Imported Debian patch 3.2.1-1
This commit is contained in:
parent
4a36dbfc28
commit
95cae8cb0c
25
debian/NEWS
vendored
25
debian/NEWS
vendored
@ -1,3 +1,28 @@
|
|||||||
|
nagios-nrpe (3.2.0-2) unstable; urgency=medium
|
||||||
|
|
||||||
|
The bug that caused the SSL support between NRPE 2.x and 3.x not
|
||||||
|
to work has been fixed.
|
||||||
|
|
||||||
|
Because the default SSL support without certificates configured
|
||||||
|
in nrpe.cfg uses pre-generated key data, configuring SSL
|
||||||
|
certificates is strongly advised when STunnel is not used.
|
||||||
|
|
||||||
|
The ssl-cert package can be used to generate a self-signed
|
||||||
|
certificate, but CA certificates like those from Let's Encrypt
|
||||||
|
are a better choice.
|
||||||
|
|
||||||
|
SSL support has been re-enabled by default, to be better compatible
|
||||||
|
with previous NRPE versions where SSL support was enabled by default
|
||||||
|
too.
|
||||||
|
|
||||||
|
The check_nrpe command definition has been updated to enable SSL
|
||||||
|
support (by removing the -n option) and the check_nrpe_ssl command
|
||||||
|
definition has been removed. The previous check_nrpe command
|
||||||
|
definition which disables SSL support is available with the new
|
||||||
|
check_nrpe_nossl command definition.
|
||||||
|
|
||||||
|
-- Bas Couwenberg <sebastic@debian.org> Fri, 07 Jul 2017 13:48:38 +0200
|
||||||
|
|
||||||
nagios-nrpe (3.0.1-1) unstable; urgency=medium
|
nagios-nrpe (3.0.1-1) unstable; urgency=medium
|
||||||
|
|
||||||
The check_nrpe command definition has been updated to remove the
|
The check_nrpe command definition has been updated to remove the
|
||||||
|
46
debian/changelog
vendored
46
debian/changelog
vendored
@ -1,8 +1,48 @@
|
|||||||
nagios-nrpe (3.2.1-1) UNRELEASED; urgency=medium
|
nagios-nrpe (3.2.1-1) unstable; urgency=medium
|
||||||
|
|
||||||
* New Version
|
* New upstream release.
|
||||||
|
* Drop patches included upstream, refresh remaining patches.
|
||||||
|
|
||||||
-- Mario Fetka <mario.fetka@gmail.com> Thu, 02 Nov 2017 09:56:43 +0100
|
-- Bas Couwenberg <sebastic@debian.org> Sun, 03 Sep 2017 10:52:40 +0200
|
||||||
|
|
||||||
|
nagios-nrpe (3.2.0-4) unstable; urgency=medium
|
||||||
|
|
||||||
|
* Add upstream patch to turn seteuid errors into warnings.
|
||||||
|
(closes: #868326)
|
||||||
|
|
||||||
|
-- Bas Couwenberg <sebastic@debian.org> Fri, 14 Jul 2017 16:51:12 +0200
|
||||||
|
|
||||||
|
nagios-nrpe (3.2.0-3) unstable; urgency=medium
|
||||||
|
|
||||||
|
* Re-enable SSL support by default.
|
||||||
|
Compatibility with older versions has been fixed.
|
||||||
|
|
||||||
|
-- Bas Couwenberg <sebastic@debian.org> Fri, 07 Jul 2017 14:08:13 +0200
|
||||||
|
|
||||||
|
nagios-nrpe (3.2.0-2) unstable; urgency=medium
|
||||||
|
|
||||||
|
* Fix 11_reproducible_dh.h.patch to not leave USE_SSL_DH undefined.
|
||||||
|
Thanks to Johan Carlquist for pointing out this issue.
|
||||||
|
* Drop --with-need-dh=no configure option, dh is needed.
|
||||||
|
* Remove deterministic "openssl dhparam" output handling,
|
||||||
|
dh.h not included in upstream source.
|
||||||
|
|
||||||
|
-- Bas Couwenberg <sebastic@debian.org> Thu, 06 Jul 2017 14:33:39 +0200
|
||||||
|
|
||||||
|
nagios-nrpe (3.2.0-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* New upstream release.
|
||||||
|
(closes: #565643)
|
||||||
|
* Bump Standards-Version to 4.0.0, no changes.
|
||||||
|
* Add autopkgtest to test installability.
|
||||||
|
* Set --with-logdir configure option to /var/log.
|
||||||
|
* Update watch file for GitHub releases.
