diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-09-06 10:28:05 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-09-06 10:28:05 +0100 |
commit | f1af93971b7490792d8541bc790e0d8c6d787059 (patch) | |
tree | a38046712bbc3a3844d77452d16c84e716caa3d4 /net-analyzer/nrpe/files | |
parent | fc637fb28da700da71ec2064d65ca5a7a31b9c6c (diff) |
gentoo resync : 06.08.2019
Diffstat (limited to 'net-analyzer/nrpe/files')
5 files changed, 0 insertions, 343 deletions
diff --git a/net-analyzer/nrpe/files/nrpe-2.14-multiline.patch b/net-analyzer/nrpe/files/nrpe-2.14-multiline.patch deleted file mode 100644 index 3af2ef95baba..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.14-multiline.patch +++ /dev/null @@ -1,204 +0,0 @@ -Add support for large output - -http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.htmlIndex: nrpe-2.14/include/common.h -=================================================================== -Index: nrpe-2.14/include/common.h -=================================================================== ---- nrpe-2.14.orig/include/common.h -+++ nrpe-2.14/include/common.h -@@ -41,7 +41,7 @@ - #define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */ - #define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for connection more than this time */ - --#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */ -+#define MAX_INPUT_BUFFER 16384 /* max size of most buffers we use */ - #define MAX_FILENAME_LENGTH 256 - - #define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */ -@@ -55,12 +55,14 @@ - - #define QUERY_PACKET 1 /* id code for a packet containing a query */ - #define RESPONSE_PACKET 2 /* id code for a packet containing a response */ -+#define RESPONSE_PACKET_WITH_MORE 3 /* id code for a packet containing a response, with more data to follow */ - - #define NRPE_PACKET_VERSION_3 3 /* packet version identifier */ - #define NRPE_PACKET_VERSION_2 2 - #define NRPE_PACKET_VERSION_1 1 /* older packet version identifiers (no longer supported) */ - - #define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */ -+ /* WARNING - do not change this as older clients/servers will not work */ - - typedef struct packet_struct{ - int16_t packet_version; -Index: nrpe-2.14/src/check_nrpe.c -=================================================================== ---- nrpe-2.14.orig/src/check_nrpe.c -+++ nrpe-2.14/src/check_nrpe.c -@@ -221,6 +221,11 @@ int main(int argc, char **argv){ - return STATE_UNKNOWN; - } - -+ /* Altinity patch: Allow multiple packets to be received */ -+ /* Indentation not corrected to allow simpler patching */ -+ /* START MULTI_PACKET LOOP */ -+ do { -+ - /* wait for the response packet */ - bytes_to_recv=sizeof(receive_packet); - if(use_ssl==FALSE) -@@ -233,31 +238,24 @@ int main(int argc, char **argv){ - /* reset timeout */ - alarm(0); - -- /* close the connection */ --#ifdef HAVE_SSL -- if(use_ssl==TRUE){ -- SSL_shutdown(ssl); -- SSL_free(ssl); -- SSL_CTX_free(ctx); -- } --#endif -- graceful_close(sd,1000); -- - /* recv() error */ - if(rc<0){ - printf("CHECK_NRPE: Error receiving data from daemon.\n"); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - - /* server disconnected */ - else if(rc==0){ - printf("CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.\n"); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - - /* receive underflow */ - else if(bytes_to_recv<sizeof(receive_packet)){ - printf("CHECK_NRPE: Receive underflow - only %d bytes received (%d expected).\n",bytes_to_recv,sizeof(receive_packet)); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - -@@ -271,21 +269,21 @@ int main(int argc, char **argv){ - calculated_crc32=calculate_crc32((char *)&receive_packet,sizeof(receive_packet)); - if(packet_crc32!=calculated_crc32){ - printf("CHECK_NRPE: Response packet had invalid CRC32.\n"); -- close(sd); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - - /* check packet version */ - if(ntohs(receive_packet.packet_version)!=NRPE_PACKET_VERSION_2){ - printf("CHECK_NRPE: Invalid packet version received from server.\n"); -- close(sd); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - - /* check packet type */ -- if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET){ -+ if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET && ntohs(receive_packet.packet_type)!=RESPONSE_PACKET_WITH_MORE){ - printf("CHECK_NRPE: Invalid packet type received from server.