diff --git a/SOURCES/net-snmp-5.8-aes-config.patch b/SOURCES/net-snmp-5.8-aes-config.patch
new file mode 100644
index 0000000..a1ce69c
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-aes-config.patch
@@ -0,0 +1,100 @@
+From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Mon, 27 Apr 2020 08:23:16 -0700
+Subject: [PATCH] configure: Report supported authentication and encryption
+ modes correctly
+
+Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
+Research / CISCO") removed SHA-128 and SHA-192 support and added support for
+SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
+protocol constants handling") added support for several AES encryption modes.
+Make the configure script report which modes are supported.
+---
+ configure | 15 ++++++++++++++-
+ configure.d/config_os_misc2 | 15 ++++++++++++++-
+ 2 files changed, 28 insertions(+), 2 deletions(-)
+
+diff --git a/configure b/configure
+index 46402589f..7481ebd07 100755
+--- a/configure
++++ b/configure
+@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
+ $as_echo "Internal Crypto Support" >&6; }
+ elif test "x$useopenssl" != "xno" ; then
+- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
++ authmodes="MD5 SHA1"
++ if test "x$ac_cv_func_EVP_sha224" = xyes; then
++ authmodes="$authmodes SHA224 SHA256"
++ fi
++ if test "x$ac_cv_func_EVP_sha384" = xyes; then
++ authmodes="$authmodes SHA384 SHA512"
++ fi
+ if test "x$enable_privacy" != "xno" ; then
+ if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
+ encrmodes="DES AES"
+@@ -26492,6 +26498,13 @@ fi
+ if test "x$enable_md5" = "xno"; then
+ authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
+ fi
++if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
++ test "x$CRYPTO" = xinternal; then
++ encrmodes="$encrmodes AES128"
++ if test "x$aes_capable" = "xyes"; then
++ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
++ fi
++fi
+
+
+
+diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
+index 1df9bf0a2..be0bccec0 100644
+--- a/configure.d/config_os_misc2
++++ b/configure.d/config_os_misc2
+@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
+ AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
+ AC_MSG_RESULT(Internal Crypto Support)
+ elif test "x$useopenssl" != "xno" ; then
+- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
++ authmodes="MD5 SHA1"
++ if test "x$ac_cv_func_EVP_sha224" = xyes; then
++ authmodes="$authmodes SHA224 SHA256"
++ fi
++ if test "x$ac_cv_func_EVP_sha384" = xyes; then
++ authmodes="$authmodes SHA384 SHA512"
++ fi
+ if test "x$enable_privacy" != "xno" ; then
+ if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
+ encrmodes="DES AES"
+@@ -86,6 +92,13 @@ fi
+ if test "x$enable_md5" = "xno"; then
+ authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
+ fi
++if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
++ test "x$CRYPTO" = xinternal; then
++ encrmodes="$encrmodes AES128"
++ if test "x$aes_capable" = "xyes"; then
++ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
++ fi
++fi
+ AC_SUBST(LNETSNMPLIBS)
+ AC_SUBST(LAGENTLIBS)
+
+
+diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200
++++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200
+@@ -58,11 +58,11 @@ case $1 in
+ exit 1
+ fi
+ case $1 in
+- DES|AES|AES128)
++ DES|AES|AES128|AES192|AES256)
+ Xalgorithm=$1
+ shift
+ ;;
+- des|aes|aes128)
++ des|aes|aes128|aes192|aes256)
+ Xalgorithm=`echo $1 | tr a-z A-Z`
+ shift
+ ;;
diff --git a/SOURCES/net-snmp-5.8-dskTable-dynamic.patch b/SOURCES/net-snmp-5.8-dskTable-dynamic.patch
new file mode 100644
index 0000000..3ecbe64
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-dskTable-dynamic.patch
@@ -0,0 +1,181 @@
+diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
+--- a/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:29:35.867328760 +0200
++++ b/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:44:13.053535421 +0200
+@@ -153,9 +153,10 @@ static void disk_free_config(void)
+ static void disk_parse_config(const char *, char *);
+ static void disk_parse_config_all(const char *, char *);
+ #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
+-static void find_and_add_allDisks(int minpercent);
++static void refresh_disk_table(int addNewDisks, int minpercent);
+ static void add_device(char *path, char *device,
+- int minspace, int minpercent, int override);
++ int minspace, int minpercent, int addNewDisks,
++ int override);
+ static void modify_disk_parameters(int index, int minspace,
+ int minpercent);
+ static int disk_exists(char *path);
+@@ -167,6 +168,7 @@ struct diskpart {
+ char path[STRMAX];
+ int minimumspace;
+ int minpercent;
++ int alive;
+ };
+
+ #define MAX_INT_32 0x7fffffff
+@@ -174,6 +176,7 @@ struct diskpart {
+
+ unsigned int numdisks;
+ int allDisksIncluded = 0;
++int allDisksMinPercent = 0;
+ unsigned int maxdisks = 0;
+ struct diskpart *disks;
+
+@@ -238,6 +241,7 @@ init_disk(void)
+ disk_free_config,
+ "minpercent%");
+ allDisksIncluded = 0;
++ allDisksMinPercent = 0;
+ }
+
+ static void
+@@ -253,6 +257,7 @@ disk_free_config(void)
+ disks[i].minpercent = -1;
+ }
+ allDisksIncluded = 0;
++ allDisksMinPercent = 0;
+ }
+
+ static void
+@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
+ * check if the disk already exists, if so then modify its
+ * parameters. if it does not exist then add it
+ */
+- add_device(path, find_device(path), minspace, minpercent, 1);
++ add_device(path, find_device(path), minspace, minpercent, 1, 1);
+ #endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
+ }
+
+@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
+
+ #if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
+ static void
+-add_device(char *path, char *device, int minspace, int minpercent, int override)
++add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override)
+ {
+ int index;
+
+@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
+ }
+
+ index = disk_exists(path);
+- if((index != -1) && (index < maxdisks) && (override==1)) {
+- modify_disk_parameters(index, minspace, minpercent);
++ if((index != -1) && (index < maxdisks)) {
++ /* the path is already in the table */
++ disks[index].alive = 1;
++ /* -> update its device */
