Bump

no need for reproduciable builds
bump to new debain package
2021-07-18 12:12:52 +02:00 · 2018-01-10 10:48:31 +01:00 · 2018-01-10 10:38:38 +01:00 · 2018-01-10 10:34:09 +01:00 · 2017-11-02 09:57:26 +01:00 · 2017-11-02 09:55:49 +01:00
62 changed files with 3352 additions and 2042 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -0,0 +1,10 @@
 language: c
 sudo: enabled
 dist:
 - trusty
 compiler:
 - clang
 - gcc
 script: ./configure && make all && sudo ./test-wrapper
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,503 @@
 NRPE Changelog
 ==============
 [3.2.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.2.1) - 2017-08-31
 ---------------------------------------------------------------------------------------
 **FIXES**
 * Change seteuid error messages to warning/debug (Bryan Heden)
 * Fix segfault when no nrpe_user is specified (Stephen Smoogen, Bryan Heden)
 * Added additional strings to error messages to remove duplicates (Bryan Heden)
 * Fix nrpe.spec for rpmbuild (Bryan Heden)
 * Fix error for drop_privileges when using inetd (xalasys-luc, Bryan Heden)
 [3.2.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.2.0) - 2017-06-26
 ---------------------------------------------------------------------------------------
 **ENHANCEMENTS**
 * Added max_commands definition to nrpe.cfg to rate limit simultaneous fork()ed children (Bryan Heden)
 * Added -E, --stderr-to-stdout options for check_nrpe to redirect output (Bryan Heden)
 * Added support for Gentoo init (Troy Lea @box293)
 * Cleaned up code a bit, updated readmes and comments across the board (Bryan Heden)
 * Added -V, --version to nrpe and fixed the output (Bryan Heden)
 * Added different SSL error messages to be able to pinpoint where some SSL errors occured (Bryan Heden)
 * Updated logic in al parse_allowed_hosts (Bryan Heden)
 * Added builtin OpenSSL Engine support where available (Bryan Heden + @skrueger8)
 * Clean up compilation warnings (Bryan Heden)
 * Added more commented commands in nrpe.cfg (Bryan Heden)
 **FIXES**
 * Undefined check returns UNKNOWN (Bryan Heden)
 * Fix incompatibility with OpenSSL 1.1.0 via SECLEVEL distinction (Bryan Heden)
 * Fix ipv4 error in logfile even if address is ipv6 (Bryan Heden)
 * Fix improper valid/invalid certificate warnings (Bryan Heden)
 [3.1.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.1.1) - 2017-05-24
 ---------------------------------------------------------------------------------------
 **FIXES**
 * The '--log-file=' or '-g' option is missing from the help (John Frickson)
 * check_nrpe = segfault when specifying a config file (John Frickson)
 * Alternate log file not being used soon enough (John Frickson)
 * Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson)
 * Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson)
 * Can't build on Debian Stretch, openssl 1.1.0c (John Frickson)
 * Fix build failure with -Werror=format-security (Bas Couwenberg)
 * Fixed a typo in `nrpe.spec.in` (John Frickson)
 * More detailed error logging for SSL (John Frickson)
 * Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)
 [3.1.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.1.0) - 2017-04-17
 ---------------------------------------------------------------------------------------
 **ENHANCEMENTS**
 * Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson)
 * While processing 'include_dir' statement, sort the files (Philippe Kueck / John Frickson)
 * nrpe can now write to a log file using 'log_file=' in nrpe.cfg (John Frickson)
 * check_nrpe can now write to a log file using '--log-file=' or '-g' options (John Frickson)
 **FIXES**
 * Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach)
 * Fix help output for ssl option (configure) (Ruben Kerkhof)
 * Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe)
 * Changed the 'check_load' command in nrpe.cfg.in (minusdavid)
 * Cleanup of config.h.in suggested by Ruben Kerkhof
 * Minor change to logging in check_nrpe (John Frickson)
 * Solaris 11 detection is broken in configure (John Frickson)
 * Removed function `b64_decode` which wasn't being used (John Frickson)
 * check_nrpe ignores -a option when -f option is specified (John Frickson)
 * Added missing LICENSE file (John Frickson)
 * Off-by-one BO in my_system() (John Frickson)
 * Got rid of some compiler warnings (Stefan Krüger / John Frickson)
 * Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg)
 * nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson)
 * "Remote %s accepted a Version %s Packet", please add to debug (John Frickson)
 * nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson)
 * Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev)
 * Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
 * Fix systemd unit description (Bas Couwenberg)
 * Add reload command to systemd service file (Bas Couwenberg)
 * fix file not found error when updating version (Sven Nierlein)
 * Spelling fixes (Josh Soref)
 * Return UNKNOWN when check_nrpe cannot communicate with nrpe and -u set (John Frickson)
 * xinetd.d parameter causes many messages in log file (John Frickson)
 * Fixes for openssl 1.1.x (Stephen Smoogen / John Frickson)
 * PATH and other environment variables not set with numeric nrpe_user (John Frickson)
 * rpmbuild -ta nrpe-3.0.1.tar.gz failed File not found: /etc/init.d/nrpe (bvandi / John Frickson)
 [3.0.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.0.1) - 2016-09-08
 ---------------------------------------------------------------------------------------
 **FIXES**
 * _set_rc: command not found reported by init script (John Frickson)
 * Version string contains name (John Frickson)
 * Changes to get 'rpmbuild' to work - nrpe.spec file outdated (John Frickson)
 * typo in startup/default-xinetd.in (Philippe Kueck)
 * debug output missing command name (Philippe Kueck)
 * /usr/lib/tmpfiles.d/ndo2db.conf should have 'd' type, not 'D' (John Frickson)
 * Fixes in parse_allowed_hosts() and called functions (Jobst Schmalenbach / John Frickson)
 * nrpe.cfg: 'debug' statement needs to be first in file (Jobst Schmalenbach / John Frickson)
 [3.0.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.0.0) - 2016-08-01
 ---------------------------------------------------------------------------------------
 **SECURITY**
 * Fix for CVE-2014-2913
 * Added function to clean the environment before forking. (John Frickson)
 **ENHANCEMENTS**
 * Added support for optional config file to check_nrpe. With the new SSL
  parameters, the line was getting long. The config file is specified with
  --config-file=<path> or -f <path> parameters. The config file must look
  like command line options, but the options can be on separate lines. It
  MUST NOT include --config-file (-f), --command (-c) or --args (-a). If any
  options are in both the config file and on the command line, the command line
  options are used.
 * make can now add users and groups using "make install-groups-users" (John Frickson)
 * Added "nrpe-uninstall" script to the same directory nrpe get installed to (John Frickson)
 * Updated code so configure && make will work on AIX, HP-UX, Solaris, OS X.
  There should be no errors or warnings. Let me know if any errors or
  warning appear (John Frickson)
 * Added command-line option to prevent forking, since some of the init
  replacements (such as systemd, etc.) don't want daemons to fork (John Frickson)
 * Added autoconf macros and additional files to better support multi-platform
  config and compile. The default will still set up to install to
  /usr/local/nagios but I added a new configure option:
  '--enable-install-method=<method>'. If <method> is 'opt', everything will
  install to '/opt/nagios'. If <method> is 'os', installation will be to O/S-
  and distribution-specific locations, such as /usr/sbin, /usr/lib/nagios,
  /etc/nagios, and so on.
 * Added additional init and inetd config files to support more systems,
  including SuSE, Debian, Slackware, Gentoo, *BSD, AIX, HP-UX, Solaris, OS X.
 * Added listen_queue_size as configuration option (Vadim Antipov, Kaspersky Lab)
 * Reworked SSL/TLS. See the README.SSL.md file for full info. (John Frickson)
 * Added support for version 3 variable sized packets up to 64KB. nrpe will
  accept either version from check_nrpe. check_nrpe will try to send a
  version 3 packet first, and fall back to version 2. check_nrpe can be forced
  to only send version 2 packets if the switch `-2` is used. (John Frickson)
 * Added extended timeout syntax in the -t <secs>:<status> format. (ABrist)
 **FIXES**
 * Fixed configure to check more places for SSL headers/libs. (John Frickson)
 * Added ifdefs for complete_SSL_shutdown to compile without SSL. (Matthew L. Daniel)
 * Renamed configure.in to configure.ac and added check for sigaction (John Frickson)
 * Replaced all instances of signal() with sigaction() + blocking (John Frickson)
 * check_nrpe does not parse passed arguments correctly (John Frickson)
 * NRPE should not start if cannot write pid file (John Frickson)
 * Fixed out-of-bounds error (return code 255) for some failures (John Frickson)
 * Connection Timeout and Connection Refused messages need a new line (Andrew Widdersheim)
 * allowed_hosts doesn't work, if one of the hostnames can't be resolved by dns (John Frickson)
 * allowed_hosts doesn't work with a hostname resolving to an IPv6 address (John Frickson)
 * Return UNKNOWN when issues occur (Andrew Widdersheim)
 * NRPE returns OK if check can't be executed (Andrew Widdersheim)
 * nrpe 2.15 [regression in Added SRC support on AIX - 2.14] (frphoebus)
 * compile nrpe - Solaris 9 doesn't have isblank() (lilo, John Frickson)
 * sample configuration for check_load has crazy sample load avg (ernestoongaro)
 2.15 - 09/06/2013
 -----------------
 * Now compiles on HP-UX (Grant Byers)
 * Added support for IPv6 (Leo Baltus, Eric Stanley)
 2.14 - 12/21/2012
 -----------------
 * Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley)
 * Patched to shutdown SSL connection completely (Jari Takkala)
 * Added SRC support on AIX (Thierry Bertaud)
 * Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley)
 * Updated logging to support compiling on AIX (Eric Stanley)
 2.13 - 11/11/2011
 -----------------
 * Applied Kaspersky Labs supplied patch for extending allowed_hosts (Konstantin Malov)
 * Fixed bug in allowed_hosts parsing (Eric Stanley)
 * Updated to support compiling on Solaris 10 (thanks to Kevin Pendleton)
 2.12 - 03/10/2008
 -----------------
 * Fix for unterminated multiline plugin (garbage) output (Krzysztof Oledzki)
 2.11 - 12/26/2007
 -----------------
 * Added lib64 library paths to configure script for 64-bit systems (John Maag)
 * Added --with-ssl-lib configure script option
 * Added --with-log-facility option to control syslog logging (Ryan Ordway and Brian Seklecki)
 2.10 - 10/19/2007
 -----------------
 * Moved PDF docs to docs/ subdirectory, added OpenOffice source document
 * A critical result is now returned for child processed that die due to a signal (Klas Lindfors) 
 2.9 - 08/13/2007
 ----------------
 * Fixed bug with --with-nrpe-group configure script option (Graham Collinson)
 * Fixed bug with check_disk thresholds in sample config file (Patric Wust)
 * Added NRPE_PROGRAMVERSION and NRPE_MULTILINESUPPORT environment variables
  for scripts that need to detect NRPE version and capabilities (Gerhard Lausser)
 * Added asprintf() support for systems that are missing it (Samba team)
 2.8.1 - 05/10/2007
 -----------------
 * Fixed configure script error with user-specified NRPE group
 2.8 - 05/08/2007
 ---------------
 * Added support for multiline plugin output (limited to 1KB at the moment) (Matthias Flacke)
 2.8b1 - 03/14/2007
 -----------------
 * Changes to sample config files
 * Added ';' as an additional prohibited metachar for command arguments
 * Updated documentation and added easier installation commands
 2.7.1 - 03/08/2007
 ------------------
 * Changed C++ style comment to C style to fix compilation errors on AIX (Ryan McGarry)
 2.7 - 02/18/2007
 ----------------
 * Patches for detection SSL header and library locations (Andrew Boyce-Lewis)
 * NRPE daemon will now partially ignore non-fatal configuration file errors and attempt to startup (Andrew Boyce-Lewis)
 2.6 - 12/11/2006
 ----------------
 * Added -u option to check_nrpe to return UNKNOWN states on socket timeouts (Bjoern Beutel)
 * Added connection_timeout variable to NRPE daemon to catch dead client connections (Ton Voon)
 * Added graceful timeout to check_nrpe to ensure connection to NRPE daemon is properly closed (Mark Plaksin)
 2.5.2 - 06/30/2006
 ------------------
 * Fixed incorrect service name in sample xinetd config file
 * Added note on how to restart inetd for OpenBSD users (Robert Peaslee)
 * Fix for nonblocking accept()s on systems that define EAGAIN differently than EWOULDBLOCK (Gerhard Lausser)
 * Fix to (re)allow week random seed (Gerhard Lausser)
 2.5.1 - 04/09/2006
 ------------------
 * Patch to fix segfault if --no-ssl option is used (Sean Finney/Peter Palfrader)
 2.5 - 04/06/2006
 ----------------
 * (Re)added allowed_hosts option for systems that don't support TCP wrappers
 * Fix for SSL errors under Solaris 8 (Niels Endres)
 * Fix for config file directory inclusion on ReiserFS (Gerhard Lausser)
 2.4 - 02/22/2006
 ----------------
 * Added option to allow week random seed (Gerhard Lausser)
 * Added optional command line prefix (Sean Finney)
 * Added ability to reload config file with SIGHUP
 * Fixed bug with location of dh.h include file
 * Fixed bug with disconnect message in debug mode
 2.3 - 01/23/2006
 ----------------
 * Spec file fixes
 * Removed errant PID file debugging code
 * Fixed problem with trimming command definitions
 2.2 - 01/22/2006
 ----------------
 * Spec file fix
 * Patch to add Tru64 and IRIX support (Ton Voon)
 * Updated config.sub and config.guess
 * Fixed bug with config file lines with only whitespace
 * Fixed bug with missing getopt() command line option for -V
 * Removed sample FreeBSD init script (now maintained by FreeBSD port)
 * Added config file option for writing a PID file
 2.1 - 01/19/2004
 ----------------
 * Replaced host access list with TCP wrapper support
 * Removed length restrictions for command names and command lines
 * Configure script patch for getopt_long on Solaris
 * Bug fixes for accept() on HP-UX 11.0
 * Init script for SUSE Linux (Subhendu Ghosh)
 * SSL protocol used is now limited to TLSv1
 * Any output from plugins after first line is now ignored before
  plugin process is closed
 2.0 - 09/08/2003
 ----------------
 * Added support for passing arguments to command
 * NRPE daemon can no longer be run as root user/group
 * Added getopt support
 * Added 'include' variable to config file to allow inclusion
  of external config files
 * Added 'include_dir' variable to allow inclusion of external
  config files in directories (with recursion)
 * Added native SSL support (Derrick Bennett)
 * Added my_strsep(), as Solaris doesn't have strsep()
 * Added license exemption for use with OpenSSL
 1.8 - 01/16/2003
 ----------------
 * Daemon now closes stdio/out/err properly (James Peterson)
 * Makefile changes (James Peterson)
 * Mode command line option bug fix in daemon
 * Fixed incorrect command line options in check_nrpe plugin
 1.7 - 01/08/2003
 ----------------
 * Spec file updates and minor bug fixes (James Peterson)
 * Bug fix with default nrpe port definition
 * Added sample xinetd config file (nrpe.xinetd)
 * Bug fix for command_timeout variable (James Peterson)
 1.6 - 12/30/2002
 ----------------
 * Updated sample commands to match new plugin argument format
 * Added sample init scripts for FreeBSD and Debian (Andrew Ryder)
 * Syntax changes (-H option specifies host name in check_nrpe, 
  -c option specifies config file in nrpe)
 * Added command_timeout directive to config file to allow user
  to specify timeout for executing plugins
 * Added spec file and misc patches for building RPMs (James Peterson)
 * Added --with-nrpe-port config directive (James Peterson)
 1.5 - 06/03/2002
 ----------------
 * Added setuid/setgid option to config file (suggested by Marek Cervenka) 
 1.4 - 06/01/2002
 ----------------
 * Changed STATE_UNKNOWN to value of 3 instead of -1 (old style)
 * Minor doc and sample config file changes
 1.3 - 02/21/2002
 ----------------
 * Name and version change
 * Ignore SIGHUP, minor cleanup (Jon Andrews)
 1.2.5 - 12/22/2001
 ------------------
 * Implemented Beej's sendall() to handle partial send()s
 * Added instructions on running under xinetd to README
 * Removed some old crud
 1.2.4 - 02/22/2001
 ------------------
 * I forgot what changes I made.  Go figure...
 1.2.3 - 12/21/2000
 ------------------
 * A bit more documentation on configuring command definitions for the plugin
 1.2.2 - 06/05/2000
 ------------------
 * Fixed error in docs for running under inetd using TCP wrappers
 * Replaced old email address in src/netutils.h with new one
 1.2.1 - 05/07/2000
 ------------------
 * Removed trapping of SIGCHLD
 * Changed wait4() to waitpid() to allow compilation on HP-UX and AIX
 1.2.0 - 04/18/2000
 ------------------
 * Server forks twice after accepting a client connection, so as to prevent the
  creation of zombies
 1.1.5 - 04/07/2000
 ------------------
 * Fixed a small bug where one debug message was not getting logged properly
 1.1.4 - 03/30/2000
 ------------------
 * Added option to disable/enable debug messages using the debug option in the
  config file
 1.1.3 - 03/11/2000
 ------------------
 * Changed config file to use an absolute path
 * Changed all debug output to use syslog (Rene Klootwijk)
 * No convert all data to network order before sending it and convert it back to
  host order when receiving it. This makes it possible to mix Solaris and Linux,  
  e.g. running check_nrpe on Linux and nrpe on Solaris. (Rene Klootwijk)
 1.1.2 - 03/07/2000
 ------------------
 * Removed unnecessary code in signal handler routine
 * Unused signals are no longer trapper
 1.1.1 - 02/28/2000 - RKL
 ---------------------------
 * Modified syslog code to include string describing the error code.
 * Changed hardcoded number in signal handler to its name. This prevented nrpe
  to run on Solaris.
 * Fixed race condition in accept loop. The result of accept should also be
  checked for EINTR.
 * Modified recv and send function calls to compile without warnings on Solaris.
 * Modified configure.in,configure and Makefile.in to include nsl and socket libs
  for Solaris.
 * Modified the signal handler to reestablish itself after being called.
 1.1 - 02/24/2000 - Rene Klootwijk <rene@klootwijk.org>
 -----------------
 * Added ability to bind nrpe to a specific interface by specifying the address
  of this interface in the nrpe.cfg file (e.g. server_address=192.168.2.3)
 1.0   - 02/16/2000
 ------------------
 * Added ability to run as a service under inetd
 1.0b6 - 02/01/2000
 ------------------
 * Added configure script
 * Netutils functions from the NetSaint plugins is now used
 * Reset SIGCHLD to default behavior before calling popen() to
  prevent race condition with pclose() (Reported by Rene Klootwijk)
 * Cleaned up code
 1.0b5 - 01/10/2000
 ------------------
 * Added init script contributed by Jacob L
 * Incorporated syslog code and other patches contributed by Jacob L
 1.0b4 - 11/04/1999
 ------------------
 * Changed 'allowed_ip' option in configuration file to
  'allowed_hosts' and added support for multiple hosts
 * Minor buffer overflow protection fixes
 * main() returned STATE_UNKNOWN on successful launch, changed to STATE_OK (jaclu@grm.se)
 * Added syslog support (jaclu@grm.se)
--- a/425
+++ b/425
@ -1,425 +0,0 @@
 **************
 NRPE Changelog
 **************
 3.0.1 - 2016-09-08
 ------------------
 FIXES
 - _set_rc: command not found reported by init script (John Frickson)
 - Version string contains name (John Frickson)
 - Changes to get 'rpmbuild' to work - nrpe.spec file outdated (John Frickson)
 - typo in startup/default-xinetd.in (Philippe Kueck)
 - debug output missing command name (Philippe Kueck)
 - /usr/lib/tmpfiles.d/ndo2db.conf should have 'd' type, not 'D' (John Frickson)
 - Fixes in parse_allowed_hosts() and called functions (Jobst Schmalenbach / John Frickson)
 - nrpe.cfg: 'debug' statement needs to be first in file (Jobst Schmalenbach / John Frickson)
 3.0 - 2016-08-01
 -----------------
 SECURITY
 - Fix for CVE-2014-2913
 - Added function to clean the environment before forking. (John Frickson)
 ENHANCEMENTS
 - Added support for optional config file to check_nrpe. With the new SSL
  parameters, the line was getting long. The config file is specified with
  --config-file=<path> or -f <path> parameters. The config file must look
  like command line options, but the options can be on separate lines. It
  MUST NOT include --config-file (-f), --command (-c) or --args (-a). If any
  options are in both the config file and on the command line, the command line
  options are used.
 - make can now add users and groups using "make install-groups-users" (John Frickson)
 - Added "nrpe-uninstall" script to the same directory nrpe get installed to (John Frickson)
 - Updated code so configure && make will work on AIX, HP-UX, Solaris, OS X.
  There should be no errors or warnings. Let me know if any errors or
  warning appear (John Frickson)
 - Added command-line option to prevent forking, since some of the init
  replacements (such as systemd, etc.) don't want daemons to fork (John Frickson)
 - Added autoconf macros and additional files to better support multi-platform
  config and compile. The default will still set up to install to
  /usr/local/nagios but I added a new configure option:
  '--enable-install-method=<method>'. If <method> is 'opt', everything will
  install to '/opt/nagios'. If <method> is 'os', installation will be to O/S-
  and distribution-specific locations, such as /usr/sbin, /usr/lib/nagios,
  /etc/nagios, and so on.
 - Added additional init and inetd config files to support more systems,
  including SuSE, Debian, Slackware, Gentoo, *BSD, AIX, HP-UX, Solaris, OS X.
 - Added listen_queue_size as configuration option (Vadim Antipov, Kaspersky Lab)
 - Reworked SSL/TLS. See the README.SSL.md file for full info. (John Frickson)
 - Added support for version 3 variable sized packets up to 64KB. nrpe will
  accept either version from check_nrpe. check_nrpe will try to send a
  version 3 packet first, and fall back to version 2. check_nrpe can be forced
  to only send version 2 packets if the switch `-2` is used. (John Frickson)
 - Added extended timeout syntax in the -t <secs>:<status> format. (ABrist)
 FIXES
 - Fixed configure to check more places for SSL headers/libs. (John Frickson)
 - Added ifdefs for complete_SSL_shutdown to compile without SSL. (Matthew L. Daniel)
 - Renamed configure.in to configure.ac and added check for sigaction (John Frickson)
 - Replaced all instances of signal() with sigaction() + blocking (John Frickson)
 - check_nrpe does not parse passed arguments correctly (John Frickson)
 - NRPE should not start if cannot write pid file (John Frickson)
 - Fixed out-of-bounds error (return code 255) for some failures (John Frickson)
 - Connection Timeout and Connection Refused messages need a new line (Andrew Widdersheim)
 - allowed_hosts doesn't work, if one of the hostnames can't be resolved by dns (John Frickson)
 - allowed_hosts doesn't work with a hostname resolving to an IPv6 address (John Frickson)
 - Return UNKNOWN when issues occur (Andrew Widdersheim)
 - NRPE returns OK if check can't be executed (Andrew Widdersheim)
 - nrpe 2.15 [regression in Added SRC support on AIX - 2.14] (frphoebus)
 - compile nrpe - Solaris 9 doesn't have isblank() (lilo, John Frickson)
 - sample configuration for check_load has crazy sample load avg (ernestoongaro)
 2.15 - 09/06/2013
 -----------------
 - Now compiles on HP-UX (Grant Byers)
 - Added support for IPv6 (Leo Baltus, Eric Stanley)
 2.14 - 12/21/2012
 -----------------
 - Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley)
 - Patched to shutdown SSL connection completely (Jari Takkala)
 - Added SRC support on AIX (Thierry Bertaud)
 - Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley)
 - Updated logging to support compiling on AIX (Eric Stanley)
 2.13 - 11/11/2011
 -----------------
 - Applied Kaspersky Labs supplied patch for extending allowed_hosts (Konstantin Malov)
 - Fixed bug in allowed_hosts parsing (Eric Stanley)
 - Updated to support compiling on Solaris 10 (thanks to Kevin Pendleton)
 2.12 - 03/10/2008
 -----------------
 - Fix for unterminated multiline plugin (garbage) output (Krzysztof Oledzki)
 2.11 - 12/26/2007
 -----------------
 - Added lib64 library paths to configure script for 64-bit systems (John Maag)
 - Added --with-ssl-lib configure script option
 - Added --with-log-facility option to control syslog logging (Ryan Ordway and Brian Seklecki)
 2.10 - 10/19/2007
 -----------------
 - Moved PDF docs to docs/ subdirectory, added OpenOffice source document
 - A critical result is now returned for child processed that die due to a signal (Klas Lindfors) 
 2.9 - 08/13/2007
 ----------------
 - Fixed bug with --with-nrpe-group configure script option (Graham Collinson)
 - Fixed bug with check_disk thresholds in sample config file (Patric Wust)
 - Added NRPE_PROGRAMVERSION and NRPE_MULTILINESUPPORT environment variables
  for scripts that need to detect NRPE version and capabilities (Gerhard Lausser)
 - Added asprintf() support for systems that are missing it (Samba team)
 2.8.1 - 05/10/2007
 -----------------
 - Fixed configure script error with user-specified NRPE group
 2.8 - 05/08/2007
 ---------------
 - Added support for multiline plugin output (limited to 1KB at the moment) (Matthias Flacke)
 2.8b1 - 03/14/2007
 -----------------
 - Changes to sample config files
 - Added ';' as an additional prohibited metachar for command arguments
 - Updated documentation and added easier installation commands
 2.7.1 - 03/08/2007
 ------------------
 - Changed C++ style comment to C style to fix compilation errors on AIX (Ryan McGarry)
 2.7 - 02/18/2007
 ----------------
 - Patches for detection SSL header and library locations (Andrew Boyce-Lewis)
 - NRPE daemon will now partially ignore non-fatal configuration file errors and attempt to startup (Andrew Boyce-Lewis)
 2.6 - 12/11/2006
 ----------------
 - Added -u option to check_nrpe to return UNKNOWN states on socket timeouts (Bjoern Beutel)
 - Added connection_timeout variable to NRPE daemon to catch dead client connections (Ton Voon)
 - Added graceful timeout to check_nrpe to ensure connection to NRPE daemon is properly closed (Mark Plaksin)
 2.5.2 - 06/30/2006
 ------------------
 - Fixed incorrect service name in sample xinetd config file
 - Added note on how to restart inetd for OpenBSD users (Robert Peaslee)
 - Fix for nonblocking accept()s on systems that define EAGAIN differently than EWOULDBLOCK (Gerhard Lausser)
 - Fix to (re)allow week random seed (Gerhard Lausser)
 2.5.1 - 04/09/2006
 ------------------
 - Patch to fix segfault if --no-ssl option is used (Sean Finney/Peter Palfrader)
 2.5 - 04/06/2006
 ----------------
 - (Re)added allowed_hosts option for systems that don't support TCP wrappers
 - Fix for SSL errors under Solaris 8 (Niels Endres)
 - Fix for config file directory inclusion on ReiserFS (Gerhard Lausser)
 2.4 - 02/22/2006
 ----------------
 - Added option to allow week random seed (Gerhard Lausser)
 - Added optional command line prefix (Sean Finney)
 - Added ability to reload config file with SIGHUP
 - Fixed bug with location of dh.h include file
 - Fixed bug with disconnect message in debug mode
 2.3 - 01/23/2006
 ----------------
 - Spec file fixes
 - Removed errant PID file debugging code
 - Fixed problem with trimming command definitions
 2.2 - 01/22/2006
 ----------------
 - Spec file fix
 - Patch to add Tru64 and IRIX support (Ton Voon)
 - Updated config.sub and config.guess
 - Fixed bug with config file lines with only whitespace
 - Fixed bug with missing getopt() command line option for -V
 - Removed sample FreeBSD init script (now maintained by FreeBSD port)
 - Added config file option for writing a PID file
 2.1 - 01/19/2004
 ----------------
 - Replaced host access list with TCP wrapper support
 - Removed length restrictions for command names and command lines
 - Configure script patch for getopt_long on Solaris
 - Bug fixes for accept() on HP-UX 11.0
 - Init script for SUSE Linux (Subhendu Ghosh)
 - SSL protocol used is now limited to TLSv1
 - Any output from plugins after first line is now ignored before
  plugin process is closed
 2.0 - 09/08/2003
 ----------------
 - Added support for passing arguments to command
 - NRPE daemon can no longer be run as root user/group
 - Added getopt support
 - Added 'include' variable to config file to allow inclusion
  of external config files
 - Added 'include_dir' variable to allow inclusion of external
  config files in directories (with recursion)
 - Added native SSL support (Derrick Bennett)
 - Added my_strsep(), as Solaris doesn't have strsep()
 - Added license exemption for use with OpenSSL
 1.8 - 01/16/2003
 ----------------
 - Daemon now closes stdio/out/err properly (James Peterson)
 - Makefile changes (James Peterson)
 - Mode command line option bug fix in daemon
 - Fixed incorrect command line options in check_nrpe plugin
 1.7 - 01/08/2003
 ----------------
 - Spec file updates and minor bug fixes (James Peterson)
 - Bug fix with default nrpe port definition
 - Added sample xinetd config file (nrpe.xinetd)
 - Bug fix for command_timeout variable (James Peterson)
 1.6 - 12/30/2002
 ----------------
 - Updated sample commands to match new plugin argument format
 - Added sample init scripts for FreeBSD and Debian (Andrew Ryder)
 - Syntax changes (-H option specifies host name in check_nrpe, 
  -c option specifies config file in nrpe)
 - Added command_timeout directive to config file to allow user
  to specify timeout for executing plugins
 - Added spec file and misc patches for building RPMs (James Peterson)
 - Added --with-nrpe-port config directive (James Peterson)
 1.5 - 06/03/2002
 ----------------
 - Added setuid/setgid option to config file (suggested by Marek Cervenka) 
 1.4 - 06/01/2002
 ----------------
 - Changed STATE_UNKNOWN to value of 3 instead of -1 (old style)
 - Minor doc and sample config file changes
 1.3 - 02/21/2002
 ----------------
 - Name and version change
 - Ignore SIGHUP, minor cleanup (Jon Andrews)
 1.2.5 - 12/22/2001
 ------------------
 - Implemented Beej's sendall() to handle partial send()s
 - Added instructions on running under xinetd to README
 - Removed some old crud
 1.2.4 - 02/22/2001
 ------------------
 - I forgot what changes I made.  Go figure...
