pool/net-snmp
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- logrotate should use reload instead of restart (bsc#1232030)

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-snmp?expand=0&rev=65
This commit is contained in:
Marcus Meissner 2024-11-21 08:43:43 +00:00 committed by Git OBS Bridge
commit a33f5dbc3d
33 changed files with 3443 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

41
README.SUSE Normal file
View File

@ -0,0 +1,41 @@
An SNMP agent is a powerful and complex software and, as such, may
be affected by flaws and security issues. We recommend that SNMP
access (161/udp,162/udp) be blocked at your firewall.
There are also some important changes that have been made in this release
of our package:
o the daemon now sets a PID file in /var/run/
o logging is now done directly to /var/log/net-snmpd.log instead
of sending stderr/stdout through syslog.
o the daemon is now started with the '-r'. This option prevents
snmpd from exiting if it doesn't have permission to read something.
This only occurs if you start snmpd on a high port as a non-root
root user.
o If you need to run snmptrapd, we've provided an init script
in /etc/init.d/snmptrapd, but the service is disabled by default.
SNMP traps should be avoided whenever possible because they are
unreliable (you should poll with snmpget instead) and snmptrapd
has been the source of many of the security problems with SNMP
so please don't run this unless you are sure of what you are doing.
To enable the service, run
chkconfig snmptrapd on
and create a configuration file named /etc/snmp/snmptrapd.conf.
Then, start the daemon with
rcsnmptrapd start
Logging is done to /var/log/net-snmpd.log.
For more information see the manpages for snmptrapd and snmptrapd.conf.
o Master AgentX support is enabled if you have modules in
/usr/lib/net-snmp/agents. The domain socket is created as
/var/run/agentx/master. You can change this to a network
interface if needed (see snmpd(1)). The snmpd init script
automatically detects and starts any sub-agents in placed into
/var/lib/net-snmp.
More documentation on the net-snmp package can be found in this directory
as well as the project's homepage: http://www.net-snmp.org/

4
baselibs.conf Normal file
View File

@ -0,0 +1,4 @@
libsnmp40
net-snmp-devel
requires -net-snmp-<targettype>
requires "libsnmp40-<targettype> = <version>"

11
net-snmp-5.9.4-add-lustre-fs-support.patch Normal file
View File

@ -0,0 +1,11 @@
diff -Nurp net-snmp-5.9.1-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.9.1/agent/mibgroup/hardware/fsys/fsys_mntent.c
--- net-snmp-5.9.1-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c 2021-10-14 10:41:53.432186916 +0000
+++ net-snmp-5.9.1/agent/mibgroup/hardware/fsys/fsys_mntent.c 2021-10-18 06:24:35.385893383 +0000
@@ -75,6 +75,7 @@ static const char *other_fs[] = {
"jfs",
"jffs2",
"lofs",
+ "lustre",
"mvfs",
"nsspool",
"nssvol",

