rpms
/
net-snmp
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import net-snmp-5.9.4-13.el10

Browse Source
i10c-beta changed/i10c-beta/net-snmp-5.9.4-13.el10
MSVSphere Packaging Team 1 month ago
commit 680889f2c8
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8
41 changed files with 4791 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/net-snmp-5.9.4.tar.gz

1
.net-snmp.metadata
Unescape View File

@ -0,0 +1 @@
2f5e96165890158c45e73f9e24c5682885355a57 SOURCES/net-snmp-5.9.4.tar.gz

41
SOURCES/IETF-MIB-LICENSE.txt
Unescape View File

@ -0,0 +1,41 @@
MIBs included in this software taken from IETF Documents are considered
Code Components in accordance with the IETF Trust License Policy, as found
here:
http://trustee.ietf.org/license-info/
They are available under the terms of the Simplified BSD license, a copy of
which is included below.
*****
Copyright (c) 2013 IETF Trust and the persons identified as authors of
the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
· Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
· Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
· Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS
IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

30
SOURCES/net-snmp-5.7.2-cert-path.patch
Unescape View File

@ -0,0 +1,30 @@
1134475 - dependency in perl package
Use hardcoded path to configuration directories instead of net-snmp-config.
net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
depending on -devel.
diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
--- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200
@@ -819,8 +819,7 @@ sub set_default {
sub cfg_path {
my $path;
- $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`;
- chomp $path;
+ $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp";
return (wantarray ? split(':', $path) : $path);
}
@@ -1414,8 +1413,8 @@ sub checkReqs {
die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later")
if ($ossl_ver cmp $ossl_min_ver) < 0;
- die("$NetSNMP::Cert::CFGTOOL not found: please install")
- if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
+# die("$NetSNMP::Cert::CFGTOOL not found: please install")
+# if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
}
sub initOpts {

14
SOURCES/net-snmp-5.7.3-iterator-fix.patch
Unescape View File

@ -0,0 +1,14 @@
diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200
+++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200
@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
return 0; /* or -1 */
it = CONTAINER_ITERATOR( swrun_container );
+ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
+ if (0 == strcmp( entry->hrSWRunName, name ))
+ i++;
+ }
while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
if (0 == strcmp( entry->hrSWRunName, name ))
i++;

12
SOURCES/net-snmp-5.8-Remove-U64-typedef.patch
Unescape View File

@ -0,0 +1,12 @@
diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h
--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200
+++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200
@@ -10,7 +10,7 @@ extern "C" {
* Note: using the U64 typedef is deprecated because this typedef conflicts
* with a typedef with the same name defined in the Perl header files.
*/
- typedef struct counter64 U64;
+// typedef struct counter64 U64;
#endif
#define I64CHARSZ 21

35
SOURCES/net-snmp-5.8-clientaddr-error-message.patch
Unescape View File

@ -0,0 +1,35 @@
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100
+++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100
@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
"No error", /* SNMPERR_SUCCESS */
"Generic error", /* SNMPERR_GENERR */
"Invalid local port", /* SNMPERR_BAD_LOCPORT */
- "Unknown host", /* SNMPERR_BAD_ADDRESS */
+ "Invalid address", /* SNMPERR_BAD_ADDRESS */
"Unknown session", /* SNMPERR_BAD_SESSION */
"Too long", /* SNMPERR_TOO_LONG */
"No socket", /* SNMPERR_NO_SOCKET */
@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
in_session->s_errno = errno;
- snmp_set_detail(in_session->peername);
+ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
+ NETSNMP_DS_LIB_CLIENT_ADDR))
+ snmp_set_detail(in_session->peername);
return NULL;
}
diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100
+++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100
@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
DEBUGMSGTL(("netsnmp_udpbase",
"failed to bind for clientaddr: %d %s\n",
errno, strerror(errno)));
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
+ strerror(errno)));
goto err;
}

11
SOURCES/net-snmp-5.8-duplicate-ipAddress.patch
Unescape View File

@ -0,0 +1,11 @@
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200
@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
/* 'entry' is duplicate of the previous one -> delete it */
+ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
netsnmp_access_ipaddress_entry_free(entry);
} else {
CONTAINER_INSERT(ret, entry);

12
SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch
Unescape View File

@ -0,0 +1,12 @@
diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200
+++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200
@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
* save a warning header to the top of the new file
*/
snprintf(fileold, sizeof(fileold),
- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
+ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
"#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
"#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
type, type, type,

82
SOURCES/net-snmp-5.8-ipAddress-faster-load.patch
Unescape View File

@ -0,0 +1,82 @@
diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200
+++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200
@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
}
#elif defined(linux)
+#include <errno.h>
static struct ifreq *ifr;
static int ifr_counter;
static void
Address_Scan_Init(void)
{
- int num_interfaces = 0;
+ int i;
int fd;
+ int lastlen = 0;
/* get info about all interfaces */
@@ -510,28 +512,45 @@ Address_Scan_Init(void)
SNMP_FREE(ifc.ifc_buf);
ifr_counter = 0;
- do
- {
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
{
DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
return;
}
- num_interfaces += 16;
- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
-
- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
- {
- ifr=NULL;
- close(fd);
- return;
- }
- close(fd);
+ /*
+ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
+ * on some platforms; see W. R. Stevens, ``Unix Network Programming
+ * Volume I'', p.435...
+ */
+
+ for (i = 8;; i *= 2) {
+ ifc.ifc_len = sizeof(struct ifreq) * i;
+ ifc.ifc_req = calloc(i, sizeof(struct ifreq));
+
+ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
+ if (errno != EINVAL || lastlen != 0) {
+ /*
+ * Something has gone genuinely wrong...
+ */
+ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
+ SNMP_FREE(ifc.ifc_buf);
+ close(fd);
+ return;
+ }
+ } else {
+ if (ifc.ifc_len == lastlen) {
+ /*
+ * The length is the same as the last time; we're done...
+ */
+ break;
+ }
+ lastlen = ifc.ifc_len;
+ }
+ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
}
- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
-
+
+ close(fd);
ifr = ifc.ifc_req;
}

36
SOURCES/net-snmp-5.8-man-page.patch
Unescape View File

@ -0,0 +1,36 @@
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200
+++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200
@@ -3,7 +3,7 @@
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
.SH SYNOPSIS
.PP
-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
.B [username]
.SH DESCRIPTION
.PP
@@ -16,13 +16,16 @@ new user in net-snmp configuration file
displays the net-snmp version number
.TP
\fB\-ro\fR
-create an user with read-only permissions
+creates a user with read-only permissions
.TP
-\fB\-a authpass\fR
-specify authentication password
+\fB\-A authpass\fR
+specifies the authentication password
.TP
-\fB\-x privpass\fR
-specify encryption password
+\fB\-a MD5|SHA\fR
+specifies the authentication password hashing algorithm
.TP
-\fB\-X DES|AES\fR
-specify encryption algorithm
+\fB\-X privpass\fR
+specifies the encryption password
+.TP
+\fB\-x DES|AES\fR
+specifies the encryption algorithm

83
SOURCES/net-snmp-5.8-modern-rpm-api.patch
Unescape View File

@ -0,0 +1,83 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:12:19.583503903 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:50:38.599703588 +0200
@@ -102,7 +102,6 @@ netsnmp_swinst_arch_load( netsnmp_contai
rpmtd td_name, td_version, td_release, td_group, td_time;
#else
char *n, *v, *r, *g;
- int32_t *t;
#endif
time_t install_time;
size_t date_len;
@@ -146,14 +145,13 @@ netsnmp_swinst_arch_load( netsnmp_contai
install_time = rpmtdGetNumber(td_time);
g = rpmtdGetString(td_group);
#else
- headerGetEntry( h, RPMTAG_NAME, NULL, (void**)&n, NULL);
- headerGetEntry( h, RPMTAG_VERSION, NULL, (void**)&v, NULL);
- headerGetEntry( h, RPMTAG_RELEASE, NULL, (void**)&r, NULL);
- headerGetEntry( h, RPMTAG_GROUP, NULL, (void**)&g, NULL);
- headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL);
+ n = headerGetString( h, RPMTAG_NAME);
+ v = headerGetString( h, RPMTAG_VERSION);
+ r = headerGetString( h, RPMTAG_RELEASE);
+ g = headerGetString( h, RPMTAG_GROUP);
+ install_time = headerGetNumber( h, RPMTAG_INSTALLTIME);
entry->swName_len = snprintf( entry->swName, sizeof(entry->swName),
"%s-%s-%s", n, v, r);
- install_time = *t;
#endif
entry->swType = (g && NULL != strstr( g, "System Environment"))
? 2 /* operatingSystem */
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2018-07-18 16:12:19.582503907 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2018-07-18 17:09:29.716564197 +0200
@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp,
}
#else
# ifdef HAVE_LIBRPM
- char *rpm_groups;
- if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) {
- if ( strstr(rpm_groups, "System Environment") != NULL )
+ const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP);
+ if ( NULL != rpm_group ) {
+ if ( strstr(rpm_group, "System Environment") != NULL )
long_return = 2; /* operatingSystem */
else
long_return = 4; /* applcation */
@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp,
case HRSWINST_DATE:
{
#ifdef HAVE_LIBRPM
- int32_t *rpm_data;
- if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) {
- time_t installTime = *rpm_data;
+ time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME);
+ if ( 0 != installTime ) {
ret = date_n_time(&installTime, var_len);
} else {
ret = date_n_time(NULL, var_len);
@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix)
if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) {
int offset;
Header h;
- char *n, *v, *r;
+ const char *n, *v, *r;
offset = swi->swi_recs[ix - 1];
@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix)
swi->swi_h = h;
swi->swi_prevx = ix;
- headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL);
- headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v,
- NULL);
- headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r,
- NULL);
+ n = headerGetString(swi->swi_h, RPMTAG_NAME);
+ v = headerGetString(swi->swi_h, RPMTAG_VERSION);
+ r = headerGetString(swi->swi_h, RPMTAG_RELEASE);
snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r);
swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
}