|
||||||
|
* Update copyright file.
|
||||||
|
* Refresh patches.
|
||||||
|
* Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.
|
||||||
|
* Regenerate dh.h with OpenSSL 1.1.0.
|
||||||
|
|
||||||
|
-- Bas Couwenberg <sebastic@debian.org> Wed, 05 Jul 2017 09:53:06 +0200
|
||||||
|
|
||||||
nagios-nrpe (3.1.1-1) unstable; urgency=medium
|
nagios-nrpe (3.1.1-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
14
debian/check_nrpe.cfg
vendored
14
debian/check_nrpe.cfg
vendored
@ -1,11 +1,11 @@
|
|||||||
# this command runs a program $ARG1$ with no arguments and disables SSL support
|
|
||||||
define command {
|
|
||||||
command_name check_nrpe
|
|
||||||
command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
|
|
||||||
}
|
|
||||||
|
|
||||||
# this command runs a program $ARG1$ with no arguments and enables SSL support
|
# this command runs a program $ARG1$ with no arguments and enables SSL support
|
||||||
define command {
|
define command {
|
||||||
command_name check_nrpe_ssl
|
command_name check_nrpe
|
||||||
command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
|
command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# this command runs a program $ARG1$ with no arguments and disables SSL support
|
||||||
|
define command {
|
||||||
|
command_name check_nrpe_nossl
|
||||||
|
command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
|
||||||
|
}
|
||||||
|
2
debian/control
vendored
2
debian/control
vendored
@ -9,7 +9,7 @@ Build-Depends: debhelper (>= 9),
|
|||||||
libssl-dev,
|
libssl-dev,
|
||||||
libwrap0-dev,
|
libwrap0-dev,
|
||||||
openssl
|
openssl
|
||||||
Standards-Version: 3.9.8
|
Standards-Version: 4.0.0
|
||||||
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-nagios/pkg-nrpe.git
|
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-nagios/pkg-nrpe.git
|
||||||
Vcs-Git: https://anonscm.debian.org/git/pkg-nagios/pkg-nrpe.git
|
Vcs-Git: https://anonscm.debian.org/git/pkg-nagios/pkg-nrpe.git
|
||||||
Homepage: https://github.com/NagiosEnterprises/nrpe
|
Homepage: https://github.com/NagiosEnterprises/nrpe
|
||||||
|
5
debian/copyright
vendored
5
debian/copyright
vendored
@ -4,8 +4,9 @@ Upstream-Contact: Nagios Users List <nagios-users@lists.nagios.com>
|
|||||||
Source: https://github.com/NagiosEnterprises/nrpe
|
Source: https://github.com/NagiosEnterprises/nrpe
|
||||||
|
|
||||||
Files: *
|
Files: *
|
||||||
Copyright: 1999-2008, Ethan Galstad (nagios@nagios.org)
|
Copyright: 2006-2017, Nagios Enterprises
|
||||||
2009, Nagios Core Development Team and Community Contributors
|
2016, Nagios Core Development Team
|
||||||
|
1999-2008, Ethan Galstad (nagios@nagios.org)
|
||||||
License: GPL-2+ with OpenSSL exception
|
License: GPL-2+ with OpenSSL exception
|
||||||
|
|
||||||
Files: include/acl.h
|
Files: include/acl.h
|
||||||
|
4
debian/nagios-nrpe-server.default
vendored
4
debian/nagios-nrpe-server.default
vendored
@ -5,9 +5,7 @@
|
|||||||
# nrpe daemon.
|
# nrpe daemon.
|
||||||
#
|
#
|
||||||
# The -n option disables SSL support.
|
# The -n option disables SSL support.
|
||||||
# Don't remove this option before configuring SSL in /etc/nagios/nrpe.cfg!
|
#NRPE_OPTS="-n"
|
||||||
# See /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz for instructions.
|
|
||||||
NRPE_OPTS="-n"