402
net-snmp-5.9.4-add-netgroups-functionality.patch Normal file
View File

@ -0,0 +1,402 @@
commit d047b54f874f392f97ffce8d51f49729e1c78225
Author: Alexander Bergmann <abergmann@suse.com>
Date: Fri Mar 10 15:23:35 2023 +0100
Create sub-function to parse source address and network mask
Function netsnmp_udp_resolve_source was introduced to handle the source
address and network mask parsing into in_addr structures.
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index 2724cf2191..3ad33d4bc5 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -98,6 +98,58 @@ netsnmp_udp_fmtaddr(netsnmp_transport *t, const void *data, int len)
return netsnmp_ipv4_fmtaddr("UDP", t, data, len);
}
+static int
+netsnmp_udp_resolve_source(char *source, struct in_addr *network,
+ struct in_addr *mask)
+{
+ /* Split the source/netmask parts */
+ char *strmask = strchr(source, '/');
+ if (strmask != NULL)
+ /* Mask given. */
+ *strmask++ = '\0';
+
+ /* Try interpreting as a dotted quad. */
+ if (inet_pton(AF_INET, source, network) == 0) {
+ /* Nope, wasn't a dotted quad. Must be a hostname. */
+ int ret = netsnmp_gethostbyname_v4(source, &(network->s_addr));
+ if (ret < 0) {
+ config_perror("cannot resolve source hostname");
+ return ret;
+ }
+ }
+
+ /* Now work out the mask. */
+ if (strmask == NULL || *strmask == '\0') {
+ /* No mask was given. Assume /32 */
+ mask->s_addr = (in_addr_t)(~0UL);
+ } else {
+ /* Try to interpret mask as a "number of 1 bits". */
+ char* cp;
+ long maskLen = strtol(strmask, &cp, 10);
+ if (*cp == '\0') {
+ if (0 < maskLen && maskLen <= 32)
+ mask->s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen)));
+ else if (maskLen == 0)
+ mask->s_addr = 0;
+ else {
+ config_perror("bad mask length");
+ return -1;
+ }
+ }
+ /* Try to interpret mask as a dotted quad. */
+ else if (inet_pton(AF_INET, strmask, mask) == 0) {
+ config_perror("bad mask");
+ return -1;
+ }
+
+ /* Check that the network and mask are consistent. */
+ if (network->s_addr & ~mask->s_addr) {
+ config_perror("source/mask mismatch");
+ return -1;
+ }
+ }
+ return 0;
+}
#if defined(HAVE_IP_PKTINFO) || (defined(HAVE_IP_RECVDSTADDR) && defined(HAVE_IP_SENDSRCADDR))
@@ -375,52 +427,10 @@ netsnmp_udp_parse_security(const char *token, char *param)
negate = 0;
sourcep = source;
}
-
- /* Split the source/netmask parts */
- strmask = strchr(sourcep, '/');
- if (strmask != NULL)
- /* Mask given. */
- *strmask++ = '\0';
-
- /* Try interpreting as a dotted quad. */
- if (inet_pton(AF_INET, sourcep, &network) == 0) {
- /* Nope, wasn't a dotted quad. Must be a hostname. */
- int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
- if (ret < 0) {
- config_perror("cannot resolve IPv4 source hostname");
- return;
- }
- }
-
- /* Now work out the mask. */
- if (strmask == NULL || *strmask == '\0') {
- /* No mask was given. Assume /32 */
- mask.s_addr = (in_addr_t)(~0UL);
- } else {
- /* Try to interpret mask as a "number of 1 bits". */
- char* cp;
- long maskLen = strtol(strmask, &cp, 10);
- if (*cp == '\0') {
- if (0 < maskLen && maskLen <= 32)
- mask.s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen)));
- else if (0 == maskLen)
- mask.s_addr = 0;
- else {
- config_perror("bad mask length");
- return;
- }
- }
- /* Try to interpret mask as a dotted quad. */
- else if (inet_pton(AF_INET, strmask, &mask) == 0) {
- config_perror("bad mask");
- return;
- }
-
- /* Check that the network and mask are consistent. */
- if (network.s_addr & ~mask.s_addr) {
- config_perror("source/mask mismatch");
- return;
- }
+ /* Parse source address and network mask. */
+ if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) {
+ config_perror("source address/network mask parsing issue");
+ return;
}
}
commit a2559914d8d8132f155a81c0852cbbd2090d2d40
Author: Alexander Bergmann <abergmann@suse.com>
Date: Fri Mar 10 15:25:10 2023 +0100
Create sub-function to check the com2SecEntry_create return code
The return code interpretation of the netsnmp_udp_com2SecEntry_create
function is now done inside a new sub-function.
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index 3ad33d4bc5..5904a1b423 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -346,6 +346,33 @@ netsnmp_udp_com2SecEntry_create(com2SecEntry **entryp, const char *community,
return C2SE_ERR_SUCCESS;
}
+void
+netsnmp_udp_com2SecEntry_check_return_code(int rc)
+{
+ /*
+ * Check return code of the newly created com2Sec entry.
+ */
+ switch(rc) {
+ case C2SE_ERR_SUCCESS:
+ break;
+ case C2SE_ERR_CONTEXT_TOO_LONG:
+ config_perror("context name too long");
+ break;
+ case C2SE_ERR_COMMUNITY_TOO_LONG:
+ config_perror("community name too long");
+ break;
+ case C2SE_ERR_SECNAME_TOO_LONG:
+ config_perror("security name too long");
+ break;
+ case C2SE_ERR_MASK_MISMATCH:
+ config_perror("source/mask mismatch");
+ break;
+ case C2SE_ERR_MISSING_ARG:
+ default:
+ config_perror("unexpected error; could not create com2SecEntry");
+ }
+}
+
void
netsnmp_udp_parse_security(const char *token, char *param)
{
@@ -440,25 +467,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
*/
rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
&network, &mask, negate);
- switch(rc) {
- case C2SE_ERR_SUCCESS:
- break;
- case C2SE_ERR_CONTEXT_TOO_LONG:
- config_perror("context name too long");
- break;
- case C2SE_ERR_COMMUNITY_TOO_LONG:
- config_perror("community name too long");
- break;
- case C2SE_ERR_SECNAME_TOO_LONG:
- config_perror("security name too long");
- break;
- case C2SE_ERR_MASK_MISMATCH:
- config_perror("source/mask mismatch");
- break;
- case C2SE_ERR_MISSING_ARG:
- default:
- config_perror("unexpected error; could not create com2SecEntry");
- }
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
}
void
commit 20e2bb7d75c391f5cfde1eb8b8676aff68f3a5f5
Author: Alexander Bergmann <abergmann@suse.com>
Date: Fri Mar 10 15:31:41 2023 +0100
Add '@' netgroup functionality
Allow access control via netgroups defined in /etc/netgroup or NIS/LDAP
via the '@' sign inside the configuration file. Same as IP addresses and
host names.
diff --git a/configure b/configure
index 575b60c4d2..82414664cf 100755
--- a/configure
+++ b/configure
@@ -31221,6 +31221,12 @@ if test "x$ac_cv_func_closedir" = xyes
then :
printf "%s\n" "#define HAVE_CLOSEDIR 1" >>confdefs.h
+fi
+ac_fn_c_check_func "$LINENO" "endnetgrent" "ac_cv_func_endnetgrent"
+if test "x$ac_cv_func_endnetgrent" = xyes
+then :
+ printf "%s\n" "#define HAVE_ENDNETGRENT 1" >>confdefs.h
+
fi
ac_fn_c_check_func "$LINENO" "fgetc_unlocked" "ac_cv_func_fgetc_unlocked"
if test "x$ac_cv_func_fgetc_unlocked" = xyes
@@ -31257,6 +31263,12 @@ if test "x$ac_cv_func_getlogin" = xyes
then :
printf "%s\n" "#define HAVE_GETLOGIN 1" >>confdefs.h
+fi
+ac_fn_c_check_func "$LINENO" "getnetgrent" "ac_cv_func_getnetgrent"
+if test "x$ac_cv_func_getnetgrent" = xyes
+then :
+ printf "%s\n" "#define HAVE_GETNETGRENT 1" >>confdefs.h
+
fi
ac_fn_c_check_func "$LINENO" "if_nametoindex" "ac_cv_func_if_nametoindex"
if test "x$ac_cv_func_if_nametoindex" = xyes
@@ -31305,6 +31317,12 @@ if test "x$ac_cv_func_setlocale" = xyes
then :
printf "%s\n" "#define HAVE_SETLOCALE 1" >>confdefs.h
+fi
+ac_fn_c_check_func "$LINENO" "setnetgrent" "ac_cv_func_setnetgrent"
+if test "x$ac_cv_func_setnetgrent" = xyes
+then :
+ printf "%s\n" "#define HAVE_SETNETGRENT 1" >>confdefs.h
+
fi
ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid"
if test "x$ac_cv_func_setsid" = xyes
diff --git a/configure.d/config_os_functions b/configure.d/config_os_functions
index b921f8cd7b..0915928e21 100644
--- a/configure.d/config_os_functions
+++ b/configure.d/config_os_functions
@@ -25,12 +25,14 @@ AC_TYPE_SIGNAL
AC_CHECK_FUNCS([rand random srand srandom lrand48 srand48])
# Library:
-AC_CHECK_FUNCS([asprintf closedir fgetc_unlocked ] dnl
+AC_CHECK_FUNCS([asprintf closedir endnetgrent ] dnl
+ [fgetc_unlocked ] dnl
[flockfile funlockfile getipnodebyname ] dnl
- [gettimeofday getlogin ] dnl
+ [gettimeofday getlogin getnetgrent ] dnl
[if_nametoindex mkstemp ] dnl
[opendir readdir regcomp ] dnl
[setenv setitimer setlocale ] dnl
+ [setnetgrent ] dnl
[setsid snprintf strcasestr ] dnl
[strdup strerror strncasecmp ] dnl
[sysconf times vsnprintf ] )
diff --git a/include/net-snmp/net-snmp-config.h.in b/include/net-snmp/net-snmp-config.h.in
index 89b2ca116d..5efbf12400 100644
--- a/include/net-snmp/net-snmp-config.h.in
+++ b/include/net-snmp/net-snmp-config.h.in
@@ -183,6 +183,9 @@
/* Define to 1 if you have the `endfsent' function. */
#undef HAVE_ENDFSENT
+/* Define to 1 if you have the `endnetgrent' function. */
+#undef HAVE_ENDNETGRENT
+
/* Define to 1 if you have the `ERR_get_error_all' function. */
#undef HAVE_ERR_GET_ERROR_ALL
@@ -294,6 +297,9 @@
/* Define to 1 if you have the `getmntinfo' function. */
#undef HAVE_GETMNTINFO
+/* Define to 1 if you have the `getnetgrent' function. */
+#undef HAVE_GETNETGRENT
+
/* Define to 1 if you have the `getopt' function. */
#undef HAVE_GETOPT
@@ -883,6 +889,9 @@
/* Define to 1 if you have the `setmntent' function. */
#undef HAVE_SETMNTENT
+/* Define to 1 if you have the `setnetgrent' function. */
+#undef HAVE_SETNETGRENT
+
/* Define to 1 if you have the `setsid' function. */
#undef HAVE_SETSID
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
index 2a9abd5b51..6060ed51d1 100644
--- a/man/snmpd.conf.5.def
+++ b/man/snmpd.conf.5.def
@@ -434,6 +434,14 @@ com2sec sec1 10.0.0.0/8 public
.IP
Access from outside of 10.0.0.0/8 would still be denied.
.IP
+It is also possible to reference a specific \fInetgroup\fR starting with an
+'@' character (e.g. @adminhosts). The \fInetgroup\fR lookup is running
+through the NSS (Name Services Switch) making it possible to define the
+group locally or via NIS/LDAP.
+.IP
+Note: The hostname DNS lookup and \fInetgroup\fR resolution is done only
+during snmpd start or reload.
+.IP
The same community string can be specified in several separate directives
(presumably with different source tokens), and the first source/community
combination that matches the incoming request will be selected.
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index 5904a1b423..8f98398704 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -445,6 +445,10 @@ netsnmp_udp_parse_security(const char *token, char *param)
network.s_addr = 0;
mask.s_addr = 0;
negate = 0;
+ /* Create a new com2Sec entry. */
+ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+ &network, &mask, negate);
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
} else {
char *strmask;
if (*source == '!') {
@@ -454,20 +458,44 @@ netsnmp_udp_parse_security(const char *token, char *param)
negate = 0;
sourcep = source;
}
- /* Parse source address and network mask. */
- if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) {
- config_perror("source address/network mask parsing issue");
- return;
+#if HAVE_ENDNETGRENT && HAVE_GETNETGRENT && HAVE_SETNETGRENT
+ /* Interpret as netgroup */
+ if (*sourcep == '@') {
+ char *netgroup = sourcep+1;
+ char *host, *user, *domain;
+ if(setnetgrent(netgroup)) {
+ while (getnetgrent(&host, &user, &domain)) {
+ /* Parse source address and network mask for each netgroup host. */
+ if (netsnmp_udp_resolve_source(host, &network, &mask) == 0) {
+ /* Create a new com2Sec entry. */
+ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+ &network, &mask, negate);
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
+ } else {
+ config_perror("netgroup host address parsing issue");
+ break;
+ }
+ }
+ endnetgrent();
+ } else {
+ config_perror("netgroup could not be found");
+ }
+ }
+ /* Without '@' it has to be an address or hostname */
+ else
+#endif
+ {
+ /* Parse source address and network mask. */
+ if(netsnmp_udp_resolve_source(sourcep, &network, &mask) == 0) {
+ /* Create a new com2Sec entry. */
+ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+ &network, &mask, negate);
+ netsnmp_udp_com2SecEntry_check_return_code(rc);
+ } else {
+ config_perror("source address/network mask parsing issue");
+ }
}
}
-
- /*
- * Everything is okay. Copy the parameters to the structure allocated
- * above and add it to END of the list.
- */
- rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
- &network, &mask, negate);
- netsnmp_udp_com2SecEntry_check_return_code(rc);
}
void

24
net-snmp-5.9.4-fix-Makefile.PL.patch Normal file
View File

@ -0,0 +1,24 @@
Index: net-snmp-5.9/perl/ASN/Makefile.PL
===================================================================
--- net-snmp-5.9.orig/perl/ASN/Makefile.PL
+++ net-snmp-5.9/perl/ASN/Makefile.PL
@@ -9,6 +9,7 @@ use Config;
use MakefileSubs;
my $lib_version;
+my %MakeParams = ();
# See lib/ExtUtils/MakeMaker.pm for details of how to influence
# the contents of the Makefile that is written.
Index: net-snmp-5.9/perl/Makefile.PL
===================================================================
--- net-snmp-5.9.orig/perl/Makefile.PL
+++ net-snmp-5.9/perl/Makefile.PL
@@ -4,6 +4,7 @@ use ExtUtils::MakeMaker;
use Config;
require 5;
use MakefileSubs;
+my %MakeParams = ();
# Prevent that MakeMaker complains about unknown parameter names.
NetSNMPGetOpts();

