Up to [cvs.NetBSD.org] / pkgsrc / net / nagios-nrpe
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
nagios-nrpe: update to 4.1.0 4.1.0 - 2022-06-?? ------------------ **ENHANCEMENTS** - Add support for OpenSSL 3 (and EL9/Debian 11/Ubuntu 22) - Allow tcpd/libwrap to be excluded from build when present on the system - Allow loading of full certificate chains - Change -u (connection issues return UNKNOWN) to include all SSL-layer failures. - Disable renegotiation and enforce server cipher order when using SSL - Verify that private keys match certificates when using SSL **FIXES** - Fixed incorrect default for nasty_metachars in nrpe.cfg - Fixed incorrect help text for --use-adh - Fixed potential out-of-bound read when used with IPv6 [4.0.3] - 2020-04-28 ---------------------------------------------------------------------------- **FIXES** - Fixed nasty_metachars not being read from config file (Sebastian Wolf) [4.0.2] - 2020-03-11 ---------------------------------------------------------------------------- **FIXES** - Fixed buffer length calculations/writing past memory boundaries on some systems (Andreas Baumann, hariwe, Sebastian Wolf) - Fixed use of uninitialized variable when validating requests (hariwe, Sebastian Wolf) [4.0.1] - 2020-01-22 ---------------------------------------------------------------------------- **FIXES** * Fixed syslog flooding with CRC-checking errors when both plugin and agent were updated to version 4 (Sebastian Wolf) [4.0.0] - 2019-01-13 ---------------------------------------------------------------------------- Note: This update includes security fixes which affect both the check_nrpe plugin and the NRPE daemon. The latest version of NRPE is still able to interoperate with previous versions, but for best results, both programs should be updated. **ENHANCEMENTS** * Added TLSv1.3 and TLSv1.3+ support for systems that have it (Nigel Yong, Rahul Golam) * Added IPv6 ip address to list of default allow_from hosts (Troy Lea) * Added -D option to disable logging to syslog (Tom Griep, Sebastian Wolf) * Added -3 option to force check_nrpe to use NRPE v3 packets * OpenRC: provide a default path for nrpe.cfg (Michael Orlitzky) * OpenRC: Use RC_SVCNAME over a hard-coded PID file (j-licht) **FIXES** * Checks for '!' now only occur inside the command buffer (Joni Eskelinen) * NRPE daemon is more resilient to DOS attacks (Leonid Vasiliev) * allowed_hosts will no longer test getaddrinfo records against the wrong protocol (dombenson) * nasty_metachars will now handle C escape sequences properly when specified in the config file (Sebastian Wolf) * Calculated packet sizes now struct padding/alignment when sending and receiving messages (Sebastian Wolf) * Buffer sizes are now checked before use in packet size calculation (Sebastian Wolf) * When using `include_dir`, individual files' errors do not prevent the remaining files from being read (Sebastian Wolf) [3.2.1] - 2017-08-31 ---------------------------------------------------------------------------- **FIXES** * Change seteuid error messages to warning/debug (Bryan Heden) * Fix segfault when no nrpe_user is specified (Stephen Smoogen, Bryan Heden) * Added additional strings to error messages to remove duplicates (Bryan Heden) * Fix nrpe.spec for rpmbuild (Bryan Heden) * Fix error for drop_privileges when using inetd (xalasys-luc, Bryan Heden)
net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch
net: Remove SHA1 hashes for distfiles
Update nagios-nrpe to 3.2.0. From Alberto Mijares in PR pkg/52028. [3.2.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.2.0) - 2017-06-26 --------------------------------------------------------------------------------------- **ENHANCEMENTS** * Added max_commands definition to nrpe.cfg to rate limit simultaneous fork()ed children (Bryan Heden) * Added -E, --stderr-to-stdout options for check_nrpe to redirect output (Bryan Heden) * Added support for Gentoo init (Troy Lea @box293) * Cleaned up code a bit, updated readmes and comments across the board (Bryan Heden) * Added -V, --version to nrpe and fixed the output (Bryan Heden) * Added different SSL error messages to be able to pinpoint where some SSL errors occured (Bryan Heden) * Updated logic in al parse_allowed_hosts (Bryan Heden) * Added builtin OpenSSL Engine support where available (Bryan Heden + @skrueger8) * Clean up compilation warnings (Bryan Heden) * Added more commented commands in nrpe.cfg (Bryan Heden) **FIXES** * Undefined check returns UNKNOWN (Bryan Heden) * Fix incompatibility with OpenSSL 1.1.0 via SECLEVEL distinction (Bryan Heden) * Fix ipv4 error in logfile even if address is ipv6 (Bryan Heden) * Fix improper valid/invalid certificate warnings (Bryan Heden) [3.1.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.1.1) - 2017-05-24 --------------------------------------------------------------------------------------- **FIXES** * The '--log-file=' or '-g' option is missing from the help (John Frickson) * check_nrpe = segfault when specifying a config file (John Frickson) * Alternate log file not being used soon enough (John Frickson) * Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson) * Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson) * Can't build on Debian Stretch, openssl 1.1.0c (John Frickson) * Fix build failure with -Werror=format-security (Bas Couwenberg) * Fixed a typo in `nrpe.spec.in` (John Frickson) * More detailed error logging for SSL (John Frickson) * Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson) [3.1.