From b5ae068460db8fc118e719dc4833b66a6a90b057 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 02 2019 17:30:48 +0000 Subject: import net-snmp-5.7.2-45.el7 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7349809 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/net-snmp-5.7.2-noapsl.tar.gz diff --git a/.net-snmp.metadata b/.net-snmp.metadata new file mode 100644 index 0000000..572f057 --- /dev/null +++ b/.net-snmp.metadata @@ -0,0 +1 @@ +998980f9e92031e6c78e1b0fed88b440138fdef8 SOURCES/net-snmp-5.7.2-noapsl.tar.gz diff --git a/SOURCES/net-snmp-5.5-SCTP-parser.patch b/SOURCES/net-snmp-5.5-SCTP-parser.patch new file mode 100644 index 0000000..53b8f21 --- /dev/null +++ b/SOURCES/net-snmp-5.5-SCTP-parser.patch @@ -0,0 +1,74 @@ +diff -urNp orig/agent/mibgroup/sctp-mib/sctpScalars_linux.c new/agent/mibgroup/sctp-mib/sctpScalars_linux.c +--- orig/agent/mibgroup/sctp-mib/sctpScalars_linux.c 2016-08-25 09:18:55.239801239 +0200 ++++ new/agent/mibgroup/sctp-mib/sctpScalars_linux.c 2016-08-25 10:37:02.416999975 +0200 +@@ -84,17 +84,17 @@ netsnmp_access_sctp_stats_arch_load(nets + return -1; + } + +- if (line[6] == 'r') ++ if (line[4] == 'C' && line[8] == 'E') + sctp_stats->curr_estab = value; +- else if (line[5] == 'c') ++ else if (line[4] == 'A' && line[10] == 'E') + sctp_stats->active_estabs = value; +- else if (line[4] == 'P') ++ else if (line[4] == 'P' && line[11] == 'E') + sctp_stats->passive_estabs = value; +- else if (line[5] == 'b') ++ else if (line[4] == 'a' && line[5] == 'b') + sctp_stats->aborteds = value; +- else if (line[4] == 'S') ++ else if (line[4] == 'S' && line[5] == 'h') + sctp_stats->shutdowns = value; +- else if (line[8] == 'f') ++ else if (line[4] == 'O' && line[9] == 'B') + sctp_stats->out_of_blues = value; + else if (line[6] == 'e') + sctp_stats->checksum_errors = value; +@@ -113,7 +113,7 @@ netsnmp_access_sctp_stats_arch_load(nets + sctp_stats->out_sctp_packs.high = value >> 32; + } else + ret = -1; +- } else { ++ } else if (line[4] == 'I'){ + if (line[6] == 'C') { + sctp_stats->in_ctrl_chunks.low = value & 0xffffffff; + sctp_stats->in_ctrl_chunks.high = value >> 32; +@@ -123,24 +123,27 @@ netsnmp_access_sctp_stats_arch_load(nets + } else if (line[6] == 'U') { + sctp_stats->in_unorder_chunks.low = value & 0xffffffff; + sctp_stats->in_unorder_chunks.high = value >> 32; +- } else if (line[4] == 'F') { +- sctp_stats->frag_usr_msgs.low = value & 0xffffffff; +- sctp_stats->frag_usr_msgs.high = value >> 32; +- } else if (line[4] == 'R') { +- sctp_stats->reasm_usr_msgs.low = value & 0xffffffff; +- sctp_stats->reasm_usr_msgs.high = value >> 32; + } else if (line[6] == 'S') { + sctp_stats->in_sctp_packs.low = value & 0xffffffff; + sctp_stats->in_sctp_packs.high = value >> 32; +- } else ++ } else { + ret = -1; ++ } ++ } else if (line[4] == 'F' && line[8] == 'U') { ++ sctp_stats->frag_usr_msgs.low = value & 0xffffffff; ++ sctp_stats->frag_usr_msgs.high = value >> 32; ++ } else if (line[4] == 'R') { ++ sctp_stats->reasm_usr_msgs.low = value & 0xffffffff; ++ sctp_stats->reasm_usr_msgs.high = value >> 32; ++ } else if (line[4] == 'T') { ++ } else { ++ ret = -1; + } + + if (ret < 0) { + DEBUGMSGTL(("sctp:scalars:stats:arch_load", +- "Unknown entry!'\n")); +- fclose(f); +- return ret; ++ "Unknown entry: %s\n", line)); ++ ret = 0; + } + } + diff --git a/SOURCES/net-snmp-5.5-ber-int-size.patch b/SOURCES/net-snmp-5.5-ber-int-size.patch new file mode 100644 index 0000000..5adac1c --- /dev/null +++ b/SOURCES/net-snmp-5.5-ber-int-size.patch @@ -0,0 +1,155 @@ +953926 - snmptrapd crash "buffer overflow detected" at fortify_fail.c + +commit 40938a62619590b4ea071ae85baa2f42a0b7fcb2 +Author: Jan Safranek +Date: Mon Apr 22 15:00:00 2013 +0200 + + Check if 'asn_parse_* ' actually succeeded. + + If not, discard the packet instead of using wrong data. + +diff --git a/snmplib/snmp_api.c b/snmplib/snmp_api.c +index e5c45d9..0842842 100644 +--- a/snmplib/snmp_api.c ++++ b/snmplib/snmp_api.c +@@ -4709,9 +4709,11 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + case ASN_INTEGER: + vp->val.integer = (long *) vp->buf; + vp->val_len = sizeof(long); +- asn_parse_int(var_val, &len, &vp->type, ++ data = asn_parse_int(var_val, &len, &vp->type, + (long *) vp->val.integer, + sizeof(*vp->val.integer)); ++ if (!data) ++ return -1; + break; + case ASN_COUNTER: + case ASN_GAUGE: +@@ -4719,9 +4721,11 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + case ASN_UINTEGER: + vp->val.integer = (long *) vp->buf; + vp->val_len = sizeof(u_long); +- asn_parse_unsigned_int(var_val, &len, &vp->type, ++ data = asn_parse_unsigned_int(var_val, &len, &vp->type, + (u_long *) vp->val.integer, + vp->val_len); ++ if (!data) ++ return -1; + break; + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case ASN_OPAQUE_COUNTER64: +@@ -4730,34 +4734,45 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + case ASN_COUNTER64: + vp->val.counter64 = (struct counter64 *) vp->buf; + vp->val_len = sizeof(struct counter64); +- asn_parse_unsigned_int64(var_val, &len, &vp->type, ++ data = asn_parse_unsigned_int64(var_val, &len, &vp->type, + (struct counter64 *) vp->val. + counter64, vp->val_len); ++ if (!data) ++ return -1; + break; + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case ASN_OPAQUE_FLOAT: + vp->val.floatVal = (float *) vp->buf; + vp->val_len = sizeof(float); +- asn_parse_float(var_val, &len, &vp->type, ++ data = asn_parse_float(var_val, &len, &vp->type, + vp->val.floatVal, vp->val_len); ++ if (!data) ++ return -1; + break; + case ASN_OPAQUE_DOUBLE: + vp->val.doubleVal = (double *) vp->buf; + vp->val_len = sizeof(double); +- asn_parse_double(var_val, &len, &vp->type, ++ data = asn_parse_double(var_val, &len, &vp->type, + vp->val.doubleVal, vp->val_len); ++ if (!data) ++ return -1; + break; + case ASN_OPAQUE_I64: + vp->val.counter64 = (struct counter64 *) vp->buf; + vp->val_len = sizeof(struct counter64); +- asn_parse_signed_int64(var_val, &len, &vp->type, ++ data = asn_parse_signed_int64(var_val, &len, &vp->type, + (struct counter64 *) vp->val.counter64, + sizeof(*vp->val.counter64)); + ++ if (!data) ++ return -1; + break; + #endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */ +- case ASN_OCTET_STR: + case ASN_IPADDRESS: ++ if (vp->val_len != 4) ++ return -1; ++ /* fallthrough */ ++ case ASN_OCTET_STR: + case ASN_OPAQUE: + case ASN_NSAP: + if (vp->val_len < sizeof(vp->buf)) { +@@ -4768,12 +4783,16 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + if (vp->val.string == NULL) { + return -1; + } +- asn_parse_string(var_val, &len, &vp->type, vp->val.string, ++ data = asn_parse_string(var_val, &len, &vp->type, vp->val.string, + &vp->val_len); ++ if (!data) ++ return -1; + break; + case ASN_OBJECT_ID: + vp->val_len = MAX_OID_LEN; +- asn_parse_objid(var_val, &len, &vp->type, objid, &vp->val_len); ++ data = asn_parse_objid(var_val, &len, &vp->type, objid, &vp->val_len); ++ if (!data) ++ return -1; + vp->val_len *= sizeof(oid); + vp->val.objid = (oid *) malloc(vp->val_len); + if (vp->val.objid == NULL) { +@@ -4791,8 +4810,10 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + if (vp->val.bitstring == NULL) { + return -1; + } +- asn_parse_bitstring(var_val, &len, &vp->type, ++ data = asn_parse_bitstring(var_val, &len, &vp->type, + vp->val.bitstring, &vp->val_len); ++ if (!data) ++ return -1; + break; + default: + snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type); + +commit aa4fb949012d7c022a436992ac203c065fd7420a +Author: Jan Safranek +Date: Mon Apr 22 14:58:41 2013 +0200 + + Integer values encoded in BER must have at least one character. + + If asn_length == 0, we would read the first byte of the next varbind on next line: + if (*bufp & 0x80) + -> reading past the buffer if there is no such variable -> sigsegv. + +diff --git a/snmplib/asn1.c b/snmplib/asn1.c +index 1af7787..5de6b75 100644 +--- a/snmplib/asn1.c ++++ b/snmplib/asn1.c +@@ -510,7 +510,7 @@ asn_parse_int(u_char * data, + (errpre, bufp, data, asn_length, *datalength)) + return NULL; + +- if ((size_t) asn_length > intsize) { ++ if ((size_t) asn_length > intsize || (int) asn_length == 0) { + _asn_length_err(errpre, (size_t) asn_length, intsize); + return NULL; + } +@@ -582,7 +582,7 @@ asn_parse_unsigned_int(u_char * data, + (errpre, bufp, data, asn_length, *datalength)) + return NULL; + +- if ((asn_length > (intsize + 1)) || ++ if (((int) asn_length > (intsize + 1)) || ((int) asn_length == 0) || + ((asn_length == intsize + 1) && *bufp != 0x00)) { + _asn_length_err(errpre, (size_t) asn_length, intsize); + return NULL; diff --git a/SOURCES/net-snmp-5.5-ber-int-size2.patch b/SOURCES/net-snmp-5.5-ber-int-size2.patch new file mode 100644 index 0000000..c50330b --- /dev/null +++ b/SOURCES/net-snmp-5.5-ber-int-size2.patch @@ -0,0 +1,127 @@ +983116: net-snmp query fails after update to 1:5.5-44.el6_4.2 + + +commit e41c2f574c25d8dd273f2406eeeac19bc2ae16db +Author: Jan Safranek +Date: Mon Aug 12 14:30:51 2013 +0200 + + CHANGES: snmplib: Fixed parsing of sequences. + + Don't overwrite 'data' variable, it's used when parsing bulk responses. + +diff --git a/snmplib/snmp_api.c b/snmplib/snmp_api.c +index 403ea2b..e67945f 100644 +--- a/snmplib/snmp_api.c ++++ b/snmplib/snmp_api.c +@@ -4537,6 +4537,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + size_t four; + netsnmp_variable_list *vp = NULL; + oid objid[MAX_OID_LEN]; ++ u_char *p; + + /* + * Get the PDU type +@@ -4709,10 +4710,10 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + case ASN_INTEGER: + vp->val.integer = (long *) vp->buf; + vp->val_len = sizeof(long); +- data = asn_parse_int(var_val, &len, &vp->type, ++ p = asn_parse_int(var_val, &len, &vp->type, + (long *) vp->val.integer, + sizeof(*vp->val.integer)); +- if (!data) ++ if (!p) + return -1; + break; + case ASN_COUNTER: +@@ -4721,10 +4722,10 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + case ASN_UINTEGER: + vp->val.integer = (long *) vp->buf; + vp->val_len = sizeof(u_long); +- data = asn_parse_unsigned_int(var_val, &len, &vp->type, ++ p = asn_parse_unsigned_int(var_val, &len, &vp->type, + (u_long *) vp->val.integer, + vp->val_len); +- if (!data) ++ if (!p) + return -1; + break; + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES +@@ -4734,37 +4735,37 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + case ASN_COUNTER64: + vp->val.counter64 = (struct counter64 *) vp->buf; + vp->val_len = sizeof(struct counter64); +- data = asn_parse_unsigned_int64(var_val, &len, &vp->type, ++ p = asn_parse_unsigned_int64(var_val, &len, &vp->type, + (struct counter64 *) vp->val. + counter64, vp->val_len); +- if (!data) ++ if (!p) + return -1; + break; + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case ASN_OPAQUE_FLOAT: + vp->val.floatVal = (float *) vp->buf; + vp->val_len = sizeof(float); +- data = asn_parse_float(var_val, &len, &vp->type, ++ p = asn_parse_float(var_val, &len, &vp->type, + vp->val.floatVal, vp->val_len); +- if (!data) ++ if (!p) + return -1; + break; + case ASN_OPAQUE_DOUBLE: + vp->val.doubleVal = (double *) vp->buf; + vp->val_len = sizeof(double); +- data = asn_parse_double(var_val, &len, &vp->type, ++ p = asn_parse_double(var_val, &len, &vp->type, + vp->val.doubleVal, vp->val_len); +- if (!data) ++ if (!p) + return -1; + break; + case ASN_OPAQUE_I64: + vp->val.counter64 = (struct counter64 *) vp->buf; + vp->val_len = sizeof(struct counter64); +- data = asn_parse_signed_int64(var_val, &len, &vp->type, ++ p = asn_parse_signed_int64(var_val, &len, &vp->type, + (struct counter64 *) vp->val.counter64, + sizeof(*vp->val.counter64)); + +- if (!data) ++ if (!p) + return -1; + break; + #endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */ +@@ -4783,15 +4784,15 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + if (vp->val.string == NULL) { + return -1; + } +- data = asn_parse_string(var_val, &len, &vp->type, vp->val.string, ++ p = asn_parse_string(var_val, &len, &vp->type, vp->val.string, + &vp->val_len); +- if (!data) ++ if (!p) + return -1; + break; + case ASN_OBJECT_ID: + vp->val_len = MAX_OID_LEN; +- data = asn_parse_objid(var_val, &len, &vp->type, objid, &vp->val_len); +- if (!data) ++ p = asn_parse_objid(var_val, &len, &vp->type, objid, &vp->val_len); ++ if (!p) + return -1; + vp->val_len *= sizeof(oid); + vp->val.objid = (oid *) malloc(vp->val_len); +@@ -4810,9 +4811,9 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + if (vp->val.bitstring == NULL) { + return -1; + } +- data = asn_parse_bitstring(var_val, &len, &vp->type, ++ p = asn_parse_bitstring(var_val, &len, &vp->type, + vp->val.bitstring, &vp->val_len); +- if (!data) ++ if (!p) + return -1; + break; + default: diff --git a/SOURCES/net-snmp-5.5-dir-fix.patch b/SOURCES/net-snmp-5.5-dir-fix.patch new file mode 100644 index 0000000..b726c47 --- /dev/null +++ b/SOURCES/net-snmp-5.5-dir-fix.patch @@ -0,0 +1,14 @@ +Let net-snmp-create-v3-user save settings into /etc/ instead of /usr/ + +diff -up net-snmp-5.5/net-snmp-create-v3-user.in.orig net-snmp-5.5/net-snmp-create-v3-user.in +--- net-snmp-5.5/net-snmp-create-v3-user.in.orig 2008-07-22 16:33:25.000000000 +0200 ++++ net-snmp-5.5/net-snmp-create-v3-user.in 2009-09-29 16:30:36.000000000 +0200 +@@ -158,7 +158,7 @@ if test ! -d $outfile ; then + touch $outfile + fi + echo $line >> $outfile +-outfile="@datadir@/snmp/snmpd.conf" ++outfile="/etc/snmp/snmpd.conf" + line="$token $user" + echo "adding the following line to $outfile:" + echo " " $line diff --git a/SOURCES/net-snmp-5.5-extTable-crash.patch b/SOURCES/net-snmp-5.5-extTable-crash.patch new file mode 100644 index 0000000..5b7ae65 --- /dev/null +++ b/SOURCES/net-snmp-5.5-extTable-crash.patch @@ -0,0 +1,14 @@ +diff -up net-snmp-5.7.2/agent/mibgroup/agent/extend.c.orig net-snmp-5.7.2/agent/mibgroup/agent/extend.c +--- net-snmp-5.7.2/agent/mibgroup/agent/extend.c.orig 2013-07-09 17:12:14.169821974 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/agent/extend.c 2013-07-09 17:12:39.885729685 +0200 +@@ -1463,8 +1463,8 @@ char * _get_cmdline(netsnmp_extend *exte + if (args == NULL) + /* Use empty string for processes without arguments. */ + args = ""; +- +- size = strlen(extend->command) + strlen(extend->args) + 2; ++ ++ size = strlen(extend->command) + strlen(args) + 2; + if (size > cmdlinesize) { + newbuf = realloc(cmdlinebuf, size); + if (!newbuf) { diff --git a/SOURCES/net-snmp-5.5-extend-realloc-leak.patch b/SOURCES/net-snmp-5.5-extend-realloc-leak.patch new file mode 100644 index 0000000..3dd006c --- /dev/null +++ b/SOURCES/net-snmp-5.5-extend-realloc-leak.patch @@ -0,0 +1,43 @@ +978384 - possible memory leak while realocking extend.c:1364 + +commit 55605ee3452aef5aabe4ed15a83374a97728e64a +Author: Jan Safranek +Date: Wed Jan 9 09:26:56 2013 +0100 + + Fixed memory leak on failed realloc. + +diff -up net-snmp-5.7.2/agent/mibgroup/agent/extend.c.orig net-snmp-5.7.2/agent/mibgroup/agent/extend.c +--- net-snmp-5.7.2/agent/mibgroup/agent/extend.c.orig 2013-06-26 15:50:15.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/agent/extend.c 2013-06-26 15:55:09.839899740 +0200 +@@ -1457,17 +1457,26 @@ handle_nsExtendOutput2Table(netsnmp_mib_ + char * _get_cmdline(netsnmp_extend *extend) + { + size_t size; ++ char *args = extend->args; ++ char *newbuf; ++ ++ if (args == NULL) ++ /* Use empty string for processes without arguments. */ ++ args = ""; + + size = strlen(extend->command) + strlen(extend->args) + 2; + if (size > cmdlinesize) { +- cmdlinebuf = realloc(cmdlinebuf, size); +- if (!cmdlinebuf) { ++ newbuf = realloc(cmdlinebuf, size); ++ if (!newbuf) { ++ free(cmdlinebuf); ++ cmdlinebuf = NULL; + cmdlinesize = 0; + return NULL; +- } +- cmdlinesize = size; ++ } ++ cmdlinesize = size; ++ cmdlinebuf = newbuf; + } +- sprintf(cmdlinebuf, "%s %s", extend->command, extend->args); ++ sprintf(cmdlinebuf, "%s %s", extend->command, args); + return cmdlinebuf; + } + diff --git a/SOURCES/net-snmp-5.5-getnext-loop.patch b/SOURCES/net-snmp-5.5-getnext-loop.patch new file mode 100644 index 0000000..82fb4fe --- /dev/null +++ b/SOURCES/net-snmp-5.5-getnext-loop.patch @@ -0,0 +1,29 @@ +851637 - snmpd loops inifinitely after receiving SIGTERM + +commit 9b15aa36d0fc40b46fe9461d56cf584bbf040691 +Author: Jan Safranek +Date: Thu Sep 13 15:25:52 2012 +0200 + + CHANGES: snmpd: fixed infinite loop when SIGTEM arrives in middle of internal query processing. + + When snmpd starts internal query, e.g. for 'monitor' config options, it calls + netsnmp_query_walk(). This function loops until either error occurs or the + internal request is processed. And if SIGTERM comes to this loop, the request + is not marked as failed. + + Patch originally from Masahiro Matsuya, mmatsuya [at] redhat.com + +diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c +index 1c00a4c..b7761b0 100644 +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -3057,6 +3057,9 @@ handle_getnext_loop(netsnmp_agent_session *asp) + return status; /* should never really happen */ + } + } ++ if (!netsnmp_running) { ++ return SNMP_ERR_GENERR; ++ } + return SNMP_ERR_NOERROR; + } + diff --git a/SOURCES/net-snmp-5.5-hrStorage-31bits.patch b/SOURCES/net-snmp-5.5-hrStorage-31bits.patch new file mode 100644 index 0000000..e0cc436 --- /dev/null +++ b/SOURCES/net-snmp-5.5-hrStorage-31bits.patch @@ -0,0 +1,42 @@ +1104293 - net-snmp OID 32 bit integer returning number larger than 32 bit signed value +1192221 - net-snmp OID 32 bit integer returning number larger than 32 bit signed value + +commit 6a421248afab56035066355727380781d515c545 +Author: Jan Safranek +Date: Mon Jan 26 10:40:10 2015 +0100 + + Fix 32 bit integeres in hrStorageTable. + + RFC says the integers are de-facto 31 bits: 1..2147483647. + +diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c +index ca2f854..96b7198 100644 +--- a/agent/mibgroup/host/hrh_storage.c ++++ b/agent/mibgroup/host/hrh_storage.c +@@ -421,7 +421,7 @@ really_try_next: + if (store_idx > NETSNMP_MEM_TYPE_MAX) { + if (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_REALSTORAGEUNITS)) +- long_return = HRFS_entry->units & 0xffffffff; ++ long_return = HRFS_entry->units & 0x7fffffff; + else + long_return = HRFS_entry->units_32; + } else { +@@ -434,7 +434,7 @@ really_try_next: + if (store_idx > NETSNMP_MEM_TYPE_MAX) { + if (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_REALSTORAGEUNITS)) +- long_return = HRFS_entry->size & 0xffffffff; ++ long_return = HRFS_entry->size & 0x7fffffff; + else + long_return = HRFS_entry->size_32; + } else { +@@ -447,7 +447,7 @@ really_try_next: + if (store_idx > NETSNMP_MEM_TYPE_MAX) { + if (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_REALSTORAGEUNITS)) +- long_return = HRFS_entry->used & 0xffffffff; ++ long_return = HRFS_entry->used & 0x7fffffff; + else + long_return = HRFS_entry->used_32; + } else { diff --git a/SOURCES/net-snmp-5.5-man-config-path.patch b/SOURCES/net-snmp-5.5-man-config-path.patch new file mode 100644 index 0000000..f0a1afd --- /dev/null +++ b/SOURCES/net-snmp-5.5-man-config-path.patch @@ -0,0 +1,27 @@ +978398 - net-snmp does not honor configuration file look-ups as specified in man + +commit 9bd0413bfbdcd845413c135bbff8771fa7130809 +Author: Jan Safranek +Date: Mon Feb 11 11:57:01 2013 +0100 + + Explicitly enumerate configuration files. + + The generic conf and local.conf extensions were interpreted as my.snmp.conf and my.other.snmp.local.conf by some customers. + +diff -up net-snmp-5.7.2/man/snmp_config.5.defptch net-snmp-5.7.2/man/snmp_config.5.def +--- net-snmp-5.7.2/man/snmp_config.5.defptch 2013-06-26 16:14:33.039284390 +0200 ++++ net-snmp-5.7.2/man/snmp_config.5.def 2013-06-26 16:14:49.616233272 +0200 +@@ -11,9 +11,10 @@ found and read from. By default, the ap + configuration files in the following 4 directories, in order: + SYSCONFDIR/snmp, + DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these +-directories, it looks for files with the extension of both +-.IR conf " and " local.conf +-(reading the second ones last). In this manner, there are ++directories, it looks for files snmp.conf, snmpd.conf and/or ++snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf ++and/or snmptrapd.local.conf. *.local.conf are always ++read last. In this manner, there are + 8 default places a configuration file can exist for any given + configuration file type. + .PP diff --git a/SOURCES/net-snmp-5.5-mvfs.patch b/SOURCES/net-snmp-5.5-mvfs.patch new file mode 100644 index 0000000..d629a09 --- /dev/null +++ b/SOURCES/net-snmp-5.5-mvfs.patch @@ -0,0 +1,25 @@ +Bug 1073237 - "skipNFSInHostResources" option in net-snmp does not skip mvfs type filesystem (IBM clearcase) +Bug 1086606 + +Non-ABI and non-behavior breaking patch. + +Upstream (upcoming 5.8.0 release) will report mvfs as 'NFS' filesystem, which +is then skipped when skipNFSInHostResources is set. We can't do so in RHEL +minor updates -> this patch. + +diff -up net-snmp-5.5/agent/mibgroup/hardware/fsys/fsys_mntent.c.mvfs net-snmp-5.5/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- net-snmp-5.5/agent/mibgroup/hardware/fsys/fsys_mntent.c.mvfs 2014-04-08 12:56:42.419201488 +0200 ++++ net-snmp-5.5/agent/mibgroup/hardware/fsys/fsys_mntent.c 2014-04-11 09:41:13.374316570 +0200 +@@ -208,6 +208,12 @@ netsnmp_fsys_arch_load( void ) + + if ( _fsys_remote( entry->device, entry->type )) + entry->flags |= NETSNMP_FS_FLAG_REMOTE; ++ /* Mark also mvfs (reported as NETSNMP_FS_TYPE_OTHER) as remote. ++ * In upstream, it's solved as reporting mvfs as NFS ++ * (-> behavior change, forbidden in RHEL minor updates). ++ */ ++ if (!strcmp(m->NSFS_TYPE, MNTTYPE_MVFS)) ++ entry->flags |= NETSNMP_FS_FLAG_REMOTE; + #if HAVE_HASMNTOPT + if (hasmntopt( m, "ro" )) + entry->flags |= NETSNMP_FS_FLAG_RONLY; diff --git a/SOURCES/net-snmp-5.5-python-retcodes.patch b/SOURCES/net-snmp-5.5-python-retcodes.patch new file mode 100644 index 0000000..d542008 --- /dev/null +++ b/SOURCES/net-snmp-5.5-python-retcodes.patch @@ -0,0 +1,104 @@ +1064338 - various net-snmp-python return code errors + +commit 71a31dabc05e4e86ba14deff427a6911c167e713 +Author: Wes Hardaker +Date: Fri Jul 30 13:00:49 2010 +0000 + + CHANGES: python: patch 3035578: from sws: keep error codes up to date + + git-svn-id: file:///home/hardaker/lib/sf-bkups/net-snmp-convert-svnrepo/trunk@19268 06827809-a52a-0410-b366-d66718629ded + + +commit 7e1cae42bd79a0cdfb70521558a0dedc5aa0c42d +Author: Dave Shield +Date: Thu Apr 14 21:31:09 2011 +0000 + + CHANGES: python: PATCHES: 3185085: Fix segfault on 64-bit systems + git-svn-id: file:///home/hardaker/lib/sf-bkups/net-snmp-convert-svnrepo/trunk@20180 06827809-a52a-0410-b366-d66718629ded + +commit 9a2bfc8f95d6e926dcbf16ff44b53b27e38c8437 +Author: Jan Safranek +Date: Mon Jul 1 13:54:38 2013 +0200 + + CHANGES: python: Fixed returning of empty strings. + Varbind type (SNMP_NOSUCHOBJECT etc.) should be used to detect errors instead of length of the variable - it can be empty string. + +commit 408cc9732c346111fc1fda23e136d60883cdb7e4 +Author: Jan Safranek +Date: Mon Jul 1 14:25:41 2013 +0200 + + CHANGES: python: correctly report error when parsing malformed OID. + +diff -up net-snmp-5.7.2/python/netsnmp/client_intf.c.test net-snmp-5.7.2/python/netsnmp/client_intf.c +--- net-snmp-5.7.2/python/netsnmp/client_intf.c.test 2014-02-13 09:34:37.456480927 +0100 ++++ net-snmp-5.7.2/python/netsnmp/client_intf.c 2014-02-13 09:51:22.475642391 +0100 +@@ -658,7 +658,10 @@ int best_guess; + newname_len = MAX_OID_LEN; + if (read_objid(tag, newname, &newname_len)) { /* long name */ + rtp = tp = get_tree(newname, newname_len, get_tree_head()); +- } ++ } else { ++ /* failed to parse the OID */ ++ newname_len = 0; ++ } + } + else { + rtp = tp = get_tree(newname, newname_len, get_tree_head()); +@@ -885,6 +887,15 @@ int *err_ind; + goto done; + } + ++ tmp_err_str = calloc(1, STR_BUF_SIZE); ++ if (tmp_err_str == NULL) { ++ *err_num = errno; ++ *err_ind = SNMPERR_MALLOC; ++ status = SNMPERR_MALLOC; ++ strncpy(err_str, snmp_api_errstring(*err_ind), STR_BUF_SIZE - 1); ++ goto done; ++ } ++ + retry: + + Py_BEGIN_ALLOW_THREADS +@@ -1589,10 +1600,16 @@ netsnmp_get(PyObject *self, PyObject *ar + py_netsnmp_attr_set_string(varbind, "val", (char *) str_buf, len); + + /* save in return tuple as well */ +- PyTuple_SetItem(val_tuple, varlist_ind, +- (len ? Py_BuildValue("s#", str_buf, len) : +- Py_BuildValue(""))); +- ++ if ((type == SNMP_ENDOFMIBVIEW) || ++ (type == SNMP_NOSUCHOBJECT) || ++ (type == SNMP_NOSUCHINSTANCE)) { ++ /* Translate error to None */ ++ PyTuple_SetItem(val_tuple, varlist_ind, ++ Py_BuildValue("")); ++ } else { ++ PyTuple_SetItem(val_tuple, varlist_ind, ++ Py_BuildValue("s#", str_buf, len)); ++ } + Py_DECREF(varbind); + } else { + printf("netsnmp_get: bad varbind (%d)\n", varlist_ind); +@@ -1801,10 +1818,16 @@ netsnmp_getnext(PyObject *self, PyObject + py_netsnmp_attr_set_string(varbind, "val", (char *) str_buf, len); + + /* save in return tuple as well */ +- PyTuple_SetItem(val_tuple, varlist_ind, +- (len ? Py_BuildValue("s#", str_buf, len) : +- Py_BuildValue(""))); +- ++ if ((type == SNMP_ENDOFMIBVIEW) || ++ (type == SNMP_NOSUCHOBJECT) || ++ (type == SNMP_NOSUCHINSTANCE)) { ++ /* Translate error to None */ ++ PyTuple_SetItem(val_tuple, varlist_ind, ++ Py_BuildValue("")); ++ } else { ++ PyTuple_SetItem(val_tuple, varlist_ind, ++ Py_BuildValue("s#", str_buf, len)); ++ } + Py_DECREF(varbind); + } else { + printf("netsnmp_getnext: bad varbind (%d)\n", varlist_ind); diff --git a/SOURCES/net-snmp-5.5-sensors-duplicate.patch b/SOURCES/net-snmp-5.5-sensors-duplicate.patch new file mode 100644 index 0000000..6c9484a --- /dev/null +++ b/SOURCES/net-snmp-5.5-sensors-duplicate.patch @@ -0,0 +1,56 @@ +Bug 967871 - net-snmp does not display correct lm_sensors sensor data / missing CPU cores + +commit e886f5eb9701851ad6948583156bfd59fcb6110f +Author: Jan Safranek +Date: Wed Feb 25 09:30:24 2015 +0100 + + CHANGES: snmpd: fixed lm_sensors not reporting sensors with duplicate names. + + Some systems report two or more sensors with the same name. + This patch adds support for reporting of all these duplicate + sensor names. + + Before the patch, these sensors were reported: + > lmTempSensorsDevice.2 = STRING: Core 0 + + After the patch, new sensors appear with a prefix: + > lmTempSensorsDevice.2 = STRING: Core 0 + > lmTempSensorsDevice.6 = STRING: coretemp-isa-0004:Core 0 + + This approach keeps backward compatibility (applications used to 'Core 0' + will keep workig, while it adds new sensorscto the table (with a prefix). + +diff --git a/agent/mibgroup/hardware/sensors/lmsensors_v3.c b/agent/mibgroup/hardware/sensors/lmsensors_v3.c +index 60af9e6..1de7c68 100644 +--- a/agent/mibgroup/hardware/sensors/lmsensors_v3.c ++++ b/agent/mibgroup/hardware/sensors/lmsensors_v3.c +@@ -86,7 +86,28 @@ netsnmp_sensor_arch_load(netsnmp_cache *cache, void *vp) { + * (inserting it in the appropriate sub-containers) + */ + sp = sensor_by_name( label, type ); +- if ( sp ) { ++ if ( sp && sp->flags & NETSNMP_SENSOR_FLAG_ACTIVE) { ++ /* ++ * Some HW does not have unique sensors labels. ++ * We already have a sensor with this label, thus ++ * try to create unique label by adding chip-name prefix ++ * and try again. ++ */ ++ char chip_name[64]; ++ char new_label[128]; ++ int ret; ++ DEBUGMSGTL(("sensors:arch:detail", "Already know label %s, adding prefix\n", label)); ++ ret = sensors_snprintf_chip_name(chip_name, sizeof(chip_name), chip); ++ if (ret < 0) { ++ DEBUGMSGTL(("sensors:arch:detail", "Can't get chip name for label %s\n", label)); ++ free(label); ++ continue; ++ } ++ snprintf(new_label, sizeof(new_label), "%s:%s", chip_name, label); ++ DEBUGMSGTL(("sensors:arch:detail", "New label: %s\n", new_label)); ++ sp = sensor_by_name( new_label, type ); ++ } ++ if (sp) { + sp->value = val; + sp->flags|= NETSNMP_SENSOR_FLAG_ACTIVE; + } diff --git a/SOURCES/net-snmp-5.5-storageUseNFS.patch b/SOURCES/net-snmp-5.5-storageUseNFS.patch new file mode 100644 index 0000000..b620121 --- /dev/null +++ b/SOURCES/net-snmp-5.5-storageUseNFS.patch @@ -0,0 +1,22 @@ +1125793 - [RHEL6] net-snmp "storageUseNFS 2" option does not report NFS mount as "Fixed Disks" +1193006 - net-snmp "storageUseNFS 2" option does not report NFS mount as "Fixed Disks" + +commit e69e09f8c316cc1bf2456cdc837c487ba3b03837 +Author: Jan Safranek +Date: Mon Jan 26 13:29:49 2015 +0100 + + Fixed storageUseNFS functionality in hrStorageTable. + +diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c +index 96b7198..61ead75 100644 +--- a/agent/mibgroup/host/hrh_storage.c ++++ b/agent/mibgroup/host/hrh_storage.c +@@ -384,7 +384,7 @@ really_try_next: + return (u_char *) & long_return; + case HRSTORE_TYPE: + if (store_idx > NETSNMP_MEM_TYPE_MAX) +- if (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE ) ++ if (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE && storageUseNFS == 1) + storage_type_id[storage_type_len - 1] = 10; /* Network Disk */ + else if (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOVE ) + storage_type_id[storage_type_len - 1] = 5; /* Removable Disk */ diff --git a/SOURCES/net-snmp-5.5-trap-forward-reqid.patch b/SOURCES/net-snmp-5.5-trap-forward-reqid.patch new file mode 100644 index 0000000..1e0a42a --- /dev/null +++ b/SOURCES/net-snmp-5.5-trap-forward-reqid.patch @@ -0,0 +1,32 @@ +Bug 1146948 - snmptrapd "Forward failed" when SNMPv3 requestid=0 +Bug 1192511 - snmptrapd "Forward failed" when SNMPv3 requestid=0 + +commit 148f2de48e1cd6ba8ebdab8591424df64ab967a3 +Author: Jan Safranek +Date: Thu Feb 5 14:01:44 2015 +0100 + + CHANGES: snmptrapd: Correctly forward traps with Request-ID '0'. + + Request-ID of forwarded traps is taken from the incoming trap and it can be zero. + We should not report error in this case. + +diff --git a/apps/snmptrapd_handlers.c b/apps/snmptrapd_handlers.c +index 37ca5ab..74cc62e 100644 +--- a/apps/snmptrapd_handlers.c ++++ b/apps/snmptrapd_handlers.c +@@ -1013,9 +1013,12 @@ int forward_handler( netsnmp_pdu *pdu, + pdu2->transport_data = NULL; + pdu2->transport_data_length = 0; + } +- if (!snmp_send( ss, pdu2 )) { +- snmp_sess_perror("Forward failed", ss); +- snmp_free_pdu(pdu2); ++ ++ ss->s_snmp_errno = SNMPERR_SUCCESS; ++ if (!snmp_send( ss, pdu2 ) && ++ ss->s_snmp_errno != SNMPERR_SUCCESS) { ++ snmp_sess_perror("Forward failed", ss); ++ snmp_free_pdu(pdu2); + } + snmp_close( ss ); + return NETSNMPTRAPD_HANDLER_OK; diff --git a/SOURCES/net-snmp-5.6-multilib.patch b/SOURCES/net-snmp-5.6-multilib.patch new file mode 100644 index 0000000..a50f5a8 --- /dev/null +++ b/SOURCES/net-snmp-5.6-multilib.patch @@ -0,0 +1,47 @@ +Make the man pages multilib safe. + +diff -up net-snmp-5.6/man/netsnmp_config_api.3.def.multilib net-snmp-5.6/man/netsnmp_config_api.3.def +--- net-snmp-5.6/man/netsnmp_config_api.3.def.multilib 2010-09-08 17:41:37.000000000 +0200 ++++ net-snmp-5.6/man/netsnmp_config_api.3.def 2010-10-25 17:40:43.433726423 +0200 +@@ -295,7 +295,7 @@ for one particular machine. + .PP + The default list of directories to search is \fC SYSCONFDIR/snmp\fP, + followed by \fC DATADIR/snmp\fP, +-followed by \fC LIBDIR/snmp\fP, ++followed by \fC /usr/lib(64)/snmp\fP, + followed by \fC $HOME/.snmp\fP. + This list can be changed by setting the environmental variable + .I SNMPCONFPATH +@@ -365,7 +365,7 @@ function that it should abort the operat + SNMPCONFPATH + A colon separated list of directories to search for configuration + files in. +-Default: SYSCONFDIR/snmp:DATADIR/snmp:LIBDIR/snmp:$HOME/.snmp ++Default: SYSCONFDIR/snmp:DATADIR/snmp:/usr/lib(64)/snmp:$HOME/.snmp + .SH "SEE ALSO" + .BR mib_api "(3), " snmp_api (3) + .\" Local Variables: +diff -up net-snmp-5.6/man/snmp_config.5.def.multilib net-snmp-5.6/man/snmp_config.5.def +--- net-snmp-5.6/man/snmp_config.5.def.multilib 2010-09-17 11:51:52.000000000 +0200 ++++ net-snmp-5.6/man/snmp_config.5.def 2010-10-25 17:40:12.681976439 +0200 +@@ -10,7 +10,7 @@ First off, there are numerous places tha + found and read from. By default, the applications look for + configuration files in the following 4 directories, in order: + SYSCONFDIR/snmp, +-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these ++DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these + directories, it looks for files with the extension of both + .IR conf " and " local.conf + (reading the second ones last). In this manner, there are +diff -up net-snmp-5.6/man/snmpd.conf.5.def.multilib net-snmp-5.6/man/snmpd.conf.5.def +--- net-snmp-5.6/man/snmpd.conf.5.def.multilib 2010-09-17 11:51:52.000000000 +0200 ++++ net-snmp-5.6/man/snmpd.conf.5.def 2010-10-25 17:40:12.682976925 +0200 +@@ -1387,7 +1387,7 @@ filename), and call the initialisation r + .RS + .IP "Note:" + If the specified PATH is not a fully qualified filename, it will +-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR ++be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR + will be appended to the filename. + .RE + .PP diff --git a/SOURCES/net-snmp-5.6-test-debug.patch b/SOURCES/net-snmp-5.6-test-debug.patch new file mode 100644 index 0000000..4ae97fb --- /dev/null +++ b/SOURCES/net-snmp-5.6-test-debug.patch @@ -0,0 +1,29 @@ +Don't check tests which depend on DNS - it's disabled in Koji + +diff -up net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple +--- net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple 2012-10-18 10:16:39.276416510 +0200 +@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25 + SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies + SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies + ++FINISHED ++ ++# don't test the later, it depends on DNS, which is not available in Koji ++ + CHECKAGENT '<"c408a"' + if [ "$snmp_last_test_result" -eq 0 ] ; then + CHECKAGENT 'line 32: Error:' +diff -up net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple +--- net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple 2012-10-18 10:16:39.276416510 +0200 +@@ -132,6 +132,9 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff + SAVECHECKAGENT 'line 27: Error:' + SAVECHECKAGENT 'line 28: Error:' + ++FINISHED ++ ++# don't test the later, it depends on DNS, which is not available in Koji + # 608 + CHECKAGENT '<"c608a"' + if [ "$snmp_last_test_result" -eq 0 ] ; then diff --git a/SOURCES/net-snmp-5.7-agentx-crash.patch b/SOURCES/net-snmp-5.7-agentx-crash.patch new file mode 100644 index 0000000..0b717ba --- /dev/null +++ b/SOURCES/net-snmp-5.7-agentx-crash.patch @@ -0,0 +1,56 @@ +729738 - net-snmp dumps core in netsnmp_oid_find_prefix + +commit f9304c83f76202db0e684269ca1af32e43cd9db4 +Author: Jan Safranek +Date: Tue Feb 7 14:53:44 2012 +0100 + + CHANGES: PATCH 1633670: fixed snmpd crashing when an AgentX subagent disconnect in the middle of processing of a request. + + I fixed also the memory leak reported in the tracker comments. + +diff --git a/agent/mibgroup/agentx/master.c b/agent/mibgroup/agentx/master.c +index c42a42a..baeebaf 100644 +--- a/agent/mibgroup/agentx/master.c ++++ b/agent/mibgroup/agentx/master.c +@@ -219,6 +219,9 @@ agentx_got_response(int operation, + if (!cache) { + DEBUGMSGTL(("agentx/master", "response too late on session %8p\n", + session)); ++ /* response is too late, free the cache */ ++ if (magic) ++ netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic); + return 0; + } + requests = cache->requests; +@@ -606,6 +609,8 @@ agentx_master_handler(netsnmp_mib_handler *handler, + result = snmp_async_send(ax_session, pdu, agentx_got_response, cb_data); + if (result == 0) { + snmp_free_pdu(pdu); ++ if (cb_data) ++ netsnmp_free_delegated_cache((netsnmp_delegated_cache*) cb_data); + } + + return SNMP_ERR_NOERROR; +diff --git a/agent/mibgroup/agentx/master_admin.c b/agent/mibgroup/agentx/master_admin.c +index f16f392..b84b85e 100644 +--- a/agent/mibgroup/agentx/master_admin.c ++++ b/agent/mibgroup/agentx/master_admin.c +@@ -133,11 +133,16 @@ close_agentx_session(netsnmp_session * session, int sessid) + * requests, so that the delegated request will be completed and + * further requests can be processed + */ +- netsnmp_remove_delegated_requests_for_session(session); ++ while (netsnmp_remove_delegated_requests_for_session(session)) { ++ DEBUGMSGTL(("agentx/master", "Continue removing delegated reqests\n")); ++ } ++ + if (session->subsession != NULL) { + netsnmp_session *subsession = session->subsession; + for(; subsession; subsession = subsession->next) { +- netsnmp_remove_delegated_requests_for_session(subsession); ++ while (netsnmp_remove_delegated_requests_for_session(subsession)) { ++ DEBUGMSGTL(("agentx/master", "Continue removing delegated subsession reqests\n")); ++ } + } + } + diff --git a/SOURCES/net-snmp-5.7-dsktable-cache.patch b/SOURCES/net-snmp-5.7-dsktable-cache.patch new file mode 100644 index 0000000..82015e4 --- /dev/null +++ b/SOURCES/net-snmp-5.7-dsktable-cache.patch @@ -0,0 +1,28 @@ +877326 - dskEntry should be cached + +commit ca7b17a41d4d16bd27aacf92116bea3562eeea36 +Author: Jan Safranek +Date: Mon Dec 17 12:40:32 2012 +0100 + + CHANGES: snmpd: use cache for dskTable to speed it up. + + UCD-SNMP::dskTable was slow on NFS mounts. Now it uses fsys cache + to reload mounts every 5 seconds. + +diff --git a/agent/mibgroup/ucd-snmp/disk_hw.c b/agent/mibgroup/ucd-snmp/disk_hw.c +index 93ecde3..ea37610 100644 +--- a/agent/mibgroup/ucd-snmp/disk_hw.c ++++ b/agent/mibgroup/ucd-snmp/disk_hw.c +@@ -305,8 +305,11 @@ var_extensible_disk(struct variable *vp, + unsigned long long val; + static long long_ret; + static char errmsg[300]; ++ netsnmp_cache *cache; + +- netsnmp_fsys_load( NULL, NULL ); /* Update the fsys H/W module */ ++ /* Update the fsys H/W module */ ++ cache = netsnmp_fsys_get_cache(); ++ netsnmp_cache_check_and_reload(cache); + + tryAgain: + if (header_simple_table diff --git a/SOURCES/net-snmp-5.7-relro.patch b/SOURCES/net-snmp-5.7-relro.patch new file mode 100644 index 0000000..ff91ef6 --- /dev/null +++ b/SOURCES/net-snmp-5.7-relro.patch @@ -0,0 +1,62 @@ +725657: net-snmp should be compiled with relro + +This patch probably won't get ever upstream. It ensures that relro options [1] +are propagated where appropriate. + +[1]: configure --with-ldflags="-Wl,-z,relro -Wl,-z,now" + +diff -up net-snmp-5.7.2.pre2/apps/Makefile.in.rhel net-snmp-5.7.2.pre2/apps/Makefile.in +--- net-snmp-5.7.2.pre2/apps/Makefile.in.rhel 2012-07-31 14:00:04.051915227 +0200 ++++ net-snmp-5.7.2.pre2/apps/Makefile.in 2012-07-31 14:00:05.506909768 +0200 +@@ -204,7 +204,7 @@ snmpdf$(EXEEXT): snmpdf.$(OSUFFIX) $( + $(LINK) ${CFLAGS} -o $@ snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS} + + libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS) +- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) ++ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) ${LDFLAGS} + $(RANLIB) $@ + + snmpinforminstall: +diff -up net-snmp-5.7.2.pre2/perl/agent/default_store/Makefile.PL.rhel net-snmp-5.7.2.pre2/perl/agent/default_store/Makefile.PL +--- net-snmp-5.7.2.pre2/perl/agent/default_store/Makefile.PL.rhel 2012-07-12 04:23:25.000000000 +0200 ++++ net-snmp-5.7.2.pre2/perl/agent/default_store/Makefile.PL 2012-07-31 14:00:08.835898341 +0200 +@@ -69,6 +69,8 @@ sub InitMakeParams { + } + else { + $opts = NetSNMPGetOpts("../../"); ++ $Params{'LDDLFLAGS'} = "$Config{lddlflags} " . `$opts->{'nsconfig'} --ldflags`; ++ chomp($Params{'LDDLFLAGS'}); + $Params{'LIBS'} = `$opts->{'nsconfig'} --libs`; + chomp($Params{'LIBS'}); + $Params{'CCFLAGS'} = `$opts->{'nsconfig'} --cflags`; +diff -up net-snmp-5.7.2.pre2/python/setup.py.rhel net-snmp-5.7.2.pre2/python/setup.py +--- net-snmp-5.7.2.pre2/python/setup.py.rhel 2012-07-12 04:23:25.000000000 +0200 ++++ net-snmp-5.7.2.pre2/python/setup.py 2012-07-31 14:00:07.618902228 +0200 +@@ -18,14 +18,18 @@ if intree: + netsnmp_libs = os.popen(basedir+'/net-snmp-config --libs').read() + libdir = os.popen(basedir+'/net-snmp-config --build-lib-dirs '+basedir).read() + incdir = os.popen(basedir+'/net-snmp-config --build-includes '+basedir).read() ++ ldflags = os.popen(basedir+'/net-snmp-config --ldflags').read() + libs = re.findall(r"-l(\S+)", netsnmp_libs) + libdirs = re.findall(r"-L(\S+)", libdir) + incdirs = re.findall(r"-I(\S+)", incdir) ++ linkargs = ldflags.split() + else: + netsnmp_libs = os.popen('net-snmp-config --libs').read() ++ ldflags = os.popen('net-snmp-config --ldflags').read() + libdirs = re.findall(r"-L(\S+)", netsnmp_libs) + incdirs = [] + libs = re.findall(r"-l(\S+)", netsnmp_libs) ++ linkargs = ldflags.split() + + setup( + name="netsnmp-python", version="1.0a1", +@@ -41,6 +45,7 @@ setup( + Extension("netsnmp.client_intf", ["netsnmp/client_intf.c"], + library_dirs=libdirs, + include_dirs=incdirs, +- libraries=libs ) ++ libraries=libs, ++ extra_link_args=linkargs ) + ] + ) diff --git a/SOURCES/net-snmp-5.7-skip-ipv6-tests.patch b/SOURCES/net-snmp-5.7-skip-ipv6-tests.patch new file mode 100644 index 0000000..b828e88 --- /dev/null +++ b/SOURCES/net-snmp-5.7-skip-ipv6-tests.patch @@ -0,0 +1,38 @@ +657835: IPv6 tests fail instead of being skipped + +Detect ipv6 before testing ipv6 transports. + +diff -up net-snmp-5.7.2.pre2/testing/fulltests/transports/T320udpv6_simple.rhel net-snmp-5.7.2.pre2/testing/fulltests/transports/T320udpv6_simple +--- net-snmp-5.7.2.pre2/testing/fulltests/transports/T320udpv6_simple.rhel 2012-07-12 04:23:25.000000000 +0200 ++++ net-snmp-5.7.2.pre2/testing/fulltests/transports/T320udpv6_simple 2012-07-31 11:10:22.668307328 +0200 +@@ -6,6 +6,13 @@ HEADER UDP6 Transport + + SKIPIFNOT NETSNMP_TRANSPORT_UDPIPV6_DOMAIN + ++# primitive detection of ipv6 ++if test `uname -s` == "Linux" ; then ++ if test ! -e /proc/net/if_inet6; then ++ SKIP ++ fi ++fi ++ + # + # Begin test + # +diff -up net-snmp-5.7.2.pre2/testing/fulltests/transports/T330tcpv6_simple.rhel net-snmp-5.7.2.pre2/testing/fulltests/transports/T330tcpv6_simple +--- net-snmp-5.7.2.pre2/testing/fulltests/transports/T330tcpv6_simple.rhel 2012-07-12 04:23:25.000000000 +0200 ++++ net-snmp-5.7.2.pre2/testing/fulltests/transports/T330tcpv6_simple 2012-07-31 11:10:07.756378344 +0200 +@@ -6,6 +6,13 @@ HEADER TCP6 Transport + + SKIPIFNOT NETSNMP_TRANSPORT_TCPIPV6_DOMAIN + ++# primitive detection of ipv6 ++if test `uname -s` == "Linux" ; then ++ if test ! -e /proc/net/if_inet6; then ++ SKIP ++ fi ++fi ++ + # + # Begin test + # diff --git a/SOURCES/net-snmp-5.7-smux-reqid.patch b/SOURCES/net-snmp-5.7-smux-reqid.patch new file mode 100644 index 0000000..dd7c9e1 --- /dev/null +++ b/SOURCES/net-snmp-5.7-smux-reqid.patch @@ -0,0 +1,339 @@ +708370 - net-snmp increments request-id when generating multiple SMUX-PDUs for a SMUX peer + +Source: upstream, copied from master after commit 3fa0088c63fe0dd73417af94d888333192194093 +(too many individial commits to list) + +diff -up net-snmp-5.7.2.pre2/agent/mibgroup/smux/smux.c.rhel net-snmp-5.7.2.pre2/agent/mibgroup/smux/smux.c +--- net-snmp-5.7.2.pre2/agent/mibgroup/smux/smux.c.rhel 2012-07-31 14:13:18.069018537 +0200 ++++ net-snmp-5.7.2.pre2/agent/mibgroup/smux/smux.c 2012-07-31 13:49:55.000000000 +0200 +@@ -66,7 +66,6 @@ + #include + + #include "smux.h" +-#include "mibdefs.h" + #include "snmpd.h" + + netsnmp_feature_require(snprint_objid) +@@ -103,10 +102,9 @@ static int smux_pdu_process(int, u_ + static int smux_send_rrsp(int, int); + static smux_reg *smux_find_match(smux_reg *, int, oid *, size_t, long); + static smux_reg *smux_find_replacement(oid *, size_t); +-u_char *var_smux(struct variable *, oid *, size_t *, int, size_t *, +- WriteMethod ** write_method); +-int var_smux_write(int, u_char *, u_char, size_t, u_char *, +- oid *, size_t); ++u_char *var_smux_get(oid *, size_t, oid *, size_t *, int, size_t *, ++ u_char *); ++int var_smux_write(int, u_char *, u_char, size_t, oid *, size_t); + + static smux_reg *ActiveRegs; /* Active registrations */ + static smux_reg *PassiveRegs; /* Currently unused registrations */ +@@ -114,14 +112,6 @@ static smux_reg *PassiveRegs; /* Curre + static smux_peer_auth *Auths[SMUX_MAX_PEERS]; /* Configured peers */ + static int nauths, npeers = 0; + +-struct variable2 smux_variables[] = { +- /* +- * bogus entry, as in pass.c +- */ +- {MIBINDEX, ASN_INTEGER, NETSNMP_OLDAPI_RWRITE, +- var_smux, 0, {MIBINDEX}}, +-}; +- + + + void +@@ -244,7 +234,7 @@ real_init_smux(void) + #endif + netsnmp_sockaddr_in( &lo_socket, smux_socket, SMUXPORT ); + +- if ((smux_listen_sd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { ++ if ((smux_listen_sd = (int) socket(AF_INET, SOCK_STREAM, 0)) < 0) { + snmp_log_perror("[init_smux] socket failed"); + return; + } +@@ -291,21 +281,88 @@ real_init_smux(void) + smux_listen_sd, ntohs(lo_socket.sin_port))); + } + ++static int ++smux_handler(netsnmp_mib_handler *handler, ++ netsnmp_handler_registration *reginfo, ++ netsnmp_agent_request_info *reqinfo, ++ netsnmp_request_info *requests) ++{ ++ u_char *access = NULL; ++ size_t var_len; ++ int exact = 1; ++ int status = 0; ++ u_char var_type; ++ static long old_reqid = -1; ++ static long old_sessid = -1; ++ long new_reqid, new_sessid; ++ ++ /* Increment the reqid of outgoing SMUX messages only when processing ++ * new incoming SNMP message, i.e. when reqid or session id chamges */ ++ new_reqid = reqinfo->asp->pdu->reqid; ++ new_sessid = reqinfo->asp->session->sessid; ++ DEBUGMSGTL(("smux", "smux_handler: incoming reqid=%ld, sessid=%ld\n", ++ new_reqid, new_sessid)); ++ if (old_reqid != new_reqid || old_sessid != new_sessid) { ++ smux_reqid++; ++ old_reqid = new_reqid; ++ old_sessid = new_sessid; ++ } ++ ++ switch (reqinfo->mode) { ++ case MODE_GETNEXT: ++ case MODE_GETBULK: ++ exact = 0; ++ } ++ ++ for (; requests; requests = requests->next) { ++ switch(reqinfo->mode) { ++ case MODE_GET: ++ case MODE_GETNEXT: ++ case MODE_SET_RESERVE1: ++ access = var_smux_get(reginfo->rootoid, ++ reginfo->rootoid_len, ++ requests->requestvb->name, ++ &requests->requestvb->name_length, ++ exact, ++ &var_len, ++ &var_type); ++ if (access) ++ if (reqinfo->mode != MODE_SET_RESERVE1) ++ snmp_set_var_typed_value(requests->requestvb, ++ var_type, access, var_len); ++ if (reqinfo->mode != MODE_SET_RESERVE1) ++ break; ++ /* fall through if MODE_SET_RESERVE1 */ ++ ++ default: ++ /* SET processing */ ++ status = var_smux_write(reqinfo->mode, ++ requests->requestvb->val.string, ++ requests->requestvb->type, ++ requests->requestvb->val_len, ++ requests->requestvb->name, ++ requests->requestvb->name_length); ++ if (status != SNMP_ERR_NOERROR) { ++ netsnmp_set_request_error(reqinfo, requests, status); ++ } ++ } ++ } ++ return SNMP_ERR_NOERROR; ++} ++ + u_char * +-var_smux(struct variable * vp, +- oid * name, +- size_t * length, +- int exact, size_t * var_len, WriteMethod ** write_method) ++var_smux_get(oid *root, size_t root_len, ++ oid * name, size_t * length, ++ int exact, size_t * var_len, u_char *var_type) + { +- u_char *valptr, val_type; ++ u_char *valptr; + smux_reg *rptr; + +- *write_method = var_smux_write; + /* + * search the active registration list + */ + for (rptr = ActiveRegs; rptr; rptr = rptr->sr_next) { +- if (0 >= snmp_oidtree_compare(vp->name, vp->namelen, rptr->sr_name, ++ if (0 >= snmp_oidtree_compare(root, root_len, rptr->sr_name, + rptr->sr_name_len)) + break; + } +@@ -315,7 +372,7 @@ var_smux(struct variable * vp, + return NULL; + + valptr = smux_snmp_process(exact, name, length, +- var_len, &val_type, rptr->sr_fd); ++ var_len, var_type, rptr->sr_fd); + + if (valptr == NULL) + return NULL; +@@ -328,10 +385,6 @@ var_smux(struct variable * vp, + */ + return NULL; + } else { +- /* +- * set the type and return the value +- */ +- vp->type = val_type; + return valptr; + } + } +@@ -341,7 +394,7 @@ var_smux_write(int action, + u_char * var_val, + u_char var_val_type, + size_t var_val_len, +- u_char * statP, oid * name, size_t name_len) ++ oid * name, size_t name_len) + { + smux_reg *rptr; + u_char buf[SMUXMAXPKTSIZE], *ptr, sout[3], type; +@@ -589,7 +642,7 @@ smux_accept(int sd) + */ + DEBUGMSGTL(("smux", "[smux_accept] Calling accept()\n")); + errno = 0; +- if ((fd = accept(sd, (struct sockaddr *) &in_socket, &alen)) < 0) { ++ if ((fd = (int) accept(sd, (struct sockaddr *) &in_socket, &alen)) < 0) { + snmp_log_perror("[smux_accept] accept failed"); + return -1; + } else { +@@ -1000,6 +1053,7 @@ smux_rreq_process(int sd, u_char * ptr, + int i, result; + u_char type; + smux_reg *rptr, *nrptr; ++ netsnmp_handler_registration *reg; + + oid_name_len = MAX_OID_LEN; + ptr = asn_parse_objid(ptr, len, &type, oid_name, &oid_name_len); +@@ -1157,17 +1211,27 @@ smux_rreq_process(int sd, u_char * ptr, + */ + if (nrptr->sr_priority == -1) + nrptr->sr_priority = 0; ++ ++ reg = netsnmp_create_handler_registration("smux", ++ smux_handler, ++ nrptr->sr_name, ++ nrptr->sr_name_len, ++ HANDLER_CAN_RWRITE); ++ if (reg == NULL) { ++ snmp_log(LOG_ERR, "SMUX: cannot create new smux peer " ++ "registration\n"); ++ smux_send_rrsp(sd, -1); ++ free(nrptr); ++ return NULL; ++ } ++ if (netsnmp_register_handler(reg) != MIB_REGISTERED_OK) { ++ snmp_log(LOG_ERR, "SMUX: cannot register new smux peer\n"); ++ smux_send_rrsp(sd, -1); ++ free(nrptr); ++ return NULL; ++ } ++ nrptr->reginfo = reg; + smux_list_add(&ActiveRegs, nrptr); +- if (register_mib("smux", (struct variable *) +- smux_variables, sizeof(struct variable2), +- 1, nrptr->sr_name, nrptr->sr_name_len) +- != SNMPERR_SUCCESS) { +- DEBUGMSGTL(("smux", "[smux_rreq_process] Failed to register subtree\n")); +- smux_list_detach(&ActiveRegs, nrptr); +- free(nrptr); +- smux_send_rrsp(sd, -1); +- return NULL; +- } + + done: + smux_send_rrsp(sd, nrptr->sr_priority); +@@ -1214,16 +1278,35 @@ smux_find_match(smux_reg * regs, int sd, + static void + smux_replace_active(smux_reg * actptr, smux_reg * pasptr) + { ++ netsnmp_handler_registration *reg; ++ + smux_list_detach(&ActiveRegs, actptr); +- unregister_mib(actptr->sr_name, actptr->sr_name_len); ++ if (actptr->reginfo) { ++ netsnmp_unregister_handler(actptr->reginfo); ++ actptr->reginfo = NULL; ++ } + + smux_list_detach(&PassiveRegs, pasptr); +- (void) smux_list_add(&ActiveRegs, pasptr); + +- register_mib("smux", (struct variable *) smux_variables, +- sizeof(struct variable2), 1, pasptr->sr_name, +- pasptr->sr_name_len); ++ (void) smux_list_add(&ActiveRegs, pasptr); + free(actptr); ++ ++ reg = netsnmp_create_handler_registration("smux", ++ smux_handler, ++ pasptr->sr_name, ++ pasptr->sr_name_len, ++ HANDLER_CAN_RWRITE); ++ if (reg == NULL) { ++ snmp_log(LOG_ERR, "SMUX: cannot create new smux peer registration\n"); ++ pasptr->reginfo = NULL; ++ return; ++ } ++ if (netsnmp_register_handler(reg) != MIB_REGISTERED_OK) { ++ snmp_log(LOG_ERR, "SMUX: cannot register new smux peer\n"); ++ pasptr->reginfo = NULL; ++ return; ++ } ++ pasptr->reginfo = reg; + } + + static void +@@ -1373,8 +1456,6 @@ smux_snmp_process(int exact, + /* + * Send the query to the peer + */ +- smux_reqid++; +- + if (exact) + type = SMUX_GET; + else +@@ -1757,6 +1838,7 @@ smux_peer_cleanup(int sd) + { + smux_reg *nrptr, *rptr, *rptr2; + int i; ++ netsnmp_handler_registration *reg; + + /* + * close the descriptor +@@ -1781,15 +1863,30 @@ smux_peer_cleanup(int sd) + rptr2 = rptr->sr_next; + if (rptr->sr_fd == sd) { + smux_list_detach(&ActiveRegs, rptr); +- unregister_mib(rptr->sr_name, rptr->sr_name_len); ++ if (rptr->reginfo) { ++ netsnmp_unregister_handler(rptr->reginfo); ++ rptr->reginfo = NULL; ++ } + if ((nrptr = smux_find_replacement(rptr->sr_name, + rptr->sr_name_len)) != +- NULL) { ++ NULL) { + smux_list_detach(&PassiveRegs, nrptr); ++ reg = netsnmp_create_handler_registration("smux", ++ smux_handler, ++ nrptr->sr_name, ++ nrptr->sr_name_len, ++ HANDLER_CAN_RWRITE); ++ if (reg == NULL) { ++ snmp_log(LOG_ERR, "SMUX: cannot create new smux peer " ++ "registration\n"); ++ continue; ++ } ++ if (netsnmp_register_handler(reg) != MIB_REGISTERED_OK) { ++ snmp_log(LOG_ERR, "SMUX: cannot register new smux peer\n"); ++ continue; ++ } ++ nrptr->reginfo = reg; + smux_list_add(&ActiveRegs, nrptr); +- register_mib("smux", (struct variable *) +- smux_variables, sizeof(struct variable2), +- 1, nrptr->sr_name, nrptr->sr_name_len); + } + free(rptr); + } +diff -up net-snmp-5.7.2.pre2/agent/mibgroup/smux/smux.h.rhel net-snmp-5.7.2.pre2/agent/mibgroup/smux/smux.h +--- net-snmp-5.7.2.pre2/agent/mibgroup/smux/smux.h.rhel 2012-07-31 14:13:21.893006290 +0200 ++++ net-snmp-5.7.2.pre2/agent/mibgroup/smux/smux.h 2012-07-31 13:49:55.000000000 +0200 +@@ -60,6 +60,7 @@ typedef struct _smux_reg { + int sr_priority; /* priority of registration */ + int sr_fd; /* descriptor of owner */ + struct _smux_reg *sr_next; /* next one */ ++ netsnmp_handler_registration *reginfo; + } smux_reg; + + extern void init_smux(void); diff --git a/SOURCES/net-snmp-5.7.2-CVE-2018-18066.patch b/SOURCES/net-snmp-5.7.2-CVE-2018-18066.patch new file mode 100644 index 0000000..ea9ae37 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-CVE-2018-18066.patch @@ -0,0 +1,21 @@ +diff -urNp o/agent/helpers/table.c n/agent/helpers/table.c +--- o/agent/helpers/table.c 2019-08-14 11:12:30.693772682 +0200 ++++ n/agent/helpers/table.c 2019-08-14 11:22:14.674403722 +0200 +@@ -406,6 +406,8 @@ table_helper_handler(netsnmp_mib_handler + if (reqinfo->mode == MODE_GET) + table_helper_cleanup(reqinfo, request, + SNMP_NOSUCHOBJECT); ++ else ++ request->processed = 1; /* skip if next handler called */ + continue; + } + +@@ -483,6 +485,8 @@ table_helper_handler(netsnmp_mib_handler + #endif /* NETSNMP_NO_WRITE_SUPPORT */ + table_helper_cleanup(reqinfo, request, + SNMP_NOSUCHOBJECT); ++ else ++ request->processed = 1; /* skip if next handler called */ + continue; + } + /* diff --git a/SOURCES/net-snmp-5.7.2-MYSQL-LIBS.patch b/SOURCES/net-snmp-5.7.2-MYSQL-LIBS.patch new file mode 100644 index 0000000..1ccf204 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-MYSQL-LIBS.patch @@ -0,0 +1,12 @@ +diff -urNp O/apps/Makefile.in N/apps/Makefile.in +--- O/apps/Makefile.in 2019-03-18 12:36:59.016177653 +0100 ++++ N/apps/Makefile.in 2019-03-18 12:38:55.731913867 +0100 +@@ -204,7 +204,7 @@ snmpdf$(EXEEXT): snmpdf.$(OSUFFIX) $( + $(LINK) ${CFLAGS} -o $@ snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS} + + libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS) +- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) ${LDFLAGS} ++ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS) ${LDFLAGS} + $(RANLIB) $@ + + snmpinforminstall: diff --git a/SOURCES/net-snmp-5.7.2-acfs.patch b/SOURCES/net-snmp-5.7.2-acfs.patch new file mode 100644 index 0000000..249281f --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-acfs.patch @@ -0,0 +1,37 @@ +diff -urNp a/agent/mibgroup/hardware/fsys/fsys_mntent.c b/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- a/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-08-14 10:42:04.298706747 +0200 ++++ b/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-08-14 10:42:27.177735016 +0200 +@@ -142,6 +142,7 @@ _fsys_type( char *typename ) + !strcmp(typename, MNTTYPE_SIMFS) || + !strcmp(typename, MNTTYPE_VZFS) || + !strcmp(typename, MNTTYPE_BTRFS) || ++ !strcmp(typename, MNTTYPE_ACFS) || + !strcmp(typename, MNTTYPE_LOFS)) + return NETSNMP_FS_TYPE_OTHER; + +diff -urNp a/agent/mibgroup/hardware/fsys/mnttypes.h b/agent/mibgroup/hardware/fsys/mnttypes.h +--- a/agent/mibgroup/hardware/fsys/mnttypes.h 2018-08-14 10:42:04.298706747 +0200 ++++ b/agent/mibgroup/hardware/fsys/mnttypes.h 2018-08-14 10:42:27.177735016 +0200 +@@ -151,6 +151,9 @@ + #ifndef MNTTYPE_BTRFS + #define MNTTYPE_BTRFS "btrfs" + #endif ++#ifndef MNTTYPE_ACFS ++#define MNTTYPE_ACFS "acfs" ++#endif + + /* + * File systems to skip +diff -urNp a/agent/mibgroup/hardware/fsys/mounts.h b/agent/mibgroup/hardware/fsys/mounts.h +--- a/agent/mibgroup/hardware/fsys/mounts.h 2012-10-10 00:28:58.000000000 +0200 ++++ b/agent/mibgroup/hardware/fsys/mounts.h 2018-08-14 10:44:30.798843141 +0200 +@@ -56,6 +56,9 @@ + #ifndef MOUNT_UFS + #define MOUNT_UFS "ufs" + #endif ++#ifndef MOUNT_ACFS ++#define MOUNT_ACFS "acfs" ++#endif + + /* + #ifndef MNTTYPE_AFS diff --git a/SOURCES/net-snmp-5.7.2-agentx-disconnect-crash-part2.patch b/SOURCES/net-snmp-5.7.2-agentx-disconnect-crash-part2.patch new file mode 100644 index 0000000..41887a5 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-agentx-disconnect-crash-part2.patch @@ -0,0 +1,12 @@ +diff -urNp old/agent/mibgroup/agentx/master.c new/agent/mibgroup/agentx/master.c +--- old/agent/mibgroup/agentx/master.c 2017-03-29 11:33:29.643295606 +0200 ++++ new/agent/mibgroup/agentx/master.c 2017-03-29 11:36:56.532670645 +0200 +@@ -222,7 +222,7 @@ agentx_got_response(int operation, + /* response is too late, free the cache */ + if (magic) + netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic); +- return 0; ++ return 1; + } + requests = cache->requests; + diff --git a/SOURCES/net-snmp-5.7.2-agentx-disconnect-crash.patch b/SOURCES/net-snmp-5.7.2-agentx-disconnect-crash.patch new file mode 100644 index 0000000..10a9f7b --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-agentx-disconnect-crash.patch @@ -0,0 +1,207 @@ +969061 - net-snmpd crash on time out + +ABI breaking upstream patch. + +commit 793d596838ff7cb48a73b675d62897c56c9e62df +Author: Jan Safranek +Date: Tue Jul 2 14:32:56 2013 +0200 + + From: Jiri Cervenka: snmpd: Fixed agentx crashing and/or freezing on timeout. + + Queued requests are dropped gracefuly. + +diff --git a/agent/mibgroup/agentx/master_admin.c b/agent/mibgroup/agentx/master_admin.c +index 999128a..4b42104 100644 +--- a/agent/mibgroup/agentx/master_admin.c ++++ b/agent/mibgroup/agentx/master_admin.c +@@ -158,6 +158,7 @@ close_agentx_session(netsnmp_session * session, int sessid) + for (sp = session->subsession; sp != NULL; sp = sp->next) { + + if (sp->sessid == sessid) { ++ netsnmp_remove_delegated_requests_for_session(sp); + unregister_mibs_by_session(sp); + unregister_index_by_session(sp); + unregister_sysORTable_by_session(sp); +diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c +index 1261c53..51eb287 100644 +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -1415,6 +1415,7 @@ init_agent_snmp_session(netsnmp_session * session, netsnmp_pdu *pdu) + asp->treecache_num = -1; + asp->treecache_len = 0; + asp->reqinfo = SNMP_MALLOC_TYPEDEF(netsnmp_agent_request_info); ++ asp->flags = SNMP_AGENT_FLAGS_NONE; + DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p created\n", + asp, asp->reqinfo)); + +@@ -1463,6 +1464,9 @@ netsnmp_check_for_delegated(netsnmp_agent_session *asp) + + if (NULL == asp->treecache) + return 0; ++ ++ if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS) ++ return 0; + + for (i = 0; i <= asp->treecache_num; i++) { + for (request = asp->treecache[i].requests_begin; request; +@@ -1541,39 +1545,48 @@ int + netsnmp_remove_delegated_requests_for_session(netsnmp_session *sess) + { + netsnmp_agent_session *asp; +- int count = 0; ++ int total_count = 0; + + for (asp = agent_delegated_list; asp; asp = asp->next) { + /* + * check each request + */ ++ int i; ++ int count = 0; + netsnmp_request_info *request; +- for(request = asp->requests; request; request = request->next) { +- /* +- * check session +- */ +- netsnmp_assert(NULL!=request->subtree); +- if(request->subtree->session != sess) +- continue; ++ for (i = 0; i <= asp->treecache_num; i++) { ++ for (request = asp->treecache[i].requests_begin; request; ++ request = request->next) { ++ /* ++ * check session ++ */ ++ netsnmp_assert(NULL!=request->subtree); ++ if(request->subtree->session != sess) ++ continue; + +- /* +- * matched! mark request as done +- */ +- netsnmp_request_set_error(request, SNMP_ERR_GENERR); +- ++count; ++ /* ++ * matched! mark request as done ++ */ ++ netsnmp_request_set_error(request, SNMP_ERR_GENERR); ++ ++count; ++ } ++ } ++ if (count) { ++ asp->flags |= SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS; ++ total_count += count; + } + } + + /* + * if we found any, that request may be finished now + */ +- if(count) { ++ if(total_count) { + DEBUGMSGTL(("snmp_agent", "removed %d delegated request(s) for session " +- "%8p\n", count, sess)); +- netsnmp_check_outstanding_agent_requests(); ++ "%8p\n", total_count, sess)); ++ netsnmp_check_delegated_requests(); + } + +- return count; ++ return total_count; + } + + int +@@ -2745,19 +2758,11 @@ handle_var_requests(netsnmp_agent_session *asp) + return final_status; + } + +-/* +- * loop through our sessions known delegated sessions and check to see +- * if they've completed yet. If there are no more delegated sessions, +- * check for and process any queued requests +- */ + void +-netsnmp_check_outstanding_agent_requests(void) ++netsnmp_check_delegated_requests(void) + { + netsnmp_agent_session *asp, *prev_asp = NULL, *next_asp = NULL; + +- /* +- * deal with delegated requests +- */ + for (asp = agent_delegated_list; asp; asp = next_asp) { + next_asp = asp->next; /* save in case we clean up asp */ + if (!netsnmp_check_for_delegated(asp)) { +@@ -2796,6 +2801,22 @@ netsnmp_check_outstanding_agent_requests(void) + prev_asp = asp; + } + } ++} ++ ++/* ++ * loop through our sessions known delegated sessions and check to see ++ * if they've completed yet. If there are no more delegated sessions, ++ * check for and process any queued requests ++ */ ++void ++netsnmp_check_outstanding_agent_requests(void) ++{ ++ netsnmp_agent_session *asp; ++ ++ /* ++ * deal with delegated requests ++ */ ++ netsnmp_check_delegated_requests(); + + /* + * if we are processing a set and there are more delegated +@@ -2825,7 +2846,8 @@ netsnmp_check_outstanding_agent_requests(void) + + netsnmp_processing_set = netsnmp_agent_queued_list; + DEBUGMSGTL(("snmp_agent", "SET request remains queued while " +- "delegated requests finish, asp = %8p\n", asp)); ++ "delegated requests finish, asp = %8p\n", ++ agent_delegated_list)); + break; + } + #endif /* NETSNMP_NO_WRITE_SUPPORT */ +@@ -2886,6 +2908,10 @@ check_delayed_request(netsnmp_agent_session *asp) + case SNMP_MSG_GETBULK: + case SNMP_MSG_GETNEXT: + netsnmp_check_all_requests_status(asp, 0); ++ if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS) { ++ DEBUGMSGTL(("snmp_agent","canceling next walk for asp %p\n", asp)); ++ break; ++ } + handle_getnext_loop(asp); + if (netsnmp_check_for_delegated(asp) && + netsnmp_check_transaction_id(asp->pdu->transid) != +diff --git a/include/net-snmp/agent/snmp_agent.h b/include/net-snmp/agent/snmp_agent.h +index aad8837..43f4fff 100644 +--- a/include/net-snmp/agent/snmp_agent.h ++++ b/include/net-snmp/agent/snmp_agent.h +@@ -32,6 +32,9 @@ extern "C" { + #define SNMP_MAX_PDU_SIZE 64000 /* local constraint on PDU size sent by agent + * (see also SNMP_MAX_MSG_SIZE in snmp_api.h) */ + ++#define SNMP_AGENT_FLAGS_NONE 0x0 ++#define SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS 0x1 ++ + /* + * If non-zero, causes the addresses of peers to be logged when receptions + * occur. +@@ -205,6 +208,7 @@ extern "C" { + int treecache_num; /* number of current cache entries */ + netsnmp_cachemap *cache_store; + int vbcount; ++ int flags; + } netsnmp_agent_session; + + /* +@@ -240,6 +244,7 @@ extern "C" { + int init_master_agent(void); + void shutdown_master_agent(void); + int agent_check_and_process(int block); ++ void netsnmp_check_delegated_requests(void); + void netsnmp_check_outstanding_agent_requests(void); + + int netsnmp_request_set_error(netsnmp_request_info *request, diff --git a/SOURCES/net-snmp-5.7.2-autofs.patch b/SOURCES/net-snmp-5.7.2-autofs.patch new file mode 100644 index 0000000..266de77 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-autofs.patch @@ -0,0 +1,199 @@ +diff -urNp oold/agent/mibgroup/hardware/fsys/fsys_mntctl.c nnew/agent/mibgroup/hardware/fsys/fsys_mntctl.c +--- oold/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2012-10-10 00:28:58.000000000 +0200 ++++ nnew/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2017-10-31 10:21:53.433280099 +0100 +@@ -43,8 +43,9 @@ _fsys_type( int type) + + case MNT_NFS: + case MNT_NFS3: +- case MNT_AUTOFS: + return NETSNMP_FS_TYPE_NFS; ++ case MNT_AUTOFS: ++ return NETSNMP_FS_TYPE_AUTOFS; + + /* + * The following code covers selected filesystems +@@ -153,10 +154,12 @@ netsnmp_fsys_arch_load( void ) + + /* + * Optionally skip retrieving statistics for remote mounts ++ * AUTOFS is skipped by default + */ +- if ( (entry->flags & NETSNMP_FS_FLAG_REMOTE) && ++ if ( ((entry->flags & NETSNMP_FS_FLAG_REMOTE) && + netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, +- NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES)) ++ NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES)) || ++ entry->type == (NETSNMP_FS_TYPE_AUTOFS)) + continue; + + if ( statfs( entry->path, &stat_buf ) < 0 ) { +diff -urNp oold/agent/mibgroup/hardware/fsys/fsys_mntent.c nnew/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- oold/agent/mibgroup/hardware/fsys/fsys_mntent.c 2017-10-30 14:50:41.784743150 +0100 ++++ nnew/agent/mibgroup/hardware/fsys/fsys_mntent.c 2017-10-31 08:59:08.953114110 +0100 +@@ -145,6 +145,13 @@ _fsys_type( char *typename ) + !strcmp(typename, MNTTYPE_LOFS)) + return NETSNMP_FS_TYPE_OTHER; + ++ /* Detection of AUTOFS. ++ * This file system will be ignored by default ++ */ ++ else if ( !strcmp(typename, MNTTYPE_AUTOFS)) ++ return NETSNMP_FS_TYPE_AUTOFS; ++ ++ + /* + * All other types are silently skipped + */ +@@ -239,6 +246,10 @@ netsnmp_fsys_arch_load( void ) + NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES)) + continue; + ++ /* Skip AUTOFS enteries */ ++ if ( entry->type == (NETSNMP_FS_TYPE_AUTOFS)) ++ continue; ++ + #ifdef irix6 + if ( NSFS_STATFS( entry->path, &stat_buf, sizeof(struct statfs), 0) < 0 ) + #else +diff -urNp oold/agent/mibgroup/hardware/fsys/mnttypes.h nnew/agent/mibgroup/hardware/fsys/mnttypes.h +--- oold/agent/mibgroup/hardware/fsys/mnttypes.h 2017-10-30 14:50:41.741743139 +0100 ++++ nnew/agent/mibgroup/hardware/fsys/mnttypes.h 2017-10-31 09:01:40.462427047 +0100 +@@ -159,6 +159,9 @@ + #ifndef MNTTYPE_APP + #define MNTTYPE_APP "app" + #endif ++#ifndef MNTTYPE_AUTOFS ++#define MNTTYPE_AUTOFS "autofs" ++#endif + #ifndef MNTTYPE_DEVPTS + #define MNTTYPE_DEVPTS "devpts" + #endif +diff -urNp oold/agent/mibgroup/host/hr_filesys.c nnew/agent/mibgroup/host/hr_filesys.c +--- oold/agent/mibgroup/host/hr_filesys.c 2012-10-10 00:28:58.000000000 +0200 ++++ nnew/agent/mibgroup/host/hr_filesys.c 2017-10-31 09:28:46.926093897 +0100 +@@ -839,6 +839,27 @@ Check_HR_FileSys_NFS (void) + return 0; /* no NFS file system */ + } + ++/* This function checks whether current file system is an AutoFs ++ * HRFS_entry must be valid prior to calling this function ++ * return 1 if AutoFs, 0 otherwise ++ */ ++int ++Check_HR_FileSys_AutoFs (void) ++{ ++#if HAVE_GETFSSTAT ++ if ( HRFS_entry->HRFS_type != NULL && ++#if defined(MNTTYPE_AUTOFS) ++ !strcmp( HRFS_entry->HRFS_type, MNTTYPE_AUTOFS) ++#else ++ !strcmp( HRFS_entry->HRFS_type, "autofs") ++#endif ++ ) ++#endif /* HAVE_GETFSSTAT */ ++ return 1; /* AUTOFS */ ++ ++ return 0; /* no AUTOFS */ ++} ++ + void + End_HR_FileSys(void) + { +diff -urNp oold/agent/mibgroup/host/hr_filesys.h nnew/agent/mibgroup/host/hr_filesys.h +--- oold/agent/mibgroup/host/hr_filesys.h 2012-10-10 00:28:58.000000000 +0200 ++++ nnew/agent/mibgroup/host/hr_filesys.h 2017-10-31 09:29:44.541837515 +0100 +@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void); + extern FindVarMethod var_hrfilesys; + extern int Get_Next_HR_FileSys(void); + extern int Check_HR_FileSys_NFS(void); ++extern int Check_HR_FileSys_AutoFs(void); + + extern int Get_FSIndex(char *); + extern long Get_FSSize(char *); /* Temporary */ +diff -urNp oold/agent/mibgroup/host/hrh_filesys.c nnew/agent/mibgroup/host/hrh_filesys.c +--- oold/agent/mibgroup/host/hrh_filesys.c 2012-10-10 00:28:58.000000000 +0200 ++++ nnew/agent/mibgroup/host/hrh_filesys.c 2017-10-31 09:37:36.787634605 +0100 +@@ -427,3 +427,9 @@ Check_HR_FileSys_NFS (void) + { + return (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) ? 1 : 0; + } ++ ++int ++Check_HR_FileSys_AutoFs (void) ++{ ++ return (HRFS_entry->type == (NETSNMP_FS_TYPE_AUTOFS)) ? 1 : 0; ++} +diff -urNp oold/agent/mibgroup/host/hrh_filesys.h nnew/agent/mibgroup/host/hrh_filesys.h +--- oold/agent/mibgroup/host/hrh_filesys.h 2012-10-10 00:28:58.000000000 +0200 ++++ nnew/agent/mibgroup/host/hrh_filesys.h 2017-10-31 09:38:00.644616572 +0100 +@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void); + extern FindVarMethod var_hrhfilesys; + extern int Get_Next_HR_FileSys(void); + extern int Check_HR_FileSys_NFS(void); ++extern int Check_HR_FileSys_AutoFs(void); + + extern int Get_FSIndex(char *); + extern long Get_FSSize(char *); /* Temporary */ +diff -urNp oold/agent/mibgroup/host/hrh_storage.c nnew/agent/mibgroup/host/hrh_storage.c +--- oold/agent/mibgroup/host/hrh_storage.c 2017-10-30 14:50:41.766743146 +0100 ++++ nnew/agent/mibgroup/host/hrh_storage.c 2017-10-31 10:08:25.482217951 +0100 +@@ -368,9 +368,10 @@ really_try_next: + store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ]; + if (HRFS_entry && + store_idx > NETSNMP_MEM_TYPE_MAX && +- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, ++ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && +- Check_HR_FileSys_NFS()) ++ Check_HR_FileSys_NFS()) || ++ Check_HR_FileSys_AutoFs())) + return NULL; + if (store_idx <= NETSNMP_MEM_TYPE_MAX ) { + mem = (netsnmp_memory_info*)ptr; +@@ -509,7 +510,8 @@ Get_Next_HR_Store(void) + if (HRS_index >= 0) { + if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && +- Check_HR_FileSys_NFS())) { ++ Check_HR_FileSys_NFS()) && ++ !Check_HR_FileSys_AutoFs()) { + return HRS_index + NETSNMP_MEM_TYPE_MAX; + } + } else { +diff -urNp oold/agent/mibgroup/host/hr_storage.c nnew/agent/mibgroup/host/hr_storage.c +--- oold/agent/mibgroup/host/hr_storage.c 2012-10-10 00:28:58.000000000 +0200 ++++ nnew/agent/mibgroup/host/hr_storage.c 2017-10-31 10:11:41.161064352 +0100 +@@ -545,9 +545,10 @@ really_try_next: + + store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ]; + if (store_idx > NETSNMP_MEM_TYPE_MAX ) { +- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, ++ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && +- Check_HR_FileSys_NFS()) ++ Check_HR_FileSys_NFS()) || ++ Check_HR_FileSys_AutoFs()) + return NULL; /* or goto try_next; */ + if (HRFS_statfs(HRFS_entry->HRFS_mount, &stat_buf) < 0) { + snmp_log_perror(HRFS_entry->HRFS_mount); +@@ -688,7 +689,8 @@ Get_Next_HR_Store(void) + if (HRS_index >= 0) { + if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && +- Check_HR_FileSys_NFS())) { ++ Check_HR_FileSys_NFS()) && ++ !Check_HR_FileSys_AutoFs()) { + return HRS_index + NETSNMP_MEM_TYPE_MAX; + } + } else { +diff -urNp oold/include/net-snmp/agent/hardware/fsys.h nnew/include/net-snmp/agent/hardware/fsys.h +--- oold/include/net-snmp/agent/hardware/fsys.h 2012-10-10 00:28:58.000000000 +0200 ++++ nnew/include/net-snmp/agent/hardware/fsys.h 2017-10-31 10:14:59.560581680 +0100 +@@ -41,6 +41,7 @@ typedef struct netsnmp_fsys_info_s netsn + #define NETSNMP_FS_TYPE_SYSFS 4 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT + #define NETSNMP_FS_TYPE_TMPFS 5 | _NETSNMP_FS_TYPE_LOCAL + #define NETSNMP_FS_TYPE_USBFS 6 | _NETSNMP_FS_TYPE_LOCAL ++#define NETSNMP_FS_TYPE_AUTOFS 7 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT + + #define NETSNMP_FS_FLAG_ACTIVE 0x01 + #define NETSNMP_FS_FLAG_REMOTE 0x02 diff --git a/SOURCES/net-snmp-5.7.2-btrfs.patch b/SOURCES/net-snmp-5.7.2-btrfs.patch new file mode 100644 index 0000000..19e6c05 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-btrfs.patch @@ -0,0 +1,33 @@ +Bug 965348 - HOST-RESOURCES-MIB::hrFS* not includes btrfs +1006758 - HOST-RESOURCES-MIB::hrFS* not includes btrfs + +commit da1fef382591ff45dc92eb3b95a6bfeff9ecfa4f +Author: Jan Safranek +Date: Tue May 21 09:13:41 2013 +0200 + + CHANGES: snmpd: Added btrfs support to hrFSTable + +diff -up net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c.btrfs net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c.btrfs 2013-09-11 12:12:54.586891414 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c 2013-09-11 12:12:41.565947166 +0200 +@@ -141,6 +141,7 @@ _fsys_type( char *typename ) + !strcmp(typename, MNTTYPE_CVFS) || + !strcmp(typename, MNTTYPE_SIMFS) || + !strcmp(typename, MNTTYPE_VZFS) || ++ !strcmp(typename, MNTTYPE_BTRFS) || + !strcmp(typename, MNTTYPE_LOFS)) + return NETSNMP_FS_TYPE_OTHER; + +diff -up net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h.btrfs net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h +--- net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h.btrfs 2013-09-11 12:00:15.283166852 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h 2013-09-11 12:00:15.284166847 +0200 +@@ -148,6 +148,9 @@ + #ifndef MNTTYPE_VZFS + #define MNTTYPE_VZFS "vzfs" + #endif ++#ifndef MNTTYPE_BTRFS ++#define MNTTYPE_BTRFS "btrfs" ++#endif + + /* + * File systems to skip diff --git a/SOURCES/net-snmp-5.7.2-client-udp6.patch b/SOURCES/net-snmp-5.7.2-client-udp6.patch new file mode 100644 index 0000000..5405239 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-client-udp6.patch @@ -0,0 +1,112 @@ +diff -urpN old/snmplib/snmp_api.c new/snmplib/snmp_api.c +--- old/snmplib/snmp_api.c 2017-04-03 09:07:41.795091238 +0200 ++++ new/snmplib/snmp_api.c 2017-04-03 10:54:47.809422106 +0200 +@@ -1553,12 +1553,12 @@ _sess_open(netsnmp_session * in_session) + if (in_session->flags & SNMP_FLAGS_STREAM_SOCKET) { + transport = + netsnmp_tdomain_transport_full("snmp", in_session->peername, +- in_session->local_port, "tcp", ++ in_session->local_port, "tcp,tcp6", + NULL); + } else { + transport = + netsnmp_tdomain_transport_full("snmp", in_session->peername, +- in_session->local_port, "udp", ++ in_session->local_port, "udp,udp6", + NULL); + } + +diff -urpN old/snmplib/snmp_transport.c new/snmplib/snmp_transport.c +--- old/snmplib/snmp_transport.c 2012-10-10 00:28:58.000000000 +0200 ++++ new/snmplib/snmp_transport.c 2017-04-03 11:50:49.158878706 +0200 +@@ -498,6 +498,9 @@ netsnmp_tdomain_transport_full(const cha + const char * const *spec = NULL; + int any_found = 0; + char buf[SNMP_MAXPATH]; ++ char **lspec = 0; ++ char *tokenized_domain = 0; ++ + + DEBUGMSGTL(("tdomain", + "tdomain_transport_full(\"%s\", \"%s\", %d, \"%s\", \"%s\")\n", +@@ -587,7 +590,23 @@ netsnmp_tdomain_transport_full(const cha + DEBUGMSGTL(("tdomain", + "Use user specified default domain \"%s\"\n", + default_domain)); +- match = find_tdomain(default_domain); ++ if (!strchr(default_domain, ',')) ++ match = find_tdomain(default_domain); ++ else { ++ int commas = 0; ++ const char *cp = default_domain; ++ char *ptr = NULL; ++ tokenized_domain = strdup(default_domain); ++ ++ while (*++cp) if (*cp == ',') commas++; ++ lspec = calloc(commas+2, sizeof(char *)); ++ commas = 1; ++ lspec[0] = strtok_r(tokenized_domain, ",", &ptr); ++ while ((lspec[commas++] = strtok_r(NULL, ",", &ptr))) ++ ; ++ spec = (const char * const *)lspec; ++ } ++ + } else { + spec = netsnmp_lookup_default_domains(application); + if (spec == NULL) { +@@ -636,6 +655,10 @@ netsnmp_tdomain_transport_full(const cha + else + t = match->f_create_from_tstring_new(addr, local, addr2); + if (t) { ++ if (lspec) { ++ free(tokenized_domain); ++ free(lspec); ++ } + return t; + } + } +@@ -647,6 +670,10 @@ netsnmp_tdomain_transport_full(const cha + } + if (!any_found) + snmp_log(LOG_ERR, "No support for any checked transport domain\n"); ++ if (lspec) { ++ free(tokenized_domain); ++ free(lspec); ++ } + return NULL; + } + +diff -urpN old/snmplib/system.c new/snmplib/system.c +--- old/snmplib/system.c 2012-10-10 00:28:58.000000000 +0200 ++++ new/snmplib/system.c 2017-04-03 12:02:35.693153449 +0200 +@@ -750,13 +750,6 @@ netsnmp_gethostbyname_v4(const char* nam + + err = netsnmp_getaddrinfo(name, NULL, &hint, &addrs); + if (err != 0) { +-#if HAVE_GAI_STRERROR +- snmp_log(LOG_ERR, "getaddrinfo: %s %s\n", name, +- gai_strerror(err)); +-#else +- snmp_log(LOG_ERR, "getaddrinfo: %s (error %d)\n", name, +- err); +-#endif + return -1; + } + +diff -urpN old/snmplib/transports/snmpIPv6BaseDomain.c new/snmplib/transports/snmpIPv6BaseDomain.c +--- old/snmplib/transports/snmpIPv6BaseDomain.c 2012-10-10 00:28:58.000000000 +0200 ++++ new/snmplib/transports/snmpIPv6BaseDomain.c 2017-04-03 12:00:38.669641503 +0200 +@@ -342,13 +342,6 @@ netsnmp_sockaddr_in6_2(struct sockaddr_i + err = netsnmp_getaddrinfo(peername, NULL, &hint, &addrs); + } + if (err != 0) { +-#if HAVE_GAI_STRERROR +- snmp_log(LOG_ERR, "getaddrinfo(\"%s\", NULL, ...): %s\n", peername, +- gai_strerror(err)); +-#else +- snmp_log(LOG_ERR, "getaddrinfo(\"%s\", NULL, ...): (error %d)\n", +- peername, err); +-#endif + free(peername); + return 0; + } diff --git a/SOURCES/net-snmp-5.7.2-client-write-var.patch b/SOURCES/net-snmp-5.7.2-client-write-var.patch new file mode 100644 index 0000000..fe3bb41 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-client-write-var.patch @@ -0,0 +1,128 @@ +1151310 - snmptrap can't create (or write to) /var/lib/net-snmp/snmpapp.conf if isn't run under root +Backported from: + +commit 53ee5f1d240ac90adae935538bdc2ca13a8caa32 +Author: Jan Safranek +Date: Wed Feb 18 16:29:16 2015 +0100 + + CHANGES: snmplib: Fixed reporting 'error writing to /var/xxx/snmpapp.conf'. + + When a client utility, such as snmptrap, tries to write to its persistent + configuration file (/var/net-snmp/snmpapp.conf in Fedora), do not report + any error when open() fails. The tool is typically run by non-root, who + cannot write to /var and the error just confuses users. + + And when doing it, make sure that "snmpapp" string is defined only on one + place, just in case. + +diff -up net-snmp-5.7.2/agent/mibgroup/disman/expression/expValueTable.c.test net-snmp-5.7.2/agent/mibgroup/disman/expression/expValueTable.c +--- net-snmp-5.7.2/agent/mibgroup/disman/expression/expValueTable.c.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/disman/expression/expValueTable.c 2015-06-18 14:06:47.871027563 +0200 +@@ -127,7 +127,7 @@ init_expValueTable(void) + REGISTER_MIB("expValueTable", + expValueTable_variables, variable2, + expValueTable_variables_oid); +- init_snmp("snmpapp"); ++ init_snmp(NETSNMP_APPLICATION_CONFIG_TYPE); + + /* + * Initialize a "session" that defines who we're going to talk to +diff -up net-snmp-5.7.2/apps/snmptranslate.c.test net-snmp-5.7.2/apps/snmptranslate.c +--- net-snmp-5.7.2/apps/snmptranslate.c.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/apps/snmptranslate.c 2015-06-18 14:06:47.872027568 +0200 +@@ -236,7 +236,7 @@ main(int argc, char *argv[]) + } + } + +- init_snmp("snmpapp"); ++ init_snmp(NETSNMP_APPLICATION_CONFIG_TYPE); + if (optind < argc) + current_name = argv[optind]; + +diff -up net-snmp-5.7.2/apps/snmptrap.c.test net-snmp-5.7.2/apps/snmptrap.c +--- net-snmp-5.7.2/apps/snmptrap.c.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/apps/snmptrap.c 2015-06-18 14:06:47.872027568 +0200 +@@ -386,7 +386,7 @@ main(int argc, char *argv[]) + snmp_free_pdu(response); + + snmp_close(ss); +- snmp_shutdown("snmpapp"); ++ snmp_shutdown(NETSNMP_APPLICATION_CONFIG_TYPE); + SOCK_CLEANUP; + return exitval; + } +diff -up net-snmp-5.7.2/include/net-snmp/library/read_config.h.test net-snmp-5.7.2/include/net-snmp/library/read_config.h +--- net-snmp-5.7.2/include/net-snmp/library/read_config.h.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/include/net-snmp/library/read_config.h 2015-06-18 14:06:47.873027572 +0200 +@@ -15,6 +15,12 @@ extern "C" { + #define PREMIB_CONFIG 1 + #define EITHER_CONFIG 2 + ++/* ++ * Value of 'type' parameter of various snmp_config calls, ++ * used by Net-SNMP client utilities. ++ */ ++#define NETSNMP_APPLICATION_CONFIG_TYPE "snmpapp" ++ + #include + + /* +diff -up net-snmp-5.7.2/snmplib/read_config.c.test net-snmp-5.7.2/snmplib/read_config.c +--- net-snmp-5.7.2/snmplib/read_config.c.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/read_config.c 2015-06-18 14:06:47.874027577 +0200 +@@ -1540,7 +1540,14 @@ read_config_store(const char *type, cons + DEBUGMSGTL(("read_config:store", "storing: %s\n", line)); + fclose(fout); + } else { +- snmp_log(LOG_ERR, "read_config_store open failure on %s\n", filep); ++ if (strcmp(NETSNMP_APPLICATION_CONFIG_TYPE, type) != 0) { ++ /* ++ * Ignore this error in client utilities, they can run with random ++ * UID/GID and typically cannot write to /var. Error message just ++ * confuses people. ++ */ ++ snmp_log(LOG_ERR, "read_config_store open failure on %s"); ++ } + } + #ifdef NETSNMP_PERSISTENT_MASK + umask(oldmask); +diff -up net-snmp-5.7.2/snmplib/snmp_parse_args.c.test net-snmp-5.7.2/snmplib/snmp_parse_args.c +--- net-snmp-5.7.2/snmplib/snmp_parse_args.c.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/snmp_parse_args.c 2015-06-18 14:06:47.874027577 +0200 +@@ -250,7 +250,7 @@ netsnmp_parse_args(int argc, + break; + + case 'H': +- init_snmp("snmpapp"); ++ init_snmp(NETSNMP_APPLICATION_CONFIG_TYPE); + fprintf(stderr, "Configuration directives understood:\n"); + read_config_print_usage(" "); + return (NETSNMP_PARSE_ARGS_SUCCESS_EXIT); +@@ -640,7 +640,7 @@ netsnmp_parse_args(int argc, + /* + * read in MIB database and initialize the snmp library + */ +- init_snmp("snmpapp"); ++ init_snmp(NETSNMP_APPLICATION_CONFIG_TYPE); + + /* + * session default version +commit 653da2f955f88d7419363e6d31f2b5f0ffdc4f73 +Author: Jan Safranek +Date: Thu Feb 19 13:40:37 2015 +0100 + + Fixed missing printf argument from previous commit. + +diff --git a/snmplib/read_config.c b/snmplib/read_config.c +index 6157fc6..2972232 100644 +--- a/snmplib/read_config.c ++++ b/snmplib/read_config.c +@@ -1317,7 +1317,7 @@ read_config_store(const char *type, const char *line) + * UID/GID and typically cannot write to /var. Error message just + * confuses people. + */ +- snmp_log(LOG_ERR, "read_config_store open failure on %s"); ++ snmp_log(LOG_ERR, "read_config_store open failure on %s\n", filep); + } + } + #ifdef NETSNMP_PERSISTENT_MASK diff --git a/SOURCES/net-snmp-5.7.2-clientaddr-error-msg.patch b/SOURCES/net-snmp-5.7.2-clientaddr-error-msg.patch new file mode 100644 index 0000000..8f8afbd --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-clientaddr-error-msg.patch @@ -0,0 +1,21 @@ +1086925 - snmpd does not report error when clientaddr : cannot bind to the specified port + +commit 68d2c8fd4bf2390612f288ff488b7c08102bcd0a +Author: Jan Safranek +Date: Wed Jan 14 11:52:05 2015 +0100 + + Added error message when bind for clientaddr fails. + +diff --git a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c +index fa39e4b..b8b6683 100644 +--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c ++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c +@@ -221,6 +221,8 @@ netsnmp_udpipv4base_transport(struct sockaddr_in *addr, int local) + if ( rc != 0 ) { + DEBUGMSGTL(("netsnmp_udpbase", "failed to bind for clientaddr: %d %s\n", + errno, strerror(errno))); ++ snmp_log(LOG_ERR, "Cannot bind for clientaddr: %s\n", ++ strerror(errno)); + netsnmp_socketbase_close(t); + netsnmp_transport_free(t); + return NULL; diff --git a/SOURCES/net-snmp-5.7.2-clientaddr-port.patch b/SOURCES/net-snmp-5.7.2-clientaddr-port.patch new file mode 100644 index 0000000..e82a277 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-clientaddr-port.patch @@ -0,0 +1,158 @@ +833013 - The port number specified with clientaddr is not used for trap udp socket + +commit 521b4e28b4c794a9d6d929858478d13875246ce3 +Author: Ivosh +Date: Mon Jul 30 10:53:22 2012 -0700 + + CHANGES: libnetsnmp: PATCH 3404876: from hardaker: ability to specify local-bound port in addition to address + + Signed-off-by: Wes Hardaker + +diff -up net-snmp-5.7.2/include/net-snmp/library/default_store.h.port net-snmp-5.7.2/include/net-snmp/library/default_store.h +--- net-snmp-5.7.2/include/net-snmp/library/default_store.h.port 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/include/net-snmp/library/default_store.h 2012-11-13 10:51:34.528804796 +0100 +@@ -94,6 +94,7 @@ extern "C" { + #define NETSNMP_DS_LIB_TSM_USE_PREFIX 39 /* TSM's simple security name mapping */ + #define NETSNMP_DS_LIB_DONT_LOAD_HOST_FILES 40 /* don't read host.conf files */ + #define NETSNMP_DS_LIB_DNSSEC_WARN_ONLY 41 /* tread DNSSEC errors as warnings */ ++#define NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT 42 /* NETSNMP_DS_LIB_CLIENT_ADDR includes address and also port */ + #define NETSNMP_DS_LIB_MAX_BOOL_ID 48 /* match NETSNMP_DS_MAX_SUBIDS */ + + /* +diff -up net-snmp-5.7.2/perl/default_store/default_store.pm.port net-snmp-5.7.2/perl/default_store/default_store.pm +--- net-snmp-5.7.2/perl/default_store/default_store.pm.port 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/perl/default_store/default_store.pm 2012-11-13 10:51:34.679804190 +0100 +@@ -63,6 +63,7 @@ use vars qw(@ISA %EXPORT_TAGS @EXPORT_OK + NETSNMP_DS_LIB_DISABLE_PERSISTENT_LOAD + NETSNMP_DS_LIB_DISABLE_PERSISTENT_SAVE + NETSNMP_DS_LIB_APPEND_LOGFILES ++ NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT + NETSNMP_DS_LIB_MIB_WARNINGS + NETSNMP_DS_LIB_SECLEVEL + NETSNMP_DS_LIB_SNMPVERSION +@@ -161,6 +162,7 @@ use vars qw(@ISA %EXPORT_TAGS @EXPORT_OK + NETSNMP_DS_LIB_DISABLE_PERSISTENT_LOAD + NETSNMP_DS_LIB_DISABLE_PERSISTENT_SAVE + NETSNMP_DS_LIB_APPEND_LOGFILES ++ NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT + NETSNMP_DS_LIB_MIB_WARNINGS + NETSNMP_DS_LIB_SECLEVEL + NETSNMP_DS_LIB_SNMPVERSION +@@ -299,6 +301,7 @@ None by default. + NETSNMP_DS_LIB_DISABLE_PERSISTENT_LOAD + NETSNMP_DS_LIB_DISABLE_PERSISTENT_SAVE + NETSNMP_DS_LIB_APPEND_LOGFILES ++ NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT + NETSNMP_DS_LIB_MIB_WARNINGS + NETSNMP_DS_LIB_SECLEVEL + NETSNMP_DS_LIB_SNMPVERSION +diff -up net-snmp-5.7.2/perl/default_store/default_store.xs.port net-snmp-5.7.2/perl/default_store/default_store.xs +--- net-snmp-5.7.2/perl/default_store/default_store.xs.port 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/perl/default_store/default_store.xs 2012-11-13 10:51:35.154802043 +0100 +@@ -1238,6 +1238,17 @@ __END__ + #endif + } + break; ++ case 36: ++ if (memEQ(name, "NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT", 36)) { ++#ifdef NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT ++ *iv_return = NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT; ++ return PERL_constant_ISIV; ++#else ++ return PERL_constant_NOTDEF; ++#endif ++ } ++ break; ++ + case 38: + return constant_38 (aTHX_ name, iv_return); + break; +@@ -1245,8 +1256,6 @@ __END__ + return PERL_constant_NOTFOUND; + } + +- +- + /* autogenerated by "gen" from const-xs.inc */ + + MODULE = NetSNMP::default_store PACKAGE = NetSNMP::default_store +diff -up net-snmp-5.7.2/perl/default_store/test.pl.port net-snmp-5.7.2/perl/default_store/test.pl +--- net-snmp-5.7.2/perl/default_store/test.pl.port 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/perl/default_store/test.pl 2012-11-13 10:51:35.185801918 +0100 +@@ -52,6 +52,7 @@ BEGIN { $| = 1; + "NETSNMP_DS_LIB_DISABLE_PERSISTENT_LOAD" => 35, + "NETSNMP_DS_LIB_DISABLE_PERSISTENT_SAVE" => 36, + "NETSNMP_DS_LIB_APPEND_LOGFILES" => 37, ++ "NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT" => 42, + "NETSNMP_DS_LIB_MIB_WARNINGS" => 0, + "NETSNMP_DS_LIB_SECLEVEL" => 1, + "NETSNMP_DS_LIB_SNMPVERSION" => 2, +diff -up net-snmp-5.7.2/snmplib/snmp_api.c.port net-snmp-5.7.2/snmplib/snmp_api.c +--- net-snmp-5.7.2/snmplib/snmp_api.c.port 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/snmp_api.c 2012-11-13 10:51:35.188801906 +0100 +@@ -769,6 +769,8 @@ register_default_handlers(void) + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_16BIT_IDS); + netsnmp_ds_register_premib(ASN_OCTET_STR, "snmp", "clientaddr", + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_CLIENT_ADDR); ++ netsnmp_ds_register_premib(ASN_BOOLEAN, "snmp", "clientaddrUsesPort", ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT); + netsnmp_ds_register_config(ASN_INTEGER, "snmp", "serverSendBuf", + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_SERVERSENDBUF); + netsnmp_ds_register_config(ASN_INTEGER, "snmp", "serverRecvBuf", +diff -up net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c.port net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c +--- net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c.port 2012-11-13 10:51:32.781812675 +0100 ++++ net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c 2012-11-13 10:51:35.190801898 +0100 +@@ -183,8 +183,29 @@ netsnmp_udpipv4base_transport(struct soc + NETSNMP_DS_LIB_CLIENT_ADDR); + if (client_socket) { + struct sockaddr_in client_addr; +- netsnmp_sockaddr_in2(&client_addr, client_socket, NULL); +- client_addr.sin_port = 0; ++ ++ char *client_address = client_socket; ++ int uses_port = netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, ++ NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT); ++ if ((uses_port == 1) && (strchr(client_socket, ':') == NULL)) { ++ client_address = malloc(strlen(client_socket) + 3); ++ if (client_address == NULL) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } /* if NETSNMP_DS_LIB_CLIENT_ADDR */ ++ strcpy(client_address, client_socket); /* expects a port but there is none */ ++ strcat(client_address, ":0"); /* specified then provide ephemeral one */ ++ } ++ ++ netsnmp_sockaddr_in2(&client_addr, client_address, NULL); ++ if (uses_port == 0) { ++ client_addr.sin_port = 0; ++ } ++ if (client_address != client_socket) { ++ free(client_address); ++ } ++ + DEBUGMSGTL(("netsnmp_udpbase", "binding socket: %d\n", t->sock)); + rc = bind(t->sock, (struct sockaddr *)&client_addr, + sizeof(struct sockaddr)); +commit 9e00fff692081e36c9d883fab7b6bd8881c670fc +Author: Jan Safranek +Date: Tue Aug 7 12:27:18 2012 +0200 + + Document new clientaddrUsesPort option. + +diff --git a/man/snmp.conf.5.def b/man/snmp.conf.5.def +index 9c7c55b..904635b 100644 +--- a/man/snmp.conf.5.def ++++ b/man/snmp.conf.5.def +@@ -127,6 +127,10 @@ This value is also used by \fBsnmpd\fR when generating notifications. + .\" But not responses to an incoming request? + .\" What about snmptrapd? + .