diff options
Diffstat (limited to 'net-analyzer/ndoutils')
-rw-r--r-- | net-analyzer/ndoutils/Manifest | 7 | ||||
-rw-r--r-- | net-analyzer/ndoutils/files/c23-compatibility.patch | 40 | ||||
-rw-r--r-- | net-analyzer/ndoutils/files/ndoutils-2.0.0-asprintf.patch | 16 | ||||
-rw-r--r-- | net-analyzer/ndoutils/files/secure-install-permissions.patch | 183 | ||||
-rw-r--r-- | net-analyzer/ndoutils/ndoutils-2.1.4.ebuild (renamed from net-analyzer/ndoutils/ndoutils-2.1.3-r4.ebuild) | 7 |
5 files changed, 47 insertions, 206 deletions
diff --git a/net-analyzer/ndoutils/Manifest b/net-analyzer/ndoutils/Manifest index 3c206de98ee9..cc2c8c8ef78e 100644 --- a/net-analyzer/ndoutils/Manifest +++ b/net-analyzer/ndoutils/Manifest @@ -1,8 +1,7 @@ +AUX c23-compatibility.patch 1276 BLAKE2B 513d53609114cc071390c5e3cc0e3a6171c287dde5f402b08e81a84f40ebf53bbb27327b5967958f57c476b59bef30b8d21195e75b15ea5bb367dd06231dc52c SHA512 56e428f5f89e307b811c8571cf9322124d4aafad92d423a89d652ea475fe85f2790233cc35feb923974035dbc531708695c8526c1e50606217ef37f2ccd8e08a AUX format-security.patch 3858 BLAKE2B 97170827cc167ec2c1377dd99fff562cbe717dd9098da38853d37b31164c1aa53790ffdb073692b6424051f59b0e83f1b19c064dcd4fd9be9dc140bc612ce4f1 SHA512 e8a5c867e310b76d7431d783faab1be802f6d04908958c07d278e5cb38462fd88f485759eeda1084caf87ce48f2e439de2d97d0efba701d21ed2a9870c74ed32 -AUX ndoutils-2.0.0-asprintf.patch 438 BLAKE2B 2d32a25467123281f8593b464362a66345ce1c138b897a2ddf4597770f3ae4897efb19765ca81ef29c6e3bd5079b14ec34f36138ce3853c4749b7adccc1404bb SHA512 78fe5b2004bba81b3956a96ad569b6e05e2eb20e203020d2c07e780dfc78f5f68450fb20a62388ec7ccdc37544cd896f29238dd9590cd474db1f73e101dcb9e6 AUX openrc-init.patch 3296 BLAKE2B f07c1c0fda7a0d2e1c3f2b9cbae60568f743d82454179bcb3ee367d8a022a406dd1bf0c775fc9b339524cc5c64e4af6aacb8df8a866809104e39f39d11531f26 SHA512 4beb0e72712909554deaa93aa3fe959e80bed3465f4f0a2153f8b4e994538e6d508e303451cc14425ecb5210845308e9a113f491900a977526327a2701b00eb7 AUX sample-config-piddir.patch 1098 BLAKE2B 467fab110ef030010acf8e130d91ba1f97424c611ef75ed0a7806d5034f1c8a5ecce2c64832a295347fb3e323342f3afc5f5d1fbbc3584f26bd2f3b226cbf3af SHA512 bae06d6571aa55c5b9f0103d9af861f50b31668f06dc9b9a29cdf961741455384d8c762338dbfb3c75e10bacba360ac5a706b6251a6ef5cec8fa0def4c679344 -AUX secure-install-permissions.patch 6866 BLAKE2B fbc323daf1152226ea94bc99059be9ab4893f2d011b8cac187a0bced78152815516a7a3b822a26035015f9440cb27a47db106be88e5df50aeb6856fb36011182 SHA512 a1e00ebb805cb0c4e3606477f1dd494447177863065a50aff43bdfbeddf5a9335c29529691805fe0bdc0b3ee459896324c43dc80a32caa7ac523ac048a8809d0 -DIST ndoutils-2.1.3.tar.gz 2182999 BLAKE2B 390548b9018d4434d5d0f69abee1d1a11f4e240150941f7f2f9e2662eb2cdb2f29b24244e094d5bdf8bfaf6c3be7bc8ebd9e6d510d66edad8bc9cf3245d5c2c3 SHA512 727f2051876ff32cafaf9993a69b721ae4ea81031fade12262dbb4c5399c601f3c1af362d9d550e1d6d56fac8fe044d515dc10fc43e7d4d3e981bc9a89db88de -EBUILD ndoutils-2.1.3-r4.ebuild 