From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCHv2] net-snmp: Update to 5.9.3
Date: Fri, 17 Feb 2023 08:07:11 +0100 [thread overview]
Message-ID: <20230217070711.162747-1-stefan.schantl@ipfire.org> (raw)
In-Reply-To: <d4d03322f3560f1a13696bee1295726227c81682.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 144998 bytes --]
* Update patchset
* Drop perl modules
* Drop additional script which are related on the
SNMP perl modules or depricated ones.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
net-snmp/net-snmp.nm | 44 +-
.../patches/net-snmp-5.5-apsl-copying.patch | 354 ----
net-snmp/patches/net-snmp-5.5-dir-fix.patch | 14 -
.../patches/net-snmp-5.5-perl-linking.patch | 16 -
net-snmp/patches/net-snmp-5.6-multilib.patch | 45 -
.../patches/net-snmp-5.6-test-debug.patch | 29 -
net-snmp/patches/net-snmp-5.7.2-systemd.patch | 1650 -----------------
.../patches/net-snmp-5.7.3-iterator-fix.patch | 14 +
.../net-snmp-5.8-Remove-U64-typedef.patch | 12 +
...et-snmp-5.8-clientaddr-error-message.patch | 35 +
.../net-snmp-5.8-duplicate-ipAddress.patch | 11 +
.../net-snmp-5.8-ipAddress-faster-load.patch | 82 +
net-snmp/patches/net-snmp-5.8-man-page.patch | 36 +
.../patches/net-snmp-5.9-aes-config.patch | 18 +
.../patches/net-snmp-5.9-autofs-skip.patch | 12 +
net-snmp/patches/net-snmp-5.9-coverity.patch | 22 +
net-snmp/patches/net-snmp-5.9-dir-fix.patch | 30 +
.../net-snmp-5.9-intermediate-certs.patch | 855 +++++++++
.../net-snmp-5.9-memory-reporting.patch | 28 +
...5.7.2-pie.patch => net-snmp-5.9-pie.patch} | 20 +-
.../patches/net-snmp-5.9.1-autoconf.patch | 6 +
21 files changed, 1191 insertions(+), 2142 deletions(-)
delete mode 100644 net-snmp/patches/net-snmp-5.5-apsl-copying.patch
delete mode 100644 net-snmp/patches/net-snmp-5.5-dir-fix.patch
delete mode 100644 net-snmp/patches/net-snmp-5.5-perl-linking.patch
delete mode 100644 net-snmp/patches/net-snmp-5.6-multilib.patch
delete mode 100644 net-snmp/patches/net-snmp-5.6-test-debug.patch
delete mode 100644 net-snmp/patches/net-snmp-5.7.2-systemd.patch
create mode 100644 net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch
create mode 100644 net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch
create mode 100644 net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch
create mode 100644 net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch
create mode 100644 net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch
create mode 100644 net-snmp/patches/net-snmp-5.8-man-page.patch
create mode 100644 net-snmp/patches/net-snmp-5.9-aes-config.patch
create mode 100644 net-snmp/patches/net-snmp-5.9-autofs-skip.patch
create mode 100644 net-snmp/patches/net-snmp-5.9-coverity.patch
create mode 100644 net-snmp/patches/net-snmp-5.9-dir-fix.patch
create mode 100644 net-snmp/patches/net-snmp-5.9-intermediate-certs.patch
create mode 100644 net-snmp/patches/net-snmp-5.9-memory-reporting.patch
rename net-snmp/patches/{net-snmp-5.7.2-pie.patch => net-snmp-5.9-pie.patch} (56%)
create mode 100644 net-snmp/patches/net-snmp-5.9.1-autoconf.patch
diff --git a/net-snmp/net-snmp.nm b/net-snmp/net-snmp.nm
index 9e86e355d..ac5cb8fe7 100644
--- a/net-snmp/net-snmp.nm
+++ b/net-snmp/net-snmp.nm
@@ -4,7 +4,7 @@
###############################################################################
name = net-snmp
-version = 5.7.3
+version = 5.9.3
release = 1
groups = Networking/Daemons
@@ -29,16 +29,12 @@ build
elfutils-devel
lm-sensors-devel >= 3
openssl-devel
- perl(ExtUtils::Embed)
procps
- python-setuptools
- python-devel
+ python3-devel
+ python3-setuptools
systemd-devel
- systemd-units
end
- PARALLELISMFLAGS = # No parallel build
-
prepare_cmds
autoreconf -vfi
end
@@ -64,25 +60,17 @@ build
--enable-ucd-snmp-compatibility \
--with-openssl \
--with-pic \
- --enable-embedded-perl \
--enable-as-needed \
- --with-perl-modules="INSTALLDIRS=vendor" \
--enable-mfd-rewrites \
--enable-local-smux \
--with-temp-file-pattern=/var/run/net-snmp/snmp-tmp-XXXXXX \
--with-transports="DTLSUDP TLSTCP" \
--with-security-modules=tsm \
- --with-systemd
-
- build_cmds
- # Remove rpath from compiled perl libs
- find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \;
-
- # Compile python module
- pushd python
- %{python} setup.py --basedir=".." build
- popd
- end
+ --with-systemd \
+ --with-default-snmp-version="3" \
+ --without-perl-modules \
+ --disable-embedded-perl \
+ --with-python-modules
install_cmds
# Remove stuff we don't want to distribute.
@@ -95,11 +83,6 @@ build
# Copy missing mib2c.conf files.
install -v -m 644 local/mib2c.*.conf %{BUILDROOT}%{datadir}/snmp
- # Install python module.
- pushd python
- %{python} setup.py --basedir=".." install -O1 --skip-build --root %{BUILDROOT}
- popd
-
# Make libs executable.
find %{BUILDROOT} -name "*.so" | xargs chmod -v 755
@@ -113,6 +96,17 @@ build
# Prepare runtime directories.
mkdir -pv %{BUILDROOT}%{localstatedir}/{lib,run}/net-snmp
+ # Remove scripts in /bin which requires the SNMP
+ # perl bindings.
+ rm -rvf %{BUILDROOT}%{bindir}/net-snmp-cert
+ rm -rvf %{BUILDROOT}%{bindir}/tkmib
+ rm -rvf %{BUILDROOT}%{bindir}/mib2c
+ rm -rvf %{BUILDROOT}%{bindir}/snmp-bridge-mib
+
+ # Remove checkbandwidth script
+ # This uses a deprecated perl module (Mail::Sender)
+ rm -rvf %{BUILDROOT}%{bindir}/checkbandwidth
+
# Remove more RPATHs.
find %{BUILDROOT}%{bindir} -type f -print \
-exec chrpath --delete {} \;
diff --git a/net-snmp/patches/net-snmp-5.5-apsl-copying.patch b/net-snmp/patches/net-snmp-5.5-apsl-copying.patch
deleted file mode 100644
index 5ae7ca30c..000000000
--- a/net-snmp/patches/net-snmp-5.5-apsl-copying.patch
+++ /dev/null
@@ -1,354 +0,0 @@
-Add APSL 2.0 license to the COPYING file.
-
-There is only one file covered by this license:
-net-snmp-5.5/agent/mibgroup/host/data_access/swrun_darwin.c
-
-This file is not used on Linux at all, it's only present in source
-tarball and net-snmp.src.rpm.
-
-In addition, it's licensed under APSL 1.1, but it allows to relicense
-the code to 'any subsequent version of this License published by Apple'.
-According to http://fedoraproject.org/wiki/Licensing, APSL ver. 2.0 is
-better for us.
-
-diff -up net-snmp-5.7.3/COPYING.skiFvk net-snmp-5.7.3/COPYING
---- net-snmp-5.7.3/COPYING.skiFvk 2015-02-17 13:33:15.963257594 +0100
-+++ net-snmp-5.7.3/COPYING 2015-02-17 13:33:37.931241818 +0100
-@@ -325,3 +325,337 @@ PROFITS; OR BUSINESS INTERRUPTION) HOWEV
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+
-+---- Part 11: APPLE PUBLIC SOURCE LICENSE (APSL 2.0) ----
-+
-+Version 2.0 - August 6, 2003
-+
-+Please read this License carefully before downloading this software. By
-+downloading or using this software, you are agreeing to be bound by the terms
-+of this License. If you do not or cannot agree to the terms of this License,
-+please do not download or use the software.
-+
-+Apple Note: In January 2007, Apple changed its corporate name from "Apple
-+Computer, Inc." to "Apple Inc." This change has been reflected below and
-+copyright years updated, but no other changes have been made to the APSL 2.0.
-+
-+1. General; Definitions. This License applies to any program or other
-+work which Apple Inc. ("Apple") makes publicly available and which contains a
-+notice placed by Apple identifying such program or work as "Original Code" and
-+stating that it is subject to the terms of this Apple Public Source License
-+version 2.0 ("License"). As used in this License:
-+
-+1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is the
-+grantor of rights, (i) claims of patents that are now or hereafter acquired,
-+owned by or assigned to Apple and (ii) that cover subject matter contained in
-+the Original Code, but only to the extent necessary to use, reproduce and/or
-+distribute the Original Code without infringement; and (b) in the case where
-+You are the grantor of rights, (i) claims of patents that are now or hereafter
-+acquired, owned by or assigned to You and (ii) that cover subject matter in
-+Your Modifications, taken alone or in combination with Original Code.
-+
-+1.2 "Contributor" means any person or entity that creates or contributes to
-+the creation of Modifications.
-+
-+1.3 "Covered Code" means the Original Code, Modifications, the combination
-+of Original Code and any Modifications, and/or any respective portions thereof.
-+
-+1.4 "Externally Deploy" means: (a) to sublicense, distribute or otherwise
-+make Covered Code available, directly or indirectly, to anyone other than You;
-+and/or (b) to use Covered Code, alone or as part of a Larger Work, in any way
-+to provide a service, including but not limited to delivery of content, through
-+electronic communication with a client other than You.
-+
-+1.5 "Larger Work" means a work which combines Covered Code or portions
-+thereof with code not governed by the terms of this License.
-+
-+1.6 "Modifications" mean any addition to, deletion from, and/or change to,
-+the substance and/or structure of the Original Code, any previous
-+Modifications, the combination of Original Code and any previous Modifications,
-+and/or any respective portions thereof. When code is released as a series of
-+files, a Modification is: (a) any addition to or deletion from the contents of
-+a file containing Covered Code; and/or (b) any new file or other representation
-+of computer program statements that contains any part of Covered Code.
-+
-+1.7 "Original Code" means (a) the Source Code of a program or other work as
-+originally made available by Apple under this License, including the Source
-+Code of any updates or upgrades to such programs or works made available by
-+Apple under this License, and that has been expressly identified by Apple as
-+such in the header file(s) of such work; and (b) the object code compiled from
-+such Source Code and originally made available by Apple under this License
-+
-+1.8 "Source Code" means the human readable form of a program or other work
-+that is suitable for making modifications to it, including all modules it
-+contains, plus any associated interface definition files, scripts used to
-+control compilation and installation of an executable (object code).
-+
-+1.9 "You" or "Your" means an individual or a legal entity exercising rights
-+under this License. For legal entities, "You" or "Your" includes any entity
-+which controls, is controlled by, or is under common control with, You, where
-+"control" means (a) the power, direct or indirect, to cause the direction or
-+management of such entity, whether by contract or otherwise, or (b) ownership
-+of fifty percent (50%) or more of the outstanding shares or beneficial
-+ownership of such entity.
-+
-+2. Permitted Uses; Conditions & Restrictions. Subject to the terms and
-+conditions of this License, Apple hereby grants You, effective on the date You
-+accept this License and download the Original Code, a world-wide, royalty-free,
-+non-exclusive license, to the extent of Apple's Applicable Patent Rights and
-+copyrights covering the Original Code, to do the following:
-+
-+2.1 Unmodified Code. You may use, reproduce, display, perform, internally
-+distribute within Your organization, and Externally Deploy verbatim, unmodified
-+copies of the Original Code, for commercial or non-commercial purposes,
-+provided that in each instance:
-+
-+(a) You must retain and reproduce in all copies of Original Code the
-+copyright and other proprietary notices and disclaimers of Apple as they appear
-+in the Original Code, and keep intact all notices in the Original Code that
-+refer to this License; and
-+
-+(b) You must include a copy of this License with every copy of Source Code
-+of Covered Code and documentation You distribute or Externally Deploy, and You
-+may not offer or impose any terms on such Source Code that alter or restrict
-+this License or the recipients' rights hereunder, except as permitted under
-+Section 6.
-+
-+2.2 Modified Code. You may modify Covered Code and use, reproduce,
-+display, perform, internally distribute within Your organization, and
-+Externally Deploy Your Modifications and Covered Code, for commercial or
-+non-commercial purposes, provided that in each instance You also meet all of
-+these conditions:
-+
-+(a) You must satisfy all the conditions of Section 2.1 with respect to the
-+Source Code of the Covered Code;
-+
-+(b) You must duplicate, to the extent it does not already exist, the notice
-+in Exhibit A in each file of the Source Code of all Your Modifications, and
-+cause the modified files to carry prominent notices stating that You changed
-+the files and the date of any change; and
-+
-+(c) If You Externally Deploy Your Modifications, You must make Source Code
-+of all Your Externally Deployed Modifications either available to those to whom
-+You have Externally Deployed Your Modifications, or publicly available. Source
-+Code of Your Externally Deployed Modifications must be released under the terms
-+set forth in this License, including the license grants set forth in Section 3
-+below, for as long as you Externally Deploy the Covered Code or twelve (12)
-+months from the date of initial External Deployment, whichever is longer. You
-+should preferably distribute the Source Code of Your Externally Deployed
-+Modifications electronically (e.g. download from a web site).
-+
-+2.3 Distribution of Executable Versions. In addition, if You Externally
-+Deploy Covered Code (Original Code and/or Modifications) in object code,
-+executable form only, You must include a prominent notice, in the code itself
-+as well as in related documentation, stating that Source Code of the Covered
-+Code is available under the terms of this License with information on how and
-+where to obtain such Source Code.
-+
-+2.4 Third Party Rights. You expressly acknowledge and agree that although
-+Apple and each Contributor grants the licenses to their respective portions of
-+the Covered Code set forth herein, no assurances are provided by Apple or any
-+Contributor that the Covered Code does not infringe the patent or other
-+intellectual property rights of any other entity. Apple and each Contributor
-+disclaim any liability to You for claims brought by any other entity based on
-+infringement of intellectual property rights or otherwise. As a condition to
-+exercising the rights and licenses granted hereunder, You hereby assume sole
-+responsibility to secure any other intellectual property rights needed, if any.
-+For example, if a third party patent license is required to allow You to
-+distribute the Covered Code, it is Your responsibility to acquire that license
-+before distributing the Covered Code.
-+
-+3. Your Grants. In consideration of, and as a condition to, the licenses
-+granted to You under this License, You hereby grant to any person or entity
-+receiving or distributing Covered Code under this License a non-exclusive,
-+royalty-free, perpetual, irrevocable license, under Your Applicable Patent
-+Rights and other intellectual property rights (other than patent) owned or
-+controlled by You, to use, reproduce, display, perform, modify, sublicense,
-+distribute and Externally Deploy Your Modifications of the same scope and
-+extent as Apple's licenses under Sections 2.1 and 2.2 above.
-+
-+4. Larger Works. You may create a Larger Work by combining Covered Code
-+with other code not governed by the terms of this License and distribute the
-+Larger Work as a single product. In each such instance, You must make sure the
-+requirements of this License are fulfilled for the Covered Code or any portion
-+thereof.
-+
-+5. Limitations on Patent License. Except as expressly stated in Section
-+2, no other patent rights, express or implied, are granted by Apple herein.
-+Modifications and/or Larger Works may require additional patent licenses from
-+Apple which Apple may grant in its sole discretion.