\" ++.IP "clientaddrUsesPort no" ++specifies, if clientaddr option contains a port number. Set this option ++to "yes", if clientaddr contains a port number and this port should ++be used for sending outgoing SNMP requests. + .IP "clientRecvBuf INTEGER" + specifies the desired size of the buffer to be used when receiving + responses to SNMP requests. + diff --git a/SOURCES/net-snmp-5.7.2-counter64.patch b/SOURCES/net-snmp-5.7.2-counter64.patch new file mode 100644 index 0000000..dd49098 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-counter64.patch @@ -0,0 +1,309 @@ +From 0dc151a72ce495d3d94704efba609505e465292b Mon Sep 17 00:00:00 2001 +From: Niels Baggesen +Date: Mon, 13 Jun 2016 16:50:08 +0200 +Subject: [PATCH] UCD-SNMP-MIB: Add 64-bit memory objects for large servers. + +--- + agent/mibgroup/ucd-snmp/memory.c | 100 ++++++++++++++++++++++++-- + agent/mibgroup/ucd-snmp/memory.h | 9 +++ + mibs/UCD-SNMP-MIB.txt | 116 ++++++++++++++++++++++++++++++- + 3 files changed, 220 insertions(+), 5 deletions(-) + +diff --git a/agent/mibgroup/ucd-snmp/memory.c b/agent/mibgroup/ucd-snmp/memory.c +index 742186f3a..a7f060a50 100644 +--- a/agent/mibgroup/ucd-snmp/memory.c ++++ b/agent/mibgroup/ucd-snmp/memory.c +@@ -26,7 +26,7 @@ init_memory(void) + netsnmp_create_handler_registration("memory", handle_memory, + memory_oid, OID_LENGTH(memory_oid), + HANDLER_CAN_RONLY), +- 1, 17); ++ 1, 26); + netsnmp_register_scalar( + netsnmp_create_handler_registration("memSwapError", handle_memory, + memSwapError_oid, OID_LENGTH(memSwapError_oid), +@@ -59,7 +59,9 @@ handle_memory(netsnmp_mib_handler *handler, + netsnmp_request_info *requests) + { + netsnmp_memory_info *mem_info; +- int val; ++ unsigned long val; ++ struct counter64 c64; ++ int type = ASN_INTEGER; + char buf[1024]; + + /* +@@ -184,6 +186,92 @@ handle_memory(netsnmp_mib_handler *handler, + val = (mem_info->size - mem_info->free); /* cached */ + val *= (mem_info->units/1024); + break; ++ case MEMORY_SWAP_TOTAL_X: ++ type = ASN_COUNTER64; ++ mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 ); ++ if (!mem_info) ++ goto NOSUCH; ++ val = mem_info->size; ++ val *= (mem_info->units/1024); ++ c64.low = val & 0xFFFFFFFF; ++ c64.high = val >>32; ++ break; ++ case MEMORY_SWAP_AVAIL_X: ++ type = ASN_COUNTER64; ++ mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 ); ++ if (!mem_info) ++ goto NOSUCH; ++ val = mem_info->free; ++ val *= (mem_info->units/1024); ++ c64.low = val & 0xFFFFFFFF; ++ c64.high = val >>32; ++ break; ++ case MEMORY_REAL_TOTAL_X: ++ type = ASN_COUNTER64; ++ mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_PHYSMEM, 0 ); ++ if (!mem_info) ++ goto NOSUCH; ++ val = mem_info->size; ++ val *= (mem_info->units/1024); ++ c64.low = val & 0xFFFFFFFF; ++ c64.high = val >>32; ++ break; ++ case MEMORY_REAL_AVAIL_X: ++ type = ASN_COUNTER64; ++ mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_PHYSMEM, 0 ); ++ if (!mem_info) ++ goto NOSUCH; ++ val = mem_info->free; ++ val *= (mem_info->units/1024); ++ c64.low = val & 0xFFFFFFFF; ++ c64.high = val >>32; ++ break; ++ case MEMORY_SWAP_MIN_X: ++ type = ASN_COUNTER64; ++ val = minimum_swap; ++ c64.low = val & 0xFFFFFFFF; ++ c64.high = val >>32; ++ break; ++ case MEMORY_FREE_X: ++ type = ASN_COUNTER64; ++ mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_VIRTMEM, 0 ); ++ if (!mem_info) ++ goto NOSUCH; ++ val = mem_info->free; ++ val *= (mem_info->units/1024); ++ c64.low = val & 0xFFFFFFFF; ++ c64.high = val >>32; ++ break; ++ case MEMORY_SHARED_X: ++ type = ASN_COUNTER64; ++ mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SHARED, 0 ); ++ if (!mem_info) ++ goto NOSUCH; ++ val = mem_info->size; ++ val *= (mem_info->units/1024); ++ c64.low = val & 0xFFFFFFFF; ++ c64.high = val >>32; ++ break; ++ case MEMORY_BUFFER_X: ++ type = ASN_COUNTER64; ++ mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_MBUF, 0 ); ++ if (!mem_info) ++ goto NOSUCH; ++ val = mem_info->size - mem_info->free; ++ val *= (mem_info->units/1024); ++ c64.low = val & 0xFFFFFFFF; ++ c64.high = val >>32; ++ break; ++ case MEMORY_CACHED_X: ++ type = ASN_COUNTER64; ++ mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_CACHED, 0 ); ++ if (!mem_info) ++ goto NOSUCH; ++ val = mem_info->size - mem_info->free; ++ val *= (mem_info->units/1024); ++ c64.low = val & 0xFFFFFFFF; ++ c64.high = val >>32; ++ break; + case MEMORY_SWAP_ERROR: + mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 ); + if (!mem_info) +@@ -213,8 +301,12 @@ handle_memory(netsnmp_mib_handler *handler, + * All non-integer objects (and errors) have already been + * processed. So return the integer value. + */ +- snmp_set_var_typed_value(requests->requestvb, ASN_INTEGER, +- (u_char *)&val, sizeof(val)); ++ if (type == ASN_INTEGER) ++ snmp_set_var_typed_value(requests->requestvb, ASN_INTEGER, ++ (u_char *)&val, sizeof(val)); ++ else ++ snmp_set_var_typed_value(requests->requestvb, ASN_COUNTER64, ++ (u_char *)&c64, sizeof(c64)); + break; + + default: +diff --git a/agent/mibgroup/ucd-snmp/memory.h b/agent/mibgroup/ucd-snmp/memory.h +index a44d82e51..ded214022 100644 +--- a/agent/mibgroup/ucd-snmp/memory.h ++++ b/agent/mibgroup/ucd-snmp/memory.h +@@ -32,6 +32,15 @@ Netsnmp_Node_Handler handle_memory; + #define MEMORY_CACHED 15 + #define MEMORY_STXT_USED 16 + #define MEMORY_RTXT_USED 17 ++#define MEMORY_SWAP_TOTAL_X 18 ++#define MEMORY_SWAP_AVAIL_X 19 ++#define MEMORY_REAL_TOTAL_X 20 ++#define MEMORY_REAL_AVAIL_X 21 ++#define MEMORY_FREE_X 22 ++#define MEMORY_SWAP_MIN_X 23 ++#define MEMORY_SHARED_X 24 ++#define MEMORY_BUFFER_X 25 ++#define MEMORY_CACHED_X 26 + #define MEMORY_SWAP_ERROR 100 + #define MEMORY_SWAP_ERRMSG 101 + #endif /* MEMORY_H */ +diff --git a/mibs/UCD-SNMP-MIB.txt b/mibs/UCD-SNMP-MIB.txt +index e8acc8c0d..cde67feb5 100644 +--- a/mibs/UCD-SNMP-MIB.txt ++++ b/mibs/UCD-SNMP-MIB.txt +@@ -33,11 +33,14 @@ IMPORTS + Integer32, Opaque, enterprises, Counter32, Unsigned32 + FROM SNMPv2-SMI + ++ CounterBasedGauge64 ++ FROM HCNUM-TC ++ + TEXTUAL-CONVENTION, DisplayString, TruthValue + FROM SNMPv2-TC; + + ucdavis MODULE-IDENTITY +- LAST-UPDATED "200901190000Z" ++ LAST-UPDATED "201606100000Z" + ORGANIZATION "University of California, Davis" + CONTACT-INFO + "This mib is no longer being maintained by the University of +@@ -55,6 +58,10 @@ ucdavis MODULE-IDENTITY + DESCRIPTION + "This file defines the private UCD SNMP MIB extensions." + ++ REVISION "201606100000Z" ++ DESCRIPTION ++ "New 64-bit memory objects" ++ + REVISION "201105140000Z" + DESCRIPTION + "New objects for monitoring CPU Steal, Guest and Nice values" +@@ -629,6 +636,113 @@ memUsedRealTXT OBJECT-TYPE + pages from other uses of physical memory." + ::= { memory 17 } + ++memTotalSwapX OBJECT-TYPE ++ SYNTAX CounterBasedGauge64 ++ UNITS "kB" ++ MAX-ACCESS read-only ++ STATUS current ++ DESCRIPTION ++ "The total amount of swap space configured for this host." ++ ::= { memory 18 } ++ ++memAvailSwapX OBJECT-TYPE ++ SYNTAX CounterBasedGauge64 ++ UNITS "kB" ++ MAX-ACCESS read-only ++ STATUS current ++ DESCRIPTION ++ "The amount of swap space currently unused or available." ++ ::= { memory 19 } ++ ++memTotalRealX OBJECT-TYPE ++ SYNTAX CounterBasedGauge64 ++ UNITS "kB" ++ MAX-ACCESS read-only ++ STATUS current ++ DESCRIPTION ++ "The total amount of real/physical memory installed ++ on this host." ++ ::= { memory 20 } ++ ++memAvailRealX OBJECT-TYPE ++ SYNTAX CounterBasedGauge64 ++ UNITS "kB" ++ MAX-ACCESS read-only ++ STATUS current ++ DESCRIPTION ++ "The amount of real/physical memory currently unused ++ or available." ++ ::= { memory 21 } ++ ++ ++memTotalFreeX OBJECT-TYPE ++ SYNTAX CounterBasedGauge64 ++ UNITS "kB" ++ MAX-ACCESS read-only ++ STATUS current ++ DESCRIPTION ++ "The total amount of memory free or available for use on ++ this host. This value typically covers both real memory ++ and swap space or virtual memory." ++ ::= { memory 22 } ++ ++memMinimumSwapX OBJECT-TYPE ++ SYNTAX CounterBasedGauge64 ++ UNITS "kB" ++ MAX-ACCESS read-only ++ STATUS current ++ DESCRIPTION ++ "The minimum amount of swap space expected to be kept ++ free or available during normal operation of this host. ++ ++ If this value (as reported by 'memAvailSwap(4)') falls ++ below the specified level, then 'memSwapError(100)' will ++ be set to 1 and an error message made available via ++ 'memSwapErrorMsg(101)'." ++ ::= { memory 23 } ++ ++memSharedX OBJECT-TYPE ++ SYNTAX CounterBasedGauge64 ++ UNITS "kB" ++ MAX-ACCESS read-only ++ STATUS current ++ DESCRIPTION ++ "The total amount of real or virtual memory currently ++ allocated for use as shared memory. ++ ++ This object will not be implemented on hosts where the ++ underlying operating system does not explicitly identify ++ memory as specifically reserved for this purpose." ++ ::= { memory 24 } ++ ++memBufferX OBJECT-TYPE ++ SYNTAX CounterBasedGauge64 ++ UNITS "kB" ++ MAX-ACCESS read-only ++ STATUS current ++ DESCRIPTION ++ "The total amount of real or virtual memory currently ++ allocated for use as memory buffers. ++ ++ This object will not be implemented on hosts where the ++ underlying operating system does not explicitly identify ++ memory as specifically reserved for this purpose." ++ ::= { memory 25 } ++ ++memCachedX OBJECT-TYPE ++ SYNTAX CounterBasedGauge64 ++ UNITS "kB" ++ MAX-ACCESS read-only ++ STATUS current ++ DESCRIPTION ++ "The total amount of real or virtual memory currently ++ allocated for use as cached memory. ++ ++ This object will not be implemented on hosts where the ++ underlying operating system does not explicitly identify ++ memory as specifically reserved for this purpose." ++ ::= { memory 26 } ++ + memSwapError OBJECT-TYPE + SYNTAX UCDErrorFlag + MAX-ACCESS read-only + diff --git a/SOURCES/net-snmp-5.7.2-create-user-multilib.patch b/SOURCES/net-snmp-5.7.2-create-user-multilib.patch new file mode 100644 index 0000000..dc74514 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-create-user-multilib.patch @@ -0,0 +1,41 @@ +Make net-snmp-create-v3-user multilib-clean + +The file had different NSC_AGENTLIBS on different architectures. + +Source: upstream + +commit 68300a9fb43568c5d833c48a2fef3ff16c2923c3 +Author: Jan Safranek +Date: Thu Feb 7 10:14:33 2013 +0100 + + Remove unused variables. + +diff -up net-snmp-5.7.2/net-snmp-create-v3-user.in.multilib net-snmp-5.7.2/net-snmp-create-v3-user.in +--- net-snmp-5.7.2/net-snmp-create-v3-user.in.multilib 2013-03-22 10:19:41.151901243 +0100 ++++ net-snmp-5.7.2/net-snmp-create-v3-user.in 2013-03-22 10:20:02.476801266 +0100 +@@ -8,25 +8,7 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +-libdir=@libdir@ + datarootdir=@datarootdir@ +-NSC_LDFLAGS="@LDFLAGS@" +-NSC_INCLUDEDIR=${includedir} +-NSC_LIBDIR=-L${libdir} +-NSC_LIBS="@LIBS@" +-NSC_AGENTLIBS="@AGENTLIBS@ @PERLLDOPTS_FOR_APPS@" +-NSC_PREFIX=$prefix +-NSC_EXEC_PREFIX=$exec_prefix +-NSC_SRCDIR=@srcdir@ +-NSC_INCDIR=${NSC_PREFIX}/include +-NSC_BASE_SUBAGENT_LIBS="-lnetsnmpagent -lnetsnmp" +-NSC_BASE_AGENT_LIBS="-lnetsnmpagent -lnetsnmpmibs -lnetsnmp" +-NSC_SRC_LIBDIRS="agent/.libs snmplib/.libs" +-NSC_SRC_LIBDEPS="agent/.libs/libnetsnmpmibs.a agent/.libs/libnetsnmpagent.a snmplib/.libs/libnetsnmp.a" +- +-if test "x$NSC_SRCDIR" = "x." ; then +- NSC_SRCDIR="NET-SNMP-SOURCE-DIR" +-fi + + if @PSCMD@ | egrep ' snmpd *$' > /dev/null 2>&1 ; then + echo "Apparently at least one snmpd demon is already running." diff --git a/SOURCES/net-snmp-5.7.2-diskio-whitelist.patch b/SOURCES/net-snmp-5.7.2-diskio-whitelist.patch new file mode 100644 index 0000000..754d863 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-diskio-whitelist.patch @@ -0,0 +1,427 @@ +1092308 - backport diskio device filtering + +Backported from: + +commit 5be210c90870ff6bab193d497d401b92c1d50db9 +Author: Jan Safranek +Date: Thu Mar 6 13:26:30 2014 +0100 + + CHANGES: snmpd: add new snmpd.conf option 'diskio' to monitor only selected disks. + + On machines with thousands of block devices, parsing /proc/diskstats is really + slow. The new option enables monitoring of selected devices, saving lot of CPU + time. + +diff -up net-snmp-5.7.2/agent/mibgroup/ucd-snmp/diskio.c.test net-snmp-5.7.2/agent/mibgroup/ucd-snmp/diskio.c +--- net-snmp-5.7.2/agent/mibgroup/ucd-snmp/diskio.c.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/ucd-snmp/diskio.c 2015-06-18 15:14:57.164891695 +0200 +@@ -27,11 +27,18 @@ + + #include + ++#if defined (linux) ++/* for stat() */ ++#include ++#include ++#endif ++ + #include + #include + + #include "util_funcs/header_simple_table.h" + ++#include "struct.h" + /* + * include our .h file + */ +@@ -95,6 +102,66 @@ static int ps_numdisks; /* number of d + #if defined (linux) + #define DISKIO_SAMPLE_INTERVAL 5 + void devla_getstats(unsigned int regno, void * dummy); ++static void diskio_parse_config_disks(const char *token, char *cptr); ++static void diskio_free_config(void); ++static int get_sysfs_stats(void); ++ ++struct diskiopart { ++ char syspath[STRMAX]; /* full stat path */ ++ char name[STRMAX]; /* name as provided */ ++ char shortname[STRMAX]; /* short name for output */ ++ int major; ++ int minor; ++}; ++ ++static int numdisks; ++static int maxdisks = 0; ++static struct diskiopart *disks; ++ ++#define DISK_INCR 2 ++ ++typedef struct linux_diskio ++{ ++ int major; ++ int minor; ++ unsigned long blocks; ++ char name[256]; ++ unsigned long rio; ++ unsigned long rmerge; ++ unsigned long rsect; ++ unsigned long ruse; ++ unsigned long wio; ++ unsigned long wmerge; ++ unsigned long wsect; ++ unsigned long wuse; ++ unsigned long running; ++ unsigned long use; ++ unsigned long aveq; ++} linux_diskio; ++ ++/* disk load averages */ ++typedef struct linux_diskio_la ++{ ++ unsigned long use_prev; ++ double la1, la5, la15; ++} linux_diskio_la; ++ ++typedef struct linux_diskio_header ++{ ++ linux_diskio* indices; ++ int length; ++ int alloc; ++} linux_diskio_header; ++ ++typedef struct linux_diskio_la_header ++{ ++ linux_diskio_la * indices; ++ int length; ++} linux_diskio_la_header; ++ ++static linux_diskio_header head; ++static linux_diskio_la_header la_head; ++ + #endif /* linux */ + + #if defined (darwin) +@@ -228,6 +295,8 @@ init_diskio(void) + devla_getstats(0, NULL); + /* collect LA data regularly */ + snmp_alarm_register(DISKIO_SAMPLE_INTERVAL, SA_REPEAT, devla_getstats, NULL); ++ snmpd_register_config_handler("diskio", diskio_parse_config_disks, ++ diskio_free_config, "path | device"); + #endif + + +@@ -870,49 +939,134 @@ var_diskio(struct variable * vp, + + #ifdef linux + +-#define DISK_INCR 2 +- +-typedef struct linux_diskio ++static void ++diskio_free_config() ++ { ++ if (la_head.length) { ++ /* reset any usage stats, we may get different list of devices from config */ ++ free(la_head.indices); ++ la_head.length = 0; ++ la_head.indices = NULL; ++ } ++ if (numdisks > 0) { ++ int i; ++ head.length = 0; ++ numdisks = 0; ++ for (i = 0; i < maxdisks; i++) { /* init/erase disk db */ ++ disks[i].syspath[0] = 0; ++ disks[i].name[0] = 0; ++ disks[i].shortname[0] = 0; ++ disks[i].major = -1; ++ disks[i].minor = -1; ++ } ++ } ++} ++static int ++disk_exists(char *path) + { +- int major; +- int minor; +- unsigned long blocks; +- char name[256]; +- unsigned long rio; +- unsigned long rmerge; +- unsigned long rsect; +- unsigned long ruse; +- unsigned long wio; +- unsigned long wmerge; +- unsigned long wsect; +- unsigned long wuse; +- unsigned long running; +- unsigned long use; +- unsigned long aveq; +-} linux_diskio; ++ int index; ++ for(index = 0; index < numdisks; index++) { ++ DEBUGMSGTL(("ucd-snmp/disk", "Checking for %s. Found %s at %d\n", path, disks[index].syspath, index)); ++ if(strcmp(path, disks[index].syspath) == 0) { ++ return index; ++ } ++ } ++ return -1; ++} + +-/* disk load averages */ +-typedef struct linux_diskio_la +-{ +- unsigned long use_prev; +- double la1, la5, la15; +-} linux_diskio_la; ++static void ++add_device(char *path, int addNewDisks ) ++ { ++ int index; ++ char device[STRMAX]; ++ char syspath[STRMAX]; ++ char *basename; ++ struct stat stbuf; + +-typedef struct linux_diskio_header +-{ +- linux_diskio* indices; +- int length; +- int alloc; +-} linux_diskio_header; ++ if (!path || !strcmp(path, "none")) { ++ DEBUGMSGTL(("ucd-snmp/diskio", "Skipping null path device (%s)\n", path)); ++ return; ++ } ++ if (numdisks == maxdisks) { ++ if (maxdisks == 0) { ++ maxdisks = 50; ++ disks = malloc(maxdisks * sizeof(struct diskiopart)); ++ if (!disks) { ++ config_perror("malloc failed for new disko allocation."); ++ netsnmp_config_error("\tignoring: %s", path); ++ return; ++ } ++ memset(disks, 0, maxdisks * sizeof(struct diskiopart)); ++ } else { ++ maxdisks *= 2; ++ disks = realloc(disks, maxdisks * sizeof(struct diskiopart)); ++ if (!disks) { ++ config_perror("malloc failed for new disko allocation."); ++ netsnmp_config_error("\tignoring: %s", path); ++ return; ++ } ++ memset(disks + maxdisks/2, 0, maxdisks/2 * sizeof(struct diskiopart)); ++ } ++ } + +-typedef struct linux_diskio_la_header +-{ +- linux_diskio_la * indices; +- int length; +-} linux_diskio_la_header; ++ /* first find the path for this device */ ++ device[0]='\0'; ++ if ( *path != '/' ) { ++ strlcpy(device, "/dev/", STRMAX - 1 ); ++ } ++ strncat(device, path, STRMAX - 1 ); ++ ++ /* check for /dev existence */ ++ if ( stat(device,&stbuf)!=0 ) { /* ENOENT */ ++ config_perror("diskio path does not exist."); ++ netsnmp_config_error("\tignoring: %s", path); ++ return; ++ } ++ else if ( ! S_ISBLK(stbuf.st_mode) ) { /* ENODEV */ ++ config_perror("diskio path is not a device."); ++ netsnmp_config_error("\tignoring: %s", path); ++ return; ++ } + +-static linux_diskio_header head; +-static linux_diskio_la_header la_head; ++ /* either came with a slash or we just put one there, so the following always works */ ++ basename = strrchr(device, '/' )+1; ++ /* construct a sys path using the device numbers to avoid having to disambiguate the various text forms */ ++ snprintf( syspath, STRMAX - 1, "/sys/dev/block/%d:%d/stat", major(stbuf.st_rdev), minor(stbuf.st_rdev) ); ++ DEBUGMSGTL(("ucd-snmp/diskio", " monitoring sys path (%s)\n", syspath)); ++ ++ index = disk_exists(syspath); ++ ++ if(index == -1 && addNewDisks){ ++ /* The following buffers are cleared above, no need to add '\0' */ ++ strlcpy(disks[numdisks].syspath, syspath, sizeof(disks[numdisks].syspath) - 1); ++ strlcpy(disks[numdisks].name, path, sizeof(disks[numdisks].name) - 1); ++ strlcpy(disks[numdisks].shortname, basename, sizeof(disks[numdisks].shortname) - 1); ++ disks[numdisks].major = major(stbuf.st_rdev); ++ disks[numdisks].minor = minor(stbuf.st_rdev); ++ numdisks++; ++ } ++} ++ ++static void ++diskio_parse_config_disks(const char *token, char *cptr) ++ { ++#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS ++ char path[STRMAX]; ++ ++ ++ /* ++ * read disk path (eg, /1 or /usr) ++ */ ++ copy_nword(cptr, path, sizeof(path)); ++ ++ /* TODO: we may include regular expressions in future */ ++ /* ++ * check if the disk already exists, if so then modify its ++ * parameters. if it does not exist then add it ++ */ ++ add_device(path, 1); ++#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */ ++} + + void devla_getstats(unsigned int regno, void * dummy) { + +@@ -976,6 +1130,47 @@ int is_excluded(const char *name) + return 0; + } + ++static int get_sysfs_stats() ++{ ++ int i; ++ char buffer[1024]; ++ ++ head.length = 0; ++ ++ for(i = 0; i < numdisks; i++) { ++ FILE *f = fopen(disks[i].syspath, "r"); ++ if ( f == NULL ) { ++ DEBUGMSGTL(("ucd-snmp/diskio", "Can't open %s, skipping", disks[i].syspath)); ++ continue; ++ } ++ if (fgets(buffer, sizeof(buffer), f) == NULL) { ++ DEBUGMSGTL(("ucd-snmp/diskio", "Can't read %s, skipping", disks[i].syspath)); ++ fclose(f); ++ continue; ++ } ++ ++ linux_diskio* pTemp; ++ if (head.length == head.alloc) { ++ head.alloc += DISK_INCR; ++ head.indices = (linux_diskio *) realloc(head.indices, head.alloc*sizeof(linux_diskio)); ++ } ++ pTemp = &head.indices[head.length]; ++ pTemp->major = disks[i].major; ++ pTemp->minor = disks[i].minor; ++ strlcpy( pTemp->name, disks[i].shortname, sizeof(pTemp->name) - 1 ); ++ if (sscanf (buffer, "%lu%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu\n", ++ &pTemp->rio, &pTemp->rmerge, &pTemp->rsect, &pTemp->ruse, ++ &pTemp->wio, &pTemp->wmerge, &pTemp->wsect, &pTemp->wuse, ++ &pTemp->running, &pTemp->use, &pTemp->aveq) != 11) ++ sscanf (buffer, "%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu%*[ \n\t]%lu\n", ++ &pTemp->rio, &pTemp->rsect, ++ &pTemp->wio, &pTemp->wsect); ++ head.length++; ++ fclose(f); ++ } ++ return 0; ++} ++ + static int + getstats(void) + { +@@ -995,6 +1189,14 @@ getstats(void) + + memset(head.indices, 0, head.alloc*sizeof(linux_diskio)); + ++ if (numdisks>0) { ++ /* 'diskio' configuration is used - go through the whitelist only and ++ * read /sys/dev/block/xxx */ ++ cache_time = now; ++ return get_sysfs_stats(); ++ } ++ /* 'diskio' configuration is not used - report all devices */ ++ + /* Is this a 2.6 kernel? */ + parts = fopen("/proc/diskstats", "r"); + if (parts) { +@@ -1111,13 +1313,22 @@ var_diskio(struct variable * vp, + long_ret = head.indices[indx].wio & 0xffffffff; + return (u_char *) & long_ret; + case DISKIO_LA1: +- long_ret = la_head.indices[indx].la1; ++ if (la_head.length > indx) ++ long_ret = la_head.indices[indx].la1; ++ else ++ long_ret = 0; + return (u_char *) & long_ret; + case DISKIO_LA5: +- long_ret = la_head.indices[indx].la5; ++ if (la_head.length > indx) ++ long_ret = la_head.indices[indx].la5; ++ else ++ long_ret = 0; + return (u_char *) & long_ret; + case DISKIO_LA15: +- long_ret = la_head.indices[indx].la15; ++ if (la_head.length > indx) ++ long_ret = la_head.indices[indx].la15; ++ else ++ long_ret = 0; + return (u_char *) & long_ret; + case DISKIO_NREADX: + *var_len = sizeof(struct counter64); +diff -up net-snmp-5.7.2/man/snmpd.conf.5.def.test net-snmp-5.7.2/man/snmpd.conf.5.def +--- net-snmp-5.7.2/man/snmpd.conf.5.def.test 2015-06-18 15:13:31.249470179 +0200 ++++ net-snmp-5.7.2/man/snmpd.conf.5.def 2015-06-18 15:16:45.481423115 +0200 +@@ -715,6 +715,15 @@ e.g. "loop0" + .IP "diskio_exclude_ram yes" + Excludes all LInux ramdisk block devices, whose names start with "ram", e.g. + "ram0" ++.PP ++On Linux systems, it is possible to report only explicitly whitelisted ++devices. It may take significant amount of time to process diskIOTable data ++on systems with tens of thousands of block devices and whitelisting only the ++important ones avoids large CPU consumption. ++.IP "diskio " ++Enables whitelisting of devices and adds the device to the whitelist. Only ++explicitly whitelisted devices will be reported. This option may be used ++multiple times. + .SS System Load Monitoring + This requires that the agent was built with support for either the + \fIucd\-snmp/loadave\fR module or the \fIucd\-snmp/memory\fR module + + +commit 59f9f3387dab4238114804a0be9e4c15667d868c +Author: Jan Safranek +Date: Fri Jun 19 09:29:06 2015 +0200 + + Fixed memory leak on realloc failure. + + Found by Coverity. + +diff --git a/agent/mibgroup/ucd-snmp/diskio.c b/agent/mibgroup/ucd-snmp/diskio.c +index f04d5c5..58163d8 100644 +--- a/agent/mibgroup/ucd-snmp/diskio.c ++++ b/agent/mibgroup/ucd-snmp/diskio.c +@@ -405,13 +405,17 @@ add_device(char *path, int addNewDisks ) + } + memset(disks, 0, maxdisks * sizeof(struct diskiopart)); + } else { ++ struct diskiopart *newdisks; + maxdisks *= 2; +- disks = realloc(disks, maxdisks * sizeof(struct diskiopart)); +- if (!disks) { ++ newdisks = realloc(disks, maxdisks * sizeof(struct diskiopart)); ++ if (!newdisks) { ++ free(disks); ++ disks = NULL; + config_perror("malloc failed for new disko allocation."); + netsnmp_config_error("\tignoring: %s", path); + return; + } ++ disks = newdisks; + memset(disks + maxdisks/2, 0, maxdisks/2 * sizeof(struct diskiopart)); + } + } diff --git a/SOURCES/net-snmp-5.7.2-documentation.patch b/SOURCES/net-snmp-5.7.2-documentation.patch new file mode 100644 index 0000000..664b5da --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-documentation.patch @@ -0,0 +1,39 @@ +diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def +--- a/man/snmp_config.5.def 2017-06-26 11:30:42.728527539 +0200 ++++ b/man/snmp_config.5.def 2017-06-26 11:33:19.766436329 +0200 +@@ -179,14 +179,28 @@ during normal configuration file process + .RS + .nf + # include site specific config +-include site.conf ++includeFile site.conf + .RE + .PP +-This will search every directory in the configuration path for files +-named site.conf, and will process those files before returning to the +-processing of the original file. Note that if '.conf' is omitted, +-it will be appended. That is, all configuration files must end +-in '.conf'. ++This will load the specified configuration file. The ++path to file must be either absolute, starting with '/', ++or relative. The relative path is then relative to the directory ++where the parent file with 'includeFile' directive resides. ++.PP ++The included file name does not need to have '.conf' suffix. ++.PP ++.RS ++.nf ++# include a all *.conf files in a directory ++includeDir /etc/snmp/config.d ++.RE ++.PP ++This will search specified directory for all files with '.conf' ++suffix and process them as if they were included using includeFile ++directive. The configuration files are not processed in any particular ++order. ++.PP ++The specified directory must be absolute directory path. + .SH "API INTERFACE" + .PP + Information about writing C code that makes use of this system in + diff --git a/SOURCES/net-snmp-5.7.2-dot3-leak.patch b/SOURCES/net-snmp-5.7.2-dot3-leak.patch new file mode 100644 index 0000000..b0ce315 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-dot3-leak.patch @@ -0,0 +1,23 @@ +1305933 - snmpd leaks memory in ether like-mib implementation + +commit ed4e48b5fab165d1ba4c431e31e543f808a2c25f +Author: Jan Safranek +Date: Wed Feb 10 14:00:12 2016 +0100 + + CHANGES: snmpd: fixed memory leak in ETHERLIKE-MIB. + + ke->name in stdup-ed at line 297: + n->name = strdup(RTA_DATA(tb[IFLA_IFNAME])); + +diff --git a/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c b/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c +index b110950..a884bb3 100644 +--- a/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c ++++ b/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c +@@ -463,6 +463,7 @@ _dot3Stats_netlink_get_errorcntrs(dot3StatsTable_rowreq_ctx *rowreq_ctx, const c + done = 1; + } + kern_db = ke->next; ++ free(ke->name); + free(ke); + } + diff --git a/SOURCES/net-snmp-5.7.2-dot3stats-log.patch b/SOURCES/net-snmp-5.7.2-dot3stats-log.patch new file mode 100644 index 0000000..5c57542 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-dot3stats-log.patch @@ -0,0 +1,30 @@ +915302 - snmpd logging strange messages when reading MIB + +commit ecf8682d864d2f08525078543858d361b3adca5c +Author: Jan Safranek +Date: Wed Jul 10 10:47:33 2013 +0200 + + Lower importance of debugging messages, they spam syslog. + +diff --git a/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c b/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c +index 49c3fdb..b110950 100644 +--- a/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c ++++ b/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c +@@ -440,7 +440,7 @@ _dot3Stats_netlink_get_errorcntrs(dot3StatsTable_rowreq_ctx *rowreq_ctx, const c + { + dot3StatsTable_data *data = &rowreq_ctx->data; + +- snmp_log(LOG_ERR, "IFLA_STATS for %s\n", name); ++ DEBUGMSGTL(("access:dot3StatsTable", "IFLA_STATS for %s\n", name)); + + data->dot3StatsFCSErrors = ke->stats.rx_crc_errors; + rowreq_ctx->column_exists_flags |= COLUMN_DOT3STATSFCSERRORS_FLAG; +@@ -527,7 +527,7 @@ interface_dot3stats_get_errorcounters (dot3StatsTable_rowreq_ctx *rowreq_ctx, co + + if (_dot3Stats_netlink_get_errorcntrs(rowreq_ctx, name) == 0) + { +- snmp_log(LOG_NOTICE, "interface_dot3stats_get_errorcounters: got data from IFLA_STATS\n"); ++ DEBUGMSGTL(("access:dot3StatsTable", "interface_dot3stats_get_errorcounters: got data from IFLA_STATS\n")); + return; + } + diff --git a/SOURCES/net-snmp-5.7.2-dskTable-dynamic.patch b/SOURCES/net-snmp-5.7.2-dskTable-dynamic.patch new file mode 100644 index 0000000..35e3f6e --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-dskTable-dynamic.patch @@ -0,0 +1,175 @@ +commit e3fc76e0ae502fb8ef0aac87eee237db9d9690f5 +Author: Jan Safranek +Date: Tue Jul 9 14:26:59 2013 +0200 + + CHANGES: snmpd: Make UCD-SNMP::dskTable dynamic if includeAllDisks is set. + +diff --git a/agent/mibgroup/ucd-snmp/disk_hw.c b/agent/mibgroup/ucd-snmp/disk_hw.c +index ea37610..f7911d9 100644 +--- a/agent/mibgroup/ucd-snmp/disk_hw.c ++++ b/agent/mibgroup/ucd-snmp/disk_hw.c +@@ -55,6 +55,7 @@ static netsnmp_fsys_info ** _expand_disk_array( char *cptr ); + + int numdisks; + int allDisksIncluded = 0; ++int allDisksMinPercent = 0; + int maxdisks = 0; + netsnmp_fsys_info **disks = NULL; + +@@ -119,6 +120,7 @@ init_disk_hw(void) + disk_free_config, + "minpercent%"); + allDisksIncluded = 0; ++ allDisksMinPercent = 0; + } + + static void +@@ -140,6 +142,7 @@ disk_free_config(void) + maxdisks = numdisks = 0; + } + allDisksIncluded = 0; ++ allDisksMinPercent = 0; + } + + static void +@@ -199,8 +202,7 @@ static void + disk_parse_config_all(const char *token, char *cptr) + { + int minpercent = DISKMINPERCENT; +- netsnmp_fsys_info *entry; +- ++ + /* + * read the minimum disk usage percent + */ +@@ -220,30 +222,36 @@ disk_parse_config_all(const char *token, char *cptr) + netsnmp_config_error("\tignoring: includeAllDisks %s", cptr); + } + else { +- +- netsnmp_fsys_load( NULL, NULL ); /* Prime the fsys H/W module */ +- for ( entry = netsnmp_fsys_get_first(); +- entry != NULL; +- entry = netsnmp_fsys_get_next( entry )) { +- +- if ( !(entry->flags & NETSNMP_FS_FLAG_ACTIVE )) +- continue; +- entry->minspace = -1; +- entry->minpercent = minpercent; +- entry->flags |= NETSNMP_FS_FLAG_UCD; +- /* +- * Ensure there is space for the new entry +- */ +- if (numdisks == maxdisks) { +- if (!_expand_disk_array( entry->device )) +- return; +- } +- disks[numdisks++] = entry; +- } + allDisksIncluded = 1; ++ allDisksMinPercent = minpercent; + } + } + ++/* add new entries to dskTable dynamically */ ++static void _refresh_disks(int minpercent) ++{ ++ netsnmp_fsys_info *entry; ++ ++ for ( entry = netsnmp_fsys_get_first(); ++ entry != NULL; ++ entry = netsnmp_fsys_get_next( entry )) { ++ ++ if (!(entry->flags & NETSNMP_FS_FLAG_UCD)) { ++ /* this is new disk, add it to the table */ ++ entry->minspace = -1; ++ entry->minpercent = minpercent; ++ entry->flags |= NETSNMP_FS_FLAG_UCD; ++ /* ++ * Ensure there is space for the new entry ++ */ ++ if (numdisks == maxdisks) { ++ if (!_expand_disk_array( entry->device )) ++ return; ++ } ++ disks[numdisks++] = entry; ++ } ++ } ++} + + static int _percent( unsigned long long value, unsigned long long total ) { + float v=value, t=total, pct; +@@ -301,7 +309,7 @@ var_extensible_disk(struct variable *vp, + size_t * var_len, WriteMethod ** write_method) + { + int disknum = 0; +- netsnmp_fsys_info *entry; ++ netsnmp_fsys_info *entry; + unsigned long long val; + static long long_ret; + static char errmsg[300]; +@@ -310,6 +318,8 @@ var_extensible_disk(struct variable *vp, + /* Update the fsys H/W module */ + cache = netsnmp_fsys_get_cache(); + netsnmp_cache_check_and_reload(cache); ++ if (allDisksIncluded) ++ _refresh_disks(allDisksMinPercent); + + tryAgain: + if (header_simple_table +@@ -318,9 +328,14 @@ tryAgain: + disknum = name[*length - 1] - 1; + entry = disks[disknum]; + if ( !entry ) { +- if (!exact || !(entry->flags & NETSNMP_FS_FLAG_UCD)) +- goto tryAgain; +- return NULL; ++ if (exact) ++ return NULL; ++ goto tryAgain; ++ } ++ if (!(entry->flags & NETSNMP_FS_FLAG_ACTIVE) || !(entry->flags & NETSNMP_FS_FLAG_UCD)) { ++ if (exact) ++ return NULL; ++ goto tryAgain; + } + + switch (vp->magic) { +diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def +index 5f85f72..d2caf9c 100644 +--- a/man/snmpd.conf.5.def ++++ b/man/snmpd.conf.5.def +@@ -652,6 +652,8 @@ This requires that the agent was built with support for the + default build configuration). + .IP "disk PATH [ MINSPACE | MINPERCENT% ]" + monitors the disk mounted at PATH for available disk space. ++Disks mounted after the agent has started will not be monitored, ++unless \fIincludeAllDisks\fR option is specified. + .IP + The minimum threshold can either be specified in kB (MINSPACE) or + as a percentage of the total disk (MINPERCENT% with a '%' character), +@@ -668,6 +670,9 @@ the problem - see the DisMan Event MIB section later. + .IP "includeAllDisks MINPERCENT%" + configures monitoring of all disks found on the system, + using the specified (percentage) threshold. ++The \fCdskTable\fR is dynamically updated, unmounted disks ++disappear from the table and newly mounted disks are ++added to the table. + The threshold for individual disks can be adjusted using suitable + \fIdisk\fR directives (which can come either before or after the + \fIincludeAllDisks\fR directive). +@@ -680,12 +685,8 @@ may affect the indexing of the \fCdskTable\fR. + Only one \fIincludeAllDisks\fR directive should be specified - any + subsequent copies will be ignored. + .IP +-The list of mounted disks will be determined when the agent starts using the +-setmntent(3) and getmntent(3), or fopen(3) and getmntent(3), or +-setfsent(3) and getfsent(3) system calls. If none of the above +-system calls are available then the root partition "/" +-(which is assumed to exist on any UNIX based system) will be monitored. +-Disks mounted after the agent has started will not be monitored. ++The list of mounted disks will be determined from ++HOST-RESOURCES-MIB::hrFSTable. + .\" + .\" XXX - unless the config is re-read ?? + .\" diff --git a/SOURCES/net-snmp-5.7.2-duplicate-ipAddress.patch b/SOURCES/net-snmp-5.7.2-duplicate-ipAddress.patch new file mode 100644 index 0000000..84b527a --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-duplicate-ipAddress.patch @@ -0,0 +1,11 @@ +diff -urNp old/agent/mibgroup/ip-mib/data_access/ipaddress_common.c new/agent/mibgroup/ip-mib/data_access/ipaddress_common.c +--- old/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2017-04-26 08:46:40.272404217 +0200 ++++ new/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2017-04-26 08:50:30.681323779 +0200 +@@ -144,6 +144,7 @@ _remove_duplicates(netsnmp_container *co + for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) { + if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) { + /* 'entry' is duplicate of the previous one -> delete it */ ++ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n")); + netsnmp_access_ipaddress_entry_free(entry); + } else { + CONTAINER_INSERT(ret, entry); diff --git a/SOURCES/net-snmp-5.7.2-exec-cmdline.patch b/SOURCES/net-snmp-5.7.2-exec-cmdline.patch new file mode 100644 index 0000000..97999ae --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-exec-cmdline.patch @@ -0,0 +1,83 @@ +842279 - Incomplete command line in UCD-SNMP-MIB::extCommand + +commit e8e44b3faecdba5daedfb45d815fae65117d1b22 +Author: Jan Safranek +Date: Mon Sep 10 13:25:38 2012 +0200 + + CHANGES: snmpd: fixed value of UCD-SNMP-MIB::extCommand to contain full command line. + + MIB description of UCD-SNMP-MIB::extCommand suggests it should contail full command line. + Also in Net-SNMP 5.3.2.2, whole command line was shown. + +diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c +index 085d762..0b2c660 100644 +--- a/agent/mibgroup/agent/extend.c ++++ b/agent/mibgroup/agent/extend.c +@@ -44,6 +44,9 @@ unsigned int num_compatability_entries = 0; + unsigned int max_compatability_entries = 50; + netsnmp_old_extend *compatability_entries; + ++char *cmdlinebuf; ++size_t cmdlinesize; ++ + WriteMethod fixExec2Error; + FindVarMethod var_extensible_old; + oid old_extensible_variables_oid[] = { NETSNMP_UCDAVIS_MIB, NETSNMP_SHELLMIBNUM, 1 }; +@@ -1354,6 +1357,23 @@ handle_nsExtendOutput2Table(netsnmp_mib_handler *handler, + * + *************************/ + ++char * _get_cmdline(netsnmp_extend *extend) ++{ ++ size_t size; ++ ++ size = strlen(extend->command) + strlen(extend->args) + 2; ++ if (size > cmdlinesize) { ++ cmdlinebuf = realloc(cmdlinebuf, size); ++ if (!cmdlinebuf) { ++ cmdlinesize = 0; ++ return NULL; ++ } ++ cmdlinesize = size; ++ } ++ sprintf(cmdlinebuf, "%s %s", extend->command, extend->args); ++ return cmdlinebuf; ++} ++ + u_char * + var_extensible_old(struct variable * vp, + oid * name, +@@ -1364,6 +1384,7 @@ var_extensible_old(struct variable * vp, + netsnmp_old_extend *exten = NULL; + static long long_ret; + unsigned int idx; ++ char *cmdline; + + if (header_simple_table + (vp, name, length, exact, var_len, write_method, num_compatability_entries)) +@@ -1382,8 +1403,10 @@ var_extensible_old(struct variable * vp, + *var_len = strlen(exten->exec_entry->token); + return ((u_char *) (exten->exec_entry->token)); + case SHELLCOMMAND: +- *var_len = strlen(exten->exec_entry->command); +- return ((u_char *) (exten->exec_entry->command)); ++ cmdline = _get_cmdline(exten->exec_entry); ++ if (cmdline) ++ *var_len = strlen(cmdline); ++ return ((u_char *) cmdline); + case ERRORFLAG: /* return code from the process */ + netsnmp_cache_check_and_reload( exten->exec_entry->cache ); + long_ret = exten->exec_entry->result; +@@ -1406,8 +1429,10 @@ var_extensible_old(struct variable * vp, + + case ERRORFIXCMD: + if (exten->efix_entry) { +- *var_len = strlen(exten->efix_entry->command); +- return ((u_char *) exten->efix_entry->command); ++ cmdline = _get_cmdline(exten->efix_entry); ++ if (cmdline) ++ *var_len = strlen(cmdline); ++ return ((u_char *) cmdline); + } else { + *var_len = 0; + return ((u_char *) &long_return); /* Just needs to be non-null! */ diff --git a/SOURCES/net-snmp-5.7.2-expand-SNMPCONFPATH.patch b/SOURCES/net-snmp-5.7.2-expand-SNMPCONFPATH.patch new file mode 100644 index 0000000..9191772 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-expand-SNMPCONFPATH.patch @@ -0,0 +1,12 @@ +diff -urNp O/snmplib/read_config.c N/snmplib/read_config.c +--- O/snmplib/read_config.c 2019-03-19 09:24:32.154933465 +0100 ++++ N/snmplib/read_config.c 2019-03-19 09:25:26.651756802 +0100 +@@ -1633,7 +1633,7 @@ snmp_save_persistent(const char *type) + * save a warning header to the top of the new file + */ + snprintf(fileold, sizeof(fileold), +- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s", ++ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s", + "#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n", + "#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n", + type, type, type, diff --git a/SOURCES/net-snmp-5.7.2-extend-close.patch b/SOURCES/net-snmp-5.7.2-extend-close.patch new file mode 100644 index 0000000..2d93e1d --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-extend-close.patch @@ -0,0 +1,181 @@ +Bug 1252048 - net-snmp snmpd fork() overhead [fix available] + +Backported from: + +commit f0e87f4918ffc41e03f707e9670ea422cd154a9b +Author: Bart Van Assche +Date: Sat Jan 31 12:05:24 2015 +0100 + + CHANGES: snmpd: BUG: 2596: Reduce fork() overhead + + Avoid that the close() loop that is executed after a fork() delays + the pass/extend API on systems with a large maximum number of files + by reducing the number of iterations of this loop on Linux systems. + + See also http://sourceforge.net/p/net-snmp/bugs/2596. + + Reported-by: andymf + + +diff -up net-snmp-5.7.2/agent/mibgroup/util_funcs.c.test net-snmp-5.7.2/agent/mibgroup/util_funcs.c +--- net-snmp-5.7.2/agent/mibgroup/util_funcs.c.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/util_funcs.c 2015-08-18 10:15:18.888767023 +0200 +@@ -480,8 +480,7 @@ get_exec_pipes(char *cmd, int *fdIn, int + /* + * close all non-standard open file descriptors + */ +- for (cnt = getdtablesize() - 1; cnt >= 2; --cnt) +- (void) close(cnt); ++ netsnmp_close_fds(1); + (void) dup(1); /* stderr */ + + for (cnt = 1, cptr1 = cmd, cptr2 = argvs; *cptr1 != 0; +diff -up net-snmp-5.7.2/agent/mibgroup/utilities/execute.c.test net-snmp-5.7.2/agent/mibgroup/utilities/execute.c +--- net-snmp-5.7.2/agent/mibgroup/utilities/execute.c.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/utilities/execute.c 2015-08-18 10:15:18.889767028 +0200 +@@ -22,6 +22,9 @@ + #if HAVE_FCNTL_H + #include + #endif ++#if HAVE_DIRENT_H ++#include ++#endif + #if HAVE_SYS_WAIT_H + #include + #endif +@@ -207,8 +210,8 @@ run_exec_command( char *command, char *i + close(opipe[0]); + close(2); + dup(1); +- for (i = getdtablesize()-1; i>2; i--) +- close(i); ++ ++ netsnmp_close_fds(2); + + /* + * Set up the argv array and execute it +@@ -406,3 +409,30 @@ run_exec_command( char *command, char *i + return run_shell_command( command, input, output, out_len ); + #endif + } ++ ++/** ++ * Close all file descriptors larger than @fd. ++ */ ++void netsnmp_close_fds(int fd) ++{ ++#if defined(HAVE_FORK) ++ DIR *dir; ++ struct dirent *ent; ++ int i, largest_fd = -1; ++ ++ if ((dir = opendir("/proc/self/fd"))) { ++ while ((ent = readdir(dir))) { ++ if (sscanf(ent->d_name, "%d", &i) == 1) { ++ if (i > largest_fd) ++ largest_fd = i; ++ } ++ } ++ closedir(dir); ++ } else { ++ largest_fd = getdtablesize() - 1; ++ } ++ ++ for (i = largest_fd; i > fd && i > 0; i--) ++ close(i); ++#endif ++} +diff -up net-snmp-5.7.2/agent/mibgroup/utilities/execute.h.test net-snmp-5.7.2/agent/mibgroup/utilities/execute.h +--- net-snmp-5.7.2/agent/mibgroup/utilities/execute.h.test 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/utilities/execute.h 2015-08-18 10:15:18.889767028 +0200 +@@ -3,6 +3,7 @@ + + config_belongs_in(agent_module) + ++void netsnmp_close_fds(int fd); + int run_shell_command(char *command, char *input, + char *output, int *out_len); + int run_exec_command( char *command, char *input, +diff -up net-snmp-5.7.2/agent/snmpd.c.test net-snmp-5.7.2/agent/snmpd.c +--- net-snmp-5.7.2/agent/snmpd.c.test 2015-08-18 10:15:08.450714809 +0200 ++++ net-snmp-5.7.2/agent/snmpd.c 2015-08-18 10:17:31.579430763 +0200 +@@ -143,6 +143,7 @@ typedef long fd_mask; + #include + #include + ++#include "utilities/execute.h" /* netsnmp_close_fds() */ + #include "snmpd.h" + + #include +@@ -451,7 +452,6 @@ main(int argc, char *argv[]) + FILE *PID; + #endif + +-#ifndef WIN32 + #ifndef NETSNMP_NO_SYSYSTEMD + /* check if systemd has sockets for us and don't close them */ + prepared_sockets = netsnmp_sd_listen_fds(0); +@@ -462,11 +462,8 @@ main(int argc, char *argv[]) + * inherited from the shell. + */ + if (!prepared_sockets) { +- for (i = getdtablesize() - 1; i > 2; --i) { +- (void) close(i); +- } ++ netsnmp_close_fds(2); + } +-#endif /* #WIN32 */ + + /* + * register signals ASAP to prevent default action (usually core) +diff -up net-snmp-5.7.2/apps/snmptrapd.c.test net-snmp-5.7.2/apps/snmptrapd.c +--- net-snmp-5.7.2/apps/snmptrapd.c.test 2015-08-18 10:15:08.450714809 +0200 ++++ net-snmp-5.7.2/apps/snmptrapd.c 2015-08-18 10:18:15.454650235 +0200 +@@ -97,6 +97,7 @@ SOFTWARE. + #include + #include + #include ++#include "utilities/execute.h" /* netsnmp_close_fds() */ + #include "snmptrapd_handlers.h" + #include "snmptrapd_log.h" + #include "snmptrapd_auth.h" +@@ -662,7 +663,6 @@ main(int argc, char *argv[]) + int prepared_sockets = 0; + + +-#ifndef WIN32 + #ifndef NETSNMP_NO_SYSTEMD + /* check if systemd has sockets for us and don't close them */ + prepared_sockets = netsnmp_sd_listen_fds(0); +@@ -672,11 +672,8 @@ main(int argc, char *argv[]) + * inherited from the shell. + */ + if (!prepared_sockets) { +- for (i = getdtablesize() - 1; i > 2; --i) { +- (void) close(i); +- } ++ netsnmp_close_fds(2); + } +-#endif /* #WIN32 */ + + #ifdef SIGTERM + signal(SIGTERM, term_handler); +@@ -1382,18 +1379,6 @@ trapd_update_config(void) + read_configs(); + } + +- +-#if !defined(HAVE_GETDTABLESIZE) && !defined(WIN32) +-#include +-int +-getdtablesize(void) +-{ +- struct rlimit rl; +- getrlimit(RLIMIT_NOFILE, &rl); +- return (rl.rlim_cur); +-} +-#endif +- + /* + * Windows Service Related functions + */ diff --git a/SOURCES/net-snmp-5.7.2-extend-reload.patch b/SOURCES/net-snmp-5.7.2-extend-reload.patch new file mode 100644 index 0000000..e5211cb --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-extend-reload.patch @@ -0,0 +1,54 @@ +1228893 - snmpd segfaults on reload with multiple 'exec' entry + +commit 54290bede338164ca65a3eed224fa5040d7dd857 +Author: Niels Baggesen +Date: Fri Oct 26 07:50:11 2012 +0200 + + Better cleanup of "exec" config to avoid crash during reload of config + +diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c +index 68a11e2..9cb641c 100644 +--- a/agent/mibgroup/agent/extend.c ++++ b/agent/mibgroup/agent/extend.c +@@ -34,7 +34,7 @@ typedef struct extend_registration_block_s { + size_t oid_len; + long num_entries; + netsnmp_extend *ehead; +- netsnmp_handler_registration *reg[3]; ++ netsnmp_handler_registration *reg[4]; + struct extend_registration_block_s *next; + } extend_registration_block; + extend_registration_block *ereg_head = NULL; +@@ -222,10 +222,13 @@ _register_extend( oid *base, size_t len ) + rc = netsnmp_register_watched_scalar2( reg, winfo ); + if (rc != SNMPERR_SUCCESS) + goto bail; ++ eptr->reg[3] = reg; + + return eptr; + + bail: ++ if (eptr->reg[3]) ++ netsnmp_unregister_handler(eptr->reg[3]); + if (eptr->reg[2]) + netsnmp_unregister_handler(eptr->reg[2]); + if (eptr->reg[1]) +@@ -267,6 +270,7 @@ extend_clear_callback(int majorID, int minorID, + netsnmp_unregister_handler( eptr->reg[0] ); + netsnmp_unregister_handler( eptr->reg[1] ); + netsnmp_unregister_handler( eptr->reg[2] ); ++ netsnmp_unregister_handler( eptr->reg[3] ); + SNMP_FREE(eptr); + } + ereg_head = NULL; +@@ -550,6 +554,10 @@ extend_parse_config(const char *token, char *cptr) + } + + eptr = _register_extend( oid_buf, oid_len ); ++ if (!eptr) { ++ snmp_log(LOG_ERR, "Failed to register extend entry '%s' - possibly duplicate name.