|
|
||||||
|
|
||||||
# NICENESS is if you want to run the server at a different nice() priority.
|
# NICENESS is if you want to run the server at a different nice() priority.
|
||||||
# (only used by the init script)
|
# (only used by the init script)
|
||||||
|
2
debian/nagios-nrpe-server.service
vendored
2
debian/nagios-nrpe-server.service
vendored
@ -19,5 +19,5 @@ ExecStopPost=/bin/rm -f /var/run/nagios/nrpe.pid
|
|||||||
TimeoutStopSec=60
|
TimeoutStopSec=60
|
||||||
User=nagios
|
User=nagios
|
||||||
Group=nagios
|
Group=nagios
|
||||||
PrivateTmp=false
|
PrivateTmp=true
|
||||||
OOMScoreAdjust=-500
|
OOMScoreAdjust=-500
|
||||||
|
@ -5,10 +5,12 @@ Forwarded: not-needed
|
|||||||
|
|
||||||
--- a/sample-config/nrpe.cfg.in
|
--- a/sample-config/nrpe.cfg.in
|
||||||
+++ b/sample-config/nrpe.cfg.in
|
+++ b/sample-config/nrpe.cfg.in
|
||||||
@@ -317,3 +317,14 @@ command[check_total_procs]=@pluginsdir@/
|
@@ -359,3 +359,16 @@ command[check_total_procs]=@pluginsdir@/
|
||||||
#command[check_load]=@pluginsdir@/check_load -w $ARG1$ -c $ARG2$
|
|
||||||
#command[check_disk]=@pluginsdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
|
#include_dir=<somedirectory>
|
||||||
#command[check_procs]=@pluginsdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
|
#include_dir=<someotherdirectory>
|
||||||
|
+
|
||||||
|
+
|
||||||
+
|
+
|
||||||
+# local configuration:
|
+# local configuration:
|
||||||
+# if you'd prefer, you can instead place directives here
|
+# if you'd prefer, you can instead place directives here
|
||||||
|
14
debian/patches/07_warn_ssloption.patch
vendored
14
debian/patches/07_warn_ssloption.patch
vendored
@ -4,19 +4,19 @@ Forwarded: not-needed
|
|||||||
|
|
||||||
--- a/SECURITY.md
|
--- a/SECURITY.md
|
||||||
+++ b/SECURITY.md
|
+++ b/SECURITY.md
|
||||||
@@ -82,14 +82,17 @@ daemon should run as.
|
@@ -91,14 +91,17 @@ Encryption
|
||||||
#### ENCRYPTION ####
|
----------
|
||||||
|
|
||||||
If you do enable support for command arguments in the NRPE daemon,
|
If you do enable support for command arguments in the NRPE daemon,
|
||||||
-make sure that you encrypt communications either by using:
|
-make sure that you encrypt communications either by using:
|
||||||
-
|
-
|
||||||
- 1. Stunnel (see http://www.stunnel.org for more info)
|
- 1. Stunnel (see http://www.stunnel.org for more info)
|
||||||
- 2. Native SSL support (See the `README.SSL.md` file for more info)
|
- 2. Native SSL support (See the [SSL Readme](README.SSL.md) file for more info)
|
||||||
+make sure that you encrypt communications by using, for example,
|
+make sure that you encrypt communications by using, for example,
|
||||||
+Stunnel (see http://www.stunnel.org for more info).
|
+Stunnel (see http://www.stunnel.org for more info).
|
||||||
|
|
||||||
*Do NOT* assume that just because the daemon is behind a firewall
|
Do **NOT** assume that just because the daemon is behind a firewall
|
||||||
that you are safe! Always encrypt NRPE traffic!
|
that you are safe! ***Always encrypt NRPE traffic!***
|
||||||
|
|
||||||
+NOTE: the currently shipped native SSL support of NRPE is not an
|
+NOTE: the currently shipped native SSL support of NRPE is not an
|
||||||
+adequante protection, because it does not verify clients and
|
+adequante protection, because it does not verify clients and
|
||||||
@ -24,5 +24,5 @@ Forwarded: not-needed
|
|||||||
+advised against. For more information, see Debian bug #547092.
|
+advised against. For more information, see Debian bug #547092.
|
||||||
+
|
+
|
||||||
|
|
||||||
#### USING ARGUMENTS ####
|
Using Arguments
|
||||||
|
---------------
|
||||||
|
79
debian/patches/11_reproducible_dh.h.patch
vendored
Normal file
79
debian/patches/11_reproducible_dh.h.patch
vendored
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
Description: Use pre-generated dh.h for reproducible builds.