++ strlcpy(disks[index].device, device, sizeof(disks[index].device));
++ if (override == 1) {
++ modify_disk_parameters(index, minspace, minpercent);
++ }
+ }
+- else if(index == -1){
++ else if(index == -1 && addNewDisks){
+ /* add if and only if the device was found */
+ if(device[0] != 0) {
+ /* The following buffers are cleared above, no need to add '\0' */
+@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
+ strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
+ disks[numdisks].minimumspace = minspace;
+ disks[numdisks].minpercent = minpercent;
++ disks[numdisks].alive = 1;
+ numdisks++;
+ }
+ else {
+@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
+ disks[numdisks].minpercent = -1;
+ disks[numdisks].path[0] = 0;
+ disks[numdisks].device[0] = 0;
++ disks[numdisks].alive = 0;
+ }
+ }
+ }
+@@ -444,7 +457,7 @@ int disk_exists(char *path)
+ }
+
+ static void
+-find_and_add_allDisks(int minpercent)
++refresh_disk_table(int addNewDisks, int minpercent)
+ {
+ #if HAVE_GETMNTENT
+ #if HAVE_SYS_MNTTAB_H
+@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
+ return;
+ }
+ while (mntfp && NULL != (mntent = getmntent(mntfp))) {
+- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
++ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
+ dummy = 1;
+ }
+ if (mntfp)
+@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
+ return;
+ }
+ while ((i = getmntent(mntfp, &mnttab)) == 0) {
+- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
++ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
+ dummy = 1;
+ }
+ fclose(mntfp);
+@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent)
+ #elif HAVE_FSTAB_H
+ setfsent(); /* open /etc/fstab */
+ while((fstab1 = getfsent()) != NULL) {
+- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
++ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
+ dummy = 1;
+ }
+ endfsent(); /* close /etc/fstab */
+@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent)
+ mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
+ for (i = 0; i < mntsize; i++) {
+ if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) {
+- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0);
++ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0);
+ }
+ }
+ }
+@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent)
+ * statfs we default to the root partition "/"
+ */
+ if (statfs("/", &statf) == 0) {
+- add_device("/", statf.f_mntfromname, -1, minpercent, 0);
++ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
+ }
+ #endif
+ else {
+@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_e
+ #endif
+ #endif
+
++ if (disks[disknum].alive == 0){
++ return -1;
++ }
++
+ entry->dskPercentInode = -1;
+
+ #if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
+@@ -826,6 +843,13 @@ var_extensible_disk(struct variable *vp,
+ static long long_ret;
+ static char *errmsg;
+
++ int i;
++ for (i = 0; i < numdisks; i++){
++ disks[i].alive = 0;
++ }
++ /* dynamically add new disks + update alive flag */
++ refresh_disk_table(allDisksIncluded, allDisksMinPercent);
++
+ tryAgain:
+ if (header_simple_table
+ (vp, name, length, exact, var_len, write_method, numdisks))
diff --git a/SOURCES/net-snmp-5.8-duplicate-ipAddress.patch b/SOURCES/net-snmp-5.8-duplicate-ipAddress.patch
new file mode 100644
index 0000000..075976a
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-duplicate-ipAddress.patch
@@ -0,0 +1,11 @@
+diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
+--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200
++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200
+@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
+ for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
+ if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
+ /* 'entry' is duplicate of the previous one -> delete it */
++ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
+ netsnmp_access_ipaddress_entry_free(entry);
+ } else {
+ CONTAINER_INSERT(ret, entry);
diff --git a/SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch b/SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch
new file mode 100644
index 0000000..a812cf4
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-expand-SNMPCONFPATH.patch
@@ -0,0 +1,12 @@
+diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
+--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200
++++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200
+@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
+ * save a warning header to the top of the new file
+ */
+ snprintf(fileold, sizeof(fileold),
+- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
++ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
+ "#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
+ "#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
+ type, type, type,
diff --git a/SOURCES/net-snmp-5.8-ipAddress-faster-load.patch b/SOURCES/net-snmp-5.8-ipAddress-faster-load.patch
new file mode 100644
index 0000000..db95998
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-ipAddress-faster-load.patch
@@ -0,0 +1,82 @@
+diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
+--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200
++++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200
+@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
+ }
+
+ #elif defined(linux)
++#include <errno.h>
+ static struct ifreq *ifr;
+ static int ifr_counter;
+
+ static void
+ Address_Scan_Init(void)
+ {
+- int num_interfaces = 0;
++ int i;
+ int fd;
++ int lastlen = 0;
+
+ /* get info about all interfaces */
+
+@@ -510,28 +512,45 @@ Address_Scan_Init(void)
+ SNMP_FREE(ifc.ifc_buf);
+ ifr_counter = 0;
+
+- do
+- {
+ if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+ {
+ DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
+ return;
+ }
+- num_interfaces += 16;
+
+- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
+- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
+-
+- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
+- {
+- ifr=NULL;
+- close(fd);
+- return;
+- }
+- close(fd);
++ /*
++ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
++ * on some platforms; see W. R. Stevens, ``Unix Network Programming
++ * Volume I'', p.435...
