summaryrefslogtreecommitdiff
path: root/net-analyzer
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2022-09-20 17:24:07 +0100
committerV3n3RiX <venerix@koprulu.sector>2022-09-20 17:24:07 +0100
commit800c4c398cad9dd837da33062e71ccc84114fe05 (patch)
tree9016107a696d96ddfaea5f7fa6d55eadc54d4987 /net-analyzer
parentc17e7d2a8cc12551a02d28209cd2edbf078d5675 (diff)
gentoo auto-resync : 20:09:2022 - 17:24:07
Diffstat (limited to 'net-analyzer')
-rw-r--r--net-analyzer/Manifest.gzbin44716 -> 44720 bytes
-rw-r--r--net-analyzer/nagios-core/Manifest2
-rw-r--r--net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch120
-rw-r--r--net-analyzer/nagios-core/nagios-core-4.4.7-r1.ebuild268
4 files changed, 390 insertions, 0 deletions
diff --git a/net-analyzer/Manifest.gz b/net-analyzer/Manifest.gz
index 7f9de2c471ef..377002e0a13c 100644
--- a/net-analyzer/Manifest.gz
+++ b/net-analyzer/Manifest.gz
Binary files differ
diff --git a/net-analyzer/nagios-core/Manifest b/net-analyzer/nagios-core/Manifest
index b4cd2497c396..4572f0123fb0 100644
--- a/net-analyzer/nagios-core/Manifest
+++ b/net-analyzer/nagios-core/Manifest
@@ -1,6 +1,8 @@
AUX 99_nagios4-r1.conf 309 BLAKE2B c539330d9f100045fc02d13061dd3b8e958370c8885ef8d28c38ee380b2043d86c9b0097c158dbc5d486f1c53e22ef6f52a96286d0c50d1d47d9eb025fb6b8a9 SHA512 cb93d6af5b6f43b172cec276f669ef786268c1ba51ffda994733c98a8ad5f625229aecaed68b5cb433a66257a8eb66ec16f9569aa87b6dcecf21d8339bd5fb8f
AUX lighttpd_nagios4-r1.conf 297 BLAKE2B 8976123407c47be6023c5dae57c833f7e0b43ae2c70348dcd72b754453b5a84dd335daa222b4b75e5c19b3d5c18b64496739bdb61b8f2f67f5655b80a0ffb65f SHA512 2ef5268e9ba228d12e3dabb5a23ce73e49b7149a047acd4a2daac3cd3415b5233aaaf3b972c85780e71bd5fe3eefb6755a6222b40a509104fb318e219366867f
+AUX nagios-core-4.4.7-upgrade-sslfix.patch 3818 BLAKE2B b6c8eff521ed909100a1469b01524e049082d5e4a7fef55b1743256cf67717985d2a2e80ff813b72eaf3014c7671225d40b646448915796766307846838e7692 SHA512 25df0d64ed03cdb122208a42daf0f1ddf5730f0a1a803f1821bfef431f7780486874a5e1a0bd6ef7361420dddde6b8bfc13210e18c48084c73ae74600d54a2de
DIST nagios-4.4.7.tar.gz 11340759 BLAKE2B 4316e6cfc7f576d0fe5ba075aba2931dc850c97fe84b124eceeefaa6c01563c0639c8cecf751e086d5a6f9c0a1079f7e9bd013f961956d7d59536dea4516cf86 SHA512 92adc74e687bcbbd742075c8c7222d42c90795a4eb7582e3f1f492349db8200c61f390bf3c4cab4b023c5c111353a43f5dd687b0ee5ab6a8775444e06d42517b
DIST nagios-core-gentoo-icons-20141125.tar 40960 BLAKE2B 31c1953e1160c7c7b89606b72b1a80407e4c1b7a7938b40bd1c577cd0c309dd88ca6b775d692a9b846dbf67736537fa9c91e56aa15fdd447769608ca525bff09 SHA512 bf109879cddd6136b76baba55d0b60b2596e37431dcf5ce0905d34a9fa292ebf7e4bde82d9a084362c486e8fac344c76d88f9298b1b85541ed70ffd608493766
+EBUILD nagios-core-4.4.7-r1.ebuild 9300 BLAKE2B 9cb92e9ca16a0ab828bbca70074a2e19a9c493bda848e52f01459e1faf704380a1cbacc6be04cce1fb654e77318c9c3943d7453e50dd0fa3b941a2c05619d46a SHA512 22ca0681b3997a01641b542525e20edbed0bcb6938f0c7473d220d000fa30b0995d089c5d19b789a5a54fe1ee5f54d1578381f660bb825e5e091530ee7ba6120
EBUILD nagios-core-4.4.7.ebuild 9243 BLAKE2B cdbc7b6b1f4ee156db7000d4413f33722d888c7cdb2bca0f072d189219cc677d9da6a255590b126505f9ac27329ff2361d55e5eebc47c2e553bf2200a370e36c SHA512 81b8c9af2f2b0dd9dcb362163c2bc224de97fe0327ee97b4376ddab373a1c657fe3be88bb948e0d9f6398aab6a9f79bca40e757adbc0130d473530c0f5570bed