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.1.0) - 2017-04-17 --------------------------------------------------------------------------------------- **ENHANCEMENTS** * Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson) * While processing 'include_dir' statement, sort the files (Philippe Kueck / John Frickson) * nrpe can now write to a log file using 'log_file=' in nrpe.cfg (John Frickson) * check_nrpe can now write to a log file using '--log-file=' or '-g' options (John Frickson) **FIXES** * Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach) * Fix help output for ssl option (configure) (Ruben Kerkhof) * Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe) * Changed the 'check_load' command in nrpe.cfg.in (minusdavid) * Cleanup of config.h.in suggested by Ruben Kerkhof * Minor change to logging in check_nrpe (John Frickson) * Solaris 11 detection is broken in configure (John Frickson) * Removed function `b64_decode` which wasn't being used (John Frickson) * check_nrpe ignores -a option when -f option is specified (John Frickson) * Added missing LICENSE file (John Frickson) * Off-by-one BO in my_system() (John Frickson) * Got rid of some compiler warnings (Stefan Krüger / John Frickson) * Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg) * nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson) * "Remote %s accepted a Version %s Packet", please add to debug (John Frickson) * nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson) * Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev) * Changed release date to ISO format (yyyy-mm-dd) (John Frickson) * Fix systemd unit description (Bas Couwenberg) * Add reload command to systemd service file (Bas Couwenberg) * fix file not found error when updating version (Sven Nierlein) * Spelling fixes (Josh Soref) * Return UNKNOWN when check_nrpe cannot communicate with nrpe and -u set (John Frickson) * xinetd.d parameter causes many messages in log file (John Frickson) * Fixes for openssl 1.1.x (Stephen Smoogen / John Frickson) * PATH and other environment variables not set with numeric nrpe_user (John Frickson) * rpmbuild -ta nrpe-3.0.1.tar.gz failed File not found: /etc/init.d/nrpe (bvandi / John Frickson) [3.0.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.0.1) - 2016-09-08 --------------------------------------------------------------------------------------- **FIXES** * _set_rc: command not found reported by init script (John Frickson) * Version string contains name (John Frickson) * Changes to get 'rpmbuild' to work - nrpe.spec file outdated (John Frickson) * typo in startup/default-xinetd.in (Philippe Kueck) * debug output missing command name (Philippe Kueck) * /usr/lib/tmpfiles.d/ndo2db.conf should have 'd' type, not 'D' (John Frickson) * Fixes in parse_allowed_hosts() and called functions (Jobst Schmalenbach / John Frickson) * nrpe.cfg: 'debug' statement needs to be first in file (Jobst Schmalenbach / John Frickson) [3.0.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-3.0.0) - 2016-08-01 --------------------------------------------------------------------------------------- **SECURITY** * Fix for CVE-2014-2913 * Added function to clean the environment before forking. (John Frickson) **ENHANCEMENTS** * Added support for optional config file to check_nrpe. With the new SSL parameters, the line was getting long. The config file is specified with --config-file=<path> or -f <path> parameters. The config file must look like command line options, but the options can be on separate lines. It MUST NOT include --config-file (-f), --command (-c) or --args (-a). If any options are in both the config file and on the command line, the command line options are used. * make can now add users and groups using "make install-groups-users" (John Frickson) * Added "nrpe-uninstall" script to the same directory nrpe get installed to (John Frickson) * Updated code so configure && make will work on AIX, HP-UX, Solaris, OS X. There should be no errors or warnings. Let me know if any errors or warning appear (John Frickson) * Added command-line option to prevent forking, since some of the init replacements (such as systemd, etc.) don't want daemons to fork (John Frickson) * Added autoconf macros and additional files to better support multi-platform config and compile. The default will still set up to install to /usr/local/nagios but I added a new configure option: '--enable-install-method=<method>'. If <method> is 'opt', everything will install to '/opt/nagios'. If <method> is 'os', installation will be to O/S- and distribution-specific locations, such as /usr/sbin, /usr/lib/nagios, /etc/nagios, and so on. * Added additional init and inetd config files to support more systems, including SuSE, Debian, Slackware, Gentoo, *BSD, AIX, HP-UX, Solaris, OS X. * Added listen_queue_size as configuration option (Vadim Antipov, Kaspersky Lab) * Reworked SSL/TLS. See the README.SSL.md file for full info. (John Frickson) * Added support for version 3 variable sized packets up to 64KB. nrpe will accept either version from check_nrpe. check_nrpe will