Imported Debian patch 3.0.1-3

2016-12-24 10:24:09 +01:00
parent 373f63f6da 76f2f414ed
commit 9a2dafa86c
118 changed files with 17710 additions and 10915 deletions
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -1,6 +0,0 @@
-02_nrpe.cfg_local-include.dpatch
-03_support_nrpe.d.dpatch
-05_pid_privileges.dpatch
-06_pid_directory.dpatch
-07_warn_ssloption.dpatch
-09_noremove_pid.dpatch
--- a/debian/patches/02_nrpe.cfg_local-include.dpatch
+++ b/debian/patches/02_nrpe.cfg_local-include.dpatch
@@ -1,19 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 02_nrpe.cfg_local-include.dpatch by  <seanius@debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Support nrpe_local.cfg 
-
-@DPATCH@
-diff -urNad nagios-nrpe-2.4~/sample-config/nrpe.cfg.in nagios-nrpe-2.4/sample-config/nrpe.cfg.in
--- nagios-nrpe-2.4~/sample-config/nrpe.cfg.in	2006-02-03 23:02:32.000000000 +0100
-+++ nagios-nrpe-2.4/sample-config/nrpe.cfg.in	2006-03-31 07:07:16.000000000 +0200
-@@ -178,3 +178,8 @@
- #command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$
- #command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
- #command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
-+
-+#
-+# local configuration:
-+#	if you'd prefer, you can instead place directives here
-+include=/etc/nagios/nrpe_local.cfg
--- a/debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch
+++ b/debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch
@@ -0,0 +1,22 @@
+Description: Support nrpe_local.cfg & nrpe.d directory.
+Author: Sean Finney <seanius@debian.org>
+Author: Alexander Wirt <formorer@debian.org>
+Forwarded: not-needed
+
+--- a/sample-config/nrpe.cfg.in
+++ b/sample-config/nrpe.cfg.in
+@@ -301,3 +301,14 @@ command[check_total_procs]=@pluginsdir@/
+ #command[check_load]=@pluginsdir@/check_load -w $ARG1$ -c $ARG2$
+ #command[check_disk]=@pluginsdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+ #command[check_procs]=@pluginsdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+
+# local configuration:
+# if you'd prefer, you can instead place directives here
+
+include=/etc/nagios/nrpe_local.cfg
+
+# you can place your config snipplets into nrpe.d/
+# only snipplets ending in .cfg will get included
+
+include_dir=/etc/nagios/nrpe.d/
+
--- a/debian/patches/03_support_nrpe.d.dpatch
+++ b/debian/patches/03_support_nrpe.d.dpatch
@@ -1,21 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 03_support_nrpe.d.dpatch by Alexander Wirt <formorer@debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Support an nrpe.d directory
-
-@DPATCH@
-diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in
--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in	2008-04-15 23:53:48.000000000 +0200
-+++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in	2008-04-15 23:54:48.000000000 +0200
-@@ -211,3 +211,9 @@
- # local configuration:
- #	if you'd prefer, you can instead place directives here
- include=/etc/nagios/nrpe_local.cfg
-+
-+# 
-+# you can place your config snipplets into nrpe.d/
-+# only snipplets ending in .cfg will get included
-+include_dir=/etc/nagios/nrpe.d/
-+
-+
--- a/debian/patches/04_weird_output.dpatch
+++ b/debian/patches/04_weird_output.dpatch
@@ -1,20 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 04_weird_output.dpatch by  <luk@luknote>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Clean buffer before use
-
-@DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c
--- pkg-nrpe~/src/nrpe.c	2012-04-30 09:36:53.000000000 +0200
-+++ pkg-nrpe/src/nrpe.c	2012-04-30 09:52:47.890535825 +0200
-@@ -1107,6 +1107,9 @@
- 	/* disable connection alarm - a new alarm will be setup during my_system */
- 	alarm(0);
- 
-+	// null buffer before using it!
-+	memset(buffer,0,sizeof(buffer));
-+
- 	/* if this is the version check command, just spew it out */
- 	if(!strcmp(command_name,NRPE_HELLO_COMMAND)){
- 
--- a/debian/patches/05_pid_privileges.dpatch
+++ b/debian/patches/05_pid_privileges.dpatch
@@ -1,27 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 05_pid_privileges.dpatch by  <luk@luknote>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c
--- pkg-nrpe~/src/nrpe.c	2014-05-23 20:42:27.000000000 +0200
-+++ pkg-nrpe/src/nrpe.c	2014-07-15 14:09:45.027422047 +0200
-@@ -317,13 +317,13 @@
- 		/* log info to syslog facility */
- 		syslog(LOG_NOTICE,"Starting up daemon");
- 
-+		/* drop privileges */
-+		drop_privileges(nrpe_user,nrpe_group);
-+
- 		/* write pid file */
- 		if(write_pid_file()==ERROR)
- 			return STATE_CRITICAL;
- 
-		/* drop privileges */
-		drop_privileges(nrpe_user,nrpe_group);
-
- 		/* make sure we're not root */
- 		check_privileges();
- 
--- a/debian/patches/06_pid_directory.dpatch
+++ b/debian/patches/06_pid_directory.dpatch
@@ -1,19 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 04_pid_directory.dpatch by Alexander Wirt <formorer@debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in
--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in	2007-03-09 19:08:58.000000000 +0100
-+++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in	2009-07-06 07:43:09.000000000 +0200
-@@ -16,7 +16,7 @@
- # number.  The file is only written if the NRPE daemon is started by the root
- # user and is running in standalone mode.
