Package: nagios-nrpe Version: 2.15-1 Severity: normal Tags: patch Hi,
Please replace the deprecated dpatch by quilt. I have attached a patch that replaces dpatch by a dpkg-source 3.0 (quilt) format.
diff -Nru nagios-nrpe-2.15/debian/changelog nagios-nrpe-2.15/debian/changelog --- nagios-nrpe-2.15/debian/changelog 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/changelog 2014-07-29 17:20:24.000000000 +0200 @@ -1,3 +1,10 @@ +nagios-nrpe (2.15-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Switch from deprecated dpatch to the 3.0 (quilt) source format. + + -- Benjamin Drung <benjamin.dr...@profitbricks.com> Tue, 29 Jul 2014 17:19:55 +0200 + nagios-nrpe (2.15-1) unstable; urgency=high * [f2cea9f] Imported Upstream version 2.15 diff -Nru nagios-nrpe-2.15/debian/control nagios-nrpe-2.15/debian/control --- nagios-nrpe-2.15/debian/control 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/control 2014-07-29 17:06:26.000000000 +0200 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian Nagios Maintainer Group <pkg-nagios-de...@lists.alioth.debian.org> Uploaders: sean finney <sean...@debian.org>, Jason Thomas <ja...@debian.org>, Alexander Wirt <formo...@debian.org> -Build-Depends: debhelper (>= 9), openssl, dpatch (>= 2.0.32~), libssl-dev, libwrap0-dev, autotools-dev (>= 20100122.1) +Build-Depends: debhelper (>= 9), openssl, libssl-dev, libwrap0-dev, autotools-dev (>= 20100122.1) Standards-Version: 3.9.5 Package: nagios-nrpe-server diff -Nru nagios-nrpe-2.15/debian/patches/00list nagios-nrpe-2.15/debian/patches/00list --- nagios-nrpe-2.15/debian/patches/00list 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/patches/00list 1970-01-01 01:00:00.000000000 +0100 @@ -1,6 +0,0 @@ -02_nrpe.cfg_local-include.dpatch -03_support_nrpe.d.dpatch -05_pid_privileges.dpatch -06_pid_directory.dpatch -07_warn_ssloption.dpatch -09_noremove_pid.dpatch diff -Nru nagios-nrpe-2.15/debian/patches/02_nrpe.cfg_local-include.dpatch nagios-nrpe-2.15/debian/patches/02_nrpe.cfg_local-include.dpatch --- nagios-nrpe-2.15/debian/patches/02_nrpe.cfg_local-include.dpatch 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/patches/02_nrpe.cfg_local-include.dpatch 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 02_nrpe.cfg_local-include.dpatch by <sean...@debian.org> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Support nrpe_local.cfg - -@DPATCH@ -diff -urNad nagios-nrpe-2.4~/sample-config/nrpe.cfg.in nagios-nrpe-2.4/sample-config/nrpe.cfg.in ---- nagios-nrpe-2.4~/sample-config/nrpe.cfg.in 2006-02-03 23:02:32.000000000 +0100 -+++ nagios-nrpe-2.4/sample-config/nrpe.cfg.in 2006-03-31 07:07:16.000000000 +0200 -@@ -178,3 +178,8 @@ - #command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$ - #command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ - #command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ -+ -+# -+# local configuration: -+# if you'd prefer, you can instead place directives here -+include=/etc/nagios/nrpe_local.cfg diff -Nru nagios-nrpe-2.15/debian/patches/02_nrpe.cfg_local-include.patch nagios-nrpe-2.15/debian/patches/02_nrpe.cfg_local-include.patch --- nagios-nrpe-2.15/debian/patches/02_nrpe.cfg_local-include.patch 1970-01-01 01:00:00.000000000 +0100 +++ nagios-nrpe-2.15/debian/patches/02_nrpe.cfg_local-include.patch 2014-07-29 17:23:40.000000000 +0200 @@ -0,0 +1,14 @@ +Author: <sean...