diff --git a/debian/bin/gen_plugin_deps.pl b/debian/bin/gen_plugin_deps.pl index 8771870..3674fad 100644 --- a/debian/bin/gen_plugin_deps.pl +++ b/debian/bin/gen_plugin_deps.pl @@ -23,9 +23,9 @@ use strict; use warnings; # actual not needed -#my $extra_deps = { +my $extra_deps = { # sensors => [ 'lm-sensors' ], -#}; +}; my $infile = "debian/README.Debian.plugins.in"; my $outfile = "debian/README.Debian.plugins"; diff --git a/debian/changelog b/debian/changelog index 262d67c..b1221ca 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,34 @@ -nagios-plugins (1.4.15-4) UNRELEASED; urgency=low +nagios-plugins (1.4.15-5) unstable; urgency=low + + * Enable hardening options (Closes: #542728) + * Bump Standards-Version to 3.9.2, no changes needed + * Updating package description (Closes: #640070), thanks to Christoph Anton + Mitterer + - Listing the checks of each package + - Hint added, that nagios-plugins-basic needs more packages (recommands) + * Adding 16_check_raduis_fix_format-security.dpatch to fix error in + check_radius when compiling with -Werror=format-security (hardening), + thanks Thomas Guyot-Sionnesti - LP: #837085 + * Adding 15_check_sensors_fault.dpatch to detect sensors in FAULT state, + thank Holger Weiss (Closes: #615133) + * Remove empty /usr/include from nagios-plugins-basic, thanks Ferenc Wagner + (Closes: #630711) + + -- Jan Wagner Wed, 07 Sep 2011 12:23:56 +0200 + +nagios-plugins (1.4.15-4) unstable; urgency=low * Add 13_check_smtp_greeting.dpatch (Closes: #611914), thanks Daniel Piddock for spotting and Holger Weiss for providing a fix - Abort immediately if we don't receive a server greeting or if the greeting doesn't contain the "--expect"ed string (by default: "220") instead of blindly sending the EHLO/HELO line. + * Add 14_check_icmp_multiple_ips.dpatch (Closes: #623702), thanks Max Kosmach + for spotting and Sebastian Harl for providing a fix + - When specifying a host-name on the command line, each of its IPs is added + to the host table (and each one is pinged). So, the buffer has to be large + enough to hold all of the respective host objects. (argc - 1) only fits + hosts with a single IP. * Move libraries linked at compile time against checks of nagios-plugins-standard from Depends to Recommends (Closes: #569028) - Add slightly modified bin/gen_plugin_deps.pl from collectd source package @@ -14,9 +38,9 @@ nagios-plugins (1.4.15-4) UNRELEASED; urgency=low - Create customized substvars for nagios-plugins-standard via dpkg-shlibdeps in debian/rules - Remove temporary files via clean target in debian/rules - - Add hint to NEWS.DebianAdd hint to NEWS.Debia + - Add hint to NEWS.Debian - -- Jan Wagner Mon, 27 Dec 2010 22:13:48 +0100 + -- Jan Wagner Wed, 18 May 2011 16:31:35 +0200 nagios-plugins (1.4.15-3) unstable; urgency=low diff --git a/debian/control b/debian/control index 762e015..f249c52 100644 --- a/debian/control +++ b/debian/control @@ -3,28 +3,18 @@ Section: net Priority: extra Maintainer: Debian Nagios Maintainer Group Uploaders: Jan Wagner , Alexander Wirt -Build-Depends: debhelper (>= 5), dpatch (>= 2.0.9), perl, autotools-dev, libldap2-dev, libpq-dev, libmysqlclient-dev | libmysqlclient16-dev | libmysqlclient15-dev, libradiusclient-ng-dev, libkrb5-dev, libnet-snmp-perl, procps, mawk | awk +Build-Depends: debhelper (>= 5), dpatch (>= 2.0.9), perl, autotools-dev, libldap2-dev, libpq-dev, libmysqlclient-dev | libmysqlclient16-dev | libmysqlclient15-dev, libradiusclient-ng-dev, libkrb5-dev, libnet-snmp-perl, procps, mawk | awk, hardening-wrapper Homepage: http://nagiosplug.sourceforge.net Vcs-Browser: http://svn.debian.org/wsvn/pkg-nagios/nagios-plugins/ Vcs-Svn: svn://svn.debian.org/pkg-nagios/nagios-plugins/trunk/ -Standards-Version: 3.9.1 +Standards-Version: 3.9.2 Package: nagios-plugins Architecture: all Depends: ${misc:Depends}, nagios-plugins-basic, nagios-plugins-standard Suggests: nagios3 -Description: Plugins for the nagios network monitoring and management system - Nagios is a host/service/network monitoring and management system. It has - the following features: - . - * Monitoring of network services (via TCP port, SMTP, POP3, HTTP, NNTP, - PING, etc.) - * Plugin interface to allow for user-developed service checks - * Contact notifications when problems occur and get resolved (via email, - pager, or user-defined method) - * Ability to define event handlers to be run during service or