- 
-pid_file=/var/run/nrpe.pid
-+pid_file=/var/run/nagios/nrpe.pid
- 
- 
- 
--- a/debian/patches/07_warn_ssloption.dpatch
+++ b/debian/patches/07_warn_ssloption.dpatch
@@ -1,30 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 07_warn_ssloption.dpatch by Thijs Kinkhorst <thijs@debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Warn against inadequateness of NRPE's own SSL option.
-
--- a/SECURITY	2013-02-10 15:07:18.000000000 +0100
-+++ b/SECURITY	2013-02-10 15:08:50.000000000 +0100
-@@ -67,14 +67,17 @@
- ----------
- 
- If you do enable support for command arguments in the NRPE daemon,
-make sure that you encrypt communications either by using:
-
-   1.  Stunnel (see http://www.stunnel.org for more info)
-   2.  Native SSL support
-+make sure that you encrypt communications either by using, for
-+example, Stunnel (see http://www.stunnel.org for more info).
- 
- Do NOT assume that just because the daemon is behind a firewall
- that you are safe!  Always encrypt NRPE traffic!
- 
-+NOTE: the currently shipped native SSL support of NRPE is not an
-+adequante protection, because it does not verify clients and
-+server, and uses pregenerated key material. NRPE's SSL option is
-+advised against. For more information, see Debian bug #547092.
-+
- 
- USING ARGUMENTS
- ---------------
--- a/debian/patches/07_warn_ssloption.patch
+++ b/debian/patches/07_warn_ssloption.patch
@@ -0,0 +1,28 @@
+Description: Warn against inadequateness of NRPE's own SSL option.
+Author: Thijs Kinkhorst <thijs@debian.org>
+Forwarded: not-needed
+
+--- a/SECURITY.md
+++ b/SECURITY.md
+@@ -82,14 +82,17 @@ daemon should run as.
+ #### ENCRYPTION ####
+ 
+ If you do enable support for command arguments in the NRPE daemon,
+-make sure that you encrypt communications either by using:
+-
+-   1.  Stunnel (see http://www.stunnel.org for more info)
+-   2.  Native SSL support (See the `README.SSL.md` file for more info)
+make sure that you encrypt communications by using, for example,
+Stunnel (see http://www.stunnel.org for more info).
+ 
+ *Do NOT* assume that just because the daemon is behind a firewall
+ that you are safe!  Always encrypt NRPE traffic!
+ 
+NOTE: the currently shipped native SSL support of NRPE is not an
+adequante protection, because it does not verify clients and
+server, and uses pregenerated key material. NRPE's SSL option is
+advised against. For more information, see Debian bug #547092.
+
+ 
+ #### USING ARGUMENTS ####
+ 
--- a/debian/patches/09_noremove_pid.dpatch
+++ b/debian/patches/09_noremove_pid.dpatch
@@ -1,34 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 09_noremove_pid.dpatch by  <simon.deziel@gmail.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Do not remove the PID file after a connection error (original patch 
-## DP: from Hiren Patel)
-
-# Author: Hiren Patel
-# From: http://comments.gmane.org/gmane.network.nagios.devel/6774
-# Bug-Debian: #716949
-# Bug-Ubuntu: https://launchpad.net/bugs/1126890
-
-@DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c
--- pkg-nrpe~/src/nrpe.c	2014-07-15 14:20:02.000000000 +0200
-+++ pkg-nrpe/src/nrpe.c	2014-07-15 14:20:55.775429979 +0200
-@@ -998,7 +998,7 @@
- 						/* close socket prioer to exiting */
- 						close(sock);
- 			
-						return;
-+                        exit(STATE_CRITICAL);
- 						}
- 
- 					/* handle signals */
-@@ -1022,7 +1022,7 @@
- 				        /* close socket prior to exiting */
- 						close(new_sd);
- 
-						return;
-+                        exit(STATE_CRITICAL);
- 						}
- 
- 					/* is this is a blessed machine? */
--- a/debian/patches/10_reproducible_build.patch
+++ b/debian/patches/10_reproducible_build.patch
@@ -0,0 +1,24 @@
+Description: Make the build reproducible.