@debian.org> +Description: Support nrpe_local.cfg + +--- a/sample-config/nrpe.cfg.in ++++ b/sample-config/nrpe.cfg.in +@@ -233,3 +233,8 @@ + #command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$ + #command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ + #command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ ++ ++# ++# local configuration: ++# if you'd prefer, you can instead place directives here ++include=/etc/nagios/nrpe_local.cfg diff -Nru nagios-nrpe-2.15/debian/patches/03_support_nrpe.d.dpatch nagios-nrpe-2.15/debian/patches/03_support_nrpe.d.dpatch --- nagios-nrpe-2.15/debian/patches/03_support_nrpe.d.dpatch 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/patches/03_support_nrpe.d.dpatch 1970-01-01 01:00:00.000000000 +0100 @@ -1,21 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 03_support_nrpe.d.dpatch by Alexander Wirt <formo...@debian.org> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Support an nrpe.d directory - -@DPATCH@ -diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in ---- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2008-04-15 23:53:48.000000000 +0200 -+++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2008-04-15 23:54:48.000000000 +0200 -@@ -211,3 +211,9 @@ - # local configuration: - # if you'd prefer, you can instead place directives here - include=/etc/nagios/nrpe_local.cfg -+ -+# -+# you can place your config snipplets into nrpe.d/ -+# only snipplets ending in .cfg will get included -+include_dir=/etc/nagios/nrpe.d/ -+ -+ diff -Nru nagios-nrpe-2.15/debian/patches/03_support_nrpe.d.patch nagios-nrpe-2.15/debian/patches/03_support_nrpe.d.patch --- nagios-nrpe-2.15/debian/patches/03_support_nrpe.d.patch 1970-01-01 01:00:00.000000000 +0100 +++ nagios-nrpe-2.15/debian/patches/03_support_nrpe.d.patch 2014-07-29 17:11:51.000000000 +0200 @@ -0,0 +1,15 @@ +Author: Alexander Wirt <formo...@debian.org> +Description: Support an nrpe.d directory + +--- a/sample-config/nrpe.cfg.in ++++ b/sample-config/nrpe.cfg.in +@@ -238,3 +238,9 @@ + # local configuration: + # if you'd prefer, you can instead place directives here + include=/etc/nagios/nrpe_local.cfg ++ ++# ++# you can place your config snipplets into nrpe.d/ ++# only snipplets ending in .cfg will get included ++include_dir=/etc/nagios/nrpe.d/ ++ diff -Nru nagios-nrpe-2.15/debian/patches/04_weird_output.dpatch nagios-nrpe-2.15/debian/patches/04_weird_output.dpatch --- nagios-nrpe-2.15/debian/patches/04_weird_output.dpatch 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/patches/04_weird_output.dpatch 1970-01-01 01:00:00.000000000 +0100 @@ -1,20 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 04_weird_output.dpatch by <luk@luknote> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Clean buffer before use - -@DPATCH@ -diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c ---- pkg-nrpe~/src/nrpe.c 2012-04-30 09:36:53.000000000 +0200 -+++ pkg-nrpe/src/nrpe.c 2012-04-30 09:52:47.890535825 +0200 -@@ -1107,6 +1107,9 @@ - /* disable connection alarm - a new alarm will be setup during my_system */ - alarm(0); - -+ // null buffer before using it! -+ memset(buffer,0,sizeof(buffer)); -+ - /* if this is the version check command, just spew it out */ - if(!strcmp(command_name,NRPE_HELLO_COMMAND)){ - diff -Nru nagios-nrpe-2.15/debian/patches/04_weird_output.patch nagios-nrpe-2.15/debian/patches/04_weird_output.patch --- nagios-nrpe-2.15/debian/patches/04_weird_output.patch 1970-01-01 01:00:00.000000000 +0100 +++ nagios-nrpe-2.15/debian/patches/04_weird_output.patch 2014-07-29 17:30:22.000000000 +0200 @@ -0,0 +1,15 @@ +Author: <luk@luknote> +Description: Clean buffer before use + +--- pkg-nrpe~/src/nrpe.c 2012-04-30 09:36:53.