\n"); -- close(sd); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - -@@ -297,8 +295,18 @@ int main(int argc, char **argv){ - if(!strcmp(receive_packet.buffer,"")) - printf("CHECK_NRPE: No output returned from daemon.\n"); - else -- printf("%s\n",receive_packet.buffer); -- } -+ printf("%s",receive_packet.buffer); -+ -+ } while (ntohs(receive_packet.packet_type)==RESPONSE_PACKET_WITH_MORE); -+ /* END MULTI_PACKET LOOP */ -+ -+ /* Finish output with newline */ -+ printf("\n"); -+ -+ /* close the connection */ -+ graceful_close(sd,1000); -+ -+ } - - /* reset the alarm */ - else -@@ -434,6 +442,14 @@ int graceful_close(int sd, int timeout){ - struct timeval tv; - char buf[1000]; - -+#ifdef HAVE_SSL -+ if(use_ssl==TRUE){ -+ SSL_shutdown(ssl); -+ SSL_free(ssl); -+ SSL_CTX_free(ctx); -+ } -+#endif -+ - /* send FIN packet */ - shutdown(sd,SHUT_WR); - for(;;){ -Index: nrpe-2.14/src/nrpe.c -=================================================================== ---- nrpe-2.14.orig/src/nrpe.c -+++ nrpe-2.14/src/nrpe.c -@@ -1056,6 +1056,8 @@ void handle_connection(int sock){ - char processed_command[MAX_INPUT_BUFFER]; - int result=STATE_OK; - int early_timeout=FALSE; -+ int bytes_copied=0; -+ char *pbuffer=&buffer[0]; - int rc; - int x; - #ifdef DEBUG -@@ -1272,6 +1274,14 @@ void handle_connection(int sock){ - if(buffer[strlen(buffer)-1]=='\n') - buffer[strlen(buffer)-1]='\x0'; - -+ /* Altinity patch to allow multi packet responses */ -+ /* Loop not indented to allow easier patching */ -+ /* START MULTI_PACKET LOOP */ -+ do { -+ -+ if(debug==TRUE) -+ syslog(LOG_DEBUG,"Sending response - bytes left: %d", strlen(pbuffer)); -+ - /* clear the response packet buffer */ - bzero(&send_packet,sizeof(send_packet)); - -@@ -1280,11 +1290,17 @@ void handle_connection(int sock){ - - /* initialize response packet data */ - send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2); -- send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET); - send_packet.result_code=(int16_t)htons(result); -- strncpy(&send_packet.buffer[0],buffer,MAX_PACKETBUFFER_LENGTH); -+ strncpy(&send_packet.buffer[0],pbuffer,MAX_PACKETBUFFER_LENGTH); - send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0'; -- -+ -+ bytes_copied = strlen(&send_packet.buffer[0]); -+ pbuffer = pbuffer+bytes_copied; -+ if(strlen(pbuffer)>0) -+ send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET_WITH_MORE); -+ else -+ send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET); -+ - /* calculate the crc 32 value of the packet */ - send_packet.crc32_value=(u_int32_t)0L; - calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet)); -@@ -1303,6 +1319,9 @@ void handle_connection(int sock){ - SSL_write(ssl,&send_packet,bytes_to_send); - #endif - -+ } while (strlen(pbuffer) > 0); -+ /* END MULTI_PACKET LOOP */ -+ - #ifdef HAVE_SSL - if(ssl){ - complete_SSL_shutdown( ssl); diff --git a/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch b/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch deleted file mode 100644 index 81078c449713..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -Nuar --exclude '*.orig' nrpe-2.15.orig/configure.in nrpe-2.15/configure.in ---- nrpe-2.15.orig/configure.in 2013-09-06 08:27:13.000000000 -0700 -+++ nrpe-2.15/configure.in 2014-04-19 09:32:52.251766643 -0700 -@@ -6,7 +6,8 @@ - - AC_INIT([nrpe],[2.15],[nagios-users@lists.sourceforge.net],[nrpe],[http://www.nagios.org]) - AC_CONFIG_SRCDIR([src/nrpe.c]) --AC_CONFIG_HEADERS([include/config.h]) -+AC_CONFIG_HEADERS([include/autoconf.h]) - AC_CONFIG_FILES([Makefile -+ include/config.h - subst - src/Makefile -diff -Nuar --exclude '*.orig' nrpe-2.15.orig/include/config.h.in nrpe-2.15/include/config.h.in ---- nrpe-2.15.orig/include/config.h.in 2013-09-06 08:27:13.000000000 -0700 -+++ nrpe-2.15/include/config.h.in 2014-04-19 09:33:07.620035056 -0700 -@@ -26,6 +26,7 @@ - - #include <stdio.h> - #include <stdlib.h> -+#include "autoconf.h" - - - #define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */ diff --git a/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch b/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch deleted file mode 100644 index c42f8bfdec00..