From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCHv2] net-snmp: Update to 5.9.3 Date: Fri, 17 Feb 2023 08:07:11 +0100 Message-ID: <20230217070711.162747-1-stefan.schantl@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8100630308130721787==" List-Id: --===============8100630308130721787== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable * Update patchset * Drop perl modules * Drop additional script which are related on the SNMP perl modules or depricated ones. Signed-off-by: Stefan Schantl --- net-snmp/net-snmp.nm | 44 +- .../patches/net-snmp-5.5-apsl-copying.patch | 354 ---- net-snmp/patches/net-snmp-5.5-dir-fix.patch | 14 - .../patches/net-snmp-5.5-perl-linking.patch | 16 - net-snmp/patches/net-snmp-5.6-multilib.patch | 45 - .../patches/net-snmp-5.6-test-debug.patch | 29 - net-snmp/patches/net-snmp-5.7.2-systemd.patch | 1650 ----------------- .../patches/net-snmp-5.7.3-iterator-fix.patch | 14 + .../net-snmp-5.8-Remove-U64-typedef.patch | 12 + ...et-snmp-5.8-clientaddr-error-message.patch | 35 + .../net-snmp-5.8-duplicate-ipAddress.patch | 11 + .../net-snmp-5.8-ipAddress-faster-load.patch | 82 + net-snmp/patches/net-snmp-5.8-man-page.patch | 36 + .../patches/net-snmp-5.9-aes-config.patch | 18 + .../patches/net-snmp-5.9-autofs-skip.patch | 12 + net-snmp/patches/net-snmp-5.9-coverity.patch | 22 + net-snmp/patches/net-snmp-5.9-dir-fix.patch | 30 + .../net-snmp-5.9-intermediate-certs.patch | 855 +++++++++ .../net-snmp-5.9-memory-reporting.patch | 28 + ...5.7.2-pie.patch =3D> net-snmp-5.9-pie.patch} | 20 +- .../patches/net-snmp-5.9.1-autoconf.patch | 6 + 21 files changed, 1191 insertions(+), 2142 deletions(-) delete mode 100644 net-snmp/patches/net-snmp-5.5-apsl-copying.patch delete mode 100644 net-snmp/patches/net-snmp-5.5-dir-fix.patch delete mode 100644 net-snmp/patches/net-snmp-5.5-perl-linking.patch delete mode 100644 net-snmp/patches/net-snmp-5.6-multilib.patch delete mode 100644 net-snmp/patches/net-snmp-5.6-test-debug.patch delete mode 100644 net-snmp/patches/net-snmp-5.7.2-systemd.patch create mode 100644 net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch create mode 100644 net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch create mode 100644 net-snmp/patches/net-snmp-5.8-clientaddr-error-message.pa= tch create mode 100644 net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch create mode 100644 net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch create mode 100644 net-snmp/patches/net-snmp-5.8-man-page.patch create mode 100644 net-snmp/patches/net-snmp-5.9-aes-config.patch create mode 100644 net-snmp/patches/net-snmp-5.9-autofs-skip.patch create mode 100644 net-snmp/patches/net-snmp-5.9-coverity.patch create mode 100644 net-snmp/patches/net-snmp-5.9-dir-fix.patch create mode 100644 net-snmp/patches/net-snmp-5.9-intermediate-certs.patch create mode 100644 net-snmp/patches/net-snmp-5.9-memory-reporting.patch rename net-snmp/patches/{net-snmp-5.7.2-pie.patch =3D> net-snmp-5.9-pie.patc= h} (56%) create mode 100644 net-snmp/patches/net-snmp-5.9.1-autoconf.patch diff --git a/net-snmp/net-snmp.nm b/net-snmp/net-snmp.nm index 9e86e355d..ac5cb8fe7 100644 --- a/net-snmp/net-snmp.nm +++ b/net-snmp/net-snmp.nm @@ -4,7 +4,7 @@ ############################################################################= ### =20 name =3D net-snmp -version =3D 5.7.3 +version =3D 5.9.3 release =3D 1 =20 groups =3D Networking/Daemons @@ -29,16 +29,12 @@ build elfutils-devel lm-sensors-devel >=3D 3 openssl-devel - perl(ExtUtils::Embed) procps - python-setuptools - python-devel + python3-devel + python3-setuptools systemd-devel - systemd-units end =20 - PARALLELISMFLAGS =3D # No parallel build - prepare_cmds autoreconf -vfi end @@ -64,25 +60,17 @@ build --enable-ucd-snmp-compatibility \ --with-openssl \ --with-pic \ - --enable-embedded-perl \ --enable-as-needed \ - --with-perl-modules=3D"INSTALLDIRS=3Dvendor" \ --enable-mfd-rewrites \ --enable-local-smux \ --with-temp-file-pattern=3D/var/run/net-snmp/snmp-tmp-XXXXXX \ --with-transports=3D"DTLSUDP TLSTCP" \ --with-security-modules=3Dtsm \ - --with-systemd - - build_cmds - # Remove rpath from compiled perl libs - find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \; - - # Compile python module - pushd python - %{python} setup.py --basedir=3D".." build - popd - end + --with-systemd \ + --with-default-snmp-version=3D"3" \ + --without-perl-modules \ + --disable-embedded-perl \ + --with-python-modules =20 install_cmds # Remove stuff we don't want to distribute. @@ -95,11 +83,6 @@ build # Copy missing mib2c.conf files. install -v -m 644 local/mib2c.*.conf %{BUILDROOT}%{datadir}/snmp =20 - # Install python module. - pushd python - %{python} setup.py --basedir=3D".." install -O1 --skip-build --root %{BUIL= DROOT} - popd - # Make libs executable. find %{BUILDROOT} -name "*.so" | xargs chmod -v 755 =20 @@ -113,6 +96,17 @@ build # Prepare runtime directories. mkdir -pv %{BUILDROOT}%{localstatedir}/{lib,run}/net-snmp =20 + # Remove scripts in /bin which requires the SNMP + # perl bindings. + rm -rvf %{BUILDROOT}%{bindir}/net-snmp-cert + rm -rvf %{BUILDROOT}%{bindir}/tkmib + rm -rvf %{BUILDROOT}%{bindir}/mib2c + rm -rvf %{BUILDROOT}%{bindir}/snmp-bridge-mib + + # Remove checkbandwidth script + # This uses a deprecated perl module (Mail::Sender) + rm -rvf %{BUILDROOT}%{bindir}/checkbandwidth + # Remove more RPATHs. find %{BUILDROOT}%{bindir} -type f -print \ -exec chrpath --delete {} \; diff --git a/net-snmp/patches/net-snmp-5.5-apsl-copying.patch b/net-snmp/patc= hes/net-snmp-5.5-apsl-copying.patch deleted file mode 100644 index 5ae7ca30c..000000000 --- a/net-snmp/patches/net-snmp-5.5-apsl-copying.patch +++ /dev/null @@ -1,354 +0,0 @@ -Add APSL 2.0 license to the COPYING file. - -There is only one file covered by this license: -net-snmp-5.5/agent/mibgroup/host/data_access/swrun_darwin.c - -This file is not used on Linux at all, it's only present in source -tarball and net-snmp.src.rpm. - -In addition, it's licensed under APSL 1.1, but it allows to relicense -the code to 'any subsequent version of this License published by Apple'. -According to http://fedoraproject.org/wiki/Licensing, APSL ver. 2.0 is -better for us. - -diff -up net-snmp-5.7.3/COPYING.skiFvk net-snmp-5.7.3/COPYING ---- net-snmp-5.7.3/COPYING.skiFvk 2015-02-17 13:33:15.963257594 +0100 -+++ net-snmp-5.7.3/COPYING 2015-02-17 13:33:37.931241818 +0100 -@@ -325,3 +325,337 @@ PROFITS; OR BUSINESS INTERRUPTION) HOWEV - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+---- Part 11: APPLE PUBLIC SOURCE LICENSE (APSL 2.0) ---- -+ -+Version 2.0 - August 6, 2003 -+ -+Please read this License carefully before downloading this software. By -+downloading or using this software, you are agreeing to be bound by the ter= ms -+of this License. If you do not or cannot agree to the terms of this Licens= e, -+please do not download or use the software. -+ -+Apple Note: In January 2007, Apple changed its corporate name from "Apple -+Computer, Inc." to "Apple Inc." This change has been reflected below and -+copyright years updated, but no other changes have been made to the APSL 2.= 0. -+ -+1. General; Definitions. This License applies to any program or other -+work which Apple Inc. ("Apple") makes publicly available and which contains= a -+notice placed by Apple identifying such program or work as "Original Code" = and -+stating that it is subject to the terms of this Apple Public Source License -+version 2.0 ("License"). As used in this License: -+ -+1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is the -+grantor of rights, (i) claims of patents that are now or hereafter acquired, -+owned by or assigned to Apple and (ii) that cover subject matter contained = in -+the Original Code, but only to the extent necessary to use, reproduce and/or -+distribute the Original Code without infringement; and (b) in the case where -+You are the grantor of rights, (i) claims of patents that are now or hereaf= ter -+acquired, owned by or assigned to You and (ii) that cover subject matter in -+Your Modifications, taken alone or in combination with Original Code. -+ -+1.2 "Contributor" means any person or entity that creates or contributes to -+the creation of Modifications. -+ -+1.3 "Covered Code" means the Original Code, Modifications, the combination -+of Original Code and any Modifications, and/or any respective portions ther= eof. -+ -+1.4 "Externally Deploy" means: (a) to sublicense, distribute or otherwise -+make Covered Code available, directly or indirectly, to anyone other than Y= ou; -+and/or (b) to use Covered Code, alone or as part of a Larger Work, in any w= ay -+to provide a service, including but not limited to delivery of content, thr= ough -+electronic communication with a client other than You. -+ -+1.5 "Larger Work" means a work which combines Covered Code or portions -+thereof with code not governed by the terms of this License. -+ -+1.6 "Modifications" mean any addition to, deletion from, and/or change to, -+the substance and/or structure of the Original Code, any previous -+Modifications, the combination of Original Code and any previous Modificati= ons, -+and/or any respective portions thereof. When code is released as a series = of -+files, a Modification is: (a) any addition to or deletion from the content= s of -+a file containing Covered Code; and/or (b) any new file or other representa= tion -+of computer program statements that contains any part of Covered Code.=20 -+ -+1.7 "Original Code" means (a) the Source Code of a program or other work as -+originally made available by Apple under this License, including the Source -+Code of any updates or upgrades to such programs or works made available by -+Apple under this License, and that has been expressly identified by Apple as -+such in the header file(s) of such work; and (b) the object code compiled f= rom -+such Source Code and originally made available by Apple under this License -+ -+1.8 "Source Code" means the human readable form of a program or other work -+that is suitable for making modifications to it, including all modules it -+contains, plus any associated interface definition files, scripts used to -+control compilation and installation of an executable (object code). -+ -+1.9 "You" or "Your" means an individual or a legal entity exercising rights -+under this License. For legal entities, "You" or "Your" includes any entity -+which controls, is controlled by, or is under common control with, You, whe= re -+"control" means (a) the power, direct or indirect, to cause the direction or -+management of such entity, whether by contract or otherwise, or (b) ownersh= ip -+of fifty percent (50%) or more of the outstanding shares or beneficial -+ownership of such entity. -+ -+2. Permitted Uses; Conditions & Restrictions. Subject to the terms and -+conditions of this License, Apple hereby grants You, effective on the date = You -+accept this License and download the Original Code, a world-wide, royalty-f= ree, -+non-exclusive license, to the extent of Apple's Applicable Patent Rights and -+copyrights covering the Original Code, to do the following: -+ -+2.1 Unmodified Code. You may use, reproduce, display, perform, internally -+distribute within Your organization, and Externally Deploy verbatim, unmodi= fied -+copies of the Original Code, for commercial or non-commercial purposes, -+provided that in each instance: -+ -+(a) You must retain and reproduce in all copies of Original Code the -+copyright and other proprietary notices and disclaimers of Apple as they ap= pear -+in the Original Code, and keep intact all notices in the Original Code that -+refer to this License; and -+ -+(b) You must include a copy of this License with every copy of Source Code -+of Covered Code and documentation You distribute or Externally Deploy, and = You -+may not offer or impose any terms on such Source Code that alter or restrict -+this License or the recipients' rights hereunder, except as permitted under -+Section 6. -+ -+2.2 Modified Code. You may modify Covered Code and use, reproduce, -+display, perform, internally distribute within Your organization, and -+Externally Deploy Your Modifications and Covered Code, for commercial or -+non-commercial purposes, provided that in each instance You also meet all of -+these conditions: -+ -+(a) You must satisfy all the conditions of Section 2.1 with respect to the -+Source Code of the Covered Code;=20 -+ -+(b) You must duplicate, to the extent it does not already exist, the notice -+in Exhibit A in each file of the Source Code of all Your Modifications, and -+cause the modified files to carry prominent notices stating that You changed -+the files and the date of any change; and -+ -+(c) If You Externally Deploy Your Modifications, You must make Source Code -+of all Your Externally Deployed Modifications either available to those to = whom -+You have Externally Deployed Your Modifications, or publicly available. So= urce -+Code of Your Externally Deployed Modifications must be released under the t= erms -+set forth in this License, including the license grants set forth in Sectio= n 3 -+below, for as long as you Externally Deploy the Covered Code or twelve (12) -+months from the date of initial External Deployment, whichever is longer. Y= ou -+should preferably distribute the Source Code of Your Externally Deployed -+Modifications electronically (e.g. download from a web site). -+ -+2.3 Distribution of Executable Versions. In addition, if You Externally -+Deploy Covered Code (Original Code and/or Modifications) in object code, -+executable form only, You must include a prominent notice, in the code itse= lf -+as well as in related documentation, stating that Source Code of the Covered -+Code is available under the terms of this License with information on how a= nd -+where to obtain such Source Code. =20 -+ -+2.4 Third Party Rights. You expressly acknowledge and agree that although -+Apple and each Contributor grants the licenses to their respective portions= of -+the Covered Code set forth herein, no assurances are provided by Apple or a= ny -+Contributor that the Covered Code does not infringe the patent or other -+intellectual property rights of any other entity. Apple and each Contributor -+disclaim any liability to You for claims brought by any other entity based = on -+infringement of intellectual property rights or otherwise. As a condition to -+exercising the rights and licenses granted hereunder, You hereby assume sole -+responsibility to secure any other intellectual property rights needed, if = any. -+For example, if a third party patent license is required to allow You to -+distribute the Covered Code, it is Your responsibility to acquire that lice= nse -+before distributing the Covered Code. -+ -+3. Your Grants. In consideration of, and as a condition to, the licenses -+granted to You under this License, You hereby grant to any person or entity -+receiving or distributing Covered Code under this License a non-exclusive, -+royalty-free, perpetual, irrevocable license, under Your Applicable Patent -+Rights and other intellectual property rights (other than patent) owned or -+controlled by You, to use, reproduce, display, perform, modify, sublicense, -+distribute and Externally Deploy Your Modifications of the same scope and -+extent as Apple's licenses under Sections 2.1 and 2.2 above. =20 -+ -+4. Larger Works. You may create a Larger Work by combining Covered Code -+with other code not governed by the terms of this License and distribute the -+Larger Work as a single product. In each such instance, You must make sure= the -+requirements of this License are fulfilled for the Covered Code or any port= ion -+thereof.