From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux alpha; en-US; rv:0.9.6) Gecko/20011120 Description of problem: The SNMP agent does not return the list of installed software. Version-Release number of selected component (if applicable): 4.2.1-7 How reproducible: Always Steps to Reproduce: 1. On a machine running snmpd issue the command: snmpwalk localhost public host.hrSWInstalled Actual Results: No data is returned. Expected Results: The installed software list should be returned. Additional info: I looked over the code. It appears to me the patch to list the installed packages fails because HAVE_LIBRPM and HAVE_RPMGETPATH are not defined. I made my own patch to 4.2.3 using the rpm40 patch, and added HAVE_LIBRPM and HAVE_RPMGETPATH to config.h.in and compiled it and it worked.
Another problem of the "security" patch that the patch is absolutely not thread safe. The library itself mainly works with threads (also stated in the documentation). But the patches breaks this. IMHO the look like a really ugly workaround for the security problems. The old interfaces should never be changed to the new format since it breaks every program using the API. Instead new more secure interfaces should be added with different names and via the documentation or warnings all the other programs using the API could be asked to change to the new version. On other problem is that a program cannot detect if the library is patched or not since the version number is not changed! If the version was increased you can easily make programs work with the old API and a new one.
The latest version (4.2.3) is available via rawhide now. This should fix this problem. It does not contain the big security patch anymore as the buffer overflow bugs have been fixed upstream. I've also fixed the rpm thing again, this time in the configure script directly. Thanks, Read ya, Phil
The RPM Spec needs an additional dependency of bzip2-devel.