\n", exec_name ); ++ return; ++ } + extension = _new_extension( exec_name, flags, eptr ); + if (extension) { + extension->command = strdup( exec_command ); diff --git a/SOURCES/net-snmp-5.7.2-fips.patch b/SOURCES/net-snmp-5.7.2-fips.patch new file mode 100644 index 0000000..cfa812b --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-fips.patch @@ -0,0 +1,116 @@ +874440 - net-snmp does not work in FIPS mode + +Three upstream commits are here: + +commit dde3a35baaeb683cf1441a16a15441f8b456c520 +Author: Jan Safranek +Date: Mon Nov 12 15:45:27 2012 +0100 + + CHANGES: snmplib: Fixed crash when MD5 hash is not supported by OpenSSL. + +commit dd53ffbafeb31cde616a89949e70e3d5fe0cc1b3 +Author: Jan Safranek +Date: Mon Nov 12 15:46:43 2012 +0100 + + Fall back to SHA-1 if MD5 is not available. + On paranoid systems where MD5 is disabled use SHA-1 instead of MD5 and don't crash. + +commit 743cb66718904979f55895472501584c30c66f10 +Author: Jan Safranek +Date: Mon Nov 12 15:49:15 2012 +0100 + + Fixed crash when MD5 and/or SHA-1 hash is not supported by OpenSSL. + +diff -up net-snmp-5.7.2/snmplib/keytools.c.fips net-snmp-5.7.2/snmplib/keytools.c +--- net-snmp-5.7.2/snmplib/keytools.c.fips 2012-11-12 13:36:17.868635391 +0100 ++++ net-snmp-5.7.2/snmplib/keytools.c 2012-11-12 14:24:23.031293984 +0100 +@@ -156,27 +156,36 @@ generate_Ku(const oid * hashtype, u_int + EVP_MD_CTX_init(ctx); + #endif + #ifndef NETSNMP_DISABLE_MD5 +- if (ISTRANSFORM(hashtype, HMACMD5Auth)) +- EVP_DigestInit(ctx, EVP_md5()); +- else ++ if (ISTRANSFORM(hashtype, HMACMD5Auth)) { ++ if (!EVP_DigestInit(ctx, EVP_md5())) ++ /* MD5 not supported */ ++ return SNMPERR_GENERR; ++ } else + #endif +- if (ISTRANSFORM(hashtype, HMACSHA1Auth)) +- EVP_DigestInit(ctx, EVP_sha1()); +- else +- QUITFUN(SNMPERR_GENERR, generate_Ku_quit); ++ if (ISTRANSFORM(hashtype, HMACSHA1Auth)) { ++ if (!EVP_DigestInit(ctx, EVP_sha1())) ++ /* SHA1 not supported */ ++ return SNMPERR_GENERR; ++ } else { ++ QUITFUN(SNMPERR_GENERR, generate_Ku_quit); ++ } + #elif NETSNMP_USE_INTERNAL_CRYPTO + #ifndef NETSNMP_DISABLE_MD5 + if (ISTRANSFORM(hashtype, HMACMD5Auth)) { +- MD5_Init(&cmd5); ++ if (!MD5_Init(&cmd5)) ++ /* MD5 not supported */ ++ return SNMPERR_GENERR; + cryptotype = TYPE_MD5; + } else + #endif +- if (ISTRANSFORM(hashtype, HMACSHA1Auth)) { +- SHA1_Init(&csha1); +- cryptotype = TYPE_SHA1; +- } else { +- return (SNMPERR_GENERR); +- } ++ if (ISTRANSFORM(hashtype, HMACSHA1Auth)) { ++ if (!SHA1_Init(&csha1)) ++ /* SHA1 not supported */ ++ return SNMPERR_GENERR; ++ cryptotype = TYPE_SHA1; ++ } else { ++ return (SNMPERR_GENERR); ++ } + #else + MDbegin(&MD); + #endif /* NETSNMP_USE_OPENSSL */ +diff -up net-snmp-5.7.2/snmplib/lcd_time.c.fips net-snmp-5.7.2/snmplib/lcd_time.c +--- net-snmp-5.7.2/snmplib/lcd_time.c.fips 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/lcd_time.c 2012-11-12 13:36:11.326657629 +0100 +@@ -505,6 +505,12 @@ hash_engineID(const u_char * engineID, u + rval = sc_hash(usmHMACMD5AuthProtocol, + sizeof(usmHMACMD5AuthProtocol) / sizeof(oid), + engineID, engineID_len, buf, &buf_len); ++ if (rval == SNMPERR_SC_NOT_CONFIGURED) { ++ /* fall back to sha1 */ ++ rval = sc_hash(usmHMACSHA1AuthProtocol, ++ sizeof(usmHMACSHA1AuthProtocol) / sizeof(oid), ++ engineID, engineID_len, buf, &buf_len); ++ } + #else + rval = sc_hash(usmHMACSHA1AuthProtocol, + sizeof(usmHMACSHA1AuthProtocol) / sizeof(oid), +diff -up net-snmp-5.7.2/snmplib/scapi.c.fips net-snmp-5.7.2/snmplib/scapi.c +--- net-snmp-5.7.2/snmplib/scapi.c.fips 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/scapi.c 2012-11-12 13:36:11.327657627 +0100 +@@ -438,6 +438,7 @@ sc_generate_keyed_hash(const oid * autht + * Returns: + * SNMPERR_SUCCESS Success. + * SNMP_SC_GENERAL_FAILURE Any error. ++ * SNMPERR_SC_NOT_CONFIGURED Hash type not supported. + */ + int + sc_hash(const oid * hashtype, size_t hashtypelen, const u_char * buf, +@@ -495,7 +496,10 @@ sc_hash(const oid * hashtype, size_t has + EVP_MD_CTX_init(cptr); + #endif + #endif +- EVP_DigestInit(cptr, hashfn); ++ if (!EVP_DigestInit(cptr, hashfn)) { ++ /* requested hash function is not available */ ++ return SNMPERR_SC_NOT_CONFIGURED; ++ } + + /** pass the data */ + EVP_DigestUpdate(cptr, buf, buf_len); diff --git a/SOURCES/net-snmp-5.7.2-fsync.patch b/SOURCES/net-snmp-5.7.2-fsync.patch new file mode 100644 index 0000000..6076dae --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-fsync.patch @@ -0,0 +1,71 @@ +diff -urNp old/configure new/configure +--- old/configure 2018-09-06 11:04:16.372792568 +0200 ++++ new/configure 2018-09-06 11:04:44.475765043 +0200 +@@ -25265,7 +25265,7 @@ fi + + + # Agent: +-for ac_func in cgetnext chown execv gai_strerror getgrnam gethostname getloadavg getpid getpwnam hasmntopt initgroups if_nameindex if_indextoname if_nametoindex localtime_r mkstemp mktime poll regcomp setgid setgroups setmntent setuid sigaction sigblock sighold sigprocmask statfs statvfs stime strncasecmp system uname usleep ++for ac_func in cgetnext chown execv forkall fsync gai_strerror getgrnam gethostname getloadavg getpid getpwnam hasmntopt initgroups if_nameindex if_indextoname if_nametoindex localtime_r mkstemp mktime poll regcomp setgid setgroups setmntent setuid sigaction sigblock sighold sigprocmask statfs statvfs stime strncasecmp system uname usleep + do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +diff -urNp old/configure.d/config_os_functions new/configure.d/config_os_functions +--- old/configure.d/config_os_functions 2018-09-06 11:04:16.396792546 +0200 ++++ new/configure.d/config_os_functions 2018-09-06 11:04:44.508765009 +0200 +@@ -88,7 +88,8 @@ AC_REPLACE_FUNCS([getopt inet_nto + + # Agent: + AC_CHECK_FUNCS([cgetnext chown execv ] dnl +- [gai_strerror getgrnam ] dnl ++ [forkall fsync ] dnl ++ [gai_strerror getgrnam ] dnl + [gethostname getloadavg ] dnl + [getpid getpwnam ] dnl + [hasmntopt initgroups ] dnl +diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in +--- old/include/net-snmp/net-snmp-config.h.in 2018-09-06 11:04:16.370792571 +0200 ++++ new/include/net-snmp/net-snmp-config.h.in 2018-09-06 11:04:44.492765026 +0200 +@@ -176,6 +176,9 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_FSTAB_H + ++/* Define to 1 if you have the `fsync' function. */ ++#undef HAVE_FSYNC ++ + /* Define to 1 if you have the `funlockfile' function. */ + #undef HAVE_FUNLOCKFILE + +diff -urNp old/net-snmp-create-v3-user.in new/net-snmp-create-v3-user.in +--- old/net-snmp-create-v3-user.in 2018-09-06 11:04:16.372792568 +0200 ++++ new/net-snmp-create-v3-user.in 2018-09-13 09:17:05.427712857 +0200 +@@ -148,3 +148,4 @@ if test ! -d $outfile ; then + touch $outfile + fi + echo $line >> $outfile ++sync +diff -urNp old/snmplib/read_config.c new/snmplib/read_config.c +--- old/snmplib/read_config.c 2018-09-06 11:04:16.395792547 +0200 ++++ new/snmplib/read_config.c 2018-09-07 06:53:33.671501357 +0200 +@@ -1508,6 +1508,9 @@ read_config_store(const char *type, cons + #ifdef NETSNMP_PERSISTENT_MASK + mode_t oldmask; + #endif ++#if HAVE_FSYNC ++ int fd; ++#endif + + if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, + NETSNMP_DS_LIB_DONT_PERSIST_STATE) +@@ -1538,6 +1541,11 @@ read_config_store(const char *type, cons + if (line[strlen(line)] != '\n') + fprintf(fout, "\n"); + DEBUGMSGTL(("read_config:store", "storing: %s\n", line)); ++#if HAVE_FSYNC ++ fd = fileno(fout); ++ fflush(fout); ++ fsync(fd); ++#endif + fclose(fout); + } else { + if (strcmp(NETSNMP_APPLICATION_CONFIG_TYPE, type) != 0) { diff --git a/SOURCES/net-snmp-5.7.2-glusterfs.patch b/SOURCES/net-snmp-5.7.2-glusterfs.patch new file mode 100644 index 0000000..4642afd --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-glusterfs.patch @@ -0,0 +1,28 @@ +diff -urNp d/agent/mibgroup/hardware/fsys/fsys_mntent.c c/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- d/agent/mibgroup/hardware/fsys/fsys_mntent.c 2019-04-10 14:07:48.901299146 +0200 ++++ c/agent/mibgroup/hardware/fsys/fsys_mntent.c 2019-07-31 10:31:36.330220324 +0200 +@@ -133,6 +133,8 @@ _fsys_type( char *typename ) + !strcmp(typename, MNTTYPE_TMPFS) || + !strcmp(typename, MNTTYPE_GFS) || + !strcmp(typename, MNTTYPE_GFS2) || ++ !strcmp(typename, MNTTYPE_GLUSTERFS) || ++ !strcmp(typename, MNTTYPE_FUSEGLUSTERFS) || + !strcmp(typename, MNTTYPE_XFS) || + !strcmp(typename, MNTTYPE_JFS) || + !strcmp(typename, MNTTYPE_VXFS) || +diff -urNp d/agent/mibgroup/hardware/fsys/mnttypes.h c/agent/mibgroup/hardware/fsys/mnttypes.h +--- d/agent/mibgroup/hardware/fsys/mnttypes.h 2019-04-10 14:07:48.901299146 +0200 ++++ c/agent/mibgroup/hardware/fsys/mnttypes.h 2019-07-31 10:30:41.018819039 +0200 +@@ -121,6 +121,12 @@ + #ifndef MNTTYPE_GFS2 + #define MNTTYPE_GFS2 "gfs2" + #endif ++#ifndef MNTTYPE_GLUSTERFS ++#define MNTTYPE_GLUSTERFS "glusterfs" ++#endif ++#ifndef MNTTYPE_FUSEGLUSTERFS ++#define MNTTYPE_FUSEGLUSTERFS "fuse.glusterfs" ++#endif + #ifndef MNTTYPE_XFS + #define MNTTYPE_XFS "xfs" + #endif diff --git a/SOURCES/net-snmp-5.7.2-hrFSTable-read-write.patch b/SOURCES/net-snmp-5.7.2-hrFSTable-read-write.patch new file mode 100644 index 0000000..4c86200 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-hrFSTable-read-write.patch @@ -0,0 +1,19 @@ +commit aff1fb31dac236bb5f8e641c92e5651f00fa4f7d +Author: Jan Safranek +Date: Thu Jul 30 11:25:48 2015 +0200 + + CHANGES: snmpd: restore read-write flag in hrFSTable when a device becomes writable + +diff --git a/agent/mibgroup/hardware/fsys/fsys_mntent.c b/agent/mibgroup/hardware/fsys/fsys_mntent.c +index 6fe4ed4..8a12181 100644 +--- a/agent/mibgroup/hardware/fsys/fsys_mntent.c ++++ b/agent/mibgroup/hardware/fsys/fsys_mntent.c +@@ -206,6 +206,8 @@ netsnmp_fsys_arch_load( void ) + #if HAVE_HASMNTOPT + if (hasmntopt( m, "ro" )) + entry->flags |= NETSNMP_FS_FLAG_RONLY; ++ else ++ entry->flags &= ~NETSNMP_FS_FLAG_RONLY; + #endif + /* + * The root device is presumably bootable. diff --git a/SOURCES/net-snmp-5.7.2-hrProcessorLoad-many-cpus.patch b/SOURCES/net-snmp-5.7.2-hrProcessorLoad-many-cpus.patch new file mode 100644 index 0000000..da4fa47 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-hrProcessorLoad-many-cpus.patch @@ -0,0 +1,22 @@ +1070076 - SNMP HRPROCESSORLOAD RETURNS INCORRECT VALUES FOR PROCESSOR #'S > 100 + +commit eef2f64b46357b353c79504bc593535ebe7421e7 +Author: Niels Baggesen +Date: Thu Jan 23 16:27:07 2014 +0100 + + cpu_linux: support systems with more than 100 cpus. + +diff -up net-snmp-5.7.2/agent/mibgroup/hardware/cpu/cpu_linux.c.hrProcessorLoad-many-cpus net-snmp-5.7.2/agent/mibgroup/hardware/cpu/cpu_linux.c +--- net-snmp-5.7.2/agent/mibgroup/hardware/cpu/cpu_linux.c.hrProcessorLoad-many-cpus 2015-01-16 10:01:49.728398670 +0100 ++++ net-snmp-5.7.2/agent/mibgroup/hardware/cpu/cpu_linux.c 2015-01-16 10:02:58.796486160 +0100 +@@ -154,7 +154,9 @@ int netsnmp_cpu_arch_load( netsnmp_cache + snmp_log_perror("Missing CPU info entry"); + break; + } +- b1 = b2+5; /* Skip "cpuN " */ ++ b1 = b2; /* Skip "cpuN " */ ++ while(*b1 != ' ') b1++; ++ b1++; + } + + num_cpuline_elem = sscanf(b1, "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu", diff --git a/SOURCES/net-snmp-5.7.2-hrStorage-fs.patch b/SOURCES/net-snmp-5.7.2-hrStorage-fs.patch new file mode 100644 index 0000000..f82a6eb --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-hrStorage-fs.patch @@ -0,0 +1,31 @@ +989498 - vzfs missing in hrStorage in an Virtuozzo Container +861152 - simfs missing in hrStorage in an OpenVZ container + +diff -up net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c.orig net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c.orig 2013-08-12 15:38:17.602977746 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c 2013-08-12 15:38:42.018888560 +0200 +@@ -139,6 +139,8 @@ _fsys_type( char *typename ) + !strcmp(typename, MNTTYPE_REISERFS) || + !strcmp(typename, MNTTYPE_OCFS2) || + !strcmp(typename, MNTTYPE_CVFS) || ++ !strcmp(typename, MNTTYPE_SIMFS) || ++ !strcmp(typename, MNTTYPE_VZFS) || + !strcmp(typename, MNTTYPE_LOFS)) + return NETSNMP_FS_TYPE_OTHER; + +diff -up net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h.orig net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h +--- net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h.orig 2013-08-12 15:38:52.112851691 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h 2013-08-12 15:39:16.063764218 +0200 +@@ -142,6 +142,12 @@ + #ifndef MNTTYPE_CVFS + #define MNTTYPE_CVFS "cvfs" + #endif ++#ifndef MNTTYPE_SIMFS ++#define MNTTYPE_SIMFS "simfs" ++#endif ++#ifndef MNTTYPE_VZFS ++#define MNTTYPE_VZFS "vzfs" ++#endif + + /* + * File systems to skip diff --git a/SOURCES/net-snmp-5.7.2-icmp-mib.patch b/SOURCES/net-snmp-5.7.2-icmp-mib.patch new file mode 100644 index 0000000..35c70b7 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-icmp-mib.patch @@ -0,0 +1,146 @@ +1072092 - net-snmp: denial of service flaw in Linux implementation of ICMP-MIB + +commit 8407b6ce46ca7159b3c816d1024e20a53f9a1c6c +Author: Wes Hardaker +Date: Wed Feb 19 15:21:57 2014 -0800 + + bug fix from fenner: fix ICMP mib table handling on linux + +diff --git a/agent/mibgroup/mibII/icmp.c b/agent/mibgroup/mibII/icmp.c +index 14c73a6..6d10426 100644 +--- a/agent/mibgroup/mibII/icmp.c ++++ b/agent/mibgroup/mibII/icmp.c +@@ -106,10 +106,20 @@ struct icmp_msg_stats_table_entry { + int flags; + }; + ++#ifdef linux ++/* Linux keeps track of all possible message types */ ++#define ICMP_MSG_STATS_IPV4_COUNT 256 ++#else + #define ICMP_MSG_STATS_IPV4_COUNT 11 ++#endif + + #ifdef NETSNMP_ENABLE_IPV6 ++#ifdef linux ++/* Linux keeps track of all possible message types */ ++#define ICMP_MSG_STATS_IPV6_COUNT 256 ++#else + #define ICMP_MSG_STATS_IPV6_COUNT 14 ++#endif + #else + #define ICMP_MSG_STATS_IPV6_COUNT 0 + #endif /* NETSNMP_ENABLE_IPV6 */ +@@ -177,7 +187,7 @@ icmp_msg_stats_load(netsnmp_cache *cache, void *vmagic) + inc = 0; + linux_read_icmp_msg_stat(&v4icmp, &v4icmpmsg, &flag); + if (flag) { +- while (254 != k) { ++ while (255 >= k) { + if (v4icmpmsg.vals[k].InType) { + icmp_msg_stats_table[i].ipVer = 1; + icmp_msg_stats_table[i].icmpMsgStatsType = k; +@@ -267,7 +277,7 @@ icmp_msg_stats_load(netsnmp_cache *cache, void *vmagic) + inc = 0; + linux_read_icmp6_msg_stat(&v6icmp, &v6icmpmsg, &flag); + if (flag) { +- while (254 != k) { ++ while (255 >= k) { + if (v6icmpmsg.vals[k].InType) { + icmp_msg_stats_table[i].ipVer = 2; + icmp_msg_stats_table[i].icmpMsgStatsType = k; +@@ -1050,6 +1060,12 @@ icmp_stats_table_handler(netsnmp_mib_handler *handler, + continue; + table_info = netsnmp_extract_table_info(request); + subid = table_info->colnum; ++ DEBUGMSGTL(( "mibII/icmpStatsTable", "oid: " )); ++ DEBUGMSGOID(( "mibII/icmpStatsTable", request->requestvb->name, ++ request->requestvb->name_length )); ++ DEBUGMSG(( "mibII/icmpStatsTable", " In %d InErr %d Out %d OutErr %d\n", ++ entry->icmpStatsInMsgs, entry->icmpStatsInErrors, ++ entry->icmpStatsOutMsgs, entry->icmpStatsOutErrors )); + + switch (subid) { + case ICMP_STAT_INMSG: +@@ -1117,6 +1133,11 @@ icmp_msg_stats_table_handler(netsnmp_mib_handler *handler, + continue; + table_info = netsnmp_extract_table_info(request); + subid = table_info->colnum; ++ DEBUGMSGTL(( "mibII/icmpMsgStatsTable", "oid: " )); ++ DEBUGMSGOID(( "mibII/icmpMsgStatsTable", request->requestvb->name, ++ request->requestvb->name_length )); ++ DEBUGMSG(( "mibII/icmpMsgStatsTable", " In %d Out %d Flags 0x%x\n", ++ entry->icmpMsgStatsInPkts, entry->icmpMsgStatsOutPkts, entry->flags )); + + switch (subid) { + case ICMP_MSG_STAT_IN_PKTS: +diff --git a/agent/mibgroup/mibII/kernel_linux.c b/agent/mibgroup/mibII/kernel_linux.c +index b21a166..ba320c7 100644 +--- a/agent/mibgroup/mibII/kernel_linux.c ++++ b/agent/mibgroup/mibII/kernel_linux.c +@@ -81,9 +81,9 @@ decode_icmp_msg(char *line, char *data, struct icmp4_msg_mib *msg) + index = strtol(token, &delim, 0); + if (ERANGE == errno) { + continue; +- } else if (index > LONG_MAX) { ++ } else if (index > 255) { + continue; +- } else if (index < LONG_MIN) { ++ } else if (index < 0) { + continue; + } + if (NULL == (token = strtok_r(dataptr, " ", &saveptr1))) +@@ -94,9 +94,9 @@ decode_icmp_msg(char *line, char *data, struct icmp4_msg_mib *msg) + index = strtol(token, &delim, 0); + if (ERANGE == errno) { + continue; +- } else if (index > LONG_MAX) { ++ } else if (index > 255) { + continue; +- } else if (index < LONG_MIN) { ++ } else if (index < 0) { + continue; + } + if(NULL == (token = strtok_r(dataptr, " ", &saveptr1))) +@@ -426,14 +426,21 @@ linux_read_icmp6_parse(struct icmp6_mib *icmp6stat, + + vals = name; + if (NULL != icmp6msgstat) { ++ int type; + if (0 == strncmp(name, "Icmp6OutType", 12)) { + strsep(&vals, "e"); +- icmp6msgstat->vals[atoi(vals)].OutType = stats; ++ type = atoi(vals); ++ if ( type < 0 || type > 255 ) ++ continue; ++ icmp6msgstat->vals[type].OutType = stats; + *support = 1; + continue; + } else if (0 == strncmp(name, "Icmp6InType", 11)) { + strsep(&vals, "e"); +- icmp6msgstat->vals[atoi(vals)].InType = stats; ++ type = atoi(vals); ++ if ( type < 0 || type > 255 ) ++ continue; ++ icmp6msgstat->vals[type].InType = stats; + *support = 1; + continue; + } +diff --git a/agent/mibgroup/mibII/kernel_linux.h b/agent/mibgroup/mibII/kernel_linux.h +index 6bf5d47..c6dfca9 100644 +--- a/agent/mibgroup/mibII/kernel_linux.h ++++ b/agent/mibgroup/mibII/kernel_linux.h +@@ -121,11 +121,11 @@ struct icmp_msg_mib { + + /* Lets use wrapper structures for future expansion */ + struct icmp4_msg_mib { +- struct icmp_msg_mib vals[255]; ++ struct icmp_msg_mib vals[256]; + }; + + struct icmp6_msg_mib { +- struct icmp_msg_mib vals[255]; ++ struct icmp_msg_mib vals[256]; + }; + + struct udp_mib { diff --git a/SOURCES/net-snmp-5.7.2-icmp.patch b/SOURCES/net-snmp-5.7.2-icmp.patch new file mode 100644 index 0000000..ae6f730 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-icmp.patch @@ -0,0 +1,12 @@ +diff -urNp old/agent/mibgroup/mibII/kernel_linux.c new/agent/mibgroup/mibII/kernel_linux.c +--- old/agent/mibgroup/mibII/kernel_linux.c 2019-04-02 13:54:36.000548869 +0200 ++++ new/agent/mibgroup/mibII/kernel_linux.c 2019-04-02 14:09:33.909641083 +0200 +@@ -29,7 +29,7 @@ struct udp_mib cached_udp_mib; + struct udp6_mib cached_udp6_mib; + + #define IP_STATS_LINE "Ip: %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu" +-#define ICMP_STATS_LINE "Icmp: %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu" ++#define ICMP_STATS_LINE "Icmp: %lu %lu %*lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu" + #define ICMP_MSG_STATS_LINE "IcmpMsg: " + #define TCP_STATS_LINE "Tcp: %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu" + #define UDP_STATS_LINE "Udp: %lu %lu %lu %lu" diff --git a/SOURCES/net-snmp-5.7.2-ifTable-interface_fadeout.patch b/SOURCES/net-snmp-5.7.2-ifTable-interface_fadeout.patch new file mode 100644 index 0000000..4c3b3ea --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-ifTable-interface_fadeout.patch @@ -0,0 +1,11 @@ +diff -urNp a/agent/mibgroup/if-mib/ifTable/ifTable_data_access.c b/agent/mibgroup/if-mib/ifTable/ifTable_data_access.c +--- a/agent/mibgroup/if-mib/ifTable/ifTable_data_access.c 2019-07-29 12:58:53.871166649 +0200 ++++ b/agent/mibgroup/if-mib/ifTable/ifTable_data_access.c 2019-07-29 13:02:34.718033022 +0200 +@@ -352,6 +352,7 @@ _check_interface_entry_for_updates(ifTab + rowreq_ctx->data.ifAdminStatus = IFADMINSTATUS_DOWN; + rowreq_ctx->data.ifOperStatus = IFOPERSTATUS_DOWN; + oper_changed = 1; ++ rowreq_ctx->data.ifLastChange = netsnmp_get_agent_uptime(); + } + if (rowreq_ctx->known_missing) { + time_t now = netsnmp_get_agent_uptime(); diff --git a/SOURCES/net-snmp-5.7.2-incomplete-parse.patch b/SOURCES/net-snmp-5.7.2-incomplete-parse.patch new file mode 100644 index 0000000..42d3788 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-incomplete-parse.patch @@ -0,0 +1,203 @@ +1212408 - net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables +1248412 - net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables [rhel-7.1.z] + +Backported from: + +commit f23bcd3ac6ddee5d0a48f9703007ccc738914791 +Author: Robert Story +Date: Sat Apr 11 18:49:02 2015 -0400 + + CHANGES: BUG: #2615: Don't return incompletely parsed varbinds + + +diff -up net-snmp-5.5/snmplib/snmp_api.c.incomplete-parse net-snmp-5.5/snmplib/snmp_api.c +--- net-snmp-5.5/snmplib/snmp_api.c.incomplete-parse 2015-07-30 12:10:31.495801514 +0200 ++++ net-snmp-5.5/snmplib/snmp_api.c 2015-07-30 12:11:43.087038548 +0200 +@@ -4508,10 +4508,9 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + u_char type; + u_char msg_type; + u_char *var_val; +- int badtype = 0; + size_t len; + size_t four; +- netsnmp_variable_list *vp = NULL; ++ netsnmp_variable_list *vp = NULL, *vplast = NULL; + oid objid[MAX_OID_LEN]; + u_char *p; + +@@ -4647,38 +4646,24 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + (ASN_SEQUENCE | ASN_CONSTRUCTOR), + "varbinds"); + if (data == NULL) +- return -1; ++ goto fail; + + /* + * get each varBind sequence + */ + while ((int) *length > 0) { +- netsnmp_variable_list *vptemp; +- vptemp = (netsnmp_variable_list *) malloc(sizeof(*vptemp)); +- if (NULL == vptemp) { +- return -1; +- } +- if (NULL == vp) { +- pdu->variables = vptemp; +- } else { +- vp->next_variable = vptemp; +- } +- vp = vptemp; +- +- vp->next_variable = NULL; +- vp->val.string = NULL; ++ vp = SNMP_MALLOC_TYPEDEF(netsnmp_variable_list); ++ if (NULL == vp) ++ goto fail; ++ + vp->name_length = MAX_OID_LEN; +- vp->name = NULL; +- vp->index = 0; +- vp->data = NULL; +- vp->dataFreeHook = NULL; + DEBUGDUMPSECTION("recv", "VarBind"); + data = snmp_parse_var_op(data, objid, &vp->name_length, &vp->type, + &vp->val_len, &var_val, length); + if (data == NULL) +- return -1; ++ goto fail; + if (snmp_set_var_objid(vp, objid, vp->name_length)) +- return -1; ++ goto fail; + + len = MAX_PACKET_LENGTH; + DEBUGDUMPHEADER("recv", "Value"); +@@ -4690,7 +4675,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + (long *) vp->val.integer, + sizeof(*vp->val.integer)); + if (!p) +- return -1; ++ goto fail; + break; + case ASN_COUNTER: + case ASN_GAUGE: +@@ -4702,7 +4687,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + (u_long *) vp->val.integer, + vp->val_len); + if (!p) +- return -1; ++ goto fail; + break; + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case ASN_OPAQUE_COUNTER64: +@@ -4715,7 +4700,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + (struct counter64 *) vp->val. + counter64, vp->val_len); + if (!p) +- return -1; ++ goto fail; + break; + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case ASN_OPAQUE_FLOAT: +@@ -4724,7 +4709,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + p = asn_parse_float(var_val, &len, &vp->type, + vp->val.floatVal, vp->val_len); + if (!p) +- return -1; ++ goto fail; + break; + case ASN_OPAQUE_DOUBLE: + vp->val.doubleVal = (double *) vp->buf; +@@ -4732,7 +4717,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + p = asn_parse_double(var_val, &len, &vp->type, + vp->val.doubleVal, vp->val_len); + if (!p) +- return -1; ++ goto fail; + break; + case ASN_OPAQUE_I64: + vp->val.counter64 = (struct counter64 *) vp->buf; +@@ -4742,12 +4727,12 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + sizeof(*vp->val.counter64)); + + if (!p) +- return -1; ++ goto fail; + break; + #endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */ + case ASN_IPADDRESS: + if (vp->val_len != 4) +- return -1; ++ goto fail; + /* fallthrough */ + case ASN_OCTET_STR: + case ASN_OPAQUE: +@@ -4758,22 +4743,22 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + vp->val.string = (u_char *) malloc(vp->val_len); + } + if (vp->val.string == NULL) { +- return -1; ++ goto fail; + } + p = asn_parse_string(var_val, &len, &vp->type, vp->val.string, + &vp->val_len); + if (!p) +- return -1; ++ goto fail; + break; + case ASN_OBJECT_ID: + vp->val_len = MAX_OID_LEN; + p = asn_parse_objid(var_val, &len, &vp->type, objid, &vp->val_len); + if (!p) +- return -1; ++ goto fail; + vp->val_len *= sizeof(oid); + vp->val.objid = (oid *) malloc(vp->val_len); + if (vp->val.objid == NULL) { +- return -1; ++ goto fail; + } + memmove(vp->val.objid, objid, vp->val_len); + break; +@@ -4785,21 +4770,38 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char + case ASN_BIT_STR: + vp->val.bitstring = (u_char *) malloc(vp->val_len); + if (vp->val.bitstring == NULL) { +- return -1; ++ goto fail; + } + p = asn_parse_bitstring(var_val, &len, &vp->type, + vp->val.bitstring, &vp->val_len); + if (!p) +- return -1; ++ goto fail; + break; + default: + snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type); +- badtype = -1; ++ goto fail; + break; + } + DEBUGINDENTADD(-4); ++ ++ if (NULL == vplast) { ++ pdu->variables = vp; ++ } else { ++ vplast->next_variable = vp; ++ } ++ vplast = vp; ++ vp = NULL; ++ + } +- return badtype; ++ return 0; ++ ++fail: ++ DEBUGMSGTL(("recv", "error while parsing VarBindList\n")); ++ /** if we were parsing a var, remove it from the pdu and free it */ ++ if (vp) ++ snmp_free_var(vp); ++ ++ return -1; + } + + /* diff --git a/SOURCES/net-snmp-5.7.2-ipAddress-faster-load.patch b/SOURCES/net-snmp-5.7.2-ipAddress-faster-load.patch new file mode 100644 index 0000000..e59f896 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-ipAddress-faster-load.patch @@ -0,0 +1,346 @@ +diff -urNp old/agent/mibgroup/ip-mib/data_access/ipaddress_common.c new/agent/mibgroup/ip-mib/data_access/ipaddress_common.c +--- old/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2012-10-10 00:28:58.000000000 +0200 ++++ new/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2017-04-04 11:02:42.391951747 +0200 +@@ -67,6 +67,7 @@ netsnmp_container * + netsnmp_access_ipaddress_container_init(u_int flags) + { + netsnmp_container *container1; ++ int rc; + + DEBUGMSGTL(("access:ipaddress:container", "init\n")); + +@@ -80,6 +81,7 @@ netsnmp_access_ipaddress_container_init( + return NULL; + } + container1->container_name = strdup("ia_index"); ++ CONTAINER_SET_OPTIONS(container1, CONTAINER_KEY_ALLOW_DUPLICATES, rc); + + if (flags & NETSNMP_ACCESS_IPADDRESS_INIT_ADDL_IDX_BY_ADDR) { + netsnmp_container *container2 = +@@ -92,6 +94,13 @@ netsnmp_access_ipaddress_container_init( + + container2->compare = _access_ipaddress_entry_compare_addr; + container2->container_name = strdup("ia_addr"); ++ ++ /* ++ * With allowed duplicates, CONTAINER_INSERT does not need to sort whole ++ * container and check for duplicates. We remove duplicates manually in ++ * netsnmp_access_ipaddress_container_load. ++ */ ++ CONTAINER_SET_OPTIONS(container2, CONTAINER_KEY_ALLOW_DUPLICATES, rc); + + netsnmp_container_add_index(container1, container2); + } +@@ -100,6 +109,53 @@ netsnmp_access_ipaddress_container_init( + } + + /** ++ * Remove duplicate entries from the container. ++ * This function returns new copy of the container and destroys ++ * the original one. Use like this: ++ * c = _remove_duplicates(c, flags); ++ */ ++static netsnmp_container * ++_remove_duplicates(netsnmp_container *container, u_int container_flags) ++{ ++ netsnmp_container *c; ++ netsnmp_iterator *it; ++ netsnmp_container *ret; ++ netsnmp_ipaddress_entry *entry, *prev_entry; ++ ++ if (! (container_flags & NETSNMP_ACCESS_IPADDRESS_INIT_ADDL_IDX_BY_ADDR)) { ++ /* We don't have address index, we can't detect duplicates */ ++ return container; ++ } ++ ++ ret = netsnmp_access_ipaddress_container_init(container_flags); ++ ++ /* use the IpAddress index */ ++ c = container->next; ++ it = CONTAINER_ITERATOR(c); ++ /* Sort the address index */ ++ CONTAINER_FIND(c, ITERATOR_FIRST(it)); ++ ++ ++ /* ++ * Sequentially iterate over sorted container and add only unique entries ++ * to 'ret' ++ */ ++ prev_entry = NULL; ++ for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) { ++ if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) { ++ /* 'entry' is duplicate of the previous one -> delete it */ ++ netsnmp_access_ipaddress_entry_free(entry); ++ } else { ++ CONTAINER_INSERT(ret, entry); ++ prev_entry = entry; ++ } ++ } ++ CONTAINER_FREE(container); ++ free(it); ++ return ret; ++} ++ ++/** + * @retval NULL error + * @retval !NULL pointer to container + */ +@@ -112,9 +168,10 @@ netsnmp_access_ipaddress_container_load( + + DEBUGMSGTL(("access:ipaddress:container", "load\n")); + ++ if (load_flags & NETSNMP_ACCESS_IPADDRESS_LOAD_ADDL_IDX_BY_ADDR) ++ container_flags |= NETSNMP_ACCESS_IPADDRESS_INIT_ADDL_IDX_BY_ADDR; ++ + if (NULL == container) { +- if (load_flags & NETSNMP_ACCESS_IPADDRESS_LOAD_ADDL_IDX_BY_ADDR) +- container_flags |= NETSNMP_ACCESS_IPADDRESS_INIT_ADDL_IDX_BY_ADDR; + container = netsnmp_access_ipaddress_container_init(container_flags); + } + if (NULL == container) { +@@ -129,6 +186,9 @@ netsnmp_access_ipaddress_container_load( + container = NULL; + } + ++ if (container) ++ container = _remove_duplicates(container, container_flags); ++ + return container; + } + +diff -urNp old/agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c new/agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c +--- old/agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c 2012-10-10 00:28:58.000000000 +0200 ++++ new/agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c 2017-04-04 13:26:34.332529808 +0200 +@@ -137,6 +137,13 @@ ipAddressTable_container_init(netsnmp_co + *container_ptr_ptr = + netsnmp_container_find("ipAddressTable:table_container"); + if (NULL != *container_ptr_ptr) { ++ /* ++ * The container has ALLOW_DUPLICATES flag to speed up CONTAINER_INSERT ++ * operations (it does not need to check for duplicates), however we ++ * (manually) ensure that we won't insert any duplicates there. ++ */ ++ int rc; ++ CONTAINER_SET_OPTIONS(*container_ptr_ptr, CONTAINER_KEY_ALLOW_DUPLICATES, rc); + (*container_ptr_ptr)->container_name = strdup("ipAddressTable"); + ipAddressTable_container_load(*container_ptr_ptr); + CONTAINER_FOR_EACH(*container_ptr_ptr, +@@ -205,8 +212,9 @@ static void + _check_entry_for_updates(ipAddressTable_rowreq_ctx * rowreq_ctx, + void **magic) + { +- netsnmp_container *ipaddress_container = (netsnmp_container*)magic[0]; ++ netsnmp_container *ipaddress_container = magic[0]; + netsnmp_container *to_delete = (netsnmp_container*)magic[1]; ++ netsnmp_container *to_ignore = (netsnmp_container *) magic[2]; + + /* + * check for matching entry using secondary index. +@@ -234,10 +242,21 @@ _check_entry_for_updates(ipAddressTable_ + rowreq_ctx->ipAddressLastChanged = netsnmp_get_agent_uptime(); + + /* +- * remove entry from ifcontainer ++ * Remember not to add this entry from 'ipaddress_container' to 'container' later. ++ * Simple CONTAINER_REMOVE(ipaddress_container, ..) would be slow. + */ +- CONTAINER_REMOVE(ipaddress_container, ipaddress_entry); +- netsnmp_access_ipaddress_entry_free(ipaddress_entry); ++ if (NULL == to_ignore) { ++ magic[2] = to_ignore = netsnmp_container_find("access_ipaddress:table_container"); ++ if (NULL == to_ignore) { ++ snmp_log(LOG_ERR, "couldn't create ignore container\n"); ++ } else { ++ /* to speed up insertion */ ++ int rc; ++ CONTAINER_SET_OPTIONS(to_ignore, CONTAINER_KEY_ALLOW_DUPLICATES, rc); ++ } ++ } ++ if (NULL != to_ignore) ++ CONTAINER_INSERT(to_ignore, ipaddress_entry); + } + } + +@@ -246,8 +265,11 @@ _check_entry_for_updates(ipAddressTable_ + */ + static void + _add_new_entry(netsnmp_ipaddress_entry *ipaddress_entry, +- netsnmp_container *container) ++ void **magic) + { ++ netsnmp_container *container = magic[0]; ++ netsnmp_container *to_ignore = magic[2]; ++ + ipAddressTable_rowreq_ctx *rowreq_ctx; + + DEBUGMSGTL(("ipAddressTable:access", "creating new entry\n")); +@@ -255,6 +277,11 @@ _add_new_entry(netsnmp_ipaddress_entry * + netsnmp_assert(NULL != ipaddress_entry); + netsnmp_assert(NULL != container); + ++ if (to_ignore && CONTAINER_FIND(to_ignore, ipaddress_entry)) { ++ /* this entry already is in 'container', skip it */ ++ return; ++ } ++ + /* + * allocate an row context and set the index(es) + */ +@@ -329,36 +356,44 @@ int + ipAddressTable_container_load(netsnmp_container *container) + { + netsnmp_container *ipaddress_container; +- void *tmp_ptr[2]; ++ void *tmp_ptr[3]; + + DEBUGMSGTL(("verbose:ipAddressTable:ipAddressTable_cache_load", + "called\n")); + + /* +- * TODO:351:M: |-> Load/update data in the ipAddressTable container. ++ * Load/update data in the ipAddressTable container. + * loop over your ipAddressTable data, allocate a rowreq context, + * set the index(es) [and data, optionally] and insert into + * the container. + */ ++ /* ++ * netsnmp_access_ipaddress_container_load makes sure that ++ * ipaddress_container does not contain any duplicate entries, ++ */ ++ + ipaddress_container = + netsnmp_access_ipaddress_container_load(NULL, + NETSNMP_ACCESS_IPADDRESS_LOAD_ADDL_IDX_BY_ADDR); + /* + * we just got a fresh copy of interface data. compare it to + * what we've already got, and make any adjustments, saving +- * missing addresses to be deleted. ++ * missing addresses to be deleted. Also, prune interfaces in ++ * ipaddress_container, so only the new interfaces remain. + */ + tmp_ptr[0] = ipaddress_container->next; +- tmp_ptr[1] = NULL; ++ tmp_ptr[1] = NULL; /* list of interfaces to be removed from 'container' */ ++ tmp_ptr[2] = NULL; /* list of interfaces to be ignored in ipaddress_container */ + CONTAINER_FOR_EACH(container, (netsnmp_container_obj_func *) + _check_entry_for_updates, tmp_ptr); + + /* + * now add any new interfaces + */ ++ tmp_ptr[0] = container; + CONTAINER_FOR_EACH(ipaddress_container, + (netsnmp_container_obj_func *) _add_new_entry, +- container); ++ tmp_ptr); + + /* + * free the container. we've either claimed each entry, or released it, +@@ -396,6 +431,19 @@ ipAddressTable_container_load(netsnmp_co + */ + CONTAINER_REMOVE(tmp_container, NULL); + } ++ CONTAINER_FREE(tmp_container); ++ } ++ ++ if (NULL != tmp_ptr[2]) { ++ /* list of interfaces to be ignored in ipaddress_container - free it */ ++ netsnmp_container *to_ignore = (netsnmp_container *) tmp_ptr[2]; ++ netsnmp_ipaddress_entry *ipaddress_entry; ++ while (CONTAINER_SIZE(to_ignore)) { ++ ipaddress_entry = (netsnmp_ipaddress_entry*)CONTAINER_FIRST(to_ignore); ++ CONTAINER_REMOVE(to_ignore, ipaddress_entry); ++ netsnmp_access_ipaddress_entry_free(ipaddress_entry); ++ } ++ CONTAINER_FREE(to_ignore); + } + + DEBUGMSGT(("verbose:ipAddressTable:ipAddressTable_cache_load", +diff -urNp old/agent/mibgroup/mibII/ipAddr.c new/agent/mibgroup/mibII/ipAddr.c +--- old/agent/mibgroup/mibII/ipAddr.c 2012-10-10 00:28:58.000000000 +0200 ++++ new/agent/mibgroup/mibII/ipAddr.c 2017-04-04 13:28:56.547268946 +0200 +@@ -493,14 +493,16 @@ Address_Scan_Next(Index, Retin_ifaddr) + } + + #elif defined(linux) ++#include + static struct ifreq *ifr; + static int ifr_counter; + + static void + Address_Scan_Init(void) + { +- int num_interfaces = 0; ++ int i; + int fd; ++ int lastlen = 0; + + /* get info about all interfaces */ + +@@ -508,30 +510,45 @@ Address_Scan_Init(void) + SNMP_FREE(ifc.ifc_buf); + ifr_counter = 0; + +- do ++ if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + { +- if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) +- { +- DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n")); +- return; +- } +- num_interfaces += 16; +- +- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces; +- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len); +- +- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) +- { +- ifr=NULL; +- close(fd); +- return; +- } +- close(fd); ++ DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n")); ++ return; ++ } ++ ++ /* ++ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF ++ * on some platforms; see W. R. Stevens, ``Unix Network Programming ++ * Volume I'', p.435... ++ */ ++ ++ for (i = 8;; i *= 2) { ++ ifc.ifc_len = sizeof(struct ifreq) * i; ++ ifc.ifc_req = calloc(i, sizeof(struct ifreq)); ++ ++ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) { ++ if (errno != EINVAL || lastlen != 0) { ++ /* ++ * Something has gone genuinely wrong... ++ */ ++ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno); ++ SNMP_FREE(ifc.ifc_buf); ++ close(fd); ++ return; ++ } ++ } else { ++ if (ifc.ifc_len == lastlen) { ++ /* ++ * The length is the same as the last time; we're done... ++ */ ++ break; ++ } ++ lastlen = ifc.ifc_len; ++ } ++ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */ + } +- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces)); +- +- ifr = ifc.ifc_req; + close(fd); ++ ifr = ifc.ifc_req; + } + + /* diff --git a/SOURCES/net-snmp-5.7.2-ipCidrRouteTable-duplicates.patch b/SOURCES/net-snmp-5.7.2-ipCidrRouteTable-duplicates.patch new file mode 100644 index 0000000..b3f9101 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-ipCidrRouteTable-duplicates.patch @@ -0,0 +1,131 @@ +1172013 - NetworkManager causes snmp OID not increasing + +commit 664ed943f63dfe9393e959840ecd23c31c9d8f89 +Author: Bill Fenner +Date: Wed Aug 27 16:02:57 2014 -0400 + + Handle duplicates in a binary_array container + + The CONTAINER_KEY_ALLOW_DUPLICATES setting is fundamentally flawed; + it really effectively meant "I promise I won't insert duplicates + so don't check at insert time". However, the ip-forward-mib + sets this flag but relies on the duplicate prevention at insert + time under certain scenarios (e.g., multiple attachments to the + same subnet on MacOS), resulting in a loop in ip-forward-mib + in these scenarios. So, now it means "check for duplicates at + getnext time" - the binary search will find an arbitrary one + of the entries with the same key, and when we've incremented + we have to check whether or not we've actually incremented past + any duplicates. This costs an extra key compare per getnext. + + If there's a scenario in the future where a MIB implementation + can really guarantee that it isn't inserting duplicates, we + might want to add a "CONTAINER_KEY_I_PROMISE_I_WONT_INSERT_DUPLICATES", + that disables the insertion check but doesn't perform the getnext + check. + +diff --git a/snmplib/container_binary_array.c b/snmplib/container_binary_array.c +index 249a3a9..10ae67f 100644 +--- a/snmplib/container_binary_array.c ++++ b/snmplib/container_binary_array.c +@@ -284,6 +284,22 @@ netsnmp_binary_array_get(netsnmp_container *c, const void *key, int exact) + if (key) { + if ((index = binary_search(key, c, exact)) == -1) + return NULL; ++ if (!exact && ++ c->flags & CONTAINER_KEY_ALLOW_DUPLICATES) { ++ int result; ++ ++ /* ++ * If duplicates are allowed, we have to be extra ++ * sure that we didn't just increment to a duplicate, ++ * thus causing a getnext loop. ++ */ ++ result = c->compare(t->data[index], key); ++ while (result == 0) { ++ if (++index == t->count) ++ return NULL; ++ result = c->compare(t->data[index], key); ++ } ++ } + } + + return t->data[index]; +diff --git a/testing/fulltests/unit-tests/T021binary_array_oid_duplicates_clib.c b/testing/fulltests/unit-tests/T021binary_array_oid_duplicates_clib.c +new file mode 100644 +index 0000000..c027329 +--- /dev/null ++++ b/testing/fulltests/unit-tests/T021binary_array_oid_duplicates_clib.c +@@ -0,0 +1,72 @@ ++/* HEADER Testing duplicate handling in binary OID array */ ++ ++/* Much copied from T012 */ ++static const char test_name[] = "binary-array-of-OIDs-duplicate-test"; ++oid o1 = 1; ++oid o2 = 2; ++oid o3 = 6; ++oid o4 = 8; ++oid o5 = 9; ++oid ox = 7; ++oid oy = 10; ++netsnmp_index i1, i2, i3, i4, i5, ix, iy, *ip; ++netsnmp_index *b[] = { &i4, &i2, &i3, &i1, &i5 }; ++netsnmp_container *c; ++int i; ++ ++init_snmp(test_name); ++ ++c = netsnmp_container_get_binary_array(); ++c->compare = netsnmp_compare_netsnmp_index; ++netsnmp_binary_array_options_set(c, 1, ++ CONTAINER_KEY_ALLOW_DUPLICATES); ++ ++i1.oids = &o1; ++i2.oids = &o2; ++i3.oids = &o3; ++i4.oids = &o4; ++i5.oids = &o5; ++ix.oids = &ox; ++iy.oids = &oy; ++i1.len = i2.len = i3.len = i4.len = i5.len = ix.len = iy.len = 1; ++ ++for (i = 0; i < sizeof(b)/sizeof(b[0]); ++i) ++ CONTAINER_INSERT(c, b[i]); ++ ++#define MAX_ROUNDS 6 ++/* Insert some duplicates of i4; also insert a duplicate of ++ * i1 to move the contents of the array around. */ ++for (i = 0; i < MAX_ROUNDS; ++i) { ++ switch (i) { ++ case 0: ++ /* First round: no insert */ ++ break; ++ case 1: ++ case 2: ++ case 4: ++ case 5: ++ /* Insert another duplicate of our target object */ ++ CONTAINER_INSERT(c, &i4); ++ break; ++ case 3: ++ /* Insert a dulicate of an earlier OID, so that it ++ * changes the binary search behavior */ ++ CONTAINER_INSERT(c, &i1); ++ break; ++ } ++ /* Primary requirement: getnext returns the next value! */ ++ ip = CONTAINER_FIND(c, &i4); ++ OKF(ip, ("FIND returned a value")); ++ OKF(c->compare(&i4, ip) == 0, ++ ("FIND returned oid %" NETSNMP_PRIo "d", ip->oids[0])); ++ ip = CONTAINER_NEXT(c, &i4); ++ OKF(ip, ("NEXT returned a value")); ++ OKF(c->compare(&i5, ip) == 0, ++ ("NEXT returned index 5 = %" NETSNMP_PRIo "d", i5.oids[0])); ++} ++ ++while ((ip = CONTAINER_FIRST(c))) ++ CONTAINER_REMOVE(c, ip); ++CONTAINER_FREE(c); ++ ++snmp_shutdown(test_name); diff --git a/SOURCES/net-snmp-5.7.2-iterator-fix.patch b/SOURCES/net-snmp-5.7.2-iterator-fix.patch new file mode 100644 index 0000000..fb34caf --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-iterator-fix.patch @@ -0,0 +1,14 @@ +diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c +--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200 ++++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200 +@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam + return 0; /* or -1 */ + + it = CONTAINER_ITERATOR( swrun_container ); ++ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) { ++ if (0 == strcmp( entry->hrSWRunName, name )) ++ i++; ++ } + while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) { + if (0 == strcmp( entry->hrSWRunName, name )) + i++; diff --git a/SOURCES/net-snmp-5.7.2-kernel-threads.patch b/SOURCES/net-snmp-5.7.2-kernel-threads.patch new file mode 100644 index 0000000..b6722f6 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-kernel-threads.patch @@ -0,0 +1,41 @@ +979329 - hrSWRunTable does not show kernel threads + +commit c655fce784532a523f7db582d0cd07dee4ad7ac5 +Author: Niels Baggesen +Date: Mon Oct 22 16:25:59 2012 +0200 + + Try to better classify Linux kernel threads as hrSWRunType=Os + +diff --git a/agent/mibgroup/host/data_access/swrun_procfs_status.c b/agent/mibgroup/host/data_access/swrun_procfs_status.c +index 80182d0..61c5e3a 100644 +--- a/agent/mibgroup/host/data_access/swrun_procfs_status.c ++++ b/agent/mibgroup/host/data_access/swrun_procfs_status.c +@@ -122,11 +122,11 @@ netsnmp_arch_swrun_container_load( netsnmp_container *container, u_int flags) + continue; /* file (process) probably went away */ + } + memset(buf, 0, sizeof(buf)); +- if ((cp = fgets( buf, BUFSIZ-1, fp )) == NULL) { +- fclose(fp); +- netsnmp_swrun_entry_free(entry); +- continue; +- } ++ entry->hrSWRunType = HRSWRUNTYPE_APPLICATION; ++ if ((cp = fgets( buf, sizeof(buf)-1, fp )) == NULL) { ++ entry->hrSWRunType = HRSWRUNTYPE_OPERATINGSYSTEM; ++ buf[0] = '\0'; ++ } + fclose(fp); + + /* +@@ -151,11 +151,6 @@ netsnmp_arch_swrun_container_load( netsnmp_container *container, u_int flags) + buf + entry->hrSWRunPath_len + 1); + + /* +- * XXX - No information regarding system processes vs applications +- */ +- entry->hrSWRunType = HRSWRUNTYPE_APPLICATION; +- +- /* + * {xxx} {xxx} STATUS {xxx}*10 UTIME STIME {xxx}*8 RSS + */ + snprintf( buf, BUFSIZ, "/proc/%d/stat", pid ); diff --git a/SOURCES/net-snmp-5.7.2-key-leak-backport.patch b/SOURCES/net-snmp-5.7.2-key-leak-backport.patch new file mode 100644 index 0000000..58fc6ce --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-key-leak-backport.patch @@ -0,0 +1,50 @@ +diff -urNp a/snmplib/keytools.c b/snmplib/keytools.c +--- a/snmplib/keytools.c 2018-11-26 14:48:35.967812631 +0100 ++++ b/snmplib/keytools.c 2018-11-26 15:21:14.758817675 +0100 +@@ -153,19 +153,21 @@ generate_Ku(const oid * hashtype, u_int + ctx = EVP_MD_CTX_create(); + #else + ctx = malloc(sizeof(*ctx)); +- EVP_MD_CTX_init(ctx); ++ if(!EVP_MD_CTX_init(ctx)){ ++ QUITFUN(SNMPERR_GENERR, generate_Ku_quit); ++ } + #endif + #ifndef NETSNMP_DISABLE_MD5 + if (ISTRANSFORM(hashtype, HMACMD5Auth)) { + if (!EVP_DigestInit(ctx, EVP_md5())) + /* MD5 not supported */ +- return SNMPERR_GENERR; ++ QUITFUN(SNMPERR_GENERR, generate_Ku_quit); + } else + #endif + if (ISTRANSFORM(hashtype, HMACSHA1Auth)) { + if (!EVP_DigestInit(ctx, EVP_sha1())) + /* SHA1 not supported */ +- return SNMPERR_GENERR; ++ QUITFUN(SNMPERR_GENERR, generate_Ku_quit); + } else { + QUITFUN(SNMPERR_GENERR, generate_Ku_quit); + } +diff -urNp a/snmplib/scapi.c b/snmplib/scapi.c +--- a/snmplib/scapi.c 2018-11-26 14:48:35.967812631 +0100 ++++ b/snmplib/scapi.c 2018-11-26 15:12:19.296751273 +0100 +@@ -498,7 +498,8 @@ sc_hash(const oid * hashtype, size_t has + #endif + if (!EVP_DigestInit(cptr, hashfn)) { + /* requested hash function is not available */ +- return SNMPERR_SC_NOT_CONFIGURED; ++ rval = SNMPERR_SC_NOT_CONFIGURED; ++ goto sc_hash_type_quit; + } + + /** pass the data */ +@@ -507,6 +508,8 @@ sc_hash(const oid * hashtype, size_t has + /** do the final pass */ + EVP_DigestFinal(cptr, MAC, &tmp_len); + *MAC_len = tmp_len; ++ ++sc_hash_type_quit: + #ifdef HAVE_EVP_MD_CTX_DESTROY + EVP_MD_CTX_destroy(cptr); + #else diff --git a/SOURCES/net-snmp-5.7.2-large-fdset.patch b/SOURCES/net-snmp-5.7.2-large-fdset.patch new file mode 100644 index 0000000..cef9d46 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-large-fdset.patch @@ -0,0 +1,215 @@ +diff -urNp old/include/net-snmp/library/large_fd_set.h new/include/net-snmp/library/large_fd_set.h +--- old/include/net-snmp/library/large_fd_set.h 2012-10-10 00:28:58.000000000 +0200 ++++ new/include/net-snmp/library/large_fd_set.h 2017-04-04 14:36:27.307180033 +0200 +@@ -55,8 +55,9 @@ extern "C" { + * Number of bytes needed to store a number of file descriptors as a + * struct fd_set. + */ +-#define NETSNMP_FD_SET_BYTES(setsize) \ +- (sizeof(fd_set) + ((setsize) - FD_SETSIZE) * sizeof(SOCKET)) ++#define NETSNMP_FD_SET_BYTES(setsize) \ ++ (sizeof(fd_set) + ((setsize) > FD_SETSIZE ? \ ++ ((setsize) - FD_SETSIZE) * sizeof(SOCKET) : 0)) + + /** Remove all sockets from the set *fdset. */ + #define NETSNMP_LARGE_FD_ZERO(fdset) \ +@@ -91,9 +92,10 @@ int netsnmp_large_fd_is_set(SOCKET fd + * Number of bytes needed to store a number of file descriptors as a + * struct fd_set. + */ +-#define NETSNMP_FD_SET_BYTES(setsize) \ +- (sizeof(fd_set) + NETSNMP_FD_SET_ELEM_COUNT((setsize) - FD_SETSIZE) \ +- * NETSNMP_FD_MASK_SIZE) ++#define NETSNMP_FD_SET_BYTES(setsize) \ ++ (sizeof(fd_set) + ((setsize) > FD_SETSIZE ? \ ++ NETSNMP_FD_SET_ELEM_COUNT((setsize) - FD_SETSIZE) \ ++ * NETSNMP_FD_MASK_SIZE : 0)) + + /** Remove all file descriptors from the set *fdset. */ + #define NETSNMP_LARGE_FD_ZERO(fdset) \ +diff -urNp old/snmplib/large_fd_set.c new/snmplib/large_fd_set.c +--- old/snmplib/large_fd_set.c 2012-10-10 00:28:58.000000000 +0200 ++++ new/snmplib/large_fd_set.c 2017-04-04 15:03:20.580810774 +0200 +@@ -21,6 +21,10 @@ + + #if !defined(cygwin) && defined(HAVE_WINSOCK_H) + ++#define LFD_SET(n, p) FD_SET(n, p) ++#define LFD_CLR(n, p) FD_CLR(n, p) ++#define LFD_ISSET(n, p) FD_ISSET(n, p) ++ + void + netsnmp_large_fd_setfd(SOCKET fd, netsnmp_large_fd_set * fdset) + { +@@ -28,18 +32,18 @@ netsnmp_large_fd_setfd(SOCKET fd, netsnm + + netsnmp_assert(fd != INVALID_SOCKET); + +- if (fdset->lfs_set.fd_count == fdset->lfs_setsize) ++ if (fdset->lfs_setptr->fd_count == fdset->lfs_setsize) + netsnmp_large_fd_set_resize(fdset, 2 * (fdset->lfs_setsize + 1)); + +- for (i = 0; i < fdset->lfs_set.fd_count; i++) { +- if (fdset->lfs_set.fd_array[i] == (SOCKET) (fd)) ++ for (i = 0; i < fdset->lfs_setptr->fd_count; i++) { ++ if (fdset->lfs_setptr->fd_array[i] == fd) + break; + } + +- if (i == fdset->lfs_set.fd_count +- && fdset->lfs_set.fd_count < fdset->lfs_setsize) { +- fdset->lfs_set.fd_count++; +- fdset->lfs_set.fd_array[i] = fd; ++ if (i == fdset->lfs_setptr->fd_count && ++ fdset->lfs_setptr->fd_count < fdset->lfs_setsize) { ++ fdset->lfs_setptr->fd_count++; ++ fdset->lfs_setptr->fd_array[i] = fd; + } + } + +@@ -50,14 +54,14 @@ netsnmp_large_fd_clr(SOCKET fd, netsnmp_ + + netsnmp_assert(fd != INVALID_SOCKET); + +- for (i = 0; i < fdset->lfs_set.fd_count; i++) { +- if (fdset->lfs_set.fd_array[i] == fd) { +- while (i < fdset->lfs_set.fd_count - 1) { +- fdset->lfs_set.fd_array[i] = +- fdset->lfs_set.fd_array[i + 1]; ++ for (i = 0; i < fdset->lfs_setptr->fd_count; i++) { ++ if (fdset->lfs_setptr->fd_array[i] == fd) { ++ while (i < fdset->lfs_setptr->fd_count - 1) { ++ fdset->lfs_setptr->fd_array[i] = ++ fdset->lfs_setptr->fd_array[i + 1]; + i++; + } +- fdset->lfs_set.fd_count--; ++ fdset->lfs_setptr->fd_count--; + break; + } + } +@@ -70,8 +74,8 @@ netsnmp_large_fd_is_set(SOCKET fd, netsn + + netsnmp_assert(fd != INVALID_SOCKET); + +- for (i = 0; i < fdset->lfs_set.fd_count; i++) { +- if (fdset->lfs_set.fd_array[i] == fd) ++ for (i = 0; i < fdset->lfs_setptr->fd_count; i++) { ++ if (fdset->lfs_setptr->fd_array[i] == fd) + return 1; + } + return 0; +@@ -79,6 +83,43 @@ netsnmp_large_fd_is_set(SOCKET fd, netsn + + #else + ++ /* ++ * Recent versions of glibc trigger abort() if FD_SET(), FD_CLR() or ++ * FD_ISSET() is invoked with n >= FD_SETSIZE. Hence these replacement ++ * functions. However, since NFDBITS != 8 * sizeof(fd_set.fds_bits[0]) for at ++ * least HP-UX on ia64 and since that combination uses big endian, use the ++ * macros from on such systems. ++ */ ++NETSNMP_STATIC_INLINE void LFD_SET(unsigned n, fd_set *p) ++{ ++ enum { nfdbits = 8 * sizeof(p->fds_bits[0]) }; ++ ++ if (nfdbits == NFDBITS) ++ p->fds_bits[n / nfdbits] |= (1ULL << (n % nfdbits)); ++ else ++ FD_SET(n, p); ++} ++ ++NETSNMP_STATIC_INLINE void LFD_CLR(unsigned n, fd_set *p) ++{ ++ enum { nfdbits = 8 * sizeof(p->fds_bits[0]) }; ++ ++ if (nfdbits == NFDBITS) ++ p->fds_bits[n / nfdbits] &= ~(1ULL << (n % nfdbits)); ++ else ++ FD_CLR(n, p); ++} ++ ++NETSNMP_STATIC_INLINE unsigned LFD_ISSET(unsigned n, const fd_set *p) ++{ ++ enum { nfdbits = 8 * sizeof(p->fds_bits[0]) }; ++ ++ if (nfdbits == NFDBITS) ++ return (p->fds_bits[n / nfdbits] & (1ULL << (n % nfdbits))) != 0; ++ else ++ return FD_ISSET(n, p) != 0; ++} ++ + void + netsnmp_large_fd_setfd(int fd, netsnmp_large_fd_set * fdset) + { +@@ -87,7 +128,7 @@ netsnmp_large_fd_setfd(int fd, netsnmp_l + while (fd >= (int)fdset->lfs_setsize) + netsnmp_large_fd_set_resize(fdset, 2 * (fdset->lfs_setsize + 1)); + +- FD_SET(fd, fdset->lfs_setptr); ++ LFD_SET(fd, fdset->lfs_setptr); + } + + void +@@ -96,7 +137,7 @@ netsnmp_large_fd_clr(int fd, netsnmp_lar + netsnmp_assert(fd >= 0); + + if ((unsigned)fd < fdset->lfs_setsize) +- FD_CLR(fd, fdset->lfs_setptr); ++ LFD_CLR(fd, fdset->lfs_setptr); + } + + int +@@ -104,7 +145,7 @@ netsnmp_large_fd_is_set(int fd, netsnmp_ + { + netsnmp_assert(fd >= 0); + +- return (unsigned)fd < fdset->lfs_setsize && FD_ISSET(fd, fdset->lfs_setptr); ++ return ((unsigned)fd < fdset->lfs_setsize && LFD_ISSET(fd, fdset->lfs_setptr)); + } + + #endif +@@ -174,22 +215,24 @@ netsnmp_large_fd_set_resize(netsnmp_larg + } + + #if defined(cygwin) || !defined(HAVE_WINSOCK_H) +- { ++ /* ++ * Unix: when enlarging, clear the file descriptors defined in the ++ * resized *fdset but that were not defined in the original *fdset. ++ */ ++ if ( fdset->lfs_setsize == 0 && setsize == FD_SETSIZE ) { ++ /* In this case we can use the OS's FD_ZERO */ ++ FD_ZERO(fdset->lfs_setptr); ++ } else { + int i; +- +- /* +- * Unix: when enlarging, clear the file descriptors defined in the +- * resized *fdset but that were not defined in the