++ */
++
++ for (i = 8;; i *= 2) {
++ ifc.ifc_len = sizeof(struct ifreq) * i;
++ ifc.ifc_req = calloc(i, sizeof(struct ifreq));
++
++ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
++ if (errno != EINVAL || lastlen != 0) {
++ /*
++ * Something has gone genuinely wrong...
++ */
++ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
++ SNMP_FREE(ifc.ifc_buf);
++ close(fd);
++ return;
++ }
++ } else {
++ if (ifc.ifc_len == lastlen) {
++ /*
++ * The length is the same as the last time; we're done...
++ */
++ break;
++ }
++ lastlen = ifc.ifc_len;
++ }
++ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
+ }
+- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
+-
++
++ close(fd);
+ ifr = ifc.ifc_req;
+ }
+
diff --git a/SOURCES/net-snmp-5.8-licensing.patch b/SOURCES/net-snmp-5.8-licensing.patch
new file mode 100644
index 0000000..4ff900d
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-licensing.patch
@@ -0,0 +1,500 @@
+diff -ruNp a/agent/mibgroup/host/data_access/swrun_darwin.c b/agent/mibgroup/host/data_access/swrun_darwin.c
+--- a/agent/mibgroup/host/data_access/swrun_darwin.c 2020-06-10 09:56:52.517606921 +0200
++++ b/agent/mibgroup/host/data_access/swrun_darwin.c 1970-01-01 01:00:00.000000000 +0100
+@@ -1,496 +0,0 @@
+-/*
+- * swrun_darwin.c:
+- * hrSWRunTable data access:
+- * Darwin
+- */
+-/*
+- * Copyright (C) 2007 Apple, Inc. All rights reserved.
+- * Use is subject to license terms specified in the COPYING file
+- * distributed with the Net-SNMP package.
+- */
+-#include <net-snmp/net-snmp-config.h>
+-#include <net-snmp/net-snmp-includes.h>
+-#include <net-snmp/agent/net-snmp-agent-includes.h>
+-#include <net-snmp/library/container.h>
+-#include <net-snmp/library/snmp_debug.h>
+-#include <net-snmp/data_access/swrun.h>
+-#include "swrun_private.h"
+-
+-#include <stdlib.h>
+-#include <unistd.h>
+-
+-#include <libproc.h>
+-#include <sys/proc_info.h>
+-#include <sys/sysctl.h> /* for sysctl() and struct kinfo_proc */
+-
+-#define __APPLE_API_EVOLVING 1
+-#include <sys/acl.h> /* or else CoreFoundation.h barfs */
+-#undef __APPLE_API_EVOLVING
+-
+-#include <CoreFoundation/CFBase.h>
+-#include <CoreFoundation/CFNumber.h>
+-#include <CoreFoundation/CFBundle.h>
+-#include <CoreServices/CoreServices.h>
+-#include <IOKit/IOCFBundle.h>
+-#include <mach/mach.h>
+-#include <mach/mach_time.h>
+-
+-/** sigh... can't find Processes.h */
+-#ifndef kProcessDictionaryIncludeAllInformationMask
+-#define kProcessDictionaryIncludeAllInformationMask (long)0xFFFFFFFF
+-#endif
+-#ifndef procNotFound
+-#define procNotFound -600
+-#endif
+-
+-/* ---------------------------------------------------------------------
+- */
+-static int _kern_argmax;
+-static int _set_command_name(netsnmp_swrun_entry *entry);
+-
+-/** avoid kernel bug in 10.2. 8192 oughta be enough anyways, right? */
+-#define MAX_KERN_ARGMAX 8192
+-
+-/* ---------------------------------------------------------------------
+- */
+-void
+-netsnmp_arch_swrun_init(void)
+-{
+- int mib[2] = { CTL_KERN, KERN_ARGMAX };
+- size_t size, mib_size = sizeof(mib)/sizeof(mib[0]);
+-
+- DEBUGMSGTL(("swrun:load:arch","init\n"));
+-
+- size = sizeof(_kern_argmax);
+- if (sysctl(mib, mib_size, &_kern_argmax, &size, NULL, 0) == -1) {
+- snmp_log(LOG_ERR, "Error in ARGMAX sysctl(): %s", strerror(errno));
+- _kern_argmax = MAX_KERN_ARGMAX;
+- }
+- else if (_kern_argmax > MAX_KERN_ARGMAX) {
+- DEBUGMSGTL(("swrun:load:arch",
+- "artificially limiting ARGMAX to %d (from %d)\n",
+- MAX_KERN_ARGMAX, _kern_argmax));
+- _kern_argmax = MAX_KERN_ARGMAX;
+- }
+-
+-
+-}
+-
+-/* ---------------------------------------------------------------------
+- */
+-#define SWRUNINDENT " "
+-int
+-netsnmp_arch_swrun_container_load( netsnmp_container *container, u_int flags)
+-{
+- int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL};
+- size_t buf_size, mib_size = sizeof(mib)/sizeof(mib[0]);
+- struct kinfo_proc *processes = NULL;
+- struct proc_taskallinfo taskinfo;
+- netsnmp_swrun_entry *entry;
+- int rc, num_entries, i;
+-
+- DEBUGMSGTL(("swrun:load:arch"," load\n"));
+-
+- /*
+- * get size to allocate. This introduces a bit of a race condition,
+- * as the size could change between this call and the next...