 1.2.3 - 12/21/2000
 ------------------
 - A bit more documentation on configuring command definitions for the plugin
 1.2.2 - 06/05/2000
 ------------------
 - Fixed error in docs for running under inetd using TCP wrappers
 - Replaced old email address in src/netutils.h with new one
 1.2.1 - 05/07/2000
 ------------------
 - Removed trapping of SIGCHLD
 - Changed wait4() to waitpid() to allow compilation on HP-UX and AIX
 1.2.0 - 04/18/2000
 ------------------
 - Server forks twice after accepting a client connection, so as to prevent the
  creation of zombies
 1.1.5 - 04/07/2000
 ------------------
 - Fixed a small bug where one debug message was not getting logged properly
 1.1.4 - 03/30/2000
 ------------------
 - Added option to disable/enable debug messages using the debug option in the
  config file
 1.1.3 - 03/11/2000
 ------------------
 - Changed config file to use an absolute path
 - Changed all debug output to use syslog (Rene Klootwijk)
 - No convert all data to network order before sending it and convert it back to
  host order when receiving it. This makes it possible to mix Solaris and Linux,  
  e.g. running check_nrpe on Linux and nrpe on Solaris. (Rene Klootwijk)
 1.1.2 - 03/07/2000
 ------------------
 - Removed unnecessary code in signal handler routine
 - Unused signals are no longer trapper
 1.1.1 - 02/28/2000 - RKL
 ---------------------------
 - Modified syslog code to include string describing the error code.
 - Changed hardcoded number in signal handler to its name. This prevented nrpe
  to run on Solaris.
 - Fixed race condition in accept loop. The result of accept should also be
  checked for EINTR.
 - Modified recv and send function calls to compile without warnings on Solaris.
 - Modified configure.in,configure and Makefile.in to include nsl and socket libs
  for Solaris.
 - Modified the signal handler to reestablish itself after being called.
 1.1 - 02/24/2000 - Rene Klootwijk <rene@klootwijk.org>
 -----------------
 - Added ability to bind nrpe to a specific interface by specifying the address
  of this interface in the nrpe.cfg file (e.g. server_address=192.168.2.3)
 1.0   - 02/16/2000
 ------------------
 - Added ability to run as a service under inetd
 1.0b6 - 02/01/2000
 ------------------
 - Added configure script
 - Netutils functions from the NetSaint plugins is now used
 - Reset SIGCHLD to default behavior before calling popen() to
  prevent race condition with pclose() (Reported by Rene Klootwijk)
 - Cleaned up code
 1.0b5 - 01/10/2000
 ------------------
 - Added init script contributed by Jacob L
 - Incorporated syslog code and other patches contributed by Jacob L
 1.0b4 - 11/04/1999
 ------------------
 - Changed 'allowed_ip' option in configuration file to
  'allowed_hosts' and added support for multiple hosts
 - Minor buffer overflow protection fixes
 - main() returned STATE_UNKNOWN on successful launch, changed to STATE_OK (jaclu@grm.se)
 - Added syslog support (jaclu@grm.se)
--- a/LICENSE.md
+++ b/LICENSE.md
@ -0,0 +1,264 @@
 The GNU General Public License, Version 2, June 1991 (GPLv2)
 ============================================================
 > Copyright (C) 1989, 1991 Free Software Foundation, Inc.
 > 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
 Everyone is permitted to copy and distribute verbatim copies of this license
 document, but changing it is not allowed.
 Preamble
 --------
 The licenses for most software are designed to take away your freedom to share
 and change it. By contrast, the GNU General Public License is intended to
 guarantee your freedom to share and change free software--to make sure the
 software is free for all its users. This General Public License applies to most
 of the Free Software Foundation's software and to any other program whose
 authors commit to using it. (Some other Free Software Foundation software is
 covered by the GNU Lesser General Public License instead.) You can apply it to
 your programs, too.
 When we speak of free software, we are referring to freedom, not price. Our
 General Public Licenses are designed to make sure that you have the freedom to
 distribute copies of free software (and charge for this service if you wish),
 that you receive source code or can get it if you want it, that you can change
 the software or use pieces of it in new free programs; and that you know you can
 do these things.
 To protect your rights, we need to make restrictions that forbid anyone to deny
 you these rights or to ask you to surrender the rights. These restrictions
 translate to certain responsibilities for you if you distribute copies of the
 software, or if you modify it.
 For example, if you distribute copies of such a program, whether gratis or for a
 fee, you must give the recipients all the rights that you have. You must make
 sure that they, too, receive or can get the source code. And you must show them
 these terms so they know their rights.
 We protect your rights with two steps: (1) copyright the software, and (2) offer
 you this license which gives you legal permission to copy, distribute and/or
 modify the software.
 Also, for each author's protection and ours, we want to make certain that
 everyone understands that there is no warranty for this free software. If the
 software is modified by someone else and passed on, we want its recipients to
 know that what they have is not the original, so that any problems introduced by
 others will not reflect on the original authors' reputations.
 Finally, any free program is threatened constantly by software patents. We wish
 to avoid the danger that redistributors of a free program will individually
 obtain patent licenses, in effect making the program proprietary. To prevent
 this, we have made it clear that any patent must be licensed for everyone's free
 use or not licensed at all.
 The precise terms and conditions for copying, distribution and modification
 follow.
 Terms And Conditions For Copying, Distribution And Modification
 ---------------------------------------------------------------
 **0.** This License applies to any program or other work which contains a notice
 placed by the copyright holder saying it may be distributed under the terms of
 this General Public License. The "Program", below, refers to any such program or
 work, and a "work based on the Program" means either the Program or any
 derivative work under copyright law: that is to say, a work containing the
 Program or a portion of it, either verbatim or with modifications and/or
 translated into another language. (Hereinafter, translation is included without
 limitation in the term "modification".) Each licensee is addressed as "you".
 Activities other than copying, distribution and modification are not covered by
 this License; they are outside its scope. The act of running the Program is not
 restricted, and the output from the Program is covered only if its contents
 constitute a work based on the Program (independent of having been made by
 running the Program). Whether that is true depends on what the Program does.
 **1.** You may copy and distribute verbatim copies of the Program's source code
 as you receive it, in any medium, provided that you conspicuously and
 appropriately publish on each copy an appropriate copyright notice and
 disclaimer of warranty; keep intact all the notices that refer to this License
 and to the absence of any warranty; and give any other recipients of the Program
 a copy of this License along with the Program.
 You may charge a fee for the physical act of transferring a copy, and you may at
 your option offer warranty protection in exchange for a fee.
 **2.** You may modify your copy or copies of the Program or any portion of it,
 thus forming a work based on the Program, and copy and distribute such
 modifications or work under the terms of Section 1 above, provided that you also
 meet all of these conditions:
 *   **a)** You must cause the modified files to carry prominent notices stating
    that you changed the files and the date of any change.
 *   **b)** You must cause any work that you distribute or publish, that in whole
    or in part contains or is derived from the Program or any part thereof, to
    be licensed as a whole at no charge to all third parties under the terms of
    this License.
 *   **c)** If the modified program normally reads commands interactively when
    run, you must cause it, when started running for such interactive use in the
    most ordinary way, to print or display an announcement including an
    appropriate copyright notice and a notice that there is no warranty (or
    else, saying that you provide a warranty) and that users may redistribute
    the program under these conditions, and telling the user how to view a copy
    of this License. (Exception: if the Program itself is interactive but does
    not normally print such an announcement, your work based on the Program is
    not required to print an announcement.)
 These requirements apply to the modified work as a whole. If identifiable
 sections of that work are not derived from the Program, and can be reasonably
 considered independent and separate works in themselves, then this License, and
 its terms, do not apply to those sections when you distribute them as separate
 works. But when you distribute the same sections as part of a whole which is a
 work based on the Program, the distribution of the whole must be on the terms of
 this License, whose permissions for other licensees extend to the entire whole,
 and thus to each and every part regardless of who wrote it.
 Thus, it is not the intent of this section to claim rights or contest your
 rights to work written entirely by you; rather, the intent is to exercise the
 right to control the distribution of derivative or collective works based on the
 Program.
 In addition, mere aggregation of another work not based on the Program with the
 Program (or with a work based on the Program) on a volume of a storage or
 distribution medium does not bring the other work under the scope of this
 License.
 **3.** You may copy and distribute the Program (or a work based on it, under
 Section 2) in object code or executable form under the terms of Sections 1 and 2
 above provided that you also do one of the following:
 *   **a)** Accompany it with the complete corresponding machine-readable source
    code, which must be distributed under the terms of Sections 1 and 2 above on
    a medium customarily used for software interchange; or,
 *   **b)** Accompany it with a written offer, valid for at least three years, to
    give any third party, for a charge no more than your cost of physically
    performing source distribution, a complete machine-readable copy of the
    corresponding source code, to be distributed under the terms of Sections 1
    and 2 above on a medium customarily used for software interchange; or,
 *   **c)** Accompany it with the information you received as to the offer to
    distribute corresponding source code. (This alternative is allowed only for
    noncommercial distribution and only if you received the program in object
    code or executable form with such an offer, in accord with Subsection b
    above.)
 The source code for a work means the preferred form of the work for making
 modifications to it. For an executable work, complete source code means all the
 source code for all modules it contains, plus any associated interface
 definition files, plus the scripts used to control compilation and installation
 of the executable. However, as a special exception, the source code distributed
 need not include anything that is normally distributed (in either source or
 binary form) with the major components (compiler, kernel, and so on) of the
 operating system on which the executable runs, unless that component itself
 accompanies the executable.
 If distribution of executable or object code is made by offering access to copy
 from a designated place, then offering equivalent access to copy the source code
 from the same place counts as distribution of the source code, even though third
 parties are not compelled to copy the source along with the object code.
 **4.** You may not copy, modify, sublicense, or distribute the Program except as
 expressly provided under this License. Any attempt otherwise to copy, modify,
 sublicense or distribute the Program is void, and will automatically terminate
 your rights under this License. However, parties who have received copies, or
 rights, from you under this License will not have their licenses terminated so
 long as such parties remain in full compliance.
 **5.** You are not required to accept this License, since you have not signed
 it. However, nothing else grants you permission to modify or distribute the
 Program or its derivative works. These actions are prohibited by law if you do
 not accept this License. Therefore, by modifying or distributing the Program (or
 any work based on the Program), you indicate your acceptance of this License to
 do so, and all its terms and conditions for copying, distributing or modifying
 the Program or works based on it.
 **6.** Each time you redistribute the Program (or any work based on the
 Program), the recipient automatically receives a license from the original
 licensor to copy, distribute or modify the Program subject to these terms and
 conditions. You may not impose any further restrictions on the recipients'
 exercise of the rights granted herein. You are not responsible for enforcing
 compliance by third parties to this License.
 **7.** If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues), conditions
 are imposed on you (whether by court order, agreement or otherwise) that
 contradict the conditions of this License, they do not excuse you from the
 conditions of this License. If you cannot distribute so as to satisfy
 simultaneously your obligations under this License and any other pertinent
 obligations, then as a consequence you may not distribute the Program at all.
 For example, if a patent license would not permit royalty-free redistribution of
 the Program by all those who receive copies directly or indirectly through you,
 then the only way you could satisfy both it and this License would be to refrain
 entirely from distribution of the Program.
 If any portion of this section is held invalid or unenforceable under any
 particular circumstance, the balance of the section is intended to apply and the
 section as a whole is intended to apply in other circumstances.
 It is not the purpose of this section to induce you to infringe any patents or
 other property right claims or to contest validity of any such claims; this
 section has the sole purpose of protecting the integrity of the free software
 distribution system, which is implemented by public license practices. Many
 people have made generous contributions to the wide range of software
 distributed through that system in reliance on consistent application of that
 system; it is up to the author/donor to decide if he or she is willing to
 distribute software through any other system and a licensee cannot impose that
 choice.
 This section is intended to make thoroughly clear what is believed to be a
 consequence of the rest of this License.
 **8.** If the distribution and/or use of the Program is restricted in certain
 countries either by patents or by copyrighted interfaces, the original copyright
 holder who places the Program under this License may add an explicit
 geographical distribution limitation excluding those countries, so that
 distribution is permitted only in or among countries not thus excluded. In such
 case, this License incorporates the limitation as if written in the body of this
 License.
 **9.** The Free Software Foundation may publish revised and/or new versions of
 the General Public License from time to time. Such new versions will be similar
 in spirit to the present version, but may differ in detail to address new
 problems or concerns.
 Each version is given a distinguishing version number. If the Program specifies
 a version number of this License which applies to it and "any later version",
 you have the option of following the terms and conditions either of that version
 or of any later version published by the Free Software Foundation. If the
 Program does not specify a version number of this License, you may choose any
 version ever published by the Free Software Foundation.
 **10.** If you wish to incorporate parts of the Program into other free programs
 whose distribution conditions are different, write to the author to ask for
 permission. For software which is copyrighted by the Free Software Foundation,
 write to the Free Software Foundation; we sometimes make exceptions for this.
 Our decision will be guided by the two goals of preserving the free status of
 all derivatives of our free software and of promoting the sharing and reuse of
 software generally.
 No Warranty
 -----------
 **11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
 THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
 STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
 "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
 BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
 PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
 ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
 **12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE
 THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
 GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
 INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
 BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
 FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER
 OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
--- a/Makefile.in
+++ b/Makefile.in
@ -1,10 +1,9 @@
 ###############################
 # Makefile for NRPE
 #
-# Last Modified: 03-14-2007
+#  NRPE Makefile
 #
 ###############################
 # Source code directories
 SRC_BASE=./src/
 SRC_INCLUDE=./include/
@ -70,7 +69,7 @@ all:
 	echo "";\
 	echo "You can now continue with the installation or upgrade process.";\
 	echo "";\
-	echo "Read the PDF documentation (NRPE.pdf) for information on the next";\
+	echo "Read the PDF documentation (docs/NRPE.pdf) for information on the next";\
 	echo "steps you should take to complete the installation or upgrade.";\
 	echo ""
@ -110,6 +109,10 @@ install-init:
 		echo svccfg import $(INIT_DIR)/$(INIT_FILE); \
 		svccfg import $(INIT_DIR)/$(INIT_FILE); \
 		echo "*** Run 'svcadm enable nrpe' to start it"; \
 	elif test $(INIT_TYPE) = gentoo; then\
 		$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
 		echo rc-update add nrpe default; \
 		rc-update add nrpe default; \
 	else\
 		echo $(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
 		$(INSTALL) -m 755 startup/$(SRC_INIT) $(INIT_DIR)/$(INIT_FILE); \
@ -126,7 +129,9 @@ install-init:
 			launchctl load $(INIT_DIR)/$(INIT_FILE); \
 		else\
 			if test -f /sbin/chkconfig ; then \
-			    /sbin/chkconfig nrpe on;\
+			    case "$(DESTDIR)" in */rpmbuild/*) break;; \
 			    *)/sbin/chkconfig nrpe on;; \
 			    esac; \
 			else\
 				echo "Make sure to enable the nrpe daemon";\
 			fi;\
--- a/README.SSL.md
+++ b/README.SSL.md
@ -1,16 +1,27 @@
 NRPE With SSL/TLS
 =================
-##Contents
+This document covers the different methods of SSL transport
-1. [Introduction](#intro)
+that NRPE allows for. 
 2. [NRPE Changes](#nrpe)
 3. [check_nrpe Changes](#chk)
 4. [Certificate Generation Example](#xmp)
-<a id=intro></a>
+If there was a TL;DR here, it is these:
------------
+### Don't use NRPE without encryption
-###Introduction
+
 and
 ### Use Public Key Encryption
 Contents
 --------
 1. [Introduction](#introduction)
 2. [NRPE Changes](#nrpe-changes)
 3. [check_nrpe Changes](#check_nrpe-changes)
 4. [Certificate Generation Example](#certificate-generation-example)
 Introduction
 ------------
 NRPE has had basic support for SSL/TLS for some time now, but it was
@ -19,17 +30,16 @@ exchange, it used a fixed 512-bit key (generated at `./configure`
 time and extremely insecure) and originally allowed SSLv2. In 2004,
 SSLv2 and SSLv3 support was disabled.
-nrpe and check_nrpe have been updated to offer much more secure
+`nrpe` and `check_nrpe` have been updated to offer much more secure
 encryption and more options. And the updates are done in a backward-
 compatible way, allowing you to migrate to the newer versions
 without having to do it all at once, and possibly miss updating some
 machines, causing lost reporting.
 <a id=nrpe></a>
------------------------------------------
+
-###CHANGES IN THE CURRENT VERSION OF NRPE
+NRPE Changes
------------------------------------------
+------------
 Running `./configure` will now create a 2048-bit DH key instead
 of the old 512-bit key. The most current versions of openSSL will
@ -52,8 +62,8 @@ If you are upgrading NRPE from a prior version, you can run the
 The `ssl_version` directive lets you set which versions of SSL/TLS
 you want to allow. SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 are
 allowed, or those litereals with a `+` after them (as in TLSv1.1+).
-Without the `+`, that version _only_ will be used. With the `+`,
+Without the `+`, *that version only* will be used. With the `+`,
-that version _or above_ will be used. openSSL will always negotiate
+that *version or above* will be used. openSSL will always negotiate
 the highest available allowed version available on both ends. This
 directive currently defaults to `TLSv1+`.
@ -61,7 +71,7 @@ The `ssl_use_adh` directive is **DEPRECATED**, even though it is new.
 Possible values are `0` to not allow ADH at all, `1` to allow ADH,
 and `2` to require ADH. The `2` should never be required, but it's
 there just in case it's needed, for whatever reason. `1` is currently
-the default, which allows older check_nrpe plugins to connect using
+the default, which allows older `check_nrpe` plugins to connect using
 ADH. When all the plugins are migrated to the newer version, it
 should be set to `0`. In an upcoming version of NRPE, ADH will no
 longer be allowed at all. Note that if you use a `2` here, NRPE will
@ -103,13 +113,11 @@ This can be especially helpful during plugin migration, so you can
 tell which plugins have certificates, what SSL/TLS version is being
 used, and which ciphers are being used.
 <a id=chk></a>
------------------------------------------------
+check_nrpe Changes
-###CHANGES IN THE CURRENT VERSION OF CHECK_NRPE
+------------------
 ------------------------------------------------
-The check_nrpe plugin has also been updated to provide more secure
+The `check_nrpe` plugin has also been updated to provide more secure
 encryption and allow the use of client certificates. The command line
 has several new options, which are outlined below. Both the long and
 short arguments are presented.
@ -145,11 +153,10 @@ data to syslog. OR (or add) values together to have more than one
 option enabled. See the description of the `ssl_logging` directive
 from NRPE above.
 <a id=xmp></a>
----------------------------------
+
-###Certificate Generation Example
+Certificate Generation Example
----------------------------------
+------------------------------
 **Note** _The following example does not follow best practice for
 creating and running a CA or creating certificates. It is for testing
@ -166,22 +173,22 @@ is called `nag_serv`; and there are two Linux machines that will
 run the nrpe daemon: `db_server` and `bobs_workstation`.
-####Set up the directories
+#### Set up the directories
 As root, do the following:
        mkdir -p -m 750 /usr/local/nagios/etc/ssl
-        chown root.nagios /usr/local/nagios/etc/ssl
+        chown root:nagios /usr/local/nagios/etc/ssl
        cd /usr/local/nagios/etc/ssl
        mkdir -m 750 ca
-        chown root.root ca
+        chown root:root ca
        mkdir -m 750 server_certs
-        chown root.nagios server_certs
+        chown root:nagios server_certs
        mkdir -m 750 client_certs
-        chown root.nagios client_certs
+        chown root:nagios client_certs
-####Create Certificate Authority
+#### Create Certificate Authority
 If you want to validate client or server certificates, you will need
 to create a Certificate Authority (CA) that will sign all client and
@ -203,7 +210,7 @@ probably want to include `CA` or `Certificate Authority` in for
        Common Name (e.g. server FQDN or YOUR name) []:Foo Nagios CA
-####Create NRPE Server Certificate Requests
+#### Create NRPE Server Certificate Requests
 For each of the hosts that will be running the nrpe daemon, you will
 need a server certificate. You can create a key, and the CSR
@ -228,8 +235,8 @@ If you have the default `/etc/openssl.cnf`, either change it, or as root, do:
        mkdir demoCA
        mkdir demoCA/newcerts
        touch demoCA/index.txt
-		echo "01" > demoCA/serial
+        echo "01" > demoCA/serial
-        chown -R root.root demoCA
+        chown -R root:root demoCA
        chmod 700 demoCA
        chmod 700 demoCA/newcerts
        chmod 600 demoCA/serial
@ -242,13 +249,13 @@ Now, sign the CSRs. As root, do the following:
           -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
           -in server_certs/db_server.csr \
           -out server_certs/db_server.pem
-        chown root.nagios server_certs/db_server.pem
+        chown root:nagios server_certs/db_server.pem
        chmod 440 server_certs/db_server.pem
        openssl ca -days 365 -notext -md sha256 \
           -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
           -in server_certs/bobs_workstation.csr \
           -out server_certs/bobs_workstation.pem
-        chown root.nagios server_certs/bobs_workstation.pem
+        chown root:nagios server_certs/bobs_workstation.pem
        chmod 440 server_certs/bobs_workstation.pem
 Now, copy the `db_server.pem` and `db_server.key` files to the
@ -257,7 +264,7 @@ db_server machine, and the `bobs_workstation.pem` and
 `ca/ca_cert.pem` file to both machines.
-####Create NRPE Client Certificate Requests
+#### Create NRPE Client Certificate Requests
 Now you need to do the same thing for the machine that will be
 running the check_nrpe program.
@ -271,7 +278,7 @@ running the check_nrpe program.
           -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
           -in client_certs/nag_serv.csr \
           -out client_certs/nag_serv.pem
-        chown root.nagios client_certs/nag_serv.pem
+        chown root:nagios client_certs/nag_serv.pem
        chmod 440 client_certs/nag_serv.pem
 Now, copy the `nag_serv.pem`, `nag_serv.key` and `ca/ca_cert.pem`
--- a/README.md
+++ b/README.md
@ -1,13 +1,30 @@
-NRPE README
+![Nagios!](https://www.nagios.com/wp-content/uploads/2015/05/Nagios-Black-500x124.png)
-===========
+
 [![Build Status](https://travis-ci.org/NagiosEnterprises/nrpe.svg?branch=master)](https://travis-ci.org/NagiosEnterprises/nrpe)
 NRPE
 ====
 ## Nagios Remote Plugin Executor
 For installation instructions and information on the design overview
 of the NRPE addon, please read the PDF documentation that is found in
-this directory: `docs/NRPE.pdf`
+this directory: `docs/NRPE.pdf`.