original *fdset. +- */ + for (i = fdset->lfs_setsize; i < setsize; i++) +- FD_CLR(i, fdset->lfs_setptr); ++ LFD_CLR(i, fdset->lfs_setptr); + } + #endif + + fdset->lfs_setsize = setsize; + #if !defined(cygwin) && defined(HAVE_WINSOCK_H) +- if (setsize < fdset->lfs_set.fd_count) +- fdset->lfs_set.fd_count = setsize; ++ if (setsize < fdset->lfs_setptr->fd_count) ++ fdset->lfs_setptr->fd_count = setsize; + #endif + success: + return 1; +@@ -197,7 +240,7 @@ success: + out_of_mem: + fdset->lfs_setsize = 0; + #if !defined(cygwin) && defined(HAVE_WINSOCK_H) +- fdset->lfs_set.fd_count = 0; ++ fdset->lfs_setptr->fd_count = 0; + #endif + return 0; + } diff --git a/SOURCES/net-snmp-5.7.2-leak-backport.patch b/SOURCES/net-snmp-5.7.2-leak-backport.patch new file mode 100644 index 0000000..89afb0b --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-leak-backport.patch @@ -0,0 +1,49 @@ +diff -up net-snmp-5.7.2/snmplib/snmp_api.c.original net-snmp-5.7.2/snmplib/snmp_api.c +--- net-snmp-5.7.2/snmplib/snmp_api.c.original 2018-01-12 17:46:47.534166712 +0900 ++++ net-snmp-5.7.2/snmplib/snmp_api.c 2018-01-12 17:48:09.420911255 +0900 +@@ -4974,6 +4974,9 @@ _sess_async_send(void *sessp, + + reqid = pdu->reqid; + ++ if (0 == reqid && (SNMPERR_SUCCESS == session->s_snmp_errno)) ++ ++reqid; ++ + /* + * Add to pending requests list if we expect a response. + */ +diff -up net-snmp-5.7.2/snmplib/snmp_client.c.original net-snmp-5.7.2/snmplib/snmp_client.c +--- net-snmp-5.7.2/snmplib/snmp_client.c.original 2018-01-12 17:48:21.814721234 +0900 ++++ net-snmp-5.7.2/snmplib/snmp_client.c 2018-01-12 18:33:55.779642445 +0900 +@@ -1044,11 +1044,13 @@ snmp_synch_response_cb(netsnmp_session * + ss->callback = pcb; + ss->callback_magic = (void *) state; + +- if ((state->reqid = snmp_send(ss, pdu)) == 0) { ++ if (snmp_send(ss, pdu) == 0) { + snmp_free_pdu(pdu); + state->status = STAT_ERROR; +- } else ++ } else { ++ state->reqid = pdu->reqid; + state->waiting = 1; ++ } + + while (state->waiting) { + numfds = 0; +@@ -1136,11 +1138,13 @@ snmp_sess_synch_response(void *sessp, + ss->callback = snmp_synch_input; + ss->callback_magic = (void *) state; + +- if ((state->reqid = snmp_sess_send(sessp, pdu)) == 0) { ++ if (snmp_sess_send(sessp, pdu) == 0) { + snmp_free_pdu(pdu); + state->status = STAT_ERROR; +- } else ++ } else { ++ state->reqid = pdu->reqid; + state->waiting = 1; ++ } + + while (state->waiting) { + numfds = 0; + diff --git a/SOURCES/net-snmp-5.7.2-man-page.patch b/SOURCES/net-snmp-5.7.2-man-page.patch new file mode 100644 index 0000000..428cea9 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-man-page.patch @@ -0,0 +1,35 @@ +--- net-snmp-5.7.3/man/net-snmp-create-v3-user.1.def 2014-12-08 21:23:22.000000000 +0100 ++++ /tmp/net-snmp-create-v3-user.1.def 2018-01-23 10:22:29.096506633 +0100 +@@ -3,7 +3,7 @@ + net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file + .SH SYNOPSIS + .PP +-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES] ++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES] + .B [username] + .SH DESCRIPTION + .PP +@@ -16,13 +16,16 @@ + displays the net-snmp version number + .TP + \fB\-ro\fR +-create an user with read-only permissions ++creates a user with read-only permissions + .TP +-\fB\-a authpass\fR +-specify authentication password ++\fB\-A authpass\fR ++specifies the authentication password + .TP +-\fB\-x privpass\fR +-specify encryption password ++\fB\-a MD5|SHA\fR ++specifies the authentication password hashing algorithm + .TP +-\fB\-X DES|AES\fR +-specify encryption algorithm ++\fB\-X privpass\fR ++specifies the encryption password ++.TP ++\fB\-x DES|AES\fR ++specifies the encryption algorithm diff --git a/SOURCES/net-snmp-5.7.2-max-msg-size.patch b/SOURCES/net-snmp-5.7.2-max-msg-size.patch new file mode 100644 index 0000000..be08e46 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-max-msg-size.patch @@ -0,0 +1,12 @@ +diff -Npru old/agent/mibgroup/agentx/protocol.c new/agent/mibgroup/agentx/protocol.c +--- old/agent/mibgroup/agentx/protocol.c 2012-10-10 00:28:58.000000000 +0200 ++++ new/agent/mibgroup/agentx/protocol.c 2017-01-16 10:05:24.419201871 +0100 +@@ -1550,7 +1550,7 @@ agentx_parse(netsnmp_session * session, + size_t len) + { + register u_char *bufp = data; +- u_char buffer[SNMP_MAX_MSG_SIZE]; ++ u_char buffer[65535]; + oid oid_buffer[MAX_OID_LEN], end_oid_buf[MAX_OID_LEN]; + size_t buf_len = sizeof(buffer); + size_t oid_buf_len = MAX_OID_LEN; diff --git a/SOURCES/net-snmp-5.7.2-memory.patch b/SOURCES/net-snmp-5.7.2-memory.patch new file mode 100644 index 0000000..d353e70 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-memory.patch @@ -0,0 +1,53 @@ +diff -urNp c/agent/mibgroup/hardware/memory/memory_linux.c d/agent/mibgroup/hardware/memory/memory_linux.c +--- c/agent/mibgroup/hardware/memory/memory_linux.c 2019-04-10 14:07:47.375285001 +0200 ++++ d/agent/mibgroup/hardware/memory/memory_linux.c 2019-04-12 11:39:11.677314245 +0200 +@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache + ssize_t bytes_read; + char *b; + unsigned long memtotal = 0, memfree = 0, memshared = 0, +- buffers = 0, cached = 0, ++ buffers = 0, cached = 0, sreclaimable = 0, + swaptotal = 0, swapfree = 0; + + netsnmp_memory_info *mem; +@@ -126,6 +126,13 @@ int netsnmp_mem_arch_load( netsnmp_cache + if (first) + snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n"); + } ++ b = strstr(buff, "SReclaimable: "); ++ if (b) ++ sscanf(b, "SReclaimable: %lu", &sreclaimable); ++ else { ++ if (first) ++ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n"); ++ } + b = strstr(buff, "SwapFree: "); + if (b) + sscanf(b, "SwapFree: %lu", &swapfree); +@@ -147,7 +154,7 @@ int netsnmp_mem_arch_load( netsnmp_cache + mem->descr = strdup("Physical memory"); + mem->units = 1024; + mem->size = memtotal; +- mem->free = memfree; ++ mem->free = memfree+buffers+cached+sreclaimable; + mem->other = -1; + } + +@@ -159,7 +166,7 @@ int netsnmp_mem_arch_load( netsnmp_cache + mem->descr = strdup("Virtual memory"); + mem->units = 1024; + mem->size = memtotal+swaptotal; +- mem->free = memfree +swapfree; ++ mem->free = memfree+swapfree+buffers+cached+sreclaimable; + mem->other = -1; + } + +@@ -182,7 +189,7 @@ int netsnmp_mem_arch_load( netsnmp_cache + if (!mem->descr) + mem->descr = strdup("Cached memory"); + mem->units = 1024; +- mem->size = cached; ++ mem->size = cached+sreclaimable; + mem->free = 0; /* Report cached size/used as equal */ + mem->other = -1; + } diff --git a/SOURCES/net-snmp-5.7.2-null-magic.patch b/SOURCES/net-snmp-5.7.2-null-magic.patch new file mode 100644 index 0000000..c8c188e --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-null-magic.patch @@ -0,0 +1,23 @@ +diff -urNp e/snmplib/snmp_api.c f/snmplib/snmp_api.c +--- e/snmplib/snmp_api.c 2019-04-17 15:16:22.664807192 +0200 ++++ f/snmplib/snmp_api.c 2019-04-17 15:18:09.162767964 +0200 +@@ -5362,13 +5362,17 @@ _sess_process_packet(void *sessp, netsnm + break; + } else { + /* We're done with retries, so no longer waiting for a response */ +- ((struct synch_state*)magic)->waiting = 0; ++ if (magic) { ++ ((struct synch_state*)magic)->waiting = 0; ++ } + } + } else { + if (SNMPV3_IGNORE_UNAUTH_REPORTS) { + break; + } else { /* Set the state to no longer be waiting, since we're done with retries */ +- ((struct synch_state*)magic)->waiting = 0; ++ if (magic) { ++ ((struct synch_state*)magic)->waiting = 0; ++ } + } + } + diff --git a/SOURCES/net-snmp-5.7.2-pass_common.patch b/SOURCES/net-snmp-5.7.2-pass_common.patch new file mode 100644 index 0000000..006b8e0 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-pass_common.patch @@ -0,0 +1,24 @@ +diff -urNp old/agent/mibgroup/ucd-snmp/pass_common.c new/agent/mibgroup/ucd-snmp/pass_common.c +--- old/agent/mibgroup/ucd-snmp/pass_common.c 2019-04-03 11:09:47.957025775 +0200 ++++ new/agent/mibgroup/ucd-snmp/pass_common.c 2019-04-03 11:27:04.133155491 +0200 +@@ -250,15 +250,15 @@ netsnmp_internal_pass_set_format(char *b + sprintf(buf, "string \"\"\n"); + else if (netsnmp_internal_bin2asc(buf2, var_val_len) == + (int) var_val_len) +- snprintf(buf, sizeof(buf), "string \"%s\"\n", buf2); ++ snprintf(buf, SNMP_MAXBUF, "string \"%s\"\n", buf2); + else +- snprintf(buf, sizeof(buf), "octet \"%s\"\n", buf2); +- buf[ sizeof(buf)-1 ] = 0; ++ snprintf(buf, SNMP_MAXBUF, "octet \"%s\"\n", buf2); ++ buf[ SNMP_MAXBUF-1 ] = 0; + break; + case ASN_OBJECT_ID: + sprint_mib_oid(buf2, (const oid *) var_val, var_val_len/sizeof(oid)); +- snprintf(buf, sizeof(buf), "objectid \"%s\"\n", buf2); +- buf[ sizeof(buf)-1 ] = 0; ++ snprintf(buf, SNMP_MAXBUF, "objectid \"%s\"\n", buf2); ++ buf[ SNMP_MAXBUF-1 ] = 0; + break; + } + } diff --git a/SOURCES/net-snmp-5.7.2-pie.patch b/SOURCES/net-snmp-5.7.2-pie.patch new file mode 100644 index 0000000..ee02001 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-pie.patch @@ -0,0 +1,24 @@ +diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in +--- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200 +@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c + $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? + + snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) +- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} ++ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} + + libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS) + $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@ +diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in +--- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200 +@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX + $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS} + + snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS) +- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS} ++ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS} + + snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS) + $(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS} diff --git a/SOURCES/net-snmp-5.7.2-proxy-getnext.patch b/SOURCES/net-snmp-5.7.2-proxy-getnext.patch new file mode 100644 index 0000000..39012a5 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-proxy-getnext.patch @@ -0,0 +1,16 @@ +1087801 - proxied OIDs unspecified in proxy statement in snmpd.conf + +From RHEL 6 patch. + +diff -up net-snmp-5.7.2/agent/mibgroup/ucd-snmp/proxy.c.test2 net-snmp-5.7.2/agent/mibgroup/ucd-snmp/proxy.c +--- net-snmp-5.7.2/agent/mibgroup/ucd-snmp/proxy.c.test2 2014-04-14 14:24:00.146782548 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/ucd-snmp/proxy.c 2014-04-14 14:24:20.416760913 +0200 +@@ -412,7 +412,7 @@ proxy_handler(netsnmp_mib_handler *handl + if (sp->base_len && + reqinfo->mode == MODE_GETNEXT && + (snmp_oid_compare(ourname, ourlength, +- sp->base, sp->base_len) < 0)) { ++ sp->name, sp->name_len) < 0)) { + DEBUGMSGTL(( "proxy", "request is out of registered range\n")); + /* + * Create GETNEXT request with an OID so the diff --git a/SOURCES/net-snmp-5.7.2-python-addr-size.patch b/SOURCES/net-snmp-5.7.2-python-addr-size.patch new file mode 100644 index 0000000..32cf0fa --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-python-addr-size.patch @@ -0,0 +1,59 @@ +1100099 - net-snmp-python adds zeros to end of IP address (IPADDR type), which is not valid + +commit 1bc799de6cab010b25c0c4d3f5155b5fbaf527f0 +Author: Bart Van Assche +Date: Thu Feb 21 20:05:14 2013 +0100 + + Python bindings: Fix the out-of-bounds write + + See also commit 234158b8e84cc204cbac96e6e9be6959635404b8 + +diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c +index 3eda804..d188e65 100644 +--- a/python/netsnmp/client_intf.c ++++ b/python/netsnmp/client_intf.c +@@ -822,14 +822,18 @@ OCT: + + case TYPE_IPADDR: + vars->type = ASN_IPADDRESS; +- vars->val.integer = (in_addr_t *)malloc(sizeof(in_addr_t)); +- if (val) +- *(vars->val.integer) = inet_addr(val); +- else { +- ret = FAILURE; +- *(vars->val.integer) = 0; ++ { ++ in_addr_t addr; ++ ++ if (val) ++ addr = inet_addr(val); ++ else { ++ ret = FAILURE; ++ addr = 0; ++ } ++ memdup(&vars->val.integer, &addr, sizeof(addr)); ++ vars->val_len = sizeof(addr); + } +- vars->val_len = sizeof(in_addr_t); + break; + + case TYPE_OBJID: +commit d9789f2570452b54112443f3b8a32cf22a4ec783 +Author: Jan Safranek +Date: Fri Feb 27 13:55:07 2015 +0100 + + Fixed compiler warning. + +diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c +index 7fc74dc..db5db75 100644 +--- a/python/netsnmp/client_intf.c ++++ b/python/netsnmp/client_intf.c +@@ -833,7 +833,7 @@ OCT: + ret = FAILURE; + addr = 0; + } +- memdup(&vars->val.integer, &addr, sizeof(addr)); ++ memdup((u_char**) &vars->val.integer, &addr, sizeof(addr)); + vars->val_len = sizeof(addr); + } + break; diff --git a/SOURCES/net-snmp-5.7.2-python-ipaddress-size.patch b/SOURCES/net-snmp-5.7.2-python-ipaddress-size.patch new file mode 100644 index 0000000..51a489f --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-python-ipaddress-size.patch @@ -0,0 +1,23 @@ +895357 - net-snmp-python adds zeros to end of IP address (IPADDR type), which is not valid + +Source: upstream commit 234158b8e84cc204cbac96e6e9be6959635404b8 + + --- a/python/netsnmp/client_intf.c ++++ a/python/netsnmp/client_intf.c +@@ -821,14 +821,14 @@ OCT: + + case TYPE_IPADDR: + vars->type = ASN_IPADDRESS; +- vars->val.integer = (long *)malloc(sizeof(long)); ++ vars->val.integer = (in_addr_t *)malloc(sizeof(in_addr_t)); + if (val) + *(vars->val.integer) = inet_addr(val); + else { + ret = FAILURE; + *(vars->val.integer) = 0; + } +- vars->val_len = sizeof(long); ++ vars->val_len = sizeof(in_addr_t); + break; + + case TYPE_OBJID: diff --git a/SOURCES/net-snmp-5.7.2-response-too-long.patch b/SOURCES/net-snmp-5.7.2-response-too-long.patch new file mode 100644 index 0000000..d8c2025 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-response-too-long.patch @@ -0,0 +1,12 @@ +diff -urNp old/snmplib/snmp_api.c new/snmplib/snmp_api.c +--- old/snmplib/snmp_api.c 2017-01-16 10:11:37.951994525 +0100 ++++ new/snmplib/snmp_api.c 2017-01-16 10:18:42.284631137 +0100 +@@ -4931,7 +4931,7 @@ _sess_async_send(void *sessp, + * specified in the received PDU. + */ + +- if (session->sndMsgMaxSize != 0 && length > session->sndMsgMaxSize) { ++ if (pdu->version == SNMP_VERSION_3 && session->sndMsgMaxSize != 0 && length > session->sndMsgMaxSize) { + DEBUGMSGTL(("sess_async_send", + "length of packet (%lu) exceeds session maximum (%lu)\n", + (unsigned long)length, (unsigned long)session->sndMsgMaxSize)); diff --git a/SOURCES/net-snmp-5.7.2-smux-invalid-headers.patch b/SOURCES/net-snmp-5.7.2-smux-invalid-headers.patch new file mode 100644 index 0000000..cf92569 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-smux-invalid-headers.patch @@ -0,0 +1,25 @@ +1140236 - Segfault when starting snmpd + +commit 95b87c7fe990869f6b4ce62c0b2f0382e47699a5 +Author: Jan Safranek +Date: Thu Feb 19 15:14:10 2015 +0100 + + Add extra check to throw away invalid SMUX messages. + + Otherwise snmpd crashes on NULL pointer dereference. + +diff --git a/agent/mibgroup/smux/smux.c b/agent/mibgroup/smux/smux.c +index fd96710..02d02d2 100644 +--- a/agent/mibgroup/smux/smux.c ++++ b/agent/mibgroup/smux/smux.c +@@ -752,6 +752,10 @@ smux_pdu_process(int fd, u_char * data, size_t length) + while (error == 0 && ptr != NULL && ptr < data + length) { + len = length - (ptr - data); + ptr = asn_parse_header(ptr, &len, &type); ++ if (ptr == NULL) { ++ DEBUGMSGTL(("smux", "[smux_pdu_process] cannot parse header\n")); ++ break; ++ } + DEBUGMSGTL(("smux", "[smux_pdu_process] type is %d\n", + (int) type)); + switch (type) { diff --git a/SOURCES/net-snmp-5.7.2-smux-logging.patch b/SOURCES/net-snmp-5.7.2-smux-logging.patch new file mode 100644 index 0000000..3f88ddc --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-smux-logging.patch @@ -0,0 +1,88 @@ +Bug 1140234 - unexpected messages in log while smux processing +Bug 1189393 - unexpected messages in log while smux processing + +Backported from: + +commit 75d17a242e524e66b6c8214f68dc9920d5bd59df +Author: Jan Safranek +Date: Fri Jan 30 11:29:53 2015 +0100 + + CHANGES: snmpd: Remove some log messages from SMUX processing. + + These messages are not useful to system admin and only makes system log unreadable. Let's move them to debug level. + +diff -up net-snmp-5.7.2/agent/mibgroup/smux/smux.c.smux-logging net-snmp-5.7.2/agent/mibgroup/smux/smux.c +--- net-snmp-5.7.2/agent/mibgroup/smux/smux.c.smux-logging 2015-06-18 10:49:01.165899644 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/smux/smux.c 2015-06-18 10:50:01.650157657 +0200 +@@ -536,8 +536,8 @@ var_smux_write(int action, + + if (buf[0] == SMUX_TRAP) { + DEBUGMSGTL(("smux", "[var_smux_write] Received trap\n")); +- snmp_log(LOG_INFO, "Got trap from peer on fd %d\n", +- rptr->sr_fd); ++ DEBUGMSGTL(("smux", "Got trap from peer on fd %d\n", ++ rptr->sr_fd)); + ptr = asn_parse_header(buf, &len, &type); + smux_trap_process(ptr, &len); + +@@ -646,9 +646,9 @@ smux_accept(int sd) + snmp_log_perror("[smux_accept] accept failed"); + return -1; + } else { +- snmp_log(LOG_INFO, "[smux_accept] accepted fd %d from %s:%d\n", ++ DEBUGMSGTL(("smux", "[smux_accept] accepted fd %d from %s:%d\n", + fd, inet_ntoa(in_socket.sin_addr), +- ntohs(in_socket.sin_port)); ++ ntohs(in_socket.sin_port))); + if (npeers + 1 == SMUXMAXPEERS) { + snmp_log(LOG_ERR, + "[smux_accept] denied peer on fd %d, limit %d reached", +@@ -747,7 +747,8 @@ smux_process(int fd) + + if (length <= 0) + { +- snmp_log_perror("[smux_process] peek failed"); ++ if (length < 0) ++ snmp_log_perror("[smux_process] peek failed"); + smux_peer_cleanup(fd); + return -1; + } +@@ -837,7 +838,7 @@ smux_pdu_process(int fd, u_char * data, + DEBUGMSGTL(("smux", "This shouldn't have happened!\n")); + break; + case SMUX_TRAP: +- snmp_log(LOG_INFO, "Got trap from peer on fd %d\n", fd); ++ DEBUGMSGTL(("smux", "Got trap from peer on fd %d\n", fd)); + if (ptr) + { + DEBUGMSGTL(("smux", "[smux_pdu_process] call smux_trap_process.\n")); +@@ -943,9 +944,9 @@ smux_open_process(int fd, u_char * ptr, + *fail = TRUE; + return ptr; + } +- snmp_log(LOG_INFO, ++ DEBUGMSGTL(("smux", + "accepted smux peer: oid %s, descr %s\n", +- oid_print, descr); ++ oid_print, descr)); + *fail = FALSE; + return ptr; + } +@@ -1538,7 +1539,7 @@ smux_snmp_process(int exact, + + if (result[0] == SMUX_TRAP) { + DEBUGMSGTL(("smux", "[smux_snmp_process] Received trap\n")); +- snmp_log(LOG_INFO, "Got trap from peer on fd %d\n", sd); ++ DEBUGMSGTL(("smux", "Got trap from peer on fd %d\n", sd)); + ptr = asn_parse_header(result, (size_t *) &length, &type); + smux_trap_process(ptr, (size_t *) &length); + +@@ -1906,7 +1907,7 @@ smux_peer_cleanup(int sd) + Auths[i]->sa_active_fd = -1; + snprint_objid(oid_name, sizeof(oid_name), Auths[i]->sa_oid, + Auths[i]->sa_oid_len); +- snmp_log(LOG_INFO, "peer disconnected: %s\n", oid_name); ++ DEBUGMSGTL(("smux", "peer disconnected: %s\n", oid_name)); + } + } + } diff --git a/SOURCES/net-snmp-5.7.2-snmpd-log-once.patch b/SOURCES/net-snmp-5.7.2-snmpd-log-once.patch new file mode 100644 index 0000000..5825124 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-snmpd-log-once.patch @@ -0,0 +1,21 @@ +diff -urNp O/agent/mibgroup/hardware/fsys/fsys_mntctl.c N/agent/mibgroup/hardware/fsys/fsys_mntctl.c +--- O/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2019-03-18 12:22:21.655280129 +0100 ++++ N/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2019-03-18 12:24:38.481898394 +0100 +@@ -89,7 +89,6 @@ netsnmp_fsys_arch_load( void ) + char *path; + struct statfs stat_buf; + netsnmp_fsys_info *entry; +- char tmpbuf[1024]; + + /* + * Retrieve information about the currently mounted filesystems... +@@ -163,8 +162,7 @@ netsnmp_fsys_arch_load( void ) + continue; + + if ( statfs( entry->path, &stat_buf ) < 0 ) { +- snprintf( tmpbuf, sizeof(tmpbuf), "Cannot statfs %s\n", entry->path ); +- snmp_log_perror( tmpbuf ); ++ NETSNMP_LOGONCE(( LOG_ERROR, "Cannot statfs %s\n", entry->path )); + continue; + } + entry->units = stat_buf.f_bsize; diff --git a/SOURCES/net-snmp-5.7.2-soname.patch b/SOURCES/net-snmp-5.7.2-soname.patch new file mode 100644 index 0000000..8530a5c --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-soname.patch @@ -0,0 +1,16 @@ +969061 - net-snmpd crash on time out + +We need to bump soname because net-snmp-5.7.2-agentx-disconnect-crash.patch +changes ABI (sizeof(netsnmp_agent_session)). +diff -up net-snmp-5.7.2/Makefile.top.tst net-snmp-5.7.2/Makefile.top +--- net-snmp-5.7.2/Makefile.top.tst 2013-07-12 13:54:36.646160556 +0200 ++++ net-snmp-5.7.2/Makefile.top 2013-07-12 13:54:40.678146522 +0200 +@@ -79,7 +79,7 @@ LINKCC = @LINKCC@ + # 5.3 was at 10, 5.4 is at 15, ... This leaves some room for needed + # changes for past releases if absolutely necessary. + # +-LIBCURRENT = 30 ++LIBCURRENT = 31 + LIBAGE = 0 + LIBREVISION = 2 + diff --git a/SOURCES/net-snmp-5.7.2-strstr.patch b/SOURCES/net-snmp-5.7.2-strstr.patch new file mode 100644 index 0000000..82c4c57 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-strstr.patch @@ -0,0 +1,13 @@ +diff -urNp old/agent/mibgroup/host/data_access/swinst_rpm.c new/agent/mibgroup/host/data_access/swinst_rpm.c +--- old/agent/mibgroup/host/data_access/swinst_rpm.c 2012-10-10 00:28:58.000000000 +0200 ++++ new/agent/mibgroup/host/data_access/swinst_rpm.c 2017-03-23 13:39:44.695386498 +0100 +@@ -129,7 +129,7 @@ netsnmp_swinst_arch_load( netsnmp_contai + "%s-%s-%s", n, v, r); + if (entry->swName_len > sizeof(entry->swName)) + entry->swName_len = sizeof(entry->swName); +- entry->swType = (NULL != strstr( g, "System Environment")) ++ entry->swType = (g != NULL && NULL != strstr( g, "System Environment")) + ? 2 /* operatingSystem */ + : 4; /* application */ + + diff --git a/SOURCES/net-snmp-5.7.2-systemd.patch b/SOURCES/net-snmp-5.7.2-systemd.patch new file mode 100644 index 0000000..b349097 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-systemd.patch @@ -0,0 +1,1653 @@ +718183 - Provide native systemd unit file + +Gathered from following upstream git commits and backported to 5.7. + +commit 19499c3c90bf9d7b2b9e5d08baa26cc6bba28a11 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + CHANGES: snmpd: integrated with systemd, see README.systemd for details. + + It brings sd-daemon.c and .h directly downloaded from systemd. I've made very + few changes to it to match our NETSNMP_NO_SYSTEMD and include paths. + +commit fef6cddfdb94da1a6b1fb768af62918b80f11fd3 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + CHANGES: snmptrapd: integrate systemd notification support. + +commit 0641e43c694c485cbbffef0556efc4641bd3ff50 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + Add sd_find_inet_socket() and sd_find_inet_unisx() helpers into + system-specific code. This will help us to find various sockets + created by systemd much easier. + +commit 76530a89f1c8bbd0b63acce63e10d5d4812a1a16 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + Check sockets created by systemd when opening new server sockets. + + systemd can pass sockets to our daemons during startup using LISTEN_FDS + environment variable. So check this variable when opening new listening + socket - maybe system has already opened the socket for us. + +commit bf108d7f1354f6276fc43c129963f2c49b9fc242 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + Added sample systemd service files. + +commit 884ec488a6596380ba283d707827dd926a52e0b2 +Author: Jan Safranek +Date: Mon Aug 8 15:48:55 2011 +0200 + + Run autoheader+autoconf. + +commit 86132e3f1e6ef7b4e0b96d8fa24e37c81b71b0e0 +Author: Jan Safranek +Date: Tue Aug 9 10:53:43 2011 +0200 + + Update systemd documentation and samples. + + - add socket unit for snmpd to paralelize boot + - update WantedBy in socket units as recommended by http://0pointer.de/blog/projects/socket-activation.html + - rephrase README.systemd + + +diff -up net-snmp-5.7.2/agent/snmpd.c.systemd net-snmp-5.7.2/agent/snmpd.c +--- net-snmp-5.7.2/agent/snmpd.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/snmpd.c 2012-11-12 10:18:46.084369548 +0100 +@@ -164,6 +164,10 @@ typedef long fd_mask; + + #endif + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + netsnmp_feature_want(logging_file) + netsnmp_feature_want(logging_stdio) + netsnmp_feature_want(logging_syslog) +@@ -441,18 +445,26 @@ main(int argc, char *argv[]) + int agent_mode = -1; + char *pid_file = NULL; + char option_compatability[] = "-Le"; ++ int prepared_sockets = 0; + #if HAVE_GETPID + int fd; + FILE *PID; + #endif + + #ifndef WIN32 ++#ifndef NETSNMP_NO_SYSYSTEMD ++ /* check if systemd has sockets for us and don't close them */ ++ prepared_sockets = netsnmp_sd_listen_fds(0); ++#endif /* NETSNMP_NO_SYSYSTEMD */ ++ + /* + * close all non-standard file descriptors we may have + * inherited from the shell. + */ +- for (i = getdtablesize() - 1; i > 2; --i) { +- (void) close(i); ++ if (!prepared_sockets) { ++ for (i = getdtablesize() - 1; i > 2; --i) { ++ (void) close(i); ++ } + } + #endif /* #WIN32 */ + +@@ -1100,6 +1112,19 @@ main(int argc, char *argv[]) + netsnmp_addrcache_initialise(); + + /* ++ * Let systemd know we're up. ++ */ ++#ifndef NETSNMP_NO_SYSTEMD ++ netsnmp_sd_notify(1, "READY=1\n"); ++ if (prepared_sockets) ++ /* ++ * Clear the environment variable, we already processed all the sockets ++ * by now. ++ */ ++ netsnmp_sd_listen_fds(1); ++#endif ++ ++ /* + * Forever monitor the dest_port for incoming PDUs. + */ + DEBUGMSGTL(("snmpd/main", "We're up. Starting to process data.\n")); +diff -up net-snmp-5.7.2/apps/snmptrapd.c.systemd net-snmp-5.7.2/apps/snmptrapd.c +--- net-snmp-5.7.2/apps/snmptrapd.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/apps/snmptrapd.c 2012-11-12 10:18:46.084369548 +0100 +@@ -125,6 +125,10 @@ SOFTWARE. + + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #ifndef BSD4_3 + #define BSD4_2 + #endif +@@ -655,15 +659,22 @@ main(int argc, char *argv[]) + int agentx_subagent = 1; + #endif + netsnmp_trapd_handler *traph; ++ int prepared_sockets = 0; + + + #ifndef WIN32 ++#ifndef NETSNMP_NO_SYSTEMD ++ /* check if systemd has sockets for us and don't close them */ ++ prepared_sockets = netsnmp_sd_listen_fds(0); ++#endif + /* + * close all non-standard file descriptors we may have + * inherited from the shell. + */ +- for (i = getdtablesize() - 1; i > 2; --i) { +- (void) close(i); ++ if (!prepared_sockets) { ++ for (i = getdtablesize() - 1; i > 2; --i) { ++ (void) close(i); ++ } + } + #endif /* #WIN32 */ + +@@ -1311,6 +1322,19 @@ main(int argc, char *argv[]) + #endif + #endif + ++ /* ++ * Let systemd know we're up. ++ */ ++#ifndef NETSNMP_NO_SYSTEMD ++ netsnmp_sd_notify(1, "READY=1\n"); ++ if (prepared_sockets) ++ /* ++ * Clear the environment variable, we already processed all the sockets ++ * by now. ++ */ ++ netsnmp_sd_listen_fds(1); ++#endif ++ + #ifdef WIN32SERVICE + trapd_status = SNMPTRAPD_RUNNING; + #endif +diff -up net-snmp-5.7.2/configure.d/config_modules_lib.systemd net-snmp-5.7.2/configure.d/config_modules_lib +--- net-snmp-5.7.2/configure.d/config_modules_lib.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/configure.d/config_modules_lib 2012-11-12 10:18:46.085369546 +0100 +@@ -53,6 +53,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32" + other_ftobjs_list="$other_ftobjs_list winpipe.ft" + fi + ++# Linux systemd ++if test "x$with_systemd" == "xyes"; then ++ other_src_list="$other_src_list sd-daemon.c" ++ other_objs_list="$other_objs_list sd-daemon.o" ++ other_lobjs_list="$other_lobjs_list sd-daemon.lo" ++ other_ftobjs_list="$other_ftobjs_list sd-daemon.ft" ++fi ++ + AC_SUBST(other_src_list) + AC_SUBST(other_objs_list) + AC_SUBST(other_lobjs_list) +diff -up net-snmp-5.7.2/configure.d/config_project_with_enable.systemd net-snmp-5.7.2/configure.d/config_project_with_enable +--- net-snmp-5.7.2/configure.d/config_project_with_enable.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/configure.d/config_project_with_enable 2012-11-12 10:18:46.086369544 +0100 +@@ -690,6 +690,15 @@ if test "x$with_dummy_values" != "xyes"; + data for]) + fi + ++NETSNMP_ARG_WITH(systemd, ++[ --with-systemd Provide systemd support. See README.systemd ++ for details.]) ++# Define unless specifically suppressed (i.e., option defaults to false). ++if test "x$with_systemd" != "xyes"; then ++ AC_DEFINE(NETSNMP_NO_SYSTEMD, 1, ++ [If you don't want to integrate with systemd.]) ++fi ++ + NETSNMP_ARG_ENABLE(set-support, + [ --disable-set-support Do not allow SNMP set requests.]) + if test "x$enable_set_support" = "xno"; then +diff -up net-snmp-5.7.2/configure.systemd net-snmp-5.7.2/configure +--- net-snmp-5.7.2/configure.systemd 2012-10-10 00:35:37.000000000 +0200 ++++ net-snmp-5.7.2/configure 2012-11-12 10:18:46.099369517 +0100 +@@ -950,6 +950,8 @@ with_kmem_usage + enable_kmem_usage + with_dummy_values + enable_dummy_values ++with_systemd ++enable_systemd + enable_set_support + with_set_support + with_sys_contact +@@ -1866,6 +1868,8 @@ Configuring the agent: + This is technically not compliant with the + SNMP specifications, but was how the agent + operated for versions < 4.0. ++ --with-systemd Provide systemd support. See README.systemd ++ for details. + --with-sys-contact="who@where" Default system contact. + (Default: LOGIN@DOMAINNAME) + --with-sys-location="location" Default system location. +@@ -4397,6 +4401,24 @@ $as_echo "#define NETSNMP_NO_DUMMY_VALUE + + fi + ++ ++# Check whether --with-systemd was given. ++if test "${with_systemd+set}" = set; then : ++ withval=$with_systemd; ++fi ++ ++ # Check whether --enable-systemd was given. ++if test "${enable_systemd+set}" = set; then : ++ enableval=$enable_systemd; as_fn_error $? "Invalid option. Use --with-systemd/--without-systemd instead" "$LINENO" 5 ++fi ++ ++# Define unless specifically suppressed (i.e., option defaults to false). ++if test "x$with_systemd" != "xyes"; then ++ ++$as_echo "#define NETSNMP_NO_SYSTEMD 1" >>confdefs.h ++ ++fi ++ + # Check whether --enable-set-support was given. + if test "${enable_set_support+set}" = set; then : + enableval=$enable_set_support; +@@ -18239,6 +18261,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32" + other_ftobjs_list="$other_ftobjs_list winpipe.ft" + fi + ++# Linux systemd ++if test "x$with_systemd" == "xyes"; then ++ other_src_list="$other_src_list sd-daemon.c" ++ other_objs_list="$other_objs_list sd-daemon.o" ++ other_lobjs_list="$other_lobjs_list sd-daemon.lo" ++ other_ftobjs_list="$other_ftobjs_list sd-daemon.ft" ++fi ++ + + + +diff -up net-snmp-5.7.2/dist/snmpd.service.systemd net-snmp-5.7.2/dist/snmpd.service +--- net-snmp-5.7.2/dist/snmpd.service.systemd 2012-11-12 10:18:46.104369507 +0100 ++++ net-snmp-5.7.2/dist/snmpd.service 2012-11-12 10:18:46.104369507 +0100 +@@ -0,0 +1,18 @@ ++# ++# SNMP agent service file for systemd ++# ++# ++# The service should be enabled, i.e. snmpd should start during machine boot. ++# Socket activation shall not be used. See README.systemd for details. ++ ++[Unit] ++Description=Simple Network Management Protocol (SNMP) daemon. ++After=syslog.target network.target ++ ++[Service] ++# Type=notify is also supported. It should be set when snmpd.socket is not used. ++Type=simple ++ExecStart=/usr/sbin/snmpd -f ++ ++[Install] ++WantedBy=multi-user.target +diff -up net-snmp-5.7.2/dist/snmpd.socket.systemd net-snmp-5.7.2/dist/snmpd.socket +--- net-snmp-5.7.2/dist/snmpd.socket.systemd 2012-11-12 10:18:46.104369507 +0100 ++++ net-snmp-5.7.2/dist/snmpd.socket 2012-11-12 10:18:46.104369507 +0100 +@@ -0,0 +1,17 @@ ++[Unit] ++Description=Socket listening for SNMP and AgentX messages ++ ++[Socket] ++ListenDatagram=0.0.0.0:161 ++# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. ++# It must match listening addresses/ports defined in snmpd.service ++# or snmpd.conf. ++# ListenStream=0.0.0.0:161 ++# ListenDatagram=[::]:161 ++# ListenStream=[::]:161 ++# ++# Uncomment AgentX socket if snmpd.conf enables AgentX protocol. ++# ListenStream=/var/agentx/master ++ ++[Install] ++WantedBy=sockets.target +diff -up net-snmp-5.7.2/dist/snmptrapd.service.systemd net-snmp-5.7.2/dist/snmptrapd.service +--- net-snmp-5.7.2/dist/snmptrapd.service.systemd 2012-11-12 10:18:46.105369505 +0100 ++++ net-snmp-5.7.2/dist/snmptrapd.service 2012-11-12 10:18:46.105369505 +0100 +@@ -0,0 +1,16 @@ ++# ++# SNMP trap-processing service file for systemd ++# ++ ++[Unit] ++Description=Simple Network Management Protocol (SNMP) Trap daemon. ++After=syslog.target network.target ++ ++[Service] ++# Type=notify is also supported. It should be set when snmptrapd.socket is not ++# used. ++Type=simple ++ExecStart=/usr/sbin/snmptrapd -f ++ ++[Install] ++WantedBy=multi-user.target +diff -up net-snmp-5.7.2/dist/snmptrapd.socket.systemd net-snmp-5.7.2/dist/snmptrapd.socket +--- net-snmp-5.7.2/dist/snmptrapd.socket.systemd 2012-11-12 10:18:46.105369505 +0100 ++++ net-snmp-5.7.2/dist/snmptrapd.socket 2012-11-12 10:18:46.105369505 +0100 +@@ -0,0 +1,14 @@ ++[Unit] ++Description=Socket listening for SNMP trap messages ++ ++[Socket] ++ListenDatagram=0.0.0.0:162 ++# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. ++# It must match listening addresses/ports defined in snmptrapd.service ++# or snmptrapd.conf. ++# ListenStream=0.0.0.0:162 ++# ListenDatagram=[::]:162 ++# ListenStream=[::]:162 ++ ++[Install] ++WantedBy=sockets.target +diff -up net-snmp-5.7.2/include/net-snmp/library/sd-daemon.h.systemd net-snmp-5.7.2/include/net-snmp/library/sd-daemon.h +--- net-snmp-5.7.2/include/net-snmp/library/sd-daemon.h.systemd 2012-11-12 10:18:46.106369503 +0100 ++++ net-snmp-5.7.2/include/net-snmp/library/sd-daemon.h 2012-11-12 10:18:46.106369503 +0100 +@@ -0,0 +1,286 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++#ifndef SNMPD_SD_DAEMON_H ++#define SNMPD_SD_DAEMON_H ++ ++/*** ++ Copyright 2010 Lennart Poettering ++ ++ Permission is hereby granted, free of charge, to any person ++ obtaining a copy of this software and associated documentation files ++ (the "Software"), to deal in the Software without restriction, ++ including without limitation the rights to use, copy, modify, merge, ++ publish, distribute, sublicense, and/or sell copies of the Software, ++ and to permit persons to whom the Software is furnished to do so, ++ subject to the following conditions: ++ ++ The above copyright notice and this permission notice shall be ++ included in all copies or substantial portions of the Software. ++ ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS ++ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ++ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE. ++***/ ++ ++#include ++#include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* ++ Reference implementation of a few systemd related interfaces for ++ writing daemons. These interfaces are trivial to implement. To ++ simplify porting we provide this reference implementation. ++ Applications are welcome to reimplement the algorithms described ++ here if they do not want to include these two source files. ++ ++ The following functionality is provided: ++ ++ - Support for logging with log levels on stderr ++ - File descriptor passing for socket-based activation ++ - Daemon startup and status notification ++ - Detection of systemd boots ++ ++ You may compile this with -DDISABLE_SYSTEMD to disable systemd ++ support. This makes all those calls NOPs that are directly related to ++ systemd (i.e. only sd_is_xxx() will stay useful). ++ ++ Since this is drop-in code we don't want any of our symbols to be ++ exported in any case. Hence we declare hidden visibility for all of ++ them. ++ ++ You may find an up-to-date version of these source files online: ++ ++ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h ++ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c ++ ++ This should compile on non-Linux systems, too, but with the ++ exception of the sd_is_xxx() calls all functions will become NOPs. ++ ++ See sd-daemon(7) for more information. ++*/ ++ ++#ifndef _sd_printf_attr_ ++#if __GNUC__ >= 4 ++#define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b))) ++#else ++#define _sd_printf_attr_(a,b) ++#endif ++#endif ++ ++/* ++ Log levels for usage on stderr: ++ ++ fprintf(stderr, SD_NOTICE "Hello World!\n"); ++ ++ This is similar to printk() usage in the kernel. ++*/ ++#define SD_EMERG "<0>" /* system is unusable */ ++#define SD_ALERT "<1>" /* action must be taken immediately */ ++#define SD_CRIT "<2>" /* critical conditions */ ++#define SD_ERR "<3>" /* error conditions */ ++#define SD_WARNING "<4>" /* warning conditions */ ++#define SD_NOTICE "<5>" /* normal but significant condition */ ++#define SD_INFO "<6>" /* informational */ ++#define SD_DEBUG "<7>" /* debug-level messages */ ++ ++/* The first passed file descriptor is fd 3 */ ++#define SD_LISTEN_FDS_START 3 ++ ++/* ++ Returns how many file descriptors have been passed, or a negative ++ errno code on failure. Optionally, removes the $LISTEN_FDS and ++ $LISTEN_PID file descriptors from the environment (recommended, but ++ problematic in threaded environments). If r is the return value of ++ this function you'll find the file descriptors passed as fds ++ SD_LISTEN_FDS_START to SD_LISTEN_FDS_START+r-1. Returns a negative ++ errno style error code on failure. This function call ensures that ++ the FD_CLOEXEC flag is set for the passed file descriptors, to make ++ sure they are not passed on to child processes. If FD_CLOEXEC shall ++ not be set, the caller needs to unset it after this call for all file ++ descriptors that are used. ++ ++ See sd_listen_fds(3) for more information. ++*/ ++int netsnmp_sd_listen_fds(int unset_environment); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is a FIFO in the file system stored under the ++ specified path, 0 otherwise. If path is NULL a path name check will ++ not be done and the call only verifies if the file descriptor ++ refers to a FIFO. Returns a negative errno style error code on ++ failure. ++ ++ See sd_is_fifo(3) for more information. ++*/ ++int netsnmp_sd_is_fifo(int fd, const char *path); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is a special character device on the file ++ system stored under the specified path, 0 otherwise. ++ If path is NULL a path name check will not be done and the call ++ only verifies if the file descriptor refers to a special character. ++ Returns a negative errno style error code on failure. ++ ++ See sd_is_special(3) for more information. ++*/ ++int netsnmp_sd_is_special(int fd, const char *path); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is a socket of the specified family (AF_INET, ++ ...) and type (SOCK_DGRAM, SOCK_STREAM, ...), 0 otherwise. If ++ family is 0 a socket family check will not be done. If type is 0 a ++ socket type check will not be done and the call only verifies if ++ the file descriptor refers to a socket. If listening is > 0 it is ++ verified that the socket is in listening mode. (i.e. listen() has ++ been called) If listening is == 0 it is verified that the socket is ++ not in listening mode. If listening is < 0 no listening mode check ++ is done. Returns a negative errno style error code on failure. ++ ++ See sd_is_socket(3) for more information. ++*/ ++int netsnmp_sd_is_socket(int fd, int family, int type, int listening); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is an Internet socket, of the specified family ++ (either AF_INET or AF_INET6) and the specified type (SOCK_DGRAM, ++ SOCK_STREAM, ...), 0 otherwise. If version is 0 a protocol version ++ check is not done. If type is 0 a socket type check will not be ++ done. If port is 0 a socket port check will not be done. The ++ listening flag is used the same way as in sd_is_socket(). Returns a ++ negative errno style error code on failure. ++ ++ See sd_is_socket_inet(3) for more information. ++*/ ++int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is an AF_UNIX socket of the specified type ++ (SOCK_DGRAM, SOCK_STREAM, ...) and path, 0 otherwise. If type is 0 ++ a socket type check will not be done. If path is NULL a socket path ++ check will not be done. For normal AF_UNIX sockets set length to ++ 0. For abstract namespace sockets set length to the length of the ++ socket name (including the initial 0 byte), and pass the full ++ socket path in path (including the initial 0 byte). The listening ++ flag is used the same way as in sd_is_socket(). Returns a negative ++ errno style error code on failure. ++ ++ See sd_is_socket_unix(3) for more information. ++*/ ++int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length); ++ ++/* ++ Informs systemd about changed daemon state. This takes a number of ++ newline separated environment-style variable assignments in a ++ string. The following variables are known: ++ ++ READY=1 Tells systemd that daemon startup is finished (only ++ relevant for services of Type=notify). The passed ++ argument is a boolean "1" or "0". Since there is ++ little value in signaling non-readiness the only ++ value daemons should send is "READY=1". ++ ++ STATUS=... Passes a single-line status string back to systemd ++ that describes the daemon state. This is free-from ++ and can be used for various purposes: general state ++ feedback, fsck-like programs could pass completion ++ percentages and failing programs could pass a human ++ readable error message. Example: "STATUS=Completed ++ 66% of file system check..." ++ ++ ERRNO=... If a daemon fails, the errno-style error code, ++ formatted as string. Example: "ERRNO=2" for ENOENT. ++ ++ BUSERROR=... If a daemon fails, the D-Bus error-style error ++ code. Example: "BUSERROR=org.freedesktop.DBus.Error.TimedOut" ++ ++ MAINPID=... The main pid of a daemon, in case systemd did not ++ fork off the process itself. Example: "MAINPID=4711" ++ ++ Daemons can choose to send additional variables. However, it is ++ recommended to prefix variable names not listed above with X_. ++ ++ Returns a negative errno-style error code on failure. Returns > 0 ++ if systemd could be notified, 0 if it couldn't possibly because ++ systemd is not running. ++ ++ Example: When a daemon finished starting up, it could issue this ++ call to notify systemd about it: ++ ++ sd_notify(0, "READY=1"); ++ ++ See sd_notifyf() for more complete examples. ++ ++ See sd_notify(3) for more information. ++*/ ++int netsnmp_sd_notify(int unset_environment, const char *state); ++ ++/* ++ Similar to sd_notify() but takes a format string. ++ ++ Example 1: A daemon could send the following after initialization: ++ ++ sd_notifyf(0, "READY=1\n" ++ "STATUS=Processing requests...\n" ++ "MAINPID=%lu", ++ (unsigned long) getpid()); ++ ++ Example 2: A daemon could send the following shortly before ++ exiting, on failure: ++ ++ sd_notifyf(0, "STATUS=Failed to start up: %s\n" ++ "ERRNO=%i", ++ strerror(errno), ++ errno); ++ ++ See sd_notifyf(3) for more information. ++*/ ++int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3); ++ ++/* ++ Returns > 0 if the system was booted with systemd. Returns < 0 on ++ error. Returns 0 if the system was not booted with systemd. Note ++ that all of the functions above handle non-systemd boots just ++ fine. You should NOT protect them with a call to this function. Also ++ note that this function checks whether the system, not the user ++ session is controlled by systemd. However the functions above work ++ for both user and system services. ++ ++ See sd_booted(3) for more information. ++*/ ++int netsnmp_sd_booted(void); ++ ++/** ++ * Find an socket with given parameters. See man sd_is_socket_inet for ++ * description of the arguments. ++ * ++ * Returns the file descriptor if it is found, 0 otherwise. ++ */ ++int netsnmp_sd_find_inet_socket(int family, int type, int listening, int port); ++ ++/** ++ * Find an unix socket with given parameters. See man sd_is_socket_unix for ++ * description of the arguments. ++ * ++ * Returns the file descriptor if it is found, 0 otherwise. ++ */ ++int ++netsnmp_sd_find_unix_socket(int type, int listening, const char *path); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* SNMPD_SD_DAEMON_H */ +diff -up net-snmp-5.7.2/include/net-snmp/net-snmp-config.h.in.systemd net-snmp-5.7.2/include/net-snmp/net-snmp-config.h.in +--- net-snmp-5.7.2/include/net-snmp/net-snmp-config.h.in.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/include/net-snmp/net-snmp-config.h.in 2012-11-12 10:18:46.107369501 +0100 +@@ -1389,6 +1389,9 @@ + /* If you don't have root access don't exit upon kmem errors */ + #undef NETSNMP_NO_ROOT_ACCESS + ++/* If you don't want to integrate with systemd. */ ++#undef NETSNMP_NO_SYSTEMD ++ + /* Define if you want to remove all SET/write access from the code */ + #undef NETSNMP_NO_WRITE_SUPPORT + +diff -up net-snmp-5.7.2/README.systemd.systemd net-snmp-5.7.2/README.systemd +--- net-snmp-5.7.2/README.systemd.systemd 2012-11-12 10:18:46.108369499 +0100 ++++ net-snmp-5.7.2/README.systemd 2012-11-12 10:18:46.108369499 +0100 +@@ -0,0 +1,41 @@ ++README.systemd ++-------------- ++Net-SNMP provides two daemons, which support systemd system manager. ++See http://www.freedesktop.org/wiki/Software/systemd to learn how ++systemd works. Both socket activation and notification is supported by these ++daemons. ++ ++To enable systemd support, the sources must be compiled with ++--with-systemd configure option. ++ ++snmpd - The SNMP agent ++---------------------- ++Socket activation od snmpd daemon is implemented, but it's discouraged. ++The reason is simple - snmpd not only listens and processes SNMP requests ++from network, but also gathers system statistics counters, sends traps and ++communicates with subagents. It even opens few netlink sockets. ++ ++In other words, snmpd should run from system start to properly work. ++This can be done in two ways: ++1) either as snmpd service unit with 'Type=notification' and without a socket ++ unit ++2) or as snmpd service unit with 'Type=simple', appropriate socket socket unit ++ and the snmpd service enabled. This way systemd creates the snmpd listening ++ socket early during boot and passes the sockets to snmpd slightly later ++ (but still during machine boot). This way systemd can paralelize start of ++ services, which depend on snmpd. Admins must adjust the socket file manually, ++ depending if the snmpd support AgentX, IPv6, SMUX etc. ++ ++snmpd should be started with '-f' command line parameter to disable forking - ++systemd does that for us automatically. ++ ++ ++snmptrapd - The trap processing daemon ++-------------------------------------- ++snmptrapd supports full socket activation and also notification (if needed). ++Both 'Type=simple' (with appropriate socket unit) and 'Type=notify' services ++will work. Again, '-f' parameter should be provided on snmptrapd command line. ++ ++If integration with SNMP agent using AgentX protocol is enabled, snmptrapd should ++start during boot and not after first SNMP trap arrives. Same rules as for snmpd ++applies then. +\ No newline at end of file +diff -up net-snmp-5.7.2/snmplib/sd-daemon.c.systemd net-snmp-5.7.2/snmplib/sd-daemon.c +--- net-snmp-5.7.2/snmplib/sd-daemon.c.systemd 2012-11-12 10:18:46.109369497 +0100 ++++ net-snmp-5.7.2/snmplib/sd-daemon.c 2012-11-12 10:18:46.109369497 +0100 +@@ -0,0 +1,532 @@ ++/* ++ * Systemd integration parts. ++ * ++ * Most of this file is directly copied from systemd sources. ++ * Changes: ++ * - all functions were renamed to have netsnmp_ prefix ++ * - includes were changed to match Net-SNMP style. ++ * - removed gcc export macros ++ * - removed POSIX message queues ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#ifndef NETSNMP_NO_SYSTEMD ++ ++/*** ++ Copyright 2010 Lennart Poettering ++ ++ Permission is hereby granted, free of charge, to any person ++ obtaining a copy of this software and associated documentation files ++ (the "Software"), to deal in the Software without restriction, ++ including without limitation the rights to use, copy, modify, merge, ++ publish, distribute, sublicense, and/or sell copies of the Software, ++ and to permit persons to whom the Software is furnished to do so, ++ subject to the following conditions: ++ ++ The above copyright notice and this permission notice shall be ++ included in all copies or substantial portions of the Software. ++ ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS ++ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ++ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE. ++***/ ++ ++#ifndef _GNU_SOURCE ++#define _GNU_SOURCE ++#endif ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++ ++int netsnmp_sd_listen_fds(int unset_environment) { ++ ++ int r, fd; ++ const char *e; ++ char *p = NULL; ++ unsigned long l; ++ ++ if (!