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2012-04-30 09:52:47.890535825 +0200 +@@ -1107,6 +1107,9 @@ + /* disable connection alarm - a new alarm will be setup during my_system */ + alarm(0); + ++ // null buffer before using it! ++ memset(buffer,0,sizeof(buffer)); ++ + /* if this is the version check command, just spew it out */ + if(!strcmp(command_name,NRPE_HELLO_COMMAND)){ + diff -Nru nagios-nrpe-2.15/debian/patches/05_pid_privileges.dpatch nagios-nrpe-2.15/debian/patches/05_pid_privileges.dpatch --- nagios-nrpe-2.15/debian/patches/05_pid_privileges.dpatch 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/patches/05_pid_privileges.dpatch 1970-01-01 01:00:00.000000000 +0100 @@ -1,27 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 05_pid_privileges.dpatch by <luk@luknote> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: No description. - -@DPATCH@ -diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c ---- pkg-nrpe~/src/nrpe.c 2014-05-23 20:42:27.000000000 +0200 -+++ pkg-nrpe/src/nrpe.c 2014-07-15 14:09:45.027422047 +0200 -@@ -317,13 +317,13 @@ - /* log info to syslog facility */ - syslog(LOG_NOTICE,"Starting up daemon"); - -+ /* drop privileges */ -+ drop_privileges(nrpe_user,nrpe_group); -+ - /* write pid file */ - if(write_pid_file()==ERROR) - return STATE_CRITICAL; - -- /* drop privileges */ -- drop_privileges(nrpe_user,nrpe_group); -- - /* make sure we're not root */ - check_privileges(); - diff -Nru nagios-nrpe-2.15/debian/patches/05_pid_privileges.patch nagios-nrpe-2.15/debian/patches/05_pid_privileges.patch --- nagios-nrpe-2.15/debian/patches/05_pid_privileges.patch 1970-01-01 01:00:00.000000000 +0100 +++ nagios-nrpe-2.15/debian/patches/05_pid_privileges.patch 2014-07-29 17:12:40.000000000 +0200 @@ -0,0 +1,21 @@ +Author: <luk@luknote> + +--- a/src/nrpe.c ++++ b/src/nrpe.c +@@ -317,13 +317,13 @@ + /* log info to syslog facility */ + syslog(LOG_NOTICE,"Starting up daemon"); + ++ /* drop privileges */ ++ drop_privileges(nrpe_user,nrpe_group); ++ + /* write pid file */ + if(write_pid_file()==ERROR) + return STATE_CRITICAL; + +- /* drop privileges */ +- drop_privileges(nrpe_user,nrpe_group); +- + /* make sure we're not root */ + check_privileges(); + diff -Nru nagios-nrpe-2.15/debian/patches/06_pid_directory.dpatch nagios-nrpe-2.15/debian/patches/06_pid_directory.dpatch --- nagios-nrpe-2.15/debian/patches/06_pid_directory.dpatch 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/patches/06_pid_directory.dpatch 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 04_pid_directory.dpatch by Alexander Wirt <formo...@debian.org> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: No description. - -@DPATCH@ -diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in ---- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2007-03-09 19:08:58.000000000 +0100 -+++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2009-07-06 07:43:09.000000000 +0200 -@@ -16,7 +16,7 @@ - # number. The file is only written if the NRPE daemon is started by the root - # user and is running in standalone mode. - --pid_file=/var/run/nrpe.pid -+pid_file=/var/run/nagios/nrpe.pid - - - diff -Nru nagios-nrpe-2.15/debian/patches/06_pid_directory.patch nagios-nrpe-2.15/debian/patches/06_pid_directory.patch --- nagios-nrpe-2.15/debian/patches/06_pid_directory.patch 1970-01-01 01:00:00.000000000 +0100 +++ nagios-nrpe-2.15/debian/patches/06_pid_directory.patch 2014-07-29 17:12:55.000000000 +0200 @@ -0,0 +1,13 @@ +Author: Alexander Wirt <formo...