try to send a version 3 packet first, and fall back to version 2. check_nrpe can be forced to only send version 2 packets if the switch `-2` is used. (John Frickson) * Added extended timeout syntax in the -t <secs>:<status> format. (ABrist) **FIXES** * Fixed configure to check more places for SSL headers/libs. (John Frickson) * Added ifdefs for complete_SSL_shutdown to compile without SSL. (Matthew L. Daniel) * Renamed configure.in to configure.ac and added check for sigaction (John Frickson) * Replaced all instances of signal() with sigaction() + blocking (John Frickson) * check_nrpe does not parse passed arguments correctly (John Frickson) * NRPE should not start if cannot write pid file (John Frickson) * Fixed out-of-bounds error (return code 255) for some failures (John Frickson) * Connection Timeout and Connection Refused messages need a new line (Andrew Widdersheim) * allowed_hosts doesn't work, if one of the hostnames can't be resolved by dns (John Frickson) * allowed_hosts doesn't work with a hostname resolving to an IPv6 address (John Frickson) * Return UNKNOWN when issues occur (Andrew Widdersheim) * NRPE returns OK if check can't be executed (Andrew Widdersheim) * nrpe 2.15 [regression in Added SRC support on AIX - 2.14] (frphoebus) * compile nrpe - Solaris 9 doesn't have isblank() (lilo, John Frickson) * sample configuration for check_load has crazy sample load avg (ernestoongaro) 2.15 - 09/06/2013 ----------------- * Now compiles on HP-UX (Grant Byers) * Added support for IPv6 (Leo Baltus, Eric Stanley) 2.14 - 12/21/2012 ----------------- * Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley) * Patched to shutdown SSL connection completely (Jari Takkala) * Added SRC support on AIX (Thierry Bertaud) * Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley) * Updated logging to support compiling on AIX (Eric Stanley)
Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Update to 2.15. 2.15 - 09/06/2013 ----------------- - Now compiles on HP-UX (Grant Byers) - Added support for IPv6 (Leo Baltus, Eric Stanley) 2.14 - 12/21/2012 ----------------- - Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley) - Patched to shutdown SSL connection completely (Jari Takkala) - Added SRC support on AIX (Thierry Bertaud) - Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley) - Updated logging to support compiling on AIX (Eric Stanley) 2.13 - 11/11/2011 ----------------- - Applied Kaspersky Labs supplied patch for extending allowed_hosts (Konstantin Malov) - Fixed bug in allowed_hosts parsing (Eric Stanley) - Updated to support compiling on Solaris 10 (thanks to Kevin Pendleton)
disable LOG_AUTHPRIV and LOG_FTP syslog facilities if it does not exist. rest part of PR#43921.
Update nagios-nrpe to version 2.12. Changes: Changes in 2.12: * Fix for unterminated multiline plugin (garbage) output. Changes in 2.11: * Added lib64 library paths to configure script for 64-bit systems. * Added --with-ssl-lib configure script option. * Added --with-log-facility option to control syslog logging. Changes in 2.10: * Moved PDF docs to docs/ subdirectory, added OpenOffice source document. * A critical result is now returned for child processed that die due to a signal. Changes in 2.9: * Fixed bug with --with-nrpe-group configure script option. * Fixed bug with check_disk thresholds in sample config file. * Added NRPE_PROGRAMVERSION and NRPE_MULTILINESUPPORT environment variables for scripts that need to detect NRPE version and capabilities. * Added asprintf() support for systems that are missing it. Changes in 2.8.1: * Fixed configure script error with user-specified NRPE group. Changes in 2.8: * Added support for multiline plugin output (limited to 1KB at the moment). * Changes to sample config files. * Added ';' as an additional prohibited metachar for command arguments. * Updated documentation and added easier installation commands. Changes in 2.7.1: * Changed C++ style comment to C style to fix compilation errors on AIX. Changes in 2.7: * Patches for detection SSL header and library locations. * NRPE daemon will now partially ignore non-fatal configuration file errors and attempt to startup. Changes in 2.6: * Added -u option to check_nrpe to return UNKNOWN states on socket timeouts. * Added connection_timeout variable to NRPE daemon to catch dead client connections. * Added graceful timeout to check_nrpe to ensure connection to NRPE daemon is properly closed.
Update nagios-nrpe package to 2.5.2. ************** NRPE Changelog ************** 2.5.2 - 06/30/2006 ------------------ - Fixed incorrect service name in sample xinetd config file - Added note on how to restart inetd for OpenBSD users (Robert Peaslee) - Fix for nonblocking accept()s on systems that define EAGAIN differently than EWOULDBLOCK (Gerhard Lausser) - Fix to (re)allow week random seed (Gerhard Lausser)
Fix errno usage.
initial import of nagios-nrpe-2.5.1 into pkgsrc. This Nagios addon is designed to provide a way for executing plugins on a remote host. The check_nrpe plugin runs on the Nagios host and is used to send plugin execution requests to the nrpe agent on the remote host. The nrpe agent will then run an appropriate plugins on the remote host and return the plugin output and return code to the check_nrpe plugin on the Nagios host.
Initial revision