MISC metadata.xml 1467 BLAKE2B d5ddd6280aafd3ad3a36a408071037fa757810382761f617eb2763a20e65185b30eef94fb4cdad7d4b5e9b81b6245efacf57d4ec0003406d66ef2053f09f3708 SHA512 25d3d4d19c18b416a0902d2ff39c0ca71b2e7bcc2bac61119b9636c6462391e65b2767d8b0e794abb318b19fe1c2bcbf2c80ee8d1ea6faec3f6eb9cddf60a9cd
diff --git a/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch b/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch
new file mode 100644
index 000000000000..c89f096caaa5
--- /dev/null
+++ b/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch
@@ -0,0 +1,120 @@
+From 5fd2e1541a873e87f689de601beb3bc35910740d Mon Sep 17 00:00:00 2001
+From: Doug Nazar <nazard@nazar.ca>
+Date: Wed, 22 Jun 2022 15:07:03 -0400
+Subject: [PATCH 1/2] Fix SSL handling during upgrade check
+
+Only update counters if we've received data, not on error (-1) since
+we can then overwrite the stack, causing fault.
+
+my_ssl_connect() can return before initializing ssl & ctx. Ensure NULL
+initialization so *_free() are no-ops.
+
+Cleanly shutdown the channel after receiving all data.
+
+Use the client version of the TLS method to match the other options.
+---
+ base/netutils.c | 22 ++++++++++++----------
+ base/utils.c | 4 ++--
+ 2 files changed, 14 insertions(+), 12 deletions(-)
+
+diff --git a/base/netutils.c b/base/netutils.c
+index 08ee40dd7..689b56f9b 100644
+--- a/base/netutils.c
++++ b/base/netutils.c
+@@ -154,7 +154,7 @@ int my_ssl_connect(const char *host_name, int port, int *sd, SSL **ssl, SSL_CTX
+
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000
+
+- method = TLS_method();
++ method = TLS_client_method();
+
+ #else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
+
+@@ -268,11 +268,11 @@ int my_ssl_sendall(int s, SSL *ssl, const char *buf, int *len, int timeout) {
+ /* If we hit one of these two errors, we just want to select() the socket again */
+ break;
+ }
++ } else {
++ total_sent += n;
++ bytes_left -= n;
+ }
+
+- total_sent += n;
+- bytes_left -= n;
+-
+ /* make sure we haven't overrun the timeout */
+ time(&current_time);
+ if(current_time - start_time > timeout) {
+@@ -337,17 +337,19 @@ int my_ssl_recvall(int s, SSL *ssl, char *buf, int *len, int timeout) {
+ n = SSL_read(ssl, buf + total_received, bytes_left);
+ if(n <= 0) {
+ int error = SSL_get_error(ssl, n);
++ /* If we hit one of these two errors, we just want to select() the socket again */
+ if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) {
+- /* An actual error happened */
+- /* If we hit one of these two errors, we just want to select() the socket again */
++ /* EOF or an actual error happened */
++ if (error == SSL_ERROR_ZERO_RETURN)
++ SSL_shutdown(ssl);
+ break;
+ }
++ } else {
++ /* apply bytes we received */
++ total_received += n;
++ bytes_left -= n;
+ }
+
+- /* apply bytes we received */
+- total_received += n;
+- bytes_left -= n;
+-
+ /* make sure we haven't overrun the timeout */
+ time(&current_time);
+ if(current_time - start_time > timeout) {
+diff --git a/base/utils.c b/base/utils.c
+index 79c6efba6..e83f7176a 100644
+--- a/base/utils.c
++++ b/base/utils.c
+@@ -3379,8 +3379,8 @@ int query_update_api(void) {
+ }
+
+ #ifdef HAVE_SSL
+- SSL *ssl;
+- SSL_CTX *ctx;
++ SSL *ssl = NULL;
++ SSL_CTX *ctx = NULL;
+
+ int result = my_ssl_connect(api_server, 443, &sd, &ssl, &ctx, 2);
+ if(sd > 0 && result != ERROR) {
+
+From a2c1415f14db6bbce9ba3d1d5a0c8218dd8c4fb8 Mon Sep 17 00:00:00 2001
+From: Doug Nazar <nazard@nazar.ca>
+Date: Wed, 22 Jun 2022 15:14:34 -0400
+Subject: [PATCH 2/2] Silence warning about port_str not large enough for port.