=20 -+ -+5. Limitations on Patent License. Except as expressly stated in Section -+2, no other patent rights, express or implied, are granted by Apple herein. -+Modifications and/or Larger Works may require additional patent licenses fr= om -+Apple which Apple may grant in its sole discretion. =20 -+ -+6. Additional Terms. You may choose to offer, and to charge a fee for, -+warranty, support, indemnity or liability obligations and/or other rights -+consistent with the scope of the license granted herein ("Additional Terms"= ) to -+one or more recipients of Covered Code. However, You may do so only on Your= own -+behalf and as Your sole responsibility, and not on behalf of Apple or any -+Contributor. You must obtain the recipient's agreement that any such Additi= onal -+Terms are offered by You alone, and You hereby agree to indemnify, defend a= nd -+hold Apple and every Contributor harmless for any liability incurred by or -+claims asserted against Apple or such Contributor by reason of any such -+Additional Terms.=20 -+ -+7. Versions of the License. Apple may publish revised and/or new versions -+of this License from time to time. Each version will be given a distinguis= hing -+version number. Once Original Code has been published under a particular -+version of this License, You may continue to use it under the terms of that -+version. You may also choose to use such Original Code under the terms of a= ny -+subsequent version of this License published by Apple. No one other than A= pple -+has the right to modify the terms applicable to Covered Code created under = this -+License. =20 -+ -+8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in -+part pre-release, untested, or not fully tested works. The Covered Code may -+contain errors that could cause failures or loss of data, and may be incomp= lete -+or contain inaccuracies. You expressly acknowledge and agree that use of t= he -+Covered Code, or any portion thereof, is at Your sole and entire risk. THE -+COVERED CODE IS PROVIDED "AS IS" AND WITHOUT WARRANTY, UPGRADES OR SUPPORT = OF -+ANY KIND AND APPLE AND APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "AP= PLE" -+FOR THE PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLA= IM -+ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT -+LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, OF -+SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF ACCURACY, OF -+QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. APPLE AND EACH -+CONTRIBUTOR DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE -+COVERED CODE, THAT THE FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YO= UR -+REQUIREMENTS, THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED = OR -+ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO ORAL= OR -+WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE AUTHORIZED -+REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY. You acknowledge -+that the Covered Code is not intended for use in the operation of nuclear -+facilities, aircraft navigation, communication systems, or air traffic cont= rol -+machines in which case the failure of the Covered Code could lead to death, -+personal injury, or severe physical or environmental damage. -+ -+9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO -+EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL, SPECIAL, -+INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO THIS LICENS= E OR -+YOUR USE OR INABILITY TO USE THE COVERED CODE, OR ANY PORTION THEREOF, WHET= HER -+UNDER A THEORY OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCTS -+LIABILITY OR OTHERWISE, EVEN IF APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED = OF -+THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL -+PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF -+LIABILITY OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT -+APPLY TO YOU. In no event shall Apple's total liability to You for all dama= ges -+(other than as may be required by applicable law) under this License exceed= the -+amount of fifty dollars ($50.00). -+ -+10. Trademarks. This License does not grant any rights to use the -+trademarks or trade names "Apple", "Mac", "Mac OS", "QuickTime", "QuickTime -+Streaming Server" or any other trademarks, service marks, logos or trade na= mes -+belonging to Apple (collectively "Apple Marks") or to any trademark, service -+mark, logo or trade name belonging to any Contributor. You agree not to use -+any Apple Marks in or as part of the name of products derived from the Orig= inal -+Code or to endorse or promote products derived from the Original Code other -+than as expressly permitted by and in strict compliance at all times with -+Apple's third party trademark usage guidelines which are posted at -+http://www.apple.com/legal/guidelinesfor3rdparties.html. =20 -+ -+11. Ownership. Subject to the licenses granted under this License, each -+Contributor retains all rights, title and interest in and to any Modificati= ons -+made by such Contributor. Apple retains all rights, title and interest in = and -+to the Original Code and any Modifications made by or on behalf of Apple -+("Apple Modifications"), and such Apple Modifications will not be automatic= ally -+subject to this License. Apple may, at its sole discretion, choose to lice= nse -+such Apple Modifications under this License, or on different terms from tho= se -+contained in this License or may choose not to license them at all. =20 -+ -+12. Termination. =20 -+ -+12.1 Termination. This License and the rights granted hereunder will -+terminate: -+ -+(a) automatically without notice from Apple if You fail to comply with any -+term(s) of this License and fail to cure such breach within 30 days of beco= ming -+aware of such breach; (b) immediately in the event of the circumstances -+described in Section 13.5(b); or (c) automatically without notice from Apple -+if You, at any time during the term of this License, commence an action for -+patent infringement against Apple; provided that Apple did not first commen= ce -+an action for patent infringement against You in that instance. -+ -+12.2 Effect of Termination. Upon termination, You agree to immediately stop -+any further use, reproduction, modification, sublicensing and distribution = of -+the Covered Code. All sublicenses to the Covered Code which have been prop= erly -+granted prior to termination shall survive any termination of this License. -+Provisions which, by their nature, should remain in effect beyond the -+termination of this License shall survive, including but not limited to -+Sections 3, 5, 8, 9, 10, 11, 12.2 and 13. No party will be liable to any o= ther -+for compensation, indemnity or damages of any sort solely as a result of -+terminating this License in accordance with its terms, and termination of t= his -+License will be without prejudice to any other right or remedy of any party. -+ -+13. Miscellaneous. -+ -+13.1 Government End Users. The Covered Code is a "commercial item" as -+defined in FAR 2.101. Government software and technical data rights in the -+Covered Code include only those rights customarily provided to the public as -+defined in this License. This customary commercial license in technical data -+and software is provided in accordance with FAR 12.211 (Technical Data) and -+12.212 (Computer Software) and, for Department of Defense purchases, DFAR -+252.227-7015 (Technical Data -- Commercial Items) and 227.7202-3 (Rights in -+Commercial Computer Software or Computer Software Documentation). Accordin= gly, -+all U.S. Government End Users acquire Covered Code with only those rights s= et -+forth herein. -+ -+13.2 Relationship of Parties. This License will not be construed as -+creating an agency, partnership, joint venture or any other form of legal -+association between or among You, Apple or any Contributor, and You will not -+represent to the contrary, whether expressly, by implication, appearance or -+otherwise. -+ -+13.3 Independent Development. Nothing in this License will impair Apple's -+right to acquire, license, develop, have others develop for it, market and/= or -+distribute technology or products that perform the same or similar functions -+as, or otherwise compete with, Modifications, Larger Works, technology or -+products that You may develop, produce, market or distribute. -+ -+13.4 Waiver; Construction. Failure by Apple or any Contributor to enforce -+any provision of this License will not be deemed a waiver of future enforce= ment -+of that or any other provision. Any law or regulation which provides that = the -+language of a contract shall be construed against the drafter will not appl= y to -+this License. -+ -+13.5 Severability. (a) If for any reason a court of competent jurisdiction -+finds any provision of this License, or portion thereof, to be unenforceabl= e, -+that provision of the License will be enforced to the maximum extent -+permissible so as to effect the economic benefits and intent of the parties, -+and the remainder of this License will continue in full force and effect. = (b) -+Notwithstanding the foregoing, if applicable law prohibits or restricts You -+from fully and/or specifically complying with Sections 2 and/or 3 or preven= ts -+the enforceability of either of those Sections, this License will immediate= ly -+terminate and You must immediately discontinue any use of the Covered Code = and -+destroy all copies of it that are in your possession or control. -+ -+13.6 Dispute Resolution. Any litigation or other dispute resolution between -+You and Apple relating to this License shall take place in the Northern -+District of California, and You and Apple hereby consent to the personal -+jurisdiction of, and venue in, the state and federal courts within that -+District with respect to this License. The application of the United Nations -+Convention on Contracts for the International Sale of Goods is expressly -+excluded. -+ -+13.7 Entire Agreement; Governing Law. This License constitutes the entire -+agreement between the parties with respect to the subject matter hereof. T= his -+License shall be governed by the laws of the United States and the State of -+California, except that body of California law concerning conflicts of law.= =20 -+ -+Where You are located in the province of Quebec, Canada, the following clau= se -+applies: The parties hereby confirm that they have requested that this Lic= ense -+and all related documents be drafted in English. Les parties ont exige que= le -+present contrat et tous les documents connexes soient rediges en anglais. -+ -+EXHIBIT A.=20 -+ -+"Portions Copyright (c) 1999-2007 Apple Inc. All Rights Reserved. -+ -+This file contains Original Code and/or Modifications of Original Code as -+defined in and that are subject to the Apple Public Source License Version = 2.0 -+(the 'License'). You may not use this file except in compliance with the -+License. Please obtain a copy of the License at -+http://www.opensource.apple.com/apsl/ and read it before using this file. -+ -+The Original Code and all software distributed under the License are -+distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRE= SS -+OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHO= UT -+LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR -+PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for t= he -+specific language governing rights and limitations under the License."=20 diff --git a/net-snmp/patches/net-snmp-5.5-dir-fix.patch b/net-snmp/patches/n= et-snmp-5.5-dir-fix.patch deleted file mode 100644 index b726c4713..000000000 --- a/net-snmp/patches/net-snmp-5.5-dir-fix.patch +++ /dev/null @@ -1,14 +0,0 @@ -Let net-snmp-create-v3-user save settings into /etc/ instead of /usr/ - -diff -up net-snmp-5.5/net-snmp-create-v3-user.in.orig net-snmp-5.5/net-snmp-= create-v3-user.in ---- net-snmp-5.5/net-snmp-create-v3-user.in.orig 2008-07-22 16:33:25.0000000= 00 +0200 -+++ net-snmp-5.5/net-snmp-create-v3-user.in 2009-09-29 16:30:36.000000000 +0= 200 -@@ -158,7 +158,7 @@ if test ! -d $outfile ; then - touch $outfile - fi - echo $line >> $outfile --outfile=3D"@datadir@/snmp/snmpd.conf" -+outfile=3D"/etc/snmp/snmpd.conf" - line=3D"$token $user" - echo "adding the following line to $outfile:" - echo " " $line diff --git a/net-snmp/patches/net-snmp-5.5-perl-linking.patch b/net-snmp/patc= hes/net-snmp-5.5-perl-linking.patch deleted file mode 100644 index ceb63630a..000000000 --- a/net-snmp/patches/net-snmp-5.5-perl-linking.patch +++ /dev/null @@ -1,16 +0,0 @@ -554747 - net-snmp-config should not contain perl options - -Remove rpath from net-snmp-config --agent-libs output. - -diff -up net-snmp-5.7/net-snmp-config.in.perl-linking net-snmp-5.7/net-snmp-= config.in ---- net-snmp-5.7/net-snmp-config.in.perl-linking 2011-07-02 00:35:46.0000000= 00 +0200 -+++ net-snmp-5.7/net-snmp-config.in 2011-07-07 13:30:01.635798817 +0200 -@@ -50,7 +50,7 @@ NSC_LDFLAGS=3D"@LDFLAGS@" -=20 - NSC_LIBS=3D"@LIBS@" - NSC_LNETSNMPLIBS=3D"@LNETSNMPLIBS@" --NSC_LAGENTLIBS=3D"@LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@" -+NSC_LAGENTLIBS=3D"@LAGENTLIBS@" - NSC_LMIBLIBS=3D"@LMIBLIBS@" -=20 - NSC_INCLUDEDIR=3D${includedir} diff --git a/net-snmp/patches/net-snmp-5.6-multilib.patch b/net-snmp/patches/= net-snmp-5.6-multilib.patch deleted file mode 100644 index 9c12385a1..000000000 --- a/net-snmp/patches/net-snmp-5.6-multilib.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up net-snmp-5.7.3/man/netsnmp_config_api.3.def.oSBcEB net-snmp-5.7.3/m= an/netsnmp_config_api.3.def ---- net-snmp-5.7.3/man/netsnmp_config_api.3.def.oSBcEB 2014-12-08 21:23:22.0= 00000000 +0100 -+++ net-snmp-5.7.3/man/netsnmp_config_api.3.def 2015-02-17 13:32:38.90328420= 7 +0100 -@@ -295,7 +295,7 @@ for one particular machine. - .PP - The default list of directories to search is \fC SYSCONFDIR/snmp\fP, - followed by \fC DATADIR/snmp\fP, --followed by \fC LIBDIR/snmp\fP, -+followed by \fC /usr/lib(64)/snmp\fP, - followed by \fC $HOME/.snmp\fP. - This list can be changed by setting the environmental variable - .I SNMPCONFPATH -@@ -365,7 +365,7 @@ function that it should abort the operat - SNMPCONFPATH - A colon separated list of directories to search for configuration - files in. --Default: SYSCONFDIR/snmp:DATADIR/snmp:LIBDIR/snmp:$HOME/.snmp -+Default: SYSCONFDIR/snmp:DATADIR/snmp:/usr/lib(64)/snmp:$HOME/.snmp - .SH "SEE ALSO" - netsnmp_mib_api(3), snmp_api(3) - .