28
SOURCES/net-snmp-5.8-rpm-memory-leak.patch
Unescape View File

@ -0,0 +1,28 @@
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
index 695c469..dd0e487 100644
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
SNMP_FREE(rpmdbpath);
dbpath = NULL;
+#ifdef HAVE_RPMGETPATH
+ rpmFreeRpmrc();
+#endif
if (-1 == stat( pkg_directory, &stat_buf )) {
snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
pkg_directory[0] = '\0';
diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
index 1f52733..ccf1cab 100644
--- a/agent/mibgroup/host/hr_swinst.c
+++ b/agent/mibgroup/host/hr_swinst.c
@@ -231,6 +231,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;
swi->swi_directory = strdup(path);
+#ifdef HAVE_RPMGETPATH
+ rpmFreeRpmrc();
+#endif
}
#else
# ifdef _PATH_HRSW_directory

18
SOURCES/net-snmp-5.9-aes-config.patch
Unescape View File

@ -0,0 +1,18 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index afd6fa4..07c26fe 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -58,11 +58,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ DES|AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ des|aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift
;;

12
SOURCES/net-snmp-5.9-autofs-skip.patch
Unescape View File

@ -0,0 +1,12 @@
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
index e7ca92f..80b3e0d 100644
--- a/agent/mibgroup/host/hr_filesys.c
+++ b/agent/mibgroup/host/hr_filesys.c
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
"shm",
"sockfs",
"sysfs",
+ "tmpfs",
"usbdevfs",
"usbfs",
#endif

20
SOURCES/net-snmp-5.9-cflags.patch
Unescape View File

@ -0,0 +1,20 @@
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200
@@ -1,3 +1,4 @@
+use lib '.';
use strict;
use warnings;
use ExtUtils::MakeMaker;
diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
--- a/perl/MakefileSubs.pm 2020-08-26 08:32:52.498909823 +0200
+++ b/perl/MakefileSubs.pm 2020-08-26 08:36:44.097218448 +0200
@@ -116,7 +116,7 @@ sub AddCommonParams {
append($Params->{'CCFLAGS'}, $cflags);
append($Params->{'CCFLAGS'}, $Config{'ccflags'});
# Suppress known Perl header shortcomings.
- $Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
+ $Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
append($Params->{'CCFLAGS'}, '-Wformat');
}
}

22
SOURCES/net-snmp-5.9-coverity.patch
Unescape View File

@ -0,0 +1,22 @@
diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
index e9a8831..5a1d8e7 100644
--- a/agent/mibgroup/disman/event/mteTrigger.c
+++ b/agent/mibgroup/disman/event/mteTrigger.c
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;

30
SOURCES/net-snmp-5.9-dir-fix.patch
Unescape View File

@ -0,0 +1,30 @@
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 19895a1..ac3c60f 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -14,6 +14,10 @@ Xalgorithm="DES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
+case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+esac
unset shifted
case $1 in
@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
touch "$outfile"
fi
echo "$line" >> "$outfile"
-prefix=@prefix@
-datarootdir=@datarootdir@
-# To suppress shellcheck complaints about $prefix and $datarootdir.
-: "$prefix" "$datarootdir"
-outfile="@datadir@/snmp/snmpd.conf"
+# Avoid that configure complains that this script ignores @datarootdir@
+echo "@datarootdir@" >/dev/null
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " $line"