12
net-snmp-5.9.4-fix-create-v3-user-outfile.patch Normal file
View File

@ -0,0 +1,12 @@
diff -Nurp net-snmp-5.9.2-orig/net-snmp-create-v3-user.in net-snmp-5.9.2/net-snmp-create-v3-user.in
--- net-snmp-5.9.2-orig/net-snmp-create-v3-user.in 2022-07-04 16:55:43.067366177 +0200
+++ net-snmp-5.9.2/net-snmp-create-v3-user.in 2022-07-04 16:57:54.927367685 +0200
@@ -138,7 +138,7 @@ prefix=@prefix@
datarootdir=@datarootdir@
# To suppress shellcheck complaints about $prefix and $datarootdir.
: "$prefix" "$datarootdir"
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " $line"

20
net-snmp-5.9.4-fixed-python2-bindings.patch Normal file
View File

@ -0,0 +1,20 @@
diff -Nurp net-snmp-5.9.3-orig/python/netsnmp/client_intf.c net-snmp-5.9.3/python/netsnmp/client_intf.c
--- net-snmp-5.9.3-orig/python/netsnmp/client_intf.c 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/python/netsnmp/client_intf.c 2022-09-23 16:21:44.040588303 +0200
@@ -872,9 +872,16 @@ py_netsnmp_attr_string(PyObject *obj, co
if (obj && attr_name && PyObject_HasAttrString(obj, attr_name)) {
PyObject *attr = PyObject_GetAttrString(obj, attr_name);
if (attr) {
+#if PY_MAJOR_VERSION >= 3
*val = PyUnicode_AsUTF8AndSize(attr, len);
Py_DECREF(attr);
return 0;
+#else
+ int retval;
+ retval = PyBytes_AsStringAndSize(attr, val, len);
+ Py_DECREF(attr);
+ return retval;
+#endif
}
}

19
net-snmp-5.9.4-harden_snmpd.service.patch Normal file
View File

@ -0,0 +1,19 @@
diff -Nurp net-snmp-5.9.3-orig/dist/snmpd.service net-snmp-5.9.3/dist/snmpd.service
--- net-snmp-5.9.3-orig/dist/snmpd.service 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/dist/snmpd.service 2023-01-09 12:11:47.508668095 +0100
@@ -10,6 +10,15 @@ Description=Simple Network Management Pr
After=syslog.target network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
# Type=notify is also supported. It should be set when snmpd.socket is not used.
Type=simple
ExecStart=/usr/sbin/snmpd -f

19
net-snmp-5.9.4-harden_snmptrapd.service.patch Normal file
View File

@ -0,0 +1,19 @@
diff -Nurp net-snmp-5.9.3-orig/dist/snmptrapd.service net-snmp-5.9.3/dist/snmptrapd.service
--- net-snmp-5.9.3-orig/dist/snmptrapd.service 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/dist/snmptrapd.service 2023-01-09 12:13:40.120216602 +0100
@@ -7,6 +7,15 @@ Description=Simple Network Management Pr
After=syslog.target network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
# Type=notify is also supported. It should be set when snmptrapd.socket is not
# used.
Type=simple

86
net-snmp-5.9.4-modern-rpm-api.patch Normal file
View File

@ -0,0 +1,86 @@
diff -Nurp net-snmp-5.8-orig/agent/mibgroup/host/data_access/swinst_rpm.c net-snmp-5.8/agent/mibgroup/host/data_access/swinst_rpm.c
--- net-snmp-5.8-orig/agent/mibgroup/host/data_access/swinst_rpm.c 2018-10-10 09:45:14.907075076 +0000
+++ net-snmp-5.8/agent/mibgroup/host/data_access/swinst_rpm.c 2018-10-10 19:31:51.161967195 +0000
@@ -101,8 +101,7 @@ netsnmp_swinst_arch_load( netsnmp_contai
const char *g;
rpmtd td_name, td_version, td_release, td_group, td_time;
#else
- char *n, *v, *r, *g;
- int32_t *t;
+ const char *n, *v, *r, *g;
#endif
time_t install_time;
size_t date_len;
@@ -146,14 +145,14 @@ netsnmp_swinst_arch_load( netsnmp_contai
install_time = rpmtdGetNumber(td_time);
g = rpmtdGetString(td_group);
#else
- headerGetEntry( h, RPMTAG_NAME, NULL, (void**)&n, NULL);
- headerGetEntry( h, RPMTAG_VERSION, NULL, (void**)&v, NULL);
- headerGetEntry( h, RPMTAG_RELEASE, NULL, (void**)&r, NULL);
- headerGetEntry( h, RPMTAG_GROUP, NULL, (void**)&g, NULL);
- headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL);
+ n = headerGetString( h, RPMTAG_NAME);
+ v = headerGetString( h, RPMTAG_VERSION);
+ r = headerGetString( h, RPMTAG_RELEASE);
+ g = headerGetString( h, RPMTAG_GROUP);
+ install_time = headerGetNumber( h, RPMTAG_INSTALLTIME);
+
entry->swName_len = snprintf( entry->swName, sizeof(entry->swName),
"%s-%s-%s", n, v, r);
- install_time = *t;
#endif
entry->swType = (g && NULL != strstr( g, "System Environment"))
? 2 /* operatingSystem */
diff -Nurp net-snmp-5.8-orig/agent/mibgroup/host/hr_swinst.c net-snmp-5.8/agent/mibgroup/host/hr_swinst.c
--- net-snmp-5.8-orig/agent/mibgroup/host/hr_swinst.c 2018-10-10 09:45:14.907075076 +0000
+++ net-snmp-5.8/agent/mibgroup/host/hr_swinst.c 2018-10-10 19:34:48.935596621 +0000
@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp,
}
#else
# ifdef HAVE_LIBRPM
- char *rpm_groups;
- if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) {
- if ( strstr(rpm_groups, "System Environment") != NULL )
+ const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP);
+ if ( NULL != rpm_group ) {
+ if ( strstr(rpm_group, "System Environment") != NULL )
long_return = 2; /* operatingSystem */
else
long_return = 4; /* applcation */
@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp,
case HRSWINST_DATE:
{
#ifdef HAVE_LIBRPM
- int32_t *rpm_data;
- if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) {
- time_t installTime = *rpm_data;
+ time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME);
+ if ( 0 != installTime) {
ret = date_n_time(&installTime, var_len);
} else {
ret = date_n_time(NULL, var_len);
@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix)
if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) {
int offset;
Header h;
- char *n, *v, *r;
+ const char *n, *v, *r;
offset = swi->swi_recs[ix - 1];
@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix)
swi->swi_h = h;
swi->swi_prevx = ix;
- headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL);
- headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v,
- NULL);
- headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r,
- NULL);
+ n = headerGetString(swi->swi_h, RPMTAG_NAME);
+ v = headerGetString(swi->swi_h, RPMTAG_VERSION);
+ r = headerGetString(swi->swi_h, RPMTAG_RELEASE);
snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r);
swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
}

84
net-snmp-5.9.4-net-snmp-config-headercheck.patch Normal file
View File

@ -0,0 +1,84 @@
diff -Nurp net-snmp-5.8-orig/net-snmp-config.in net-snmp-5.8/net-snmp-config.in
--- net-snmp-5.8-orig/net-snmp-config.in 2018-10-10 09:45:14.947075442 +0000
+++ net-snmp-5.8/net-snmp-config.in 2018-10-10 09:48:04.792631474 +0000
@@ -41,6 +41,14 @@ count()
echo $#
}
+check_devel_files()
+{
+ if [ ! -e "${NSC_INCDIR}/net-snmp/net-snmp-config.h" ] ; then
+ echo "Can not find \"${NSC_INCDIR}/net-snmp/net-snmp-config.h\". The net-snmp development files seems to be missing. Exiting" >&2
+ # exit 2
+ fi
+}
+
prefix=@prefix@
exec_prefix=@exec_prefix@
includedir=@includedir@
@@ -140,9 +148,11 @@ else
;;
#################################################### compile
--base-cflags)
+ check_devel_files
echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
+ check_devel_files
echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
@@ -153,6 +163,7 @@ else
echo $NSC_LIBDIR
;;
--ldflags|--ld*)
+ check_devel_files
echo $NSC_LDFLAGS
;;
--build-lib-dirs)
@@ -190,29 +201,37 @@ else
#################################################### client lib
--libs)
# use this one == --netsnmp-libs + --external-libs
+ check_devel_files
echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
;;
--netsnmp-libs)
+ check_devel_files
echo $NSC_LIBDIR $NSC_BASE_SNMP_LIBS
;;
--external-libs)
+ check_devel_files
echo $NSC_LDFLAGS $NSC_LNETSNMPLIBS $NSC_LIBS @PERLLDOPTS_FOR_APPS@
;;
#################################################### agent lib
--base-agent-libs)
+ check_devel_files
echo $NSC_BASE_AGENT_LIBS
;;
--base-subagent-libs)
+ check_devel_files
echo $NSC_BASE_SUBAGENT_LIBS
;;
--agent-libs)
# use this one == --netsnmp-agent-libs + --external-libs
+ check_devel_files
echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
;;
--netsnmp-agent-libs)
+ check_devel_files
echo $NSC_LIBDIR $NSC_BASE_AGENT_LIBS
;;
--external-agent-libs)
+ check_devel_files
echo $NSC_LDFLAGS $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
;;
####################################################
@@ -238,6 +257,7 @@ else
####################################################
--compile-subagent)
+ check_devel_files
shift
shifted=1
while test "x$done" = "x" -a "x$1" != "x" ; do