|
||||||
|
Author: Bas Couwenberg <sebastic@debian.org>
|
||||||
|
Bug-Debian: https://bugs.debian.org/834857
|
||||||
|
Forwarded: not-needed
|
||||||
|
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/include/dh.h
|
||||||
|
@@ -0,0 +1,53 @@
|
||||||
|
+#ifndef HEADER_DH_H
|
||||||
|
+# include <openssl/dh.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+DH *get_dh2048()
|
||||||
|
+{
|
||||||
|
+ static unsigned char dhp_2048[] = {
|
||||||
|
+ 0xD0, 0x0A, 0x1E, 0x0E, 0x73, 0xE5, 0x51, 0xC3, 0x6C, 0xAA,
|
||||||
|
+ 0x7F, 0x6B, 0x9C, 0x9D, 0x47, 0x26, 0xAA, 0x25, 0x2B, 0x73,
|
||||||
|
+ 0xCD, 0x93, 0x94, 0xA2, 0xEA, 0x56, 0x14, 0xD4, 0x42, 0x48,
|
||||||
|
+ 0x21, 0x61, 0xF9, 0xA1, 0xB7, 0x88, 0xA7, 0xDA, 0x8B, 0xD8,
|
||||||
|
+ 0xFF, 0x12, 0x8D, 0x50, 0x2D, 0x1D, 0x40, 0xAB, 0xFD, 0x97,
|
||||||
|
+ 0x89, 0x18, 0x1D, 0x57, 0x69, 0xD3, 0x68, 0xBF, 0x68, 0xA1,
|
||||||
|
+ 0x20, 0xAD, 0x80, 0xFF, 0xB4, 0xE3, 0xC6, 0xC9, 0x5A, 0x62,
|
||||||
|
+ 0x23, 0x39, 0x45, 0x79, 0x8D, 0x03, 0x45, 0x55, 0xEB, 0xCA,
|
||||||
|
+ 0x34, 0x37, 0x44, 0x4B, 0x9C, 0xFF, 0x3B, 0xA7, 0xA4, 0xD3,
|
||||||
|
+ 0x2A, 0xD6, 0x96, 0x41, 0x6C, 0x58, 0x19, 0x9E, 0x89, 0xD3,
|
||||||
|
+ 0xB9, 0x36, 0xB0, 0x07, 0xD2, 0x9C, 0xFE, 0xFD, 0x3E, 0x4E,
|
||||||
|
+ 0x38, 0x71, 0x2C, 0xB2, 0xE8, 0x54, 0x83, 0x8A, 0xFA, 0x57,
|
||||||
|
+ 0xE2, 0x2B, 0x62, 0xD6, 0x0D, 0x66, 0x01, 0xE2, 0x46, 0xAD,
|
||||||
|
+ 0x64, 0x5B, 0x57, 0x5C, 0xED, 0x43, 0x97, 0x58, 0xA9, 0x93,
|
||||||
|
+ 0x4C, 0xCA, 0xAC, 0x4C, 0xB1, 0xBB, 0xD0, 0xDC, 0xF8, 0xEC,
|
||||||
|
+ 0x4A, 0x5A, 0xBB, 0xF5, 0x44, 0x70, 0x69, 0xC4, 0x51, 0xA8,
|
||||||
|
+ 0x0D, 0x47, 0x59, 0x19, 0x57, 0x7A, 0x71, 0x3D, 0x65, 0xB7,
|
||||||
|
+ 0x55, 0x27, 0x87, 0x44, 0xC0, 0x45, 0x87, 0xA7, 0x0B, 0x73,
|
||||||
|
+ 0x8D, 0x31, 0xFD, 0xE5, 0xA2, 0xDA, 0x99, 0x6D, 0xC0, 0x51,
|
||||||
|
+ 0xA3, 0x63, 0x73, 0x76, 0x91, 0x38, 0x5C, 0x57, 0x0B, 0x26,
|
||||||
|
+ 0x08, 0xC1, 0x66, 0x9F, 0x2D, 0xBE, 0x86, 0x44, 0x1B, 0xD2,
|
||||||
|
+ 0x40, 0x07, 0xB5, 0x7D, 0x15, 0x4A, 0xDA, 0x5F, 0x89, 0xE9,
|
||||||
|
+ 0xE7, 0x48, 0xDE, 0x0E, 0x3A, 0xA9, 0xF5, 0x60, 0x3C, 0x32,
|
||||||
|
+ 0x08, 0x40, 0xAF, 0xF0, 0x83, 0x74, 0xB3, 0x97, 0x44, 0x2E,
|
||||||
|
+ 0x2F, 0xE8, 0x67, 0x70, 0xA2, 0xAC, 0x94, 0xD9, 0x75, 0xBF,
|
||||||
|
+ 0x4F, 0x75, 0x8B, 0x2A, 0x1B, 0x1B
|
||||||
|
+ };
|
||||||
|
+ static unsigned char dhg_2048[] = {
|
||||||
|
+ 0x02
|
||||||
|
+ };
|
||||||
|
+ DH *dh = DH_new();
|
||||||
|
+ BIGNUM *dhp_bn, *dhg_bn;
|
||||||
|
+
|
||||||
|
+ if (dh == NULL)
|
||||||
|
+ return NULL;
|
||||||
|
+ dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
|
||||||
|
+ dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
|
||||||
|
+ if (dhp_bn == NULL || dhg_bn == NULL
|
||||||
|
+ || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
|
||||||
|
+ DH_free(dh);
|
||||||
|
+ BN_free(dhp_bn);
|
||||||
|
+ BN_free(dhg_bn);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ return dh;
|
||||||
|
+}
|
||||||
|
--- a/macros/ax_nagios_get_ssl
|
||||||
|
+++ b/macros/ax_nagios_get_ssl
|
||||||
|
@@ -288,15 +288,7 @@ if test x$SSL_TYPE != xNONE; then
