From patchwork Fri Feb 17 07:07:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 6545 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4PJ2v36RLNz3x1n for ; Fri, 17 Feb 2023 07:07:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4PJ2v2280LzRT; Fri, 17 Feb 2023 07:07:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4PJ2v202D4z2xxQ; Fri, 17 Feb 2023 07:07:26 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4PJ2v03gQdz2xbq for ; Fri, 17 Feb 2023 07:07:24 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4PJ2tz2rWfzRT; Fri, 17 Feb 2023 07:07:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1676617643; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=s8QbinLISpu2Walq16rE64D9Up9HolSkSbSwqr0o1eE=; b=Ulvut9v6Nwtr89RGz45jkPBqWY5xrm47mLfBdExJcqAB/TsxBEfINPS/LakLJawp8jTqc8 r/OQmtBjnj1AqCc/fODgzCRGKXl9cck+DXUwU384eRw0W2/msJPrSs1DJpIMCM6oBwTJsx iy9wF/Y8T5hn3DDd/zuO/4EFPj/UghJegkvWJZM2jlxJvbxaKJCayNE1rRV4k2tWFAq1jp piJXte80zmwrCzzW1oosnEqXozTz9rK+reqsBc2MtmFdQFfk6CGunGmKu6tsB7rRoDbq0Z MHdt2clRen9PdXmV70g+Ip5/asdj7yURT1qqIcsEYpnDcxRfCcOvfwkaIFwsjw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1676617643; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=s8QbinLISpu2Walq16rE64D9Up9HolSkSbSwqr0o1eE=; b=fH+d1l70XCKhqMPESebp7za9S7VnLHwUvDnjGvTiNOAmCsWIoPfquwRWDYwx+C1n5t1ON1 K2UVFE+FYHXgsdAg== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCHv2] net-snmp: Update to 5.9.3 Date: Fri, 17 Feb 2023 08:07:11 +0100 Message-Id: <20230217070711.162747-1-stefan.schantl@ipfire.org> In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" * Update patchset * Drop perl modules * Drop additional script which are related on the SNMP perl modules or depricated ones. Signed-off-by: Stefan Schantl --- net-snmp/net-snmp.nm | 44 +- .../patches/net-snmp-5.5-apsl-copying.patch | 354 ---- net-snmp/patches/net-snmp-5.5-dir-fix.patch | 14 - .../patches/net-snmp-5.5-perl-linking.patch | 16 - net-snmp/patches/net-snmp-5.6-multilib.patch | 45 - .../patches/net-snmp-5.6-test-debug.patch | 29 - net-snmp/patches/net-snmp-5.7.2-systemd.patch | 1650 ----------------- .../patches/net-snmp-5.7.3-iterator-fix.patch | 14 + .../net-snmp-5.8-Remove-U64-typedef.patch | 12 + ...et-snmp-5.8-clientaddr-error-message.patch | 35 + .../net-snmp-5.8-duplicate-ipAddress.patch | 11 + .../net-snmp-5.8-ipAddress-faster-load.patch | 82 + net-snmp/patches/net-snmp-5.8-man-page.patch | 36 + .../patches/net-snmp-5.9-aes-config.patch | 18 + .../patches/net-snmp-5.9-autofs-skip.patch | 12 + net-snmp/patches/net-snmp-5.9-coverity.patch | 22 + net-snmp/patches/net-snmp-5.9-dir-fix.patch | 30 + .../net-snmp-5.9-intermediate-certs.patch | 855 +++++++++ .../net-snmp-5.9-memory-reporting.patch | 28 + ...5.7.2-pie.patch => net-snmp-5.9-pie.patch} | 20 +- .../patches/net-snmp-5.9.1-autoconf.patch | 6 + 21 files changed, 1191 insertions(+), 2142 deletions(-) delete mode 100644 net-snmp/patches/net-snmp-5.5-apsl-copying.patch delete mode 100644 net-snmp/patches/net-snmp-5.5-dir-fix.patch delete mode 100644 net-snmp/patches/net-snmp-5.5-perl-linking.patch delete mode 100644 net-snmp/patches/net-snmp-5.6-multilib.patch delete mode 100644 net-snmp/patches/net-snmp-5.6-test-debug.patch delete mode 100644 net-snmp/patches/net-snmp-5.7.2-systemd.patch create mode 100644 net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch create mode 100644 net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch create mode 100644 net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch create mode 100644 net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch create mode 100644 net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch create mode 100644 net-snmp/patches/net-snmp-5.8-man-page.patch create mode 100644 net-snmp/patches/net-snmp-5.9-aes-config.patch create mode 100644 net-snmp/patches/net-snmp-5.9-autofs-skip.patch create mode 100644 net-snmp/patches/net-snmp-5.9-coverity.patch create mode 100644 net-snmp/patches/net-snmp-5.9-dir-fix.patch create mode 100644 net-snmp/patches/net-snmp-5.9-intermediate-certs.patch create mode 100644 net-snmp/patches/net-snmp-5.9-memory-reporting.patch rename net-snmp/patches/{net-snmp-5.7.2-pie.patch => net-snmp-5.9-pie.patch} (56%) create mode 100644 net-snmp/patches/net-snmp-5.9.1-autoconf.patch diff --git a/net-snmp/net-snmp.nm b/net-snmp/net-snmp.nm index 9e86e355d..ac5cb8fe7 100644 --- a/net-snmp/net-snmp.nm +++ b/net-snmp/net-snmp.nm @@ -4,7 +4,7 @@ ############################################################################### name = net-snmp -version = 5.7.3 +version = 5.9.3 release = 1 groups = Networking/Daemons @@ -29,16 +29,12 @@ build elfutils-devel lm-sensors-devel >= 3 openssl-devel - perl(ExtUtils::Embed) procps - python-setuptools - python-devel + python3-devel + python3-setuptools systemd-devel - systemd-units end - PARALLELISMFLAGS = # No parallel build - prepare_cmds autoreconf -vfi end @@ -64,25 +60,17 @@ build --enable-ucd-snmp-compatibility \ --with-openssl \ --with-pic \ - --enable-embedded-perl \ --enable-as-needed \ - --with-perl-modules="INSTALLDIRS=vendor" \ --enable-mfd-rewrites \ --enable-local-smux \ --with-temp-file-pattern=/var/run/net-snmp/snmp-tmp-XXXXXX \ --with-transports="DTLSUDP TLSTCP" \ --with-security-modules=tsm \ - --with-systemd - - build_cmds - # Remove rpath from compiled perl libs - find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \; - - # Compile python module - pushd python - %{python} setup.py --basedir=".." build - popd - end + --with-systemd \ + --with-default-snmp-version="3" \ + --without-perl-modules \ + --disable-embedded-perl \ + --with-python-modules install_cmds # Remove stuff we don't want to distribute. @@ -95,11 +83,6 @@ build # Copy missing mib2c.conf files. install -v -m 644 local/mib2c.*.conf %{BUILDROOT}%{datadir}/snmp - # Install python module. - pushd python - %{python} setup.py --basedir=".." install -O1 --skip-build --root %{BUILDROOT} - popd - # Make libs executable. find %{BUILDROOT} -name "*.so" | xargs chmod -v 755 @@ -113,6 +96,17 @@ build # Prepare runtime directories. mkdir -pv %{BUILDROOT}%{localstatedir}/{lib,run}/net-snmp + # Remove scripts in /bin which requires the SNMP + # perl bindings. + rm -rvf %{BUILDROOT}%{bindir}/net-snmp-cert + rm -rvf %{BUILDROOT}%{bindir}/tkmib + rm -rvf %{BUILDROOT}%{bindir}/mib2c + rm -rvf %{BUILDROOT}%{bindir}/snmp-bridge-mib + + # Remove checkbandwidth script + # This uses a deprecated perl module (Mail::Sender) + rm -rvf %{BUILDROOT}%{bindir}/checkbandwidth + # Remove more RPATHs. find %{BUILDROOT}%{bindir} -type f -print \ -exec chrpath --delete {} \; diff --git a/net-snmp/patches/net-snmp-5.5-apsl-copying.patch b/net-snmp/patches/net-snmp-5.5-apsl-copying.patch deleted file mode 100644 index 5ae7ca30c..000000000 --- a/net-snmp/patches/net-snmp-5.5-apsl-copying.patch +++ /dev/null @@ -1,354 +0,0 @@ -Add APSL 2.0 license to the COPYING file. - -There is only one file covered by this license: -net-snmp-5.5/agent/mibgroup/host/data_access/swrun_darwin.c - -This file is not used on Linux at all, it's only present in source -tarball and net-snmp.src.rpm. - -In addition, it's licensed under APSL 1.1, but it allows to relicense -the code to 'any subsequent version of this License published by Apple'. -According to http://fedoraproject.org/wiki/Licensing, APSL ver. 2.0 is -better for us. - -diff -up net-snmp-5.7.3/COPYING.skiFvk net-snmp-5.7.3/COPYING ---- net-snmp-5.7.3/COPYING.skiFvk 2015-02-17 13:33:15.963257594 +0100 -+++ net-snmp-5.7.3/COPYING 2015-02-17 13:33:37.931241818 +0100 -@@ -325,3 +325,337 @@ PROFITS; OR BUSINESS INTERRUPTION) HOWEV - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+---- Part 11: APPLE PUBLIC SOURCE LICENSE (APSL 2.0) ---- -+ -+Version 2.0 - August 6, 2003 -+ -+Please read this License carefully before downloading this software. By -+downloading or using this software, you are agreeing to be bound by the terms -+of this License. If you do not or cannot agree to the terms of this License, -+please do not download or use the software. -+ -+Apple Note: In January 2007, Apple changed its corporate name from "Apple -+Computer, Inc." to "Apple Inc." This change has been reflected below and -+copyright years updated, but no other changes have been made to the APSL 2.0. -+ -+1. General; Definitions. This License applies to any program or other -+work which Apple Inc. ("Apple") makes publicly available and which contains a -+notice placed by Apple identifying such program or work as "Original Code" and -+stating that it is subject to the terms of this Apple Public Source License -+version 2.0 ("License"). As used in this License: -+ -+1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is the -+grantor of rights, (i) claims of patents that are now or hereafter acquired, -+owned by or assigned to Apple and (ii) that cover subject matter contained in -+the Original Code, but only to the extent necessary to use, reproduce and/or -+distribute the Original Code without infringement; and (b) in the case where -+You are the grantor of rights, (i) claims of patents that are now or hereafter -+acquired, owned by or assigned to You and (ii) that cover subject matter in -+Your Modifications, taken alone or in combination with Original Code. -+ -+1.2 "Contributor" means any person or entity that creates or contributes to -+the creation of Modifications. -+ -+1.3 "Covered Code" means the Original Code, Modifications, the combination -+of Original Code and any Modifications, and/or any respective portions thereof. -+ -+1.4 "Externally Deploy" means: (a) to sublicense, distribute or otherwise -+make Covered Code available, directly or indirectly, to anyone other than You; -+and/or (b) to use Covered Code, alone or as part of a Larger Work, in any way -+to provide a service, including but not limited to delivery of content, through -+electronic communication with a client other than You. -+ -+1.5 "Larger Work" means a work which combines Covered Code or portions -+thereof with code not governed by the terms of this License. -+ -+1.6 "Modifications" mean any addition to, deletion from, and/or change to, -+the substance and/or structure of the Original Code, any previous -+Modifications, the combination of Original Code and any previous Modifications, -+and/or any respective portions thereof. When code is released as a series of -+files, a Modification is: (a) any addition to or deletion from the contents of -+a file containing Covered Code; and/or (b) any new file or other representation -+of computer program statements that contains any part of Covered Code. -+ -+1.7 "Original Code" means (a) the Source Code of a program or other work as -+originally made available by Apple under this License, including the Source -+Code of any updates or upgrades to such programs or works made available by -+Apple under this License, and that has been expressly identified by Apple as -+such in the header file(s) of such work; and (b) the object code compiled from -+such Source Code and originally made available by Apple under this License -+ -+1.8 "Source Code" means the human readable form of a program or other work -+that is suitable for making modifications to it, including all modules it -+contains, plus any associated interface definition files, scripts used to -+control compilation and installation of an executable (object code). -+ -+1.9 "You" or "Your" means an individual or a legal entity exercising rights -+under this License. For legal entities, "You" or "Your" includes any entity -+which controls, is controlled by, or is under common control with, You, where -+"control" means (a) the power, direct or indirect, to cause the direction or -+management of such entity, whether by contract or otherwise, or (b) ownership -+of fifty percent (50%) or more of the outstanding shares or beneficial -+ownership of such entity. -+ -+2. Permitted Uses; Conditions & Restrictions. Subject to the terms and -+conditions of this License, Apple hereby grants You, effective on the date You -+accept this License and download the Original Code, a world-wide, royalty-free, -+non-exclusive license, to the extent of Apple's Applicable Patent Rights and -+copyrights covering the Original Code, to do the following: -+ -+2.1 Unmodified Code. You may use, reproduce, display, perform, internally -+distribute within Your organization, and Externally Deploy verbatim, unmodified -+copies of the Original Code, for commercial or non-commercial purposes, -+provided that in each instance: -+ -+(a) You must retain and reproduce in all copies of Original Code the -+copyright and other proprietary notices and disclaimers of Apple as they appear -+in the Original Code, and keep intact all notices in the Original Code that -+refer to this License; and -+ -+(b) You must include a copy of this License with every copy of Source Code -+of Covered Code and documentation You distribute or Externally Deploy, and You -+may not offer or impose any terms on such Source Code that alter or restrict -+this License or the recipients' rights hereunder, except as permitted under -+Section 6. -+ -+2.2 Modified Code. You may modify Covered Code and use, reproduce, -+display, perform, internally distribute within Your organization, and -+Externally Deploy Your Modifications and Covered Code, for commercial or -+non-commercial purposes, provided that in each instance You also meet all of -+these conditions: -+ -+(a) You must satisfy all the conditions of Section 2.1 with respect to the -+Source Code of the Covered Code; -+ -+(b) You must duplicate, to the extent it does not already exist, the notice -+in Exhibit A in each file of the Source Code of all Your Modifications, and -+cause the modified files to carry prominent notices stating that You changed -+the files and the date of any change; and -+ -+(c) If You Externally Deploy Your Modifications, You must make Source Code -+of all Your Externally Deployed Modifications either available to those to whom -+You have Externally Deployed Your Modifications, or publicly available. Source -+Code of Your Externally Deployed Modifications must be released under the terms -+set forth in this License, including the license grants set forth in Section 3 -+below, for as long as you Externally Deploy the Covered Code or twelve (12) -+months from the date of initial External Deployment, whichever is longer. You -+should preferably distribute the Source Code of Your Externally Deployed -+Modifications electronically (e.g. download from a web site). -+ -+2.3 Distribution of Executable Versions. In addition, if You Externally -+Deploy Covered Code (Original Code and/or Modifications) in object code, -+executable form only, You must include a prominent notice, in the code itself -+as well as in related documentation, stating that Source Code of the Covered -+Code is available under the terms of this License with information on how and -+where to obtain such Source Code. -+ -+2.4 Third Party Rights. You expressly