-+
-+6. Additional Terms. You may choose to offer, and to charge a fee for,
-+warranty, support, indemnity or liability obligations and/or other rights
-+consistent with the scope of the license granted herein ("Additional Terms") to
-+one or more recipients of Covered Code. However, You may do so only on Your own
-+behalf and as Your sole responsibility, and not on behalf of Apple or any
-+Contributor. You must obtain the recipient's agreement that any such Additional
-+Terms are offered by You alone, and You hereby agree to indemnify, defend and
-+hold Apple and every Contributor harmless for any liability incurred by or
-+claims asserted against Apple or such Contributor by reason of any such
-+Additional Terms.
-+
-+7. Versions of the License. Apple may publish revised and/or new versions
-+of this License from time to time. Each version will be given a distinguishing
-+version number. Once Original Code has been published under a particular
-+version of this License, You may continue to use it under the terms of that
-+version. You may also choose to use such Original Code under the terms of any
-+subsequent version of this License published by Apple. No one other than Apple
-+has the right to modify the terms applicable to Covered Code created under this
-+License.
-+
-+8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in
-+part pre-release, untested, or not fully tested works. The Covered Code may
-+contain errors that could cause failures or loss of data, and may be incomplete
-+or contain inaccuracies. You expressly acknowledge and agree that use of the
-+Covered Code, or any portion thereof, is at Your sole and entire risk. THE
-+COVERED CODE IS PROVIDED "AS IS" AND WITHOUT WARRANTY, UPGRADES OR SUPPORT OF
-+ANY KIND AND APPLE AND APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE"
-+FOR THE PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM
-+ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT
-+LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, OF
-+SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF ACCURACY, OF
-+QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. APPLE AND EACH
-+CONTRIBUTOR DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE
-+COVERED CODE, THAT THE FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR
-+REQUIREMENTS, THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR
-+ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO ORAL OR
-+WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE AUTHORIZED
-+REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY. You acknowledge
-+that the Covered Code is not intended for use in the operation of nuclear
-+facilities, aircraft navigation, communication systems, or air traffic control
-+machines in which case the failure of the Covered Code could lead to death,
-+personal injury, or severe physical or environmental damage.
-+
-+9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
-+EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL, SPECIAL,
-+INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO THIS LICENSE OR
-+YOUR USE OR INABILITY TO USE THE COVERED CODE, OR ANY PORTION THEREOF, WHETHER
-+UNDER A THEORY OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCTS
-+LIABILITY OR OTHERWISE, EVEN IF APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF
-+THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL
-+PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF
-+LIABILITY OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT
-+APPLY TO YOU. In no event shall Apple's total liability to You for all damages
-+(other than as may be required by applicable law) under this License exceed the
-+amount of fifty dollars ($50.00).
-+
-+10. Trademarks. This License does not grant any rights to use the
-+trademarks or trade names "Apple", "Mac", "Mac OS", "QuickTime", "QuickTime
-+Streaming Server" or any other trademarks, service marks, logos or trade names
-+belonging to Apple (collectively "Apple Marks") or to any trademark, service
-+mark, logo or trade name belonging to any Contributor. You agree not to use
-+any Apple Marks in or as part of the name of products derived from the Original
-+Code or to endorse or promote products derived from the Original Code other
-+than as expressly permitted by and in strict compliance at all times with
-+Apple's third party trademark usage guidelines which are posted at
-+http://www.apple.com/legal/guidelinesfor3rdparties.html.
-+
-+11. Ownership. Subject to the licenses granted under this License, each
-+Contributor retains all rights, title and interest in and to any Modifications
-+made by such Contributor. Apple retains all rights, title and interest in and
-+to the Original Code and any Modifications made by or on behalf of Apple
-+("Apple Modifications"), and such Apple Modifications will not be automatically
-+subject to this License. Apple may, at its sole discretion, choose to license
-+such Apple Modifications under this License, or on different terms from those
-+contained in this License or may choose not to license them at all.
-+
-+12. Termination.
-+
-+12.1 Termination. This License and the rights granted hereunder will
-+terminate:
-+
-+(a) automatically without notice from Apple if You fail to comply with any
-+term(s) of this License and fail to cure such breach within 30 days of becoming
-+aware of such breach; (b) immediately in the event of the circumstances
-+described in Section 13.5(b); or (c) automatically without notice from Apple
-+if You, at any time during the term of this License, commence an action for
-+patent infringement against Apple; provided that Apple did not first commence
-+an action for patent infringement against You in that instance.
-+
-+12.2 Effect of Termination. Upon termination, You agree to immediately stop
-+any further use, reproduction, modification, sublicensing and distribution of
-+the Covered Code. All sublicenses to the Covered Code which have been properly
-+granted prior to termination shall survive any termination of this License.
-+Provisions which, by their nature, should remain in effect beyond the
-+termination of this License shall survive, including but not limited to
-+Sections 3, 5, 8, 9, 10, 11, 12.2 and 13. No party will be liable to any other
-+for compensation, indemnity or damages of any sort solely as a result of
-+terminating this License in accordance with its terms, and termination of this
-+License will be without prejudice to any other right or remedy of any party.
-+
-+13. Miscellaneous.
-+
-+13.1 Government End Users. The Covered Code is a "commercial item" as
-+defined in FAR 2.101. Government software and technical data rights in the
-+Covered Code include only those rights customarily provided to the public as
-+defined in this License. This customary commercial license in technical data
-+and software is provided in accordance with FAR 12.211 (Technical Data) and
-+12.212 (Computer Software) and, for Department of Defense purchases, DFAR
-+252.227-7015 (Technical Data -- Commercial Items) and 227.7202-3 (Rights in
-+Commercial Computer Software or Computer Software Documentation). Accordingly,
-+all U.S. Government End Users acquire Covered Code with only those rights set
-+forth herein.
-+
-+13.2 Relationship of Parties. This License will not be construed as
-+creating an agency, partnership, joint venture or any other form of legal
-+association between or among You, Apple or any Contributor, and You will not
-+represent to the contrary, whether expressly, by implication, appearance or
-+otherwise.
-+
-+13.3 Independent Development. Nothing in this License will impair Apple's
-+right to acquire, license, develop, have others develop for it, market and/or
-+distribute technology or products that perform the same or similar functions
-+as, or otherwise compete with, Modifications, Larger Works, technology or
-+products that You may develop, produce, market or distribute.
-+
-+13.4 Waiver; Construction. Failure by Apple or any Contributor to enforce
-+any provision of this License will not be deemed a waiver of future enforcement
-+of that or any other provision. Any law or regulation which provides that the
-+language of a contract shall be construed against the drafter will not apply to
-+this License.
-+
-+13.5 Severability. (a) If for any reason a court of competent jurisdiction
-+finds any provision of this License, or portion thereof, to be unenforceable,
-+that provision of the License will be enforced to the maximum extent
-+permissible so as to effect the economic benefits and intent of the parties,
-+and the remainder of this License will continue in full force and effect. (b)
-+Notwithstanding the foregoing, if applicable law prohibits or restricts You
-+from fully and/or specifically complying with Sections 2 and/or 3 or prevents
-+the enforceability of either of those Sections, this License will immediately
-+terminate and You must immediately discontinue any use of the Covered Code and
-+destroy all copies of it that are in your possession or control.
-+
-+13.6 Dispute Resolution. Any litigation or other dispute resolution between
-+You and Apple relating to this License shall take place in the Northern
-+District of California, and You and Apple hereby consent to the personal
-+jurisdiction of, and venue in, the state and federal courts within that
-+District with respect to this License. The application of the United Nations
-+Convention on Contracts for the International Sale of Goods is expressly
-+excluded.
-+
-+13.7 Entire Agreement; Governing Law. This License constitutes the entire
-+agreement between the parties with respect to the subject matter hereof. This
-+License shall be governed by the laws of the United States and the State of
-+California, except that body of California law concerning conflicts of law.
-+
-+Where You are located in the province of Quebec, Canada, the following clause
-+applies: The parties hereby confirm that they have requested that this License
-+and all related documents be drafted in English. Les parties ont exige que le
-+present contrat et tous les documents connexes soient rediges en anglais.
-+
-+EXHIBIT A.
-+
-+"Portions Copyright (c) 1999-2007 Apple Inc. All Rights Reserved.
-+
-+This file contains Original Code and/or Modifications of Original Code as
-+defined in and that are subject to the Apple Public Source License Version 2.0
-+(the 'License'). You may not use this file except in compliance with the
-+License. Please obtain a copy of the License at
-+http://www.opensource.apple.com/apsl/ and read it before using this file.
-+
-+The Original Code and all software distributed under the License are
-+distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
-+OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
-+LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
-+PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
-+specific language governing rights and limitations under the License."
diff --git a/net-snmp/patches/net-snmp-5.5-dir-fix.patch b/net-snmp/patches/net-snmp-5.5-dir-fix.patch
deleted file mode 100644
index b726c4713..000000000
--- a/net-snmp/patches/net-snmp-5.5-dir-fix.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-Let net-snmp-create-v3-user save settings into /etc/ instead of /usr/
-
-diff -up net-snmp-5.5/net-snmp-create-v3-user.in.orig net-snmp-5.5/net-snmp-create-v3-user.in
---- net-snmp-5.5/net-snmp-create-v3-user.in.orig 2008-07-22 16:33:25.000000000 +0200
-+++ net-snmp-5.5/net-snmp-create-v3-user.in 2009-09-29 16:30:36.000000000 +0200
-@@ -158,7 +158,7 @@ if test ! -d $outfile ; then
- touch $outfile
- fi
- echo $line >> $outfile
--outfile="@datadir@/snmp/snmpd.conf"
-+outfile="/etc/snmp/snmpd.conf"
- line="$token $user"
- echo "adding the following line to $outfile:"
- echo " " $line
diff --git a/net-snmp/patches/net-snmp-5.5-perl-linking.patch b/net-snmp/patches/net-snmp-5.5-perl-linking.patch
deleted file mode 100644
index ceb63630a..000000000
--- a/net-snmp/patches/net-snmp-5.5-perl-linking.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-554747 - net-snmp-config should not contain perl options
-
-Remove rpath from net-snmp-config --agent-libs output.
-
-diff -up net-snmp-5.7/net-snmp-config.in.perl-linking net-snmp-5.7/net-snmp-config.in
---- net-snmp-5.7/net-snmp-config.in.perl-linking 2011-07-02 00:35:46.000000000 +0200
-+++ net-snmp-5.7/net-snmp-config.in 2011-07-07 13:30:01.635798817 +0200
-@@ -50,7 +50,7 @@ NSC_LDFLAGS="@LDFLAGS@"
-
- NSC_LIBS="@LIBS@"
- NSC_LNETSNMPLIBS="@LNETSNMPLIBS@"
--NSC_LAGENTLIBS="@LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@"
-+NSC_LAGENTLIBS="@LAGENTLIBS@"
- NSC_LMIBLIBS="@LMIBLIBS@"
-
- NSC_INCLUDEDIR=${includedir}
diff --git a/net-snmp/patches/net-snmp-5.6-multilib.patch b/net-snmp/patches/net-snmp-5.6-multilib.patch
deleted file mode 100644
index 9c12385a1..000000000
--- a/net-snmp/patches/net-snmp-5.6-multilib.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-diff -up net-snmp-5.7.3/man/netsnmp_config_api.3.def.oSBcEB net-snmp-5.7.3/man/netsnmp_config_api.3.def
---- net-snmp-5.7.3/man/netsnmp_config_api.3.def.oSBcEB 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/man/netsnmp_config_api.3.def 2015-02-17 13:32:38.903284207 +0100
-@@ -295,7 +295,7 @@ for one particular machine.
- .PP
- The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
- followed by \fC DATADIR/snmp\fP,
--followed by \fC LIBDIR/snmp\fP,
-+followed by \fC /usr/lib(64)/snmp\fP,
- followed by \fC $HOME/.snmp\fP.
- This list can be changed by setting the environmental variable
- .I SNMPCONFPATH
-@@ -365,7 +365,7 @@ function that it should abort the operat
- SNMPCONFPATH
- A colon separated list of directories to search for configuration
- files in.
--Default: SYSCONFDIR/snmp:DATADIR/snmp:LIBDIR/snmp:$HOME/.snmp
-+Default: SYSCONFDIR/snmp:DATADIR/snmp:/usr/lib(64)/snmp:$HOME/.snmp
- .SH "SEE ALSO"
- netsnmp_mib_api(3), snmp_api(3)
- .\" Local Variables:
-diff -up net-snmp-5.7.3/man/snmp_config.5.def.oSBcEB net-snmp-5.7.3/man/snmp_config.5.def
---- net-snmp-5.7.3/man/snmp_config.5.def.oSBcEB 2015-02-17 13:32:04.251309092 +0100
-+++ net-snmp-5.7.3/man/snmp_config.5.def 2015-02-17 13:33:09.217262438 +0100
-@@ -10,7 +10,7 @@ First off, there are numerous places tha
- found and read from. By default, the applications look for
- configuration files in the following 4 directories, in order:
- SYSCONFDIR/snmp,
--DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these
-+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these
- directories, it looks for files snmp.conf, snmpd.conf and/or
- snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
- and/or snmptrapd.local.conf. *.local.conf are always
-diff -up net-snmp-5.7.3/man/snmpd.conf.5.def.oSBcEB net-snmp-5.7.3/man/snmpd.conf.5.def
---- net-snmp-5.7.3/man/snmpd.conf.5.def.oSBcEB 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/man/snmpd.conf.5.def 2015-02-17 13:32:04.251309092 +0100
-@@ -1502,7 +1502,7 @@ filename), and call the initialisation r
- .RS
- .IP "Note:"
- If the specified PATH is not a fully qualified filename, it will
--be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
-+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
- will be appended to the filename.
- .RE
- .PP
diff --git a/net-snmp/patches/net-snmp-5.6-test-debug.patch b/net-snmp/patches/net-snmp-5.6-test-debug.patch
deleted file mode 100644
index 4ae97fbee..000000000
--- a/net-snmp/patches/net-snmp-5.6-test-debug.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Don't check tests which depend on DNS - it's disabled in Koji
-
-diff -up net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple
---- net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug 2012-10-10 00:28:58.000000000 +0200
-+++ net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple 2012-10-18 10:16:39.276416510 +0200
-@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25
- SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
- SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
-
-+FINISHED
-+
-+# don't test the later, it depends on DNS, which is not available in Koji
-+
- CHECKAGENT '<"c408a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 32: Error:'
-diff -up net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple
---- net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug 2012-10-10 00:28:58.000000000 +0200
-+++ net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple 2012-10-18 10:16:39.276416510 +0200
-@@ -132,6 +132,9 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff
- SAVECHECKAGENT 'line 27: Error:'
- SAVECHECKAGENT 'line 28: Error:'
-
-+FINISHED
-+
-+# don't test the later, it depends on DNS, which is not available in Koji
- # 608
- CHECKAGENT '<"c608a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
diff --git a/net-snmp/patches/net-snmp-5.7.2-systemd.patch b/net-snmp/patches/net-snmp-5.7.2-systemd.patch
deleted file mode 100644
index 4c89d608e..000000000
--- a/net-snmp/patches/net-snmp-5.7.2-systemd.patch
+++ /dev/null
@@ -1,1650 +0,0 @@
-718183 - Provide native systemd unit file
-
-Gathered from following upstream git commits and backported to 5.7.
-
-commit 19499c3c90bf9d7b2b9e5d08baa26cc6bba28a11
-Author: Jan Safranek <jsafranek(a)users.sourceforge.net>
-Date: Mon Aug 8 15:48:54 2011 +0200
-
- CHANGES: snmpd: integrated with systemd, see README.systemd for details.
-
- It brings sd-daemon.c and .h directly downloaded from systemd. I've made very
- few changes to it to match our NETSNMP_NO_SYSTEMD and include paths.
-
-commit fef6cddfdb94da1a6b1fb768af62918b80f11fd3
-Author: Jan Safranek <jsafranek(a)users.sourceforge.net>
-Date: Mon Aug 8 15:48:54 2011 +0200
-
- CHANGES: snmptrapd: integrate systemd notification support.
