Sync from SUSE:SLFO:Main monitoring-plugins revision b5fd8c25e44026310504e75de9210979

2025-04-25 21:28:29 +02:00
23 changed files with 657 additions and 572 deletions
--- a/0001-Backport-fping-MTU-and-ipv4-6-handling-improvements.patch
+++ b/0001-Backport-fping-MTU-and-ipv4-6-handling-improvements.patch
@@ -0,0 +1,134 @@
+From 4b56fd1bb0c145cee5289ba8f76d8f5f1dfa9460 Mon Sep 17 00:00:00 2001
+From: William <william@blackhats.net.au>
+Date: Fri, 28 Mar 2025 11:08:03 +1000
+Subject: [PATCH] Backport fping MTU and ipv4/6 handling improvements
+
+---
+ plugins/check_fping.c | 55 +++++++++++++++++++++++++++++++++----------
+ 1 file changed, 43 insertions(+), 12 deletions(-)
+
+diff --git a/plugins/check_fping.c b/plugins/check_fping.c
+index 70d6f9fc..0ff48b14 100644
+--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
+@@ -55,6 +55,9 @@ void print_usage (void);
+ char *server_name = NULL;
+ char *sourceip = NULL;
+ char *sourceif = NULL;
+bool randomize_packet_data = false;
+bool dontfrag = false;
+
+ int packet_size = PACKET_SIZE;
+ int packet_count = PACKET_COUNT;
+ int target_timeout = 0;
+@@ -96,6 +99,25 @@ main (int argc, char **argv)
+ 
+   server = strscpy (server, server_name);
+ 
+#ifdef PATH_TO_FPING6
+  if (address_family == AF_INET6 || (address_family == AF_UNSPEC && is_inet6_addr(server))) {
+    fping_prog = strdup(PATH_TO_FPING6);
+  } else {
+    xasprintf(&option_string, "%s-4 ", option_string);
+    fping_prog = strdup(PATH_TO_FPING);
+  }
+#else
+  if (address_family == AF_INET6 || (address_family == AF_UNSPEC && is_inet6_addr(server))) {
+    // -4 / -6 must be set explicitly as when a host has dual stack
+    // if we don't specify -4 then fping selects ipv6 which can mess
+    // with some checks.
+    xasprintf(&option_string, "%s-6 ", option_string);
+  } else {
+    xasprintf(&option_string, "%s-4 ", option_string);
+  }
+  fping_prog = strdup(PATH_TO_FPING);
+#endif
+
+   /* compose the command */
+   if (target_timeout)
+     xasprintf(&option_string, "%s-t %d ", option_string, target_timeout);
+@@ -105,15 +127,12 @@ main (int argc, char **argv)
+     xasprintf(&option_string, "%s-S %s ", option_string, sourceip);
+   if (sourceif)
+     xasprintf(&option_string, "%s-I %s ", option_string, sourceif);
+-
+-#ifdef PATH_TO_FPING6
+-  if (address_family != AF_INET && is_inet6_addr(server))
+-    fping_prog = strdup(PATH_TO_FPING6);
+-  else
+-    fping_prog = strdup(PATH_TO_FPING);
+-#else
+-  fping_prog = strdup(PATH_TO_FPING);
+-#endif
+  if (dontfrag) {
+    xasprintf(&option_string, "%s-M ", option_string);
+  }
+  if (randomize_packet_data) {
+    xasprintf(&option_string, "%s-R ", option_string);
+  }
+ 
+   xasprintf (&command_line, "%s %s-b %d -c %d %s", fping_prog,
+             option_string, packet_size, packet_count, server);
+@@ -293,7 +312,7 @@ process_arguments (int argc, char **argv)
+     {"sourceif", required_argument, 0, 'I'},
+     {"critical", required_argument, 0, 'c'},
+     {"warning", required_argument, 0, 'w'},
+-	{"alive", no_argument, 0, 'a'},
+    {"alive", no_argument, 0, 'a'},
+     {"bytes", required_argument, 0, 'b'},
+     {"number", required_argument, 0, 'n'},
+     {"target-timeout", required_argument, 0, 'T'},
+@@ -303,6 +322,8 @@ process_arguments (int argc, char **argv)
+     {"help", no_argument, 0, 'h'},
+     {"use-ipv4", no_argument, 0, '4'},
+     {"use-ipv6", no_argument, 0, '6'},
+    {"dontfrag", no_argument, 0, 'M'},
+    {"random", no_argument, 0, 'R'},
+     {0, 0, 0, 0}
+   };
+ 
+@@ -320,7 +341,7 @@ process_arguments (int argc, char **argv)
+   }
+ 
+   while (1) {
