diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-09-06 10:28:05 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-09-06 10:28:05 +0100 |
commit | f1af93971b7490792d8541bc790e0d8c6d787059 (patch) | |
tree | a38046712bbc3a3844d77452d16c84e716caa3d4 /net-analyzer/nrpe | |
parent | fc637fb28da700da71ec2064d65ca5a7a31b9c6c (diff) |
gentoo resync : 06.08.2019
Diffstat (limited to 'net-analyzer/nrpe')
-rw-r--r-- | net-analyzer/nrpe/Manifest | 11 | ||||
-rw-r--r-- | net-analyzer/nrpe/files/nrpe-2.14-multiline.patch | 204 | ||||
-rw-r--r-- | net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch | 24 | ||||
-rw-r--r-- | net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch | 26 | ||||
-rw-r--r-- | net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch | 39 | ||||
-rw-r--r-- | net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch | 50 | ||||
-rw-r--r-- | net-analyzer/nrpe/metadata.xml | 3 | ||||
-rw-r--r-- | net-analyzer/nrpe/nrpe-2.15-r3.ebuild | 140 | ||||
-rw-r--r-- | net-analyzer/nrpe/nrpe-3.2.1-r2.ebuild (renamed from net-analyzer/nrpe/nrpe-3.2.1.ebuild) | 18 |
9 files changed, 17 insertions, 498 deletions
diff --git a/net-analyzer/nrpe/Manifest b/net-analyzer/nrpe/Manifest index 6d2b9c920f46..05f6d66c164c 100644 --- a/net-analyzer/nrpe/Manifest +++ b/net-analyzer/nrpe/Manifest @@ -1,15 +1,8 @@ -AUX nrpe-2.14-multiline.patch 6806 BLAKE2B 601bfaf6a7deddcd59c7ab9666ea9ada85698326d8f1eb0971196167edc79cad8acc818b6faa5e53cdad608692e9d3438200a08f2641bdac9937692cf83b8702 SHA512 09c0cc6a4610d674b0ed0da8cdc96f3653f98b54fc98802c33a1cc0b09755d3d0d6afd7fe6b25e1713e6b27af2ba1fa5063988691bc3b5364fa0bfd137d54546 -AUX nrpe-2.15-autoconf-header.patch 898 BLAKE2B 4cec3a40431057025c8aa711ea0535885c1b115f19f127a5d65145c2efb1215524bab357812d8648c32d953307e16ffbf5b787a306a7cd5941d957a33bda7eb4 SHA512 aa7aa0cb57c1b9826a980f9e093f8c8219e0b02dd1e8ba27e74a0a39e746d723e280a93d18d4e069743d14937e0c7159336bb6f406671450fc6a0bb90f902fb2 -AUX nrpe-2.15-metachar-security-fix.patch 1165 BLAKE2B f7e4c7c7ac83627baeb87b05264cea254cc852a4bcf1e67fb7994c3e15605ebafa6b25819692d179e23c2f8fca729c52f49ec47f979ba63574a26d9cb03ba2ae SHA512 cba997f4433dd38c95a3e2166f091b53ac6f618f25944dc69bb9ae5864a74a1136667c557881a498ce6aa16e91b367c416a5935e20e348f94f140fdc09692b29 -AUX nrpe-2.15-no-ssl.patch 967 BLAKE2B e198d1c140ba6cdcc50739e79ffd955c9f5ca692e529a09cfcc31db991d229df85a7137c0a72747e881aff82aa16d3b08cd5f12e0dbda2ad2c2a2793ceef05bd SHA512 17163aa22fd9e03ca00679756413c9ac2051b2d66c894b3ec6dc6bad468d2835c95481eab915b40ccc37e7063e1a2b382af7ed47a5c2ea6d1aa94286a95c44ce -AUX nrpe-2.15-tcpd-et-al.patch 2651 BLAKE2B 2ada9c800d41a9854102f5a469c9ec829212845e07c3d17aaed095f90e807acfe945b3eaac6cf5d51fedd25d3baa88cefb75e72476a84c105a706560b0512abf SHA512 d4c2b38f05b9ac19702ff81d0f07cabed9f98a309e0e4d287bd9784b0aa6ee50ff8b6aee0f4d5541cb10120d463b470d23a6d4a4a2627166d6cf1b07fb5d61de AUX nrpe-3.2.1-eliminate-systemd-pid.patch 1264 BLAKE2B e0fb75dcc231881fd02fba73de02b983098d7762852d5dea497e717e0c978d773c871d35ba8671a4d292896aa276703ea9d2450e053add1ff3f2d6d9f1c53bf1 SHA512 9e8d58dee6c60b48e209a69eaab10abcc5eccfc28edf073240afba3d3e70a36ead4a568fe6589dd8578d11f0149c968c5977742e9905fa0a407b120c6d168570 