\" Local Variables: -diff -up net-snmp-5.7.3/man/snmp_config.5.def.oSBcEB net-snmp-5.7.3/man/snmp= _config.5.def ---- net-snmp-5.7.3/man/snmp_config.5.def.oSBcEB 2015-02-17 13:32:04.25130909= 2 +0100 -+++ net-snmp-5.7.3/man/snmp_config.5.def 2015-02-17 13:33:09.217262438 +0100 -@@ -10,7 +10,7 @@ First off, there are numerous places tha - found and read from. By default, the applications look for - configuration files in the following 4 directories, in order: - SYSCONFDIR/snmp, --DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these -+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these - directories, it looks for files snmp.conf, snmpd.conf and/or - snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf - and/or snmptrapd.local.conf. *.local.conf are always -diff -up net-snmp-5.7.3/man/snmpd.conf.5.def.oSBcEB net-snmp-5.7.3/man/snmpd= .conf.5.def ---- net-snmp-5.7.3/man/snmpd.conf.5.def.oSBcEB 2014-12-08 21:23:22.000000000= +0100 -+++ net-snmp-5.7.3/man/snmpd.conf.5.def 2015-02-17 13:32:04.251309092 +0100 -@@ -1502,7 +1502,7 @@ filename), and call the initialisation r - .RS - .IP "Note:" - If the specified PATH is not a fully qualified filename, it will --be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR -+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR - will be appended to the filename. - .RE - .PP diff --git a/net-snmp/patches/net-snmp-5.6-test-debug.patch b/net-snmp/patche= s/net-snmp-5.6-test-debug.patch deleted file mode 100644 index 4ae97fbee..000000000 --- a/net-snmp/patches/net-snmp-5.6-test-debug.patch +++ /dev/null @@ -1,29 +0,0 @@ -Don't check tests which depend on DNS - it's disabled in Koji - -diff -up net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug n= et-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple ---- net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug 2012-1= 0-10 00:28:58.000000000 +0200 -+++ net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple 2012-10-18 1= 0:16:39.276416510 +0200 -@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25 - SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies - SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies -=20 -+FINISHED -+ -+# don't test the later, it depends on DNS, which is not available in Koji -+ - CHECKAGENT '<"c408a"' - if [ "$snmp_last_test_result" -eq 0 ] ; then - CHECKAGENT 'line 32: Error:' -diff -up net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug = net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple ---- net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug 2012-= 10-10 00:28:58.000000000 +0200 -+++ net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple 2012-10-18 = 10:16:39.276416510 +0200 -@@ -132,6 +132,9 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff - SAVECHECKAGENT 'line 27: Error:' - SAVECHECKAGENT 'line 28: Error:' -=20 -+FINISHED -+ -+# don't test the later, it depends on DNS, which is not available in Koji - # 608 - CHECKAGENT '<"c608a"' - if [ "$snmp_last_test_result" -eq 0 ] ; then diff --git a/net-snmp/patches/net-snmp-5.7.2-systemd.patch b/net-snmp/patches= /net-snmp-5.7.2-systemd.patch deleted file mode 100644 index 4c89d608e..000000000 --- a/net-snmp/patches/net-snmp-5.7.2-systemd.patch +++ /dev/null @@ -1,1650 +0,0 @@ -718183 - Provide native systemd unit file - -Gathered from following upstream git commits and backported to 5.7. - -commit 19499c3c90bf9d7b2b9e5d08baa26cc6bba28a11 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - CHANGES: snmpd: integrated with systemd, see README.systemd for details. - =20 - It brings sd-daemon.c and .h directly downloaded from systemd. I've made= very - few changes to it to match our NETSNMP_NO_SYSTEMD and include paths. - -commit fef6cddfdb94da1a6b1fb768af62918b80f11fd3 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - CHANGES: snmptrapd: integrate systemd notification support. - -commit 0641e43c694c485cbbffef0556efc4641bd3ff50 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - Add sd_find_inet_socket() and sd_find_inet_unisx() helpers into - system-specific code. This will help us to find various sockets - created by systemd much easier. - -commit 76530a89f1c8bbd0b63acce63e10d5d4812a1a16 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - Check sockets created by systemd when opening new server sockets. - =20 - systemd can pass sockets to our daemons during startup using LISTEN_FDS - environment variable. So check this variable when opening new listening - socket - maybe system has already opened the socket for us. - -commit bf108d7f1354f6276fc43c129963f2c49b9fc242 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - Added sample systemd service files. - -commit 884ec488a6596380ba283d707827dd926a52e0b2 -Author: Jan Safranek -Date: Mon Aug 8 15:48:55 2011 +0200 - - Run autoheader+autoconf. - -commit 86132e3f1e6ef7b4e0b96d8fa24e37c81b71b0e0 -Author: Jan Safranek -Date: Tue Aug 9 10:53:43 2011 +0200 - - Update systemd documentation and samples. - =20 - - add socket unit for snmpd to paralelize boot - - update WantedBy in socket units as recommended by http://0pointer.de/b= log/projects/socket-activation.html - - rephrase README.systemd - -diff -up net-snmp-5.7.3/agent/snmpd.c.MPGqYh net-snmp-5.7.3/agent/snmpd.c ---- net-snmp-5.7.3/agent/snmpd.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/agent/snmpd.c 2015-02-17 13:34:05.736221851 +0100 -@@ -164,6 +164,10 @@ typedef long fd_mask; -=20 - #endif -=20 -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - netsnmp_feature_want(logging_file) - netsnmp_feature_want(logging_stdio) - netsnmp_feature_want(logging_syslog) -@@ -443,18 +447,26 @@ main(int argc, char *argv[]) - int agent_mode =3D -1; - char *pid_file =3D NULL; - char option_compatability[] =3D "-Le"; -+ int prepared_sockets =3D 0; - #if HAVE_GETPID - int fd; - FILE *PID; - #endif -=20 - #ifndef WIN32 -+#ifndef NETSNMP_NO_SYSYSTEMD -+ /* check if systemd has sockets for us and don't close them */ -+ prepared_sockets =3D netsnmp_sd_listen_fds(0); -+#endif /* NETSNMP_NO_SYSYSTEMD */ -+ - /* - * close all non-standard file descriptors we may have - * inherited from the shell. - */ -- for (i =3D getdtablesize() - 1; i > 2; --i) { -- (void) close(i); -+ if (!prepared_sockets) { -+ for (i =3D getdtablesize() - 1; i > 2; --i) { -+ (void) close(i); -+ } - } - #endif /* #WIN32 */ - =20 -@@ -1107,6 +1119,19 @@ main(int argc, char *argv[]) - netsnmp_addrcache_initialise(); -=20 - /* -+ * Let systemd know we're up. -+ */ -+#ifndef NETSNMP_NO_SYSTEMD -+ netsnmp_sd_notify(1, "READY=3D1\n"); -+ if (prepared_sockets) -+ /* -+ * Clear the environment variable, we already processed all the soc= kets -+ * by now. -+ */ -+ netsnmp_sd_listen_fds(1); -+#endif -+ -+ /* - * Forever monitor the dest_port for incoming PDUs. =20 - */ - DEBUGMSGTL(("snmpd/main", "We're up. Starting to process data.\n")); -diff -up net-snmp-5.7.3/apps/snmptrapd.c.MPGqYh net-snmp-5.7.3/apps/snmptrap= d.c ---- net-snmp-5.7.3/apps/snmptrapd.c.MPGqYh 2014-12-08 21:23:22.000000000 +01= 00 -+++ net-snmp-5.7.3/apps/snmptrapd.c 2015-02-17 13:34:05.736221851 +0100 -@@ -125,6 +125,10 @@ SOFTWARE. -=20 - #include -=20 -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - #ifndef BSD4_3 - #define BSD4_2 - #endif -@@ -657,15 +661,22 @@ main(int argc, char *argv[]) - int agentx_subagent =3D 1; - #endif - netsnmp_trapd_handler *traph; -+ int prepared_sockets =3D 0; -=20 -=20 - #ifndef WIN32 -+#ifndef NETSNMP_NO_SYSTEMD -+ /* check if systemd has sockets for us and don't close them */ -+ prepared_sockets =3D netsnmp_sd_listen_fds(0); -+#endif - /* - * close all non-standard file descriptors we may have - * inherited from the shell. - */ -- for (i =3D getdtablesize() - 1; i > 2; --i) { -- (void) close(i); -+ if (!prepared_sockets) { -+ for (i =3D getdtablesize() - 1; i > 2; --i) { -+ (void) close(i); -+ } - } - #endif /* #WIN32 */ - =20 -@@ -1318,6 +1329,19 @@ main(int argc, char *argv[]) - #endif - #endif -=20 -+ /* -+ * Let systemd know we're up. -+ */ -+#ifndef NETSNMP_NO_SYSTEMD -+ netsnmp_sd_notify(1, "READY=3D1\n"); -+ if (prepared_sockets) -+ /* -+ * Clear the environment variable, we already processed all the soc= kets -+ * by now. -+ */ -+ netsnmp_sd_listen_fds(1); -+#endif -+ - #ifdef WIN32SERVICE - trapd_status =3D SNMPTRAPD_RUNNING; - #endif -diff -up net-snmp-5.7.3/configure.d/config_modules_lib.MPGqYh net-snmp-5.7.3= /configure.d/config_modules_lib ---- net-snmp-5.7.3/configure.d/config_modules_lib.MPGqYh 2014-12-08 21:23:22= .000000000 +0100 -+++ net-snmp-5.7.3/configure.d/config_modules_lib 2015-02-17 13:34:05.737221= 850 +0100 -@@ -53,6 +53,14 @@ if test "x$PARTIALTARGETOS" =3D "xmingw32" - other_ftobjs_list=3D"$other_ftobjs_list winpipe.ft" - fi -=20 -+# Linux systemd -+if test "x$with_systemd" =3D=3D "xyes"; then -+ other_src_list=3D"$other_src_list sd-daemon.c" -+ other_objs_list=3D"$other_objs_list sd-daemon.o" -+ other_lobjs_list=3D"$other_lobjs_list sd-daemon.lo" -+ other_ftobjs_list=3D"$other_ftobjs_list sd-daemon.ft" -+fi -+ - AC_SUBST(other_src_list) - AC_SUBST(other_objs_list) - AC_SUBST(other_lobjs_list) -diff -up net-snmp-5.7.3/configure.d/config_project_with_enable.MPGqYh net-sn= mp-5.7.3/configure.d/config_project_with_enable ---- net-snmp-5.7.3/configure.d/config_project_with_enable.MPGqYh 2014-12-08 = 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/configure.d/config_project_with_enable 2015-02-17 13:34:0= 5.737221850 +0100 -@@ -690,6 +690,15 @@ if test "x$with_dummy_values" !=3D "xyes"; - data for]) - fi -=20 -+NETSNMP_ARG_WITH(systemd, -+[ --with-systemd Provide systemd support. See README.syste= md -+ for details.]) -+# Define unless specifically suppressed (i.e., option defaults to false). -+if test "x$with_systemd" !=3D "xyes"; then -+ AC_DEFINE(NETSNMP_NO_SYSTEMD, 1, -+ [If you don't want to integrate with systemd.]) -+fi -+ - NETSNMP_ARG_ENABLE(set-support, - [ --disable-set-support Do not allow SNMP set requests.]) - if test "x$enable_set_support" =3D "xno"; then -diff -up net-snmp-5.7.3/configure.MPGqYh net-snmp-5.7.3/configure ---- net-snmp-5.7.3/configure.MPGqYh 2014-12-08 21:23:37.000000000 +0100 -+++ net-snmp-5.7.3/configure 2015-02-17 13:34:05.744221845 +0100 -@@ -951,6 +951,8 @@ with_kmem_usage - enable_kmem_usage - with_dummy_values - enable_dummy_values -+with_systemd -+enable_systemd - enable_set_support - with_set_support - with_sys_contact -@@ -1867,6 +1869,8 @@ Configuring the agent: - This is technically not compliant with the - SNMP specifications, but was how the agent - operated for versions < 4.0. -+ --with-systemd Provide systemd support. See README.systemd -+ for details. - --with-sys-contact=3D"who(a)where" Default system contact. - (Default: LOGIN(a)DOMAINNAME) - --with-sys-location=3D"location" Default system location. -@@ -4398,6 +4402,24 @@ $as_echo "#define NETSNMP_NO_DUMMY_VALUE -=20 - fi -=20 -+ -+# Check whether --with-systemd was given. -+if test "${with_systemd+set}" =3D set; then : -+ withval=3D$with_systemd; -+fi -+ -+ # Check whether --enable-systemd was given. -+if test "${enable_systemd+set}" =3D set; then : -+ enableval=3D$enable_systemd; as_fn_error $? "Invalid option. Use --with-s= ystemd/--without-systemd instead" "$LINENO" 5 -+fi -+ -+# Define unless specifically suppressed (i.e., option defaults to false). -+if test "x$with_systemd" !=3D "xyes"; then -+ -+$as_echo "#define NETSNMP_NO_SYSTEMD 1" >>confdefs.h -+ -+fi -+ - # Check whether --enable-set-support was given. - if test "${enable_set_support+set}" =3D set; then : - enableval=3D$enable_set_support; -@@ -18639,6 +18661,14 @@ if test "x$PARTIALTARGETOS" =3D "xmingw32" - other_ftobjs_list=3D"$other_ftobjs_list winpipe.ft" - fi -=20 -+# Linux systemd -+if test "x$with_systemd" =3D=3D "xyes"; then -+ other_src_list=3D"$other_src_list sd-daemon.c" -+ other_objs_list=3D"$other_objs_list sd-daemon.o" -+ other_lobjs_list=3D"$other_lobjs_list sd-daemon.lo" -+ other_ftobjs_list=3D"$other_ftobjs_list sd-daemon.ft" -+fi -+ -=20 -=20 -=20 -diff -up net-snmp-5.7.3/dist/snmpd.service.MPGqYh net-snmp-5.7.3/dist/snmpd.= service ---- net-snmp-5.7.3/dist/snmpd.service.MPGqYh 2015-02-17 13:34:05.745221844 += 0100 -+++ net-snmp-5.7.3/dist/snmpd.service 2015-02-17 13:34:05.745221844 +0100 -@@ -0,0 +1,18 @@ -+# -+# SNMP agent service file for systemd -+# -+# -+# The service should be enabled, i.e. snmpd should start during machine boo= t. -+# Socket activation shall not be used. See README.systemd for details. -+ -+[Unit] -+Description=3DSimple Network Management Protocol (SNMP) daemon. -+After=3Dsyslog.target network.target -+ -+[Service] -+# Type=3Dnotify is also supported. It should be set when snmpd.socket is no= t used. -+Type=3Dsimple -+ExecStart=3D/usr/sbin/snmpd -f -+ -+[Install] -+WantedBy=3Dmulti-user.target -diff -up net-snmp-5.7.3/dist/snmpd.socket.MPGqYh net-snmp-5.7.3/dist/snmpd.s= ocket ---- net-snmp-5.7.3/dist/snmpd.socket.MPGqYh 2015-02-17 13:34:05.745221844 +0= 100 -+++ net-snmp-5.7.3/dist/snmpd.socket 2015-02-17 13:34:05.745221844 +0100 -@@ -0,0 +1,17 @@ -+[Unit] -+Description=3DSocket listening for SNMP and AgentX messages -+ -+[Socket] -+ListenDatagram=3D0.0.0.0:161 -+# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. -+# It must match listening addresses/ports defined in snmpd.service -+# or snmpd.conf. -+# ListenStream=3D0.0.0.0:161 -+# ListenDatagram=3D[::]:161 -+# ListenStream=3D[::]:161 -+# -+# Uncomment AgentX socket if snmpd.conf enables AgentX protocol. -+# ListenStream=3D/var/agentx/master -+ -+[Install] -+WantedBy=3Dsockets.target -diff -up net-snmp-5.7.3/dist/snmptrapd.service.MPGqYh net-snmp-5.7.3/dist/sn= mptrapd.service ---- net-snmp-5.7.3/dist/snmptrapd.service.MPGqYh 2015-02-17 13:34:05.7452218= 44 +0100 -+++ net-snmp-5.7.3/dist/snmptrapd.service 2015-02-17 13:34:05.745221844 +0100 -@@ -0,0 +1,16 @@ -+# -+# SNMP trap-processing service file for systemd -+# -+ -+[Unit] -+Description=3DSimple Network Management Protocol (SNMP) Trap daemon. -+After=3Dsyslog.target network.target -+ -+[Service] -+# Type=3Dnotify is also supported. It should be set when snmptrapd.socket i= s not -+# used. -+Type=3Dsimple -+ExecStart=3D/usr/sbin/snmptrapd -f -+ -+[Install] -+WantedBy=3Dmulti-user.target -diff -up net-snmp-5.7.3/dist/snmptrapd.socket.MPGqYh net-snmp-5.7.3/dist/snm= ptrapd.socket ---- net-snmp-5.7.3/dist/snmptrapd.socket.MPGqYh 2015-02-17 13:34:05.74522184= 4 +0100 -+++ net-snmp-5.7.3/dist/snmptrapd.socket 2015-02-17 13:34:05.745221844 +0100 -@@ -0,0 +1,14 @@ -+[Unit] -+Description=3DSocket listening for SNMP trap messages -+ -+[Socket] -+ListenDatagram=3D0.0.0.0:162 -+# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. -+# It must match listening addresses/ports defined in snmptrapd.service -+# or snmptrapd.conf. -+# ListenStream=3D0.0.0.0:162 -+# ListenDatagram=3D[::]:162 -+# ListenStream=3D[::]:162 -+ -+[Install] -+WantedBy=3Dsockets.target -diff -up net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h.MPGqYh net-snmp= -5.7.3/include/net-snmp/library/sd-daemon.h ---- net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h.MPGqYh 2015-02-17 13= :34:05.746221843 +0100 -+++ net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h 2015-02-17 13:34:05.