+-    c = getopt_long (argc, argv, "+hVvaH:S:c:w:b:n:T:i:I:46", longopts, &option);
+    c = getopt_long (argc, argv, "+hVvaH:S:c:w:b:n:T:i:I:M:R:46", longopts, &option);
+ 
+     if (c == -1 || c == EOF || c == 1)
+       break;
+@@ -354,7 +375,7 @@ process_arguments (int argc, char **argv)
+       break;
+     case 'I':                 /* sourceip */
+       sourceif = strscpy (sourceif, optarg);
+-			break;
+      break;
+     case '4':                 /* IPv4 only */
+       address_family = AF_INET;
+       break;
+@@ -415,6 +436,12 @@ process_arguments (int argc, char **argv)
+       else
+         usage (_("Interval must be a positive integer"));
+       break;
+    case 'R':
+      randomize_packet_data = true;
+      break;
+    case 'M':
+      dontfrag = true;
+      break;
+     }
+   }
+ 
+@@ -506,6 +533,10 @@ void print_help (void) {
+   printf ("    %s\n", _("name or IP Address of sourceip"));
+   printf (" %s\n", "-I, --sourceif=IF");
+   printf ("    %s\n", _("source interface name"));
+  printf(" %s\n", "-M, --dontfrag");
+  printf("    %s\n", _("set the Don't Fragment flag"));
+  printf(" %s\n", "-R, --random");
+  printf("    %s\n", _("random packet data (to foil link data compression)"));
+   printf (UT_VERBOSE);
+   printf ("\n");
+   printf (" %s\n", _("THRESHOLD is <rta>,<pl>%% where <rta> is the round trip average travel time (ms)"));
+-- 
+2.48.1
+
--- a/20
+++ b/20
@@ -0,0 +1,20 @@
+<services>
+  <service name="download_url" mode="manual">
+    <param name="host">www.monitoring-plugins.org</param>
+    <param name="protocol">https</param>
+    <param name="path">/download/monitoring-plugins-2.4.0.tar.gz</param>
+    <param name="filename">monitoring-plugins-2.4.0.tar.gz</param>
+  </service>
+  <service name="download_url" mode="manual">
+    <param name="host">www.monitoring-plugins.org</param>
+    <param name="protocol">https</param>
+    <param name="path">/download/monitoring-plugins-2.4.0.tar.gz.sha1</param>
+    <param name="filename">monitoring-plugins-2.4.0.tar.gz.sha1</param>
+  </service>
+  <service name="verify_file" mode="manual">
+	<param name="verifier">sha1</param>
+	<param name="checksum">595fcfe92a5273031e8ad7f294ba683c27078a1a</param>
+<!--	<param name="file">monitoring-plugins-2.4.0.tar.gz</param> -->
+   <param name="file">_service:download_url:monitoring-plugins-2.4.0.tar.gz</param>
+  </service>
+</services>
--- a/monitoring-plugins-2.3.3-check_by_ssh.patch
+++ b/monitoring-plugins-2.3.3-check_by_ssh.patch
@@ -1,46 +0,0 @@
-Index: monitoring-plugins-2.3.3/plugins/check_by_ssh.c
-===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/check_by_ssh.c
-+++ monitoring-plugins-2.3.3/plugins/check_by_ssh.c
-@@ -109,6 +109,13 @@ main (int argc, char **argv)
- 		return STATE_UNKNOWN;
- 	}
- 
-+	/* SSH returns 255 if connection attempt fails; include the first line of error output */
-+	if (result == 255 && unknown_timeout) {
-+		printf (_("SSH connection failed: %s\n"),
-+		        chld_err.lines > 0 ? chld_err.line[0] : "(no error output)");
-+		return STATE_UNKNOWN;
-+	}
-+
- 	if (verbose) {
- 		for(i = 0; i < chld_out.lines; i++)
- 			printf("stdout: %s\n", chld_out.line[i]);
-@@ -455,12 +462,12 @@ print_help (void)
-   printf ("    %s\n", _("Tell ssh to use this configfile [optional]"));
-   printf (" %s\n","-q, --quiet");
-   printf ("    %s\n", _("Tell ssh to suppress warning and diagnostic messages [optional]"));
-	printf (UT_WARN_CRIT);
-	printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
-	printf (" %s\n","-U, --unknown-timeout");
-	printf ("    %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL"));
-	printf (UT_VERBOSE);
-	printf("\n");
-+  printf (UT_WARN_CRIT);