-If you are upgrading from a previous version, run 'update-cfg.pl' to
+If you are upgrading from a previous version, you'll want to
 check the [Changelog](CHANGELOG.md) and then run `./update-cfg.pl` to
 add the new SSL parameters to your config file.
 TL;DR: You can jump straight to [Compiling](#compiling) and
 [Installing](#installing)
 You'll want to read up on the [Security](SECURITY.md) document
 regarding NRPE, no doubt.
 And make sure to check out the [SSL Readme](README.SSL.md) as well,
 if you plan on using encryption methods to transmit `nrpe` data.
 Purpose
 -------
@ -20,69 +37,126 @@ Contents
 There are two pieces to this addon:
-  1) **NRPE**       - This program runs as a background process on the
+1. `nrpe`
                      remote host and processes command execution requests
                      from the check_nrpe plugin on the Nagios host.
                      Upon receiving a plugin request from an authorized
                      host, it will execute the command line associated
                      with the command name it received and send the
                      program output and return code back to the
                      check_nrpe plugin
-  2) **check_nrpe** - This is a plugin that is run on the Nagios host
+   This program runs as a background process on the
-                      and is used to contact the NRPE process on remote
+   remote host and processes command execution requests
-                      hosts.  The plugin requests that a plugin be
+   from the check_nrpe plugin on the Nagios host.
-                      executed on the remote host and wait for the NRPE
+   Upon receiving a plugin request from an authorized
-                      process to execute the plugin and return the result.
+   host, it will execute the command line associated
-                      The plugin then uses the output and return code
+   with the command name it received and send the
-                      from the plugin execution on the remote host for
+   program output and return code back to the
-                      its own output and return code.
+   check_nrpe plugin
 2. `check_nrpe` 
   This is a plugin that is run on the Nagios host
   and is used to contact the NRPE process on remote
   hosts.  The plugin requests that a plugin be
   executed on the remote host and wait for the NRPE
   process to execute the plugin and return the result.
   The plugin then uses the output and return code
   from the plugin execution on the remote host for
   its own output and return code.
 Compiling
 ---------
-The code is very basic and may not work on your particular
+If you are having any problems compiling on your system, 
-system without some tweaking. If you are having any problems
+please let us know (preferrably with fixes). Most users 
-compiling on your system, please let us know, hopefully with
+should be able to compile `nrpe` and the `check_nrpe` 
-fixes. Most users should be able to compile NRPE and the
+plugin with the following commands...
 check_nrpe plugin with the following commands...
    ./configure
    make all
-The binaries will be located in the `src/` directory after you
+***HINT:*** `./configure --help`
 run `make all` and will have to be installed manually somewhere
 on your system.
-_NOTE: Since the check_nrpe plugin and nrpe daemon run on different
+**NOTE:** If you're cloning from GitHub, you'll need to run
-      machines (the plugin runs on the Nagios host and the daemon
+`autoconf` first.
-      runs on the remote host), you will have to compile the nrpe
+
-      daemon on the target machine._
+**NOTE:** Since the check_nrpe plugin and nrpe daemon run 
 on different machines (the plugin runs on the Nagios host and 
 the daemon runs on the remote host), you will have to compile 
 the nrpe daemon on the target machine.
 Installing
 ----------
-The check_nrpe plugin should be placed on the Nagios host along
+You have a few options here. The binaries created from `make all` 
-with your other plugins.  In most cases, this will be in the
+were placed in your `src/` directory. You can either copy these 
-`/usr/local/nagios/libexec` directory.
+where they need to be, or you can run any of the following 
 `make install` options:
-The nrpe program and the configuration file `nrpe.cfg` should
+* `make install-groups-users`
 be placed somewhere on the remote host.  Note that you will also
 have to install some plugins on the remote host if you want to
 make much use of this addon.
   Add the users and groups sepcified during `./configure`. Defaults
   to nagios and nagios, respectively. You can override these with the
   `./configure --with-nrpe-user=USER --with-nrpe-group=GROUP`.
 * `make install`
   This will run both `install-plugin` and `install-daemon`.
 * `make install-plugin`
   This will install the plugin by default in 
   `/usr/local/nagios/libexec`. You can override this 
   behavior by using the `--with-pluginsdir=DIR` flag during
   `./configure`.
 * `make install-daemon`
   This will install the plugin by default in 
   `/usr/local/nagios/bin`. You can override this 
   behavior by using the `--prefix=DIR` or 
   `--bindir=DIR` flags during `./configure`.
 * `make install-config`
   This will install the sample config by default in 
   `/usr/local/nagios/etc`. You can override this 
   behavior by using the `--with-pkgsysconfdir=DIR` 
   flag during `./configure`.
 * `make install-inetd`
   `./configure` attempts to determine your inetd type.
   If it finds it, it will install the appropriate inetd 
   script in the proper location. You can help it out with
   `./configure --with-inetd-type=TYPE` where `TYPE` can be
   one of: `inetd`, `xinetd`, `systemd`, `launchd`, 
   `smf10`, `smf11`.
 * `make install-init`
   `./configure` attempts to determine the appropriate
   init type. If it figures it out, will install the
   required startup script. You can help it out with
   `./configure --with-init-type=TYPE` where TYPE can be
   one of: `bsd`, `sysv`, `systemd`, `launchd`, `smf10`, 
   `smf11`, `upstart`, `openrc`.
 If you used all the necessary `./configure` flags, you shouldn't
 need to tweak your config file any at this point, and a simple
 `service nrpe start` or `systemctl start nrpe.service` should
 work just fine.
 Configuring
 -----------
-Sample config files for the NRPE daemon are located in the
+A sample config file for the NRPE daemon are located in the
 `sample-config/` subdirectory.
 If you used the proper flags during `./configure`, this file
 should contain all of the appropriate information as a starting
 point.
-Running Under INETD or XINETD
+
-----------------------------
+Running Under `inetd` or `xinetd`
 ---------------------------------
 If you plan on running nrpe under inetd or xinetd and making use
 of TCP wrappers, you need to add a line to your `/etc/services`
@ -93,72 +167,67 @@ file as follows (modify the port number as you see fit)
 The run `make install-inetd` to copy the appropriate file, or
 add the appropriate line to your `/etc/inetd.conf`.
-   _NOTE: If you run nrpe under inetd or xinetd, the server_port
+**NOTE:** If you run nrpe under inetd or xinetd, the server_port
-   and allowed_hosts variables in the nrpe configuration file are
+and allowed_hosts variables in the nrpe configuration file are
-   ignored._
+ignored.
-#### INETD
+* `inetd`
-After running `make install-inetd`, your `/etc/inetd.conf` file will
+   After running `make install-inetd`, your `/etc/inetd.conf` file will
-contain lines similar to the following:
+   contain lines similar to the following:
-```
+       # Enable the following entry to enable the nrpe daemon
-	#
+       #nrpe stream tcp nowait nagios /usr/local/nagios/bin/nrpe nrpe -c /usr/local/nagios/etc/nr
-	# Enable the following entry to enable the nrpe daemon
+       # Enable the following entry if the nrpe daemon didn't link with libwrap
-	#nrpe stream tcp nowait nagios /usr/local/nagios/bin/nrpe nrpe -c /usr/local/nagios/etc/nr
+       #nrpe stream tcp nowait nagios /usr/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nag
 	# Enable the following entry if the nrpe daemon didn't link with libwrap
 	#nrpe stream tcp nowait nagios /usr/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nag
 ```
-Un-comment the appropriate line, then Restart inetd:
+   Un-comment the appropriate line, then Restart inetd:
-    /etc/rc.d/init.d/inet restart
+       /etc/rc.d/init.d/inet restart
-OpenBSD users can use the following command to restart inetd:
+   OpenBSD users can use the following command to restart inetd:
-    kill -HUP `cat /var/run/inet.pid`
+       kill -HUP `cat /var/run/inet.pid`
-Then add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
+   Then add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
-file to enable TCP wrapper protection for the nrpe service.
+   file to enable TCP wrapper protection for the nrpe service.
-This is optional, although highly recommended.
+   This is optional, although highly recommended.
-#### XINETD
+* `xinetd`
-If your system uses xinetd instead of inetd, `make install-inetd`
+   If your system uses xinetd instead of inetd, `make install-inetd`
-will create a file called `nrpe` in your `/etc/xinetd.d`
+   will create a file called `nrpe` in your `/etc/xinetd.d`
-directory that contains a file similar to this:
+   directory that contains a file similar to this:
-```
+       # default: off
-    # default: off
+       # description: NRPE (Nagios Remote Plugin Executor)
-    # description: NRPE (Nagios Remote Plugin Executor)
+       service nrpe
-    service nrpe
+       {
-    {
+           disable         = yes
-        disable         = yes
+           socket_type     = stream
-        socket_type     = stream
+           port            = @NRPE_PORT@
-        port            = @NRPE_PORT@
+           wait            = no
-        wait            = no
+           user            = nagios
-        user            = nagios
+           group           = nagios
-        group           = nagios
+           server          = /usr/local/nagios/bin/nrpe
-        server          = /usr/local/nagios/bin/nrpe
+           server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
-        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
+           only_from       = 127.0.0.1
-        only_from       = 127.0.0.1
+           log_on_failure  += USERID
-        log_on_failure  += USERID
+       }
    }
 ```
- Replace `disable = yes` with `disable = no`
+   * Replace `disable = yes` with `disable = no`
- Replace the `127.0.0.1` field with the IP addresses of hosts which
+   * Replace the `127.0.0.1` field with the IP addresses of hosts which
-  are allowed to connect to the NRPE daemon.  This only works if xinetd was
+     are allowed to connect to the NRPE daemon.  This only works if xinetd was
-  compiled with support for tcpwrappers.
+     compiled with support for tcpwrappers.
- Add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
+   * Add entries to your `/etc/hosts.allow` and `/etc/hosts.deny`
-  file to enable TCP wrapper protection for the nrpe service.
+     file to enable TCP wrapper protection for the nrpe service.
-  This is optional, although highly recommended.
+     This is optional, although highly recommended.
-Restart xinetd:
+   * Restart xinetd:
-    /etc/rc.d/init.d/xinetd restart
+          /etc/rc.d/init.d/xinetd restart
 Configuring Things On The Nagios Host
@ -173,8 +242,8 @@ to define a few things in the host config file.  An example
 command definition for the check_nrpe plugin would look like this:
    define command{
-        command_name    check_nrpe
+        command_name           check_nrpe
-        command_line    /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
+        command_line           /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
        }
 In any service definitions that use the nrpe plugin/daemon to
@ -183,24 +252,41 @@ of the definition to something like this (sample service definition
 is simplified for this example):
    define service{
-        host_name           someremotehost
+        host_name              someremotehost
-        service_description someremoteservice
+        service_description    someremoteservice
-        check_command       check_nrpe!yourcommand
+        check_command          check_nrpe!yourcommand
        ... etc ...
        }
 where `yourcommand` is a name of a command that you define in
-your nrpe.cfg file on the remote host (see the docs in the
+your `nrpe.cfg` file on the remote host (see the docs in the
 sample nrpe.cfg file for more information).
 License Notice
 --------------
 NRPE - Nagios Remote Plugin Executor
 Copyright (c) 2017 Nagios Enterprises
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 Questions?
 ----------
-If you have questions about this addon, or problems getting things
+If you have questions about this addon, or encounter problems getting things
-working, first try searching the nagios-users mailing list archives.
+working along the way, your best bet for an answer or quick resolution is to check the
-Details on searching the list archives can be found at
+[Nagios Support Forums](https://support.nagios.com/forum/viewforum.php?f=5).
 http://www.nagios.org
 If you don't find an answer there, post a message in the Nagios
 Plugin Development forum at https://support.nagios.com/forum/viewforum.php?f=35
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,20 +1,19 @@
 NRPE SECURITY README
 ====================
---
+TCP Wrapper Support
-
+-------------------
 ### TCP WRAPPER SUPPORT ###
 NRPE 2.x includes native support for TCP wrappers. Once you
 compile NRPE you can check to see if it has wrapper support
 built in by running the daemon from the command line without
 any arguments like this:
-	./nrpe --help
+    ./nrpe --help
-#### COMMAND ARGUMENTS ####
+Command Arguments
 -----------------
 NRPE 2.0 includes the ability for clients to supply arguments to
 commands which should be run.  Please note that this feature
@ -22,7 +21,8 @@ should be considered a security risk, and you should only use
 it if you know what you're doing!
-#### BASH COMMAND SUBSTITUTION ####
+Bash Command Substitution
 -------------------------
 Even with the metacharacter restrictions below, if command arguments 
 are enabled, it is still possible to send bash command substitutions 
@ -32,7 +32,8 @@ configuration file option. Enabling this option is **VERY RISKY**
 and its use is **HIGHLY DISCOURAGED**.
-#### ENABLING ARGUMENTS ####
+Enabling Arguments
 ------------------
 To enable support for command argument in the daemon, you must
 do two things:
@ -44,9 +45,10 @@ do two things:
       file to `1`.
-#### ENABLING BASH COMMAND SUBSTITUTION ####
+Enabling Bash Command Substitution
 ----------------------------------
-To enable support for arguments containing bash command substitions, 
+To enable support for arguments containing bash command substitutions, 
 you must do two things:
   1.  Enable arguments as described above
@ -58,56 +60,64 @@ you must do two things:
       NRPE config file to `1`.
-#### ILLEGAL METACHARS ####
+Nasty Metacharacters
 --------------------
 To help prevent some nasty things from being done by evil 
 clients, the following metacharacters are not allowed
 in client command arguments:
-	| ` & > < ' " \ [ ] { } ; !
+    | ` & > < ' \ [ ] { } ; ! \r \n
 You can override these defaults by adjusting the `nasty_metachars`
 flag in the config file.
 Any client request which contains the above mentioned metachars
 is discarded.
-#### USER/GROUP RESTRICTIONS ####
+User/Group Restrictions
 -----------------------
 The NRPE daemon cannot be run with (effective) root user/group
 privileges.  You must run the daemon with an account that does
-not have superuser rights.  Use the nrpe_user and nrpe_group
+not have superuser rights.  Use the `--with-nrpe-user` and 
-directives in the config file to specify which user/group the
+`--with-nrpe-group` flags during `./configure`, or the `nrpe_user`
-daemon should run as.
+and `nrpe_group` config file options to specify which user/group 
 the daemon should run as.
-#### ENCRYPTION ####
+Encryption
 ----------
 If you do enable support for command arguments in the NRPE daemon,
 make sure that you encrypt communications either by using:
   1.  Stunnel (see http://www.stunnel.org for more info)
-   2.  Native SSL support (See the `README.SSL.md` file for more info)
+   2.  Native SSL support (See the [SSL Readme](README.SSL.md) file for more info)
-*Do NOT* assume that just because the daemon is behind a firewall
+Do **NOT** assume that just because the daemon is behind a firewall
-that you are safe!  Always encrypt NRPE traffic!
+that you are safe! ***Always encrypt NRPE traffic!***
-#### USING ARGUMENTS ####
+Using Arguments
 ---------------
 How do you use command arguments?  Well, lets say you define a
 command in the NRPE config file that looks like this:
-	command[check_users]=/usr/local/nagios/libexec/check_users -w $ARG1$ -c $ARG2$
+    command[check_users]=/usr/local/nagios/libexec/check_users -w $ARG1$ -c $ARG2$
 You could then call the check_nrpe plugin like this:
-	./check_nrpe -H <host> -c check_users -a 5 10
+    ./check_nrpe -H <host> -c check_users -a 5 10
 The arguments '5' and '10' get substituted into the appropriate
-$ARGx$ macros in the command ($ARG1$ and $ARG2$, respectively).
+`$ARGx$` macros in the command (`$ARG1$` and `$ARG2$`, respectively).
 The command that would be executed by the NRPE daemon would look
 like this:
-	/usr/local/nagios/libexec/check_users -w 5 -c 10
+    /usr/local/nagios/libexec/check_users -w 5 -c 10
 You can supply up to 16 arguments to be passed to the command
-for substitution in $ARG$ macros ($ARG1$ - $ARG16$).
+for substitution in `$ARG$` macros (`$ARG1$` - `$ARG16$`).
--- a/15
+++ b/15
@ -4,21 +4,28 @@ Andrew Boyce-Lewis
 Andrew Ryder
 Andrew Widdersheim
 Bartosz Woronicz
 Bas Couwenberg
 Bill Mitchell
 Bjoern Beutel
 Brian Seklecki
 Bryan Heden
 Derrick Bennett
 Elan Ruusamäe
 Eric Mislivec
 Eric Stanley
 Gerhard Lausser
 Graham Collinson
 Grant Byers
 Grégory Starck
 jaclu@grm.se
 James Peterson
 Jari Takkala
 Jason Cook
 Jobst Schmalenbach
 John Frickson
 John Maag
 Jon Andrews
 Josh Soref
 Kaspersky Lab
 Kevin Pendleton
 Konstantin Malov
@ -30,14 +37,18 @@ Matthias Flacke
 Niels Endres
 Patric Wust
 Peter Palfrader
 Philippe Kueck
 Rene Klootwijk
 Robert Peaslee
 Ruben Kerkhof
 Ryan McGarry
 Ryan Ordway
 Sean Finney
 Spenser Reinhardt
 Stefan Krüger
 Stephen Smoogen
 Subhendu Ghosh
 Sven Nierlein
 Thierry Bertaud
 Ton Voon
-Vadim Antipov
+Vadim Antipov
 jaclu@grm.se
--- a/222
+++ b/222
@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for nrpe 3.0.1.
+# Generated by GNU Autoconf 2.69 for nrpe newdate.
 #
 # Report bugs to <nagios-users@lists.sourceforge.net>.
 #
@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='nrpe'
 PACKAGE_TARNAME='nrpe'
-PACKAGE_VERSION='3.0.1'
+PACKAGE_VERSION='newdate'
-PACKAGE_STRING='nrpe 3.0.1'
+PACKAGE_STRING='nrpe newdate'
 PACKAGE_BUGREPORT='nagios-users@lists.sourceforge.net'
 PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/'
@ -630,6 +630,7 @@ SSL_LIB_DIR
 SSL_INC_PREFIX
 SSL_HDR
 SSL_INC_DIR
 SSL_TYPE
 HAVE_SSL
 EGREP
 GREP
@ -756,6 +757,7 @@ with_logdir
 with_piddir
 with_pipedir
 enable_ssl
 with_need_dh
 with_ssl
 with_ssl_inc
 with_ssl_lib
@ -1318,7 +1320,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures nrpe 3.0.1 to adapt to many kinds of systems.
+\`configure' configures nrpe newdate to adapt to many kinds of systems.
 Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1368,7 +1370,7 @@ fi
 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of nrpe 3.0.1:";;
+     short | recursive ) echo "Configuration of nrpe newdate:";;
   esac
  cat <<\_ACEOF
@ -1388,7 +1390,7 @@ Optional Features:
                          '--enable-install-method', so you can see the
                          destinations before a full './configure', 'make',
                          'make install' process.
-  --enable-ssl            enables native SSL support
+  --disable-ssl           disables native SSL support [default=check]
  --enable-command-args   allows clients to specify command arguments. ***
                          THIS IS A SECURITY RISK! *** Read the SECURITY file
                          before using this option!
@ -1421,6 +1423,7 @@ Optional Packages:
  --with-logdir=DIR       where log files should be placed
  --with-piddir=DIR       where the PID file should be placed
  --with-pipedir=DIR      where socket and pipe files should be placed
  --with-need-dh          set to 'no' to not include Diffie-Hellman SSL logic
  --with-ssl=DIR          sets location of the SSL installation
  --with-ssl-inc=DIR      sets location of the SSL include files
  --with-ssl-lib=DIR      sets location of the SSL libraries
@ -1513,7 +1516,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-nrpe configure 3.0.1
+nrpe configure newdate
 generated by GNU Autoconf 2.69
 Copyright (C) 2012 Free Software Foundation, Inc.