acknowledge and agree that although -+Apple and each Contributor grants the licenses to their respective portions of -+the Covered Code set forth herein, no assurances are provided by Apple or any -+Contributor that the Covered Code does not infringe the patent or other -+intellectual property rights of any other entity. Apple and each Contributor -+disclaim any liability to You for claims brought by any other entity based on -+infringement of intellectual property rights or otherwise. As a condition to -+exercising the rights and licenses granted hereunder, You hereby assume sole -+responsibility to secure any other intellectual property rights needed, if any. -+For example, if a third party patent license is required to allow You to -+distribute the Covered Code, it is Your responsibility to acquire that license -+before distributing the Covered Code. -+ -+3. Your Grants. In consideration of, and as a condition to, the licenses -+granted to You under this License, You hereby grant to any person or entity -+receiving or distributing Covered Code under this License a non-exclusive, -+royalty-free, perpetual, irrevocable license, under Your Applicable Patent -+Rights and other intellectual property rights (other than patent) owned or -+controlled by You, to use, reproduce, display, perform, modify, sublicense, -+distribute and Externally Deploy Your Modifications of the same scope and -+extent as Apple's licenses under Sections 2.1 and 2.2 above. -+ -+4. Larger Works. You may create a Larger Work by combining Covered Code -+with other code not governed by the terms of this License and distribute the -+Larger Work as a single product. In each such instance, You must make sure the -+requirements of this License are fulfilled for the Covered Code or any portion -+thereof. -+ -+5. Limitations on Patent License. Except as expressly stated in Section -+2, no other patent rights, express or implied, are granted by Apple herein. -+Modifications and/or Larger Works may require additional patent licenses from -+Apple which Apple may grant in its sole discretion. -+ -+6. Additional Terms. You may choose to offer, and to charge a fee for, -+warranty, support, indemnity or liability obligations and/or other rights -+consistent with the scope of the license granted herein ("Additional Terms") to -+one or more recipients of Covered Code. However, You may do so only on Your own -+behalf and as Your sole responsibility, and not on behalf of Apple or any -+Contributor. You must obtain the recipient's agreement that any such Additional -+Terms are offered by You alone, and You hereby agree to indemnify, defend and -+hold Apple and every Contributor harmless for any liability incurred by or -+claims asserted against Apple or such Contributor by reason of any such -+Additional Terms. -+ -+7. Versions of the License. Apple may publish revised and/or new versions -+of this License from time to time. Each version will be given a distinguishing -+version number. Once Original Code has been published under a particular -+version of this License, You may continue to use it under the terms of that -+version. You may also choose to use such Original Code under the terms of any -+subsequent version of this License published by Apple. No one other than Apple -+has the right to modify the terms applicable to Covered Code created under this -+License. -+ -+8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in -+part pre-release, untested, or not fully tested works. The Covered Code may -+contain errors that could cause failures or loss of data, and may be incomplete -+or contain inaccuracies. You expressly acknowledge and agree that use of the -+Covered Code, or any portion thereof, is at Your sole and entire risk. THE -+COVERED CODE IS PROVIDED "AS IS" AND WITHOUT WARRANTY, UPGRADES OR SUPPORT OF -+ANY KIND AND APPLE AND APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" -+FOR THE PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM -+ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT -+LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, OF -+SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF ACCURACY, OF -+QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. APPLE AND EACH -+CONTRIBUTOR DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE -+COVERED CODE, THAT THE FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR -+REQUIREMENTS, THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR -+ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO ORAL OR -+WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE AUTHORIZED -+REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY. You acknowledge -+that the Covered Code is not intended for use in the operation of nuclear -+facilities, aircraft navigation, communication systems, or air traffic control -+machines in which case the failure of the Covered Code could lead to death, -+personal injury, or severe physical or environmental damage. -+ -+9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO -+EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL, SPECIAL, -+INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO THIS LICENSE OR -+YOUR USE OR INABILITY TO USE THE COVERED CODE, OR ANY PORTION THEREOF, WHETHER -+UNDER A THEORY OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCTS -+LIABILITY OR OTHERWISE, EVEN IF APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF -+THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL -+PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF -+LIABILITY OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT -+APPLY TO YOU. In no event shall Apple's total liability to You for all damages -+(other than as may be required by applicable law) under this License exceed the -+amount of fifty dollars ($50.00). -+ -+10. Trademarks. This License does not grant any rights to use the -+trademarks or trade names "Apple", "Mac", "Mac OS", "QuickTime", "QuickTime -+Streaming Server" or any other trademarks, service marks, logos or trade names -+belonging to Apple (collectively "Apple Marks") or to any trademark, service -+mark, logo or trade name belonging to any Contributor. You agree not to use -+any Apple Marks in or as part of the name of products derived from the Original -+Code or to endorse or promote products derived from the Original Code other -+than as expressly permitted by and in strict compliance at all times with -+Apple's third party trademark usage guidelines which are posted at -+http://www.apple.com/legal/guidelinesfor3rdparties.html. -+ -+11. Ownership. Subject to the licenses granted under this License, each -+Contributor retains all rights, title and interest in and to any Modifications -+made by such Contributor. Apple retains all rights, title and interest in and -+to the Original Code and any Modifications made by or on behalf of Apple -+("Apple Modifications"), and such Apple Modifications will not be automatically -+subject to this License. Apple may, at its sole discretion, choose to license -+such Apple Modifications under this License, or on different terms from those -+contained in this License or may choose not to license them at all. -+ -+12. Termination. -+ -+12.1 Termination. This License and the rights granted hereunder will -+terminate: -+ -+(a) automatically without notice from Apple if You fail to comply with any -+term(s) of this License and fail to cure such breach within 30 days of becoming -+aware of such breach; (b) immediately in the event of the circumstances -+described in Section 13.5(b); or (c) automatically without notice from Apple -+if You, at any time during the term of this License, commence an action for -+patent infringement against Apple; provided that Apple did not first commence -+an action for patent infringement against You in that instance. -+ -+12.2 Effect of Termination. Upon termination, You agree to immediately stop -+any further use, reproduction, modification, sublicensing and distribution of -+the Covered Code. All sublicenses to the Covered Code which have been properly -+granted prior to termination shall survive any termination of this License. -+Provisions which, by their nature, should remain in effect beyond the -+termination of this License shall survive, including but not limited to -+Sections 3, 5, 8, 9, 10, 11, 12.2 and 13. No party will be liable to any other -+for compensation, indemnity or damages of any sort solely as a result of -+terminating this License in accordance with its terms, and termination of this -+License will be without prejudice to any other right or remedy of any party. -+ -+13. Miscellaneous. -+ -+13.1 Government End Users. The Covered Code is a "commercial item" as -+defined in FAR 2.101. Government software and technical data rights in the -+Covered Code include only those rights customarily provided to the public as -+defined in this License. This customary commercial license in technical data -+and software is provided in accordance with FAR 12.211 (Technical Data) and -+12.212 (Computer Software) and, for Department of Defense purchases, DFAR -+252.227-7015 (Technical Data -- Commercial Items) and 227.7202-3 (Rights in -+Commercial Computer Software or Computer Software Documentation). Accordingly, -+all U.S. Government End Users acquire Covered Code with only those rights set -+forth herein. -+ -+13.2 Relationship of Parties. This License will not be construed as -+creating an agency, partnership, joint venture or any other form of legal -+association between or among You, Apple or any Contributor, and You will not -+represent to the contrary, whether expressly, by implication, appearance or -+otherwise. -+ -+13.3 Independent Development. Nothing in this License will impair Apple's -+right to acquire, license, develop, have others develop for it, market and/or -+distribute technology or products that perform the same or similar functions -+as, or otherwise compete with, Modifications, Larger Works, technology or -+products that You may develop, produce, market or distribute. -+ -+13.4 Waiver; Construction. Failure by Apple or any Contributor to enforce -+any provision of this License will not be deemed a waiver of future enforcement -+of that or any other provision. Any law or regulation which provides that the -+language of a contract shall be construed against the drafter will not apply to -+this License. -+ -+13.5 Severability. (a) If for any reason a court of competent jurisdiction -+finds any provision of this License, or portion thereof, to be unenforceable, -+that provision of the License will be enforced to the maximum extent -+permissible so as to effect the economic benefits and intent of the parties, -+and the remainder of this License will continue in full force and effect. (b) -+Notwithstanding the foregoing, if applicable law prohibits or restricts You -+from fully and/or specifically complying with Sections 2 and/or 3 or prevents -+the enforceability of either of those Sections, this License will immediately -+terminate and You must immediately discontinue any use of the Covered Code and -+destroy all copies of it that are in your possession or control. -+ -+13.6 Dispute Resolution. Any litigation or other dispute resolution between -+You and Apple relating to this License shall take place in the Northern -+District of California, and You and Apple hereby consent to the personal -+jurisdiction of, and venue in, the state and federal courts within that -+District with respect to this License. The application of the United Nations -+Convention on Contracts for the International Sale of Goods is expressly -+excluded. -+ -+13.7 Entire Agreement; Governing Law. This License constitutes the entire -+agreement between the parties with respect to the subject matter hereof. This -+License shall be governed by the laws of the United States and the State of -+California, except that body of California law concerning conflicts of law. -+ -+Where You are located in the province of Quebec, Canada, the following clause -+applies: The parties hereby confirm that they have requested that this License -+and all related documents be drafted in English. Les parties ont exige que le -+present contrat et tous les documents connexes soient rediges en anglais. -+ -+EXHIBIT A. -+ -+"Portions Copyright (c) 1999-2007 Apple Inc. All Rights Reserved. -+ -+This file contains Original Code and/or Modifications of Original Code as -+defined in and that are subject to the Apple Public Source License Version 2.0 -+(the 'License'). You may not use this file except in compliance with the -+License. Please obtain a copy of the License at -+http://www.opensource.apple.com/apsl/ and read it before using this file. -+ -+The Original Code and all software distributed under the License are -+distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS -+OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT -+LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR -+PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the -+specific language governing rights and limitations under the License." diff --git a/net-snmp/patches/net-snmp-5.5-dir-fix.patch b/net-snmp/patches/net-snmp-5.5-dir-fix.patch deleted file mode 100644 index b726c4713..000000000 --- a/net-snmp/patches/net-snmp-5.5-dir-fix.patch +++ /dev/null @@ -1,14 +0,0 @@ -Let net-snmp-create-v3-user save settings into /etc/ instead of /usr/ - -diff -up net-snmp-5.5/net-snmp-create-v3-user.in.orig net-snmp-5.5/net-snmp-create-v3-user.in ---- net-snmp-5.5/net-snmp-create-v3-user.in.orig 2008-07-22 16:33:25.000000000 +0200 -+++ net-snmp-5.5/net-snmp-create-v3-user.in 2009-09-29 16:30:36.000000000 +0200 -@@ -158,7 +158,7 @@ if test ! -d $outfile ; then - touch $outfile - fi - echo $line >> $outfile --outfile="@datadir@/snmp/snmpd.conf" -+outfile="/etc/snmp/snmpd.conf" - line="$token $user" - echo "adding the following line to $outfile:" - echo " " $line diff --git a/net-snmp/patches/net-snmp-5.5-perl-linking.patch b/net-snmp/patches/net-snmp-5.5-perl-linking.patch deleted file mode 100644 index ceb63630a..000000000 --- a/net-snmp/patches/net-snmp-5.5-perl-linking.patch +++ /dev/null @@ -1,16 +0,0 @@ -554747 - net-snmp-config should not contain perl options - -Remove rpath from net-snmp-config --agent-libs output. - -diff -up net-snmp-5.7/net-snmp-config.in.perl-linking net-snmp-5.7/net-snmp-config.in ---- net-snmp-5.7/net-snmp-config.in.perl-linking 2011-07-02 00:35:46.000000000 +0200 -+++ net-snmp-5.7/net-snmp-config.in 2011-07-07 13:30:01.635798817 +0200 -@@ -50,7 +50,7 @@ NSC_LDFLAGS="@LDFLAGS@" - - NSC_LIBS="@LIBS@" - NSC_LNETSNMPLIBS="@LNETSNMPLIBS@" --NSC_LAGENTLIBS="@LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@" -+NSC_LAGENTLIBS="@LAGENTLIBS@" - NSC_LMIBLIBS="@LMIBLIBS@" - - NSC_INCLUDEDIR=${includedir} diff --git a/net-snmp/patches/net-snmp-5.6-multilib.patch b/net-snmp/patches/net-snmp-5.6-multilib.patch deleted file mode 100644 index 9c12385a1..000000000 --- a/net-snmp/patches/net-snmp-5.6-multilib.