17
net-snmp-5.9.4-perl-tk-warning.patch Normal file
View File

@ -0,0 +1,17 @@
Index: net-snmp-5.7.2/local/tkmib
===================================================================
--- net-snmp-5.7.2.orig/local/tkmib
+++ net-snmp-5.7.2/local/tkmib
@@ -27,10 +27,9 @@ instructions.
if (!$havetk) {
print "
-ERROR: You don't have the Tk module installed. You should be able to
-install this by running (as root):
+ERROR: You don't have the Tk module installed.
- perl -MCPAN -e 'install Tk'
+ Please install the perl-Tk package.
";
}

24
net-snmp-5.9.4-pie.patch Normal file
View File

@ -0,0 +1,24 @@
diff -Nurp net-snmp-5.9.2-orig/agent/Makefile.in net-snmp-5.9.2/agent/Makefile.in
--- net-snmp-5.9.2-orig/agent/Makefile.in 2022-07-01 01:49:40.000000000 +0200
+++ net-snmp-5.9.2/agent/Makefile.in 2022-07-04 16:48:54.951361517 +0200
@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
diff -Nurp net-snmp-5.9.2-orig/apps/Makefile.in net-snmp-5.9.2/apps/Makefile.in
--- net-snmp-5.9.2-orig/apps/Makefile.in 2022-07-01 01:49:40.000000000 +0200
+++ net-snmp-5.9.2/apps/Makefile.in 2022-07-04 16:48:54.951361517 +0200
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}

140
net-snmp-5.9.4-snmpstatus-suppress-output.patch Normal file
View File

@ -0,0 +1,140 @@
diff -Nurp net-snmp-5.8-orig/apps/snmpstatus.c net-snmp-5.8/apps/snmpstatus.c
--- net-snmp-5.8-orig/apps/snmpstatus.c 2018-10-10 09:45:14.955075516 +0000
+++ net-snmp-5.8/apps/snmpstatus.c 2018-10-10 10:15:16.131576910 +0000
@@ -96,6 +96,15 @@ size_t length_ipOutRequests =
#define NETSNMP_DS_APP_DONT_FIX_PDUS 0
+/* Flags to control which additional information to request and print */
+#define NETSNMP_STATUS_REQ_NETSTAT 0x0001
+#define NETSNMP_STATUS_REQ_NETOPER 0x0002
+#define NETSNMP_STATUS_REQ_ALL 0xffff
+
+/* By default request and print everything and let the user decide what
+ to suppress */
+static unsigned int rq_status = NETSNMP_STATUS_REQ_ALL;
+
static void
optProc(int argc, char *const *argv, int opt)
{
@@ -114,6 +123,22 @@ optProc(int argc, char *const *argv, int
}
}
break;
+ case 'S': /* 'S' == 'Suppress' */
+ while (*optarg) {
+ switch (*optarg++) {
+ case 'n':
+ rq_status &= ~NETSNMP_STATUS_REQ_NETSTAT;
+ break;
+ case 'i':
+ rq_status &= ~NETSNMP_STATUS_REQ_NETOPER;
+ break;
+ default:
+ fprintf(stderr, "Unknown flag passed to -S: %c\n",
+ optarg[-1]);
+ exit(1);
+ }
+ }
+ break;
}
}
@@ -128,6 +153,12 @@ usage(void)
" -C APPOPTS\t\tSet various application specific behaviours:\n");
fprintf(stderr,
"\t\t\t f: do not fix errors and retry the request\n");
+ fprintf(stderr,
+ " -S REQOPTS\t\tDo not request and print information about:\n");
+ fprintf(stderr,
+ "\t\t\t n: network (packets sent/received, operational status)\n");
+ fprintf(stderr,
+ "\t\t\t i: interface operational status\n");
}
@@ -154,7 +185,7 @@ main(int argc, char *argv[])
/*
* get the common command line arguments
*/
- switch (snmp_parse_args(argc, argv, &session, "C:", &optProc)) {
+ switch (snmp_parse_args(argc, argv, &session, "C:S:", &optProc)) {
case NETSNMP_PARSE_ARGS_ERROR:
goto out;
case NETSNMP_PARSE_ARGS_SUCCESS_EXIT:
@@ -185,8 +216,10 @@ main(int argc, char *argv[])
pdu = snmp_pdu_create(SNMP_MSG_GET);
snmp_add_null_var(pdu, objid_sysDescr, length_sysDescr);
snmp_add_null_var(pdu, objid_sysUpTime, length_sysUpTime);
- snmp_add_null_var(pdu, objid_ipInReceives, length_ipInReceives);
- snmp_add_null_var(pdu, objid_ipOutRequests, length_ipOutRequests);
+ if (rq_status & NETSNMP_STATUS_REQ_NETSTAT) {
+ snmp_add_null_var(pdu, objid_ipInReceives, length_ipInReceives);
+ snmp_add_null_var(pdu, objid_ipOutRequests, length_ipOutRequests);
+ }
/*
* do the request
@@ -279,6 +312,10 @@ main(int argc, char *argv[])
if (response)
snmp_free_pdu(response);
+ /* Suppress request to retrieve network statistics */
+ if (!(rq_status & NETSNMP_STATUS_REQ_NETSTAT))
+ goto done;
+
/*
* create PDU for GET request and add object names to request
*/
@@ -386,11 +423,11 @@ main(int argc, char *argv[])
}
printf("Interfaces: %d, Recv/Trans packets: %d/%d | IP: %d/%d\n",
interfaces, ipackets, opackets, ipin, ipout);
- if (down_interfaces > 0) {
+ if ((rq_status & NETSNMP_STATUS_REQ_NETOPER) && (down_interfaces > 0)) {
printf("%d interface%s down!\n",
down_interfaces, down_interfaces > 1 ? "s are" : " is");
}
-
+ done:
snmp_close(ss);
out:
diff -Nurp net-snmp-5.8-orig/man/snmpstatus.1.def net-snmp-5.8/man/snmpstatus.1.def
--- net-snmp-5.8-orig/man/snmpstatus.1.def 2018-10-10 09:45:14.951075479 +0000
+++ net-snmp-5.8/man/snmpstatus.1.def 2018-10-10 10:15:16.131576910 +0000
@@ -32,7 +32,7 @@
snmpstatus - retrieves a fixed set of management information from a network entity
.SH SYNOPSIS
.B snmpstatus
-[COMMON OPTIONS] [\-Cf] AGENT
+[COMMON OPTIONS] [\-Cf] [\-Sni] AGENT
.SH DESCRIPTION
.B snmpstatus
is an SNMP application that retrieves several important statistics
@@ -94,6 +94,11 @@ variable (unless the
option is given, see below), but this variable will then be missing
from the displayed data.
.PP
+It is also possible to suppress parts of the default output by
+using the option
+.B \-S
+(see below).
+.PP
.SH OPTIONS
.TP
.B COMMON OPTIONS
@@ -108,5 +113,13 @@ by the agent and retry a request. In thi
the command will display the data that it can. If the \-Cf option
is specified, then snmpstatus will not try to fix
errors, and the error will cause the command to terminate.
+.TP
+.B \-Sn
+Do not retrieve and print network statistics such as packets
+sent and received and the number of network interfaces that
+are down.
+.TP
+.B \-Si
+Do not print the number of network interfaces that are down.
.SH "SEE ALSO"
snmpcmd(1), snmpget(1)

13
net-snmp-5.9.4-socket-path.patch Normal file
View File

@ -0,0 +1,13 @@
Index: net-snmp-5.7.2/agent/mibgroup/agentx/protocol.h
===================================================================
--- net-snmp-5.7.2.orig/agent/mibgroup/agentx/protocol.h
+++ net-snmp-5.7.2/agent/mibgroup/agentx/protocol.h
@@ -13,7 +13,7 @@ extern "C" {
#define AGENTX_PORT 705
#ifndef NETSNMP_AGENTX_SOCKET
-#define NETSNMP_AGENTX_SOCKET "/var/agentx/master"
+#define NETSNMP_AGENTX_SOCKET "/run/agentx/master"
#endif
/*