-
-commit 0641e43c694c485cbbffef0556efc4641bd3ff50
-Author: Jan Safranek <jsafranek(a)users.sourceforge.net>
-Date: Mon Aug 8 15:48:54 2011 +0200
-
- Add sd_find_inet_socket() and sd_find_inet_unisx() helpers into
- system-specific code. This will help us to find various sockets
- created by systemd much easier.
-
-commit 76530a89f1c8bbd0b63acce63e10d5d4812a1a16
-Author: Jan Safranek <jsafranek(a)users.sourceforge.net>
-Date: Mon Aug 8 15:48:54 2011 +0200
-
- Check sockets created by systemd when opening new server sockets.
-
- systemd can pass sockets to our daemons during startup using LISTEN_FDS
- environment variable. So check this variable when opening new listening
- socket - maybe system has already opened the socket for us.
-
-commit bf108d7f1354f6276fc43c129963f2c49b9fc242
-Author: Jan Safranek <jsafranek(a)users.sourceforge.net>
-Date: Mon Aug 8 15:48:54 2011 +0200
-
- Added sample systemd service files.
-
-commit 884ec488a6596380ba283d707827dd926a52e0b2
-Author: Jan Safranek <jsafranek(a)users.sourceforge.net>
-Date: Mon Aug 8 15:48:55 2011 +0200
-
- Run autoheader+autoconf.
-
-commit 86132e3f1e6ef7b4e0b96d8fa24e37c81b71b0e0
-Author: Jan Safranek <jsafranek(a)users.sourceforge.net>
-Date: Tue Aug 9 10:53:43 2011 +0200
-
- Update systemd documentation and samples.
-
- - add socket unit for snmpd to paralelize boot
- - update WantedBy in socket units as recommended by http://0pointer.de/blog/projects/socket-activation.html
- - rephrase README.systemd
-
-diff -up net-snmp-5.7.3/agent/snmpd.c.MPGqYh net-snmp-5.7.3/agent/snmpd.c
---- net-snmp-5.7.3/agent/snmpd.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/agent/snmpd.c 2015-02-17 13:34:05.736221851 +0100
-@@ -164,6 +164,10 @@ typedef long fd_mask;
-
- #endif
-
-+#ifndef NETSNMP_NO_SYSTEMD
-+#include <net-snmp/library/sd-daemon.h>
-+#endif
-+
- netsnmp_feature_want(logging_file)
- netsnmp_feature_want(logging_stdio)
- netsnmp_feature_want(logging_syslog)
-@@ -443,18 +447,26 @@ main(int argc, char *argv[])
- int agent_mode = -1;
- char *pid_file = NULL;
- char option_compatability[] = "-Le";
-+ int prepared_sockets = 0;
- #if HAVE_GETPID
- int fd;
- FILE *PID;
- #endif
-
- #ifndef WIN32
-+#ifndef NETSNMP_NO_SYSYSTEMD
-+ /* check if systemd has sockets for us and don't close them */
-+ prepared_sockets = netsnmp_sd_listen_fds(0);
-+#endif /* NETSNMP_NO_SYSYSTEMD */
-+
- /*
- * close all non-standard file descriptors we may have
- * inherited from the shell.
- */
-- for (i = getdtablesize() - 1; i > 2; --i) {
-- (void) close(i);
-+ if (!prepared_sockets) {
-+ for (i = getdtablesize() - 1; i > 2; --i) {
-+ (void) close(i);
-+ }
- }
- #endif /* #WIN32 */
-
-@@ -1107,6 +1119,19 @@ main(int argc, char *argv[])
- netsnmp_addrcache_initialise();
-
- /*
-+ * Let systemd know we're up.
-+ */
-+#ifndef NETSNMP_NO_SYSTEMD
-+ netsnmp_sd_notify(1, "READY=1\n");
-+ if (prepared_sockets)
-+ /*
-+ * Clear the environment variable, we already processed all the sockets
-+ * by now.
-+ */
-+ netsnmp_sd_listen_fds(1);
-+#endif
-+
-+ /*
- * Forever monitor the dest_port for incoming PDUs.
- */
- DEBUGMSGTL(("snmpd/main", "We're up. Starting to process data.\n"));
-diff -up net-snmp-5.7.3/apps/snmptrapd.c.MPGqYh net-snmp-5.7.3/apps/snmptrapd.c
---- net-snmp-5.7.3/apps/snmptrapd.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/apps/snmptrapd.c 2015-02-17 13:34:05.736221851 +0100
-@@ -125,6 +125,10 @@ SOFTWARE.
-
- #include <net-snmp/net-snmp-features.h>
-
-+#ifndef NETSNMP_NO_SYSTEMD
-+#include <net-snmp/library/sd-daemon.h>
-+#endif
-+
- #ifndef BSD4_3
- #define BSD4_2
- #endif
-@@ -657,15 +661,22 @@ main(int argc, char *argv[])
- int agentx_subagent = 1;
- #endif
- netsnmp_trapd_handler *traph;
-+ int prepared_sockets = 0;
-
-
- #ifndef WIN32
-+#ifndef NETSNMP_NO_SYSTEMD
-+ /* check if systemd has sockets for us and don't close them */
-+ prepared_sockets = netsnmp_sd_listen_fds(0);
-+#endif
- /*
- * close all non-standard file descriptors we may have
- * inherited from the shell.
- */
-- for (i = getdtablesize() - 1; i > 2; --i) {
-- (void) close(i);
-+ if (!prepared_sockets) {
-+ for (i = getdtablesize() - 1; i > 2; --i) {
-+ (void) close(i);
-+ }
- }
- #endif /* #WIN32 */
-
-@@ -1318,6 +1329,19 @@ main(int argc, char *argv[])
- #endif
- #endif
-
-+ /*
-+ * Let systemd know we're up.
-+ */
-+#ifndef NETSNMP_NO_SYSTEMD
-+ netsnmp_sd_notify(1, "READY=1\n");
-+ if (prepared_sockets)
-+ /*
-+ * Clear the environment variable, we already processed all the sockets
-+ * by now.
-+ */
-+ netsnmp_sd_listen_fds(1);
-+#endif
-+
- #ifdef WIN32SERVICE
- trapd_status = SNMPTRAPD_RUNNING;
- #endif
-diff -up net-snmp-5.7.3/configure.d/config_modules_lib.MPGqYh net-snmp-5.7.3/configure.d/config_modules_lib
---- net-snmp-5.7.3/configure.d/config_modules_lib.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/configure.d/config_modules_lib 2015-02-17 13:34:05.737221850 +0100
-@@ -53,6 +53,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32"
- other_ftobjs_list="$other_ftobjs_list winpipe.ft"
- fi
-
-+# Linux systemd
-+if test "x$with_systemd" == "xyes"; then
-+ other_src_list="$other_src_list sd-daemon.c"
-+ other_objs_list="$other_objs_list sd-daemon.o"
-+ other_lobjs_list="$other_lobjs_list sd-daemon.lo"
-+ other_ftobjs_list="$other_ftobjs_list sd-daemon.ft"
-+fi
-+
- AC_SUBST(other_src_list)
- AC_SUBST(other_objs_list)
- AC_SUBST(other_lobjs_list)
-diff -up net-snmp-5.7.3/configure.d/config_project_with_enable.MPGqYh net-snmp-5.7.3/configure.d/config_project_with_enable
---- net-snmp-5.7.3/configure.d/config_project_with_enable.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/configure.d/config_project_with_enable 2015-02-17 13:34:05.737221850 +0100
-@@ -690,6 +690,15 @@ if test "x$with_dummy_values" != "xyes";
- data for])
- fi
-
-+NETSNMP_ARG_WITH(systemd,
-+[ --with-systemd Provide systemd support. See README.systemd
-+ for details.])
-+# Define unless specifically suppressed (i.e., option defaults to false).
-+if test "x$with_systemd" != "xyes"; then
-+ AC_DEFINE(NETSNMP_NO_SYSTEMD, 1,
-+ [If you don't want to integrate with systemd.])
-+fi
-+
- NETSNMP_ARG_ENABLE(set-support,
- [ --disable-set-support Do not allow SNMP set requests.])
- if test "x$enable_set_support" = "xno"; then
-diff -up net-snmp-5.7.3/configure.MPGqYh net-snmp-5.7.3/configure
---- net-snmp-5.7.3/configure.MPGqYh 2014-12-08 21:23:37.000000000 +0100
-+++ net-snmp-5.7.3/configure 2015-02-17 13:34:05.744221845 +0100
-@@ -951,6 +951,8 @@ with_kmem_usage
- enable_kmem_usage
- with_dummy_values
- enable_dummy_values
-+with_systemd
-+enable_systemd
- enable_set_support
- with_set_support
- with_sys_contact
-@@ -1867,6 +1869,8 @@ Configuring the agent:
- This is technically not compliant with the
- SNMP specifications, but was how the agent
- operated for versions < 4.0.
-+ --with-systemd Provide systemd support. See README.systemd
-+ for details.
- --with-sys-contact="who(a)where" Default system contact.
- (Default: LOGIN(a)DOMAINNAME)
- --with-sys-location="location" Default system location.
-@@ -4398,6 +4402,24 @@ $as_echo "#define NETSNMP_NO_DUMMY_VALUE
-
- fi
-
-+
-+# Check whether --with-systemd was given.
-+if test "${with_systemd+set}" = set; then :
-+ withval=$with_systemd;
-+fi
-+
-+ # Check whether --enable-systemd was given.
-+if test "${enable_systemd+set}" = set; then :
-+ enableval=$enable_systemd; as_fn_error $? "Invalid option. Use --with-systemd/--without-systemd instead" "$LINENO" 5
-+fi
-+
-+# Define unless specifically suppressed (i.e., option defaults to false).
-+if test "x$with_systemd" != "xyes"; then
-+
-+$as_echo "#define NETSNMP_NO_SYSTEMD 1" >>confdefs.h
-+
-+fi
-+
- # Check whether --enable-set-support was given.
- if test "${enable_set_support+set}" = set; then :
- enableval=$enable_set_support;
-@@ -18639,6 +18661,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32"
- other_ftobjs_list="$other_ftobjs_list winpipe.ft"
- fi
-
-+# Linux systemd
-+if test "x$with_systemd" == "xyes"; then
-+ other_src_list="$other_src_list sd-daemon.c"
-+ other_objs_list="$other_objs_list sd-daemon.o"
-+ other_lobjs_list="$other_lobjs_list sd-daemon.lo"
-+ other_ftobjs_list="$other_ftobjs_list sd-daemon.ft"
-+fi
-+
-
-
-
-diff -up net-snmp-5.7.3/dist/snmpd.service.MPGqYh net-snmp-5.7.3/dist/snmpd.service
---- net-snmp-5.7.3/dist/snmpd.service.MPGqYh 2015-02-17 13:34:05.745221844 +0100
-+++ net-snmp-5.7.3/dist/snmpd.service 2015-02-17 13:34:05.745221844 +0100
-@@ -0,0 +1,18 @@
-+#
-+# SNMP agent service file for systemd
-+#
-+#
-+# The service should be enabled, i.e. snmpd should start during machine boot.
-+# Socket activation shall not be used. See README.systemd for details.
-+
-+[Unit]
-+Description=Simple Network Management Protocol (SNMP) daemon.
-+After=syslog.target network.target
-+
-+[Service]
-+# Type=notify is also supported. It should be set when snmpd.socket is not used.
-+Type=simple
-+ExecStart=/usr/sbin/snmpd -f
-+
-+[Install]
-+WantedBy=multi-user.target
-diff -up net-snmp-5.7.3/dist/snmpd.socket.MPGqYh net-snmp-5.7.3/dist/snmpd.socket
---- net-snmp-5.7.3/dist/snmpd.socket.MPGqYh 2015-02-17 13:34:05.745221844 +0100
-+++ net-snmp-5.7.3/dist/snmpd.socket 2015-02-17 13:34:05.745221844 +0100
-@@ -0,0 +1,17 @@
-+[Unit]
-+Description=Socket listening for SNMP and AgentX messages
-+
-+[Socket]
-+ListenDatagram=0.0.0.0:161
-+# Uncomment other listening addresses as needed - TCP, UDP6, TCP6.
-+# It must match listening addresses/ports defined in snmpd.service
-+# or snmpd.conf.
-+# ListenStream=0.0.0.0:161
-+# ListenDatagram=[::]:161
-+# ListenStream=[::]:161
-+#
-+# Uncomment AgentX socket if snmpd.conf enables AgentX protocol.
-+# ListenStream=/var/agentx/master
-+
-+[Install]
-+WantedBy=sockets.target
-diff -up net-snmp-5.7.3/dist/snmptrapd.service.MPGqYh net-snmp-5.7.3/dist/snmptrapd.service
---- net-snmp-5.7.3/dist/snmptrapd.service.MPGqYh 2015-02-17 13:34:05.745221844 +0100
-+++ net-snmp-5.7.3/dist/snmptrapd.service 2015-02-17 13:34:05.745221844 +0100
-@@ -0,0 +1,16 @@
-+#
-+# SNMP trap-processing service file for systemd
-+#
-+
-+[Unit]
-+Description=Simple Network Management Protocol (SNMP) Trap daemon.
-+After=syslog.target network.target
-+
-+[Service]
-+# Type=notify is also supported. It should be set when snmptrapd.socket is not
-+# used.
-+Type=simple
-+ExecStart=/usr/sbin/snmptrapd -f
-+
-+[Install]
-+WantedBy=multi-user.target
-diff -up net-snmp-5.7.3/dist/snmptrapd.socket.MPGqYh net-snmp-5.7.3/dist/snmptrapd.socket
---- net-snmp-5.7.3/dist/snmptrapd.socket.MPGqYh 2015-02-17 13:34:05.745221844 +0100
-+++ net-snmp-5.7.3/dist/snmptrapd.socket 2015-02-17 13:34:05.745221844 +0100
-@@ -0,0 +1,14 @@
-+[Unit]
-+Description=Socket listening for SNMP trap messages
-+
-+[Socket]
-+ListenDatagram=0.0.0.0:162
-+# Uncomment other listening addresses as needed - TCP, UDP6, TCP6.
-+# It must match listening addresses/ports defined in snmptrapd.service
-+# or snmptrapd.conf.
-+# ListenStream=0.0.0.0:162
-+# ListenDatagram=[::]:162
-+# ListenStream=[::]:162
-+
-+[Install]
-+WantedBy=sockets.target
-diff -up net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h.MPGqYh net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h
---- net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h.MPGqYh 2015-02-17 13:34:05.746221843 +0100
-+++ net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h 2015-02-17 13:34:05.746221843 +0100
-@@ -0,0 +1,286 @@
-+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-+
-+#ifndef SNMPD_SD_DAEMON_H
-+#define SNMPD_SD_DAEMON_H
-+
-+/***
-+ Copyright 2010 Lennart Poettering
-+
-+ Permission is hereby granted, free of charge, to any person
-+ obtaining a copy of this software and associated documentation files
-+ (the "Software"), to deal in the Software without restriction,
-+ including without limitation the rights to use, copy, modify, merge,
-+ publish, distribute, sublicense, and/or sell copies of the Software,
-+ and to permit persons to whom the Software is furnished to do so,
-+ subject to the following conditions:
-+
-+ The above copyright notice and this permission notice shall be
-+ included in all copies or substantial portions of the Software.
-+
-+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-+ SOFTWARE.
-+***/
-+
-+#include <sys/types.h>
-+#include <inttypes.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/*
-+ Reference implementation of a few systemd related interfaces for
-+ writing daemons. These interfaces are trivial to implement. To
-+ simplify porting we provide this reference implementation.
-+ Applications are welcome to reimplement the algorithms described
-+ here if they do not want to include these two source files.