(e = getenv("LISTEN_PID"))) { ++ r = 0; ++ goto finish; ++ } ++ ++ errno = 0; ++ l = strtoul(e, &p, 10); ++ ++ if (errno != 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (!p || *p || l <= 0) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ /* Is this for us? */ ++ if (getpid() != (pid_t) l) { ++ r = 0; ++ goto finish; ++ } ++ ++ if (!(e = getenv("LISTEN_FDS"))) { ++ r = 0; ++ goto finish; ++ } ++ ++ errno = 0; ++ l = strtoul(e, &p, 10); ++ ++ if (errno != 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (!p || *p) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) { ++ int flags; ++ ++ if ((flags = fcntl(fd, F_GETFD)) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (flags & FD_CLOEXEC) ++ continue; ++ ++ if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ } ++ ++ r = (int) l; ++ ++finish: ++ if (unset_environment) { ++ unsetenv("LISTEN_PID"); ++ unsetenv("LISTEN_FDS"); ++ } ++ ++ return r; ++} ++ ++int netsnmp_sd_is_fifo(int fd, const char *path) { ++ struct stat st_fd; ++ ++ if (fd < 0) ++ return -EINVAL; ++ ++ memset(&st_fd, 0, sizeof(st_fd)); ++ if (fstat(fd, &st_fd) < 0) ++ return -errno; ++ ++ if (!S_ISFIFO(st_fd.st_mode)) ++ return 0; ++ ++ if (path) { ++ struct stat st_path; ++ ++ memset(&st_path, 0, sizeof(st_path)); ++ if (stat(path, &st_path) < 0) { ++ ++ if (errno == ENOENT || errno == ENOTDIR) ++ return 0; ++ ++ return -errno; ++ } ++ ++ return ++ st_path.st_dev == st_fd.st_dev && ++ st_path.st_ino == st_fd.st_ino; ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_is_special(int fd, const char *path) { ++ struct stat st_fd; ++ ++ if (fd < 0) ++ return -EINVAL; ++ ++ if (fstat(fd, &st_fd) < 0) ++ return -errno; ++ ++ if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode)) ++ return 0; ++ ++ if (path) { ++ struct stat st_path; ++ ++ if (stat(path, &st_path) < 0) { ++ ++ if (errno == ENOENT || errno == ENOTDIR) ++ return 0; ++ ++ return -errno; ++ } ++ ++ if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode)) ++ return ++ st_path.st_dev == st_fd.st_dev && ++ st_path.st_ino == st_fd.st_ino; ++ else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode)) ++ return st_path.st_rdev == st_fd.st_rdev; ++ else ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int sd_is_socket_internal(int fd, int type, int listening) { ++ struct stat st_fd; ++ ++ if (fd < 0 || type < 0) ++ return -EINVAL; ++ ++ if (fstat(fd, &st_fd) < 0) ++ return -errno; ++ ++ if (!S_ISSOCK(st_fd.st_mode)) ++ return 0; ++ ++ if (type != 0) { ++ int other_type = 0; ++ socklen_t l = sizeof(other_type); ++ ++ if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0) ++ return -errno; ++ ++ if (l != sizeof(other_type)) ++ return -EINVAL; ++ ++ if (other_type != type) ++ return 0; ++ } ++ ++ if (listening >= 0) { ++ int accepting = 0; ++ socklen_t l = sizeof(accepting); ++ ++ if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0) ++ return -errno; ++ ++ if (l != sizeof(accepting)) ++ return -EINVAL; ++ ++ if (!accepting != !listening) ++ return 0; ++ } ++ ++ return 1; ++} ++ ++union sockaddr_union { ++ struct sockaddr sa; ++ struct sockaddr_in in4; ++ struct sockaddr_in6 in6; ++ struct sockaddr_un un; ++ struct sockaddr_storage storage; ++}; ++ ++int netsnmp_sd_is_socket(int fd, int family, int type, int listening) { ++ int r; ++ ++ if (family < 0) ++ return -EINVAL; ++ ++ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) ++ return r; ++ ++ if (family > 0) { ++ union sockaddr_union sockaddr; ++ socklen_t l; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (l < sizeof(sa_family_t)) ++ return -EINVAL; ++ ++ return sockaddr.sa.sa_family == family; ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) { ++ union sockaddr_union sockaddr; ++ socklen_t l; ++ int r; ++ ++ if (family != 0 && family != AF_INET && family != AF_INET6) ++ return -EINVAL; ++ ++ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) ++ return r; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (l < sizeof(sa_family_t)) ++ return -EINVAL; ++ ++ if (sockaddr.sa.sa_family != AF_INET && ++ sockaddr.sa.sa_family != AF_INET6) ++ return 0; ++ ++ if (family > 0) ++ if (sockaddr.sa.sa_family != family) ++ return 0; ++ ++ if (port > 0) { ++ if (sockaddr.sa.sa_family == AF_INET) { ++ if (l < sizeof(struct sockaddr_in)) ++ return -EINVAL; ++ ++ return htons(port) == sockaddr.in4.sin_port; ++ } else { ++ if (l < sizeof(struct sockaddr_in6)) ++ return -EINVAL; ++ ++ return htons(port) == sockaddr.in6.sin6_port; ++ } ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) { ++ union sockaddr_union sockaddr; ++ socklen_t l; ++ int r; ++ ++ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) ++ return r; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (l < sizeof(sa_family_t)) ++ return -EINVAL; ++ ++ if (sockaddr.sa.sa_family != AF_UNIX) ++ return 0; ++ ++ if (path) { ++ if (length <= 0) ++ length = strlen(path); ++ ++ if (length <= 0) ++ /* Unnamed socket */ ++ return l == offsetof(struct sockaddr_un, sun_path); ++ ++ if (path[0]) ++ /* Normal path socket */ ++ return ++ (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) && ++ memcmp(path, sockaddr.un.sun_path, length+1) == 0; ++ else ++ /* Abstract namespace socket */ ++ return ++ (l == offsetof(struct sockaddr_un, sun_path) + length) && ++ memcmp(path, sockaddr.un.sun_path, length) == 0; ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_notify(int unset_environment, const char *state) { ++ int fd = -1, r; ++ struct msghdr msghdr; ++ struct iovec iovec; ++ union sockaddr_union sockaddr; ++ const char *e; ++ ++ if (!state) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ if (!(e = getenv("NOTIFY_SOCKET"))) ++ return 0; ++ ++ /* Must be an abstract socket, or an absolute path */ ++ if ((e[0] != '@' && e[0] != '/') || e[1] == 0) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ if ((fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ sockaddr.sa.sa_family = AF_UNIX; ++ strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path)); ++ ++ if (sockaddr.un.sun_path[0] == '@') ++ sockaddr.un.sun_path[0] = 0; ++ ++ memset(&iovec, 0, sizeof(iovec)); ++ iovec.iov_base = (char *)state; ++ iovec.iov_len = strlen(state); ++ ++ memset(&msghdr, 0, sizeof(msghdr)); ++ msghdr.msg_name = &sockaddr; ++ msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e); ++ ++ if (msghdr.msg_namelen > sizeof(struct sockaddr_un)) ++ msghdr.msg_namelen = sizeof(struct sockaddr_un); ++ ++ msghdr.msg_iov = &iovec; ++ msghdr.msg_iovlen = 1; ++ ++ if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ r = 1; ++ ++finish: ++ if (unset_environment) ++ unsetenv("NOTIFY_SOCKET"); ++ ++ if (fd >= 0) ++ close(fd); ++ ++ return r; ++} ++ ++int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) { ++ va_list ap; ++ char *p = NULL; ++ int r; ++ ++ va_start(ap, format); ++ r = vasprintf(&p, format, ap); ++ va_end(ap); ++ ++ if (r < 0 || !p) ++ return -ENOMEM; ++ ++ r = netsnmp_sd_notify(unset_environment, p); ++ free(p); ++ ++ return r; ++} ++ ++int netsnmp_sd_booted(void) { ++ struct stat a, b; ++ ++ /* We simply test whether the systemd cgroup hierarchy is ++ * mounted */ ++ ++ if (lstat("/sys/fs/cgroup", &a) < 0) ++ return 0; ++ ++ if (lstat("/sys/fs/cgroup/systemd", &b) < 0) ++ return 0; ++ ++ return a.st_dev != b.st_dev; ++} ++ ++/* End of original sd-daemon.c from systemd sources */ ++ ++int ++netsnmp_sd_find_inet_socket(int family, int type, int listening, int port) ++{ ++ int count, fd; ++ ++ count = netsnmp_sd_listen_fds(0); ++ if (count <= 0) { ++ DEBUGMSGTL(("systemd:find_inet_socket", "No LISTEN_FDS found.\n")); ++ return 0; ++ } ++ DEBUGMSGTL(("systemd:find_inet_socket", "LISTEN_FDS reports %d sockets.\n", ++ count)); ++ ++ for (fd = 3; fd < 3+count; fd++) { ++ int rc = netsnmp_sd_is_socket_inet(fd, family, type, listening, port); ++ if (rc < 0) ++ DEBUGMSGTL(("systemd:find_inet_socket", ++ "sd_is_socket_inet error: %d\n", rc)); ++ if (rc > 0) { ++ DEBUGMSGTL(("systemd:find_inet_socket", ++ "Found the socket in LISTEN_FDS\n")); ++ return fd; ++ } ++ } ++ DEBUGMSGTL(("systemd:find_inet_socket", "Socket not found in LISTEN_FDS\n")); ++ return 0; ++} ++ ++int ++netsnmp_sd_find_unix_socket(int type, int listening, const char *path) ++{ ++ int count, fd; ++ ++ count = netsnmp_sd_listen_fds(0); ++ if (count <= 0) { ++ DEBUGMSGTL(("systemd:find_unix_socket", "No LISTEN_FDS found.\n")); ++ return 0; ++ } ++ DEBUGMSGTL(("systemd:find_unix_socket", "LISTEN_FDS reports %d sockets.\n", ++ count)); ++ ++ for (fd = 3; fd < 3+count; fd++) { ++ int rc = netsnmp_sd_is_socket_unix(fd, type, listening, path, 0); ++ if (rc < 0) ++ DEBUGMSGTL(("systemd:find_unix_socket", ++ "netsnmp_sd_is_socket_unix error: %d\n", rc)); ++ if (rc > 0) { ++ DEBUGMSGTL(("systemd:find_unix_socket", ++ "Found the socket in LISTEN_FDS\n")); ++ return fd; ++ } ++ } ++ DEBUGMSGTL(("systemd:find_unix_socket", "Socket not found in LISTEN_FDS\n")); ++ return 0; ++} ++ ++#endif /* ! NETSNMP_NO_SYSTEMD */ +diff -up net-snmp-5.7.2/snmplib/transports/snmpTCPDomain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpTCPDomain.c +--- net-snmp-5.7.2/snmplib/transports/snmpTCPDomain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpTCPDomain.c 2012-11-12 10:19:41.767217067 +0100 +@@ -43,6 +43,10 @@ + #include + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + /* + * needs to be in sync with the definitions in snmplib/snmpUDPDomain.c + * and perl/agent/agent.xs +@@ -149,6 +153,7 @@ netsnmp_tcp_transport(struct sockaddr_in + netsnmp_transport *t = NULL; + netsnmp_udp_addr_pair *addr_pair = NULL; + int rc = 0; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -178,7 +183,19 @@ netsnmp_tcp_transport(struct sockaddr_in + t->domain_length = + sizeof(netsnmp_snmpTCPDomain) / sizeof(netsnmp_snmpTCPDomain[0]); + +- t->sock = socket(PF_INET, SOCK_STREAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_STREAM, 1, ++ ntohs(addr->sin_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET, SOCK_STREAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -215,11 +232,13 @@ netsnmp_tcp_transport(struct sockaddr_in + setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, + sizeof(opt)); + +- rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +@@ -235,12 +254,13 @@ netsnmp_tcp_transport(struct sockaddr_in + /* + * Now sit here and wait for connections to arrive. + */ +- +- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +diff -up net-snmp-5.7.2/snmplib/transports/snmpTCPIPv6Domain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpTCPIPv6Domain.c +--- net-snmp-5.7.2/snmplib/transports/snmpTCPIPv6Domain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpTCPIPv6Domain.c 2012-11-12 10:20:32.019078971 +0100 +@@ -49,6 +49,10 @@ + #include + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #include "inet_ntop.h" + + oid netsnmp_TCPIPv6Domain[] = { TRANSPORT_DOMAIN_TCP_IPV6 }; +@@ -140,6 +144,7 @@ netsnmp_tcp6_transport(struct sockaddr_i + { + netsnmp_transport *t = NULL; + int rc = 0; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -174,7 +179,19 @@ netsnmp_tcp6_transport(struct sockaddr_i + t->domain = netsnmp_TCPIPv6Domain; + t->domain_length = sizeof(netsnmp_TCPIPv6Domain) / sizeof(oid); + +- t->sock = socket(PF_INET6, SOCK_STREAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_STREAM, 1, ++ ntohs(addr->sin6_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET6, SOCK_STREAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -220,12 +237,14 @@ netsnmp_tcp6_transport(struct sockaddr_i + + setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, sizeof(opt)); + +- rc = bind(t->sock, (struct sockaddr *) addr, +- sizeof(struct sockaddr_in6)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *) addr, ++ sizeof(struct sockaddr_in6)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +@@ -242,11 +261,13 @@ netsnmp_tcp6_transport(struct sockaddr_i + * Now sit here and wait for connections to arrive. + */ + +- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +diff -up net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c +--- net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c 2012-11-12 10:22:30.279750750 +0100 +@@ -40,6 +40,10 @@ + + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #if (defined(linux) && defined(IP_PKTINFO)) \ + || defined(IP_RECVDSTADDR) && HAVE_STRUCT_MSGHDR_MSG_CONTROL \ + && HAVE_STRUCT_MSGHDR_MSG_FLAGS +@@ -67,6 +71,7 @@ netsnmp_udpipv4base_transport(struct soc + char *client_socket = NULL; + netsnmp_indexed_addr_pair addr_pair; + socklen_t local_addr_len; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -91,7 +96,20 @@ netsnmp_udpipv4base_transport(struct soc + free(str); + } + +- t->sock = socket(PF_INET, SOCK_DGRAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_DGRAM, -1, ++ ntohs(addr->sin_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET, SOCK_DGRAM, 0); ++ + DEBUGMSGTL(("UDPBase", "openned socket %d as local=%d\n", t->sock, local)); + if (t->sock < 0) { + netsnmp_transport_free(t); +@@ -141,13 +159,15 @@ netsnmp_udpipv4base_transport(struct soc + DEBUGMSGTL(("netsnmp_udp", "set IP_RECVDSTADDR\n")); + } + #endif +- rc = bind(t->sock, (struct sockaddr *) addr, +- sizeof(struct sockaddr)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; +- } ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *) addr, ++ sizeof(struct sockaddr)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } ++ } + t->data = NULL; + t->data_length = 0; + #else /* NETSNMP_NO_LISTEN_SUPPORT */ +diff -up net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c +--- net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c 2012-11-12 10:23:19.713603003 +0100 +@@ -67,6 +67,10 @@ static const struct in6_addr in6addr_any + #include + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #include "inet_ntop.h" + #include "inet_pton.h" + +@@ -190,6 +194,7 @@ netsnmp_udp6_transport(struct sockaddr_i + { + netsnmp_transport *t = NULL; + int rc = 0; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -217,7 +222,19 @@ netsnmp_udp6_transport(struct sockaddr_i + t->domain_length = + sizeof(netsnmp_UDPIPv6Domain) / sizeof(netsnmp_UDPIPv6Domain[0]); + +- t->sock = socket(PF_INET6, SOCK_DGRAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_DGRAM, -1, ++ ntohs(addr->sin6_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET6, SOCK_DGRAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -242,13 +259,14 @@ netsnmp_udp6_transport(struct sockaddr_i + } + } + #endif +- +- rc = bind(t->sock, (struct sockaddr *) addr, +- sizeof(struct sockaddr_in6)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *) addr, ++ sizeof(struct sockaddr_in6)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + t->local = (unsigned char*)malloc(18); + if (t->local == NULL) { +diff -up net-snmp-5.7.2/snmplib/transports/snmpUnixDomain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpUnixDomain.c +--- net-snmp-5.7.2/snmplib/transports/snmpUnixDomain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpUnixDomain.c 2012-11-12 10:24:02.803466358 +0100 +@@ -37,6 +37,10 @@ + #include /* mkdirhier */ + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + netsnmp_feature_child_of(transport_unix_socket_all, transport_all) + netsnmp_feature_child_of(unix_socket_paths, transport_unix_socket_all) + +@@ -295,6 +299,7 @@ netsnmp_unix_transport(struct sockaddr_u + netsnmp_transport *t = NULL; + sockaddr_un_pair *sup = NULL; + int rc = 0; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + /* SPECIAL CIRCUMSTANCE: We still want AgentX to be able to operate, +@@ -333,7 +338,18 @@ netsnmp_unix_transport(struct sockaddr_u + t->data_length = sizeof(sockaddr_un_pair); + sup = (sockaddr_un_pair *) t->data; + +- t->sock = socket(PF_UNIX, SOCK_STREAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_unix_socket(SOCK_STREAM, 1, addr->sun_path); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_UNIX, SOCK_STREAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -357,25 +373,26 @@ netsnmp_unix_transport(struct sockaddr_u + + t->flags |= NETSNMP_TRANSPORT_FLAG_LISTEN; + +- unlink(addr->sun_path); +- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); +- +- if (rc != 0 && errno == ENOENT && create_path) { +- rc = mkdirhier(addr->sun_path, create_mode, 1); ++ if (!socket_initialized) { ++ unlink(addr->sun_path); ++ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); ++ if (rc != 0 && errno == ENOENT && create_path) { ++ rc = mkdirhier(addr->sun_path, create_mode, 1); ++ if (rc != 0) { ++ netsnmp_unix_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } ++ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); ++ } + if (rc != 0) { ++ DEBUGMSGTL(("netsnmp_unix_transport", ++ "couldn't bind \"%s\", errno %d (%s)\n", ++ addr->sun_path, errno, strerror(errno))); + netsnmp_unix_close(t); + netsnmp_transport_free(t); + return NULL; + } +- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); +- } +- if (rc != 0) { +- DEBUGMSGTL(("netsnmp_unix_transport", +- "couldn't bind \"%s\", errno %d (%s)\n", +- addr->sun_path, errno, strerror(errno))); +- netsnmp_unix_close(t); +- netsnmp_transport_free(t); +- return NULL; + } + + /* +@@ -391,16 +408,17 @@ netsnmp_unix_transport(struct sockaddr_u + * Now sit here and listen for connections to arrive. + */ + +- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); +- if (rc != 0) { +- DEBUGMSGTL(("netsnmp_unix_transport", +- "couldn't listen to \"%s\", errno %d (%s)\n", +- addr->sun_path, errno, strerror(errno))); +- netsnmp_unix_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); ++ if (rc != 0) { ++ DEBUGMSGTL(("netsnmp_unix_transport", ++ "couldn't listen to \"%s\", errno %d (%s)\n", ++ addr->sun_path, errno, strerror(errno))); ++ netsnmp_unix_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } +- + } else { + t->remote = (u_char *)malloc(strlen(addr->sun_path)); + if (t->remote == NULL) { diff --git a/SOURCES/net-snmp-5.7.2-systemstats-ipv4.patch b/SOURCES/net-snmp-5.7.2-systemstats-ipv4.patch new file mode 100644 index 0000000..0998803 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-systemstats-ipv4.patch @@ -0,0 +1,58 @@ +1235697 - ipSystemStatsInOctets & ipSystemStatsHCInOctets for IPV4 not implemented with net-snmp in RHEL 7 + +commit b4caf543cff7dba8f9acca2b9ea88c9b79dc39ee +Author: Niels Baggesen +Date: Mon Oct 22 16:32:12 2012 +0200 + + Pick up HC octets and McastOctets from /proc/net/netstat of current RHEL6 + and Fedora kernels. + +diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c +index fbfd8a2..3ba8646 100644 +--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c ++++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c +@@ -271,7 +271,7 @@ _additional_systemstats_v4(netsnmp_systemstats_entry* entry, + FILE *devin; + char line[1024]; + int scan_count; +- unsigned long long scan_vals[6]; ++ unsigned long long scan_vals[12]; + int retval = 0; + + DEBUGMSGTL(("access:systemstats:container:arch", +@@ -301,9 +301,11 @@ _additional_systemstats_v4(netsnmp_systemstats_entry* entry, + memset(scan_vals, 0x0, sizeof(scan_vals)); + scan_count = sscanf(line, + "%*s" /* ignore `IpExt:' */ +- "%llu %llu %llu %llu %llu %llu", ++ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu %llu %llu", + &scan_vals[0], &scan_vals[1], &scan_vals[2], +- &scan_vals[3], &scan_vals[4], &scan_vals[5]); ++ &scan_vals[3], &scan_vals[4], &scan_vals[5], ++ &scan_vals[6], &scan_vals[7], &scan_vals[8], ++ &scan_vals[9], &scan_vals[10], &scan_vals[11]); + if (scan_count < 6) { + snmp_log(LOG_ERR, + "error scanning addtional systemstats data" +@@ -331,6 +333,21 @@ _additional_systemstats_v4(netsnmp_systemstats_entry* entry, + entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCOUTMCASTPKTS] = 1; + entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINBCASTPKTS] = 1; + entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCOUTBCASTPKTS] = 1; ++ if (scan_count >= 12) { ++ entry->stats.HCInOctets.low = scan_vals[6] & 0xffffffff; ++ entry->stats.HCInOctets.high = scan_vals[6] >> 32; ++ entry->stats.HCOutOctets.low = scan_vals[7] & 0xffffffff; ++ entry->stats.HCOutOctets.high = scan_vals[7] >> 32; ++ entry->stats.HCInMcastOctets.low = scan_vals[8] & 0xffffffff; ++ entry->stats.HCInMcastOctets.high = scan_vals[8] >> 32; ++ entry->stats.HCOutMcastOctets.low = scan_vals[9] & 0xffffffff; ++ entry->stats.HCOutMcastOctets.high = scan_vals[9] >> 32; ++ /* 10 and 11 are In/OutBcastOctets */ ++ entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINOCTETS] = 1; ++ entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCOUTOCTETS] = 1; ++ entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINMCASTOCTETS] = 1; ++ entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCOUTMCASTOCTETS] = 1; ++ } + } + } + diff --git a/SOURCES/net-snmp-5.7.2-trap-vartypes.patch b/SOURCES/net-snmp-5.7.2-trap-vartypes.patch new file mode 100644 index 0000000..30155ce --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-trap-vartypes.patch @@ -0,0 +1,474 @@ +commit 7f4a7b891332899cea26e95be0337aae01648742 +Author: Jan Safranek +Date: Thu Jul 31 13:46:49 2014 +0200 + + Added checks for printing variables with wrong types. + + When -OQ command line argument is used, variable formatter preffers the type + of the varible parsed from a MIB file instead of checking type of the variable + as parsed from SNMP message. + + This can lead to crashes when incoming packets contains a variable with + NULL type, while the MIB says the variable should be non-NULL, like Integer. + The formatter then tries to interpret the NULL (from packet) as Integer (from + MIB file). + +diff --git a/snmplib/mib.c b/snmplib/mib.c +index 9d3ca41..c6e0010 100644 +--- a/snmplib/mib.c ++++ b/snmplib/mib.c +@@ -439,17 +439,16 @@ sprint_realloc_octet_string(u_char ** buf, size_t * buf_len, + u_char *cp; + int output_format, cnt; + +- if ((var->type != ASN_OCTET_STR) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- const char str[] = "Wrong Type (should be OCTET STRING): "; +- if (snmp_cstrcat +- (buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_OCTET_STR) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ const char str[] = "Wrong Type (should be OCTET STRING): "; ++ if (!snmp_cstrcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + +@@ -702,16 +701,16 @@ sprint_realloc_float(u_char ** buf, size_t * buf_len, + const struct enum_list *enums, + const char *hint, const char *units) + { +- if ((var->type != ASN_OPAQUE_FLOAT) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc, +- "Wrong Type (should be Float): ")) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_OPAQUE_FLOAT) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be Float): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { +@@ -772,17 +771,16 @@ sprint_realloc_double(u_char ** buf, size_t * buf_len, + const struct enum_list *enums, + const char *hint, const char *units) + { +- if ((var->type != ASN_OPAQUE_DOUBLE) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- if (snmp_cstrcat +- (buf, buf_len, out_len, allow_realloc, +- "Wrong Type (should be Double): ")) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_OPAQUE_DOUBLE) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be Double): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { +@@ -847,20 +845,21 @@ sprint_realloc_counter64(u_char ** buf, size_t * buf_len, size_t * out_len, + { + char a64buf[I64CHARSZ + 1]; + +- if ((var->type != ASN_COUNTER64 ++ if (var->type != ASN_COUNTER64 + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + && var->type != ASN_OPAQUE_COUNTER64 + && var->type != ASN_OPAQUE_I64 && var->type != ASN_OPAQUE_U64 + #endif +- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc, +- "Wrong Type (should be Counter64): ")) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ ) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be Counter64): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { +@@ -948,23 +947,25 @@ sprint_realloc_opaque(u_char ** buf, size_t * buf_len, + const struct enum_list *enums, + const char *hint, const char *units) + { +- if ((var->type != ASN_OPAQUE ++ if (var->type != ASN_OPAQUE + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + && var->type != ASN_OPAQUE_COUNTER64 + && var->type != ASN_OPAQUE_U64 + && var->type != ASN_OPAQUE_I64 + && var->type != ASN_OPAQUE_FLOAT && var->type != ASN_OPAQUE_DOUBLE + #endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */ +- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc, +- "Wrong Type (should be Opaque): ")) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ ) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be Opaque): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } ++ + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + switch (var->type) { + case ASN_OPAQUE_COUNTER64: +@@ -1040,17 +1041,16 @@ sprint_realloc_object_identifier(u_char ** buf, size_t * buf_len, + { + int buf_overflow = 0; + +- if ((var->type != ASN_OBJECT_ID) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = +- "Wrong Type (should be OBJECT IDENTIFIER): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_OBJECT_ID) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be OBJECT IDENTIFIER): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { +@@ -1110,16 +1110,16 @@ sprint_realloc_timeticks(u_char ** buf, size_t * buf_len, size_t * out_len, + { + char timebuf[40]; + +- if ((var->type != ASN_TIMETICKS) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = "Wrong Type (should be Timeticks): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_TIMETICKS) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be Timeticks): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_NUMERIC_TIMETICKS)) { +@@ -1277,17 +1277,18 @@ sprint_realloc_integer(u_char ** buf, size_t * buf_len, size_t * out_len, + { + char *enum_string = NULL; + +- if ((var->type != ASN_INTEGER) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = "Wrong Type (should be INTEGER): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_INTEGER) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be INTEGER): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } ++ + for (; enums; enums = enums->next) { + if (enums->value == *var->val.integer) { + enum_string = enums->label; +@@ -1380,16 +1381,16 @@ sprint_realloc_uinteger(u_char ** buf, size_t * buf_len, size_t * out_len, + { + char *enum_string = NULL; + +- if ((var->type != ASN_UINTEGER) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = "Wrong Type (should be UInteger32): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_UINTEGER) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be UInteger32): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + for (; enums; enums = enums->next) { +@@ -1477,17 +1478,16 @@ sprint_realloc_gauge(u_char ** buf, size_t * buf_len, size_t * out_len, + { + char tmp[32]; + +- if ((var->type != ASN_GAUGE) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = +- "Wrong Type (should be Gauge32 or Unsigned32): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_GAUGE) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be Gauge32 or Unsigned32): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { +@@ -1550,16 +1550,16 @@ sprint_realloc_counter(u_char ** buf, size_t * buf_len, size_t * out_len, + { + char tmp[32]; + +- if ((var->type != ASN_COUNTER) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = "Wrong Type (should be Counter32): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_COUNTER) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be Counter32): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { +@@ -1613,16 +1613,16 @@ sprint_realloc_networkaddress(u_char ** buf, size_t * buf_len, + { + size_t i; + +- if ((var->type != ASN_IPADDRESS) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = "Wrong Type (should be NetworkAddress): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_IPADDRESS) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be NetworkAddress): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { +@@ -1679,16 +1679,16 @@ sprint_realloc_ipaddress(u_char ** buf, size_t * buf_len, size_t * out_len, + { + u_char *ip = var->val.string; + +- if ((var->type != ASN_IPADDRESS) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = "Wrong Type (should be IpAddress): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_IPADDRESS) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be IpAddress): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { +@@ -1737,20 +1737,20 @@ sprint_realloc_null(u_char ** buf, size_t * buf_len, size_t * out_len, + const struct enum_list *enums, + const char *hint, const char *units) + { +- if ((var->type != ASN_NULL) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = "Wrong Type (should be NULL): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_NULL) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be NULL): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } +- } else { +- u_char str[] = "NULL"; +- return snmp_strcat(buf, buf_len, out_len, allow_realloc, str); + } ++ ++ u_char str[] = "NULL"; ++ return snmp_strcat(buf, buf_len, out_len, allow_realloc, str); + } + + +@@ -1785,16 +1785,16 @@ sprint_realloc_bitstring(u_char ** buf, size_t * buf_len, size_t * out_len, + u_char *cp; + char *enum_string; + +- if ((var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = "Wrong Type (should be BITS): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be BITS): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { +@@ -1869,16 +1869,16 @@ sprint_realloc_nsapaddress(u_char ** buf, size_t * buf_len, + const struct enum_list *enums, const char *hint, + const char *units) + { +- if ((var->type != ASN_NSAP) && +- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) { +- u_char str[] = "Wrong Type (should be NsapAddress): "; +- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) { +- return sprint_realloc_by_type(buf, buf_len, out_len, ++ if (var->type != ASN_NSAP) { ++ if (!netsnmp_ds_get_boolean( ++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { ++ u_char str[] = "Wrong Type (should be NsapAddress): "; ++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) ++ return 0; ++ } ++ return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, var, NULL, NULL, + NULL); +- } else { +- return 0; +- } + } + + if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) { + +commit 3da0c378b5cb1bbf35d05a6212a483abda84a201 +Author: Niels Baggesen +Date: Mon Sep 1 08:59:04 2014 +0200 + + Fix commit 7f4a7b891332899cea26e95be0337aae01648742: dont mix code and declarations. + +diff --git a/snmplib/mib.c b/snmplib/mib.c +index c6e0010..7dcf3d0 100644 +--- a/snmplib/mib.c ++++ b/snmplib/mib.c +@@ -1737,6 +1737,8 @@ sprint_realloc_null(u_char ** buf, size_t * buf_len, size_t * out_len, + const struct enum_list *enums, + const char *hint, const char *units) + { ++ u_char str[] = "NULL"; ++ + if (var->type != ASN_NULL) { + if (!netsnmp_ds_get_boolean( + NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) { +@@ -1749,7 +1751,6 @@ sprint_realloc_null(u_char ** buf, size_t * buf_len, size_t * out_len, + NULL); + } + +- u_char str[] = "NULL"; + return snmp_strcat(buf, buf_len, out_len, allow_realloc, str); + } + diff --git a/SOURCES/net-snmp-5.7.2-traptomail.patch b/SOURCES/net-snmp-5.7.2-traptomail.patch new file mode 100644 index 0000000..09d2cc7 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-traptomail.patch @@ -0,0 +1,11 @@ +diff -urNp a/local/traptoemail b/local/traptoemail +--- a/local/traptoemail 2019-03-19 14:26:31.824021449 +0100 ++++ b/local/traptoemail 2019-03-19 14:30:38.917515164 +0100 +@@ -63,7 +63,6 @@ $message->to(@ARGV) || die "failed to se + $message->data(); + $message->datasend("To: " . join(", ",@ARGV) . "\n"); + $message->datasend("From: $opts{f}\n"); +-$message->datasend("Date: ".strftime("%a, %e %b %Y %X %z", localtime())."\n"); + $message->datasend("Subject: trap received from $hostname: $values[1]\n"); + $message->datasend("\n"); + $message->datasend("Host: $hostname ($ipaddress)\n"); diff --git a/SOURCES/net-snmp-5.7.2-trigger-crash.patch b/SOURCES/net-snmp-5.7.2-trigger-crash.patch new file mode 100644 index 0000000..069f818 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-trigger-crash.patch @@ -0,0 +1,51 @@ +1050971 - snmpd segfault with entry->sysUpTime = *sysUT_var.val.integer + +commit 9f4c572614091404decba0d4ef1a4cbaf9fc5bd2 +Author: Jan Safranek +Date: Thu Jan 9 13:35:27 2014 +0100 + + CHANGES: snmpd: Fixed monitoring based on non-delta trigger. + + snmpd crashed wit following snmpd.conf: + monitor -s -D -r 10 -e LOGMATCH -o logMatchCurrentCount "Log Match" != logMatchCurrentCount + logmatch LoginFailure1 /var/log/secure 10 su: .*fail.* + + The reason was unitialized variable sysUT_var in mteTrigger_run(), it was + filled only if the trigger was delta-valued, while its value was used for all + triggers. + + With this patch, sysUT_var is filled for all code branches where it is needed. + +diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c +index bb585ed..11cb5b7 100644 +--- a/agent/mibgroup/disman/event/mteTrigger.c ++++ b/agent/mibgroup/disman/event/mteTrigger.c +@@ -533,6 +533,13 @@ mteTrigger_run( unsigned int reg, void *clientarg) + } /* !old_results - end of else block */ + } /* MTE_TRIGGER_EXISTENCE */ + ++ /* ++ * We'll need sysUpTime.0 regardless... ++ */ ++ DEBUGMSGTL(("disman:event:delta", "retrieve sysUpTime.0\n")); ++ memset( &sysUT_var, 0, sizeof( netsnmp_variable_list )); ++ snmp_set_var_objid( &sysUT_var, _sysUpTime_instance, _sysUpTime_inst_len ); ++ netsnmp_query_get( &sysUT_var, entry->session ); + + if (( entry->mteTriggerTest & MTE_TRIGGER_BOOLEAN ) || + ( entry->mteTriggerTest & MTE_TRIGGER_THRESHOLD )) { +@@ -582,14 +589,6 @@ mteTrigger_run( unsigned int reg, void *clientarg) + * (including sysUpTime.0 if not specified explicitly). + */ + if ( entry->flags & MTE_TRIGGER_FLAG_DELTA ) { +- /* +- * We'll need sysUpTime.0 regardless... +- */ +- DEBUGMSGTL(("disman:event:delta", "retrieve sysUpTime.0\n")); +- memset( &sysUT_var, 0, sizeof( netsnmp_variable_list )); +- snmp_set_var_objid( &sysUT_var, _sysUpTime_instance, +- _sysUpTime_inst_len ); +- netsnmp_query_get( &sysUT_var, entry->session ); + + if (!(entry->flags & MTE_TRIGGER_FLAG_SYSUPT)) { + /* diff --git a/SOURCES/net-snmp-5.7.2-udp6-clientaddr.patch b/SOURCES/net-snmp-5.7.2-udp6-clientaddr.patch new file mode 100644 index 0000000..97b7b37 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-udp6-clientaddr.patch @@ -0,0 +1,78 @@ +1190679 - In IPv6, snmp packet does not send from specified interface assigned by clientaddr option in snmpd.conf + +commit a92628a163ebf1ea62220684736300461c003875 +Author: Niels Baggesen +Date: Mon Jan 26 20:26:06 2015 +0100 + + BUG#a2584: Fix snmptrap to use clientaddr from snmp.conf. Thanks to rizwan + ++ restore clientaddrUsesPort functionality for UDPv6 + +diff -up net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c.udp6-clientaddr net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c +--- net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c.udp6-clientaddr 2015-06-17 15:00:50.178122151 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c 2015-06-17 15:01:09.203194870 +0200 +@@ -284,6 +284,27 @@ netsnmp_udp6_transport(struct sockaddr_i + return NULL; + #endif /* NETSNMP_NO_LISTEN_SUPPORT */ + } else { ++ char *client_socket = NULL; ++ /* ++ * This is a client session. If we've been given a ++ * client address to send from, then bind to that. ++ * Otherwise the send will use "something sensible". ++ */ ++ ++ client_socket = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, ++ NETSNMP_DS_LIB_CLIENT_ADDR); ++ if (client_socket) { ++ struct sockaddr_in6 client_addr; ++ netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL); ++ rc = bind(t->sock, (struct sockaddr *)&client_addr, ++ sizeof(struct sockaddr_in6)); ++ if ( rc != 0 ) { ++ DEBUGMSGTL(("netsnmp_udp6", "failed to bind for clientaddr: %d %s\n", ++ errno, strerror(errno))); ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ } ++ } + /* + * This is a client session. Save the address in the + * transport-specific data pointer for later use by netsnmp_udp6_send. +diff -up net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c.old net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c +--- net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c.old 2015-06-17 16:34:09.120181912 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c 2015-06-17 16:35:29.803192111 +0200 +@@ -294,8 +294,13 @@ netsnmp_udp6_transport(struct sockaddr_i + client_socket = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, + NETSNMP_DS_LIB_CLIENT_ADDR); + if (client_socket) { ++ int uses_port = netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, ++ NETSNMP_DS_LIB_CLIENT_ADDR_USES_PORT); + struct sockaddr_in6 client_addr; + netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL); ++ if (uses_port == 0) { ++ client_addr.sin6_port = 0; ++ } + rc = bind(t->sock, (struct sockaddr *)&client_addr, + sizeof(struct sockaddr_in6)); + if ( rc != 0 ) { +commit 1ee72102fbe722d232d74abc4660a8b134cec8d6 +Author: Bart Van Assche +Date: Sat May 23 07:32:53 2015 +0200 + + snmplib, UDPIPv6 transport: Add a missing return statement + + Detected by Coverity. + +diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c +index 029b164..11c39bb 100644 +--- a/snmplib/transports/snmpUDPIPv6Domain.c ++++ b/snmplib/transports/snmpUDPIPv6Domain.c +@@ -285,6 +285,7 @@ netsnmp_udp6_transport(struct sockaddr_in6 *addr, int local) + errno, strerror(errno))); + netsnmp_socketbase_close(t); + netsnmp_transport_free(t); ++ return NULL; + } + } + /* diff --git a/SOURCES/net-snmp-5.7.2-udpTable-index.patch b/SOURCES/net-snmp-5.7.2-udpTable-index.patch new file mode 100644 index 0000000..9575b52 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-udpTable-index.patch @@ -0,0 +1,21 @@ +Bug 1184433 - udpTable has wrong indices + +commit c5c435658032c26fde69978e2610c879b3a4bcc8 +Author: Niels Baggesen +Date: Thu Apr 16 18:56:55 2015 +0200 + + Patch #1300: Fix big endian / 64bit problem with Sparc by properly typing. Thanks to Eric Snowberg. + +diff --git a/agent/mibgroup/mibII/udpTable.c b/agent/mibgroup/mibII/udpTable.c +index 57e967c..cc00b13 100644 +--- a/agent/mibgroup/mibII/udpTable.c ++++ b/agent/mibgroup/mibII/udpTable.c +@@ -368,7 +368,7 @@ udpTable_next_entry( void **loop_context, + { + UDPTABLE_ENTRY_TYPE *entry = (UDPTABLE_ENTRY_TYPE *)*loop_context; + long port; +- long addr; ++ in_addr_t addr; + + if (!entry) + return NULL; diff --git a/SOURCES/net-snmp-5.7.2-v3-forward.patch b/SOURCES/net-snmp-5.7.2-v3-forward.patch new file mode 100644 index 0000000..9b51b7a --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-v3-forward.patch @@ -0,0 +1,476 @@ +diff -urNp x/agent/snmp_agent.c y/agent/snmp_agent.c +--- x/agent/snmp_agent.c 2019-09-12 10:07:52.536297633 +0200 ++++ y/agent/snmp_agent.c 2019-09-12 10:10:10.900666975 +0200 +@@ -1428,6 +1428,13 @@ free_agent_snmp_session(netsnmp_agent_se + + DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n", + asp, asp->reqinfo)); ++ ++ /* Clean up securityStateRef here to prevent a double free */ ++ if (asp->orig_pdu && asp->orig_pdu->securityStateRef) ++ snmp_free_securityStateRef(asp->orig_pdu); ++ if (asp->pdu && asp->pdu->securityStateRef) ++ snmp_free_securityStateRef(asp->pdu); ++ + if (asp->orig_pdu) + snmp_free_pdu(asp->orig_pdu); + if (asp->pdu) +diff -urNp x/include/net-snmp/pdu_api.h y/include/net-snmp/pdu_api.h +--- x/include/net-snmp/pdu_api.h 2019-09-12 10:07:52.548297751 +0200 ++++ y/include/net-snmp/pdu_api.h 2019-09-12 10:11:26.562411701 +0200 +@@ -19,6 +19,8 @@ NETSNMP_IMPORT + netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx); + NETSNMP_IMPORT + void snmp_free_pdu( netsnmp_pdu *pdu); ++NETSNMP_IMPORT ++void snmp_free_securityStateRef( netsnmp_pdu *pdu); + + #ifdef __cplusplus + } +diff -urNp x/snmplib/snmp_api.c y/snmplib/snmp_api.c +--- x/snmplib/snmp_api.c 2019-09-12 10:07:52.570297968 +0200 ++++ y/snmplib/snmp_api.c 2019-09-13 08:53:53.734689426 +0200 +@@ -3837,6 +3837,42 @@ snmpv3_parse(netsnmp_pdu *pdu, + return SNMPERR_SUCCESS; + } /* end snmpv3_parse() */ + ++static void ++free_securityStateRef(netsnmp_pdu* pdu) ++{ ++ struct snmp_secmod_def *sptr; ++ ++ if(!pdu->securityStateRef) ++ return; ++ ++ sptr = find_sec_mod(pdu->securityModel); ++ if (sptr) { ++ if (sptr->pdu_free_state_ref) { ++ (*sptr->pdu_free_state_ref) (pdu->securityStateRef); ++ } else { ++ snmp_log(LOG_ERR, ++ "Security Model %d can't free state references\n", ++ pdu->securityModel); ++ } ++ } else { ++ snmp_log(LOG_ERR, ++ "Can't find security model to free ptr: %d\n", ++ pdu->securityModel); ++ } ++ pdu->securityStateRef = NULL; ++} ++ ++/* ++ * This function is here to provide a separate call to ++ * free the securityStateRef memory. This is needed to prevent ++ * a double free if this memory is freed in snmp_free_pdu. ++ */ ++void ++snmp_free_securityStateRef(netsnmp_pdu* pdu) ++{ ++ free_securityStateRef(pdu); ++} ++ + #define ERROR_STAT_LENGTH 11 + + int +@@ -3858,7 +3894,6 @@ snmpv3_make_report(netsnmp_pdu *pdu, int + oid *err_var; + int err_var_len; + int stat_ind; +- struct snmp_secmod_def *sptr; + + switch (error) { + case SNMPERR_USM_UNKNOWNENGINEID: +@@ -3919,21 +3954,7 @@ snmpv3_make_report(netsnmp_pdu *pdu, int + * which cached values to use + */ + if (pdu->securityStateRef) { +- sptr = find_sec_mod(pdu->securityModel); +- if (sptr) { +- if (sptr->pdu_free_state_ref) { +- (*sptr->pdu_free_state_ref) (pdu->securityStateRef); +- } else { +- snmp_log(LOG_ERR, +- "Security Model %d can't free state references\n", +- pdu->securityModel); +- } +- } else { +- snmp_log(LOG_ERR, +- "Can't find security model to free ptr: %d\n", +- pdu->securityModel); +- } +- pdu->securityStateRef = NULL; ++ free_securityStateRef(pdu); + } + + if (error == SNMPERR_USM_NOTINTIMEWINDOW) { +@@ -5192,7 +5213,6 @@ _sess_process_packet(void *sessp, netsnm + struct session_list *slp = (struct session_list *) sessp; + netsnmp_pdu *pdu; + netsnmp_request_list *rp, *orp = NULL; +- struct snmp_secmod_def *sptr; + int ret = 0, handled = 0; + + DEBUGMSGTL(("sess_process_packet", +@@ -5262,21 +5282,7 @@ _sess_process_packet(void *sessp, netsnm + * Call the security model to free any securityStateRef supplied w/ msg. + */ + if (pdu->securityStateRef != NULL) { +- sptr = find_sec_mod(pdu->securityModel); +- if (sptr != NULL) { +- if (sptr->pdu_free_state_ref != NULL) { +- (*sptr->pdu_free_state_ref) (pdu->securityStateRef); +- } else { +- snmp_log(LOG_ERR, +- "Security Model %d can't free state references\n", +- pdu->securityModel); +- } +- } else { +- snmp_log(LOG_ERR, +- "Can't find security model to free ptr: %d\n", +- pdu->securityModel); +- } +- pdu->securityStateRef = NULL; ++ free_securityStateRef(pdu); + } + snmp_free_pdu(pdu); + return -1; +@@ -5287,21 +5293,7 @@ _sess_process_packet(void *sessp, netsnm + * Call USM to free any securityStateRef supplied with the message. + */ + if (pdu->securityStateRef) { +- sptr = find_sec_mod(pdu->securityModel); +- if (sptr) { +- if (sptr->pdu_free_state_ref) { +- (*sptr->pdu_free_state_ref) (pdu->securityStateRef); +- } else { +- snmp_log(LOG_ERR, +- "Security Model %d can't free state references\n", +- pdu->securityModel); +- } +- } else { +- snmp_log(LOG_ERR, +- "Can't find security model to free ptr: %d\n", +- pdu->securityModel); +- } +- pdu->securityStateRef = NULL; ++ free_securityStateRef(pdu); + } + + for (rp = isp->requests; rp; orp = rp, rp = rp->next_request) { +@@ -5454,21 +5446,7 @@ _sess_process_packet(void *sessp, netsnm + */ + if (pdu != NULL && pdu->securityStateRef && + pdu->command == SNMP_MSG_TRAP2) { +- sptr = find_sec_mod(pdu->securityModel); +- if (sptr) { +- if (sptr->pdu_free_state_ref) { +- (*sptr->pdu_free_state_ref) (pdu->securityStateRef); +- } else { +- snmp_log(LOG_ERR, +- "Security Model %d can't free state references\n", +- pdu->securityModel); +- } +- } else { +- snmp_log(LOG_ERR, +- "Can't find security model to free ptr: %d\n", +- pdu->securityModel); +- } +- pdu->securityStateRef = NULL; ++ free_securityStateRef(pdu); + } + + if (!handled) { +diff -urNp x/snmplib/snmpusm.c y/snmplib/snmpusm.c +--- x/snmplib/snmpusm.c 2019-09-12 10:07:52.567297938 +0200 ++++ y/snmplib/snmpusm.c 2019-09-12 10:57:52.780861077 +0200 +@@ -206,16 +206,20 @@ usm_free_usmStateReference(void *old) + + if (old_ref) { + +- SNMP_FREE(old_ref->usr_name); +- SNMP_FREE(old_ref->usr_engine_id); +- SNMP_FREE(old_ref->usr_auth_protocol); +- SNMP_FREE(old_ref->usr_priv_protocol); ++ if (old_ref->usr_name_length) ++ SNMP_FREE(old_ref->usr_name); ++ if (old_ref->usr_engine_id_length) ++ SNMP_FREE(old_ref->usr_engine_id); ++ if (old_ref->usr_auth_protocol_length) ++ SNMP_FREE(old_ref->usr_auth_protocol); ++ if (old_ref->usr_priv_protocol_length) ++ SNMP_FREE(old_ref->usr_priv_protocol); + +- if (old_ref->usr_auth_key) { ++ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) { + SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length); + SNMP_FREE(old_ref->usr_auth_key); + } +- if (old_ref->usr_priv_key) { ++ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) { + SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length); + SNMP_FREE(old_ref->usr_priv_key); + } +@@ -946,7 +950,6 @@ usm_generate_out_msg(int msgProcModel, + if ((user = usm_get_user(secEngineID, secEngineIDLen, secName)) + == NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) { + DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName)); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_UNKNOWNSECURITYNAME; + } + +@@ -998,7 +1001,6 @@ usm_generate_out_msg(int msgProcModel, + thePrivProtocolLength) == 1) { + DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n", + theSecLevel)); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL; + } + +@@ -1028,7 +1030,6 @@ usm_generate_out_msg(int msgProcModel, + &msgAuthParmLen, &msgPrivParmLen, &otstlen, + &seq_len, &msgSecParmLen) == -1) { + DEBUGMSGTL(("usm", "Failed calculating offsets.