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up net-snmp-5.7.3/man/netsnmp_config_api.3.def.oSBcEB net-snmp-5.7.3/man/netsnmp_config_api.3.def ---- net-snmp-5.7.3/man/netsnmp_config_api.3.def.oSBcEB 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/man/netsnmp_config_api.3.def 2015-02-17 13:32:38.903284207 +0100 -@@ -295,7 +295,7 @@ for one particular machine. - .PP - The default list of directories to search is \fC SYSCONFDIR/snmp\fP, - followed by \fC DATADIR/snmp\fP, --followed by \fC LIBDIR/snmp\fP, -+followed by \fC /usr/lib(64)/snmp\fP, - followed by \fC $HOME/.snmp\fP. - This list can be changed by setting the environmental variable - .I SNMPCONFPATH -@@ -365,7 +365,7 @@ function that it should abort the operat - SNMPCONFPATH - A colon separated list of directories to search for configuration - files in. --Default: SYSCONFDIR/snmp:DATADIR/snmp:LIBDIR/snmp:$HOME/.snmp -+Default: SYSCONFDIR/snmp:DATADIR/snmp:/usr/lib(64)/snmp:$HOME/.snmp - .SH "SEE ALSO" - netsnmp_mib_api(3), snmp_api(3) - .\" Local Variables: -diff -up net-snmp-5.7.3/man/snmp_config.5.def.oSBcEB net-snmp-5.7.3/man/snmp_config.5.def ---- net-snmp-5.7.3/man/snmp_config.5.def.oSBcEB 2015-02-17 13:32:04.251309092 +0100 -+++ net-snmp-5.7.3/man/snmp_config.5.def 2015-02-17 13:33:09.217262438 +0100 -@@ -10,7 +10,7 @@ First off, there are numerous places tha - found and read from. By default, the applications look for - configuration files in the following 4 directories, in order: - SYSCONFDIR/snmp, --DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these -+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these - directories, it looks for files snmp.conf, snmpd.conf and/or - snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf - and/or snmptrapd.local.conf. *.local.conf are always -diff -up net-snmp-5.7.3/man/snmpd.conf.5.def.oSBcEB net-snmp-5.7.3/man/snmpd.conf.5.def ---- net-snmp-5.7.3/man/snmpd.conf.5.def.oSBcEB 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/man/snmpd.conf.5.def 2015-02-17 13:32:04.251309092 +0100 -@@ -1502,7 +1502,7 @@ filename), and call the initialisation r - .RS - .IP "Note:" - If the specified PATH is not a fully qualified filename, it will --be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR -+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR - will be appended to the filename. - .RE - .PP diff --git a/net-snmp/patches/net-snmp-5.6-test-debug.patch b/net-snmp/patches/net-snmp-5.6-test-debug.patch deleted file mode 100644 index 4ae97fbee..000000000 --- a/net-snmp/patches/net-snmp-5.6-test-debug.patch +++ /dev/null @@ -1,29 +0,0 @@ -Don't check tests which depend on DNS - it's disabled in Koji - -diff -up net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple ---- net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug 2012-10-10 00:28:58.000000000 +0200 -+++ net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple 2012-10-18 10:16:39.276416510 +0200 -@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25 - SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies - SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies - -+FINISHED -+ -+# don't test the later, it depends on DNS, which is not available in Koji -+ - CHECKAGENT '<"c408a"' - if [ "$snmp_last_test_result" -eq 0 ] ; then - CHECKAGENT 'line 32: Error:' -diff -up net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple ---- net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug 2012-10-10 00:28:58.000000000 +0200 -+++ net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple 2012-10-18 10:16:39.276416510 +0200 -@@ -132,6 +132,9 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff - SAVECHECKAGENT 'line 27: Error:' - SAVECHECKAGENT 'line 28: Error:' - -+FINISHED -+ -+# don't test the later, it depends on DNS, which is not available in Koji - # 608 - CHECKAGENT '<"c608a"' - if [ "$snmp_last_test_result" -eq 0 ] ; then diff --git a/net-snmp/patches/net-snmp-5.7.2-systemd.patch b/net-snmp/patches/net-snmp-5.7.2-systemd.patch deleted file mode 100644 index 4c89d608e..000000000 --- a/net-snmp/patches/net-snmp-5.7.2-systemd.patch +++ /dev/null @@ -1,1650 +0,0 @@ -718183 - Provide native systemd unit file - -Gathered from following upstream git commits and backported to 5.7. - -commit 19499c3c90bf9d7b2b9e5d08baa26cc6bba28a11 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - CHANGES: snmpd: integrated with systemd, see README.systemd for details. - - It brings sd-daemon.c and .h directly downloaded from systemd. I've made very - few changes to it to match our NETSNMP_NO_SYSTEMD and include paths. - -commit fef6cddfdb94da1a6b1fb768af62918b80f11fd3 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - CHANGES: snmptrapd: integrate systemd notification support. - -commit 0641e43c694c485cbbffef0556efc4641bd3ff50 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - Add sd_find_inet_socket() and sd_find_inet_unisx() helpers into - system-specific code. This will help us to find various sockets - created by systemd much easier. - -commit 76530a89f1c8bbd0b63acce63e10d5d4812a1a16 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - Check sockets created by systemd when opening new server sockets. - - systemd can pass sockets to our daemons during startup using LISTEN_FDS - environment variable. So check this variable when opening new listening - socket - maybe system has already opened the socket for us. - -commit bf108d7f1354f6276fc43c129963f2c49b9fc242 -Author: Jan Safranek -Date: Mon Aug 8 15:48:54 2011 +0200 - - Added sample systemd service files. - -commit 884ec488a6596380ba283d707827dd926a52e0b2 -Author: Jan Safranek -Date: Mon Aug 8 15:48:55 2011 +0200 - - Run autoheader+autoconf. - -commit 86132e3f1e6ef7b4e0b96d8fa24e37c81b71b0e0 -Author: Jan Safranek -Date: Tue Aug 9 10:53:43 2011 +0200 - - Update systemd documentation and samples. - - - add socket unit for snmpd to paralelize boot - - update WantedBy in socket units as recommended by http://0pointer.de/blog/projects/socket-activation.html - - rephrase README.systemd - -diff -up net-snmp-5.7.3/agent/snmpd.c.MPGqYh net-snmp-5.7.3/agent/snmpd.c ---- net-snmp-5.7.3/agent/snmpd.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/agent/snmpd.c 2015-02-17 13:34:05.736221851 +0100 -@@ -164,6 +164,10 @@ typedef long fd_mask; - - #endif - -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - netsnmp_feature_want(logging_file) - netsnmp_feature_want(logging_stdio) - netsnmp_feature_want(logging_syslog) -@@ -443,18 +447,26 @@ main(int argc, char *argv[]) - int agent_mode = -1; - char *pid_file = NULL; - char option_compatability[] = "-Le"; -+ int prepared_sockets = 0; - #if HAVE_GETPID - int fd; - FILE *PID; - #endif - - #ifndef WIN32 -+#ifndef NETSNMP_NO_SYSYSTEMD -+ /* check if systemd has sockets for us and don't close them */ -+ prepared_sockets = netsnmp_sd_listen_fds(0); -+#endif /* NETSNMP_NO_SYSYSTEMD */ -+ - /* - * close all non-standard file descriptors we may have - * inherited from the shell. - */ -- for (i = getdtablesize() - 1; i > 2; --i) { -- (void) close(i); -+ if (!prepared_sockets) { -+ for (i = getdtablesize() - 1; i > 2; --i) { -+ (void) close(i); -+ } - } - #endif /* #WIN32 */ - -@@ -1107,6 +1119,19 @@ main(int argc, char *argv[]) - netsnmp_addrcache_initialise(); - - /* -+ * Let systemd know we're up. -+ */ -+#ifndef NETSNMP_NO_SYSTEMD -+ netsnmp_sd_notify(1, "READY=1\n"); -+ if (prepared_sockets) -+ /* -+ * Clear the environment variable, we already processed all the sockets -+ * by now. -+ */ -+ netsnmp_sd_listen_fds(1); -+#endif -+ -+ /* - * Forever monitor the dest_port for incoming PDUs. - */ - DEBUGMSGTL(("snmpd/main", "We're up. Starting to process data.\n")); -diff -up net-snmp-5.7.3/apps/snmptrapd.c.MPGqYh net-snmp-5.7.3/apps/snmptrapd.c ---- net-snmp-5.7.3/apps/snmptrapd.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/apps/snmptrapd.c 2015-02-17 13:34:05.736221851 +0100 -@@ -125,6 +125,10 @@ SOFTWARE. - - #include - -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - #ifndef BSD4_3 - #define BSD4_2 - #endif -@@ -657,15 +661,22 @@ main(int argc, char *argv[]) - int agentx_subagent = 1; - #endif - netsnmp_trapd_handler *traph; -+ int prepared_sockets = 0; - - - #ifndef WIN32 -+#ifndef NETSNMP_NO_SYSTEMD -+ /* check if systemd has sockets for us and don't close them */ -+ prepared_sockets = netsnmp_sd_listen_fds(0); -+#endif - /* - * close all non-standard file descriptors we may have - * inherited from the shell. - */ -- for (i = getdtablesize() - 1; i > 2; --i) { -- (void) close(i); -+ if (!prepared_sockets) { -+ for (i = getdtablesize() - 1; i > 2; --i) { -+ (void) close(i); -+ } - } - #endif /* #WIN32 */ - -@@ -1318,6 +1329,19 @@ main(int argc, char *argv[]) - #endif - #endif - -+ /* -+ * Let systemd know we're up. -+ */ -+#ifndef NETSNMP_NO_SYSTEMD -+ netsnmp_sd_notify(1, "READY=1\n"); -+ if (prepared_sockets) -+ /* -+ * Clear the environment variable, we already processed all the sockets -+ * by now. -+ */ -+ netsnmp_sd_listen_fds(1); -+#endif -+ - #ifdef WIN32SERVICE - trapd_status = SNMPTRAPD_RUNNING; - #endif -diff -up net-snmp-5.7.3/configure.d/config_modules_lib.MPGqYh net-snmp-5.7.3/configure.d/config_modules_lib ---- net-snmp-5.7.3/configure.d/config_modules_lib.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/configure.d/config_modules_lib 2015-02-17 13:34:05.737221850 +0100 -@@ -53,6 +53,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32" - other_ftobjs_list="$other_ftobjs_list winpipe.ft" - fi - -+# Linux systemd -+if test "x$with_systemd" == "xyes"; then -+ other_src_list="$other_src_list sd-daemon.c" -+ other_objs_list="$other_objs_list sd-daemon.o" -+ other_lobjs_list="$other_lobjs_list sd-daemon.lo" -+ other_ftobjs_list="$other_ftobjs_list sd-daemon.ft" -+fi -+ - AC_SUBST(other_src_list) - AC_SUBST(other_objs_list) - AC_SUBST(other_lobjs_list) -diff -up net-snmp-5.7.3/configure.d/config_project_with_enable.MPGqYh net-snmp-5.7.3/configure.d/config_project_with_enable ---- net-snmp-5.7.3/configure.d/config_project_with_enable.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/configure.d/config_project_with_enable 2015-02-17 13:34:05.737221850 +0100 -@@ -690,6 +690,15 @@ if test "x$with_dummy_values" != "xyes"; - data for]) - fi - -+NETSNMP_ARG_WITH(systemd, -+[ --with-systemd Provide systemd support. See README.systemd -+ for details.]) -+# Define unless specifically suppressed (i.e., option defaults to false). -+if test "x$with_systemd" != "xyes"; then -+ AC_DEFINE(NETSNMP_NO_SYSTEMD, 1, -+ [If you don't want to integrate with systemd.]) -+fi -+ - NETSNMP_ARG_ENABLE(set-support, - [ --disable-set-support Do not allow SNMP set requests.]) - if test "x$enable_set_support" = "xno"; then -diff -up net-snmp-5.7.3/configure.MPGqYh net-snmp-5.7.3/configure ---- net-snmp-5.7.3/configure.MPGqYh 2014-12-08 21:23:37.000000000 +0100 -+++ net-snmp-5.7.3/configure 2015-02-17 13:34:05.744221845 +0100 -@@ -951,6 +951,8 @@ with_kmem_usage - enable_kmem_usage - with_dummy_values - enable_dummy_values -+with_systemd -+enable_systemd - enable_set_support - with_set_support - with_sys_contact -@@ -1867,6 +1869,8 @@ Configuring the agent: - This is technically not compliant with the - SNMP specifications, but was how the agent - operated for versions < 4.0. -+ --with-systemd Provide systemd support. See README.systemd -+ for details. - --with-sys-contact="who@where" Default system contact. - (Default: LOGIN@DOMAINNAME) - --with-sys-location="location" Default system location. -@@ -4398,6 +4402,24 @@ $as_echo "#define NETSNMP_NO_DUMMY_VALUE - - fi - -+ -+# Check whether --with-systemd was given. -+if test "${with_systemd+set}" = set; then : -+ withval=$with_systemd; -+fi -+ -+ # Check whether --enable-systemd was given. -+if test "${enable_systemd+set}" = set; then : -+ enableval=$enable_systemd; as_fn_error $? "Invalid option. Use --with-systemd/--without-systemd instead" "$LINENO" 5 -+fi -+ -+# Define unless specifically suppressed (i.e., option defaults to false). -+if test "x$with_systemd" != "xyes"; then -+ -+$as_echo "#define NETSNMP_NO_SYSTEMD 1" >>confdefs.h -+ -+fi -+ - # Check whether --enable-set-support was given. - if test "${enable_set_support+set}" = set; then : - enableval=$enable_set_support; -@@ -18639,6 +18661,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32" - other_ftobjs_list="$other_ftobjs_list winpipe.ft" - fi - -+# Linux systemd -+if test "x$with_systemd" == "xyes"; then -+ other_src_list="$other_src_list sd-daemon.c" -+ other_objs_list="$other_objs_list sd-daemon.o" -+ other_lobjs_list="$other_lobjs_list sd-daemon.lo" -+ other_ftobjs_list="$other_ftobjs_list sd-daemon.ft" -+fi -+ - - - -diff -up net-snmp-5.7.3/dist/snmpd.service.MPGqYh net-snmp-5.7.3/dist/snmpd.service ---- net-snmp-5.7.3/dist/snmpd.service.MPGqYh 2015-02-17 13:34:05.745221844 +0100 -+++ net-snmp-5.7.3/dist/snmpd.service 2015-02-17 13:34:05.745221844 +0100 -@@ -0,0 +1,18 @@ -+# -+# SNMP agent service file for systemd -+# -+# -+# The service should be enabled, i.e. snmpd should start during machine boot. -+# Socket activation shall not be used. See README.systemd for details. -+ -+[Unit] -+Description=Simple Network Management Protocol (SNMP) daemon. -+After=syslog.target network.target -+ -+[Service] -+# Type=notify is also supported. It should be set when snmpd.socket is not used. -+Type=simple -+ExecStart=/usr/sbin/snmpd -f -+ -+[Install] -+WantedBy=multi-user.target -diff -up net-snmp-5.7.3/dist/snmpd.socket.MPGqYh net-snmp-5.7.3/dist/snmpd.socket ---- net-snmp-5.7.3/dist/snmpd.socket.MPGqYh 2015-02-17 13:34:05.745221844 +0100 -+++ net-snmp-5.7.3/dist/snmpd.socket 2015-02-17 13:34:05.745221844 +0100 -@@ -0,0 +1,17 @@ -+[Unit] -+Description=Socket listening for SNMP and AgentX messages -+ -+[Socket] -+ListenDatagram=0.0.0.0:161 -+# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. -+# It must match listening addresses/ports defined in snmpd.service -+# or snmpd.conf. -+# ListenStream=0.0.0.0:161 -+# ListenDatagram=[::]:161 -+# ListenStream=[::]:161 -+# -+# Uncomment AgentX socket if snmpd.conf enables AgentX protocol. -+# ListenStream=/var/agentx/master -+ -+[Install] -+WantedBy=sockets.target -diff -up net-snmp-5.7.3/dist/snmptrapd.service.MPGqYh net-snmp-5.7.3/dist/snmptrapd.service ---- net-snmp-5.7.3/dist/snmptrapd.service.MPGqYh 2015-02-17 13:34:05.745221844 +0100 -+++ net-snmp-5.7.3/dist/snmptrapd.service 2015-02-17 13:34:05.745221844 +0100 -@@ -0,0 +1,16 @@ -+# -+# SNMP trap-processing service file for systemd -+# -+ -+[Unit] -+Description=Simple Network Management Protocol (SNMP) Trap daemon. -+After=syslog.target network.target -+ -+[Service] -+# Type=notify is also supported. It should be set when snmptrapd.socket is not -+# used. -+Type=simple -+ExecStart=/usr/sbin/snmptrapd -f -+ -+[Install] -+WantedBy=multi-user.target -diff -up net-snmp-5.7.3/dist/snmptrapd.socket.MPGqYh net-snmp-5.7.3/dist/snmptrapd.socket ---- net-snmp-5.7.3/dist/snmptrapd.socket.MPGqYh 