187
net-snmp-5.9.4-subagent-set-response.patch Normal file
View File

@ -0,0 +1,187 @@
diff -Nurp net-snmp-5.9.1-orig/agent/mibgroup/agentx/subagent.c net-snmp-5.9.1/agent/mibgroup/agentx/subagent.c
--- net-snmp-5.9.1-orig/agent/mibgroup/agentx/subagent.c 2021-05-26 00:19:35.000000000 +0200
+++ net-snmp-5.9.1/agent/mibgroup/agentx/subagent.c 2022-03-09 16:44:30.609053225 +0100
@@ -80,6 +80,7 @@ typedef struct _net_snmpsubagent_magic_s
struct agent_netsnmp_set_info {
int transID;
int mode;
+ int req_pending;
int errstat;
time_t uptime;
netsnmp_session *sess;
@@ -190,6 +191,7 @@ save_set_vars(netsnmp_session * ss, nets
ptr->sess = ss;
ptr->mode = SNMP_MSG_INTERNAL_SET_RESERVE1;
ptr->uptime = netsnmp_get_agent_uptime();
+ ptr->req_pending = 0;
ptr->var_list = snmp_clone_varbind(pdu->variables);
if (ptr->var_list == NULL) {
@@ -204,6 +206,18 @@ save_set_vars(netsnmp_session * ss, nets
}
struct agent_netsnmp_set_info *
+pending_trans_set_info(netsnmp_session * sess, netsnmp_pdu *pdu)
+{
+ struct agent_netsnmp_set_info *ptr;
+
+ for (ptr = Sets; ptr != NULL; ptr = ptr->next)
+ if (ptr->sess == sess && ptr->transID == pdu->transid)
+ break;
+
+ return ptr;
+}
+
+struct agent_netsnmp_set_info *
restore_set_vars(netsnmp_session * sess, netsnmp_pdu *pdu)
{
struct agent_netsnmp_set_info *ptr;
@@ -413,6 +427,14 @@ handle_agentx_packet(int operation, nets
* XXXWWW we have to map this twice to both RESERVE1 and RESERVE2
*/
DEBUGMSGTL(("agentx/subagent", " -> testset\n"));
+ asi = pending_trans_set_info(session, pdu);
+ if (asi) {
+ DEBUGMSGTL(("agentx/subagent",
+ "dropping testset retry for transid 0x%x in mode %d\n",
+ (unsigned)pdu->transid, asi->mode));
+ //SNMP_FREE(retmagic); XXX necessary?
+ return 1;
+ }
asi = save_set_vars(session, pdu);
if (asi == NULL) {
SNMP_FREE(smagic);
@@ -434,6 +456,13 @@ handle_agentx_packet(int operation, nets
send_agentx_error(session, pdu, AGENTX_ERR_PROCESSING_ERROR, 0);
return 1;
}
+ if (asi->req_pending) {
+ DEBUGMSGTL(("agentx/subagent",
+ "dropping commitset - request pending for transid 0x%x in mode %d\n",
+ (unsigned)pdu->transid, asi->mode));
+ //SNMP_FREE(retmagic); XXX necessary?
+ return 1;
+ }
if (asi->mode != SNMP_MSG_INTERNAL_SET_RESERVE2) {
SNMP_FREE(smagic);
snmp_log(LOG_WARNING,
@@ -456,6 +485,13 @@ handle_agentx_packet(int operation, nets
send_agentx_error(session, pdu, AGENTX_ERR_PROCESSING_ERROR, 0);
return 1;
}
+ if (asi->req_pending) {
+ DEBUGMSGTL(("agentx/subagent",
+ "dropping cleanupset - request pending for transid 0x%x in mode %d\n",
+ (unsigned)pdu->transid, asi->mode));
+ //SNMP_FREE(retmagic); XXX necessary?
+ return 1;
+ }
if (asi->mode == SNMP_MSG_INTERNAL_SET_RESERVE1 ||
asi->mode == SNMP_MSG_INTERNAL_SET_RESERVE2) {
asi->mode = pdu->command = SNMP_MSG_INTERNAL_SET_FREE;
@@ -481,6 +517,13 @@ handle_agentx_packet(int operation, nets
send_agentx_error(session, pdu, AGENTX_ERR_PROCESSING_ERROR, 0);
return 1;
}
+ if (asi->req_pending) {
+ DEBUGMSGTL(("agentx/subagent",
+ "dropping undoset - request pending for transid 0x%x in mode %d\n",
+ (unsigned)pdu->transid, asi->mode));
+ //SNMP_FREE(retmagic); XXX necessary?
+ return 1;
+ }
asi->mode = pdu->command = SNMP_MSG_INTERNAL_SET_UNDO;
mycallback = handle_subagent_set_response;
retmagic = asi;
@@ -516,6 +559,8 @@ handle_agentx_packet(int operation, nets
retmagic);
if (result == 0) {
snmp_free_pdu( internal_pdu );
+ } else if (asi) {
+ asi->req_pending = 1;
}
return 1;
}
@@ -637,6 +682,7 @@ handle_subagent_set_response(int op, net
{
netsnmp_session *retsess;
struct agent_netsnmp_set_info *asi;
+ int new_mode;
int result;
if (op != NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE || magic == NULL) {
@@ -645,15 +691,63 @@ handle_subagent_set_response(int op, net
DEBUGMSGTL(("agentx/subagent",
"handling agentx subagent set response (mode=%d,req=0x%x,"
- "trans=0x%x,sess=0x%x)\n",
+ "trans=0x%x,sess=0x%x,magic=%p)\n",
(unsigned)pdu->command, (unsigned)pdu->reqid,
- (unsigned)pdu->transid, (unsigned)pdu->sessid));
+ (unsigned)pdu->transid, (unsigned)pdu->sessid,
+ magic));
+
pdu = snmp_clone_pdu(pdu);
if (!pdu)
return 1;
asi = (struct agent_netsnmp_set_info *) magic;
+
+ DEBUGMSGTL(("agentx/subagent",
+ "set response in mode %d (errstat %d, req_pending %d)\n",
+ asi->mode, pdu->errstat, asi->req_pending));
+
+ asi->req_pending = 0;
retsess = asi->sess;
+
+ if (!snmp_sess_pointer(retsess) || retsess->sessid != pdu->sessid) {
+ DEBUGMSGTL(("agentx/subagent",
+ "session id 0x%x gone for set response (transid 0x%x, reqid 0x%x)\n",
+ (unsigned)pdu->sessid, (unsigned)pdu->transid, (unsigned)pdu->reqid));
+
+ result = 0;
+
+ if (!pdu->errstat) {
+ switch (asi->mode) {
+ case SNMP_MSG_INTERNAL_SET_RESERVE1:
+ case SNMP_MSG_INTERNAL_SET_RESERVE2:
+ new_mode = SNMP_MSG_INTERNAL_SET_FREE;
+ break;
+
+ case SNMP_MSG_INTERNAL_SET_ACTION:
+ new_mode = SNMP_MSG_INTERNAL_SET_UNDO;
+ break;
+
+ default:
+ new_mode = 0;
+ }
+
+ if (new_mode) {
+ asi->mode = pdu->command = new_mode;
+ result = snmp_async_send(agentx_callback_sess, pdu,
+ handle_subagent_set_response, asi);
+ }
+ }
+
+ if (result == 0) {
+ /* don't need to (or cannot) FREE/UNDO */
+ free_set_vars(retsess, pdu);
+ snmp_free_pdu(pdu);
+ } else {
+ asi->req_pending = 1;
+ }
+ return 1;
+ }
+
asi->errstat = pdu->errstat;
if (asi->mode == SNMP_MSG_INTERNAL_SET_RESERVE1) {
@@ -669,6 +763,8 @@ handle_subagent_set_response(int op, net
handle_subagent_set_response, asi);
if (result == 0) {
snmp_free_pdu( pdu );
+ } else {
+ asi->req_pending = 1;
}
DEBUGMSGTL(("agentx/subagent",
" going from RESERVE1 -> RESERVE2\n"));

34
net-snmp-5.9.4-suse-systemd-service-files.patch Normal file
View File

@ -0,0 +1,34 @@
diff -Nrup net-snmp-5.9.1-orig/dist/snmpd.service net-snmp-5.9.1/dist/snmpd.service
--- net-snmp-5.9.1-orig/dist/snmpd.service 2021-10-21 15:22:42.168690298 +0000
+++ net-snmp-5.9.1/dist/snmpd.service 2021-10-21 15:23:10.579979496 +0000
@@ -21,8 +21,11 @@ ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
# Type=notify is also supported. It should be set when snmpd.socket is not used.
-Type=simple
-ExecStart=/usr/sbin/snmpd -f
+Type=notify
+Environment=OPTIONS="-LS0-6d"
+EnvironmentFile=-/etc/sysconfig/snmpd
+ExecStart=/usr/sbin/snmpd $OPTIONS -f
+ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
diff -Nrup net-snmp-5.9.1-orig/dist/snmptrapd.service net-snmp-5.9.1/dist/snmptrapd.service
--- net-snmp-5.9.1-orig/dist/snmptrapd.service 2021-10-21 15:22:42.184689898 +0000
+++ net-snmp-5.9.1/dist/snmptrapd.service 2021-10-21 15:24:50.933468801 +0000
@@ -19,8 +19,11 @@ RestrictRealtime=true
# end of automatic additions
# Type=notify is also supported. It should be set when snmptrapd.socket is not
# used.
-Type=simple
-ExecStart=/usr/sbin/snmptrapd -f
+Type=notify
+Environment=OPTIONS="-Lsd"
+EnvironmentFile=-/etc/sysconfig/snmptrapd
+ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
+ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