2892 BLAKE2B 00989cb0d6e01252c85df3d7cdaf6c1e452863b5e3bd2da009ddf084e8f59849a1a5136b5e15ad1f331f85395170e44a72621b4cb749384eb404b34740335793 SHA512 0858596f9532446717f657818bc90d7d1e2cbb26fa8bb9103d9257dea7d2cec48cc64550f1636d0858dc8e27007e68f321eea4018cb510d18b59805b28c8f847 +DIST ndoutils-2.1.4.tar.gz 2188648 BLAKE2B 751e206c6f2827c1a1277e7b5f1d72285c21fa22a8f50d7c488c35ad66353392279bf9f6ecdce978874d0c90da15a95369f46f758994d33b861154161919e98b SHA512 cb6991d9d79f4c438833035fb8434b1cf0f5c27393506a422c134c2c49a5eec2a9f068a59a304515bba62b4f114204b86ec1e2cd7f68b61b329ac1a7b30ef5eb +EBUILD ndoutils-2.1.4.ebuild 2912 BLAKE2B 3de7ed9bc2d0a773366f74e7fd48c1bcf1c18b159a132fa7d413da57dd4330064faba5035b40e4d4a6f021f958f30023564cdd4987dca49e23224f9d3f666bb4 SHA512 8c153b396618a5af58ac052c3268cf1814bcf5d3b054fd42fc50ba923827b1f745de4e5f2153cf6a14ef625332e0ff7e8b02207c53154f555fdc8f8ecc21a015 MISC metadata.xml 447 BLAKE2B be8b56cbd5627725f06feabb9438129f934e90ee93448dd3154edabc9a32cbe65d0b64c1c2f8c1b9d102b20d21d0a1fb0e10ee5ba96965c239f13439f7ca88b6 SHA512 c712854168abe638e5bbcd7c135ccc2906fe665bc8062fd11caa0a3003c5b6d5ec3e959c8295a74cf471025b0c6b88186261e32d37778222fcb3d72d78badb43 diff --git a/net-analyzer/ndoutils/files/c23-compatibility.patch b/net-analyzer/ndoutils/files/c23-compatibility.patch new file mode 100644 index 000000000000..39d568acd73b --- /dev/null +++ b/net-analyzer/ndoutils/files/c23-compatibility.patch @@ -0,0 +1,40 @@ +From c9e6b3476a36c9be81714c87ff75d3d1986e376d Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky <michael@orlitzky.com> +Date: Wed, 18 Dec 2024 21:29:56 -0500 +Subject: [PATCH] include/queue.h: ensure prototypes match implementations + +In the latest C23 standard, the prototype + + int get_queue_id(); + +indicates that get_queue_id takes no arguments. This of course +disagrees with its implementation, which takes one argument. C23 will +be the default mode in GCC-15, where this leads to a build failure: + + queue.c:57:5: error: conflicting types for 'get_queue_id'; have 'int(int)' + 57 | int get_queue_id(int id) { + | ^~~~~~~~~~~~ + In file included from queue.c:30: + ../include/queue.h:40:5: note: previous declaration of 'get_queue_id' with + type 'int(void)' + 40 | int get_queue_id(); + | ^~~~~~~~~~~~ + +To fix it, we update the prototype for get_queue_id(). +--- + include/queue.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/queue.h b/include/queue.h +index 5f94e4d..4219c5b 100644 +--- a/include/queue.h ++++ b/include/queue.h +@@ -37,7 +37,7 @@ struct queue_msg + void del_queue(); + + /* initialize new queue or open existing */ +-int get_queue_id(); ++int get_queue_id(int); + + /* insert into queue */ + void push_into_queue(char*); diff --git a/net-analyzer/ndoutils/files/ndoutils-2.0.0-asprintf.patch b/net-analyzer/ndoutils/files/ndoutils-2.0.0-asprintf.patch deleted file mode 100644 index 21cf837ba36d..000000000000 --- a/net-analyzer/ndoutils/files/ndoutils-2.0.0-asprintf.patch +++ /dev/null @@ -1,16 +0,0 @@ -This is a fix for the QA warnings that result from using asprintf() -without defining it. That happens because asprintf() is a GNU -extension, but somehow gets used before _GNU_SOURCE is defined. - -Upstream-Bug: https://github.com/NagiosEnterprises/ndoutils/issues/43 - ---- a/include/config.h.in -+++ b/include/config.h.in -@@ -9,6 +9,7 @@ - #ifndef _CONFIG_H - #define _CONFIG_H - -+#define _GNU_SOURCE - #include <stdio.h> - #include <stdlib.h> - diff --git a/net-analyzer/ndoutils/files/secure-install-permissions.patch b/net-analyzer/ndoutils/files/secure-install-permissions.patch deleted file mode 100644 index a4c50ab6cedc..000000000000 --- a/net-analyzer/ndoutils/files/secure-install-permissions.patch +++ /dev/null @@ -1,183 +0,0 @@ -From 18ef12037f4a68772d6840cbaa08aa2da07d2891 Mon Sep 17 00:00:00 2001 -From: Michael Orlitzky <michael@orlitzky.com> -Date: Sat, 2 Mar 2024 19:30:54 -0500 -Subject: [PATCH 1/2] configure.ac: don't install binaries as - ndo2db_user:ndo2db_group - -In configure.ac we were adding two flags to INSTALL_OPTS that change -the owner:group of all installed files to ndo2db_user:ndo2db_group. -This is often a security vulnerability, since executables (we have a -few) are typically installed into everyone's PATH. If root ever -executes them, the ndo2db_user can take advantage of the situation to -run malicious code as root. - -Fortunately the change in ownership is not really needed. We simply -drop the INSTALL_OPTS, which are used for nothing else, allowing our -files to be installed as the user who is doing the installing. When -installing to one of the system PATHs, that will almost always be -root. ---- - Makefile.in | 9 ++++----- - configure.ac | 2 -- - docs/docbook/en-en/Makefile.in | 1 - - src/Makefile.in | 31 +++++++++++++++---------------- - 4 files changed, 19 insertions(+), 24 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 58c9f0f..68774c2 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -37,7 +37,6 @@ INSTALL=@INSTALL@ - GREP=@GREP@ - EGREP=@EGREP@ - --INSTALL_OPTS=@INSTALL_OPTS@ - OPSYS=@opsys@ - DIST=@dist_type@ - -@@ -98,10 +97,10 @@ install: - @echo "" - - install-config: -- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR) -- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(PIPEDIR) -- $(INSTALL) -m 644 $(INSTALL_OPTS) config/ndo2db.cfg-sample $(DESTDIR)$(CFGDIR) -- $(INSTALL) -m 644 $(INSTALL_OPTS) config/ndomod.cfg-sample $(DESTDIR)$(CFGDIR) -+ $(INSTALL) -m 775 -d $(DESTDIR)$(CFGDIR) -+ $(INSTALL) -m 775 -d $(DESTDIR)$(PIPEDIR) -+ $(INSTALL) -m 644 config/ndo2db.cfg-sample $(DESTDIR)$(CFGDIR) -+ $(INSTALL) -m 644 config/ndomod.cfg-sample $(DESTDIR)$(CFGDIR) - @echo "" - @echo "*** Config files installed ***" - @echo "" -diff --git a/configure.ac b/configure.ac -index 58b47a4..3279397 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -317,8 +317,6 @@ AC_ARG_WITH(ndo2db_user,AC_HELP_STRING([--with-ndo2db-user=<user>],[sets user na - AC_ARG_WITH(ndo2db_group,AC_HELP_STRING([--with-ndo2db-group=<group>],[sets group name to run NDO2DB]),ndo2db_group=$withval,ndo2db_group=nagios) - AC_SUBST(ndo2db_user) - AC_SUBST(ndo2db_group) --INSTALL_OPTS="-o $ndo2db_user -g $ndo2db_group" --AC_SUBST(INSTALL_OPTS) - - - dnl Does the user want to check for systemd? -diff --git a/docs/docbook/en-en/Makefile.in b/docs/docbook/en-en/Makefile.in -index d72b68c..29e1e1e 100644 ---- a/docs/docbook/en-en/Makefile.in -+++ b/docs/docbook/en-en/Makefile.in -@@ -13,7 +13,6 @@ BINDIR=@bindir@ - LIBEXECDIR=@libexecdir@
- DATAROOTDIR=@datarootdir@
- INSTALL=@INSTALL@
--INSTALL_OPTS=@INSTALL_OPTS@
-
-
- all:
-diff --git a/src/Makefile.in b/src/Makefile.in -index 532cc82..352a768 100644 ---- a/src/Makefile.in -+++ b/src/Makefile.in -@@ -26,7 +26,6 @@ exec_prefix=@exec_prefix@ - PIPEDIR=@localstatedir@ - BINDIR=@bindir@ - INSTALL=@INSTALL@ --INSTALL_OPTS=@INSTALL_OPTS@ - - CC=@CC@ - -@@ -126,9 +125,9 @@ distclean: clean - devclean: distclean - - install: install-4x -- $(INSTALL) -m 774 $(INSTALL_OPTS) file2sock $(DESTDIR)$(BINDIR) -- $(INSTALL) -m 774 $(INSTALL_OPTS) log2ndo $(DESTDIR)$(BINDIR) -- $(INSTALL) -m 774 $(INSTALL_OPTS) sockdebug $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m 774 file2sock $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m 774 log2ndo $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m 774 sockdebug $(DESTDIR)$(BINDIR) - @echo "" - @echo " Hint: NDOUtils Installation against Nagios v4.x" - @echo " completed." -@@ -147,20 +146,20 @@ install: install-4x - @echo "" - - install-2x: -- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(PIPEDIR) -- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR) -- $(INSTALL) -m 755 $(INSTALL_OPTS) ndo2db-2x $(DESTDIR)$(BINDIR)/ndo2db -- $(INSTALL) -m 755 $(INSTALL_OPTS) ndomod-2x.o $(DESTDIR)$(BINDIR)/ndomod.o -+ $(INSTALL) -m 775 -d $(DESTDIR)$(PIPEDIR) -+ $(INSTALL) -m 775 -d $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m 755 ndo2db-2x $(DESTDIR)$(BINDIR)/ndo2db -+ $(INSTALL) -m 755 ndomod-2x.o $(DESTDIR)$(BINDIR)/ndomod.o - - install-3x: -- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(PIPEDIR) -- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR) -- $(INSTALL) -m 755 $(INSTALL_OPTS) ndo2db-3x $(DESTDIR)$(BINDIR)/ndo2db -- $(INSTALL) -m 755 $(INSTALL_OPTS) ndomod-3x.o $(DESTDIR)$(BINDIR)/ndomod.o -+ $(INSTALL) -m 775 -d $(DESTDIR)$(PIPEDIR) -+ $(INSTALL) -m 775 -d $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m 755 ndo2db-3x $(DESTDIR)$(BINDIR)/ndo2db -+ $(INSTALL) -m 755 ndomod-3x.o $(DESTDIR)$(BINDIR)/ndomod.o - - install-4x: -- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(PIPEDIR) -- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR) -- $(INSTALL) -m 755 $(INSTALL_OPTS) ndo2db-4x $(DESTDIR)$(BINDIR)/ndo2db -- $(INSTALL) -m 755 $(INSTALL_OPTS) ndomod-4x.o $(DESTDIR)$(BINDIR)/ndomod.o -+ $(INSTALL) -m 775 -d $(DESTDIR)$(PIPEDIR) -+ $(INSTALL) -m 775 -d $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m 755 ndo2db-4x $(DESTDIR)$(BINDIR)/ndo2db -+ $(INSTALL) -m 755 ndomod-4x.o $(DESTDIR)$(BINDIR)/ndomod.o - --- -2.43.0 - -From 69a80d6a9bf1196ffcfffa7f756633bb13a62b5f Mon Sep 17 00:00:00 2001 -From: Michael Orlitzky <michael@orlitzky.com> -Date: Sat, 2 Mar 2024 19:52:47 -0500 -Subject: [PATCH 2/2] src/Makefile.in: install all executables with mode 0755 - -Three executables -- file2sock, log2ndo, and sockdebug -- are -currently being installed group-writable but not -world-executable. This is in contrast with the other two executables, -ndo2db and ndomod.o, that are installed mode 0755. - -Having recently removed the INSTALL_OPTS that were altering the -owner:group of these files, there is no longer any security risk to -mode 0774. However, 0755 is more consistent with both the rest of our -executables, and with the typical permissions on /usr/bin that arise -from the (extremely common) umask of 0022. - -We change these three to 0755 for a little bit of extra peace of mind. - -changes. Lines starting # with '#' will be ignored, and an empty -message aborts the commit. # # Date: Sat Mar 2 19:52:47 2024 -0500 # -src/Makefile.in # ---- - src/Makefile.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/Makefile.in b/src/Makefile.in -index 352a768..e6a1816 100644 ---- a/src/Makefile.in -+++ b/src/Makefile.in -@@ -125,9 +125,9 @@ distclean: clean - devclean: distclean - - install: install-4x -- $(INSTALL) -m 774 file2sock $(DESTDIR)$(BINDIR) -- $(INSTALL) -m 774 log2ndo $(DESTDIR)$(BINDIR) -- $(INSTALL) -m 774 sockdebug $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m 755 file2sock $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m 755 log2ndo $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m 755 sockdebug $(DESTDIR)$(BINDIR) - @echo "" - @echo " Hint: NDOUtils Installation against Nagios v4.x" - @echo " completed." --- -2.43.0 - diff --git a/net-analyzer/ndoutils/ndoutils-2.1.3-r4.ebuild b/net-analyzer/ndoutils/ndoutils-2.1.4.ebuild index 32d8d3bd8c57..3dbb09ef8ec0 100644 --- a/net-analyzer/ndoutils/ndoutils-2.1.3-r4.ebuild +++ b/net-analyzer/ndoutils/ndoutils-2.1.4.ebuild @@ -12,7 +12,7 @@ S="${WORKDIR}/${PN}-${P}" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~ppc ~x86" +KEYWORDS="~amd64 ~ppc ~riscv ~x86" DEPEND=" dev-db/mysql-connector-c @@ -29,14 +29,15 @@ RDEPEND="${DEPEND} PATCHES=( "${FILESDIR}"/format-security.patch - "${FILESDIR}"/ndoutils-2.0.0-asprintf.patch "${FILESDIR}"/sample-config-piddir.patch "${FILESDIR}"/openrc-init.patch - "${FILESDIR}"/secure-install-permissions.patch + "${FILESDIR}"/c23-compatibility.patch ) src_prepare() { default + + # ./configure is ancient and doesn't know that e.g. riscv exists eautoreconf } |