+Author: Chris Lamb <lamby@debian.org>
+Bug-Debian: https://bugs.debian.org/834857
+Forwarded: https://github.com/NagiosEnterprises/nrpe/pull/78
+Applied-Upstream: https://github.com/NagiosEnterprises/nrpe/commit/c6ca9766cae19bc194efa68ed85999e9c9756422
+
+--- a/update-version
+++ b/update-version
+@@ -20,11 +20,11 @@ fi
+ 
+ # Get date (two formats)
+ if [ -n "$2" ]; then
+-    LONGDATE=`date -d "$2" "+%B %d, %Y"`
+-    SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
+    LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
+    SHORTDATE=$(date -u -d "$2" "+%m-%d-%Y")
+ else
+-    LONGDATE=`date "+%B %d, %Y"`
+-    SHORTDATE=`date "+%m-%d-%Y"`
+    LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
+    SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%m-%d-%Y")
+ fi
+ 
+ # Current version number
--- a/debian/patches/11_reproducible_dh.h.patch
+++ b/debian/patches/11_reproducible_dh.h.patch
@@ -0,0 +1,60 @@
+Description: Use pre-generated dh.h for reproducible builds.
+Author: Bas Couwenberg <sebastic@debian.org>
+Bug-Debian: https://bugs.debian.org/834857
+Forwarded: not-needed
+
+--- /dev/null
+++ b/include/dh.h
+@@ -0,0 +1,41 @@
+#ifndef HEADER_DH_H
+#include <openssl/dh.h>
+#endif
+DH *get_dh2048()
+	{
+	static unsigned char dh2048_p[]={
+		0xE9,0x3C,0xF4,0xCE,0x63,0x0A,0x57,0x9A,0xD1,0x34,0x74,0xA1,
+		0x3E,0xC3,0x93,0xB5,0x50,0x36,0x56,0x87,0x9F,0x8F,0xBC,0x74,
+		0x15,0x03,0x1D,0x00,0x45,0xB0,0x2F,0xA3,0x2C,0xC1,0x13,0xFF,
+		0x6C,0xF1,0xDB,0x36,0xB5,0xB5,0x49,0x2D,0x6A,0x8D,0x55,0xA1,
+		0xE6,0x4C,0xD1,0xA9,0x07,0x24,0xC4,0xDF,0x3A,0x2A,0x9E,0xDB,
+		0x4A,0x23,0xAD,0x56,0x79,0xA3,0x3D,0xC4,0xAD,0xE0,0x3E,0x17,
+		0x3B,0x43,0x0F,0xB6,0x83,0xE4,0x52,0xFD,0x6D,0x74,0x03,0xB3,
+		0x29,0x26,0xF2,0x29,0x0A,0xA2,0x33,0x56,0x0C,0x16,0xF7,0x81,
+		0xBF,0xDC,0xB8,0xCE,0x78,0xC1,0x73,0xD6,0x48,0x54,0x2D,0x98,
+		0xA5,0x7A,0xE3,0x38,0x8E,0x3D,0x75,0xDB,0x92,0x4D,0x76,0xC1,
+		0xCD,0xE7,0x27,0xEE,0x09,0x89,0xFA,0xCE,0x7A,0xD6,0xDC,0x5B,
+		0x08,0x6B,0xE8,0x7E,0x37,0x7B,0x40,0x89,0x72,0xBD,0x4E,0xF4,
+		0x9A,0xDC,0x94,0xA3,0x7D,0x4C,0x15,0xE4,0xE1,0xA8,0x8D,0xF9,
+		0xB2,0xF0,0x02,0x40,0x39,0x6C,0xDD,0x37,0x08,0xC1,0xE8,0x0B,
+		0xAD,0x16,0x24,0x81,0x5F,0x24,0xD9,0x65,0x71,0x34,0x78,0xF3,
+		0xFE,0x35,0xE0,0x20,0xFF,0x6D,0x41,0xE7,0xC8,0x8E,0x58,0x59,
+		0x24,0x01,0x9A,0xC8,0xA7,0x8D,0x48,0x43,0x8E,0x34,0x7C,0xC1,
+		0xB4,0xC8,0xD0,0x9C,0xBD,0xEA,0x83,0xC7,0xC9,0x86,0xFC,0xD1,
+		0xA7,0xAF,0x5C,0x99,0x98,0xD1,0x82,0x78,0xE4,0xA4,0x1C,0xB5,
+		0x87,0x72,0xD8,0x38,0x48,0x60,0xAE,0xCB,0x92,0xA2,0x79,0xFC,
+		0x8F,0x1D,0x94,0xB5,0x88,0xA5,0xA4,0xE1,0xF5,0x98,0xBA,0xB2,
+		0x06,0x22,0xA8,0x1B,
+		};
+	static unsigned char dh2048_g[]={
+		0x02,
+		};
+	DH *dh;
+
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		{ DH_free(dh); return(NULL); }
+	return(dh);
+	}
+--- a/configure.ac
+++ b/configure.ac
+@@ -307,7 +307,7 @@ AC_ARG_ENABLE([ssl],
+ dnl Optional SSL library and include paths
+ if test x$check_for_ssl = xyes; then
+ 	# need_dh should only be set for NRPE
+-	need_dh=yes
+	need_dh=no
+ 	AC_NAGIOS_GET_SSL
+ fi
+ 
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1,4 @@
+02_nrpe.cfg_local-include_support_nrpe.d.patch
+07_warn_ssloption.patch
+10_reproducible_build.patch
+11_reproducible_dh.h.patch