From a33f5dbc3da909d14ee579a7ac22d4a313a884a8a22a1ab01fe019e7fe347f96 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 21 Nov 2024 08:43:43 +0000 Subject: [PATCH] - logrotate should use reload instead of restart (bsc#1232030) OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-snmp?expand=0&rev=65 --- .gitattributes | 23 + .gitignore | 1 + README.SUSE | 41 + baselibs.conf | 4 + net-snmp-5.9.4-add-lustre-fs-support.patch | 11 + ...mp-5.9.4-add-netgroups-functionality.patch | 402 +++++ net-snmp-5.9.4-fix-Makefile.PL.patch | 24 + ...nmp-5.9.4-fix-create-v3-user-outfile.patch | 12 + net-snmp-5.9.4-fixed-python2-bindings.patch | 20 + net-snmp-5.9.4-harden_snmpd.service.patch | 19 + net-snmp-5.9.4-harden_snmptrapd.service.patch | 19 + net-snmp-5.9.4-modern-rpm-api.patch | 86 + ...mp-5.9.4-net-snmp-config-headercheck.patch | 84 + net-snmp-5.9.4-perl-tk-warning.patch | 17 + net-snmp-5.9.4-pie.patch | 24 + ...nmp-5.9.4-snmpstatus-suppress-output.patch | 140 ++ net-snmp-5.9.4-socket-path.patch | 13 + net-snmp-5.9.4-subagent-set-response.patch | 187 ++ ...nmp-5.9.4-suse-systemd-service-files.patch | 34 + net-snmp-5.9.4-systemd-no-utmp.patch | 49 + net-snmp-5.9.4-testing-empty-arptable.patch | 99 ++ net-snmp-5.9.4.tar.gz | 3 + net-snmp-5.9.4.tar.gz.asc | 7 + net-snmp-rpmlintrc | 3 + net-snmp-tmpfs.conf | 2 + net-snmp.changes | 1574 +++++++++++++++++ net-snmp.keyring | 14 + net-snmp.logrotate | 17 + net-snmp.spec | 463 +++++ snmpd.conf | 19 + snmpd.sysconfig | 9 + snmptrapd.sysconfig | 9 + test_installed | 14 + 33 files changed, 3443 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 README.SUSE create mode 100644 baselibs.conf create mode 100644 net-snmp-5.9.4-add-lustre-fs-support.patch create mode 100644 net-snmp-5.9.4-add-netgroups-functionality.patch create mode 100644 net-snmp-5.9.4-fix-Makefile.PL.patch create mode 100644 net-snmp-5.9.4-fix-create-v3-user-outfile.patch create mode 100644 net-snmp-5.9.4-fixed-python2-bindings.patch create mode 100644 net-snmp-5.9.4-harden_snmpd.service.patch create mode 100644 net-snmp-5.9.4-harden_snmptrapd.service.patch create mode 100644 net-snmp-5.9.4-modern-rpm-api.patch create mode 100644 net-snmp-5.9.4-net-snmp-config-headercheck.patch create mode 100644 net-snmp-5.9.4-perl-tk-warning.patch create mode 100644 net-snmp-5.9.4-pie.patch create mode 100644 net-snmp-5.9.4-snmpstatus-suppress-output.patch create mode 100644 net-snmp-5.9.4-socket-path.patch create mode 100644 net-snmp-5.9.4-subagent-set-response.patch create mode 100644 net-snmp-5.9.4-suse-systemd-service-files.patch create mode 100644 net-snmp-5.9.4-systemd-no-utmp.patch create mode 100644 net-snmp-5.9.4-testing-empty-arptable.patch create mode 100644 net-snmp-5.9.4.tar.gz create mode 100644 net-snmp-5.9.4.tar.gz.asc create mode 100644 net-snmp-rpmlintrc create mode 100644 net-snmp-tmpfs.conf create mode 100644 net-snmp.changes create mode 100644 net-snmp.keyring create mode 100644 net-snmp.logrotate create mode 100644 net-snmp.spec create mode 100644 snmpd.conf create mode 100644 snmpd.sysconfig create mode 100644 snmptrapd.sysconfig create mode 100644 test_installed diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..57da683 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,41 @@ +An SNMP agent is a powerful and complex software and, as such, may +be affected by flaws and security issues. We recommend that SNMP +access (161/udp,162/udp) be blocked at your firewall. + +There are also some important changes that have been made in this release +of our package: + + o the daemon now sets a PID file in /var/run/ + + o logging is now done directly to /var/log/net-snmpd.log instead + of sending stderr/stdout through syslog. + + o the daemon is now started with the '-r'. This option prevents + snmpd from exiting if it doesn't have permission to read something. + This only occurs if you start snmpd on a high port as a non-root + root user. + + o If you need to run snmptrapd, we've provided an init script + in /etc/init.d/snmptrapd, but the service is disabled by default. + SNMP traps should be avoided whenever possible because they are + unreliable (you should poll with snmpget instead) and snmptrapd + has been the source of many of the security problems with SNMP + so please don't run this unless you are sure of what you are doing. + To enable the service, run + chkconfig snmptrapd on + and create a configuration file named /etc/snmp/snmptrapd.conf. + Then, start the daemon with + rcsnmptrapd start + Logging is done to /var/log/net-snmpd.log. + + For more information see the manpages for snmptrapd and snmptrapd.conf. + + o Master AgentX support is enabled if you have modules in + /usr/lib/net-snmp/agents. The domain socket is created as + /var/run/agentx/master. You can change this to a network + interface if needed (see snmpd(1)). The snmpd init script + automatically detects and starts any sub-agents in placed into + /var/lib/net-snmp. + +More documentation on the net-snmp package can be found in this directory +as well as the project's homepage: http://www.net-snmp.org/ diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..92c6ebb --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,4 @@ +libsnmp40 +net-snmp-devel + requires -net-snmp- + requires "libsnmp40- = " diff --git a/net-snmp-5.9.4-add-lustre-fs-support.patch b/net-snmp-5.9.4-add-lustre-fs-support.patch new file mode 100644 index 0000000..6a3fb9b --- /dev/null +++ b/net-snmp-5.9.4-add-lustre-fs-support.patch @@ -0,0 +1,11 @@ +diff -Nurp net-snmp-5.9.1-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.9.1/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- net-snmp-5.9.1-orig/agent/mibgroup/hardware/fsys/fsys_mntent.c 2021-10-14 10:41:53.432186916 +0000 ++++ net-snmp-5.9.1/agent/mibgroup/hardware/fsys/fsys_mntent.c 2021-10-18 06:24:35.385893383 +0000 +@@ -75,6 +75,7 @@ static const char *other_fs[] = { + "jfs", + "jffs2", + "lofs", ++ "lustre", + "mvfs", + "nsspool", + "nssvol", diff --git a/net-snmp-5.9.4-add-netgroups-functionality.patch b/net-snmp-5.9.4-add-netgroups-functionality.patch new file mode 100644 index 0000000..53edd8c --- /dev/null +++ b/net-snmp-5.9.4-add-netgroups-functionality.patch @@ -0,0 +1,402 @@ +commit d047b54f874f392f97ffce8d51f49729e1c78225 +Author: Alexander Bergmann +Date: Fri Mar 10 15:23:35 2023 +0100 + + Create sub-function to parse source address and network mask + + Function netsnmp_udp_resolve_source was introduced to handle the source + address and network mask parsing into in_addr structures. + +diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c +index 2724cf2191..3ad33d4bc5 100644 +--- a/snmplib/transports/snmpUDPDomain.c ++++ b/snmplib/transports/snmpUDPDomain.c +@@ -98,6 +98,58 @@ netsnmp_udp_fmtaddr(netsnmp_transport *t, const void *data, int len) + return netsnmp_ipv4_fmtaddr("UDP", t, data, len); + } + ++static int ++netsnmp_udp_resolve_source(char *source, struct in_addr *network, ++ struct in_addr *mask) ++{ ++ /* Split the source/netmask parts */ ++ char *strmask = strchr(source, '/'); ++ if (strmask != NULL) ++ /* Mask given. */ ++ *strmask++ = '\0'; ++ ++ /* Try interpreting as a dotted quad. */ ++ if (inet_pton(AF_INET, source, network) == 0) { ++ /* Nope, wasn't a dotted quad. Must be a hostname. */ ++ int ret = netsnmp_gethostbyname_v4(source, &(network->s_addr)); ++ if (ret < 0) { ++ config_perror("cannot resolve source hostname"); ++ return ret; ++ } ++ } ++ ++ /* Now work out the mask. */ ++ if (strmask == NULL || *strmask == '\0') { ++ /* No mask was given. Assume /32 */ ++ mask->s_addr = (in_addr_t)(~0UL); ++ } else { ++ /* Try to interpret mask as a "number of 1 bits". */ ++ char* cp; ++ long maskLen = strtol(strmask, &cp, 10); ++ if (*cp == '\0') { ++ if (0 < maskLen && maskLen <= 32) ++ mask->s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen))); ++ else if (maskLen == 0) ++ mask->s_addr = 0; ++ else { ++ config_perror("bad mask length"); ++ return -1; ++ } ++ } ++ /* Try to interpret mask as a dotted quad. */ ++ else if (inet_pton(AF_INET, strmask, mask) == 0) { ++ config_perror("bad mask"); ++ return -1; ++ } ++ ++ /* Check that the network and mask are consistent. */ ++ if (network->s_addr & ~mask->s_addr) { ++ config_perror("source/mask mismatch"); ++ return -1; ++ } ++ } ++ return 0; ++} + + #if defined(HAVE_IP_PKTINFO) || (defined(HAVE_IP_RECVDSTADDR) && defined(HAVE_IP_SENDSRCADDR)) + +@@ -375,52 +427,10 @@ netsnmp_udp_parse_security(const char *token, char *param) + negate = 0; + sourcep = source; + } +- +- /* Split the source/netmask parts */ +- strmask = strchr(sourcep, '/'); +- if (strmask != NULL) +- /* Mask given. */ +- *strmask++ = '\0'; +- +- /* Try interpreting as a dotted quad. */ +- if (inet_pton(AF_INET, sourcep, &network) == 0) { +- /* Nope, wasn't a dotted quad. Must be a hostname. */ +- int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr); +- if (ret < 0) { +- config_perror("cannot resolve IPv4 source hostname"); +- return; +- } +- } +- +- /* Now work out the mask. */ +- if (strmask == NULL || *strmask == '\0') { +- /* No mask was given. Assume /32 */ +- mask.s_addr = (in_addr_t)(~0UL); +- } else { +- /* Try to interpret mask as a "number of 1 bits". */ +- char* cp; +- long maskLen = strtol(strmask, &cp, 10); +- if (*cp == '\0') { +- if (0 < maskLen && maskLen <= 32) +- mask.s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen))); +- else if (0 == maskLen) +- mask.s_addr = 0; +- else { +- config_perror("bad mask length"); +- return; +- } +- } +- /* Try to interpret mask as a dotted quad. */ +- else if (inet_pton(AF_INET, strmask, &mask) == 0) { +- config_perror("bad mask"); +- return; +- } +- +- /* Check that the network and mask are consistent. */ +- if (network.s_addr & ~mask.s_addr) { +- config_perror("source/mask mismatch"); +- return; +- } ++ /* Parse source address and network mask. */ ++ if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) { ++ config_perror("source address/network mask parsing issue"); ++ return; + } + } + +commit a2559914d8d8132f155a81c0852cbbd2090d2d40 +Author: Alexander Bergmann +Date: Fri Mar 10 15:25:10 2023 +0100 + + Create sub-function to check the com2SecEntry_create return code + + The return code interpretation of the netsnmp_udp_com2SecEntry_create + function is now done inside a new sub-function. + +diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c +index 3ad33d4bc5..5904a1b423 100644 +--- a/snmplib/transports/snmpUDPDomain.c ++++ b/snmplib/transports/snmpUDPDomain.c +@@ -346,6 +346,33 @@ netsnmp_udp_com2SecEntry_create(com2SecEntry **entryp, const char *community, + return C2SE_ERR_SUCCESS; + } + ++void ++netsnmp_udp_com2SecEntry_check_return_code(int rc) ++{ ++ /* ++ * Check return code of the newly created com2Sec entry. ++ */ ++ switch(rc) { ++ case C2SE_ERR_SUCCESS: ++ break; ++ case C2SE_ERR_CONTEXT_TOO_LONG: ++ config_perror("context name too long"); ++ break; ++ case C2SE_ERR_COMMUNITY_TOO_LONG: ++ config_perror("community name too long"); ++ break; ++ case C2SE_ERR_SECNAME_TOO_LONG: ++ config_perror("security name too long"); ++ break; ++ case C2SE_ERR_MASK_MISMATCH: ++ config_perror("source/mask mismatch"); ++ break; ++ case C2SE_ERR_MISSING_ARG: ++ default: ++ config_perror("unexpected error; could not create com2SecEntry"); ++ } ++} ++ + void + netsnmp_udp_parse_security(const char *token, char *param) + { +@@ -440,25 +467,7 @@ netsnmp_udp_parse_security(const char *token, char *param) + */ + rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, + &network, &mask, negate); +- switch(rc) { +- case C2SE_ERR_SUCCESS: +- break; +- case C2SE_ERR_CONTEXT_TOO_LONG: +- config_perror("context name too long"); +- break; +- case C2SE_ERR_COMMUNITY_TOO_LONG: +- config_perror("community name too long"); +- break; +- case C2SE_ERR_SECNAME_TOO_LONG: +- config_perror("security name too long"); +- break; +- case C2SE_ERR_MASK_MISMATCH: +- config_perror("source/mask mismatch"); +- break; +- case C2SE_ERR_MISSING_ARG: +- default: +- config_perror("unexpected error; could not create com2SecEntry"); +- } ++ netsnmp_udp_com2SecEntry_check_return_code(rc); + } + + void +commit 20e2bb7d75c391f5cfde1eb8b8676aff68f3a5f5 +Author: Alexander Bergmann +Date: Fri Mar 10 15:31:41 2023 +0100 + + Add '@' netgroup functionality + + Allow access control via netgroups defined in /etc/netgroup or NIS/LDAP + via the '@' sign inside the configuration file. Same as IP addresses and + host names. + +diff --git a/configure b/configure +index 575b60c4d2..82414664cf 100755 +--- a/configure ++++ b/configure +@@ -31221,6 +31221,12 @@ if test "x$ac_cv_func_closedir" = xyes + then : + printf "%s\n" "#define HAVE_CLOSEDIR 1" >>confdefs.h + ++fi ++ac_fn_c_check_func "$LINENO" "endnetgrent" "ac_cv_func_endnetgrent" ++if test "x$ac_cv_func_endnetgrent" = xyes ++then : ++ printf "%s\n" "#define HAVE_ENDNETGRENT 1" >>confdefs.h ++ + fi + ac_fn_c_check_func "$LINENO" "fgetc_unlocked" "ac_cv_func_fgetc_unlocked" + if test "x$ac_cv_func_fgetc_unlocked" = xyes +@@ -31257,6 +31263,12 @@ if test "x$ac_cv_func_getlogin" = xyes + then : + printf "%s\n" "#define HAVE_GETLOGIN 1" >>confdefs.h + ++fi ++ac_fn_c_check_func "$LINENO" "getnetgrent" "ac_cv_func_getnetgrent" ++if test "x$ac_cv_func_getnetgrent" = xyes ++then : ++ printf "%s\n" "#define HAVE_GETNETGRENT 1" >>confdefs.h ++ + fi + ac_fn_c_check_func "$LINENO" "if_nametoindex" "ac_cv_func_if_nametoindex" + if test "x$ac_cv_func_if_nametoindex" = xyes +@@ -31305,6 +31317,12 @@ if test "x$ac_cv_func_setlocale" = xyes + then : + printf "%s\n" "#define HAVE_SETLOCALE 1" >>confdefs.h + ++fi ++ac_fn_c_check_func "$LINENO" "setnetgrent" "ac_cv_func_setnetgrent" ++if test "x$ac_cv_func_setnetgrent" = xyes ++then : ++ printf "%s\n" "#define HAVE_SETNETGRENT 1" >>confdefs.h ++ + fi + ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid" + if test "x$ac_cv_func_setsid" = xyes +diff --git a/configure.d/config_os_functions b/configure.d/config_os_functions +index b921f8cd7b..0915928e21 100644 +--- a/configure.d/config_os_functions ++++ b/configure.d/config_os_functions +@@ -25,12 +25,14 @@ AC_TYPE_SIGNAL + AC_CHECK_FUNCS([rand random srand srandom lrand48 srand48]) + + # Library: +-AC_CHECK_FUNCS([asprintf closedir fgetc_unlocked ] dnl ++AC_CHECK_FUNCS([asprintf closedir endnetgrent ] dnl ++ [fgetc_unlocked ] dnl + [flockfile funlockfile getipnodebyname ] dnl +- [gettimeofday getlogin ] dnl ++ [gettimeofday getlogin getnetgrent ] dnl + [if_nametoindex mkstemp ] dnl + [opendir readdir regcomp ] dnl + [setenv setitimer setlocale ] dnl ++ [setnetgrent ] dnl + [setsid snprintf strcasestr ] dnl + [strdup strerror strncasecmp ] dnl + [sysconf times vsnprintf ] ) +diff --git a/include/net-snmp/net-snmp-config.h.in b/include/net-snmp/net-snmp-config.h.in +index 89b2ca116d..5efbf12400 100644 +--- a/include/net-snmp/net-snmp-config.h.in ++++ b/include/net-snmp/net-snmp-config.h.in +@@ -183,6 +183,9 @@ + /* Define to 1 if you have the `endfsent' function. */ + #undef HAVE_ENDFSENT + ++/* Define to 1 if you have the `endnetgrent' function. */ ++#undef HAVE_ENDNETGRENT ++ + /* Define to 1 if you have the `ERR_get_error_all' function. */ + #undef HAVE_ERR_GET_ERROR_ALL + +@@ -294,6 +297,9 @@ + /* Define to 1 if you have the `getmntinfo' function. */ + #undef HAVE_GETMNTINFO + ++/* Define to 1 if you have the `getnetgrent' function. */ ++#undef HAVE_GETNETGRENT ++ + /* Define to 1 if you have the `getopt' function. */ + #undef HAVE_GETOPT + +@@ -883,6 +889,9 @@ + /* Define to 1 if you have the `setmntent' function. */ + #undef HAVE_SETMNTENT + ++/* Define to 1 if you have the `setnetgrent' function. */ ++#undef HAVE_SETNETGRENT ++ + /* Define to 1 if you have the `setsid' function. */ + #undef HAVE_SETSID + +diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def +index 2a9abd5b51..6060ed51d1 100644 +--- a/man/snmpd.conf.5.def ++++ b/man/snmpd.conf.5.def +@@ -434,6 +434,14 @@ com2sec sec1 10.0.0.0/8 public + .IP + Access