stop', 'snmpd'])
+
+    def SetupVethInterface(self):
+        """Setup veth interface"""
+
+        ip = IPRoute()
+
+        ip.link('add', ifname='veth-test', peer='veth-peer', kind='veth')
+        idx_veth_test = ip.link_lookup(ifname='veth-test')[0]
+        idx_veth_peer = ip.link_lookup(ifname='veth-peer')[0]
+
+        ip.link('set', index=idx_veth_test, address='12:11:12:13:14:18')
+        ip.link('set', index=idx_veth_peer, address='22:21:22:23:24:29')
+        ip.link('set', index=idx_veth_test, state='up')
+        ip.link('set', index=idx_veth_peer, state='up')
+        ip.addr('add', index=idx_veth_test, address='192.168.111.50')
+        ip.addr('add', index=idx_veth_peer, address='192.168.111.51')
+
+        ip.close()
+
+    def TearDownVethInterface(self):
+        ip = IPRoute()
+
+        ip.link('del', index=ip.link_lookup(ifname='veth-test')[0])
+        ip.close()
+
+class SnmpdTests(unittest.TestCase, GenericUtilities):
+
+    def setUp(self):
+        self.SetupVethInterface()
+        time.sleep(1)
+        self.StartSnmpd()
+
+    def tearDown(self):
+        self.StopSnmpd()
+        self.TearDownVethInterface()
+
+    def test_UCD_SNMP_MIB_memory(self):
+        ''' UCD-SNMP-MIB::memory '''
+
+        subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public',  HOST,  'UCD-SNMP-MIB::memory'])
+
+        meminfo=OrderedDict()
+        with open('/proc/meminfo') as f:
+            for line in f:
+                meminfo[line.split(':')[0]] = line.split(':')[1].strip()
+
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public',  HOST,  'UCD-SNMP-MIB::memTotalReal.0']).rstrip().decode('utf-8')
+        self.assertRegex(output, meminfo['MemTotal'])
+
+    def test_SNMP_hrSWRunPath(self):
+        """ process id """
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public',  HOST,  'HOST-RESOURCES-MIB::hrSWRunPath.1']).rstrip().decode('utf-8')
+        self.assertRegex(output, 'systemd')
+
+    def test_SNMP_IF_MIB_network_interface(self):
+        """ verify network interface (1.3.6.1.2.1.2.2.1) SNMP variables """
+
+        ip = IPRoute()
+
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1'])
+
+        # 1.3.6.1.2.1.2.2.1.1 IF-MIB::ifIndex
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.1']).rstrip().decode('utf-8')
+        self.assertRegex(output, 'IF-MIB::ifIndex.1 = INTEGER: 1')
+
+        # 1.3.6.1.2.1.2.2.1.1 IF-MIB::ifDescr
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.2']).rstrip().decode('utf-8')
+        for link in ip.get_links():
+            self.assertRegex(output, link.get_attr('IFLA_IFNAME'))
+
+        # IP-MIB::ipAdEntAddr 1.3.6.1.2.1.4.20.1.1
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.4.20.1.1']).rstrip().decode('utf-8')
+        for addr in ip.get_addr():
+            if addr.get_attr('IFA_ADDRESS'):
+                if addr.get_attr('IFA_ADDRESS') != '::1' and addr.get_attr('Ifamily') == 2:
+                    self.assertRegex(output, addr.get_attr('IFA_ADDRESS'))
+
+        # IF-MIB::ifPhysAddress. 1.3.6.1.2.1.2.2.1.6
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.6']).rstrip().decode('utf-8')
+        for link in ip.get_links():
+            if link.get_attr('IFLA_ADDRESS') and link.get_attr('IFLA_ADDRESS') != '00:00:00:00:00:00':
+                snmp_mac = re.sub(r'\b0+(\d)', r'\1', link.get_attr('IFLA_ADDRESS')).lstrip('0')
+                self.assertRegex(output, snmp_mac)
+
+        ip.close()
+
+    def test_SNMP_MIB_2_System(self):
+        """ verify RFC 1213 System (1.3.6.1.2.1.1) SNMP variables"""
+
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1']).rstrip().decode('utf-8')
+
+        # 1.3.6.1.2.1.1.1 - sysDescr
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.1']).rstrip().decode('utf-8')
+        self.assertRegex(output, platform.machine())
+        self.assertRegex(output, platform.node())
+        self.assertRegex(output, platform.processor())
+        self.assertRegex(output, platform.release())
+        self.assertRegex(output, platform.version())
+
+        # 1.3.6.1.2.1.1.2 - sysObjectID
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.2'])
+
+        # 1.3.6.1.2.1.1.3 - sysUpTime
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.3'])
+
+        # 1.3.6.1.2.1.1.4 - sysContact
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.4']).rstrip().decode('utf-8')
+        self.assertRegex(output, 'fedora-ci <fedoraci@fedoraproject.org>')
+
+        # 1.3.6.1.2.1.1.5 - sysName
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.5']).rstrip().decode('utf-8')
+        self.assertRegex(output, socket.gethostname())
+
+        # 1.3.6.1.2.1.1.6 - sysLocation
+        output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.6']).rstrip().decode('utf-8')
+        self.assertRegex(output, 'Pune, IN')
+
+    def test_basic_snmpwalk(self):
+        """ verify snmpwalk getting success snmpwalk -v2c -c public localhost """
+
+        subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST])
+
+
+if __name__ == '__main__':
+    unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+                                                     verbosity=3))

tests/integration-tests/runtest.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1+
+# ~~~
+#   runtest.sh of net-snmp
+#   Description:  net-snmp tests
+#
+#   Author: Susant Sahani <susant@redhat.com>
+#   Copyright (c) 2018 Red Hat, Inc.
+# ~~~
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE_NET_SNMP="net-snmp"
+PACKAGE_NET_SNMP_UTILS="net-snmp-utils"
+
+NET_SNMP_CONF_FILE="/etc/snmp/snmpd.conf"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE_NET_SNMP
+        rlAssertRpm $PACKAGE_NET_SNMP_UTILS
+
+        rlRun "systemctl stop firewalld" 0,5
+        rlRun "setenforce 0" 0,1
+
+        rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
+        rlRun "cp net-snmp-tests.py /usr/bin/"
+
+        rlFileBackup "$NET_SNMP_CONF_FILE"
+        rlRun "cp snmpd.conf $NET_SNMP_CONF_FILE"
+
+    rlPhaseEnd
+
+    rlPhaseStartTest
+        rlLog "Starting net-snmp tests ..."
+        rlRun "/usr/bin/python3 /usr/bin/net-snmp-tests.py"
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlRun "rm /usr/bin/net-snmp-tests.py  $NET_SNMP_CONFIG_FILE"
+        rlRun "systemctl daemon-reload"
+        rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
+        rlFileRestore
+        rlRun "setenforce 1" 0,1
+        rlLog "net-snmp tests done"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd
+
+rlGetTestState

tests/integration-tests/snmpd.conf

@@ -0,0 +1,7 @@
+agentAddress  udp:192.168.111.50:161
+
+syslocation Pune, IN
+syscontact fedora-ci <fedoraci@fedoraproject.org>
+
+dontLogTCPWrappersConnects yes
+rocommunity public

tests/tests.yml

@@ -0,0 +1,14 @@
+- hosts: localhost
+  roles:
+    - role: standard-test-beakerlib
+      tags:
+      - classic
+      tests:
+      - integration-tests
+      required_packages:
+      - python3
+      - systemd
+      - iproute
+      - python3-pyroute2
+      - net-snmp
+      - net-snmp-utils