@ -2119,7 +2122,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
-It was created by nrpe $as_me 3.0.1, which was
+It was created by nrpe $as_me newdate, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
  $ $0 $@
@ -2484,9 +2487,9 @@ ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
 PKG_NAME=nrpe
-PKG_VERSION="3.0.1"
+PKG_VERSION="3.2.1"
 PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="09-08-2016"
+PKG_REL_DATE="2017-09-01"
 RPM_RELEASE=1
 LANG=C
@ -2751,10 +2754,12 @@ fi
  bsd) :
    dist_type=`uname -s | tr "A-Z" "a-z"`
 						dist_ver=`uname -r` ;; #(
-  aix|hp-ux) :
+  aix) :
-    dist_ver=$OSTYPE ;; #(
+    dist_ver="`uname -v`.`uname -r`" ;; #(
  hp-ux) :
    dist_ver=`uname -r | cut -d'.' -f1-3` ;; #(
  solaris) :
-    dist_ver=`echo $OSTYPE | cut -d'.' -f2` ;; #(
+    dist_ver=`uname -r | cut -d'.' -f2` ;; #(
  *) :
    dist_ver=$OSTYPE
 				 ;; #(
@ -2888,20 +2893,19 @@ fi
 			elif test "$dist_type" = "slackware"; then
 				init_type="bsd"
 				init_type_wanted=no
 			elif test "$dist_type" = "aix"; then
 				init_type="bsd"
 				init_type_wanted=no
 			elif test "$dist_type" = "hp-ux"; then
 				init_type="unknown"
 				init_type_wanted=no
 			fi
 		fi
 		PSCMD="ps -p1 -o args"
-		case $dist_type in #(
+		if test $dist_type = solaris; then
-  aix) :
+			PSCMD="env UNIX95=1; ps -p1 -o args"
-    PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
+		fi
  solaris) :
    PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
  hp-ux) :
    PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
  *) :
     ;;
 esac
 		if test "$init_type_wanted" = yes; then
 			pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
@ -2948,7 +2952,7 @@ esac
 			if test "$init_type_wanted" = yes; then
 				if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
-					if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then
+					if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then
 						init_type="upstart"
 						init_type_wanted=no
 					elif test -f "/etc/rc" -a ! -L "/etc/rc"; then
@ -3018,30 +3022,24 @@ fi
 			inetd_disabled=""
-			if test x"$init_type" = "xupstart"; then
+			case $dist_type in #(
 				inetd_type="upstart"
 			elif test "$opsys" = "osx"; then
 				inetd_type="launchd"
 			fi
 			if test x"$inetd_type" = x; then
 				case $dist_type in #(
  solaris) :
    if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
-							inetd_type="$init_type"
+						inetd_type="$init_type"
-						else
+					else
-							inetd_type="inetd"
+						inetd_type="inetd"
-						fi ;; #(
+					fi ;; #(
  *bsd*) :
    inetd_type=`ps -A -o comm -c | grep inetd` ;; #(
  osx) :
    inetd_type=`launchd` ;; #(
  aix|hp-ux) :
    inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1` ;; #(
  *) :
-    inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND` ;; #(
+    inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1` ;; #(
  *) :
     ;;
 esac
 			fi
 			if test x"$inetd_type" = x; then
 				if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
@ -3053,6 +3051,12 @@ esac
 				fi
 			fi
 			if test x"$inetd_type" = x; then
 				if test x"$init_type" = "xupstart"; then
 					inetd_type="upstart"
 				fi
 			fi
 			if test x"$inetd_type" = x; then
 				if test x"$init_type" = "xsystemd"; then
 					inetd_type="systemd"
@ -3154,16 +3158,21 @@ case $dist_type in #(
 esac
-need_cgi=no
+						# Does this package need to know:
-need_web=no
+need_cgi=no				# where the cgi-bin directory is
-need_brk=no
+need_web=no				# where the website directory is
-need_plg=no
+need_brk=no				# where the event broker modules directory is
-need_pipe=no
+need_plg=no				# where the plugins directory is
-need_spl=no
+need_pipe=no			# where the pipe directory is
-need_loc=no
+need_spl=no				# where the spool directory is
-need_log_subdir=no
+need_loc=no				# where the locale directory is
-need_etc_subdir=no
+need_log_subdir=no		# where the loc sub-directory is
-need_pls_dir=no
+need_etc_subdir=no		# where the etc sub-directory is
 need_pls_dir=no			# where the package locate state directory is
 if test x"$INIT_PROG" = x; then
 	INIT_PROG="$PKG_NAME"
 fi
 case $PKG_NAME in #(
  nagios) :
@ -3177,7 +3186,8 @@ case $PKG_NAME in #(
 		need_cgi=yes
 		need_web=yes ;; #(
  ndoutils) :
-    need_spl=yes ;; #(
+    need_brk=yes
 		need_spl=yes ;; #(
  nrpe) :
    need_plg=yes ;; #(
  nsca) :
@ -3348,14 +3358,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles.d"}
 if test ! -d "$tmpfilesd"; then
 	tmpfilesd="N/A"
 else
-	tmpfilesd="$tmpfilesd/$PKG_NAME.conf"
+	tmpfilesd="$tmpfilesd/$INIT_PROG.conf"
 fi
 subsyslockdir=${subsyslockdir="/var/lock/subsys"}
 if test ! -d "$subsyslockdir"; then
 	subsyslockdir="N/A"
 	subsyslockfile="N/A"
 else
-	subsyslockfile="$subsyslockdir/$PKG_NAME"
+	subsyslockfile="$subsyslockdir/$INIT_PROG"
 fi
 if test "$need_loc" = no; then
 	localedir="N/A"
@ -3436,23 +3446,23 @@ elif test $opsys = "linux"; then
 	fi
 	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
 	if test $need_log_subdir = yes; then
-		logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+		logdir=${logdir="$localstatedir/log/$INIT_PROG"}
 	else
 		logdir=${logdir="$localstatedir/log"}
 	fi
-	piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+	piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
 	if test "$need_pipe" = yes; then
-		pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+		pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
 	else
 		pipedir="N/A"
 	fi
 	if test "$need_pls_dir" = yes; then
-		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
 	else
 		pkglocalstatedir="N/A"
 	fi
 	if test "$need_spl" = yes; then
-		spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+		spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
 	else
 		spooldir="N/A"
 	fi
@ -3501,7 +3511,7 @@ elif test $opsys = "unix"; then
 	fi
 	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
 	if test "$need_pls_dir" = yes; then
-		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
 	else
 		pkglocalstatedir="N/A"
 	fi
@ -3509,7 +3519,7 @@ elif test $opsys = "unix"; then
 		localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
 	fi
 	if test "$need_spl" = yes; then
-		spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+		spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
 	else
 		spooldir="N/A"
 	fi
@ -3534,14 +3544,14 @@ elif test $opsys = "unix"; then
 			pipedir=${pipedir="$pkglocalstatedir"}
 			logdir=${logdir="$pkglocalstatedir/log"} ;; #(
  *) :
-    piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+    piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
 			if test "$need_pipe" = yes; then
-				pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+				pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
 			else
 				pipedir="N/A"
 			fi
 			if test $need_log_subdir = yes; then
-				logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+				logdir=${logdir="$localstatedir/log/$INIT_PROG"}
 			else
 				logdir=${logdir="$localstatedir/log"}
 			fi
@ -3594,7 +3604,7 @@ elif test $opsys = "bsd"; then
 	fi
 	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
 	if test "$need_pls_dir" = yes; then
-		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
 	else
 		pkglocalstatedir="N/A"
 	fi
@ -3602,7 +3612,7 @@ elif test $opsys = "bsd"; then
 		localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
 	fi
 	if test "$need_spl" = yes; then
-		spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+		spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
 	else
 		spooldir="N/A"
 	fi
@ -3627,14 +3637,14 @@ elif test $opsys = "bsd"; then
 	else
 		cgibindir="N/A"
 	fi
-	piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+	piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
 	if test "$need_pipe" = yes; then
-		pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+		pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
 	else
 		pipedir="N/A"
 	fi
 	if test $need_log_subdir = yes; then
-		logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+		logdir=${logdir="$localstatedir/log/$INIT_PROG"}
 	else
 		logdir=${logdir="$localstatedir/log"}
 	fi
@ -3670,11 +3680,13 @@ eval libexecdir=$libexecdir
 eval brokersdir=$brokersdir
 eval pluginsdir=$pluginsdir
 eval cgibindir=$cgibindir
 eval localstatedir=$localstatedir
 eval pkglocalstatedir=$pkglocalstatedir
 eval webdir=$webdir
 eval localedir=$localedir
 eval sysconfdir=$sysconfdir
 eval pkgsysconfdir=$pkgsysconfdir
 eval logdir=$logdir
 eval piddir=$piddir
 #
@ -3687,51 +3699,56 @@ case $init_type in #(
 		else
 			initdir=${initdir="/etc/init.d"}
 		fi
-		initname=${initname="$PKG_NAME"}
+		initname=${initname="$INIT_PROG"}
 		initconfdir=${initconfdir="/etc/conf.d"}
-		initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
+		initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
  systemd) :
    if test $dist_type = "debian"; then
 			initdir=${initdir="/lib/systemd/system"}
 		else
 			initdir=${initdir="/usr/lib/systemd/system"}
 		fi
-		initname=${initname="$PKG_NAME.service"} ;; #(
+		initname=${initname="$INIT_PROG.service"} ;; #(
  bsd) :
-    initdir=${initdir="/etc/rc.d"}
+    if test $dist_type = "aix"; then
-		initname=${initname="rc.$PKG_NAME"} ;; #(
+			initdir=${initdir="/sbin/rc.d/init.d"}
 			initname=${initname="$INIT_PROG"}
 		else
 			initdir=${initdir="/etc/rc.d"}
 			initname=${initname="rc.$INIT_PROG"}
 		fi ;; #(
  newbsd) :
    initdir=${initdir="/etc/rc.d"}
-		initname=${initname="$PKG_NAME"} ;; #(
+		initname=${initname="$INIT_PROG"} ;; #(
  gentoo) :
    initdir=${initdir="/etc/init.d"}
-		initname=${initname="$PKG_NAME"}
+		initname=${initname="$INIT_PROG"}
 		initconfdir=${initconfdir="/etc/init.d"}
-		initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
+		initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
  openrc) :
    initdir=${initdir="/etc/init.d"}
-		initname=${initname="$PKG_NAME"}
+		initname=${initname="$INIT_PROG"}
 		initconfdir=${initconfdir="/etc/conf.d"}
-		initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
+		initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
  smf*) :
    if test $init_type = smf10; then
 			initdir=${initdir="/var/svc/manifest/network/nagios"}
 		else
 			initdir=${initdir="/lib/svc/manifest/network/nagios"}
 		fi
-		initname=${initname="$PKG_NAME.xml"}
+		initname=${initname="$INIT_PROG.xml"}
 		initconfdir=unknown
 		initconf=unknown ;; #(
  upstart) :
    initdir=${initdir="/etc/init"}
-		initname=${initname="$PKG_NAME.conf"}
+		initname=${initname="$INIT_PROG.conf"}
 		initconfdir=${initconfdir="/etc/default"}
-		initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
+		initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
  launchd) :
    initdir=${initdir="/Library/LaunchDaemons"}
-		initname=${initname="org.nagios.$PKG_NAME.plist"} ;; #(
+		initname=${initname="org.nagios.$INIT_PROG.plist"} ;; #(
  #		initconfdir=${initconfdir="/private/etc"}
-#		initconf=${initconf="$initconfdir/$PKG_NAME"},
+#		initconf=${initconf="$initconfdir/$INIT_PROG"},
 	*) :
@ -3750,28 +3767,28 @@ case $inetd_type in #(
 		inetdname=${inetdname="inetd.conf"} ;; #(
  xinetd) :
    inetddir=${inetddir="/etc/xinetd.d"}
-		inetdname=${inetdname="$PKG_NAME"} ;; #(
+		inetdname=${inetdname="$INIT_PROG"} ;; #(
  systemd) :
    if test $dist_type = "debian"; then
 			inetddir=${inetddir="/lib/systemd/system"}
 		else
 			inetddir=${inetddir="/usr/lib/systemd/system"}
 		fi
-		netdname=${inetdname="$PKG_NAME.socket"} ;; #(
+		netdname=${inetdname="$INIT_PROG.socket"} ;; #(
  smf*) :
    if test $init_type = smf10; then
 			inetddir=${inetddir="/var/svc/manifest/network/nagios"}
 		else
 			inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
 		fi
-		inetdname=${inetdname="$PKG_NAME.xml"} ;; #(
+		inetdname=${inetdname="$INIT_PROG.xml"} ;; #(
  #	[upstart],
 #		inetddir=${inetddir="/etc/init.d"}
-#		inetdname=${inetdname="$PKG_NAME"},
+#		inetdname=${inetdname="$INIT_PROG"},
 	launchd) :
    inetddir=${inetddir="/Library/LaunchDaemons"}
-		inetdname=${inetdname="org.nagios.$PKG_NAME.plist"} ;; #(
+		inetdname=${inetdname="org.nagios.$INIT_PROG.plist"} ;; #(
  *) :
    inetddir=${inetddir="unknown"}
 		inetdname=${inetdname="unknown"} ;; #(
@ -3829,12 +3846,12 @@ case $init_type in #(
 			src_init=upstart-init
 		fi ;; #(
  launchd) :
-    src_init="mac-init.plist"
+    src_init="mac-init.plist" ;; #(
 	* ;; #(
  *) :
    src_init="unknown"
- ;;
+ ;; #(
  *) :
     ;;
 esac
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $src_init" >&5
 $as_echo "$src_init" >&6; }
@ -3866,7 +3883,7 @@ $as_echo "$src_inetd" >&6; }
-if test "$dist_type" = solaris -a "$dist_ver" != smf11; then
+if test "$dist_type" = solaris -a "$dist_ver" = 10; then
 	$as_echo "#define SOLARIS_10 yes" >>confdefs.h
 fi
@ -4332,7 +4349,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by nrpe $as_me 3.0.1, which was
+This file was extended by nrpe $as_me newdate, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
  CONFIG_FILES    = $CONFIG_FILES
@ -4386,7 +4403,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-nrpe config.status 3.0.1
+nrpe config.status newdate
 configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"
@ -7140,7 +7157,7 @@ rm -f core conftest.err conftest.$ac_objext \
 fi
-for ac_func in strdup strstr strtoul strtok_r initgroups closesocket sigaction
+for ac_func in strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir
 do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -7264,9 +7281,19 @@ else
 fi
 need_dh=yes
 # Check whether --with-need_dh was given.
 if test "${with_need_dh+set}" = set; then :
  withval=$with_need_dh; need_dh=$withval
 else
  nrpe_group=need_dh
 fi
 if test x$check_for_ssl = xyes; then
 	# need_dh should only be set for NRPE
-	need_dh=yes
+	#need_dh=yes
 # -------------------------------
@ -7290,6 +7317,7 @@ SSL_LIB_DIR=
 # gnutls/openssl.h
 # nss_compat_ossl/nss_compat_ossl.h
@ -8257,7 +8285,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by nrpe $as_me 3.0.1, which was
+This file was extended by nrpe $as_me newdate, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
  CONFIG_FILES    = $CONFIG_FILES
@ -8320,7 +8348,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-nrpe config.status 3.0.1
+nrpe config.status newdate
 configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"
--- a/configure.ac
+++ b/configure.ac
@ -5,15 +5,15 @@ define([AC_CACHE_LOAD],)
 define([AC_CACHE_SAVE],)
 m4_include([build-aux/custom_help.m4])
-AC_INIT([nrpe],[3.0.1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
+AC_INIT([nrpe],[newdate],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
 AC_CONFIG_SRCDIR([src/nrpe.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_PREFIX_DEFAULT(/usr/local/nagios)
 PKG_NAME=nrpe
-PKG_VERSION="3.0.1"
+PKG_VERSION="3.2.1"
 PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="09-08-2016"
+PKG_REL_DATE="2017-09-01"
 RPM_RELEASE=1
 LANG=C
@ -60,7 +60,7 @@ AC_NAGIOS_GET_INETD
 AC_NAGIOS_GET_PATHS
 AC_NAGIOS_GET_FILES
-if test "$dist_type" = solaris -a "$dist_ver" != smf11; then
+if test "$dist_type" = solaris -a "$dist_ver" = 10; then
 	AC_DEFINE(SOLARIS_10,yes)
 fi
@ -243,7 +243,7 @@ AC_CHECK_LIB(wrap,main,[
 	AC_TRY_LINK([#include <tcpd.h>
 		],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT))
 	])
-AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction)
+AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir)
 dnl socklen_t check - from curl
 AC_CHECK_TYPE([socklen_t], ,[
@ -296,7 +296,7 @@ AC_TRY_COMPILE([#include <stdlib.h>
 dnl Does user want to check for SSL?
 AC_ARG_ENABLE([ssl],
-	AS_HELP_STRING([--enable-ssl],[enables native SSL support]),[
+	AS_HELP_STRING([--disable-ssl],[disables native SSL support @<:@default=check@:>@]),[
 	if test x$enableval = xyes; then
 		check_for_ssl=yes
 	else
@ -304,10 +304,16 @@ AC_ARG_ENABLE([ssl],
 	fi
 	],check_for_ssl=yes)
 need_dh=yes
 AC_ARG_WITH([need_dh],
 	AS_HELP_STRING([--with-need-dh],[set to 'no' to not include Diffie-Hellman SSL logic]),
 	[need_dh=$withval],
 	[nrpe_group=need_dh])
 dnl Optional SSL library and include paths
 if test x$check_for_ssl = xyes; then
 	# need_dh should only be set for NRPE
-	need_dh=yes
+	#need_dh=yes
 	AC_NAGIOS_GET_SSL
 fi
--- a/debian/NEWS
+++ b/debian/NEWS
@ -1,3 +1,28 @@
 nagios-nrpe (3.2.0-2) unstable; urgency=medium
  The bug that caused the SSL support between NRPE 2.x and 3.x not
  to work has been fixed.
  Because the default SSL support without certificates configured
  in nrpe.cfg uses pre-generated key data, configuring SSL
  certificates is strongly advised when STunnel is not used.
  The ssl-cert package can be used to generate a self-signed
  certificate, but CA certificates like those from Let's Encrypt
  are a better choice.
  SSL support has been re-enabled by default, to be better compatible
  with previous NRPE versions where SSL support was enabled by default
  too.
  The check_nrpe command definition has been updated to enable SSL
  support (by removing the -n option) and the check_nrpe_ssl command
  definition has been removed. The previous check_nrpe command
  definition which disables SSL support is available with the new
  check_nrpe_nossl command definition.
 -- Bas Couwenberg <sebastic@debian.org>  Fri, 07 Jul 2017 13:48:38 +0200
 nagios-nrpe (3.0.1-1) unstable; urgency=medium
  The check_nrpe command definition has been updated to remove the
--- a/debian/README.Debian
+++ b/debian/README.Debian
@ -1,9 +1,9 @@
-nrpe
+NRPE
 ----
 Put any local check command you need into /etc/nagios/nrpe_local.cfg or
 as a *.cfg file in /etc/nagios/nrpe.d/
-This files are included from the /etc/nagios/nrpe.cfg
+These files are included from the /etc/nagios/nrpe.cfg
 This package is built without support for command argument processing. If you
 want to enable it, you will have to rebuild this package with
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,77 @@
 nagios-nrpe (3.2.1-1) unstable; urgency=medium
  * New upstream release.
  * Drop patches included upstream, refresh remaining patches.
 -- Bas Couwenberg <sebastic@debian.org>  Sun, 03 Sep 2017 10:52:40 +0200
 nagios-nrpe (3.2.0-4) unstable; urgency=medium
  * Add upstream patch to turn seteuid errors into warnings.
    (closes: #868326)
 -- Bas Couwenberg <sebastic@debian.org>  Fri, 14 Jul 2017 16:51:12 +0200
 nagios-nrpe (3.2.0-3) unstable; urgency=medium
  * Re-enable SSL support by default.
    Compatibility with older versions has been fixed.
 -- Bas Couwenberg <sebastic@debian.org>  Fri, 07 Jul 2017 14:08:13 +0200
 nagios-nrpe (3.2.0-2) unstable; urgency=medium
  * Fix 11_reproducible_dh.h.patch to not leave USE_SSL_DH undefined.
    Thanks to Johan Carlquist for pointing out this issue.
  * Drop --with-need-dh=no configure option, dh is needed.
  * Remove deterministic "openssl dhparam" output handling,
    dh.h not included in upstream source.
 -- Bas Couwenberg <sebastic@debian.org>  Thu, 06 Jul 2017 14:33:39 +0200
 nagios-nrpe (3.2.0-1) unstable; urgency=medium
  * New upstream release.
    (closes: #565643)
  * Bump Standards-Version to 4.0.0, no changes.
  * Add autopkgtest to test installability.
  * Set --with-logdir configure option to /var/log.
  * Update watch file for GitHub releases.
  * Update copyright file.
  * Refresh patches.
  * Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.
  * Regenerate dh.h with OpenSSL 1.1.0.
 -- Bas Couwenberg <sebastic@debian.org>  Wed, 05 Jul 2017 09:53:06 +0200
 nagios-nrpe (3.1.1-1) unstable; urgency=medium
  * Move from experimental to unstable.
 -- Bas Couwenberg <sebastic@debian.org>  Sun, 18 Jun 2017 13:39:05 +0200
 nagios-nrpe (3.1.1-1~exp1) experimental; urgency=medium
  * New upstream release.
  * Drop format-security.patch, applied upstream.
  * Use --with-need-dh=no configure option instead of patch.
 -- Bas Couwenberg <sebastic@debian.org>  Sat, 27 May 2017 10:57:03 +0200
 nagios-nrpe (3.1.0-1~exp1) experimental; urgency=medium
  * New upstream release.
    (closes: #849417, #445976, #691328)
  * Fix typo in manpage.
    (closes: #856658)
  * Drop 10_reproducible_build.patch, applied upstream.
    Refresh remaining patches.
  * Update build dependency for OpenSSL 1.1.0.
    (closes: #859223)
  * Add patch to fix FTBFS with -Werror=format-security.
 -- Bas Couwenberg <sebastic@debian.org>  Wed, 19 Apr 2017 19:28:05 +0200
 nagios-nrpe (3.0.1-3) unstable; urgency=medium
  * Add reload command to systemd service file.
--- a/debian/check_nrpe.cfg
+++ b/debian/check_nrpe.cfg
@ -1,11 +1,11 @@
 # this command runs a program $ARG1$ with no arguments and disables SSL support
 define command {
 	command_name	check_nrpe
 	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
 }
 # this command runs a program $ARG1$ with no arguments and enables SSL support
 define command {
-	command_name	check_nrpe_ssl
+	command_name	check_nrpe
 	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
 }
 # this command runs a program $ARG1$ with no arguments and disables SSL support
 define command {
 	command_name	check_nrpe_nossl
 	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
 }
--- a/debian/control
+++ b/debian/control
@ -5,11 +5,11 @@ Section: net
 Priority: optional
 Build-Depends: debhelper (>= 9),
               dh-autoreconf,
-               dh-systemd,
+               dh-systemd | debhelper (>= 9.20160709),
-               libssl1.0-dev,
+               libssl-dev,
               libwrap0-dev,
               openssl
-Standards-Version: 3.9.8
+Standards-Version: 4.0.0
 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-nagios/pkg-nrpe.git
 Vcs-Git: https://anonscm.debian.org/git/pkg-nagios/pkg-nrpe.git
 Homepage: https://github.com/NagiosEnterprises/nrpe
--- a/debian/copyright
+++ b/debian/copyright
@ -4,8 +4,9 @@ Upstream-Contact: Nagios Users List <nagios-users@lists.nagios.com>
 Source: https://github.com/NagiosEnterprises/nrpe
 Files: *
-Copyright: 1999-2008, Ethan Galstad (nagios@nagios.org)
+Copyright: 2006-2017, Nagios Enterprises
-                2009, Nagios Core Development Team and Community Contributors
+                2016, Nagios Core Development Team
           1999-2008, Ethan Galstad (nagios@nagios.org)
 License: GPL-2+ with OpenSSL exception
 Files: include/acl.h
--- a/debian/nagios-nrpe-server.default
+++ b/debian/nagios-nrpe-server.default
@ -5,9 +5,7 @@
 # nrpe daemon.
 #
 # The -n option disables SSL support.
-# Don't remove this option before configuring SSL in /etc/nagios/nrpe.cfg!
+#NRPE_OPTS="-n"
 # See /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz for instructions.
 NRPE_OPTS="-n"
 # NICENESS is if you want to run the server at a different nice() priority.
 # (only used by the init script)
--- a/debian/nrpe.8
+++ b/debian/nrpe.8
@ -45,7 +45,7 @@ command execution requests from the check_nrpe plugin on the Nagios host.
 .TP
  \fB\-d \-s\fR          =    Run as a subsystem under AIX
 .TP
-  \fB\-d\fR             =    Don't fork() for systemd, launchd, etc.
+  \fB\-f\fR             =    Don't fork() for systemd, launchd, etc.
 .PP
 Notes:
 This program is designed to process requests from the check_nrpe
--- a/debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch
+++ b/debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch
@ -5,10 +5,12 @@ Forwarded: not-needed
 --- a/sample-config/nrpe.cfg.in
 +++ b/sample-config/nrpe.cfg.in
-@@ -301,3 +301,14 @@ command[check_total_procs]=@pluginsdir@/
+@@ -359,3 +359,16 @@ command[check_total_procs]=@pluginsdir@/
- #command[check_load]=@pluginsdir@/check_load -w $ARG1$ -c $ARG2$
+ 
- #command[check_disk]=@pluginsdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+ #include_dir=<somedirectory>
- #command[check_procs]=@pluginsdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+ #include_dir=<someotherdirectory>
 +
 +
 +
 +# local configuration:
 +# if you'd prefer, you can instead place directives here
--- a/debian/patches/07_warn_ssloption.patch
+++ b/debian/patches/07_warn_ssloption.patch
@ -4,19 +4,19 @@ Forwarded: not-needed
 --- a/SECURITY.md
 +++ b/SECURITY.md
-@@ -82,14 +82,17 @@ daemon should run as.
+@@ -91,14 +91,17 @@ Encryption
- #### ENCRYPTION ####
+ ----------
 If you do enable support for command arguments in the NRPE daemon,
 -make sure that you encrypt communications either by using:
 -
 -   1.  Stunnel (see http://www.stunnel.org for more info)
-   2.  Native SSL support (See the `README.SSL.md` file for more info)
+-   2.  Native SSL support (See the [SSL Readme](README.SSL.md) file for more info)
 +make sure that you encrypt communications by using, for example,
 +Stunnel (see http://www.stunnel.org for more info).
- *Do NOT* assume that just because the daemon is behind a firewall
+ Do **NOT** assume that just because the daemon is behind a firewall
- that you are safe!  Always encrypt NRPE traffic!
+ that you are safe! ***Always encrypt NRPE traffic!***
 +NOTE: the currently shipped native SSL support of NRPE is not an
 +adequante protection, because it does not verify clients and
@ -24,5 +24,5 @@ Forwarded: not-needed
 +advised against. For more information, see Debian bug #547092.
 +
- #### USING ARGUMENTS ####
+ Using Arguments
- 
+ ---------------
--- a/debian/patches/10_reproducible_build.patch
+++ b/debian/patches/10_reproducible_build.patch
@ -1,24 +0,0 @@
 Description: Make the build reproducible.
 Author: Chris Lamb <lamby@debian.org>
 Bug-Debian: https://bugs.debian.org/834857
 Forwarded: https://github.com/NagiosEnterprises/nrpe/pull/78
 Applied-Upstream: https://github.com/NagiosEnterprises/nrpe/commit/c6ca9766cae19bc194efa68ed85999e9c9756422
 --- a/update-version
 +++ b/update-version
@@ -20,11 +20,11 @@ fi
 # Get date (two formats)
 if [ -n "$2" ]; then
 -    LONGDATE=`date -d "$2" "+%B %d, %Y"`
 -    SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
 +    LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
 +    SHORTDATE=$(date -u -d "$2" "+%m-%d-%Y")
 else
 -    LONGDATE=`date "+%B %d, %Y"`
 -    SHORTDATE=`date "+%m-%d-%Y"`
 +    LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
 +    SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%m-%d-%Y")
 fi
 # Current version number
--- a/debian/patches/11_reproducible_dh.h.patch
+++ b/debian/patches/11_reproducible_dh.h.patch
@ -5,56 +5,75 @@ Forwarded: not-needed
 --- /dev/null
 +++ b/include/dh.h
-@@ -0,0 +1,41 @@
+@@ -0,0 +1,53 @@
 +#ifndef HEADER_DH_H
-+#include <openssl/dh.h>
+# include <openssl/dh.h>
 +#endif
 +DH *get_dh2048()
 +	{
 +	static unsigned char dh2048_p[]={
 +		0xE9,0x3C,0xF4,0xCE,0x63,0x0A,0x57,0x9A,0xD1,0x34,0x74,0xA1,
 +		0x3E,0xC3,0x93,0xB5,0x50,0x36,0x56,0x87,0x9F,0x8F,0xBC,0x74,
 +		0x15,0x03,0x1D,0x00,0x45,0xB0,0x2F,0xA3,0x2C,0xC1,0x13,0xFF,
 +		0x6C,0xF1,0xDB,0x36,0xB5,0xB5,0x49,0x2D,0x6A,0x8D,0x55,0xA1,
 +		0xE6,0x4C,0xD1,0xA9,0x07,0x24,0xC4,0xDF,0x3A,0x2A,0x9E,0xDB,
 +		0x4A,0x23,0xAD,0x56,0x79,0xA3,0x3D,0xC4,0xAD,0xE0,0x3E,0x17,
 +		0x3B,0x43,0x0F,0xB6,0x83,0xE4,0x52,0xFD,0x6D,0x74,0x03,0xB3,
 +		0x29,0x26,0xF2,0x29,0x0A,0xA2,0x33,0x56,0x0C,0x16,0xF7,0x81,
 +		0xBF,0xDC,0xB8,0xCE,0x78,0xC1,0x73,0xD6,0x48,0x54,0x2D,0x98,
 +		0xA5,0x7A,0xE3,0x38,0x8E,0x3D,0x75,0xDB,0x92,0x4D,0x76,0xC1,
 +		0xCD,0xE7,0x27,0xEE,0x09,0x89,0xFA,0xCE,0x7A,0xD6,0xDC,0x5B,
 +		0x08,0x6B,0xE8,0x7E,0x37,0x7B,0x40,0x89,0x72,0xBD,0x4E,0xF4,
 +		0x9A,0xDC,0x94,0xA3,0x7D,0x4C,0x15,0xE4,0xE1,0xA8,0x8D,0xF9,
 +		0xB2,0xF0,0x02,0x40,0x39,0x6C,0xDD,0x37,0x08,0xC1,0xE8,0x0B,
 +		0xAD,0x16,0x24,0x81,0x5F,0x24,0xD9,0x65,0x71,0x34,0x78,0xF3,
 +		0xFE,0x35,0xE0,0x20,0xFF,0x6D,0x41,0xE7,0xC8,0x8E,0x58,0x59,
 +		0x24,0x01,0x9A,0xC8,0xA7,0x8D,0x48,0x43,0x8E,0x34,0x7C,0xC1,
 +		0xB4,0xC8,0xD0,0x9C,0xBD,0xEA,0x83,0xC7,0xC9,0x86,0xFC,0xD1,
 +		0xA7,0xAF,0x5C,0x99,0x98,0xD1,0x82,0x78,0xE4,0xA4,0x1C,0xB5,
 +		0x87,0x72,0xD8,0x38,0x48,0x60,0xAE,0xCB,0x92,0xA2,0x79,0xFC,
 +		0x8F,0x1D,0x94,0xB5,0x88,0xA5,0xA4,0xE1,0xF5,0x98,0xBA,0xB2,
 +		0x06,0x22,0xA8,0x1B,
 +		};
 +	static unsigned char dh2048_g[]={
 +		0x02,
 +		};
 +	DH *dh;
 +
-+	if ((dh=DH_new()) == NULL) return(NULL);
+DH *get_dh2048()
-+	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+{
-+	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+    static unsigned char dhp_2048[] = {
-+	if ((dh->p == NULL) || (dh->g == NULL))
+	0xD0, 0x0A, 0x1E, 0x0E, 0x73, 0xE5, 0x51, 0xC3, 0x6C, 0xAA, 
-+		{ DH_free(dh); return(NULL); }
+	0x7F, 0x6B, 0x9C, 0x9D, 0x47, 0x26, 0xAA, 0x25, 0x2B, 0x73, 
-+	return(dh);
+	0xCD, 0x93, 0x94, 0xA2, 0xEA, 0x56, 0x14, 0xD4, 0x42, 0x48, 
-+	}
+	0x21, 0x61, 0xF9, 0xA1, 0xB7, 0x88, 0xA7, 0xDA, 0x8B, 0xD8, 
--- a/configure.ac
+	0xFF, 0x12, 0x8D, 0x50, 0x2D, 0x1D, 0x40, 0xAB, 0xFD, 0x97, 
-+++ b/configure.ac
+	0x89, 0x18, 0x1D, 0x57, 0x69, 0xD3, 0x68, 0xBF, 0x68, 0xA1, 
-@@ -307,7 +307,7 @@ AC_ARG_ENABLE([ssl],
+	0x20, 0xAD, 0x80, 0xFF, 0xB4, 0xE3, 0xC6, 0xC9, 0x5A, 0x62, 
- dnl Optional SSL library and include paths
+	0x23, 0x39, 0x45, 0x79, 0x8D, 0x03, 0x45, 0x55, 0xEB, 0xCA, 
- if test x$check_for_ssl = xyes; then
+	0x34, 0x37, 0x44, 0x4B, 0x9C, 0xFF, 0x3B, 0xA7, 0xA4, 0xD3, 
- 	# need_dh should only be set for NRPE
+	0x2A, 0xD6, 0x96, 0x41, 0x6C, 0x58, 0x19, 0x9E, 0x89, 0xD3, 
-	need_dh=yes
+	0xB9, 0x36, 0xB0, 0x07, 0xD2, 0x9C, 0xFE, 0xFD, 0x3E, 0x4E, 
-+	need_dh=no
+	0x38, 0x71, 0x2C, 0xB2, 0xE8, 0x54, 0x83, 0x8A, 0xFA, 0x57, 
- 	AC_NAGIOS_GET_SSL
+	0xE2, 0x2B, 0x62, 0xD6, 0x0D, 0x66, 0x01, 0xE2, 0x46, 0xAD, 
- fi
+	0x64, 0x5B, 0x57, 0x5C, 0xED, 0x43, 0x97, 0x58, 0xA9, 0x93, 
 +	0x4C, 0xCA, 0xAC, 0x4C, 0xB1, 0xBB, 0xD0, 0xDC, 0xF8, 0xEC, 
 +	0x4A, 0x5A, 0xBB, 0xF5, 0x44, 0x70, 0x69, 0xC4, 0x51, 0xA8, 
 +	0x0D, 0x47, 0x59, 0x19, 0x57, 0x7A, 0x71, 0x3D, 0x65, 0xB7, 
 +	0x55, 0x27, 0x87, 0x44, 0xC0, 0x45, 0x87, 0xA7, 0x0B, 0x73, 
 +	0x8D, 0x31, 0xFD, 0xE5, 0xA2, 0xDA, 0x99, 0x6D, 0xC0, 0x51, 
 +	0xA3, 0x63, 0x73, 0x76, 0x91, 0x38, 0x5C, 0x57, 0x0B, 0x26, 
 +	0x08, 0xC1, 0x66, 0x9F, 0x2D, 0xBE, 0x86, 0x44, 0x1B, 0xD2, 
 +	0x40, 0x07, 0xB5, 0x7D, 0x15, 0x4A, 0xDA, 0x5F, 0x89, 0xE9, 
 +	0xE7, 0x48, 0xDE, 0x0E, 0x3A, 0xA9, 0xF5, 0x60, 0x3C, 0x32, 
 +	0x08, 0x40, 0xAF, 0xF0, 0x83, 0x74, 0xB3, 0x97, 0x44, 0x2E, 
 +	0x2F, 0xE8, 0x67, 0x70, 0xA2, 0xAC, 0x94, 0xD9, 0x75, 0xBF, 
 +	0x4F, 0x75, 0x8B, 0x2A, 0x1B, 0x1B
 +    };
 +    static unsigned char dhg_2048[] = {
 +	0x02
 +    };
 +    DH *dh = DH_new();
 +    BIGNUM *dhp_bn, *dhg_bn;
 +
 +    if (dh == NULL)
 +        return NULL;
 +    dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
 +    dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
 +    if (dhp_bn == NULL || dhg_bn == NULL
 +            || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
 +        DH_free(dh);
 +        BN_free(dhp_bn);
 +        BN_free(dhg_bn);
 +        return NULL;
 +    }
 +    return dh;
 +}
 --- a/macros/ax_nagios_get_ssl
 +++ b/macros/ax_nagios_get_ssl
@@ -288,15 +288,7 @@ if test x$SSL_TYPE != xNONE; then
 		# Find the openssl program
 		if test x$need_dh = xyes; then
 -			AC_PATH_PROG(sslbin,openssl,value-if-not-found,$ssl_dir/sbin$PATH_SEPARATOR$ssl_dir/bin$PATH_SEPARATOR$PATH)
 			AC_DEFINE(USE_SSL_DH)
 -			# Generate DH parameters
 -			if test -f "$sslbin"; then
 -				echo ""
 -				echo "*** Generating DH Parameters for SSL/TLS ***"
 -				# awk to strip off meta data at bottom of dhparam output
 -				$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
 -			fi
 		fi
 	fi
 fi
--- a/debian/patches/series
+++ b/debian/patches/series
@ -1,4 +1,3 @@
 02_nrpe.cfg_local-include_support_nrpe.d.patch
 07_warn_ssloption.patch
-10_reproducible_build.patch
+
 11_reproducible_dh.h.patch
--- a/debian/rules
+++ b/debian/rules
@ -14,9 +14,6 @@ export AUTOHEADER=true
 	    dh $@ --with autoreconf,systemd --parallel
 override_dh_auto_configure:
 	# Save deterministic "openssl dhparam" output.
 	cp include/dh.h include/dh.h.orig
 	dh_auto_configure -- \
 		--prefix=/usr \
 		--sysconfdir=/etc \
@ -24,11 +21,11 @@ override_dh_auto_configure:
 		--libexecdir=/usr/lib/nagios/plugins \
 		--localstatedir=/var \
 		--enable-ssl \
 		--with-logdir=/var/log \
 		--with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
-		--with-piddir=/var/run/nagios
+		--with-piddir=/var/run/nagios \
-
+		--enable-command-args \
-	# Restore deterministic "openssl dhparam" output.
+		--enable-bash-command-substitution
 	cp include/dh.h.orig include/dh.h
 override_dh_auto_build:
 	dh_auto_build -- all
--- a/debian/tests/control
+++ b/debian/tests/control
@ -0,0 +1,3 @@
 # Test installability
 Depends: @
 Test-Command: /bin/true
--- a/debian/watch
+++ b/debian/watch
@ -1,5 +1,7 @@
 version=3
 opts=\
 dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$//,\
-uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/;s/RC/rc/;s/-/./g \
+uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/;s/RC/rc/;s/-/./g,\
-http://sf.net/nagios/nrpe-([\d\.]+)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
+filenamemangle=s/(?:.*?)?(?:rel|v|nrpe)?[\-\_]?(\d\S+)\.(tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))/nrpe-$1.$2/ \
 https://github.com/NagiosEnterprises/nrpe/releases \
 (?:.*?/archive\/)?(?:rel|v|nrpe)?[\-\_]?(\d\S+)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
--- a/docs/NRPE.odt
+++ b/docs/NRPE.odt
--- a/docs/NRPE.pdf
+++ b/docs/NRPE.pdf
--- a/include/acl.h
+++ b/include/acl.h
@ -1,9 +1,11 @@
-/*-
+/****************************************************************************
 * acl.c - header file for acl.c
 * Copyright (c) 2011 Kaspersky Lab ZAO
 * Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help 
 *
- * License: GPL
+ * acl.h - header file for acl.c
 *
 * License: GPLv2
 * Copyright (c) 2011 Kaspersky Lab ZAO
 *
 * License Notice:
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -18,7 +20,8 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
+ *
 ****************************************************************************/
 #ifndef ACL_H_INCLUDED
 #define ACL_H_INCLUDED 1
@ -53,7 +56,7 @@ struct dns_acl {
        struct dns_acl *next;
 };
-/* Poiters to head ACL structs */
+/* Pointers to head ACL structs */
 static struct ip_acl *ip_acl_head, *ip_acl_prev;
 static struct dns_acl *dns_acl_head, *dns_acl_prev;
--- a/include/common.h.in
+++ b/include/common.h.in
@ -1,10 +1,12 @@
-/************************************************************************
+/****************************************************************************
 *
- * COMMON.H - NRPE Common Include File
+ * common.h - NRPE Common header file
 * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
 * Last Modified: 09-08-2016
 *
- * License:
+ * License: GPLv2
 * Copyright (c) 2006-2017 Nagios Enterprises
 *               1999-2006 Ethan Galstad (nagios@nagios.org)
 *
 * License Notice:
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -19,16 +21,24 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- ************************************************************************/
+ *
 ****************************************************************************/
 #include "config.h"
 #define SSL_TYPE_@SSL_TYPE@
 #ifdef HAVE_SSL
 #include <@SSL_INC_PREFIX@@SSL_HDR@>
 # ifdef SSL_TYPE_openssl
 #  include <@SSL_INC_PREFIX@err.h>
 #  include <@SSL_INC_PREFIX@rand.h>
 #  include <@SSL_INC_PREFIX@engine.h>
 # endif
 #endif
-#define PROGRAM_VERSION "3.0.1"
+#define PROGRAM_VERSION "3.2.1"
-#define MODIFICATION_DATE "09-08-2016"
+#define MODIFICATION_DATE "2017-09-01"
 #define OK							0
 #define ERROR						-1
--- a/include/config.h.in
+++ b/include/config.h.in
@ -1,10 +1,12 @@
-/************************************************************************
+/****************************************************************************
 *
- * NRPE Common Header File
+ * config.h - NRPE Configuration header file
 * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
 * Last Modified: 11-23-2007
 *
- * License:
+ * License: GPLv2
 * Copyright (c) 2006-2017 Nagios Enterprises
 *               1999-2006 Ethan Galstad (nagios@nagios.org)
 *
 * License Notice:
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -19,7 +21,8 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- ************************************************************************/
+ *
 ****************************************************************************/
 #ifndef _CONFIG_H
 #define _CONFIG_H
@ -28,30 +31,70 @@
 #include <stdlib.h>
-#define DEFAULT_SERVER_PORT	@nrpe_port@	/* default port to use */
+/* Default port for NRPE daemon */
 #undef DEFAULT_SERVER_PORT
-#define NRPE_LOG_FACILITY       @log_facility@
+/* NRPE syslog facility */
 #undef NRPE_LOG_FACILITY
 /* Enable command-line arguments */
 #undef ENABLE_COMMAND_ARGUMENTS
 /* Enable bash command substitution */
 #undef ENABLE_BASH_COMMAND_SUBSTITUTION
 /* type to use in place of socklen_t if not defined */
 #undef socklen_t
 /* Define to 1 if you have the `getopt_long' function. */
 #undef HAVE_GETOPT_LONG
 /* Have the TCP wrappers library */
 #undef HAVE_LIBWRAP
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 /* Define to 1 if you have the `strdup' function. */
 #undef HAVE_STRDUP
 /* Define to 1 if you have the `strstr' function. */
 #undef HAVE_STRSTR
 /* Define to 1 if you have the `strtoul' function. */
 #undef HAVE_STRTOUL
 /* Define to 1 if you have the `strtok_r' function. */
 #undef HAVE_STRTOK_R
 /* Define to 1 if you have the `initgroups' function. */
 #undef HAVE_INITGROUPS
 /* Define to 1 if you have the `closesocket' function. */
 #undef HAVE_CLOSESOCKET
 /* Define to 1 if you have the `sigaction' function. */
 #undef HAVE_SIGACTION
 /* Define to 1 if you have the `scandir' function. */
 #undef HAVE_SCANDIR
 /* Set to 1 if you have rfc931_timeout */
 #undef HAVE_RFC931_TIMEOUT
 /* The size of `int', as computed by sizeof. */
 #undef SIZEOF_INT
 /* The size of `short', as computed by sizeof. */
 #undef SIZEOF_SHORT
 /* The size of `long', as computed by sizeof. */
 #undef SIZEOF_LONG
-/* #undef const */
+/* Define to empty if `const' does not conform to ANSI C. */
 #undef const
 /* Set to 1 to use SSL DH */
 #undef USE_SSL_DH
 /* stupid stuff for u_int32_t */
@ -91,71 +134,98 @@ typedef int int32_t;
 /***** ASPRINTF() AND FRIENDS *****/
 /* Whether vsnprintf() is available */
 #undef HAVE_VSNPRINTF
 /* Whether snprintf() is available */
 #undef HAVE_SNPRINTF
 /* Whether aprintf() is available */
 #undef HAVE_ASPRINTF
 /* Whether vaprintf() is available */
 #undef HAVE_VASPRINTF
 /* Define if system has C99 compatible vsnprintf */
 #undef HAVE_C99_VSNPRINTF
 /* Whether va_copy() is available */
 #undef HAVE_VA_COPY
 /* Whether __va_copy() is available */
 #undef HAVE___VA_COPY
-#define SOCKET_SIZE_TYPE ""
+/* Socket Size Type */
-#define GETGROUPS_T ""
+#undef SOCKET_SIZE_TYPE
-#define RETSIGTYPE ""
+
 /* Define to the type of elements in the array set by `getgroups'. Usually
   this is either `int' or `gid_t'. */
 #undef GETGROUPS_T
 /* Define as the return type of signal handlers (`int' or `void'). */
 #undef RETSIGTYPE
 /* Define to 1 if the system has the type `struct sockaddr_storage'. */
 #undef HAVE_STRUCT_SOCKADDR_STORAGE
 /* Use seteuid() or setresuid() depending on the platform */
 #undef SETEUID
-/* Is this a Solaris 10 machine? */
+/* Set to 1 if we are on Solaris 10 */
 #undef SOLARIS_10
 /* Define to 1 if you have the <getopt.h> header file. */
 #undef HAVE_GETOPT_H
 #ifdef HAVE_GETOPT_H
 #include <getopt.h>
 #endif
 /* Define to 1 if you have the <strings.h> header file. */
 #undef HAVE_STRINGS_H
 #undef HAVE_STRING_H
 #ifdef HAVE_STRINGS_H
 #include <strings.h>
 #endif
-#ifdef HAVE_STRINGS_H
+
 /* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H
 #ifdef HAVE_STRING_H
 #include <string.h>
 #endif
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
-
+/* Define to 1 if you have the <signal.h> header file. */
 #undef HAVE_SIGNAL_H
 #ifdef HAVE_SIGNAL_H
 #include <signal.h>
 #endif
 /* Define to 1 if you have the <syslog.h> header file. */
 #undef HAVE_SYSLOG_H
 #ifdef HAVE_SYSLOG_H
 #include <syslog.h>
 #endif
 /* Define to 1 if you have the <sys/stat.h> header file. */
 #undef HAVE_SYS_STAT_H
 #ifdef HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
 /* Define to 1 if you have the <fcntl.h> header file. */
 #undef HAVE_FCNTL_H
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
 /* Define to 1 if you have the <sys/types.h> header file. */
 #undef HAVE_SYS_TYPES_H
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 /* Define to 1 if you have the <sys/wait.h> header file. */
 #undef HAVE_SYS_WAIT_H
 #ifdef HAVE_SYS_WAIT_H
 #include <sys/wait.h>
@ -168,14 +238,18 @@ typedef int int32_t;
 # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
 #endif
 /* Define to 1 if you have the <errno.h> header file. */
 #undef HAVE_ERRNO_H
 #ifdef HAVE_ERRNO_H
 #include <errno.h>
 #endif
-/* needed for the time_t structures we use later... */
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
 #undef TIME_WITH_SYS_TIME
 /* Define to 1 if you have the <sys/time.h> header file. */
 #undef HAVE_SYS_TIME_H
 #if TIME_WITH_SYS_TIME
 # include <sys/time.h>
 # include <time.h>
@ -188,68 +262,81 @@ typedef int int32_t;
 #endif
 /* Define to 1 if you have the <sys/socket.h> header file. */
 #undef HAVE_SYS_SOCKET_H
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
-/* Define to 'int' if <sys/socket.h> does not define */
+/* Define to 1 if you have the <socket.h> header file. */
 #undef socklen_t
 #undef HAVE_SOCKET_H
 #ifdef HAVE_SOCKET_H
 #include <socket.h>
 #endif
 /* Define to 1 if you have the <tcpd.h> header file. */
 #undef HAVE_TCPD_H
 #ifdef HAVE_TCPD_H
 #include <tcpd.h>
 #endif
 /* Define to 1 if you have the <netinet/in.h> header file. */
 #undef HAVE_NETINET_IN_H
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 #undef HAVE_ARPA_INET_H
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
 /* Define to 1 if you have the <netdb.h> header file. */
 #undef HAVE_NETDB_H
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
 /* Define to 1 if you have the <ctype.h> header file. */
 #undef HAVE_CTYPE_H
 #ifdef HAVE_CTYPE_H
 #include <ctype.h>
 #endif
 /* Define to 1 if you have the <pwd.h> header file. */
 #undef HAVE_PWD_H
 #ifdef HAVE_PWD_H
 #include <pwd.h>
 #endif
 /* Define to 1 if you have the <grp.h> header file. */
 #undef HAVE_GRP_H
 #ifdef HAVE_GRP_H
 #include <grp.h>
 #endif
 /* Define to 1 if you have the <dirent.h> header file. */
 #undef HAVE_DIRENT_H
 #ifdef HAVE_DIRENT_H
 #include <dirent.h>
 #endif
 /* Have SSL support */
 #undef HAVE_SSL
 /* Have the krb5.h header file */
 #undef HAVE_KRB5_H
 #ifdef HAVE_KRB5_H
 #include <krb5.h>
 #endif
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H
 /* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H
 #ifdef HAVE_INTTYPES_H
 #include <inttypes.h>
 #else
@ -258,4 +345,10 @@ typedef int int32_t;
 #endif
 #endif
 /* Define to 1 if you have the <paths.h> header file. */
 #undef HAVE_PATHS_H
 /* Define to 1 if you have the <sys/resource.h> header file. */
 #undef HAVE_SYS_RESOURCE_H
 #endif
--- a/include/nrpe.h
+++ b/include/nrpe.h
@ -1,10 +1,12 @@
-/************************************************************************
+/****************************************************************************
 *
- * NRPE.H - NRPE Include File
+ * nrpe.h - Nagios Remote Plugin Executor header file
 * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
 * Last Modified: 08-10-2011 by Konstantin Malov
 *
- * License:
+ * License: GPLv2
 * Copyright (c) 2006-2017 Nagios Enterprises
 *               1999-2006 Ethan Galstad (nagios@nagios.org)
 *
 * License Notice:
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -20,9 +22,7 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
- ************************************************************************/
+ ****************************************************************************/
 /**************** COMMAND STRUCTURE DEFINITION **********/
 typedef struct command_struct {
 	char					*command_name;
--- a/include/utils.h
+++ b/include/utils.h
@ -1,17 +1,12 @@
-/************************************************************************************************
+/****************************************************************************
 *
- * UTILS.H - NRPE Utilities Include File
+ * utils.h - NRPE Utility Functions header file
 *
- * License: GPL
+ * License: GPLv2
- * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
+ * Copyright (c) 2009-2017 Nagios Enterprises
 *               1999-2008 Ethan Galstad (nagios@nagios.org)
 *
- * Last Modified: 12-11-2006
+ * License Notice:
 *
 * Description:
 *
 * This file contains common include files and function definitions used in many of the plugins.
 *
 * License Information:
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -27,7 +22,8 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
- ************************************************************************************************/
+ ****************************************************************************/
 #ifndef NRPE_UTILS_H_INCLUDED
 #define NRPE_UTILS_H_INCLUDED
@ -39,9 +35,9 @@ unsigned long calculate_crc32(char*, int);
 void randomize_buffer(char*,int);
 int my_tcp_connect(char*, int, int*);
 #ifdef HAVE_STRUCT_SOCKADDR_STORAGE
-int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*);
+int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*, int);
 #else
-int my_connect(const char*, struct sockaddr*, u_short, int, const char*);
+int my_connect(const char*, struct sockaddr*, u_short, int, const char*, int);
 #endif
 void add_listen_addr(struct addrinfo**, int, char*, int);
 int clean_environ(const char *keep_env_vars, const char *nrpe_user);
@ -49,7 +45,9 @@ char* strip(char*);
 int sendall(int, char*, int*);
 int recvall(int, char*, int*, int);
 char *my_strsep(char**, const char*);
-int b64_decode(unsigned char *encoded);
+void open_log_file();
 void logit(int priority, const char *format, ...);
 void close_log_file();
 void display_license(void);
 #endif
--- a/macros/CHANGELOG.md
+++ b/macros/CHANGELOG.md
@ -0,0 +1,7 @@
 1.0.1
 -----
 * Fix bug determining inetd,xinetd if neither are running (Bryan Heden)
 1.0.0
 -----
 * Initial Release (John Frickson)
--- a/macros/LICENSE
+++ b/macros/LICENSE
@ -1,339 +1,264 @@
-                    GNU GENERAL PUBLIC LICENSE
+The GNU General Public License, Version 2, June 1991 (GPLv2)
-                       Version 2, June 1991
+============================================================
- Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
+> Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+> 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
-                            Preamble
+Everyone is permitted to copy and distribute verbatim copies of this license
 document, but changing it is not allowed.
-  The licenses for most software are designed to take away your
+
-freedom to share and change it.  By contrast, the GNU General Public
+Preamble
-License is intended to guarantee your freedom to share and change free
+--------
-software--to make sure the software is free for all its users.  This
+
-General Public License applies to most of the Free Software
+The licenses for most software are designed to take away your freedom to share
-Foundation's software and to any other program whose authors commit to
+and change it. By contrast, the GNU General Public License is intended to
-using it.  (Some other Free Software Foundation software is covered by
+guarantee your freedom to share and change free software--to make sure the
-the GNU Lesser General Public License instead.)  You can apply it to
+software is free for all its users. This General Public License applies to most
 of the Free Software Foundation's software and to any other program whose
 authors commit to using it. (Some other Free Software Foundation software is
 covered by the GNU Lesser General Public License instead.) You can apply it to
 your programs, too.
-  When we speak of free software, we are referring to freedom, not
+When we speak of free software, we are referring to freedom, not price. Our
-price.  Our General Public Licenses are designed to make sure that you
+General Public Licenses are designed to make sure that you have the freedom to
-have the freedom to distribute copies of free software (and charge for
+distribute copies of free software (and charge for this service if you wish),
-this service if you wish), that you receive source code or can get it
+that you receive source code or can get it if you want it, that you can change
-if you want it, that you can change the software or use pieces of it
+the software or use pieces of it in new free programs; and that you know you can
-in new free programs; and that you know you can do these things.
+do these things.
-  To protect your rights, we need to make restrictions that forbid
+To protect your rights, we need to make restrictions that forbid anyone to deny
-anyone to deny you these rights or to ask you to surrender the rights.
+you these rights or to ask you to surrender the rights. These restrictions
-These restrictions translate to certain responsibilities for you if you
+translate to certain responsibilities for you if you distribute copies of the
-distribute copies of the software, or if you modify it.
+software, or if you modify it.
-  For example, if you distribute copies of such a program, whether
+For example, if you distribute copies of such a program, whether gratis or for a
-gratis or for a fee, you must give the recipients all the rights that
+fee, you must give the recipients all the rights that you have. You must make
-you have.  You must make sure that they, too, receive or can get the
+sure that they, too, receive or can get the source code. And you must show them
-source code.  And you must show them these terms so they know their
+these terms so they know their rights.
 rights.
-  We protect your rights with two steps: (1) copyright the software, and
+We protect your rights with two steps: (1) copyright the software, and (2) offer
-(2) offer you this license which gives you legal permission to copy,
+you this license which gives you legal permission to copy, distribute and/or
-distribute and/or modify the software.
+modify the software.
-  Also, for each author's protection and ours, we want to make certain
+Also, for each author's protection and ours, we want to make certain that
-that everyone understands that there is no warranty for this free
+everyone understands that there is no warranty for this free software. If the
-software.  If the software is modified by someone else and passed on, we
+software is modified by someone else and passed on, we want its recipients to
-want its recipients to know that what they have is not the original, so
+know that what they have is not the original, so that any problems introduced by
-that any problems introduced by others will not reflect on the original
+others will not reflect on the original authors' reputations.
 authors' reputations.
-  Finally, any free program is threatened constantly by software
+Finally, any free program is threatened constantly by software patents. We wish
-patents.  We wish to avoid the danger that redistributors of a free
+to avoid the danger that redistributors of a free program will individually
-program will individually obtain patent licenses, in effect making the
+obtain patent licenses, in effect making the program proprietary. To prevent
-program proprietary.  To prevent this, we have made it clear that any
+this, we have made it clear that any patent must be licensed for everyone's free
-patent must be licensed for everyone's free use or not licensed at all.
+use or not licensed at all.
-  The precise terms and conditions for copying, distribution and
+The precise terms and conditions for copying, distribution and modification
-modification follow.
+follow.
                    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-  0. This License applies to any program or other work which contains
+Terms And Conditions For Copying, Distribution And Modification
-a notice placed by the copyright holder saying it may be distributed
+---------------------------------------------------------------
 under the terms of this General Public License.  The "Program", below,
 refers to any such program or work, and a "work based on the Program"
 means either the Program or any derivative work under copyright law:
 that is to say, a work containing the Program or a portion of it,
 either verbatim or with modifications and/or translated into another
 language.  (Hereinafter, translation is included without limitation in
 the term "modification".)  Each licensee is addressed as "you".
-Activities other than copying, distribution and modification are not
+**0.** This License applies to any program or other work which contains a notice
-covered by this License; they are outside its scope.  The act of
+placed by the copyright holder saying it may be distributed under the terms of
-running the Program is not restricted, and the output from the Program
+this General Public License. The "Program", below, refers to any such program or
-is covered only if its contents constitute a work based on the
+work, and a "work based on the Program" means either the Program or any
-Program (independent of having been made by running the Program).
+derivative work under copyright law: that is to say, a work containing the
-Whether that is true depends on what the Program does.
+Program or a portion of it, either verbatim or with modifications and/or
 translated into another language. (Hereinafter, translation is included without
 limitation in the term "modification".) Each licensee is addressed as "you".
-  1. You may copy and distribute verbatim copies of the Program's
+Activities other than copying, distribution and modification are not covered by
-source code as you receive it, in any medium, provided that you
+this License; they are outside its scope. The act of running the Program is not
-conspicuously and appropriately publish on each copy an appropriate
+restricted, and the output from the Program is covered only if its contents
-copyright notice and disclaimer of warranty; keep intact all the
+constitute a work based on the Program (independent of having been made by
-notices that refer to this License and to the absence of any warranty;
+running the Program). Whether that is true depends on what the Program does.
 and give any other recipients of the Program a copy of this License
 along with the Program.
-You may charge a fee for the physical act of transferring a copy, and
+**1.** You may copy and distribute verbatim copies of the Program's source code
-you may at your option offer warranty protection in exchange for a fee.
