diff --git a/SOURCES/net-snmp-5.8-asn-parse-nlength.patch b/SOURCES/net-snmp-5.8-asn-parse-nlength.patch
new file mode 100644
index 0000000..23823f5
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-asn-parse-nlength.patch
@@ -0,0 +1,86 @@
+From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Mon, 4 Jan 2021 12:21:59 -0800
+Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
+
+Handle length zero correctly.
+
+Fixes: https://github.com/net-snmp/net-snmp/issues/253
+Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
+---
+ snmplib/asn1.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/snmplib/asn1.c b/snmplib/asn1.c
+index e983500e7..33c272768 100644
+--- a/snmplib/asn1.c
++++ b/snmplib/asn1.c
+@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
+ * long length; first byte is length of length (after masking high bit)
+ */
+ len_len = (int) ((*pkt & ~0x80) + 1);
+- if ((int) pkt_len <= len_len )
++ if (pkt_len < len_len)
+ return NULL; /* still too short for length and data */
+
+ /* now we know we have enough data to parse length */
+From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Mon, 4 Jan 2021 10:00:33 -0800
+Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
+ test
+
+Add a reproducer for the bug fixed by the previous patch.
+---
+ .../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++
+ 1 file changed, 41 insertions(+)
+ create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
+
+diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
+new file mode 100644
+index 000000000..5c21ccdc7
+--- /dev/null
++++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
+@@ -0,0 +1,41 @@
++/* HEADER Parsing of an SNMP trap with no varbinds */
++netsnmp_pdu pdu;
++int rc;
++static u_char trap_pdu[] = {
++ /* Sequence with length of 0x2d = 45 bytes. */
++ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
++ /* version = INTEGER 0 */
++ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
++ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
++ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
++ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
++ /* SNMP_MSG_TRAP; 32 bytes. */
++ [15] = 0xa4, [16] = 0x20,
++ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
++ [17] = 0x06, [18] = 0x08,
++ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
++ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
++ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
++ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
++ [31] = 0x01, [32] = 0x22,
++ /* generic-trap = INTEGER 0 */
++ [33] = 0x02, [34] = 0x01, [35] = 0x00,
++ /* specific-trap = INTEGER 0 */
++ [36] = 0x02, [37] = 0x01, [38] = 0x00,
++ /* ASN_TIMETICKS 0x117f243a */
++ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
++ [43] = 0x24, [44] = 0x3a,
++ /* varbind list */
++ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
++};
++static size_t trap_pdu_length = sizeof(trap_pdu);
++netsnmp_session session;
++
++snmp_set_do_debugging(TRUE);
++debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
++memset(&session, 0, sizeof(session));
++snmp_sess_init(&session);
++memset(&pdu, 0, sizeof(pdu));
++rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
++
++OKF((rc == 0), ("Parsing of a trap PDU"));
+
diff --git a/SOURCES/net-snmp-5.8-clientaddr-error-message.patch b/SOURCES/net-snmp-5.8-clientaddr-error-message.patch
new file mode 100644
index 0000000..c423f21
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-clientaddr-error-message.patch
@@ -0,0 +1,35 @@
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100
++++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100
+@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
+ "No error", /* SNMPERR_SUCCESS */
+ "Generic error", /* SNMPERR_GENERR */
+ "Invalid local port", /* SNMPERR_BAD_LOCPORT */
+- "Unknown host", /* SNMPERR_BAD_ADDRESS */
++ "Invalid address", /* SNMPERR_BAD_ADDRESS */
+ "Unknown session", /* SNMPERR_BAD_SESSION */
+ "Too long", /* SNMPERR_TOO_LONG */
+ "No socket", /* SNMPERR_NO_SOCKET */
+@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
+ DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
+ in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
+ in_session->s_errno = errno;
+- snmp_set_detail(in_session->peername);
++ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
++ NETSNMP_DS_LIB_CLIENT_ADDR))
++ snmp_set_detail(in_session->peername);
+ return NULL;
+ }
+
+diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
+--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100
++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100
+@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
+ DEBUGMSGTL(("netsnmp_udpbase",
+ "failed to bind for clientaddr: %d %s\n",
+ errno, strerror(errno)));
++ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
++ strerror(errno)));
+ netsnmp_socketbase_close(t);
+ return 1;
+ }
diff --git a/SOURCES/net-snmp-5.8-empty-passphrase.patch b/SOURCES/net-snmp-5.8-empty-passphrase.patch
new file mode 100644
index 0000000..deb0388
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-empty-passphrase.patch
@@ -0,0 +1,30 @@
+From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
+From: Josef Ridky <jridky@redhat.com>
+Date: Wed, 18 Nov 2020 20:54:34 -0800
+Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
+
+See also https://github.com/net-snmp/net-snmp/issues/86.