= 746221843 +0100 -@@ -0,0 +1,286 @@ -+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ -+ -+#ifndef SNMPD_SD_DAEMON_H -+#define SNMPD_SD_DAEMON_H -+ -+/*** -+ Copyright 2010 Lennart Poettering -+ -+ Permission is hereby granted, free of charge, to any person -+ obtaining a copy of this software and associated documentation files -+ (the "Software"), to deal in the Software without restriction, -+ including without limitation the rights to use, copy, modify, merge, -+ publish, distribute, sublicense, and/or sell copies of the Software, -+ and to permit persons to whom the Software is furnished to do so, -+ subject to the following conditions: -+ -+ The above copyright notice and this permission notice shall be -+ included in all copies or substantial portions of the Software. -+ -+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -+ SOFTWARE. -+***/ -+ -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* -+ Reference implementation of a few systemd related interfaces for -+ writing daemons. These interfaces are trivial to implement. To -+ simplify porting we provide this reference implementation. -+ Applications are welcome to reimplement the algorithms described -+ here if they do not want to include these two source files. -+ -+ The following functionality is provided: -+ -+ - Support for logging with log levels on stderr -+ - File descriptor passing for socket-based activation -+ - Daemon startup and status notification -+ - Detection of systemd boots -+ -+ You may compile this with -DDISABLE_SYSTEMD to disable systemd -+ support. This makes all those calls NOPs that are directly related to -+ systemd (i.e. only sd_is_xxx() will stay useful). -+ -+ Since this is drop-in code we don't want any of our symbols to be -+ exported in any case. Hence we declare hidden visibility for all of -+ them. -+ -+ You may find an up-to-date version of these source files online: -+ -+ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h -+ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c -+ -+ This should compile on non-Linux systems, too, but with the -+ exception of the sd_is_xxx() calls all functions will become NOPs. -+ -+ See sd-daemon(7) for more information. -+*/ -+ -+#ifndef _sd_printf_attr_ -+#if __GNUC__ >=3D 4 -+#define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b))) -+#else -+#define _sd_printf_attr_(a,b) -+#endif -+#endif -+ -+/* -+ Log levels for usage on stderr: -+ -+ fprintf(stderr, SD_NOTICE "Hello World!\n"); -+ -+ This is similar to printk() usage in the kernel. -+*/ -+#define SD_EMERG "<0>" /* system is unusable */ -+#define SD_ALERT "<1>" /* action must be taken immediately */ -+#define SD_CRIT "<2>" /* critical conditions */ -+#define SD_ERR "<3>" /* error conditions */ -+#define SD_WARNING "<4>" /* warning conditions */ -+#define SD_NOTICE "<5>" /* normal but significant condition */ -+#define SD_INFO "<6>" /* informational */ -+#define SD_DEBUG "<7>" /* debug-level messages */ -+ -+/* The first passed file descriptor is fd 3 */ -+#define SD_LISTEN_FDS_START 3 -+ -+/* -+ Returns how many file descriptors have been passed, or a negative -+ errno code on failure. Optionally, removes the $LISTEN_FDS and -+ $LISTEN_PID file descriptors from the environment (recommended, but -+ problematic in threaded environments). If r is the return value of -+ this function you'll find the file descriptors passed as fds -+ SD_LISTEN_FDS_START to SD_LISTEN_FDS_START+r-1. Returns a negative -+ errno style error code on failure. This function call ensures that -+ the FD_CLOEXEC flag is set for the passed file descriptors, to make -+ sure they are not passed on to child processes. If FD_CLOEXEC shall -+ not be set, the caller needs to unset it after this call for all file -+ descriptors that are used. -+ -+ See sd_listen_fds(3) for more information. -+*/ -+int netsnmp_sd_listen_fds(int unset_environment); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is a FIFO in the file system stored under the -+ specified path, 0 otherwise. If path is NULL a path name check will -+ not be done and the call only verifies if the file descriptor -+ refers to a FIFO. Returns a negative errno style error code on -+ failure. -+ -+ See sd_is_fifo(3) for more information. -+*/ -+int netsnmp_sd_is_fifo(int fd, const char *path); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is a special character device on the file -+ system stored under the specified path, 0 otherwise. -+ If path is NULL a path name check will not be done and the call -+ only verifies if the file descriptor refers to a special character. -+ Returns a negative errno style error code on failure. -+ -+ See sd_is_special(3) for more information. -+*/ -+int netsnmp_sd_is_special(int fd, const char *path); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is a socket of the specified family (AF_INET, -+ ...) and type (SOCK_DGRAM, SOCK_STREAM, ...), 0 otherwise. If -+ family is 0 a socket family check will not be done. If type is 0 a -+ socket type check will not be done and the call only verifies if -+ the file descriptor refers to a socket. If listening is > 0 it is -+ verified that the socket is in listening mode. (i.e. listen() has -+ been called) If listening is =3D=3D 0 it is verified that the socket is -+ not in listening mode. If listening is < 0 no listening mode check -+ is done. Returns a negative errno style error code on failure. -+ -+ See sd_is_socket(3) for more information. -+*/ -+int netsnmp_sd_is_socket(int fd, int family, int type, int listening); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is an Internet socket, of the specified family -+ (either AF_INET or AF_INET6) and the specified type (SOCK_DGRAM, -+ SOCK_STREAM, ...), 0 otherwise. If version is 0 a protocol version -+ check is not done. If type is 0 a socket type check will not be -+ done. If port is 0 a socket port check will not be done. The -+ listening flag is used the same way as in sd_is_socket(). Returns a -+ negative errno style error code on failure. -+ -+ See sd_is_socket_inet(3) for more information. -+*/ -+int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, = uint16_t port); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is an AF_UNIX socket of the specified type -+ (SOCK_DGRAM, SOCK_STREAM, ...) and path, 0 otherwise. If type is 0 -+ a socket type check will not be done. If path is NULL a socket path -+ check will not be done. For normal AF_UNIX sockets set length to -+ 0. For abstract namespace sockets set length to the length of the -+ socket name (including the initial 0 byte), and pass the full -+ socket path in path (including the initial 0 byte). The listening -+ flag is used the same way as in sd_is_socket(). Returns a negative -+ errno style error code on failure. -+ -+ See sd_is_socket_unix(3) for more information. -+*/ -+int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *= path, size_t length); -+ -+/* -+ Informs systemd about changed daemon state. This takes a number of -+ newline separated environment-style variable assignments in a -+ string. The following variables are known: -+ -+ READY=3D1 Tells systemd that daemon startup is finished (only -+ relevant for services of Type=3Dnotify). The passed -+ argument is a boolean "1" or "0". Since there is -+ little value in signaling non-readiness the only -+ value daemons should send is "READY=3D1". -+ -+ STATUS=3D... Passes a single-line status string back to systemd -+ that describes the daemon state. This is free-from -+ and can be used for various purposes: general state -+ feedback, fsck-like programs could pass completion -+ percentages and failing programs could pass a human -+ readable error message. Example: "STATUS=3DCompleted -+ 66% of file system check..." -+ -+ ERRNO=3D... If a daemon fails, the errno-style error code, -+ formatted as string. Example: "ERRNO=3D2" for ENOENT. -+ -+ BUSERROR=3D... If a daemon fails, the D-Bus error-style error -+ code. Example: "BUSERROR=3Dorg.freedesktop.DBus.Error.Tim= edOut" -+ -+ MAINPID=3D... The main pid of a daemon, in case systemd did not -+ fork off the process itself. Example: "MAINPID=3D4711" -+ -+ Daemons can choose to send additional variables. However, it is -+ recommended to prefix variable names not listed above with X_. -+ -+ Returns a negative errno-style error code on failure. Returns > 0 -+ if systemd could be notified, 0 if it couldn't possibly because -+ systemd is not running. -+ -+ Example: When a daemon finished starting up, it could issue this -+ call to notify systemd about it: -+ -+ sd_notify(0, "READY=3D1"); -+ -+ See sd_notifyf() for more complete examples. -+ -+ See sd_notify(3) for more information. -+*/ -+int netsnmp_sd_notify(int unset_environment, const char *state); -+ -+/* -+ Similar to sd_notify() but takes a format string. -+ -+ Example 1: A daemon could send the following after initialization: -+ -+ sd_notifyf(0, "READY=3D1\n" -+ "STATUS=3DProcessing requests...\n" -+ "MAINPID=3D%lu", -+ (unsigned long) getpid()); -+ -+ Example 2: A daemon could send the following shortly before -+ exiting, on failure: -+ -+ sd_notifyf(0, "STATUS=3DFailed to start up: %s\n" -+ "ERRNO=3D%i", -+ strerror(errno), -+ errno); -+ -+ See sd_notifyf(3) for more information. -+*/ -+int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) _sd_= printf_attr_(2,3); -+ -+/* -+ Returns > 0 if the system was booted with systemd. Returns < 0 on -+ error. Returns 0 if the system was not booted with systemd. Note -+ that all of the functions above handle non-systemd boots just -+ fine. You should NOT protect them with a call to this function. Also -+ note that this function checks whether the system, not the user -+ session is controlled by systemd. However the functions above work -+ for both user and system services. -+ -+ See sd_booted(3) for more information. -+*/ -+int netsnmp_sd_booted(void); -+ -+/** -+ * Find an socket with given parameters. See man sd_is_socket_inet for -+ * description of the arguments. -+ * -+ * Returns the file descriptor if it is found, 0 otherwise. -+ */ -+int netsnmp_sd_find_inet_socket(int family, int type, int listening, int po= rt); -+ -+/** -+ * Find an unix socket with given parameters. See man sd_is_socket_unix for -+ * description of the arguments. -+ * -+ * Returns the file descriptor if it is found, 0 otherwise. -+ */ -+int -+netsnmp_sd_find_unix_socket(int type, int listening, const char *path); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SNMPD_SD_DAEMON_H */ -diff -up net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in.MPGqYh net-snm= p-5.7.3/include/net-snmp/net-snmp-config.h.in ---- net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in.MPGqYh 2014-12-08 2= 1:23:22.000000000 +0100 -+++ net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in 2015-02-17 13:34:05= .746221843 +0100 -@@ -1410,6 +1410,9 @@ - /* If you don't have root access don't exit upon kmem errors */ - #undef NETSNMP_NO_ROOT_ACCESS -=20 -+/* If you don't want to integrate with systemd. */ -+#undef NETSNMP_NO_SYSTEMD -+ - /* Define if you want to remove all SET/write access from the code */ - #undef NETSNMP_NO_WRITE_SUPPORT -=20 -diff -up net-snmp-5.7.3/README.systemd.MPGqYh net-snmp-5.7.3/README.systemd ---- net-snmp-5.7.3/README.systemd.MPGqYh 2015-02-17 13:34:05.747221843 +0100 -+++ net-snmp-5.7.3/README.systemd 2015-02-17 13:34:05.747221843 +0100 -@@ -0,0 +1,41 @@ -+README.systemd -+-------------- -+Net-SNMP provides two daemons, which support systemd system manager.=20 -+See http://www.freedesktop.org/wiki/Software/systemd to learn how -+systemd works. Both socket activation and notification is supported by these -+daemons. -+ -+To enable systemd support, the sources must be compiled with -+--with-systemd configure option. -+ -+snmpd - The SNMP agent -+---------------------- -+Socket activation od snmpd daemon is implemented, but it's discouraged. -+The reason is simple - snmpd not only listens and processes SNMP requests -+from network, but also gathers system statistics counters, sends traps and -+communicates with subagents. It even opens few netlink sockets. -+ -+In other words, snmpd should run from system start to properly work. -+This can be done in two ways: -+1) either as snmpd service unit with 'Type=3Dnotification' and without a so= cket -+ unit -+2) or as snmpd service unit with 'Type=3Dsimple', appropriate socket socket= unit -+ and the snmpd service enabled. This way systemd creates the snmpd listen= ing -+ socket early during boot and passes the sockets to snmpd slightly later -+ (but still during machine boot). This way systemd can paralelize start of -+ services, which depend on snmpd. Admins must adjust the socket file manu= ally, -+ depending if the snmpd support AgentX, IPv6, SMUX etc. -+ -+snmpd should be started with '-f' command line parameter to disable forking= - -+systemd does that for us automatically. -+ -+ -+snmptrapd - The trap processing daemon -+-------------------------------------- -+snmptrapd supports full socket activation and also notification (if needed). -+Both 'Type=3Dsimple' (with appropriate socket unit) and 'Type=3Dnotify' ser= vices -+will work. Again, '-f' parameter should be provided on snmptrapd command li= ne. -+ -+If integration with SNMP agent using AgentX protocol is enabled, snmptrapd = should -+start during boot and not after first SNMP trap arrives. Same rules as for = snmpd -+applies then. -\ No newline at end of file -diff -up net-snmp-5.7.3/snmplib/sd-daemon.c.MPGqYh net-snmp-5.7.3/snmplib/sd= -daemon.c ---- net-snmp-5.7.3/snmplib/sd-daemon.c.MPGqYh 2015-02-17 13:34:05.747221843 = +0100 -+++ net-snmp-5.7.3/snmplib/sd-daemon.c 2015-02-17 13:34:05.747221843 +0100 -@@ -0,0 +1,532 @@ -+/* -+ * Systemd integration parts. -+ * -+ * Most of this file is directly copied from systemd sources. -+ * Changes: -+ * - all functions were renamed to have netsnmp_ prefix -+ * - includes were changed to match Net-SNMP style. -+ * - removed gcc export macros -+ * - removed POSIX message queues -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#ifndef NETSNMP_NO_SYSTEMD -+ -+/*** -+ Copyright 2010 Lennart Poettering -+ -+ Permission is hereby granted, free of charge, to any person -+ obtaining a copy of this software and associated documentation files -+ (the "Software"), to deal in the Software without restriction, -+ including without limitation the rights to use, copy, modify, merge, -+ publish, distribute, sublicense, and/or sell copies of the Software, -+ and to permit persons to whom the Software is furnished to do so, -+ subject to the following conditions: -+ -+ The above copyright notice and this permission notice shall be -+ included in all copies or substantial portions of the Software. -+ -+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -+ SOFTWARE. -+***/ -+ -+#ifndef _GNU_SOURCE -+#define _GNU_SOURCE -+#endif -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+ -+int netsnmp_sd_listen_fds(int unset_environment) { -+ -+ int r, fd; -+ const char *e; -+ char *p =3D NULL; -+ unsigned long l; -+ -+ if (!(e =3D getenv("LISTEN_PID"))) { -+ r =3D 0; -+ goto finish; -+ } -+ -+ errno =3D 0; -+ l =3D strtoul(e, &p, 10); -+ -+ if (errno !=3D 0) { -+ r =3D -errno; -+ goto finish; -+ } -+ -+ if (!p || *p || l <=3D 0) { -+ r =3D -EINVAL; -+ goto finish; -+ } -+ -+ /* Is this for us? */ -+ if (getpid() !=3D (pid_t) l) { -+ r =3D 0; -+ goto finish; -+ } -+ -+ if (!(e =3D getenv("LISTEN_FDS"))) { -+ r =3D 0; -+ goto finish; -+ } -+ -+ errno =3D 0; -+ l =3D strtoul(e, &p, 10); -+ -+ if (errno !