49
net-snmp-5.9.4-systemd-no-utmp.patch Normal file
View File

@ -0,0 +1,49 @@
diff -uwr net-snmp-5.9.3.old/agent/Makefile.in net-snmp-5.9.3/agent/Makefile.in
--- net-snmp-5.9.3.old/agent/Makefile.in 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/agent/Makefile.in 2023-06-16 11:31:16.049538400 +0200
@@ -116,7 +116,7 @@
MIBLIB = libnetsnmpmibs.$(LIB_EXTENSION)$(LIB_VERSION)
LAGENTLIBS = @LAGENTLIBS@
-LMIBLIBS = @LMIBLIBS@
+LMIBLIBS = @LMIBLIBS@ -lsystemd
VAL_LIBS = @VAL_LIBS@
PERLLDOPTS_FOR_APPS = @PERLLDOPTS_FOR_APPS@
PERLLDOPTS_FOR_LIBS = @PERLLDOPTS_FOR_LIBS@
diff -uwr net-snmp-5.9.3.old/agent/mibgroup/host/hr_system.c net-snmp-5.9.3/agent/mibgroup/host/hr_system.c
--- net-snmp-5.9.3.old/agent/mibgroup/host/hr_system.c 2022-07-13 23:14:14.000000000 +0200
+++ net-snmp-5.9.3/agent/mibgroup/host/hr_system.c 2023-06-16 10:38:58.916026706 +0200
@@ -79,6 +79,11 @@
#include <sys/sysctl.h>
#endif
+#ifndef NETSNMP_NO_SYSTEMD
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-login.h>
+#endif
+
netsnmp_feature_require(date_n_time);
#if !defined(UTMP_FILE) && defined(_PATH_UTMP)
@@ -686,6 +691,11 @@
struct utmp *utmp_p;
#endif
+#ifndef NETSNMP_NO_SYSTEMD
+ if (sd_booted () > 0)
+ total = sd_get_sessions (NULL);
+ else {
+#endif
setutent();
while ((utmp_p = getutent()) != NULL) {
#ifndef UTMP_HAS_NO_TYPE
@@ -704,6 +714,9 @@
++total;
}
endutent();
+#ifndef NETSNMP_NO_SYSTEMD
+ }
+#endif
#else /* WIN32 */
/*
* TODO - Error checking.

99
net-snmp-5.9.4-testing-empty-arptable.patch Normal file
View File

@ -0,0 +1,99 @@
Index: net-snmp-5.7.2/testing/rfc1213/snmpfun.sh
===================================================================
--- net-snmp-5.7.2.orig/testing/rfc1213/snmpfun.sh
+++ net-snmp-5.7.2/testing/rfc1213/snmpfun.sh
@@ -1,4 +1,3 @@
-
# functions used by RFC-1213 MIB test modules
myport=$SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT
@@ -11,6 +10,23 @@ else
TEST_AUTHPRIV_PARMS="-l authNoPriv -a MD5 -A testpass"
fi
+check_skip_arp_tests ()
+{
+ #
+ # skip all tests relying on a filed arp table. e.g. on s390 boxes this
+ # does not have to be the case
+ #
+ TABLE_ENTRIES="at.atTable ip.ipNetToMediaTable"
+ ARP_COUNT=`/sbin/arp | grep -v incomplete | wc -l`
+ for entry in $TABLE_ENTRIES ; do
+ if [ "x$1" == "x$entry" -a $ARP_COUNT == 0 ] ; then
+ echo "skipping $1, because the arp table is empty." >&2
+ return 0
+ fi
+ done
+ return 1
+}
+
config()
{
rm -f $SNMP_CONFIG_FILE
@@ -54,25 +70,35 @@ get_snmpv3_variable()
get_snmp_table()
{
test_start "Access table $2 by SNMPv$1..."
- CAPTURE "snmpgetnext -Of -v $1 -c test $myport $2"
- CHECKFILE '' "\.$2\."
- if [ "$snmp_last_test_result" = 0 ] ; then
- test_finish FAIL
+ check_skip_arp_tests
+ if check_skip_arp_tests "$2" ; then
+ test_finish SKIPPED
else
- test_finish PASS
+ CAPTURE "snmpgetnext -Of -v $1 -c test $myport $2"
+ CHECKFILE '' "\.$2\."
+ if [ "$snmp_last_test_result" = 0 ] ; then
+ test_finish FAIL
+ else
+ test_finish PASS
+ fi
fi
}
get_snmpv3_table()
{
- test_start "Access table $2 by SNMPv3..."
- CAPTURE "snmpgetnext -Of -v 3 -u testrwuser $TEST_AUTHPRIV_PARMS $myport $2"
- CHECKFILE '' "\.$2\."
- if [ "$snmp_last_test_result" = 0 ] ; then
- test_finish FAIL
+ test_start "Access table $2 by SNMPv3..."
+ if check_skip_arp_tests "$2" ; then
+ test_finish SKIPPED
else
- test_finish PASS
+ CAPTURE "snmpgetnext -Of -v 3 -u testrwuser $TEST_AUTHPRIV_PARMS $myport $2"
+ CHECKFILE '' "\.$2\."
+ if [ "$snmp_last_test_result" = 0 ] ; then
+ test_finish FAIL
+ else
+ test_finish PASS
+ fi
fi
}
+
Index: net-snmp-5.7.2/testing/rfc1213/test_fun
===================================================================
--- net-snmp-5.7.2.orig/testing/rfc1213/test_fun
+++ net-snmp-5.7.2/testing/rfc1213/test_fun
@@ -51,6 +51,9 @@ test_finish()
if [ x$1 == x"PASS" ];then
pass_num=`expr $pass_num + 1`
pass_info "PASS\n"
+ elif [ x$1 == x"SKIPPED" ];then
+ pass_num=`expr $pass_num + 1`
+ pass_info "SKIPPED\n"
else
fail_num=`expr $fail_num + 1`
fail_info "FAIL\n"
@@ -66,3 +69,4 @@ summary()
fi
}
+

BIN
net-snmp-5.9.4.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

7
net-snmp-5.9.4.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRuZxiu8etcZcMtGyo1a8C1UtU8qwUCZNvg2QAKCRA1a8C1UtU8
qw8qAQDETiafcfGE3SBySaKHBbF29I0JoCgyQkMZcohhulta0gEA3VXykAg9M0S9
q/bjRz8lPTdz9tpYmiza9eXcYmQZcAA=
=PJkj
-----END PGP SIGNATURE-----

3
net-snmp-rpmlintrc Normal file
View File

@ -0,0 +1,3 @@
addFilter("net-snmp-devel.* files-duplicate.*man.*")
addFilter("net-snmp.*incoherent-init-script-name")
addFilter("perl-SNMP.* zero-length.*\.bs")

2
net-snmp-tmpfs.conf Normal file
View File

@ -0,0 +1,2 @@
d /run/net-snmp 0755 root root
L /var/agentx - - - - /run/agentx

1574
net-snmp.changes Normal file
View File

File diff suppressed because it is too large Load Diff

14
net-snmp.keyring Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZCtJmhYJKwYBBAHaRw8BAQdADrR3+vAhB8AXYe9RztKtuRKMRN1Dp/mQLqey
Tg6X/Iq0P05ldC1TTk1QIEFkbWluaXN0cmF0b3JzIDxuZXQtc25tcC1hZG1pbnNA
bGlzdHMuc291cmNlZm9yZ2UubmV0PoiZBBMWCgBBFiEEbmcYrvHrXGXDLRsqNWvA
tVLVPKsFAmQrSZoCGwMFCRLMAwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQNWvAtVLVPKtF1wEAk1Cs77LtOWb34kjLiVfZU4/RtbjpzhJAbjczgQAzRLwB
AJSr6kJ2UgVgTar5Rtuyd9jFKiopH56h46IFG79XkvQIuDgEZCtJmhIKKwYBBAGX
VQEFAQEHQBOKL1xzf/uUQOqpRWR6CbbIpSc/aFDRxiF/o85gN78aAwEIB4h+BBgW
CgAmFiEEbmcYrvHrXGXDLRsqNWvAtVLVPKsFAmQrSZoCGwwFCRLMAwAACgkQNWvA
tVLVPKuwlwEAxpTW8jjFkZXqo7MKxbdI5tGUfvhOAbcBDZpzqpOyCGkBAOMY/Am/
oAfYd5+tds3nCWhlvYGX/NuIvplVZSzNhsEA
=lV4S
-----END PGP PUBLIC KEY BLOCK-----

17
net-snmp.logrotate Normal file
View File

@ -0,0 +1,17 @@
/var/log/net-snmpd.log {
compress
dateext
maxage 365
rotate 99
size=+1024k
notifempty
missingok
create 600 root root
su root root
sharedscripts
postrotate
/usr/bin/systemctl try-reload-or-restart snmpd.service >/dev/null
/usr/bin/systemctl try-reload-or-restart snmptrapd.service >/dev/null
endscript
}