|
||||||
|
# Find the openssl program
|
||||||
|
|
||||||
|
if test x$need_dh = xyes; then
|
||||||
|
- AC_PATH_PROG(sslbin,openssl,value-if-not-found,$ssl_dir/sbin$PATH_SEPARATOR$ssl_dir/bin$PATH_SEPARATOR$PATH)
|
||||||
|
AC_DEFINE(USE_SSL_DH)
|
||||||
|
- # Generate DH parameters
|
||||||
|
- if test -f "$sslbin"; then
|
||||||
|
- echo ""
|
||||||
|
- echo "*** Generating DH Parameters for SSL/TLS ***"
|
||||||
|
- # awk to strip off meta data at bottom of dhparam output
|
||||||
|
- $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
|
||||||
|
- fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
1
debian/patches/series
vendored
1
debian/patches/series
vendored
@ -1,2 +1,3 @@
|
|||||||
02_nrpe.cfg_local-include_support_nrpe.d.patch
|
02_nrpe.cfg_local-include_support_nrpe.d.patch
|
||||||
07_warn_ssloption.patch
|
07_warn_ssloption.patch
|
||||||
|
11_reproducible_dh.h.patch
|
||||||
|
7
debian/rules
vendored
7
debian/rules
vendored
@ -12,7 +12,6 @@ export AUTOHEADER=true
|
|||||||
|
|
||||||
%:
|
%:
|
||||||
dh $@ --with autoreconf,systemd --parallel
|
dh $@ --with autoreconf,systemd --parallel
|
||||||
# dh $@ --with autoreconf --parallel
|
|
||||||
|
|
||||||
override_dh_auto_configure:
|
override_dh_auto_configure:
|
||||||
dh_auto_configure -- \
|
dh_auto_configure -- \
|
||||||
@ -22,11 +21,9 @@ override_dh_auto_configure:
|
|||||||
--libexecdir=/usr/lib/nagios/plugins \
|
--libexecdir=/usr/lib/nagios/plugins \
|
||||||
--localstatedir=/var \
|
--localstatedir=/var \
|
||||||
--enable-ssl \
|
--enable-ssl \
|
||||||
--with-need-dh=no \
|
--with-logdir=/var/log \
|
||||||
--with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
|
--with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
|
||||||
--with-piddir=/var/run/nagios \
|
--with-piddir=/var/run/nagios
|
||||||
--enable-command-args \
|
|
||||||
--enable-bash-command-substitution
|
|
||||||
|
|
||||||
override_dh_auto_build:
|
override_dh_auto_build:
|
||||||
dh_auto_build -- all
|
dh_auto_build -- all
|
||||||
|
3
debian/tests/control
vendored
Normal file
3
debian/tests/control
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# Test installability
|
||||||
|
Depends: @
|
||||||
|
Test-Command: /bin/true
|
6
debian/watch
vendored
6
debian/watch
vendored
@ -1,5 +1,7 @@
|
|||||||
version=3
|
version=3
|
||||||
opts=\
|
opts=\
|
||||||
dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$//,\
|
dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$//,\
|
||||||
uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/;s/RC/rc/;s/-/./g \
|
uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/;s/RC/rc/;s/-/./g,\
|
||||||
http://sf.net/nagios/nrpe-([\d\.]+)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
|
filenamemangle=s/(?:.*?)?(?:rel|v|nrpe)?[\-\_]?(\d\S+)\.(tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))/nrpe-$1.$2/ \
|
||||||
|
https://github.com/NagiosEnterprises/nrpe/releases \
|
||||||
|
(?:.*?/archive\/)?(?:rel|v|nrpe)?[\-\_]?(\d\S+)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
|
||||||
|
Loading…
Reference in New Issue
Block a user