AUX nrpe.init 1152 BLAKE2B eea4c8554ef02b7eb9e602a4b0750565520dd830435586043f61534a58563eaed379f1296df5eaf68aab88440f4199354118ffbcc5b4340eda633bb3eb49092c SHA512 19f470407d63b2949535acd6e5849afbea44f82a5773f9110f8b025c380c0626a0a733ead417b1ce293741168acea5a885c2e9f94fb1c0b3e38a06e0eae4ddca AUX nrpe.service 242 BLAKE2B 715f0e8b91d6c40405d6d1f3689bbbf750e61e78e1d727debbe998ae81922b36f1d5f7c011f6881979e485a81c08d3f1f405b962023fecea643c8f7a9e04c3df SHA512 ffd67467cc4f5ccdf73e0860d1355a8cc3e528d0c67f2054b0ad76c02a43f9c5a8964a3f6df6f91eaa8e15c3c9596259aa964ad69aa2da60678d68fa892b2346 AUX nrpe.xinetd.2 245 BLAKE2B 3e9db31c7d5b28dab18d2f5855d0465f25fc9cf4a70deac9a5d0c87c7cc546a33b432dbca172a49addadc0bd6583d870ec0fe350bf60e015e325d8bb923aca47 SHA512 d687cb2a5babfd28a97d3a5f1ac665758341ecc37fdd0193dbf0df4cba68c88aa24776a33a706989843fa5356b2e3e995662a823ceb2b86ba8f846f8c47e18fb -DIST nrpe-2.15.tar.gz 419695 BLAKE2B 999ecc633cbd2dc516ff0654db3ac0cc58a88d93ae4ace1040888fe73d8fb471306d95312ac364c79b3a47300ac57c0c429a24697c37bfa639f1da55cb6bc756 SHA512 03ce9774b5112d03235dc9da075770d89d1bcc5ffa5faf221ff7ea8ec5c92ded1e1ae9222581a87cf53736d190ac047e1acce7edc2f31f26c432d786cdef0e73 DIST nrpe-3.2.1.tar.gz 518015 BLAKE2B c9be2bf24e3d9977a7ff5c2f0e08bfe841729289af836bb7ac6ccb2c173a519958b12cc3e90ece612ac6c2527ad472ef1464be648a66b11ff8ad483d5ad78cc1 SHA512 ec6ff42a00bd97ed80010a82e26dc35fd419f2feda65820cda0108068173c1ae44eee698833a50fd2079429a6f5eb1321c4f06b09c6708bc5fbe48f176389856 -EBUILD nrpe-2.15-r3.ebuild 4013 BLAKE2B 6609597c36f1df0228f627a66f1a2edaf2c30c93d3f143c69ab92c2c914f1e83bbb3bfd2bdd286fdc42411b3d86ca9716609f278838849ed940aa35dc7cad9c0 SHA512 d2442384f0bea253479f06186b78f013514f6fbaddc1aea531eec6b7f0436061aab3852d4035bd61fcaa6beefa2f2724200d8845d62851ced816895aa9258179 EBUILD nrpe-3.2.1-r1.ebuild 2486 BLAKE2B a71330ceb27dba3654f6e4923ef4e395e6f831bd2fafe23220e39cdf31aa9d3a898bec0b4ceca4a4a7fee73c76efb69207b4ddb7b264a6af4c0aae84fa2cbc19 SHA512 71e4bf9e5a6ad3f1ff1315d09b84d56b2b5772d7f0627f09c60fa6f63c81ebf1bc89e2980085efb0a9d9a54b8d98846010b5f26c66bfb863f2421cef2c6b0e79 -EBUILD nrpe-3.2.1.ebuild 1938 BLAKE2B bd00244a5585503b24b108f167345560d0b7855a8cdd1497fc4e853b86b42e4f9fb67aa1fc767ca67f5e3b1e13424828f295b0a74316c95a17ebb26dbea7aa0f SHA512 f0fa9659e5c06ad4239ede15ac5303675812db6cd06febade51c68aaa05e289ad1f206e53f78c327e918955be4e69e07b621671110044b3f1fc1d161ee36ee64 -MISC metadata.xml 882 BLAKE2B 76bf034c9869b503725f301f0f478c0449787057f1ba4bc22842ddee2d4460b68be1654cdc18e04504469880b71113e7a4b5a0a37fc9138eeb1b39fc2c8833f1 SHA512 2bbdd6bb5d0802985b242b8c058c749eca1adfb102820e2c587699622299936df90ee1ff43445df8686e1dd1648d0131bee40639ddfad3e26e9877c0c61dc40e +EBUILD nrpe-3.2.1-r2.ebuild 2476 BLAKE2B db4b5cccb4d03a0a5521b436e1c8d2a668b6a78aa4fe5edab7660711b86c8472ea934bfdc32dd1c81c4d0437aebcc70782d155537472a6d471bac243b94c3cc8 SHA512 d6c95485ba47471893ee641d5594bc688c9991890ee6c12bf03c579b189c2babc7ef17d473ad05610622ef40e0c2c4f34963cd87bba99afb269230829eb91c2a +MISC metadata.xml 770 BLAKE2B 93991f7ee4c1b6c26b67e873fae0cdb66170cd93ba6b79d6e798cb2605126888a996f633eccd038ece2a822d1b92498c2036746bb3a1add2e336c6026c2db86d SHA512 48693abab21581eff977b8deaa5fabc5d388960c9cd090b590a1f6d3c8d37b63fe33ec86d6f95d7435404314b84053f8c2ca84b0f33c6c7241ea7260f82a3a27 diff --git a/net-analyzer/nrpe/files/nrpe-2.14-multiline.patch b/net-analyzer/nrpe/files/nrpe-2.14-multiline.patch deleted file mode 100644 index 3af2ef95baba..