-+  printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
-+  printf (" %s\n","-U, --unknown-timeout");
-+  printf ("    %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL"));
-+  printf (UT_VERBOSE);
-+  printf("\n");
-   printf (" %s\n", _("The most common mode of use is to refer to a local identity file with"));
-   printf (" %s\n", _("the '-i' option. In this mode, the identity pair should have a null"));
-   printf (" %s\n", _("passphrase and the public key should be listed in the authorized_keys"));
-@@ -479,7 +486,7 @@ print_help (void)
-   printf (" %s\n", "[1080933700] PROCESS_SERVICE_CHECK_RESULT;flint;c2;0; up 2 days");
-   printf (" %s\n", "[1080933700] PROCESS_SERVICE_CHECK_RESULT;flint;c3;0; up 2 days");
- 
-	printf(UT_SUPPORT);
-+  printf(UT_SUPPORT);
- }
- 
- 
--- a/monitoring-plugins-2.3.3-check_disk_on_btrfs.patch
+++ b/monitoring-plugins-2.3.3-check_disk_on_btrfs.patch
@@ -1,25 +0,0 @@
-commit a00fd77179dd6a6c2c96ff09350a9c213c18fd62
-Author: George Hansper <george@hansper.id.au>
-Date:   Tue Sep 22 19:06:57 2020 +1000
-
-    check_disk - fix false DISK CRITICAL alert for btrfs filesystems due to BSD Gnulib workaround
-
-Index: monitoring-plugins-2.3.3/plugins/check_disk.c
-===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/check_disk.c
-+++ monitoring-plugins-2.3.3/plugins/check_disk.c
-@@ -1041,7 +1041,14 @@ get_stats (struct parameter_list *p, str
- 
- void
- get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
-+#if defined(__NetBSD__) || defined(__FreeBSD__) || defined(OpenBSD )
-+   /* 2007-12-08 - Workaround for Gnulib reporting insanely high available
-+   * space on BSD (the actual value should be negative but fsp->fsu_bavail
-+   * is unsigned) */
-+   p->available = fsp->fsu_bavail > fsp->fsu_bfree ? 0 : fsp->fsu_bavail;
-+#else
-   p->available = fsp->fsu_bavail;
-+#endif
-   p->available_to_root = fsp->fsu_bfree;
-   p->used = fsp->fsu_blocks - fsp->fsu_bfree;
-   if (freespace_ignore_reserved) {
--- a/monitoring-plugins-2.3.3-check_ntp_perf_absolute.patch
+++ b/monitoring-plugins-2.3.3-check_ntp_perf_absolute.patch
@@ -1,13 +0,0 @@
-Index: monitoring-plugins-2.3.3/plugins/check_ntp_time.c
-===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/check_ntp_time.c
-+++ monitoring-plugins-2.3.3/plugins/check_ntp_time.c
-@@ -533,7 +533,7 @@ int process_arguments(int argc, char **a
- 
- char *perfd_offset (double offset)
- {
-	return fperfdata ("offset", offset, "s",
-+	return fperfdata ("offset", fabs(offset), "s",
- 		TRUE, offset_thresholds->warning->end,
- 		TRUE, offset_thresholds->critical->end,
- 		FALSE, 0, FALSE, 0);
--- a/monitoring-plugins-2.3.3-check_ssh.patch
+++ b/monitoring-plugins-2.3.3-check_ssh.patch
@@ -1,212 +0,0 @@
-From e56255ee2f2887551e15aba2410138238efab030 Mon Sep 17 00:00:00 2001
-From: Anton Lofgren <alofgren@op5.com>
-Date: Mon, 21 Oct 2013 08:18:30 +0200
-Subject: [PATCH 1/4] check_ssh: properly parse a delayed version control
- string
-
-This resolves an issue with SSH servers which do not respond with their
-version control string as the first thing in the SSH protocol version
-exchange phase after connection establishment.
-
-This patch also makes sure that we disregard a potential comment in the
-version exchange string to avoid nonsense mismatches. In the future, we
-might want to add the capability to match against a user specified comment.
-
-In addition, the patch largely improves the communication towards the
-server, which adds better protocol adherence.
-
-Of course, new test cases are added to support the trigger and guard
-against regressions of the bugs solved by this patch.
