Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nrpe for openSUSE:Factory checked in at 2024-02-09 23:54:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nrpe (Old) and /work/SRC/openSUSE:Factory/.nrpe.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nrpe" Fri Feb 9 23:54:26 2024 rev:19 rq:1145416 version:4.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/nrpe/nrpe.changes 2023-11-16 20:30:00.915585155 +0100 +++ /work/SRC/openSUSE:Factory/.nrpe.new.1815/nrpe.changes 2024-02-09 23:54:48.148331379 +0100 @@ -1,0 +2,29 @@ +Tue Feb 6 15:54:05 UTC 2024 - Lars Vogdt <[email protected]> + +- update to 4.1.0 + ENHANCEMENTS + + Add support for OpenSSL 3 (and EL9/Debian 11/Ubuntu 22) + + Allow tcpd/libwrap to be excluded from build when present on the system + + Allow loading of full certificate chains + + Change -u (connection issues return UNKNOWN) to include all SSL-layer failures. + + Disable renegotiation and enforce server cipher order when using SSL + + Verify that private keys match certificates when using SSL + FIXES + + Fixed incorrect default for nasty_metachars in nrpe.cfg + + Fixed incorrect help text for --use-adh + + Fixed potential out-of-bound read when used with IPv6 +- use system-user-nagios package to create the neccessary + user and group +- remove macros for old, unsupported SUSE versions +- refresh patches: + + nrpe-implicit_declaration.patch + + nrpe-static_dh_parameters.patch + + nrpe-4.0.4-silence_wrong_package_version_messages.patch +- remove patches: + + nrpe-disable-chkconfig_in_Makefile.patch (obsolete) + + nrpe-improved_help.patch (fixed upstream) + + nrpe_check_control.patch (better fix inside the spec file + and use existing nagios macros) +- remove obsolete nrpe-rpmlintrc + +------------------------------------------------------------------- Old: ---- nrpe-4.0.3.tar.bz2 nrpe-disable-chkconfig_in_Makefile.patch nrpe-improved_help.patch nrpe-rpmlintrc nrpe_check_control.patch New: ---- nrpe-4.1.0.tar.xz BETA DEBUG BEGIN: Old:- remove patches: + nrpe-disable-chkconfig_in_Makefile.patch (obsolete) + nrpe-improved_help.patch (fixed upstream) Old: + nrpe-disable-chkconfig_in_Makefile.patch (obsolete) + nrpe-improved_help.patch (fixed upstream) + nrpe_check_control.patch (better fix inside the spec file Old: + nrpe-improved_help.patch (fixed upstream) + nrpe_check_control.patch (better fix inside the spec file and use existing nagios macros) BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nrpe.spec ++++++ --- /var/tmp/diff_new_pack.2hNq7u/_old 2024-02-09 23:54:48.940359919 +0100 +++ /var/tmp/diff_new_pack.2hNq7u/_new 2024-02-09 23:54:48.944360064 +0100 @@ -1,7 +1,7 @@ # # spec file for package nrpe # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,6 +18,7 @@ %define nnmmsg logger -t %{name}/rpm %define nrpeport 5666 + %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run %endif @@ -37,16 +38,16 @@ %else %bcond_with reproducable %endif + Name: nrpe -Version: 4.0.3 +Version: 4.1.0 Release: 0 Summary: Nagios Remote Plug-In Executor License: GPL-2.0-or-later Group: System/Monitoring URL: http://www.nagios.org/ -Source0: nrpe-%{version}.tar.bz2 +Source0: %{name}-%{version}.tar.xz Source1: nrpe.init -Source2: nrpe-rpmlintrc Source3: nrpe-SuSEfirewall2 Source4: nrpe.8 Source5: check_nrpe.cfg @@ -55,19 +56,14 @@ Source12: usr.sbin.nrpe Source13: nrpe.xml Source14: nrpe-dh.h -# PATCH-FIX-UPSTREAM improve help output of nrpe and check_nrpe -Patch2: nrpe-improved_help.patch -# PATCH-FIX-openSUSE fix pathnames for nrpe_check_control command -Patch4: nrpe_check_control.patch +# PATCH-FIX-UPSTREAM this fills up the logs on the clients without real need +Patch1: nrpe-4.0.4-silence_wrong_package_version_messages.patch # PATCH-FIX-UPSTREAM using implicit definitions of functions -Patch5: nrpe-implicit_declaration.patch +Patch2: nrpe-implicit_declaration.patch # PATCH-FIX-openSUSE patch used to NOT re-calculate dh.h parameters (for reproducable builds) -Patch6: nrpe-static_dh_parameters.patch -# PATCH-FIX-openSUSE disable chkconfig call in Makefile -Patch7: nrpe-disable-chkconfig_in_Makefile.patch -# PATCH-FIX-UPSTREAM this fills up the logs on the clients without real need -Patch8: nrpe-4.0.4-silence_wrong_package_version_messages.patch +Patch3: nrpe-static_dh_parameters.patch BuildRequires: nagios-rpm-macros +Requires(pre): system-user-nagios Requires(pre): grep Requires(pre): sed Provides: nagios-nrpe = %{version} @@ -81,12 +77,6 @@ %else Requires(pre): %{_bindir}/logger %endif -%if 0%{?suse_version} > 1130 -%if 0%{?suse_version} <= 1230 -Requires(pre): sysvinit(network) -Requires(pre): sysvinit(syslog) -%endif -%endif BuildRequires: krb5-devel %if 0%{?suse_version} Requires(pre): netcfg @@ -124,9 +114,7 @@ Group: Documentation/Other Provides: nagios-nrpe-doc = %{version} Obsoletes: nagios-nrpe-doc < 2.14 -%if 0%{?suse_version} >= 1230 BuildArch: noarch -%endif %description doc This package contains the README files, OpenOffice and PDF @@ -139,9 +127,8 @@ Obsoletes: nagios-nrpe-server < 2.14 Provides: nagios-plugins-nrpe = %{version}-%{release} Obsoletes: nagios-plugins-nrpe < 2.15-%{release} -%if 0%{?suse_version} > 1020 +Requires(pre): system-user-nagios Recommends: monitoring_daemon -%endif %description -n monitoring-plugins-nrpe This package contains the plugin for the host runing the Nagios @@ -155,22 +142,35 @@ execution on the remote host for its own output and return code. %prep -%setup -q -n %{name}-%{version} +%autosetup -N + +%if 0%{?suse_version} < 01500 +%patch1 -p1 %patch2 -p1 -%patch4 -p1 -%patch5 -p1 %if %{with reproducable} -%patch6 -p1 +%patch3 -p1 +install -m644 %{SOURCE14} include/dh.h +%endif +%else +%if %{with reproducable} +%autopatch -p1 install -m644 %{SOURCE14} include/dh.h +%else +%autopatch -p1 1 2 +%endif %endif -%patch7 -p1 -%patch8 -p1 + +# README files cp -a %{SOURCE10} . -cp -a %{SOURCE12} . -%if 0%{?suse_version} >= 1210 cat %{SOURCE11} >> README.SUSE -%endif +# apparmor +cp -a %{SOURCE12} . +# patch contrib script to use the right directories (as defined via macro in nagios-rpm-macros package) +sed -i "s|/usr/local/nagios/var/rw/nagios.cmd|%{nagios_command_file}|g; \ + s|/usr/local/nagios/etc/services.cfg|%{nagios_sysconfdir}/services.cfg|g;" \ + contrib/nrpe_check_control.c chmod -x contrib/README.nrpe_check_control + # increase the number of 'allowed' processes on newer systems: sed -i "s|check_procs -w 150 -c 200|check_procs -w 350 -c 400|g" sample-config/nrpe.cfg.in # add the new include directory @@ -290,9 +290,6 @@ %endif %pre -# Create user and group on the system if necessary -%nagios_user_group_add -%nagios_command_user_group_add # check if the port for nrpe is already defined in /etc/services if getent services nrpe >/dev/null ; then : OK - port already defined @@ -323,10 +320,6 @@ %tmpfiles_create %{_tmpfilesdir}/%{name}.conf %endif -%pre -n monitoring-plugins-nrpe -# Create user and group on the system if necessary -%nagios_user_group_add - %triggerun -- nagios-nrpe < 2.14 STATUS='%{_localstatedir}/adm/update-scripts/nrpe' %if %{with systemd} ++++++ nrpe-4.0.4-silence_wrong_package_version_messages.patch ++++++ --- /var/tmp/diff_new_pack.2hNq7u/_old 2024-02-09 23:54:49.004362226 +0100 +++ /var/tmp/diff_new_pack.2hNq7u/_new 2024-02-09 23:54:49.008362370 +0100 @@ -1,8 +1,8 @@ -Index: nrpe-4.0.3/src/nrpe.c +Index: nrpe-4.1.0/src/nrpe.c =================================================================== ---- nrpe-4.0.3.orig/src/nrpe.c -+++ nrpe-4.0.3/src/nrpe.c -@@ -1764,7 +1764,7 @@ void handle_connection(int sock) +--- nrpe-4.1.0.orig/src/nrpe.c ++++ nrpe-4.1.0/src/nrpe.c +@@ -1788,7 +1788,7 @@ void handle_connection(int sock) /* recv() error or client disconnect */ if (rc <= 0) { /* log error */ @@ -11,7 +11,7 @@ if (v3_receive_packet) free(v3_receive_packet); #ifdef HAVE_SSL -@@ -2114,7 +2114,7 @@ int read_packet(int sock, void *ssl_ptr, +@@ -2138,7 +2138,7 @@ int read_packet(int sock, void *ssl_ptr, packet_ver = ntohs(v2_pkt->packet_version); if (packet_ver != NRPE_PACKET_VERSION_2 && packet_ver != NRPE_PACKET_VERSION_4) { @@ -20,7 +20,7 @@ return -1; } -@@ -2198,7 +2198,7 @@ int read_packet(int sock, void *ssl_ptr, +@@ -2222,7 +2222,7 @@ int read_packet(int sock, void *ssl_ptr, packet_ver = ntohs(v2_pkt->packet_version); if (packet_ver != NRPE_PACKET_VERSION_2 && packet_ver != NRPE_PACKET_VERSION_4) { ++++++ nrpe-implicit_declaration.patch ++++++ --- /var/tmp/diff_new_pack.2hNq7u/_old 2024-02-09 23:54:49.044363667 +0100 +++ /var/tmp/diff_new_pack.2hNq7u/_new 2024-02-09 23:54:49.048363811 +0100 @@ -1,7 +1,7 @@ -Index: nrpe-4.0.3/contrib/nrpe_check_control.c +Index: nrpe-4.1.0/contrib/nrpe_check_control.c =================================================================== ---- nrpe-4.0.3.orig/contrib/nrpe_check_control.c -+++ nrpe-4.0.3/contrib/nrpe_check_control.c +--- nrpe-4.1.0.orig/contrib/nrpe_check_control.c ++++ nrpe-4.1.0/contrib/nrpe_check_control.c @@ -1,4 +1,5 @@ #include <stdio.h> +#include <stdlib.h> ++++++ nrpe-static_dh_parameters.patch ++++++ --- /var/tmp/diff_new_pack.2hNq7u/_old 2024-02-09 23:54:49.076364820 +0100 +++ /var/tmp/diff_new_pack.2hNq7u/_new 2024-02-09 23:54:49.084365109 +0100 @@ -1,49 +1,104 @@ -Index: nrpe-4.0.3/macros/ax_nagios_get_ssl +Index: nrpe-4.1.0/macros/ax_nagios_get_ssl =================================================================== ---- nrpe-4.0.3.orig/macros/ax_nagios_get_ssl -+++ nrpe-4.0.3/macros/ax_nagios_get_ssl -@@ -292,10 +292,15 @@ if test x$SSL_TYPE != xNONE; then +--- nrpe-4.1.0.orig/macros/ax_nagios_get_ssl ++++ nrpe-4.1.0/macros/ax_nagios_get_ssl +@@ -292,22 +292,27 @@ if test x$SSL_TYPE != xNONE; then AC_DEFINE(USE_SSL_DH) # Generate DH parameters if test -f "$sslbin"; then - echo "" - echo "*** Generating DH Parameters for SSL/TLS ***" -- # awk to strip off meta data at bottom of dhparam output -- $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h -+ if test -f include/dh.h ; then -+ echo "" -+ echo "*** Skipping generation of DH Parameters for SSL/TLS: include/dh.h already exists ***" -+ else -+ echo "" -+ echo "*** Generating DH Parameters for SSL/TLS ***" -+ # awk to strip off meta data at bottom of dhparam output -+ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h -+ fi +- # OpenSSL 3 removes dhparam -C +- # check version and use our own parser if needed +- nagios_ssl_major_version=`$sslbin version | cut -d' ' -f2 | cut -d. -f1` ++ if test -f