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.14-multiline.patch +++ /dev/null @@ -1,204 +0,0 @@ -Add support for large output - -http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.htmlIndex: nrpe-2.14/include/common.h -=================================================================== -Index: nrpe-2.14/include/common.h -=================================================================== ---- nrpe-2.14.orig/include/common.h -+++ nrpe-2.14/include/common.h -@@ -41,7 +41,7 @@ - #define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */ - #define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for connection more than this time */ - --#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */ -+#define MAX_INPUT_BUFFER 16384 /* max size of most buffers we use */ - #define MAX_FILENAME_LENGTH 256 - - #define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */ -@@ -55,12 +55,14 @@ - - #define QUERY_PACKET 1 /* id code for a packet containing a query */ - #define RESPONSE_PACKET 2 /* id code for a packet containing a response */ -+#define RESPONSE_PACKET_WITH_MORE 3 /* id code for a packet containing a response, with more data to follow */ - - #define NRPE_PACKET_VERSION_3 3 /* packet version identifier */ - #define NRPE_PACKET_VERSION_2 2 - #define NRPE_PACKET_VERSION_1 1 /* older packet version identifiers (no longer supported) */ - - #define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */ -+ /* WARNING - do not change this as older clients/servers will not work */ - - typedef struct packet_struct{ - int16_t packet_version; -Index: nrpe-2.14/src/check_nrpe.c -=================================================================== ---- nrpe-2.14.orig/src/check_nrpe.c -+++ nrpe-2.14/src/check_nrpe.c -@@ -221,6 +221,11 @@ int main(int argc, char **argv){ - return STATE_UNKNOWN; - } - -+ /* Altinity patch: Allow multiple packets to be received */ -+ /* Indentation not corrected to allow simpler patching */ -+ /* START MULTI_PACKET LOOP */ -+ do { -+ - /* wait for the response packet */ - bytes_to_recv=sizeof(receive_packet); - if(use_ssl==FALSE) -@@ -233,31 +238,24 @@ int main(int argc, char **argv){ - /* reset timeout */ - alarm(0); - -- /* close the connection */ --#ifdef HAVE_SSL -- if(use_ssl==TRUE){ -- SSL_shutdown(ssl); -- SSL_free(ssl); -- SSL_CTX_free(ctx); -- } --#endif -- graceful_close(sd,1000); -- - /* recv() error */ - if(rc<0){ - printf("CHECK_NRPE: Error receiving data from daemon.\n"); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - - /* server disconnected */ - else if(rc==0){ - printf("CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.\n"); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - - /* receive underflow */ - else if(bytes_to_recv<sizeof(receive_packet)){ - printf("CHECK_NRPE: Receive underflow - only %d bytes received (%d expected).