From c22280dc63c34a3071c94b8c3f8e6fbfb0806c72 Mon Sep 17 00:00:00 2001 From: Sean Finney Date: Fri, 15 Feb 2008 19:29:59 +0000 Subject: [PATCH] fix for various regressions in the last security upload --- debian/changelog | 13 ++++++++++++ debian/patches/00list | 2 +- .../11_hardcode_against_regressions.dpatch | 20 +++++++++++++++++++ debian/rules | 6 +++++- 4 files changed, 39 insertions(+), 2 deletions(-) create mode 100755 debian/patches/11_hardcode_against_regressions.dpatch diff --git a/debian/changelog b/debian/changelog index 1a8e10b..c3e5690 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +nagios-plugins (1.4-6sarge2) UNRELEASED; urgency=high + + * NMU prepared for the security team by the package maintainer. + * Fix the following regressions in the previous security upload: + - check_procs/check_nagios/check_swap all fail to build correctly unless + /proc is mounted, so fail gracefully in that case. closes: #465530 + - check_mailq may default to /usr/sbin/mailq instead of /usr/bin/mailq + if the the ssmtp package is installed at build-time. closes: #465749. + - check_ping may fail to build correctly due to assumptions about + host configuration and/or network connectivity. closes: #465854. + + -- Sean Finney Fri, 15 Feb 2008 20:30:57 +0100 + nagios-plugins (1.4-6sarge1) oldstable-security; urgency=high * Fix CVE-2007-5198 diff --git a/debian/patches/00list b/debian/patches/00list index 34f0d80..1e8b283 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -2,4 +2,4 @@ 06_checkircd 08_subst 09_pssyntax -10_CVE-2007-5198 \ No newline at end of file +10_CVE-2007-519811_hardcode_against_regressions diff --git a/debian/patches/11_hardcode_against_regressions.dpatch b/debian/patches/11_hardcode_against_regressions.dpatch new file mode 100755 index 0000000..685b964 --- /dev/null +++ b/debian/patches/11_hardcode_against_regressions.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 11_hardcode_against_regressions.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: see #465749 + +@DPATCH@ +diff -urNad nagios-plugins-sarge~/config.h.in nagios-plugins-sarge/config.h.in +--- nagios-plugins-sarge~/config.h.in 2005-02-04 01:47:45.000000000 +0100 ++++ nagios-plugins-sarge/config.h.in 2008-02-15 20:16:36.000000000 +0100 +@@ -632,6 +632,9 @@ + + /* path to qmail-qstat */ + #undef PATH_TO_MAILQ ++#ifndef PATH_TO_MAILQ ++# define PATH_TO_MAILQ "/usr/bin/mailq" ++#endif + + /* path to ntpdate binary */ + #undef PATH_TO_NTPDATE diff --git a/debian/rules b/debian/rules index c9dc5f3..33cb065 100755 --- a/debian/rules +++ b/debian/rules @@ -32,8 +32,12 @@ endif config.status: configure export PATH=$(PATH) dh_testdir + @if ! mount | grep -qw /proc; then \ + echo "E: /proc must be mounted" >&2 \ + exit 1 + fi # Add here commands to configure the package. - CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --libexecdir=/usr/lib/nagios/plugins --with-nagios-user=nagios --with-nagios-group=nagios --with-trusted-path=/bin:/sbin:/usr/bin:/usr/sbin --with-df-command="/bin/df -Pk" + CFLAGS="$(CFLAGS)" PATH_TO_MAILQ="/usr/bin/mailq" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --libexecdir=/usr/lib/nagios/plugins --with-nagios-user=nagios --with-nagios-group=nagios --with-trusted-path=/bin:/sbin:/usr/bin:/usr/sbin --with-df-command="/bin/df -Pk" --with-ping-command="/bin/ping -n -U -w %d -c %d %s" --with-ping6-command="/bin/ping6 -n -U -c %d %s" build: patch-stamp build-stamp