-+
-+ The following functionality is provided:
-+
-+ - Support for logging with log levels on stderr
-+ - File descriptor passing for socket-based activation
-+ - Daemon startup and status notification
-+ - Detection of systemd boots
-+
-+ You may compile this with -DDISABLE_SYSTEMD to disable systemd
-+ support. This makes all those calls NOPs that are directly related to
-+ systemd (i.e. only sd_is_xxx() will stay useful).
-+
-+ Since this is drop-in code we don't want any of our symbols to be
-+ exported in any case. Hence we declare hidden visibility for all of
-+ them.
-+
-+ You may find an up-to-date version of these source files online:
-+
-+ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h
-+ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c
-+
-+ This should compile on non-Linux systems, too, but with the
-+ exception of the sd_is_xxx() calls all functions will become NOPs.
-+
-+ See sd-daemon(7) for more information.
-+*/
-+
-+#ifndef _sd_printf_attr_
-+#if __GNUC__ >= 4
-+#define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b)))
-+#else
-+#define _sd_printf_attr_(a,b)
-+#endif
-+#endif
-+
-+/*
-+ Log levels for usage on stderr:
-+
-+ fprintf(stderr, SD_NOTICE "Hello World!\n");
-+
-+ This is similar to printk() usage in the kernel.
-+*/
-+#define SD_EMERG "<0>" /* system is unusable */
-+#define SD_ALERT "<1>" /* action must be taken immediately */
-+#define SD_CRIT "<2>" /* critical conditions */
-+#define SD_ERR "<3>" /* error conditions */
-+#define SD_WARNING "<4>" /* warning conditions */
-+#define SD_NOTICE "<5>" /* normal but significant condition */
-+#define SD_INFO "<6>" /* informational */
-+#define SD_DEBUG "<7>" /* debug-level messages */
-+
-+/* The first passed file descriptor is fd 3 */
-+#define SD_LISTEN_FDS_START 3
-+
-+/*
-+ Returns how many file descriptors have been passed, or a negative
-+ errno code on failure. Optionally, removes the $LISTEN_FDS and
-+ $LISTEN_PID file descriptors from the environment (recommended, but
-+ problematic in threaded environments). If r is the return value of
-+ this function you'll find the file descriptors passed as fds
-+ SD_LISTEN_FDS_START to SD_LISTEN_FDS_START+r-1. Returns a negative
-+ errno style error code on failure. This function call ensures that
-+ the FD_CLOEXEC flag is set for the passed file descriptors, to make
-+ sure they are not passed on to child processes. If FD_CLOEXEC shall
-+ not be set, the caller needs to unset it after this call for all file
-+ descriptors that are used.
-+
-+ See sd_listen_fds(3) for more information.
-+*/
-+int netsnmp_sd_listen_fds(int unset_environment);
-+
-+/*
-+ Helper call for identifying a passed file descriptor. Returns 1 if
-+ the file descriptor is a FIFO in the file system stored under the
-+ specified path, 0 otherwise. If path is NULL a path name check will
-+ not be done and the call only verifies if the file descriptor
-+ refers to a FIFO. Returns a negative errno style error code on
-+ failure.
-+
-+ See sd_is_fifo(3) for more information.
-+*/
-+int netsnmp_sd_is_fifo(int fd, const char *path);
-+
-+/*
-+ Helper call for identifying a passed file descriptor. Returns 1 if
-+ the file descriptor is a special character device on the file
-+ system stored under the specified path, 0 otherwise.
-+ If path is NULL a path name check will not be done and the call
-+ only verifies if the file descriptor refers to a special character.
-+ Returns a negative errno style error code on failure.
-+
-+ See sd_is_special(3) for more information.
-+*/
-+int netsnmp_sd_is_special(int fd, const char *path);
-+
-+/*
-+ Helper call for identifying a passed file descriptor. Returns 1 if
-+ the file descriptor is a socket of the specified family (AF_INET,
-+ ...) and type (SOCK_DGRAM, SOCK_STREAM, ...), 0 otherwise. If
-+ family is 0 a socket family check will not be done. If type is 0 a
-+ socket type check will not be done and the call only verifies if
-+ the file descriptor refers to a socket. If listening is > 0 it is
-+ verified that the socket is in listening mode. (i.e. listen() has
-+ been called) If listening is == 0 it is verified that the socket is
-+ not in listening mode. If listening is < 0 no listening mode check
-+ is done. Returns a negative errno style error code on failure.
-+
-+ See sd_is_socket(3) for more information.
-+*/
-+int netsnmp_sd_is_socket(int fd, int family, int type, int listening);
-+
-+/*
-+ Helper call for identifying a passed file descriptor. Returns 1 if
-+ the file descriptor is an Internet socket, of the specified family
-+ (either AF_INET or AF_INET6) and the specified type (SOCK_DGRAM,
-+ SOCK_STREAM, ...), 0 otherwise. If version is 0 a protocol version
-+ check is not done. If type is 0 a socket type check will not be
-+ done. If port is 0 a socket port check will not be done. The
-+ listening flag is used the same way as in sd_is_socket(). Returns a
-+ negative errno style error code on failure.
-+
-+ See sd_is_socket_inet(3) for more information.
-+*/
-+int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port);
-+
-+/*
-+ Helper call for identifying a passed file descriptor. Returns 1 if
-+ the file descriptor is an AF_UNIX socket of the specified type
-+ (SOCK_DGRAM, SOCK_STREAM, ...) and path, 0 otherwise. If type is 0
-+ a socket type check will not be done. If path is NULL a socket path
-+ check will not be done. For normal AF_UNIX sockets set length to
-+ 0. For abstract namespace sockets set length to the length of the
-+ socket name (including the initial 0 byte), and pass the full
-+ socket path in path (including the initial 0 byte). The listening
-+ flag is used the same way as in sd_is_socket(). Returns a negative
-+ errno style error code on failure.
-+
-+ See sd_is_socket_unix(3) for more information.
-+*/
-+int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length);
-+
-+/*
-+ Informs systemd about changed daemon state. This takes a number of
-+ newline separated environment-style variable assignments in a
-+ string. The following variables are known:
-+
-+ READY=1 Tells systemd that daemon startup is finished (only
-+ relevant for services of Type=notify). The passed
-+ argument is a boolean "1" or "0". Since there is
-+ little value in signaling non-readiness the only
-+ value daemons should send is "READY=1".
-+
-+ STATUS=... Passes a single-line status string back to systemd
-+ that describes the daemon state. This is free-from
-+ and can be used for various purposes: general state
-+ feedback, fsck-like programs could pass completion
-+ percentages and failing programs could pass a human
-+ readable error message. Example: "STATUS=Completed
-+ 66% of file system check..."
-+
-+ ERRNO=... If a daemon fails, the errno-style error code,
-+ formatted as string. Example: "ERRNO=2" for ENOENT.
-+
-+ BUSERROR=... If a daemon fails, the D-Bus error-style error
-+ code. Example: "BUSERROR=org.freedesktop.DBus.Error.TimedOut"
-+
-+ MAINPID=... The main pid of a daemon, in case systemd did not
-+ fork off the process itself. Example: "MAINPID=4711"
-+
-+ Daemons can choose to send additional variables. However, it is
-+ recommended to prefix variable names not listed above with X_.
-+
-+ Returns a negative errno-style error code on failure. Returns > 0
-+ if systemd could be notified, 0 if it couldn't possibly because
-+ systemd is not running.
-+
-+ Example: When a daemon finished starting up, it could issue this
-+ call to notify systemd about it:
-+
-+ sd_notify(0, "READY=1");
-+
-+ See sd_notifyf() for more complete examples.
-+
-+ See sd_notify(3) for more information.
-+*/
-+int netsnmp_sd_notify(int unset_environment, const char *state);
-+
-+/*
-+ Similar to sd_notify() but takes a format string.
-+
-+ Example 1: A daemon could send the following after initialization:
-+
-+ sd_notifyf(0, "READY=1\n"
-+ "STATUS=Processing requests...\n"
-+ "MAINPID=%lu",
-+ (unsigned long) getpid());
-+
-+ Example 2: A daemon could send the following shortly before
-+ exiting, on failure:
-+
-+ sd_notifyf(0, "STATUS=Failed to start up: %s\n"
-+ "ERRNO=%i",
-+ strerror(errno),
-+ errno);
-+
-+ See sd_notifyf(3) for more information.
-+*/
-+int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3);
-+
-+/*
-+ Returns > 0 if the system was booted with systemd. Returns < 0 on
-+ error. Returns 0 if the system was not booted with systemd. Note
-+ that all of the functions above handle non-systemd boots just
-+ fine. You should NOT protect them with a call to this function. Also
-+ note that this function checks whether the system, not the user
-+ session is controlled by systemd. However the functions above work
-+ for both user and system services.
-+
-+ See sd_booted(3) for more information.
-+*/
-+int netsnmp_sd_booted(void);
-+
-+/**
-+ * Find an socket with given parameters. See man sd_is_socket_inet for
-+ * description of the arguments.
-+ *
-+ * Returns the file descriptor if it is found, 0 otherwise.
-+ */
-+int netsnmp_sd_find_inet_socket(int family, int type, int listening, int port);
-+
-+/**
-+ * Find an unix socket with given parameters. See man sd_is_socket_unix for
-+ * description of the arguments.
-+ *
-+ * Returns the file descriptor if it is found, 0 otherwise.
-+ */
-+int
-+netsnmp_sd_find_unix_socket(int type, int listening, const char *path);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SNMPD_SD_DAEMON_H */
-diff -up net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in.MPGqYh net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in
---- net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in 2015-02-17 13:34:05.746221843 +0100
-@@ -1410,6 +1410,9 @@
- /* If you don't have root access don't exit upon kmem errors */
- #undef NETSNMP_NO_ROOT_ACCESS
-
-+/* If you don't want to integrate with systemd. */
-+#undef NETSNMP_NO_SYSTEMD
-+
- /* Define if you want to remove all SET/write access from the code */
- #undef NETSNMP_NO_WRITE_SUPPORT
-
-diff -up net-snmp-5.7.3/README.systemd.MPGqYh net-snmp-5.7.3/README.systemd
---- net-snmp-5.7.3/README.systemd.MPGqYh 2015-02-17 13:34:05.747221843 +0100
-+++ net-snmp-5.7.3/README.systemd 2015-02-17 13:34:05.747221843 +0100
-@@ -0,0 +1,41 @@
-+README.systemd
-+--------------
-+Net-SNMP provides two daemons, which support systemd system manager.
-+See http://www.freedesktop.org/wiki/Software/systemd to learn how
-+systemd works. Both socket activation and notification is supported by these
-+daemons.
-+
-+To enable systemd support, the sources must be compiled with
-+--with-systemd configure option.
-+
-+snmpd - The SNMP agent
-+----------------------
-+Socket activation od snmpd daemon is implemented, but it's discouraged.
-+The reason is simple - snmpd not only listens and processes SNMP requests
-+from network, but also gathers system statistics counters, sends traps and
-+communicates with subagents. It even opens few netlink sockets.
-+
-+In other words, snmpd should run from system start to properly work.
-+This can be done in two ways:
-+1) either as snmpd service unit with 'Type=notification' and without a socket
-+ unit
-+2) or as snmpd service unit with 'Type=simple', appropriate socket socket unit
-+ and the snmpd service enabled. This way systemd creates the snmpd listening
-+ socket early during boot and passes the sockets to snmpd slightly later
-+ (but still during machine boot). This way systemd can paralelize start of
-+ services, which depend on snmpd. Admins must adjust the socket file manually,
-+ depending if the snmpd support AgentX, IPv6, SMUX etc.
-+
-+snmpd should be started with '-f' command line parameter to disable forking -
-+systemd does that for us automatically.
-+
-+
-+snmptrapd - The trap processing daemon
-+--------------------------------------
-+snmptrapd supports full socket activation and also notification (if needed).
-+Both 'Type=simple' (with appropriate socket unit) and 'Type=notify' services
-+will work. Again, '-f' parameter should be provided on snmptrapd command line.
-+
-+If integration with SNMP agent using AgentX protocol is enabled, snmptrapd should
-+start during boot and not after first SNMP trap arrives. Same rules as for snmpd
-+applies then.
-\ No newline at end of file
-diff -up net-snmp-5.7.3/snmplib/sd-daemon.c.MPGqYh net-snmp-5.7.3/snmplib/sd-daemon.c
---- net-snmp-5.7.3/snmplib/sd-daemon.c.MPGqYh 2015-02-17 13:34:05.747221843 +0100
-+++ net-snmp-5.7.3/snmplib/sd-daemon.c 2015-02-17 13:34:05.747221843 +0100
-@@ -0,0 +1,532 @@
-+/*
-+ * Systemd integration parts.
-+ *
-+ * Most of this file is directly copied from systemd sources.
-+ * Changes:
-+ * - all functions were renamed to have netsnmp_ prefix
-+ * - includes were changed to match Net-SNMP style.
-+ * - removed gcc export macros
-+ * - removed POSIX message queues
-+ */
-+
-+#include <net-snmp/net-snmp-config.h>
-+#include <net-snmp/net-snmp-features.h>
-+#include <net-snmp/types.h>
-+#include <net-snmp/library/snmp_debug.h>
-+
-+#ifndef NETSNMP_NO_SYSTEMD
-+
-+/***
-+ Copyright 2010 Lennart Poettering
-+
-+ Permission is hereby granted, free of charge, to any person
-+ obtaining a copy of this software and associated documentation files
-+ (the "Software"), to deal in the Software without restriction,
-+ including without limitation the rights to use, copy, modify, merge,
-+ publish, distribute, sublicense, and/or sell copies of the Software,
-+ and to permit persons to whom the Software is furnished to do so,
-+ subject to the following conditions:
-+
-+ The above copyright notice and this permission notice shall be
-+ included in all copies or substantial portions of the Software.
-+
-+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-+ SOFTWARE.