2015-02-17 13:34:05.745221844 +0100 -+++ net-snmp-5.7.3/dist/snmptrapd.socket 2015-02-17 13:34:05.745221844 +0100 -@@ -0,0 +1,14 @@ -+[Unit] -+Description=Socket listening for SNMP trap messages -+ -+[Socket] -+ListenDatagram=0.0.0.0:162 -+# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. -+# It must match listening addresses/ports defined in snmptrapd.service -+# or snmptrapd.conf. -+# ListenStream=0.0.0.0:162 -+# ListenDatagram=[::]:162 -+# ListenStream=[::]:162 -+ -+[Install] -+WantedBy=sockets.target -diff -up net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h.MPGqYh net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h ---- net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h.MPGqYh 2015-02-17 13:34:05.746221843 +0100 -+++ net-snmp-5.7.3/include/net-snmp/library/sd-daemon.h 2015-02-17 13:34:05.746221843 +0100 -@@ -0,0 +1,286 @@ -+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ -+ -+#ifndef SNMPD_SD_DAEMON_H -+#define SNMPD_SD_DAEMON_H -+ -+/*** -+ Copyright 2010 Lennart Poettering -+ -+ Permission is hereby granted, free of charge, to any person -+ obtaining a copy of this software and associated documentation files -+ (the "Software"), to deal in the Software without restriction, -+ including without limitation the rights to use, copy, modify, merge, -+ publish, distribute, sublicense, and/or sell copies of the Software, -+ and to permit persons to whom the Software is furnished to do so, -+ subject to the following conditions: -+ -+ The above copyright notice and this permission notice shall be -+ included in all copies or substantial portions of the Software. -+ -+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -+ SOFTWARE. -+***/ -+ -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* -+ Reference implementation of a few systemd related interfaces for -+ writing daemons. These interfaces are trivial to implement. To -+ simplify porting we provide this reference implementation. -+ Applications are welcome to reimplement the algorithms described -+ here if they do not want to include these two source files. -+ -+ The following functionality is provided: -+ -+ - Support for logging with log levels on stderr -+ - File descriptor passing for socket-based activation -+ - Daemon startup and status notification -+ - Detection of systemd boots -+ -+ You may compile this with -DDISABLE_SYSTEMD to disable systemd -+ support. This makes all those calls NOPs that are directly related to -+ systemd (i.e. only sd_is_xxx() will stay useful). -+ -+ Since this is drop-in code we don't want any of our symbols to be -+ exported in any case. Hence we declare hidden visibility for all of -+ them. -+ -+ You may find an up-to-date version of these source files online: -+ -+ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h -+ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c -+ -+ This should compile on non-Linux systems, too, but with the -+ exception of the sd_is_xxx() calls all functions will become NOPs. -+ -+ See sd-daemon(7) for more information. -+*/ -+ -+#ifndef _sd_printf_attr_ -+#if __GNUC__ >= 4 -+#define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b))) -+#else -+#define _sd_printf_attr_(a,b) -+#endif -+#endif -+ -+/* -+ Log levels for usage on stderr: -+ -+ fprintf(stderr, SD_NOTICE "Hello World!\n"); -+ -+ This is similar to printk() usage in the kernel. -+*/ -+#define SD_EMERG "<0>" /* system is unusable */ -+#define SD_ALERT "<1>" /* action must be taken immediately */ -+#define SD_CRIT "<2>" /* critical conditions */ -+#define SD_ERR "<3>" /* error conditions */ -+#define SD_WARNING "<4>" /* warning conditions */ -+#define SD_NOTICE "<5>" /* normal but significant condition */ -+#define SD_INFO "<6>" /* informational */ -+#define SD_DEBUG "<7>" /* debug-level messages */ -+ -+/* The first passed file descriptor is fd 3 */ -+#define SD_LISTEN_FDS_START 3 -+ -+/* -+ Returns how many file descriptors have been passed, or a negative -+ errno code on failure. Optionally, removes the $LISTEN_FDS and -+ $LISTEN_PID file descriptors from the environment (recommended, but -+ problematic in threaded environments). If r is the return value of -+ this function you'll find the file descriptors passed as fds -+ SD_LISTEN_FDS_START to SD_LISTEN_FDS_START+r-1. Returns a negative -+ errno style error code on failure. This function call ensures that -+ the FD_CLOEXEC flag is set for the passed file descriptors, to make -+ sure they are not passed on to child processes. If FD_CLOEXEC shall -+ not be set, the caller needs to unset it after this call for all file -+ descriptors that are used. -+ -+ See sd_listen_fds(3) for more information. -+*/ -+int netsnmp_sd_listen_fds(int unset_environment); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is a FIFO in the file system stored under the -+ specified path, 0 otherwise. If path is NULL a path name check will -+ not be done and the call only verifies if the file descriptor -+ refers to a FIFO. Returns a negative errno style error code on -+ failure. -+ -+ See sd_is_fifo(3) for more information. -+*/ -+int netsnmp_sd_is_fifo(int fd, const char *path); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is a special character device on the file -+ system stored under the specified path, 0 otherwise. -+ If path is NULL a path name check will not be done and the call -+ only verifies if the file descriptor refers to a special character. -+ Returns a negative errno style error code on failure. -+ -+ See sd_is_special(3) for more information. -+*/ -+int netsnmp_sd_is_special(int fd, const char *path); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is a socket of the specified family (AF_INET, -+ ...) and type (SOCK_DGRAM, SOCK_STREAM, ...), 0 otherwise. If -+ family is 0 a socket family check will not be done. If type is 0 a -+ socket type check will not be done and the call only verifies if -+ the file descriptor refers to a socket. If listening is > 0 it is -+ verified that the socket is in listening mode. (i.e. listen() has -+ been called) If listening is == 0 it is verified that the socket is -+ not in listening mode. If listening is < 0 no listening mode check -+ is done. Returns a negative errno style error code on failure. -+ -+ See sd_is_socket(3) for more information. -+*/ -+int netsnmp_sd_is_socket(int fd, int family, int type, int listening); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is an Internet socket, of the specified family -+ (either AF_INET or AF_INET6) and the specified type (SOCK_DGRAM, -+ SOCK_STREAM, ...), 0 otherwise. If version is 0 a protocol version -+ check is not done. If type is 0 a socket type check will not be -+ done. If port is 0 a socket port check will not be done. The -+ listening flag is used the same way as in sd_is_socket(). Returns a -+ negative errno style error code on failure. -+ -+ See sd_is_socket_inet(3) for more information. -+*/ -+int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port); -+ -+/* -+ Helper call for identifying a passed file descriptor. Returns 1 if -+ the file descriptor is an AF_UNIX socket of the specified type -+ (SOCK_DGRAM, SOCK_STREAM, ...) and path, 0 otherwise. If type is 0 -+ a socket type check will not be done. If path is NULL a socket path -+ check will not be done. For normal AF_UNIX sockets set length to -+ 0. For abstract namespace sockets set length to the length of the -+ socket name (including the initial 0 byte), and pass the full -+ socket path in path (including the initial 0 byte). The listening -+ flag is used the same way as in sd_is_socket(). Returns a negative -+ errno style error code on failure. -+ -+ See sd_is_socket_unix(3) for more information. -+*/ -+int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length); -+ -+/* -+ Informs systemd about changed daemon state. This takes a number of -+ newline separated environment-style variable assignments in a -+ string. The following variables are known: -+ -+ READY=1 Tells systemd that daemon startup is finished (only -+ relevant for services of Type=notify). The passed -+ argument is a boolean "1" or "0". Since there is -+ little value in signaling non-readiness the only -+ value daemons should send is "READY=1". -+ -+ STATUS=... Passes a single-line status string back to systemd -+ that describes the daemon state. This is free-from -+ and can be used for various purposes: general state -+ feedback, fsck-like programs could pass completion -+ percentages and failing programs could pass a human -+ readable error message. Example: "STATUS=Completed -+ 66% of file system check..." -+ -+ ERRNO=... If a daemon fails, the errno-style error code, -+ formatted as string. Example: "ERRNO=2" for ENOENT. -+ -+ BUSERROR=... If a daemon fails, the D-Bus error-style error -+ code. Example: "BUSERROR=org.freedesktop.DBus.Error.TimedOut" -+ -+ MAINPID=... The main pid of a daemon, in case systemd did not -+ fork off the process itself. Example: "MAINPID=4711" -+ -+ Daemons can choose to send additional variables. However, it is -+ recommended to prefix variable names not listed above with X_. -+ -+ Returns a negative errno-style error code on failure. Returns > 0 -+ if systemd could be notified, 0 if it couldn't possibly because -+ systemd is not running. -+ -+ Example: When a daemon finished starting up, it could issue this -+ call to notify systemd about it: -+ -+ sd_notify(0, "READY=1"); -+ -+ See sd_notifyf() for more complete examples. -+ -+ See sd_notify(3) for more information. -+*/ -+int netsnmp_sd_notify(int unset_environment, const char *state); -+ -+/* -+ Similar to sd_notify() but takes a format string. -+ -+ Example 1: A daemon could send the following after initialization: -+ -+ sd_notifyf(0, "READY=1\n" -+ "STATUS=Processing requests...\n" -+ "MAINPID=%lu", -+ (unsigned long) getpid()); -+ -+ Example 2: A daemon could send the following shortly before -+ exiting, on failure: -+ -+ sd_notifyf(0, "STATUS=Failed to start up: %s\n" -+ "ERRNO=%i", -+ strerror(errno), -+ errno); -+ -+ See sd_notifyf(3) for more information. -+*/ -+int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3); -+ -+/* -+ Returns > 0 if the system was booted with systemd. Returns < 0 on -+ error. Returns 0 if the system was not booted with systemd. Note -+ that all of the functions above handle non-systemd boots just -+ fine. You should NOT protect them with a call to this function. Also -+ note that this function checks whether the system, not the user -+ session is controlled by systemd. However the functions above work -+ for both user and system services. -+ -+ See sd_booted(3) for more information. -+*/ -+int netsnmp_sd_booted(void); -+ -+/** -+ * Find an socket with given parameters. See man sd_is_socket_inet for -+ * description of the arguments. -+ * -+ * Returns the file descriptor if it is found, 0 otherwise. -+ */ -+int netsnmp_sd_find_inet_socket(int family, int type, int listening, int port); -+ -+/** -+ * Find an unix socket with given parameters. See man sd_is_socket_unix for -+ * description of the arguments. -+ * -+ * Returns the file descriptor if it is found, 0 otherwise. -+ */ -+int -+netsnmp_sd_find_unix_socket(int type, int listening, const char *path); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SNMPD_SD_DAEMON_H */ -diff -up net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in.MPGqYh net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in ---- net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/include/net-snmp/net-snmp-config.h.in 2015-02-17 13:34:05.746221843 +0100 -@@ -1410,6 +1410,9 @@ - /* If you don't have root access don't exit upon kmem errors */ - #undef NETSNMP_NO_ROOT_ACCESS - -+/* If you don't want to integrate with systemd. */ -+#undef NETSNMP_NO_SYSTEMD -+ - /* Define if you want to remove all SET/write access from the code */ - #undef NETSNMP_NO_WRITE_SUPPORT - -diff -up net-snmp-5.7.3/README.systemd.MPGqYh net-snmp-5.7.3/README.systemd ---- net-snmp-5.7.3/README.systemd.MPGqYh 2015-02-17 13:34:05.747221843 +0100 -+++ net-snmp-5.7.3/README.systemd 2015-02-17 13:34:05.747221843 +0100 -@@ -0,0 +1,41 @@ -+README.systemd -+-------------- -+Net-SNMP provides two daemons, which support systemd system manager. -+See http://www.freedesktop.org/wiki/Software/systemd to learn how -+systemd works. Both socket activation and notification is supported by these -+daemons. -+ -+To enable systemd support, the sources must be compiled with -+--with-systemd configure option. -+ -+snmpd - The SNMP agent -+---------------------- -+Socket activation od snmpd daemon is implemented, but it's discouraged. -+The reason is simple - snmpd not only listens and processes SNMP requests -+from network, but also gathers system statistics counters, sends traps and -+communicates with subagents. It even opens few netlink sockets. -+ -+In other words, snmpd should run from system start to properly work. -+This can be done in two ways: -+1) either as snmpd service unit with 'Type=notification' and without a socket -+ unit -+2) or as snmpd service unit with 'Type=simple', appropriate socket socket unit -+ and the snmpd service enabled. This way systemd creates the snmpd listening -+ socket early during boot and passes the sockets to snmpd slightly later -+ (but still during machine boot). This way systemd can paralelize start of -+ services, which depend on snmpd. Admins must adjust the socket file manually, -+ depending if the snmpd support AgentX, IPv6, SMUX etc. -+ -+snmpd should be started with '-f' command line parameter to disable forking - -+systemd does that for us automatically. -+ -+ -+snmptrapd - The trap processing daemon -+-------------------------------------- -+snmptrapd supports full socket activation and also notification (if needed). -+Both 'Type=simple' (with appropriate socket unit) and 'Type=notify' services -+will work. Again, '-f' parameter should be provided on snmptrapd command line. -+ -+If integration with SNMP agent using AgentX protocol is enabled, snmptrapd should -+start during boot and not after first SNMP trap arrives. Same rules as for snmpd -+applies then. -\ No newline at end of file -diff -up net-snmp-5.7.3/snmplib/sd-daemon.c.MPGqYh net-snmp-5.7.3/snmplib/sd-daemon.c ---- net-snmp-5.7.3/snmplib/sd-daemon.c.MPGqYh 2015-02-17 13:34:05.747221843 +0100 -+++ net-snmp-5.7.3/snmplib/sd-daemon.c 2015-02-17 13:34:05.747221843 +0100 -@@ -0,0 +1,532 @@ -+/* -+ * Systemd integration parts. -+ * -+ * Most of this file is directly copied from systemd sources. -+ * Changes: -+ * - all functions were renamed to have netsnmp_ prefix -+ * - includes were changed to match Net-SNMP style. -+ * - removed gcc export macros -+ * - removed POSIX message queues -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#ifndef NETSNMP_NO_SYSTEMD -+ -+/*** -+ Copyright 2010 Lennart Poettering -+ -+ Permission is hereby granted, free of charge, to any person -+ obtaining a copy of this software and associated documentation files -+ (the "Software"), to deal in the Software without restriction, -+ including without limitation the rights to use, copy, modify, merge, -+ publish, distribute, sublicense, and/or sell copies of the Software, -+ and to permit persons to whom the Software is furnished to do so, -+ subject to the following conditions: -+ -+ The above copyright notice and this permission notice shall be -+ included in all copies or substantial portions of the Software. -+ -+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -+ SOFTWARE. -+***/ -+ -+#ifndef _GNU_SOURCE -+#define _GNU_SOURCE -+#endif -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+ -+int netsnmp_sd_listen_fds(int unset_environment) { -+ -+ int r, fd; -+ const char *e; -+ char *p = NULL; -+ unsigned long l; -+ -+ if (!