463
net-snmp.spec Normal file
View File

@ -0,0 +1,463 @@
#
# spec file for package net-snmp
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define netsnmp_logfile %{_localstatedir}/log/net-snmpd.log
%define netsnmp_agentx_socket_dir_fhs %{_rundir}/agentx
%define netsnmp_agentx_socket_dir_rfc %{_localstatedir}/agentx
# Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
%ifnarch s390 s390x
%define netsnmp_with_sensors 1
%endif
%define libname libsnmp40
%bcond_without python2
Name: net-snmp
Version: 5.9.4
Release: 0
Summary: SNMP Daemon
License: BSD-3-Clause AND MIT
Group: Productivity/Networking/Other
URL: https://sourceforge.net/projects/net-snmp
Source: https://sourceforge.net/projects/net-snmp/files/net-snmp/%{version}/%{name}-%{version}.tar.gz
Source1: snmpd.conf
Source2: README.SUSE
Source3: net-snmp.logrotate
Source4: test_installed
Source7: https://sourceforge.net/projects/net-snmp/files/net-snmp/%{version}/%{name}-%{version}.tar.gz.asc
Source8: http://www.net-snmp.org/net-snmp-admin.asc#/%{name}.keyring
Source10: snmpd.sysconfig
Source11: snmptrapd.sysconfig
Source20: net-snmp-tmpfs.conf
Source98: net-snmp-rpmlintrc
Source99: baselibs.conf
Patch1: net-snmp-5.9.4-socket-path.patch
Patch2: net-snmp-5.9.4-testing-empty-arptable.patch
Patch3: net-snmp-5.9.4-pie.patch
Patch4: net-snmp-5.9.4-net-snmp-config-headercheck.patch
Patch5: net-snmp-5.9.4-perl-tk-warning.patch
Patch6: net-snmp-5.9.4-snmpstatus-suppress-output.patch
Patch7: net-snmp-5.9.4-fix-Makefile.PL.patch
Patch8: net-snmp-5.9.4-modern-rpm-api.patch
Patch9: net-snmp-5.9.4-add-lustre-fs-support.patch
Patch10: net-snmp-5.9.4-harden_snmpd.service.patch
Patch11: net-snmp-5.9.4-harden_snmptrapd.service.patch
Patch12: net-snmp-5.9.4-suse-systemd-service-files.patch
Patch13: net-snmp-5.9.4-fix-create-v3-user-outfile.patch
Patch14: net-snmp-5.9.4-subagent-set-response.patch
Patch15: net-snmp-5.9.4-fixed-python2-bindings.patch
Patch16: net-snmp-5.9.4-add-netgroups-functionality.patch
Patch17: net-snmp-5.9.4-systemd-no-utmp.patch
BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: ncurses-devel
BuildRequires: openssl-devel
BuildRequires: procps
BuildRequires: python-rpm-macros
BuildRequires: rpm-devel
BuildRequires: systemd-devel
BuildRequires: systemd-rpm-macros
BuildRequires: tcpd-devel
Requires: logrotate
Requires: perl-SNMP = %{version}
Requires: perl-TermReadKey
Requires(post): %fillup_prereq
%if 0%{?netsnmp_with_sensors}
BuildRequires: libsensors4-devel
%endif
%if 0%{?suse_version} >= 1550
# TW: generate subpackages for every python3 flavor
%define python_subpackage_only 1
%python_subpackages
%else
# same "defaults" for all distributions, used in files section
%define python_files() -n python3-%{**}
%define python_sitearch %{python3_sitearch}
%endif
%description
Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c
and SNMP v3 using both IPv4 and IPv6. The suite includes:
- An extensible agent for responding to SNMP queries including built-in
support for a wide range of MIB information modules
- Command-line applications to retrieve and manipulate information from
SNMP-capable devices
- A daemon application for receiving SNMP notifications
- A library for developing new SNMP applications, with C and Perl APIs
- A graphical MIB browser.
This package was originally based on the CMU 2.1.2.1 snmp code. It was
renamed from cmu-snmp to ucd-snmp in 1995 and later renamed from ucd-snmp
to net-snmp in November 2000.
%package -n %{libname}
Summary: Shared Libraries from net-snmp
License: BSD-3-Clause AND MIT
Group: System/Libraries
Requires: perl-base = %{perl_version}
Requires: snmp-mibs >= %{version}
# Version 5.9.2 was wrongly packaging .so.39 in libsnmp40
Conflicts: libsnmp40 <= 5.9.2
%description -n %{libname}
Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c
and SNMP v3 using both IPv4 and IPv6. The suite includes:
* An extensible agent for responding to SNMP queries including built-in
support for a wide range of MIB information modules
* Command-line applications to retrieve and manipulate information from
SNMP-capable devices
* A daemon application for receiving SNMP notifications
* A library for developing new SNMP applications, with C and Perl APIs
* A graphical MIB browser.
This package holds the shared libraries from the net-snmp package.
%package devel
Summary: Development files from net-snmp
License: BSD-3-Clause AND MIT
Group: Development/Libraries/C and C++
Requires: %{libname} = %{version}
# for mib2c
Requires: perl
Requires: perl-SNMP = %{version}
Requires: rpm-devel
Requires: tcpd-devel
Requires: zlib-devel
Requires: pkgconfig(libssl)
%if 0%{?netsnmp_with_sensors}
Requires: libsensors4-devel
%endif
%description devel
Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c
and SNMP v3 using both IPv4 and IPv6. The suite includes:
* An extensible agent for responding to SNMP queries including built-in
support for a wide range of MIB information modules
* Command-line applications to retrieve and manipulate information from
SNMP-capable devices
* A daemon application for receiving SNMP notifications
* A library for developing new SNMP applications, with C and Perl APIs
* A graphical MIB browser.
This package holds the development headers, libraries and API documentation
from the net-snmp package.
%package -n snmp-mibs
Summary: MIB files from net-snmp
License: BSD-3-Clause AND MIT
Group: Productivity/Networking/Other
%description -n snmp-mibs
Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c
and SNMP v3 using both IPv4 and IPv6. The suite includes:
- An extensible agent for responding to SNMP queries including built-in
support for a wide range of MIB information modules
- Command-line applications to retrieve and manipulate information from
SNMP-capable devices
- A daemon application for receiving SNMP notifications
- A library for developing new SNMP applications, with C and Perl APIs
- A graphical MIB browser.
This package holds the MIB files from the net-snmp package.
%package -n perl-SNMP
Summary: Perl5 SNMP Extension Module
License: GPL-2.0-or-later
Group: Development/Libraries/Perl
Requires: %{name} = %{version}
Requires: perl-base = %{perl_version}
%description -n perl-SNMP
The Perl5 'SNMP' Extension Module v3.1.0 for the UCD SNMPv3 library.
%if 0%{?python_subpackage_only}
%package -n python-%{name}
Summary: The Python 3 'netsnmp' module for the Net-SNMP
License: BSD-3-Clause AND MIT
Group: Development/Libraries/Python
Requires: %{libname} = %{version}
%description -n python-%{name}
The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3,
SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the
Net-SNMP toolkit library.
%else
%package -n python2-%{name}
Summary: The Python 'netsnmp' module for the Net-SNMP
License: BSD-3-Clause AND MIT
Group: Development/Libraries/Python
Requires: %{libname} = %{version}
Provides: %{name}-python = %{version}
Obsoletes: %{name}-python < %{version}
Provides: python-%{name} = %{version}
%description -n python2-%{name}
The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3,
SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the
Net-SNMP toolkit library.
%package -n python3-%{name}
Summary: The Python 3 'netsnmp' module for the Net-SNMP
License: BSD-3-Clause AND MIT
Group: Development/Libraries/Python
Requires: %{libname} = %{version}
%description -n python3-%{name}
The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3,
SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the
Net-SNMP toolkit library.
%endif
%prep
%setup -q
%autopatch -p1
%build
MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib smux \
ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
ip-mib/ipDefaultRouterTable ip-mib/ipAddressPrefixTable \
ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \
tsm-mib tlstm-mib"
%if 0%{?netsnmp_with_sensors}
MIBS="$MIBS ucd-snmp/lmsensorsMib"
%endif
%configure \
--with-sys-contact="root@localhost" \
--with-sys-location="unknown" \
--with-mib-modules="$MIBS" \
--with-cflags="%{optflags} -fcommon" \
--with-ldflags="-Wl,-z,relro -Wl,-z,now" \
--with-persistent-directory="%{_localstatedir}/lib/net-snmp" \
--with-agentx-socket="%{netsnmp_agentx_socket_dir_fhs}/master" \
--with-temp-file-pattern=%{_localstatedir}/run/net-snmp/snmp-tmp-XXXXXX \
--with-logfile="%{netsnmp_logfile}" \
--with-libwrap="%{_prefix}" \
--with-perl-modules="INSTALLDIRS=vendor" \
--with-defaults \
--with-pic \
--sysconfdir=%{_sysconfdir} \
--enable-shared \
--disable-static \
--enable-as-needed \
--without-root-access \
--enable-local-smux \
--enable-ipv6 \
--enable-ucd-snmp-compatibility \
--enable-mfd-rewrites \
--with-security-modules=tsm,usm \
--with-transports=TLSTCP,DTLSUDP \
--with-systemd \
--with-openssl \
--enable-blumenthal-aes \
--disable-des \
--disable-md5
# Parallel build deps not properly stated
%make_build -j1
pushd python
%python_exec setup.py build --basedir="../"
popd
%install
%make_install INSTALL_PREFIX=%{buildroot}
install -Dd %{buildroot}%{_localstatedir}/log %{buildroot}%{_localstatedir}/lib/net-snmp %{buildroot}%{_libexecdir}/net-snmp/agents %{buildroot}%{netsnmp_agentx_socket_dir_fhs}
install -D -m 0644 dist/snmpd.service %{buildroot}%{_unitdir}/snmpd.service
install -D -m 0644 dist/snmptrapd.service %{buildroot}%{_unitdir}/snmptrapd.service
install -D -m 0600 %{SOURCE1} %{buildroot}%{_sysconfdir}/snmp/snmpd.conf
install -m 0644 %{SOURCE2} .
%if 0%{?suse_version} > 1500
mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
install -D -m 0644 %{SOURCE3} %{buildroot}%{_distconfdir}/logrotate.d/net-snmp
%else
install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/net-snmp
%endif
install -m 0744 %{SOURCE4} testing/
ln -sf service %{buildroot}%{_sbindir}/rcsnmpd
ln -sf service %{buildroot}%{_sbindir}/rcsnmptrapd
install -m 0644 /dev/null %{buildroot}%{netsnmp_logfile}
pushd perl
%perl_make_install
%perl_process_packlist
rm -f %{buildroot}/%{perl_vendorarch}/Bundle/Makefile.subs.pl
popd
pushd python
%python_install
popd
grep -a -v "^#define PACKAGE" %{buildroot}%{_includedir}/net-snmp/net-snmp-config.h > \
%{buildroot}%{_includedir}/net-snmp/net-snmp-config.h.new
mv %{buildroot}%{_includedir}/net-snmp/net-snmp-config.h{.new,}
install -D -m 0644 %{SOURCE10} %{buildroot}%{_fillupdir}/sysconfig.snmpd
install -D -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}/sysconfig.snmptrapd
# tmpfiles
install -m 755 -d %{buildroot}/%{_tmpfilesdir}
install -m 644 %{SOURCE20} %{buildroot}/%{_tmpfilesdir}/net-snmp.conf
#
ln -s -f %{netsnmp_agentx_socket_dir_fhs} %{buildroot}%{netsnmp_agentx_socket_dir_rfc}
#
find %{buildroot} -type f -name "*.la" -delete -print
%pre
%service_add_pre snmpd.service snmptrapd.service
%if 0%{?suse_version} > 1500
# Prepare for migration to /usr/etc; save any old .rpmsave
for i in logrotate.d/net-snmp ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%endif
%if 0%{?suse_version} > 1500
%posttrans
# Migration to /usr/etc, restore just created .rpmsave
for i in logrotate.d/net-snmp ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
%post
%fillup_only -n snmpd
%fillup_only -n snmptrapd
%tmpfiles_create %{_tmpfilesdir}/net-snmp.conf
%service_add_post snmpd.service snmptrapd.service
%preun
%service_del_preun snmpd.service snmptrapd.service
%postun
%service_del_postun snmpd.service snmptrapd.service
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files
%license COPYING
%doc AGENT.txt EXAMPLE.conf EXAMPLE.conf.def
%doc FAQ NEWS TODO CHANGES
%doc README README.agent-mibs README.agentx README.krb5 README.snmpv3 README.thread
%dir %{_sysconfdir}/snmp
%config(noreplace) %{_sysconfdir}/snmp/snmpd.conf
%{_unitdir}/snmpd.service
%{_unitdir}/snmptrapd.service
%{_tmpfilesdir}/net-snmp.conf
%{_bindir}/encode_keychange
%{_bindir}/fixproc
%{_bindir}/ipf-mod.pl
%{_bindir}/net-snmp-config
%{_bindir}/snmpbulkget
%{_bindir}/snmpbulkwalk
%{_bindir}/snmpcheck
%{_bindir}/snmpconf
%{_bindir}/snmpdelta
%{_bindir}/snmpdf
%{_bindir}/snmpget
%{_bindir}/snmpgetnext
%{_bindir}/snmpinform
%{_bindir}/snmpnetstat
%{_bindir}/snmpset
%{_bindir}/snmpstatus
%{_bindir}/snmptable
%{_bindir}/snmptest
%{_bindir}/snmptls
%{_bindir}/snmptranslate
%{_bindir}/snmptrap
%{_bindir}/snmpusm
%{_bindir}/snmpvacm
%{_bindir}/snmpwalk
%{_bindir}/traptoemail
%{_bindir}/net-snmp-create-v3-user
%{_bindir}/net-snmp-cert
%{_bindir}/agentxtrap
%{_bindir}/snmp-bridge-mib
%{_bindir}/checkbandwidth
%{_bindir}/snmpping
%{_bindir}/snmpps
%{_bindir}/snmptop
%dir %{_libexecdir}/net-snmp
%dir %{_libexecdir}/net-snmp/agents
%{_mandir}/man[158]/*
%{_sbindir}/*
%{_localstatedir}/lib/net-snmp
%dir %ghost %attr(700,root,root) %{netsnmp_agentx_socket_dir_fhs}
%ghost %{netsnmp_logfile}
%if 0%{?suse_version} > 1500
%{_distconfdir}/logrotate.d/net-snmp
%else
%config(noreplace) %{_sysconfdir}/logrotate.d/net-snmp
%endif
%{_fillupdir}/sysconfig.snmpd
%{_fillupdir}/sysconfig.snmptrapd
%{netsnmp_agentx_socket_dir_rfc}
%{_datadir}/snmp/snmpconf-data/
%{_datadir}/snmp/snmp_perl.pl
%{_datadir}/snmp/snmp_perl_trapd.pl
%files -n snmp-mibs
%dir %{_datadir}/snmp
%{_datadir}/snmp/mibs/
%files -n %{libname}
%license COPYING
%{_libdir}/libsnmp*.so.*
%{_libdir}/libnetsnmp*.so.*
%files devel
%doc ChangeLog PORTING
%{_mandir}/man3/*
%{_includedir}/ucd-snmp
%{_includedir}/net-snmp
%{_libdir}/libsnmp*.so
%{_libdir}/libnetsnmp*.so
%{_libdir}/pkgconfig/netsnmp-agent.pc
%{_libdir}/pkgconfig/netsnmp.pc
%{_bindir}/mib2c
%{_bindir}/mib2c-update
%{_datadir}/snmp/mib2c*
%files -n perl-SNMP
%{perl_vendorarch}/auto/SNMP
%{perl_vendorarch}/auto/NetSNMP
%{perl_vendorarch}/Bundle
%{perl_vendorarch}/SNMP.pm
%{perl_vendorarch}/NetSNMP
%{_bindir}/tkmib
%if %{with python2} && ! 0%{?python_subpackage_only}
%files -n python2-%{name}
%doc README
%{python2_sitearch}/*
%endif
%files %{python_files %{name}}
%doc README
%{python_sitearch}/*
%changelog

