monitoring-plugins-cyconet/debian/patches/dsa/security_updates_critical

--- a/dsa/checks/dsa-check-packages
+++ b/dsa/checks/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
 	chomp(@lines);
 
 	my $pkgname = undef;
+        my $candidate_found = 0;
 	while (defined($line = shift @lines)) {
 		if ($line =~ /^([^ ]*):$/) {
 			# when we have multi-arch capable fu, we require that
@@ -132,8 +133,19 @@ sub get_packages {
 		} elsif ($line =~ /^ +Installed: (.*)$/) {
 			# etch dpkg -l does not print epochs, so use this info, it's better
 			$installed->{$pkgname}{'installed'} = $1;
+                        # initialize security-update
+                        $installed->{$pkgname}{'security-update'} = 0;
 		} elsif ($line =~ /^ +Candidate: (.*)$/) {
 			$installed->{$pkgname}{'candidate'} = $1;
+                } elsif ($line =~ /     ([^ ]+) [0-9]+/) {
+                        # check if the next lines show the sources of our candidate
+                        if ($1 eq $installed->{$pkgname}{'candidate'}) {
+                                $candidate_found = 1;
+                        } else {
+                                $candidate_found = 0;
+                        }
+                } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+                        $installed->{$pkgname}{'security-update'} = 1;
 		} elsif ($line =~ /^ +\*\*\*/) {
 			$line = shift @lines;
 			my @l = split(/ +/, $line);
@@ -141,7 +153,7 @@ sub get_packages {
 		}
 	}
 
-	my (%current, %obsolete, %outofdate);
+	my (%current, %obsolete, %outofdate, %security_outofdate);
 	for my $pkgname (keys %$installed) {
 		my $pkg = $installed->{$pkgname};
 
@@ -151,7 +163,11 @@ sub get_packages {
 		}
 
 		if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
-			$outofdate{$pkgname} = $pkg;
+			if ($pkg->{'security-update'}) {
+				$security_outofdate{$pkgname} = $pkg;
+			} else {
+				$outofdate{$pkgname} = $pkg;
+			}
 			next;
 		};
 		if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
 
 	$pkgs{'current'} = \%current;
 	$pkgs{'outofdate'} = \%outofdate;
+	$pkgs{'security_outofdate'} = \%security_outofdate;
 	$pkgs{'obsolete'} = \%obsolete;
 	return \%pkgs;
 }
@@ -298,6 +315,12 @@ my @reportform = (
 	  'short' => "%d pc",
 	  'perf' => "prg_conf=%d;1;;0",
 	  'status' => 'WARNING' },
+	{ 'key' => 'security_outofdate',
+	  'listpackages' => 1,
+	  'long' => "%d packages with outstanding security updates: %s",
+	  'short' => "%d security-updates",
+	  'perf' => "security_outdated=%d;;1;0",
+	  'status' => 'CRITICAL' },
 	);
 
 my @longout;
initial commit 2013-11-18 09:38:03 +00:00			`--- a/dsa/checks/dsa-check-packages`
			`+++ b/dsa/checks/dsa-check-packages`
			`@@ -94,6 +94,7 @@ sub get_packages {`
			`chomp(@lines);`

			`my $pkgname = undef;`
			`+ my $candidate_found = 0;`
			`while (defined($line = shift @lines)) {`
			`if ($line =~ /^([^ ]*):$/) {`
			`# when we have multi-arch capable fu, we require that`
			`@@ -132,8 +133,19 @@ sub get_packages {`
			`} elsif ($line =~ /^ +Installed: (.*)$/) {`
			`# etch dpkg -l does not print epochs, so use this info, it's better`
			`$installed->{$pkgname}{'installed'} = $1;`
			`+ # initialize security-update`
			`+ $installed->{$pkgname}{'security-update'} = 0;`
			`} elsif ($line =~ /^ +Candidate: (.*)$/) {`
			`$installed->{$pkgname}{'candidate'} = $1;`
			`+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {`
			`+ # check if the next lines show the sources of our candidate`
			`+ if ($1 eq $installed->{$pkgname}{'candidate'}) {`
			`+ $candidate_found = 1;`
			`+ } else {`
			`+ $candidate_found = 0;`
			`+ }`
			`+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org\|debian-security).*\/updates\//) && $candidate_found ) {`
			`+ $installed->{$pkgname}{'security-update'} = 1;`
			`} elsif ($line =~ /^ +\\\*/) {`
			`$line = shift @lines;`
			`my @l = split(/ +/, $line);`
			`@@ -141,7 +153,7 @@ sub get_packages {`
			`}`
			`}`

			`- my (%current, %obsolete, %outofdate);`
			`+ my (%current, %obsolete, %outofdate, %security_outofdate);`
			`for my $pkgname (keys %$installed) {`
			`my $pkg = $installed->{$pkgname};`

			`@@ -151,7 +163,11 @@ sub get_packages {`
			`}`

			`if ($pkg->{'candidate'} ne $pkg->{'installed'}) {`
			`- $outofdate{$pkgname} = $pkg;`
			`+ if ($pkg->{'security-update'}) {`
			`+ $security_outofdate{$pkgname} = $pkg;`
			`+ } else {`
			`+ $outofdate{$pkgname} = $pkg;`
			`+ }`
			`next;`
			`};`
			`if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {`
			`@@ -163,6 +179,7 @@ sub get_packages {`

			`$pkgs{'current'} = \%current;`
			`$pkgs{'outofdate'} = \%outofdate;`
			`+ $pkgs{'security_outofdate'} = \%security_outofdate;`
			`$pkgs{'obsolete'} = \%obsolete;`
			`return \%pkgs;`
			`}`
			`@@ -298,6 +315,12 @@ my @reportform = (`
			`'short' => "%d pc",`
			`'perf' => "prg_conf=%d;1;;0",`
			`'status' => 'WARNING' },`
			`+ { 'key' => 'security_outofdate',`
			`+ 'listpackages' => 1,`
			`+ 'long' => "%d packages with outstanding security updates: %s",`
			`+ 'short' => "%d security-updates",`
			`+ 'perf' => "security_outdated=%d;;1;0",`
			`+ 'status' => 'CRITICAL' },`
			`);`

			`my @longout;`
No results found.