+
+Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
+Reported-by: Chris Cheney
+---
+ net-snmp-create-v3-user.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+index 452c2699d..31b4c58c1 100644
+--- a/net-snmp-create-v3-user.in
++++ b/net-snmp-create-v3-user.in
+@@ -120,7 +120,11 @@ fi
+ fi
+ outdir="@PERSISTENT_DIRECTORY@"
+ outfile="$outdir/snmpd.conf"
+-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
++if test "x$xpassphrase" = "x" ; then
++ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
++else
++ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
++fi
+ echo "adding the following line to $outfile:"
+ echo " " $line
+ # in case it hasn't ever been started yet, start it.
diff --git a/SOURCES/net-snmp-5.8-ipv6-disabled.patch b/SOURCES/net-snmp-5.8-ipv6-disabled.patch
new file mode 100644
index 0000000..824c09c
--- /dev/null
+++ b/SOURCES/net-snmp-5.8-ipv6-disabled.patch
@@ -0,0 +1,31 @@
+diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
+--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-09-29 14:08:09.742478965 +0200
++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-10-01 14:20:25.575174851 +0200
+@@ -19,6 +19,7 @@
+
+ #include <errno.h>
+ #include <sys/ioctl.h>
++#include <sys/stat.h>
+
+ netsnmp_feature_require(prefix_info)
+ netsnmp_feature_require(find_prefix_info)
+@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i
+
+ #define PROCFILE "/proc/net/if_inet6"
+ if (!(in = fopen(PROCFILE, "r"))) {
+- NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
++
++ /*
++ * If PROCFILE exists, but isn't readable, file ERROR message.
++ * Otherwise log nothing, due of IPv6 support on this machine is
++ * intentionaly disabled/unavailable.
++ */
++
++ struct stat filestat;
++
++ if(stat(PROCFILE, &filestat) == 0){
++ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
++ }
+ return -2;
+ }
+
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index e26f3d5..7fa1420 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -10,7 +10,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.8
-Release: 18%{?dist}.1
+Release: 20%{?dist}
Epoch: 1
License: BSD
@@ -58,6 +58,10 @@ Patch29: net-snmp-5.8-sec-memory-leak.patch
Patch30: net-snmp-5.8-aes-config.patch
Patch31: net-snmp-5.7.2-CVE-2020-15862.patch
Patch32: net-snmp-5.8-bulk.patch
+Patch33: net-snmp-5.8-clientaddr-error-message.patch
+Patch34: net-snmp-5.8-ipv6-disabled.patch
+Patch35: net-snmp-5.8-empty-passphrase.patch
+Patch36: net-snmp-5.8-asn-parse-nlength.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
@@ -215,6 +219,10 @@ rm -r python
%patch30 -p1 -b .aes-config
%patch31 -p1 -b .CVE-2020-15862
%patch32 -p1 -b .bulk
+%patch33 -p1 -b .clientaddr-error-message
+%patch34 -p1 -b .ipv6-disabled
+%patch35 -p1 -b .empty-passphrase
+%patch36 -p1 -b .asn-parse-nlength
%patch101 -p1 -b .modern-rpm-api
@@ -469,12 +477,20 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
-* Tue Dec 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18.1
-- revert permission of config files to 600 (#1902662)
+* Tue Jan 05 2021 Josef Ridky <jridky@redhat.com> - 1:5.8-20
+- fix issue with parsing of long traps (#1912242)
+- modify fix for #1877375
+
+* Tue Dec 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-19
+- revert permission of config files to 600 (#1601060)
+- fix error message when the address specified by clientaddr option
+ is wrong or cannot be bound (#1877375)
+- log error with /proc/net/if_inet6 only when IPv6 is enabled (#1824367)
+- fix issue with quoting empty passphrase (#1817225)
* Wed Nov 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18
-- fix CVE-2020-15862 (#1886100)
-- fix bulk responses for invalid PID (#1896760)
+- fix CVE-2020-15862 (#1875497)
+- fix bulk responses for invalid PID (#1817190)
* Tue Aug 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
- add math library in LDFLAGS (#1846252)