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch +++ /dev/null @@ -1,26 +0,0 @@ -Disallow all control characters in argument handling. - -This closes a security hole that allowed passing commands via the argument -handling, if a newline was used to seperate the argument from the rest of the -command. - -X-URL: http://www.exploit-db.com/exploits/32925/ -Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> - --- -I didn't find any patches from upstream NRPE, so I wrote this quick one. -If somebody else has a valid use for control characters in NRPE arguments, then -this could be relaxed slightly. - -diff -Nuar --exclude '*.orig' nrpe-2.15.orig/src/nrpe.c nrpe-2.15/src/nrpe.c ---- nrpe-2.15.orig/src/nrpe.c 2014-04-19 09:37:16.022373910 -0700 -+++ nrpe-2.15/src/nrpe.c 2014-04-19 09:46:53.237458939 -0700 -@@ -53,7 +53,7 @@ - - #define DEFAULT_COMMAND_TIMEOUT 60 /* default timeout for execution of plugins */ - #define MAXFD 64 --#define NASTY_METACHARS "|`&><'\"\\[]{};" -+#define NASTY_METACHARS "|`&><'\"\\[]{};\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f" - #define howmany(x,y) (((x)+((y)-1))/(y)) - #define MAX_LISTEN_SOCKS 16 - diff --git a/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch b/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch deleted file mode 100644 index 3b3fc135455f..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch +++ /dev/null @@ -1,39 +0,0 @@ -Without this patch, you can't build nrpe without SSL support. It was -originally submitted on the Nagios forums by user Matthew L. Daniel: - - https://support.nagios.com/forum/viewtopic.php?t=27027 - -It was merged into the upstream github repo (NagiosEnterprises/nrpe) -in commit 3736fdeeac11a. - - -diff --git a/src/nrpe.c b/src/nrpe.c -index 4bc849b..1e55ab4 100644 ---- a/src/nrpe.c -+++ b/src/nrpe.c -@@ -102,7 +102,9 @@ int use_src=FALSE; /* Define parameter for SRC option */ - int listen_queue_size=DEFAULT_LISTEN_QUEUE_SIZE; - - -+#ifdef HAVE_SSL - void complete_SSL_shutdown( SSL *); -+#endif - - - int main(int argc, char **argv){ -@@ -1815,6 +1817,7 @@ int remove_pid_file(void){ - return OK; - } - -+#ifdef HAVE_SSL - void complete_SSL_shutdown( SSL *ssl) { - - /* -@@ -1835,6 +1838,7 @@ void complete_SSL_shutdown( SSL *ssl) { - if( SSL_shutdown( ssl)) break; - } - } -+#endif/*HAVE_SSL*/ - - /* bail if daemon is running as root */ - int check_privileges(void){ diff --git a/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch b/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch deleted file mode 100644 index b8a0811b831c..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff -Nuar --exclude '*.orig' nrpe-2.15.orig/configure.in nrpe-2.15/configure.in ---- nrpe-2.15.orig/configure.in 2013-09-06 08:27:13.000000000 -0700 -+++ nrpe-2.15/configure.in 2014-04-19 09:20:50.406150828 -0700 -@@ -45,7 +45,7 @@ - AC_HEADER_STDC - AC_HEADER_TIME - AC_HEADER_SYS_WAIT --AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h) -+AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h) - - dnl Checks for typedefs, structures, and compiler characteristics. - AC_C_CONST -@@ -164,11 +164,20 @@ - AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl") - AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket") - AC_SUBST(SOCKETLIBS) --AC_CHECK_LIB(wrap,main,[ -- LIBWRAPLIBS="$LIBWRAPLIBS -lwrap" -+ -+AC_ARG_ENABLE([tcp-wrapper], -+ AS_HELP_STRING([--disable-tcp-wrapper], [Disable building with TCP wrappers. *** DISABLING IS A SECURITY RISK! *** Read the SECURITY file before using this option! @<:@default=enable@:>@])) -+ -+LIBWRAPLIBS="" -+AS_IF([test "x$enable_tcp_wrapper" != "xno"], [ -+ AC_CHECK_LIB([wrap],[hosts_access],[ -+ LIBWRAPLIBS="$LIBWRAPLIBS -lwrap" - AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library]) -- ]) -+ AC_DEFINE(HAVE_TCPD_H,[1],[Have the TCP wrappers library]) -+ ]) -+]) - AC_SUBST(LIBWRAPLIBS) -+ - AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket) - - dnl socklen_t check - from curl -@@ -440,8 +449,11 @@ - AC_SUBST(TARGET_PLATFORM) - - AC_ARG_ENABLE([command-args], -- AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]), -- AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments])) -+ AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!])) -+ -+AS_IF([test "x$enable_command_args" = "xyes"], [ -+ AC_DEFINE(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments]) -+]) - - AC_ARG_ENABLE([bash-command-substitution], - AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to pass bash command substitutions of the form $(command). *** THIS IS A HIGH SECURITY RISK! *** Read the SECURITY file before using this option!]), |