855
SOURCES/net-snmp-5.9-intermediate-certs.patch
Unescape View File

@ -0,0 +1,855 @@
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
index 80e2a19..143adbb 100644
--- a/include/net-snmp/library/cert_util.h
+++ b/include/net-snmp/library/cert_util.h
@@ -55,7 +55,8 @@ extern "C" {
char *common_name;
u_char hash_type;
- u_char _pad[3]; /* for future use */
+ u_char _pad[1]; /* for future use */
+ u_short offset;
} netsnmp_cert;
/** types */
@@ -100,6 +101,7 @@ extern "C" {
NETSNMP_IMPORT
netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint);
+ netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint);
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
index 471bb0b..ac7f69a 100644
--- a/include/net-snmp/library/dir_utils.h
+++ b/include/net-snmp/library/dir_utils.h
@@ -53,7 +53,8 @@ extern "C" {
#define NETSNMP_DIR_NSFILE 0x0010
/** load stats in netsnmp_file */
#define NETSNMP_DIR_NSFILE_STATS 0x0020
-
+/** allow files to be indexed more than once */
+#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040
#ifdef __cplusplus
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
index 210ad8b..b1f8144 100644
--- a/snmplib/cert_util.c
+++ b/snmplib/cert_util.c
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
* bump this value whenever cert index format changes, so indexes
* will be regenerated with new format.
*/
-#define CERT_INDEX_FORMAT 1
+#define CERT_INDEX_FORMAT 2
static netsnmp_container *_certs = NULL;
static netsnmp_container *_keys = NULL;
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
netsnmp_cert_common *rhs);
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
+static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *matching);
+static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *matching, int what);
static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
const char *directory);
static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
{
netsnmp_container *c;
+ int rc;
+
c = netsnmp_container_find("certs:binary_array");
if (NULL == c) {
snmp_log(LOG_ERR, "could not create container for %s\n", use);
@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
c->free_item = (netsnmp_container_obj_func*)_cert_free;
c->compare = (netsnmp_container_compare*)_cert_compare;
+ CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
+
return c;
}
@@ -362,6 +368,8 @@ _setup_containers(void)
{
netsnmp_container *additional_keys;
+ int rc;
+
_certs = _get_cert_container("netsnmp certificates");
if (NULL == _certs)
return;
@@ -376,6 +384,7 @@ _setup_containers(void)
additional_keys->container_name = strdup("certs_cn");
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: subject name */
@@ -389,6 +398,7 @@ _setup_containers(void)
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
netsnmp_container_add_index(_certs, additional_keys);
/** additional keys: file name */
@@ -402,6 +412,7 @@ _setup_containers(void)
additional_keys->free_item = NULL;
additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
netsnmp_container_add_index(_certs, additional_keys);
_keys = netsnmp_container_find("cert_keys:binary_array");
@@ -424,7 +435,7 @@ netsnmp_cert_map_container(void)
}
static netsnmp_cert *
-_new_cert(const char *dirname, const char *filename, int certType,
+_new_cert(const char *dirname, const char *filename, int certType, int offset,
int hashType, const char *fingerprint, const char *common_name,
const char *subject)
{
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
cert->info.dir = strdup(dirname);
cert->info.filename = strdup(filename);
- cert->info.allowed_uses = NS_CERT_REMOTE_PEER;
+ /* only the first certificate is allowed to be a remote peer */
+ cert->info.allowed_uses = offset ? 0 : NS_CERT_REMOTE_PEER;
cert->info.type = certType;
+ cert->offset = offset;
if (fingerprint) {
cert->hash_type = hashType;
cert->fingerprint = strdup(fingerprint);
@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
* certificate utility functions
*
*/
+static BIO *
+netsnmp_open_bio(const char *dir, const char *filename)
+{
+ BIO *certbio;
+ char file[SNMP_MAXPATH];
+
+ DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename));
+
+ certbio = BIO_new(BIO_s_file());
+ if (NULL == certbio) {
+ snmp_log(LOG_ERR, "error creating BIO\n");
+ return NULL;
+ }
+
+ snprintf(file, sizeof(file),"%s/%s", dir, filename);
+ if (BIO_read_filename(certbio, file) <=0) {
+ snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", file);
+ BIO_vfree(certbio);
+ return NULL;
+ }
+
+ return certbio;
+}
+
+static void
+netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert)
+{
+ int is_ca;
+
+ cert->ocert = ocert;
+
+ /*
+ * X509_check_ca return codes:
+ * 0 not a CA
+ * 1 is a CA
+ * 2 basicConstraints absent so "maybe" a CA
+ * 3 basicConstraints absent but self signed V1.
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+ * 5 outdated Netscape Certificate Type CA extension.
+ */
+ is_ca = X509_check_ca(ocert);
+ if (1 == is_ca)
+ cert->info.allowed_uses |= NS_CERT_CA;
+
+ if (NULL == cert->subject) {
+ cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
+ 0);
+ DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
+ }
+
+ if (NULL == cert->issuer) {
+ cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
+ if (strcmp(cert->subject, cert->issuer) == 0) {
+ free(cert->issuer);
+ cert->issuer = strdup("self-signed");
+ }
+ DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
+ }
+
+ if (NULL == cert->fingerprint) {
+ cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
+ cert->fingerprint =
+ netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
+ }
+
+ if (NULL == cert->common_name) {
+ cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
+ NULL);
+ DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
+ }
+
+}
+
static X509 *
netsnmp_ocert_get(netsnmp_cert *cert)
{
BIO *certbio;
X509 *ocert = NULL;
+ X509 *ncert = NULL;
EVP_PKEY *okey = NULL;
- char file[SNMP_MAXPATH];
- int is_ca;
if (NULL == cert)
return NULL;
@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
}
}
- DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename));
-
- certbio = BIO_new(BIO_s_file());
- if (NULL == certbio) {
- snmp_log(LOG_ERR, "error creating BIO\n");
- return NULL;
- }
-
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
- if (BIO_read_filename(certbio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
- BIO_vfree(certbio);
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
+ if (!certbio) {
return NULL;
}
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
- char *pos = strrchr(cert->info.filename, '.');
- if (NULL == pos)
- return NULL;
- cert->info.type = _cert_ext_type(++pos);
- netsnmp_assert(cert->info.type != NS_CERT_TYPE_UNKNOWN);
- }
-
switch (cert->info.type) {
case NS_CERT_TYPE_DER:
+ (void)BIO_seek(certbio, cert->offset);
ocert = d2i_X509_bio(certbio,NULL); /* DER/ASN1 */
if (NULL != ocert)
break;
- (void)BIO_reset(certbio);
/* Check for PEM if DER didn't work */
/* FALLTHROUGH */
case NS_CERT_TYPE_PEM:
- ocert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+ (void)BIO_seek(certbio, cert->offset);
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
if (NULL == ocert)
break;
if (NS_CERT_TYPE_DER == cert->info.type) {
DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
cert->info.type = NS_CERT_TYPE_PEM;
}
- /** check for private key too */
- if (NULL == cert->key) {
- (void)BIO_reset(certbio);
- okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+ /** check for private key too, but only if we're the first certificate */
+ if (0 == cert->offset && NULL == cert->key) {
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
if (NULL != okey) {
netsnmp_key *key;
DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
break;
#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
case NS_CERT_TYPE_PKCS12:
- (void)BIO_reset(certbio);
+ (void)BIO_seek(certbio, cert->offset);
PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
PKCS12_verify_mac(p12, NULL, 0)))
@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
return NULL;
}
- cert->ocert = ocert;
- /*
- * X509_check_ca return codes:
- * 0 not a CA
- * 1 is a CA
- * 2 basicConstraints absent so "maybe" a CA
- * 3 basicConstraints absent but self signed V1.
- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
- * 5 outdated Netscape Certificate Type CA extension.
- */
- is_ca = X509_check_ca(ocert);
- if (1 == is_ca)
- cert->info.allowed_uses |= NS_CERT_CA;
-
- if (NULL == cert->subject) {
- cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
- 0);
- DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
- }
-
- if (NULL == cert->issuer) {
- cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
- if (strcmp(cert->subject, cert->issuer) == 0) {
- free(cert->issuer);
- cert->issuer = strdup("self-signed");
- }
- DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
- }
-
- if (NULL == cert->fingerprint) {
- cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
- cert->fingerprint =
- netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
- }
-
- if (NULL == cert->common_name) {
- cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
- NULL);
- DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
- }
+ netsnmp_ocert_parse(cert, ocert);
return ocert;
}
@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key)
{
BIO *keybio;
EVP_PKEY *okey;
- char file[SNMP_MAXPATH];
if (NULL == key)
return NULL;
@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key)
if (key->okey)
return key->okey;
- snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename);
- DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename));
-
- keybio = BIO_new(BIO_s_file());
- if (NULL == keybio) {
- snmp_log(LOG_ERR, "error creating BIO\n");
- return NULL;
- }
-
- if (BIO_read_filename(keybio, file) <=0) {
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n",
- key->info.filename);
- BIO_vfree(keybio);
+ keybio = netsnmp_open_bio(key->info.dir, key->info.filename);
+ if (!keybio) {
return NULL;
}
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
cert->issuer_cert = _find_issuer(cert);
if (NULL == cert->issuer_cert) {
DEBUGMSGT(("cert:load:warn",
- "couldn't load CA chain for cert %s\n",
+ "couldn't load full CA chain for cert %s\n",
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
/** get issuer ocert */
if ((NULL == cert->issuer_cert->ocert) &&
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
- DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n",
+ DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for %s\n",
cert->info.filename));
rc = CERT_LOAD_PARTIAL;
break;
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
}
- if(key) {
+ if (key) {
if (key->cert) {
DEBUGMSGT(("cert:partner", "key already has partner\n"));
return;
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
return;
*pos = 0;
- matching = _cert_find_subset_fn( filename, key->info.dir );
+ matching = _cert_reduce_subset_first(_cert_find_subset_fn( filename,
+ key->info.dir ));
if (!matching)
return;
if (1 == matching->size) {
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
key->info.filename));
}
- else if(cert) {
+ else if (cert) {
if (cert->key) {
DEBUGMSGT(("cert:partner", "cert already has partner\n"));
return;
@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
}
}
+static netsnmp_key *