@debian.org> + +--- a/sample-config/nrpe.cfg.in ++++ b/sample-config/nrpe.cfg.in +@@ -23,7 +23,7 @@ + # number. The file is only written if the NRPE daemon is started by the root + # user and is running in standalone mode. + +-pid_file=/var/run/nrpe.pid ++pid_file=/var/run/nagios/nrpe.pid + + + diff -Nru nagios-nrpe-2.15/debian/patches/07_warn_ssloption.dpatch nagios-nrpe-2.15/debian/patches/07_warn_ssloption.dpatch --- nagios-nrpe-2.15/debian/patches/07_warn_ssloption.dpatch 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/patches/07_warn_ssloption.dpatch 1970-01-01 01:00:00.000000000 +0100 @@ -1,30 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 07_warn_ssloption.dpatch by Thijs Kinkhorst <th...@debian.org> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Warn against inadequateness of NRPE's own SSL option. - ---- a/SECURITY 2013-02-10 15:07:18.000000000 +0100 -+++ b/SECURITY 2013-02-10 15:08:50.000000000 +0100 -@@ -67,14 +67,17 @@ - ---------- - - If you do enable support for command arguments in the NRPE daemon, --make sure that you encrypt communications either by using: -- -- 1. Stunnel (see http://www.stunnel.org for more info) -- 2. Native SSL support -+make sure that you encrypt communications either by using, for -+example, Stunnel (see http://www.stunnel.org for more info). - - Do NOT assume that just because the daemon is behind a firewall - that you are safe! Always encrypt NRPE traffic! - -+NOTE: the currently shipped native SSL support of NRPE is not an -+adequante protection, because it does not verify clients and -+server, and uses pregenerated key material. NRPE's SSL option is -+advised against. For more information, see Debian bug #547092. -+ - - USING ARGUMENTS - --------------- diff -Nru nagios-nrpe-2.15/debian/patches/07_warn_ssloption.patch nagios-nrpe-2.15/debian/patches/07_warn_ssloption.patch --- nagios-nrpe-2.15/debian/patches/07_warn_ssloption.patch 1970-01-01 01:00:00.000000000 +0100 +++ nagios-nrpe-2.15/debian/patches/07_warn_ssloption.patch 2014-07-29 17:13:06.000000000 +0200 @@ -0,0 +1,27 @@ +Author: Thijs Kinkhorst <th...@debian.org> +Description: Warn against inadequateness of NRPE's own SSL option. + +--- a/SECURITY ++++ b/SECURITY +@@ -93,14 +93,17 @@ + ---------- + + If you do enable support for command arguments in the NRPE daemon, +-make sure that you encrypt communications either by using: +- +- 1. Stunnel (see http://www.stunnel.org for more info) +- 2. Native SSL support ++make sure that you encrypt communications either by using, for ++example, Stunnel (see http://www.stunnel.org for more info). + + Do NOT assume that just because the daemon is behind a firewall + that you are safe! Always encrypt NRPE traffic! + ++NOTE: the currently shipped native SSL support of NRPE is not an ++adequante protection, because it does not verify clients and ++server, and uses pregenerated key material. NRPE's SSL option is ++advised against. For more information, see Debian bug #547092. ++ + + USING ARGUMENTS + --------------- diff -Nru nagios-nrpe-2.15/debian/patches/09_noremove_pid.dpatch nagios-nrpe-2.15/debian/patches/09_noremove_pid.dpatch --- nagios-nrpe-2.15/debian/patches/09_noremove_pid.dpatch 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/patches/09_noremove_pid.dpatch 1970-01-01 01:00:00.000000000 +0100 @@ -1,34 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 09_noremove_pid.dpatch by <simon.dez...