+- */
+- rc = sysctl(mib, mib_size, NULL, &buf_size, NULL, 0);
+- if (rc < 0) {
+- snmp_log(LOG_ERR, "KERN_PROC_ALL size sysctl failed: %d\n", rc);
+- return -1;
+- }
+-
+- processes = (struct kinfo_proc*) malloc(buf_size);
+- if (NULL == processes) {
+- snmp_log(LOG_ERR, "malloc failed\n");
+- return -1;
+- }
+-
+- rc = sysctl(mib, mib_size, processes, &buf_size, NULL, 0);
+- if (rc < 0) {
+- snmp_log(LOG_ERR, "KERN_PROC_ALL sysctl failed: %d\n", rc);
+- free(processes);
+- return -1;
+- }
+-
+- num_entries = buf_size / sizeof(struct kinfo_proc);
+-
+- for (i = 0; i < num_entries; i++) {
+- /*
+- * skip empty names.
+- * p_stat = (SIDL|SRUN|SSLEEP|SSTOP|SZOMB)
+- */
+- if (('\0' == processes[i].kp_proc.p_comm[0]) ||
+- (0 == processes[i].kp_proc.p_pid)) {
+- DEBUGMSGTL(("swrun:load:arch",
+- " skipping p_comm '%s', pid %5d, p_pstat %d\n",
+- processes[i].kp_proc.p_comm ?
+- processes[i].kp_proc.p_comm : "NULL",
+- processes[i].kp_proc.p_pid,
+- processes[i].kp_proc.p_stat));
+- continue;
+- }
+-
+- DEBUGMSGTL(("swrun:load:arch"," %s pid %5d\n",
+- processes[i].kp_proc.p_comm,
+- processes[i].kp_proc.p_pid));
+-
+- entry = netsnmp_swrun_entry_create(processes[i].kp_proc.p_pid);
+- if (NULL == entry)
+- continue; /* error already logged by function */
+- rc = CONTAINER_INSERT(container, entry);
+-
+- /*
+- * p_comm is a partial name, but it is all we have at this point.
+- */
+- entry->hrSWRunName_len = snprintf(entry->hrSWRunName,
+- sizeof(entry->hrSWRunName)-1,
+- "%s", processes[i].kp_proc.p_comm);
+-
+- /** sysctl for name, path, params */
+- rc = _set_command_name(entry);
+-
+- /*
+- * map p_stat to RunStatus. Odd that there is no 'running' status.
+- */
+- switch(processes[i].kp_proc.p_stat) {
+- case SRUN:
+- entry->hrSWRunStatus = HRSWRUNSTATUS_RUNNABLE;
+- break;
+- case SSLEEP:
+- case SSTOP:
+- entry->hrSWRunStatus = HRSWRUNSTATUS_NOTRUNNABLE;
+- break;
+- case SIDL:
+- case SZOMB:
+- default:
+- entry->hrSWRunStatus = HRSWRUNSTATUS_INVALID;
+- break;
+- }
+-
+- /*
+- * check for system processes
+- */
+- if (P_SYSTEM & processes[i].kp_proc.p_flag) {
+- entry->hrSWRunType = HRSWRUNTYPE_OPERATINGSYSTEM;
+- DEBUGMSGTL(("swrun:load:arch", SWRUNINDENT "SYSTEM\n"));
+- }
+- else entry->hrSWRunType = HRSWRUNTYPE_APPLICATION;
+-
+- /*
+- * get mem size, run time
+- */
+- rc = proc_pidinfo( processes[i].kp_proc.p_pid, PROC_PIDTASKALLINFO, 0,
+- &taskinfo, sizeof(taskinfo));
+- if (sizeof(taskinfo) != rc) {
+- DEBUGMSGTL(("swrun:load:arch", " proc_pidinfo returned %d\n", rc));
+- }
+- else {
+- uint64_t task_mem = taskinfo.ptinfo.pti_resident_size / 1024;
+- union {
+- u_quad_t uq; /* u_int64_t */
+- UnsignedWide uw; /* struct u_int32_t hi/lo */
+- } at, ns;
+- at.uq = taskinfo.ptinfo.pti_total_user +
+- taskinfo.ptinfo.pti_total_system;
+- ns = at;
+- ns.uq = ns.uq / 10000000LL; /* nano to deci */
+- if (task_mem > INT32_MAX) {
+- DEBUGMSGTL(("swrun:load:arch", SWRUNINDENT "mem overflow\n"));
+- task_mem = INT32_MAX;
+- }
+- if (ns.uq > INT32_MAX) {
+- DEBUGMSGTL(("swrun:load:arch", SWRUNINDENT "time overflow\n"));
+- ns.uq = INT32_MAX;
+- }
+- entry->hrSWRunPerfMem = task_mem;
+- entry->hrSWRunPerfCPU = ns.uq;
+- }
+- }
+- free(processes);
+-
+- DEBUGMSGTL(("swrun:load:arch"," loaded %d entries\n",
+- (int)CONTAINER_SIZE(container)));
+-
+- return 0;
+-}
+-
+-/* ---------------------------------------------------------------------
+- * The following code was snagged from Darwin code, and the original
+- * file had the following licences:
+- */
+-
+-/*
+- * Copyright (c) 2002-2004 Apple Computer, Inc. All rights reserved.
+- *
+- * @APPLE_LICENSE_HEADER_START@
+- *
+- * The contents of this file constitute Original Code as defined in and
+- * are subject to the Apple Public Source License Version 1.1 (the
+- * "License"). You may not use this file except in compliance with the
+- * License. Please obtain a copy of the License at
+- * http://www.apple.com/publicsource and read it before using this file.
+- *
+- * This Original Code and all software distributed under the License are
+- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
+- * License for the specific language governing rights and limitations
+- * under the License.