(e = getenv("LISTEN_PID"))) { -+ r = 0; -+ goto finish; -+ } -+ -+ errno = 0; -+ l = strtoul(e, &p, 10); -+ -+ if (errno != 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ if (!p || *p || l <= 0) { -+ r = -EINVAL; -+ goto finish; -+ } -+ -+ /* Is this for us? */ -+ if (getpid() != (pid_t) l) { -+ r = 0; -+ goto finish; -+ } -+ -+ if (!(e = getenv("LISTEN_FDS"))) { -+ r = 0; -+ goto finish; -+ } -+ -+ errno = 0; -+ l = strtoul(e, &p, 10); -+ -+ if (errno != 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ if (!p || *p) { -+ r = -EINVAL; -+ goto finish; -+ } -+ -+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) { -+ int flags; -+ -+ if ((flags = fcntl(fd, F_GETFD)) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ if (flags & FD_CLOEXEC) -+ continue; -+ -+ if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ } -+ -+ r = (int) l; -+ -+finish: -+ if (unset_environment) { -+ unsetenv("LISTEN_PID"); -+ unsetenv("LISTEN_FDS"); -+ } -+ -+ return r; -+} -+ -+int netsnmp_sd_is_fifo(int fd, const char *path) { -+ struct stat st_fd; -+ -+ if (fd < 0) -+ return -EINVAL; -+ -+ memset(&st_fd, 0, sizeof(st_fd)); -+ if (fstat(fd, &st_fd) < 0) -+ return -errno; -+ -+ if (!S_ISFIFO(st_fd.st_mode)) -+ return 0; -+ -+ if (path) { -+ struct stat st_path; -+ -+ memset(&st_path, 0, sizeof(st_path)); -+ if (stat(path, &st_path) < 0) { -+ -+ if (errno == ENOENT || errno == ENOTDIR) -+ return 0; -+ -+ return -errno; -+ } -+ -+ return -+ st_path.st_dev == st_fd.st_dev && -+ st_path.st_ino == st_fd.st_ino; -+ } -+ -+ return 1; -+} -+ -+int netsnmp_sd_is_special(int fd, const char *path) { -+ struct stat st_fd; -+ -+ if (fd < 0) -+ return -EINVAL; -+ -+ if (fstat(fd, &st_fd) < 0) -+ return -errno; -+ -+ if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode)) -+ return 0; -+ -+ if (path) { -+ struct stat st_path; -+ -+ if (stat(path, &st_path) < 0) { -+ -+ if (errno == ENOENT || errno == ENOTDIR) -+ return 0; -+ -+ return -errno; -+ } -+ -+ if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode)) -+ return -+ st_path.st_dev == st_fd.st_dev && -+ st_path.st_ino == st_fd.st_ino; -+ else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode)) -+ return st_path.st_rdev == st_fd.st_rdev; -+ else -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static int sd_is_socket_internal(int fd, int type, int listening) { -+ struct stat st_fd; -+ -+ if (fd < 0 || type < 0) -+ return -EINVAL; -+ -+ if (fstat(fd, &st_fd) < 0) -+ return -errno; -+ -+ if (!S_ISSOCK(st_fd.st_mode)) -+ return 0; -+ -+ if (type != 0) { -+ int other_type = 0; -+ socklen_t l = sizeof(other_type); -+ -+ if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0) -+ return -errno; -+ -+ if (l != sizeof(other_type)) -+ return -EINVAL; -+ -+ if (other_type != type) -+ return 0; -+ } -+ -+ if (listening >= 0) { -+ int accepting = 0; -+ socklen_t l = sizeof(accepting); -+ -+ if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0) -+ return -errno; -+ -+ if (l != sizeof(accepting)) -+ return -EINVAL; -+ -+ if (!accepting != !listening) -+ return 0; -+ } -+ -+ return 1; -+} -+ -+union sockaddr_union { -+ struct sockaddr sa; -+ struct sockaddr_in in4; -+ struct sockaddr_in6 in6; -+ struct sockaddr_un un; -+ struct sockaddr_storage storage; -+}; -+ -+int netsnmp_sd_is_socket(int fd, int family, int type, int listening) { -+ int r; -+ -+ if (family < 0) -+ return -EINVAL; -+ -+ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) -+ return r; -+ -+ if (family > 0) { -+ union sockaddr_union sockaddr; -+ socklen_t l; -+ -+ memset(&sockaddr, 0, sizeof(sockaddr)); -+ l = sizeof(sockaddr); -+ -+ if (getsockname(fd, &sockaddr.sa, &l) < 0) -+ return -errno; -+ -+ if (l < sizeof(sa_family_t)) -+ return -EINVAL; -+ -+ return sockaddr.sa.sa_family == family; -+ } -+ -+ return 1; -+} -+ -+int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) { -+ union sockaddr_union sockaddr; -+ socklen_t l; -+ int r; -+ -+ if (family != 0 && family != AF_INET && family != AF_INET6) -+ return -EINVAL; -+ -+ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) -+ return r; -+ -+ memset(&sockaddr, 0, sizeof(sockaddr)); -+ l = sizeof(sockaddr); -+ -+ if (getsockname(fd, &sockaddr.sa, &l) < 0) -+ return -errno; -+ -+ if (l < sizeof(sa_family_t)) -+ return -EINVAL; -+ -+ if (sockaddr.sa.sa_family != AF_INET && -+ sockaddr.sa.sa_family != AF_INET6) -+ return 0; -+ -+ if (family > 0) -+ if (sockaddr.sa.sa_family != family) -+ return 0; -+ -+ if (port > 0) { -+ if (sockaddr.sa.sa_family == AF_INET) { -+ if (l < sizeof(struct sockaddr_in)) -+ return -EINVAL; -+ -+ return htons(port) == sockaddr.in4.sin_port; -+ } else { -+ if (l < sizeof(struct sockaddr_in6)) -+ return -EINVAL; -+ -+ return htons(port) == sockaddr.in6.sin6_port; -+ } -+ } -+ -+ return 1; -+} -+ -+int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) { -+ union sockaddr_union sockaddr; -+ socklen_t l; -+ int r; -+ -+ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) -+ return r; -+ -+ memset(&sockaddr, 0, sizeof(sockaddr)); -+ l = sizeof(sockaddr); -+ -+ if (getsockname(fd, &sockaddr.sa, &l) < 0) -+ return -errno; -+ -+ if (l < sizeof(sa_family_t)) -+ return -EINVAL; -+ -+ if (sockaddr.sa.sa_family != AF_UNIX) -+ return 0; -+ -+ if (path) { -+ if (length <= 0) -+ length = strlen(path); -+ -+ if (length <= 0) -+ /* Unnamed socket */ -+ return l == offsetof(struct sockaddr_un, sun_path); -+ -+ if (path[0]) -+ /* Normal path socket */ -+ return -+ (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) && -+ memcmp(path, sockaddr.un.sun_path, length+1) == 0; -+ else -+ /* Abstract namespace socket */ -+ return -+ (l == offsetof(struct sockaddr_un, sun_path) + length) && -+ memcmp(path, sockaddr.un.sun_path, length) == 0; -+ } -+ -+ return 1; -+} -+ -+int netsnmp_sd_notify(int unset_environment, const char *state) { -+ int fd = -1, r; -+ struct msghdr msghdr; -+ struct iovec iovec; -+ union sockaddr_union sockaddr; -+ const char *e; -+ -+ if (!state) { -+ r = -EINVAL; -+ goto finish; -+ } -+ -+ if (!(e = getenv("NOTIFY_SOCKET"))) -+ return 0; -+ -+ /* Must be an abstract socket, or an absolute path */ -+ if ((e[0] != '@' && e[0] != '/') || e[1] == 0) { -+ r = -EINVAL; -+ goto finish; -+ } -+ -+ if ((fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ memset(&sockaddr, 0, sizeof(sockaddr)); -+ sockaddr.sa.sa_family = AF_UNIX; -+ strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path)); -+ -+ if (sockaddr.un.sun_path[0] == '@') -+ sockaddr.un.sun_path[0] = 0; -+ -+ memset(&iovec, 0, sizeof(iovec)); -+ iovec.iov_base = (char *)state; -+ iovec.iov_len = strlen(state); -+ -+ memset(&msghdr, 0, sizeof(msghdr)); -+ msghdr.msg_name = &sockaddr; -+ msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e); -+ -+ if (msghdr.msg_namelen > sizeof(struct sockaddr_un)) -+ msghdr.msg_namelen = sizeof(struct sockaddr_un); -+ -+ msghdr.msg_iov = &iovec; -+ msghdr.msg_iovlen = 1; -+ -+ if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ r = 1; -+ -+finish: -+ if (unset_environment) -+ unsetenv("NOTIFY_SOCKET"); -+ -+ if (fd >= 0) -+ close(fd); -+ -+ return r; -+} -+ -+int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) { -+ va_list ap; -+ char *p = NULL; -+ int r; -+ -+ va_start(ap, format); -+ r = vasprintf(&p, format, ap); -+ va_end(ap); -+ -+ if (r < 0 || !p) -+ return -ENOMEM; -+ -+ r = netsnmp_sd_notify(unset_environment, p); -+ free(p); -+ -+ return r; -+} -+ -+int netsnmp_sd_booted(void) { -+ struct stat a, b; -+ -+ /* We simply test whether the systemd cgroup hierarchy is -+ * mounted */ -+ -+ if (lstat("/sys/fs/cgroup", &a) < 0) -+ return 0; -+ -+ if (lstat("/sys/fs/cgroup/systemd", &b) < 0) -+ return 0; -+ -+ return a.st_dev != b.st_dev; -+} -+ -+/* End of original sd-daemon.c from systemd sources */ -+ -+int -+netsnmp_sd_find_inet_socket(int family, int type, int listening, int port) -+{ -+ int count, fd; -+ -+ count = netsnmp_sd_listen_fds(0); -+ if (count <= 0) { -+ DEBUGMSGTL(("systemd:find_inet_socket", "No LISTEN_FDS found.\n")); -+ return 0; -+ } -+ DEBUGMSGTL(("systemd:find_inet_socket", "LISTEN_FDS reports %d sockets.\n", -+ count)); -+ -+ for (fd = 3; fd < 3+count; fd++) { -+ int rc = netsnmp_sd_is_socket_inet(fd, family, type, listening, port); -+ if (rc < 0) -+ DEBUGMSGTL(("systemd:find_inet_socket", -+ "sd_is_socket_inet error: %d\n", rc)); -+ if (rc > 0) { -+ DEBUGMSGTL(("systemd:find_inet_socket", -+ "Found the socket in LISTEN_FDS\n")); -+ return fd; -+ } -+ } -+ DEBUGMSGTL(("systemd:find_inet_socket", "Socket not found in LISTEN_FDS\n")); -+ return 0; -+} -+ -+int -+netsnmp_sd_find_unix_socket(int type, int listening, const char *path) -+{ -+ int count, fd; -+ -+ count = netsnmp_sd_listen_fds(0); -+ if (count <= 0) { -+ DEBUGMSGTL(("systemd:find_unix_socket", "No LISTEN_FDS found.\n")); -+ return 0; -+ } -+ DEBUGMSGTL(("systemd:find_unix_socket", "LISTEN_FDS reports %d sockets.\n", -+ count)); -+ -+ for (fd = 3; fd < 3+count; fd++) { -+ int rc = netsnmp_sd_is_socket_unix(fd, type, listening, path, 0); -+ if (rc < 0) -+ DEBUGMSGTL(("systemd:find_unix_socket", -+ "netsnmp_sd_is_socket_unix error: %d\n", rc)); -+ if (rc > 0) { -+ DEBUGMSGTL(("systemd:find_unix_socket", -+ "Found the socket in LISTEN_FDS\n")); -+ return fd; -+ } -+ } -+ DEBUGMSGTL(("systemd:find_unix_socket", "Socket not found in LISTEN_FDS\n")); -+ return 0; -+} -+ -+#endif /* ! NETSNMP_NO_SYSTEMD */ -diff -up net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c ---- net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpTCPDomain.c 2015-02-17 13:34:05.748221842 +0100 -@@ -43,6 +43,10 @@ - #include - #include - -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - /* - * needs to be in sync with the definitions in snmplib/snmpUDPDomain.c - * and perl/agent/agent.xs -@@ -149,6 +153,7 @@ netsnmp_tcp_transport(struct sockaddr_in - netsnmp_transport *t = NULL; - netsnmp_udp_addr_pair *addr_pair = NULL; - int rc = 0; -+ int socket_initialized = 0; - - #ifdef NETSNMP_NO_LISTEN_SUPPORT - if (local) -@@ -178,7 +183,19 @@ netsnmp_tcp_transport(struct sockaddr_in - t->domain_length = - sizeof(netsnmp_snmpTCPDomain) / sizeof(netsnmp_snmpTCPDomain[0]); - -- t->sock = socket(PF_INET, SOCK_STREAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_STREAM, 1, -+ ntohs(addr->sin_port)); -+ if (t->sock) -+ socket_initialized = 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock = socket(PF_INET, SOCK_STREAM, 0); - if (t->sock < 0) { - netsnmp_transport_free(t); - return NULL; -@@ -215,11 +232,13 @@ netsnmp_tcp_transport(struct sockaddr_in - setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, - sizeof(opt)); - -- rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr)); -- if (rc != 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr)); -+ if (rc != 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - - /* -@@ -235,12 +254,13 @@ netsnmp_tcp_transport(struct sockaddr_in - /* - * Now sit here and wait for connections to arrive. - */ -- -- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -- if (rc != 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -+ if (rc != 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - - /* -diff -up net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c ---- net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpTCPIPv6Domain.c 2015-02-17 13:34:05.748221842 +0100 -@@ -49,6 +49,10 @@ - #include - #include - -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - #include "inet_ntop.h" - - oid netsnmp_TCPIPv6Domain[] = { TRANSPORT_DOMAIN_TCP_IPV6 }; -@@ -140,6 +144,7 @@ netsnmp_tcp6_transport(struct sockaddr_i - { - netsnmp_transport *t = NULL; - int rc = 0; -+ int socket_initialized = 0; - - #ifdef NETSNMP_NO_LISTEN_SUPPORT - if (local) -@@ -174,7 +179,19 @@ netsnmp_tcp6_transport(struct sockaddr_i - t->domain = netsnmp_TCPIPv6Domain; - t->domain_length = sizeof(netsnmp_TCPIPv6Domain) / sizeof(oid); - -- t->sock = socket(PF_INET6, SOCK_STREAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_STREAM, 1, -+ ntohs(addr->sin6_port)); -+ if (t->sock) -+ socket_initialized = 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock = socket(PF_INET6, SOCK_STREAM, 0); - if (t->sock < 0) { - netsnmp_transport_free(t); - return NULL; -@@ -220,12 +237,14 @@ netsnmp_tcp6_transport(struct sockaddr_i - - setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, sizeof(opt)); - -- rc = bind(t->sock, (struct sockaddr *) addr, -- sizeof(struct sockaddr_in6)); -- if (rc != 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc = bind(t->sock, (struct sockaddr *) addr, -+ sizeof(struct sockaddr_in6)); -+ if (rc != 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - - /* -@@ -242,11 +261,13 @@ netsnmp_tcp6_transport(struct sockaddr_i - * Now sit here and wait for connections to arrive. - */ - -- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -- if (rc != 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -+ if (rc != 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - - /* -diff -up net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c ---- net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpUDPIPv4BaseDomain.c 2015-02-17 13:36:22.744123462 +0100 -@@ -40,6 +40,10 @@ - - #include - -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - #if defined(HAVE_IP_PKTINFO) || defined(HAVE_IP_RECVDSTADDR) - int netsnmp_udpipv4_recvfrom(int s, void *buf, int len, struct sockaddr *from, - socklen_t *fromlen, struct sockaddr *dstip, -@@ -64,6 +68,7 @@ netsnmp_udpipv4base_transport(struct soc - char *client_socket = NULL; - netsnmp_indexed_addr_pair addr_pair; - socklen_t local_addr_len; -+ int socket_initialized = 0; - - #ifdef NETSNMP_NO_LISTEN_SUPPORT - if (local) -@@ -88,7 +93,20 @@ netsnmp_udpipv4base_transport(struct soc - free(str); - } - -- t->sock = socket(PF_INET, SOCK_DGRAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_DGRAM, -1, -+ ntohs(addr->sin_port)); -+ if (t->sock) -+ socket_initialized = 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock = socket(PF_INET, SOCK_DGRAM, 0); -+ - DEBUGMSGTL(("UDPBase", "openned socket %d as local=%d\n", t->sock, local)); - if (t->sock < 0) { - netsnmp_transport_free(t); -@@ -151,12 +169,14 @@ netsnmp_udpipv4base_transport(struct soc - } - } - #endif /* !defined(WIN32) */ -- rc = bind(t->sock, (struct sockaddr *) addr, -- sizeof(struct sockaddr)); -- if (rc != 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc = bind(t->sock, (struct sockaddr *) addr, -+ sizeof(struct sockaddr)); -+ if (rc != 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - t->data = NULL; - t->data_length = 0; -diff -up net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c ---- net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpUDPIPv6Domain.c 2015-02-17 13:37:16.256087147 +0100 -@@ -67,6 +67,10 @@ static const struct in6_addr in6addr_any - #include - #include - -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - #include "inet_ntop.h" - #include "inet_pton.h" - -@@ -190,6 +194,7 @@ netsnmp_udp6_transport(struct sockaddr_i - { - netsnmp_transport *t = NULL; - int rc = 0; -+ int socket_initialized = 0; - - #ifdef NETSNMP_NO_LISTEN_SUPPORT - if (local) -@@ -217,7 +222,19 @@ netsnmp_udp6_transport(struct sockaddr_i - t->domain_length = - sizeof(netsnmp_UDPIPv6Domain) / sizeof(netsnmp_UDPIPv6Domain[0]); - -- t->sock = socket(PF_INET6, SOCK_DGRAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_DGRAM, -1, -+ ntohs(addr->sin6_port)); -+ if (t->sock) -+ socket_initialized = 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock = socket(PF_INET6, SOCK_DGRAM, 0); - if (t->sock < 0) { - netsnmp_transport_free(t); - return NULL; -@@ -242,13 +259,14 @@ netsnmp_udp6_transport(struct sockaddr_i - } - } - #endif -- -- rc = bind(t->sock, (struct sockaddr *) addr, -- sizeof(struct sockaddr_in6)); -- if (rc != 0) { -- netsnmp_socketbase_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc = bind(t->sock, (struct sockaddr *) addr, -+ sizeof(struct sockaddr_in6)); -+ if (rc != 0) { -+ netsnmp_socketbase_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } - t->local = (unsigned char*)malloc(18); - if (t->local == NULL) { -diff -up net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c.MPGqYh net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c ---- net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c.MPGqYh 2014-12-08 21:23:22.000000000 +0100 -+++ net-snmp-5.7.3/snmplib/transports/snmpUnixDomain.c 2015-02-17 13:34:05.749221841 +0100 -@@ -37,6 +37,10 @@ - #include /* mkdirhier */ - #include - -+#ifndef NETSNMP_NO_SYSTEMD -+#include -+#endif -+ - netsnmp_feature_child_of(transport_unix_socket_all, transport_all) - netsnmp_feature_child_of(unix_socket_paths, transport_unix_socket_all) - -@@ -295,6 +299,7 @@ netsnmp_unix_transport(struct sockaddr_u - netsnmp_transport *t = NULL; - sockaddr_un_pair *sup = NULL; - int rc = 0; -+ int socket_initialized = 0; - - #ifdef NETSNMP_NO_LISTEN_SUPPORT - /* SPECIAL CIRCUMSTANCE: We still want AgentX to be able to operate, -@@ -333,7 +338,18 @@ netsnmp_unix_transport(struct sockaddr_u - t->data_length = sizeof(sockaddr_un_pair); - sup = (sockaddr_un_pair *) t->data; - -- t->sock = socket(PF_UNIX, SOCK_STREAM, 0); -+#ifndef NETSNMP_NO_SYSTEMD -+ /* -+ * Maybe the socket was already provided by systemd... -+ */ -+ if (local) { -+ t->sock = netsnmp_sd_find_unix_socket(SOCK_STREAM, 1, addr->sun_path); -+ if (t->sock) -+ socket_initialized = 1; -+ } -+#endif -+ if (!socket_initialized) -+ t->sock = socket(PF_UNIX, SOCK_STREAM, 0); - if (t->sock < 0) { - netsnmp_transport_free(t); - return NULL; -@@ -357,25 +373,26 @@ netsnmp_unix_transport(struct sockaddr_u - - t->flags |= NETSNMP_TRANSPORT_FLAG_LISTEN; - -- unlink(addr->sun_path); -- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); -- -- if (rc != 0 && errno == ENOENT && create_path) { -- rc = mkdirhier(addr->sun_path, create_mode, 1); -+ if (!socket_initialized) { -+ unlink(addr->sun_path); -+ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); -+ if (rc != 0 && errno == ENOENT && create_path) { -+ rc = mkdirhier(addr->sun_path, create_mode, 1); -+ if (rc != 0) { -+ netsnmp_unix_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } -+ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); -+ } - if (rc != 0) { -+ DEBUGMSGTL(("netsnmp_unix_transport", -+ "couldn't bind \"%s\", errno %d (%s)\n", -+ addr->sun_path, errno, strerror(errno))); - netsnmp_unix_close(t); - netsnmp_transport_free(t); - return NULL; - } -- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); -- } -- if (rc != 0) { -- DEBUGMSGTL(("netsnmp_unix_transport", -- "couldn't bind \"%s\", errno %d (%s)\n", -- addr->sun_path, errno, strerror(errno))); -- netsnmp_unix_close(t); -- netsnmp_transport_free(t); -- return NULL; - } - - /* -@@ -391,16 +408,17 @@ netsnmp_unix_transport(struct sockaddr_u - * Now sit here and listen for connections to arrive. - */ - -- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -- if (rc != 0) { -- DEBUGMSGTL(("netsnmp_unix_transport", -- "couldn't listen to \"%s\", errno %d (%s)\n", -- addr->sun_path, errno, strerror(errno))); -- netsnmp_unix_close(t); -- netsnmp_transport_free(t); -- return NULL; -+ if (!socket_initialized) { -+ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); -+ if (rc != 0) { -+ DEBUGMSGTL(("netsnmp_unix_transport", -+ "couldn't listen to \"%s\", errno %d (%s)\n", -+ addr->sun_path, errno, strerror(errno))); -+ netsnmp_unix_close(t); -+ netsnmp_transport_free(t); -+ return NULL; -+ } - } -- - } else { - t->remote = (u_char *)malloc(strlen(addr->sun_path)); - if (t->remote == NULL) { diff --git a/net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch b/net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch new file mode 100644 index 000000000..fb34caff7 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.7.3-iterator-fix.patch @@ -0,0 +1,14 @@ +diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c +--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200 ++++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200 +@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam + return 0; /* or -1 */ + + it = CONTAINER_ITERATOR( swrun_container ); ++ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) { ++ if (0 == strcmp( entry->hrSWRunName, name )) ++ i++; ++ } + while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) { + if (0 == strcmp( entry->hrSWRunName, name )) + i++; diff --git a/net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch b/net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch new file mode 100644 index 000000000..75a2c6df1 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-Remove-U64-typedef.patch @@ -0,0 +1,12 @@ +diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h +--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200 ++++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200 +@@ -10,7 +10,7 @@ extern "C" { + * Note: using the U64 typedef is deprecated because this typedef conflicts + * with a typedef with the same name defined in the Perl header files. + */ +- typedef struct counter64 U64; ++// typedef struct counter64 U64; + #endif + + #define I64CHARSZ 21 diff --git a/net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch b/net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch new file mode 100644 index 000000000..ef851b1ef --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-clientaddr-error-message.patch @@ -0,0 +1,35 @@ +diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c +--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100 ++++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100 +@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M + "No error", /* SNMPERR_SUCCESS */ + "Generic error", /* SNMPERR_GENERR */ + "Invalid local port", /* SNMPERR_BAD_LOCPORT */ +- "Unknown host", /* SNMPERR_BAD_ADDRESS */ ++ "Invalid address", /* SNMPERR_BAD_ADDRESS */ + "Unknown session", /* SNMPERR_BAD_SESSION */ + "Too long", /* SNMPERR_TOO_LONG */ + "No socket", /* SNMPERR_NO_SOCKET */ +@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session) + DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n")); + in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS; + in_session->s_errno = errno; +- snmp_set_detail(in_session->peername); ++ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, ++ NETSNMP_DS_LIB_CLIENT_ADDR)) ++ snmp_set_detail(in_session->peername); + return NULL; + } + +diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c +--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100 ++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100 +@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn + DEBUGMSGTL(("netsnmp_udpbase", + "failed to bind for clientaddr: %d %s\n", + errno, strerror(errno))); ++ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n", ++ strerror(errno))); + goto err; + } + diff --git a/net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch b/net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch new file mode 100644 index 000000000..075976a4e --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-duplicate-ipAddress.patch @@ -0,0 +1,11 @@ +diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c +--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200 ++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200 +@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co + for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) { + if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) { + /* 'entry' is duplicate of the previous one -> delete it */ ++ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n")); + netsnmp_access_ipaddress_entry_free(entry); + } else { + CONTAINER_INSERT(ret, entry); diff --git a/net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch b/net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch new file mode 100644 index 000000000..db95998f0 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-ipAddress-faster-load.patch @@ -0,0 +1,82 @@ +diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c +--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200 ++++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200 +@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr) + } + + #elif defined(linux) ++#include + static struct ifreq *ifr; + static int ifr_counter; + + static void + Address_Scan_Init(void) + { +- int num_interfaces = 0; ++ int i; + int fd; ++ int lastlen = 0; + + /* get info about all interfaces */ + +@@ -510,28 +512,45 @@ Address_Scan_Init(void) + SNMP_FREE(ifc.ifc_buf); + ifr_counter = 0; + +- do +- { + if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + { + DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n")); + return; + } +- num_interfaces += 16; + +- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces; +- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len); +- +- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) +- { +- ifr=NULL; +- close(fd); +- return; +- } +- close(fd); ++ /* ++ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF ++ * on some platforms; see W. R. Stevens, ``Unix Network Programming ++ * Volume I'', p.435... ++ */ ++ ++ for (i = 8;; i *= 2) { ++ ifc.ifc_len = sizeof(struct ifreq) * i; ++ ifc.ifc_req = calloc(i, sizeof(struct ifreq)); ++ ++ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) { ++ if (errno != EINVAL || lastlen != 0) { ++ /* ++ * Something has gone genuinely wrong... ++ */ ++ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno); ++ SNMP_FREE(ifc.ifc_buf); ++ close(fd); ++ return; ++ } ++ } else { ++ if (ifc.ifc_len == lastlen) { ++ /* ++ * The length is the same as the last time; we're done... ++ */ ++ break; ++ } ++ lastlen = ifc.ifc_len; ++ } ++ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */ + } +- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces)); +- ++ ++ close(fd); + ifr = ifc.ifc_req; + } + diff --git a/net-snmp/patches/net-snmp-5.8-man-page.patch b/net-snmp/patches/net-snmp-5.8-man-page.patch new file mode 100644 index 000000000..dc78e14b6 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.8-man-page.patch @@ -0,0 +1,36 @@ +diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def +--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200 ++++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200 +@@ -3,7 +3,7 @@ + net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file + .SH SYNOPSIS + .PP +-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES] ++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES] + .B [username] + .SH DESCRIPTION + .PP +@@ -16,13 +16,16 @@ new user in net-snmp configuration file + displays the net-snmp version number + .TP + \fB\-ro\fR +-create an user with read-only permissions ++creates a user with read-only permissions + .TP +-\fB\-a authpass\fR +-specify authentication password ++\fB\-A authpass\fR ++specifies the authentication password + .TP +-\fB\-x privpass\fR +-specify encryption password ++\fB\-a MD5|SHA\fR ++specifies the authentication password hashing algorithm + .TP +-\fB\-X DES|AES\fR +-specify encryption algorithm ++\fB\-X privpass\fR ++specifies the encryption password ++.TP ++\fB\-x DES|AES\fR ++specifies the encryption algorithm diff --git a/net-snmp/patches/net-snmp-5.9-aes-config.patch b/net-snmp/patches/net-snmp-5.9-aes-config.patch new file mode 100644 index 000000000..ceac97c78 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-aes-config.patch @@ -0,0 +1,18 @@ +diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in +index afd6fa4..07c26fe 100644 +--- a/net-snmp-create-v3-user.in ++++ b/net-snmp-create-v3-user.in +@@ -58,11 +58,11 @@ case $1 in + exit 1 + fi + case $1 in +- DES|AES|AES128) ++ DES|AES|AES128|AES192|AES256) + Xalgorithm=$1 + shift + ;; +- des|aes|aes128) ++ des|aes|aes128|aes192|aes256) + Xalgorithm=$(echo "$1" | tr a-z A-Z) + shift + ;; diff --git a/net-snmp/patches/net-snmp-5.9-autofs-skip.patch b/net-snmp/patches/net-snmp-5.9-autofs-skip.patch new file mode 100644 index 000000000..bd5c560c1 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-autofs-skip.patch @@ -0,0 +1,12 @@ +diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c +index e7ca92f..80b3e0d 100644 +--- a/agent/mibgroup/host/hr_filesys.c ++++ b/agent/mibgroup/host/hr_filesys.c +@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = { + "shm", + "sockfs", + "sysfs", ++ "tmpfs", + "usbdevfs", + "usbfs", + #endif diff --git a/net-snmp/patches/net-snmp-5.9-coverity.patch b/net-snmp/patches/net-snmp-5.9-coverity.patch new file mode 100644 index 000000000..fa3e0430d --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-coverity.patch @@ -0,0 +1,22 @@ +diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c +index e9a8831..5a1d8e7 100644 +--- a/agent/mibgroup/disman/event/mteTrigger.c ++++ b/agent/mibgroup/disman/event/mteTrigger.c +@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg) + * Similarly, if no fallEvent is configured, + * there's no point in trying to fire it either. + */ +- if (entry->mteTThRiseEvent[0] != '\0' ) { ++ if (entry->mteTThFallEvent[0] != '\0' ) { + entry->mteTriggerXOwner = entry->mteTThObjOwner; + entry->mteTriggerXObjects = entry->mteTThObjects; + entry->mteTriggerFired = vp1; +@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg) + * Similarly, if