@gmail.com> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Do not remove the PID file after a connection error (original patch -## DP: from Hiren Patel) - -# Author: Hiren Patel -# From: http://comments.gmane.org/gmane.network.nagios.devel/6774 -# Bug-Debian: #716949 -# Bug-Ubuntu: https://launchpad.net/bugs/1126890 - -@DPATCH@ -diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c ---- pkg-nrpe~/src/nrpe.c 2014-07-15 14:20:02.000000000 +0200 -+++ pkg-nrpe/src/nrpe.c 2014-07-15 14:20:55.775429979 +0200 -@@ -998,7 +998,7 @@ - /* close socket prioer to exiting */ - close(sock); - -- return; -+ exit(STATE_CRITICAL); - } - - /* handle signals */ -@@ -1022,7 +1022,7 @@ - /* close socket prior to exiting */ - close(new_sd); - -- return; -+ exit(STATE_CRITICAL); - } - - /* is this is a blessed machine? */ diff -Nru nagios-nrpe-2.15/debian/patches/09_noremove_pid.patch nagios-nrpe-2.15/debian/patches/09_noremove_pid.patch --- nagios-nrpe-2.15/debian/patches/09_noremove_pid.patch 1970-01-01 01:00:00.000000000 +0100 +++ nagios-nrpe-2.15/debian/patches/09_noremove_pid.patch 2014-07-29 17:14:08.000000000 +0200 @@ -0,0 +1,27 @@ +Author: Hiren Patel +Description: Do not remove the PID file after a connection error (original + patch from Hiren Patel) +From: http://comments.gmane.org/gmane.network.nagios.devel/6774 +Bug-Debian: http://bugs.debian.org/716949 +Bug-Ubuntu: https://launchpad.net/bugs/1126890 + +--- a/src/nrpe.c ++++ b/src/nrpe.c +@@ -998,7 +998,7 @@ + /* close socket prioer to exiting */ + close(sock); + +- return; ++ exit(STATE_CRITICAL); + } + + /* handle signals */ +@@ -1022,7 +1022,7 @@ + /* close socket prior to exiting */ + close(new_sd); + +- return; ++ exit(STATE_CRITICAL); + } + + /* is this is a blessed machine? */ diff -Nru nagios-nrpe-2.15/debian/patches/series nagios-nrpe-2.15/debian/patches/series --- nagios-nrpe-2.15/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ nagios-nrpe-2.15/debian/patches/series 2014-07-29 17:10:10.000000000 +0200 @@ -0,0 +1,6 @@ +02_nrpe.cfg_local-include.patch +03_support_nrpe.d.patch +05_pid_privileges.patch +06_pid_directory.patch +07_warn_ssloption.patch +09_noremove_pid.patch diff -Nru nagios-nrpe-2.15/debian/rules nagios-nrpe-2.15/debian/rules --- nagios-nrpe-2.15/debian/rules 2014-07-29 17:30:36.000000000 +0200 +++ nagios-nrpe-2.15/debian/rules 2014-07-29 17:08:35.000000000 +0200 @@ -3,11 +3,8 @@ # newer dpkg set this by default. DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) -# Include dpatch stuff. -include /usr/share/dpatch/dpatch.make - %: - dh $@ --with dpatch,autotools_dev + dh $@ --with autotools_dev override_dh_auto_configure: ./configure \ diff -Nru nagios-nrpe-2.15/debian/source/format nagios-nrpe-2.15/debian/source/format --- nagios-nrpe-2.15/debian/source/format 1970-01-01 01:00:00.000000000 +0100 +++ nagios-nrpe-2.15/debian/source/format 2014-07-29 17:06:56.000000000 +0200 @@ -0,0 +1 @@ +3.0 (quilt)