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + +@@ -1050,7 +1051,6 @@ usm_generate_out_msg(int msgProcModel, + ptr = *wholeMsg = globalData; + if (theTotalLength > *wholeMsgLen) { + DEBUGMSGTL(("usm", "Message won't fit in buffer.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + +@@ -1078,7 +1078,6 @@ usm_generate_out_msg(int msgProcModel, + htonl(boots_uint), htonl(time_uint), + &ptr[privParamsOffset]) == -1) { + DEBUGMSGTL(("usm", "Can't set AES iv.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + } +@@ -1091,7 +1090,6 @@ usm_generate_out_msg(int msgProcModel, + &ptr[privParamsOffset]) + == -1)) { + DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + } +@@ -1104,7 +1102,6 @@ usm_generate_out_msg(int msgProcModel, + &ptr[dataOffset], &encrypted_length) + != SNMP_ERR_NOERROR) { + DEBUGMSGTL(("usm", "encryption error.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_ENCRYPTIONERROR; + } + #ifdef NETSNMP_ENABLE_TESTING_CODE +@@ -1132,7 +1129,6 @@ usm_generate_out_msg(int msgProcModel, + if ((encrypted_length != (theTotalLength - dataOffset)) + || (salt_length != msgPrivParmLen)) { + DEBUGMSGTL(("usm", "encryption length error.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_ENCRYPTIONERROR; + } + +@@ -1268,7 +1264,6 @@ usm_generate_out_msg(int msgProcModel, + + if (temp_sig == NULL) { + DEBUGMSGTL(("usm", "Out of memory.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + +@@ -1282,7 +1277,6 @@ usm_generate_out_msg(int msgProcModel, + SNMP_ZERO(temp_sig, temp_sig_len); + SNMP_FREE(temp_sig); + DEBUGMSGTL(("usm", "Signing failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_AUTHENTICATIONFAILURE; + } + +@@ -1290,7 +1284,6 @@ usm_generate_out_msg(int msgProcModel, + SNMP_ZERO(temp_sig, temp_sig_len); + SNMP_FREE(temp_sig); + DEBUGMSGTL(("usm", "Signing lengths failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_AUTHENTICATIONFAILURE; + } + +@@ -1304,7 +1297,6 @@ usm_generate_out_msg(int msgProcModel, + /* + * endif -- create keyed hash + */ +- usm_free_usmStateReference(secStateRef); + + DEBUGMSGTL(("usm", "USM processing completed.\n")); + +@@ -1458,7 +1450,6 @@ usm_rgenerate_out_msg(int msgProcModel, + if ((user = usm_get_user(secEngineID, secEngineIDLen, secName)) + == NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) { + DEBUGMSGTL(("usm", "Unknown User\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_UNKNOWNSECURITYNAME; + } + +@@ -1511,7 +1502,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n", + theSecLevel)); + +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL; + } + +@@ -1544,7 +1534,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGMSGTL(("usm", + "couldn't malloc %d bytes for encrypted PDU\n", + (int)ciphertextlen)); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_MALLOC; + } + +@@ -1560,7 +1549,6 @@ usm_rgenerate_out_msg(int msgProcModel, + htonl(boots_uint), htonl(time_uint), + iv) == -1) { + DEBUGMSGTL(("usm", "Can't set AES iv.\n")); +- usm_free_usmStateReference(secStateRef); + SNMP_FREE(ciphertext); + return SNMPERR_USM_GENERICERROR; + } +@@ -1575,7 +1563,6 @@ usm_rgenerate_out_msg(int msgProcModel, + thePrivKeyLength - 8, + iv) == -1)) { + DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n")); +- usm_free_usmStateReference(secStateRef); + SNMP_FREE(ciphertext); + return SNMPERR_USM_GENERICERROR; + } +@@ -1594,7 +1581,6 @@ usm_rgenerate_out_msg(int msgProcModel, + scopedPdu, scopedPduLen, + ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) { + DEBUGMSGTL(("usm", "encryption error.\n")); +- usm_free_usmStateReference(secStateRef); + SNMP_FREE(ciphertext); + return SNMPERR_USM_ENCRYPTIONERROR; + } +@@ -1614,7 +1600,6 @@ usm_rgenerate_out_msg(int msgProcModel, + ciphertext, ciphertextlen); + if (rc == 0) { + DEBUGMSGTL(("usm", "Encryption failed.\n")); +- usm_free_usmStateReference(secStateRef); + SNMP_FREE(ciphertext); + return SNMPERR_USM_ENCRYPTIONERROR; + } +@@ -1654,7 +1639,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGINDENTLESS(); + if (rc == 0) { + DEBUGMSGTL(("usm", "building privParams failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1675,7 +1659,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGINDENTLESS(); + if (rc == 0) { + DEBUGMSGTL(("usm", "building authParams failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1698,7 +1681,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGINDENTLESS(); + if (rc == 0) { + DEBUGMSGTL(("usm", "building authParams failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1714,7 +1696,6 @@ usm_rgenerate_out_msg(int msgProcModel, + if (rc == 0) { + DEBUGMSGTL(("usm", + "building msgAuthoritativeEngineTime failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1730,7 +1711,6 @@ usm_rgenerate_out_msg(int msgProcModel, + if (rc == 0) { + DEBUGMSGTL(("usm", + "building msgAuthoritativeEngineBoots failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1742,7 +1722,6 @@ usm_rgenerate_out_msg(int msgProcModel, + DEBUGINDENTLESS(); + if (rc == 0) { + DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1755,7 +1734,6 @@ usm_rgenerate_out_msg(int msgProcModel, + *offset - sp_offset); + if (rc == 0) { + DEBUGMSGTL(("usm", "building usm security parameters failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1769,7 +1747,6 @@ usm_rgenerate_out_msg(int msgProcModel, + + if (rc == 0) { + DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1779,7 +1756,6 @@ usm_rgenerate_out_msg(int msgProcModel, + while ((*wholeMsgLen - *offset) < globalDataLen) { + if (!asn_realloc(wholeMsg, wholeMsgLen)) { + DEBUGMSGTL(("usm", "building global data failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + } +@@ -1795,7 +1771,6 @@ usm_rgenerate_out_msg(int msgProcModel, + ASN_CONSTRUCTOR), *offset); + if (rc == 0) { + DEBUGMSGTL(("usm", "building master packet sequence failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_TOO_LONG; + } + +@@ -1813,7 +1788,6 @@ usm_rgenerate_out_msg(int msgProcModel, + + if (temp_sig == NULL) { + DEBUGMSGTL(("usm", "Out of memory.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_GENERICERROR; + } + +@@ -1824,14 +1798,12 @@ usm_rgenerate_out_msg(int msgProcModel, + != SNMP_ERR_NOERROR) { + SNMP_FREE(temp_sig); + DEBUGMSGTL(("usm", "Signing failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_AUTHENTICATIONFAILURE; + } + + if (temp_sig_len != msgAuthParmLen) { + SNMP_FREE(temp_sig); + DEBUGMSGTL(("usm", "Signing lengths failed.\n")); +- usm_free_usmStateReference(secStateRef); + return SNMPERR_USM_AUTHENTICATIONFAILURE; + } + +@@ -1842,7 +1814,6 @@ usm_rgenerate_out_msg(int msgProcModel, + /* + * endif -- create keyed hash + */ +- usm_free_usmStateReference(secStateRef); + DEBUGMSGTL(("usm", "USM processing completed.\n")); + return SNMPERR_SUCCESS; + } /* end usm_rgenerate_out_msg() */ diff --git a/SOURCES/net-snmp-5.7.2-zfs-support.patch b/SOURCES/net-snmp-5.7.2-zfs-support.patch new file mode 100644 index 0000000..c3b4872 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-zfs-support.patch @@ -0,0 +1,49 @@ +diff -urNp old/agent/mibgroup/hardware/fsys/fsys_getfsstats.c new/agent/mibgroup/hardware/fsys/fsys_getfsstats.c +--- old/agent/mibgroup/hardware/fsys/fsys_getfsstats.c 2018-06-21 16:03:13.675537036 +0200 ++++ new/agent/mibgroup/hardware/fsys/fsys_getfsstats.c 2018-06-21 16:10:36.212652288 +0200 +@@ -88,6 +88,8 @@ _fs_type( char *typename ) + return NETSNMP_FS_TYPE_EXT2; + else if ( !strcmp(typename, MOUNT_NTFS) ) + return NETSNMP_FS_TYPE_NTFS; ++ else if ( !strcmp(typename, MOUNT_ZFS) ) ++ return NETSNMP_FS_TYPE_OTHER; + + /* + * NetBSD also recognises the following filesystem types: +diff -urNp old/agent/mibgroup/hardware/fsys/fsys_mntent.c new/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- old/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-06-21 16:03:13.675537036 +0200 ++++ new/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-06-21 16:12:36.982882380 +0200 +@@ -142,6 +142,7 @@ _fsys_type( char *typename ) + !strcmp(typename, MNTTYPE_SIMFS) || + !strcmp(typename, MNTTYPE_VZFS) || + !strcmp(typename, MNTTYPE_BTRFS) || ++ !strcmp(typename, MNTTYPE_ZFS) || + !strcmp(typename, MNTTYPE_ACFS) || + !strcmp(typename, MNTTYPE_LOFS)) + return NETSNMP_FS_TYPE_OTHER; +diff -urNp old/agent/mibgroup/hardware/fsys/mnttypes.h new/agent/mibgroup/hardware/fsys/mnttypes.h +--- old/agent/mibgroup/hardware/fsys/mnttypes.h 2018-06-21 16:03:13.675537036 +0200 ++++ new/agent/mibgroup/hardware/fsys/mnttypes.h 2018-06-21 16:13:22.793403430 +0200 +@@ -151,6 +151,9 @@ + #ifndef MNTTYPE_BTRFS + #define MNTTYPE_BTRFS "btrfs" + #endif ++#ifndef MNTTYPE_ZFS ++#define MNTTYPE_ZFS "zfs" ++#endif + #ifndef MNTTYPE_ACFS + #define MNTTYPE_ACFS "acfs" + #endif +diff -urNp old/agent/mibgroup/hardware/fsys/mounts.h new/agent/mibgroup/hardware/fsys/mounts.h +--- old/agent/mibgroup/hardware/fsys/mounts.h 2018-06-21 16:03:13.675537036 +0200 ++++ new/agent/mibgroup/hardware/fsys/mounts.h 2018-06-21 16:14:08.014939906 +0200 +@@ -56,6 +56,9 @@ + #ifndef MOUNT_ACFS + #define MOUNT_ACFS "acfs" + #endif ++#ifndef MOUNT_ZFS ++#define MOUNT_ZFS "zfs" ++#endif + + /* + #ifndef MNTTYPE_AFS diff --git a/SOURCES/net-snmp-config b/SOURCES/net-snmp-config new file mode 100755 index 0000000..a719c28 --- /dev/null +++ b/SOURCES/net-snmp-config @@ -0,0 +1,58 @@ +#!/bin/sh +# +# net-snmp-config +# +# this shell script is designed to merely dump the configuration +# information about how the net-snmp package was compiled. The +# information is particularily useful for applications that need to +# link against the net-snmp libraries and hence must know about any +# other libraries that must be linked in as well. + +# this particular shell script calls arch specific script to avoid +# multilib conflicts + +# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha sparc sparc64 + +arch=`arch` +echo $arch | grep -q i.86 +if [ $? -eq 0 ] ; then + net-snmp-config-i386 $* + exit 0 +fi +if [ "$arch" = "ia64" ] ; then + net-snmp-config-ia64 $* + exit 0 +fi +if [ "$arch" = "ppc" ] ; then + net-snmp-config-ppc $* + exit 0 +fi +if [ "$arch" = "ppc64" ] ; then + net-snmp-config-ppc64 $* + exit 0 +fi +if [ "$arch" = "s390" ] ; then + net-snmp-config-s390 $* + exit 0 +fi +if [ "$arch" = "s390x" ] ; then + net-snmp-config-s390x $* + exit 0 +fi +if [ "$arch" = "x86_64" ] ; then + net-snmp-config-x86_64 $* + exit 0 +fi +if [ "$arch" = "alpha" ] ; then + net-snmp-config-alpha $* + exit 0 +fi +if [ "$arch" = "sparc" ] ; then + net-snmp-config-sparc $* + exit 0 +fi +if [ "$arch" = "sparc64" ] ; then + net-snmp-config-sparc64 $* + exit 0 +fi +echo "Cannot determine architecture" diff --git a/SOURCES/net-snmp-config.h b/SOURCES/net-snmp-config.h new file mode 100644 index 0000000..c849d6b --- /dev/null +++ b/SOURCES/net-snmp-config.h @@ -0,0 +1,36 @@ +/* This file is here to prevent a file conflict on multiarch systems. A + * conflict will frequently occur because arch-specific build-time + * configuration options are stored (and used, so they can't just be stripped + * out) in net-snmp-config.h. The original net-snmp-config.h has been renamed. + * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ + +#ifdef net_snmp_config_multilib_redirection_h +#error "Do not define net_snmp_config_multilib_redirection_h!" +#endif +#define net_snmp_config_multilib_redirection_h + +#if defined(__i386__) +#include "net-snmp-config-i386.h" +#elif defined(__ia64__) +#include "net-snmp-config-ia64.h" +#elif defined(__powerpc64__) +#include "net-snmp-config-ppc64.h" +#elif defined(__powerpc__) +#include "net-snmp-config-ppc.h" +#elif defined(__s390x__) +#include "net-snmp-config-s390x.h" +#elif defined(__s390__) +#include "net-snmp-config-s390.h" +#elif defined(__x86_64__) +#include "net-snmp-config-x86_64.h" +#elif defined(__alpha__) +#include "net-snmp-config-alpha.h" +#elif defined(__sparc__) && defined (__arch64__) +#include "net-snmp-config-sparc64.h" +#elif defined(__sparc__) +#include "net-snmp-config-sparc.h" +#else +#error "net-snmp-devel package does not work on your architecture" +#endif + +#undef net_snmp_config_multilib_redirection_h diff --git a/SOURCES/net-snmp-tmpfs.conf b/SOURCES/net-snmp-tmpfs.conf new file mode 100644 index 0000000..382f8eb --- /dev/null +++ b/SOURCES/net-snmp-tmpfs.conf @@ -0,0 +1 @@ +d /var/run/net-snmp 0755 root root diff --git a/SOURCES/net-snmp-trapd.redhat.conf b/SOURCES/net-snmp-trapd.redhat.conf new file mode 100644 index 0000000..72ce1cc --- /dev/null +++ b/SOURCES/net-snmp-trapd.redhat.conf @@ -0,0 +1,6 @@ +# Example configuration file for snmptrapd +# +# No traps are handled by default, you must edit this file! +# +# authCommunity log,execute,net public +# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold diff --git a/SOURCES/net-snmp.redhat.conf b/SOURCES/net-snmp.redhat.conf new file mode 100644 index 0000000..ee19ab8 --- /dev/null +++ b/SOURCES/net-snmp.redhat.conf @@ -0,0 +1,462 @@ +############################################################################### +# +# snmpd.conf: +# An example configuration file for configuring the ucd-snmp snmpd agent. +# +############################################################################### +# +# This file is intended to only be as a starting point. Many more +# configuration directives exist than are mentioned in this file. For +# full details, see the snmpd.conf(5) manual page. +# +# All lines beginning with a '#' are comments and are intended for you +# to read. All other lines are configuration commands for the agent. + +############################################################################### +# Access Control +############################################################################### + +# As shipped, the snmpd demon will only respond to queries on the +# system mib group until this file is replaced or modified for +# security purposes. Examples are shown below about how to increase the +# level of access. + +# By far, the most common question I get about the agent is "why won't +# it work?", when really it should be "how do I configure the agent to +# allow me to access it?" +# +# By default, the agent responds to the "public" community for read +# only access, if run out of the box without any configuration file in +# place. The following examples show you other ways of configuring +# the agent so that you can change the community names, and give +# yourself write access to the mib tree as well. +# +# For more information, read the FAQ as well as the snmpd.conf(5) +# manual page. + +#### +# First, map the community name "public" into a "security name" + +# sec.name source community +com2sec notConfigUser default public + +#### +# Second, map the security name into a group name: + +# groupName securityModel securityName +group notConfigGroup v1 notConfigUser +group notConfigGroup v2c notConfigUser + +#### +# Third, create a view for us to let the group have rights to: + +# Make at least snmpwalk -v 1 localhost -c public system fast again. +# name incl/excl subtree mask(optional) +view systemview included .1.3.6.1.2.1.1 +view systemview included .1.3.6.1.2.1.25.1.1 + +#### +# Finally, grant the group read-only access to the systemview view. + +# group context sec.model sec.level prefix read write notif +access notConfigGroup "" any noauth exact systemview none none + +# ----------------------------------------------------------------------------- + +# Here is a commented out example configuration that allows less +# restrictive access. + +# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY +# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. + +## sec.name source community +#com2sec local localhost COMMUNITY +#com2sec mynetwork NETWORK/24 COMMUNITY + +## group.name sec.model sec.name +#group MyRWGroup any local +#group MyROGroup any mynetwork +# +#group MyRWGroup any otherv3user +#... + +## incl/excl subtree mask +#view all included .1 80 + +## -or just the mib2 tree- + +#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc + + +## context sec.model sec.level prefix read write notif +#access MyROGroup "" any noauth 0 all none none +#access MyRWGroup "" any noauth 0 all all all + + +############################################################################### +# Sample configuration to make net-snmpd RFC 1213. +# Unfortunately v1 and v2c don't allow any user based authentification, so +# opening up the default config is not an option from a security point. +# +# WARNING: If you uncomment the following lines you allow write access to your +# snmpd daemon from any source! To avoid this use different names for your +# community or split out the write access to a different community and +# restrict it to your local network. +# Also remember to comment the syslocation and syscontact parameters later as +# otherwise they are still read only (see FAQ for net-snmp). +# + +# First, map the community name "public" into a "security name" +# sec.name source community +#com2sec notConfigUser default public + +# Second, map the security name into a group name: +# groupName securityModel securityName +#group notConfigGroup v1 notConfigUser +#group notConfigGroup v2c notConfigUser + +# Third, create a view for us to let the group have rights to: +# Open up the whole tree for ro, make the RFC 1213 required ones rw. +# name incl/excl subtree mask(optional) +#view roview included .1 +#view rwview included system.sysContact +#view rwview included system.sysName +#view rwview included system.sysLocation +#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus +#view rwview included at.atTable.atEntry.atPhysAddress +#view rwview included at.atTable.atEntry.atNetAddress +#view rwview included ip.ipForwarding +#view rwview included ip.ipDefaultTTL +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5 +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType +#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState +#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger +#view rwview included snmp.snmpEnableAuthenTraps + +# Finally, grant the group read-only access to the systemview view. +# group context sec.model sec.level prefix read write notif +#access notConfigGroup "" any noauth exact roview rwview none + + + +############################################################################### +# System contact information +# + +# It is also possible to set the sysContact and sysLocation system +# variables through the snmpd.conf file: + +syslocation Unknown (edit /etc/snmp/snmpd.conf) +syscontact Root (configure /etc/snmp/snmp.local.conf) + +# Example output of snmpwalk: +# % snmpwalk -v 1 localhost -c public system +# system.sysDescr.0 = "SunOS name sun4c" +# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 +# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 +# system.sysContact.0 = "Me " +# system.sysName.0 = "name" +# system.sysLocation.0 = "Right here, right now." +# system.sysServices.0 = 72 + + +############################################################################### +# Logging +# + +# We do not want annoying "Connection from UDP: " messages in syslog. +# If the following option is commented out, snmpd will print each incoming +# connection, which can be useful for debugging. + +dontLogTCPWrappersConnects yes + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Process checks. +# +# The following are examples of how to use the agent to check for +# processes running on the host. The syntax looks something like: +# +# proc NAME [MAX=0] [MIN=0] +# +# NAME: the name of the process to check for. It must match +# exactly (ie, http will not find httpd processes). +# MAX: the maximum number allowed to be running. Defaults to 0. +# MIN: the minimum number to be running. Defaults to 0. + +# +# Examples (commented out by default): +# + +# Make sure mountd is running +#proc mountd + +# Make sure there are no more than 4 ntalkds running, but 0 is ok too. +#proc ntalkd 4 + +# Make sure at least one sendmail, but less than or equal to 10 are running. +#proc sendmail 10 1 + +# A snmpwalk of the process mib tree would look something like this: +# +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 +# +# Note that the errorFlag for mountd is set to 1 because one is not +# running (in this case an rpc.mountd is, but thats not good enough), +# and the ErrMessage tells you what's wrong. The configuration +# imposed in the snmpd.conf file is also shown. +# +# Special Case: When the min and max numbers are both 0, it assumes +# you want a max of infinity and a min of 1. +# + + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Executables/scripts +# + +# +# You can also have programs run by the agent that return a single +# line of output and an exit code. Here are two examples. +# +# exec NAME PROGRAM [ARGS ...] +# +# NAME: A generic name. The name must be unique for each exec statement. +# PROGRAM: The program to run. Include the path! +# ARGS: optional arguments to be passed to the program + +# a simple hello world + +#exec echotest /bin/echo hello world + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +#exec shelltest /bin/sh /tmp/shtest + +# Then, +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 + +# Note that the second line of the /tmp/shtest shell script is cut +# off. Also note that the exit status of 35 was returned. + +# ----------------------------------------------------------------------------- + + +############################################################################### +# disk checks +# + +# The agent can check the amount of available disk space, and make +# sure it is above a set limit. + +# disk PATH [MIN=100000] +# +# PATH: mount path to the disk in question. +# MIN: Disks with space below this value will have the Mib's errorFlag set. +# Default value = 100000. + +# Check the / partition and make sure it contains at least 10 megs. + +#disk / 10000 + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# load average checks +# + +# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0] +# +# 1MAX: If the 1 minute load average is above this limit at query +# time, the errorFlag will be set. +# 5MAX: Similar, but for 5 min average. +# 15MAX: Similar, but for 15 min average. + +# Check for loads: +#load 12 14 14 + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Extensible sections. +# + +# This alleviates the multiple line output problem found in the +# previous executable mib by placing each mib in its own mib table: + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50 +# enterprises.ucdavis.50.1.1 = 1 +# enterprises.ucdavis.50.2.1 = "shelltest" +# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.50.100.1 = 35 +# enterprises.ucdavis.50.101.1 = "hello world." +# enterprises.ucdavis.50.101.2 = "hi there." +# enterprises.ucdavis.50.102.1 = 0 + +# Now the Output has grown to two lines, and we can see the 'hi +# there.' output as the second line from our shell script. +# +# Note that you must alter the mib.txt file to be correct if you want +# the .50.* outputs above to change to reasonable text descriptions. + +# Other ideas: +# +# exec .1.3.6.1.4.1.2021.51 ps /bin/ps +# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top +# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Pass through control. +# + +# Usage: +# pass MIBOID EXEC-COMMAND +# +# This will pass total control of the mib underneath the MIBOID +# portion of the mib to the EXEC-COMMAND. +# +# Note: You'll have to change the path of the passtest script to your +# source directory or install it in the given location. +# +# Example: (see the script for details) +# (commented out here since it requires that you place the +# script in the right location. (its not installed by default)) + +# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255 +# enterprises.ucdavis.255.1 = "life the universe and everything" +# enterprises.ucdavis.255.2.1 = 42 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 +# enterprises.ucdavis.255.5 = 42 +# enterprises.ucdavis.255.6 = Gauge: 42 +# +# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5 +# enterprises.ucdavis.255.5 = 42 +# +# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string" +# enterprises.ucdavis.255.1 = "New string" +# + +# For specific usage information, see the man/snmpd.conf.5 manual page +# as well as the local/passtest script used in the above example. + +############################################################################### +# Further Information +# +# See the snmpd.conf manual page, and the output of "snmpd -H". diff --git a/SOURCES/net-snmpd.init b/SOURCES/net-snmpd.init new file mode 100755 index 0000000..6038c51 --- /dev/null +++ b/SOURCES/net-snmpd.init @@ -0,0 +1,115 @@ +#!/bin/bash +# ucd-snmp init file for snmpd +# +# chkconfig: - 50 50 +# description: Simple Network Management Protocol (SNMP) Daemon +# +# processname: /usr/sbin/snmpd +# config: /etc/snmp/snmpd.conf +# config: /usr/share/snmp/snmpd.conf +# pidfile: /var/run/snmpd.pid + +### BEGIN INIT INFO +# Provides: snmpd +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Should-Start: +# Should-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: start and stop Net-SNMP daemon +# Description: Simple Network Management Protocol (SNMP) Daemon +### END INIT INFO + +# source function library +. /etc/init.d/functions + + +OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid" +if [ -e /etc/sysconfig/snmpd ]; then + . /etc/sysconfig/snmpd +fi + +RETVAL=0 +prog="snmpd" +binary=/usr/sbin/snmpd +pidfile=/var/run/snmpd.pid + +start() { + [ -x $binary ] || exit 5 + echo -n $"Starting $prog: " + if [ $UID -ne 0 ]; then + RETVAL=1 + failure + else + daemon --pidfile=$pidfile $binary $OPTIONS + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/snmpd + fi; + echo + return $RETVAL +} + +stop() { + echo -n $"Stopping $prog: " + if [ $UID -ne 0 ]; then + RETVAL=1 + failure + else + killproc -p $pidfile $binary + RETVAL=$? + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/snmpd + fi; + echo + return $RETVAL +} + +reload(){ + echo -n $"Reloading $prog: " + killproc -p $pidfile $binary -HUP + RETVAL=$? + echo + return $RETVAL +} + +restart(){ + stop + start +} + +condrestart(){ + [ -e /var/lock/subsys/snmpd ] && restart + return 0 +} + +case "$1" in + start) + start + RETVAL=$? + ;; + stop) + stop + RETVAL=$? + ;; + restart) + restart + RETVAL=$? + ;; + reload|force-reload) + reload + RETVAL=$? + ;; + condrestart|try-restart) + condrestart + RETVAL=$? + ;; + status) + status snmpd + RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload}" + RETVAL=2 +esac + +exit $RETVAL diff --git a/SOURCES/net-snmpd.sysconfig b/SOURCES/net-snmpd.sysconfig new file mode 100644 index 0000000..6949ec0 --- /dev/null +++ b/SOURCES/net-snmpd.sysconfig @@ -0,0 +1,3 @@ +# snmpd command line options +# '-f' is implicitly added by snmpd systemd unit file +# OPTIONS="-LS0-6d" diff --git a/SOURCES/net-snmptrapd.init b/SOURCES/net-snmptrapd.init new file mode 100755 index 0000000..55a786c --- /dev/null +++ b/SOURCES/net-snmptrapd.init @@ -0,0 +1,103 @@ +#!/bin/bash + +# ucd-snmp init file for snmptrapd +# +# chkconfig: - 50 50 +# description: Simple Network Management Protocol (SNMP) Trap Daemon +# +# processname: /usr/sbin/snmptrapd +# config: /etc/snmp/snmptrapd.conf +# config: /usr/share/snmp/snmptrapd.conf +# pidfile: /var/run/snmptrapd.pid + + +### BEGIN INIT INFO +# Provides: snmptrapd +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Should-Start: +# Should-Stop: +# Default-Start: +# Default-Stop: +# Short-Description: start and stop Net-SNMP trap daemon +# Description: Simple Network Management Protocol (SNMP) trap daemon +### END INIT INFO + +# source function library +. /etc/init.d/functions + +OPTIONS="-Lsd -p /var/run/snmptrapd.pid" +if [ -e /etc/sysconfig/snmptrapd ]; then + . /etc/sysconfig/snmptrapd +fi + +RETVAL=0 +prog="snmptrapd" +binary=/usr/sbin/snmptrapd +pidfile=/var/run/snmptrapd.pid + +start() { + [ -x $binary ] || exit 5 + echo -n $"Starting $prog: " + daemon --pidfile=$pidfile /usr/sbin/snmptrapd $OPTIONS + RETVAL=$? + echo + touch /var/lock/subsys/snmptrapd + return $RETVAL +} + +stop() { + echo -n $"Stopping $prog: " + killproc -p $pidfile /usr/sbin/snmptrapd + RETVAL=$? + echo + rm -f /var/lock/subsys/snmptrapd + return $RETVAL +} + +reload(){ + stop + start +} + +restart(){ + stop + start +} + +condrestart(){ + [ -e /var/lock/subsys/snmptrapd ] && restart + return 0 +} + +case "$1" in + start) + start + RETVAL=$? + ;; + stop) + stop + RETVAL=$? + ;; + restart) + restart + RETVAL=$? + ;; + reload|force-reload) + reload + RETVAL=$? + ;; + condrestart|try-restart) + condrestart + RETVAL=$? + ;; + status) + status snmptrapd + RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload}" + RETVAL=2 +esac + +exit $RETVAL diff --git a/SOURCES/net-snmptrapd.sysconfig b/SOURCES/net-snmptrapd.sysconfig new file mode 100644 index 0000000..85e3128 --- /dev/null +++ b/SOURCES/net-snmptrapd.sysconfig @@ -0,0 +1,3 @@ +# snmptrapd command line options +# '-f' is implicitly added by snmptrapd systemd unit file +# OPTIONS="-Lsd" diff --git a/SOURCES/snmpd.service b/SOURCES/snmpd.service new file mode 100644 index 0000000..8f6cb2e --- /dev/null +++ b/SOURCES/snmpd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Simple Network Management Protocol (SNMP) Daemon. +After=syslog.target network-online.target + +[Service] +Type=notify +Environment=OPTIONS="-LS0-6d" +EnvironmentFile=-/etc/sysconfig/snmpd +ExecStart=/usr/sbin/snmpd $OPTIONS -f +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/snmptrapd.service b/SOURCES/snmptrapd.service new file mode 100644 index 0000000..ec71e75 --- /dev/null +++ b/SOURCES/snmptrapd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Simple Network Management Protocol (SNMP) Trap Daemon. +After=syslog.target network-online.target + +[Service] +Type=notify +Environment=OPTIONS="-Lsd" +EnvironmentFile=-/etc/sysconfig/snmptrapd +ExecStart=/usr/sbin/snmptrapd $OPTIONS -f +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec new file mode 100644 index 0000000..0c02dec --- /dev/null +++ b/SPECS/net-snmp.spec @@ -0,0 +1,1971 @@ +# use netsnmp_tcp_wrappers 0 to disable tcp_wrappers support +%{!?netsnmp_tcp_wrappers:%global netsnmp_tcp_wrappers 1} +# use nestnmp_check 0 to speed up packaging by disabling 'make test' +%{!?netsnmp_check: %global netsnmp_check 1} + +# allow compilation on Fedora 11 and older +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} +# Arches on which we need to prevent arch conflicts on net-snmp-config.h +%global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 + +Summary: A collection of SNMP protocol tools and libraries +Name: net-snmp +Version: 5.7.2 +Release: 45%{?dist} +Epoch: 1 + +License: BSD +Group: System Environment/Daemons +URL: http://net-snmp.sourceforge.net/ +Source0: net-snmp-%{version}-noapsl.tar.gz +# Original source: http://dl.sourceforge.net/net-snmp/net-snmp-%%{version}.tar.gz +# Net-snmp contains code licensed under APSL 1.1. This code is used on MacOS only, +# and it must be removed from source code before we distribute source RPM. +# Download the upstream tarball and invoke this script while in the +# tarball's directory: +# ./generate-tarball.sh 5.7.2 +Source1: net-snmp.redhat.conf +Source2: net-snmpd.init +Source3: net-snmptrapd.init +Source4: net-snmp-config.h +Source5: net-snmp-config +Source6: net-snmp-trapd.redhat.conf +Source7: net-snmpd.sysconfig +Source8: net-snmptrapd.sysconfig +Source9: net-snmp-tmpfs.conf +Source10: snmpd.service +Source11: snmptrapd.service +Patch1: net-snmp-5.7.2-pie.patch +Patch2: net-snmp-5.5-dir-fix.patch +Patch3: net-snmp-5.6-multilib.patch +Patch5: net-snmp-5.6-test-debug.patch +Patch6: net-snmp-5.7.2-systemd.patch +Patch7: net-snmp-5.7.2-fips.patch +Patch8: net-snmp-5.7-skip-ipv6-tests.patch +Patch9: net-snmp-5.7-relro.patch +Patch10: net-snmp-5.7-smux-reqid.patch +Patch11: net-snmp-5.7-agentx-crash.patch +Patch12: net-snmp-5.7.2-exec-cmdline.patch +Patch13: net-snmp-5.7.2-clientaddr-port.patch +Patch14: net-snmp-5.5-getnext-loop.patch +Patch15: net-snmp-5.7-dsktable-cache.patch +Patch16: net-snmp-5.7.2-python-ipaddress-size.patch +Patch17: net-snmp-5.7.2-create-user-multilib.patch +Patch18: net-snmp-5.5-extend-realloc-leak.patch +Patch19: net-snmp-5.5-man-config-path.patch +Patch20: net-snmp-5.7.2-kernel-threads.patch +Patch21: net-snmp-5.7.2-agentx-disconnect-crash.patch +Patch22: net-snmp-5.7.2-dskTable-dynamic.patch +Patch23: net-snmp-5.5-extTable-crash.patch +Patch24: net-snmp-5.7.2-dot3stats-log.patch +Patch25: net-snmp-5.7.2-soname.patch +Patch26: net-snmp-5.5-ber-int-size.patch +Patch27: net-snmp-5.5-ber-int-size2.patch +Patch28: net-snmp-5.7.2-hrStorage-fs.patch +Patch29: net-snmp-5.7.2-btrfs.patch +Patch30: net-snmp-5.7.2-trigger-crash.patch +Patch31: net-snmp-5.5-python-retcodes.patch +Patch32: net-snmp-5.7.2-icmp-mib.patch +Patch33: net-snmp-5.7.2-ipCidrRouteTable-duplicates.patch +Patch34: net-snmp-5.7.2-hrProcessorLoad-many-cpus.patch +Patch35: net-snmp-5.5-mvfs.patch +Patch36: net-snmp-5.7.2-clientaddr-error-msg.patch +Patch37: net-snmp-5.7.2-proxy-getnext.patch +Patch38: net-snmp-5.7.2-extend-reload.patch +Patch39: net-snmp-5.7.2-trap-vartypes.patch +Patch40: net-snmp-5.5-storageUseNFS.patch +Patch41: net-snmp-5.5-trap-forward-reqid.patch +Patch42: net-snmp-5.5-hrStorage-31bits.patch +Patch43: net-snmp-5.7.2-udp6-clientaddr.patch +Patch44: net-snmp-5.7.2-smux-logging.patch +Patch45: net-snmp-5.7.2-udpTable-index.patch +Patch46: net-snmp-5.7.2-client-write-var.patch +Patch47: net-snmp-5.7.2-smux-invalid-headers.patch +Patch48: net-snmp-5.7.2-diskio-whitelist.patch +Patch49: net-snmp-5.7.2-systemstats-ipv4.patch +Patch50: net-snmp-5.7.2-incomplete-parse.patch +Patch51: net-snmp-5.7.2-hrFSTable-read-write.patch +Patch52: net-snmp-5.5-sensors-duplicate.patch +Patch53: net-snmp-5.7.2-extend-close.patch +Patch54: net-snmp-5.7.2-python-addr-size.patch +Patch55: net-snmp-5.7.2-dot3-leak.patch +Patch56: net-snmp-5.7.2-max-msg-size.patch +Patch57: net-snmp-5.7.2-response-too-long.patch +Patch58: net-snmp-5.7.2-agentx-disconnect-crash-part2.patch +Patch59: net-snmp-5.7.2-client-udp6.patch +Patch60: net-snmp-5.7.2-ipAddress-faster-load.patch +Patch61: net-snmp-5.7.2-large-fdset.patch +Patch62: net-snmp-5.7.2-duplicate-ipAddress.patch +Patch63: net-snmp-5.5-SCTP-parser.patch +Patch64: net-snmp-5.7.2-strstr.patch +Patch66: net-snmp-5.7.2-documentation.patch +Patch67: net-snmp-5.7.2-iterator-fix.patch +Patch68: net-snmp-5.7.2-autofs.patch +Patch69: net-snmp-5.7.2-leak-backport.patch +Patch70: net-snmp-5.7.2-acfs.patch +Patch71: net-snmp-5.7.2-fsync.patch +Patch72: net-snmp-5.7.2-zfs-support.patch +Patch73: net-snmp-5.7.2-man-page.patch +Patch74: net-snmp-5.7.2-key-leak-backport.patch +Patch75: net-snmp-5.7.2-snmpd-log-once.patch +Patch76: net-snmp-5.7.2-MYSQL-LIBS.patch +Patch77: net-snmp-5.7.2-expand-SNMPCONFPATH.patch +Patch78: net-snmp-5.7.2-traptomail.patch +Patch79: net-snmp-5.7.2-null-magic.patch +Patch80: net-snmp-5.7.2-v3-forward.patch +Patch81: net-snmp-5.7.2-memory.patch +Patch82: net-snmp-5.7.2-glusterfs.patch +Patch83: net-snmp-5.7.2-ifTable-interface_fadeout.patch +Patch84: net-snmp-5.7.2-icmp.patch +Patch85: net-snmp-5.7.2-pass_common.patch +Patch86: net-snmp-5.7.2-CVE-2018-18066.patch +Patch87: net-snmp-5.7.2-counter64.patch + +Requires(post): chkconfig +Requires(preun): chkconfig +# for /sbin/service +Requires(preun): initscripts +# for /bin/rm +Requires(preun): coreutils +Requires: %{name}-libs = %{epoch}:%{version}-%{release} +Requires: %{name}-agent-libs = %{epoch}:%{version}-%{release} +Requires: mysql-libs +# This is actually needed for the %%triggerun script but Requires(triggerun) +# is not valid. We can use %%post because this particular %triggerun script +# should fire just after this package is installed. +Requires(post): systemd-sysv + +BuildRequires: openssl-devel, bzip2-devel, elfutils-devel +BuildRequires: libselinux-devel, elfutils-libelf-devel, rpm-devel +BuildRequires: perl-devel, perl(ExtUtils::Embed), gawk, procps +BuildRequires: python-devel, python-setuptools +BuildRequires: chrpath +BuildRequires: mysql-devel +# for netstat, needed by 'make test' +BuildRequires: net-tools +# for make test +BuildRequires: perl(TAP::Harness) +BuildRequires: systemd-units +%ifnarch s390 s390x +BuildRequires: lm_sensors-devel >= 3 +%endif +%if %{netsnmp_tcp_wrappers} +BuildRequires: tcp_wrappers-devel +%endif + +%description +SNMP (Simple Network Management Protocol) is a protocol used for +network management. The NET-SNMP project includes various SNMP tools: +an extensible agent, an SNMP library, tools for requesting or setting +information from SNMP agents, tools for generating and handling SNMP +traps, a version of the netstat command which uses SNMP, and a Tk/Perl +mib browser. This package contains the snmpd and snmptrapd daemons, +documentation, etc. + +You will probably also want to install the net-snmp-utils package, +which contains NET-SNMP utilities. + +%package utils +Group: Applications/System +Summary: Network management utilities using SNMP, from the NET-SNMP project +Requires: %{name}-libs = %{epoch}:%{version}-%{release} + +%description utils +The net-snmp-utils package contains various utilities for use with the +NET-SNMP network management project. + +Install this package if you need utilities for managing your network +using the SNMP protocol. You will also need to install the net-snmp +package. + +%package devel +Group: Development/Libraries +Summary: The development environment for the NET-SNMP project +Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: %{name}-libs = %{epoch}:%{version}-%{release} +Requires: %{name}-agent-libs = %{epoch}:%{version}-%{release} +Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel +%if %{netsnmp_tcp_wrappers} +Requires: tcp_wrappers-devel +%endif +%ifnarch s390 s390x +Requires: lm_sensors-devel +%endif +# pull perl development libraries, net-snmp agent libraries may link to them +Requires: perl-devel%{?_isa} + +%description devel +The net-snmp-devel package contains the development libraries and +header files for use with the NET-SNMP project's network management +tools. + +Install the net-snmp-devel package if you would like to develop +applications for use with the NET-SNMP project's network management +tools. You'll also need to have the net-snmp and net-snmp-utils +packages installed. + +%package perl +Group: Development/Libraries +Summary: The perl NET-SNMP module and the mib2c tool +Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: %{name}-libs = %{epoch}:%{version}-%{release}, perl +Requires: %{name}-agent-libs = %{epoch}:%{version}-%{release} +BuildRequires: perl + +%description perl +The net-snmp-perl package contains the perl files to use SNMP from within +Perl. + +Install the net-snmp-perl package, if you want to use mib2c or SNMP +with perl. + +%package gui +Group: Applications/System +Summary: An interactive graphical MIB browser for SNMP +Requires: perl-Tk, net-snmp-perl = %{epoch}:%{version}-%{release} + +%description gui +The net-snmp-gui package contains tkmib utility, which is a graphical user +interface for browsing the Message Information Bases (MIBs). It is also +capable of sending or retrieving the SNMP management information to/from +the remote agents interactively. + +Install the net-snmp-gui package, if you want to use this interactive utility. + +%package libs +Group: Development/Libraries +Summary: The NET-SNMP runtime client libraries + +%description libs +The net-snmp-libs package contains the runtime client libraries for shared +binaries and applications. + +%package agent-libs +Group: Development/Libraries +Summary: The NET-SNMP runtime agent libraries +# the libs link against libperl.so: +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Requires: %{name}-libs = %{epoch}:%{version}-%{release} + +%description agent-libs +The net-snmp-agent-libs package contains the runtime agent libraries for shared +binaries and applications. + +%package python +Group: Development/Libraries +Summary: The Python 'netsnmp' module for the Net-SNMP +Requires: %{name}-libs = %{epoch}:%{version}-%{release} + +%description python +The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3, +SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the +Net-SNMP toolkit library. + +%package sysvinit +Group: System Environment/Daemons +Summary: Legacy SysV init scripts for Net-SNMP daemons +Requires: %{name} = %{epoch}:%{version}-%{release} + +%description sysvinit +The net-snmp-sysvinit package provides SysV init scripts for Net-SNMP daemons. + +%prep +%setup -q + +%ifnarch ia64 +%patch1 -p1 -b .pie +%endif + +%patch2 -p1 -b .dir-fix +%patch3 -p1 -b .multilib +%patch5 -p1 +%patch6 -p1 -b .systemd +%patch7 -p1 -b .fips +%patch8 -p1 +%patch9 -p1 -b .relro +%patch10 -p1 -b .smux-reqid +%patch11 -p1 -b .agentx-crash +%patch12 -p1 -b .exec-cmdline +%patch13 -p1 -b .clientaddr-port +%patch14 -p1 -b .getnext-loop +%patch15 -p1 -b .dsktable-cache +%patch16 -p1 -b .ipaddress-size +%patch17 -p1 -b .multilib +%patch18 -p1 -b .extend-realloc-leak +%patch19 -p1 -b .man-config-path +%patch20 -p1 -b .kernel-threads +%patch21 -p1 -b .disconnect-crash +%patch22 -p1 -b .dskTable-dynamic +%patch23 -p1 -b .extTable-crash +%patch24 -p1 -b .dot3stats-log +%patch25 -p1 -b .soname +%patch26 -p1 -b .ber-int-size +%patch27 -p1 -b .ber-int-size2 +%patch28 -p1 -b .hrStorage-fs +%patch29 -p1 -b .btrfs +%patch30 -p1 -b .trigger-crash +%patch31 -p1 -b .python-retcodes +%patch32 -p1 -b .icmp-mib +%patch33 -p1 -b .ipCidrRouteTable-duplicates +%patch34 -p1 -b .hrProcessorLoad-many-cpus +%patch35 -p1 -b .mvfs +%patch36 -p1 -b .clientaddr-error-msg +%patch37 -p1 -b .proxy-getnext +%patch38 -p1 -b .extend-reload +%patch39 -p1 -b .trap-vartypes +%patch40 -p1 -b .storageUseNFS +%patch41 -p1 -b .trap-forward-reqid +%patch42 -p1 -b .hrStorage-31bits +%patch43 -p1 -b .udp6-clientaddr +%patch44 -p1 -b .smux-logging +%patch45 -p1 -b .udpTable-index +%patch46 -p1 -b .client-write-var +%patch47 -p1 -b .smux-invalid-headers +%patch48 -p1 -b .diskio-whitelist +%patch49 -p1 -b .systemstats-ipv4 +%patch50 -p1 -b .incomplete-parse +%patch51 -p1 -b .hrFSTable-read-write +%patch52 -p1 -b .sensors-duplicate +%patch53 -p1 -b .extend-close +%patch54 -p1 -b .python-addr-size +%patch55 -p1 -b .dot3-leak +%patch56 -p1 -b .max-msg-size +%patch57 -p1 -b .response-too-long +%patch58 -p1 -b .agentx-crash-part-2 +%patch59 -p1 -b .client-udp6 +%patch60 -p1 -b .ipAddress-faster-load +%patch61 -p1 -b .large-fdset +%patch62 -p1 -b .duplicate-ipAddress +%patch63 -p1 -b .SCTP-parser.patch +%patch64 -p1 -b .strstr.patch +%patch66 -p1 -b .documentation +%patch67 -p1 -b .iteratorpatch +%patch68 -p1 -b .autofspatch +%patch69 -p1 -b .leak-backport +%patch70 -p1 -b .acfs +%patch71 -p1 -b .fsync +%patch72 -p1 -b .zfs-support +%patch73 -p1 -b .man-page +%patch74 -p1 -b .key-bakcport +%patch75 -p1 -b .snmpd-log-once +%patch76 -p1 -b .MYSQL-LIBS +%patch77 -p1 -b .expand-variable +%patch78 -p1 -b .traptomail +%patch79 -p1 -b .null-magic +%patch80 -p1 -b .v3-forward +%patch81 -p1 -b .memory +%patch82 -p1 -b .glusterfs +%patch83 -p1 -b .interface-fadeout +%patch84 -p1 -b .icmp +%patch85 -p1 -b .pass_common +%patch86 -p1 -b .CVE-2018-18066 +%patch87 -p1 -b .counter64 + +%ifarch sparc64 s390 s390x +# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697 +rm testing/fulltests/default/T200* +%endif + +%build +MIBS="host agentx smux \ + ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \ + ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \ + ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \ + ip-mib/ipDefaultRouterTable/ipDefaultRouterTable \ + ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \ + sctp-mib rmon-mib etherlike-mib" + +%ifnarch s390 s390x +# there are no lm_sensors on s390 +MIBS="$MIBS ucd-snmp/lmsensorsMib" +%endif + +%configure \ + --disable-static --enable-shared \ + --with-cflags="$RPM_OPT_FLAGS -D_RPM_4_4_COMPAT" \ + --with-ldflags="-Wl,-z,relro -Wl,-z,now" \ + --with-sys-location="Unknown" \ + --with-logfile="/var/log/snmpd.log" \ + --with-persistent-directory="/var/lib/net-snmp" \ + --with-mib-modules="$MIBS" \ +%if %{netsnmp_tcp_wrappers} + --with-libwrap=yes \ +%endif + --sysconfdir=%{_sysconfdir} \ + --enable-ipv6 \ + --enable-ucd-snmp-compatibility \ + --with-openssl \ + --with-pic \ + --enable-embedded-perl \ + --enable-as-needed \ + --with-perl-modules="INSTALLDIRS=vendor" \ + --enable-mfd-rewrites \ + --enable-local-smux \ + --with-temp-file-pattern=/var/run/net-snmp/snmp-tmp-XXXXXX \ + --with-transports="DTLSUDP TLSTCP" \ + --with-security-modules=tsm \ + --with-mysql \ + --with-systemd \ + --with-sys-contact="root@localhost" <$file.utf8 + mv $file.utf8 $file +done + +# remove executable bit from documentation samples +chmod 644 local/passtest local/ipf-mod.pl + +# dirty hack for #603243, until it's fixed properly upstream +install -m 755 -d $RPM_BUILD_ROOT/usr/include/net-snmp/agent/util_funcs +install -m 644 agent/mibgroup/util_funcs/*.h $RPM_BUILD_ROOT/usr/include/net-snmp/agent/util_funcs + +# systemd stuff +install -m 755 -d $RPM_BUILD_ROOT/%{_prefix}/lib/tmpfiles.d +install -m 644 %SOURCE9 $RPM_BUILD_ROOT/%{_prefix}/lib/tmpfiles.d/net-snmp.conf +install -m 755 -d $RPM_BUILD_ROOT/%{_unitdir} +install -m 644 %SOURCE10 %SOURCE11 $RPM_BUILD_ROOT/%{_unitdir}/ + +%check +%if %{netsnmp_check} +%ifarch ppc ppc64 +rm -vf testing/fulltests/default/T200snmpv2cwalkall_simple +%endif +# restore libtool, for unknown reason it does not work with the one without rpath +cp -f libtool.orig libtool +# temporary workaround to make test "extending agent functionality with pass" working +chmod 755 local/passtest + +LD_LIBRARY_PATH=${RPM_BUILD_ROOT}/%{_libdir} make test +%endif + + +%post +%systemd_post snmpd.service snmptrapd.service + +%preun +%systemd_preun snmpd.service snmptrapd.service + + +%postun +%systemd_postun_with_restart snmpd.service snmptrapd.service + + +%triggerun -- net-snmp < 1:5.7-5 +# Convert SysV -> systemd. +# Save the current service runlevel info, +# User must manually run systemd-sysv-convert --apply snmpd +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save snmpd >/dev/null 2>&1 ||: +/usr/bin/systemd-sysv-convert --save snmptrapd >/dev/null 2>&1 ||: +/sbin/chkconfig --del snmpd >/dev/null 2>&1 || : +/sbin/chkconfig --del snmptrapd >/dev/null 2>&1 || : +/bin/systemctl try-restart snmpd.service >/dev/null 2>&1 || : +/bin/systemctl try-restart snmptrapd.service >/dev/null 2>&1 || : + +%triggerpostun -n net-snmp-sysvinit -- net-snmp < 1:5.7-5 +/sbin/chkconfig --add snmpd >/dev/null 2>&1 || : +/sbin/chkconfig --add snmptrapd >/dev/null 2>&1 || : + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%post agent-libs -p /sbin/ldconfig + +%postun agent-libs -p /sbin/ldconfig + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%files +%doc COPYING ChangeLog.trimmed EXAMPLE.conf FAQ NEWS TODO +%doc README README.agent-mibs README.agentx README.krb5 README.snmpv3 +%doc local/passtest local/ipf-mod.pl +%doc README.thread AGENT.txt PORTING local/README.mib2c +%dir %{_sysconfdir}/snmp +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmpd.conf +%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmptrapd.conf +%{_bindir}/snmpconf +%{_bindir}/agentxtrap +%{_bindir}/net-snmp-create-v3-user +%{_sbindir}/* +%attr(0644,root,root) %{_mandir}/man[58]/snmp*d* +%attr(0644,root,root) %{_mandir}/man5/snmp_config.5.gz +%attr(0644,root,root) %{_mandir}/man5/variables* +%attr(0644,root,root) %{_mandir}/man1/net-snmp-create-v3-user* +%attr(0644,root,root) %{_mandir}/man1/snmpconf.1.gz +%dir %{_datadir}/snmp +%{_datadir}/snmp/snmpconf-data +%dir %{_localstatedir}/run/net-snmp +%{_prefix}/lib/tmpfiles.d/net-snmp.conf +%{_unitdir}/snmp* +%config(noreplace) %{_sysconfdir}/sysconfig/snmpd +%config(noreplace) %{_sysconfdir}/sysconfig/snmptrapd +%attr(0755,root,root) %{_bindir}/net-snmp-config* +%attr(0644,root,root) %{_mandir}/man1/net-snmp-config*.1.* + +%files utils +%{_bindir}/encode_keychange +%{_bindir}/snmp[^c-]* +%attr(0644,root,root) %{_mandir}/man1/snmp[^-]*.1* +%attr(0644,root,root) %{_mandir}/man1/encode_keychange*.1* +%attr(0644,root,root) %{_mandir}/man1/agentxtrap.1* +%attr(0644,root,root) %{_mandir}/man5/snmp.conf.5.gz +%attr(0644,root,root) %{_mandir}/man5/variables.5.gz + +%files devel +%{_libdir}/lib*.so +/usr/include/* +%attr(0644,root,root) %{_mandir}/man3/*.3.* + +%files perl +%{_bindir}/mib2c-update +%{_bindir}/mib2c +%{_bindir}/snmp-bridge-mib +%{_bindir}/net-snmp-cert +%dir %{_datadir}/snmp +%{_datadir}/snmp/mib2c* +%{_datadir}/snmp/*.pl +%{_bindir}/traptoemail +%attr(0644,root,root) %{_mandir}/man[15]/mib2c* +%attr(0644,root,root) %{_mandir}/man3/*.3pm.* +%attr(0644,root,root) %{_mandir}/man1/traptoemail*.1* +%attr(0644,root,root) %{_mandir}/man1/snmp-bridge-mib.1* +%{perl_vendorarch}/*SNMP* +%{perl_vendorarch}/auto/*SNMP* +%{perl_vendorarch}/auto/Bundle/*SNMP* + +%files python +%doc python/README +%{python_sitearch}/* + +%files gui +%{_bindir}/tkmib +%attr(0644,root,root) %{_mandir}/man1/tkmib.1* + +%files libs +%doc COPYING README ChangeLog.trimmed FAQ NEWS TODO +%{_libdir}/libnetsnmp.so.* +%dir %{_datadir}/snmp +%dir %{_datadir}/snmp/mibs +%{_datadir}/snmp/mibs/* +%dir %{_localstatedir}/lib/net-snmp +%dir %{_localstatedir}/lib/net-snmp/mib_indexes +%dir %{_localstatedir}/lib/net-snmp/cert_indexes + +%files agent-libs +%{_libdir}/libnetsnmpagent*.so.* +%{_libdir}/libnetsnmphelpers*.so.* +%{_libdir}/libnetsnmpmibs*.so.* +%{_libdir}/libnetsnmptrapd*.so.* + +%files sysvinit +%{_initrddir}/snmpd +%{_initrddir}/snmptrapd + +%changelog +* Tue Sep 17 2019 Josef Ridky - 1:5.7.2-45 +- fix memory leak introduced by fix of snmp v3 traps forwarding (#1751195) + +* Wed Aug 14 2019 Josef Ridky - 1:5.7.2-44 +- add support for glusterfs (#1316386) +- change services to start after network-online.target (#1388118) +- fix interface fadeout configuration (#1547355) +- fix scanf pattern for ICMP stats (#1693547) +- change buffer size in pass_common.c file (#1695363 and #1731357) +- remove initial whitespace reading from scanf pattern of /sys/dev/block/../stat file (#1700494) +- fix for CVE-2018-18066 (#1638911) +- add Counter64 support for UCD-SNMP-MIB (#1703752) + +* Wed May 22 2019 Josef Ridky - 1:5.7.2-43 +- fix available memory calculation (#1250060) + +* Fri May 10 2019 Josef Ridky - 1:5.7.2-42 +- fix trapd crash when forward snmp v3 traps (#1680547) + +* Wed Apr 17 2019 Josef Ridky - 1:5.7.2-41 +- secure magic variable to prevent daemon crash (#1635201) + +* Fri Mar 29 2019 Josef Ridky - 1:5.7.2-40 +- add relro flag to MYSQL LIBS patch (#1548084) + +* Tue Mar 19 2019 Josef Ridky - 1:5.7.2-39 +- adjust logging of statfs (#1314610) +- link libnetsnmptrapd against MYSQL LIBS (#1468084) +- expand SNMPCONFPATH (#1514501) +- remove date in mailheader (#1585940) + +* Mon Nov 26 2018 Josef Ridky - 1:5.7.2-38 +- backport upstream fixes of memory leaks (#1650393) + +* Thu Sep 06 2018 Josef Ridky - 1:5.7.2-37 +- fix fsync issue (#1520761) + +* Tue Aug 14 2018 Josef Ridky - 1:5.7.2-36 +- Add missing part of ACFS support (#1564400) + +* Thu Jun 21 2018 Josef Ridky - 1:5.7.2-35 +- Add fsync to prevet data lose on power failure (#1520761) +- Add ZFS support (#1533943) +- Fix man page (#1537460) + +* Fri Apr 20 2018 Josef Ridky - 1:5.7.2-34 +- Add ACFS support (#1564400) + +* Tue Mar 27 2018 Josef Ridky - 1:5.7.2-33 +- Backport upstream leak fix (#1533780) + +* Wed Jan 24 2018 Josef Ridky - 1:5.7.2-32 +- Add net-snmp as requirement of net-snmp-devel + +* Tue Dec 05 2017 Josef Ridky - 1:5.7.2-31 +- Add missing dependency for net-snmp-perl package + +* Thu Nov 30 2017 Josef Ridky - 1:5.7.2-30 +- Revert #1448082 due QA Fail and upstream nonacceptance + +* Wed Nov 01 2017 Josef Ridky - 1:5.7.2-29 +- Move net-snmp-config from devel package to general package (#1486733) +- Fix SCTP parser (#1329338) +- Fix strstr() crash (#1428609) +- Add support for TCP and UDP 64 bit counters (#1448082) +- Fix documentation lack for includeFile, includeDir and includeSearch options (#1464485) +- Fix wrong usage of structure iterator (#1461666) +- Fix issue with statistics from autofs (#1501144) + +* Wed Apr 26 2017 Josef Ridky - 1:5.7.2-28 +- Restored message about duplicate IP address (#1442962) + +* Mon Apr 03 2017 Josef Ridky - 1:5.7.2-27 +- Allow clients to use UDPv6 addresses without 'udp6:' prefix (#1326850) +- snmpd: Speed up ipAddressTable loading. (#1327240) +- Fixed net-snmp segfault in netsnmp_copy_fd_set_to_large_fd_set (#1327200) +- Fixed issue with net-snmp-perl dependency on net-snmp-devel (#1438875) + +* Wed Mar 29 2017 Josef Ridky - 1:5.7.2-26 +- Fixed issue with agentx disconnet crash (#1404600) + +* Mon Jan 16 2017 Josef Ridky - 1:5.7.2-25 +- Fixed message buffer size (#1286693) +- Fixed problem with snmp too long error message (#1324306) + +* Fri Mar 18 2016 Jan Safranek - 1:5.7.2-24.1 +- Fixed memory leak in ETHERLIKE-MIB (#1305933) + +* Tue Aug 18 2015 Jan Safranek - 1:5.7.2-24 +- Fixed lmSensorsTable not reporting sensors with duplicate names + (#1252053) +- Fixed close() overhead of extend commands (#1252048) +- Fixed out-of-bounds write in python code (#1252034) + +* Thu Jul 30 2015 Jan Safranek - 1:5.7.2-23 +- Fixed parsing of invalid variables in incoming packets (#1248414) +- Fixed HOST-RESOURCES-MIB::hrFSAccess flag when read-only filesystem + becomes writable (#1241897) + +* Tue Jun 30 2015 Jan Safranek - 1:5.7.2-22 +- Fixed IP-MIB::ipSystemStatsInOctets and similar counters for IPv4 + (#1235697) + +* Tue Jun 16 2015 Jan Safranek - 1:5.7.2-21 +- Fixed crash on reloading 'exec' configuration options (#1228893) +- Fixed CVE-2014-3565, snmptrapd died when parsing certain traps (#1209361) +- Fixed storageUseNFS functionality in hrStorageTable (#1193006) +- Fixed forwarding of traps with RequestID=0 in snmptrapd (#1192511) +- Fixed hrStorageTable to contain 31 bits integers (#1192221) +- Fixed 'clientaddr' option for UDPv6 client messages (#1190679) +- Fixed log level of SMUX messages (#1189393) +- Fixed UDP-MIB::udpTable index on big-endian platforms (#1184433) +- Fixed client utilities reporting 'read_config_store open failure on + /var/lib/net-snmp/snmpapp.conf' (#1151310) +- Fixed snmpd crash when failed to parse SMUX message headers (#1140236) +- Added 'diskio' option to snmpd.conf, it's possible to monitor only + selected devices in diskIOTable (#1092308) + +* Mon Jan 19 2015 Jan Safranek - 1:5.7.2-20 +- Fixed compiler warnings in previous build. + +* Fri Jan 16 2015 Jan Safranek - 1:5.7.2-19 +- Fixed not-increasing OIDs in IP-FORWARD-MIB::ipCidrRouteTable (#1172013) +- Fixed HOST-RESOURCES-MIB::hrProcessorTable on machines with >100 CPUs + (#1070076) +- skip 'mvfs' (ClearCase) when skipNFSInHostResources is enabled (#1086606) +- Added clear error message when port specified in 'clientaddrr' config + option cannot be bound (#1086925) +- fixed proxying of out-of-tree GETNEXT requests (#1087801) +- use python/README to net-snmp-python subpackage (#1158391) + +* Tue Mar 4 2014 Jan Safranek - 1:5.7.2-18 +- Fixed buffer overflow in ICMP-MIB (#1072092) + +* Thu Feb 13 2014 Jan Safranek - 1:5.7.2-17 +- fixed various error codes in Python module (#1064338) +- fixed net-snmp-config.h header file (#1064437) + +* Fri Jan 24 2014 Daniel Mach - 1:5.7.2-16 +- Mass rebuild 2014-01-24 + +* Wed Jan 15 2014 Honza Horak - 1:5.7.2-15 +- Rebuild for mariadb-libs + Related: #1045013 + +* Thu Jan 9 2014 Jan Safranek - 1:5.7.2-14 +- move tmpfiles.d config file to /usr/lib (#881218) +- fixed dashes in net-snmp-config.h (#1038642) +- fixed snmpd crashing on monitor trigger evaluation (#1050971) + +* Fri Dec 27 2013 Daniel Mach - 1:5.7.2-13 +- Mass rebuild 2013-12-27 + +* Thu Dec 5 2013 Jan Safranek - 1:5.7.2-12 +- fixed clientaddrUsesPort option (#833015) +- added support of btrfs to hrStorageTable (#1006758) + +* Mon Aug 12 2013 Jan Safranek - 1:5.7.2-11 +- fixed parsing of integer variable sizes (#953926, #983116) +- added support of simfs and vzfs to hrStorageTable (#861152, #989498) + +* Fri Jul 12 2013 Jan Safranek - 1:5.7.2-10 +- bumping libnetsnmp soname because of ABI-breaking patch + (#969061) + +* Wed Jun 26 2013 Jan Safranek - 1:5.7.2-9 +- fixed potential memory leak on realloc failure when processing 'extend' + option (#978384) +- added precise enumeration of configuration files searched to + snmp_config(5) man page (#978398) +- set permissions of snmpd.conf and snmptrapd conf to 0600 (#919240) +- fixed kernel threads in hrSWRunTable (#979329) +- fixed snmpd crashing in the middle of agentx request processing when + a subagent disconnects (#969061) +- updated UCD-SNMP-MIB::dskTable to dynamically add/remove disks if + 'includeAllDisks' is specified in snmpd.conf (#982644) +- fixed crash in extTable on empty command line (#955609) +- lowered severity of few debugging messages in dot3statsTable (#915302) + +* Thu Feb 7 2013 Jan Safranek - 1:5.7.2-8 +- Removed APSL patch (#830796) +- fixed net-snmp-create-v3-user to have the same content on all architectures +- /var/lib/net-snmp/mib_indexes and cert_indexes added to net-snmp-libs + (#906761) +- Python: fixed IPADDRESS size on 64-bit systems (#895357) + +* Mon Dec 17 2012 Jan Safranek - 1:5.7.2-7 +- Fixed UCD-SNMP::dskTable being slow on NFS mounts (#877326) + +* Thu Nov 29 2012 Jan Safranek - 1:5.7.2-6 +- Removed unused patch +- Added net-snmp-agent-libs dependency where appropriate +- Added full relro +- Make net-snmp-create-v3-user multilib safe + +* Mon Nov 12 2012 Jan Safranek - 1:5.7.2-5 +- Fixed snmpd in FIPS mode (#874440) +- Removed APSL licensed code (#830796) +- Synchronized with RHEL-6.4 + +* Mon Nov 12 2012 Jan Safranek - 1:5.7.2-4 +- Fixed systemd support (#875632). + +* Mon Oct 29 2012 Jan Safranek - 1:5.7.2-3 +- Added direct dependency on perl-devel with architectute in + net-snmp-devel package to pull proper dependencies. + +* Wed Oct 24 2012 Jan Safranek - 1:5.7.2-2 +- Fixed net-snmp dependency on net-snmp-agent-libs. + +* Thu Oct 18 2012 Jan Safranek - 1:5.7.2-1 +- Updated to 5.7.2 + +* Mon Aug 27 2012 Jan Safranek - 1:5.7.1-10 +- Updated RPM scriplets with latest systemd-rpm macros (#850403). +- Fixed fedora-review tool complaints. + +* Fri Jul 20 2012 Fedora Release Engineering - 1:5.7.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 08 2012 Petr Pisar - 1:5.7.1-8 +- Perl 5.16 rebuild + +* Fri May 18 2012 Jan Safranek 5.7.1-7 +- Move /var/lib/net-snmp from net-snmp to net-snmp-libs (#822508) + +* Mon Apr 23 2012 Karsten Hopp 5.7.1-6 +- Temporarily disable T200snmpv2cwalkall_simple test on ppc(64) until + bug 814829 is fixed + +* Fri Mar 30 2012 Jan Safranek - 1:5.7.1-5 +- Rebuilt for new rpm + +* Fri Jan 13 2012 Fedora Release Engineering - 1:5.7.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Nov 28 2011 Jan Safranek - 1:5.7.1-3 +- re-introduced /etc/sysconfig files (#752821) + +* Wed Oct 5 2011 Jan Safranek - 1:5.7.1-2 +- fixed perl linking (#742678) + +* Tue Oct 4 2011 Jan Safranek - 1:5.7.1-1 +- updated to 5.7.1: + - Fixed the mib-parsing-bug introduced shortly before 5.7 + - fixed rounding errors for disk percentage calculations + - Many other miscellaneous minor bug fixes + +* Tue Sep 06 2011 Dan Horák - 1:5.7-7 +- disable failing test on s390(x) (#680697) + +* Thu Aug 11 2011 Jan Safranek - 1:5.7-6 +- added new net-snmp-agent-libs subpackage with agent libraries + -> net-snmp-libs do not need perl and lm_sensors libs +- removed libsnmp.so, it's not used in Fedora (#729811) +- added README.systemd +- added new net-snmp-sysvinit subpackage with legacy init scripts + (#718183) + +* Tue Aug 9 2011 Jan Safranek - 1:5.7-5 +- integrated with systemd (#718183) + +* Thu Jul 21 2011 Petr Sabata - 1:5.7-4 +- Perl mass rebuild + +* Wed Jul 20 2011 Petr Sabata - 1:5.7-3 +- Perl mass rebuild + +* Fri Jul 8 2011 Jan Safranek - 1:5.7-2 +- restored rpath in net-snmp-config output - SNMP subagent won't link + with libsnmpagent.so without it, linker needs to know location + of libperl.so +- fixed check section to make tests pass on machine without DNS + +* Thu Jul 7 2011 Jan Safranek - 1:5.7-1 +- updated to net-snmp-5.7 + +* Mon Jun 20 2011 Marcela Mašláňová - 1:5.6.1-9 +- Perl mass rebuild + +* Thu Jun 09 2011 Marcela Mašláňová - 1:5.6.1-8 +- Perl 5.14 mass rebuild + +* Wed Mar 23 2011 Jan Safranek - 1:5.6.1-7 +- Rebuild against newer mysql + +* Sat Feb 26 2011 Dennis Gilmore - 1:5.6.1-6 +- disable failing test on sparc64 + +* Tue Feb 15 2011 Jan Safranek - 1:5.6.1-5 +- enabled MySQL support in snmptrapd + +* Tue Feb 08 2011 Fedora Release Engineering - 1:5.6.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 19 2011 Jan Safranek - 1:5.6.1-3 +- Rebuild (again) against newer rpm, now with proper rpm-4.9 detection + +* Wed Jan 19 2011 Matthias Clasen - 1:5.6.1-2 +- Rebuild against newer rpm + +* Tue Jan 4 2011 Jan Safranek - 1:5.6.1-1 +- updated to net-snmp-5.6.1 + +* Mon Dec 6 2010 Jan Safranek - 1:5.6-5 +- re-create /var/run/net-snmp on boot using tmpfiles.d (#656637) +- move snmp-bridge-mib and net-snmp-cert utilities to net-snmp-perl + subpackage, net-snmp-utils subpackage does not depend on Perl now + +* Tue Nov 23 2010 Jan Safranek - 1:5.6-4 +- properly fix failing tests on ppc/s390 (#655731) + +* Mon Nov 22 2010 Dan Horák - 1:5.6-3 +- temporarily disable a test failing on ppc/s390 arches + +* Fri Nov 5 2010 Jan Safranek - 1:5.6-2 +- fixed c++ guards in net-snmp header files (#650219) + +* Mon Oct 25 2010 Jan Safranek - 1:5.6-1 +- updated to net-snmp-5.6 + +* Mon Oct 11 2010 Jan Safranek - 1:5.5-21 +- fixed truncation of sysObjectID (#640848) + +* Thu Aug 19 2010 Jan Safranek - 1:5.5-20 +- Remove rpath from net-snmp-config output (#554747) + +* Wed Aug 4 2010 Jan Safranek - 1:5.5-19 +- Add APSL 2.0 license to COPYING file + +* Wed Jul 21 2010 David Malcolm - 1:5.5-18 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Jul 20 2010 Jan Safranek - 1:5.5-17 +- fixed temporary filename generation in snmptrapd (#616347) + +* Mon Jun 28 2010 Jan Safranek - 1:5.5-16 +- rebuild for new perl + +* Wed Jun 16 2010 Jan Safranek - 1:5.5-14 +- add missing struct.h header file (#603243) + +* Wed Jun 16 2010 Jan Safranek - 1:5.5-13 +- add missing include files from util_funcs directory (#603243) + +* Tue Jun 01 2010 Marcela Maslanova - 1:5.5-13 +- Mass rebuild with perl-5.12.0 + +* Tue Feb 2 2010 Jan Safranek - 1:5.5-12 +- store temporary files in /var/run/net-snmp instead of /tmp - + SELinux does not like it. + +* Tue Jan 12 2010 Stepan Kasal - 1:5.5-11 +- move the perl(:MODULE_COMPAT_5.10.x) require to net-snmp-libs + +* Tue Jan 12 2010 Jan Safranek - 1:5.5-10 +- document various legacy options in this spec file + +* Tue Jan 12 2010 Stepan Kasal - 1:5.5-9 +- require perl(:MODULE_COMPAT_5.10.x) because the package links against + libperl.so + +* Tue Jan 5 2010 Jan Safranek - 1:5.5-8 +- fix invalid access to memory in tcpListenerTable (#551030) + +* Mon Dec 21 2009 Jan Safranek - 1:5.5-7 +- fix crash with interfaces without broadcast addresses (like OpenVPN's tun0) + (#544849) + +* Tue Dec 8 2009 Jan Safranek - 1:5.5-6 +- fix compilation of the python module + +* Mon Dec 7 2009 Stepan Kasal - 1:5.5-5 +- rebuild against perl 5.10.1 + +* Wed Dec 2 2009 Jan Safranek 1:5.5-4 +- fix udpTable indexes on big-endian systems (#543352) +- fix snmptrapd init script to survive with empty /etc/sysconfig/snmptrapd +- lower the default log level of snmpd to get rid of the debug messages + +* Wed Nov 25 2009 Jan Safranek 1:5.5-3 +- prepare the .spec file for review +- run automatic regression suite after the compilation of the package + to check for obvious regressions +- remove unnecessary package dependencies + +* Tue Nov 24 2009 Jan Safranek 1:5.5-2 +- introduce /etc/sysconfig/snmptrapd. Use it to specify snmptrapd command + line options. /etc/snmp/snmptrapd.options is not used anymore (#540799) +- build-in ipAddressPrefixTable, ipDefaultRouterTable, ipv6ScopeZoneIndexTable, + ipIfStatsTable, SCTP-MIB, RMON-MIB and Etherlike-MIBs +- remove ucd5820stat helper script, it depends on get5820stats, which is not + available in Fedora +- move sample services ipf-mod.pl to documentation +- remove logrotate config, snmpd logs into syslog + +* Tue Sep 29 2009 Jan Safranek Jan Safranek 5.5-1 +- update to Net-SNMP 5.5 +- remove static libraries from -devel subpackage + +* Mon Sep 14 2009 Jan Safranek 1:5.4.2.1-17 +- implement force-reload command in initscripts (#523126) + +* Fri Aug 21 2009 Tomas Mraz - 1:5.4.2.1-16 +- rebuilt with new openssl + +* Fri Aug 14 2009 Orion Poplawski 1:5.4.2.1-15 +- Prevent post script failure on fresh installs + +* Sat Jul 25 2009 Fedora Release Engineering - 1:5.4.2.1-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 1 2009 Jan Safranek 5.4.2.1-13 +- package cleanup, remove unnecessary patches +- move local state file from /var/net-snmp/ to /var/lib/net-snmp + +* Wed Jul 1 2009 Jan Safranek 5.4.2.1-12 +- make the default configuration less noisy, i.e. do not print "Connection from + UDP:" and "Received SNMP packet(s) from UDP:" messages on each connection. + (#509055) + +* Mon May 18 2009 Jan Safranek 5.4.2.1-11 +- fix divison-by-zero in cpu statistics (#501210) + +* Fri Mar 06 2009 Jesse Keating - 5.4.2.1-10 +- Rebuild for new rpm + +* Wed Feb 25 2009 Fedora Release Engineering - 1:5.4.2.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 16 2009 Jan Safranek 5.4.2.1-8 +- fix tcp_wrappers integration (CVE-2008-6123) + +* Fri Jan 30 2009 Karsten Hopp 5.4.2.1-7 +- fix build on s390x which has no libsensors + +* Sat Jan 17 2009 Tomas Mraz 5.4.2.1-7 +- rebuild with new openssl + +* Wed Dec 17 2008 Jan Safranek 5.4.2.1-6 +- rebuilt for new python again... + +* Mon Dec 1 2008 Jan Safranek 5.4.2.1-5 +- fix rpm ownership of all created directories (#473582) + +* Mon Dec 1 2008 Jan Safranek 5.4.2.1-4 +- Rebuild for fixed rpm (#473420) + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 1:5.4.2.1-3 +- Rebuild for Python 2.6 + +* Mon Nov 3 2008 Jan Safranek 5.4.2.1-1 +- explicitly require the right version and release of net-snmp and + net-snmp-libs +- update to net-snmp-5.4.2.1 to fix CVE-2008-4309 + +* Fri Sep 26 2008 Jan Safranek 5.4.2-3 +- further tune up the distribution of files among subpackages + and dependencies + +* Fri Sep 26 2008 Jan Safranek 5.4.2-2 +- redistribute the perl scripts to the net-snmp package, + net-snmp-utils doesn't depend on perl now (#462484) + +* Wed Sep 17 2008 Jan Safranek 5.4.2-1 +- update to net-snmp-5.4.2 + +* Wed Sep 10 2008 John A. Khvatov 5.4.1-22 +- add net-snmp-python + +* Tue Jul 22 2008 Jan Safranek 5.4.1-21 +- fix perl SNMP::Session::set (#452131) + +* Fri Jul 11 2008 Jan Safranek 5.4.1-20 +- prepare for new rpm version + +* Tue Jun 10 2008 Jan Safranek 5.4.1-19 +- fix various flaws (CVE-2008-2292 CVE-2008-0960) + +* Sat May 31 2008 Dennis Gilmore 5.4.1-18 +- fix sparc handling in /usr/bin/net-snmp-config + +* Thu May 29 2008 Dennis Gilmore 5.4.1-17 +- fix sparc handling in /usr/include/net-snmp/net-snmp-config-sparc.h + +* Sun May 25 2008 Dennis Gilmore 5.4.1-16 +-sparc multilib handling + +* Mon Apr 21 2008 Jan Safranek 5.4.1-15 +- explicitly require lm_sensor > 3 for build (#442718) +- create multilib net-snmp-config on multilib architectures only + +* Tue Mar 18 2008 Tom "spot" Callaway 5.4.1-14 +- add Requires for versioned perl (libperl.so) +- get rid of silly file Requires + +* Thu Mar 6 2008 Tom "spot" Callaway 5.4.1-13 +- BR: perl(ExtUtils::Embed) + +* Thu Mar 6 2008 Tom "spot" Callaway 5.4.1-12 +- rebuild for new perl + +* Thu Feb 21 2008 Jan Safranek 5.4.1-11 +- add openssl-devel to the list of netsnmp-devel deps + +* Thu Feb 14 2008 Jan Safranek 5.4.1-10 +- fixing ipNetToMediaNetAddress to show IP address (#432780) + +* Tue Feb 12 2008 Jan Safranek 5.4.1-9 +- introduce /etc/sysconfig/snmpd. Use it to specify snmpd command line options. + /etc/snmp/snmpd.options is not used anymore (#431391) + +* Mon Jan 28 2008 Jan Safranek 5.4.1-8 +- init scripts made LSB compliant + +* Wed Dec 5 2007 Jan Safranek 5.4.1-7 +- rebuild for openssl soname bump + +* Wed Nov 14 2007 Jan Safranek 5.4.1-6 +- add support of lm_sensors v3 +- added procps to build dependencies (#380321) +- removed beecrypt from dependencies +- fixed crash on reading xen interfaces (#386611) + +* Thu Oct 25 2007 Jan Safranek 5.4.1-5 +- move mib2c-update from net-snmp-utils to net-snmp-perl, where + mib2c is located +- add tkmib to net-snmp-gui package (#167933) + +* Tue Oct 16 2007 Jan Safranek 5.4.1-4 +- License: field fixed to "BSD and CMU" + +* Thu Aug 23 2007 Jan Safranek 5.4.1-3 +- include these tables: ip-mib/ipv4InterfaceTable + ip-mib/ipv6InterfaceTable, ip-mib/ipAddressPrefixTable +- fix Requires of net-snmp-devel to include lmsensors-devel on supported + architectures + +* Wed Aug 22 2007 Jan Safranek 5.4.1-2 +- gawk added to build dependencies + +* Tue Aug 7 2007 Jan Safranek 5.4.1-1 +- License: field changed to MIT +- 5.4.1 integrated + +* Tue Jul 31 2007 Jan Safranek 5.4-16 +- supported lm_sensors on ppc64 (#249255) +- snmpconf generates config files with proper selinux context + (#247462) +- fix leak in udp transport (#247771) +- add alpha to supported archs in net-snmp-config (#246825) +- fix hrSWInst (#250237) + +* Thu Jun 28 2007 Jan Safranek 5.4-15 +- fix default snmptrapd.conf + +* Thu May 3 2007 Jan Safranek 5.4-14 +- fix snmptrapd hostname logging (#238587) +- fix udpEndpointProcess remote IP address (#236551) +- fix -M option of net-snmp-utils (#244784) +- default snmptrapd.conf added (#243536) +- fix crash when multiple exec statements have the same name + (#243536) +- fix ugly error message when more interfaces share + one IP address (#209861) + +* Mon Mar 12 2007 Radek Vokál - 1:5.4-13 +- fix overly verbose log message (#221911) +- few minor tweaks for review - still not perfect +- fix linking with lcrypto (#231805) + +* Fri Mar 9 2007 Radek Vokál - 5.4-12 +- lm_sensors-devel only where avaliable + +* Thu Mar 1 2007 Radek Vokál - 5.4-11 +- fix lm_sensors-devel Requires (#229109) + +* Mon Feb 26 2007 Vitezslav Crhonek - 5.4-10 +- fix net-snmp-config strange values for --libs (#228588) + +* Fri Feb 23 2007 Radek Vokál - 5.4-9 +- fix dependency on lm_sensors-devel (#229109) +- spec file cleanups + +* Tue Jan 23 2007 Radek Vokál - 5.4-8 +- fix occasional segfaults when snmpd starts + +* Thu Jan 11 2007 Radek Vokál - 5.4-7 +- fix ethtool extension (#222268) + +* Thu Jan 11 2007 Radek Vokál - 5.4-6 +- swith to new disman implementation + +* Tue Dec 12 2006 Radek Vokál - 5.4-5 +- fix memleaks in ip-addr and tcpConn + +* Thu Dec 7 2006 Radek Vokál - 5.4-4 +- fix rtnetlink.h/if_addr.h + +* Thu Dec 7 2006 Joe Orton - 5.4-3 +- add Requires for tcp_wrappers-devel for -devel + +* Mon Dec 4 2006 Radek Vokál - 5.4-2 +- rebuilt against tcp_wrappers-devel + +* Mon Nov 27 2006 Radek Vokal - 5.4-1 +- upgrade to 5.4 +- patch cleanup +- snmpd uses /var/run/snmpd.pid (#211264) + +* Sun Oct 01 2006 Jesse Keating - 5.3.1-11 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Mon Sep 25 2006 Radek Vokal 5.3.1-10 +- add mibII/mta_sendmail (#207909) + +* Fri Sep 22 2006 Radek Vokal 5.3.1-9 +- fix deprecated syscall base_reachable_time (#207273) + +* Wed Sep 13 2006 Radek Vokal 5.3.1-8 +- enable smux to listen only on LOCAL by default (#181667) +- use correct answer adrress + +* Tue Sep 5 2006 Radek Vokal 5.3.1-7 +- better upstream patch for byteorder +- add epoch to corespond with upstream versioning + +* Wed Aug 30 2006 Radek Vokal 5.3.1.0-6 +- fix IPv4/IPv6 address presentation (#200255) + +* Wed Aug 23 2006 Radek Vokal 5.3.1.0-5 +- SMUX support is still needed .. will disappear later! +- static libs should be in devel not libs (#203571) +- fix lm_sensors issues + +* Tue Aug 22 2006 Radek Vokal 5.3.1.0-4 +- turn off SMUX support (#110931) +- add dist tag + +* Thu Aug 10 2006 Radek Vokal 5.3.1.0-3 +- fix lib dirs in configure (#197684) + +* Thu Aug 3 2006 Radek Vokal 5.3.1.0-2 +- better patch for depreciated sysctl call + +* Mon Jul 17 2006 Radek Vokal 5.3.1.0-1 +- update to 5.3.1 final version, fix version number + +* Wed Jul 12 2006 Radek Vokál 5.3.1.rc4-2 +- fix init script, read .options files from /etc/snmp (#195702) + +* Wed Jul 12 2006 Jesse Keating - 5.3.1.rc4-1.1 +- rebuild + +* Mon Jul 10 2006 Radek Vokal 5.3.1.rc4-1 +- update to release candidate 4 +- fix lib dependencies on 64bit archs +- supress perl build + +* Tue Jun 13 2006 Radek Vokal 5.3.1.pre3-2 +- add tcp-mib (#194856) + +* Fri Jun 2 2006 Radek Vokal 5.3.1.pre3-1 +- update to another prerelease (fixes perl agents) + +* Fri May 26 2006 Radek Vokal 5.3.1.pre2-4 +- fix lib version + +* Thu May 25 2006 Radek Vokal 5.3.1.pre2-3 +- another multilib fix. Fix also net-snmp-config script + +* Wed May 24 2006 Radek Vokal 5.3.1.pre2-2 +- another attempt to fix multilib issue. Generate dummy net-snmp-config.h file + +* Tue May 23 2006 Radek Vokal 5.3.1.pre2-1 +- update to 5.3.1.pre2 +- fix multilib issues (#192736) + On system with /usr/lib64 use net-snmp-config64 and net-snmp-config64.h + +* Sat Apr 15 2006 Radek Vokál 5.3-8 +- fix missing IF-MIB::ifNumber.0 (#189007) + +* Wed Apr 05 2006 Radek Vokál 5.3-7 +- fix parsing of /proc/diskstats +- fix disman monitor crash +- fix perl vendor name +- fix OID lookup fail + +* Sat Mar 25 2006 Radek Vokal 5.3-6 +- use net.ipv6.neigh.lo.retrans_time_ms (#186546) + +* Mon Mar 20 2006 Radek Vokal 5.3-5 +- allow disman/event-mib + +* Fri Feb 10 2006 Jesse Keating - 5.3-4.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 5.3-4.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Thu Feb 2 2006 Radek Vokál 5.3-4 +- fix crash on s390x and ppc64 + +* Mon Jan 30 2006 Radek Vokál 5.3-3 +- fix for lm_Senors, the max is no longer a fixed value +- parsing fixed for /proc/net/if_inet6 + +* Wed Jan 18 2006 Radek Vokal 5.3-2 +- Security fix. Bug granting write access to read-only users + or communities which were configured using the "rocommunity" + or "rouser" snmpd.conf tokens fixed + +* Fri Dec 30 2005 Radek Vokal +- upgrade to 5.3 + +* Fri Dec 16 2005 Jesse Keating +- rebuilt for new gcj + +* Fri Dec 16 2005 Radek Vokal - 5.2.2-4 +- check for header files in configure +- patch for SNMPv3 traps / session user creation (net-snmp bz#1374087) + +* Fri Dec 09 2005 Radek Vokal - 5.2.2-3 +- fix ipaddr return type on 64bit machines + +* Wed Dec 07 2005 Radek Vokal - 5.2.2-2 +- fix read problem on stream sockets (net-snmp bz#1337534) + +* Tue Nov 29 2005 Radek Vokal - 5.2.2-1 +- upgrade to 5.2.2 final + +* Mon Nov 21 2005 Radek Vokal - 5.2.2-0.rc6.1 +- update to rc6, snmpnetstat changes due to license problems +- persistent files in directory defined by snmp.conf persistentDir are + loaded at startup + +* Tue Nov 15 2005 Radek Vokal - 5.2.2-0.rc5.1 +- another release candidate + +* Tue Nov 08 2005 Radek Vokal - 5.2.2-0.rc4.2 +- Remove .la file from net-snmp-libs (#172618) +- grab new openssl + +* Mon Nov 07 2005 Radek Vokal - 5.2.2-0.rc4.1 +- update to release candidate 4 + +* Tue Nov 01 2005 Radek Vokal - 5.2.2-0.rc3.1 +- release candidate 3 of net-snmp-5.2.2 + +* Tue Oct 25 2005 Radek Vokal - 5.2.2.rc2-1 +- rc2 prebuilt + +* Tue Sep 20 2005 Radek Vokal - 5.2.1.2-3 +- fix endian issues for addresses + +* Fri Aug 12 2005 Radek Vokal - 5.2.1.2-2 +- fix for s390x counter32 overflow (sachinp@in.ibm.com) + +* Wed Jul 13 2005 Radek Vokal - 5.2.1.2-1 +- CAN-2005-2177 new upstream version fixing DoS (#162908) + +* Tue May 31 2005 Radek Vokal - 5.2.1-13 +- CAN-2005-1740 net-snmp insecure temporary file usage (#158770) +- patch from suse.de + +* Wed May 18 2005 Radek Vokal - 5.2.1-12 +- session free fixed, agentx modules build fine (#157851) +- fixed dependency for net-snmp libs (#156932) + +* Wed May 04 2005 Radek Vokal - 5.2.1-11 +- report gigabit Ethernet speeds using Ethtool (#152480) + +* Tue Apr 19 2005 Radek Vokal - 5.2.1-10 +- fixed missing requires for devel package (#155221) + +* Wed Apr 06 2005 Radek Vokal - 5.2.1-9 +- switching to a different 64bit patch, hopefully 64bit problems are gone for a while + +* Mon Apr 04 2005 Radek Vokal - 5.2.1-8 +- net-snmp properly deals with large partitions (#153101) + +* Thu Mar 31 2005 Radek Vokal - 5.2.1-7 +- agentx double free error fix + +* Thu Mar 24 2005 Radek Vokal - 5.2.1-6 +- fixed unexpected length for type ASN_UNSIGNED (#151892) +- fixed uptime problems on ia64 + +* Wed Mar 09 2005 Radek Vokal - 5.2.1-5 +- 64bit needed some changes, was causing timeouts on 64bit archs!? +- affects bugs #125432 and #132058 + +* Tue Mar 1 2005 Tomas Mraz - 5.2.1-4 +- rebuild with openssl-0.9.7e + +* Wed Feb 23 2005 Radek Vokal - 5.1.2-3 +- patch from CVS - kill extra carriage return (#144917) +- removed patch for interface indexing - doesn't show virtual interfaces + +* Tue Feb 8 2005 Jeremy Katz - 5.2.1-2 +- rebuild for new librpm + +* Mon Jan 31 2005 Radek Vokal 5.2.1-1 +- new release, fixing several issues +- pointer needs to be inicialized (#146417) + +* Mon Dec 27 2004 Radek Vokal 5.2-2 +- patch adding ipv6 support to ip system stats + +* Tue Nov 30 2004 Radek Vokal 5.2-1 +- net-snmp-5.2, patch clean-up + +* Mon Nov 15 2004 Radek Vokal 5.1.2-12 +- snmpd crash with 'interfaces' directives in snmpd.conf fixed #139010 +- rather dirty patch fixing conf directory for net-snmp-config + +* Fri Oct 15 2004 Radek Vokal 5.1.2-11 +- Logrotate support added (#125004) + +* Thu Oct 14 2004 Phil Knirsch 5.1.2-10 +- Extended the libwrap and bsdcompat patches + +* Mon Oct 11 2004 Phil Knirsch 5.1.2-9 +- Droped obsolete lm-sensors patch and enabled lmSensors module +- Marked several patches to be removed for 5.1.3 + +* Wed Sep 29 2004 Warren Togami 5.1.2-8 +- remove README* that do not apply to Linux +- trim massive ChangeLog + +* Wed Sep 22 2004 Florian La Roche +- move ldconfig post/postun to libs subrpm + +* Wed Sep 15 2004 Phil Knirsch 5.1.2-6 +- Split out libs package for multilib compatibility + +* Wed Sep 08 2004 Radek Vokal 5.1.2-4 +- New prereq for net-snmp-devel +- lelf check removed from configure.in (#128748) +- fixed snmpd coredump when sent SIGHUP (#127314) + +* Tue Sep 07 2004 Radek Vokal 5.1.2-3 +- Agentx failed to send trap, fixed (#130752, #122338) + +* Mon Sep 06 2004 Radek Vokal 5.1.2-2 +- Patch fixing uninitalized stack variable in smux_trap_process (#130179) + +* Wed Aug 18 2004 Phil Knirsch 5.1.2-1 +- Update to 5.1.2 +- Removed net-snmp-5.0.1-initializer patch, included upstream + +* Tue Jun 15 2004 Phil Knirsch +- Fixed small bug in snmptrapd initscript (#126000). + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Thu May 06 2004 Phil Knirsch 5.1.1-3 +- Reworked the perl filelist stuff (Thanks to marius feraru). + +* Thu Apr 08 2004 Phil Knirsch 5.1.1-2 +- Added Kaj J. Niemi that fixes ipAdEntIfIndex problem (#119106) +- Added Kaj J. Niemi to shut up memshared message for 2.6 kernel (#119203) + +* Tue Mar 23 2004 Phil Knirsch 5.1.1-1 +- Update to latest upstream version 5.1.1 +- Included updated patches from Kaj J. Niemi (#118580). + +* Thu Mar 18 2004 Phil Knirsch 5.1-12 +- Hacked an ugly perl hack to get rid of perl RPATH problems. +- Fixed 64bit patch and applied it. ;-) + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Feb 04 2004 Phil Knirsch 5.1-10 +- Included 64bit fix from Mark Langsdorf (#114645). + +* Tue Feb 03 2004 Phil Knirsch 5.1-9 +- Reverted removal of _includir redefiniton due to php-snmp dependancy. +- Remove SO_BSDCOMPAT setsockopt() call, deprecated. + +* Thu Jan 29 2004 Phil Knirsch 5.1-8 +- Quite a bit of specfile cleanup from Marius FERARU. + +* Thu Jan 22 2004 Thomas Woerner 5.1-7 +- enabled pie (snmpd, snmptrapd) - postponed for ia64 +- added --with-pic to configure call + +* Thu Jan 15 2004 Phil Knirsch 5.1-6 +- Fixed 64bit build problems when 32bit popt lib is installed. + +* Tue Jan 13 2004 Phil Knirsch 5.1-5 +- rebuilt + +* Sun Jan 11 2004 Florian La Roche 5.1-4 +- rebuild for new rpm + +* Wed Dec 10 2003 Phil Knirsch 5.1-3 +- Removed snmpcheck again, needs perl(Tk) which we don't ship (#111194). +- Fixed getopt definition in include file (#111209). +- Included Kaj J. Niemi's patch for broken perl module (#111319). +- Included Kaj J. Niemi's patch for broken async getnext perl call (#111479). +- Included Kaj J. Niemi's patch for broken hr_storage (#111502). + +* Wed Nov 26 2003 Phil Knirsch 5.1-2 +- Included BuildPrereq on lm_sensors-devel on x86 archs (#110616). +- Fixed deprecated initscript options (#110618). + +* Wed Nov 19 2003 Phil Knirsch 5.1-1 +- Updated to latest net-snmp-5.1 upstream version. +- Tons of specfile and patch cleanup. +- Cleaned up perl stuff (mib2c etc, see #107707). +- Added lm_sensors support patch for x86 archs from Kaj J. Niemi (#107618). +- Added support for custom mib paths and mibs to snmptrapd initscript (#102762) + +* Mon Oct 13 2003 Phil Knirsch 5.0.9-2 +- Due to rpm-devel we need elfutils-devel, too (#103982). + +* Mon Sep 29 2003 Phil Knirsch 5.0.9-1 +- Updated to latest upstream version net-snmp-5.0.9 +- Added patch to fix net-snmp-perl problems (#105842). + +* Tue Sep 23 2003 Florian La Roche +- allow compiling without tcp_wrappers + +* Wed Sep 17 2003 Phil Knirsch 5.0.8-11.1 +- rebuilt + +* Wed Sep 17 2003 Phil Knirsch 5.0.8-11 +- Fixed permission for net-snmp-config in net-snmp-devel + +* Mon Sep 08 2003 Phil Knirsch 5.0.8-10.1 +- rebuilt + +* Mon Sep 08 2003 Phil Knirsch 5.0.8-10 +- Moved net-snmp-config into devel package (#103927) + +* Fri Aug 22 2003 Phil Knirsch 5.0.8-9.1 +- rebuilt + +* Thu Aug 21 2003 Phil Knirsch 5.0.8-9 +- Added sample config to make net-snmp RFC 1213 compliant. + +* Fri Aug 15 2003 Phil Knirsch 5.0.8-8 +- Fixed problem with perl option (#102420). +- Added patch for libwrap fix (#77926). + +* Tue Aug 12 2003 Phil Knirsch 5.0.8-7.1 +- rebuilt + +* Tue Aug 12 2003 Phil Knirsch 5.0.8-7 +- Fixed build problems on ppc64 +- Fixed double packaged manpages (#102075). + +* Thu Aug 07 2003 Phil Knirsch +- Fixed problem with new proc output (#98619, #89960). + +* Wed Aug 06 2003 Phil Knirsch +- Fixed ro/rw problem with v2 and v3 request (#89612) + +* Tue Aug 05 2003 Phil Knirsch +- Fixed permission problem for debuginfo (#101456) + +* Thu Jul 31 2003 Phil Knirsch 5.0.8-6.1 +- Fixed file list for latest build. + +* Thu Jul 31 2003 Phil Knirsch 5.0.8-6 +- Fixed build problems for net-snmp-perl. + +* Sun Jul 27 2003 Florian La Roche 5.0.8-5 +- actually apply ipv6 patch + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue Apr 29 2003 Phil Knirsch 5.0.8-3 +- bumped release and rebuilt. + +* Tue Apr 29 2003 Phil Knirsch 5.0.8-2 +- Hack to make it build on 64bit platforms with /usr/lib64 correctly. +- Fixed bug #85071 (leak of open descriptors for ipv6). + +* Fri Mar 28 2003 Phil Knirsch 5.0.8-1 +- Updated to latest upstream version 5.0.8 (bug #88580) + +* Thu Feb 13 2003 Phil Knirsch +- Included generation of perl stuff. Thanks to Harald Hoyer. + +* Wed Feb 12 2003 Phil Knirsch 5.0.7-1 +- Updated to net-snmp-5.0.7. Fixed especially the performance problem with + limited trees. + +* Tue Feb 11 2003 Phil Knirsch 5.0.6-17 +- Fixed ucd-snmp.redhat.conf (#78391). +- Fixed snmpwalk examples in config file. + +* Mon Feb 10 2003 Phil Knirsch 5.0.6-15 +- Fixed invalid SMUX packet (#83487). + +* Thu Feb 06 2003 Phil Knirsch 5.0.6-14 +- Fixed the libdir problem. + +* Wed Feb 05 2003 Phil Knirsch 5.0.6-13 +- Updated the old libtool rpath patch. + +* Wed Jan 22 2003 Tim Powers 5.0.6-12 +- rebuilt + +* Tue Jan 14 2003 Phil Knirsch 5.0.6-11 +- Updated nolibelf patch and activated it again. + +* Tue Jan 7 2003 Nalin Dahyabhai 5.0.6-10 +- Rebuild + +* Tue Dec 17 2002 Phil Knirsch 5.0.6-9 +- Added bzip2-devel to BuildPreReq (#76086, #70199). + +* Thu Nov 28 2002 Phil Knirsch 5.0.6-8 +- Added patch to increase SMUXMAXSTRLEN. + +* Thu Nov 7 2002 Tim Powers 5.0.6-6 +- rebuilt to fix broken deps +- remove files from the buildroot that we don't want to ship + +* Thu Nov 7 2002 Joe Orton 5.0.6-5 +- add fix for -DUCD_COMPATIBLE (#77405) + +* Thu Nov 07 2002 Phil Knirsch 5.0.6-4 +- Another bump required. Some more specfile changes. + +* Wed Nov 06 2002 Phil Knirsch 5.0.6-3 +- Bumped release and rebuilt. +- Removed all dbFOO cruft again. + +* Wed Oct 09 2002 Phil Knirsch 5.0.6-2 +- Updated to latest released version. + +* Sat Aug 31 2002 Florian La Roche +- do not link against -lelf + +* Thu Jun 27 2002 Phil Knirsch 5.0.1-5 +- Added --enable-ucd-snmp-compatibility for compatibility with older version + and fixed installation thereof. +- Got rid of the perl(Tk) dependancy by removing snmpcheck. +- Include /usr/include/ucd-snmp in the filelist. +- Fixed a problem with the ucd-snmp/version.h file. + +* Wed Jun 26 2002 Phil Knirsch 5.0.1-1 +- Updated to 5.0.1 +- Dropped --enable-reentrant as it's currently broken + +* Tue Apr 23 2002 Phil Knirsch 5.0-1 +- Switch to latest stable version, 5.0 +- Renamed the packate to net-snmp and obsoleted ucd-snmp. + +* Wed Apr 17 2002 Phil Knirsch 4.2.4-3 +- Fixed problem with reload in initscript (#63526). + +* Mon Apr 15 2002 Tim Powers 4.2.4-2 +- rebuilt in new environment + +* Mon Apr 15 2002 Tim Powers 4.2.4-1 +- update to 4.2.4 final + +* Sat Apr 13 2002 Phil Knirsch 4.2.4.pre3-5 +- Added some missing files to the %%files section. + +* Tue Apr 09 2002 Phil Knirsch 4.2.4.pre3-4 +- Hardcoded the ETC_MNTTAB to point to "/etc/mtab". + +* Mon Apr 08 2002 Phil Knirsch 4.2.4.pre3-3 +- Removed the check for dbFOO as we don't want to add another requirement. + +* Fri Apr 05 2002 Phil Knirsch 4.2.4.pre3-2 +- Added missing BuildPrereq to openssl-devel (#61525) + +* Thu Apr 04 2002 Phil Knirsch 4.2.4.pre3-1 +- Added ucd5820stat to the files section. +- Updated to latest version (4.2.4.pre3) + +* Mon Mar 18 2002 Phil Knirsch 4.2.4.pre2-1 +- Updated to latest version (4.2.4.pre2) + +* Tue Jan 29 2002 Phil Knirsch 4.2.3-4 +- Added the snmptrapd init script as per request (#49205) +- Fixed the again broken rpm query stuff (#57444) +- Removed all old and none-used db related stuff (libs and header checks/files) + +* Mon Jan 07 2002 Phil Knirsch 4.2.3-2 +- Included the Axioma Security Research fix for snmpnetstat from bugtraq. + +* Mon Dec 03 2001 Phil Knirsch 4.2.3-1 +- Update to 4.2.3 final. +- Fixed libtool/rpath buildroot pollution problem. +- Fixed library naming problem. + +* Fri Oct 5 2001 Philipp Knirsch +- Fixed a server segfault for snmpset operation (#53640). Thanks to Josh Giles + and Wes Hardaker for the patch. + +* Mon Sep 10 2001 Philipp Knirsch +- Fixed problem with RUNTESTS script. + +* Tue Sep 4 2001 Preston Brown +- fixed patch related to bug #35016 (Dell) + +* Fri Aug 24 2001 Philipp Knirsch 4.2.1-6 +- Fixed snmpd description (#52366) + +* Wed Aug 22 2001 Philipp Knirsch +- Final bcm5820 fix. Last one was broken. +- Fixed bugzilla bug (#51960) where the binaries contained rpath references. + +* Wed Aug 15 2001 Philipp Knirsch +- Fixed a couple of security issues: + o /tmp race and setgroups() privilege problem + o Various buffer overflow and format string issues. + o One signedness problem in ASN handling. +- Fixed an important RFE to support bcm5820 cards. (#51125) + +* Fri Jul 20 2001 Philipp Knirsch +- Removed tkmib from the package once again as we don't ship the Tk.pm CPAN + perl module required to run it (#49363) +- Added missing Provides for the .so.0 libraries as rpm doesn't seem to find + those during the build anymore (it used to) (#46388) + +* Thu Jul 19 2001 Philipp Knirsch +- Enabled IPv6 support (RFE #47764) +- Hopefully final fix of snmpwalk problem (#42153). Thanks to Douglas Warzecha + for the patch and Matt Domsch for reporting the problem. + +* Tue Jun 26 2001 Philipp Knirsch +- Fixed smux compilation problems (#41452) +- Fixed wrong paths displayed in manpages (#43053) + +* Mon Jun 25 2001 Philipp Knirsch +- Updated to 4.2.1. Removed 2 obsolete patches (fromcvs and #18153) +- Include /usr/share/snmp/snmpconf in %%files + +* Wed Jun 13 2001 Than Ngo +- fix to use libwrap in distro +- add buildprereq: tcp_wrappers + +* Fri Jun 1 2001 Bill Nottingham +- add a *new* patch for IP address return sizes + +* Fri Apr 20 2001 Bill Nottingham +- add patch so that only four bytes are returned for IP addresses on ia64 (#32244) + +* Wed Apr 11 2001 Bill Nottingham +- rebuild (missing alpha packages) + +* Fri Apr 6 2001 Matt Wilson +- added ucd-snmp-4.2-null.patch to correcly handle a NULL value (#35016) + +* Tue Apr 3 2001 Preston Brown +- clean up deinstallation (#34168) + +* Tue Mar 27 2001 Matt Wilson +- return a usable RETVAL when running "service snmpd status" (#33571) + +* Tue Mar 13 2001 Matt Wilson +- configure with --enable-reentrant and added "smux" and "agentx" to + --with-mib-modules= argument (#29626) + +* Fri Mar 2 2001 Nalin Dahyabhai +- rebuild in new environment + +* Mon Feb 26 2001 Tim Powers +- fixed initscript, for reload and restart it was start then stop, + fixed. (#28477) + +* Fri Feb 2 2001 Trond Eivind Glomsrod +- i18nize initscript + +* Sat Jan 6 2001 Jeff Johnson +- don't depend on /etc/init.d so that package will work with 6.2. +- perl path fiddles no longer needed. +- rely on brp-compress frpm rpm to compress man pages. +- patch from ucd-snmp CVS (Wes Hardaker). +- configure.in needs to check for rpm libraries correctly (#23033). +- add simple logrotate script (#21399). +- add options to create pidfile and log with syslog with addresses (#23476). + +* Sat Dec 30 2000 Jeff Johnson +- package for Red Hat 7.1. + +* Thu Dec 07 2000 Wes Hardaker +- update for 4.2 + +* Thu Oct 12 2000 Jeff Johnson +- add explicit format for syslog call (#18153). + +* Thu Jul 20 2000 Bill Nottingham +- move initscript back + +* Thu Jul 20 2000 Jeff Johnson +- rebuild per Trond's request. + +* Tue Jul 18 2000 Nalin Dahyabhai +- fix syntax error that crept in with condrestart + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Mon Jul 10 2000 Preston Brown +- move initscript and add condrestart magic + +* Sat Jun 17 2000 Bill Nottingham +- fix %%attr on man pages + +* Mon Jun 12 2000 Jeff Johnson +- tkmib doco had #!/usr/bin/perl55 +- include snmpcheck and tkmib again (still needs some CPAN module, however). + +* Tue Jun 6 2000 Jeff Johnson +- update to 4.1.2. +- FHS packaging. +- patch for rpm 4.0. + +* Thu May 18 2000 Trond Eivind Glomsrod +- add version to buildroot +- rebuilt with new libraries + +* Sun Feb 27 2000 Jeff Johnson +- default config was broken (from Wes Hardaker) (#9752) + +* Sun Feb 13 2000 Jeff Johnson +- compressed man pages. + +* Fri Feb 11 2000 Wes Hardaker +- update to 4.1.1 + +* Sat Feb 5 2000 Florian La Roche +- change %%postun to %%preun + +* Thu Feb 3 2000 Elliot Lee +- Don't ship tkmib, since we don't ship the perl modules needed to run it. +(Bug #4881) + +* Tue Aug 31 1999 Jeff Johnson +- default config permits RO access to system group only (Wed Hardaker). + +* Sun Aug 29 1999 Jeff Johnson +- implement suggestions from Wes Hardaker. + +* Fri Aug 27 1999 Jeff Johnson +- stateless access to rpm database. + +* Wed Aug 25 1999 Jeff Johnson +- update to 4.0.1. + +* Mon Aug 16 1999 Bill Nottingham +- initscript munging + +* Sat Jun 12 1999 Jeff Johnson +- update to 3.6.2 (#3219,#3259). +- add missing man pages (#3057). + +* Thu Apr 8 1999 Wes Hardaker +- fix Source0 location. +- fix the snmpd.conf file to use real community names. + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 3) + +* Fri Mar 19 1999 Preston Brown +- upgrade to 3.6.1, fix configuration file stuff. + +* Wed Feb 24 1999 Preston Brown +- Injected new description and group. + +* Tue Feb 2 1999 Jeff Johnson +- restore host resources mib +- simplified config file +- rebuild for 6.0. + +* Tue Dec 22 1998 Bill Nottingham +- remove backup file to fix perl dependencies + +* Tue Dec 8 1998 Jeff Johnson +- add all relevant rpm scalars to host resources mib. + +* Sun Dec 6 1998 Jeff Johnson +- enable libwrap (#253) +- enable host module (rpm queries over SNMP!). + +* Mon Oct 12 1998 Cristian Gafton +- strip binaries + +* Fri Oct 2 1998 Jeff Johnson +- update to 3.5.3. +- don't include snmpcheck until perl-SNMP is packaged. + +* Thu Aug 13 1998 Jeff Johnson +- ucd-snmpd.init: start daemon w/o -f. + +* Tue Aug 4 1998 Jeff Johnson +- don't start snmpd unless requested +- start snmpd after pcmcia. + +* Sun Jun 21 1998 Jeff Johnson +- all but config (especially SNMPv2p) ready for prime time + +* Sat Jun 20 1998 Jeff Johnson +- update to 3.5. + +* Tue Dec 30 1997 Otto Hammersmith +- created the package... possibly replace cmu-snmp with this. +