-
-This fixes op5#7945 (https://bugs.op5.com/view.php?id=7945)
-
-Signed-off-by: Anton Lofgren <alofgren@op5.com>
---
- plugins/check_ssh.c   | 122 +++++++++++++++++++++++++++++-------------
- plugins/t/check_ssh.t |  97 ++++++++++++++++++++++++++-------
- 2 files changed, 164 insertions(+), 55 deletions(-)
-
-Index: monitoring-plugins-2.3.3/plugins/check_ssh.c
-===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/check_ssh.c
-+++ monitoring-plugins-2.3.3/plugins/check_ssh.c
-@@ -106,7 +106,7 @@ process_arguments (int argc, char **argv
- 		{"timeout", required_argument, 0, 't'},
- 		{"verbose", no_argument, 0, 'v'},
- 		{"remote-version", required_argument, 0, 'r'},
-		{"remote-protcol", required_argument, 0, 'P'},
-+		{"remote-protocol", required_argument, 0, 'P'},
- 		{0, 0, 0, 0}
- 	};
- 
-@@ -215,8 +215,13 @@ ssh_connect (char *haddr, int hport, cha
- {
- 	int sd;
- 	int result;
-+	int len = 0;
-+	ssize_t byte_offset = 0;
-+	ssize_t recv_ret = 0;
-+	char *version_control_string = NULL;
- 	char *output = NULL;
- 	char *buffer = NULL;
-+	char *tmp= NULL, *saveptr = NULL;
- 	char *ssh_proto = NULL;
- 	char *ssh_server = NULL;
- 	static char *rev_no = VERSION;
-@@ -231,51 +236,118 @@ ssh_connect (char *haddr, int hport, cha
- 		return result;
- 
- 	output = (char *) malloc (BUFF_SZ + 1);
-	memset (output, 0, BUFF_SZ + 1);
-	recv (sd, output, BUFF_SZ, 0);
-	if (strncmp (output, "SSH", 3)) {
-		printf (_("Server answer: %s"), output);
-		close(sd);
-+	memset(output, 0, BUFF_SZ+1);
-+	while (!version_control_string && (recv_ret = recv(sd, output+byte_offset, BUFF_SZ - byte_offset, 0)) > 0) {
-+		if (strchr(output, '\n')) { /* we've got at least one full line, start parsing*/
-+			byte_offset = 0;
-+			while (strchr(output+byte_offset, '\n') != NULL) {
-+				/*Partition the buffer so that this line is a separate string,
-+				 * by replacing the newline with NUL*/
-+				output[(strchr(output+byte_offset, '\n')-output)]= '\0';
-+				len = strlen(output+byte_offset);
-+				if (len >= 4) {
-+					/*if the string starts with SSH-, this _should_ be a valid version control string*/
-+					if (strncmp (output+byte_offset, "SSH-", 4) == 0) {
-+						version_control_string = output+byte_offset;
-+						break;
-+					}
-+				}
-+
-+				/*the start of the next line (if one exists) will be after the current one (+ NUL)*/
-+				byte_offset+=len+1;
-+			}
-+			if(!version_control_string) {
-+				/* move unconsumed data to beginning of buffer, null rest */
-+				memmove((void *)output, (void *)output+byte_offset+1, BUFF_SZ - len+1);
-+				memset(output+byte_offset+1, 0, BUFF_SZ-byte_offset+1);
-+
-+				/*start reading from end of current line chunk on next recv*/
-+				byte_offset = strlen(output);
-+			}
-+		}
-+		else {
-+			byte_offset += recv_ret;
-+		}
-+	}
-+	tmp = NULL;
-+	if (recv_ret < 0) {
-+		printf("SSH CRITICAL - %s", strerror(errno));
-+		exit(STATE_CRITICAL);
-+	}
-+	if (!version_control_string) {
-+		printf("SSH CRITICAL - No version control string received");
-+		exit(STATE_CRITICAL);
-+	}
-+	/*
-+	 * "When the connection has been established, both sides MUST send an
-+	 * identification string.  This identification string MUST be
-+	 *
-+	 * SSH-protoversion-softwareversion SP comments CR LF"
-+	 *		- RFC 4253:4.2
-+	 */
-+	strip (version_control_string);
-+	if (verbose)
-+		printf ("%s\n", version_control_string);
-+	ssh_proto = version_control_string + 4;
-+
-+	/*
-+	 * We assume the protoversion is of the form Major.Minor, although
-+	 * this is not _strictly_ required. See
-+	 *
-+	 * "Both the 'protoversion' and 'softwareversion' strings MUST consist of
-+	 * printable US-ASCII characters, with the exception of whitespace
-+	 * characters and the minus sign (-)"
-+	 *		- RFC 4253:4.2
-+	 * and,
-+	 *
-+	 * "As stated earlier, the 'protoversion' specified for this protocol is
-+	 * "2.0".  Earlier versions of this protocol have not been formally
-+	 * documented, but it is widely known that they use 'protoversion' of
-+	 * "1.x" (e.g., "1.5" or "1.3")."
