Hello community, here is the log from the commit of package nrpe for openSUSE:Factory checked in at 2017-06-07 09:55:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nrpe (Old) and /work/SRC/openSUSE:Factory/.nrpe.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nrpe" Wed Jun 7 09:55:26 2017 rev:4 rq:501194 version:3.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/nrpe/nrpe.changes 2017-05-02 08:54:54.394206371 +0200 +++ /work/SRC/openSUSE:Factory/.nrpe.new/nrpe.changes 2017-06-07 09:55:26.442536414 +0200 @@ -1,0 +2,17 @@ +Mon May 29 15:09:08 UTC 2017 - l...@linux-schulserver.de + +- update to 3.1.1: + FIXES + - The '--log-file=' or '-g' option is missing from the help (John Frickson) + - check_nrpe = segfault when specifying a config file (John Frickson) + - Alternate log file not being used soon enough (John Frickson) + - Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson) + - Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson) + - Can't build on Debian Stretch, openssl 1.1.0c (John Frickson) + - Fix build failure with -Werror=format-security (Bas Couwenberg) + - Fixed a typo in `nrpe.spec.in` (John Frickson) + - More detailed error logging for SSL (John Frickson) + - Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson) +- refreshed all patches + +------------------------------------------------------------------- Old: ---- nrpe-3.1.0.tar.bz2 New: ---- nrpe-3.1.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nrpe.spec ++++++ --- /var/tmp/diff_new_pack.nQ5qzv/_old 2017-06-07 09:55:27.138438073 +0200 +++ /var/tmp/diff_new_pack.nQ5qzv/_new 2017-06-07 09:55:27.142437507 +0200 @@ -30,7 +30,7 @@ %endif Name: nrpe -Version: 3.1.0 +Version: 3.1.1 Release: 0 Summary: Nagios Remote Plug-In Executor License: GPL-2.0+ ++++++ nrpe-3.1.0.tar.bz2 -> nrpe-3.1.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/Changelog new/nrpe-3.1.1/Changelog --- old/nrpe-3.1.0/Changelog 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/Changelog 2017-05-24 16:35:00.000000000 +0200 @@ -2,7 +2,22 @@ NRPE Changelog ************** -3.x.x - 201x-xx-xx +3.1.1 - 2017-05-24 +------------------ +FIXES +- The '--log-file=' or '-g' option is missing from the help (John Frickson) +- check_nrpe = segfault when specifying a config file (John Frickson) +- Alternate log file not being used soon enough (John Frickson) +- Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson) +- Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson) +- Can't build on Debian Stretch, openssl 1.1.0c (John Frickson) +- Fix build failure with -Werror=format-security (Bas Couwenberg) +- Fixed a typo in `nrpe.spec.in` (John Frickson) +- More detailed error logging for SSL (John Frickson) +- Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson) + + +3.1.0 - 2017-04-17 ------------------ ENHANCEMENTS - Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/configure new/nrpe-3.1.1/configure --- old/nrpe-3.1.0/configure 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/configure 2017-05-24 16:35:00.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for nrpe 3.1.0-rc1. +# Generated by GNU Autoconf 2.69 for nrpe 3.1.1. # # Report bugs to <nagios-us...@lists.sourceforge.net>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='nrpe' PACKAGE_TARNAME='nrpe' -PACKAGE_VERSION='3.1.0-rc1' -PACKAGE_STRING='nrpe 3.1.0-rc1' +PACKAGE_VERSION='3.1.1' +PACKAGE_STRING='nrpe 3.1.1' PACKAGE_BUGREPORT='nagios-us...@lists.sourceforge.net' PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/' @@ -757,6 +757,7 @@ with_piddir with_pipedir enable_ssl +with_need_dh with_ssl with_ssl_inc with_ssl_lib @@ -1319,7 +1320,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures nrpe 3.1.0-rc1 to adapt to many kinds of systems. +\`configure' configures nrpe 3.1.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1369,7 +1370,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of nrpe 3.1.0-rc1:";; + short | recursive ) echo "Configuration of nrpe 3.1.1:";; esac cat <<\_ACEOF @@ -1422,6 +1423,7 @@ --with-logdir=DIR where log files should be placed --with-piddir=DIR where the PID file should be placed --with-pipedir=DIR where socket and pipe files should be placed + --with-need-dh set to 'no' to not include Diffie-Hellman SSL logic --with-ssl=DIR sets location of the SSL installation --with-ssl-inc=DIR sets location of the SSL include files --with-ssl-lib=DIR sets location of the SSL libraries @@ -1514,7 +1516,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -nrpe configure 3.1.0-rc1 +nrpe configure 3.1.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2120,7 +2122,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by nrpe $as_me 3.1.0-rc1, which was +It was created by nrpe $as_me 3.1.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2485,9 +2487,9 @@ PKG_NAME=nrpe -PKG_VERSION="3.1.0-rc1" +PKG_VERSION="3.1.1" PKG_HOME_URL="http://www.nagios.org/" -PKG_REL_DATE="2017-04-06" +PKG_REL_DATE="2017-05-24" RPM_RELEASE=1 LANG=C @@ -3020,29 +3022,29 @@ inetd_disabled="" - if test x"$init_type" = "xupstart"; then - inetd_type="upstart" - elif test "$opsys" = "osx"; then - inetd_type="launchd" - fi - - if test x"$inetd_type" = x; then - case $dist_type in #( + case $dist_type in #( solaris) : if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then - inetd_type="$init_type" - else - inetd_type="inetd" - fi ;; #( + inetd_type="$init_type" + else + inetd_type="inetd" + fi ;; #( *bsd*) : inetd_type=`ps -A -o comm -c | grep inetd` ;; #( + osx) : + inetd_type=`launchd` ;; #( aix|hp-ux) : inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1` ;; #( *) : - inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND` ;; #( + inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1` ;; #( *) : ;; esac + + if test x"$inetd_type" = x; then + if test x"$init_type" = "xupstart"; then + inetd_type="upstart" + fi fi if test x"$inetd_type" = x; then @@ -4346,7 +4348,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by nrpe $as_me 3.1.0-rc1, which was +This file was extended by nrpe $as_me 3.1.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -4400,7 +4402,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -nrpe config.status 3.1.0-rc1 +nrpe config.status 3.1.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -7278,9 +7280,19 @@ fi +need_dh=yes + +# Check whether --with-need_dh was given. +if test "${with_need_dh+set}" = set; then : + withval=$with_need_dh; need_dh=$withval +else + nrpe_group=need_dh +fi + + if test x$check_for_ssl = xyes; then # need_dh should only be set for NRPE - need_dh=yes +# need_dh=yes # ------------------------------- @@ -8272,7 +8284,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by nrpe $as_me 3.1.0-rc1, which was +This file was extended by nrpe $as_me 3.1.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -8335,7 +8347,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -nrpe config.status 3.1.0-rc1 +nrpe config.status 3.1.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/configure.ac new/nrpe-3.1.1/configure.ac --- old/nrpe-3.1.0/configure.ac 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/configure.ac 2017-05-24 16:35:00.000000000 +0200 @@ -5,15 +5,15 @@ define([AC_CACHE_SAVE],) m4_include([build-aux/custom_help.m4]) -AC_INIT([nrpe],[3.1.0-rc1],[nagios-us...@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/]) +AC_INIT([nrpe],[3.1.1],[nagios-us...@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/]) AC_CONFIG_SRCDIR([src/nrpe.c]) AC_CONFIG_AUX_DIR([build-aux]) AC_PREFIX_DEFAULT(/usr/local/nagios) PKG_NAME=nrpe -PKG_VERSION="3.1.0-rc1" +PKG_VERSION="3.1.1" PKG_HOME_URL="http://www.nagios.org/" -PKG_REL_DATE="2017-04-06" +PKG_REL_DATE="2017-05-24" RPM_RELEASE=1 LANG=C @@ -304,10 +304,16 @@ fi ],check_for_ssl=yes) +need_dh=yes +AC_ARG_WITH([need_dh], + AS_HELP_STRING([--with-need-dh],[set to 'no' to not include Diffie-Hellman SSL logic]), + [need_dh=$withval], + [nrpe_group=need_dh]) + dnl Optional SSL library and include paths if test x$check_for_ssl = xyes; then # need_dh should only be set for NRPE - need_dh=yes +# need_dh=yes AC_NAGIOS_GET_SSL fi Binary files old/nrpe-3.1.0/docs/NRPE.odt and new/nrpe-3.1.1/docs/NRPE.odt differ Binary files old/nrpe-3.1.0/docs/NRPE.pdf and new/nrpe-3.1.1/docs/NRPE.pdf differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/include/common.h.in new/nrpe-3.1.1/include/common.h.in --- old/nrpe-3.1.0/include/common.h.in 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/include/common.h.in 2017-05-24 16:35:00.000000000 +0200 @@ -2,7 +2,7 @@ * * COMMON.H - NRPE Common Include File * Copyright (c) 1999-2007 Ethan Galstad (nag...@nagios.org) - * Last Modified: 2017-04-06 + * Last Modified: 2017-05-24 * * License: * @@ -33,8 +33,8 @@ # endif #endif -#define PROGRAM_VERSION "3.1.0-rc1" -#define MODIFICATION_DATE "2017-04-06" +#define PROGRAM_VERSION "3.1.1" +#define MODIFICATION_DATE "2017-05-24" #define OK 0 #define ERROR -1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/macros/ax_nagios_get_inetd new/nrpe-3.1.1/macros/ax_nagios_get_inetd --- old/nrpe-3.1.0/macros/ax_nagios_get_inetd 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/macros/ax_nagios_get_inetd 2017-05-24 16:35:00.000000000 +0200 @@ -93,29 +93,30 @@ inetd_disabled="" - if test x"$init_type" = "xupstart"; then - inetd_type="upstart" - elif test "$opsys" = "osx"; then - inetd_type="launchd" - fi + AS_CASE([$dist_type], + [solaris], + if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then + inetd_type="$init_type" + else + inetd_type="inetd" + fi, + + [*bsd*], + inetd_type=`ps -A -o comm -c | grep inetd`, - if test x"$inetd_type" = x; then - AS_CASE([$dist_type], - [solaris], - if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then - inetd_type="$init_type" - else - inetd_type="inetd" - fi, + [osx], + inetd_type=`launchd`, - [*bsd*], - inetd_type=`ps -A -o comm -c | grep inetd`, + [aix|hp-ux], + inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`, - [aix|hp-ux], - inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`, + [*], + inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`]) - [*], - inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`]) + if test x"$inetd_type" = x; then + if test x"$init_type" = "xupstart"; then + inetd_type="upstart" + fi fi if test x"$inetd_type" = x; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/nrpe.spec.in new/nrpe-3.1.1/nrpe.spec.in --- old/nrpe-3.1.0/nrpe.spec.in 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/nrpe.spec.in 2017-05-24 16:35:00.000000000 +0200 @@ -9,7 +9,7 @@ %endif %if %{islinux} %define _init_dir @initdir@ - %define _init_tyhpe @init_type@ + %define _init_type @init_type@ %define _exec_prefix %{_prefix}/sbin %define _bindir %{_prefix}/sbin %define _sbindir %{_prefix}/lib/nagios/cgi @@ -22,7 +22,7 @@ %define _sysconfdir /etc/nagios %define name @PACKAGE_NAME@ -%define version 3.1.0-rc1 +%define version 3.1.1 %define release @RPM_RELEASE@ %define nsusr @nrpe_user@ %define nsgrp @nrpe_group@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/src/acl.c new/nrpe-3.1.1/src/acl.c --- old/nrpe-3.1.0/src/acl.c 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/src/acl.c 2017-05-24 16:35:00.000000000 +0200 @@ -565,9 +565,9 @@ break; } } - - dns_acl_curr = dns_acl_curr->next; } + + dns_acl_curr = dns_acl_curr->next; } return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/src/check_nrpe.c new/nrpe-3.1.1/src/check_nrpe.c --- old/nrpe-3.1.0/src/check_nrpe.c 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/src/check_nrpe.c 2017-05-24 16:35:00.000000000 +0200 @@ -4,7 +4,7 @@ * Copyright (c) 1999-2008 Ethan Galstad (nag...@nagios.org) * License: GPL * - * Last Modified: 2017-04-06 + * Last Modified: 2017-05-24 * * Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec] * @@ -116,8 +116,6 @@ result = process_arguments(argc, argv, 0); - open_log_file(); - if (result != OK || show_help == TRUE || show_license == TRUE || show_version == TRUE) usage(result); /* usage() will call exit() */ @@ -466,6 +464,7 @@ break; } log_file = strdup(optarg); + open_log_file(); break; default: @@ -558,10 +557,10 @@ bufp = buf; while (argc < 50) { + while (*bufp && strchr(delims, *bufp)) + ++bufp; if (*bufp == '\0') break; - while (strchr(delims, *bufp)) - ++bufp; argv[argc] = my_strsep(&bufp, delims); if (!argv[argc++]) break; @@ -667,7 +666,7 @@ printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n" " [-P <size>] [-S <ssl version>] [-L <cipherlist>] [-C <clientcert>]\n" " [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n" - " [-f <cfg-file>] [-p <port>] [-t <interval>:<state>]\n" + " [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n" " [-c <command>] [-a <arglist...>]\n"); printf("\n"); printf("Options:\n"); @@ -704,6 +703,7 @@ printf(" <logopts> = SSL Logging Options\n"); printf(" <bindaddr> = bind to local address\n"); printf(" <cfg-file> = configuration file to use\n"); + printf(" <log-file> = full path to the log file to write to\n"); printf(" [port] = The port on which the daemon is running (default=%d)\n", DEFAULT_SERVER_PORT); printf(" [command] = The name of the command that the remote daemon should run\n"); @@ -743,7 +743,7 @@ void setup_ssl() { #ifdef HAVE_SSL - int vrfy; + int vrfy, x; if (sslprm.log_opts & SSL_LogStartup) { char *val; @@ -878,7 +878,9 @@ break; case TLSv1_2: case TLSv1_2_plus: +#ifdef SSL_OP_NO_TLSv1_1 ssl_opts |= SSL_OP_NO_TLSv1_1; +#endif case TLSv1_1: case TLSv1_1_plus: ssl_opts |= SSL_OP_NO_TLSv1; @@ -897,14 +899,23 @@ if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) { if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) { - SSL_CTX_free(ctx); printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file); + while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { + printf("Error: could not use certificate file '%s': %s\n", + sslprm.cert_file, ERR_reason_error_string(x)); + } + SSL_CTX_free(ctx); exit(STATE_CRITICAL); } if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) { SSL_CTX_free(ctx); printf("Error: could not use private key file '%s'.