-+***/
-+
-+#ifndef _GNU_SOURCE
-+#define _GNU_SOURCE
-+#endif
-+
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <sys/socket.h>
-+#include <sys/un.h>
-+#include <sys/fcntl.h>
-+#include <netinet/in.h>
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <unistd.h>
-+#include <string.h>
-+#include <stdarg.h>
-+#include <stdio.h>
-+#include <stddef.h>
-+#include <limits.h>
-+
-+#include <net-snmp/library/sd-daemon.h>
-+
-+int netsnmp_sd_listen_fds(int unset_environment) {
-+
-+ int r, fd;
-+ const char *e;
-+ char *p = NULL;
-+ unsigned long l;
-+
-+ if (!(e = getenv("LISTEN_PID"))) {
-+ r = 0;
-+ goto finish;
-+ }
-+
-+ errno = 0;
-+ l = strtoul(e, &p, 10);
-+
-+ if (errno != 0) {
-+ r = -errno;
-+ goto finish;
-+ }
-+
-+ if (!p || *p || l <= 0) {
-+ r = -EINVAL;
-+ goto finish;
-+ }
-+
-+ /* Is this for us? */
-+ if (getpid() != (pid_t) l) {
-+ r = 0;
-+ goto finish;
-+ }
-+
-+ if (!(e = getenv("LISTEN_FDS"))) {
-+ r = 0;
-+ goto finish;
-+ }
-+
-+ errno = 0;
-+ l = strtoul(e, &p, 10);
-+
-+ if (errno != 0) {
-+ r = -errno;
-+ goto finish;
-+ }
-+
-+ if (!p || *p) {
-+ r = -EINVAL;
-+ goto finish;
-+ }
-+
-+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) {
-+ int flags;
-+
-+ if ((flags = fcntl(fd, F_GETFD)) < 0) {
-+ r = -errno;
-+ goto finish;
-+ }
-+
-+ if (flags & FD_CLOEXEC)
-+ continue;
-+
-+ if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) {
-+ r = -errno;
-+ goto finish;
-+ }
-+ }
-+
-+ r = (int) l;
-+
-+finish:
-+ if (unset_environment) {
-+ unsetenv("LISTEN_PID");
-+ unsetenv("LISTEN_FDS");
-+ }
-+
-+ return r;
-+}
-+
-+int netsnmp_sd_is_fifo(int fd, const char *path) {
-+ struct stat st_fd;
-+
-+ if (fd < 0)
-+ return -EINVAL;
-+
-+ memset(&st_fd, 0, sizeof(st_fd));
-+ if (fstat(fd, &st_fd) < 0)
-+ return -errno;
-+
-+ if (!S_ISFIFO(st_fd.st_mode))
-+ return 0;
-+
-+ if (path) {
-+ struct stat st_path;
-+
-+ memset(&st_path, 0, sizeof(st_path));
-+ if (stat(path, &st_path) < 0) {
-+
-+ if (errno == ENOENT || errno == ENOTDIR)
-+ return 0;
-+
-+ return -errno;
-+ }
-+
-+ return
-+ st_path.st_dev == st_fd.st_dev &&
-+ st_path.st_ino == st_fd.st_ino;
-+ }
-+
-+ return 1;
-+}
-+
-+int netsnmp_sd_is_special(int fd, const char *path) {
-+ struct stat st_fd;
-+
-+ if (fd < 0)
-+ return -EINVAL;
-+
-+ if (fstat(fd, &st_fd) < 0)
-+ return -errno;
-+
-+ if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode))
-+ return 0;
-+
-+ if (path) {
-+ struct stat st_path;
-+
-+ if (stat(path, &st_path) < 0) {
-+
-+ if (errno == ENOENT || errno == ENOTDIR)
-+ return 0;
-+
-+ return -errno;
-+ }
-+
-+ if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode))
-+ return
-+ st_path.st_dev == st_fd.st_dev &&
-+ st_path.st_ino == st_fd.st_ino;
-+ else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode))
-+ return st_path.st_rdev == st_fd.st_rdev;
-+ else
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+static int sd_is_socket_internal(int fd, int type, int listening) {
-+ struct stat st_fd;
-+
-+ if (fd < 0 || type < 0)
-+ return -EINVAL;
-+
-+ if (fstat(fd, &st_fd) < 0)
-+ return -errno;
-+
-+ if (!S_ISSOCK(st_fd.st_mode))
-+ return 0;
-+
-+ if (type != 0) {
-+ int other_type = 0;
-+ socklen_t l = sizeof(other_type);
-+
-+ if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0)
-+ return -errno;
-+
-+ if (l != sizeof(other_type))
-+ return -EINVAL;
-+
-+ if (other_type != type)
-+ return 0;
-+ }
-+
-+ if (listening >= 0) {
-+ int accepting = 0;
-+ socklen_t l = sizeof(accepting);
-+
-+ if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0)
-+ return -errno;
-+
-+ if (l != sizeof(accepting))
-+ return -EINVAL;
-+
-+ if (!accepting != !listening)
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+union sockaddr_union {
-+ struct sockaddr sa;
-+ struct sockaddr_in in4;
-+ struct sockaddr_in6 in6;
-+ struct sockaddr_un un;
-+ struct sockaddr_storage storage;
-+};
-+
-+int netsnmp_sd_is_socket(int fd, int family, int type, int listening) {
-+ int r;
-+
-+ if (family < 0)
-+ return -EINVAL;
-+
-+ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
-+ return r;
-+
-+ if (family > 0) {
-+ union sockaddr_union sockaddr;
-+ socklen_t l;
-+
-+ memset(&sockaddr, 0, sizeof(sockaddr));
-+ l = sizeof(sockaddr);
-+
-+ if (getsockname(fd, &sockaddr.sa, &l) < 0)
-+ return -errno;
-+
-+ if (l < sizeof(sa_family_t))
-+ return -EINVAL;
-+
-+ return sockaddr.sa.sa_family == family;
-+ }
-+
-+ return 1;
-+}
-+
-+int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) {
-+ union sockaddr_union sockaddr;
-+ socklen_t l;
-+ int r;
-+
-+ if (family != 0 && family != AF_INET && family != AF_INET6)
-+ return -EINVAL;
-+
-+ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
-+ return r;
-+
-+ memset(&sockaddr, 0, sizeof(sockaddr));
-+ l = sizeof(sockaddr);
-+
-+ if (getsockname(fd, &sockaddr.sa, &l) < 0)
-+ return -errno;
-+
-+ if (l < sizeof(sa_family_t))
-+ return -EINVAL;
-+
-+ if (sockaddr.sa.sa_family != AF_INET &&
-+ sockaddr.sa.sa_family != AF_INET6)
-+ return 0;
-+
-+ if (family > 0)
-+ if (sockaddr.sa.sa_family != family)
-+ return 0;
-+
-+ if (port > 0) {
-+ if (sockaddr.sa.sa_family == AF_INET) {
-+ if (l < sizeof(struct sockaddr_in))
-+ return -EINVAL;
-+
-+ return htons(port) == sockaddr.in4.sin_port;
-+ } else {
-+ if (l < sizeof(struct sockaddr_in6))
-+ return -EINVAL;
-+
-+ return htons(port) == sockaddr.in6.sin6_port;
-+ }
-+ }
-+
-+ return 1;
-+}
-+
-+int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) {
-+ union sockaddr_union sockaddr;
-+ socklen_t l;
-+ int r;
-+
-+ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
-+ return r;
-+
-+ memset(&sockaddr, 0, sizeof(sockaddr));
-+ l = sizeof(sockaddr);
-+
-+ if (getsockname(fd, &sockaddr.sa, &l) < 0)
-+ return -errno;
-+
-+ if (l < sizeof(sa_family_t))
-+ return -EINVAL;
-+
-+ if (sockaddr.sa.sa_family != AF_UNIX)
-+ return 0;
-+
-+ if (path) {
-+ if (length <= 0)
-+ length = strlen(path);
-+
-+ if (length <= 0)
-+ /* Unnamed socket */
-+ return l == offsetof(struct sockaddr_un, sun_path);
-+
-+ if (path[0])
-+ /* Normal path socket */
-+ return
-+ (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) &&
-+ memcmp(path, sockaddr.un.sun_path, length+1) == 0;
-+ else
-+ /* Abstract namespace socket */
-+ return
-+ (l == offsetof(struct sockaddr_un, sun_path) + length) &&
-+ memcmp(path, sockaddr.un.sun_path, length) == 0;
-+ }
-+
-+ return 1;
-+}
-+
-+int netsnmp_sd_notify(int unset_environment, const char *state) {
-+ int fd = -1, r;
-+ struct msghdr msghdr;
-+ struct iovec iovec;
-+ union sockaddr_union sockaddr;
-+ const char *e;
-+
-+ if (!state) {
-+ r = -EINVAL;
-+ goto finish;
-+ }
-+
-+ if (!(e = getenv("NOTIFY_SOCKET")))
-+ return 0;
-+
-+ /* Must be an abstract socket, or an absolute path */
-+ if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
-+ r = -EINVAL;
-+ goto finish;
-+ }
-+
-+ if ((fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) {
-+ r = -errno;
-+ goto finish;
-+ }
-+
-+ memset(&sockaddr, 0, sizeof(sockaddr));
-+ sockaddr.sa.sa_family = AF_UNIX;
-+ strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path));
-+
-+ if (sockaddr.un.sun_path[0] == '@')
-+ sockaddr.un.sun_path[0] = 0;
-+
-+ memset(&iovec, 0, sizeof(iovec));
-+ iovec.iov_base = (char *)state;
-+ iovec.iov_len = strlen(state);
-+
-+ memset(&msghdr, 0, sizeof(msghdr));
-+ msghdr.msg_name = &sockaddr;
-+ msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e);
-+
-+ if (msghdr.msg_namelen > sizeof(struct sockaddr_un))
-+ msghdr.msg_namelen = sizeof(struct sockaddr_un);
-+
-+ msghdr.msg_iov = &iovec;
-+ msghdr.msg_iovlen = 1;
-+
-+ if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) {
-+ r = -errno;
-+ goto finish;
-+ }
-+
-+ r = 1;
-+
-+finish:
-+ if (unset_environment)
-+ unsetenv("NOTIFY_SOCKET");
-+
-+ if (fd >= 0)
-+ close(fd);
-+
-+ return r;
-+}
-+
-+int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) {
-+ va_list ap;
-+ char *p = NULL;
-+ int r;
-+
-+ va_start(ap, format);
-+ r = vasprintf(&p, format, ap);
-+ va_end(ap);
-+
-+ if (r < 0 || !p)
-+ return -ENOMEM;
-+
-+ r = netsnmp_sd_notify(unset_environment, p);
-+ free(p);
-+
-+ return r;
-+}
-+
-+int netsnmp_sd_booted(void) {
-+ struct stat a, b;
-+
-+ /* We simply test whether the systemd cgroup hierarchy is
-+ * mounted */
-+
-+ if (lstat("/sys/fs/cgroup", &a) < 0)
-+ return 0;
-+
-+ if (lstat("/sys/fs/cgroup/systemd", &b) < 0)
-+ return 0;
-+
-+ return a.st_dev != b.st_dev;
-+}
-+
-+/* End of original sd-daemon.c from systemd sources */
-+
-+int
-+netsnmp_sd_find_inet_socket(int family, int type, int listening, int port)
-+{
-+ int count, fd;
-+
-+ count = netsnmp_sd_listen_fds(0);
-+ if (count <= 0) {
-+ DEBUGMSGTL(("systemd:find_inet_socket", "No LISTEN_FDS found.\n"));
-+ return 0;
-+ }
-+ DEBUGMSGTL(("systemd:find_inet_socket", "LISTEN_FDS reports %d sockets.\n",
-+ count));
-+
-+ for (fd = 3; fd < 3+count; fd++) {
-+ int rc = netsnmp_sd_is_socket_inet(fd, family, type, listening, port);
-+ if (rc < 0)
-+ DEBUGMSGTL(("systemd:find_inet_socket",
-+ "sd_is_socket_inet error: %d\n", rc));
-+ if (rc > 0) {
-+ DEBUGMSGTL(("systemd:find_inet_socket",
-+ "Found the socket in LISTEN_FDS\n"));
-+ return fd;
-+ }
-+ }
-+ DEBUGMSGTL(("systemd:find_inet_socket", "Socket not found in LISTEN_FDS\n"));
-+ return 0;
-+}
-+
-+int
-+netsnmp_sd_find_unix_socket(int type, int listening, const char *path)
-+{
-+ int count, fd;
-+
-+ count = netsnmp_sd_listen_fds(0);
-+ if (count <= 0) {
-+ DEBUGMSGTL(("systemd:find_unix_socket", "No LISTEN_FDS found.\n"));
-+ return 0;
-+ }
-+ DEBUGMSGTL(("systemd:find_unix_socket", "LISTEN_FDS reports %d sockets.\n",
-+ count));
-+
-+ for (fd = 3; fd < 3+count; fd++) {
-+ int rc = netsnmp_sd_is_socket_unix(fd, type, listening, path, 0);
-+ if (rc < 0)
-+ DEBUGMSGTL(("systemd:find_unix_socket",
-+ "netsnmp_sd_is_socket_unix error: %d\n", rc));
-+ if (rc > 0) {
-+ DEBUGMSGTL(("systemd:find_unix_socket",
-+ "Found the socket in LISTEN_FDS\n"));
-+ return fd;
-+ }
-+ }
-+ DEBUGMSGTL(("systemd:find_unix_socket", "Socket not found in LISTEN_FDS\n"));
-+ return 0;
-+}
-+
-+#endif /* ! NETSNMP_NO_SYSTEMD */
-diff -up net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c
---- net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c 2015-02-17 13:34:05.748221842 +0100
-@@ -43,6 +43,10 @@
- #include <net-snmp/library/snmpTCPBaseDomain.h>
- #include <net-snmp/library/tools.h>
-
-+#ifndef NETSNMP_NO_SYSTEMD
-+#include <net-snmp/library/sd-daemon.h>
-+#endif
-+
- /*
- * needs to be in sync with the definitions in snmplib/snmpUDPDomain.c
- * and perl/agent/agent.xs
-@@ -149,6 +153,7 @@ netsnmp_tcp_transport(struct sockaddr_in
- netsnmp_transport *t = NULL;
- netsnmp_udp_addr_pair *addr_pair = NULL;
- int rc = 0;
-+ int socket_initialized = 0;
-
- #ifdef NETSNMP_NO_LISTEN_SUPPORT
- if (local)
-@@ -178,7 +183,19 @@ netsnmp_tcp_transport(struct sockaddr_in
- t->domain_length =
- sizeof(netsnmp_snmpTCPDomain) / sizeof(netsnmp_snmpTCPDomain[0]);
-
-- t->sock = socket(PF_INET, SOCK_STREAM, 0);
-+#ifndef NETSNMP_NO_SYSTEMD
-+ /*
-+ * Maybe the socket was already provided by systemd...
-+ */
-+ if (local) {
-+ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_STREAM, 1,
-+ ntohs(addr->sin_port));
-+ if (t->sock)
-+ socket_initialized = 1;
-+ }
-+#endif
-+ if (!socket_initialized)
-+ t->sock = socket(PF_INET, SOCK_STREAM, 0);
- if (t->sock < 0) {
- netsnmp_transport_free(t);
- return NULL;
-@@ -215,11 +232,13 @@ netsnmp_tcp_transport(struct sockaddr_in
- setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt,
- sizeof(opt));
-
-- rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr));
-- if (rc != 0) {
-- netsnmp_socketbase_close(t);
-- netsnmp_transport_free(t);
-- return NULL;
-+ if (!socket_initialized) {
-+ rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr));
-+ if (rc != 0) {
-+ netsnmp_socketbase_close(t);
-+ netsnmp_transport_free(t);
-+ return NULL;
-+ }
- }
-
- /*
-@@ -235,12 +254,13 @@ netsnmp_tcp_transport(struct sockaddr_in
- /*
- * Now sit here and wait for connections to arrive.
- */
--
-- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
-- if (rc != 0) {
-- netsnmp_socketbase_close(t);
-- netsnmp_transport_free(t);
-- return NULL;
-+ if (!socket_initialized) {
-+ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
-+ if (rc != 0) {
-+ netsnmp_socketbase_close(t);
-+ netsnmp_transport_free(t);
-+ return NULL;
-+ }
- }
-
- /*
-diff -up net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c
---- net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c 2015-02-17 13:34:05.748221842 +0100
-@@ -49,6 +49,10 @@
- #include <net-snmp/library/snmpTCPBaseDomain.h>
- #include <net-snmp/library/tools.h>
-
-+#ifndef NETSNMP_NO_SYSTEMD
-+#include <net-snmp/library/sd-daemon.h>
-+#endif
-+
- #include "inet_ntop.h"
-
- oid netsnmp_TCPIPv6Domain[] = { TRANSPORT_DOMAIN_TCP_IPV6 };
-@@ -140,6 +144,7 @@ netsnmp_tcp6_transport(struct sockaddr_i
- {
- netsnmp_transport *t = NULL;
- int rc = 0;
-+ int socket_initialized = 0;
-
- #ifdef NETSNMP_NO_LISTEN_SUPPORT
- if (local)
-@@ -174,7 +179,19 @@ netsnmp_tcp6_transport(struct sockaddr_i
- t->domain = netsnmp_TCPIPv6Domain;
- t->domain_length = sizeof(netsnmp_TCPIPv6Domain) / sizeof(oid);
-
-- t->sock = socket(PF_INET6, SOCK_STREAM, 0);
-+#ifndef NETSNMP_NO_SYSTEMD
-+ /*
-+ * Maybe the socket was already provided by systemd...