no fallEvent is configured, + * there's no point in trying to fire it either. + */ +- if (entry->mteTThDRiseEvent[0] != '\0' ) { ++ if (entry->mteTThDFallEvent[0] != '\0' ) { + entry->mteTriggerXOwner = entry->mteTThObjOwner; + entry->mteTriggerXObjects = entry->mteTThObjects; + entry->mteTriggerFired = vp1; diff --git a/net-snmp/patches/net-snmp-5.9-dir-fix.patch b/net-snmp/patches/net-snmp-5.9-dir-fix.patch new file mode 100644 index 000000000..f7311ca33 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-dir-fix.patch @@ -0,0 +1,30 @@ +diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in +index 19895a1..ac3c60f 100644 +--- a/net-snmp-create-v3-user.in ++++ b/net-snmp-create-v3-user.in +@@ -14,6 +14,10 @@ Xalgorithm="DES" + token=rwuser + + while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do ++case "$1" in ++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; ++ *) optarg= ;; ++esac + + unset shifted + case $1 in +@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then + touch "$outfile" + fi + echo "$line" >> "$outfile" +-prefix=@prefix@ +-datarootdir=@datarootdir@ +-# To suppress shellcheck complaints about $prefix and $datarootdir. +-: "$prefix" "$datarootdir" +-outfile="@datadir@/snmp/snmpd.conf" ++# Avoid that configure complains that this script ignores @datarootdir@ ++echo "@datarootdir@" >/dev/null ++outfile="/etc/snmp/snmpd.conf" + line="$token $user" + echo "adding the following line to $outfile:" + echo " $line" diff --git a/net-snmp/patches/net-snmp-5.9-intermediate-certs.patch b/net-snmp/patches/net-snmp-5.9-intermediate-certs.patch new file mode 100644 index 000000000..6b5daf726 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-intermediate-certs.patch @@ -0,0 +1,855 @@ +diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h +index 80e2a19..143adbb 100644 +--- a/include/net-snmp/library/cert_util.h ++++ b/include/net-snmp/library/cert_util.h +@@ -55,7 +55,8 @@ extern "C" { + char *common_name; + + u_char hash_type; +- u_char _pad[3]; /* for future use */ ++ u_char _pad[1]; /* for future use */ ++ u_short offset; + } netsnmp_cert; + + /** types */ +@@ -100,6 +101,7 @@ extern "C" { + + NETSNMP_IMPORT + netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint); ++ netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint); + + int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var); + +diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h +index 471bb0b..ac7f69a 100644 +--- a/include/net-snmp/library/dir_utils.h ++++ b/include/net-snmp/library/dir_utils.h +@@ -53,7 +53,8 @@ extern "C" { + #define NETSNMP_DIR_NSFILE 0x0010 + /** load stats in netsnmp_file */ + #define NETSNMP_DIR_NSFILE_STATS 0x0020 +- ++/** allow files to be indexed more than once */ ++#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040 + + + #ifdef __cplusplus +diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c +index 210ad8b..b1f8144 100644 +--- a/snmplib/cert_util.c ++++ b/snmplib/cert_util.c +@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all); + * bump this value whenever cert index format changes, so indexes + * will be regenerated with new format. + */ +-#define CERT_INDEX_FORMAT 1 ++#define CERT_INDEX_FORMAT 2 + + static netsnmp_container *_certs = NULL; + static netsnmp_container *_keys = NULL; +@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs, + netsnmp_cert_common *rhs); + static void _find_partner(netsnmp_cert *cert, netsnmp_key *key); + static netsnmp_cert *_find_issuer(netsnmp_cert *cert); ++static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *matching); ++static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *matching, int what); + static netsnmp_void_array *_cert_find_subset_fn(const char *filename, + const char *directory); + static netsnmp_void_array *_cert_find_subset_sn(const char *subject); +@@ -345,6 +347,8 @@ _get_cert_container(const char *use) + { + netsnmp_container *c; + ++ int rc; ++ + c = netsnmp_container_find("certs:binary_array"); + if (NULL == c) { + snmp_log(LOG_ERR, "could not create container for %s\n", use); +@@ -354,6 +358,8 @@ _get_cert_container(const char *use) + c->free_item = (netsnmp_container_obj_func*)_cert_free; + c->compare = (netsnmp_container_compare*)_cert_compare; + ++ CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc); ++ + return c; + } + +@@ -362,6 +368,8 @@ _setup_containers(void) + { + netsnmp_container *additional_keys; + ++ int rc; ++ + _certs = _get_cert_container("netsnmp certificates"); + if (NULL == _certs) + return; +@@ -376,6 +384,7 @@ _setup_containers(void) + additional_keys->container_name = strdup("certs_cn"); + additional_keys->free_item = NULL; + additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare; ++ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc); + netsnmp_container_add_index(_certs, additional_keys); + + /** additional keys: subject name */ +@@ -389,6 +398,7 @@ _setup_containers(void) + additional_keys->free_item = NULL; + additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare; + additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare; ++ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc); + netsnmp_container_add_index(_certs, additional_keys); + + /** additional keys: file name */ +@@ -402,6 +412,7 @@ _setup_containers(void) + additional_keys->free_item = NULL; + additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare; + additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare; ++ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc); + netsnmp_container_add_index(_certs, additional_keys); + + _keys = netsnmp_container_find("cert_keys:binary_array"); +@@ -424,7 +435,7 @@ netsnmp_cert_map_container(void) + } + + static netsnmp_cert * +-_new_cert(const char *dirname, const char *filename, int certType, ++_new_cert(const char *dirname, const char *filename, int certType, int offset, + int hashType, const char *fingerprint, const char *common_name, + const char *subject) + { +@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType, + + cert->info.dir = strdup(dirname); + cert->info.filename = strdup(filename); +- cert->info.allowed_uses = NS_CERT_REMOTE_PEER; ++ /* only the first certificate is allowed to be a remote peer */ ++ cert->info.allowed_uses = offset ? 0 : NS_CERT_REMOTE_PEER; + cert->info.type = certType; ++ cert->offset = offset; + if (fingerprint) { + cert->hash_type = hashType; + cert->fingerprint = strdup(fingerprint); +@@ -884,14 +897,86 @@ _certindex_new( const char *dirname ) + * certificate utility functions + * + */ ++static BIO * ++netsnmp_open_bio(const char *dir, const char *filename) ++{ ++ BIO *certbio; ++ char file[SNMP_MAXPATH]; ++ ++ DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename)); ++ ++ certbio = BIO_new(BIO_s_file()); ++ if (NULL == certbio) { ++ snmp_log(LOG_ERR, "error creating BIO\n"); ++ return NULL; ++ } ++ ++ snprintf(file, sizeof(file),"%s/%s", dir, filename); ++ if (BIO_read_filename(certbio, file) <=0) { ++ snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", file); ++ BIO_vfree(certbio); ++ return NULL; ++ } ++ ++ return certbio; ++} ++ ++static void ++netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert) ++{ ++ int is_ca; ++ ++ cert->ocert = ocert; ++ ++ /* ++ * X509_check_ca return codes: ++ * 0 not a CA ++ * 1 is a CA ++ * 2 basicConstraints absent so "maybe" a CA ++ * 3 basicConstraints absent but self signed V1. ++ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. ++ * 5 outdated Netscape Certificate Type CA extension. ++ */ ++ is_ca = X509_check_ca(ocert); ++ if (1 == is_ca) ++ cert->info.allowed_uses |= NS_CERT_CA; ++ ++ if (NULL == cert->subject) { ++ cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL, ++ 0); ++ DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject)); ++ } ++ ++ if (NULL == cert->issuer) { ++ cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0); ++ if (strcmp(cert->subject, cert->issuer) == 0) { ++ free(cert->issuer); ++ cert->issuer = strdup("self-signed"); ++ } ++ DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer)); ++ } ++ ++ if (NULL == cert->fingerprint) { ++ cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert); ++ cert->fingerprint = ++ netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type); ++ } ++ ++ if (NULL == cert->common_name) { ++ cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL, ++ NULL); ++ DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name)); ++ } ++ ++} ++ + static X509 * + netsnmp_ocert_get(netsnmp_cert *cert) + { + BIO *certbio; + X509 *ocert = NULL; ++ X509 *ncert = NULL; + EVP_PKEY *okey = NULL; +- char file[SNMP_MAXPATH]; +- int is_ca; + + if (NULL == cert) + return NULL; +@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert) + } + } + +- DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename)); +- +- certbio = BIO_new(BIO_s_file()); +- if (NULL == certbio) { +- snmp_log(LOG_ERR, "error creating BIO\n"); +- return NULL; +- } +- +- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename); +- if (BIO_read_filename(certbio, file) <=0) { +- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file); +- BIO_vfree(certbio); ++ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename); ++ if (!certbio) { + return NULL; + } + +- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) { +- char *pos = strrchr(cert->info.filename, '.'); +- if (NULL == pos) +- return NULL; +- cert->info.type = _cert_ext_type(++pos); +- netsnmp_assert(cert->info.type != NS_CERT_TYPE_UNKNOWN); +- } +- + switch (cert->info.type) { + + case NS_CERT_TYPE_DER: ++ (void)BIO_seek(certbio, cert->offset); + ocert = d2i_X509_bio(certbio,NULL); /* DER/ASN1 */ + if (NULL != ocert) + break; +- (void)BIO_reset(certbio); + /* Check for PEM if DER didn't work */ + /* FALLTHROUGH */ + + case NS_CERT_TYPE_PEM: +- ocert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); ++ (void)BIO_seek(certbio, cert->offset); ++ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); + if (NULL == ocert) + break; + if (NS_CERT_TYPE_DER == cert->info.type) { + DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n")); + cert->info.type = NS_CERT_TYPE_PEM; + } +- /** check for private key too */ +- if (NULL == cert->key) { +- (void)BIO_reset(certbio); +- okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); ++ /** check for private key too, but only if we're the first certificate */ ++ if (0 == cert->offset && NULL == cert->key) { ++ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); + if (NULL != okey) { + netsnmp_key *key; + DEBUGMSGT(("cert:read:key", "found key with cert in %s\n", +@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert) + break; + #ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER + case NS_CERT_TYPE_PKCS12: +- (void)BIO_reset(certbio); ++ (void)BIO_seek(certbio, cert->offset); + PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL); + if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) || + PKCS12_verify_mac(p12, NULL, 0))) +@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert) + return NULL; + } + +- cert->ocert = ocert; +- /* +- * X509_check_ca return codes: +- * 0 not a CA +- * 1 is a CA +- * 2 basicConstraints absent so "maybe" a CA +- * 3 basicConstraints absent but self signed V1. +- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. +- * 5 outdated Netscape Certificate Type CA extension. +- */ +- is_ca = X509_check_ca(ocert); +- if (1 == is_ca) +- cert->info.allowed_uses |= NS_CERT_CA; +- +- if (NULL == cert->subject) { +- cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL, +- 0); +- DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject)); +- } +- +- if (NULL == cert->issuer) { +- cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0); +- if (strcmp(cert->subject, cert->issuer) == 0) { +- free(cert->issuer); +- cert->issuer = strdup("self-signed"); +- } +- DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer)); +- } +- +- if (NULL == cert->fingerprint) { +- cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert); +- cert->fingerprint = +- netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type); +- } +- +- if (NULL == cert->common_name) { +- cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL, +- NULL); +- DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name)); +- } ++ netsnmp_ocert_parse(cert, ocert); + + return ocert; + } +@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key) + { + BIO *keybio; + EVP_PKEY *okey; +- char file[SNMP_MAXPATH]; + + if (NULL == key) + return NULL; +@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key) + if (key->okey) + return key->okey; + +- snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename); +- DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename)); +- +- keybio = BIO_new(BIO_s_file()); +- if (NULL == keybio) { +- snmp_log(LOG_ERR, "error creating BIO\n"); +- return NULL; +- } +- +- if (BIO_read_filename(keybio, file) <=0) { +- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", +- key->info.filename); +- BIO_vfree(keybio); ++ keybio = netsnmp_open_bio(key->info.dir, key->info.filename); ++ if (!keybio) { + return NULL; + } + +@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) + cert->issuer_cert = _find_issuer(cert); + if (NULL == cert->issuer_cert) { + DEBUGMSGT(("cert:load:warn", +- "couldn't load CA chain for cert %s\n", ++ "couldn't load full CA chain for cert %s\n", + cert->info.filename)); + rc = CERT_LOAD_PARTIAL; + break; +@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) + /** get issuer ocert */ + if ((NULL == cert->issuer_cert->ocert) && + (netsnmp_ocert_get(cert->issuer_cert) == NULL)) { +- DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n", ++ DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for %s\n", + cert->info.filename)); + rc = CERT_LOAD_PARTIAL; + break; +@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) + return; + } + +- if(key) { ++ if (key) { + if (key->cert) { + DEBUGMSGT(("cert:partner", "key already has partner\n")); + return; +@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) + return; + *pos = 0; + +- matching = _cert_find_subset_fn( filename, key->info.dir ); ++ matching = _cert_reduce_subset_first(_cert_find_subset_fn( filename, ++ key->info.dir )); + if (!matching) + return; + if (1 == matching->size) { +@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) + DEBUGMSGT(("cert:partner", "%s matches multiple certs\n", + key->info.filename)); + } +- else if(cert) { ++ else if (cert) { + if (cert->key) { + DEBUGMSGT(("cert:partner", "cert already has partner\n")); + return; +@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) + } + } + ++static netsnmp_key * ++_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *index) ++{ ++ netsnmp_key *key; ++ ++ key = _new_key(dirname, filename); ++ if (NULL == key) { ++ return NULL; ++ } ++ ++ key->okey = okey; ++ ++ if (-1 == CONTAINER_INSERT(_keys, key)) { ++ DEBUGMSGT(("cert:key:file:add:err", ++ "error