+_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *index)
+{
+ netsnmp_key *key;
+
+ key = _new_key(dirname, filename);
+ if (NULL == key) {
+ return NULL;
+ }
+
+ key->okey = okey;
+
+ if (-1 == CONTAINER_INSERT(_keys, key)) {
+ DEBUGMSGT(("cert:key:file:add:err",
+ "error inserting key into container\n"));
+ netsnmp_key_free(key);
+ key = NULL;
+ }
+ if (index) {
+ fprintf(index, "k:%s\n", filename);
+ }
+
+ return key;
+}
+
+static netsnmp_cert *
+_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, FILE *index)
+{
+ netsnmp_cert *cert;
+
+ cert = _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NULL);
+ if (NULL == cert)
+ return NULL;
+
+ netsnmp_ocert_parse(cert, ocert);
+
+ if (-1 == CONTAINER_INSERT(_certs, cert)) {
+ DEBUGMSGT(("cert:file:add:err",
+ "error inserting cert into container\n"));
+ netsnmp_cert_free(cert);
+ return NULL;
+ }
+
+ if (index) {
+ /** filename = NAME_MAX = 255 */
+ /** fingerprint max = 64*3=192 for sha512 */
+ /** common name / CN = 64 */
+ if (cert)
+ fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename,
+ cert->info.type, cert->offset, cert->hash_type, cert->fingerprint,
+ cert->common_name, cert->subject);
+ }
+
+ return cert;
+}
+
static int
_add_certfile(const char* dirname, const char* filename, FILE *index)
{
- X509 *ocert;
- EVP_PKEY *okey;
+ BIO *certbio;
+ X509 *ocert = NULL;
+ X509 *ncert;
+ EVP_PKEY *okey = NULL;
netsnmp_cert *cert = NULL;
netsnmp_key *key = NULL;
char certfile[SNMP_MAXPATH];
int type;
+ int offset = 0;
if (((const void*)NULL == dirname) || (NULL == filename))
return -1;
type = _type_from_filename(filename);
- netsnmp_assert(type != NS_CERT_TYPE_UNKNOWN);
+ if (type == NS_CERT_TYPE_UNKNOWN) {
+ snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignoring\n", filename);
+ return -1;
+ }
- snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename);
+ certbio = netsnmp_open_bio(dirname, filename);
+ if (!certbio) {
+ return -1;
+ }
- DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename,
- type));
+ switch (type) {
- if (NS_CERT_TYPE_KEY == type) {
- key = _new_key(dirname, filename);
- if (NULL == key)
- return -1;
- okey = netsnmp_okey_get(key);
- if (NULL == okey) {
- netsnmp_key_free(key);
- return -1;
- }
- key->okey = okey;
- if (-1 == CONTAINER_INSERT(_keys, key)) {
- DEBUGMSGT(("cert:key:file:add:err",
- "error inserting key into container\n"));
- netsnmp_key_free(key);
- key = NULL;
- }
- }
- else {
- cert = _new_cert(dirname, filename, type, -1, NULL, NULL, NULL);
- if (NULL == cert)
- return -1;
- ocert = netsnmp_ocert_get(cert);
- if (NULL == ocert) {
- netsnmp_cert_free(cert);
- return -1;
- }
- cert->ocert = ocert;
- if (-1 == CONTAINER_INSERT(_certs, cert)) {
- DEBUGMSGT(("cert:file:add:err",
- "error inserting cert into container\n"));
- netsnmp_cert_free(cert);
- cert = NULL;
- }
- }
- if ((NULL == cert) && (NULL == key)) {
- DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile));
- return -1;
+ case NS_CERT_TYPE_KEY:
+
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+ if (NULL == okey)
+ snmp_log(LOG_ERR, "error parsing key file %s\n",
+ key->info.filename);
+ else {
+ key = _add_key(okey, dirname, filename, index);
+ if (NULL == key) {
+ EVP_PKEY_free(okey);
+ okey = NULL;
+ }
+ }
+ break;
+
+ case NS_CERT_TYPE_DER:
+
+ ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */
+ if (NULL != ocert) {
+ if (!_add_cert(ocert, dirname, filename, type, 0, index)) {
+ X509_free(ocert);
+ ocert = NULL;
+ }
+ break;
+ }
+ (void)BIO_reset(certbio);
+ /* Check for PEM if DER didn't work */
+ /* FALLTHROUGH */
+
+ case NS_CERT_TYPE_PEM:
+
+ if (NS_CERT_TYPE_DER == type) {
+ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
+ type = NS_CERT_TYPE_PEM;
+ }
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+ if (NULL != ocert) {
+ cert = _add_cert(ncert, dirname, filename, type, offset, index);
+ if (NULL == cert) {
+ X509_free(ocert);
+ ocert = ncert = NULL;
+ }
+ }
+ while (NULL != ncert) {
+ offset = BIO_tell(certbio);
+ ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
+ if (ncert) {
+ if (NULL == _add_cert(ncert, dirname, filename, type, offset, index)) {
+ X509_free(ncert);
+ ncert = NULL;
+ }
+ }
+ }
+
+ BIO_seek(certbio, offset);
+
+ /** check for private key too */
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
+
+ if (NULL != okey) {
+ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
+ cert->info.filename));
+ key = _add_key(okey, dirname, filename, NULL);
+ if (NULL != key) {
+ DEBUGMSGT(("cert:read:partner", "%s match found!\n",
+ cert->info.filename));
+ key->cert = cert;
+ cert->key = key;
+ cert->info.allowed_uses |= NS_CERT_IDENTITY;
+ }
+ else {
+ EVP_PKEY_free(okey);
+ okey = NULL;
+ }
+ }
+
+ break;
+
+#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
+ case NS_CERT_TYPE_PKCS12:
+#endif
+
+ default:
+ break;
}
- if (index) {
- /** filename = NAME_MAX = 255 */
- /** fingerprint max = 64*3=192 for sha512 */
- /** common name / CN = 64 */
- if (cert)
- fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename,
- cert->info.type, cert->hash_type, cert->fingerprint,
- cert->common_name, cert->subject);
- else if (key)
- fprintf(index, "k:%s\n", filename);
+ BIO_vfree(certbio);
+
+ if ((NULL == ocert) && (NULL == okey)) {
+ snmp_log(LOG_ERR, "certificate file '%s' contained neither certificate nor key, ignoring\n", certfile);
+ return -1;
}
return 0;
@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
struct stat idx_stat;
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
- char subject[SNMP_MAXBUF_SMALL], hash_str[15];
+ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15];
+ ssize_t offset;
int count = 0, type, hash, version;
netsnmp_cert *cert;
netsnmp_key *key;
@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
netsnmp_directory_container_read_some(NULL, dirname,
_time_filter, &idx_stat,
NETSNMP_DIR_NSFILE |
- NETSNMP_DIR_NSFILE_STATS);
+ NETSNMP_DIR_NSFILE_STATS |
+ NETSNMP_DIR_ALLOW_DUPLICATES);
if (newer) {
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
CONTAINER_FREE_ALL(newer, NULL);
@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
pos = &tmpstr[2];
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
+ (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) ||
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
(NULL == (pos=copy_nword(pos, fingerprint,
sizeof(fingerprint)))) ||
@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
break;
}
type = atoi(type_str);
+ offset = atoi(offset_str);
hash = atoi(hash_str);
- cert = _new_cert(dirname, filename, type, hash, fingerprint,
+ cert = _new_cert(dirname, filename, type, offset, hash, fingerprint,
common_name, subject);
if (cert && 0 == CONTAINER_INSERT(found, cert))
++count;
@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname)
netsnmp_directory_container_read_some(NULL, dirname,
_cert_cert_filter, NULL,
NETSNMP_DIR_RELATIVE_PATH |
- NETSNMP_DIR_EMPTY_OK );
+ NETSNMP_DIR_EMPTY_OK |
+ NETSNMP_DIR_ALLOW_DUPLICATES);
if (NULL == cert_container) {
DEBUGMSGT(("cert:index:dir",
"error creating container for cert files\n"));
@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context)
if (NULL == c)
return;
- DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.dir));
+ DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filename, c->info.dir, c->offset));
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
c->info.type, c->info.allowed_uses,
_mode_str(c->info.allowed_uses)));
@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint)
netsnmp_void_array *matching;
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
- matching = _cert_find_subset_fn( filename, NULL );
+ matching = _cert_reduce_subset_what(_cert_find_subset_fn(
+ filename, NULL ), what);
if (!matching)
return NULL;
if (1 == matching->size)
@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
}
}
+/*
+ * reduce subset by eliminating any certificates that are not the
+ * first certficate in a file. This allows us to ignore certificate
+ * chains when testing for specific certificates, and to match keys
+ * to the first certificate only.
+ */
+static netsnmp_void_array *
+_cert_reduce_subset_first(netsnmp_void_array *matching)
+{
+ netsnmp_cert *cc;
+ int i = 0, j, newsize;
+
+ if ((NULL == matching))
+ return matching;
+
+ newsize = matching->size;
+
+ for( ; i < matching->size; ) {
+ /*
+ * if we've shifted matches down we'll hit a NULL entry before
+ * we hit the end of the array.
+ */
+ if (NULL == matching->array[i])
+ break;
+ /*
+ * skip over valid matches. The first entry has an offset of zero.
+ */
+ cc = (netsnmp_cert*)matching->array[i];
+ if (0 == cc->offset) {
+ ++i;
+ continue;
+ }
+ /*
+ * shrink array by shifting everything down a spot. Might not be
+ * the most efficient soloution, but this is just happening at
+ * startup and hopefully most certs won't have common prefixes.
+ */
+ --newsize;
+ for ( j=i; j < newsize; ++j )
+ matching->array[j] = matching->array[j+1];
+ matching->array[j] = NULL;
+ /** no ++i; just shifted down, need to look at same position again */
+ }
+ /*
+ * if we shifted, set the new size
+ */
+ if (newsize != matching->size) {
+ DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d to %d\n",
+ matching->size, newsize));
+ matching->size = newsize;
+ }
+
+ if (0 == matching->size) {
+ free(matching->array);
+ SNMP_FREE(matching);
+ }
+
+ return matching;
+}
+
+/*
+ * reduce subset by eliminating any certificates that do not match
+ * purpose specified.
+ */
+static netsnmp_void_array *
+_cert_reduce_subset_what(netsnmp_void_array *matching, int what)
+{
+ netsnmp_cert_common *cc;
+ int i = 0, j, newsize;
+
+ if ((NULL == matching))
+ return matching;
+
+ newsize = matching->size;
+
+ for( ; i < matching->size; ) {
+ /*
+ * if we've shifted matches down we'll hit a NULL entry before
+ * we hit the end of the array.
+ */
+ if (NULL == matching->array[i])
+ break;
+ /*
+ * skip over valid matches. The first entry has an offset of zero.
+ */
+ cc = (netsnmp_cert_common *)matching->array[i];
+ if ((cc->allowed_uses & what)) {
+ ++i;
+ continue;
+ }
+ /*
+ * shrink array by shifting everything down a spot. Might not be
+ * the most efficient soloution, but this is just happening at
+ * startup and hopefully most certs won't have common prefixes.
+ */
+ --newsize;
+ for ( j=i; j < newsize; ++j )
+ matching->array[j] = matching->array[j+1];
+ matching->array[j] = NULL;
+ /** no ++i; just shifted down, need to look at same position again */
+ }
+ /*
+ * if we shifted, set the new size
+ */
+ if (newsize != matching->size) {
+ DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to %d\n",
+ matching->size, newsize));
+ matching->size = newsize;
+ }
+
+ if (0 == matching->size) {
+ free(matching->array);
+ SNMP_FREE(matching);
+ }
+
+ return matching;
+}
+
static netsnmp_void_array *
_cert_find_subset_common(const char *filename, netsnmp_container *container)
{
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
index c2dd989..e7145e4 100644
--- a/snmplib/dir_utils.c
+++ b/snmplib/dir_utils.c
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
/** default to unsorted */
if (! (flags & NETSNMP_DIR_SORTED))
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
+ /** default to duplicates not allowed */
+ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
}
dir = opendir(dirname);