+- *
+- * @APPLE_LICENSE_HEADER_END@
+- */
+-#ifdef JAGUAR /* xxx configure test? */
+-static int
+-_set_command_name_jaguar(netsnmp_swrun_entry *entry)
+-{
+- int mib[3] = {CTL_KERN, KERN_PROCARGS, 0};
+- size_t procargssize, mib_size = sizeof(mib)/sizeof(mib[0]);
+- char *arg_end, *exec_path;
+- int *ip;
+- int len;
+- char *command_beg, *command, *command_end;
+- char arg_buf[MAX_KERN_ARGMAX]; /* max to avoid kernel bug */
+-
+- DEBUGMSGTL(("swrun:load:arch:_cn"," pid %d\n", entry->hrSWRunIndex));
+-
+- mib[2] = entry->hrSWRunIndex;
+-
+- memset(arg_buf, 0x0, sizeof(arg_buf));
+- procargssize = _kern_argmax;
+- if (sysctl(mib, mib_size, arg_buf, &procargssize, NULL, 0) == -1) {
+- snmp_log(LOG_ERR, "Error in PROCARGS sysctl() for %s: %s\n",
+- entry->hrSWRunName, strerror(errno));
+- entry->hrSWRunPath_len = 0;
+- return -1;
+- }
+-
+- /* Set ip just above the end of arg_buf. */
+- arg_end = &arg_buf[procargssize];
+- ip = (int *)arg_end;
+-
+- /*
+- * Skip the last 2 words, since the last is a 0 word, and
+- * the second to last may be as well, if there are no
+- * arguments.
+- */
+- ip -= 3;
+-
+- /* Iterate down the arguments until a 0 word is found. */
+- for (; *ip != 0; ip--) {
+- if (ip == (int *)arg_buf) {
+- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected toparg\n"));
+- return -1;
+- }
+- }
+-
+- /* The saved exec_path is just above the 0 word. */
+- ip++;
+- exec_path = (char *)ip;
+- DEBUGMSGTL(("swrun:load:arch:_cn"," exec_path %s\n", exec_path));
+- len = strlen(exec_path);
+- strlcpy(entry->hrSWRunPath, exec_path, sizeof(entry->hrSWRunPath));
+- if (len > sizeof(entry->hrSWRunPath)-1) {
+- DEBUGMSGTL(("swrun:load:arch:_cn"," truncating long run path\n"));
+- entry->hrSWRunPath[sizeof(entry->hrSWRunPath)-2] = '$';
+- entry->hrSWRunPath_len = sizeof(entry->hrSWRunPath)-1;
+- DEBUGMSGTL(("swrun:load:arch:_cn"," exec_path %s\n",
+- entry->hrSWRunPath));
+- }
+- else
+- entry->hrSWRunPath_len = len;
+-
+- /*
+- * Get the beginning of the first argument. It is word-aligned,
+- * so skip padding '\0' bytes.
+- */
+- command_beg = exec_path + strlen(exec_path);
+- DEBUGMSGTL(("swrun:load:arch:_cn"," command_beg '%s'\n", command_beg));
+- for (; *command_beg == '\0'; command_beg++) {
+- if (command_beg >= arg_end)
+- return -1;
+- }
+- DEBUGMSGTL(("swrun:load:arch:_cn"," command_beg '%s'\n", command_beg));
+-
+- /* Get the basename of command. */
+- command = command_end = command_beg + strlen(command_beg) + 1;
+- for (command--; command >= command_beg; command--) {
+- if (*command == '/')
+- break;
+- }
+- command++;
+- DEBUGMSGTL(("swrun:load:arch:_cn"," command '%s'\n", command));
+-
+- /* Allocate space for the command and copy. */
+- DEBUGMSGTL(("swrun:load:arch:_cn",
+- SWRUNINDENT "kernel name %s\n", command));
+- if (strncmp(command, entry->hrSWRunName, sizeof(entry->hrSWRunName)-1)) {
+- strlcpy(entry->hrSWRunName, command, sizeof(entry->hrSWRunName));
+- entry->hrSWRunName_len = strlen(entry->hrSWRunName);
+- DEBUGMSGTL(("swrun:load:arch:_cn", "**"
+- SWRUNINDENT "updated name to %s\n", entry->hrSWRunName));
+- return 0;
+- }
+-
+- /** no error, no change */
+- return 1;
+-}
+-#else
+-static int
+-_set_command_name(netsnmp_swrun_entry *entry)
+-{
+- int mib[3] = {CTL_KERN, 0, 0};
+- size_t procargssize, mib_size = sizeof(mib)/sizeof(mib[0]);
+- char *cp;
+- int len, nargs;
+- char *command_beg, *command, *command_end, *exec_path, *argN;
+- char arg_buf[MAX_KERN_ARGMAX]; /* max to avoid kernel bug */
+-
+- /*
+- * arguments
+- */
+- mib[1] = KERN_PROCARGS2;
+- mib[2] = entry->hrSWRunIndex;
+-
+- memset(arg_buf, 0x0, sizeof(arg_buf));
+- procargssize = _kern_argmax;
+- if (sysctl(mib, mib_size, arg_buf, &procargssize, NULL, 0) == -1) {
+- snmp_log(LOG_ERR, "Error in PROCARGS2 sysctl() for %s: %s\n",
+- entry->hrSWRunName, strerror(errno));
+- entry->hrSWRunPath_len = 0;
+- entry->hrSWRunParameters_len = 0;
+- return -1;
+- }
+- else {
+- memcpy(&nargs,arg_buf, sizeof(nargs));
+- }
+-
+- exec_path = arg_buf + sizeof(nargs);
+- len = strlen(exec_path);
+- strlcpy(entry->hrSWRunPath, exec_path, sizeof(entry->hrSWRunPath));
+- if (len > sizeof(entry->hrSWRunPath)-1) {
+- DEBUGMSGTL(("swrun:load:arch:_cn"," truncating long run path\n"));
+- entry->hrSWRunPath[sizeof(entry->hrSWRunPath)-2] = '$';
+- entry->hrSWRunPath_len = sizeof(entry->hrSWRunPath)-1;
+- }
+- else
+- entry->hrSWRunPath_len = len;
+-
+- /** Skip the saved exec_path. */
+-#if 0
+- cp = exec_path + len;
+-#else
+- for (cp = exec_path; cp < &arg_buf[procargssize]; cp++) {
+- if (*cp == '\0')
+- break; /* End of exec_path reached. */
+- }
+- if (cp != exec_path + len) {
+- DEBUGMSGTL(("swrun:load:arch:_cn", " OFF BY %d\n",
+- (int)((exec_path + len) - cp)));
+- netsnmp_assert( cp == exec_path + len );
+- }
+-#endif
+- if (cp == &arg_buf[procargssize]) {
+- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected end of buffer\n"));
+- return -1;
+- }
+-
+- /** Skip trailing '\0' characters. */
+- for (; cp < &arg_buf[procargssize]; cp++) {
+- if (*cp != '\0')
+- break; /* Beginning of first argument reached. */
+- }
+- if (cp == &arg_buf[procargssize]) {
+- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected end of buffer\n"));
+- return -1;
+- }
+- command_beg = cp;
+-
+- /*
+- * Make sure that the command is '\0'-terminated. This protects
+- * against malicious programs; under normal operation this never
+- * ends up being a problem..
+- */
+- for (; cp < &arg_buf[procargssize]; cp++) {
+- if (*cp == '\0')
+- break; /* End of first argument reached. */
+- }
+- if (cp == &arg_buf[procargssize]) {
+- DEBUGMSGTL(("swrun:load:arch:_cn"," unexpected end of buffer\n"));
+- return -1;
+- }
+- command_end = command = cp;
+- --nargs;
+-
+- /*
+- * save arguments
+- */
+- while( nargs && cp < &arg_buf[procargssize] ) {
+- /** Skip trailing '\0' characters from prev arg. */
+- for (; (cp < &arg_buf[procargssize]) && (*cp == 0); cp++)
+- ; /* noop */
+- if (cp == &arg_buf[procargssize])
+- continue; /* effectively a break */
+-
+- /** save argN start */
+- argN = cp;
+- --nargs;
+- if (0 == nargs)
+- continue; /* effectively a break */
+-
+- /** Skip to end of arg */
+- for (; (cp < &arg_buf[procargssize]) && (*cp != 0); cp++)
+- ; /* noop */
+- if (cp == &arg_buf[procargssize])
+- continue; /* effectively a break */
+-
+- /*
+- * check for overrun into env
+- */
+- if ((*argN != '-') && strchr(argN,'=')) {
+- DEBUGMSGTL(("swrun:load:arch:_cn", " *** OVERRUN INTO ENV %d\n",nargs));
+- continue;
+- }
+-
+- /*
+- * save arg
+- */
+- if(entry->hrSWRunParameters_len < sizeof(entry->hrSWRunParameters)-1) {
+- strlcat(&entry->hrSWRunParameters[entry->hrSWRunParameters_len],
+- argN, sizeof(entry->hrSWRunParameters)-entry->hrSWRunParameters_len-1);
+- entry->hrSWRunParameters_len = strlen(entry->hrSWRunParameters);
+- if ((entry->hrSWRunParameters_len+2 < sizeof(entry->hrSWRunParameters)-1) && (0 != nargs)) {
+- /* add space between params */
+- entry->hrSWRunParameters[entry->hrSWRunParameters_len++] = ' ';
+- entry->hrSWRunParameters[entry->hrSWRunParameters_len] = 0;
+- } else {
+- DEBUGMSGTL(("swrun:load:arch:_cn"," truncating long arg list\n"));
+- entry->hrSWRunParameters[entry->hrSWRunParameters_len++] = '$';
+- entry->hrSWRunParameters[entry->hrSWRunParameters_len] = '0';
+- }
+- }
+- }
+- if (' ' == entry->hrSWRunParameters[entry->hrSWRunParameters_len])
+- entry->hrSWRunParameters[entry->hrSWRunParameters_len--] = 0;
+-
+-
+- /* Get the basename of command. */
+- for (command--; command >= command_beg; command--) {
+- if (*command == '/')
+- break;
+- }
+- command++;
+-
+- /* Allocate space for the command and copy. */
+- if (strncmp(command, entry->hrSWRunName, sizeof(entry->hrSWRunName)-1)) {
+- strlcpy(entry->hrSWRunName, command, sizeof(entry->hrSWRunName));
+- entry->hrSWRunName_len = strlen(entry->hrSWRunName);
+- DEBUGMSGTL(("swrun:load:arch:_cn",
+- " **updated name to %s\n", entry->hrSWRunName));
+- }
+-
+- return 0;
+-}
+-#endif
diff --git a/SOURCES/net-snmp-5.8-man-page.patch b/SOURCES/net-snmp-5.8-man-page.patch
new file mode 100644
index 0000000..dc78e14
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-man-page.patch
@@ -0,0 +1,36 @@
+diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
+--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200
++++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200
+@@ -3,7 +3,7 @@
+ net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
+ .SH SYNOPSIS
+ .PP
+-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
++.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
+ .B [username]
+ .SH DESCRIPTION
+ .PP
+@@ -16,13 +16,16 @@ new user in net-snmp configuration file
+ displays the net-snmp version number
+ .TP
+ \fB\-ro\fR
+-create an user with read-only permissions
++creates a user with read-only permissions
+ .TP
+-\fB\-a authpass\fR
+-specify authentication password
++\fB\-A authpass\fR
++specifies the authentication password
+ .TP
+-\fB\-x privpass\fR
+-specify encryption password
++\fB\-a MD5|SHA\fR
++specifies the authentication password hashing algorithm
+ .TP
+-\fB\-X DES|AES\fR
+-specify encryption algorithm
++\fB\-X privpass\fR
++specifies the encryption password
++.TP
++\fB\-x DES|AES\fR
++specifies the encryption algorithm
diff --git a/SOURCES/net-snmp-5.8-memory-reporting.patch b/SOURCES/net-snmp-5.8-memory-reporting.patch
new file mode 100644
index 0000000..da03a37
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-memory-reporting.patch
@@ -0,0 +1,35 @@
+diff -urNp a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
+--- a/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:36:40.164588176 +0200