-+	 *		- RFC 4253:5
-+	 */
-+	ssh_server = ssh_proto + strspn (ssh_proto, "0123456789.") + 1; /* (+1 for the '-' separating protoversion from softwareversion) */
-+
-+	/* If there's a space in the version string, whatever's after the space is a comment
-+	 * (which is NOT part of the server name/version)*/
-+	tmp = strchr(ssh_server, ' ');
-+	if (tmp) {
-+		ssh_server[tmp - ssh_server] = '\0';
-+	}
-+	if (strlen(ssh_proto) == 0 || strlen(ssh_server) == 0) {
-+		printf(_("SSH CRITICAL - Invalid protocol version control string %s\n"), version_control_string);
- 		exit (STATE_CRITICAL);
- 	}
-	else {
-		strip (output);
-		if (verbose)
-			printf ("%s\n", output);
-		ssh_proto = output + 4;
-		ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789. ");
-		ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
-
-		xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
-		send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
-		if (verbose)
-			printf ("%s\n", buffer);
-
-		if (remote_version && strcmp(remote_version, ssh_server)) {
-			printf
-				(_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
-				 ssh_server, ssh_proto, remote_version);
-			close(sd);
-			exit (STATE_CRITICAL);
-		}
-
-		if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
-			printf
-				(_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
-				 ssh_server, ssh_proto, remote_protocol);
-			close(sd);
-			exit (STATE_CRITICAL);
-		}
-+	ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
- 
-		elapsed_time = (double)deltime(tv) / 1.0e6;
-+	xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
-+	send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
-+	if (verbose)
-+		printf ("%s\n", buffer);
- 
-+	if (remote_version && strcmp(remote_version, ssh_server)) {
- 		printf
-			(_("SSH OK - %s (protocol %s) | %s\n"),
-			 ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s",
-			 FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout));
-+			(_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
-+			 ssh_server, ssh_proto, remote_version);
- 		close(sd);
-		exit (STATE_OK);
-+		exit (STATE_CRITICAL);
- 	}
-+
-+	if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
-+		printf
-+			(_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
-+			 ssh_server, ssh_proto, remote_protocol);
-+		close(sd);
-+		exit (STATE_CRITICAL);
-+	}
-+	elapsed_time = (double)deltime(tv) / 1.0e6;
-+
-+	printf
-+		(_("SSH OK - %s (protocol %s) | %s\n"),
-+		 ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s",
-+			 FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout));
-+	close(sd);
-+	exit (STATE_OK);
- }
- 
- 
--- a/monitoring-plugins-2.3.3-check_ssh.t_-_improve_testing.patch
+++ b/monitoring-plugins-2.3.3-check_ssh.t_-_improve_testing.patch
@@ -1,139 +0,0 @@
-Index: monitoring-plugins-2.3.3/plugins/t/check_ssh.t
-===================================================================
--- monitoring-plugins-2.3.3.orig/plugins/t/check_ssh.t
-+++ monitoring-plugins-2.3.3/plugins/t/check_ssh.t
-@@ -8,34 +8,105 @@ use strict;
- use Test::More;
- use NPTest;
- 
-# Required parameters
-my $ssh_host           = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost");
-my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" );
-my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" );
-
-
-plan skip_all => "SSH_HOST must be defined" unless $ssh_host;
-plan tests    => 6;
-
-
-my $result = NPTest->testCmd(
-    "./check_ssh -H $ssh_host"
-    );
-cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
-like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
-+my $res;
- 
-
-$result = NPTest->testCmd(
-    "./check_ssh -H $host_nonresponsive -t 2"
-    );
-cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
-like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
-
-
-
-$result = NPTest->testCmd(
-    "./check_ssh -H $hostname_invalid -t 2"
-    );
-cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
-like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
-+# Required parameters
-+my $ssh_host           = getTestParameter("NP_SSH_HOST",
-+                                          "A host providing SSH service",
-+                                          "localhost");
-+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE",
-+                                          "The hostname of system not responsive to network requests",
-+                                          "10.0.0.1" );
-+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID",
-+                                          "An invalid (not known to DNS) hostname",
-+                                          "nosuchhost" );
-+