include/dh.h ; then ++ echo "" ++ echo "*** Skipping generation of DH Parameters for SSL/TLS: include/dh.h already exists ***" ++ else ++ echo "" ++ echo "*** Generating DH Parameters for SSL/TLS ***" ++ # OpenSSL 3 removes dhparam -C ++ # check version and use our own parser if needed ++ nagios_ssl_major_version=`$sslbin version | cut -d' ' -f2 | cut -d. -f1` + +- test -d include || mkdir include +- if test "x$nagios_ssl_major_version" = "x3"; then +- AC_DEFINE_UNQUOTED(OPENSSL_V3,[1],[Have OpenSSL v3]) +- test -d src || mkdir src +- $CC ${srcdir}/src/print_c_code.c -o src/print_c_code +- $sslbin dhparam -text 2048 | ./src/print_c_code > include/dh.h +- else +- # awk to strip off meta data at bottom of dhparam output +- $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h +- fi ++ test -d include || mkdir include ++ if test "x$nagios_ssl_major_version" = "x3"; then ++ AC_DEFINE_UNQUOTED(OPENSSL_V3,[1],[Have OpenSSL v3]) ++ test -d src || mkdir src ++ $CC ${srcdir}/src/print_c_code.c -o src/print_c_code ++ $sslbin dhparam -text 2048 | ./src/print_c_code > include/dh.h ++ else ++ # awk to strip off meta data at bottom of dhparam output ++ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h ++ fi ++ fi fi fi fi -Index: nrpe-4.0.3/configure +Index: nrpe-4.1.0/configure =================================================================== ---- nrpe-4.0.3.orig/configure -+++ nrpe-4.0.3/configure -@@ -7722,10 +7722,15 @@ fi +--- nrpe-4.1.0.orig/configure ++++ nrpe-4.1.0/configure +@@ -7747,28 +7747,32 @@ fi - # Generate DH parameters - if test -f "$sslbin"; then + + $as_echo "#define USE_SSL_DH 1" >>confdefs.h +- +- # Generate DH parameters +- if test -f "$sslbin"; then - echo "" - echo "*** Generating DH Parameters for SSL/TLS ***" -- # awk to strip off meta data at bottom of dhparam output -- $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h -+ if test -f include/dh.h ; then +- # OpenSSL 3 removes dhparam -C +- # check version and use our own parser if needed +- nagios_ssl_major_version=`$sslbin version | cut -d' ' -f2 | cut -d. -f1` +- +- test -d include || mkdir include +- if test "x$nagios_ssl_major_version" = "x3"; then +- ++ if test -f include/dh.h ; then + echo "" + echo "*** Skipping generation of DH Parameters for SSL/TLS: include/dh.h already exists ***" -+ else ++ else ++ # Generate DH parameters ++ if test -f "$sslbin"; then + echo "" + echo "*** Generating DH Parameters for SSL/TLS ***" -+ # awk to strip off meta data at bottom of dhparam output -+ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h -+ fi ++ # OpenSSL 3 removes dhparam -C ++ # check version and use our own parser if needed ++ nagios_ssl_major_version=`$sslbin version | cut -d' ' -f2 | cut -d. -f1` ++ ++ test -d include || mkdir include ++ if test "x$nagios_ssl_major_version" = "x3"; then ++ + cat >>confdefs.h <<_ACEOF + #define OPENSSL_V3 1 + _ACEOF +- +- test -d src || mkdir src +- $CC ${srcdir}/src/print_c_code.c -o src/print_c_code +- $sslbin dhparam -text 2048 | ./src/print_c_code > include/dh.h +- else +- # awk to strip off meta data at bottom of dhparam output +- $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h ++ ++ test -d src || mkdir src ++ $CC ${srcdir}/src/print_c_code.c -o src/print_c_code ++ $sslbin dhparam -text 2048 | ./src/print_c_code > include/dh.h ++ else ++ # awk to strip off meta data at bottom of dhparam output ++ $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h ++ fi + fi fi fi - fi