-+ */
-+ if (local) {
-+ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_STREAM, 1,
-+ ntohs(addr->sin6_port));
-+ if (t->sock)
-+ socket_initialized = 1;
-+ }
-+#endif
-+ if (!socket_initialized)
-+ t->sock = socket(PF_INET6, SOCK_STREAM, 0);
- if (t->sock < 0) {
- netsnmp_transport_free(t);
- return NULL;
-@@ -220,12 +237,14 @@ netsnmp_tcp6_transport(struct sockaddr_i
-
- setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, sizeof(opt));
-
-- rc = bind(t->sock, (struct sockaddr *) addr,
-- sizeof(struct sockaddr_in6));
-- if (rc != 0) {
-- netsnmp_socketbase_close(t);
-- netsnmp_transport_free(t);
-- return NULL;
-+ if (!socket_initialized) {
-+ rc = bind(t->sock, (struct sockaddr *) addr,
-+ sizeof(struct sockaddr_in6));
-+ if (rc != 0) {
-+ netsnmp_socketbase_close(t);
-+ netsnmp_transport_free(t);
-+ return NULL;
-+ }
- }
-
- /*
-@@ -242,11 +261,13 @@ netsnmp_tcp6_transport(struct sockaddr_i
- * Now sit here and wait for connections to arrive.
- */
-
-- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
-- if (rc != 0) {
-- netsnmp_socketbase_close(t);
-- netsnmp_transport_free(t);
-- return NULL;
-+ if (!socket_initialized) {
-+ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
-+ if (rc != 0) {
-+ netsnmp_socketbase_close(t);
-+ netsnmp_transport_free(t);
-+ return NULL;
-+ }
- }
-
- /*
-diff -up net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c
---- net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c 2015-02-17 13:36:22.744123462 +0100
-@@ -40,6 +40,10 @@
-
- #include <net-snmp/library/snmpSocketBaseDomain.h>
-
-+#ifndef NETSNMP_NO_SYSTEMD
-+#include <net-snmp/library/sd-daemon.h>
-+#endif
-+
- #if defined(HAVE_IP_PKTINFO) || defined(HAVE_IP_RECVDSTADDR)
- int netsnmp_udpipv4_recvfrom(int s, void *buf, int len, struct sockaddr *from,
- socklen_t *fromlen, struct sockaddr *dstip,
-@@ -64,6 +68,7 @@ netsnmp_udpipv4base_transport(struct soc
- char *client_socket = NULL;
- netsnmp_indexed_addr_pair addr_pair;
- socklen_t local_addr_len;
-+ int socket_initialized = 0;
-
- #ifdef NETSNMP_NO_LISTEN_SUPPORT
- if (local)
-@@ -88,7 +93,20 @@ netsnmp_udpipv4base_transport(struct soc
- free(str);
- }
-
-- t->sock = socket(PF_INET, SOCK_DGRAM, 0);
-+#ifndef NETSNMP_NO_SYSTEMD
-+ /*
-+ * Maybe the socket was already provided by systemd...
-+ */
-+ if (local) {
-+ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_DGRAM, -1,
-+ ntohs(addr->sin_port));
-+ if (t->sock)
-+ socket_initialized = 1;
-+ }
-+#endif
-+ if (!socket_initialized)
-+ t->sock = socket(PF_INET, SOCK_DGRAM, 0);
-+
- DEBUGMSGTL(("UDPBase", "openned socket %d as local=%d\n", t->sock, local));
- if (t->sock < 0) {
- netsnmp_transport_free(t);
-@@ -151,12 +169,14 @@ netsnmp_udpipv4base_transport(struct soc
- }
- }
- #endif /* !defined(WIN32) */
-- rc = bind(t->sock, (struct sockaddr *) addr,
-- sizeof(struct sockaddr));
-- if (rc != 0) {
-- netsnmp_socketbase_close(t);
-- netsnmp_transport_free(t);
-- return NULL;
-+ if (!socket_initialized) {
-+ rc = bind(t->sock, (struct sockaddr *) addr,
-+ sizeof(struct sockaddr));
-+ if (rc != 0) {
-+ netsnmp_socketbase_close(t);
-+ netsnmp_transport_free(t);
-+ return NULL;
-+ }
- }
- t->data = NULL;
- t->data_length = 0;
-diff -up net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c
---- net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c 2015-02-17 13:37:16.256087147 +0100
-@@ -67,6 +67,10 @@ static const struct in6_addr in6addr_any
- #include <net-snmp/library/snmpSocketBaseDomain.h>
- #include <net-snmp/library/tools.h>
-
-+#ifndef NETSNMP_NO_SYSTEMD
-+#include <net-snmp/library/sd-daemon.h>
-+#endif
-+
- #include "inet_ntop.h"
- #include "inet_pton.h"
-
-@@ -190,6 +194,7 @@ netsnmp_udp6_transport(struct sockaddr_i
- {
- netsnmp_transport *t = NULL;
- int rc = 0;
-+ int socket_initialized = 0;
-
- #ifdef NETSNMP_NO_LISTEN_SUPPORT
- if (local)
-@@ -217,7 +222,19 @@ netsnmp_udp6_transport(struct sockaddr_i
- t->domain_length =
- sizeof(netsnmp_UDPIPv6Domain) / sizeof(netsnmp_UDPIPv6Domain[0]);
-
-- t->sock = socket(PF_INET6, SOCK_DGRAM, 0);
-+#ifndef NETSNMP_NO_SYSTEMD
-+ /*
-+ * Maybe the socket was already provided by systemd...
-+ */
-+ if (local) {
-+ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_DGRAM, -1,
-+ ntohs(addr->sin6_port));
-+ if (t->sock)
-+ socket_initialized = 1;
-+ }
-+#endif
-+ if (!socket_initialized)
-+ t->sock = socket(PF_INET6, SOCK_DGRAM, 0);
- if (t->sock < 0) {
- netsnmp_transport_free(t);
- return NULL;
-@@ -242,13 +259,14 @@ netsnmp_udp6_transport(struct sockaddr_i
- }
- }
- #endif
--
-- rc = bind(t->sock, (struct sockaddr *) addr,
-- sizeof(struct sockaddr_in6));
-- if (rc != 0) {
-- netsnmp_socketbase_close(t);
-- netsnmp_transport_free(t);
-- return NULL;
-+ if (!socket_initialized) {
-+ rc = bind(t->sock, (struct sockaddr *) addr,
-+ sizeof(struct sockaddr_in6));
-+ if (rc != 0) {
-+ netsnmp_socketbase_close(t);
-+ netsnmp_transport_free(t);
-+ return NULL;
-+ }
- }
- t->local = (unsigned char*)malloc(18);
- if (t->local == NULL) {
-diff -up net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c
---- net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100
-+++ net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c 2015-02-17 13:34:05.749221841 +0100
-@@ -37,6 +37,10 @@
- #include <net-snmp/library/system.h> /* mkdirhier */
- #include <net-snmp/library/tools.h>
-
-+#ifndef NETSNMP_NO_SYSTEMD
-+#include <net-snmp/library/sd-daemon.h>
-+#endif
-+
- netsnmp_feature_child_of(transport_unix_socket_all, transport_all)
- netsnmp_feature_child_of(unix_socket_paths, transport_unix_socket_all)
-
-@@ -295,6 +299,7 @@ netsnmp_unix_transport(struct sockaddr_u
- netsnmp_transport *t = NULL;
- sockaddr_un_pair *sup = NULL;
- int rc = 0;
-+ int socket_initialized = 0;
-
- #ifdef NETSNMP_NO_LISTEN_SUPPORT
- /* SPECIAL CIRCUMSTANCE: We still want AgentX to be able to operate,
-@@ -333,7 +338,18 @@ netsnmp_unix_transport(struct sockaddr_u
- t->data_length = sizeof(sockaddr_un_pair);
- sup = (sockaddr_un_pair *) t->data;
-
-- t->sock = socket(PF_UNIX, SOCK_STREAM, 0);
-+#ifndef NETSNMP_NO_SYSTEMD
-+ /*
-+ * Maybe the socket was already provided by systemd...
-+ */
-+ if (local) {
-+ t->sock = netsnmp_sd_find_unix_socket(SOCK_STREAM, 1, addr->sun_path);
-+ if (t->sock)
-+ socket_initialized = 1;
-+ }
-+#endif
-+ if (!socket_initialized)
-+ t->sock = socket(PF_UNIX, SOCK_STREAM, 0);
- if (t->sock < 0) {
- netsnmp_transport_free(t);
- return NULL;
-@@ -357,25 +373,26 @@ netsnmp_unix_transport(struct sockaddr_u
-
- t->flags |= NETSNMP_TRANSPORT_FLAG_LISTEN;
-
-- unlink(addr->sun_path);
-- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr));
--
-- if (rc != 0 && errno == ENOENT && create_path) {
-- rc = mkdirhier(addr->sun_path, create_mode, 1);
-+ if (!socket_initialized) {
-+ unlink(addr->sun_path);
-+ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr));
-+ if (rc != 0 && errno == ENOENT && create_path) {
-+ rc = mkdirhier(addr->sun_path, create_mode, 1);
-+ if (rc != 0) {
-+ netsnmp_unix_close(t);
-+ netsnmp_transport_free(t);
-+ return NULL;
-+ }
-+ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr));
-+ }
- if (rc != 0) {
-+ DEBUGMSGTL(("netsnmp_unix_transport",
-+ "couldn't bind \"%s\", errno %d (%s)\n",
-+ addr->sun_path, errno, strerror(errno)));
- netsnmp_unix_close(t);
- netsnmp_transport_free(t);
- return NULL;
- }
-- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr));
-- }
-- if (rc != 0) {
-- DEBUGMSGTL(("netsnmp_unix_transport",
-- "couldn't bind \"%s\", errno %d (%s)\n",
-- addr->sun_path, errno, strerror(errno)));
-- netsnmp_unix_close(t);
-- netsnmp_transport_free(t);
-- return NULL;
- }
-
- /*
-@@ -391,16 +408,17 @@ netsnmp_unix_transport(struct sockaddr_u
- * Now sit here and listen for connections to arrive.
- */
-
-- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
-- if (rc != 0) {
-- DEBUGMSGTL(("netsnmp_unix_transport",
-- "couldn't listen to \"%s\", errno %d (%s)\n",
-- addr->sun_path, errno, strerror(errno)));
-- netsnmp_unix_close(t);
-- netsnmp_transport_free(t);
-- return NULL;
-+ if (!socket_initialized) {
-+ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
-+ if (rc != 0) {
-+ DEBUGMSGTL(("netsnmp_unix_transport",
-+ "couldn't listen to \"%s\", errno %d (%s)\n",
-+ addr->sun_path, errno, strerror(errno)));
-+ netsnmp_unix_close(t);
-+ netsnmp_transport_free(t);
-+ return NULL;
-+ }
- }
--
- } else {
- t->remote = (u_char *)malloc(strlen(addr->sun_path));
- if (t->remote == NULL) {
diff --git a/net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch b/net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch
new file mode 100644
index 000000000..fb34caff7
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch
@@ -0,0 +1,14 @@
+diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
+--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200
++++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200
+@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
+ return 0; /* or -1 */
+
+ it = CONTAINER_ITERATOR( swrun_container );
++ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
++ if (0 == strcmp( entry->hrSWRunName, name ))
++ i++;
++ }
+ while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
+ if (0 == strcmp( entry->hrSWRunName, name ))
+ i++;
diff --git a/net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch b/net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch
new file mode 100644
index 000000000..75a2c6df1
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch
@@ -0,0 +1,12 @@
+diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h
+--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200
++++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200
+@@ -10,7 +10,7 @@ extern "C" {
+ * Note: using the U64 typedef is deprecated because this typedef conflicts
+ * with a typedef with the same name defined in the Perl header files.
+ */
+- typedef struct counter64 U64;
++// typedef struct counter64 U64;
+ #endif
+
+ #define I64CHARSZ 21
diff --git a/net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch b/net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch
new file mode 100644
index 000000000..ef851b1ef
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch
@@ -0,0 +1,35 @@
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100
++++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100
+@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
+ "No error", /* SNMPERR_SUCCESS */
+ "Generic error", /* SNMPERR_GENERR */
+ "Invalid local port", /* SNMPERR_BAD_LOCPORT */
+- "Unknown host", /* SNMPERR_BAD_ADDRESS */
++ "Invalid address", /* SNMPERR_BAD_ADDRESS */
+ "Unknown session", /* SNMPERR_BAD_SESSION */
+ "Too long", /* SNMPERR_TOO_LONG */
+ "No socket", /* SNMPERR_NO_SOCKET */
+@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
+ DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
+ in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
+ in_session->s_errno = errno;
+- snmp_set_detail(in_session->peername);
++ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
++ NETSNMP_DS_LIB_CLIENT_ADDR))
++ snmp_set_detail(in_session->peername);
+ return NULL;
+ }
+
+diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
+--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100
++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100
+@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
+ DEBUGMSGTL(("netsnmp_udpbase",
+ "failed to bind for clientaddr: %d %s\n",
+ errno, strerror(errno)));
++ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
++ strerror(errno)));
+ goto err;
+ }
+
diff --git a/net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch b/net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch
new file mode 100644
index 000000000..075976a4e
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch
@@ -0,0 +1,11 @@
+diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
+--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200
++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200
+@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
+ for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
+ if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
+ /* 'entry' is duplicate of the previous one -> delete it */
++ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
+ netsnmp_access_ipaddress_entry_free(entry);
+ } else {
+ CONTAINER_INSERT(ret, entry);
diff --git a/net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch b/net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch
new file mode 100644
index 000000000..db95998f0
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch
@@ -0,0 +1,82 @@
+diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
+--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200
++++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200
+@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
+ }
+
+ #elif defined(linux)
++#include <errno.h>
+ static struct ifreq *ifr;
+ static int ifr_counter;
+
+ static void
+ Address_Scan_Init(void)
+ {
+- int num_interfaces = 0;
++ int i;
+ int fd;
++ int lastlen = 0;
+
+ /* get info about all interfaces */
+
+@@ -510,28 +512,45 @@ Address_Scan_Init(void)
+ SNMP_FREE(ifc.ifc_buf);
+ ifr_counter = 0;
+
+- do
+- {
+ if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+ {
+ DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
+ return;
+ }
+- num_interfaces += 16;
+
+- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
+- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
+-
+- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
+- {
+- ifr=NULL;
+- close(fd);
+- return;
+- }
+- close(fd);
++ /*
++ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
++ * on some platforms; see W. R. Stevens, ``Unix Network Programming
++ * Volume I'', p.435...
++ */
++
++ for (i = 8;; i *= 2) {
++ ifc.ifc_len = sizeof(struct ifreq) * i;
++ ifc.ifc_req = calloc(i, sizeof(struct ifreq));
++
++ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
++ if (errno != EINVAL || lastlen != 0) {
++ /*
++ * Something has gone genuinely wrong...
++ */
++ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
++ SNMP_FREE(ifc.ifc_buf);
++ close(fd);
++ return;
++ }
++ } else {
++ if (ifc.ifc_len == lastlen) {
++ /*
++ * The length is the same as the last time; we're done...