19
snmpd.conf Normal file
View File

@ -0,0 +1,19 @@
# Please see /usr/share/doc/packages/net-snmp/EXAMPLE.conf for a
# more complete example and snmpd.conf(5).
#
# Writing is disabled by default for security reasons. If you'd like
# to enable it uncomment the rwcommunity line and change the community
# name to something nominally secure (keeping in mind that this is
# transmitted in clear text).
# don't use ' < > in strings for syslocation or syscontact
# Note that if you define the following here you won't be able to change
# them with snmpset
syslocation Server Room
syscontact Sysadmin (root@localhost)
# These really aren't meant for production use. They include all MIBS
# and can use considerable resources. See snmpd.conf(5) for information
# on setting up groups and limiting MIBS.
rocommunity public 127.0.0.1
# rwcommunity mysecret 127.0.0.1

9
snmpd.sysconfig Normal file
View File

@ -0,0 +1,9 @@
## Path: System/Net-SNMP
## Description: snmpd command line options
## Type: string
## Default: ""
#
# '-f' is implicitly added by snmptrapd systemd unit file
# OPTIONS="-L60-6d"
#
OPTIONS=""

9
snmptrapd.sysconfig Normal file
View File

@ -0,0 +1,9 @@
## Path: System/Net-SNMP
## Description: snmptrapd command line options
## Type: string
## Default: ""
#
# '-f' is implicitly added by snmptrapd systemd unit file
# OPTIONS="-Lsd"
#
OPTIONS=""

14
test_installed Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
#
# ckm@suse.com
# runs the test suite on the installed package instead of in the build
# tree, really only useful for QA
base=/usr/share/doc/packages/net-snmp/testing
export PATH="/bin:/usr/bin:/sbin:/usr/sbin:${base}"
export MIBDIRS=/usr/share/snmp/mibs
rcsnmpd stop &>/dev/null
cd ${base} || exit 1
RUNTESTS -a