++++ b/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:38:59.398944829 +0200
+@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
+ ssize_t bytes_read;
+ char *b;
+ unsigned long memtotal = 0, memfree = 0, memshared = 0,
+- buffers = 0, cached = 0,
++ buffers = 0, cached = 0, sreclaimable = 0,
+ swaptotal = 0, swapfree = 0;
+
+ netsnmp_memory_info *mem;
+@@ -127,6 +127,13 @@ int netsnmp_mem_arch_load( netsnmp_cache
+ if (first)
+ snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
+ }
++ b = strstr(buff, "SReclaimable: ");
++ if (b)
++ sscanf(b, "SReclaimable: %lu", &sreclaimable);
++ else {
++ if (first)
++ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
++ }
+ b = strstr(buff, "SwapFree: ");
+ if (b)
+ sscanf(b, "SwapFree: %lu", &swapfree);
+@@ -183,7 +190,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
+ if (!mem->descr)
+ mem->descr = strdup("Cached memory");
+ mem->units = 1024;
+- mem->size = cached;
++ mem->size = cached+sreclaimable;
+ mem->free = 0; /* Report cached size/used as equal */
+ mem->other = -1;
+ }
diff --git a/SOURCES/net-snmp-5.8-proxy-getnext.patch b/SOURCES/net-snmp-5.8-proxy-getnext.patch
new file mode 100644
index 0000000..ff2294f
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-proxy-getnext.patch
@@ -0,0 +1,12 @@
+diff -ruNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
+--- a/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:24:24.933347483 +0200
++++ b/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:25:49.007148474 +0200
+@@ -460,7 +460,7 @@ proxy_handler(netsnmp_mib_handler *handl
+ if (sp->base_len &&
+ reqinfo->mode == MODE_GETNEXT &&
+ (snmp_oid_compare(ourname, ourlength,
+- sp->base, sp->base_len) < 0)) {
++ sp->name, sp->name_len) < 0)) {
+ DEBUGMSGTL(( "proxy", "request is out of registered range\n"));
+ /*
+ * Create GETNEXT request with an OID so the
diff --git a/SOURCES/net-snmp-5.8-rpm-memory-leak.patch b/SOURCES/net-snmp-5.8-rpm-memory-leak.patch
new file mode 100644
index 0000000..33b8d29
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-rpm-memory-leak.patch
@@ -0,0 +1,26 @@
+diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
+--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200
++++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200
+@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
+ snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
+ SNMP_FREE(rpmdbpath);
+ dbpath = NULL;
++#ifdef HAVE_RPMGETPATH
++ rpmFreeRpmrc();
++#endif
+ if (-1 == stat( pkg_directory, &stat_buf )) {
+ snmp_log(LOG_ERR, "Can't find directory of RPM packages");
+ pkg_directory[0] = '\0';
+diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
+--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200
++++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200
+@@ -231,6 +231,9 @@ init_hr_swinst(void)
+ snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
+ path[ sizeof(path)-1 ] = 0;
+ swi->swi_directory = strdup(path);
++#ifdef HAVE_RPMGETPATH
++ rpmFreeRpmrc();
++#endif
+ }
+ #else
+ # ifdef _PATH_HRSW_directory
diff --git a/SOURCES/net-snmp-5.8-sec-memory-leak.patch b/SOURCES/net-snmp-5.8-sec-memory-leak.patch
new file mode 100644
index 0000000..2d5a986
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-sec-memory-leak.patch
@@ -0,0 +1,84 @@
+diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
+--- a/agent/snmp_agent.c 2020-06-11 10:20:31.646339191 +0200
++++ b/agent/snmp_agent.c 2020-06-11 10:23:41.178056889 +0200
+@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
+ DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
+ asp, asp->reqinfo));
+
+- /* Clean up securityStateRef here to prevent a double free */
+- if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
+- snmp_free_securityStateRef(asp->orig_pdu);
+- if (asp->pdu && asp->pdu->securityStateRef)
+- snmp_free_securityStateRef(asp->pdu);
+-
+ if (asp->orig_pdu)
+ snmp_free_pdu(asp->orig_pdu);
+ if (asp->pdu)
+diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
+--- a/include/net-snmp/pdu_api.h 2020-06-11 10:20:31.631339058 +0200
++++ b/include/net-snmp/pdu_api.h 2020-06-11 10:24:17.261390028 +0200
+@@ -19,8 +19,6 @@ NETSNMP_IMPORT
+ netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
+ NETSNMP_IMPORT
+ void snmp_free_pdu( netsnmp_pdu *pdu);
+-NETSNMP_IMPORT
+-void snmp_free_securityStateRef( netsnmp_pdu *pdu);
+
+ #ifdef __cplusplus
+ }
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c 2020-06-11 10:20:31.695339627 +0200
++++ b/snmplib/snmp_api.c 2020-06-11 10:33:55.510891945 +0200
+@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
+ pdu->securityStateRef = NULL;
+ }
+
+-/*
+- * This function is here to provide a separate call to
+- * free the securityStateRef memory. This is needed to prevent
+- * a double free if this memory is freed in snmp_free_pdu.