from outside of 10.0.0.0/8 would still be denied. + .IP ++It is also possible to reference a specific \fInetgroup\fR starting with an ++'@' character (e.g. @adminhosts). The \fInetgroup\fR lookup is running ++through the NSS (Name Services Switch) making it possible to define the ++group locally or via NIS/LDAP. ++.IP ++Note: The hostname DNS lookup and \fInetgroup\fR resolution is done only ++during snmpd start or reload. ++.IP + The same community string can be specified in several separate directives + (presumably with different source tokens), and the first source/community + combination that matches the incoming request will be selected. +diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c +index 5904a1b423..8f98398704 100644 +--- a/snmplib/transports/snmpUDPDomain.c ++++ b/snmplib/transports/snmpUDPDomain.c +@@ -445,6 +445,10 @@ netsnmp_udp_parse_security(const char *token, char *param) + network.s_addr = 0; + mask.s_addr = 0; + negate = 0; ++ /* Create a new com2Sec entry. */ ++ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, ++ &network, &mask, negate); ++ netsnmp_udp_com2SecEntry_check_return_code(rc); + } else { + char *strmask; + if (*source == '!') { +@@ -454,20 +458,44 @@ netsnmp_udp_parse_security(const char *token, char *param) + negate = 0; + sourcep = source; + } +- /* Parse source address and network mask. */ +- if(netsnmp_udp_resolve_source(sourcep, &network, &mask)) { +- config_perror("source address/network mask parsing issue"); +- return; ++#if HAVE_ENDNETGRENT && HAVE_GETNETGRENT && HAVE_SETNETGRENT ++ /* Interpret as netgroup */ ++ if (*sourcep == '@') { ++ char *netgroup = sourcep+1; ++ char *host, *user, *domain; ++ if(setnetgrent(netgroup)) { ++ while (getnetgrent(&host, &user, &domain)) { ++ /* Parse source address and network mask for each netgroup host. */ ++ if (netsnmp_udp_resolve_source(host, &network, &mask) == 0) { ++ /* Create a new com2Sec entry. */ ++ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, ++ &network, &mask, negate); ++ netsnmp_udp_com2SecEntry_check_return_code(rc); ++ } else { ++ config_perror("netgroup host address parsing issue"); ++ break; ++ } ++ } ++ endnetgrent(); ++ } else { ++ config_perror("netgroup could not be found"); ++ } ++ } ++ /* Without '@' it has to be an address or hostname */ ++ else ++#endif ++ { ++ /* Parse source address and network mask. */ ++ if(netsnmp_udp_resolve_source(sourcep, &network, &mask) == 0) { ++ /* Create a new com2Sec entry. */ ++ rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, ++ &network, &mask, negate); ++ netsnmp_udp_com2SecEntry_check_return_code(rc); ++ } else { ++ config_perror("source address/network mask parsing issue"); ++ } + } + } +- +- /* +- * Everything is okay. Copy the parameters to the structure allocated +- * above and add it to END of the list. +- */ +- rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, +- &network, &mask, negate); +- netsnmp_udp_com2SecEntry_check_return_code(rc); + } + + void diff --git a/net-snmp-5.9.4-fix-Makefile.PL.patch b/net-snmp-5.9.4-fix-Makefile.PL.patch new file mode 100644 index 0000000..c52ecad --- /dev/null +++ b/net-snmp-5.9.4-fix-Makefile.PL.patch @@ -0,0 +1,24 @@ +Index: net-snmp-5.9/perl/ASN/Makefile.PL +=================================================================== +--- net-snmp-5.9.orig/perl/ASN/Makefile.PL ++++ net-snmp-5.9/perl/ASN/Makefile.PL +@@ -9,6 +9,7 @@ use Config; + use MakefileSubs; + + my $lib_version; ++my %MakeParams = (); + + # See lib/ExtUtils/MakeMaker.pm for details of how to influence + # the contents of the Makefile that is written. +Index: net-snmp-5.9/perl/Makefile.PL +=================================================================== +--- net-snmp-5.9.orig/perl/Makefile.PL ++++ net-snmp-5.9/perl/Makefile.PL +@@ -4,6 +4,7 @@ use ExtUtils::MakeMaker; + use Config; + require 5; + use MakefileSubs; ++my %MakeParams = (); + + # Prevent that MakeMaker complains about unknown parameter names. + NetSNMPGetOpts(); diff --git a/net-snmp-5.9.4-fix-create-v3-user-outfile.patch b/net-snmp-5.9.4-fix-create-v3-user-outfile.patch new file mode 100644 index 0000000..57cd1de --- /dev/null +++ b/net-snmp-5.9.4-fix-create-v3-user-outfile.patch @@ -0,0 +1,12 @@ +diff -Nurp net-snmp-5.9.2-orig/net-snmp-create-v3-user.in net-snmp-5.9.2/net-snmp-create-v3-user.in +--- net-snmp-5.9.2-orig/net-snmp-create-v3-user.in 2022-07-04 16:55:43.067366177 +0200 ++++ net-snmp-5.9.2/net-snmp-create-v3-user.in 2022-07-04 16:57:54.927367685 +0200 +@@ -138,7 +138,7 @@ prefix=@prefix@ + datarootdir=@datarootdir@ + # To suppress shellcheck complaints about $prefix and $datarootdir. + : "$prefix" "$datarootdir" +-outfile="@datadir@/snmp/snmpd.conf" ++outfile="/etc/snmp/snmpd.conf" + line="$token $user" + echo "adding the following line to $outfile:" + echo " $line" diff --git a/net-snmp-5.9.4-fixed-python2-bindings.patch b/net-snmp-5.9.4-fixed-python2-bindings.patch new file mode 100644 index 0000000..05d53d2 --- /dev/null +++ b/net-snmp-5.9.4-fixed-python2-bindings.patch @@ -0,0 +1,20 @@ +diff -Nurp net-snmp-5.9.3-orig/python/netsnmp/client_intf.c net-snmp-5.9.3/python/netsnmp/client_intf.c +--- net-snmp-5.9.3-orig/python/netsnmp/client_intf.c 2022-07-13 23:14:14.000000000 +0200 ++++ net-snmp-5.9.3/python/netsnmp/client_intf.c 2022-09-23 16:21:44.040588303 +0200 +@@ -872,9 +872,16 @@ py_netsnmp_attr_string(PyObject *obj, co + if (obj && attr_name && PyObject_HasAttrString(obj, attr_name)) { + PyObject *attr = PyObject_GetAttrString(obj, attr_name); + if (attr) { ++#if PY_MAJOR_VERSION >= 3 + *val = PyUnicode_AsUTF8AndSize(attr, len); + Py_DECREF(attr); + return 0; ++#else ++ int retval; ++ retval = PyBytes_AsStringAndSize(attr, val, len); ++ Py_DECREF(attr); ++ return retval; ++#endif + } + } + diff --git a/net-snmp-5.9.4-harden_snmpd.service.patch b/net-snmp-5.9.4-harden_snmpd.service.patch new file mode 100644 index 0000000..cff3914 --- /dev/null +++ b/net-snmp-5.9.4-harden_snmpd.service.patch @@ -0,0 +1,19 @@ +diff -Nurp net-snmp-5.9.3-orig/dist/snmpd.service net-snmp-5.9.3/dist/snmpd.service +--- net-snmp-5.9.3-orig/dist/snmpd.service 2022-07-13 23:14:14.000000000 +0200 ++++ net-snmp-5.9.3/dist/snmpd.service 2023-01-09 12:11:47.508668095 +0100 +@@ -10,6 +10,15 @@ Description=Simple Network Management Pr + After=syslog.target network.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHostname=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + # Type=notify is also supported. It should be set when snmpd.socket is not used. + Type=simple + ExecStart=/usr/sbin/snmpd -f diff --git a/net-snmp-5.9.4-harden_snmptrapd.service.patch b/net-snmp-5.9.4-harden_snmptrapd.service.patch new file mode 100644 index 0000000..7634fe6 --- /dev/null +++ b/net-snmp-5.9.4-harden_snmptrapd.service.patch @@ -0,0 +1,19 @@ +diff -Nurp net-snmp-5.9.3-orig/dist/snmptrapd.service net-snmp-5.9.3/dist/snmptrapd.service +--- net-snmp-5.9.3-orig/dist/snmptrapd.service 2022-07-13 23:14:14.000000000 +0200 ++++ net-snmp-5.9.3/dist/snmptrapd.service 2023-01-09 12:13:40.120216602 +0100 +@@ -7,6 +7,15 @@ Description=Simple Network Management Pr + After=syslog.target network.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHostname=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + # Type=notify is also supported. It should be set when snmptrapd.socket is not + # used. + Type=simple diff --git a/net-snmp-5.9.4-modern-rpm-api.patch b/net-snmp-5.9.4-modern-rpm-api.patch new file mode 100644 index 0000000..1ee292f --- /dev/null +++ b/net-snmp-5.9.4-modern-rpm-api.patch @@ -0,0 +1,86 @@ +diff -Nurp net-snmp-5.8-orig/agent/mibgroup/host/data_access/swinst_rpm.c net-snmp-5.8/agent/mibgroup/host/data_access/swinst_rpm.c +--- net-snmp-5.8-orig/agent/mibgroup/host/data_access/swinst_rpm.c 2018-10-10 09:45:14.907075076 +0000 ++++ net-snmp-5.8/agent/mibgroup/host/data_access/swinst_rpm.c 2018-10-10 19:31:51.161967195 +0000 +@@ -101,8 +101,7 @@ netsnmp_swinst_arch_load( netsnmp_contai + const char *g; + rpmtd td_name, td_version, td_release, td_group, td_time; + #else +- char *n, *v, *r, *g; +- int32_t *t; ++ const char *n, *v, *r, *g; + #endif + time_t install_time; + size_t date_len; +@@ -146,14 +145,14 @@ netsnmp_swinst_arch_load( netsnmp_contai + install_time = rpmtdGetNumber(td_time); + g = rpmtdGetString(td_group); + #else +- headerGetEntry( h, RPMTAG_NAME, NULL, (void**)&n, NULL); +- headerGetEntry( h, RPMTAG_VERSION, NULL, (void**)&v, NULL); +- headerGetEntry( h, RPMTAG_RELEASE, NULL, (void**)&r, NULL); +- headerGetEntry( h, RPMTAG_GROUP, NULL, (void**)&g, NULL); +- headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL); ++ n = headerGetString( h, RPMTAG_NAME); ++ v = headerGetString( h, RPMTAG_VERSION); ++ r = headerGetString( h, RPMTAG_RELEASE); ++ g = headerGetString( h, RPMTAG_GROUP); ++ install_time = headerGetNumber( h, RPMTAG_INSTALLTIME); ++ + entry->swName_len = snprintf( entry->swName, sizeof(entry->swName), + "%s-%s-%s", n, v, r); +- install_time = *t; + #endif + entry->swType = (g && NULL != strstr( g, "System Environment")) + ? 2 /* operatingSystem */ +diff -Nurp net-snmp-5.8-orig/agent/mibgroup/host/hr_swinst.c net-snmp-5.8/agent/mibgroup/host/hr_swinst.c +--- net-snmp-5.8-orig/agent/mibgroup/host/hr_swinst.c 2018-10-10 09:45:14.907075076 +0000 ++++ net-snmp-5.8/agent/mibgroup/host/hr_swinst.c 2018-10-10 19:34:48.935596621 +0000 +@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp, + } + #else + # ifdef HAVE_LIBRPM +- char *rpm_groups; +- if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) { +- if ( strstr(rpm_groups, "System Environment") != NULL ) ++ const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP); ++ if ( NULL != rpm_group ) { ++ if ( strstr(rpm_group, "System Environment") != NULL ) + long_return = 2; /* operatingSystem */ + else + long_return = 4; /* applcation */ +@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp, + case HRSWINST_DATE: + { + #ifdef HAVE_LIBRPM +- int32_t *rpm_data; +- if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) { +- time_t installTime = *rpm_data; ++ time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME); ++ if ( 0 != installTime) { + ret = date_n_time(&installTime, var_len); + } else { + ret = date_n_time(NULL, var_len); +@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix) + if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) { + int offset; + Header h; +- char *n, *v, *r; ++ const char *n, *v, *r; + + offset = swi->swi_recs[ix - 1]; + +@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix) + swi->swi_h = h; + swi->swi_prevx = ix; + +- headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL); +- headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v, +- NULL); +- headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r, +- NULL); ++ n = headerGetString(swi->swi_h, RPMTAG_NAME); ++ v = headerGetString(swi->swi_h, RPMTAG_VERSION); ++ r = headerGetString(swi->swi_h, RPMTAG_RELEASE); + snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r); + swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0; + } diff --git a/net-snmp-5.9.4-net-snmp-config-headercheck.patch b/net-snmp-5.9.4-net-snmp-config-headercheck.patch new file mode 100644 index 0000000..50b08cb --- /dev/null +++ b/net-snmp-5.9.4-net-snmp-config-headercheck.patch @@ -0,0 +1,84 @@ +diff -Nurp net-snmp-5.8-orig/net-snmp-config.in net-snmp-5.8/net-snmp-config.in +--- net-snmp-5.8-orig/net-snmp-config.in 2018-10-10 09:45:14.947075442 +0000 ++++ net-snmp-5.8/net-snmp-config.in 2018-10-10 09:48:04.792631474 +0000 +@@ -41,6 +41,14 @@ count() + echo $# + } + ++check_devel_files() ++{ ++ if [ ! -e "${NSC_INCDIR}/net-snmp/net-snmp-config.h" ] ; then ++ echo "Can not find \"${NSC_INCDIR}/net-snmp/net-snmp-config.h\". The net-snmp development files seems to be missing. Exiting" >&2 ++ # exit 2 ++ fi ++} ++ + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +@@ -140,9 +148,11 @@ else + ;; + #################################################### compile + --base-cflags) ++ check_devel_files + echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR} + ;; + --cflags|--cf*) ++ check_devel_files + echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR} + ;; + --srcdir) +@@ -153,6 +163,7 @@ else + echo $NSC_LIBDIR + ;; + --ldflags|--ld*) ++ check_devel_files + echo $NSC_LDFLAGS + ;; + --build-lib-dirs) +@@ -190,29 +201,37 @@ else + #################################################### client lib + --libs) + # use this one == --netsnmp-libs + --external-libs ++ check_devel_files + echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS + ;; + --netsnmp-libs) ++ check_devel_files + echo $NSC_LIBDIR $NSC_BASE_SNMP_LIBS + ;; + --external-libs) ++ check_devel_files + echo $NSC_LDFLAGS $NSC_LNETSNMPLIBS $NSC_LIBS @PERLLDOPTS_FOR_APPS@ + ;; + #################################################### agent lib + --base-agent-libs) ++ check_devel_files + echo $NSC_BASE_AGENT_LIBS + ;; + --base-subagent-libs) ++ check_devel_files + echo $NSC_BASE_SUBAGENT_LIBS + ;; + --agent-libs) + # use this one == --netsnmp-agent-libs + --external-libs ++ check_devel_files + echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS + ;; + --netsnmp-agent-libs) ++ check_devel_files + echo $NSC_LIBDIR $NSC_BASE_AGENT_LIBS + ;; + --external-agent-libs) ++ check_devel_files + echo $NSC_LDFLAGS $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS + ;; + #################################################### +@@ -238,6 +257,7 @@ else + + #################################################### + --compile-subagent) ++ check_devel_files + shift + shifted=1 + while test "x$done" = "x" -a "x$1" != "x" ; do diff --git a/net-snmp-5.9.4-perl-tk-warning.patch b/net-snmp-5.9.4-perl-tk-warning.patch new file mode 100644 index 0000000..e999bf6 --- /dev/null +++ b/net-snmp-5.9.4-perl-tk-warning.patch @@ -0,0 +1,17 @@ +Index: net-snmp-5.7.2/local/tkmib +=================================================================== +--- net-snmp-5.7.2.orig/local/tkmib ++++ net-snmp-5.7.2/local/tkmib +@@ -27,10 +27,9 @@ instructions. + + if (!