=3D 0) { -+ r =3D -errno; -+ goto finish; -+ } -+ -+ if (!p || *p) { -+ r =3D -EINVAL; -+ goto finish; -+ } -+ -+ for (fd =3D SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l= ; fd ++) { -+ int flags; -+ -+ if ((flags =3D fcntl(fd, F_GETFD)) < 0) { -+ r =3D -errno; -+ goto finish; -+ } -+ -+ if (flags & FD_CLOEXEC) -+ continue; -+ -+ if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) { -+ r =3D -errno; -+ goto finish; -+ } -+ } -+ -+ r =3D (int) l; -+ -+finish: -+ if (unset_environment) { -+ unsetenv("LISTEN_PID"); -+ unsetenv("LISTEN_FDS"); -+ } -+ -+ return r; -+} -+ -+int netsnmp_sd_is_fifo(int fd, const char *path) { -+ struct stat st_fd; -+ -+ if (fd < 0) -+ return -EINVAL; -+ -+ memset(&st_fd, 0, sizeof(st_fd)); -+ if (fstat(fd, &st_fd) < 0) -+ return -errno; -+ -+ if (!S_ISFIFO(st_fd.st_mode)) -+ return 0; -+ -+ if (path) { -+ struct stat st_path; -+ -+ memset(&st_path, 0, sizeof(st_path)); -+ if (stat(path, &st_path) < 0) { -+ -+ if (errno =3D=3D ENOENT || errno =3D=3D ENOTDIR) -+ return 0; -+ -+ return -errno; -+ } -+ -+ return -+ st_path.st_dev =3D=3D st_fd.st_dev && -+ st_path.st_ino =3D=3D st_fd.st_ino; -+ } -+ -+ return 1; -+} -+ -+int netsnmp_sd_is_special(int fd, const char *path) { -+ struct stat st_fd; -+ -+ if (fd < 0) -+ return -EINVAL; -+ -+ if (fstat(fd, &st_fd) < 0) -+ return -errno; -+ -+ if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode)) -+ return 0; -+ -+ if (path) { -+ struct stat st_path; -+ -+ if (stat(path, &st_path) < 0) { -+ -+ if (errno =3D=3D ENOENT || errno =3D=3D ENOTDIR) -+ return 0; -+ -+ return -errno; -+ } -+ -+ if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode)) -+ return -+ st_path.st_dev =3D=3D st_fd.st_dev && -+ st_path.st_ino =3D=3D st_fd.st_ino; -+ else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode)) -+ return st_path.st_rdev =3D=3D st_fd.st_rdev; -+ else -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static int sd_is_socket_internal(int fd, int type, int listening) { -+ struct stat st_fd; -+ -+ if (fd < 0 || type < 0) -+ return -EINVAL; -+ -+ if (fstat(fd, &st_fd) < 0) -+ return -errno; -+ -+ if (!S_ISSOCK(st_fd.st_mode)) -+ return 0; -+ -+ if (type !=3D 0) { -+ int other_type =3D 0; -+ socklen_t l =3D sizeof(other_type); -+ -+ if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < = 0) -+ return -errno; -+ -+ if (l !=3D sizeof(other_type)) -+ return -EINVAL; -+ -+ if (other_type !=3D type) -+ return 0; -+ } -+ -+ if (listening >=3D 0) { -+ int accepting =3D 0; -+ socklen_t l =3D sizeof(accepting); -+ -+ if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &= l) < 0) -+ return -errno; -+ -+ if (l !=3D sizeof(accepting)) -+ return -EINVAL; -+ -+ if (!accepting !=3D !listening) -+ return 0; -+ } -+ -+ return 1; -+} -+ -+union sockaddr_union { -+ struct sockaddr sa; -+ struct sockaddr_in in4; -+ struct sockaddr_in6 in6; -+ struct sockaddr_un un; -+ struct sockaddr_storage storage; -+}; -+ -+int netsnmp_sd_is_socket(int fd, int family, int type, int listening) { -+ int r; -+ -+ if (family < 0) -+ return -EINVAL; -+ -+ if ((r =3D sd_is_socket_internal(fd, type, listening)) <=3D 0) -+ return r; -+ -+ if (family > 0) { -+ union sockaddr_union sockaddr; -+ socklen_t l; -+ -+ memset(&sockaddr, 0, sizeof(sockaddr)); -+ l =3D sizeof(sockaddr); -+ -+ if (getsockname(fd, &sockaddr.sa, &l) < 0) -+ return -errno; -+ -+ if (l < sizeof(sa_family_t)) -+ return -EINVAL; -+ -+ return sockaddr.sa.sa_family =3D=3D family; -+ } -+ -+ return 1; -+} -+ -+int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, = uint16_t port) { -+ union sockaddr_union sockaddr; -+ socklen_t l; -+ int r; -+ -+ if (family !=3D 0 && family !=3D AF_INET && family !=3D AF_INET6) -+ return -EINVAL; -+ -+ if ((r =3D sd_is_socket_internal(fd, type, listening)) <=3D 0) -+ return r; -+ -+ memset(&sockaddr, 0, sizeof(sockaddr)); -+ l =3D sizeof(sockaddr); -+ -+ if (getsockname(fd, &sockaddr.sa, &l) < 0) -+ return -errno; -+ -+ if (l < sizeof(sa_family_t)) -+ return -EINVAL; -+ -+ if (sockaddr.sa.sa_family !=3D AF_INET && -+ sockaddr.sa.sa_family !=3D AF_INET6) -+ return 0; -+ -+ if (family > 0) -+ if (sockaddr.sa.sa_family !=3D family) -+ return 0; -+ -+ if (port > 0) { -+ if (sockaddr.sa.sa_family =3D=3D AF_INET) { -+ if (l < sizeof(struct sockaddr_in)) -+ return -EINVAL; -+ -+ return htons(port) =3D=3D sockaddr.in4.sin_port; -+ } else { -+ if (l < sizeof(struct sockaddr_in6)) -+ return -EINVAL; -+ -+ return htons(port) =3D=3D sockaddr.in6.sin6_port; -+ } -+ } -+ -+ return 1; -+} -+ -+int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *= path, size_t length) { -+ union sockaddr_union sockaddr; -+ socklen_t l; -+ int r; -+ -+ if ((r =3D sd_is_socket_internal(fd, type, listening)) <=3D 0) -+ return r; -+ -+ memset(&sockaddr, 0, sizeof(sockaddr)); -+ l =3D sizeof(sockaddr); -+ -+ if (getsockname(fd, &sockaddr.sa, &l) < 0) -+ return -errno; -+ -+ if (l < sizeof(sa_family_t)) -+ return -EINVAL; -+ -+ if (sockaddr.sa.sa_family !=3D AF_UNIX) -+ return 0; -+ -+ if (path) { -+ if (length <=3D 0) -+ length =3D strlen(path); -+ -+ if (length <=3D 0) -+ /* Unnamed socket */ -+ return l =3D=3D offsetof(struct sockaddr_un, sun_pa= th); -+ -+ if (path[0]) -+ /* Normal path socket */ -+ return -+ (l >=3D offsetof(struct sockaddr_un, sun_pa= th) + length + 1) && -+ memcmp(path, sockaddr.un.sun_path, length+1= ) =3D=3D 0; -+ else -+ /* Abstract namespace socket */ -+ return -+ (l =3D=3D offsetof(struct sockaddr_un, sun_= path) + length) && -+ memcmp(path, sockaddr.un.sun_path, length) = =3D=3D 0; -+ } -+ -+ return 1; -+} -+ -+int netsnmp_sd_notify(int unset_environment, const char *state) { -+ int fd =3D -1, r; -+ struct msghdr msghdr; -+ struct iovec iovec; -+ union sockaddr_union sockaddr; -+ const char *e; -+ -+ if (!state) { -+ r =3D -EINVAL; -+ goto finish; -+ } -+ -+ if (!(e =3D getenv("NOTIFY_SOCKET"))) -+ return 0; -+ -+ /* Must be an abstract socket, or an absolute path */ -+ if ((e[0] !=3D '@' && e[0] !=3D '/') || e[1] =3D=3D 0) { -+ r =3D -EINVAL; -+ goto finish; -+ } -+ -+ if ((fd =3D socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) { -+ r =3D -errno; -+ goto finish; -+ } -+ -+ memset(&sockaddr, 0, sizeof(sockaddr)); -+ sockaddr.sa.sa_family =3D AF_UNIX; -+ strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path)); -+ -+ if (sockaddr.un.sun_path[0] =3D=3D '@') -+ sockaddr.un.sun_path[0] =3D 0; -+ -+ memset(&iovec, 0, sizeof(iovec)); -+ iovec.iov_base =3D (char *)state; -+ iovec.iov_len =3D strlen(state); -+ -+ memset(&msghdr, 0, sizeof(msghdr)); -+ msghdr.msg_name =3D &sockaddr; -+ msghdr.msg_namelen =3D offsetof(struct sockaddr_un, sun_path) + str= len(e); -+ -+ if (msghdr.msg_namelen > sizeof(struct sockaddr_un)) -+ msghdr.msg_namelen =3D sizeof(struct sockaddr_un); -+ -+ msghdr.msg_iov =3D &iovec; -+ msghdr.msg_iovlen =3D 1; -+ -+ if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) { -+ r =3D -errno; -+ goto finish; -+ } -+ -+ r =3D 1; -+ -+finish: -+ if (unset_environment) -+ unsetenv("NOTIFY_SOCKET"); -+ -+ if (fd >=3D 0) -+ close(fd); -+ -+ return r; -+} -+ -+int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) { -+ va_list ap; -+ char *p =3D NULL; -+ int r; -+ -+ va_start(ap, format); -+ r =3D vasprintf(&p, format, ap); -+ va_end(ap); -+ -+ if (r < 0 || !p) -+ return -ENOMEM; -+ -+ r =3D netsnmp_sd_notify(unset_environment, p); -+ free(p); -+ -+ return r; -+} -+ -+int netsnmp_sd_booted(void) { -+ struct stat a, b; -+ -+ /* We simply test whether the systemd cgroup hierarchy is -+ * mounted */ -+ -+ if (lstat("/sys/fs/cgroup", &a) < 0) -+ return 0; -+ -+ if (lstat("/sys/fs/cgroup/systemd", &b) < 0) -+ return 0; -+ -+ return a.st_dev !=3D b.st_dev; -+} -+ -+/* End of original sd-daemon.c from systemd sources */ -+ -+int -+netsnmp_sd_find_inet_socket(int family, int type, int listening, int port) -+{ -+ int count, fd; -+ -+ count =3D netsnmp_sd_listen_fds(0); -+ if (count <=3D 0) { -+ DEBUGMSGTL(("systemd:find_inet_socket", "No LISTEN_FDS found.\n")); -+ return 0; -+ } -+ DEBUGMSGTL(("systemd:find_inet_socket", "LISTEN_FDS reports %d sockets.= \n", -+ count)); -+ -+ for (fd =3D 3; fd < 3+count; fd++) { -+ int rc =3D netsnmp_sd_is_socket_inet(fd, family, type, listening, p= ort); -+ if (rc < 0) -+ DEBUGMSGTL(("systemd:find_inet_socket", -+ "sd_is_socket_inet error: %d\n", rc)); -+ if (rc > 0) { -+ DEBUGMSGTL(("systemd:find_inet_socket", -+ "Found the socket in LISTEN_FDS\n")); -+ return fd; -+ } -+ } -+ DEBUGMSGTL(("systemd:find_inet_socket", "Socket not found in LISTEN_FDS= \n")); -+ return 0; -+} -+ -+int -+netsnmp_sd_find_unix_socket(int type, int listening, const char *path) -+{ -+ int count, fd; -+ -+ count =3D netsnmp_sd_listen_fds(0); -+ if (count <=3D 0) { -+ DEBUGMSGTL(("systemd:find_unix_socket", "No LISTEN_FDS found.\n")); -+ return 0; -+ } -+ DEBUGMSGTL(("systemd:find_unix_socket", "LISTEN_FDS reports %d sockets.= \n", -+ count)); -+ -+ for (fd =3D 3; fd < 3+count; fd++) { -+ int rc =3D netsnmp_sd_is_socket_unix(fd, type, listening, path, 0); -+ if (rc < 0) -+ DEBUGMSGTL(("systemd:find_unix_socket", -+ "netsnmp_sd_is_socket_unix error: %d\n", rc)); -+ if (rc > 0) { -+ DEBUGMSGTL(("systemd:find_unix_socket", -+ "Found the socket in LISTEN_FDS\n")); -+ return fd; -+ } -+ } -+ DEBUGMSGTL(("systemd:find_unix_socket", "Socket not found in LISTEN_FDS= \n")); -+ return 0; -+} -+ -+#endif /* ! NETSNMP_NO_SYSTEMD */ -diff -up net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c.MPGqYh net-snmp-5= .7.3/snmplib/transports/snmpTCPDomain.c ---- net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c.MPGqYh 2014-12-08 21:2= 3:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c 2015-02-17 13:34:05.74= 8221842 +0100 -@@ -43,6 +43,10 @@ - #include - #include -=20 -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - /* - * needs to be in sync with the definitions in snmplib/snmpUDPDomain.c - * and perl/agent/agent.xs -@@ -149,6 +153,7 @@ netsnmp_tcp_transport(struct sockaddr_in - netsnmp_transport *t =3D NULL; - netsnmp_udp_addr_pair *addr_pair =3D NULL; - int rc =3D 0; -+ int socket_initialized =3D 0; -=20 - #ifdef NETSNMP_NO_LISTEN_SUPPORT - if (local) -@@ -178,7 +183,19 @@ netsnmp_tcp_transport(struct sockaddr_in - t->domain_length =3D - sizeof(netsnmp_snmpTCPDomain) / sizeof(netsnmp_snmpTCPDomain[0]); -=20 -- t->sock =3D socket(PF_INET, SOCK_STREAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock =3D netsnmp_sd_find_inet_socket(PF_INET, SOCK_STREAM, 1, -+ ntohs(addr->sin_port)); -+ if (t->sock) -+ socket_initialized =3D 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock =3D socket(PF_INET, SOCK_STREAM, 0); - if (t->sock < 0) { - netsnmp_transport_free(t); - return NULL; -@@ -215,11 +232,13 @@ netsnmp_tcp_transport(struct sockaddr_in - setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, - sizeof(opt)); -=20 -- rc =3D bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockadd= r)); -- if (rc !=3D 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc =3D bind(t->sock, (struct sockaddr *)addr, sizeof(struct soc= kaddr)); -+ if (rc !=3D 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } -=20 - /* -@@ -235,12 +254,13 @@ netsnmp_tcp_transport(struct sockaddr_in - /* - * Now sit here and wait for connections to arrive. =20 - */ -- -- rc =3D listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -- if (rc !=3D 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc =3D listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -+ if (rc !=3D 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - =20 - /* -diff -up net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c.MPGqYh net-sn= mp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c ---- net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c.MPGqYh 2014-12-08 = 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c 2015-02-17 13:34:0= 5.748221842 +0100 -@@ -49,6 +49,10 @@ - #include - #include -=20 -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - #include "inet_ntop.h" -=20 - oid netsnmp_TCPIPv6Domain[] =3D { TRANSPORT_DOMAIN_TCP_IPV6 }; -@@ -140,6 +144,7 @@ netsnmp_tcp6_transport(struct sockaddr_i - { - netsnmp_transport *t =3D NULL; - int rc =3D 0; -+ int socket_initialized =3D 0; -=20 - #ifdef NETSNMP_NO_LISTEN_SUPPORT - if (local) -@@ -174,7 +179,19 @@ netsnmp_tcp6_transport(struct sockaddr_i - t->domain =3D netsnmp_TCPIPv6Domain; - t->domain_length =3D sizeof(netsnmp_TCPIPv6Domain) / sizeof(oid); -=20 -- t->sock =3D socket(PF_INET6, SOCK_STREAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock =3D netsnmp_sd_find_inet_socket(PF_INET6, SOCK_STREAM, 1, -+ ntohs(addr->sin6_port)); -+ if (t->sock) -+ socket_initialized =3D 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock =3D socket(PF_INET6, SOCK_STREAM, 0); - if (t->sock < 0) { - netsnmp_transport_free(t); - return NULL; -@@ -220,12 +237,14 @@ netsnmp_tcp6_transport(struct sockaddr_i -=20 - setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, sizeof(= opt)); -=20 -- rc =3D bind(t->sock, (struct sockaddr *) addr, -- sizeof(struct sockaddr_in6)); -- if (rc !=3D 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc =3D bind(t->sock, (struct sockaddr *) addr, -+ sizeof(struct sockaddr_in6)); -+ if (rc !=3D 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } -=20 - /* -@@ -242,11 +261,13 @@ netsnmp_tcp6_transport(struct sockaddr_i - * Now sit here and wait for connections to arrive. =20 - */ -=20 -- rc =3D listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -- if (rc !=3D 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc =3D listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -+ if (rc !=3D 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - =20 - /* -diff -up net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c.MPGqYh ne= t-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c ---- net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c.MPGqYh 2014-12= -08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c 2015-02-17 13:= 36:22.744123462 +0100 -@@ -40,6 +40,10 @@ -=20 - #include -=20 -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - #if defined(HAVE_IP_PKTINFO) || defined(HAVE_IP_RECVDSTADDR) - int netsnmp_udpipv4_recvfrom(int s, void *buf, int len, struct sockaddr *fr= om, - socklen_t *fromlen, struct sockaddr *dstip, -@@ -64,6 +68,7 @@ netsnmp_udpipv4base_transport(struct soc - char *client_socket =3D NULL; - netsnmp_indexed_addr_pair addr_pair; - socklen_t local_addr_len; -+ int socket_initialized =3D 0; -=20 - #ifdef NETSNMP_NO_LISTEN_SUPPORT - if (local) -@@ -88,7 +93,20 @@ netsnmp_udpipv4base_transport(struct soc - free(str); - } -=20 -- t->sock =3D socket(PF_INET, SOCK_DGRAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock =3D netsnmp_sd_find_inet_socket(PF_INET, SOCK_DGRAM, -1, -+ ntohs(addr->sin_port)); -+ if (t->sock) -+ socket_initialized =3D 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock =3D socket(PF_INET, SOCK_DGRAM, 0); -+ - DEBUGMSGTL(("UDPBase", "openned socket %d as local=3D%d\n", t->sock, lo= cal));=20 - if (t->sock < 0) { - netsnmp_transport_free(t); -@@ -151,12 +169,14 @@ netsnmp_udpipv4base_transport(struct soc - } - } - #endif /* !defined(WIN32) */ -- rc =3D bind(t->sock, (struct sockaddr *) addr, -- sizeof(struct sockaddr)); -- if (rc !=3D 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc =3D bind(t->sock, (struct sockaddr *) addr, -+ sizeof(struct sockaddr)); -+ if (rc !=3D 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - t->data =3D NULL; - t->data_length =3D 0; -diff -up net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c.MPGqYh net-sn= mp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c ---- net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c.MPGqYh 2014-12-08 = 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c 2015-02-17 13:37:1= 6.256087147 +0100 -@@ -67,6 +67,10 @@ static const struct in6_addr in6addr_any - #include - #include -=20 -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - #include "inet_ntop.h" - #include "inet_pton.h" -=20 -@@ -190,6 +194,7 @@ netsnmp_udp6_transport(struct sockaddr_i - { - netsnmp_transport *t =3D NULL; - int rc =3D 0; -+ int socket_initialized =3D 0; -=20 - #ifdef NETSNMP_NO_LISTEN_SUPPORT - if (local) -@@ -217,7 +222,19 @@ netsnmp_udp6_transport(struct sockaddr_i - t->domain_length =3D - sizeof(netsnmp_UDPIPv6Domain) / sizeof(netsnmp_UDPIPv6Domain[0]); -=20 -- t->sock =3D socket(PF_INET6, SOCK_DGRAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock =3D netsnmp_sd_find_inet_socket(PF_INET6, SOCK_DGRAM, -1, -+ ntohs(addr->sin6_port)); -+ if (t->sock) -+ socket_initialized =3D 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock =3D socket(PF_INET6, SOCK_DGRAM, 0); - if (t->sock < 0) { - netsnmp_transport_free(t); - return NULL; -@@ -242,13 +259,14 @@ netsnmp_udp6_transport(struct sockaddr_i - }=20 - } - #endif -- -- rc =3D bind(t->sock, (struct sockaddr *) addr, -- sizeof(struct sockaddr_in6)); -- if (rc !