+- */
+-void
+-snmp_free_securityStateRef(netsnmp_pdu* pdu)
+-{
+- free_securityStateRef(pdu);
+-}
+-
+ #define ERROR_STAT_LENGTH 11
+
+ int
+@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
+ if (!pdu)
+ return;
+
++ free_securityStateRef(pdu);
++
+ /*
+ * If the command field is empty, that probably indicates
+ * that this PDU structure has already been freed.
+@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
+ }
+
+ if (ret != SNMP_ERR_NOERROR) {
+- /*
+- * Call the security model to free any securityStateRef supplied w/ msg.
+- */
+- if (pdu->securityStateRef != NULL) {
+- free_securityStateRef(pdu);
+- }
+ snmp_free_pdu(pdu);
+ return NULL;
+ }
+@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
+ }
+ }
+
+- /*
+- * Call USM to free any securityStateRef supplied with the message.
+- */
+- if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
+- free_securityStateRef(pdu);
+-
+ if (!handled) {
+ if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
+ return -2;
diff --git a/SOURCES/snmpd.service b/SOURCES/snmpd.service
index adb394d..8f6cb2e 100644
--- a/SOURCES/snmpd.service
+++ b/SOURCES/snmpd.service
@@ -1,6 +1,6 @@
[Unit]
Description=Simple Network Management Protocol (SNMP) Daemon.
-After=syslog.target network.target
+After=syslog.target network-online.target
[Service]
Type=notify
diff --git a/SOURCES/snmptrapd.service b/SOURCES/snmptrapd.service
index 9835a38..ec71e75 100644
--- a/SOURCES/snmptrapd.service
+++ b/SOURCES/snmptrapd.service
@@ -1,6 +1,6 @@
[Unit]
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
-After=syslog.target network.target
+After=syslog.target network-online.target
[Service]
Type=notify
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 39ed00a..3e9bc0e 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -10,7 +10,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.8
-Release: 14%{?dist}
+Release: 15%{?dist}
Epoch: 1
License: BSD
@@ -46,6 +46,17 @@ Patch17: net-snmp-5.8-trapsink.patch
Patch18: net-snmp-5.8-flood-messages.patch
Patch19: net-snmp-5.8-v3-forward.patch
Patch20: net-snmp-5.8-sec-counter.patch
+Patch21: net-snmp-5.8-proxy-getnext.patch
+Patch22: net-snmp-5.8-dskTable-dynamic.patch
+Patch23: net-snmp-5.8-expand-SNMPCONFPATH.patch
+Patch24: net-snmp-5.8-licensing.patch
+Patch25: net-snmp-5.8-duplicate-ipAddress.patch
+Patch26: net-snmp-5.8-memory-reporting.patch
+Patch27: net-snmp-5.8-man-page.patch
+Patch28: net-snmp-5.8-ipAddress-faster-load.patch
+Patch29: net-snmp-5.8-rpm-memory-leak.patch
+Patch30: net-snmp-5.8-sec-memory-leak.patch
+Patch31: net-snmp-5.8-aes-config.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
@@ -191,6 +202,17 @@ rm -r python
%patch18 -p1 -b .flood-messages
%patch19 -p1 -b .v3-forward
%patch20 -p1 -b .sec-counter
+%patch21 -p1 -b .proxy-getnext
+%patch22 -p1 -b .dskTable-dynamic
+%patch23 -p1 -b .expand-SNMPCONFPATH
+%patch24 -p1
+%patch25 -p1 -b .duplicate-ipAddress
+%patch26 -p1 -b .memory-reporting
+%patch27 -p1 -b .man-page
+%patch28 -p1 -b .ipAddress-faster-load
+%patch29 -p1 -b .rpm-memory-leak
+%patch30 -p1 -b .sec-memory-leak
+%patch31 -p1 -b .aes-config
%patch101 -p1 -b .modern-rpm-api
@@ -220,6 +242,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
%configure \
--disable-static --enable-shared \
--enable-as-needed \
+ --enable-blumenthal-aes \
--enable-embedded-perl \
--enable-ipv6 \
--enable-local-smux \
@@ -444,6 +467,20 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
+* Wed Jun 10 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-15
+- proxied OIDs unspecified in proxy statement in snmpd.conf (#1658134)
+- UCD-SNMP-MIB::dskTable doesn't update dynamically (#1658185)
+- expand SNMPCONFPATH variable (#1660146)
+- remove file with Apple license (#1690936)
+- log meningful message on duplicate IP address (#1692286)
+- memory reporting adjustment (#1695497 and #1766521)
+- fix typos in man page (#1700262)
+- speedup ipAddressTable loading(#1700391)
+- fix memory leak when shut down librpm (#1763008)
+- services starts after network-online.target (#1775304)
+- add missing part of memory leak patch (#1829860)
+- add support for AES192 and AES256 (#1846252)
+
* Mon Mar 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-14
- fix double free or corruption error when freeing security context (#1809077)
- remove deprecated CFLAG