$havetk) { + print " +-ERROR: You don't have the Tk module installed. You should be able to +-install this by running (as root): ++ERROR: You don't have the Tk module installed. + +- perl -MCPAN -e 'install Tk' ++ Please install the perl-Tk package. + "; + } + diff --git a/net-snmp-5.9.4-pie.patch b/net-snmp-5.9.4-pie.patch new file mode 100644 index 0000000..40660c5 --- /dev/null +++ b/net-snmp-5.9.4-pie.patch @@ -0,0 +1,24 @@ +diff -Nurp net-snmp-5.9.2-orig/agent/Makefile.in net-snmp-5.9.2/agent/Makefile.in +--- net-snmp-5.9.2-orig/agent/Makefile.in 2022-07-01 01:49:40.000000000 +0200 ++++ net-snmp-5.9.2/agent/Makefile.in 2022-07-04 16:48:54.951361517 +0200 +@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c + $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? + + snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) +- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} ++ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} + + libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS) + $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ +diff -Nurp net-snmp-5.9.2-orig/apps/Makefile.in net-snmp-5.9.2/apps/Makefile.in +--- net-snmp-5.9.2-orig/apps/Makefile.in 2022-07-01 01:49:40.000000000 +0200 ++++ net-snmp-5.9.2/apps/Makefile.in 2022-07-04 16:48:54.951361517 +0200 +@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX + $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS} + + snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS) +- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS} ++ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS} + + snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS) + $(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS} diff --git a/net-snmp-5.9.4-snmpstatus-suppress-output.patch b/net-snmp-5.9.4-snmpstatus-suppress-output.patch new file mode 100644 index 0000000..7de2165 --- /dev/null +++ b/net-snmp-5.9.4-snmpstatus-suppress-output.patch @@ -0,0 +1,140 @@ +diff -Nurp net-snmp-5.8-orig/apps/snmpstatus.c net-snmp-5.8/apps/snmpstatus.c +--- net-snmp-5.8-orig/apps/snmpstatus.c 2018-10-10 09:45:14.955075516 +0000 ++++ net-snmp-5.8/apps/snmpstatus.c 2018-10-10 10:15:16.131576910 +0000 +@@ -96,6 +96,15 @@ size_t length_ipOutRequests = + + #define NETSNMP_DS_APP_DONT_FIX_PDUS 0 + ++/* Flags to control which additional information to request and print */ ++#define NETSNMP_STATUS_REQ_NETSTAT 0x0001 ++#define NETSNMP_STATUS_REQ_NETOPER 0x0002 ++#define NETSNMP_STATUS_REQ_ALL 0xffff ++ ++/* By default request and print everything and let the user decide what ++ to suppress */ ++static unsigned int rq_status = NETSNMP_STATUS_REQ_ALL; ++ + static void + optProc(int argc, char *const *argv, int opt) + { +@@ -114,6 +123,22 @@ optProc(int argc, char *const *argv, int + } + } + break; ++ case 'S': /* 'S' == 'Suppress' */ ++ while (*optarg) { ++ switch (*optarg++) { ++ case 'n': ++ rq_status &= ~NETSNMP_STATUS_REQ_NETSTAT; ++ break; ++ case 'i': ++ rq_status &= ~NETSNMP_STATUS_REQ_NETOPER; ++ break; ++ default: ++ fprintf(stderr, "Unknown flag passed to -S: %c\n", ++ optarg[-1]); ++ exit(1); ++ } ++ } ++ break; + } + } + +@@ -128,6 +153,12 @@ usage(void) + " -C APPOPTS\t\tSet various application specific behaviours:\n"); + fprintf(stderr, + "\t\t\t f: do not fix errors and retry the request\n"); ++ fprintf(stderr, ++ " -S REQOPTS\t\tDo not request and print information about:\n"); ++ fprintf(stderr, ++ "\t\t\t n: network (packets sent/received, operational status)\n"); ++ fprintf(stderr, ++ "\t\t\t i: interface operational status\n"); + } + + +@@ -154,7 +185,7 @@ main(int argc, char *argv[]) + /* + * get the common command line arguments + */ +- switch (snmp_parse_args(argc, argv, &session, "C:", &optProc)) { ++ switch (snmp_parse_args(argc, argv, &session, "C:S:", &optProc)) { + case NETSNMP_PARSE_ARGS_ERROR: + goto out; + case NETSNMP_PARSE_ARGS_SUCCESS_EXIT: +@@ -185,8 +216,10 @@ main(int argc, char *argv[]) + pdu = snmp_pdu_create(SNMP_MSG_GET); + snmp_add_null_var(pdu, objid_sysDescr, length_sysDescr); + snmp_add_null_var(pdu, objid_sysUpTime, length_sysUpTime); +- snmp_add_null_var(pdu, objid_ipInReceives, length_ipInReceives); +- snmp_add_null_var(pdu, objid_ipOutRequests, length_ipOutRequests); ++ if (rq_status & NETSNMP_STATUS_REQ_NETSTAT) { ++ snmp_add_null_var(pdu, objid_ipInReceives, length_ipInReceives); ++ snmp_add_null_var(pdu, objid_ipOutRequests, length_ipOutRequests); ++ } + + /* + * do the request +@@ -279,6 +312,10 @@ main(int argc, char *argv[]) + if (response) + snmp_free_pdu(response); + ++ /* Suppress request to retrieve network statistics */ ++ if (!(rq_status & NETSNMP_STATUS_REQ_NETSTAT)) ++ goto done; ++ + /* + * create PDU for GET request and add object names to request + */ +@@ -386,11 +423,11 @@ main(int argc, char *argv[]) + } + printf("Interfaces: %d, Recv/Trans packets: %d/%d | IP: %d/%d\n", + interfaces, ipackets, opackets, ipin, ipout); +- if (down_interfaces > 0) { ++ if ((rq_status & NETSNMP_STATUS_REQ_NETOPER) && (down_interfaces > 0)) { + printf("%d interface%s down!\n", + down_interfaces, down_interfaces > 1 ? "s are" : " is"); + } +- ++ done: + snmp_close(ss); + + out: +diff -Nurp net-snmp-5.8-orig/man/snmpstatus.1.def net-snmp-5.8/man/snmpstatus.1.def +--- net-snmp-5.8-orig/man/snmpstatus.1.def 2018-10-10 09:45:14.951075479 +0000 ++++ net-snmp-5.8/man/snmpstatus.1.def 2018-10-10 10:15:16.131576910 +0000 +@@ -32,7 +32,7 @@ + snmpstatus - retrieves a fixed set of management information from a network entity + .SH SYNOPSIS + .B snmpstatus +-[COMMON OPTIONS] [\-Cf] AGENT ++[COMMON OPTIONS] [\-Cf] [\-Sni] AGENT + .SH DESCRIPTION + .B snmpstatus + is an SNMP application that retrieves several important statistics +@@ -94,6 +94,11 @@ variable (unless the + option is given, see below), but this variable will then be missing + from the displayed data. + .PP ++It is also possible to suppress parts of the default output by ++using the option ++.B \-S ++(see below). ++.PP + .SH OPTIONS + .TP + .B COMMON OPTIONS +@@ -108,5 +113,13 @@ by the agent and retry a request. In thi + the command will display the data that it can. If the \-Cf option + is specified, then snmpstatus will not try to fix + errors, and the error will cause the command to terminate. ++.TP ++.B \-Sn ++Do not retrieve and print network statistics such as packets ++sent and received and the number of network interfaces that ++are down. ++.TP ++.B \-Si ++Do not print the number of network interfaces that are down. + .SH "SEE ALSO" + snmpcmd(1), snmpget(1) diff --git a/net-snmp-5.9.4-socket-path.patch b/net-snmp-5.9.4-socket-path.patch new file mode 100644 index 0000000..0e8dc77 --- /dev/null +++ b/net-snmp-5.9.4-socket-path.patch @@ -0,0 +1,13 @@ +Index: net-snmp-5.7.2/agent/mibgroup/agentx/protocol.h +=================================================================== +--- net-snmp-5.7.2.orig/agent/mibgroup/agentx/protocol.h ++++ net-snmp-5.7.2/agent/mibgroup/agentx/protocol.h +@@ -13,7 +13,7 @@ extern "C" { + + #define AGENTX_PORT 705 + #ifndef NETSNMP_AGENTX_SOCKET +-#define NETSNMP_AGENTX_SOCKET "/var/agentx/master" ++#define NETSNMP_AGENTX_SOCKET "/run/agentx/master" + #endif + + /* diff --git a/net-snmp-5.9.4-subagent-set-response.patch b/net-snmp-5.9.4-subagent-set-response.patch new file mode 100644 index 0000000..7fbbae2 --- /dev/null +++ b/net-snmp-5.9.4-subagent-set-response.patch @@ -0,0 +1,187 @@ +diff -Nurp net-snmp-5.9.1-orig/agent/mibgroup/agentx/subagent.c net-snmp-5.9.1/agent/mibgroup/agentx/subagent.c +--- net-snmp-5.9.1-orig/agent/mibgroup/agentx/subagent.c 2021-05-26 00:19:35.000000000 +0200 ++++ net-snmp-5.9.1/agent/mibgroup/agentx/subagent.c 2022-03-09 16:44:30.609053225 +0100 +@@ -80,6 +80,7 @@ typedef struct _net_snmpsubagent_magic_s + struct agent_netsnmp_set_info { + int transID; + int mode; ++ int req_pending; + int errstat; + time_t uptime; + netsnmp_session *sess; +@@ -190,6 +191,7 @@ save_set_vars(netsnmp_session * ss, nets + ptr->sess = ss; + ptr->mode = SNMP_MSG_INTERNAL_SET_RESERVE1; + ptr->uptime = netsnmp_get_agent_uptime(); ++ ptr->req_pending = 0; + + ptr->var_list = snmp_clone_varbind(pdu->variables); + if (ptr->var_list == NULL) { +@@ -204,6 +206,18 @@ save_set_vars(netsnmp_session * ss, nets + } + + struct agent_netsnmp_set_info * ++pending_trans_set_info(netsnmp_session * sess, netsnmp_pdu *pdu) ++{ ++ struct agent_netsnmp_set_info *ptr; ++ ++ for (ptr = Sets; ptr != NULL; ptr = ptr->next) ++ if (ptr->sess == sess && ptr->transID == pdu->transid) ++ break; ++ ++ return ptr; ++} ++ ++struct agent_netsnmp_set_info * + restore_set_vars(netsnmp_session * sess, netsnmp_pdu *pdu) + { + struct agent_netsnmp_set_info *ptr; +@@ -413,6 +427,14 @@ handle_agentx_packet(int operation, nets + * XXXWWW we have to map this twice to both RESERVE1 and RESERVE2 + */ + DEBUGMSGTL(("agentx/subagent", " -> testset\n")); ++ asi = pending_trans_set_info(session, pdu); ++ if (asi) { ++ DEBUGMSGTL(("agentx/subagent", ++ "dropping testset retry for transid 0x%x in mode %d\n", ++ (unsigned)pdu->transid, asi->mode)); ++ //SNMP_FREE(retmagic); XXX necessary? ++ return 1; ++ } + asi = save_set_vars(session, pdu); + if (asi == NULL) { + SNMP_FREE(smagic); +@@ -434,6 +456,13 @@ handle_agentx_packet(int operation, nets + send_agentx_error(session, pdu, AGENTX_ERR_PROCESSING_ERROR, 0); + return 1; + } ++ if (asi->req_pending) { ++ DEBUGMSGTL(("agentx/subagent", ++ "dropping commitset - request pending for transid 0x%x in mode %d\n", ++ (unsigned)pdu->transid, asi->mode)); ++ //SNMP_FREE(retmagic); XXX necessary? ++ return 1; ++ } + if (asi->mode != SNMP_MSG_INTERNAL_SET_RESERVE2) { + SNMP_FREE(smagic); + snmp_log(LOG_WARNING, +@@ -456,6 +485,13 @@ handle_agentx_packet(int operation, nets + send_agentx_error(session, pdu, AGENTX_ERR_PROCESSING_ERROR, 0); + return 1; + } ++ if (asi->req_pending) { ++ DEBUGMSGTL(("agentx/subagent", ++ "dropping cleanupset - request pending for transid 0x%x in mode %d\n", ++ (unsigned)pdu->transid, asi->mode)); ++ //SNMP_FREE(retmagic); XXX necessary? ++ return 1; ++ } + if (asi->mode == SNMP_MSG_INTERNAL_SET_RESERVE1 || + asi->mode == SNMP_MSG_INTERNAL_SET_RESERVE2) { + asi->mode = pdu->command = SNMP_MSG_INTERNAL_SET_FREE; +@@ -481,6 +517,13 @@ handle_agentx_packet(int operation, nets + send_agentx_error(session, pdu, AGENTX_ERR_PROCESSING_ERROR, 0); + return 1; + } ++ if (asi->req_pending) { ++ DEBUGMSGTL(("agentx/subagent", ++ "dropping undoset - request pending for transid 0x%x in mode %d\n", ++ (unsigned)pdu->transid, asi->mode)); ++ //SNMP_FREE(retmagic); XXX necessary? ++ return 1; ++ } + asi->mode = pdu->command = SNMP_MSG_INTERNAL_SET_UNDO; + mycallback = handle_subagent_set_response; + retmagic = asi; +@@ -516,6 +559,8 @@ handle_agentx_packet(int operation, nets + retmagic); + if (result == 0) { + snmp_free_pdu( internal_pdu ); ++ } else if (asi) { ++ asi->req_pending = 1; + } + return 1; + } +@@ -637,6 +682,7 @@ handle_subagent_set_response(int op, net + { + netsnmp_session *retsess; + struct agent_netsnmp_set_info *asi; ++ int new_mode; + int result; + + if (op != NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE || magic == NULL) { +@@ -645,15 +691,63 @@ handle_subagent_set_response(int op, net + + DEBUGMSGTL(("agentx/subagent", + "handling agentx subagent set response (mode=%d,req=0x%x," +- "trans=0x%x,sess=0x%x)\n", ++ "trans=0x%x,sess=0x%x,magic=%p)\n", + (unsigned)pdu->command, (unsigned)pdu->reqid, +- (unsigned)pdu->transid, (unsigned)pdu->sessid)); ++ (unsigned)pdu->transid, (unsigned)pdu->sessid, ++ magic)); ++ + pdu = snmp_clone_pdu(pdu); + if (!pdu) + return 1; + + asi = (struct agent_netsnmp_set_info *) magic; ++ ++ DEBUGMSGTL(("agentx/subagent", ++ "set response in mode %d (errstat %d, req_pending %d)\n", ++ asi->mode, pdu->errstat, asi->req_pending)); ++ ++ asi->req_pending = 0; + retsess = asi->sess; ++ ++ if (!snmp_sess_pointer(retsess) || retsess->sessid != pdu->sessid) { ++ DEBUGMSGTL(("agentx/subagent", ++ "session id 0x%x gone for set response (transid 0x%x, reqid 0x%x)\n", ++ (unsigned)pdu->sessid, (unsigned)pdu->transid, (unsigned)pdu->reqid)); ++ ++ result = 0; ++ ++ if (!pdu->errstat) { ++ switch (asi->mode) { ++ case SNMP_MSG_INTERNAL_SET_RESERVE1: ++ case SNMP_MSG_INTERNAL_SET_RESERVE2: ++ new_mode = SNMP_MSG_INTERNAL_SET_FREE; ++ break; ++ ++ case SNMP_MSG_INTERNAL_SET_ACTION: ++ new_mode = SNMP_MSG_INTERNAL_SET_UNDO; ++ break; ++ ++ default: ++ new_mode = 0; ++ } ++ ++ if (new_mode) { ++ asi->mode = pdu->command = new_mode; ++ result = snmp_async_send(agentx_callback_sess, pdu, ++ handle_subagent_set_response, asi); ++ } ++ } ++ ++ if (result == 0) { ++ /* don't need to (or cannot) FREE/UNDO */ ++ free_set_vars(retsess, pdu); ++ snmp_free_pdu(pdu); ++ } else { ++ asi->req_pending = 1; ++ } ++ return 1; ++ } ++ + asi->errstat = pdu->errstat; + + if (asi->mode == SNMP_MSG_INTERNAL_SET_RESERVE1) { +@@ -669,6 +763,8 @@ handle_subagent_set_response(int op, net + handle_subagent_set_response, asi); + if (result == 0) { + snmp_free_pdu( pdu ); ++ } else { ++ asi->req_pending = 1; + } + DEBUGMSGTL(("agentx/subagent", + " going from RESERVE1 -> RESERVE2\n")); diff --git a/net-snmp-5.9.4-suse-systemd-service-files.patch b/net-snmp-5.9.4-suse-systemd-service-files.patch new file mode 100644 index 0000000..e820848 --- /dev/null +++ b/net-snmp-5.9.4-suse-systemd-service-files.patch @@ -0,0 +1,34 @@ +diff -Nrup net-snmp-5.9.1-orig/dist/snmpd.service net-snmp-5.9.1/dist/snmpd.service +--- net-snmp-5.9.1-orig/dist/snmpd.service 2021-10-21 15:22:42.168690298 +0000 ++++ net-snmp-5.9.1/dist/snmpd.service 2021-10-21 15:23:10.579979496 +0000 +@@ -21,8 +21,11 @@ ProtectControlGroups=true + RestrictRealtime=true + # end of automatic additions + # Type=notify is also supported. It should be set when snmpd.socket is not used. +-Type=simple +-ExecStart=/usr/sbin/snmpd -f ++Type=notify ++Environment=OPTIONS="-LS0-6d" ++EnvironmentFile=-/etc/sysconfig/snmpd ++ExecStart=/usr/sbin/snmpd $OPTIONS -f ++ExecReload=/bin/kill -HUP $MAINPID + + [Install] + WantedBy=multi-user.target +diff -Nrup net-snmp-5.9.1-orig/dist/snmptrapd.service net-snmp-5.9.1/dist/snmptrapd.service +--- net-snmp-5.9.1-orig/dist/snmptrapd.service 2021-10-21 15:22:42.184689898 +0000 ++++ net-snmp-5.9.1/dist/snmptrapd.service 2021-10-21 15:24:50.933468801 +0000 +@@ -19,8 +19,11 @@ RestrictRealtime=true + # end of automatic additions + # Type=notify is also supported. It should be set when snmptrapd.socket is not + # used. +-Type=simple +-ExecStart=/usr/sbin/snmptrapd -f ++Type=notify ++Environment=OPTIONS="-Lsd" ++EnvironmentFile=-/etc/sysconfig/snmptrapd ++ExecStart=/usr/sbin/snmptrapd $OPTIONS -f ++ExecReload=/bin/kill -HUP $MAINPID + + [Install] + WantedBy=multi-user.target diff --git a/net-snmp-5.9.4-systemd-no-utmp.patch b/net-snmp-5.9.4-systemd-no-utmp.patch new file mode 100644 index 0000000..e02828b --- /dev/null +++ b/net-snmp-5.9.4-systemd-no-utmp.patch @@ -0,0 +1,49 @@ +diff -uwr net-snmp-5.9.3.old/agent/Makefile.in net-snmp-5.9.3/agent/Makefile.in +--- net-snmp-5.9.3.old/agent/Makefile.in 2022-07-13 23:14:14.000000000 +0200 ++++ net-snmp-5.9.3/agent/Makefile.in 2023-06-16 11:31:16.049538400 +0200 +@@ -116,7 +116,7 @@ + MIBLIB = libnetsnmpmibs.$(LIB_EXTENSION)$(LIB_VERSION) + + LAGENTLIBS = @LAGENTLIBS@ +-LMIBLIBS = @LMIBLIBS@ ++LMIBLIBS = @LMIBLIBS@ -lsystemd + VAL_LIBS = @VAL_LIBS@ + PERLLDOPTS_FOR_APPS = @PERLLDOPTS_FOR_APPS@ + PERLLDOPTS_FOR_LIBS = @PERLLDOPTS_FOR_LIBS@ +diff -uwr net-snmp-5.9.3.old/agent/mibgroup/host/hr_system.c net-snmp-5.9.3/agent/mibgroup/host/hr_system.c +--- net-snmp-5.9.3.old/agent/mibgroup/host/hr_system.c 2022-07-13 23:14:14.000000000 +0200 ++++ net-snmp-5.9.3/agent/mibgroup/host/hr_system.c 2023-06-16 10:38:58.916026706 +0200 +@@ -79,6 +79,11 @@ + #include + #endif + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#include ++#endif ++ + netsnmp_feature_require(date_n_time); + + #if !defined(UTMP_FILE) && defined(_PATH_UTMP) +@@ -686,6 +691,11 @@ + struct utmp *utmp_p; + #endif + ++#ifndef NETSNMP_NO_SYSTEMD ++ if (sd_booted () > 0) ++ total = sd_get_sessions (NULL); ++ else { ++#endif + setutent(); + while ((utmp_p = getutent()) != NULL) { + #ifndef UTMP_HAS_NO_TYPE +@@ -704,6 +714,9 @@ + ++total; + } + endutent(); ++#ifndef NETSNMP_NO_SYSTEMD ++ } ++#endif + #else /* WIN32 */ + /* + * TODO - Error checking. diff --git a/net-snmp-5.9.4-testing-empty-arptable.patch b/net-snmp-5.9.4-testing-empty-arptable.patch new file mode 100644 index 0000000..dcbfd93 --- /dev/null +++ b/net-snmp-5.9.4-testing-empty-arptable.patch @@ -0,0 +1,99 @@ +Index: net-snmp-5.7.2/testing/rfc1213/snmpfun.sh +=================================================================== +--- net-snmp-5.7.2.orig/testing/rfc1213/snmpfun.sh ++++ net-snmp-5.7.2/testing/rfc1213/snmpfun.sh +@@ -1,4 +1,3 @@ +- + # functions used by RFC-1213 MIB test modules + + myport=$SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT +@@ -11,6 +10,23 @@ else + TEST_AUTHPRIV_PARMS="-l authNoPriv -a MD5 -A testpass" + fi + ++check_skip_arp_tests () ++{ ++ # ++ # skip all tests relying on a filed arp table. e.g. on s390 boxes this ++ # does not have to be the case ++ # ++ TABLE_ENTRIES="at.atTable ip.ipNetToMediaTable" ++ ARP_COUNT=`/sbin/arp | grep -v incomplete | wc -l` ++ for entry in $TABLE_ENTRIES ; do ++ if [ "x$1" == "x$entry" -a $ARP_COUNT == 0 ] ; then ++ echo "skipping $1, because the arp table is empty." >&2 ++ return 0 ++ fi ++ done ++ return 1 ++} ++ + config() + { + rm -f $SNMP_CONFIG_FILE +@@ -54,25 +70,35 @@ get_snmpv3_variable() + get_snmp_table() + { + test_start "Access table $2 by SNMPv$1..." +- CAPTURE "snmpgetnext -Of -v $1 -c test $myport $2" +- CHECKFILE '' "\.$2\." +- if [ "$snmp_last_test_result" = 0 ] ; then +- test_finish FAIL ++ check_skip_arp_tests ++ if check_skip_arp_tests "$2" ; then ++ test_finish SKIPPED + else +- test_finish PASS ++ CAPTURE "snmpgetnext -Of -v $1 -c test $myport $2" ++ CHECKFILE '' "\.