=3D 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc =3D bind(t->sock, (struct sockaddr *) addr, -+ sizeof(struct sockaddr_in6)); -+ if (rc !=3D 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - t->local =3D (unsigned char*)malloc(18); - if (t->local =3D=3D NULL) { -diff -up net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c.MPGqYh net-snmp-= 5.7.3/snmplib/transports/snmpUnixDomain.c ---- net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c.MPGqYh 2014-12-08 21:= 23:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c 2015-02-17 13:34:05.7= 49221841 +0100 -@@ -37,6 +37,10 @@ - #include /* mkdirhier */ - #include -=20 -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - netsnmp_feature_child_of(transport_unix_socket_all, transport_all) - netsnmp_feature_child_of(unix_socket_paths, transport_unix_socket_all) -=20 -@@ -295,6 +299,7 @@ netsnmp_unix_transport(struct sockaddr_u - netsnmp_transport *t =3D NULL; - sockaddr_un_pair *sup =3D NULL; - int rc =3D 0; -+ int socket_initialized =3D 0; -=20 - #ifdef NETSNMP_NO_LISTEN_SUPPORT - /* SPECIAL CIRCUMSTANCE: We still want AgentX to be able to operate, -@@ -333,7 +338,18 @@ netsnmp_unix_transport(struct sockaddr_u - t->data_length =3D sizeof(sockaddr_un_pair); - sup =3D (sockaddr_un_pair *) t->data; -=20 -- t->sock =3D socket(PF_UNIX, SOCK_STREAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock =3D netsnmp_sd_find_unix_socket(SOCK_STREAM, 1, addr->sun_p= ath); -+ if (t->sock) -+ socket_initialized =3D 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock =3D socket(PF_UNIX, SOCK_STREAM, 0); - if (t->sock < 0) { - netsnmp_transport_free(t); - return NULL; -@@ -357,25 +373,26 @@ netsnmp_unix_transport(struct sockaddr_u -=20 - t->flags |=3D NETSNMP_TRANSPORT_FLAG_LISTEN; -=20 -- unlink(addr->sun_path); -- rc =3D bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); -- -- if (rc !=3D 0 && errno =3D=3D ENOENT && create_path) { -- rc =3D mkdirhier(addr->sun_path, create_mode, 1); -+ if (!socket_initialized) { -+ unlink(addr->sun_path); -+ rc =3D bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); -+ if (rc !=3D 0 && errno =3D=3D ENOENT && create_path) { -+ rc =3D mkdirhier(addr->sun_path, create_mode, 1); -+ if (rc !=3D 0) { -+ netsnmp_unix_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } -+ rc =3D bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr= )); -+ } - if (rc !=3D 0) { -+ DEBUGMSGTL(("netsnmp_unix_transport", -+ "couldn't bind \"%s\", errno %d (%s)\n", -+ addr->sun_path, errno, strerror(errno))); - netsnmp_unix_close(t); - netsnmp_transport_free(t); - return NULL; - } -- rc =3D bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); -- } -- if (rc !=3D 0) { -- DEBUGMSGTL(("netsnmp_unix_transport", -- "couldn't bind \"%s\", errno %d (%s)\n", -- addr->sun_path, errno, strerror(errno))); -- netsnmp_unix_close(t); -- netsnmp_transport_free(t); -- return NULL; - } -=20 - /* -@@ -391,16 +408,17 @@ netsnmp_unix_transport(struct sockaddr_u - * Now sit here and listen for connections to arrive. - */ -=20 -- rc =3D listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -- if (rc !=3D 0) { -- DEBUGMSGTL(("netsnmp_unix_transport", -- "couldn't listen to \"%s\", errno %d (%s)\n", -- addr->sun_path, errno, strerror(errno))); -- netsnmp_unix_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc =3D listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -+ if (rc !=3D 0) { -+ DEBUGMSGTL(("netsnmp_unix_transport", -+ "couldn't listen to \"%s\", errno %d (%s)\n", -+ addr->sun_path, errno, strerror(errno))); -+ netsnmp_unix_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } -- - } else { - t->remote =3D (u_char *)malloc(strlen(addr->sun_path)); - if (t->remote =3D=3D NULL) { diff --git a/net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch b/net-snmp/pa= tches/net-snmp-5.7.3-iterator-fix.patch new file mode 100644 index 000000000..fb34caff7 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch @@ -0,0 +1,14 @@ +diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/ho= st/data_access/swrun.c +--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.62610952= 6 +0200 ++++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.45225583= 6 +0200 +@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam + return 0; /* or -1 */ +=20 + it =3D CONTAINER_ITERATOR( swrun_container ); ++ if((entry =3D (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) !=3D NULL) { ++ if (0 =3D=3D strcmp( entry->hrSWRunName, name )) ++ i++; ++ } + while ((entry =3D (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) !=3D NULL)= { + if (0 =3D=3D strcmp( entry->hrSWRunName, name )) + i++; diff --git a/net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch b/net-snm= p/patches/net-snmp-5.8-Remove-U64-typedef.patch new file mode 100644 index 000000000..75a2c6df1 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch @@ -0,0 +1,12 @@ +diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int= 64.h +--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200 ++++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200 +@@ -10,7 +10,7 @@ extern "C" { + * Note: using the U64 typedef is deprecated because this typedef confl= icts + * with a typedef with the same name defined in the Perl header files. + */ +- typedef struct counter64 U64; ++// typedef struct counter64 U64; + #endif +=20 + #define I64CHARSZ 21 diff --git a/net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch b/n= et-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch new file mode 100644 index 000000000..ef851b1ef --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch @@ -0,0 +1,35 @@ +diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c +--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100 ++++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100 +@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M + "No error", /* SNMPERR_SUCCESS */ + "Generic error", /* SNMPERR_GENERR */ + "Invalid local port", /* SNMPERR_BAD_LOCPORT */ +- "Unknown host", /* SNMPERR_BAD_ADDRESS */ ++ "Invalid address", /* SNMPERR_BAD_ADDRESS */ + "Unknown session", /* SNMPERR_BAD_SESSION */ + "Too long", /* SNMPERR_TOO_LONG */ + "No socket", /* SNMPERR_NO_SOCKET */ +@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session) + DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n")); + in_session->s_snmp_errno =3D SNMPERR_BAD_ADDRESS; + in_session->s_errno =3D errno; +- snmp_set_detail(in_session->peername); ++ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, ++ NETSNMP_DS_LIB_CLIENT_ADDR)) ++ snmp_set_detail(in_session->peername); + return NULL; + } +=20 +diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports= /snmpUDPIPv4BaseDomain.c +--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.9481067= 97 +0100 ++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.0297457= 44 +0100 +@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn + DEBUGMSGTL(("netsnmp_udpbase", + "failed to bind for clientaddr: %d %s\n", + errno, strerror(errno))); ++ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n", ++ strerror(errno))); + goto err; + } +=20 diff --git a/net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch b/net-sn= mp/patches/net-snmp-5.8-duplicate-ipAddress.patch new file mode 100644 index 000000000..075976a4e --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch @@ -0,0 +1,11 @@ +diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mi= bgroup/ip-mib/data_access/ipaddress_common.c +--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:= 03.213904398 +0200 ++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:= 41.025863050 +0200 +@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co + for (entry =3D ITERATOR_FIRST(it); entry; entry =3D ITERATOR_NEXT(it)) { + if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry)= =3D=3D 0) { + /* 'entry' is duplicate of the previous one -> delete it */ ++ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, som= e interfaces may not be visible in IP-MIB\n")); + netsnmp_access_ipaddress_entry_free(entry); + } else { + CONTAINER_INSERT(ret, entry); diff --git a/net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch b/net-= snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch new file mode 100644 index 000000000..db95998f0 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch @@ -0,0 +1,82 @@ +diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c +--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200 ++++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200 +@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr) + } +=20 + #elif defined(linux) ++#include + static struct ifreq *ifr; + static int ifr_counter; +=20 + static void + Address_Scan_Init(void) + { +- int num_interfaces =3D 0; ++ int i; + int fd; ++ int lastlen =3D 0; +=20 + /* get info about all interfaces */ +=20 +@@ -510,28 +512,45 @@ Address_Scan_Init(void) + SNMP_FREE(ifc.ifc_buf); + ifr_counter =3D 0; +=20 +- do +- { + if ((fd =3D socket(AF_INET, SOCK_DGRAM, 0)) < 0) + { + DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n")); + return; + } +- num_interfaces +=3D 16; +=20 +- ifc.ifc_len =3D sizeof(struct ifreq) * num_interfaces; +- ifc.ifc_buf =3D (char*) realloc(ifc.ifc_buf, ifc.ifc_len); +-=09 +- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) +- { +- ifr=3DNULL; +- close(fd); +- return; +- } +- close(fd); ++ /* ++ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF ++ * on some platforms; see W. R. Stevens, ``Unix Network Programming ++ * Volume I'', p.435... ++ */ ++ ++ for (i =3D 8;; i *=3D 2) { ++ ifc.ifc_len =3D sizeof(struct ifreq) * i; ++ ifc.ifc_req =3D calloc(i, sizeof(struct ifreq)); ++ ++ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) { ++ if (errno !=3D EINVAL || lastlen !=3D 0) { ++ /* ++ * Something has gone genuinely wrong... ++ */ ++ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno); ++ SNMP_FREE(ifc.ifc_buf); ++ close(fd); ++ return; ++ } ++ } else { ++ if (ifc.ifc_len =3D=3D lastlen) { ++ /* ++ * The length is the same as the last time; we're done... ++ */ ++ break; ++ } ++ lastlen =3D ifc.ifc_len; ++ } ++ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */ + } +- while (ifc.ifc_len >=3D (sizeof(struct ifreq) * num_interfaces)); +- =20 ++ ++ close(fd); + ifr =3D ifc.ifc_req; + } +=20 diff --git a/net-snmp/patches/net-snmp-5.8-man-page.patch b/net-snmp/patches/= net-snmp-5.8-man-page.patch new file mode 100644 index 000000000..dc78e14b6 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-man-page.patch @@ -0,0 +1,36 @@ +diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user= .1.def +--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200 ++++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200 +@@ -3,7 +3,7 @@ + net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration f= ile + .SH SYNOPSIS + .PP +-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES] ++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [= -x DES|AES] + .B [username] + .SH DESCRIPTION + .PP +@@ -16,13 +16,16 @@ new user in net-snmp configuration file + displays the net-snmp version number + .TP + \fB\-ro\fR +-create an user with read-only permissions ++creates a user with read-only permissions + .TP +-\fB\-a authpass\fR +-specify authentication password ++\fB\-A authpass\fR ++specifies the authentication password + .TP +-\fB\-x privpass\fR +-specify encryption password ++\fB\-a MD5|SHA\fR ++specifies the authentication password hashing algorithm + .TP +-\fB\-X DES|AES\fR +-specify encryption algorithm ++\fB\-X privpass\fR ++specifies the encryption password ++.TP ++\fB\-x DES|AES\fR ++specifies the encryption algorithm diff --git a/net-snmp/patches/net-snmp-5.9-aes-config.patch b/net-snmp/patche= s/net-snmp-5.9-aes-config.patch new file mode 100644 index 000000000..ceac97c78 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-aes-config.patch @@ -0,0 +1,18 @@ +diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in +index afd6fa4..07c26fe 100644 +--- a/net-snmp-create-v3-user.in ++++ b/net-snmp-create-v3-user.in +@@ -58,11 +58,11 @@ case $1 in + exit 1 + fi + case $1 in +- DES|AES|AES128) ++ DES|AES|AES128|AES192|AES256) + Xalgorithm=3D$1 + shift + ;; +- des|aes|aes128) ++ des|aes|aes128|aes192|aes256) + Xalgorithm=3D$(echo "$1" | tr a-z A-Z) + shift + ;; diff --git a/net-snmp/patches/net-snmp-5.9-autofs-skip.patch b/net-snmp/patch= es/net-snmp-5.9-autofs-skip.patch new file mode 100644 index 000000000..bd5c560c1 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-autofs-skip.patch @@ -0,0 +1,12 @@ +diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_files= ys.c +index e7ca92f..80b3e0d 100644 +--- a/agent/mibgroup/host/hr_filesys.c ++++ b/agent/mibgroup/host/hr_filesys.c +@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] =3D { + "shm", + "sockfs", + "sysfs", ++ "tmpfs", + "usbdevfs", + "usbfs", + #endif diff --git a/net-snmp/patches/net-snmp-5.9-coverity.patch b/net-snmp/patches/= net-snmp-5.9-coverity.patch new file mode 100644 index 000000000..fa3e0430d --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-coverity.patch @@ -0,0 +1,22 @@ +diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disma= n/event/mteTrigger.c +index e9a8831..5a1d8e7 100644 +--- a/agent/mibgroup/disman/event/mteTrigger.c ++++ b/agent/mibgroup/disman/event/mteTrigger.c +@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg) + * Similarly, if no fallEvent is configured, + * there's no point in trying to fire it either. + */ +- if (entry->mteTThRiseEvent[0] !=3D '\0' ) { ++ if (entry->mteTThFallEvent[0] !=3D '\0' ) { + entry->mteTriggerXOwner =3D entry->mteTThObjOwner; + entry->mteTriggerXObjects =3D entry->mteTThObjects; + entry->mteTriggerFired =3D vp1; +@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg) + * Similarly, if no fallEvent is configured, + * there's no point in trying to fire it either. + */ +- if (entry->mteTThDRiseEvent[0] !=3D '\0' ) { ++ if (entry->mteTThDFallEvent[0] !=3D '\0' ) { + entry->mteTriggerXOwner =3D entry->mteTThObjOwner; + entry->mteTriggerXObjects =3D entry->mteTThObjects; + entry->mteTriggerFired =3D vp1; diff --git a/net-snmp/patches/net-snmp-5.9-dir-fix.patch b/net-snmp/patches/n= et-snmp-5.9-dir-fix.patch new file mode 100644 index 000000000..f7311ca33 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-dir-fix.patch @@ -0,0 +1,30 @@ +diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in +index 19895a1..ac3c60f 100644 +--- a/net-snmp-create-v3-user.in ++++ b/net-snmp-create-v3-user.in +@@ -14,6 +14,10 @@ Xalgorithm=3D"DES" + token=3Drwuser +=20 + while test "x$done" =3D "x" -a "x$1" !=3D "x" -a "x$usage" !