\n",bytes_to_recv,sizeof(receive_packet)); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - -@@ -271,21 +269,21 @@ int main(int argc, char **argv){ - calculated_crc32=calculate_crc32((char *)&receive_packet,sizeof(receive_packet)); - if(packet_crc32!=calculated_crc32){ - printf("CHECK_NRPE: Response packet had invalid CRC32.\n"); -- close(sd); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - - /* check packet version */ - if(ntohs(receive_packet.packet_version)!=NRPE_PACKET_VERSION_2){ - printf("CHECK_NRPE: Invalid packet version received from server.\n"); -- close(sd); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - - /* check packet type */ -- if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET){ -+ if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET && ntohs(receive_packet.packet_type)!=RESPONSE_PACKET_WITH_MORE){ - printf("CHECK_NRPE: Invalid packet type received from server.\n"); -- close(sd); -+ graceful_close(sd,1000); - return STATE_UNKNOWN; - } - -@@ -297,8 +295,18 @@ int main(int argc, char **argv){ - if(!strcmp(receive_packet.buffer,"")) - printf("CHECK_NRPE: No output returned from daemon.\n"); - else -- printf("%s\n",receive_packet.buffer); -- } -+ printf("%s",receive_packet.buffer); -+ -+ } while (ntohs(receive_packet.packet_type)==RESPONSE_PACKET_WITH_MORE); -+ /* END MULTI_PACKET LOOP */ -+ -+ /* Finish output with newline */ -+ printf("\n"); -+ -+ /* close the connection */ -+ graceful_close(sd,1000); -+ -+ } - - /* reset the alarm */ - else -@@ -434,6 +442,14 @@ int graceful_close(int sd, int timeout){ - struct timeval tv; - char buf[1000]; - -+#ifdef HAVE_SSL -+ if(use_ssl==TRUE){ -+ SSL_shutdown(ssl); -+ SSL_free(ssl); -+ SSL_CTX_free(ctx); -+ } -+#endif -+ - /* send FIN packet */ - shutdown(sd,SHUT_WR); - for(;;){ -Index: nrpe-2.14/src/nrpe.c -=================================================================== ---- nrpe-2.14.orig/src/nrpe.c -+++ nrpe-2.14/src/nrpe.c -@@ -1056,6 +1056,8 @@ void handle_connection(int sock){ - char processed_command[MAX_INPUT_BUFFER]; - int result=STATE_OK; - int early_timeout=FALSE; -+ int bytes_copied=0; -+ char *pbuffer=&buffer[0]; - int rc; - int x; - #ifdef DEBUG -@@ -1272,6 +1274,14 @@ void handle_connection(int sock){ - if(buffer[strlen(buffer)-1]=='\n') - buffer[strlen(buffer)-1]='\x0'; - -+ /* Altinity patch to allow multi packet responses */ -+ /* Loop not indented to allow easier patching */ -+ /* START MULTI_PACKET LOOP */ -+ do { -+ -+ if(debug==TRUE) -+ syslog(LOG_DEBUG,"Sending response - bytes left: %d", strlen(pbuffer)); -+ - /* clear the response packet buffer */ - bzero(&send_packet,sizeof(send_packet)); - -@@ -1280,11 +1290,17 @@ void handle_connection(int sock){ - - /* initialize response packet data */ - send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2); -- send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET); - send_packet.result_code=(int16_t)htons(result); -- strncpy(&send_packet.buffer[0],buffer,MAX_PACKETBUFFER_LENGTH); -+ strncpy(&send_packet.buffer[0],pbuffer,MAX_PACKETBUFFER_LENGTH); - send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0'; -- -+ -+ bytes_copied = strlen(&send_packet.buffer[0]); -+ pbuffer = pbuffer+bytes_copied; -+ if(strlen(pbuffer)>0) -+ send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET_WITH_MORE); -+ else -+ send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET); -+ - /* calculate the crc 32 value of the packet */ - send_packet.crc32_value=(u_int32_t)0L; - calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet)); -@@ -1303,6 +1319,9 @@ void handle_connection(int sock){ - SSL_write(ssl,&send_packet,bytes_to_send); - #endif - -+ } while (strlen(pbuffer) > 0); -+ /* END MULTI_PACKET LOOP */ -+ - #ifdef HAVE_SSL - if(ssl){ - complete_SSL_shutdown( ssl); diff --git a/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch b/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch deleted file mode 100644 index 81078c449713..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -Nuar --exclude '*.orig' nrpe-2.15.orig/configure.in nrpe-2.15/configure.in ---- nrpe-2.15.orig/configure.in 2013-09-06 08:27:13.000000000 -0700 -+++ nrpe-2.15/configure.in 2014-04-19 09:32:52.251766643 -0700 -@@ -6,7 +6,8 @@ - - AC_INIT([nrpe],[2.15],[nagios-users@lists.sourceforge.net],[nrpe],[http://www.nagios.org]) - AC_CONFIG_SRCDIR([src/nrpe.c]) --AC_CONFIG_HEADERS([include/config.h]) -+AC_CONFIG_HEADERS([include/autoconf.h]) - AC_CONFIG_FILES([Makefile -+ include/config.h - subst - src/Makefile -diff -Nuar --exclude '*.orig' nrpe-2.15.orig/include/config.h.in nrpe-2.15/include/config.h.in ---- nrpe-2.15.orig/include/config.h.in 2013-09-06 08:27:13.000000000 -0700 -+++ nrpe-2.15/include/config.h.in 2014-04-19 09:33:07.620035056 -0700 -@@ -26,6 +26,7 @@ - - #include <stdio.h> - #include <stdlib.h> -+#include "autoconf.h" - - - #define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */ diff --git a/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch b/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch deleted file mode 100644 index c42f8bfdec00..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch +++ /dev/null @@ -1,26 +0,0 @@ -Disallow all control characters in argument handling. - -This closes a security hole that allowed passing commands via the argument -handling, if a newline was used to seperate the argument from the rest of the -command. - -X-URL: http://www.exploit-db.com/exploits/32925/ -Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> - --- -I didn't find any patches from upstream NRPE, so I wrote this quick one. -If somebody else has a valid use for control characters in NRPE arguments, then -this could be relaxed slightly. - -diff -Nuar --exclude '*.orig' nrpe-2.15.orig/src/nrpe.c nrpe-2.15/src/nrpe.c ---- nrpe-2.15.orig/src/nrpe.c 2014-04-19 09:37:16.022373910 -0700 -+++ nrpe-2.15/src/nrpe.c 2014-04-19 09:46:53.237458939 -0700 -@@ -53,7 +53,7 @@ - - #define DEFAULT_COMMAND_TIMEOUT 60 /* default timeout for execution of plugins */ - #define MAXFD 64 --#define NASTY_METACHARS "|`&><'\"\\[]{};" -+#define NASTY_METACHARS "|`&><'\"\\[]{};\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f" - #define howmany(x,y) (((x)+((y)-1))/(y)) - #define MAX_LISTEN_SOCKS 16 - diff --git a/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch b/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch deleted file mode 100644 index 3b3fc135455f..