12
SOURCES/net-snmp-5.9-ipv6-disable-leak.patch
Unescape View File

@ -0,0 +1,12 @@
diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100
+++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100
@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

28
SOURCES/net-snmp-5.9-memory-reporting.patch
Unescape View File

@ -0,0 +1,28 @@
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86c..68b55d2 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
}
- b = strstr(buff, "SReclaimable: ");
- if (b)
- sscanf(b, "SReclaimable: %lu", &sreclaimable);
first = 0;

48
SOURCES/net-snmp-5.9-multilib.patch
Unescape View File

@ -0,0 +1,48 @@
diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
index 90b20d9..bd5abe1 100644
--- a/man/netsnmp_config_api.3.def
+++ b/man/netsnmp_config_api.3.def
@@ -295,7 +295,7 @@ for one particular machine.
.PP
The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
followed by \fC DATADIR/snmp\fP,
-followed by \fC LIBDIR/snmp\fP,
+followed by \fC /usr/lib(64)/snmp\fP,
followed by \fC $HOME/.snmp\fP.
This list can be changed by setting the environmental variable
.I SNMPCONFPATH
@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration
files in.
Default:
.br
-SYSCONFDIR/snmp:\:DATADIR/snmp:\:LIBDIR/snmp:\:$HOME/.snmp
+SYSCONFDIR/snmp:\:DATADIR/snmp:\:/usr/lib(64)/snmp:\:$HOME/.snmp
.SH "SEE ALSO"
netsnmp_mib_api(3), snmp_api(3)
.\" Local Variables:
diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def
index fd30873..c3437d6 100644
--- a/man/snmp_config.5.def
+++ b/man/snmp_config.5.def
@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
found and read from. By default, the applications look for
configuration files in the following 4 directories, in order:
SYSCONFDIR/snmp,
-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these
+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these
directories, it looks for files snmp.conf, snmpd.conf and/or
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
and/or snmptrapd.local.conf. *.local.conf are always
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
index 7ce8a46..a4000f9 100644
--- a/man/snmpd.conf.5.def
+++ b/man/snmpd.conf.5.def
@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
.RS
.IP "Note:"
If the specified PATH is not a fully qualified filename, it will
-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
will be appended to the filename.
.RE
.PP

26
SOURCES/net-snmp-5.9-pie.patch
Unescape View File

@ -0,0 +1,26 @@
diff --git a/agent/Makefile.in b/agent/Makefile.in
index 047d880..38d40aa 100644
--- a/agent/Makefile.in
+++ b/agent/Makefile.in
@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
diff --git a/apps/Makefile.in b/apps/Makefile.in
index 3dbb1d1..48ed23a 100644
--- a/apps/Makefile.in
+++ b/apps/Makefile.in
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}

38
SOURCES/net-snmp-5.9-python3.patch
Unescape View File

@ -0,0 +1,38 @@
diff --git a/Makefile.in b/Makefile.in
index 912f6b2..862fb5f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -227,7 +227,7 @@ perlcleanfeatures:
# python specific build rules
#
-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
+PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
pythonmodules: subdirs
@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
if test $$? != 0 ; then \
diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
index daf11a4..3a30a64 100644
--- a/python/netsnmp/client.py
+++ b/python/netsnmp/client.py
@@ -56,7 +56,7 @@ class Varbind(object):
def __init__(self, tag=None, iid=None, val=None, type_arg=None):
self.tag = STR(tag)
self.iid = STR(iid)
- self.val = STR(val)
+ self.val = val
self.type = STR(type_arg)
# parse iid out of tag if needed
if iid is None and tag is not None:
@@ -66,7 +66,10 @@ class Varbind(object):
(self.tag, self.iid) = match.group(1, 2)
def __setattr__(self, name, val):
- self.__dict__[name] = STR(val)
+ if name == 'val':
+ self.__dict__[name] = val
+ else:
+ self.__dict__[name] = STR(val)
def __str__(self):
return obj_to_str(self)

65
SOURCES/net-snmp-5.9-rpmdb.patch
Unescape View File

@ -0,0 +1,65 @@
From ed4ee14af5b83fa4a86dfaa783f841d3e8545ce4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Wed, 9 Aug 2023 16:51:28 +0200
Subject: [PATCH] Add support for RPM SQLite DB background.
From RPM 4.16 the SQLite support is available for RPM DB.
After https://fedoraproject.org/wiki/Changes/Sqlite_Rpmdb, rpm changed
it's background DB from Berkeley to SQLite in Fedora.
Net-SNMP is using hard coded paths to determine where RPM DB files are.
This update is adding check for rpmdb.sqlite file in order to be able
invalidate internal cache after system package change.
Closes #596
---
agent/mibgroup/host/data_access/swinst_rpm.c | 18 +++++++++++++-----
agent/mibgroup/host/hr_swinst.c | 3 +++
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
index 050edff307..7ad91a3194 100644
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
@@ -73,15 +73,23 @@ netsnmp_swinst_arch_init(void)
#endif
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
+
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+
+ /* check for SQLite DB backend */
+ snprintf( pkg_directory, SNMP_MAXPATH, "%s/rpmdb.sqlite", dbpath );
+
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+ snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
+ pkg_directory[0] = '\0';
+ }
+ }
+
SNMP_FREE(rpmdbpath);
dbpath = NULL;
#ifdef HAVE_RPMGETPATH
rpmFreeRpmrc();
-#endif
- if (-1 == stat( pkg_directory, &stat_buf )) {
- snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
- pkg_directory[0] = '\0';
- }
+#endif
}
void
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2023-07-31 11:37:44.855071535 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2023-08-14 12:45:14.846357019 +0200
@@ -229,6 +229,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath);
if (stat(path, &stat_buf) == -1)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
+ /* check for SQLite DB backend */
+ if (stat(path, &stat_buf) == -1)
+ snprintf(path, sizeof(path), "%s/rpmdb.sqlite", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;
swi->swi_directory = strdup(path);
#ifdef HAVE_RPMGETPATH

110
SOURCES/net-snmp-5.9-test-debug.patch
Unescape View File

@ -0,0 +1,110 @@
diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
index 6c07f74..7df0b51 100644
--- a/testing/fulltests/default/T070com2sec_simple
+++ b/testing/fulltests/default/T070com2sec_simple
@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- CHECKAGENT '<"c408a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 32: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+CHECKAGENT '<"c408a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 32: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
+ FINISHED
+fi
- CHECKAGENT '<"c408b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 33: Error:'
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- return_value=1
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+CHECKAGENT '<"c408b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 33: Error:'
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
return_value=1
fi
-
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ return_value=1
fi
FINISHED
diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
index 76da70b..bc2d432 100644
--- a/testing/fulltests/default/T071com2sec6_simple
+++ b/testing/fulltests/default/T071com2sec6_simple
@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
-if false; then
- # The two tests below have been disabled because these rely on resolving a
- # domain name into a local IP address. Such DNS replies are filtered out by
- # many security devices because to avoid DNS rebinding attacks. See also
- # https://en.wikipedia.org/wiki/DNS_rebinding.
-
- # 608
- CHECKAGENT '<"c608a"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 29: Error:'
- errnum=`expr $errnum - 1`
- if [ "$snmp_last_test_result" -ne 1 ] ; then
- FINISHED
- fi
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
+# 608
+CHECKAGENT '<"c608a"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 29: Error:'
+ errnum=`expr $errnum - 1`
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
FINISHED
fi
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
+ FINISHED
+fi
- CHECKAGENTCOUNT atleastone '<"c608b"'
- if [ "$snmp_last_test_result" -eq 0 ] ; then
- CHECKAGENT 'line 30: Error:'
- if [ "$snmp_last_test_result" -eq 1 ] ; then
- errnum=`expr $errnum - 1`
- fi
+CHECKAGENTCOUNT atleastone '<"c608b"'
+if [ "$snmp_last_test_result" -eq 0 ] ; then
+ CHECKAGENT 'line 30: Error:'
+ if [ "$snmp_last_test_result" -eq 1 ] ; then
+ errnum=`expr $errnum - 1`
fi
fi