=3D "xyes"; do ++case "$1" in ++ -*=3D*) optarg=3D`echo "$1" | sed 's/[-_a-zA-Z0-9]*=3D//'` ;; ++ *) optarg=3D ;; ++esac +=20 + unset shifted + case $1 in +@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then + touch "$outfile" + fi + echo "$line" >> "$outfile" +-prefix=3D@prefix@ +-datarootdir=3D@datarootdir@ +-# To suppress shellcheck complaints about $prefix and $datarootdir. +-: "$prefix" "$datarootdir" +-outfile=3D"@datadir@/snmp/snmpd.conf" ++# Avoid that configure complains that this script ignores @datarootdir@ ++echo "@datarootdir@" >/dev/null ++outfile=3D"/etc/snmp/snmpd.conf" + line=3D"$token $user" + echo "adding the following line to $outfile:" + echo " $line" diff --git a/net-snmp/patches/net-snmp-5.9-intermediate-certs.patch b/net-snm= p/patches/net-snmp-5.9-intermediate-certs.patch new file mode 100644 index 000000000..6b5daf726 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-intermediate-certs.patch @@ -0,0 +1,855 @@ +diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library= /cert_util.h +index 80e2a19..143adbb 100644 +--- a/include/net-snmp/library/cert_util.h ++++ b/include/net-snmp/library/cert_util.h +@@ -55,7 +55,8 @@ extern "C" { + char *common_name; +=20 + u_char hash_type; +- u_char _pad[3]; /* for future use */ ++ u_char _pad[1]; /* for future use */ ++ u_short offset; + } netsnmp_cert; +=20 + /** types */ +@@ -100,6 +101,7 @@ extern "C" { +=20 + NETSNMP_IMPORT + netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint); ++ netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint); +=20 + int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var); +=20 +diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library= /dir_utils.h +index 471bb0b..ac7f69a 100644 +--- a/include/net-snmp/library/dir_utils.h ++++ b/include/net-snmp/library/dir_utils.h +@@ -53,7 +53,8 @@ extern "C" { + #define NETSNMP_DIR_NSFILE 0x0010 + /** load stats in netsnmp_file */ + #define NETSNMP_DIR_NSFILE_STATS 0x0020 +- ++/** allow files to be indexed more than once */ ++#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040 + =20 + =20 + #ifdef __cplusplus +diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c +index 210ad8b..b1f8144 100644 +--- a/snmplib/cert_util.c ++++ b/snmplib/cert_util.c +@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_uti= l_all); + * bump this value whenever cert index format changes, so indexes + * will be regenerated with new format. + */ +-#define CERT_INDEX_FORMAT 1 ++#define CERT_INDEX_FORMAT 2 +=20 + static netsnmp_container *_certs =3D NULL; + static netsnmp_container *_keys =3D NULL; +@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs, + netsnmp_cert_common *rhs); + static void _find_partner(netsnmp_cert *cert, netsnmp_key *key); + static netsnmp_cert *_find_issuer(netsnmp_cert *cert); ++static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *ma= tching); ++static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *mat= ching, int what); + static netsnmp_void_array *_cert_find_subset_fn(const char *filename, + const char *directory); + static netsnmp_void_array *_cert_find_subset_sn(const char *subject); +@@ -345,6 +347,8 @@ _get_cert_container(const char *use) + { + netsnmp_container *c; +=20 ++ int rc; ++ + c =3D netsnmp_container_find("certs:binary_array"); + if (NULL =3D=3D c) { + snmp_log(LOG_ERR, "could not create container for %s\n", use); +@@ -354,6 +358,8 @@ _get_cert_container(const char *use) + c->free_item =3D (netsnmp_container_obj_func*)_cert_free; + c->compare =3D (netsnmp_container_compare*)_cert_compare; +=20 ++ CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc); ++ + return c; + } +=20 +@@ -362,6 +368,8 @@ _setup_containers(void) + { + netsnmp_container *additional_keys; +=20 ++ int rc; ++ + _certs =3D _get_cert_container("netsnmp certificates"); + if (NULL =3D=3D _certs) + return; +@@ -376,6 +384,7 @@ _setup_containers(void) + additional_keys->container_name =3D strdup("certs_cn"); + additional_keys->free_item =3D NULL; + additional_keys->compare =3D (netsnmp_container_compare*)_cert_cn_compa= re; ++ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, = rc); + netsnmp_container_add_index(_certs, additional_keys); +=20 + /** additional keys: subject name */ +@@ -389,6 +398,7 @@ _setup_containers(void) + additional_keys->free_item =3D NULL; + additional_keys->compare =3D (netsnmp_container_compare*)_cert_sn_compa= re; + additional_keys->ncompare =3D (netsnmp_container_compare*)_cert_sn_ncom= pare; ++ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, = rc); + netsnmp_container_add_index(_certs, additional_keys); +=20 + /** additional keys: file name */ +@@ -402,6 +412,7 @@ _setup_containers(void) + additional_keys->free_item =3D NULL; + additional_keys->compare =3D (netsnmp_container_compare*)_cert_fn_compa= re; + additional_keys->ncompare =3D (netsnmp_container_compare*)_cert_fn_ncom= pare; ++ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, = rc); + netsnmp_container_add_index(_certs, additional_keys); +=20 + _keys =3D netsnmp_container_find("cert_keys:binary_array"); +@@ -424,7 +435,7 @@ netsnmp_cert_map_container(void) + } +=20 + static netsnmp_cert * +-_new_cert(const char *dirname, const char *filename, int certType, ++_new_cert(const char *dirname, const char *filename, int certType, int offs= et, + int hashType, const char *fingerprint, const char *common_name, + const char *subject) + { +@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, in= t certType, +=20 + cert->info.dir =3D strdup(dirname); + cert->info.filename =3D strdup(filename); +- cert->info.allowed_uses =3D NS_CERT_REMOTE_PEER; ++ /* only the first certificate is allowed to be a remote peer */ ++ cert->info.allowed_uses =3D offset ? 0 : NS_CERT_REMOTE_PEER; + cert->info.type =3D certType; ++ cert->offset =3D offset; + if (fingerprint) { + cert->hash_type =3D hashType; + cert->fingerprint =3D strdup(fingerprint); +@@ -884,14 +897,86 @@ _certindex_new( const char *dirname ) + * certificate utility functions + * + */ ++static BIO * ++netsnmp_open_bio(const char *dir, const char *filename) ++{ ++ BIO *certbio; ++ char file[SNMP_MAXPATH]; ++ ++ DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename)); ++ ++ certbio =3D BIO_new(BIO_s_file()); ++ if (NULL =3D=3D certbio) { ++ snmp_log(LOG_ERR, "error creating BIO\n"); ++ return NULL; ++ } ++ ++ snprintf(file, sizeof(file),"%s/%s", dir, filename); ++ if (BIO_read_filename(certbio, file) <=3D0) { ++ snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", fi= le); ++ BIO_vfree(certbio); ++ return NULL; ++ } ++ ++ return certbio; ++} ++ ++static void ++netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert) ++{ ++ int is_ca; ++ ++ cert->ocert =3D ocert; ++ ++ /* ++ * X509_check_ca return codes: ++ * 0 not a CA ++ * 1 is a CA ++ * 2 basicConstraints absent so "maybe" a CA ++ * 3 basicConstraints absent but self signed V1. ++ * 4 basicConstraints absent but keyUsage present and keyCertSign asser= ted. ++ * 5 outdated Netscape Certificate Type CA extension. ++ */ ++ is_ca =3D X509_check_ca(ocert); ++ if (1 =3D=3D is_ca) ++ cert->info.allowed_uses |=3D NS_CERT_CA; ++ ++ if (NULL =3D=3D cert->subject) { ++ cert->subject =3D X509_NAME_oneline(X509_get_subject_name(ocert), N= ULL, ++ 0); ++ DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subjec= t)); ++ } ++ ++ if (NULL =3D=3D cert->issuer) { ++ cert->issuer =3D X509_NAME_oneline(X509_get_issuer_name(ocert), NUL= L, 0); ++ if (strcmp(cert->subject, cert->issuer) =3D=3D 0) { ++ free(cert->issuer); ++ cert->issuer =3D strdup("self-signed"); ++ } ++ DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer)); ++ } ++ ++ if (NULL =3D=3D cert->fingerprint) { ++ cert->hash_type =3D netsnmp_openssl_cert_get_hash_type(ocert); ++ cert->fingerprint =3D ++ netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type); ++ } ++ ++ if (NULL =3D=3D cert->common_name) { ++ cert->common_name =3Dnetsnmp_openssl_cert_get_commonName(ocert, NUL= L, ++ NULL); ++ DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name)); ++ } ++ ++} ++ + static X509 * + netsnmp_ocert_get(netsnmp_cert *cert) + { + BIO *certbio; + X509 *ocert =3D NULL; ++ X509 *ncert =3D NULL; + EVP_PKEY *okey =3D NULL; +- char file[SNMP_MAXPATH]; +- int is_ca; +=20 + if (NULL =3D=3D cert) + return NULL; +@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert) + } + } +=20 +- DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename)); +- +- certbio =3D BIO_new(BIO_s_file()); +- if (NULL =3D=3D certbio) { +- snmp_log(LOG_ERR, "error creating BIO\n"); +- return NULL; +- } +- +- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filenam= e); +- if (BIO_read_filename(certbio, file) <=3D0) { +- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file); +- BIO_vfree(certbio); ++ certbio =3D netsnmp_open_bio(cert->info.dir, cert->info.filename); ++ if (!certbio) { + return NULL; + } +=20 +- if (NS_CERT_TYPE_UNKNOWN =3D=3D cert->info.type) { +- char *pos =3D strrchr(cert->info.filename, '.'); +- if (NULL =3D=3D pos) +- return NULL; +- cert->info.type =3D _cert_ext_type(++pos); +- netsnmp_assert(cert->info.type !=3D NS_CERT_TYPE_UNKNOWN); +- } +- + switch (cert->info.type) { +=20 + case NS_CERT_TYPE_DER: ++ (void)BIO_seek(certbio, cert->offset); + ocert =3D d2i_X509_bio(certbio,NULL); /* DER/ASN1 */ + if (NULL !=3D ocert) + break; +- (void)BIO_reset(certbio); + /* Check for PEM if DER didn't work */ + /* FALLTHROUGH */ +=20 + case NS_CERT_TYPE_PEM: +- ocert =3D PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); ++ (void)BIO_seek(certbio, cert->offset); ++ ocert =3D ncert =3D PEM_read_bio_X509_AUX(certbio, NULL, NULL, = NULL); + if (NULL =3D=3D ocert) + break; + if (NS_CERT_TYPE_DER =3D=3D cert->info.type) { + DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"= )); + cert->info.type =3D NS_CERT_TYPE_PEM; + } +- /** check for private key too */ +- if (NULL =3D=3D cert->key) { +- (void)BIO_reset(certbio); +- okey =3D PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL= ); ++ /** check for private key too, but only if we're the first cert= ificate */ ++ if (0 =3D=3D cert->offset && NULL =3D=3D cert->key) { ++ okey =3D PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); + if (NULL !=3D okey) { + netsnmp_key *key; + DEBUGMSGT(("cert:read:key", "found key with cert in %s\= n", +@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert) + break; + #ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER + case NS_CERT_TYPE_PKCS12: +- (void)BIO_reset(certbio); ++ (void)BIO_seek(certbio, cert->offset); + PKCS12 *p12 =3D d2i_PKCS12_bio(certbio, NULL); + if ( (NULL !=3D p12) && (PKCS12_verify_mac(p12, "", 0) || + PKCS12_verify_mac(p12, NULL, 0))) +@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert) + return NULL; + } +=20 +- cert->ocert =3D ocert; +- /* +- * X509_check_ca return codes: +- * 0 not a CA +- * 1 is a CA +- * 2 basicConstraints absent so "maybe" a CA +- * 3 basicConstraints absent but self signed V1. +- * 4 basicConstraints absent but keyUsage present and keyCertSign asser= ted. +- * 5 outdated Netscape Certificate Type CA extension. +- */ +- is_ca =3D X509_check_ca(ocert); +- if (1 =3D=3D is_ca) +- cert->info.allowed_uses |=3D NS_CERT_CA; +- +- if (NULL =3D=3D cert->subject) { +- cert->subject =3D X509_NAME_oneline(X509_get_subject_name(ocert), N= ULL, +- 0); +- DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subjec= t)); +- } +- +- if (NULL =3D=3D cert->issuer) { +- cert->issuer =3D X509_NAME_oneline(X509_get_issuer_name(ocert), NUL= L, 0); +- if (strcmp(cert->subject, cert->issuer) =3D=3D 0) { +- free(cert->issuer); +- cert->issuer =3D strdup("self-signed"); +- } +- DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer)); +- } +- =20 +- if (NULL =3D=3D cert->fingerprint) { +- cert->hash_type =3D netsnmp_openssl_cert_get_hash_type(ocert); +- cert->fingerprint =3D +- netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type); +- } +- =20 +- if (NULL =3D=3D cert->common_name) { +- cert->common_name =3Dnetsnmp_openssl_cert_get_commonName(ocert, NUL= L, +- NULL); +- DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name)); +- } ++ netsnmp_ocert_parse(cert, ocert); +=20 + return ocert; + } +@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key) + { + BIO *keybio; + EVP_PKEY *okey; +- char file[SNMP_MAXPATH]; +=20 + if (NULL =3D=3D key) + return NULL; +@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key) + if (key->okey) + return key->okey; +=20 +- snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename); +- DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename)); +- +- keybio =3D BIO_new(BIO_s_file()); +- if (NULL =3D=3D keybio) { +- snmp_log(LOG_ERR, "error creating BIO\n"); +- return NULL; +- } +- +- if (BIO_read_filename(keybio, file) <=3D0) { +- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", +- key->info.filename); +- BIO_vfree(keybio); ++ keybio =3D netsnmp_open_bio(key->info.dir, key->info.filename); ++ if (!keybio) { + return NULL; + } +=20 +@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) + cert->issuer_cert =3D _find_issuer(cert); + if (NULL =3D=3D cert->issuer_cert) { + DEBUGMSGT(("cert:load:warn", +- "couldn't load CA chain for cert %s\n", ++ "couldn't load full CA chain for cert %s\n", + cert->info.filename)); + rc =3D CERT_LOAD_PARTIAL; + break; +@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) + /** get issuer ocert */ + if ((NULL =3D=3D cert->issuer_cert->ocert) && + (netsnmp_ocert_get(cert->issuer_cert) =3D=3D NULL)) { +- DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n= ", ++ DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for= %s\n", + cert->info.filename)); + rc =3D CERT_LOAD_PARTIAL; + break; +@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) + return; + } +=20 +- if(key) { ++ if (key) { + if (key->cert) { + DEBUGMSGT(("cert:partner", "key already has partner\n")); + return; +@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) + return; + *pos =3D 0; +=20 +- matching =3D _cert_find_subset_fn( filename, key->info.dir ); ++ matching =3D _cert_reduce_subset_first(_cert_find_subset_fn( filena= me, ++ key->info.dir )); + if (!matching) + return; + if (1 =3D=3D matching->size) { +@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) + DEBUGMSGT(("cert:partner", "%s matches multiple certs\n", + key->info.filename)); + } +- else if(cert) { ++ else if (cert) { + if (cert->key) { + DEBUGMSGT(("cert:partner", "cert already has partner\n")); + return; +@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) + } + } +=20 ++static netsnmp_key * ++_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *i= ndex) ++{ ++ netsnmp_key *key; ++ ++ key =3D _new_key(dirname, filename); ++ if (NULL =3D=3D key) { ++ return NULL; ++ } ++ ++ key->okey =3D okey; ++ ++ if (-1 =3D=3D CONTAINER_INSERT(_keys, key)) { ++ DEBUGMSGT(("cert:key:file:add:err", ++ "error inserting key into container\n")); ++ netsnmp_key_free(key); ++ key =3D NULL; ++ } ++ if (index) { ++ fprintf(index, "k:%s\n", filename); ++ } ++ ++ return key; ++} ++ ++static netsnmp_cert * ++_add_cert(X509 *ocert, const char* dirname, const char* filename, int type,= int offset, FILE *index) ++{ ++ netsnmp_cert *cert; ++ ++ cert =3D _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NUL= L); ++ if (NULL =3D=3D cert) ++ return NULL; ++ ++ netsnmp_ocert_parse(cert, ocert); ++ ++ if (-1 =3D=3D CONTAINER_INSERT(_certs, cert)) { ++ DEBUGMSGT(("cert:file:add:err", ++ "error inserting cert into container\n")); ++ netsnmp_cert_free(cert); ++ return NULL; ++ } ++ ++ if (index) { ++ /** filename =3D NAME_MAX =3D 255 */ ++ /** fingerprint max =3D 64*3=3D192 for sha512 */ ++ /** common name / CN =3D 64 */ ++ if (cert) ++ fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename, ++ cert->info.type, cert->offset, cert->hash_type, cert->f= ingerprint, ++ cert->common_name, cert->subject); ++ } ++ ++ return cert; ++} ++ + static int + _add_certfile(const char* dirname, const char* filename, FILE *index) + { +- X509 *ocert; +- EVP_PKEY *okey; ++ BIO *certbio; ++ X509 *ocert =3D NULL; ++ X509 *ncert; ++ EVP_PKEY *okey =3D NULL; + netsnmp_cert *cert =3D NULL; + netsnmp_key *key =3D NULL; + char certfile[SNMP_MAXPATH]; + int type; ++ int offset =3D 0; +=20 + if (((const void*)NULL =3D=3D dirname) || (NULL =3D=3D filename)) + return -1; +=20 + type =3D _type_from_filename(filename); +- netsnmp_assert(type !