$2\." ++ if [ "$snmp_last_test_result" = 0 ] ; then ++ test_finish FAIL ++ else ++ test_finish PASS ++ fi + fi + + } + + get_snmpv3_table() + { +- test_start "Access table $2 by SNMPv3..." +- CAPTURE "snmpgetnext -Of -v 3 -u testrwuser $TEST_AUTHPRIV_PARMS $myport $2" +- CHECKFILE '' "\.$2\." +- if [ "$snmp_last_test_result" = 0 ] ; then +- test_finish FAIL ++ test_start "Access table $2 by SNMPv3..." ++ if check_skip_arp_tests "$2" ; then ++ test_finish SKIPPED + else +- test_finish PASS ++ CAPTURE "snmpgetnext -Of -v 3 -u testrwuser $TEST_AUTHPRIV_PARMS $myport $2" ++ CHECKFILE '' "\.$2\." ++ if [ "$snmp_last_test_result" = 0 ] ; then ++ test_finish FAIL ++ else ++ test_finish PASS ++ fi + fi + + } ++ +Index: net-snmp-5.7.2/testing/rfc1213/test_fun +=================================================================== +--- net-snmp-5.7.2.orig/testing/rfc1213/test_fun ++++ net-snmp-5.7.2/testing/rfc1213/test_fun +@@ -51,6 +51,9 @@ test_finish() + if [ x$1 == x"PASS" ];then + pass_num=`expr $pass_num + 1` + pass_info "PASS\n" ++ elif [ x$1 == x"SKIPPED" ];then ++ pass_num=`expr $pass_num + 1` ++ pass_info "SKIPPED\n" + else + fail_num=`expr $fail_num + 1` + fail_info "FAIL\n" +@@ -66,3 +69,4 @@ summary() + fi + } + ++ diff --git a/net-snmp-5.9.4.tar.gz b/net-snmp-5.9.4.tar.gz new file mode 100644 index 0000000..b20f631 --- /dev/null +++ b/net-snmp-5.9.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8b4de01391e74e3c7014beb43961a2d6d6fa03acc34280b9585f4930745b0544 +size 6681606 diff --git a/net-snmp-5.9.4.tar.gz.asc b/net-snmp-5.9.4.tar.gz.asc new file mode 100644 index 0000000..4cf933e --- /dev/null +++ b/net-snmp-5.9.4.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- + +iHUEABYKAB0WIQRuZxiu8etcZcMtGyo1a8C1UtU8qwUCZNvg2QAKCRA1a8C1UtU8 +qw8qAQDETiafcfGE3SBySaKHBbF29I0JoCgyQkMZcohhulta0gEA3VXykAg9M0S9 +q/bjRz8lPTdz9tpYmiza9eXcYmQZcAA= +=PJkj +-----END PGP SIGNATURE----- diff --git a/net-snmp-rpmlintrc b/net-snmp-rpmlintrc new file mode 100644 index 0000000..c872b88 --- /dev/null +++ b/net-snmp-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("net-snmp-devel.* files-duplicate.*man.*") +addFilter("net-snmp.*incoherent-init-script-name") +addFilter("perl-SNMP.* zero-length.*\.bs") diff --git a/net-snmp-tmpfs.conf b/net-snmp-tmpfs.conf new file mode 100644 index 0000000..660a95e --- /dev/null +++ b/net-snmp-tmpfs.conf @@ -0,0 +1,2 @@ +d /run/net-snmp 0755 root root +L /var/agentx - - - - /run/agentx diff --git a/net-snmp.changes b/net-snmp.changes new file mode 100644 index 0000000..02eea55 --- /dev/null +++ b/net-snmp.changes @@ -0,0 +1,1574 @@ +------------------------------------------------------------------- +Fri Nov 15 07:20:59 UTC 2024 - Alexander Bergmann + +- logrotate should use reload instead of restart (bsc#1232030) + +------------------------------------------------------------------- +Fri Oct 20 09:01:42 UTC 2023 - Thorsten Kukuk + +- net-snmp-5.9.4-systemd-no-utmp.patch: prefer systemd-logind over + utmp to count number of logged in users, utmp is not reliable for + this and has a Y2038 problem (jsc#PED-3144) + +------------------------------------------------------------------- +Tue Oct 17 13:56:01 UTC 2023 - Alexander Bergmann + +- Update to net-snmp-5.9.4 (bsc#1214364). + add (rename): + * net-snmp-5.9.4-add-lustre-fs-support.patch + * net-snmp-5.9.4-fix-create-v3-user-outfile.patch + * net-snmp-5.9.4-fixed-python2-bindings.patch + * net-snmp-5.9.4-fix-Makefile.PL.patch + * net-snmp-5.9.4-modern-rpm-api.patch + * net-snmp-5.9.4-net-snmp-config-headercheck.patch + * net-snmp-5.9.4-perl-tk-warning.patch + * net-snmp-5.9.4-pie.patch + * net-snmp-5.9.4-snmpstatus-suppress-output.patch + * net-snmp-5.9.4-socket-path.patch + * net-snmp-5.9.4-subagent-set-response.patch + * net-snmp-5.9.4-suse-systemd-service-files.patch + * net-snmp-5.9.4-testing-empty-arptable.patch + delete (now part of v5.9.4): + * net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch + * net-snmp-5.9.3-grep.patch + delete (rename): + * net-snmp-5.9.1-add-lustre-fs-support.patch + * net-snmp-5.9.2-fix-create-v3-user-outfile.patch + * net-snmp-5.9.3-fixed-python2-bindings.patch + * net-snmp-5.9.1-fix-Makefile.PL.patch + * net-snmp-5.9.1-modern-rpm-api.patch + * net-snmp-5.9.1-net-snmp-config-headercheck.patch + * net-snmp-5.9.1-perl-tk-warning.patch + * net-snmp-5.9.2-pie.patch + * net-snmp-5.9.1-snmpstatus-suppress-output.patch + * net-snmp-5.9.1-socket-path.patch + * net-snmp-5.9.1-subagent-set-response.patch + * net-snmp-5.9.1-suse-systemd-service-files.patch + * net-snmp-5.9.1-testing-empty-arptable.patch +- Removing legacy MIBs used by Velocity Software (jira#PED-6416). + delete: + * net-snmp-5.9.1-velocity-mib.patch +- Re-add support for hostname netgroups that was removed accidentally and + previously added with FATE#316305 (bsc#1207697). + '@hostgroup' can be specified for multiple hosts + add: + * net-snmp-5.9.4-add-netgroups-functionality.patch +- Hardening systemd services setting "ProtectHome=true" caused home directory + size and allocation to be listed incorrectly (bsc#1206044). + add (rename): + * net-snmp-5.9.4-harden_snmpd.service.patch + * net-snmp-5.9.4-harden_snmptrapd.service.patch + delete (rename): + * net-snmp-5.9.1-harden_snmpd.service.patch + * net-snmp-5.9.1-harden_snmptrapd.service.patch + +------------------------------------------------------------------- +Thu Jan 5 11:49:22 UTC 2023 - Alexander Bergmann + +- Fixed NULL pointer exception issue when handling ipDefaultTTL or + pv6IpForwarding (bsc#1205148, CVE-2022-44793, bsc#1205150, CVE-2022-44792). + add: + * net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch +- Enable AES-192 and AES-256 privacy protocol (bsc#1206828). +- Use new MFD rewrites of mib modules, where available. +- Disable legacy DES encryption and MD5 authentication protocols. + +------------------------------------------------------------------- +Mon Oct 3 11:45:51 UTC 2022 - Andreas Stieger + +- change egrep/fgrep to grep -E/-F to avoid warnings boo#1203096 + add net-snmp-5.9.3-grep.patch + +------------------------------------------------------------------- +Tue Sep 27 14:56:27 UTC 2022 - Alexander Bergmann + +- Fixed python2 backward compability. + add: + * net-snmp-5.9.3-fixed-python2-bindings.patch + +------------------------------------------------------------------- +Wed Sep 21 14:44:13 UTC 2022 - Alexander Bergmann + +- update to 5.9.3: + - Fixed library versioning bug found in 5.9.2. + - Library version change to libsnmp40. + +------------------------------------------------------------------- +Thu Sep 1 07:27:27 UTC 2022 - Stefan Schubert + +- Migration to /usr/etc: Saving user changed configuration files + in /etc and restoring them while an RPM update. + +------------------------------------------------------------------- +Tue Jul 12 14:18:13 UTC 2022 - Dominique Leuenberger + +- Rename libsnmp40 subpackage to libsnmp39: the libraries are all + having soversion 39. + +------------------------------------------------------------------- +Mon Jul 4 15:06:59 UTC 2022 - Alexander Bergmann + +- update to 5.9.2 (bsc#1201103): + - security: + - These two CVEs can be exploited by a user with read-only credentials: + - CVE-2022-24805 A buffer overflow in the handling of the INDEX of + NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. + - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable + can cause a NULL pointer dereference. + - These CVEs can be exploited by a user with read-write credentials: + - CVE-2022-24806 Improper Input Validation when SETing malformed + OIDs in master agent and subagent simultaneously + - CVE-2022-24807 A malformed OID in a SET request to + SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an + out-of-bounds memory access. + - CVE-2022-24808 A malformed OID in a SET request to + NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference + - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable + can cause a NULL pointer dereference. +- Refactor two patches to work with version number 5.9.2: + delete: + * net-snmp-5.9.1-pie.patch + * net-snmp-5.9.1-fix-create-v3-user-outfile.patch + add: + * net-snmp-5.9.2-pie.patch + * net-snmp-5.9.2-fix-create-v3-user-outfile.patch + +------------------------------------------------------------------- +Wed Jun 29 11:21:07 UTC 2022 - Stefan Schubert + +- Moved logrotate files from user specific directory /etc/logrotate.d + to vendor specific directory /usr/etc/logrotate.d. + +------------------------------------------------------------------- +Wed Mar 30 15:32:41 UTC 2022 - Alexander Bergmann + +- Decouple snmp-mibs from net-snmp version to allow major version + upgrade (bsc#1196955). +- Fix LFH violation during v3 user creation (bsc#1181591). + Add net-snmp-5.9.1-fix-create-v3-user-outfile.patch +- Fix subagent crash at save_set_var() (bsc#1178021). + Add net-snmp-5.9.1-subagent-set-response.patch +- Fix missing sysconfig files creation (bsc#1108471). +- Rename patches to version number 5.9.1: + delete: + * net-snmp-5.8-socket-path.patch + * net-snmp-5.8-testing-empty-arptable.patch + * net-snmp-5.8-pie.patch + * net-snmp-5.8-net-snmp-config-headercheck.patch + * net-snmp-5.8-perl-tk-warning.patch + * net-snmp-5.8-velocity-mib.patch + * net-snmp-5.8-snmpstatus-suppress-output.patch + * net-snmp-5.8-fix-Makefile.PL.patch + * net-snmp-5.8-modern-rpm-api.patch + add: + * net-snmp-5.9.1-socket-path.patch + * net-snmp-5.9.1-testing-empty-arptable.patch + * net-snmp-5.9.1-pie.patch + * net-snmp-5.9.1-net-snmp-config-headercheck.patch + * net-snmp-5.9.1-perl-tk-warning.patch + * net-snmp-5.9.1-velocity-mib.patch + * net-snmp-5.9.1-snmpstatus-suppress-output.patch + * net-snmp-5.9.1-fix-Makefile.PL.patch + * net-snmp-5.9.1-modern-rpm-api.patch + +------------------------------------------------------------------- +Mon Jan 24 21:02:46 UTC 2022 - Dirk Müller + +- update net-snmp-5.8-socket-path.patch: use %_rundir for agentx + +------------------------------------------------------------------- +Sat Oct 23 11:32:10 UTC 2021 - Andreas Stieger + +- fix shlib-policy-name-error for SLPP boo#1191774 + +------------------------------------------------------------------- +Mon Oct 18 06:31:40 UTC 2021 - Alexander Bergmann + +- update to 5.9.1: + - General: Many bug fixes +- Change to use systemd service files directly from net-snmp package. + Patch clean-up and renaming. + Add: + * net-snmp-5.9.1-suse-systemd-service-files.patch + * net-snmp-5.9.1-harden_snmpd.service.patch + * net-snmp-5.9.1-harden_snmptrapd.service.patch + * net-snmp-5.9.1-add-lustre-fs-support.patch + Remove: + * snmpd.service + * snmptrapd.service + * harden_snmpd.service.patch + * harden_snmptrapd.service.patch + * net-snmp-5.8-add-lustre-fs-support.patch + +------------------------------------------------------------------- +Fri Oct 15 07:26:28 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_snmpd.service.patch + * harden_snmptrapd.service.patch + Modified: + * snmpd.service + * snmptrapd.service + +------------------------------------------------------------------- +Sun Sep 19 18:54:20 UTC 2021 - Andreas Stieger + +- add upstream signing keyring and validate source signature + +------------------------------------------------------------------- +Thu Mar 25 16:27:58 UTC 2021 - Ben Greiner + +- Can't assume non-existence of python38 macros in Leap. + gh#openSUSE/python-rpm-macros#107 + Test for suse_version instead. Only Tumbleweed has and needs the + python_subpackage_only support. + +------------------------------------------------------------------- +Mon Jan 18 21:31:18 UTC 2021 - Dirk Müller + +- update to 5.9: + snmplib: + - Add IPv6 support to DTLSUDP transport CHANGES: snmplib: use new + netsnmp_sockaddr_storage in netsnmp_addr_pair CHANGES: snmplib: add + base_transport ptr for tunneled transports + snmpd: + - Security vulnerabilty in the ping MIB reported by Christopher Ertl + from Microsoft fixed + - Changing to a different uid/gid can only be done once + - The extend mib is now read-only by default + snmptrap: + - BUG: 2899: Patch from Drew Roedersheimer to set library + engineboots/time values before sending + unspecified: + - Add pkg-config support for building applications and sub-agents Use + the netsnmp package when building Net-SNMP applications. Use the + netsnmp-agent package when building Net-SNMP subagents. +- drop net-snmp-5.8-fix-python3.patch, net-snmp-5.8-netgroups.patch: obsolete + +------------------------------------------------------------------- +Sun Dec 13 12:58:00 UTC 2020 - + +- Update the tmpfiles.d/ drop-in file - remove legacy directory + Fixes boo#1137761 and boo#1176997 + +------------------------------------------------------------------- +Sun Nov 22 00:19:34 UTC 2020 - Benjamin Greiner + +- Fix the python subpackage generation + gh#openSUSE/python-rpm-macros#79 + +------------------------------------------------------------------- +Thu Nov 19 18:23:53 UTC 2020 - Benjamin Greiner + +- Support multiple python 3 flavors in the python subpackage + gh#openSUSE/python-rpm-macros#66 + +------------------------------------------------------------------- +Mon Jun 29 17:20:01 UTC 2020 - Alexander van Kaam + +- Change /etc/logrotate.d/net-snmp from init.d to systemd + fix boo#1173487. + +------------------------------------------------------------------- +Tue Mar 31 11:56:24 UTC 2020 - Martin Liška + +- Add -fcommon in order to fix boo#1160404. + +------------------------------------------------------------------- +Thu Jul 4 08:06:47 UTC 2019 - abergmann@suse.com + +- Add Lustre filesystem support (bsc#1140341). + Add net-snmp-5.8-add-lustre-fs-support.patch + +------------------------------------------------------------------- +Wed Mar 6 10:21:17 UTC 2019 - abergmann@suse.com + +- Remove FIRST_ARG usage from spec file (bsc#1126426). + +------------------------------------------------------------------- +Wed Oct 10 20:22:35 UTC 2018 - abergmann@suse.com + +- Update to net-snmp-5.8. + Fixes included: + * Fix remote DoS in agent/helpers/table.c (bsc#1111122, CVE-2018-18065) + * Fix agentx freezing on timeout (bsc#1027353) + * swintst_rpm: Protect against unspecified Group name (bsc#1102775) +- Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) +- Rename and refactor patches and remove those that are already included + inside the new version. + Added: + * net-snmp-5.8-socket-path.patch + * net-snmp-5.8-testing-empty-arptable.patch + * net-snmp-5.8-pie.patch + * net-snmp-5.8-net-snmp-config-headercheck.patch + * net-snmp-5.8-perl-tk-warning.patch + * net-snmp-5.8-velocity-mib.patch + * net-snmp-5.8-netgroups.patch + * net-snmp-5.8-snmpstatus-suppress-output.patch + * net-snmp-5.8-fix-Makefile.PL.patch + * net-snmp-5.8-modern-rpm-api.patch + * net-snmp-5.8-fix-python3.patch + Removed: + * net-snmp-5.7.3-socket-path.patch + * net-snmp-5.7.3-testing-empty-arptable.patch + * net-snmp-5.7.3-pie.patch + * net-snmp-5.7.3-net-snmp-config-headercheck.patch + * net-snmp-5.7.3-perl-tk-warning.patch + * net-snmp-5.7.3-velocity-mib.patch + * net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch + * net-snmp-5.7.3-netgroups.patch + * net-snmp-5.7.3-snmpstatus-suppress-output.patch + * net-snmp-5.7.3-fix-snmp_pdu_parse-incomplete.patch + * net-snmp-5.7.3-Remove-U64-typedef.patch + * net-snmp-5.7.3-Fix-Makefile.PL.patch + * net-snmp-5.7.3-build-with-openssl-1.1.patch + * net-snmp-5.7.3-modern-rpm-api.patch + * net-snmp-python3.patch + * net-snmp-5.7.2-systemd.patch + * net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch + +------------------------------------------------------------------- +Mon Oct 8 23:44:37 UTC 2018 - abergmann@suse.com + +- Fix remote DoS in agent/helpers/table.c (bsc#1111122, CVE-2018-18065) + Add net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch + +------------------------------------------------------------------- +Mon Jun 18 13:50:35 CEST 2018 - kukuk@suse.de + +- Create /var/agentx via systemd tmpfiles in case of rollback, + snapshots and transactional updates [bsc#1098032] + +------------------------------------------------------------------- +Wed Apr 18 12:04:14 UTC 2018 - tchvatal@suse.com + +- Fix permissions on unit files wrt bsc#1087977 +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Mon Apr 16 15:03:50 UTC 2018 - abergmann@suse.com + +- Remove executable flags from systemd service files (bsc#1089295). + +------------------------------------------------------------------- +Thu Feb 1 23:15:44 UTC 2018 - jengelh@inai.de + +- Fix RPM group for shlib subpackage. + +------------------------------------------------------------------- +Wed Jan 24 14:07:16 UTC 2018 - tchvatal@suse.com + +- Properly conditionalize the py2 build + +------------------------------------------------------------------- +Wed Jan 24 13:09:36 UTC 2018 - tchvatal@suse.com + +- Add patch from Fedora to support natively systemd: + * net-snmp-5.7.2-systemd.patch +- Drop the check phase as whole 90% of the tests fail it makes + more sense to run them somewhere localy + +------------------------------------------------------------------- +Mon Jan 22 12:24:33 UTC 2018 - tchvatal@suse.com + +- Take systemd service files from fedora to replace sysV scripts +- Also convert the sysconfig files to match fedora ones, they + get bit more terse but it works seamlessly with systemd + +------------------------------------------------------------------- +Fri Jan 19 17:36:38 UTC 2018 - tchvatal@suse.com + +- Format with spec-cleaner +- Drop sle11 support as it fails to build anyway for ages +- Rename python packages to be python-%{name} with obsoletes + * Use new singlespec macros + * Add patch converting the py files to python3/2 compat mode + net-snmp-python3.patch +- Run full autoreconf instead of partial +- Build with threads by building few targets first + +------------------------------------------------------------------- +Mon Dec 11 17:14:43 UTC 2017 - dimstar@opensuse.org + +- Add net-snmp-5.7.3-modern-rpm-api.patch: Supprt modern RPM (>= + 4.6) API. In RPM 4.14, the RPM 4.4 compatibility APIs are being + removed. + +------------------------------------------------------------------- +Thu Nov 23 13:46:24 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Tue Jun 13 10:07:45 UTC 2017 - daniel.molkentin@suse.com + +- Fix build with OpenSSL 1.1 (bsc#1042664): + + Add net-snmp-5.7.3-build-with-openssl-1.1.patch, cumulated + squash-patch from the following upstream commits: + bbed6b86e70b5a3c54f14992696f2308a8d79511 + 14bb72fd12bf5b68662893f7d8afbc4a8d52a6c8 + 9641b472ef01208f92631016e91b0a4a518163f0 + e4c6937483d4a680570cec05388d2e4b291868a6 + b906c60c8a436d7360267a6d242526b33a9aaac8 + +------------------------------------------------------------------- +Sat May 21 08:48:48 UTC 2016 - dimstar@opensuse.org + +- Fix build with perl 5.24.0: + + Add net-snmp-5.7.3-Fix-Makefile.PL.patch: Fix build system + recursiely loading Makefile.Pl and destroying its internas. + See https://rt.perl.org/Public/Bug/Display.html?id=125907 + + net-snmp-5.7.3-Remove-U64-typedef.patch: The U64 typedef + conflicts with a typedef in a Perl header file. Hence remove + the U64 typedef from the Net-SNMP header files. Backported from + upstream commit 477b4307ef1. + +------------------------------------------------------------------- +Tue Mar 15 09:09:41 UTC 2016 - abergmann@suse.com + +- make snmpd and snmptrapd log message destination configurable + for syslog or a dedicated log file. (bsc#695677) +- make snmpd and snmptrapd listening address(es) configurable via + the sysconfig file. + +------------------------------------------------------------------- +Mon Feb 15 20:38:20 UTC 2016 - astieger@suse.com + +- fix build with GNU grep 2.23, use grep -a to force text matching + +------------------------------------------------------------------- +Thu Sep 3 09:48:31 UTC 2015 - meissner@suse.com + +- reenabled md5 and des, as some tools build against it and need + the methods :( + +------------------------------------------------------------------- +Thu Aug 13 20:24:01 UTC 2015 - abergmann@suse.com + +- added net-snmp-5.7.3-fix-snmp_pdu_parse-incomplete.patch: to fix + an incompletely initialized vulnerability within the + snmp_pdu_parse() function of snmp_api.c. + (bnc#940188, CVE-2015-5621) + +------------------------------------------------------------------- +Mon Aug 3 14:35:47 UTC 2015 - meissner@suse.com + +- Disable MD5 authentication method, disable DES support + (if something breaks, tell me) + +------------------------------------------------------------------- +Wed Jul 22 07:19:05 UTC 2015 - jengelh@inai.de + +- Request pkgconfig(libssl) instead of openssl-devel to support + using LibreSSL as well. + +------------------------------------------------------------------- +Tue Jul 14 09:43:16 UTC 2015 - abergmann@suse.com + +- update to upstream version 5.7.3 +- remove patch that is now present in the upstream release: + * net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch +- rename patches to new version number 5.7.3: + delete: + * net-snmp-5.7.2-fix-snmpd-crashing-when-an-agentx-disconnects.patch + * net-snmp-5.7.2-net-snmp-config-headercheck.patch + * net-snmp-5.7.2-perl-tk-warning.patch + * net-snmp-5.7.2-pie.patch + * net-snmp-5.7.2-socket-path.patch + * net-snmp-5.7.2-testing-empty-arptable.patch + * net-snmp-5.7.2-velocity-mib.patch + add: + * net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch + * net-snmp-5.7.3-net-snmp-config-headercheck.patch + * net-snmp-5.7.3-perl-tk-warning.patch + * net-snmp-5.7.3-pie.patch + * net-snmp-5.7.3-socket-path.patch + * net-snmp-5.7.3-testing-empty-arptable.patch + * net-snmp-5.7.3-velocity-mib.patch +- add build requirement 'procps' to fix a net-snmp-config error + (bsc#935863) +- enable DTLS and TLS support (FATE#318789) + new binary 'snmptls' was added +- add support for hostname netgroups (FATE#316305) + '@hostgroup' can be specified for multiple hosts + * net-snmp-5.7.3-netgroups.patch +- suppress network statistics output in snmpstatus (FATE#316289) + '-Sn' don't print any info about the network + '-Si' don't print the operational status of network interfaces + * net-snmp-5.7.3-snmpstatus-suppress-output.patch + +------------------------------------------------------------------- +Sun Nov 30 15:52:36 UTC 2014 - cobexer@gmail.com + +- also stop snmptrapd on removal + +------------------------------------------------------------------- +Mon Sep 15 14:29:16 UTC 2014 - lchiquitto@suse.com + +- update to upstream version 5.7.3.pre5 +- remove patches that are now present in the upstream release: + * net-snmp-5.7.2-build-fix-for-strlcat.patch + * net-snmp-5.7.2-fix-mib-representation-of-timeout-values.patch + * net-snmp-5.7.2-fix-perl-trap-handler.patch +- net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch: + refresh and add patch header + +------------------------------------------------------------------- +Wed Sep 3 19:35:54 UTC 2014 - abergmann@suse.com + +- added net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch: + fix remote denial of service problem inside snmptrapd when started + with the "-OQ" option (CVE-2014-3565)(bnc#894361) +- added net-snmp-5.7.2-fix-perl-trap-handler.patch: fix potential + remote denial of service problem inside the snmptrapd Perl trap + handler (CVE-2014-2285)(bnc#866942) + +------------------------------------------------------------------- +Mon Jun 16 13:58:17 CEST 2014 - lchiquitto@suse.com + +- merge some old fixes from SLE 11: + * init script should provide snmpd. (bnc#466805) + * stop all snmp agents when stopping the daemon. (bnc#473328) + +------------------------------------------------------------------- +Sat May 17 18:57:58 UTC 2014 - coolo@suse.de + +- recompress .tar.gz - it has trailing garbage, hope we can readd + source url on next update + +------------------------------------------------------------------- +Fri May 16 12:25:59 UTC 2014 - lchiquitto@suse.com + +- update to upstream version 5.7.2.1, fixing one security issue: + * A denial of service attack vector was discovered on the Linux + implementation of the ICMP-MIB. (CVE-2014-2284, bnc#866942) + +------------------------------------------------------------------- +Wed May 14 22:06:00 CEST 2014 - lchiquitto@suse.com + +- net-snmp-5.7.2-fix-mib-representation-of-timeout-values.patch: + fix mib representation of timeout values (bnc#833153) + +------------------------------------------------------------------- +Thu May 8 11:47:01 CEST 2014 - ro@suse.de + +- use _rundir macro + +------------------------------------------------------------------- +Tue Feb 18 15:40:15 UTC 2014 - lchiquitto@suse.com + +- remove old workaround for ppc/ppc64 migrations which is no longer + needed (bnc#437293) + +------------------------------------------------------------------- +Mon Jul 15 11:49:08 UTC 2013 - mardnh@gmx.de + +- add support for python bindings + +------------------------------------------------------------------- +Wed Jul 10 08:26:14 UTC 2013 - lars@linux-schulserver.de + +- improve snmptrapd init script (avoid to overwrite the logfile + on restart) + +------------------------------------------------------------------- +Mon May 20 11:22:24 UTC 2013 - lchiquitto@suse.com + +- Disable parallelism during build. The dependencies between the + Perl module and libnetsnmp are not defined correctly and might + result in broken linkage (bnc#819497, bnc#818907) + +------------------------------------------------------------------- +Mon Apr 15 13:44:06 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Tue Dec 18 22:01:23 UTC 2012 - lchiquitto@suse.com + +- net-snmp-5.7.2-build-fix-for-strlcat.patch: fix exported strlcat() + prototype that could conflict with other packages (bnc#793548) + +------------------------------------------------------------------- +Wed Oct 10 18:21:19 UTC 2012 - lchiquitto@suse.com + +- update to version 5.7.2: several bug fixes in the agent, client + utilities and libraries. The CHANGES file shipped with the + package contains a comprehensive list of fixes and improvements +- rebase patches to apply cleanly: + * net-snmp-5.7.2-perl-tk-warning.patch + * net-snmp-5.7.2-socket-path.patch + * net-snmp-5.7.2-testing-empty-arptable.patch + * net-snmp-5.7.2-pie.patch + * net-snmp-5.7.2-velocity-mib.patch + * net-snmp-5.7.2-fix-snmpd-crashing-when-an-agentx-disconnects.patch +- remove patches that are now present in the upstream release: + * net-snmp-5.7.0-recognize-reiserfs.patch + * net-snmp-5.7.1-snmplib-zero-timeout.patch + * net-snmp-5.7.1-old-api-double-free.patch + * net-snmp-5.7.1-use-pclose-to-close-pipes.patch + * net-snmp-5.7.1-fix-handling-of-large-filesystems.patch + * net-snmp-5.7.1-snmplib-default-retries.patch + * net-snmp-5.7.1-fsys-memory-leak.patch + * net-snmp-5.7.1-adjust-copyright-in-agent-txt-file.patch + * net-snmp-5.7.1-recognize-ocfs2.patch + * net-snmp-5.7.1-properly-clean-up-old-requests-in-subagents.patch + * net-snmp-5.7.1-reduce-code-duplication-in-agentx.patch + * net-snmp-5.7.1-log-agentx-disconnections.patch + * net-snmp-5.7.1-more-robust-handling-of-agentx-errors.patch + * net-snmp-5.7.1-report-problems-with-setundo-processing.patch + * net-snmp-5.7.1-fix-array-index-error.patch + +------------------------------------------------------------------- +Fri Sep 7 17:28:00 UTC 2012 - jengelh@inai.de + +- Remove redundant sections from specfile +- Avoid shipping .la files + +------------------------------------------------------------------- +Mon May 14 17:39:17 UTC 2012 - lchiquitto@suse.com + +- fix array index error that could lead to a crash (CVE-2012-2141) + (bnc#759352) + +------------------------------------------------------------------- +Thu Mar 29 22:14:55 UTC 2012 - lchiquitto@suse.com + +- fix agent crash when reloading a subagent (AgentX) during a query + (bnc#670789) + +------------------------------------------------------------------- +Thu Mar 29 22:14:04 UTC 2012 - lchiquitto@suse.com + +- add OCFS2 to the list of known file systems + +------------------------------------------------------------------- +Thu Mar 22 11:04:08 UTC 2012 - lchiquitto@suse.com + +- update copyright notice of AGENT.txt allowing us to redistribute + the file in our package (from Dave Shield) (bnc#750704) + +------------------------------------------------------------------- +Wed Feb 8 06:09:32 UTC 2012 - coolo@suse.com + +- fix license to be in spdx.org format + +------------------------------------------------------------------- +Tue Nov 1 11:01:12 UTC 2011 - lchiquitto@suse.com + +- logrotate: use "reload" instead of "try-restart" to avoid an + unnecessary stop/start cycle in the agent (bnc#707636) + +------------------------------------------------------------------- +Fri Oct 21 12:30:29 UTC 2011 - lchiquitto@suse.com + +- net-snmp-5.7.1-fsys-memory-leak.patch: fix a memory leak in + agent/mibgroup/hardware/fsys (bnc#725766) +- net-snmp-5.7.1-snmplib-default-retries.patch: change default + number of retries back from 0 to 5 (bnc#725766) +- net-snmp-5.7.1-fix-handling-of-large-filesystems.patch: fix + bug in handling large (>8TB) filesystems (bnc#725766) +- net-snmp-5.7.1-use-pclose-to-close-pipes.patch: use pclose() + instead of fclose() to close a pipe (bnc#725766) +- net-snmp-5.7.1-old-api-double-free.patch: agent: avoid double + free when netsnmp_register_old_api() fails (bnc#725766) +- net-snmp-5.7.1-snmplib-zero-timeout.patch: snmplib: avoid + waiting indefinitely if a session has timeout zero (bnc#725766) + +------------------------------------------------------------------- +Thu Sep 29 00:44:40 UTC 2011 - lchiquitto@suse.com + +- update to version 5.7.1: minor release including some bug fixes + +------------------------------------------------------------------- +Fri Sep 16 17:24:39 UTC 2011 - jengelh@medozas.de + +- enable net-snmp-devel on all baselib architectures + +------------------------------------------------------------------- +Wed Sep 14 18:33:18 UTC 2011 - lchiquitto@suse.com + +- make sure all delegated requests are removed before closing an + AgentX session (bnc#670789) + +------------------------------------------------------------------- +Fri Sep 9 20:41:31 UTC 2011 - lchiquitto@suse.com + +- update to version 5.7.1.rc1 but keep package version as 5.7.1 + to avoid update problems when the final version is released + +------------------------------------------------------------------- +Fri Sep 9 20:18:31 UTC 2011 - lchiquitto@suse.com + +- small fixes to snmpd and snmptrapd init scripts: + - if $SNMPD_LOGLEVEL is not defined, use LOG_NOTICE instead of + LOG_DEBUG + - improve messages printed and service description + - write snmptrapd logs to /var/log/net-snmpd.log + +------------------------------------------------------------------- +Fri Sep 9 19:36:55 UTC 2011 - lchiquitto@suse.com + +- update README.SUSE to reflect some recent changes and drop a bit + of outdated information +- update baselibs to reflect new library version +- spec file cleanup: rename some source files for consistency + +------------------------------------------------------------------- +Thu Sep 1 12:48:57 UTC 2011 - lchiquitto@suse.com + +- add ReiserFS to the list of known file systems (bnc#715199) + +------------------------------------------------------------------- +Tue Aug 30 01:43:26 UTC 2011 - lchiquitto@suse.com + +- install snmptrapd init script by default (bnc#712175) + +------------------------------------------------------------------- +Tue Aug 30 01:37:28 UTC 2011 - lchiquitto@suse.com + +- fix logging option in snmptrapd init script (bnc#712174) + +------------------------------------------------------------------- +Thu Jul 14 17:46:57 UTC 2011 - lchiquitto@suse.com + +- update upstream patches from branch V5-7-patches to 20110714 + +------------------------------------------------------------------- +Tue Jul 5 12:28:00 UTC 2011 - lchiquitto@suse.com + +- update to version 5.7: + new features and lots of bug fixes +- remove patches that are no longer needed: + net-snmp-5.6.0-enable-hrh-filesys.patch + net-snmp-5.6.1-recognize-jfs-and-xfs.patch + net-snmp-5.6.1-rpm490.patch +- refresh and rename patches to apply cleanly after update: + net-snmp-5.7.0-pie.patch + net-snmp-5.7.0-velocity-mib.patch + +------------------------------------------------------------------- +Thu May 19 14:43:13 CEST 2011 - mls@suse.de + +- switch from rpmdb to rpmts to support rpm-4.9.0 + +------------------------------------------------------------------- +Thu May 12 14:49:34 UTC 2011 - lchiquitto@suse.com + +- update upstream patches from branch V5-6-patches to 20110512 + +------------------------------------------------------------------- +Wed Apr 13 17:30:28 UTC 2011 - lchiquitto@suse.com + +- add JFS and XFS to the list of known file systems (bnc#687327) + +------------------------------------------------------------------- +Mon Mar 28 18:53:16 UTC 2011 - lchiquitto@suse.com + +- update upstream patches from branch V5-6-patches to 20110328 + +------------------------------------------------------------------- +Tue Jan 4 11:34:19 UTC 2011 - lchiquitto@suse.com + +- fix libsnmp version in baselibs.conf + +------------------------------------------------------------------- +Tue Jan 4 11:26:48 UTC 2011 - lchiquitto@suse.com + +- update to version 5.6.1: + new features and lots of bug fixes +- update upstream patches from branch V5-6-patches to 20110104 +- remove patches that are no longer needed: + net-snmp-5.6.0-ethtool-speed.patch + +------------------------------------------------------------------- +Tue Nov 30 18:09:58 UTC 2010 - lchiquitto@suse.com + +- remove /var/adm/perl-modules/net-snmp from the Perl module + +------------------------------------------------------------------- +Mon Nov 29 10:43:34 UTC 2010 - lchiquitto@suse.com + +- update upstream patches from branch V5-6-patches to 20101129 +- spec file cleanup: upstream uses -fno-strict-aliasing by default + now +- remove patches that are no longer needed: + net-snmp-5.5.0-rpmdb-h-detect.patch + net-snmp-5.6.0-vendorperl.patch + +------------------------------------------------------------------- +Wed Nov 3 12:04:50 UTC 2010 - lchiquitto@suse.com + +- if-mib: add support for more speeds with ethtool (bnc#650558) + +------------------------------------------------------------------- +Mon Nov 1 17:54:34 UTC 2010 - lchiquitto@suse.com + +- update upstream patches from branch V5-6-patches to 20101101, + fixing a segmentation fault on shutdown (bnc#650282) + +------------------------------------------------------------------- +Wed Oct 27 16:48:40 UTC 2010 - lchiquitto@suse.com + +- enable new implementation of hrStorage and hrFilesys to fix + persistent indexes in FS and Storage tables (bnc#648364) + +------------------------------------------------------------------- +Thu Oct 21 14:37:36 UTC 2010 - lchiquitto@suse.com + +- update upstream patches from branch V5-6-patches to 20101021 + +------------------------------------------------------------------- +Tue Oct 19 23:59:46 UTC 2010 - lchiquitto@suse.com + +- update to version 5.6: + new features and lots of bug fixes +- refresh and rename patches to apply cleanly after update: + net-snmp-5.6.0-pie.patch + net-snmp-5.6.0-vendorperl.patch + net-snmp-5.6.0-net-snmp-config-headercheck.patch + +------------------------------------------------------------------- +Tue Aug 3 18:33:33 UTC 2010 - lchiquitto@suse.com + +- update upstream patches from branch V5-5-patches to 20100803 + +------------------------------------------------------------------- +Mon Jul 19 16:36:49 UTC 2010 - lchiquitto@suse.com + +- change default log level from DEBUG to NOTICE (bnc#623497) + +------------------------------------------------------------------- +Fri Jul 16 01:04:14 UTC 2010 - lchiquitto@suse.com + +- spec file cleanup: remove old backward compatibility scripts + +------------------------------------------------------------------- +Thu Jun 3 11:43:52 UTC 2010 - lchiquitto@suse.com + +- update upstream patches from branch V5-5-patches to 20100602: + fixed potential buffer overflow in parsing OIDs in config files + +------------------------------------------------------------------- +Mon May 31 13:48:27 UTC 2010 - lchiquitto@suse.com + +- update upstream patches from branch V5-5-patches to 20100531 +- add net-snmp-5.5.0-rpmdb-h-detect.patch: + workaround for autoconf failing to detect rpm/rpmdb.h +- remove patches that are no longer needed: + net-snmp-5.5.0-use-lmsensors-v3.patch + +------------------------------------------------------------------- +Fri Apr 30 16:01:08 UTC 2010 - lchiquitto@suse.com + +- create /var/run/agentx during startup to support systems that + mount /var/run as tmpfs + +------------------------------------------------------------------- +Wed Apr 28 21:41:22 UTC 2010 - lchiquitto@suse.com + +- update libsnmp package name to reflect the library version we + are currently shipping +- remove patches that are obsolete: + net-snmp-5.4.rc2-versinfo.diff + net-snmp-5.4.2_snmpconf-selinux.patch +- refresh all patches to apply as "-p1" +- spec file cleanup: remove conditionals to build on unsupported + versions of the distribution + +------------------------------------------------------------------- +Wed Apr 28 21:38:21 UTC 2010 - lchiquitto@suse.com + +- update upstream patches from branch V5-5-patches to 20100428 + +------------------------------------------------------------------- +Mon Apr 5 15:58:58 UTC 2010 - lchiquitto@suse.com + +- add net-snmp-5.5.0_upstream-20100405.patch: + merge all patches committed to upstream branch V5-5-patches +- remove patches that are now upstream: + net-snmp-5.4.2_audit.patch + net-snmp-5.5.0_autoconf.patch + net-snmp-5.4.2_overflow.patch + net-snmp-5.4.2.1-rpm4.7.patch + net-snmp-5.5.0_gcc45.patch + +------------------------------------------------------------------- +Fri Mar 5 17:33:34 UTC 2010 - lchiquitto@suse.com + +- Fix strncat properly (from Andreas Jaeger) + +------------------------------------------------------------------- +Mon Mar 1 20:45:50 UTC 2010 - aj@suse.de + +- Fix code errors found by gcc 4.5 + +------------------------------------------------------------------- +Wed Feb 3 11:03:39 CET 2010 - jdelvare@suse.de + +- build for libsensors4 instead of libsensors3 + +------------------------------------------------------------------- +Mon Feb 1 12:06:49 UTC 2010 - jengelh@medozas.de + +- remove sparcv9-specific baselib exceptions (not needed) + +------------------------------------------------------------------- +Tue Jan 19 12:01:54 UTC 2010 - lchiquitto@suse.com + +- remove net-snmp-5.4.1.2-rmon-mib-revised_3.patch from sources + (upstream since 5.5) +- refresh net-snmp-5.5.0_autoconf.patch +- spec file cleanup: update package description + +------------------------------------------------------------------- +Tue Dec 22 09:41:44 UTC 2009 - lchiquitto@suse.com + +- update to version 5.5: + new features and lots of bug fixes, including: + - fix hrSWRunPath for processes other than init (bnc#486270) +- remove patches that are now upstream: + Add-Default-Router-Table-support.patch + Add-ICMP-Statistics-Tables-support.patch + Add-IPv6-Scope-Zone-Index.patch + Add-IPv6-support-on-Internet-Address-Translation-Tab.patch + Fix-for-IPv6-Interface-Table.patch + Fix-for-Internet-Address-Prefix-Table.patch + Fix-for-Internet-Address-Table.patch + Fix-for-tcpConnnectionTable-tcpListenerTable-udpEn.patch + Improve-IP-Statistics-tables.patch + net-snmp-5.3.0.1_trap-agent-addr_v2.patch + net-snmp-5.4.1.2-etherlike-mib-revised_4.patch + net-snmp-5.4.x_embedded_perl_error_message.patch + +------------------------------------------------------------------- +Sat Dec 19 14:00:41 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source +- add baselib defs for SPARC + +------------------------------------------------------------------- +Sun Aug 30 15:17:12 UTC 2009 - aj@suse.de + +- Fix build with rpm 4.7 (net-snmp-5.4.2.1-rpm4.7.patch) + +------------------------------------------------------------------- +Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de + +- make patch0 usage consistent + +------------------------------------------------------------------- +Thu Jan 22 16:36:00 CET 2009 - mrueckert@suse.de + +- updated patches from Dell: + Those patches incorporate the latest fixes for remarks from the + upstream review + old: net-snmp-5.4.1.2-rmon-mib-revised.patch + new: net-snmp-5.4.1.2-rmon-mib-revised_3.patch + old: net-snmp-5.4.1.2-etherlike-mib-revised_2.patch + new: net-snmp-5.4.1.2-etherlike-mib-revised_4.patch + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during + distupgrade (bnc#437293) + +------------------------------------------------------------------- +Fri Dec 5 22:07:47 CET 2008 - mrueckert@suse.de + +- fix the snmptrapd init script: + 1. make sure the config isnt loaded twice. + 2. do not truncate the net-snmp.log + 3. use SNMPD_LOGLEVEL aswell. + 4. write a pid +- update snmptrapd section in README.SuSE +- whitespace cleanup in both init scripts + +------------------------------------------------------------------- +Fri Nov 21 14:53:28 CET 2008 - mrueckert@suse.de + +- update patches from Dell: + Upstream asked to reduce the logging in the mib module. + old name net-snmp-5.4.1.2-etherlike-mib-revised_1.patch + new name net-snmp-5.4.1.2-etherlike-mib-revised_2.patch + +------------------------------------------------------------------- +Thu Nov 20 17:33:25 CET 2008 - mrueckert@suse.de + +- Remove the recommends on perl-Tk again. We rely on the fixed + warning in the perl_tk_warnings.patch. (bnc#443047) + +------------------------------------------------------------------- +Tue Nov 11 16:54:26 CET 2008 - ro@suse.de + +- SLE-11 uses PPC64 instead of PPC, adapt baselibs.conf + +------------------------------------------------------------------- +Mon Nov 10 17:44:36 CET 2008 - mrueckert@suse.de + +- added net-snmp-5.4.x_embedded_perl_error_message.patch: + fix typo in error message (bnc#439857) + +------------------------------------------------------------------- +Wed Nov 5 16:10:39 CET 2008 - mrueckert@suse.de + +- update to 5.4.2.1: (bnc#440950) (CVE-2008-4309) + fix crash in getbulk handling code + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Fri Oct 24 16:54:46 CEST 2008 - mrueckert@suse.de + +- added net-snmp-5.4.2_velocity-mib.patch (FATE#303556) + +------------------------------------------------------------------- +Fri Oct 24 16:43:34 CEST 2008 - mrueckert@suse.de + +- refreshed patches to apply cleanly: + old: net-snmp-5.1.2-snmpconf-selinux.patch + new: net-snmp-5.4.2_snmpconf-selinux.patch + old: net-snmp-5.2.1-overflow.diff + new: net-snmp-5.4.2_overflow.patch + old: net-snmp-5.2.1.testing.empty_arptable.patch + new: net-snmp-5.4.2_testing.empty_arptable.patch + old: net-snmp-5.3.0.1-audit.diff + new: nmp-5.4.2_audit.patch + old: net-snmp-5.3_vendorperl.patch + new: net-snmp-5.4.2_vendorperl.patch + old: net-snmp-5.4.1-autoconf.diff + new: net-snmp-5.4.2_autoconf.patch + old: net-snmp-5.4.1_perl_tk_warning.patch + new: net-snmp-5.4.2_perl_tk_warning.patch + old: net-snmp-5.4_net-snmp-config_headercheck.patch + new: net-snmp-5.4.2_net-snmp-config_headercheck.patch + +------------------------------------------------------------------- +Fri Oct 24 14:43:35 CEST 2008 - kkeil@suse.de + +- more IPv6 support from IBM (mainline backports) (bnc#437208) + Fix-for-tcpConnnectionTable-tcpListenerTable-udpEn.patch + Fix-for-IPv6-Interface-Table.patch + Fix-for-Internet-Address-Table.patch + Add-ICMP-Statistics-Tables-support.patch + Add-Default-Router-Table-support.patch + Add-IPv6-support-on-Internet-Address-Translation-Tab.patch + Fix-for-Internet-Address-Prefix-Table.patch + Add-IPv6-Scope-Zone-Index.patch + Improve-IP-Statistics-tables.patch + +------------------------------------------------------------------- +Mon Oct 20 17:05:34 CEST 2008 - mrueckert@suse.de + +- remove lzma-alpha-devel. rpm-devel has to require it if it is + really needed + +------------------------------------------------------------------- +Tue Sep 16 16:40:42 CEST 2008 - mrueckert@suse.de + +- updated patches from Dell: + net-snmp-5.4.1.2-etherlike-mib-revised_1.patch + net-snmp-5.4.1.2-rmon-mib-revised.patch + Those 2 patches obsolete the previous 3 patches. + +------------------------------------------------------------------- +Sat Sep 13 14:55:57 CEST 2008 - mrueckert@suse.de + +- fix typo in the init script which breaks loading of agents + (bnc#415127) +- also restart snmptrapd after logrotate (bnc#378069) + +------------------------------------------------------------------- +Fri Sep 12 18:44:53 CEST 2008 - mrueckert@suse.de + +- add patches from Dell: (Fate#304310) + net-snmp-5.4.1.2-etherlike-mib-revised.patch + net-snmp-5.4.1.2-rmon-mib.patch + net-snmp-5.4.2_fix_dell_patches.patch + +------------------------------------------------------------------- +Sat Sep 6 16:15:57 CEST 2008 - mrueckert@suse.de + +- update to version 5.4.2 + - [PATCH 1921861]: Avoid endless loop after truncating 64bit int + - Better handling of CONTAINER_INSERT failures with multiple + indices + - [PATCH 2023633]: add SCTP-MIB implementation (Linux only) + - suppress annoying "registration != duplicate" warning for root + oids + - Update to libtool 1.5.26 +- add net-snmp-5.4.1_perl_tk_warning.patch (bnc#392695) + correctly recommend installing the perl-Tk package instead of + referring to cpan. +- fix Required-Stop in the init scripts +- cleanup the spec file: + - moved files from the mibs package to the packages where they + really belong (snmpconf-data, mib2c) + - move mib2c from the perl package to the devel package + +------------------------------------------------------------------- +Mon Aug 25 11:53:31 CEST 2008 - prusnak@suse.cz + +- fixed wrong SELinux context (selinux.patch) [Fate#303662] + +------------------------------------------------------------------- +Fri Aug 22 16:19:33 CEST 2008 - mrueckert@suse.de + +- fix init scripts +- use %fillup_only as we dont launch the daemon per default + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Tue Mar 25 00:40:00 CET 2008 - ro@suse.de + +- added lzma-alpha-devel to buildreq + +------------------------------------------------------------------- +Fri Nov 2 15:07:41 CET 2007 - jdelvare@suse.de + +- libsensors is in a separate package now. + +------------------------------------------------------------------- +Thu Aug 2 00:46:50 CEST 2007 - mrueckert@suse.de + +- update to 5.4.1 + many small fixes. the highlights: + - link only needed libraries + - memleaks fixed + - python bindings (not yet packaged) +- rediffed net-snmp-5.4.rc1-autoconf.diff + new name net-snmp-5.4.1-autoconf.diff +- no longer build against lm_sensors on s390 +- split out new packages: + libsnmp15, snmp-mibs + +------------------------------------------------------------------- +Mon Nov 13 16:04:58 CET 2006 - mrueckert@suse.de + +- update to 5.4.rc2: + tons of bugfixes, and new features. just to name a few: + - enabled embedded perl + - new MIB table to manage net-snmp access control extensions + - hal to abstract os specific aspects of the systems + - tree matching support for snmptrapd + - reworked transport creation in snmplib + - using the incoming ip for outgoing packets if possible. + - ipv6 aware tcp/udp mibs + +- removed patches: + (all of them are either upstream or obsolete) + net-snmp-5.2.1-acinclude.diff + net-snmp-5.2.1-acquotation.patch + net-snmp-5.2.1-compat.patch + net-snmp-5.2.1-localperl.diff + net-snmp-5.2.1-perl.diff + net-snmp-5.3.0.1-64bit.diff + net-snmp-5.3.0.1_agentx_socket_path_doc.patch + net-snmp-5.3.0.1_deprecated_sysctl_retrans_time.patch + net-snmp-5.3.0.1_disman_mib_crash.patch + net-snmp-5.3.0.1_ethtool.patch + net-snmp-5.3.0.1_linux_types_header.patch + net-snmp-5.3.0.1_missing_ifNumber.patch + net-snmp-5.3.0.1_netsnmp_register_mib_crash.patch + net-snmp-5.3.0.1_perl_ld_run_path.patch + net-snmp-5.3.0.1_sighup_vacm.patch + net-snmp-5.3.0.1-smux-trap.diff + net-snmp-5.3.0.1.tar.bz2 + net-snmp-5.3.0.1_tcpwrapper_log_severity.patch + net-snmp-5.3.0.1_testsuite_no_smux.patch + net-snmp-5.3.0.1_tunnel_compilation.patch + net-snmp-5.3_perl_agent.xs-pointersize.patch + net-snmp-5.3_perl-printf.patch + net-snmp-5.4_default_store_return_value.patch + oid-names2_5.3.patch + +- added net-snmp-5.4_net-snmp-config_headercheck.patch: + warn if net-snmp-config is used but development files are missing. +- updated net-snmp-5.2.1-autoconf.diff to apply cleanly against 5.4 + new name: net-snmp-5.4.rc1-autoconf.diff +- updated net-snmp-5.2.1-versinfo.diff to apply cleanly against 5.4 + new name: net-snmp-5.4.rc2-versinfo.diff +- added net-snmp-5.4.rc2_perl_SNMP_size_t.patch: + dont use int if you want size_t. fixes failures in the perl test + suite. + +------------------------------------------------------------------- +Thu Oct 19 17:25:58 CEST 2006 - mrueckert@suse.de + +- added net-snmp-5.4_default_store_return_value.patch: + backport my patch from 5.4 so we can get rid of the build errors. + the patch removes/disables dead code. + +------------------------------------------------------------------- +Fri Aug 4 02:34:14 CEST 2006 - mrueckert@suse.de + +- added net-snmp-5.3.0.1_perl_ld_run_path.patch: + the old perl replacement line broke linking of the SNMP libraries + into the perl modules. the patch sets the LD_RUN_PATH for the + build process to LIBDIR. (#180888) + +------------------------------------------------------------------- +Thu May 4 17:05:26 CEST 2006 - mrueckert@suse.de + +- added net-snmp-5.3.0.1_sighup_vacm.patch: + The snmp agent was broken on SIGHUP. It lost all its MIB + informations. (upstream bug: #1473289) +- added net-snmp-5.3.0.1_deprecated_sysctl_retrans_time.patch: + The snmpd used a deprecated sysctl to get the retransmit time + from the kernel. We didnt use this module but the mib library + triggered the sysctl. The patch uses retrans_time_ms when + available and corrects the correction factor for the old sysctl. + (bug: #170140, upstream: #1437287) +- reenabled the lmsensors support. was disabled for testing and + never reenabled. + +------------------------------------------------------------------- +Thu Apr 20 16:47:31 CEST 2006 - mrueckert@suse.de + +- net-snmp-5.3.0.1_missing_ifNumber.patch: + The 5.3 agent on Linux systems did not implement the 'ifNumber' + MIB object. (#159501) + +------------------------------------------------------------------- +Wed Apr 19 14:33:10 CEST 2006 - mrueckert@suse.de + +- logrotate does not like if the postrotate script returns with + a non zero returncode. +- add missing "-e" in echo line + +------------------------------------------------------------------- +Mon Apr 3 17:51:21 CEST 2006 - mrueckert@suse.de + +- dont call "/etc/init.d/snmpd restart". this could start the + daemon unconditionally (too large log file). + switched to "/etc/init.d/snmpd try-restart" + +------------------------------------------------------------------- +Mon Apr 3 14:51:39 CEST 2006 - mrueckert@suse.de + +- run logrotate on startup if the logfile is too large. (#131072) + +------------------------------------------------------------------- +Tue Mar 28 14:16:34 CEST 2006 - mrueckert@suse.de + +- fix compilation with ethtool support. (#155709) +- added option to ignore accepted connections (#86634) + net-snmp-5.3.0.1_tcpwrapper_log_severity.patch + new sysconfig option: SNMPD_LOG_SUCCESSFUL_CONNECTIONS +- pass the correct path to configure to set the desired log file +- make smux listen to localhost by default. (#116742) +- remove confpath patch. (#147808,#159768) + +------------------------------------------------------------------- +Mon Mar 27 15:30:26 CEST 2006 - mrueckert@suse.de + +- updated and reenabled the audit patch + +------------------------------------------------------------------- +Fri Mar 17 20:02:35 CET 2006 - mrueckert@suse.de + +- ported sysconfig options from sles9 + SNMPD_LOGLEVEL -> SPECIFY the log level for the snmpd + SNMPD_USE_SMUX -> disable SMUX socket + +------------------------------------------------------------------- +Fri Mar 10 00:20:11 CET 2006 - mrueckert@suse.de + +- disable embedded perl for now. + +------------------------------------------------------------------- +Wed Mar 8 05:17:49 CET 2006 - mrueckert@suse.de + +- added net-snmp-5.3.0.1_agentx_socket_path_doc.patch: + fixes: net-snmp snmpd.conf(5) manpage gives wrong default + for AgentXSocket (#129437) +- ported fix for bug #129923 from sles9 +- suppress the error message in the ucd-snmp upgrade script + +------------------------------------------------------------------- +Wed Feb 22 18:45:23 CET 2006 - mrueckert@suse.de + +- we move the configs into /etc/snmp [#77935] +- removed debugging packages from the build requires. + +------------------------------------------------------------------- +Thu Feb 16 16:03:38 CET 2006 - mrueckert@suse.de + +- added net-snmp-5.3.0.1-smux-trap.diff + dont loose the value of string variables via smux traps [#150091] + +------------------------------------------------------------------- +Fri Feb 3 16:39:21 CET 2006 - mrueckert@suse.de + +- added net-snmp-5.3.0.1_disman_mib_crash.patch + o fixes a crash in the disman mib loading +- net-snmp-5.3.0.1_netsnmp_register_mib_crash.patch + o dont crash while registering mibs +- net-snmp-5.3_perl_agent.xs-pointersize.patch + o dont use int if you mean intptr_t(IV) +- net-snmp-5.3_perl-printf.patch + o unused format specifier in printf +- net-snmp-5.3_vendorperl.patch + o do make install_vendor + +------------------------------------------------------------------- +Wed Jan 25 21:43:27 CET 2006 - mrueckert@suse.de + +- removed net-snmp-5.2.1-cmdline.diff + better solution from upstream + +------------------------------------------------------------------- +Wed Jan 25 21:38:36 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Mon Jan 23 00:50:55 CET 2006 - mrueckert@suse.de + +- update to version 5.3.0.1 +- removed patches that got applied upstream or superseeded by + upstream fixes: + net-snmp-5.2.1-uptime.diff + net-snmp-5.2.1-typeclash.diff + net-snmp-5.2.1-gcc.diff + net-snmp-5.2.1-dlopen-conf.diff + net-snmp-5.2.1-enomedium.diff + net-snmp-5.2.1-mktemp.diff + net-snmp-5.2.1-close-all-fds.diff + net-snmp-5.2.1-more-cpus.diff + net-snmp-5.2.1-nowraplibs.patch + net-snmp-5.2.1.set-var-value.patch + +- added 4 new patches: + net-snmp-5.3_perl_agent.xs-pointersize.patch + - fixes some casts of pointers to ints -> segfaults in the test + suite + net-snmp-5.3_perl-printf.patch + - fixes a printf warning + net-snmp-5.3_vendorperl.patch + - call perl modules install with install_vendor + net-snmp-5.1.1-pie.patch + - build snmpd and snmptrapd with pie + +------------------------------------------------------------------- +Tue Nov 15 17:12:53 CET 2005 - uli@suse.de + +- no point in running the test suite in QEMU + +------------------------------------------------------------------- +Wed Sep 7 13:53:40 CEST 2005 - mrueckert@suse.de + +- Added rpm-devel to the requires of the -devel package + +------------------------------------------------------------------- +Fri Jun 17 17:46:41 CEST 2005 - mrueckert@suse.de + +- added disman/event-mib to the mib list (Bug #91039) +- replaced patch25 (asn1 handling fix) with patch from the upstream. + (Bug #73804) +- build snmpd and snmptrap with with -fpie/-pie + +------------------------------------------------------------------- +Fri Jun 10 11:43:48 CEST 2005 - mrueckert@suse.de + +- Fixed test suite for boxes with empty arp tables. + +------------------------------------------------------------------- +Tue May 17 12:52:00 CEST 2005 - hvogel@suse.de + +- Include the right header for compat mode (Bug #64074) +- Fix length for type ASN_UNSIGNED (Bug #73804) +- Get rid of WRAPLIBS in net-snmp-config (Bug #75879) +- Fix ac quotation + +------------------------------------------------------------------- +Tue Feb 22 14:28:17 CET 2005 - meissner@suse.de + +- moved tkmib and mib2c* to perl subpackage, since + they require it. #63992 + +------------------------------------------------------------------- +Wed Feb 16 18:28:44 CET 2005 - meissner@suse.de + +- Multiple non Intel CPU detection added. + +------------------------------------------------------------------- +Sun Feb 6 18:50:48 CET 2005 - meissner@suse.de + +- Upgraded to 5.1.2 release. (lots of bugfixes as usual) + +------------------------------------------------------------------- +Wed Feb 2 22:06:33 CET 2005 - meissner@suse.de + +- overflow counter32 and gauge32 on 64bit systems correctly. #50384 + +------------------------------------------------------------------- +Fri Nov 26 11:23:58 CET 2004 - meissner@suse.de + +- close all non standard filedescriptors on start. + +------------------------------------------------------------------- +Thu Nov 25 12:01:56 CET 2004 - meissner@suse.de + +- Upgraded to 5.2 final. + +------------------------------------------------------------------- +Mon Oct 25 17:16:58 CEST 2004 - meissner@suse.de + +- Upgraded to 5.2.1rc2. Dropped merged patches, rediffed + old ones. + +------------------------------------------------------------------- +Tue Aug 17 14:28:42 CEST 2004 - coolo@suse.de + +- fixing pre-requires + +------------------------------------------------------------------- +Thu Aug 12 17:40:53 CEST 2004 - meissner@suse.de + +- Upgrade to 5.1.2 final. + +------------------------------------------------------------------- +Thu Jul 29 15:29:32 CEST 2004 - meissner@suse.de + +- Upgraded to upstream 5.1.2.rc2. + +------------------------------------------------------------------- +Fri Jul 23 13:03:17 CEST 2004 - meissner@suse.de + +- Upgraded to 5.1.2.rc1. +- Dropped some old patches / parts of old patches. +- Fixed problem on little endian 64bit machines. + +------------------------------------------------------------------- +Thu Jul 15 14:45:08 CEST 2004 - meissner@suse.de + +- removed double free on failure in netsnmp_register_old_api(). + (bug #42580) +- do not specify -c /etc/snmpd.conf (since it is already built in). + (bug #41706) +- require openssl-devel in -devel package. + +------------------------------------------------------------------- +Tue Jul 6 16:15:23 CEST 2004 - meissner@suse.de + +- replaced undefined C construct (x[n] = y[n++]) which caused the + testsuite to fail on i386. + +------------------------------------------------------------------- +Mon Jul 5 11:45:35 CEST 2004 - uli@suse.de + +- sleep .3 s before starting agents (bug #42588) + +------------------------------------------------------------------- +Wed Jun 30 09:42:51 CEST 2004 - meissner@suse.de + +- Fixed 2 places of file descriptor leakage which lead to segfaults + during readdir/fgets. #33958 + +------------------------------------------------------------------- +Fri Mar 19 16:22:35 CET 2004 - meissner@suse.de + +- remove the #define PACKAGE_ from the included autoconf + generated config.h file. #36355 + +------------------------------------------------------------------- +Fri Mar 19 00:56:32 CET 2004 - ro@suse.de + +- use stop_on_removal and restart_on_update macros (#36306) +- package /var/log/net-snmp as %ghost (#36435) + +------------------------------------------------------------------- +Tue Mar 16 23:20:36 CET 2004 - ro@suse.de + +- use mktemp in fixproc (#36103) + +------------------------------------------------------------------- +Mon Mar 15 16:56:15 CET 2004 - ro@suse.de + +- avoid segfault in version-info (limit to 300 bytes) +- open devices with NONBLOCK, don't wait for cdrom +- avoid segfault in proc-cmdline output + +------------------------------------------------------------------- +Mon Feb 16 14:26:25 CET 2004 - ro@suse.de + +- previous 64-bit fix went just one bit too far, fixed + +------------------------------------------------------------------- +Wed Feb 11 17:22:14 CET 2004 - ro@suse.de + +- added smux mib (for quagga) + +------------------------------------------------------------------- +Mon Feb 9 15:28:16 CET 2004 - ro@suse.de + +- fix dlopen detection in configure + +------------------------------------------------------------------- +Wed Feb 4 11:57:54 CET 2004 - ro@suse.de + +- added requires for perl-TermReadKey + +------------------------------------------------------------------- +Tue Jan 20 17:03:52 CET 2004 - ro@suse.de + +- try to fix at least some 64bit issues (eg. #33958) + +------------------------------------------------------------------- +Thu Jan 15 17:35:03 CET 2004 - ro@suse.de + +- update arguments in rc-script + +------------------------------------------------------------------- +Fri Jan 9 12:24:10 CET 2004 - kukuk@suse.de + +- Fix some 64bit critical compiler warnings + +------------------------------------------------------------------- +Fri Dec 12 12:09:03 CET 2003 - hare@suse.de + +- Fixed includes for build with evlog. + +------------------------------------------------------------------- +Fri Nov 14 12:55:17 CET 2003 - ro@suse.de + +- update to 5.1 + +------------------------------------------------------------------- +Fri Nov 14 12:54:47 CET 2003 - ro@suse.de + +- build perl module as perl-SNMP + +------------------------------------------------------------------- +Fri Nov 14 12:54:41 CET 2003 - ro@suse.de + +- enable ucd-snmp compatibility + +------------------------------------------------------------------- +Thu Oct 23 16:41:21 CEST 2003 - ro@suse.de + +- update to 5.1.pre2 + +------------------------------------------------------------------- +Thu Oct 23 15:55:33 CEST 2003 - ro@suse.de + +- revised audit patch +- branched devel subpackage +- added rpm support + +------------------------------------------------------------------- +Wed Oct 22 17:29:22 CEST 2003 - ro@suse.de + +- created package and ported patches from ucd-snmp + diff --git a/net-snmp.keyring b/net-snmp.keyring new file mode 100644 index 0000000..d8fcf80 --- /dev/null +++ b/net-snmp.keyring @@ -0,0 +1,14 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZCtJmhYJKwYBBAHaRw8BAQdADrR3+vAhB8AXYe9RztKtuRKMRN1Dp/mQLqey +Tg6X/Iq0P05ldC1TTk1QIEFkbWluaXN0cmF0b3JzIDxuZXQtc25tcC1hZG1pbnNA +bGlzdHMuc291cmNlZm9yZ2UubmV0PoiZBBMWCgBBFiEEbmcYrvHrXGXDLRsqNWvA +tVLVPKsFAmQrSZoCGwMFCRLMAwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA +CgkQNWvAtVLVPKtF1wEAk1Cs77LtOWb34kjLiVfZU4/RtbjpzhJAbjczgQAzRLwB +AJSr6kJ2UgVgTar5Rtuyd9jFKiopH56h46IFG79XkvQIuDgEZCtJmhIKKwYBBAGX +VQEFAQEHQBOKL1xzf/uUQOqpRWR6CbbIpSc/aFDRxiF/o85gN78aAwEIB4h+BBgW +CgAmFiEEbmcYrvHrXGXDLRsqNWvAtVLVPKsFAmQrSZoCGwwFCRLMAwAACgkQNWvA +tVLVPKuwlwEAxpTW8jjFkZXqo7MKxbdI5tGUfvhOAbcBDZpzqpOyCGkBAOMY/Am/ +oAfYd5+tds3nCWhlvYGX/NuIvplVZSzNhsEA +=lV4S +-----END PGP PUBLIC KEY BLOCK----- diff --git a/net-snmp.logrotate b/net-snmp.logrotate new file mode 100644 index 0000000..a61bd49 --- /dev/null +++ b/net-snmp.logrotate @@ -0,0 +1,17 @@ +/var/log/net-snmpd.log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + create 600 root root + su root root + sharedscripts + postrotate + /usr/bin/systemctl try-reload-or-restart snmpd.service >/dev/null + /usr/bin/systemctl try-reload-or-restart snmptrapd.service >/dev/null + endscript + +} diff --git a/net-snmp.spec b/net-snmp.spec new file mode 100644 index 0000000..0072279 --- /dev/null +++ b/net-snmp.spec @@ -0,0 +1,463 @@ +# +# spec file for package net-snmp +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +%define netsnmp_logfile %{_localstatedir}/log/net-snmpd.log +%define netsnmp_agentx_socket_dir_fhs %{_rundir}/agentx +%define netsnmp_agentx_socket_dir_rfc %{_localstatedir}/agentx +# Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +%ifnarch s390 s390x +%define netsnmp_with_sensors 1 +%endif +%define libname libsnmp40 +%bcond_without python2 +Name: net-snmp +Version: 5.9.4 +Release: 0 +Summary: SNMP Daemon +License: BSD-3-Clause AND MIT +Group: Productivity/Networking/Other +URL: https://sourceforge.net/projects/net-snmp +Source: https://sourceforge.net/projects/net-snmp/files/net-snmp/%{version}/%{name}-%{version}.tar.gz +Source1: snmpd.conf +Source2: README.SUSE +Source3: net-snmp.logrotate +Source4: test_installed +Source7: https://sourceforge.net/projects/net-snmp/files/net-snmp/%{version}/%{name}-%{version}.tar.gz.asc +Source8: http://www.net-snmp.org/net-snmp-admin.asc#/%{name}.keyring +Source10: snmpd.sysconfig +Source11: snmptrapd.sysconfig +Source20: net-snmp-tmpfs.conf +Source98: net-snmp-rpmlintrc +Source99: baselibs.conf +Patch1: net-snmp-5.9.4-socket-path.patch +Patch2: net-snmp-5.9.4-testing-empty-arptable.patch +Patch3: net-snmp-5.9.4-pie.patch +Patch4: net-snmp-5.9.4-net-snmp-config-headercheck.patch +Patch5: net-snmp-5.9.4-perl-tk-warning.patch +Patch6: net-snmp-5.9.4-snmpstatus-suppress-output.patch +Patch7: net-snmp-5.9.4-fix-Makefile.PL.patch +Patch8: net-snmp-5.9.4-modern-rpm-api.patch +Patch9: net-snmp-5.9.4-add-lustre-fs-support.patch +Patch10: net-snmp-5.9.4-harden_snmpd.service.patch +Patch11: net-snmp-5.9.4-harden_snmptrapd.service.patch +Patch12: net-snmp-5.9.4-suse-systemd-service-files.patch +Patch13: net-snmp-5.9.4-fix-create-v3-user-outfile.patch +Patch14: net-snmp-5.9.4-subagent-set-response.patch +Patch15: net-snmp-5.9.4-fixed-python2-bindings.patch +Patch16: net-snmp-5.9.4-add-netgroups-functionality.patch +Patch17: net-snmp-5.9.4-systemd-no-utmp.patch +BuildRequires: %{python_module devel} +BuildRequires: %{python_module setuptools} +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: ncurses-devel +BuildRequires: openssl-devel +BuildRequires: procps +BuildRequires: python-rpm-macros +BuildRequires: rpm-devel +BuildRequires: systemd-devel +BuildRequires: systemd-rpm-macros +BuildRequires: tcpd-devel +Requires: logrotate +Requires: perl-SNMP = %{version} +Requires: perl-TermReadKey +Requires(post): %fillup_prereq +%if 0%{?netsnmp_with_sensors} +BuildRequires: libsensors4-devel +%endif + +%if 0%{?suse_version} >= 1550 +# TW: generate subpackages for every python3 flavor +%define python_subpackage_only 1 +%python_subpackages +%else +# same "defaults" for all distributions, used in files section +%define python_files() -n python3-%{**} +%define python_sitearch %{python3_sitearch} +%endif + +%description +Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c +and SNMP v3 using both IPv4 and IPv6. The suite includes: + +- An extensible agent for responding to SNMP queries including built-in + support for a wide range of MIB information modules +- Command-line applications to retrieve and manipulate information from + SNMP-capable devices +- A daemon application for receiving SNMP notifications +- A library for developing new SNMP applications, with C and Perl APIs +- A graphical MIB browser. + +This package was originally based on the CMU 2.1.2.1 snmp code. It was +renamed from cmu-snmp to ucd-snmp in 1995 and later renamed from ucd-snmp +to net-snmp in November 2000. + +%package -n %{libname} +Summary: Shared Libraries from net-snmp +License: BSD-3-Clause AND MIT +Group: System/Libraries +Requires: perl-base = %{perl_version} +Requires: snmp-mibs >= %{version} +# Version 5.9.2 was wrongly packaging .so.39 in libsnmp40 +Conflicts: libsnmp40 <= 5.9.2 + +%description -n %{libname} +Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c +and SNMP v3 using both IPv4 and IPv6. The suite includes: + +* An extensible agent for responding to SNMP queries including built-in + support for a wide range of MIB information modules +* Command-line applications to retrieve and manipulate information from + SNMP-capable devices +* A daemon application for receiving SNMP notifications +* A library for developing new SNMP applications, with C and Perl APIs +* A graphical MIB browser. + +This package holds the shared libraries from the net-snmp package. + +%package devel +Summary: Development files from net-snmp +License: BSD-3-Clause AND MIT +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} +# for mib2c +Requires: perl +Requires: perl-SNMP = %{version} +Requires: rpm-devel +Requires: tcpd-devel +Requires: zlib-devel +Requires: pkgconfig(libssl) +%if 0%{?netsnmp_with_sensors} +Requires: libsensors4-devel +%endif + +%description devel +Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c +and SNMP v3 using both IPv4 and IPv6. The suite includes: + +* An extensible agent for responding to SNMP queries including built-in + support for a wide range of MIB information modules +* Command-line applications to retrieve and manipulate information from + SNMP-capable devices +* A daemon application for receiving SNMP notifications +* A library for developing new SNMP applications, with C and Perl APIs +* A graphical MIB browser. + +This package holds the development headers, libraries and API documentation +from the net-snmp package. + +%package -n snmp-mibs +Summary: MIB files from net-snmp +License: BSD-3-Clause AND MIT +Group: Productivity/Networking/Other + +%description -n snmp-mibs +Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c +and SNMP v3 using both IPv4 and IPv6. The suite includes: + +- An extensible agent for responding to SNMP queries including built-in + support for a wide range of MIB information modules +- Command-line applications to retrieve and manipulate information from + SNMP-capable devices +- A daemon application for receiving SNMP notifications +- A library for developing new SNMP applications, with C and Perl APIs +- A graphical MIB browser. + +This package holds the MIB files from the net-snmp package. + +%package -n perl-SNMP +Summary: Perl5 SNMP Extension Module +License: GPL-2.0-or-later +Group: Development/Libraries/Perl +Requires: %{name} = %{version} +Requires: perl-base = %{perl_version} + +%description -n perl-SNMP +The Perl5 'SNMP' Extension Module v3.1.0 for the UCD SNMPv3 library. + +%if 0%{?python_subpackage_only} +%package -n python-%{name} +Summary: The Python 3 'netsnmp' module for the Net-SNMP +License: BSD-3-Clause AND MIT +Group: Development/Libraries/Python +Requires: %{libname} = %{version} + +%description -n python-%{name} +The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3, +SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the +Net-SNMP toolkit library. + +%else + +%package -n python2-%{name} +Summary: The Python 'netsnmp' module for the Net-SNMP +License: BSD-3-Clause AND MIT +Group: Development/Libraries/Python +Requires: %{libname} = %{version} +Provides: %{name}-python = %{version} +Obsoletes: %{name}-python < %{version} +Provides: python-%{name} = %{version} + +%description -n python2-%{name} +The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3, +SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the +Net-SNMP toolkit library. + +%package -n python3-%{name} +Summary: The Python 3 'netsnmp' module for the Net-SNMP +License: BSD-3-Clause AND MIT +Group: Development/Libraries/Python +Requires: %{libname} = %{version} + +%description -n python3-%{name} +The 'netsnmp' module provides a full featured, tri-lingual SNMP (SNMPv3, +SNMPv2c, SNMPv1) client API. The 'netsnmp' module internals rely on the +Net-SNMP toolkit library. +%endif + +%prep +%setup -q +%autopatch -p1 + +%build +MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib smux \ + ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \ + ip-mib/ipDefaultRouterTable ip-mib/ipAddressPrefixTable \ + ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \ + tsm-mib tlstm-mib" + +%if 0%{?netsnmp_with_sensors} +MIBS="$MIBS ucd-snmp/lmsensorsMib" +%endif + +%configure \ + --with-sys-contact="root@localhost" \ + --with-sys-location="unknown" \ + --with-mib-modules="$MIBS" \ + --with-cflags="%{optflags} -fcommon" \ + --with-ldflags="-Wl,-z,relro -Wl,-z,now" \ + --with-persistent-directory="%{_localstatedir}/lib/net-snmp" \ + --with-agentx-socket="%{netsnmp_agentx_socket_dir_fhs}/master" \ + --with-temp-file-pattern=%{_localstatedir}/run/net-snmp/snmp-tmp-XXXXXX \ + --with-logfile="%{netsnmp_logfile}" \ + --with-libwrap="%{_prefix}" \ + --with-perl-modules="INSTALLDIRS=vendor" \ + --with-defaults \ + --with-pic \ + --sysconfdir=%{_sysconfdir} \ + --enable-shared \ + --disable-static \ + --enable-as-needed \ + --without-root-access \ + --enable-local-smux \ + --enable-ipv6 \ + --enable-ucd-snmp-compatibility \ + --enable-mfd-rewrites \ + --with-security-modules=tsm,usm \ + --with-transports=TLSTCP,DTLSUDP \ + --with-systemd \ + --with-openssl \ + --enable-blumenthal-aes \ + --disable-des \ + --disable-md5 + +# Parallel build deps not properly stated +%make_build -j1 + +pushd python +%python_exec setup.py build --basedir="../" +popd + +%install +%make_install INSTALL_PREFIX=%{buildroot} +install -Dd %{buildroot}%{_localstatedir}/log %{buildroot}%{_localstatedir}/lib/net-snmp %{buildroot}%{_libexecdir}/net-snmp/agents %{buildroot}%{netsnmp_agentx_socket_dir_fhs} +install -D -m 0644 dist/snmpd.service %{buildroot}%{_unitdir}/snmpd.service +install -D -m 0644 dist/snmptrapd.service %{buildroot}%{_unitdir}/snmptrapd.service +install -D -m 0600 %{SOURCE1} %{buildroot}%{_sysconfdir}/snmp/snmpd.conf +install -m 0644 %{SOURCE2} . +%if 0%{?suse_version} > 1500 +mkdir -p %{buildroot}%{_distconfdir}/logrotate.d +install -D -m 0644 %{SOURCE3} %{buildroot}%{_distconfdir}/logrotate.d/net-snmp +%else +install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/net-snmp +%endif +install -m 0744 %{SOURCE4} testing/ +ln -sf service %{buildroot}%{_sbindir}/rcsnmpd +ln -sf service %{buildroot}%{_sbindir}/rcsnmptrapd +install -m 0644 /dev/null %{buildroot}%{netsnmp_logfile} +pushd perl + %perl_make_install + %perl_process_packlist + rm -f %{buildroot}/%{perl_vendorarch}/Bundle/Makefile.subs.pl +popd +pushd python +%python_install +popd +grep -a -v "^#define PACKAGE" %{buildroot}%{_includedir}/net-snmp/net-snmp-config.h > \ + %{buildroot}%{_includedir}/net-snmp/net-snmp-config.h.new +mv %{buildroot}%{_includedir}/net-snmp/net-snmp-config.h{.new,} +install -D -m 0644 %{SOURCE10} %{buildroot}%{_fillupdir}/sysconfig.snmpd +install -D -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}/sysconfig.snmptrapd +# tmpfiles +install -m 755 -d %{buildroot}/%{_tmpfilesdir} +install -m 644 %{SOURCE20} %{buildroot}/%{_tmpfilesdir}/net-snmp.conf +# +ln -s -f %{netsnmp_agentx_socket_dir_fhs} %{buildroot}%{netsnmp_agentx_socket_dir_rfc} +# +find %{buildroot} -type f -name "*.la" -delete -print + +%pre +%service_add_pre snmpd.service snmptrapd.service +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in logrotate.d/net-snmp ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif + +%if 0%{?suse_version} > 1500 +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in logrotate.d/net-snmp ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + +%post +%fillup_only -n snmpd +%fillup_only -n snmptrapd +%tmpfiles_create %{_tmpfilesdir}/net-snmp.conf +%service_add_post snmpd.service snmptrapd.service + +%preun +%service_del_preun snmpd.service snmptrapd.service + +%postun +%service_del_postun snmpd.service snmptrapd.service + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files +%license COPYING +%doc AGENT.txt EXAMPLE.conf EXAMPLE.conf.def +%doc FAQ NEWS TODO CHANGES +%doc README README.agent-mibs README.agentx README.krb5 README.snmpv3 README.thread +%dir %{_sysconfdir}/snmp +%config(noreplace) %{_sysconfdir}/snmp/snmpd.conf +%{_unitdir}/snmpd.service +%{_unitdir}/snmptrapd.service +%{_tmpfilesdir}/net-snmp.conf +%{_bindir}/encode_keychange +%{_bindir}/fixproc +%{_bindir}/ipf-mod.pl +%{_bindir}/net-snmp-config +%{_bindir}/snmpbulkget +%{_bindir}/snmpbulkwalk +%{_bindir}/snmpcheck +%{_bindir}/snmpconf +%{_bindir}/snmpdelta +%{_bindir}/snmpdf +%{_bindir}/snmpget +%{_bindir}/snmpgetnext +%{_bindir}/snmpinform +%{_bindir}/snmpnetstat +%{_bindir}/snmpset +%{_bindir}/snmpstatus +%{_bindir}/snmptable +%{_bindir}/snmptest +%{_bindir}/snmptls +%{_bindir}/snmptranslate +%{_bindir}/snmptrap +%{_bindir}/snmpusm +%{_bindir}/snmpvacm +%{_bindir}/snmpwalk +%{_bindir}/traptoemail +%{_bindir}/net-snmp-create-v3-user +%{_bindir}/net-snmp-cert +%{_bindir}/agentxtrap +%{_bindir}/snmp-bridge-mib +%{_bindir}/checkbandwidth +%{_bindir}/snmpping +%{_bindir}/snmpps +%{_bindir}/snmptop +%dir %{_libexecdir}/net-snmp +%dir %{_libexecdir}/net-snmp/agents +%{_mandir}/man[158]/* +%{_sbindir}/* +%{_localstatedir}/lib/net-snmp +%dir %ghost %attr(700,root,root) %{netsnmp_agentx_socket_dir_fhs} +%ghost %{netsnmp_logfile} +%if 0%{?suse_version} > 1500 +%{_distconfdir}/logrotate.d/net-snmp +%else +%config(noreplace) %{_sysconfdir}/logrotate.d/net-snmp +%endif +%{_fillupdir}/sysconfig.snmpd +%{_fillupdir}/sysconfig.snmptrapd +%{netsnmp_agentx_socket_dir_rfc} +%{_datadir}/snmp/snmpconf-data/ +%{_datadir}/snmp/snmp_perl.pl +%{_datadir}/snmp/snmp_perl_trapd.pl + +%files -n snmp-mibs +%dir %{_datadir}/snmp +%{_datadir}/snmp/mibs/ + +%files -n %{libname} +%license COPYING +%{_libdir}/libsnmp*.so.* +%{_libdir}/libnetsnmp*.so.* + +%files devel +%doc ChangeLog PORTING +%{_mandir}/man3/* +%{_includedir}/ucd-snmp +%{_includedir}/net-snmp +%{_libdir}/libsnmp*.so +%{_libdir}/libnetsnmp*.so +%{_libdir}/pkgconfig/netsnmp-agent.pc +%{_libdir}/pkgconfig/netsnmp.pc +%{_bindir}/mib2c +%{_bindir}/mib2c-update +%{_datadir}/snmp/mib2c* + +%files -n perl-SNMP +%{perl_vendorarch}/auto/SNMP +%{perl_vendorarch}/auto/NetSNMP +%{perl_vendorarch}/Bundle +%{perl_vendorarch}/SNMP.pm +%{perl_vendorarch}/NetSNMP +%{_bindir}/tkmib + +%if %{with python2} && ! 0%{?python_subpackage_only} +%files -n python2-%{name} +%doc README +%{python2_sitearch}/* +%endif + +%files %{python_files %{name}} +%doc README +%{python_sitearch}/* + +%changelog diff --git a/snmpd.conf b/snmpd.conf new file mode 100644 index 0000000..9b6b85a --- /dev/null +++ b/snmpd.conf @@ -0,0 +1,19 @@ +# Please see /usr/share/doc/packages/net-snmp/EXAMPLE.conf for a +# more complete example and snmpd.conf(5). +# +# Writing is disabled by default for security reasons. If you'd like +# to enable it uncomment the rwcommunity line and change the community +# name to something nominally secure (keeping in mind that this is +# transmitted in clear text). + +# don't use ' < > in strings for syslocation or syscontact +# Note that if you define the following here you won't be able to change +# them with snmpset +syslocation Server Room +syscontact Sysadmin (root@localhost) + +# These really aren't meant for production use. They include all MIBS +# and can use considerable resources. See snmpd.conf(5) for information +# on setting up groups and limiting MIBS. +rocommunity public 127.0.0.1 +# rwcommunity mysecret 127.0.0.1 diff --git a/snmpd.sysconfig b/snmpd.sysconfig new file mode 100644 index 0000000..c528e4d --- /dev/null +++ b/snmpd.sysconfig @@ -0,0 +1,9 @@ +## Path: System/Net-SNMP +## Description: snmpd command line options +## Type: string +## Default: "" +# +# '-f' is implicitly added by snmptrapd systemd unit file +# OPTIONS="-L60-6d" +# +OPTIONS="" diff --git a/snmptrapd.sysconfig b/snmptrapd.sysconfig new file mode 100644 index 0000000..833c182 --- /dev/null +++ b/snmptrapd.sysconfig @@ -0,0 +1,9 @@ +## Path: System/Net-SNMP +## Description: snmptrapd command line options +## Type: string +## Default: "" +# +# '-f' is implicitly added by snmptrapd systemd unit file +# OPTIONS="-Lsd" +# +OPTIONS="" diff --git a/test_installed b/test_installed new file mode 100644 index 0000000..b1950b6 --- /dev/null +++ b/test_installed @@ -0,0 +1,14 @@ +#!/bin/bash +# +# ckm@suse.com +# runs the test suite on the installed package instead of in the build +# tree, really only useful for QA + +base=/usr/share/doc/packages/net-snmp/testing +export PATH="/bin:/usr/bin:/sbin:/usr/sbin:${base}" +export MIBDIRS=/usr/share/snmp/mibs + +rcsnmpd stop &>/dev/null +cd ${base} || exit 1 + +RUNTESTS -a