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch +++ /dev/null @@ -1,39 +0,0 @@ -Without this patch, you can't build nrpe without SSL support. It was -originally submitted on the Nagios forums by user Matthew L. Daniel: - - https://support.nagios.com/forum/viewtopic.php?t=27027 - -It was merged into the upstream github repo (NagiosEnterprises/nrpe) -in commit 3736fdeeac11a. - - -diff --git a/src/nrpe.c b/src/nrpe.c -index 4bc849b..1e55ab4 100644 ---- a/src/nrpe.c -+++ b/src/nrpe.c -@@ -102,7 +102,9 @@ int use_src=FALSE; /* Define parameter for SRC option */ - int listen_queue_size=DEFAULT_LISTEN_QUEUE_SIZE; - - -+#ifdef HAVE_SSL - void complete_SSL_shutdown( SSL *); -+#endif - - - int main(int argc, char **argv){ -@@ -1815,6 +1817,7 @@ int remove_pid_file(void){ - return OK; - } - -+#ifdef HAVE_SSL - void complete_SSL_shutdown( SSL *ssl) { - - /* -@@ -1835,6 +1838,7 @@ void complete_SSL_shutdown( SSL *ssl) { - if( SSL_shutdown( ssl)) break; - } - } -+#endif/*HAVE_SSL*/ - - /* bail if daemon is running as root */ - int check_privileges(void){ diff --git a/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch b/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch deleted file mode 100644 index b8a0811b831c..000000000000 --- a/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff -Nuar --exclude '*.orig' nrpe-2.15.orig/configure.in nrpe-2.15/configure.in ---- nrpe-2.15.orig/configure.in 2013-09-06 08:27:13.000000000 -0700 -+++ nrpe-2.15/configure.in 2014-04-19 09:20:50.406150828 -0700 -@@ -45,7 +45,7 @@ - AC_HEADER_STDC - AC_HEADER_TIME - AC_HEADER_SYS_WAIT --AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h) -+AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h) - - dnl Checks for typedefs, structures, and compiler characteristics. - AC_C_CONST -@@ -164,11 +164,20 @@ - AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl") - AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket") - AC_SUBST(SOCKETLIBS) --AC_CHECK_LIB(wrap,main,[ -- LIBWRAPLIBS="$LIBWRAPLIBS -lwrap" -+ -+AC_ARG_ENABLE([tcp-wrapper], -+ AS_HELP_STRING([--disable-tcp-wrapper], [Disable building with TCP wrappers. *** DISABLING IS A SECURITY RISK! *** Read the SECURITY file before using this option! @<:@default=enable@:>@])) -+ -+LIBWRAPLIBS="" -+AS_IF([test "x$enable_tcp_wrapper" != "xno"], [ -+ AC_CHECK_LIB([wrap],[hosts_access],[ -+ LIBWRAPLIBS="$LIBWRAPLIBS -lwrap" - AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library]) -- ]) -+ AC_DEFINE(HAVE_TCPD_H,[1],[Have the TCP wrappers library]) -+ ]) -+]) - AC_SUBST(LIBWRAPLIBS) -+ - AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket) - - dnl socklen_t check - from curl -@@ -440,8 +449,11 @@ - AC_SUBST(TARGET_PLATFORM) - - AC_ARG_ENABLE([command-args], -- AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]), -- AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments])) -+ AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!])) -+ -+AS_IF([test "x$enable_command_args" = "xyes"], [ -+ AC_DEFINE(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments]) -+]) - - AC_ARG_ENABLE([bash-command-substitution], - AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to pass bash command substitutions of the form $(command). *** THIS IS A HIGH SECURITY RISK! *** Read the SECURITY file before using this option!]), diff --git a/net-analyzer/nrpe/metadata.xml b/net-analyzer/nrpe/metadata.xml index e47fd6fd83c9..6d48b12e1abf 100644 --- a/net-analyzer/nrpe/metadata.xml +++ b/net-analyzer/nrpe/metadata.xml @@ -15,9 +15,6 @@ Nagios/Icinga master. Make sure you understand the implications of this flag as it can be a security risk. </flag> - <flag name="minimal"> - Only build the check plugins for Nagios/Icinga, and not the daemon. - </flag> </use> <upstream> <remote-id type="sourceforge">nagios</remote-id> diff --git a/net-analyzer/nrpe/nrpe-2.15-r3.ebuild b/net-analyzer/nrpe/nrpe-2.15-r3.ebuild deleted file mode 100644 index afdbdc893c41..000000000000 --- a/net-analyzer/nrpe/nrpe-2.15-r3.ebuild +++ /dev/null @@ -1,140 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -inherit eutils systemd toolchain-funcs multilib user autotools - -DESCRIPTION="Nagios Remote Plugin Executor" -HOMEPAGE="http://www.nagios.org/" -SRC_URI="mirror://sourceforge/nagios/${P}.tar.gz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" -IUSE="command-args libressl minimal selinux ssl tcpd" - -DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - !minimal? ( tcpd? ( sys-apps/tcp-wrappers ) )" -RDEPEND="${DEPEND} - !minimal? ( - || ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins ) - ) - selinux? ( sec-policy/selinux-nagios )" - -pkg_setup() { - enewgroup nagios - enewuser nagios -1 /bin/bash /dev/null nagios - - elog "If you plan to use \"nrpe_check_control\" then you may want to specify" - elog "different command and services files. You can override the defaults" - elog "through the \"NAGIOS_COMMAND_FILE\" and \"NAGIOS_SERVICES_FILE\" environment variables." - elog "NAGIOS_COMMAND_FILE=${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}" - elog "NAGIOS_SERVICES_FILE=${NAGIOS_SERVICES_FILE:-/etc/services.cfg}" -} - -src_prepare() { - # Add support for large output, - # http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.html - epatch "${FILESDIR}"/${PN}-2.14-multiline.patch - - # fix configure, among others #326367, #397603 - epatch "${FILESDIR}"/${PN}-2.15-tcpd-et-al.patch - - # otherwise autoconf will overwrite the custom include/config.h.in - epatch "${FILESDIR}"/${PN}-2.15-autoconf-header.patch - - # improve handling of metachars for security - epatch "${FILESDIR}"/${PN}-2.15-metachar-security-fix.patch - - # Fix build with USE="-ssl". - epatch "${FILESDIR}"/${PN}-2.15-no-ssl.patch - - sed -i -e '/define \(COMMAND\|SERVICES\)_FILE/d' \ - contrib/nrpe_check_control.c || die - - # change the default location of the pid file - sed -i -e '/pid_file/s:/var/run:/run:' sample-config/nrpe.cfg.in || die - - # fix TFU handling of autoheader - sed -i -e '/#undef/d' include/config.h.in || die - - eautoreconf -} - -src_configure() { - local myconf - if use minimal; then - myconf="--disable-tcp-wrapper --disable-command-args" - else - myconf="$(use_enable tcpd tcp-wrapper) $(use_enable command-args)" - fi - - econf \ - --libexecdir=/usr/$(get_libdir)/nagios/plugins \ - --localstatedir=/var/nagios \ - --sysconfdir=/etc/nagios \ - --with-nrpe-user=nagios \ - --with-nrpe-group=nagios \ - $(use_enable ssl) \ - ${myconf} -} - -src_compile() { - emake -C src check_nrpe $(use minimal || echo nrpe) - - # Add nifty nrpe check tool - $(tc-getCC) ${CPPFLAGS} ${CFLAGS} \ - -DCOMMAND_FILE=\"${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}\" \ - -DSERVICES_FILE=\"${NAGIOS_SERVICES_FILE:-/etc/services.cfg}\" \ - ${LDFLAGS} -o nrpe_check_control contrib/nrpe_check_control.c || die -} - -src_install() { - dodoc LEGAL Changelog README SECURITY \ - contrib/README.nrpe_check_control \ - $(use ssl && echo README.SSL) - - exeinto /usr/$(get_libdir)/nagios/plugins - doexe src/check_nrpe nrpe_check_control - - use minimal && return 0 - - ## NON-MINIMAL INSTALL FOLLOWS ## - - insinto /etc/nagios - newins sample-config/nrpe.cfg nrpe.cfg - fowners root:nagios /etc/nagios/nrpe.cfg - fperms 0640 /etc/nagios/nrpe.cfg - - exeinto /usr/libexec - doexe src/nrpe - - newinitd "${FILESDIR}"/nrpe.init nrpe - systemd_dounit "${FILESDIR}/${PN}.service" - - insinto /etc/xinetd.d/ - newins "${FILESDIR}/nrpe.xinetd.2" nrpe - - if use tcpd; then - sed -i -e '/^reload()/, /^}/ d' -e '/extra_started_commands/s:reload::' \ - "${D}"/etc/init.d/nrpe - fi -} - -pkg_postinst() { - elog "If you are using the nrpe daemon, remember to edit" - elog "the config file /etc/nagios/nrpe.cfg" - - if use command-args ; then - ewarn "" - ewarn "You have enabled command-args for NRPE. This enables" - ewarn "the ability for clients to supply arguments to commands" - ewarn "which should be run. " - ewarn "THIS IS CONSIDERED A SECURITY RISK!" - ewarn "Please read /usr/share/doc/${PF}/SECURITY.bz2 for more info" - fi -} diff --git a/net-analyzer/nrpe/nrpe-3.2.1.ebuild b/net-analyzer/nrpe/nrpe-3.2.1-r2.ebuild index 3a4f9d8d2513..430050c49b14 100644 --- a/net-analyzer/nrpe/nrpe-3.2.1.ebuild +++ b/net-analyzer/nrpe/nrpe-3.2.1-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -22,19 +22,31 @@ RDEPEND="${DEPEND} || ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins ) selinux? ( sec-policy/selinux-nagios )" +PATCHES=( "${FILESDIR}/nrpe-3.2.1-eliminate-systemd-pid.patch" ) + pkg_setup() { enewgroup nagios - enewuser nagios -1 /bin/bash /var/nagios/home nagios + enewuser nagios -1 -1 -1 nagios } src_configure() { + # The configure script tries to detect what OS, distribution, and + # init system you're running and changes the build/install process + # depending on what it comes up with. We specify fixed values + # because we don't want it guessing, for example, whether or not + # to install the tmpfiles.d entry based on whether or not systemd + # is currently running (OpenRC uses them too). econf \ --libexecdir=/usr/$(get_libdir)/nagios/plugins \ - --localstatedir=/var/nagios \ + --localstatedir=/var/lib/nagios \ --sysconfdir=/etc/nagios \ --with-nrpe-user=nagios \ --with-nrpe-group=nagios \ --with-piddir=/run \ + --with-opsys=unknown \ + --with-dist-type=unknown \ + --with-init-type=unknown \ + --with-inetd-type=unknown \ $(use_enable command-args) \ $(use_enable ssl) } |