inserting key into container\n")); ++ netsnmp_key_free(key); ++ key = NULL; ++ } ++ if (index) { ++ fprintf(index, "k:%s\n", filename); ++ } ++ ++ return key; ++} ++ ++static netsnmp_cert * ++_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, FILE *index) ++{ ++ netsnmp_cert *cert; ++ ++ cert = _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NULL); ++ if (NULL == cert) ++ return NULL; ++ ++ netsnmp_ocert_parse(cert, ocert); ++ ++ if (-1 == CONTAINER_INSERT(_certs, cert)) { ++ DEBUGMSGT(("cert:file:add:err", ++ "error inserting cert into container\n")); ++ netsnmp_cert_free(cert); ++ return NULL; ++ } ++ ++ if (index) { ++ /** filename = NAME_MAX = 255 */ ++ /** fingerprint max = 64*3=192 for sha512 */ ++ /** common name / CN = 64 */ ++ if (cert) ++ fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename, ++ cert->info.type, cert->offset, cert->hash_type, cert->fingerprint, ++ cert->common_name, cert->subject); ++ } ++ ++ return cert; ++} ++ + static int + _add_certfile(const char* dirname, const char* filename, FILE *index) + { +- X509 *ocert; +- EVP_PKEY *okey; ++ BIO *certbio; ++ X509 *ocert = NULL; ++ X509 *ncert; ++ EVP_PKEY *okey = NULL; + netsnmp_cert *cert = NULL; + netsnmp_key *key = NULL; + char certfile[SNMP_MAXPATH]; + int type; ++ int offset = 0; + + if (((const void*)NULL == dirname) || (NULL == filename)) + return -1; + + type = _type_from_filename(filename); +- netsnmp_assert(type != NS_CERT_TYPE_UNKNOWN); ++ if (type == NS_CERT_TYPE_UNKNOWN) { ++ snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignoring\n", filename); ++ return -1; ++ } + +- snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename); ++ certbio = netsnmp_open_bio(dirname, filename); ++ if (!certbio) { ++ return -1; ++ } + +- DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename, +- type)); ++ switch (type) { + +- if (NS_CERT_TYPE_KEY == type) { +- key = _new_key(dirname, filename); +- if (NULL == key) +- return -1; +- okey = netsnmp_okey_get(key); +- if (NULL == okey) { +- netsnmp_key_free(key); +- return -1; +- } +- key->okey = okey; +- if (-1 == CONTAINER_INSERT(_keys, key)) { +- DEBUGMSGT(("cert:key:file:add:err", +- "error inserting key into container\n")); +- netsnmp_key_free(key); +- key = NULL; +- } +- } +- else { +- cert = _new_cert(dirname, filename, type, -1, NULL, NULL, NULL); +- if (NULL == cert) +- return -1; +- ocert = netsnmp_ocert_get(cert); +- if (NULL == ocert) { +- netsnmp_cert_free(cert); +- return -1; +- } +- cert->ocert = ocert; +- if (-1 == CONTAINER_INSERT(_certs, cert)) { +- DEBUGMSGT(("cert:file:add:err", +- "error inserting cert into container\n")); +- netsnmp_cert_free(cert); +- cert = NULL; +- } +- } +- if ((NULL == cert) && (NULL == key)) { +- DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile)); +- return -1; ++ case NS_CERT_TYPE_KEY: ++ ++ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); ++ if (NULL == okey) ++ snmp_log(LOG_ERR, "error parsing key file %s\n", ++ key->info.filename); ++ else { ++ key = _add_key(okey, dirname, filename, index); ++ if (NULL == key) { ++ EVP_PKEY_free(okey); ++ okey = NULL; ++ } ++ } ++ break; ++ ++ case NS_CERT_TYPE_DER: ++ ++ ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */ ++ if (NULL != ocert) { ++ if (!_add_cert(ocert, dirname, filename, type, 0, index)) { ++ X509_free(ocert); ++ ocert = NULL; ++ } ++ break; ++ } ++ (void)BIO_reset(certbio); ++ /* Check for PEM if DER didn't work */ ++ /* FALLTHROUGH */ ++ ++ case NS_CERT_TYPE_PEM: ++ ++ if (NS_CERT_TYPE_DER == type) { ++ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n")); ++ type = NS_CERT_TYPE_PEM; ++ } ++ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); ++ if (NULL != ocert) { ++ cert = _add_cert(ncert, dirname, filename, type, offset, index); ++ if (NULL == cert) { ++ X509_free(ocert); ++ ocert = ncert = NULL; ++ } ++ } ++ while (NULL != ncert) { ++ offset = BIO_tell(certbio); ++ ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); ++ if (ncert) { ++ if (NULL == _add_cert(ncert, dirname, filename, type, offset, index)) { ++ X509_free(ncert); ++ ncert = NULL; ++ } ++ } ++ } ++ ++ BIO_seek(certbio, offset); ++ ++ /** check for private key too */ ++ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); ++ ++ if (NULL != okey) { ++ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n", ++ cert->info.filename)); ++ key = _add_key(okey, dirname, filename, NULL); ++ if (NULL != key) { ++ DEBUGMSGT(("cert:read:partner", "%s match found!\n", ++ cert->info.filename)); ++ key->cert = cert; ++ cert->key = key; ++ cert->info.allowed_uses |= NS_CERT_IDENTITY; ++ } ++ else { ++ EVP_PKEY_free(okey); ++ okey = NULL; ++ } ++ } ++ ++ break; ++ ++#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER ++ case NS_CERT_TYPE_PKCS12: ++#endif ++ ++ default: ++ break; + } + +- if (index) { +- /** filename = NAME_MAX = 255 */ +- /** fingerprint max = 64*3=192 for sha512 */ +- /** common name / CN = 64 */ +- if (cert) +- fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename, +- cert->info.type, cert->hash_type, cert->fingerprint, +- cert->common_name, cert->subject); +- else if (key) +- fprintf(index, "k:%s\n", filename); ++ BIO_vfree(certbio); ++ ++ if ((NULL == ocert) && (NULL == okey)) { ++ snmp_log(LOG_ERR, "certificate file '%s' contained neither certificate nor key, ignoring\n", certfile); ++ return -1; + } + + return 0; +@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) + struct stat idx_stat; + char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX]; + char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15]; +- char subject[SNMP_MAXBUF_SMALL], hash_str[15]; ++ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15]; ++ ssize_t offset; + int count = 0, type, hash, version; + netsnmp_cert *cert; + netsnmp_key *key; +@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) + netsnmp_directory_container_read_some(NULL, dirname, + _time_filter, &idx_stat, + NETSNMP_DIR_NSFILE | +- NETSNMP_DIR_NSFILE_STATS); ++ NETSNMP_DIR_NSFILE_STATS | ++ NETSNMP_DIR_ALLOW_DUPLICATES); + if (newer) { + DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n")); + CONTAINER_FREE_ALL(newer, NULL); +@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat) + pos = &tmpstr[2]; + if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) || + (NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) || ++ (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) || + (NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) || + (NULL == (pos=copy_nword(pos, fingerprint, + sizeof(fingerprint)))) || +@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat) + break; + } + type = atoi(type_str); ++ offset = atoi(offset_str); + hash = atoi(hash_str); +- cert = _new_cert(dirname, filename, type, hash, fingerprint, ++ cert = _new_cert(dirname, filename, type, offset, hash, fingerprint, + common_name, subject); + if (cert && 0 == CONTAINER_INSERT(found, cert)) + ++count; +@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname) + netsnmp_directory_container_read_some(NULL, dirname, + _cert_cert_filter, NULL, + NETSNMP_DIR_RELATIVE_PATH | +- NETSNMP_DIR_EMPTY_OK ); ++ NETSNMP_DIR_EMPTY_OK | ++ NETSNMP_DIR_ALLOW_DUPLICATES); + if (NULL == cert_container) { + DEBUGMSGT(("cert:index:dir", + "error creating container for cert files\n")); +@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context) + if (NULL == c) + return; + +- DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.dir)); ++ DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filename, c->info.dir, c->offset)); + DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n", + c->info.type, c->info.allowed_uses, + _mode_str(c->info.allowed_uses))); +@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint) + netsnmp_void_array *matching; + + DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint)); +- matching = _cert_find_subset_fn( filename, NULL ); ++ matching = _cert_reduce_subset_what(_cert_find_subset_fn( ++ filename, NULL ), what); + if (!matching) + return NULL; + if (1 == matching->size) +@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory) + } + } + ++/* ++ * reduce subset by eliminating any certificates that are not the ++ * first certficate in a file. This allows us to ignore certificate ++ * chains when testing for specific certificates, and to match keys ++ * to the first certificate only. ++ */ ++static netsnmp_void_array * ++_cert_reduce_subset_first(netsnmp_void_array *matching) ++{ ++ netsnmp_cert *cc; ++ int i = 0, j, newsize; ++ ++ if ((NULL == matching)) ++ return matching; ++ ++ newsize = matching->size; ++ ++ for( ; i < matching->size; ) { ++ /* ++ * if we've shifted matches down we'll hit a NULL entry before ++ * we hit the end of the array. ++ */ ++ if (NULL == matching->array[i]) ++ break; ++ /* ++ * skip over valid matches. The first entry has an offset of zero. ++ */ ++ cc = (netsnmp_cert*)matching->array[i]; ++ if (0 == cc->offset) { ++ ++i; ++ continue; ++ } ++ /* ++ * shrink array by shifting everything down a spot. Might not be ++ * the most efficient soloution, but this is just happening at ++ * startup and hopefully most certs won't have common prefixes. ++ */ ++ --newsize; ++ for ( j=i; j < newsize; ++j ) ++ matching->array[j] = matching->array[j+1]; ++ matching->array[j] = NULL; ++ /** no ++i; just shifted down, need to look at same position again */ ++ } ++ /* ++ * if we shifted, set the new size ++ */ ++ if (newsize != matching->size) { ++ DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d to %d\n", ++ matching->size, newsize)); ++ matching->size = newsize; ++ } ++ ++ if (0 == matching->size) { ++ free(matching->array); ++ SNMP_FREE(matching); ++ } ++ ++ return matching; ++} ++ ++/* ++ * reduce subset by eliminating any certificates that do not match ++ * purpose specified. ++ */ ++static netsnmp_void_array * ++_cert_reduce_subset_what(netsnmp_void_array *matching, int what) ++{ ++ netsnmp_cert_common *cc; ++ int i = 0, j, newsize; ++ ++ if ((NULL == matching)) ++ return matching; ++ ++ newsize = matching->size; ++ ++ for( ; i < matching->size; ) { ++ /* ++ * if we've shifted matches down we'll hit a NULL entry before ++ * we hit the end of the array. ++ */ ++ if (NULL == matching->array[i]) ++ break; ++ /* ++ * skip over valid matches. The first entry has an offset of zero. ++ */ ++ cc = (netsnmp_cert_common *)matching->array[i]; ++ if ((cc->allowed_uses & what)) { ++ ++i; ++ continue; ++ } ++ /* ++ * shrink array by shifting everything down a spot. Might not be ++ * the most efficient soloution, but this is just happening at ++ * startup and hopefully most certs won't have common prefixes. ++ */ ++ --newsize; ++ for ( j=i; j < newsize; ++j ) ++ matching->array[j] = matching->array[j+1]; ++ matching->array[j] = NULL; ++ /** no ++i; just shifted down, need to look at same position again */ ++ } ++ /* ++ * if we shifted, set the new size ++ */ ++ if (newsize != matching->size) { ++ DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to %d\n", ++ matching->size, newsize)); ++ matching->size = newsize; ++ } ++ ++ if (0 == matching->size) { ++ free(matching->array); ++ SNMP_FREE(matching); ++ } ++ ++ return matching; ++} ++ + static netsnmp_void_array * + _cert_find_subset_common(const char *filename, netsnmp_container *container) + { +diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c +index c2dd989..e7145e4 100644 +--- a/snmplib/dir_utils.c ++++ b/snmplib/dir_utils.c +@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container, + /** default to unsorted */ + if (! (flags & NETSNMP_DIR_SORTED)) + CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc); ++ /** default to duplicates not allowed */ ++ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES)) ++ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc); + } + + dir = opendir(dirname); diff --git a/net-snmp/patches/net-snmp-5.9-memory-reporting.patch b/net-snmp/patches/net-snmp-5.9-memory-reporting.patch new file mode 100644 index 000000000..3db8d51f6 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9-memory-reporting.patch @@ -0,0 +1,28 @@ +diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c +index 6d5e86c..68b55d2 100644 +--- a/agent/mibgroup/hardware/memory/memory_linux.c ++++ b/agent/mibgroup/hardware/memory/memory_linux.c +@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) { + if (first) + snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n"); + } ++ b = strstr(buff, "SReclaimable: "); ++ if (b) ++ sscanf(b, "SReclaimable: %lu", &sreclaimable); ++ else { ++ if (first) ++ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n"); ++ } + b = strstr(buff, "SwapFree: "); + if (b) + sscanf(b, "SwapFree: %lu", &swapfree); +@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) { + if (first) + snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n"); + } +- b = strstr(buff, "SReclaimable: "); +- if (b) +- sscanf(b, "SReclaimable: %lu", &sreclaimable); + first = 0; + + diff --git a/net-snmp/patches/net-snmp-5.7.2-pie.patch b/net-snmp/patches/net-snmp-5.9-pie.patch similarity index 56% rename from net-snmp/patches/net-snmp-5.7.2-pie.patch rename to net-snmp/patches/net-snmp-5.9-pie.patch index ee02001b3..a79290413 100644 --- a/net-snmp/patches/net-snmp-5.7.2-pie.patch +++ b/net-snmp/patches/net-snmp-5.9-pie.patch @@ -1,7 +1,8 @@ -diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in ---- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200 -+++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200 -@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c +diff --git a/agent/Makefile.in b/agent/Makefile.in +index 047d880..38d40aa 100644 +--- a/agent/Makefile.in ++++ b/agent/Makefile.in +@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) @@ -9,11 +10,12 @@ diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in + $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS) - $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@ -diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in ---- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200 -+++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200 -@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX + $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ +diff --git a/apps/Makefile.in b/apps/Makefile.in +index 3dbb1d1..48ed23a 100644 +--- a/apps/Makefile.in ++++ b/apps/Makefile.in +@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS) $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS} snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS) diff --git a/net-snmp/patches/net-snmp-5.9.1-autoconf.patch b/net-snmp/patches/net-snmp-5.9.1-autoconf.patch new file mode 100644 index 000000000..5c6b2a9de --- /dev/null +++ b/net-snmp/patches/net-snmp-5.9.1-autoconf.patch @@ -0,0 +1,6 @@ +diff -urNp a/dist/autoconf-version b/dist/autoconf-version +--- a/dist/autoconf-version 2021-09-01 11:18:14.582110773 +0200 ++++ b/dist/autoconf-version 2021-09-01 11:20:16.804369533 +0200 +@@ -1 +1 @@ +-2.69 ++2.71