+
+---
+ base/netutils.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/base/netutils.c b/base/netutils.c
+index 689b56f9b..1fb1ec6a9 100644
+--- a/base/netutils.c
++++ b/base/netutils.c
+@@ -46,7 +46,7 @@ int my_ssl_connect(const char *host_name, int port, int *sd, SSL **ssl, SSL_CTX
+ hints.ai_socktype = SOCK_STREAM;
+
+ /* make sure our static port_str is long enough */
+- if(port > 65535)
++ if(port < 0 || port > 65535)
+ return ERROR;
+
+ snprintf(port_str, sizeof(port_str), "%d", port);
+@@ -385,7 +385,7 @@ int my_tcp_connect(const char *host_name, int port, int *sd, int timeout) {
+ hints.ai_socktype = SOCK_STREAM;
+
+ /* make sure our static port_str is long enough */
+- if(port > 65535)
++ if(port < 0 || port > 65535)
+ return ERROR;
+
+ snprintf(port_str, sizeof(port_str), "%d", port);
diff --git a/net-analyzer/nagios-core/nagios-core-4.4.7-r1.ebuild b/net-analyzer/nagios-core/nagios-core-4.4.7-r1.ebuild
new file mode 100644
index 000000000000..86ae61814588
--- /dev/null
+++ b/net-analyzer/nagios-core/nagios-core-4.4.7-r1.ebuild
@@ -0,0 +1,268 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd toolchain-funcs
+
+MY_P="${PN/-core}-${PV}"
+DESCRIPTION="Nagios core - monitoring daemon, web GUI, and documentation"
+HOMEPAGE="https://www.nagios.org/"
+
+# The name of the directory into which our Gentoo icons will be
+# extracted, and also the basename of the archive containing it.
+GENTOO_ICONS="${PN}-gentoo-icons-20141125"
+SRC_URI="mirror://sourceforge/nagios/${MY_P}.tar.gz
+ web? ( https://dev.gentoo.org/~mjo/distfiles/${GENTOO_ICONS}.tar )"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="apache2 classicui lighttpd +web vim-syntax"
+
+# In pkg_postinst(), we change the group of the Nagios configuration
+# directory to that of the web server user. It can't belong to both
+# apache/lighttpd groups at the same time, so we block this combination
+# for our own sanity.
+#
+# This could be made to work, but we would need a better way to allow
+# the web user read-only access to Nagios's configuration directory.
+#
+REQUIRED_USE="apache2? ( !lighttpd )"
+
+#
+# Note, we require one of the apache2 CGI modules:
+#
+# * mod_cgi (USE=apache2_modules_cgi)
+# * mod_cgid (USE=apache2_modules_cgid)
+# * mod_fcgid (www-apache/mod_fcgid)
+#
+# We just don't care /which/ one. And of course PHP supports both CGI
+# (USE=cgi) and FastCGI (USE=fpm). We're pretty lenient with the
+# dependencies, and expect the user not to do anything /too/
+# stupid. (For example, installing Apache with only FastCGI support, and
+# PHP with only CGI support.)
+#
+# Another annoyance is that the upstream Makefile uses app-arch/unzip to
+# extract a snapshot of AngularJS, but that's only needed when USE=web.
+#
+MOD_ALIAS=apache2_modules_alias
+
+# The dependencies checked by the configure script. All of these are
+# also runtime dependencies; that's why ./configure checks for them.
+CONFIGURE_DEPEND="acct-group/nagios
+ acct-user/nagios
+ virtual/mailx
+ dev-lang/perl:="
+
+# In addition to the things that the ./configure script checks for,
+# we also need to be able to unzip stuff on the build host.