++ */
++ break;
++ }
++ lastlen = ifc.ifc_len;
++ }
++ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
+ }
+- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
+-
++
++ close(fd);
+ ifr = ifc.ifc_req;
+ }
+
diff --git a/net-snmp/patches/net-snmp-5.8-man-page.patch b/net-snmp/patches/net-snmp-5.8-man-page.patch
new file mode 100644
index 000000000..dc78e14b6
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.8-man-page.patch
@@ -0,0 +1,36 @@
+diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
+--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200
++++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200
+@@ -3,7 +3,7 @@
+ net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
+ .SH SYNOPSIS
+ .PP
+-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
+ .B [username]
+ .SH DESCRIPTION
+ .PP
+@@ -16,13 +16,16 @@ new user in net-snmp configuration file
+ displays the net-snmp version number
+ .TP
+ \fB\-ro\fR
+-create an user with read-only permissions
++creates a user with read-only permissions
+ .TP
+-\fB\-a authpass\fR
+-specify authentication password
++\fB\-A authpass\fR
++specifies the authentication password
+ .TP
+-\fB\-x privpass\fR
+-specify encryption password
++\fB\-a MD5|SHA\fR
++specifies the authentication password hashing algorithm
+ .TP
+-\fB\-X DES|AES\fR
+-specify encryption algorithm
++\fB\-X privpass\fR
++specifies the encryption password
++.TP
++\fB\-x DES|AES\fR
++specifies the encryption algorithm
diff --git a/net-snmp/patches/net-snmp-5.9-aes-config.patch b/net-snmp/patches/net-snmp-5.9-aes-config.patch
new file mode 100644
index 000000000..ceac97c78
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.9-aes-config.patch
@@ -0,0 +1,18 @@
+diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+index afd6fa4..07c26fe 100644
+--- a/net-snmp-create-v3-user.in
++++ b/net-snmp-create-v3-user.in
+@@ -58,11 +58,11 @@ case $1 in
+ exit 1
+ fi
+ case $1 in
+- DES|AES|AES128)
++ DES|AES|AES128|AES192|AES256)
+ Xalgorithm=$1
+ shift
+ ;;
+- des|aes|aes128)
++ des|aes|aes128|aes192|aes256)
+ Xalgorithm=$(echo "$1" | tr a-z A-Z)
+ shift
+ ;;
diff --git a/net-snmp/patches/net-snmp-5.9-autofs-skip.patch b/net-snmp/patches/net-snmp-5.9-autofs-skip.patch
new file mode 100644
index 000000000..bd5c560c1
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.9-autofs-skip.patch
@@ -0,0 +1,12 @@
+diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
+index e7ca92f..80b3e0d 100644
+--- a/agent/mibgroup/host/hr_filesys.c
++++ b/agent/mibgroup/host/hr_filesys.c
+@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
+ "shm",
+ "sockfs",
+ "sysfs",
++ "tmpfs",
+ "usbdevfs",
+ "usbfs",
+ #endif
diff --git a/net-snmp/patches/net-snmp-5.9-coverity.patch b/net-snmp/patches/net-snmp-5.9-coverity.patch
new file mode 100644
index 000000000..fa3e0430d
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.9-coverity.patch
@@ -0,0 +1,22 @@
+diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
+index e9a8831..5a1d8e7 100644
+--- a/agent/mibgroup/disman/event/mteTrigger.c
++++ b/agent/mibgroup/disman/event/mteTrigger.c
+@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
+ * Similarly, if no fallEvent is configured,
+ * there's no point in trying to fire it either.
+ */
+- if (entry->mteTThRiseEvent[0] != '\0' ) {
++ if (entry->mteTThFallEvent[0] != '\0' ) {
+ entry->mteTriggerXOwner = entry->mteTThObjOwner;
+ entry->mteTriggerXObjects = entry->mteTThObjects;
+ entry->mteTriggerFired = vp1;
+@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
+ * Similarly, if no fallEvent is configured,
+ * there's no point in trying to fire it either.
+ */
+- if (entry->mteTThDRiseEvent[0] != '\0' ) {
++ if (entry->mteTThDFallEvent[0] != '\0' ) {
+ entry->mteTriggerXOwner = entry->mteTThObjOwner;
+ entry->mteTriggerXObjects = entry->mteTThObjects;
+ entry->mteTriggerFired = vp1;
diff --git a/net-snmp/patches/net-snmp-5.9-dir-fix.patch b/net-snmp/patches/net-snmp-5.9-dir-fix.patch
new file mode 100644
index 000000000..f7311ca33
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.9-dir-fix.patch
@@ -0,0 +1,30 @@
+diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+index 19895a1..ac3c60f 100644
+--- a/net-snmp-create-v3-user.in
++++ b/net-snmp-create-v3-user.in
+@@ -14,6 +14,10 @@ Xalgorithm="DES"
+ token=rwuser
+
+ while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
++case "$1" in
++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
++ *) optarg= ;;
++esac
+
+ unset shifted
+ case $1 in
+@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
+ touch "$outfile"
+ fi
+ echo "$line" >> "$outfile"
+-prefix=@prefix@
+-datarootdir=@datarootdir@
+-# To suppress shellcheck complaints about $prefix and $datarootdir.
+-: "$prefix" "$datarootdir"
+-outfile="@datadir@/snmp/snmpd.conf"
++# Avoid that configure complains that this script ignores @datarootdir@
++echo "@datarootdir@" >/dev/null
++outfile="/etc/snmp/snmpd.conf"
+ line="$token $user"
+ echo "adding the following line to $outfile:"
+ echo " $line"
diff --git a/net-snmp/patches/net-snmp-5.9-intermediate-certs.patch b/net-snmp/patches/net-snmp-5.9-intermediate-certs.patch
new file mode 100644
index 000000000..6b5daf726
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.9-intermediate-certs.patch
@@ -0,0 +1,855 @@
+diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
+index 80e2a19..143adbb 100644
+--- a/include/net-snmp/library/cert_util.h
++++ b/include/net-snmp/library/cert_util.h
+@@ -55,7 +55,8 @@ extern "C" {
+ char *common_name;
+
+ u_char hash_type;
+- u_char _pad[3]; /* for future use */
++ u_char _pad[1]; /* for future use */
++ u_short offset;
+ } netsnmp_cert;
+
+ /** types */
+@@ -100,6 +101,7 @@ extern "C" {
+
+ NETSNMP_IMPORT
+ netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint);
++ netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint);
+
+ int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
+
+diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
+index 471bb0b..ac7f69a 100644
+--- a/include/net-snmp/library/dir_utils.h
++++ b/include/net-snmp/library/dir_utils.h
+@@ -53,7 +53,8 @@ extern "C" {
+ #define NETSNMP_DIR_NSFILE 0x0010
+ /** load stats in netsnmp_file */
+ #define NETSNMP_DIR_NSFILE_STATS 0x0020
+-
++/** allow files to be indexed more than once */
++#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040
+
+
+ #ifdef __cplusplus
+diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
+index 210ad8b..b1f8144 100644
+--- a/snmplib/cert_util.c
++++ b/snmplib/cert_util.c
+@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
+ * bump this value whenever cert index format changes, so indexes
+ * will be regenerated with new format.
+ */
+-#define CERT_INDEX_FORMAT 1
++#define CERT_INDEX_FORMAT 2
+
+ static netsnmp_container *_certs = NULL;
+ static netsnmp_container *_keys = NULL;
+@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
+ netsnmp_cert_common *rhs);
+ static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
+ static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
++static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *matching);
++static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *matching, int what);
+ static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
+ const char *directory);
+ static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
+@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
+ {
+ netsnmp_container *c;
+
++ int rc;
++
+ c = netsnmp_container_find("certs:binary_array");
+ if (NULL == c) {
+ snmp_log(LOG_ERR, "could not create container for %s\n", use);
+@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
+ c->free_item = (netsnmp_container_obj_func*)_cert_free;
+ c->compare = (netsnmp_container_compare*)_cert_compare;
+
++ CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
++
+ return c;
+ }
+
+@@ -362,6 +368,8 @@ _setup_containers(void)
+ {
+ netsnmp_container *additional_keys;
+
++ int rc;
++
+ _certs = _get_cert_container("netsnmp certificates");
+ if (NULL == _certs)
+ return;
+@@ -376,6 +384,7 @@ _setup_containers(void)
+ additional_keys->container_name = strdup("certs_cn");
+ additional_keys->free_item = NULL;
+ additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
++ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+ netsnmp_container_add_index(_certs, additional_keys);
+
+ /** additional keys: subject name */
+@@ -389,6 +398,7 @@ _setup_containers(void)
+ additional_keys->free_item = NULL;
+ additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
+ additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
++ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+ netsnmp_container_add_index(_certs, additional_keys);
+
+ /** additional keys: file name */
+@@ -402,6 +412,7 @@ _setup_containers(void)
+ additional_keys->free_item = NULL;
+ additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
+ additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
++ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+ netsnmp_container_add_index(_certs, additional_keys);
+
+ _keys = netsnmp_container_find("cert_keys:binary_array");
+@@ -424,7 +435,7 @@ netsnmp_cert_map_container(void)
+ }
+
+ static netsnmp_cert *
+-_new_cert(const char *dirname, const char *filename, int certType,
++_new_cert(const char *dirname, const char *filename, int certType, int offset,
+ int hashType, const char *fingerprint, const char *common_name,
+ const char *subject)
+ {
+@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
+
+ cert->info.dir = strdup(dirname);
+ cert->info.filename = strdup(filename);
+- cert->info.allowed_uses = NS_CERT_REMOTE_PEER;
++ /* only the first certificate is allowed to be a remote peer */
++ cert->info.allowed_uses = offset ? 0 : NS_CERT_REMOTE_PEER;
+ cert->info.type = certType;
++ cert->offset = offset;
+ if (fingerprint) {
+ cert->hash_type = hashType;
+ cert->fingerprint = strdup(fingerprint);
+@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
+ * certificate utility functions
+ *
+ */
++static BIO *
++netsnmp_open_bio(const char *dir, const char *filename)
++{
++ BIO *certbio;
++ char file[SNMP_MAXPATH];
++
++ DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename));
++
++ certbio = BIO_new(BIO_s_file());
++ if (NULL == certbio) {
++ snmp_log(LOG_ERR, "error creating BIO\n");
++ return NULL;
++ }
++
++ snprintf(file, sizeof(file),"%s/%s", dir, filename);
++ if (BIO_read_filename(certbio, file) <=0) {
++ snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", file);
++ BIO_vfree(certbio);
++ return NULL;
++ }
++
++ return certbio;
++}
++
++static void
++netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert)
++{
++ int is_ca;
++
++ cert->ocert = ocert;
++
++ /*
++ * X509_check_ca return codes:
++ * 0 not a CA
++ * 1 is a CA
++ * 2 basicConstraints absent so "maybe" a CA
++ * 3 basicConstraints absent but self signed V1.
++ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
++ * 5 outdated Netscape Certificate Type CA extension.
++ */
++ is_ca = X509_check_ca(ocert);
++ if (1 == is_ca)
++ cert->info.allowed_uses |= NS_CERT_CA;
++
++ if (NULL == cert->subject) {
++ cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
++ 0);
++ DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
++ }
++
++ if (NULL == cert->issuer) {
++ cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
++ if (strcmp(cert->subject, cert->issuer) == 0) {
++ free(cert->issuer);
++ cert->issuer = strdup("self-signed");
++ }
++ DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
++ }
++
++ if (NULL == cert->fingerprint) {
++ cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
++ cert->fingerprint =
++ netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
++ }
++
++ if (NULL == cert->common_name) {
++ cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
++ NULL);
++ DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
++ }
++
++}
++
+ static X509 *
+ netsnmp_ocert_get(netsnmp_cert *cert)
+ {
+ BIO *certbio;
+ X509 *ocert = NULL;
++ X509 *ncert = NULL;
+ EVP_PKEY *okey = NULL;
+- char file[SNMP_MAXPATH];
+- int is_ca;
+
+ if (NULL == cert)
+ return NULL;
+@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
+ }
+ }
+
+- DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename));
+-
+- certbio = BIO_new(BIO_s_file());
+- if (NULL == certbio) {
+- snmp_log(LOG_ERR, "error creating BIO\n");
+- return NULL;
+- }
+-
+- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
+- if (BIO_read_filename(certbio, file) <=0) {
+- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
+- BIO_vfree(certbio);
++ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
++ if (!certbio) {
+ return NULL;
+ }
+
+- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
+- char *pos = strrchr(cert->info.filename, '.');
+- if (NULL == pos)
+- return NULL;
+- cert->info.type = _cert_ext_type(++pos);
+- netsnmp_assert(cert->info.type != NS_CERT_TYPE_UNKNOWN);
+- }
+-
+ switch (cert->info.type) {
+
+ case NS_CERT_TYPE_DER:
++ (void)BIO_seek(certbio, cert->offset);
+ ocert = d2i_X509_bio(certbio,NULL); /* DER/ASN1 */
+ if (NULL != ocert)
+ break;
+- (void)BIO_reset(certbio);
+ /* Check for PEM if DER didn't work */
+ /* FALLTHROUGH */
+
+ case NS_CERT_TYPE_PEM:
+- ocert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
++ (void)BIO_seek(certbio, cert->offset);
++ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+ if (NULL == ocert)
+ break;
+ if (NS_CERT_TYPE_DER == cert->info.type) {
+ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
+ cert->info.type = NS_CERT_TYPE_PEM;
+ }
+- /** check for private key too */
+- if (NULL == cert->key) {
+- (void)BIO_reset(certbio);
+- okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
++ /** check for private key too, but only if we're the first certificate */
++ if (0 == cert->offset && NULL == cert->key) {
++ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+ if (NULL != okey) {
+ netsnmp_key *key;
+ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
+@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
+ break;
+ #ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
+ case NS_CERT_TYPE_PKCS12:
+- (void)BIO_reset(certbio);
++ (void)BIO_seek(certbio, cert->offset);
+ PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
+ if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
+ PKCS12_verify_mac(p12, NULL, 0)))
+@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
+ return NULL;
+ }
+
+- cert->ocert = ocert;
+- /*
+- * X509_check_ca return codes:
+- * 0 not a CA
+- * 1 is a CA
+- * 2 basicConstraints absent so "maybe" a CA
+- * 3 basicConstraints absent but self signed V1.
+- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+- * 5 outdated Netscape Certificate Type CA extension.