+as you receive it, in any medium, provided that you conspicuously and
 appropriately publish on each copy an appropriate copyright notice and
 disclaimer of warranty; keep intact all the notices that refer to this License
 and to the absence of any warranty; and give any other recipients of the Program
 a copy of this License along with the Program.
-  2. You may modify your copy or copies of the Program or any portion
+You may charge a fee for the physical act of transferring a copy, and you may at
-of it, thus forming a work based on the Program, and copy and
+your option offer warranty protection in exchange for a fee.
 distribute such modifications or work under the terms of Section 1
 above, provided that you also meet all of these conditions:
-    a) You must cause the modified files to carry prominent notices
+**2.** You may modify your copy or copies of the Program or any portion of it,
-    stating that you changed the files and the date of any change.
+thus forming a work based on the Program, and copy and distribute such
 modifications or work under the terms of Section 1 above, provided that you also
 meet all of these conditions:
-    b) You must cause any work that you distribute or publish, that in
+*   **a)** You must cause the modified files to carry prominent notices stating
-    whole or in part contains or is derived from the Program or any
+    that you changed the files and the date of any change.
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.
-    c) If the modified program normally reads commands interactively
+*   **b)** You must cause any work that you distribute or publish, that in whole
-    when run, you must cause it, when started running for such
+    or in part contains or is derived from the Program or any part thereof, to
-    interactive use in the most ordinary way, to print or display an
+    be licensed as a whole at no charge to all third parties under the terms of
-    announcement including an appropriate copyright notice and a
+    this License.
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)
-These requirements apply to the modified work as a whole.  If
+*   **c)** If the modified program normally reads commands interactively when
-identifiable sections of that work are not derived from the Program,
+    run, you must cause it, when started running for such interactive use in the
-and can be reasonably considered independent and separate works in
+    most ordinary way, to print or display an announcement including an
-themselves, then this License, and its terms, do not apply to those
+    appropriate copyright notice and a notice that there is no warranty (or
-sections when you distribute them as separate works.  But when you
+    else, saying that you provide a warranty) and that users may redistribute
-distribute the same sections as part of a whole which is a work based
+    the program under these conditions, and telling the user how to view a copy
-on the Program, the distribution of the whole must be on the terms of
+    of this License. (Exception: if the Program itself is interactive but does
-this License, whose permissions for other licensees extend to the
+    not normally print such an announcement, your work based on the Program is
-entire whole, and thus to each and every part regardless of who wrote it.
+    not required to print an announcement.)
-Thus, it is not the intent of this section to claim rights or contest
+These requirements apply to the modified work as a whole. If identifiable
-your rights to work written entirely by you; rather, the intent is to
+sections of that work are not derived from the Program, and can be reasonably
-exercise the right to control the distribution of derivative or
+considered independent and separate works in themselves, then this License, and
-collective works based on the Program.
+its terms, do not apply to those sections when you distribute them as separate
 works. But when you distribute the same sections as part of a whole which is a
 work based on the Program, the distribution of the whole must be on the terms of
 this License, whose permissions for other licensees extend to the entire whole,
 and thus to each and every part regardless of who wrote it.
-In addition, mere aggregation of another work not based on the Program
+Thus, it is not the intent of this section to claim rights or contest your
-with the Program (or with a work based on the Program) on a volume of
+rights to work written entirely by you; rather, the intent is to exercise the
-a storage or distribution medium does not bring the other work under
+right to control the distribution of derivative or collective works based on the
-the scope of this License.
+Program.
-  3. You may copy and distribute the Program (or a work based on it,
+In addition, mere aggregation of another work not based on the Program with the
-under Section 2) in object code or executable form under the terms of
+Program (or with a work based on the Program) on a volume of a storage or
-Sections 1 and 2 above provided that you also do one of the following:
+distribution medium does not bring the other work under the scope of this
 License.
-    a) Accompany it with the complete corresponding machine-readable
+**3.** You may copy and distribute the Program (or a work based on it, under
-    source code, which must be distributed under the terms of Sections
+Section 2) in object code or executable form under the terms of Sections 1 and 2
-    1 and 2 above on a medium customarily used for software interchange; or,
+above provided that you also do one of the following:
-    b) Accompany it with a written offer, valid for at least three
+*   **a)** Accompany it with the complete corresponding machine-readable source
-    years, to give any third party, for a charge no more than your
+    code, which must be distributed under the terms of Sections 1 and 2 above on
-    cost of physically performing source distribution, a complete
+    a medium customarily used for software interchange; or,
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,
-    c) Accompany it with the information you received as to the offer
+*   **b)** Accompany it with a written offer, valid for at least three years, to
-    to distribute corresponding source code.  (This alternative is
+    give any third party, for a charge no more than your cost of physically
-    allowed only for noncommercial distribution and only if you
+    performing source distribution, a complete machine-readable copy of the
-    received the program in object code or executable form with such
+    corresponding source code, to be distributed under the terms of Sections 1
-    an offer, in accord with Subsection b above.)
+    and 2 above on a medium customarily used for software interchange; or,
-The source code for a work means the preferred form of the work for
+*   **c)** Accompany it with the information you received as to the offer to
-making modifications to it.  For an executable work, complete source
+    distribute corresponding source code. (This alternative is allowed only for
-code means all the source code for all modules it contains, plus any
+    noncommercial distribution and only if you received the program in object
-associated interface definition files, plus the scripts used to
+    code or executable form with such an offer, in accord with Subsection b
-control compilation and installation of the executable.  However, as a
+    above.)
 special exception, the source code distributed need not include
 anything that is normally distributed (in either source or binary
 form) with the major components (compiler, kernel, and so on) of the
 operating system on which the executable runs, unless that component
 itself accompanies the executable.
-If distribution of executable or object code is made by offering
+The source code for a work means the preferred form of the work for making
-access to copy from a designated place, then offering equivalent
+modifications to it. For an executable work, complete source code means all the
-access to copy the source code from the same place counts as
+source code for all modules it contains, plus any associated interface
-distribution of the source code, even though third parties are not
+definition files, plus the scripts used to control compilation and installation
-compelled to copy the source along with the object code.
+of the executable. However, as a special exception, the source code distributed
 need not include anything that is normally distributed (in either source or
 binary form) with the major components (compiler, kernel, and so on) of the
 operating system on which the executable runs, unless that component itself
 accompanies the executable.
-  4. You may not copy, modify, sublicense, or distribute the Program
+If distribution of executable or object code is made by offering access to copy
-except as expressly provided under this License.  Any attempt
+from a designated place, then offering equivalent access to copy the source code
-otherwise to copy, modify, sublicense or distribute the Program is
+from the same place counts as distribution of the source code, even though third
-void, and will automatically terminate your rights under this License.
+parties are not compelled to copy the source along with the object code.
 However, parties who have received copies, or rights, from you under
 this License will not have their licenses terminated so long as such
 parties remain in full compliance.
-  5. You are not required to accept this License, since you have not
+**4.** You may not copy, modify, sublicense, or distribute the Program except as
-signed it.  However, nothing else grants you permission to modify or
+expressly provided under this License. Any attempt otherwise to copy, modify,
-distribute the Program or its derivative works.  These actions are
+sublicense or distribute the Program is void, and will automatically terminate
-prohibited by law if you do not accept this License.  Therefore, by
+your rights under this License. However, parties who have received copies, or
-modifying or distributing the Program (or any work based on the
+rights, from you under this License will not have their licenses terminated so
-Program), you indicate your acceptance of this License to do so, and
+long as such parties remain in full compliance.
-all its terms and conditions for copying, distributing or modifying
+
 **5.** You are not required to accept this License, since you have not signed
 it. However, nothing else grants you permission to modify or distribute the
 Program or its derivative works. These actions are prohibited by law if you do
 not accept this License. Therefore, by modifying or distributing the Program (or
 any work based on the Program), you indicate your acceptance of this License to
 do so, and all its terms and conditions for copying, distributing or modifying
 the Program or works based on it.
-  6. Each time you redistribute the Program (or any work based on the
+**6.** Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
+Program), the recipient automatically receives a license from the original
-original licensor to copy, distribute or modify the Program subject to
+licensor to copy, distribute or modify the Program subject to these terms and
-these terms and conditions.  You may not impose any further
+conditions. You may not impose any further restrictions on the recipients'
-restrictions on the recipients' exercise of the rights granted herein.
+exercise of the rights granted herein. You are not responsible for enforcing
-You are not responsible for enforcing compliance by third parties to
+compliance by third parties to this License.
 this License.
-  7. If, as a consequence of a court judgment or allegation of patent
+**7.** If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
+infringement or for any other reason (not limited to patent issues), conditions
-conditions are imposed on you (whether by court order, agreement or
+are imposed on you (whether by court order, agreement or otherwise) that
-otherwise) that contradict the conditions of this License, they do not
+contradict the conditions of this License, they do not excuse you from the
-excuse you from the conditions of this License.  If you cannot
+conditions of this License. If you cannot distribute so as to satisfy
-distribute so as to satisfy simultaneously your obligations under this
+simultaneously your obligations under this License and any other pertinent
-License and any other pertinent obligations, then as a consequence you
+obligations, then as a consequence you may not distribute the Program at all.
-may not distribute the Program at all.  For example, if a patent
+For example, if a patent license would not permit royalty-free redistribution of
-license would not permit royalty-free redistribution of the Program by
+the Program by all those who receive copies directly or indirectly through you,
-all those who receive copies directly or indirectly through you, then
+then the only way you could satisfy both it and this License would be to refrain
-the only way you could satisfy both it and this License would be to
+entirely from distribution of the Program.
 refrain entirely from distribution of the Program.
-If any portion of this section is held invalid or unenforceable under
+If any portion of this section is held invalid or unenforceable under any
-any particular circumstance, the balance of the section is intended to
+particular circumstance, the balance of the section is intended to apply and the
-apply and the section as a whole is intended to apply in other
+section as a whole is intended to apply in other circumstances.
 circumstances.
-It is not the purpose of this section to induce you to infringe any
+It is not the purpose of this section to induce you to infringe any patents or
-patents or other property right claims or to contest validity of any
+other property right claims or to contest validity of any such claims; this
-such claims; this section has the sole purpose of protecting the
+section has the sole purpose of protecting the integrity of the free software
-integrity of the free software distribution system, which is
+distribution system, which is implemented by public license practices. Many
-implemented by public license practices.  Many people have made
+people have made generous contributions to the wide range of software
-generous contributions to the wide range of software distributed
+distributed through that system in reliance on consistent application of that
-through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing to
-system; it is up to the author/donor to decide if he or she is willing
+distribute software through any other system and a licensee cannot impose that
-to distribute software through any other system and a licensee cannot
+choice.
 impose that choice.
-This section is intended to make thoroughly clear what is believed to
+This section is intended to make thoroughly clear what is believed to be a
-be a consequence of the rest of this License.
+consequence of the rest of this License.
-  8. If the distribution and/or use of the Program is restricted in
+**8.** If the distribution and/or use of the Program is restricted in certain
-certain countries either by patents or by copyrighted interfaces, the
+countries either by patents or by copyrighted interfaces, the original copyright
-original copyright holder who places the Program under this License
+holder who places the Program under this License may add an explicit
-may add an explicit geographical distribution limitation excluding
+geographical distribution limitation excluding those countries, so that
-those countries, so that distribution is permitted only in or among
+distribution is permitted only in or among countries not thus excluded. In such
-countries not thus excluded.  In such case, this License incorporates
+case, this License incorporates the limitation as if written in the body of this
-the limitation as if written in the body of this License.
+License.
-  9. The Free Software Foundation may publish revised and/or new versions
+**9.** The Free Software Foundation may publish revised and/or new versions of
-of the General Public License from time to time.  Such new versions will
+the General Public License from time to time. Such new versions will be similar
-be similar in spirit to the present version, but may differ in detail to
+in spirit to the present version, but may differ in detail to address new
-address new problems or concerns.
+problems or concerns.
-Each version is given a distinguishing version number.  If the Program
+Each version is given a distinguishing version number. If the Program specifies
-specifies a version number of this License which applies to it and "any
+a version number of this License which applies to it and "any later version",
-later version", you have the option of following the terms and conditions
+you have the option of following the terms and conditions either of that version
-either of that version or of any later version published by the Free
+or of any later version published by the Free Software Foundation. If the
-Software Foundation.  If the Program does not specify a version number of
+Program does not specify a version number of this License, you may choose any
-this License, you may choose any version ever published by the Free Software
+version ever published by the Free Software Foundation.
 Foundation.
-  10. If you wish to incorporate parts of the Program into other free
+**10.** If you wish to incorporate parts of the Program into other free programs
-programs whose distribution conditions are different, write to the author
+whose distribution conditions are different, write to the author to ask for
-to ask for permission.  For software which is copyrighted by the Free
+permission. For software which is copyrighted by the Free Software Foundation,
-Software Foundation, write to the Free Software Foundation; we sometimes
+write to the Free Software Foundation; we sometimes make exceptions for this.
-make exceptions for this.  Our decision will be guided by the two goals
+Our decision will be guided by the two goals of preserving the free status of
-of preserving the free status of all derivatives of our free software and
+all derivatives of our free software and of promoting the sharing and reuse of
-of promoting the sharing and reuse of software generally.
+software generally.
                            NO WARRANTY
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+No Warranty
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+-----------
 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
 OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
 TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
 PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
 REPAIR OR CORRECTION.
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+**11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
 POSSIBILITY OF SUCH DAMAGES.
-                     END OF TERMS AND CONDITIONS
+**12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE
-            How to Apply These Terms to Your New Programs
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
-  If you develop a new program, and you want it to be of the greatest
+INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
-possible use to the public, the best way to achieve this is to make it
+BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
-free software which everyone can redistribute and change under these terms.
+FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER
-
+OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  To do so, attach the following notices to the program.  It is safest
 to attach them to the start of each source file to most effectively
 convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
    {description}
    Copyright (C) {year}  {fullname}
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 Also add information on how to contact you by electronic and paper mail.
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
    Gnomovision version 69, Copyright (C) year name of author
    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.
 The hypothetical commands `show w' and `show c' should show the appropriate
 parts of the General Public License.  Of course, the commands you use may
 be called something other than `show w' and `show c'; they could even be
 mouse-clicks or menu items--whatever suits your program.
 You should also get your employer (if you work as a programmer) or your
 school, if any, to sign a "copyright disclaimer" for the program, if
 necessary.  Here is a sample; alter the names:
  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
  `Gnomovision' (which makes passes at compilers) written by James Hacker.
  {signature of Ty Coon}, 1 April 1989
  Ty Coon, President of Vice
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
--- a/macros/LICENSE.md
+++ b/macros/LICENSE.md
@ -0,0 +1 @@
 LICENSE
--- a/macros/README.md
+++ b/macros/README.md
@ -1,29 +1,26 @@
-autoconf-macros README
+autoconf-macros
-======================
+===============
 Sections below are: Purpose, Contents, Usage, References
 ##Purpose
 The purpose of Nagios autoconf-macros is to have a central place for
 autoconf macros that can be maintained in one place, but be used by any
 of the Nagios software. It is intended to be used as a git subtree.
-See the Usage and References section below.
+See the [Usage](#usage) and [References](#references) sections below.
 Since this project will be included in several parent projects, any
 changes must be as project-neutral as possible.
 Make sure to check out the [CHANGELOG](CHANGELOG.md) for relevant 
 information, as well.
-## Contents
+Contents
 --------
 The collection consists of the following macros:
 ### AX_NAGIOS_GET_OS alias AC_NAGIOS_GET_OS
-> Output Variable : opsys
+> Output Variable : `opsys`
 This macro detects the operating system, and transforms it into a generic
 label. The most common OS's that use Nagios software are recognized and
@ -31,7 +28,7 @@ used in subsequent macros.
 ### AX_NAGIOS_GET_DISTRIB_TYPE alias AC_NAGIOS_GET_DISTRIB_TYPE
-> Output Variables : dist_type, dist_ver
+> Output Variables : `dist_type`, `dist_ver`
 This macro detects the distribution type. For Linux, this would be rh
 (for Red Hat and derivitives), suse (OpenSUSE, SLES, derivitives), gentoo
@ -41,7 +38,7 @@ also be aix, solaris, osx, and so on for Unix operating systems.
 ### AX_NAGIOS_GET_INIT alias AC_NAGIOS_GET_INIT
-> Output Variable : init_type
+> Output Variable : `init_type`
 This macro detects what software is used to start daemons on bootup
 or on request, generally knows as the "init system". The init_type
@ -51,7 +48,7 @@ gentoo (older Gentoo), upstart (several), or unknown.
 ### AX_NAGIOS_GET_INETD alias AC_NAGIOS_GET_INETD
-> Output Variable : inetd_type
+> Output Variable : `inetd_type`
 This macro detects what software is used to start daemons or services
 on demand, which historically has been "inetd". The inetd_type
@ -60,7 +57,7 @@ will generally be one of inetd, xinetd, launchd (OS X), smf10 or smf11
 ### AX_NAGIOS_GET_PATHS alias AC_NAGIOS_GET_PATHS
-> Output Variables : many!
+> Output Variables : **many!**
 This macro determines the installation paths for binaries, config files,
 PID files, and so on. For a "standard" install of Nagios, NRPE, NDO Utils,
@ -72,7 +69,7 @@ O/S dependant directories, such as /usr/bin, /usr/sbin, /var/lib/nagios,
 ### AX_NAGIOS_GET_FILES alias AC_NAGIOS_GET_FILES
-> Output Variables : src_init, src_inetd, src_tmpfile
+> Output Variables : `src_init`, `src_inetd`, `src_tmpfile`
 Each Nagios project will have a top-level directory named "/startup/".
 In that directory will be "*.in" files for the various "init_type" and
@ -81,7 +78,7 @@ that directory will be needed.
 ### AX_NAGIOS_GET_SSL alias AC_NAGIOS_GET_SSL
-> Output Variables : HAVE_KRB5_H, HAVE_SSL, SSL_INC_DIR, SSL_LIB_DIR, CFLAGS, LDFLAGS, LIBS
+> Output Variables : `HAVE_KRB5_H`, `HAVE_SSL`, `SSL_INC_DIR`, `SSL_LIB_DIR`, `CFLAGS`, `LDFLAGS`, `LIBS`
 This macro checks various directories for SSL libraries and header files.
 The searches are based on known install locations on various operating
@ -90,8 +87,8 @@ If it finds the headers and libraries, it will then do an `AC_LINK_IFELSE`
 on a simple program to make sure a compile and link will work correctly.
-
+Usage
-## Usage
+-----
 This repo is intended to be used as a git subtree, so changes will
 automatically propogate, and still be reasonably easy to use.
@ -112,7 +109,8 @@ it should look like this:
           .git/      .gitignore    ChangeLog   LICENSE   Makefile.in
           README     configure.ac  include/    macros/   src/
-The `macros/` directory has been added.
+
 * The `macros/` directory has been added.
 * Now do a `git push` to save everything.
@ -132,8 +130,8 @@ master.
           git subtgree pull --squash --prefix=macros autoconf-macros master
-
+References
-## References
+----------
 Now that autoconf-macros is available to your project, you will need to
 reference it.
@ -165,3 +163,37 @@ where you want to check for SSL:
 * You will now be able to reference any of the variables in `config.h.in`
 and any files listed in the `AC_CONFIG_FILES` macro in `configure.ac`.
 License Notice
 --------------
 Copyright (c) 2016-2017 Nagios Enterprises, LLC
 This work is made available to you under the terms of Version 2 of
 the GNU General Public License. A copy of that license should have
 been provided with this software, but in any event can be obtained
 from http://www.fsf.org.
 This work is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 02110-1301 or visit their web page on the internet at
 http://www.fsf.org.
 Questions?
 ----------
 If you have questions about this addon, or problems getting things
 working, first try searching the nagios-users mailing list archives.
