Enable installing snmpps/snmptop, they have been around for a while but were
just segfaulting in tests before - turns out this was actually only when
pointed at OpenBSD snmpd which doesn't handle hrSWRunPerfMem/hrSWRunPerfCPU
and was OK pointed at net-snmp snmpd - so patch to fix the segfault.
- enable pre-RFC AES192/256 support ("--enable-blumenthal-aes"),
diff from martijn@ (adds symbols so I added a library minor bump for
this).
- disable hidden dep on lpstat from cups; if present this resulted in
adding a function to libnetsnmpmibs so a major bump is needed for this.
- recognize openbsd 7.x
too far off, and I'm fed up with this mega-diff sitting in my tree gathering
C's :)
add a flavour "readonly" which uses --enable-read-only, this disables all code
handling SETs.
Theodore Wynnychenko. This tells it not to exit when it can't open
/dev/kmem etc. Fixes startup now that this access is disabled by
default in OpenBSD.
Some MIBs won't work, but in general these should be rewritten
to use sysctl interfaces.
user has set a command-line arguments containing '+' (not totally uncommon).
Otherwise rc_check() now waits for pexp to match, which fails due to
the + being handled as part of a regular expression.
disabling the ipv6 mib - this is done in the rc script so it can be
overridden with netsnmpd_flags if required (but just run snmpd from base,
really ....)
Reported by Pierre Kim.
Drop unnecessary patch while there, the problem it was meant to fix was
already fixed in 5.7.3.
- rc scripts added (names suggested by Nigel Taylor, I was having
a hard time coming up with something nice that avoid a conflict with
base snmpd now the rc.d namespace is shared).
PLIST and delete everything under the @sample'd directory instead of the
directory itself to prevent a warning from pkg_delete(1) trying to
remove a non existing directory and to help preventing left-over files
and directories.
ok aja@
A vulnerability has been reported in Net-SNMP, which can be exploited
by malicious people to spoof authenticated SNMPv3 packets.
The authentication code reads the length to be checked from sender
input, this allows the sender to supply single byte HMAC code and
have a 1 in 256 chance of matching the correct HMAC and authenticating,
as only the first byte will be checked. The sender would need to
know a valid username.
ok rui (maintainer)