175
SOURCES/net-snmp-5.9.1-remove-des.patch
Unescape View File

@ -0,0 +1,175 @@
diff -urNp a/man/net-snmp-config.1.def b/man/net-snmp-config.1.def
--- a/man/net-snmp-config.1.def 2021-05-26 09:30:07.430790003 +0200
+++ b/man/net-snmp-config.1.def 2021-05-26 09:35:36.703673542 +0200
@@ -30,7 +30,7 @@ code for a list of available debug token
SNMP Setup commands:
.TP
\fB\-\-create\-snmpv3\-user\fR [\-ro] [\-a authpass] [\-x privpass]
-[\-X DES|AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
+[\-X AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
.PP
These options produce the various compilation flags needed when
building external SNMP applications:
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
--- a/man/net-snmp-create-v3-user.1.def 2021-05-26 09:30:07.430790003 +0200
+++ b/man/net-snmp-create-v3-user.1.def 2021-05-26 09:34:23.702034230 +0200
@@ -3,7 +3,7 @@
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
.SH SYNOPSIS
.PP
-.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x AES]
.B [username]
.SH DESCRIPTION
.PP
@@ -27,5 +27,5 @@ specifies the authentication password ha
\fB\-X privpass\fR
specifies the encryption password
.TP
-\fB\-x DES|AES\fR
+\fB\-x AES\fR
specifies the encryption algorithm
diff -urNp a/man/snmpcmd.1.def b/man/snmpcmd.1.def
--- a/man/snmpcmd.1.def 2021-05-26 09:30:07.429789994 +0200
+++ b/man/snmpcmd.1.def 2021-05-26 09:37:51.104850500 +0200
@@ -311,7 +311,7 @@ Overrides the \fIdefSecurityName\fR toke
file.
.TP
.BI \-x " privProtocol"
-Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages.
+Set the privacy protocol (AES) used for encrypted SNMPv3 messages.
Overrides the \fIdefPrivType\fR token in the
.I snmp.conf
file. This option is only valid if the Net-SNMP software was build
diff -urNp a/man/snmp.conf.5.def b/man/snmp.conf.5.def
--- a/man/snmp.conf.5.def 2021-05-26 09:30:07.429789994 +0200
+++ b/man/snmp.conf.5.def 2021-05-26 09:40:03.730011937 +0200
@@ -221,13 +221,13 @@ The
value will be used for the authentication and/or privacy pass phrases
if either of the other directives are not specified.
.IP "defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224"
-.IP "defPrivType DES|AES"
+.IP "defPrivType AES"
define the default authentication and privacy protocols to use for
SNMPv3 requests.
These can be overridden using the \fB\-a\fR and \fB\-x\fR options respectively.
.IP
If not specified, SNMPv3 requests will default to MD5 authentication
-and DES encryption.
+and AES encryption.
.RS
.IP "Note:
If the software has not been compiled to use the OpenSSL libraries,
@@ -262,8 +262,7 @@ master keys which have been converted to
suitable for on particular SNMP engine (agent). The length of the key
needs to be appropriate for the authentication or encryption type
being used (auth keys: MD5=16 bytes, SHA1=20 bytes;
-priv keys: DES=16 bytes (8
-bytes of which is used as an IV and not a key), and AES=16 bytes).
+priv keys: AES=16 bytes).
.IP "sshtosnmpsocket PATH"
Sets the path of the \fBsshtosnmp\fR socket created by an application
(e.g. snmpd) listening for incoming ssh connections through the
diff -urNp a/man/snmpd.examples.5.def b/man/snmpd.examples.5.def
--- a/man/snmpd.examples.5.def 2021-05-26 09:30:07.429789994 +0200
+++ b/man/snmpd.examples.5.def 2021-05-26 09:41:29.170761436 +0200
@@ -87,8 +87,8 @@ the same authentication and encryption s
.RS
.nf
createUser me MD5 "single pass phrase"
-createUser myself MD5 "single pass phrase" DES
-createUser andI MD5 "single pass phrase" DES "single pass phrase"
+createUser myself MD5 "single pass phrase" AES
+createUser andI MD5 "single pass phrase" AES "single pass phrase"
.fi
.RE
Note that this defines three \fIdistinct\fR users, who could be granted
diff -urNp a/man/snmptrapd.conf.5.def b/man/snmptrapd.conf.5.def
--- a/man/snmptrapd.conf.5.def 2021-05-26 09:30:07.428789985 +0200
+++ b/man/snmptrapd.conf.5.def 2021-05-26 09:42:02.963064029 +0200
@@ -117,7 +117,7 @@ to trigger the types of processing liste
See
.IR snmpd.conf (5)
for more details.
-.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES]"
+.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [AES]"
See the
.IR snmpd.conf (5)
manual page for a description of how to create SNMPv3 users. This
diff -urNp a/man/snmpusm.1.def b/man/snmpusm.1.def
--- a/man/snmpusm.1.def 2021-05-26 09:30:07.430790003 +0200
+++ b/man/snmpusm.1.def 2021-05-26 09:42:24.178253990 +0200
@@ -216,7 +216,7 @@ rwuser initial
# lets add the new user we'll create too:
rwuser wes
# USM configuration entries
-createUser initial MD5 setup_passphrase DES
+createUser initial MD5 setup_passphrase AES
.fi
.RE
.PP
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2021-05-26 09:30:07.369789468 +0200
+++ b/net-snmp-create-v3-user.in 2021-05-26 09:33:23.966511123 +0200
@@ -10,7 +10,7 @@ if @PSCMD@ | egrep ' snmpd *$' > /dev/nu
fi
Aalgorithm="MD5"
-Xalgorithm="DES"
+Xalgorithm="AES"
token=rwuser
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
@@ -57,11 +57,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128|AES192|AES256)
+ AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128|aes192|aes256)
+ aes|aes128|aes192|aes256)
Xalgorithm=$(echo "$1" | tr a-z A-Z)
shift
;;
@@ -90,7 +90,7 @@ if test "x$usage" = "xyes"; then
echo ""
echo "Usage:"
echo " net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]"
- echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x DES|AES] [username]"
+ echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x AES] [username]"
echo ""
exit
fi
diff -urNp a/README.snmpv3 b/README.snmpv3
--- a/README.snmpv3 2021-05-26 09:30:07.352789320 +0200
+++ b/README.snmpv3 2021-05-26 09:44:49.109551728 +0200
@@ -4,7 +4,7 @@ How to setup SNMPv3, a very brief docume
do a better job on since I suck at writing documentation and he
doesn't ;-) --Wes:
-Note: SHA authentication and DES/AES encryption support is only available
+Note: SHA authentication and AES encryption support is only available
if you have OpenSSL installed or if you've compiled using
--with-openssl=internal. If you use --with-openssl=internal please
read the documentation in snmplib/openssl/README for important details.
@@ -27,7 +27,7 @@ CREATING THE FIRST USER:
WARNING: SNMPv3 pass phrases must be at least 8 characters long!
The above line creates the user "myuser" with a password of
- "my_password" (and uses MD5 and DES for protection). (Note that
+ "my_password" (and uses MD5 and AES for protection). (Note that
encryption support isn't enabled in the binary releases downloadable
from the net-snmp web site.) net-snmp-config will also add a line
to your snmpd.conf file to let that user have read/write access to
@@ -44,7 +44,7 @@ CREATING THE FIRST USER:
[ this should return information about how long your agent has been up]
snmpget -v 3 -u myuser -l authPriv -a MD5 -A my_password
- -x DES -X my_password localhost sysUpTime.0
+ -x AES -X my_password localhost sysUpTime.0
[ this should return similar information, but encrypts the transmission ]
CREATING A SECOND USER:

120
SOURCES/net-snmp-5.9.4-kernel-6.7.patch
Unescape View File

@ -0,0 +1,120 @@
From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
From: Philippe Troin <phil+github-commits@fifi.org>
Date: Sat, 3 Feb 2024 10:30:30 -0800
Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
This breaks the hard-coded assumptions about the Ip line length.
Add compatibility to parse Linux 6.7 Ip header while keep support
for previous versions.
---
.../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++----
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
index 49e0a34d5c..f04e828a94 100644
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
}
/*
- /proc/net/snmp
+ /proc/net/snmp - Linux 6.6 and lower
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
Udp: InDatagrams NoPorts InErrors OutDatagrams
Udp: 1491094 122 0 1466178
+*
+ /proc/net/snmp - Linux 6.7 and higher
+
+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
+
+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
+
+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484
+
+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
+
+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ Udp: 2257832 1422 0 2252835 0 0 0 84 0
+
+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ UdpLite: 0 0 0 0 0 0 0 0 0
*/
@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
FILE *devin;
char line[1024];
netsnmp_systemstats_entry *entry = NULL;
- int scan_count;
+ int scan_count, expected_scan_count;
char *stats, *start = line;
int len;
- unsigned long long scan_vals[19];
+ unsigned long long scan_vals[20];
DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
load_flags));
@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
*/
NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
len = strlen(line);
- if (224 != len) {
+ switch (len) {
+ case 224:
+ expected_scan_count = 19;
+ break;
+ case 237:
+ expected_scan_count = 20;
+ break;
+ default:
fclose(devin);
snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
- " %d != 224\n", len);
+ " %d not in { 224, 237 } \n", len);
return -4;
}
@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
memset(scan_vals, 0x0, sizeof(scan_vals));
scan_count = sscanf(stats,
"%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
- "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
&scan_vals[0],&scan_vals[1],&scan_vals[2],
&scan_vals[3],&scan_vals[4],&scan_vals[5],
&scan_vals[6],&scan_vals[7],&scan_vals[8],
&scan_vals[9],&scan_vals[10],&scan_vals[11],
&scan_vals[12],&scan_vals[13],&scan_vals[14],
&scan_vals[15],&scan_vals[16],&scan_vals[17],
- &scan_vals[18]);
+ &scan_vals[18],&scan_vals[19]);
DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count));
- if(scan_count != 19) {
+ if(scan_count != expected_scan_count) {
snmp_log(LOG_ERR,
"error scanning systemstats data (expected %d, got %d)\n",
- 19, scan_count);
+ expected_scan_count, scan_count);
netsnmp_access_systemstats_entry_free(entry);
return -4;
}
@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
+ /* entry->stats. = scan_vals[19]; / * OutTransmits */
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;