 Details on searching the list archives can be found at
 http://www.nagios.org
 If you don't find an answer there, post a message in the Nagios
 Plugin Development forum at https://support.nagios.com/forum/viewforum.php?f=35
--- a/macros/ax_nagios_get_distrib
+++ b/macros/ax_nagios_get_distrib
@ -96,10 +96,12 @@ AC_SUBST(dist_ver)
 					[bsd],
 						dist_type=`uname -s | tr ["[A-Z]" "[a-z]"]`
 						dist_ver=`uname -r`,
-					[aix|hp-ux],
+					[aix],
-						dist_ver=$OSTYPE,
+						dist_ver="`uname -v`.`uname -r`",
 					[hp-ux],
 						dist_ver=`uname -r | cut -d'.' -f1-3`,
 					[solaris],
-						dist_ver=`echo $OSTYPE | cut -d'.' -f2`,
+						dist_ver=`uname -r | cut -d'.' -f2`,
 					[*],
 						dist_ver=$OSTYPE
 				)
--- a/macros/ax_nagios_get_files
+++ b/macros/ax_nagios_get_files
@ -97,7 +97,7 @@ AS_CASE([$init_type],
 		fi,
 	[launchd],
-		src_init="mac-init.plist"
+		src_init="mac-init.plist",
 	[*],
 		src_init="unknown"
--- a/macros/ax_nagios_get_inetd
+++ b/macros/ax_nagios_get_inetd
@ -93,30 +93,25 @@ AC_SUBST(inetd_type)
 			inetd_disabled=""
-			if test x"$init_type" = "xupstart"; then
+			AS_CASE([$dist_type],
-				inetd_type="upstart"
+				[solaris],
-			elif test "$opsys" = "osx"; then
+					if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
-				inetd_type="launchd"
+						inetd_type="$init_type"
-			fi
+					else
 						inetd_type="inetd"
 					fi,
-			if test x"$inetd_type" = x; then
+				[*bsd*],
-				AS_CASE([$dist_type],
+					inetd_type=`ps -A -o comm -c | grep inetd`,
 					[solaris],
 						if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
 							inetd_type="$init_type"
 						else
 							inetd_type="inetd"
 						fi,
-					[*bsd*],
+				[osx],
-						inetd_type=`ps -A -o comm -c | grep inetd`,
+					inetd_type=`launchd`,
-					[aix|hp-ux],
+				[aix|hp-ux],
-						inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
+					inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
-					[*],
+				[*],
-						inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND`])
+					inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
 			fi
 			if test x"$inetd_type" = x; then
 				if test -f /etc/xinetd.conf -a -d /etc/xinetd.d; then
@ -127,6 +122,12 @@ AC_SUBST(inetd_type)
 					inetd_disabled="(Not running)"
 				fi
 			fi
 			if test x"$inetd_type" = x; then
 				if test x"$init_type" = "xupstart"; then
 					inetd_type="upstart"
 				fi
 			fi
 			if test x"$inetd_type" = x; then
 				if test x"$init_type" = "xsystemd"; then
--- a/macros/ax_nagios_get_init
+++ b/macros/ax_nagios_get_init
@ -119,14 +119,19 @@ AC_SUBST(init_type)
 			elif test "$dist_type" = "slackware"; then
 				init_type="bsd"
 				init_type_wanted=no
 			elif test "$dist_type" = "aix"; then
 				init_type="bsd"
 				init_type_wanted=no
 			elif test "$dist_type" = "hp-ux"; then
 				init_type="unknown"
 				init_type_wanted=no
 			fi
 		fi
 		PSCMD="ps -p1 -o args"
-		AS_CASE([$dist_type],
+		if test $dist_type = solaris; then
-			[aix],		PSCMD="env UNIX95=1; ps -p1 -o args",
+			PSCMD="env UNIX95=1; ps -p1 -o args"
-			[solaris],	PSCMD="env UNIX95=1; ps -p1 -o args",
+		fi
 			[hp-ux],	PSCMD="env UNIX95=1; ps -p1 -o args")
 		if test "$init_type_wanted" = yes; then
 			pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
@ -173,7 +178,7 @@ AC_SUBST(init_type)
 			if test "$init_type_wanted" = yes; then
 				if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
-					if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then
+					if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then
 						init_type="upstart"
 						init_type_wanted=no
 					elif test -f "/etc/rc" -a ! -L "/etc/rc"; then
--- a/macros/ax_nagios_get_paths
+++ b/macros/ax_nagios_get_paths
@ -119,16 +119,21 @@ AS_CASE([$dist_type],
 	[*solaris*|*hp-ux*|*aix*|*osx*], opsys=unix)
-need_cgi=no
+						# Does this package need to know:
-need_web=no
+need_cgi=no				# where the cgi-bin directory is
-need_brk=no
+need_web=no				# where the website directory is
-need_plg=no
+need_brk=no				# where the event broker modules directory is
-need_pipe=no
+need_plg=no				# where the plugins directory is
-need_spl=no
+need_pipe=no			# where the pipe directory is
-need_loc=no
+need_spl=no				# where the spool directory is
-need_log_subdir=no
+need_loc=no				# where the locale directory is
-need_etc_subdir=no
+need_log_subdir=no		# where the loc sub-directory is
-need_pls_dir=no
+need_etc_subdir=no		# where the etc sub-directory is
 need_pls_dir=no			# where the package locate state directory is
 if test x"$INIT_PROG" = x; then
 	INIT_PROG="$PKG_NAME"
 fi
 AS_CASE([$PKG_NAME],
 	[nagios],
@ -143,6 +148,7 @@ AS_CASE([$PKG_NAME],
 		need_web=yes,
 	[ndoutils],
 		need_brk=yes
 		need_spl=yes,
 	[nrpe],
@ -284,14 +290,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles.d"}
 if test ! -d "$tmpfilesd"; then
 	tmpfilesd="N/A"
 else
-	tmpfilesd="$tmpfilesd/$PKG_NAME.conf"
+	tmpfilesd="$tmpfilesd/$INIT_PROG.conf"
 fi
 subsyslockdir=${subsyslockdir="/var/lock/subsys"}
 if test ! -d "$subsyslockdir"; then
 	subsyslockdir="N/A"
 	subsyslockfile="N/A"
 else
-	subsyslockfile="$subsyslockdir/$PKG_NAME"
+	subsyslockfile="$subsyslockdir/$INIT_PROG"
 fi
 if test "$need_loc" = no; then
 	localedir="N/A"
@ -372,23 +378,23 @@ elif test $opsys = "linux"; then
 	fi
 	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
 	if test $need_log_subdir = yes; then
-		logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+		logdir=${logdir="$localstatedir/log/$INIT_PROG"}
 	else
 		logdir=${logdir="$localstatedir/log"}
 	fi
-	piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+	piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
 	if test "$need_pipe" = yes; then
-		pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+		pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
 	else
 		pipedir="N/A"
 	fi
 	if test "$need_pls_dir" = yes; then
-		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
 	else
 		pkglocalstatedir="N/A"
 	fi
 	if test "$need_spl" = yes; then
-		spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+		spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
 	else
 		spooldir="N/A"
 	fi
@ -437,7 +443,7 @@ elif test $opsys = "unix"; then
 	fi
 	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
 	if test "$need_pls_dir" = yes; then
-		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
 	else
 		pkglocalstatedir="N/A"
 	fi
@ -445,7 +451,7 @@ elif test $opsys = "unix"; then
 		localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
 	fi
 	if test "$need_spl" = yes; then
-		spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+		spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
 	else
 		spooldir="N/A"
 	fi
@ -471,14 +477,14 @@ elif test $opsys = "unix"; then
 			logdir=${logdir="$pkglocalstatedir/log"},
 		[*],
-			piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+			piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
 			if test "$need_pipe" = yes; then
-				pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+				pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
 			else
 				pipedir="N/A"
 			fi
 			if test $need_log_subdir = yes; then
-				logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+				logdir=${logdir="$localstatedir/log/$INIT_PROG"}
 			else
 				logdir=${logdir="$localstatedir/log"}
 			fi
@ -528,7 +534,7 @@ elif test $opsys = "bsd"; then
 	fi
 	privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
 	if test "$need_pls_dir" = yes; then
-		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+		pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
 	else
 		pkglocalstatedir="N/A"
 	fi
@ -536,7 +542,7 @@ elif test $opsys = "bsd"; then
 		localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
 	fi
 	if test "$need_spl" = yes; then
-		spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+		spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
 	else
 		spooldir="N/A"
 	fi
@ -561,14 +567,14 @@ elif test $opsys = "bsd"; then
 	else
 		cgibindir="N/A"
 	fi
-	piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+	piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
 	if test "$need_pipe" = yes; then
-		pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+		pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
 	else
 		pipedir="N/A"
 	fi
 	if test $need_log_subdir = yes; then
-		logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+		logdir=${logdir="$localstatedir/log/$INIT_PROG"}
 	else
 		logdir=${logdir="$localstatedir/log"}
 	fi
@ -604,11 +610,13 @@ eval libexecdir=$libexecdir
 eval brokersdir=$brokersdir
 eval pluginsdir=$pluginsdir
 eval cgibindir=$cgibindir
 eval localstatedir=$localstatedir
 eval pkglocalstatedir=$pkglocalstatedir
 eval webdir=$webdir
 eval localedir=$localedir
 eval sysconfdir=$sysconfdir
 eval pkgsysconfdir=$pkgsysconfdir
 eval logdir=$logdir
 eval piddir=$piddir
 #
@ -622,9 +630,9 @@ AS_CASE([$init_type],
 		else
 			initdir=${initdir="/etc/init.d"}
 		fi
-		initname=${initname="$PKG_NAME"}
+		initname=${initname="$INIT_PROG"}
 		initconfdir=${initconfdir="/etc/conf.d"}
-		initconf=${initconf="$initconfdir/$PKG_NAME"},
+		initconf=${initconf="$initconfdir/$INIT_PROG"},
 	[systemd],
 		if test $dist_type = "debian"; then
@ -632,27 +640,32 @@ AS_CASE([$init_type],
 		else
 			initdir=${initdir="/usr/lib/systemd/system"}
 		fi
-		initname=${initname="$PKG_NAME.service"},
+		initname=${initname="$INIT_PROG.service"},
 	[bsd],
-		initdir=${initdir="/etc/rc.d"}
+		if test $dist_type = "aix"; then
-		initname=${initname="rc.$PKG_NAME"},
+			initdir=${initdir="/sbin/rc.d/init.d"}
 			initname=${initname="$INIT_PROG"}
 		else
 			initdir=${initdir="/etc/rc.d"}
 			initname=${initname="rc.$INIT_PROG"}
 		fi,
 	[newbsd],
 		initdir=${initdir="/etc/rc.d"}
-		initname=${initname="$PKG_NAME"},
+		initname=${initname="$INIT_PROG"},
 	[gentoo],
 		initdir=${initdir="/etc/init.d"}
-		initname=${initname="$PKG_NAME"}
+		initname=${initname="$INIT_PROG"}
 		initconfdir=${initconfdir="/etc/init.d"}
-		initconf=${initconf="$initconfdir/$PKG_NAME"},
+		initconf=${initconf="$initconfdir/$INIT_PROG"},
 	[openrc],
 		initdir=${initdir="/etc/init.d"}
-		initname=${initname="$PKG_NAME"}
+		initname=${initname="$INIT_PROG"}
 		initconfdir=${initconfdir="/etc/conf.d"}
-		initconf=${initconf="$initconfdir/$PKG_NAME"},
+		initconf=${initconf="$initconfdir/$INIT_PROG"},
 	[smf*],
 		if test $init_type = smf10; then
@ -660,21 +673,21 @@ AS_CASE([$init_type],
 		else
 			initdir=${initdir="/lib/svc/manifest/network/nagios"}
 		fi
-		initname=${initname="$PKG_NAME.xml"}
+		initname=${initname="$INIT_PROG.xml"}
 		initconfdir=unknown
 		initconf=unknown,
 	[upstart],
 		initdir=${initdir="/etc/init"}
-		initname=${initname="$PKG_NAME.conf"}
+		initname=${initname="$INIT_PROG.conf"}
 		initconfdir=${initconfdir="/etc/default"}
-		initconf=${initconf="$initconfdir/$PKG_NAME"},
+		initconf=${initconf="$initconfdir/$INIT_PROG"},
 	[launchd],
 		initdir=${initdir="/Library/LaunchDaemons"}
-		initname=${initname="org.nagios.$PKG_NAME.plist"},
+		initname=${initname="org.nagios.$INIT_PROG.plist"},
 #		initconfdir=${initconfdir="/private/etc"}
-#		initconf=${initconf="$initconfdir/$PKG_NAME"},
+#		initconf=${initconf="$initconfdir/$INIT_PROG"},
 	[*],
@ -691,7 +704,7 @@ AS_CASE([$inetd_type],
 	[xinetd],
 		inetddir=${inetddir="/etc/xinetd.d"}
-		inetdname=${inetdname="$PKG_NAME"},
+		inetdname=${inetdname="$INIT_PROG"},
 	[systemd],
 		if test $dist_type = "debian"; then
@ -699,7 +712,7 @@ AS_CASE([$inetd_type],
 		else
 			inetddir=${inetddir="/usr/lib/systemd/system"}
 		fi
-		netdname=${inetdname="$PKG_NAME.socket"},
+		netdname=${inetdname="$INIT_PROG.socket"},
 	[smf*],
 		if test $init_type = smf10; then
@ -707,15 +720,15 @@ AS_CASE([$inetd_type],
 		else
 			inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
 		fi
-		inetdname=${inetdname="$PKG_NAME.xml"},
+		inetdname=${inetdname="$INIT_PROG.xml"},
 #	[upstart],
 #		inetddir=${inetddir="/etc/init.d"}
-#		inetdname=${inetdname="$PKG_NAME"},
+#		inetdname=${inetdname="$INIT_PROG"},
 	[launchd],
 		inetddir=${inetddir="/Library/LaunchDaemons"}
-		inetdname=${inetdname="org.nagios.$PKG_NAME.plist"},
+		inetdname=${inetdname="org.nagios.$INIT_PROG.plist"},
 	[*],
 		inetddir=${inetddir="unknown"}
--- a/macros/ax_nagios_get_ssl
+++ b/macros/ax_nagios_get_ssl
@ -59,6 +59,7 @@ SSL_HDR=
 SSL_LIB_DIR=
 AC_SUBST(HAVE_SSL)
 AC_SUBST(SSL_TYPE)
 AC_SUBST(SSL_INC_DIR)
 AC_SUBST(SSL_HDR)
 AC_SUBST(SSL_INC_PREFIX)
--- a/nrpe.spec.in
+++ b/nrpe.spec.in
@ -9,6 +9,7 @@
 %endif
 %if %{islinux}
 	%define _init_dir @initdir@
 	%define _init_type @init_type@
 	%define _exec_prefix %{_prefix}/sbin
 	%define _bindir %{_prefix}/sbin
 	%define _sbindir %{_prefix}/lib/nagios/cgi
@ -21,7 +22,7 @@
 %define _sysconfdir /etc/nagios
 %define name @PACKAGE_NAME@
-%define version @PACKAGE_VERSION@
+%define version 3.2.1
 %define release @RPM_RELEASE@
 %define nsusr @nrpe_user@
 %define nsgrp @nrpe_group@
@ -32,7 +33,7 @@
 # rpm -ba|--rebuild --define 'nsport 5666'
 %{?port:%define nsport %{port}}
-# Macro that print mesages to syslog at package (un)install time
+# Macro that print messages to syslog at package (un)install time
 %define nnmmsg logger -t %{name}/rpm
 Summary: Host/service/network monitoring agent for Nagios
@ -127,7 +128,7 @@ fi
 export PATH=$PATH:/usr/sbin
 CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" \
 MAKE=%{_make} ./configure \
-	--with-init-dir=/etc/init.d \
+	--with-init-type=%{_init_type} \
 	--with-nrpe-port=%{nsport} \
 	--with-nrpe-user=%{nsusr} \
 	--with-nrpe-group=%{nsgrp} \
@ -168,13 +169,13 @@ rm -rf $RPM_BUILD_ROOT
@tmpfilesd@
 %endif
 %{_bindir}/nrpe-uninstall
-%doc Changelog LEGAL README.md README.SSL.md SECURITY.md
+%doc CHANGELOG.md LEGAL README.md README.SSL.md SECURITY.md
 %files plugin
 %defattr(755,%{nsusr},%{nsgrp})
 %{_libexecdir}
 %defattr(644,%{nsusr},%{nsgrp})
-%doc Changelog LEGAL README.md
+%doc CHANGELOG.md LEGAL README.md
 %changelog
 * Thu Aug 18 2016 John Frickson jfrickson<@>nagios.com
--- a/sample-config/nrpe.cfg.in
+++ b/sample-config/nrpe.cfg.in
@ -1,13 +1,13 @@
 #############################################################################
 # Sample NRPE Config File
 # Written by: Ethan Galstad (nagios@nagios.org)
 #
-# Last Modified: 2016-05-10
+#  Sample NRPE Config File
 #
 #  Notes:
 #
 #  This is a sample configuration file for the NRPE daemon.  It needs to be
 #  located on the remote host that is running the NRPE daemon, not the host
 #  from which the check_nrpe client is being executed.
 #
 # NOTES:
 # This is a sample configuration file for the NRPE daemon.  It needs to be
 # located on the remote host that is running the NRPE daemon, not the host
 # from which the check_nrpe client is being executed.
 #############################################################################
@ -18,6 +18,14 @@ log_facility=@log_facility@
 # LOG FILE
 # If a log file is specified in this option, nrpe will write to
 # that file instead of using syslog.
 #log_file=@logdir@/nrpe.log
 # DEBUGGING OPTION
 # This option determines whether or not debugging messages are logged to the
 # syslog facility.
@ -38,7 +46,7 @@ pid_file=@piddir@/nrpe.pid
 # PORT NUMBER
 # Port number we should wait for connections on.
-# NOTE: This must be a non-priviledged port (i.e. > 1024).
+# NOTE: This must be a non-privileged port (i.e. > 1024).
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 server_port=@nrpe_port@
@ -95,7 +103,7 @@ nrpe_group=@nrpe_group@
 #
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-allowed_hosts=127.0.0.1
+allowed_hosts=127.0.0.1,::1
@ -115,7 +123,7 @@ dont_blame_nrpe=0
-# BASH COMMAND SUBTITUTION
+# BASH COMMAND SUBSTITUTION
 # This option determines whether or not the NRPE daemon will allow clients
 # to specify arguments that contain bash command substitutions of the form
 # $(...).  This option only works if the daemon was configured with both
@ -141,7 +149,7 @@ allow_bash_command_substitution=0
 # *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
 # Usage scenario:
 # Execute restricted commmands using sudo.  For this to work, you need to add
-# the nagios user to your /etc/sudoers.  An example entry for alllowing
+# the nagios user to your /etc/sudoers.  An example entry for allowing
 # execution of the plugins from might be:
 #
 # nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
@ -153,6 +161,13 @@ allow_bash_command_substitution=0
 # command_prefix=/usr/bin/sudo
 # MAX COMMANDS
 # This specifies how many children processes may be spawned at any one
 # time, essentially limiting the fork()s that occur.
 # Default (0) is set to unlimited
 # max_commands=0
 # COMMAND TIMEOUT
 # This specifies the maximum number of seconds that the NRPE daemon will
@ -197,6 +212,7 @@ connection_timeout=300
 #        TLSv1.2+ (use TLSv1.2 or above)
 # If an "or above" version is used, the best will be negotiated. So if both
 # ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
 # If you are using openssl 1.1.0 or above, the SSLv2 options are not available.
 #ssl_version=SSLv2+
@ -209,10 +225,12 @@ connection_timeout=300
 # SSL CIPHER LIST
 # This lists which ciphers can be used. For backward compatibility, this
-# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
+# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' for < OpenSSL 1.1.0,
-# will be changed to something like the example below in a later version of NRPE.
+# and 'ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0' for OpenSSL 1.1.0 and
 # greater. 
 #ssl_cipher_list=ALL:!MD5:@STRENGTH
 #ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
 #ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
 # SSL Certificate and Private Key Files
@ -246,19 +264,11 @@ connection_timeout=300
-# INCLUDE CONFIG FILE
+# NASTY METACHARACTERS
-# This directive allows you to include definitions from an external config file.
+# This option allows you to override the list of characters that cannot
 # be passed to the NRPE daemon.
-#include=<somefile.cfg>
+# nasty_metachars="|`&><'\\[]{};\r\n"
 # INCLUDE CONFIG DIRECTORY
 # This directive allows you to include definitions from config files (with a
 # .cfg extension) in one or more directories (with recursion).
 #include_dir=<somedirectory>
 #include_dir=<someotherdirectory>
@ -283,9 +293,10 @@ connection_timeout=300
 # The following examples use hardcoded command arguments...
 # This is by far the most secure method of using NRPE
 command[check_users]=@pluginsdir@/check_users -w 5 -c 10
-command[check_load]=@pluginsdir@/check_load -w 15,10,5 -c 30,25,20
+command[check_load]=@pluginsdir@/check_load -r -w .15,.10,.05 -c .30,.25,.20
 command[check_hda1]=@pluginsdir@/check_disk -w 20% -c 10% -p /dev/hda1
 command[check_zombie_procs]=@pluginsdir@/check_procs -w 5 -c 10 -s Z
 command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
@ -297,7 +308,54 @@ command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
 # config file is set to '1'.  This poses a potential security risk, so
 # make sure you read the SECURITY file before doing this.
-#command[check_users]=@pluginsdir@/check_users -w $ARG1$ -c $ARG2$
+### MISC SYSTEM METRICS ###
-#command[check_load]=@pluginsdir@/check_load -w $ARG1$ -c $ARG2$
+#command[check_users]=@pluginsdir@/check_users $ARG1$
-#command[check_disk]=@pluginsdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+#command[check_load]=@pluginsdir@/check_load $ARG1$
-#command[check_procs]=@pluginsdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+#command[check_disk]=@pluginsdir@/check_disk $ARG1$
 #command[check_swap]=@pluginsdir@/check_swap $ARG1$
 #command[check_cpu_stats]=@pluginsdir@/check_cpu_stats.sh $ARG1$
 #command[check_mem]=@pluginsdir@/custom_check_mem -n $ARG1$
 ### GENERIC SERVICES ###
 #command[check_init_service]=sudo @pluginsdir@/check_init_service $ARG1$
 #command[check_services]=@pluginsdir@/check_services -p $ARG1$
 ### SYSTEM UPDATES ###
 #command[check_yum]=@pluginsdir@/check_yum
 #command[check_apt]=@pluginsdir@/check_apt
 ### PROCESSES ###
 #command[check_all_procs]=@pluginsdir@/custom_check_procs
 #command[check_procs]=@pluginsdir@/check_procs $ARG1$
 ### OPEN FILES ###
 #command[check_open_files]=@pluginsdir@/check_open_files.pl $ARG1$
 ### NETWORK CONNECTIONS ###
 #command[check_netstat]=@pluginsdir@/check_netstat.pl -p $ARG1$ $ARG2$
 ### ASTERISK ###
 #command[check_asterisk]=@pluginsdir@/check_asterisk.pl $ARG1$
 #command[check_sip]=@pluginsdir@/check_sip $ARG1$
 #command[check_asterisk_sip_peers]=sudo @pluginsdir@/check_asterisk_sip_peers.sh $ARG1$
 #command[check_asterisk_version]=@pluginsdir@/nagisk.pl -c version
 #command[check_asterisk_peers]=@pluginsdir@/nagisk.pl -c peers
 #command[check_asterisk_channels]=@pluginsdir@/nagisk.pl -c channels 
 #command[check_asterisk_zaptel]=@pluginsdir@/nagisk.pl -c zaptel 
 #command[check_asterisk_span]=@pluginsdir@/nagisk.pl -c span -s 1
 # INCLUDE CONFIG FILE
 # This directive allows you to include definitions from an external config file.
 #include=<somefile.cfg>
 # INCLUDE CONFIG DIRECTORY
 # This directive allows you to include definitions from config files (with a
 # .cfg extension) in one or more directories (with recursion).
 #include_dir=<somedirectory>
 #include_dir=<someotherdirectory>
--- a/src/Makefile.in
+++ b/src/Makefile.in
@ -1,7 +1,7 @@
 ###############################
 # Makefile for NRPE
 #
-# Last Modified: 08-13-2007
+#  NRPE Makefile
 #
 ###############################
 srcdir=@srcdir@
--- a/src/acl.c
+++ b/src/acl.c
@ -1,17 +1,20 @@
-/*-
+/****************************************************************************
 *
 * acl.c - a small library for nrpe.c. It adds IPv4 subnets support to ACL in nrpe.
 *
 * License: GPLv2
 * Copyright (c) 2011 Kaspersky Lab ZAO
 * Last Modified: 08-10-2011 by Konstantin Malov with Oleg Koreshkov's help 
 *
 * Description:
 * acl.c creates two linked lists. One is for IPv4 hosts and networks, another is for domain names.
 * All connecting hosts (if allowed_hosts is defined) are checked in these two lists.
 *
- * Some notes:
+ * acl.c creates two linked lists. One is for IPv4 hosts and networks, another 
- * 1) IPv6 isn't supported in ACL.
+ * is for domain names. All connecting hosts (if allowed_hosts is defined) 
- * 2) Only ANCII names are supported in ACL.
+ * are checked in these two lists.
 *
- * License: GPL
+ * Note:
 *  Only ANCII names are supported in ACL.
 *
 * License Notice:
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -26,9 +29,12 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
+ *
 ****************************************************************************/
 #include "../include/config.h"
 #include "../include/common.h"
 #include "../include/utils.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@ -41,12 +47,13 @@
 #include <string.h>
 #include <ctype.h>
 #include <netdb.h>
 #include <syslog.h>
 #include <stdarg.h>
 #include "../include/acl.h"
-/* This function checks if a char argumnet from valid char range.
+extern int debug;
 /* This function checks if a char argument from valid char range.
 * Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma.
 *
 * Returns:
@ -76,16 +83,12 @@ int isvalidchar(int c) {
        switch (c) {
        case '.':
                return 4;
                break;
        case '/':
                return 5;
                break;
        case '-':
                return 6;
                break;
        case ',':
                return 7;
                break;
        default:
                return 0;
        }
@ -133,6 +136,7 @@ char * acl_substring(char *string, int s, int e) {
 */
 int add_ipv4_to_acl(char *ipv4) {
        int state = 0;
        int octet = 0;
        int index = 0;  /* position in data array */
@ -142,18 +146,27 @@ int add_ipv4_to_acl(char *ipv4) {
        unsigned long ip, mask;
        struct ip_acl *ip_acl_curr;
 		if(debug == TRUE)
 			logit(LOG_INFO, "add_ipv4_to_acl: checking ip-address >%s<", ipv4);
        /* Check for min and max IPv4 valid length */
-        if (len < 7 || len > 18)
+		if (len < 7 || len > 18) {
-                return 0;
+			logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect length", ipv4);
 			return 0;
 		}
        /* default mask for ipv4 */
        data[4] = 32;
        /* Basic IPv4 format check */
        for (i = 0; i < len; i++) {
-                /* Return 0 on error state */
+			/* Return 0 on error state */
-                if (state == -1)
+			if (state == -1) {
-                        return 0;
+				if(debug == TRUE)
 					logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect "
 								"format, continue with next check ...", ipv4);
 				return 0;
 			}
                c = ipv4[i];
@ -201,6 +214,7 @@ int add_ipv4_to_acl(char *ipv4) {
                break;
        default:
                /* Bad states */
                logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< bad state", ipv4);
                return 0;
        }
@ -209,29 +223,29 @@ int add_ipv4_to_acl(char *ipv4) {
         */
        for (i=0; i < 4; i++) {
                if (data[i] < 0 || data[i] > 255) {
-                        syslog(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
+                        logit(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
                        return 0;
                }
        }
        if (data[4] < 0 || data[4] > 32) {
-                syslog(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
+                logit(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
                return 0;
        }
-        /* Conver ip and mask to unsigned long */
+        /* Convert ip and mask to unsigned long */
        ip = htonl((data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3]);
        mask =  htonl(-1 << (32 - data[4]));
        /* Wrong network address */
        if ( (ip & mask) != ip) {
-                syslog(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
+                logit(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
                return 0;
        }
        /* Add addr to ip_acl list */
        if ( (ip_acl_curr = malloc(sizeof(*ip_acl_curr))) == NULL) {
-                syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
+                logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
                return 0;
        }
@ -247,6 +261,10 @@ int add_ipv4_to_acl(char *ipv4) {
                ip_acl_prev->next = ip_acl_curr;
        }
        ip_acl_prev = ip_acl_curr;
        if(debug == TRUE)
          logit(LOG_INFO, "add_ipv4_to_acl: ip-address >%s< correct, adding.", ipv4);
        return 1;
 }
@ -271,7 +289,7 @@ int add_ipv6_to_acl(char *ipv6) {
 		messages if needed */
 	ipv6tmp = strdup(ipv6);
 	if(NULL == ipv6tmp) {
-		syslog(LOG_ERR, "Memory allocation failed for copy of address: %s\n", 
+		logit(LOG_ERR, "Memory allocation failed for copy of address: %s\n", 
 				ipv6);
 		return 0;
 		}
@ -327,7 +345,7 @@ int add_ipv6_to_acl(char *ipv6) {
 	/* Add address to ip_acl list */
 	ip_acl_curr = malloc(sizeof(*ip_acl_curr));
 	if(NULL == ip_acl_curr) {
-		syslog(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
+		logit(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
 		return 0;
 		}
@ -387,8 +405,12 @@ int add_domain_to_acl(char *domain) {
        struct dns_acl *dns_acl_curr;
-        if (len > 63)
+        if (len > 63) {
                logit(LOG_INFO,
 					   "ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, too long!",
 					   domain);
                return 0;
        }
        for (i = 0; i < len; i++) {
                c = domain[i];
@ -426,7 +448,10 @@ int add_domain_to_acl(char *domain) {
                        }
                        break;
                default:
-                        /* Not valid chars */
+                        logit(LOG_INFO,
 							   "ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, "
 								"invalid chars!", domain);
 					/* Not valid chars */
                        return 0;
                }
        }
@ -436,7 +461,7 @@ int add_domain_to_acl(char *domain) {
        case 1: case 4: case 5:
                /* Add name to domain ACL list */
                if ( (dns_acl_curr = malloc(sizeof(*dns_acl_curr))) == NULL) {
-                        syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
+                        logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
                        return 0;
                }
                strcpy(dns_acl_curr->domain, domain);
@ -448,13 +473,18 @@ int add_domain_to_acl(char *domain) {
                        dns_acl_prev->next = dns_acl_curr;
                dns_acl_prev = dns_acl_curr;
                if(debug == TRUE)
                     logit(LOG_INFO, "ADD_DOMAIN_TO_ACL: added >%s< to acl list!", domain);
                return 1;
        default:
                logit(LOG_INFO,
 					   "ADD_DOMAIN_TO_ACL: ERROR, did not add >%s< to acl list, "
 						"check allowed_host in config file!", domain);
                return 0;
        }
 }
-/* Checks connectiong host in ACL
+/* Checks connection host in ACL
 *
 * Returns:
 * 1 - on success
@ -470,14 +500,23 @@ int is_an_allowed_host(int family, void *host)
 	struct sockaddr_in	*addr;
 	struct sockaddr_in6	addr6;
 	struct addrinfo		*res, *ai;
 	struct in_addr		tmp;
 	while (ip_acl_curr != NULL) {
 		if(ip_acl_curr->family == family) {
 			switch(ip_acl_curr->family) {
 			case AF_INET:
 				if (debug == TRUE) {
 					tmp.s_addr = ((struct in_addr*)host)->s_addr;
 					logit(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
 							"an allowed host >%s<\n",
 						 inet_ntoa(tmp), inet_ntoa(ip_acl_curr->addr));
 				}
 				if((((struct in_addr *)host)->s_addr & 
 						ip_acl_curr->mask.s_addr) == 
 						ip_acl_curr->addr.s_addr) {
 					if (debug == TRUE)
 						logit(LOG_INFO, "is_an_allowed_host (AF_INET): host is in allowed host list!");
 					return 1;
 					}
 				break;
@ -509,9 +548,20 @@ int is_an_allowed_host(int family, void *host)
 				switch(ai->ai_family) {
 				case AF_INET:
 					if(debug == TRUE) {
 						tmp.s_addr=((struct in_addr *)host)->s_addr;
 						logit(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
 								"an allowed host >%s<\n",
 							 inet_ntoa(tmp), dns_acl_curr->domain);
 					}
 					addr = (struct sockaddr_in*)(ai->ai_addr);
-					if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr)
+					if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr) {
 						if (debug == TRUE)
 							logit(LOG_INFO, "is_an_allowed_host (AF_INET): "
 									"host is in allowed host list!");
 						return 1;
 					}
 					break;
 				case AF_INET6:
@ -521,9 +571,9 @@ int is_an_allowed_host(int family, void *host)
 					break;
 				}
 			}
 			dns_acl_curr = dns_acl_curr->next;
 		}
 		dns_acl_curr = dns_acl_curr->next;
 	}
 	return 0;
 }
@ -558,20 +608,49 @@ void parse_allowed_hosts(char *allowed_hosts) {
 	char *tok;
 	const char *delim = ",";
 	char *trimmed_tok;
    int add_to_acl = 0;
 	if (debug == TRUE)
 		logit(LOG_INFO,
 			 "parse_allowed_hosts: parsing the allowed host string >%s< to add to ACL list\n",
 			 allowed_hosts);
 #ifdef HAVE_STRTOK_R
 	tok = strtok_r(hosts, delim, &saveptr);
 #else
 	if (debug == TRUE)
 		logit(LOG_INFO,"parse_allowed_hosts: using strtok, this might lead to "
 				"problems in the allowed_hosts string determination!\n");
 	tok = strtok(hosts, delim);
 #endif
 	while( tok) {
-		trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
+		trimmed_tok = malloc(sizeof(char) * (strlen(tok) + 1));
-		trim( tok, trimmed_tok);
+		trim(tok, trimmed_tok);
-		if( strlen( trimmed_tok) > 0) {
+		if (debug == TRUE)
-			if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok) 
+			logit(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
-					&& !add_domain_to_acl(trimmed_tok)) {
+		if (strlen(trimmed_tok) > 0) {
-				syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
+
-			}
+            /* lets check the type of the address before we try and add it to the acl */
            if (strchr(trimmed_tok, ':') != NULL) {
                /* its an ipv6 address */
                add_to_acl = add_ipv6_to_acl(trimmed_tok);
            } else {
                /* its either a fqdn or an ipv4 address
                   unfortunately, i don't want to re-invent the wheel here
                   the logic exists inside of add_ipv4_to_acl() to detect
                   whether or not it is a ip or not */
                add_to_acl = add_ipv4_to_acl(trimmed_tok);
            }
            /* but we only try to add it to a domain if the other tests have failed */
            if (!add_to_acl && !add_domain_to_acl(trimmed_tok)) {
 				logit(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
 			} else if (debug == TRUE)    
 				logit(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
 		}
 		free( trimmed_tok);
 #ifdef HAVE_STRTOK_R
@ -606,17 +685,21 @@ unsigned int prefix_from_mask(struct in_addr mask) {
 * It shows all hosts in ACL lists
 */
-void show_acl_lists(void) {
+void show_acl_lists(void)
-        struct ip_acl *ip_acl_curr = ip_acl_head;
+{
-        struct dns_acl *dns_acl_curr = dns_acl_head;
+	struct ip_acl *ip_acl_curr = ip_acl_head;
 	struct dns_acl *dns_acl_curr = dns_acl_head;
-        while (ip_acl_curr != NULL) {
+	logit(LOG_INFO, "Showing ACL lists for both IP and DOMAIN acl's:\n" );
                printf(" IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
                ip_acl_curr = ip_acl_curr->next;
        }
-        while (dns_acl_curr != NULL) {
+	while (ip_acl_curr != NULL) {
-                printf("DNS ACL: %s\n", dns_acl_curr->domain);
+		logit(LOG_INFO, "   IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr),
-                dns_acl_curr = dns_acl_curr->next;
+			 prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
-        }
+		ip_acl_curr = ip_acl_curr->next;
 	}
 	while (dns_acl_curr != NULL) {
 		logit(LOG_INFO, "  DNS ACL: %s\n", dns_acl_curr->domain);
 		dns_acl_curr = dns_acl_curr->next;
 	}
 }
--- a/src/check_nrpe.c
+++ b/src/check_nrpe.c
--- a/src/nrpe.c
+++ b/src/nrpe.c
--- a/src/snprintf.c
+++ b/src/snprintf.c
@ -77,7 +77,7 @@
 * Fix incorrect zpadlen handling in fmtfp.