+#
+# We need the apache/lighttpd groups in src_install() for the things
+# installed as the --with-command-group argument, so they go here too.
+# The groups are also needed at runtime, but that is ensured by apache
+# and lighttpd themselves being in RDEPEND.
+BDEPEND="${CONFIGURE_DEPEND}
+ apache2? ( acct-group/apache )
+ lighttpd? ( acct-group/lighttpd )
+ web? ( app-arch/unzip )"
+
+# This is linked into /usr/bin/nagios{,tats}
+DEPEND="dev-libs/libltdl:0"
+
+RDEPEND="${CONFIGURE_DEPEND}
+ ${DEPEND}
+ web? (
+ media-libs/gd[jpeg,png]
+ lighttpd? ( www-servers/lighttpd[php] )
+ apache2? (
+ || (
+ www-servers/apache[${MOD_ALIAS},apache2_modules_cgi]
+ www-servers/apache[${MOD_ALIAS},apache2_modules_cgid]
+ ( www-servers/apache[${MOD_ALIAS}] www-apache/mod_fcgid ) )
+ || (
+ dev-lang/php:*[apache2]
+ dev-lang/php:*[cgi]
+ dev-lang/php:*[fpm] )
+ )
+ )
+ vim-syntax? ( app-vim/nagios-syntax )"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=( "${FILESDIR}/${P}-upgrade-sslfix.patch" )
+
+src_configure() {
+ local myconf
+
+ if use !apache2 && use !lighttpd ; then
+ myconf="${myconf} --with-command-group=nagios"
+ else
+ if use apache2 ; then
+ myconf="${myconf} --with-command-group=apache"
+ myconf="${myconf} --with-httpd-conf=/etc/apache2/conf.d"
+ elif use lighttpd ; then
+ myconf="${myconf} --with-command-group=lighttpd"
+ fi
+ fi
+
+ # We pass "unknown" as the init type because we don't want it to
+ # guess. Later on, we'll manually install both OpenRC and systemd
+ # services.
+ econf ${myconf} \
+ --prefix="${EPREFIX}/usr" \
+ --bindir="${EPREFIX}/usr/sbin" \
+ --localstatedir="${EPREFIX}/var/lib/nagios" \
+ --sysconfdir="${EPREFIX}/etc/nagios" \
+ --libexecdir="${EPREFIX}/usr/$(get_libdir)/nagios/plugins" \
+ --with-cgibindir="${EPREFIX}/usr/$(get_libdir)/nagios/cgi-bin" \
+ --with-webdir="${EPREFIX}/usr/share/nagios/htdocs" \
+ --with-init-type="unknown"
+
+ # The paths in the web server configuration files need to match
+ # those passed to econf above.
+ cp "${FILESDIR}/99_nagios4-r1.conf" \
+ "${FILESDIR}/lighttpd_nagios4-r1.conf" \
+ "${T}/" || die "failed to create copies of web server conf files"
+
+ sed -e "s|@CGIBINDIR@|${EPREFIX}/usr/$(get_libdir)/nagios/cgi-bin|g" \
+ -e "s|@WEBDIR@|${EPREFIX}/usr/share/nagios/htdocs|" \
+ -i "${T}/99_nagios4-r1.conf" \
+ -i "${T}/lighttpd_nagios4-r1.conf" \
+ || die "failed to substitute paths into web server conf files"
+
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" nagios
+
+ if use web; then
+ # Only compile the CGIs/HTML when USE=web is set.
+ emake CC="$(tc-getCC)" cgis html
+ fi
+}
+
+src_install() {
+ dodoc Changelog CONTRIBUTING.md README.md THANKS UPGRADING
+
+ # There is no way to install the CGIs unstripped from the top-level
+ # makefile, so descend into base/ here. The empty INSTALL_OPTS
+ # ensures that root:root: owns the nagios executables.
+ cd "${S}/base" || die
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-unstripped
+ cd "${S}" || die
+
+ # Otherwise this gets installed as 770 and you get "access denied"
+ # for some reason or other when starting nagios. The permissions
+ # on nagiostats are just for consistency (these should both get
+ # fixed upstream).
+ fperms 775 /usr/sbin/nagios /usr/sbin/nagiostats
+
+ # INSTALL_OPTS are needed for most of install-basic, but we don't
+ # want them on the LIBEXECDIR, argh.