host events - (for proactive problem resolution) - * Web output (current status, notifications, history, log file, etc.) +Description: Plugins for nagios compatible monitoring systems (metapackage) + Plugins for nagios compatible monitoring systems like Nagios and Icinga. . This metapackage will install the entire suite of plugins for nagios. If you are installing nagios plugins on a remote "satellite" server @@ -37,23 +27,27 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, procps, iputils-ping [linux-any], i Conflicts: nagios-plugins (<= 1.4.2-3) Replaces: nagios-plugins, nagios-plugins-standard Suggests: nagios3 -Description: Plugins for the nagios network monitoring and management system - Nagios is a host/service/network monitoring and management system. It has - the following features: +Description: Plugins for nagios compatible monitoring systems + Plugins for nagios compatible monitoring systems like Nagios and Icinga. It + contains the following plugins: . - * Monitoring of network services (via TCP port, SMTP, POP3, HTTP, NNTP, - PING, etc.) - * Plugin interface to allow for user-developed service checks - * Contact notifications when problems occur and get resolved (via email, - pager, or user-defined method) - * Ability to define event handlers to be run during service or host events - (for proactive problem resolution) - * Web output (current status, notifications, history, log file, etc.) + check_apt, check_by_ssh, check_clamd, check_cluster, + check_dhcp, check_disk, check_dummy, check_file_age, + check_ftp, check_host, check_http, check_icmp, + check_ide_smart, check_imap, check_ircd, check_jabber, + check_load, check_log, check_mrtg, check_mrtgtraf, + check_nagios, check_nntp, check_nntps, check_nt, + check_ntp, check_ntp_peer, check_ntp_time, check_nwstat, + check_overcr, check_ping, check_pop, check_procs, + check_real, check_rta_multi, check_sensors, check_simap, + check_smtp, check_spop, check_ssh, check_ssmtp, + check_swap, check_tcp, check_time, check_udp, + check_ups, check_users . This package provides a basic set of plugins with minimal external dependencies. It is not likely to be useful by itself unless you are - installing a remote "satellite" server (using nagios-nrpe-server or nsca, - for example). + using a remote "satellite" system (using nagios-nrpe-server, check_by_ssh or + nsca, for example). Package: nagios-plugins-standard Architecture: any @@ -62,18 +56,17 @@ Replaces: nagios-plugins Depends: ${shlibs:Depends}, ${misc:Depends}, ucf, nagios-plugins-basic (>= 1.4.5-2) Recommends: ${shlibs:Recommends}, fping, snmp, libnet-snmp-perl, dnsutils, bind9-host | host, smbclient, whois, qstat Suggests: nagios3, postfix | sendmail-bin | exim4-daemon-heavy | exim4-daemon-light -Description: Plugins for the nagios network monitoring and management system - Nagios is a host/service/network monitoring and management system. It has - the following features: +Description: Plugins for nagios compatible monitoring systems + Plugins for nagios compatible monitoring systems like Nagios and Icinga. It + contains the following plugins: . - * Monitoring of network services (via TCP port, SMTP, POP3, HTTP, NNTP, - PING, etc.) - * Plugin interface to allow for user-developed service checks - * Contact notifications when problems occur and get resolved (via email, - pager, or user-defined method) - * Ability to define event handlers to be run during service or host events - (for proactive problem resolution) - * Web output (current status, notifications, history, log file, etc.) + check_bgpstate, check_breeze, check_dig, check_disk_smb, + check_dns, check_flexlm, check_fping, check_game, + check_hpjd, check_ifoperstatus, check_ifstatus, check_ldap, + check_ldaps, check_linux_raid, check_mailq, check_mysql, + check_mysql_query, check_oracle, check_pgsql, check_radius, + check_rpc, check_snmp, check_wave . This package provides the suite of plugins that are most likely to be - useful on a central nagios host. + useful on a central nagios host. Some scripts needs more packages installed + to work, which is implemented as recommands. diff --git a/debian/patches/00list b/debian/patches/00list index cfc0b18..60a9648 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -6,3 +6,6 @@ 11_check_disk_smb_NT_STATUS_ACCESS_DENIED.dpatch 12_check_snmp_1.4.15_regression.dpatch 13_check_smtp_greeting.dpatch +14_check_icmp_multiple_ips.dpatch +15_check_sensors_fault.dpatch +16_check_raduis_fix_format-security.dpatch diff --git a/debian/patches/14_check_icmp_multiple_ips.dpatch b/debian/patches/14_check_icmp_multiple_ips.dpatch new file mode 100644 index 0000000..d189f21 --- /dev/null +++ b/debian/patches/14_check_icmp_multiple_ips.dpatch @@ -0,0 +1,27 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 14_check_icmp_multiple_ips.dpatch +## Sebastian Harl +## +## From: 1374f80872412b64bd13f17e6edd70aa59437012 Mon Sep 17 00:00:00 2001 +## From: Sebastian Harl +## Date: Thu, 28 Apr 2011 09:18:21 +0200 +## Subject: [PATCH] check_host: Allocate a large-enough buffer for the host table. +## (Debian #623702) +## X-Git-Url: http://nagiosplug.git.sourceforge.net/git/gitweb.cgi?p=nagiosplug/nagiosplug;a=commitdiff_plain;h=1374f80872412b64bd13f17e6edd70aa59437012 +## +## DP: Allocate a large-enough buffer for the host table. (http://bugs.debian.org/623702) + +@DPATCH@ + +--- a/plugins-root/check_icmp.c ++++ b/plugins-root/check_icmp.c +@@ -621,7 +621,7 @@ main(int argc, char **argv) + } + + host = list; +- table = malloc(sizeof(struct rta_host **) * (argc - 1)); ++ table = malloc(sizeof(struct rta_host **) * targets); + i = 0; + while(host) { + host->id = i*packets; + diff --git a/debian/patches/15_check_sensors_fault.dpatch b/debian/patches/15_check_sensors_fault.dpatch new file mode 100755 index 0000000..abbe726 --- /dev/null +++ b/debian/patches/15_check_sensors_fault.dpatch @@ -0,0 +1,40 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 15_check_sensors_fault.dpatch by Holger Weiss +## +## From 276c5b98bf619eabd8b0bd5fc3ff60c0a59489a7 Mon Sep 17 00:00:00 2001 +## From: Holger Weiss +## Date: Wed, 7 Sep 2011 13:55:53 +0200 +## Subject: [PATCH] check_sensors: Detect FAULT status +## +## DP: Return an UNKNOWN status if a faulty sensor is detected. This can be +## suppressed with the new "--ignore-fault" option. + +@DPATCH@ + +--- a/plugins-scripts/check_sensors.sh ++++ b/plugins-scripts/check_sensors.sh +@@ -10,7 +10,7 @@ REVISION="@NP_VERSION@" + + + print_usage() { +- echo "Usage: $PROGNAME" ++ echo "Usage: $PROGNAME" [--ignore-fault] + } + + print_help() { +@@ -57,9 +57,12 @@ case "$1" in + if echo ${sensordata} | egrep ALARM > /dev/null; then + echo SENSOR CRITICAL - Sensor alarm detected! + exit 2 +- else +- echo sensor ok +- exit 0 ++ elif echo ${sensordata} | egrep FAULT > /dev/null \ ++ && test "$1" != "-i" -a "$1" != "--ignore-fault"; then ++ echo SENSOR UNKNOWN - Sensor reported fault ++ exit 3 + fi ++ echo sensor ok ++ exit 0 + ;; + esac diff --git a/debian/patches/16_check_raduis_fix_format-security.dpatch b/debian/patches/16_check_raduis_fix_format-security.dpatch new file mode 100644 index 0000000..7f0dcfc --- /dev/null +++ b/debian/patches/16_check_raduis_fix_format-security.dpatch @@ -0,0 +1,24 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 16_check_raduis_fix_format-security.dpatch +## From 055b2570eddff9a312dc1445bb7de4a6d7c4887d Mon Sep 17 00:00:00 2001 +## From: Thomas Guyot-Sionnest +## Date: Tue, 6 Sep 2011 23:20:21 -0400 +## Subject: [PATCH] Make GCC happy +## X-Git-Url: http://nagiosplug.git.sourceforge.net/git/gitweb.cgi?p=nagiosplug/nagiosplug;a=commitdiff_plain;h=055b2570eddff9a312dc1445bb7de4a6d7c4887d +## +## DP: It won't trust us about msg containing no format string, and fail miserably +## when compiled with -Werror=format-security. (https://bugs.launchpad.net/bugs/837085) + +@DPATCH@ + +--- a/plugins/check_radius.c ++++ b/plugins/check_radius.c +@@ -211,7 +211,7 @@ main (int argc, char **argv) + if (result == OK_RC) + die (STATE_OK, _("Auth OK")); + (void)snprintf(msg, sizeof(msg), _("Unexpected result code %d"), result); +- die (STATE_UNKNOWN, msg); ++ die (STATE_UNKNOWN, "%s", msg); + } + + diff --git a/debian/rules b/debian/rules index e73c074..c1b0b68 100755 --- a/debian/rules +++ b/debian/rules @@ -6,6 +6,9 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +# enable hardnening +export DEB_BUILD_HARDENING=1 + PACKAGE = nagios-plugins include /usr/share/dpatch/dpatch.make @@ -169,6 +172,8 @@ install: build mkdir -p ${NP_BASIC_DIR}/usr/share/nagios-plugins/dpkg install -t ${NP_BASIC_DIR}/usr/share/nagios-plugins/dpkg \ $(DEBIANDIR)/functions + # remove /usr/include from nagios-plugins-nasic (in case its empty) + rmdir ${NP_BASIC_DIR}/usr/include # generate debian/README.Debian.plugins perl ./debian/bin/gen_plugin_deps.pl