=3D NS_CERT_TYPE_UNKNOWN); ++ if (type =3D=3D NS_CERT_TYPE_UNKNOWN) { ++ snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignor= ing\n", filename); ++ return -1; ++ } +=20 +- snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename); ++ certbio =3D netsnmp_open_bio(dirname, filename); ++ if (!certbio) { ++ return -1; ++ } +=20 +- DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename, +- type)); ++ switch (type) { +=20 +- if (NS_CERT_TYPE_KEY =3D=3D type) { +- key =3D _new_key(dirname, filename); +- if (NULL =3D=3D key) +- return -1; +- okey =3D netsnmp_okey_get(key); +- if (NULL =3D=3D okey) { +- netsnmp_key_free(key); +- return -1; +- } +- key->okey =3D okey; +- if (-1 =3D=3D CONTAINER_INSERT(_keys, key)) { +- DEBUGMSGT(("cert:key:file:add:err", +- "error inserting key into container\n")); +- netsnmp_key_free(key); +- key =3D NULL; +- } +- } +- else { +- cert =3D _new_cert(dirname, filename, type, -1, NULL, NULL, NULL); +- if (NULL =3D=3D cert) +- return -1; +- ocert =3D netsnmp_ocert_get(cert); +- if (NULL =3D=3D ocert) { +- netsnmp_cert_free(cert); +- return -1; +- } +- cert->ocert =3D ocert; +- if (-1 =3D=3D CONTAINER_INSERT(_certs, cert)) { +- DEBUGMSGT(("cert:file:add:err", +- "error inserting cert into container\n")); +- netsnmp_cert_free(cert); +- cert =3D NULL; +- } +- } +- if ((NULL =3D=3D cert) && (NULL =3D=3D key)) { +- DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile)); +- return -1; ++ case NS_CERT_TYPE_KEY:=20 ++ ++ okey =3D PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); ++ if (NULL =3D=3D okey) ++ snmp_log(LOG_ERR, "error parsing key file %s\n", ++ key->info.filename); ++ else { ++ key =3D _add_key(okey, dirname, filename, index); ++ if (NULL =3D=3D key) { ++ EVP_PKEY_free(okey); ++ okey =3D NULL; ++ } ++ } ++ break; ++ ++ case NS_CERT_TYPE_DER: ++ ++ ocert =3D d2i_X509_bio(certbio, NULL); /* DER/ASN1 */ ++ if (NULL !=3D ocert) { ++ if (!_add_cert(ocert, dirname, filename, type, 0, index)) { ++ X509_free(ocert); ++ ocert =3D NULL; ++ } ++ break; ++ } ++ (void)BIO_reset(certbio); ++ /* Check for PEM if DER didn't work */ ++ /* FALLTHROUGH */ ++ ++ case NS_CERT_TYPE_PEM: ++ ++ if (NS_CERT_TYPE_DER =3D=3D type) { ++ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"= )); ++ type =3D NS_CERT_TYPE_PEM; ++ } ++ ocert =3D ncert =3D PEM_read_bio_X509_AUX(certbio, NULL, NULL, = NULL); ++ if (NULL !=3D ocert) { ++ cert =3D _add_cert(ncert, dirname, filename, type, offset, = index); ++ if (NULL =3D=3D cert) { ++ X509_free(ocert); ++ ocert =3D ncert =3D NULL; ++ } ++ } ++ while (NULL !=3D ncert) { ++ offset =3D BIO_tell(certbio); ++ ncert =3D PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); ++ if (ncert) { ++ if (NULL =3D=3D _add_cert(ncert, dirname, filename, typ= e, offset, index)) { ++ X509_free(ncert); ++ ncert =3D NULL; ++ } ++ } ++ } ++ ++ BIO_seek(certbio, offset); ++ ++ /** check for private key too */ ++ okey =3D PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); ++ ++ if (NULL !=3D okey) { ++ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n", ++ cert->info.filename)); ++ key =3D _add_key(okey, dirname, filename, NULL); ++ if (NULL !=3D key) { ++ DEBUGMSGT(("cert:read:partner", "%s match found!\n", ++ cert->info.filename)); ++ key->cert =3D cert; ++ cert->key =3D key; ++ cert->info.allowed_uses |=3D NS_CERT_IDENTITY; ++ } ++ else { ++ EVP_PKEY_free(okey); ++ okey =3D NULL; ++ } ++ } ++ ++ break; ++ ++#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER ++ case NS_CERT_TYPE_PKCS12: ++#endif ++ ++ default: ++ break; + } +=20 +- if (index) { +- /** filename =3D NAME_MAX =3D 255 */ +- /** fingerprint max =3D 64*3=3D192 for sha512 */ +- /** common name / CN =3D 64 */ +- if (cert) +- fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename, +- cert->info.type, cert->hash_type, cert->fingerprint, +- cert->common_name, cert->subject); +- else if (key) +- fprintf(index, "k:%s\n", filename); ++ BIO_vfree(certbio); ++ ++ if ((NULL =3D=3D ocert) && (NULL =3D=3D okey)) { ++ snmp_log(LOG_ERR, "certificate file '%s' contained neither certific= ate nor key, ignoring\n", certfile); ++ return -1; + } +=20 + return 0; +@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dir= stat) + struct stat idx_stat; + char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX]; + char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type= _str[15]; +- char subject[SNMP_MAXBUF_SMALL], hash_str[15]; ++ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15= ]; ++ ssize_t offset; + int count =3D 0, type, hash, version; + netsnmp_cert *cert; + netsnmp_key *key; +@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dir= stat) + netsnmp_directory_container_read_some(NULL, dirname, + _time_filter, &idx_stat, + NETSNMP_DIR_NSFILE | +- NETSNMP_DIR_NSFILE_STATS); ++ NETSNMP_DIR_NSFILE_STATS | ++ NETSNMP_DIR_ALLOW_DUPLICATES); + if (newer) { + DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n")); + CONTAINER_FREE_ALL(newer, NULL); +@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dir= stat) + pos =3D &tmpstr[2]; + if ((NULL =3D=3D (pos=3Dcopy_nword(pos, filename, sizeof(filena= me)))) || + (NULL =3D=3D (pos=3Dcopy_nword(pos, type_str, sizeof(type_s= tr)))) || ++ (NULL =3D=3D (pos=3Dcopy_nword(pos, offset_str, sizeof(offs= et_str)))) || + (NULL =3D=3D (pos=3Dcopy_nword(pos, hash_str, sizeof(hash_s= tr)))) || + (NULL =3D=3D (pos=3Dcopy_nword(pos, fingerprint, + sizeof(fingerprint)))) || +@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dir= stat) + break; + } + type =3D atoi(type_str); ++ offset =3D atoi(offset_str); + hash =3D atoi(hash_str); +- cert =3D _new_cert(dirname, filename, type, hash, fingerprint, ++ cert =3D _new_cert(dirname, filename, type, offset, hash, finge= rprint, + common_name, subject); + if (cert && 0 =3D=3D CONTAINER_INSERT(found, cert)) + ++count; +@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname) + netsnmp_directory_container_read_some(NULL, dirname, + _cert_cert_filter, NULL, + NETSNMP_DIR_RELATIVE_PATH | +- NETSNMP_DIR_EMPTY_OK ); ++ NETSNMP_DIR_EMPTY_OK | ++ NETSNMP_DIR_ALLOW_DUPLICATES); + if (NULL =3D=3D cert_container) { + DEBUGMSGT(("cert:index:dir", + "error creating container for cert files\n")); +@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context) + if (NULL =3D=3D c) + return; +=20 +- DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.di= r)); ++ DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filenam= e, c->info.dir, c->offset)); + DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n", + c->info.type, c->info.allowed_uses, + _mode_str(c->info.allowed_uses))); +@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint) + netsnmp_void_array *matching; +=20 + DEBUGMSGT(("cert:find:params", " hint =3D %s\n", (char *)hint)); +- matching =3D _cert_find_subset_fn( filename, NULL ); ++ matching =3D _cert_reduce_subset_what(_cert_find_subset_fn( ++ filename, NULL ), what); + if (!matching) + return NULL; + if (1 =3D=3D matching->size) +@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, con= st char *directory) + } + } +=20 ++/* ++ * reduce subset by eliminating any certificates that are not the ++ * first certficate in a file. This allows us to ignore certificate ++ * chains when testing for specific certificates, and to match keys ++ * to the first certificate only. ++ */ ++static netsnmp_void_array * ++_cert_reduce_subset_first(netsnmp_void_array *matching) ++{ ++ netsnmp_cert *cc; ++ int i =3D 0, j, newsize; ++ ++ if ((NULL =3D=3D matching)) ++ return matching; ++ ++ newsize =3D matching->size; ++ ++ for( ; i < matching->size; ) { ++ /* ++ * if we've shifted matches down we'll hit a NULL entry before ++ * we hit the end of the array. ++ */ ++ if (NULL =3D=3D matching->array[i]) ++ break; ++ /* ++ * skip over valid matches. The first entry has an offset of zero. ++ */ ++ cc =3D (netsnmp_cert*)matching->array[i]; ++ if (0 =3D=3D cc->offset) { ++ ++i; ++ continue; ++ } ++ /* ++ * shrink array by shifting everything down a spot. Might not be ++ * the most efficient soloution, but this is just happening at ++ * startup and hopefully most certs won't have common prefixes. ++ */ ++ --newsize; ++ for ( j=3Di; j < newsize; ++j ) ++ matching->array[j] =3D matching->array[j+1]; ++ matching->array[j] =3D NULL; ++ /** no ++i; just shifted down, need to look at same position again = */ ++ } ++ /* ++ * if we shifted, set the new size ++ */ ++ if (newsize !=3D matching->size) { ++ DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d t= o %d\n", ++ matching->size, newsize)); ++ matching->size =3D newsize; ++ } ++ ++ if (0 =3D=3D matching->size) { ++ free(matching->array); ++ SNMP_FREE(matching); ++ } ++ ++ return matching; ++} ++ ++/* ++ * reduce subset by eliminating any certificates that do not match ++ * purpose specified. ++ */ ++static netsnmp_void_array * ++_cert_reduce_subset_what(netsnmp_void_array *matching, int what) ++{ ++ netsnmp_cert_common *cc; ++ int i =3D 0, j, newsize; ++ ++ if ((NULL =3D=3D matching)) ++ return matching; ++ ++ newsize =3D matching->size; ++ ++ for( ; i < matching->size; ) { ++ /* ++ * if we've shifted matches down we'll hit a NULL entry before ++ * we hit the end of the array. ++ */ ++ if (NULL =3D=3D matching->array[i]) ++ break; ++ /* ++ * skip over valid matches. The first entry has an offset of zero. ++ */ ++ cc =3D (netsnmp_cert_common *)matching->array[i]; ++ if ((cc->allowed_uses & what)) { ++ ++i; ++ continue; ++ } ++ /* ++ * shrink array by shifting everything down a spot. Might not be ++ * the most efficient soloution, but this is just happening at ++ * startup and hopefully most certs won't have common prefixes. ++ */ ++ --newsize; ++ for ( j=3Di; j < newsize; ++j ) ++ matching->array[j] =3D matching->array[j+1]; ++ matching->array[j] =3D NULL; ++ /** no ++i; just shifted down, need to look at same position again = */ ++ } ++ /* ++ * if we shifted, set the new size ++ */ ++ if (newsize !=3D matching->size) { ++ DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to= %d\n", ++ matching->size, newsize)); ++ matching->size =3D newsize; ++ } ++ ++ if (0 =3D=3D matching->size) { ++ free(matching->array); ++ SNMP_FREE(matching); ++ } ++ ++ return matching; ++} ++ + static netsnmp_void_array * + _cert_find_subset_common(const char *filename, netsnmp_container *container) + { +diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c +index c2dd989..e7145e4 100644 +--- a/snmplib/dir_utils.c ++++ b/snmplib/dir_utils.c +@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container = *user_container, + /** default to unsorted */ + if (! (flags & NETSNMP_DIR_SORTED)) + CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc); ++ /** default to duplicates not allowed */ ++ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES)) ++ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES,= rc); + } +=20 + dir =3D opendir(dirname); diff --git a/net-snmp/patches/net-snmp-5.9-memory-reporting.patch b/net-snmp/= patches/net-snmp-5.9-memory-reporting.patch new file mode 100644 index 000000000..3db8d51f6 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-memory-reporting.patch @@ -0,0 +1,28 @@ +diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/= hardware/memory/memory_linux.c +index 6d5e86c..68b55d2 100644 +--- a/agent/mibgroup/hardware/memory/memory_linux.c ++++ b/agent/mibgroup/hardware/memory/memory_linux.c +@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *= magic ) { + if (first) + snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n"); + } ++ b =3D strstr(buff, "SReclaimable: "); ++ if (b) ++ sscanf(b, "SReclaimable: %lu", &sreclaimable); ++ else { ++ if (first) ++ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n"); ++ } + b =3D strstr(buff, "SwapFree: "); + if (b) + sscanf(b, "SwapFree: %lu", &swapfree); +@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *m= agic ) { + if (first) + snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n"); + } +- b =3D strstr(buff, "SReclaimable: "); +- if (b) +- sscanf(b, "SReclaimable: %lu", &sreclaimable); + first =3D 0; +=20 +=20 diff --git a/net-snmp/patches/net-snmp-5.7.2-pie.patch b/net-snmp/patches/net= -snmp-5.9-pie.patch similarity index 56% rename from net-snmp/patches/net-snmp-5.7.2-pie.patch rename to net-snmp/patches/net-snmp-5.9-pie.patch index ee02001b3..a79290413 100644 --- a/net-snmp/patches/net-snmp-5.7.2-pie.patch +++ b/net-snmp/patches/net-snmp-5.9-pie.patch @@ -1,7 +1,8 @@ -diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.= in ---- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200 -+++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200 -@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c +diff --git a/agent/Makefile.in b/agent/Makefile.in +index 047d880..38d40aa 100644 +--- a/agent/Makefile.in ++++ b/agent/Makefile.in +@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?=20 =20 snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB)= $(LIBTARG)=20 @@ -9,11 +10,12 @@ diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7= .2/agent/Makefile.in + $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} =20 libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELI= BS) - $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO= _UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@ -diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in ---- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200 -+++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200 -@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX + $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFL= AGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ +diff --git a/apps/Makefile.in b/apps/Makefile.in +index 3dbb1d1..48ed23a 100644 +--- a/apps/Makefile.in ++++ b/apps/Makefile.in +@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS) $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS} =20 snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS) diff --git a/net-snmp/patches/net-snmp-5.9.1-autoconf.patch b/net-snmp/patche= s/net-snmp-5.9.1-autoconf.patch new file mode 100644 index 000000000..5c6b2a9de --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9.1-autoconf.patch @@ -0,0 +1,6 @@ +diff -urNp a/dist/autoconf-version b/dist/autoconf-version +--- a/dist/autoconf-version 2021-09-01 11:18:14.582110773 +0200 ++++ b/dist/autoconf-version 2021-09-01 11:20:16.804369533 +0200 +@@ -1 +1 @@ +-2.69 ++2.71 --=20 2.30.2 --===============8100630308130721787==--