43
SOURCES/net-snmp-5.9.4-remove-mail-sender.patch
Unescape View File

@ -0,0 +1,43 @@
diff -urNp a/local/checkbandwidth b/local/checkbandwidth
--- a/local/checkbandwidth 2024-06-21 21:17:01.675417287 +0200
+++ b/local/checkbandwidth 2024-06-21 21:19:40.107746544 +0200
@@ -326,7 +326,6 @@ See the Net-SNMP COPYING file for licens
use JSON;
use Data::Dumper;
-use Mail::Sender;
use SNMP;
use Fcntl ':flock';
@@ -744,19 +743,19 @@ sub send_rate_message($$$$$$) {
sub send_message($$$) {
my ($to, $subject, $text) = @_;
- my $sender = new Mail::Sender { smtp => $opts{'S'} ,
- port => $opts{'P'},
- from => $opts{'F'},
- };
-
- my $status =
- $sender->MailMsg({
- to => $to,
- subject => $subject,
- msg => $text
- });
+# my $sender = new Mail::Sender { smtp => $opts{'S'} ,
+# port => $opts{'P'},
+# from => $opts{'F'},
+# };
+
+ my $status = -1;
+# $sender->MailMsg({
+# to => $to,
+# subject => $subject,
+# msg => $text
+# });
if ($status < 0) {
- Log("Failed to send mail with error code $status: $Mail::Sender::Error");
+ Log("Failed to send mail with error code $status: Mail::Sender is not available");
}
}

29
SOURCES/net-snmp-5.9.4-test-fix.patch
Unescape View File

@ -0,0 +1,29 @@
diff -ruNp a/testing/fulltests/support/simple_eval_tools.sh b/testing/fulltests/support/simple_eval_tools.sh
--- a/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:36:03.641432345 +0100
+++ b/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:38:15.946855878 +0100
@@ -525,7 +525,6 @@ STARTPROG() {
if test -f $CFG_FILE; then
COMMAND="$COMMAND -C -c $CFG_FILE"
fi
- COMMAND="$COMMAND -f"
if [ "x$PORT_SPEC" != "x" ]; then
COMMAND="$COMMAND $PORT_SPEC"
fi
@@ -537,10 +536,13 @@ STARTPROG() {
OUTPUTENVVARS $LOG_FILE.command
echo $COMMAND >> $LOG_FILE.command
fi
- {
- { $COMMAND; } >$LOG_FILE.stdout 2>&1
- echo $? >$LOG_FILE.exitcode
- } &
+ if [ "x$OSTYPE" = "xmsys" ]; then
+ $COMMAND > $LOG_FILE.stdout 2>&1 &
+ ## COMMAND="cmd.exe //c start //min $COMMAND"
+ ## start $COMMAND > $LOG_FILE.stdout 2>&1
+ else
+ $COMMAND > $LOG_FILE.stdout 2>&1
+ fi
}
#------------------------------------ -o-

62
SOURCES/net-snmp-config
Unescape View File

@ -0,0 +1,62 @@
#!/bin/sh
#
# net-snmp-config
#
# this shell script is designed to merely dump the configuration
# information about how the net-snmp package was compiled. The
# information is particularily useful for applications that need to
# link against the net-snmp libraries and hence must know about any
# other libraries that must be linked in as well.
# this particular shell script calls arch specific script to avoid
# multilib conflicts
# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha sparc sparc64
arch=`arch`
echo $arch | grep -q i.86
if [ $? -eq 0 ] ; then
net-snmp-config-i386 "$@"
exit 0
fi
if [ "$arch" = "ia64" ] ; then
net-snmp-config-ia64 "$@"
exit 0
fi
if [ "$arch" = "ppc" ] ; then
net-snmp-config-ppc "$@"
exit 0
fi
if [ "$arch" = "ppc64" ] ; then
net-snmp-config-ppc64 "$@"
exit 0
fi
if [ "$arch" = "s390" ] ; then
net-snmp-config-s390 "$@"
exit 0
fi
if [ "$arch" = "s390x" ] ; then
net-snmp-config-s390x "$@"
exit 0
fi
if [ "$arch" = "x86_64" ] ; then
net-snmp-config-x86_64 "$@"
exit 0
fi
if [ "$arch" = "alpha" ] ; then
net-snmp-config-alpha "$@"
exit 0
fi
if [ "$arch" = "sparc" ] ; then
net-snmp-config-sparc "$@"
exit 0
fi
if [ "$arch" = "sparc64" ] ; then
net-snmp-config-sparc64 "$@"
exit 0
fi
if [ "$arch" = "aarch64" ] ; then
net-snmp-config-aarch64 "$@"
exit 0
fi
echo "Cannot determine architecture"

38
SOURCES/net-snmp-config.h
Unescape View File

@ -0,0 +1,38 @@
/* This file is here to prevent a file conflict on multiarch systems. A
* conflict will frequently occur because arch-specific build-time
* configuration options are stored (and used, so they can't just be stripped
* out) in net-snmp-config.h. The original net-snmp-config.h has been renamed.
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
#ifdef net_snmp_config_multilib_redirection_h
#error "Do not define net_snmp_config_multilib_redirection_h!"
#endif
#define net_snmp_config_multilib_redirection_h
#if defined(__i386__)
#include "net-snmp-config-i386.h"
#elif defined(__ia64__)
#include "net-snmp-config-ia64.h"
#elif defined(__powerpc64__)
#include "net-snmp-config-ppc64.h"
#elif defined(__powerpc__)
#include "net-snmp-config-ppc.h"
#elif defined(__s390x__)
#include "net-snmp-config-s390x.h"
#elif defined(__s390__)
#include "net-snmp-config-s390.h"
#elif defined(__x86_64__)
#include "net-snmp-config-x86_64.h"
#elif defined(__alpha__)
#include "net-snmp-config-alpha.h"
#elif defined(__sparc__) && defined (__arch64__)
#include "net-snmp-config-sparc64.h"
#elif defined(__sparc__)
#include "net-snmp-config-sparc.h"
#elif defined(__aarch64__)
#include "net-snmp-config-aarch64.h"
#else
#error "net-snmp-devel package does not work on your architecture"
#endif
#undef net_snmp_config_multilib_redirection_h

59
SOURCES/net-snmp-libs-misunderstanding.patch
Unescape View File

@ -0,0 +1,59 @@
Libs.private should contain a list of libraries the library that the package
exposes is linked too. So let's filter out unrelated link flags.
diff --git net-snmp-5.9.1/netsnmp.pc.in~ net-snmp-5.9.1/netsnmp.pc.in
index 0a1f5785a4..524ca91d82 100644
--- net-snmp-5.9.1/netsnmp.pc.in~
+++ net-snmp-5.9.1/netsnmp.pc.in
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lnetsnmp
-Libs.private: @LDFLAGS@ @LNETSNMPLIBS@ @LIBS@ @PERLLDOPTS_FOR_APPS@
+Libs.private: @LNETSNMPLIBS@ @LIBS@
diff --git net-snmp-5.9.1/netsnmp-agent.pc.in~ net-snmp-5.9.1/netsnmp-agent.pc.in
index 3a1c77bbf8..3d3b308d21 100644
--- net-snmp-5.9.1/netsnmp-agent.pc.in~
+++ net-snmp-5.9.1/netsnmp-agent.pc.in
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lnetsnmpmibs -lnetsnmpagent -lnetsnmp
-Libs.private: @LDFLAGS@ @LMIBLIBS@ @LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@ @LNETSNMPLIBS@ @LIBS@
+Libs.private: @LMIBLIBS@ @LAGENTLIBS@ @LNETSNMPLIBS@ @LIBS@
diff --git net-snmp-5.9.1/net-snmp-config.in~ net-snmp-5.9.1/net-snmp-config.in
index 6b5abf8f83..ee81ce98fa 100644
--- net-snmp-5.9.1/net-snmp-config.in~
+++ net-snmp-5.9.1/net-snmp-config.in
@@ -193,13 +193,13 @@ else
#################################################### client lib
--libs)
# use this one == --netsnmp-libs + --external-libs
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
+ echo $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
;;
--netsnmp-libs)
echo $NSC_LIBDIR $NSC_BASE_SNMP_LIBS
;;
--external-libs)
- echo $NSC_LDFLAGS $NSC_LNETSNMPLIBS $NSC_LIBS @PERLLDOPTS_FOR_APPS@
+ echo $NSC_LNETSNMPLIBS $NSC_LIBS
;;
#################################################### agent lib
--base-agent-libs)
@@ -210,13 +210,13 @@ else
;;
--agent-libs)
# use this one == --netsnmp-agent-libs + --external-libs
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
+ echo $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
;;
--netsnmp-agent-libs)
echo $NSC_LIBDIR $NSC_BASE_AGENT_LIBS
;;
--external-agent-libs)
- echo $NSC_LDFLAGS $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
+ echo $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
;;
####################################################
--version|--ver*)