+ emake DESTDIR="${D}" install-basic
+ fowners root:root /usr/$(get_libdir)/nagios/plugins
+
+ # Don't make the configuration owned by the nagios user, because
+ # then he can edit nagios.cfg and trick nagios into running as root
+ # and doing his bidding.
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-config
+
+ # No INSTALL_OPTS used in install-commandmode, thankfully.
+ emake DESTDIR="${D}" install-commandmode
+
+ # The build system installs these directories, but portage assumes
+ # that the build system doesn't know what it's doing so we have to
+ # keepdir them, too. I guess you'll have to manually re-check the
+ # upstream build system forever to see if this is still necessary.
+ keepdir /var/lib/nagios{,/archives,/rw,/spool,/spool/checkresults}
+
+ if use web; then
+ # There is no way to install the CGIs unstripped from the
+ # top-level makefile, so descend into cgi/ here. The empty
+ # INSTALL_OPTS ensures that root:root: owns the CGI executables.
+ cd "${S}/cgi" || die
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-unstripped
+ cd "${S}" || die
+
+ # install-html installs the new exfoliation theme
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-html
+
+ if use classicui; then
+ # This overwrites the already-installed exfoliation theme
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-classicui
+ fi
+
+ # Install cute Gentoo icons (bug #388323), setting their
+ # owner, group, and mode to match those of the rest of Nagios's
+ # images.
+ insinto /usr/share/nagios/htdocs/images/logos
+ doins "${WORKDIR}/${GENTOO_ICONS}"/*.*
+ fi
+
+ # The ./configure script for nagios detects the init system on the
+ # build host, which is wrong for all sorts of reasons. We've gone
+ # to great lengths above to avoid running "install-init" -- even
+ # indirectly -- and so now we must install whatever service files
+ # we need by hand.
+ newinitd startup/openrc-init nagios
+ systemd_newunit startup/default-service nagios.service
+
+ if use web ; then
+ if use apache2 ; then
+ # Install the Nagios configuration file for Apache.
+ insinto "/etc/apache2/modules.d"
+ newins "${T}/99_nagios4-r1.conf" "99_nagios4.conf"
+ elif use lighttpd ; then
+ # Install the Nagios configuration file for Lighttpd.
+ insinto /etc/lighttpd
+ newins "${T}/lighttpd_nagios4-r1.conf" nagios.conf
+ else
+ ewarn "${CATEGORY}/${PF} only supports apache or lighttpd"
+ ewarn "out of the box. Since you are not using one of them, you"
+ ewarn "will have to configure your webserver yourself."
+ fi
+ fi
+}
+
+pkg_postinst() {
+
+ if use web; then
+ if use apache2 || use lighttpd ; then
+ if use apache2; then
+ elog "To enable the Nagios web front-end, please edit"
+ elog "${ROOT}/etc/conf.d/apache2 and add \"-D NAGIOS -D PHP\""
+ elog "to APACHE2_OPTS. Then Nagios will be available at,"
+ elog
+ elif use lighttpd; then
+ elog "To enable the Nagios web front-end, please add"
+ elog "'include \"nagios.conf\"' to the lighttpd configuration"
+ elog "file at ${ROOT}/etc/lighttpd/lighttpd.conf. Then Nagios"
+ elog "will be available at,"
+ elog
+ fi
+
+ elog " http://localhost/nagios/"
+ fi
+ fi
+
+ elog
+ elog "If your kernel has /proc protection, nagios"
+ elog "will not be happy as it relies on accessing the proc"
+ elog "filesystem. You can fix this by adding nagios into"
+ elog "the group wheel, but this is not recomended."
+ elog
+
+ if [ -n "${REPLACING_VERSIONS}" ]; then
+ ewarn "The local state directory for nagios has changed in v4.4.5,"
+ ewarn "from ${EROOT}/var/nagios to ${EROOT}/var/lib/nagios. If you"
+ ewarn "wish to migrate your state to the new location, first stop"
+ ewarn "nagios and then run"
+ ewarn ""
+ ewarn " diff --recursive --brief ${EROOT}/var/nagios ${EROOT}/var/lib/nagios"
+ ewarn ""
+ ewarn "to identify any files that should be moved to the new"
+ ewarn "location. They can simply be moved with \"mv\" before"
+ ewarn "restarting nagios."
+ fi
+}