 * Thanks to Ollie Oldham <ollie.oldham@metro-optix.com> for spotting it.
 * few mods to make it easier to compile the tests.
- * addedd the "Ollie" test to the floating point ones.
+ * added the "Ollie" test to the floating point ones.
 *
 * Martin Pool (mbp@samba.org) April 2003
 *    Remove NO_CONFIG_H so that the test case can be built within a source
@ -847,7 +847,7 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
 		spadlen = 0;
 	}
 	if (flags & DP_F_MINUS) 
-		spadlen = -spadlen; /* Left Justifty */
+		spadlen = -spadlen; /* Left Justify */
 #ifdef DEBUG_SNPRINTF
 	printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
@ -1055,7 +1055,7 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
 	if (padlen < 0) 
 		padlen = 0;
 	if (flags & DP_F_MINUS) 
-		padlen = -padlen; /* Left Justifty */
+		padlen = -padlen; /* Left Justify */
 	if ((flags & DP_F_ZERO) && (padlen > 0)) {
 		if (signvalue) {
--- a/src/utils.c
+++ b/src/utils.c
@ -1,17 +1,16 @@
 /****************************************************************************
 *
- * UTILS.C - NRPE Utility Functions
+ * utils.c - NRPE Utility Functions
 *
- * License: GPL
+ * License: GPLv2
- * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
+ * Copyright (c) 2009-2017 Nagios Enterprises
- *
+ *               1999-2008 Ethan Galstad (nagios@nagios.org)
 * Last Modified: 12-11-2006
 *
 * Description:
 *
 * This file contains common network functions used in nrpe and check_nrpe.
 *
- * License Information:
+ * License Notice:
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -31,10 +30,17 @@
 #include "../include/common.h"
 #include "../include/utils.h"
 #include <stdarg.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
 #endif
 #ifndef HAVE_ASPRINTF
 extern int asprintf(char **ptr, const char *format, ...);
 #endif
 #ifndef HAVE_VASPRINTF
 extern int vasprintf(char **ptr, const char *format, va_list ap);
 #endif
 #ifndef NI_MAXSERV
 # define NI_MAXSERV 32
@ -48,7 +54,10 @@ extern char **environ;
 static unsigned long crc32_table[256];
-static int my_create_socket(struct addrinfo *ai, const char *bind_address);
+char *log_file = NULL;
 FILE *log_fp = NULL;
 static int my_create_socket(struct addrinfo *ai, const char *bind_address, int redirect_stderr);
 /* build the crc table - must be called before calculating the crc value */
@ -124,10 +133,10 @@ void randomize_buffer(char *buffer, int buffer_size)
 /* opens a connection to a remote host */
 #ifdef HAVE_STRUCT_SOCKADDR_STORAGE
 int my_connect(const char *host, struct sockaddr_storage *hostaddr, u_short port,
-			   int address_family, const char *bind_address)
+			   int address_family, const char *bind_address, int redirect_stderr)
 #else
 int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
-			   int address_family, const char *bind_address)
+			   int address_family, const char *bind_address, int redirect_stderr)
 #endif
 {
 	struct addrinfo hints, *ai, *aitop;
@ -135,12 +144,16 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
 	int gaierr;
 	int sock = -1;
 	FILE *output = stderr;
 	if (redirect_stderr)
 		output = stdout;
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = address_family;
 	hints.ai_socktype = SOCK_STREAM;
 	snprintf(strport, sizeof strport, "%u", port);
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
-		fprintf(stderr, "Could not resolve hostname %.100s: %s\n", host, gai_strerror(gaierr));
+		fprintf(output, "Could not resolve hostname %.100s: %s\n", host, gai_strerror(gaierr));
 		exit(1);
 	}
@ -153,12 +166,12 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
 			continue;
 		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
 						strport, sizeof(strport), NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
-			fprintf(stderr, "my_connect: getnameinfo failed\n");
+			fprintf(output, "my_connect: getnameinfo failed\n");
 			continue;
 		}
 		/* Create a socket for connecting. */
-		sock = my_create_socket(ai, bind_address);
+		sock = my_create_socket(ai, bind_address, redirect_stderr);
 		if (sock < 0)
 			continue;			/* Any error is already output */
@ -167,7 +180,7 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
 			memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
 			break;
 		} else {
-			fprintf(stderr, "connect to address %s port %s: %s\n", ntop, strport,
+			fprintf(output, "connect to address %s port %s: %s\n", ntop, strport,
 					strerror(errno));
 			close(sock);
 			sock = -1;
@ -178,21 +191,25 @@ int my_connect(const char *host, struct sockaddr *hostaddr, u_short port,
 	/* Return failure if we didn't get a successful connection. */
 	if (sock == -1) {
-		fprintf(stderr, "connect to host %s port %s: %s\n", host, strport, strerror(errno));
+		fprintf(output, "connect to host %s port %s: %s\n", host, strport, strerror(errno));
 		return -1;
 	}
 	return sock;
 }
 /* Creates a socket for the connection. */
-int my_create_socket(struct addrinfo *ai, const char *bind_address)
+int my_create_socket(struct addrinfo *ai, const char *bind_address, int redirect_stderr)
 {
 	int sock, gaierr;
 	struct addrinfo hints, *res;
 	FILE *output = stderr;
 	if (redirect_stderr)
 		output = stdout;
 	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
 	if (sock < 0)
-		fprintf(stderr, "socket: %.100s\n", strerror(errno));
+		fprintf(output, "socket: %.100s\n", strerror(errno));
 	/* Bind the socket to an alternative local IP address */
 	if (bind_address == NULL)
@ -205,12 +222,12 @@ int my_create_socket(struct addrinfo *ai, const char *bind_address)
 	hints.ai_flags = AI_PASSIVE;
 	gaierr = getaddrinfo(bind_address, NULL, &hints, &res);
 	if (gaierr) {
-		fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address, gai_strerror(gaierr));
+		fprintf(output, "getaddrinfo: %s: %s\n", bind_address, gai_strerror(gaierr));
 		close(sock);
 		return -1;
 	}
 	if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
-		fprintf(stderr, "bind: %s: %s\n", bind_address, strerror(errno));
+		fprintf(output, "bind: %s: %s\n", bind_address, strerror(errno));
 		close(sock);
 		freeaddrinfo(res);
 		return -1;
@ -231,7 +248,7 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *a
 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
 	snprintf(strport, sizeof strport, "%d", port);
 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
-		syslog(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
+		logit(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
 			   gai_strerror(gaierr));
 		exit(1);
 	}
@ -242,7 +259,7 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *a
 int clean_environ(const char *keep_env_vars, const char *nrpe_user)
 {
-#ifdef HAVE_PATHS_H
+#if defined(HAVE_PATHS_H) && defined(_PATH_STDPATH)
 	static char	*path = _PATH_STDPATH;
 #else
 	static char	*path = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin";
@ -257,7 +274,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
 	else
 		asprintf(&keep, "NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION");
 	if (keep == NULL) {
-		syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
+		logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
 		return ERROR;
 	}
@ -269,7 +286,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
 	}
 	if ((kept = calloc(keepcnt + 1, sizeof(char *))) == NULL) {
-		syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
+		logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
 		return ERROR;
 	}
 	for (i = 0, var = my_strsep(&keep, ","); var != NULL; var = my_strsep(&keep, ","))
@ -283,7 +300,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
 			free(keep);
 			free(kept);
 			free(var);
-			syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
+			logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
 			return ERROR;
 		}
 		if (len >= var_sz) {
@ -309,16 +326,34 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
 	free(keep);
 	free(kept);
-	pw = (struct passwd *)getpwnam(nrpe_user);
+
-	if (pw == NULL)
+	char * user = NULL;
 	if (nrpe_user != NULL) {
 		user = strdup(nrpe_user);
 		pw = (struct passwd *)getpwnam(nrpe_user);
 	}
 	if (nrpe_user == NULL || pw == NULL) {
 		pw = (struct passwd *)getpwuid(getuid());
 		if (pw != NULL) {
 			user = strdup(pw->pw_name);
 		}
 	}
 	if (pw == NULL) {
 		free(user);
 		return OK;
 	}
 	setenv("PATH", path, 1);
 	setenv("IFS", " \t\n", 1);
 	setenv("LOGNAME", user, 0);
 	setenv("USER", user, 0);
 	setenv("HOME", pw->pw_dir, 0);
 	setenv("SHELL", pw->pw_shell, 0);
-	setenv("LOGNAME", nrpe_user, 0);
+
-	setenv("USER", nrpe_user, 0);
+	free(user);
 	return OK;
 }
@ -450,53 +485,87 @@ char *my_strsep(char **stringp, const char *delim)
 	return begin;
 }
-int b64_decode(unsigned char *encoded)
+void open_log_file()
 {
-	static const char *b64 = {
+	int fh;
-		"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+	int flags = O_RDWR|O_APPEND|O_CREAT;
-	};
+	struct stat st;
 	int i, j, l, padding = 0;
 	unsigned char c[4], *outp = encoded;
-	union {
+	close_log_file();
 		unsigned c3;
 		struct {
 			unsigned f1:6;
 			unsigned f2:6;
 			unsigned f3:6;
 			unsigned f4:6;
 		} fields;
 	} enc;
-	enc.c3 = 0;
+	if (!log_file)
-	l = strlen((char *)encoded);
+		return;
-	for (i = 0; i < l; i += 4) {
+
-		for (j = 0; j < 4; ++j) {
+#ifdef O_NOFOLLOW
-			if (encoded[i + j] == '=') {
+	flags |= O_NOFOLLOW;
-				c[j] = 0;
+#endif
-				++padding;
+	if ((fh = open(log_file, flags, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
-			} else if (encoded[i + j] >= 'A' && encoded[i + j] <= 'Z')
+		printf("Warning: Cannot open log file '%s' for writing\n", log_file);
-				c[j] = encoded[i + j] - 'A';
+		logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
-			else if (encoded[i + j] >= 'a' && encoded[i + j] <= 'z')
+		return;
 				c[j] = encoded[i + j] - 'a' + 26;
 			else if (encoded[i + j] >= '0' && encoded[i + j] <= '9')
 				c[j] = encoded[i + j] - '0' + 52;
 			else if (encoded[i + j] == '+')
 				c[j] = encoded[i + j] - '+' + 62;
 			else
 				c[j] = encoded[i + j] - '/' + 63;
 		}
 		enc.fields.f1 = c[3];
 		enc.fields.f2 = c[2];
 		enc.fields.f3 = c[1];
 		enc.fields.f4 = c[0];
 		*outp++ = (enc.c3 >> 16) & 0xff;
 		*outp++ = (enc.c3 >> 8) & 0xff;
 		*outp++ = (enc.c3) & 0xff;
 	}
-	*outp = '\0';
+	log_fp = fdopen(fh, "a+");
 	if(log_fp == NULL) {
 		printf("Warning: Cannot open log file '%s' for writing\n", log_file);
 		logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
 		return;
 		}
-	return outp - encoded - padding;
+	if ((fstat(fh, &st)) == -1) {
 		log_fp = NULL;
 		close(fh);
 		printf("Warning: Cannot fstat log file '%s'\n", log_file);
 		logit(LOG_WARNING, "Warning: Cannot fstat log file '%s'", log_file);
 		return;
 	}
 	if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) {
 		log_fp = NULL;
 		close(fh);
 		printf("Warning: log file '%s' has an invalid mode\n", log_file);
 		logit(LOG_WARNING, "Warning: log file '%s' has an invalid mode", log_file);
 		return;
 	}
 	(void)fcntl(fileno(log_fp), F_SETFD, FD_CLOEXEC);
 }
 void logit(int priority, const char *format, ...)
 {
 	time_t	log_time = 0L;
 	va_list	ap;
 	char	*buffer = NULL;
 	if (!format || !*format)
 		return;
 	va_start(ap, format);
 	if(vasprintf(&buffer, format, ap) > 0) {
 		if (log_fp) {
 			time(&log_time);
 			/* strip any newlines from the end of the buffer */
 			strip(buffer);
 			/* write the buffer to the log file */
 			fprintf(log_fp, "[%llu] %s\n", (unsigned long long)log_time, buffer);
 			fflush(log_fp);
 		} else
 			syslog(priority, "%s", buffer);
 		free(buffer);
 	}
 	va_end(ap);
 }
 void close_log_file()
 {
 	if(!log_fp)
 		return;
 	fflush(log_fp);
 	fclose(log_fp);
 	log_fp = NULL;
 	return;
 }
 /* show license */
--- a/startup/default-service.in
+++ b/startup/default-service.in
@ -1,5 +1,5 @@
 [Unit]
-Description=Nagios Remote Program Executor
+Description=Nagios Remote Plugin Executor
 Documentation=http://www.nagios.org/documentation
 After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target
 Before=getty@tty1.service plymouth-quit.service xdm.service
@ -15,6 +15,7 @@ PIDFile=@piddir@/nrpe.pid
 RuntimeDirectory=nrpe
 RuntimeDirectoryMode=0755
 ExecStart=@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f
 ExecReload=/bin/kill -HUP $MAINPID
 ExecStopPost=/bin/rm -f @piddir@/nrpe.pid
 TimeoutStopSec=60
 User=@nrpe_user@
--- a/startup/default-socket-svc.in
+++ b/startup/default-socket-svc.in
@ -1,5 +1,5 @@
 [Unit]
-Description=Nagios Remote Program Executor
+Description=Nagios Remote Plugin Executor
 Documentation=http://www.nagios.org/documentation
 After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target
--- a/startup/default-socket.in
+++ b/startup/default-socket.in
@ -1,5 +1,5 @@
 [Unit]
-Description=Nagios Remote Program Executor
+Description=Nagios Remote Plugin Executor
 Documentation=http://www.nagios.org/documentation
 Before=nrpe.service
 Conflicts=nrpe.service
--- a/startup/default-xinetd.in
+++ b/startup/default-xinetd.in
@ -11,5 +11,5 @@ service nrpe
    server          = @sbindir@/nrpe
    server_args     = -c @pkgsysconfdir@/nrpe.cfg --inetd
    only_from       = 127.0.0.1
-    log_on_failure  += USERID
+    log_on_success  = 
 }
--- a/startup/gentoo-init.in
+++ b/startup/gentoo-init.in
@ -0,0 +1,49 @@
 #!/sbin/openrc-run
 #
 # Copyright (c) 2016 Nagios(R) Core(TM) Development Team
 #
 # Start/stop the nrpe daemon.
 #
 # Goes in /etc/init.d - Config is in /etc/conf.d/nrpe
 extra_started_commands="reload"
 NRPE_BIN="@sbindir@/nrpe"
 NRPE_PID="@piddir@/nrpe.pid"
 NRPE_CFG=@pkgsysconfdir@/nrpe.cfg
 depend() {
 	use logger dns net localmount netmount nfsmount
 }
 checkconfig() {
 	# Make sure the config file exists
 	if [ ! -f $NRPE_CFG ]; then
 		eerror "You need to setup $NRPE_CFG."
 		return 1
 	fi
 	return 0
 }
 start() {
 	checkconfig || return 1
 	ebegin "Starting nrpe"
 	# Make sure we have a sane current directory
 	cd /
 	start-stop-daemon --start --exec $NRPE_BIN --pidfile $NRPE_PID \
 		--background -- -c $NRPE_CFG -f $NRPE_OPTS
 	eend $?
 }
 stop() {
 	ebegin "Stopping nrpe"
 	start-stop-daemon --stop --exec $NRPE_BIN --pidfile $NRPE_PID
 	eend $?
 }
 reload() {
 	ebegin "Reloading nrpe"
 	start-stop-daemon --stop --oknodo --exec $NRPE_BIN \
 		--pidfile $NRPE_PID --signal HUP
 	eend $?
 }
--- a/startup/openrc-conf.in
+++ b/startup/openrc-conf.in
@ -1,7 +1,7 @@
 # /etc/conf.d/nrpe : config file for /etc/init.d/nrpe
-# Configuration file - default is @sysconfdir@/nrpe.cfg
+# The configuration file to use.
-NRPE_CFG="@pgksysconfdir@/nrpe.cfg"
+NRPE_CFG="@sysconfdir@/nrpe.cfg"
-# Any additional nrpe options (-n -4 -6)
+# Any additional options (e.g. -n -4 -6) to pass to the nrpe daemon.
 NRPE_OPTS=""
--- a/startup/openrc-init.in
+++ b/startup/openrc-init.in
@ -1,49 +1,17 @@
-#!/sbin/runscript
+#!/sbin/openrc-run
 #
-# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
+# Copyright (c) 2017 Nagios(R) Core(TM) Development Team
 #
 # Start/stop the nrpe daemon.
 #
 # Goes in /etc/init.d - Config is in /etc/conf.d/nrpe
-opts="reload"
+command="@sbindir@/nrpe"
-# extra_started_commands="reload"		use this if OpenRC >= 0.9.4
+command_args="--config=${NRPE_CFG} ${NRPE_OPTS}"
-
+command_args_background="--daemon"
-NRPE_BIN="@sbindir@/nrpe"
+description="Nagios Remote Plugin Executor (NRPE) daemon"
-NRPE_PID="@piddir@/nrpe.pid"
+extra_started_commands="reload"
-
+pidfile="@piddir@/nrpe.pid"
 depend() {
 	use logger dns net localmount netmount nfsmount
 }
 checkconfig() {
 	# Make sure the config file exists
 	if [ ! -f $NRPE_CFG ]; then
 		eerror "You need to setup $NRPE_CFG.
 		return 1
 	fi
 	return 0
 }
 start() {
 	checkconfig || return 1
 	ebegin "Starting nrpe"
 	# Make sure we have a sane current directory
 	cd /
 	start-stop-daemon --start --exec $NRPE_BIN --pidfile $PID_FILE \
 		-- -c $NRPE_CFG -f $NRPE_OPTS
 	eend $?
 }
 stop() {
 	ebegin "Stopping nrpe"
 	start-stop-daemon --stop --exec $NRPE_BIN --pidfile $PID_FILE
 	eend $?
 }
 reload() {
-	ebegin "Reloading nrpe"
+    ebegin "Reloading ${SVCNAME}"
-	start-stop-daemon --stop --oknodo --exec $NRPE_BIN \
+    start-stop-daemon --signal HUP --pidfile "${pidfile}"
-		--pidfile $PID_FILE --signal HUP
+    eend $?
 	eend $?
 }
--- a/3
+++ b/3
@ -0,0 +1,3 @@
 #!/bin/bash
 # Replace this once test is working properly.
 ./travis-test-1
--- a/34
+++ b/34
@ -0,0 +1,34 @@
 #!/bin/bash
 # Integration test for nrpe/check_nrpe
 # Should be run only on machines which do NOT have Nagios installed 
 # and which do not have an enabled firewall.
 cd sample-config
 echo >> nrpe.cfg # Hopefully this is a newline! I think nrpe.cfg ends in a newling anyways.
 echo 'command[check_test]=/tmp/check_yes.sh' >> nrpe.cfg
 # Make sure the directory exists such that nrpe can create the nrpe.pid file in the default location
 mkdir /usr/ || true
 mkdir /usr/local || true
 mkdir /usr/local/nagios || true
 mkdir /usr/local/nagios/var || true
 # Make sure nagios user exists
 useradd nagios
 # Make a plugin
 touch /tmp/check_yes.sh
 echo 'echo OK' >> /tmp/check_yes.sh
 # Give nagios control of plugins
 chown nagios /tmp/check_yes.sh
 chmod +x /tmp/check_yes.sh
 # Start running the NRPE daemon to accept commands
 cd ../src
 ./nrpe -c ../sample-config/nrpe.cfg -d
 # Try to check_nrpe with our check_test command/check_yes.sh plugin
 ./check_nrpe -H 127.0.0.1 -c check_test
 exit 0
--- a/18
+++ b/18
@ -20,18 +20,18 @@ fi
 # Get date (two formats)
 if [ -n "$2" ]; then
-    LONGDATE=`date -d "$2" "+%B %d, %Y"`
+    LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
-    SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
+    SHORTDATE=$(date -u -d "$2" "+%Y-%m-%d")
 else
-    LONGDATE=`date "+%B %d, %Y"`
+    LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
-    SHORTDATE=`date "+%m-%d-%Y"`
+    SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%Y-%m-%d")
 fi
 # Current version number
-CURRENTVERSION=3.0.1
+CURRENTVERSION=3.2.1
 # Last date
-LASTDATE=09-08-2016
+LASTDATE=2017-09-01
 if [ "x$1" = "x" ]
 then
@ -41,6 +41,8 @@ then
        echo "update version number and modification date in files."
        echo "Use the \"newdate\" argument if you want to keep the current version"
        echo "number and just update the modification date."
        echo "When using \"newdate\" you can specify the release date with"
        echo "a second argument in the form of YYYY-MM-DD."
        echo ""
        echo "Current version=$CURRENTVERSION"
        echo "Current Modification date=$LASTDATE"
@ -73,8 +75,8 @@ perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.ac
 autoconf
 # Update RPM spec file with version number
-perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec
+perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec.in
-perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec
+perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec.in
 # Update this file with version number and last date
 perl -i -p -e "s/^CURRENTVERSION=.*/CURRENTVERSION=$newversion/;" update-version
Author	SHA1	Message	Date
Mario Fetka	9ab8e494a0	Bump	2021-07-18 12:12:52 +02:00
Mario Fetka	5cdd3d1081	no need for reproduciable builds	2018-01-10 10:48:31 +01:00
Mario Fetka	26cb5d1fed	bump to new debain package	2018-01-10 10:38:38 +01:00
Bas Couwenberg	95cae8cb0c	Imported Debian patch 3.2.1-1	2018-01-10 10:34:09 +01:00
Mario Fetka	4a36dbfc28	Bump	2017-11-02 09:57:26 +01:00
Mario Fetka	51eff1c12c	Merge tag 'upstream/3.2.1' Upstream version 3.2.1	2017-11-02 09:55:49 +01:00
Mario Fetka	52cbd1b45f	Imported Upstream version 3.2.1	2017-11-02 09:55:48 +01:00
Mario Fetka	e20eb31ef8	disable private temp	2017-06-22 16:50:52 +02:00
Mario Fetka	5917779ec3	disable bash subst	2017-06-20 12:30:50 +02:00
Mario Fetka	cf102d153f	Bump	2017-06-20 10:43:29 +02:00
Mario Fetka	a7b50a72fe	Bump	2017-06-20 10:42:04 +02:00
Mario Fetka	02b430a86c	Imported Upstream version 3.1.1	2017-06-20 10:37:07 +02:00
Bas Couwenberg	4fa3978984	Imported Debian patch 3.1.1-1	2017-06-20 10:37:07 +02:00
Mario Fetka	006f9bb7a7	repro	2017-05-15 18:15:06 +02:00
Mario Fetka	0c237de993	no need for reproduciable builds	2017-05-15 17:44:13 +02:00
Mario Fetka	e08d40390d	Imported Upstream version 3.1.0	2017-05-13 13:05:54 +02:00
Mario Fetka	3329da6517	make compatible with wheezy	2017-05-04 12:11:39 +02:00
Mario Fetka	a8ad76cab8	activate commadn args	2017-05-04 11:55:17 +02:00