+- */
+- is_ca = X509_check_ca(ocert);
+- if (1 == is_ca)
+- cert->info.allowed_uses |= NS_CERT_CA;
+-
+- if (NULL == cert->subject) {
+- cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
+- 0);
+- DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
+- }
+-
+- if (NULL == cert->issuer) {
+- cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
+- if (strcmp(cert->subject, cert->issuer) == 0) {
+- free(cert->issuer);
+- cert->issuer = strdup("self-signed");
+- }
+- DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
+- }
+-
+- if (NULL == cert->fingerprint) {
+- cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
+- cert->fingerprint =
+- netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
+- }
+-
+- if (NULL == cert->common_name) {
+- cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
+- NULL);
+- DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
+- }
++ netsnmp_ocert_parse(cert, ocert);
+
+ return ocert;
+ }
+@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key)
+ {
+ BIO *keybio;
+ EVP_PKEY *okey;
+- char file[SNMP_MAXPATH];
+
+ if (NULL == key)
+ return NULL;
+@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key)
+ if (key->okey)
+ return key->okey;
+
+- snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename);
+- DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename));
+-
+- keybio = BIO_new(BIO_s_file());
+- if (NULL == keybio) {
+- snmp_log(LOG_ERR, "error creating BIO\n");
+- return NULL;
+- }
+-
+- if (BIO_read_filename(keybio, file) <=0) {
+- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n",
+- key->info.filename);
+- BIO_vfree(keybio);
++ keybio = netsnmp_open_bio(key->info.dir, key->info.filename);
++ if (!keybio) {
+ return NULL;
+ }
+
+@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
+ cert->issuer_cert = _find_issuer(cert);
+ if (NULL == cert->issuer_cert) {
+ DEBUGMSGT(("cert:load:warn",
+- "couldn't load CA chain for cert %s\n",
++ "couldn't load full CA chain for cert %s\n",
+ cert->info.filename));
+ rc = CERT_LOAD_PARTIAL;
+ break;
+@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
+ /** get issuer ocert */
+ if ((NULL == cert->issuer_cert->ocert) &&
+ (netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
+- DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n",
++ DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for %s\n",
+ cert->info.filename));
+ rc = CERT_LOAD_PARTIAL;
+ break;
+@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+ return;
+ }
+
+- if(key) {
++ if (key) {
+ if (key->cert) {
+ DEBUGMSGT(("cert:partner", "key already has partner\n"));
+ return;
+@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+ return;
+ *pos = 0;
+
+- matching = _cert_find_subset_fn( filename, key->info.dir );
++ matching = _cert_reduce_subset_first(_cert_find_subset_fn( filename,
++ key->info.dir ));
+ if (!matching)
+ return;
+ if (1 == matching->size) {
+@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+ DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
+ key->info.filename));
+ }
+- else if(cert) {
++ else if (cert) {
+ if (cert->key) {
+ DEBUGMSGT(("cert:partner", "cert already has partner\n"));
+ return;
+@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
+ }
+ }
+
++static netsnmp_key *
++_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *index)
++{
++ netsnmp_key *key;
++
++ key = _new_key(dirname, filename);
++ if (NULL == key) {
++ return NULL;
++ }
++
++ key->okey = okey;
++
++ if (-1 == CONTAINER_INSERT(_keys, key)) {
++ DEBUGMSGT(("cert:key:file:add:err",
++ "error inserting key into container\n"));
++ netsnmp_key_free(key);
++ key = NULL;
++ }
++ if (index) {
++ fprintf(index, "k:%s\n", filename);
++ }
++
++ return key;
++}
++
++static netsnmp_cert *
++_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, FILE *index)
++{
++ netsnmp_cert *cert;
++
++ cert = _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NULL);
++ if (NULL == cert)
++ return NULL;
++
++ netsnmp_ocert_parse(cert, ocert);
++
++ if (-1 == CONTAINER_INSERT(_certs, cert)) {
++ DEBUGMSGT(("cert:file:add:err",
++ "error inserting cert into container\n"));
++ netsnmp_cert_free(cert);
++ return NULL;
++ }
++
++ if (index) {
++ /** filename = NAME_MAX = 255 */
++ /** fingerprint max = 64*3=192 for sha512 */
++ /** common name / CN = 64 */
++ if (cert)
++ fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename,
++ cert->info.type, cert->offset, cert->hash_type, cert->fingerprint,
++ cert->common_name, cert->subject);
++ }
++
++ return cert;
++}
++
+ static int
+ _add_certfile(const char* dirname, const char* filename, FILE *index)
+ {
+- X509 *ocert;
+- EVP_PKEY *okey;
++ BIO *certbio;
++ X509 *ocert = NULL;
++ X509 *ncert;
++ EVP_PKEY *okey = NULL;
+ netsnmp_cert *cert = NULL;
+ netsnmp_key *key = NULL;
+ char certfile[SNMP_MAXPATH];
+ int type;
++ int offset = 0;
+
+ if (((const void*)NULL == dirname) || (NULL == filename))
+ return -1;
+
+ type = _type_from_filename(filename);
+- netsnmp_assert(type != NS_CERT_TYPE_UNKNOWN);
++ if (type == NS_CERT_TYPE_UNKNOWN) {
++ snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignoring\n", filename);
++ return -1;
++ }
+
+- snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename);
++ certbio = netsnmp_open_bio(dirname, filename);
++ if (!certbio) {
++ return -1;
++ }
+
+- DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename,
+- type));
++ switch (type) {
+
+- if (NS_CERT_TYPE_KEY == type) {
+- key = _new_key(dirname, filename);
+- if (NULL == key)
+- return -1;
+- okey = netsnmp_okey_get(key);
+- if (NULL == okey) {
+- netsnmp_key_free(key);
+- return -1;
+- }
+- key->okey = okey;
+- if (-1 == CONTAINER_INSERT(_keys, key)) {
+- DEBUGMSGT(("cert:key:file:add:err",
+- "error inserting key into container\n"));
+- netsnmp_key_free(key);
+- key = NULL;
+- }
+- }
+- else {
+- cert = _new_cert(dirname, filename, type, -1, NULL, NULL, NULL);
+- if (NULL == cert)
+- return -1;
+- ocert = netsnmp_ocert_get(cert);
+- if (NULL == ocert) {
+- netsnmp_cert_free(cert);
+- return -1;
+- }
+- cert->ocert = ocert;
+- if (-1 == CONTAINER_INSERT(_certs, cert)) {
+- DEBUGMSGT(("cert:file:add:err",
+- "error inserting cert into container\n"));
+- netsnmp_cert_free(cert);
+- cert = NULL;
+- }
+- }
+- if ((NULL == cert) && (NULL == key)) {
+- DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile));
+- return -1;
++ case NS_CERT_TYPE_KEY:
++
++ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
++ if (NULL == okey)
++ snmp_log(LOG_ERR, "error parsing key file %s\n",
++ key->info.filename);
++ else {
++ key = _add_key(okey, dirname, filename, index);
++ if (NULL == key) {
++ EVP_PKEY_free(okey);
++ okey = NULL;
++ }
++ }
++ break;
++
++ case NS_CERT_TYPE_DER:
++
++ ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */
++ if (NULL != ocert) {
++ if (!_add_cert(ocert, dirname, filename, type, 0, index)) {
++ X509_free(ocert);
++ ocert = NULL;
++ }
++ break;
++ }
++ (void)BIO_reset(certbio);
++ /* Check for PEM if DER didn't work */
++ /* FALLTHROUGH */
++
++ case NS_CERT_TYPE_PEM:
++
++ if (NS_CERT_TYPE_DER == type) {
++ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
++ type = NS_CERT_TYPE_PEM;
++ }
++ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
++ if (NULL != ocert) {
++ cert = _add_cert(ncert, dirname, filename, type, offset, index);
++ if (NULL == cert) {
++ X509_free(ocert);
++ ocert = ncert = NULL;
++ }
++ }
++ while (NULL != ncert) {
++ offset = BIO_tell(certbio);
++ ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
++ if (ncert) {
++ if (NULL == _add_cert(ncert, dirname, filename, type, offset, index)) {
++ X509_free(ncert);
++ ncert = NULL;
++ }
++ }
++ }
++
++ BIO_seek(certbio, offset);
++
++ /** check for private key too */
++ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
++
++ if (NULL != okey) {
++ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
++ cert->info.filename));
++ key = _add_key(okey, dirname, filename, NULL);
++ if (NULL != key) {
++ DEBUGMSGT(("cert:read:partner", "%s match found!\n",
++ cert->info.filename));
++ key->cert = cert;
++ cert->key = key;
++ cert->info.allowed_uses |= NS_CERT_IDENTITY;
++ }
++ else {
++ EVP_PKEY_free(okey);
++ okey = NULL;
++ }
++ }
++
++ break;
++
++#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
++ case NS_CERT_TYPE_PKCS12:
++#endif
++
++ default:
++ break;
+ }
+
+- if (index) {
+- /** filename = NAME_MAX = 255 */
+- /** fingerprint max = 64*3=192 for sha512 */
+- /** common name / CN = 64 */
+- if (cert)
+- fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename,
+- cert->info.type, cert->hash_type, cert->fingerprint,
+- cert->common_name, cert->subject);
+- else if (key)
+- fprintf(index, "k:%s\n", filename);
++ BIO_vfree(certbio);
++
++ if ((NULL == ocert) && (NULL == okey)) {
++ snmp_log(LOG_ERR, "certificate file '%s' contained neither certificate nor key, ignoring\n", certfile);
++ return -1;
+ }
+
+ return 0;
+@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+ struct stat idx_stat;
+ char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
+ char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
+- char subject[SNMP_MAXBUF_SMALL], hash_str[15];
++ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15];
++ ssize_t offset;
+ int count = 0, type, hash, version;
+ netsnmp_cert *cert;
+ netsnmp_key *key;
+@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+ netsnmp_directory_container_read_some(NULL, dirname,
+ _time_filter, &idx_stat,
+ NETSNMP_DIR_NSFILE |
+- NETSNMP_DIR_NSFILE_STATS);
++ NETSNMP_DIR_NSFILE_STATS |
++ NETSNMP_DIR_ALLOW_DUPLICATES);
+ if (newer) {
+ DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
+ CONTAINER_FREE_ALL(newer, NULL);
+@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+ pos = &tmpstr[2];
+ if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
+ (NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
++ (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) ||
+ (NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
+ (NULL == (pos=copy_nword(pos, fingerprint,
+ sizeof(fingerprint)))) ||
+@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
+ break;
+ }
+ type = atoi(type_str);
++ offset = atoi(offset_str);
+ hash = atoi(hash_str);
+- cert = _new_cert(dirname, filename, type, hash, fingerprint,
++ cert = _new_cert(dirname, filename, type, offset, hash, fingerprint,
+ common_name, subject);
+ if (cert && 0 == CONTAINER_INSERT(found, cert))
+ ++count;
+@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname)
+ netsnmp_directory_container_read_some(NULL, dirname,
+ _cert_cert_filter, NULL,
+ NETSNMP_DIR_RELATIVE_PATH |
+- NETSNMP_DIR_EMPTY_OK );
++ NETSNMP_DIR_EMPTY_OK |
++ NETSNMP_DIR_ALLOW_DUPLICATES);
+ if (NULL == cert_container) {
+ DEBUGMSGT(("cert:index:dir",
+ "error creating container for cert files\n"));
+@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context)
+ if (NULL == c)
+ return;
+
+- DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.dir));
++ DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filename, c->info.dir, c->offset));
+ DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
+ c->info.type, c->info.allowed_uses,
+ _mode_str(c->info.allowed_uses)));
+@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint)
+ netsnmp_void_array *matching;
+
+ DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
+- matching = _cert_find_subset_fn( filename, NULL );
++ matching = _cert_reduce_subset_what(_cert_find_subset_fn(
++ filename, NULL ), what);
+ if (!matching)
+ return NULL;
+ if (1 == matching->size)
+@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
+ }
+ }
+
++/*
++ * reduce subset by eliminating any certificates that are not the
++ * first certficate in a file. This allows us to ignore certificate
++ * chains when testing for specific certificates, and to match keys
++ * to the first certificate only.
++ */
++static netsnmp_void_array *
++_cert_reduce_subset_first(netsnmp_void_array *matching)
++{
++ netsnmp_cert *cc;
++ int i = 0, j, newsize;
++
++ if ((NULL == matching))
++ return matching;
++
++ newsize = matching->size;
++
++ for( ; i < matching->size; ) {
++ /*
++ * if we've shifted matches down we'll hit a NULL entry before
++ * we hit the end of the array.
++ */
++ if (NULL == matching->array[i])
++ break;
++ /*
++ * skip over valid matches. The first entry has an offset of zero.
++ */
++ cc = (netsnmp_cert*)matching->array[i];
++ if (0 == cc->offset) {
++ ++i;
++ continue;
++ }
++ /*
++ * shrink array by shifting everything down a spot. Might not be
++ * the most efficient soloution, but this is just happening at
++ * startup and hopefully most certs won't have common prefixes.
++ */
++ --newsize;
++ for ( j=i; j < newsize; ++j )
++ matching->array[j] = matching->array[j+1];
++ matching->array[j] = NULL;
++ /** no ++i; just shifted down, need to look at same position again */
++ }
++ /*
++ * if we shifted, set the new size
++ */
++ if (newsize != matching->size) {
++ DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d to %d\n",
++ matching->size, newsize));
++ matching->size = newsize;
++ }
++
++ if (0 == matching->size) {
++ free(matching->array);
++ SNMP_FREE(matching);
++ }
++
++ return matching;
++}
++
++/*
++ * reduce subset by eliminating any certificates that do not match
++ * purpose specified.
++ */
++static netsnmp_void_array *
++_cert_reduce_subset_what(netsnmp_void_array *matching, int what)
++{
++ netsnmp_cert_common *cc;
++ int i = 0, j, newsize;
++
++ if ((NULL == matching))
++ return matching;
++
++ newsize = matching->size;
++
++ for( ; i < matching->size; ) {
++ /*
++ * if we've shifted matches down we'll hit a NULL entry before
++ * we hit the end of the array.
++ */
++ if (NULL == matching->array[i])
++ break;
++ /*
++ * skip over valid matches. The first entry has an offset of zero.
++ */
++ cc = (netsnmp_cert_common *)matching->array[i];
++ if ((cc->allowed_uses & what)) {
++ ++i;
++ continue;
++ }
++ /*
++ * shrink array by shifting everything down a spot. Might not be
++ * the most efficient soloution, but this is just happening at
++ * startup and hopefully most certs won't have common prefixes.
++ */
++ --newsize;
++ for ( j=i; j < newsize; ++j )
++ matching->array[j] = matching->array[j+1];
++ matching->array[j] = NULL;
++ /** no ++i; just shifted down, need to look at same position again */
++ }
++ /*
++ * if we shifted, set the new size
++ */
++ if (newsize != matching->size) {
++ DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to %d\n",
++ matching->size, newsize));
++ matching->size = newsize;
++ }
++
++ if (0 == matching->size) {
++ free(matching->array);
++ SNMP_FREE(matching);
++ }
++
++ return matching;
++}
++
+ static netsnmp_void_array *
+ _cert_find_subset_common(const char *filename, netsnmp_container *container)
+ {
+diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
+index c2dd989..e7145e4 100644
+--- a/snmplib/dir_utils.c
++++ b/snmplib/dir_utils.c
+@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
+ /** default to unsorted */
+ if (! (flags & NETSNMP_DIR_SORTED))
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
++ /** default to duplicates not allowed */
++ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
++ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+ }
+
+ dir = opendir(dirname);
diff --git a/net-snmp/patches/net-snmp-5.9-memory-reporting.patch b/net-snmp/patches/net-snmp-5.9-memory-reporting.patch
new file mode 100644
index 000000000..3db8d51f6
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.9-memory-reporting.patch
@@ -0,0 +1,28 @@
+diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
+index 6d5e86c..68b55d2 100644
+--- a/agent/mibgroup/hardware/memory/memory_linux.c
++++ b/agent/mibgroup/hardware/memory/memory_linux.c
+@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
+ if (first)
+ snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
+ }
++ b = strstr(buff, "SReclaimable: ");
++ if (b)
++ sscanf(b, "SReclaimable: %lu", &sreclaimable);
++ else {
++ if (first)
++ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
++ }
+ b = strstr(buff, "SwapFree: ");
+ if (b)
+ sscanf(b, "SwapFree: %lu", &swapfree);
+@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
+ if (first)
+ snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
+ }
+- b = strstr(buff, "SReclaimable: ");
+- if (b)
+- sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ first = 0;
+
+
diff --git a/net-snmp/patches/net-snmp-5.7.2-pie.patch b/net-snmp/patches/net-snmp-5.9-pie.patch
similarity index 56%
rename from net-snmp/patches/net-snmp-5.7.2-pie.patch
rename to net-snmp/patches/net-snmp-5.9-pie.patch
index ee02001b3..a79290413 100644
--- a/net-snmp/patches/net-snmp-5.7.2-pie.patch
+++ b/net-snmp/patches/net-snmp-5.9-pie.patch
@@ -1,7 +1,8 @@
-diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in
---- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
-+++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200
-@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
+diff --git a/agent/Makefile.in b/agent/Makefile.in
+index 047d880..38d40aa 100644
+--- a/agent/Makefile.in
++++ b/agent/Makefile.in
+@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
@@ -9,11 +10,12 @@ diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
- $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@
-diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in
---- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
-+++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200
-@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX
+ $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
+diff --git a/apps/Makefile.in b/apps/Makefile.in
+index 3dbb1d1..48ed23a 100644
+--- a/apps/Makefile.in
++++ b/apps/Makefile.in
+@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
diff --git a/net-snmp/patches/net-snmp-5.9.1-autoconf.patch b/net-snmp/patches/net-snmp-5.9.1-autoconf.patch
new file mode 100644
index 000000000..5c6b2a9de
--- /dev/null
+++ b/net-snmp/patches/net-snmp-5.9.1-autoconf.patch
@@ -0,0 +1,6 @@
+diff -urNp a/dist/autoconf-version b/dist/autoconf-version
+--- a/dist/autoconf-version 2021-09-01 11:18:14.582110773 +0200
++++ b/dist/autoconf-version 2021-09-01 11:20:16.804369533 +0200
+@@ -1 +1 @@
+-2.69
++2.71
--
2.30.2
next prev parent reply other threads:[~2023-02-17 7:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-16 17:12 [PATCH] net-snmp: Update to 5.9.1 Stefan Schantl
2023-02-16 17:17 ` Michael Tremer
2023-02-16 18:07 ` Stefan Schantl
2023-02-17 7:07 ` Stefan Schantl [this message]
2023-02-20 16:31 ` Michael Tremer
2023-02-20 16:46 ` Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230217070711.162747-1-stefan.schantl@ipfire.org \
--to=stefan.schantl@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox