Hello community, here is the log from the commit of package nagios for openSUSE:Leap:15.2 checked in at 2020-04-12 15:38:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/nagios (Old) and /work/SRC/openSUSE:Leap:15.2/.nagios.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nagios" Sun Apr 12 15:38:49 2020 rev:19 rq:793076 version:4.4.5 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/nagios/nagios.changes 2020-01-15 15:32:08.814806275 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.nagios.new.3248/nagios.changes 2020-04-12 15:38:52.698034248 +0200 @@ -1,0 +2,214 @@ +Mon Apr 6 15:55:26 UTC 2020 - [email protected] - 4.4.5 + +- fix boo#1156309, CVE-2019-3698 : Symbolic Link (Symlink) following + vulnerability in the cronjob allows local attackers to cause cause + DoS or potentially escalate privileges by winning a race. +- enhance systemd service: check nagios config before reloading +- enable build for SLE11 by excluding some special macros and + directories via 'sles_version != 11' condition +- add nagios-archive.service and nagios-archive.timer as replacement + for the script in cron.weekly: no need for cron on systemd systems +- run set_permissions and verifyscript for /etc/cron.weekly on those + distributions that need it +- enhance rpmlint: ignore empty htpasswd file +- enable php apache module and not php5 on newer distributions +- try to harden the rcnagios script + +------------------------------------------------------------------- +Mon Feb 3 15:07:25 UTC 2020 - Dominique Leuenberger <[email protected]> + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut through the -mini flavors. + +------------------------------------------------------------------- +Fri Dec 20 12:51:27 UTC 2019 - Stefan Botter <[email protected]> + +- 4.4.5 +* Reverted changes related to #625 due to CPU load issues +* Partially reverted changes for #647 due to CPU load issues +* Fixed "Quick Search" so that leading/trailing whitespace doesn't affect output (#681) (Sebastian Wolf) +* Fixed build issues on non-RPM-based platforms (#617) (T.J. Yang) + +- 4.4.4 +* Fixed log rotation logic to not repeatedly schedule rotation on a DST change (#610, #626) (Jaroslav Jindrak & Sebastian Wolf) +* Fixed $SERVICEPROBLEMID$ to be reset after service recovery (#621) (Sebastian Wolf) +* Fixed defunct worker processes appearing after nagios was reloaded (#441, #620) (Sebastian Wolf) +* Fixed main nagios thread to release nagios.qh on a closed connection (#635) (Sebastian Wolf) +* Fixed semicolon escaping to remove prepended backslash (\) (#643) (Sebastian Wolf) +* Fixed 'Checks of this host have been disabled' message showing on passive-only hosts (#632) (Vojtěch Širůček & Sebastian Wolf) +* Fixed last_hard_state showing the current hard state when service status is brokered (#633) (Sebastian Wolf) +* Fixed long plugin output (>8KB) occasionally getting truncated (#625) (Sebastian Wolf) +* Fixed check scheduling for objects with large check_intervals and small timeperiods (#647) (Sebastian Wolf) +* Fixed SOFT recoveries sending when services had HARD recovery some time after host recovery (#651) (Sebastian Wolf) +* Fixed incorrect permissions on debugging builds of FreeBSD (#420) (Sebastian Wolf) +* Fixed NEB callback lists being partially orphaned when multiple modules subscribe to one callback (#590) (Sebastian Wolf) +* Fixed memory leaks in run_async_service_check(), run_async_host_check() when checks are brokered (#664) (Sebastian Wolf) +* Fixed potential XSS in main.php, map.php (#671, #672) (Jak Gibb) +* Removed NEB brokering for nagios daemonization, since daemonization occurs before NEB initialization (#591) (Sebastian Wolf) + +------------------------------------------------------------------- +Wed Nov 13 08:28:43 UTC 2019 - Ansgar Esztermann <[email protected]> + +- compile with -ffat-lto-objects to prevent build failure + +------------------------------------------------------------------- +Tue Aug 20 11:54:43 CEST 2019 - [email protected] + +- Add /etc/cron.weekly to filelist, as this is now part of cron, + which we don't want to require + +------------------------------------------------------------------- +Sat Apr 20 06:25:38 UTC 2019 - Stefan <[email protected]> + +- revert setting of sbindir back to nagios_cgidir + +------------------------------------------------------------------- +Sun Jan 20 08:48:24 UTC 2019 - [email protected] - 4.4.3 + +- update to 4.4.3 +* Fixed services sending recovery emails when they recover if host in + down state (#572) (Scott Wilkerson) +* Fixed a make error when building on the aarch64 architecture (#598) + (Gareth Randall) +* Fixed --with-cgibindir and --with-webdir to actually set values given + (#585) (lawsontyler) +* Fixed soft recovery states for services (#575) (Jake Omann) +* Fixed XSS vulnerability in Alert Summary report (CVE-2018-18245, boo#1119832) + (Jake Omann) +* Fixed services in soft states sometimes not switching into hard states + (#576) (Jake Omann) +* Fixed last_state_change to update when a state goes from soft -> hard + state (#592) (Jake Omann) +* Fixed Map link always being set to undefined host and don't show link + for Nagios Process root note (#539) (Jake Omann) +* Fixed notifications sending when services went into hard state on a + down or unreachable host (#584) (Jake Omann) +* Fixed log_host_retries not logging the host soft state checks (#599) + (Jake Omann) +* Fixed stalking_options N option to properly log only when a + notification is actually sent (#604) (Jake Omann) +* Fixed issue with service status totals being zero when + servicegroup=all on servicegroup status page (#579) (Jake Omann) +* Fixed escalation notifications logic and recovery notifications not + going out (#582) (Jake Omann) +* Fixed not finding child index causing duplicate hosts showing in the + Map (#471) (Jake Omann) +* Fixed Map configuration popup checkboxes not working and Root Node + not populating (#543) (Jake Omann) +* Fixed cleanup and deinit of neb modules on reload (#573) (Jake Omann) + +- rebase nagios-4.2.2-enable-ppc64le.patch (allow ppc64le builds in + contrib Makefile) to: + nagios-4.4.3-enable-ppc64le.patch + +------------------------------------------------------------------- +Mon Oct 15 08:38:12 UTC 2018 - [email protected] + +- install /var/spool/nagios setgid nagcmd so external applications + like the webinterface can issue commands to nagios (boo#1028975) + +------------------------------------------------------------------- +Mon Oct 15 07:55:03 UTC 2018 - [email protected] - 4.4.2 + +- update to 4.4.2 +* Fix comment data being duplicated after a `service nagios reload` + or similar (#549) (Bryan Heden) +* Fix check_interval and retry_interval not changing at the + appropriate times (#551) (Scott Wilkerson) +* Fixed passive checks sending recovery email when host was + previously UP (#552) (Scott Wilkerson) +* Fixed flapping comments duplication on nagios reload (#554) + (Christian Jung) +* Fix for CVE-2018-13441, CVE-2018-13458, CVE-2018-13457 null + pointer dereference (Trevor McDonald) (boo#1101293, boo#1101289, boo#1101290) +* Fixed syntax error in file: default-init.in (#558) (Christian Zettel) +* Reset current notification number and state flags when the host recovers, + reset all service variables when they recover fixes (#557) (Scott Wilkerson) +* Fixed wrong counting of service status totals when showing + servicegroup details (#548) (Christian Zettel, Bryan Heden) +* Fixed avail.cgi not printing CSV output when checkbox is checked + (for any type: host/service/hostgroup/servicegroup) (#570) (Bryan Heden) +* Fixed nagios not logging SOFT state changes after 1 (Scott Wilkerson) + +4.4.1 - 2018-06-25 +------------------ +* Revert some macro->kvvec changes causing problems when + `enable_environment_macros` was enabled (Bryan Heden) +* Adjust `process_macro_r` function logic so that it handles + macros properly (Bryan Heden) +* Fix spec file for systemd (Karsten Weiss, Fr3dY, Bryan Heden) +* Fix bug where `ssize_t` typedef to int on some systems (Bryan Heden) + +4.4.0 - 2018-06-19 +------------------ +ENHANCEMENTS +* new status for check dependencies (John Frickson) +* Allow more flexible requirements for comments (John Frickson) +* Add a `statusCRITICALACK` class for the status column (John Frickson) +* CSV output based on groups (all options) (John Frickson) +* New Macro(s) to generate URL for host / service object to be + used in notifications (John Frickson) +* New Macro(s) to determine if host/service notifications are + enabled (#419) (Bryan Heden) +* New Macro(s) for obtaining the host/service notification + periods (#350) (Bryan Heden) +* enable_page_tour interface option (Bryan Heden) +* Code cleanups in important sections (Workers, Handling Results) (Bryan Heden) +* Automatic mail program detection (with same /bin/mail failback) (Bryan Heden) +* Incorporated [autoconf-macros](https://github.com/NagiosEnterprises/autoconf-macros) + into Core (Bryan Heden) +* Lots of enhancements/additions to configure/make process. (Bryan Heden) + + Moved all files to startup/ + + Added upstart job +* Added system limit detection (RLIMIT_NPROC) to check for anticipated + fork() failures (#434) (Bryan Heden) +* Added stalking on notifications (`N` or `notifications` option when + specifying `stalking_options`) (#342) (Bryan Heden) +* Added automatic `systemctl daemon-reload` and `initctl reload-configuration` + where applicable on `make install-init` (Bryan Heden) +* Added case-insentive command submission. (#373) (Bryan Heden) +* Enabled `check_external_commands` by default (Bryan Heden) +FIXES +* Command line macro detection skips potential macros with no ending + dollar sign (Bryan Heden, Jake Omann) +* Fixed a lockup condition sometimes encountered on shutdown or restart (Aaron Beck) +* Fixed negative time offset calculations computing incorrectly sometimes (bbeutel) +* Fixed reloads causing defunct (zombie) processes (#441) (Bryan Heden) +* Fixed wait3(), wait4() implementations (replaced with waitpid()) (#326) (Bryan Heden) +* Fixed additive inheritance not testing for duplicates in + hosts/services/(+escalations) (#392) (Bryan Heden) +* Fixed very very (around 600k chars or greater) large plugin + output crashing Nagios (#432) (Bryan Heden) +* Fixed first_notification_delay not beeing calculated from + last_hard_state_change (#425) (Christian Zettel) +* Fixed duplicate downtime ID occuring from downtimes in retention + file (#506) (Franz [feisenko]) +* Fixed segfault when navbarsearch was used in status.cgi for something + other than a host (#489) (Bryan Heden) +* Fixed some miscellaneous ./configure issues on Solaris (Bryan Heden, Troy Lea) +* Fixed "Locate host on map" link (#496) (Troy Lea) +* Fixed service groups defined with unknown service members + (that aren't first in the list) not erroring out (#500) (Bryan Heden) +* Fixed tac.cgi to have consistent behavior with the other cgis (#481) + (Bryan Heden, Matt Capra) +* Fixed clear_host/service_flapping command logic to broker/notify + properly (#525) (Bryan Heden, Karsten Weiss) + +- removed upstreamed patches: ++++ 17 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/nagios/nagios.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.nagios.new.3248/nagios.changes Old: ---- nagios-4.2.2-enable-ppc64le.patch nagios-4.3.4-fix_memleak_4.3.3.diff nagios-4.3.4.tar.gz nagios-fix_spurious_dollar_signs_added_to_command_lines.patch New: ---- nagios-4.4.3-enable-ppc64le.patch nagios-4.4.5.tar.gz nagios-archive.service nagios-archive.timer ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nagios.spec ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.286034694 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.290034696 +0200 @@ -1,7 +1,7 @@ # # spec file for package nagios # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,10 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects + #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates @@ -28,12 +30,12 @@ %endif Name: nagios -Version: 4.3.4 +Version: 4.4.5 Release: 0 Summary: The Nagios Network Monitor License: GPL-2.0-or-later Group: System/Monitoring -Url: http://www.nagios.org/ +URL: http://www.nagios.org/ Source0: %{name}-%{version}.tar.gz Source1: rc%{name} Source2: %{name}-exec-start-pre @@ -47,9 +49,9 @@ Source11: %{name}-html-pages.tar.bz2 Source12: %{name}.service Source13: %{name}.tmpfiles +Source14: %{name}-archive.timer +Source15: %{name}-archive.service Source20: %{name}-rpmlintrc -# PATCH-FIX-UPSTREAM Fixes the output of spurious $ signs in commandoutput (deb#480001) -Patch2: nagios-fix_spurious_dollar_signs_added_to_command_lines.patch # PATCH-FIX-UPSTREAM unescape hex characters in CGI input - avoid addional '+' Patch3: nagios-fix_encoding_trends.cgi.patch # PATCH-FIX-UPSTREAM return 1 in int main() @@ -63,9 +65,7 @@ # PATCH-FIX-OPENSUSE use KOHANNA if available Patch17: nagios-4.1.0-add_KOHANNA.conf # PATCH-FIX-UPSTREAM allow ppc64le builds in contrib Makefile -Patch18: nagios-4.2.2-enable-ppc64le.patch -# PATCH-FIX-UPSTREAM fix memleak in macros.c introduced with 4.3.3 -Patch19: nagios-4.3.4-fix_memleak_4.3.3.diff +Patch18: nagios-4.4.3-enable-ppc64le.patch BuildRequires: doxygen # yes: we still build for SLE10 %if 0%{?suse_version} > 1020 @@ -86,9 +86,11 @@ BuildRequires: unzip BuildRequires: zlib-devel %if %{with systemd} -BuildRequires: systemd +BuildRequires: pkgconfig(systemd) Source100: nagios_systemd -%{?systemd_requires} +%{?systemd_ordering} +%else +Recommends: cron %endif Provides: monitoring_daemon BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -99,10 +101,10 @@ Requires(pre): %fillup_prereq %if 0%{?suse_version} < 01200 Requires(pre): %insserv_prereq +Requires: cron %endif -Requires(pre): pwdutils +Requires(pre): shadow Recommends: %{name}-www -Recommends: cron # this package contains shared tools with icinga Recommends: monitoring-tools Recommends: icinga-monitoring-tools @@ -110,6 +112,7 @@ %else Requires(pre): shadow-utils %endif +Requires(pre): permissions Requires(pre): sed Requires: mailx %define nslockfile_dir /var/run/%{name} @@ -148,7 +151,7 @@ Requires(pre): sed %if 0%{?suse_version} Requires(pre): apache2 -Requires(pre): pwdutils +Requires(pre): shadow %else Requires(pre): httpd Requires(pre): shadow-utils @@ -230,7 +233,6 @@ %prep %setup -q -%patch2 -p1 %patch3 -p1 %patch4 -p1 %patch11 -p1 @@ -238,10 +240,9 @@ %patch16 -p1 %patch17 -p1 %patch18 -p1 -%patch19 -p1 find -name ".gitignore" | xargs rm # fixing permissions the dirty way.... -chmod 644 Changelog LEGAL LICENSE README sample-config/README sample-config/template-object/README +chmod 644 Changelog LEGAL LICENSE README.md sample-config/README sample-config/template-object/README # README.SuSE file sed -e 's@DATADIR@%{_datadir}/%{name}@g' -e 's@SYSCONFDIR@%{nagios_sysconfdir}@g' %{SOURCE10} > README.SUSE # we do not use /usr/local ... @@ -269,6 +270,7 @@ --sysconfdir=%{nagios_sysconfdir} \ --with-init-dir=%{_sysconfdir}/init.d \ --localstatedir=%{nagios_localstatedir} \ + --with-cgibindir=%{nagios_cgidir} \ --with-cgiurl=/%{name}/cgi-bin \ --with-htmurl=/%{name} \ --with-httpd-conf=%{apache2_sysconfdir} \ @@ -357,7 +359,16 @@ # sysconfig script install -D -m 0644 %{SOURCE3} %{buildroot}%{_fillupdir}/sysconfig.%{name} # install cronjob (gzip' the logfiles) -install -D -m 0755 %{SOURCE4} %{buildroot}%{_sysconfdir}/cron.weekly/%{name} +%if %{with systemd} +sed -e 's|__NAGIOS_USER__|%{nagios_user}|g' \ + -e 's|__NAGIOS_GROUP__|%{nagios_group}|g' %{SOURCE4} > %{buildroot}%{_sbindir}/nagios-archive +install -Dm0644 %{SOURCE14} %{buildroot}/%{_unitdir}/nagios-archive.timer +install -Dm0644 %{SOURCE15} %{buildroot}/%{_unitdir}/nagios-archive.service +%else +mkdir %{buildroot}%{_sysconfdir}/cron.weekly +sed -e 's|__NAGIOS_USER__|%{nagios_user}|g' \ + -e 's|__NAGIOS_GROUP__|%{nagios_group}|g' %{SOURCE4} > %{buildroot}%{_sysconfdir}/cron.weekly/%{name} +%endif # install empty htpasswd file (boo#961115) touch %{buildroot}%{_sysconfdir}/%{name}/htpasswd.users # important ghost files @@ -412,7 +423,7 @@ fi fi %if %{with systemd} -%service_add_pre %{name}.service +%service_add_pre %{name}.service %{name}-archive.service %{name}-archive.timer %endif %post @@ -434,28 +445,40 @@ fi fi %if %{with systemd} -%service_add_post %{name}.service +%service_add_post %{name}.service %{name}-archive.service %{name}-archive.timer systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf %fillup_only %else %{fillup_and_insserv %{name}} +%if 0%{?sles_version} != 11 +%set_permissions /etc/cron.weekly/ +%endif +%endif +%if 0%{?sles_version} != 11 +%set_permissions /var/spool/nagios/ %endif %preun %if %{with systemd} -%service_del_preun %{name}.service +%service_del_preun %{name}.service %{name}-archive.service %{name}-archive.timer %else %stop_on_removal %{name} %endif %postun %if %{with systemd} -%service_del_postun %{name}.service +%service_del_postun %{name}.service %{name}-archive.service %{name}-archive.timer %else %restart_on_update %{name} %{insserv_cleanup} %endif +%verifyscript +%if ! %{with systemd} +%verify_permissions -e /etc/cron.weekly/ +%endif +%verify_permissions -e /var/spool/nagios/ + %post www wwwusr=%{nagios_command_user} if [ -f etc/apache2/uid.conf ]; then @@ -482,14 +505,18 @@ %{_sbindir}/a2enmod auth_basic >/dev/null %{_sbindir}/a2enmod authz_user >/dev/null %{_sbindir}/a2enmod version >/dev/null - # enable php5 in apache config - %{_sbindir}/a2enmod php5 + # enable php in apache config + %if 0%{?sle_version} == 120000 + %{_sbindir}/a2enmod php5 >/dev/null || : + %else + %{_sbindir}/a2enmod php >/dev/null || : + %endif fi -%if %{with systemd} -%{_bindir}/systemctl try-restart apache2 -%else -%restart_on_update apache2 -%endif + %if %{with systemd} + %{_bindir}/systemctl try-restart apache2 + %else + %restart_on_update apache2 + %endif fi %post www-dch @@ -520,7 +547,7 @@ %files %defattr(0644,root,root,0755) -%doc Changelog LEGAL LICENSE README README.SUSE UPGRADING THANKS sample-config/ +%doc Changelog LEGAL LICENSE README.md README.SUSE UPGRADING THANKS sample-config/ %dir %{nagios_libdir} %dir %{nagios_plugindir} %exclude %{nagios_cgidir}/* @@ -533,19 +560,25 @@ %attr(0755,root,root) %{nagios_libdir}/%{name}-exec-start-pre %{_unitdir}/%{name}.service %{_prefix}/lib/tmpfiles.d/%{name}.conf +%attr(0755,root,root) %{_sbindir}/nagios-archive +%{_unitdir}/nagios-archive.timer +%{_unitdir}/nagios-archive.service %else %attr(0755,root,root) %{_sysconfdir}/init.d/%{name} %ghost %dir %{nslockfile_dir} %attr(0644,%{nagios_user},%{nagios_group}) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) %{nslockfile} +%if 0%{?sles_version} != 11 +%dir %{_sysconfdir}/cron.weekly %endif %attr(0755,root,root) %{_sysconfdir}/cron.weekly/* +%endif %config(noreplace) %{nagios_sysconfdir}/*.cfg %config(noreplace) %{nagios_sysconfdir}/objects/*.cfg %ghost %config(missingok,noreplace) %{nagios_logdir}/config.err # directories with special handling: %attr(0755,root,%{nagios_command_group}) %dir %{nagios_sysconfdir} %attr(0755,root,%{nagios_command_group}) %dir %{nagios_sysconfdir}/objects -%attr(0775,%{nagios_user},%{nagios_command_group}) %dir %{nagios_spooldir} +%attr(2775,%{nagios_user},%{nagios_command_group}) %dir %{nagios_spooldir} %attr(0775,%{nagios_user},%{nagios_command_group}) %dir %{nagios_localstatedir} %attr(0755,%{nagios_user},%{nagios_group}) %dir %{nagios_logdir} %attr(0755,%{nagios_user},%{nagios_group}) %dir %{nagios_logdir}/archives ++++++ nagios-4.0.6-remove-date-time.patch ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.314034714 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.318034718 +0200 @@ -1,7 +1,7 @@ -Index: nagios-4.3.1/cgi/archivejson.c +Index: nagios-4.4.2/cgi/archivejson.c =================================================================== ---- nagios-4.3.1.orig/cgi/archivejson.c -+++ nagios-4.3.1/cgi/archivejson.c +--- nagios-4.4.2.orig/cgi/archivejson.c ++++ nagios-4.4.2/cgi/archivejson.c @@ -761,7 +761,7 @@ int main(void) { json_result(query_time, THISCGI, svm_get_string_from_value(cgi_data.query, valid_queries), @@ -11,10 +11,10 @@ RESULT_SUCCESS, "")); json_object_append_object(json_root, "data", json_help(archive_json_help)); -Index: nagios-4.3.1/cgi/objectjson.c +Index: nagios-4.4.2/cgi/objectjson.c =================================================================== ---- nagios-4.3.1.orig/cgi/objectjson.c -+++ nagios-4.3.1/cgi/objectjson.c +--- nagios-4.4.2.orig/cgi/objectjson.c ++++ nagios-4.4.2/cgi/objectjson.c @@ -1130,7 +1130,7 @@ int main(void) { json_result(query_time, THISCGI, svm_get_string_from_value(cgi_data.query, valid_queries), @@ -24,10 +24,10 @@ RESULT_SUCCESS, "")); json_object_append_object(json_root, "data", json_help(object_json_help)); break; -Index: nagios-4.3.1/cgi/statusjson.c +Index: nagios-4.4.2/cgi/statusjson.c =================================================================== ---- nagios-4.3.1.orig/cgi/statusjson.c -+++ nagios-4.3.1/cgi/statusjson.c +--- nagios-4.4.2.orig/cgi/statusjson.c ++++ nagios-4.4.2/cgi/statusjson.c @@ -1135,7 +1135,7 @@ int main(void) { json_result(query_time, THISCGI, svm_get_string_from_value(cgi_data.query, valid_queries), ++++++ nagios-4.1.0-add_KOHANNA.conf ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.326034723 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.330034727 +0200 @@ -1,7 +1,7 @@ -Index: nagios-4.3.1/sample-config/httpd.conf.in +Index: nagios-4.4.2/sample-config/httpd.conf.in =================================================================== ---- nagios-4.3.1.orig/sample-config/httpd.conf.in -+++ nagios-4.3.1/sample-config/httpd.conf.in +--- nagios-4.4.2.orig/sample-config/httpd.conf.in ++++ nagios-4.4.2/sample-config/httpd.conf.in @@ -65,4 +65,7 @@ Alias @htmurl@ "@datadir@" AuthUserFile @sysconfdir@/htpasswd.users Require valid-user ++++++ nagios-4.2.2-enable-ppc64le.patch -> nagios-4.4.3-enable-ppc64le.patch ++++++ --- /work/SRC/openSUSE:Leap:15.2/nagios/nagios-4.2.2-enable-ppc64le.patch 2020-01-15 15:31:57.446798328 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.nagios.new.3248/nagios-4.4.3-enable-ppc64le.patch 2020-04-12 15:38:51.874033625 +0200 @@ -1,13 +1,11 @@ -Index: nagios-4.3.1/contrib/Makefile.in -=================================================================== ---- nagios-4.3.1.orig/contrib/Makefile.in -+++ nagios-4.3.1/contrib/Makefile.in -@@ -95,7 +95,7 @@ else - ifeq ($(ARCH),i686) - RPM_ARCH := i386 - else +--- nagios-4.4.3/contrib/Makefile.in.orig 2019-01-20 10:19:00.388448528 +0100 ++++ nagios-4.4.3/contrib/Makefile.in 2019-01-20 10:19:53.952570327 +0100 +@@ -98,7 +98,7 @@ + ifeq ($(ARCH),aarch64) + RPM_ARCH := aarch64 + else -$(error Unknown arch "$(ARCH)".) +RPM_ARCH := $(ARCH) + endif endif endif - ++++++ nagios-4.3.4.tar.gz -> nagios-4.4.5.tar.gz ++++++ /work/SRC/openSUSE:Leap:15.2/nagios/nagios-4.3.4.tar.gz /work/SRC/openSUSE:Leap:15.2/.nagios.new.3248/nagios-4.4.5.tar.gz differ: char 5, line 1 ++++++ nagios-archive.service ++++++ [Unit] Description=Auto-Archiving of Nagios Logfiles [Service] Type=oneshot ExecStart=/bin/bash -ce "/usr/sbin/nagios-archive" ++++++ nagios-archive.timer ++++++ [Unit] Description=Auto-Archiving of Nagios Logfiles [Timer] OnCalendar=Sat *-*-* 03:00:00 AccuracySec=12h Persistent=true [Install] WantedBy=timers.target ++++++ nagios-disable_phone_home.patch ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.410034788 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.414034790 +0200 @@ -1,8 +1,8 @@ -Index: nagios-4.3.1/base/utils.c +Index: nagios-4.4.2/base/utils.c =================================================================== ---- nagios-4.3.1.orig/base/utils.c -+++ nagios-4.3.1/base/utils.c -@@ -3156,122 +3156,6 @@ int check_for_nagios_updates(int force, +--- nagios-4.4.2.orig/base/utils.c ++++ nagios-4.4.2/base/utils.c +@@ -3297,122 +3297,6 @@ int check_for_nagios_updates(int force, /* checks for updates at api.nagios.org */ int query_update_api(void) { ++++++ nagios-exec-start-pre ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.422034797 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.422034797 +0200 @@ -32,18 +32,18 @@ temp_path="$(get_var temp_path)" # use default values if above check doesn't work -: ${check_result_path:-/var/spool/nagios} -: ${command_file:-/var/spool/nagios/nagios.cmd} -: ${lock_file:-/var/run/nagios/nagios.pid} -: ${log_file:-/var/log/nagios/nagios.log} -: ${nagios_user:-nagios} -: ${nagios_group:-nagios} -: ${nagios_cmdgrp:-nagcmd} -: ${resource_file:-/etc/nagios/resource.cfg} -: ${state_retention_file:-/var/log/nagios/retention.dat} -: ${status_file:-/var/log/nagios/status.dat} -: ${temp_file:-/var/log/nagios/nagios.tmp} -: ${temp_path:-/var/run/nagios/tmp} +: ${check_result_path:=/var/spool/nagios} +: ${command_file:=/var/spool/nagios/nagios.cmd} +: ${lock_file:=/var/run/nagios/nagios.pid} +: ${log_file:=/var/log/nagios/nagios.log} +: ${nagios_user:=nagios} +: ${nagios_group:=nagios} +: ${nagios_cmdgrp:=nagcmd} +: ${resource_file:=/etc/nagios/resource.cfg} +: ${state_retention_file:=/var/log/nagios/retention.dat} +: ${status_file:=/var/log/nagios/status.dat} +: ${temp_file:=/var/log/nagios/nagios.tmp} +: ${temp_path:=/var/run/nagios/tmp} # remove some perhaps left over files for file in "$command_file" "$lock_file" "$status_file" "$temp_file"; do ++++++ nagios-fix_encoding_trends.cgi.patch ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.434034806 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.434034806 +0200 @@ -2,11 +2,11 @@ cgi/getcgi.c | 3 +++ 1 file changed, 3 insertions(+) -Index: nagios-4.3.1/cgi/getcgi.c +Index: nagios-4.4.2/cgi/getcgi.c =================================================================== ---- nagios-4.3.1.orig/cgi/getcgi.c -+++ nagios-4.3.1/cgi/getcgi.c -@@ -95,6 +95,9 @@ void unescape_cgi_input(char *input) { +--- nagios-4.4.2.orig/cgi/getcgi.c ++++ nagios-4.4.2/cgi/getcgi.c +@@ -93,6 +93,9 @@ void unescape_cgi_input(char *input) { break; else if(input[x] == '%') { input[y] = hex_to_char(&input[x + 1]); ++++++ nagios-output-length.patch ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.446034815 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.446034815 +0200 @@ -1,8 +1,8 @@ -Index: nagios-4.3.1/cgi/extinfo.c +Index: nagios-4.4.2/cgi/extinfo.c =================================================================== ---- nagios-4.3.1.orig/cgi/extinfo.c -+++ nagios-4.3.1/cgi/extinfo.c -@@ -57,7 +57,7 @@ extern hoststatus *hoststatus_list; +--- nagios-4.4.2.orig/cgi/extinfo.c ++++ nagios-4.4.2/cgi/extinfo.c +@@ -58,7 +58,7 @@ extern hoststatus *hoststatus_list; extern servicestatus *servicestatus_list; @@ -11,11 +11,11 @@ #define HEALTH_WARNING_PERCENTAGE 85 #define HEALTH_CRITICAL_PERCENTAGE 75 -Index: nagios-4.3.1/cgi/status.c +Index: nagios-4.4.2/cgi/status.c =================================================================== ---- nagios-4.3.1.orig/cgi/status.c -+++ nagios-4.3.1/cgi/status.c -@@ -64,7 +64,7 @@ extern servicestatus *servicestatus_list +--- nagios-4.4.2.orig/cgi/status.c ++++ nagios-4.4.2/cgi/status.c +@@ -65,7 +65,7 @@ extern servicestatus *servicestatus_list static nagios_macros *mac; @@ -24,11 +24,11 @@ #define DISPLAY_HOSTS 0 #define DISPLAY_HOSTGROUPS 1 -Index: nagios-4.3.1/include/common.h +Index: nagios-4.4.2/include/common.h =================================================================== ---- nagios-4.3.1.orig/include/common.h -+++ nagios-4.3.1/include/common.h -@@ -507,7 +507,7 @@ extern const char *cmd_error_strerror(in +--- nagios-4.4.2.orig/include/common.h ++++ nagios-4.4.2/include/common.h +@@ -508,7 +508,7 @@ extern const char *cmd_error_strerror(in #define MAX_FILENAME_LENGTH 256 /* max length of path/filename that Nagios will process */ #define MAX_INPUT_BUFFER 1024 /* size in bytes of max. input buffer (for reading files, misc stuff) */ #define MAX_COMMAND_BUFFER 8192 /* max length of raw or processed command line */ @@ -37,11 +37,11 @@ #define MAX_DATETIME_LENGTH 48 -Index: nagios-4.3.1/include/nagios.h +Index: nagios-4.4.2/include/nagios.h =================================================================== ---- nagios-4.3.1.orig/include/nagios.h -+++ nagios-4.3.1/include/nagios.h -@@ -270,7 +270,7 @@ extern struct load_control loadctl; +--- nagios-4.4.2.orig/include/nagios.h ++++ nagios-4.4.2/include/nagios.h +@@ -277,7 +277,7 @@ extern struct load_control loadctl; of MAX_EXTERNAL_COMMAND_LENGTH in common.h to allow for passive checks results received through the external command file. EG 10/19/07 */ ++++++ nagios-random_data.patch ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.458034824 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.458034824 +0200 @@ -1,8 +1,8 @@ -Index: nagios-4.3.1/worker/ping/worker-ping.c +Index: nagios-4.4.2/worker/ping/worker-ping.c =================================================================== ---- nagios-4.3.1.orig/worker/ping/worker-ping.c -+++ nagios-4.3.1/worker/ping/worker-ping.c -@@ -84,6 +84,7 @@ main( int argc, char **argv, char **env) +--- nagios-4.4.2.orig/worker/ping/worker-ping.c ++++ nagios-4.4.2/worker/ping/worker-ping.c +@@ -84,6 +84,7 @@ int main( int argc, char **argv, char ** if( worker( worker_socket)) { exit( 1); } ++++++ nagios-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.482034842 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.486034845 +0200 @@ -17,3 +17,5 @@ addFilter("tmpfile-not-in-filelist.*/var/run/nagios"); # not using the macro should not be a problem if we call the service directly: addFilter("postin-without-tmpfile-creation.*/usr/lib/tmpfiles.d/nagios.conf"); +# see boo#961115 - CVE-2016-0726 +addFilter("zero-length.*/etc/nagios/htpasswd.users"); ++++++ nagios.service ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.514034866 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.514034866 +0200 @@ -7,6 +7,7 @@ ExecStartPre=/usr/lib/nagios/nagios-exec-start-pre ExecStartPre=/usr/sbin/nagios -v /etc/nagios/nagios.cfg ExecStart=/usr/sbin/nagios /etc/nagios/nagios.cfg +ExecReload=/usr/sbin/nagios -v /etc/nagios/nagios.cfg ExecReload=/bin/kill -HUP $MAINPID [Install] ++++++ nagios_systemd ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.550034893 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.550034893 +0200 @@ -16,6 +16,8 @@ # Read config and log errors in logfile config_check () { + test -f $NAGIOS_CFG_ERR_LOG && rm $NAGIOS_CFG_ERR_LOG + touch $NAGIOS_CFG_ERR_LOG || exit 1 case "$1" in verbose) $NAGIOS_BIN -v "$NAGIOS_CFG" >"$NAGIOS_CFG_ERR_LOG" 2>&1 ++++++ suse.de-nagios ++++++ --- /var/tmp/diff_new_pack.feTZnQ/_old 2020-04-12 15:38:53.582034918 +0200 +++ /var/tmp/diff_new_pack.feTZnQ/_new 2020-04-12 15:38:53.582034918 +0200 @@ -1,19 +1,35 @@ -#!/usr/bin/env bash +#!/bin/bash # # Compress old nagios logfiles in /var/log/nagios/archives/ # once a week, if sysconfig variable is set to true # -if [[ -r /etc/sysconfig/nagios ]]; then -. /etc/sysconfig/nagios +CFG='/etc/nagios/nagios.cfg' +SYSCFG='/etc/sysconfig/nagios' + +if [[ -r $SYSCFG ]]; then +. $SYSCFG else - echo "/etc/sysconfig/nagios not found or not readable." >&2 + echo "$SYSCFG not found or not readable." >&2 exit 1 fi +if [[ -r $CFG ]]; then + NAGIOS_USER=$( grep ^nagios_user $CFG | tail -n 1 | sed 's@.*=@@' | tr -d '[:cntrl:]') + NAGIOS_GROUP=$(grep ^nagios_group $CFG | tail -n 1 | sed 's@.*=@@' | tr -d '[:cntrl:]') +fi + +if [ -z "$NAGIOS_USER" ]; then + NAGIOS_USER='__NAGIOS_USER__' +fi +if [ -z "$NAGIOS_GROUP" ]; then + NAGIOS_GROUP='__NAGIOS_GROUP__' +fi + if [[ $NAGIOS_COMPRESS_LOGFILES = "true" ]]; then for f in /var/log/nagios/archives/*.log ; do if [[ -r $f ]] ; then - /usr/bin/bzip2 "$f" + setpriv --init-groups --ruid $NAGIOS_USER --rgid $NAGIOS_GROUP \ + --inh-caps -all --reset-env /usr/bin/bzip2 "$f" fi done fi