1
SOURCES/net-snmp-tmpfs.conf
Unescape View File

@ -0,0 +1 @@
d /run/net-snmp 0755 root root

6
SOURCES/net-snmp-trapd.redhat.conf
Unescape View File

@ -0,0 +1,6 @@
# Example configuration file for snmptrapd
#
# No traps are handled by default, you must edit this file!
#
# authCommunity log,execute,net public
# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold

462
SOURCES/net-snmp.redhat.conf
Unescape View File

@ -0,0 +1,462 @@
###############################################################################
#
# snmpd.conf:
# An example configuration file for configuring the ucd-snmp snmpd agent.
#
###############################################################################
#
# This file is intended to only be as a starting point. Many more
# configuration directives exist than are mentioned in this file. For
# full details, see the snmpd.conf(5) manual page.
#
# All lines beginning with a '#' are comments and are intended for you
# to read. All other lines are configuration commands for the agent.
###############################################################################
# Access Control
###############################################################################
# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes. Examples are shown below about how to increase the
# level of access.
# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access to the mib tree as well.
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
####
# First, map the community name "public" into a "security name"
# sec.name source community
#com2sec notConfigUser default public
####
# Second, map the security name into a group name:
# groupName securityModel securityName
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights to:
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
####
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact systemview none none
# -----------------------------------------------------------------------------
# Here is a commented out example configuration that allows less
# restrictive access.
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
## sec.name source community
#com2sec local localhost COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY
## group.name sec.model sec.name
#group MyRWGroup any local
#group MyROGroup any mynetwork
#
#group MyRWGroup any otherv3user
#...
## incl/excl subtree mask
#view all included .1 80
## -or just the mib2 tree-
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
## context sec.model sec.level prefix read write notif
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all
###############################################################################
# Sample configuration to make net-snmpd RFC 1213.
# Unfortunately v1 and v2c don't allow any user based authentification, so
# opening up the default config is not an option from a security point.
#
# WARNING: If you uncomment the following lines you allow write access to your
# snmpd daemon from any source! To avoid this use different names for your
# community or split out the write access to a different community and
# restrict it to your local network.
# Also remember to comment the syslocation and syscontact parameters later as
# otherwise they are still read only (see FAQ for net-snmp).
#
# First, map the community name "public" into a "security name"
# sec.name source community
#com2sec notConfigUser default public
# Second, map the security name into a group name:
# groupName securityModel securityName
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
# Third, create a view for us to let the group have rights to:
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
# name incl/excl subtree mask(optional)
#view roview included .1
#view rwview included system.sysContact
#view rwview included system.sysName
#view rwview included system.sysLocation
#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus
#view rwview included at.atTable.atEntry.atPhysAddress
#view rwview included at.atTable.atEntry.atNetAddress
#view rwview included ip.ipForwarding
#view rwview included ip.ipDefaultTTL
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState
#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
#view rwview included snmp.snmpEnableAuthenTraps
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
#access notConfigGroup "" any noauth exact roview rwview none
###############################################################################
# System contact information
#
# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file:
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
# Example output of snmpwalk:
# % snmpwalk -v 1 localhost -c public system
# system.sysDescr.0 = "SunOS name sun4c"
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
# system.sysContact.0 = "Me <me@somewhere.org>"
# system.sysName.0 = "name"
# system.sysLocation.0 = "Right here, right now."
# system.sysServices.0 = 72
###############################################################################
# Logging
#
# We do not want annoying "Connection from UDP: " messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.
dontLogTCPWrappersConnects yes
# -----------------------------------------------------------------------------
###############################################################################
# Process checks.
#
# The following are examples of how to use the agent to check for
# processes running on the host. The syntax looks something like:
#
# proc NAME [MAX=0] [MIN=0]
#
# NAME: the name of the process to check for. It must match
# exactly (ie, http will not find httpd processes).
# MAX: the maximum number allowed to be running. Defaults to 0.
# MIN: the minimum number to be running. Defaults to 0.
#
# Examples (commented out by default):
#
# Make sure mountd is running
#proc mountd
# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
#proc ntalkd 4
# Make sure at least one sendmail, but less than or equal to 10 are running.
#proc sendmail 10 1
# A snmpwalk of the process mib tree would look something like this:
#
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
#
# Note that the errorFlag for mountd is set to 1 because one is not
# running (in this case an rpc.mountd is, but thats not good enough),
# and the ErrMessage tells you what's wrong. The configuration
# imposed in the snmpd.conf file is also shown.
#
# Special Case: When the min and max numbers are both 0, it assumes
# you want a max of infinity and a min of 1.
#
# -----------------------------------------------------------------------------
###############################################################################
# Executables/scripts
#
#
# You can also have programs run by the agent that return a single
# line of output and an exit code. Here are two examples.
#
# exec NAME PROGRAM [ARGS ...]
#
# NAME: A generic name. The name must be unique for each exec statement.
# PROGRAM: The program to run. Include the path!
# ARGS: optional arguments to be passed to the program
# a simple hello world
#exec echotest /bin/echo hello world
# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note: this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do. Uncomment to use it.
#
#exec shelltest /bin/sh /tmp/shtest
# Then,
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
# Note that the second line of the /tmp/shtest shell script is cut
# off. Also note that the exit status of 35 was returned.
# -----------------------------------------------------------------------------
###############################################################################
# disk checks
#
# The agent can check the amount of available disk space, and make
# sure it is above a set limit.
# disk PATH [MIN=100000]
#
# PATH: mount path to the disk in question.
# MIN: Disks with space below this value will have the Mib's errorFlag set.
# Default value = 100000.
# Check the / partition and make sure it contains at least 10 megs.
#disk / 10000
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
# -----------------------------------------------------------------------------
###############################################################################
# load average checks
#
# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
#
# 1MAX: If the 1 minute load average is above this limit at query
# time, the errorFlag will be set.
# 5MAX: Similar, but for 5 min average.
# 15MAX: Similar, but for 15 min average.
# Check for loads:
#load 12 14 14
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
# -----------------------------------------------------------------------------
###############################################################################
# Extensible sections.
#
# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:
# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note: this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do. Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = "shelltest"
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = "hello world."
# enterprises.ucdavis.50.101.2 = "hi there."
# enterprises.ucdavis.50.102.1 = 0
# Now the Output has grown to two lines, and we can see the 'hi
# there.' output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.
# Other ideas:
#
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
# -----------------------------------------------------------------------------
###############################################################################
# Pass through control.
#
# Usage:
# pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.
#
# Note: You'll have to change the path of the passtest script to your
# source directory or install it in the given location.
#
# Example: (see the script for details)
# (commented out here since it requires that you place the
# script in the right location. (its not installed by default))
# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
# enterprises.ucdavis.255.1 = "life the universe and everything"
# enterprises.ucdavis.255.2.1 = 42
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
# enterprises.ucdavis.255.5 = 42
# enterprises.ucdavis.255.6 = Gauge: 42
#
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
# enterprises.ucdavis.255.5 = 42
#
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
# enterprises.ucdavis.255.1 = "New string"
#
# For specific usage information, see the man/snmpd.conf.5 manual page
# as well as the local/passtest script used in the above example.
###############################################################################
# Further Information
#
# See the snmpd.conf manual page, and the output of "snmpd -H".

3
SOURCES/net-snmpd.sysconfig
Unescape View File

@ -0,0 +1,3 @@
# snmpd command line options
# '-f' is implicitly added by snmpd systemd unit file
# OPTIONS="-LS0-6d"

3
SOURCES/net-snmptrapd.sysconfig
Unescape View File

@ -0,0 +1,3 @@
# snmptrapd command line options
# '-f' is implicitly added by snmptrapd systemd unit file
# OPTIONS="-Lsd"

13
SOURCES/snmpd.service
Unescape View File

@ -0,0 +1,13 @@
[Unit]
Description=Simple Network Management Protocol (SNMP) Daemon.
After=syslog.target network-online.target
[Service]
Type=notify
Environment=OPTIONS="-LS0-6d"
EnvironmentFile=-/etc/sysconfig/snmpd
ExecStart=/usr/sbin/snmpd $OPTIONS -f
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

13
SOURCES/snmptrapd.service
Unescape View File

@ -0,0 +1,13 @@
[Unit]
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
After=syslog.target network-online.target
[Service]
Type=notify
Environment=OPTIONS="-Lsd"
EnvironmentFile=-/etc/sysconfig/snmptrapd
ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

2094
SPECS/net-snmp.spec
View File

File diff suppressed because it is too large Load Diff
Write Preview
Loading…
Cancel
Save