\n", sslprm.privatekey_file); + while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { + printf("Error: could not use private key file '%s': %s\n", + sslprm.privatekey_file, ERR_reason_error_string(x)); + } + SSL_CTX_free(ctx); exit(STATE_CRITICAL); } } @@ -913,8 +924,12 @@ vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; SSL_CTX_set_verify(ctx, vrfy, verify_callback); if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) { - SSL_CTX_free(ctx); printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file); + while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { + printf("Error: could not use CA certificate '%s': %s\n", + sslprm.privatekey_file, ERR_reason_error_string(x)); + } + SSL_CTX_free(ctx); exit(STATE_CRITICAL); } } @@ -932,8 +947,12 @@ } if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) { - SSL_CTX_free(ctx); printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list); + while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { + printf("Could not set SSL/TLS cipher list '%s': %s\n", + sslprm.cipher_list, ERR_reason_error_string(x)); + } + SSL_CTX_free(ctx); exit(STATE_CRITICAL); } } @@ -965,7 +984,7 @@ struct sockaddr addr; struct in_addr *inaddr; socklen_t addrlen; - int result, rc, ssl_err, ern; + int result, rc, ssl_err, ern, x, nerrs = 0; /* try to connect to the host at the given port number */ if ((sd = @@ -1004,7 +1023,6 @@ ssl_err = SSL_get_error(ssl, rc); if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) { - int x, nerrs = 0; rc = 0; while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s", @@ -1015,9 +1033,16 @@ logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d", rem_host, rc, ssl_err); - } else - logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d", - rem_host, rc, ssl_err); + } else { + while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { + logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s", + rem_host, ERR_reason_error_string(x)); + ++nerrs; + } + if (nerrs == 0) + logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: " + "rc=%d SSL-error=%d", rem_host, rc, ssl_err); + } if (ssl_err == 5) { /* Often, errno will be zero, so print a generic message here */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/src/nrpe.c new/nrpe-3.1.1/src/nrpe.c --- old/nrpe-3.1.0/src/nrpe.c 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/src/nrpe.c 2017-05-24 16:35:00.000000000 +0200 @@ -186,8 +186,6 @@ return STATE_CRITICAL; } - open_log_file(); - if (!nasty_metachars) nasty_metachars = strdup(NASTY_METACHARS); @@ -244,6 +242,7 @@ #ifdef HAVE_SSL DH *dh; char seedfile[FILENAME_MAX]; + char errstr[120] = { "" }; int i, c, x, vrfy; unsigned long ssl_opts = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE; @@ -315,7 +314,10 @@ ctx = SSL_CTX_new(meth); if (ctx == NULL) { - logit(LOG_ERR, "Error: could not create SSL context"); + while ((x = ERR_get_error()) != 0) { + ERR_error_string(x, errstr); + logit(LOG_ERR, "Error: could not create SSL context : %s", errstr); + } SSL_CTX_free(ctx); exit(STATE_CRITICAL); } @@ -359,7 +361,9 @@ break; case TLSv1_2: case TLSv1_2_plus: +#ifdef SSL_OP_NO_TLSv1_1 ssl_opts |= SSL_OP_NO_TLSv1_1; +#endif case TLSv1_1: case TLSv1_1_plus: ssl_opts |= SSL_OP_NO_TLSv1; @@ -377,7 +381,6 @@ SSL_CTX_set_options(ctx, ssl_opts); if (sslprm.cert_file != NULL) { - char errstr[120] = { "" }; if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) { SSL_CTX_free(ctx); while ((x = ERR_get_error()) != 0) { @@ -388,9 +391,12 @@ exit(STATE_CRITICAL); } if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) { + while ((x = ERR_get_error()) != 0) { + ERR_error_string(x, errstr); + logit(LOG_ERR, "Error: could not use private key file '%s' : %s", + sslprm.privatekey_file, errstr); + } SSL_CTX_free(ctx); - logit(LOG_ERR, "Error: could not use private key file '%s'", - sslprm.privatekey_file); exit(STATE_CRITICAL); } } @@ -401,6 +407,10 @@ vrfy |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; SSL_CTX_set_verify(ctx, vrfy, verify_callback); if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) { + while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { + logit(LOG_ERR, "Error: could not use certificate file '%s': %s\n", + sslprm.cacert_file, ERR_reason_error_string(x)); + } SSL_CTX_free(ctx); logit(LOG_ERR, "Error: could not use CA certificate '%s'", sslprm.cacert_file); exit(STATE_CRITICAL); @@ -651,13 +661,13 @@ free_memory(); /* free all memory we allocated */ if (sigrestart == TRUE && sigshutdown == FALSE) { + close_log_file(); result = read_config_file(config_file); /* read the config file */ if (result == ERROR) { /* exit if there are errors... */ logit(LOG_ERR, "Config file '%s' contained errors, bailing out...", config_file); exit(STATE_CRITICAL); } - open_log_file(); return; } @@ -950,10 +960,11 @@ else if (!strcmp(varname, "nasty_metachars")) nasty_metachars = strdup(varvalue); - else if (!strcmp(varname, "log_file")) + else if (!strcmp(varname, "log_file")) { log_file = strdup(varvalue); + open_log_file(); - else { + } else { logit(LOG_WARNING, "Unknown option specified in config file '%s' - Line %d\n", filename, line); continue; @@ -1852,6 +1863,7 @@ #else const SSL_CIPHER *c; #endif + const char *errmsg = NULL; char buffer[MAX_INPUT_BUFFER]; SSL *ssl = (SSL*)ssl_ptr; X509 *peer; @@ -1869,8 +1881,14 @@ int nerrs = 0; rc = 0; while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { + errmsg = ERR_reason_error_string(x); logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s", - remote_host, ERR_reason_error_string(x)); + remote_host, errmsg); + if (errmsg && !strcmp(errmsg, "no shared cipher")) { + if (sslprm.cert_file == NULL || sslprm.cacert_file == NULL) + logit(LOG_ERR, "Error: This could be because you have not " + "specified certificate or ca-certificate files"); + } ++nerrs; } if (nerrs == 0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/src/utils.c new/nrpe-3.1.1/src/utils.c --- old/nrpe-3.1.0/src/utils.c 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/src/utils.c 2017-05-24 16:35:00.000000000 +0200 @@ -31,6 +31,7 @@ #include "../include/common.h" #include "../include/utils.h" +#include <stdarg.h> #ifdef HAVE_PATHS_H #include <paths.h> #endif @@ -469,6 +470,7 @@ void open_log_file() { int fh; + int flags = O_RDWR|O_APPEND|O_CREAT; struct stat st; close_log_file(); @@ -476,7 +478,10 @@ if (!log_file) return; - if ((fh = open(log_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) { +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif + if ((fh = open(log_file, flags, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) { printf("Warning: Cannot open log file '%s' for writing\n", log_file); logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file); return; @@ -527,7 +532,7 @@ fflush(log_fp); } else - syslog(priority, buffer); + syslog(priority, "%s", buffer); free(buffer); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nrpe-3.1.0/update-version new/nrpe-3.1.1/update-version --- old/nrpe-3.1.0/update-version 2017-04-17 16:21:54.000000000 +0200 +++ new/nrpe-3.1.1/update-version 2017-05-24 16:35:00.000000000 +0200 @@ -28,10 +28,10 @@ fi # Current version number -CURRENTVERSION=3.1.0-rc1 +CURRENTVERSION=3.1.1 # Last date -LASTDATE=2017-04-06 +LASTDATE=2017-05-24 if [ "x$1" = "x" ] then ++++++ nrpe-implicit_declaration.patch ++++++ --- /var/tmp/diff_new_pack.nQ5qzv/_old 2017-06-07 09:55:27.426397380 +0200 +++ /var/tmp/diff_new_pack.nQ5qzv/_new 2017-06-07 09:55:27.430396814 +0200 @@ -1,7 +1,7 @@ -Index: nrpe-3.1.0/contrib/nrpe_check_control.c +Index: nrpe-3.1.1/contrib/nrpe_check_control.c =================================================================== ---- nrpe-3.1.0.orig/contrib/nrpe_check_control.c -+++ nrpe-3.1.0/contrib/nrpe_check_control.c +--- nrpe-3.1.1.orig/contrib/nrpe_check_control.c ++++ nrpe-3.1.1/contrib/nrpe_check_control.c @@ -1,4 +1,5 @@ #include <stdio.h> +#include <stdlib.h> ++++++ nrpe-improved_help.patch ++++++ --- /var/tmp/diff_new_pack.nQ5qzv/_old 2017-06-07 09:55:27.442395120 +0200 +++ /var/tmp/diff_new_pack.nQ5qzv/_new 2017-06-07 09:55:27.442395120 +0200 @@ -1,11 +1,11 @@ -Index: nrpe-3.1.0/src/check_nrpe.c +Index: nrpe-3.1.1/src/check_nrpe.c =================================================================== ---- nrpe-3.1.0.orig/src/check_nrpe.c -+++ nrpe-3.1.0/src/check_nrpe.c -@@ -668,7 +668,7 @@ void usage(int result) +--- nrpe-3.1.1.orig/src/check_nrpe.c ++++ nrpe-3.1.1/src/check_nrpe.c +@@ -667,7 +667,7 @@ void usage(int result) " [-P <size>] [-S <ssl version>] [-L <cipherlist>] [-C <clientcert>]\n" " [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n" - " [-f <cfg-file>] [-p <port>] [-t <interval>:<state>]\n" + " [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n" - " [-c <command>] [-a <arglist...>]\n"); + " [-c <command>] [-a <arglist...>] [--help] [--license] [--no-ssl]\n"); printf("\n"); @@ -15,27 +15,27 @@ printf(" [arglist] = Optional arguments that should be passed to the command,\n"); printf(" separated by a space. If provided, this must be the last\n"); printf(" option supplied on the command line.\n"); -+ printf(" -h, --help = Print this short help.\n"); -+ printf(" -l,--license = Print licensing information.\n"); -+ printf(" -n,--no-ssl = Do not initial an ssl handshake with the server, talk in plaintext.\n"); ++ printf(" -h, --help = Print this short help.\n"); ++ printf(" -l,--license = Print licensing information.\n"); ++ printf(" -n,--no-ssl = Do not initial an ssl handshake with the server, talk in plaintext.\n"); printf("\n"); printf(" NEW TIMEOUT SYNTAX\n"); printf(" -t <interval>:<state>\n"); -Index: nrpe-3.1.0/src/nrpe.c +Index: nrpe-3.1.1/src/nrpe.c =================================================================== ---- nrpe-3.1.0.orig/src/nrpe.c -+++ nrpe-3.1.0/src/nrpe.c -@@ -528,13 +528,15 @@ void usage(int result) +--- nrpe-3.1.1.orig/src/nrpe.c ++++ nrpe-3.1.1/src/nrpe.c +@@ -538,13 +538,15 @@ void usage(int result) printf("Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>\n"); printf("\n"); printf("Options:\n"); - printf(" -n = Do not use SSL\n"); ++ printf(" -h, --help = Print this short help.\n"); ++ printf(" -l,--license = Print licensing information.\n"); + printf(" -n, --no-ssl = Do not use SSL\n"); printf(" -c <config_file> = Name of config file to use\n"); printf(" -4 = use ipv4 only\n"); printf(" -6 = use ipv6 only\n"); -+ printf(" -h, --help = Print this short help.\n"); -+ printf(" -l,--license = Print licensing information.\n"); printf(" <mode> = One of the following operating modes:\n"); - printf(" -i = Run as a service under inetd or xinetd\n"); - printf(" -d = Run as a standalone daemon\n"); ++++++ nrpe_check_control.patch ++++++ --- /var/tmp/diff_new_pack.nQ5qzv/_old 2017-06-07 09:55:27.514384946 +0200 +++ /var/tmp/diff_new_pack.nQ5qzv/_new 2017-06-07 09:55:27.514384946 +0200 @@ -1,7 +1,7 @@ -Index: nrpe-3.1.0/contrib/nrpe_check_control.c +Index: nrpe-3.1.1/contrib/nrpe_check_control.c =================================================================== ---- nrpe-3.1.0.orig/contrib/nrpe_check_control.c -+++ nrpe-3.1.0/contrib/nrpe_check_control.c +--- nrpe-3.1.1.orig/contrib/nrpe_check_control.c ++++ nrpe-3.1.1/contrib/nrpe_check_control.c @@ -5,8 +5,8 @@ #define MAX_CHARS 1024 #define SERVICE_COUNT 12