-+plan tests => 14 + 6;
-+
-+SKIP: {
-+   skip "SSH_HOST must be defined", 6 unless $ssh_host;
-+   my $result = NPTest->testCmd(
-+       "./check_ssh -H $ssh_host"
-+       );
-+   cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
-+   like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
-+
-+   $result = NPTest->testCmd(
-+       "./check_ssh -H $host_nonresponsive -t 2"
-+       );
-+   cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
-+   like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
-+
-+   $result = NPTest->testCmd(
-+       "./check_ssh -H $hostname_invalid -t 2"
-+       );
-+   cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
-+   like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
-+}
-+
-+SKIP: {
-+   skip "No netcat available", 12 unless (system("which nc > /dev/null") == 0);
-+
-+   my $nc_flags = "-l 5003 -i 1";
-+   #A valid protocol version control string has the form
-+   #       SSH-protoversion-softwareversion SP comments CR LF
-+   #
-+   # where `comments` is optional, protoversion is the SSH protocol version and
-+   # softwareversion is an arbitrary string representing the server software version
-+   open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1' | nc ${nc_flags}|");
-+   sleep 1;
-+   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
-+   cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string");
-+   like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
-+   close NC;
-+
-+   open(NC, "echo 'SSH-2.0-3.2.9.1' | nc ${nc_flags}|");
-+   sleep 1;
-+   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
-+   cmp_ok( $res->return_code, "==", 0, "Got SSH protocol version control string with non-alpha softwareversion string");
-+   like( $res->output, '/^SSH OK - 3.2.9.1 \(protocol 2.0\)/', "Output OK for non-alpha softwareversion string");
-+   close NC;
-+
-+   open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1 this is a comment' | nc ${nc_flags} |");
-+   sleep 1;
-+   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003 -r nagiosplug.ssh.0.1" );
-+   cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string, and parsed comment appropriately");
-+   like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
-+   close NC;
-+
-+   open(NC, "echo 'SSH-' | nc ${nc_flags}|");
-+   sleep 1;
-+   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
-+   cmp_ok( $res->return_code, '==', 2, "Got invalid SSH protocol version control string");
-+   like( $res->output, '/^SSH CRITICAL/', "Output OK");
-+   close NC;
-+
-+   open(NC, "echo '' | nc ${nc_flags}|");
-+   sleep 1;
-+   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
-+   cmp_ok( $res->return_code, '==', 2, "No version control string received");
-+   like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
-+   close NC;
-+
-+   open(NC, "echo 'Not a version control string' | nc ${nc_flags}|");
-+   sleep 1;
-+   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
-+   cmp_ok( $res->return_code, '==', 2, "No version control string received");
-+   like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
-+   close NC;
-+
-+   #RFC 4253 permits servers to send any number of data lines prior to sending the protocol version control string
-+   open(NC, "{ echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; sleep 1;
-+       echo 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'; sleep 1;
-+       echo 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC'; sleep 1;
-+       echo 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'; sleep 1;
-+       printf 'EEEEEEEEEEEEEEEEEE'; sleep 1;
-+       printf 'EEEEEEEEEEEEEEEEEE\n'; sleep 1;
-+       echo 'Some\nPrepended\nData\nLines\n'; sleep 1;
-+       echo 'SSH-2.0-nagiosplug.ssh.0.2';} | nc ${nc_flags}|");
-+   sleep 1;
-+   $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
-+   cmp_ok( $res->return_code, '==', 0, "Got delayed SSH protocol version control string");
-+   like( $res->output, '/^SSH OK - nagiosplug.ssh.0.2 \(protocol 2.0\)/', "Output OK");
-+   close NC;
- 
--- a/monitoring-plugins-2.3.3-root-plugins-Makefile_-_no_chown.patch
+++ b/monitoring-plugins-2.3.3-root-plugins-Makefile_-_no_chown.patch
@@ -1,21 +0,0 @@
-Index: monitoring-plugins-2.3.3/plugins-root/Makefile.am
-===================================================================
--- monitoring-plugins-2.3.3.orig/plugins-root/Makefile.am
-+++ monitoring-plugins-2.3.3/plugins-root/Makefile.am
-@@ -49,7 +49,6 @@ INSTALL_SUID = \
- 	p=$$f; \
- 	echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p"; \
- 	$(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p; \
-	echo " chown root $(DESTDIR)$(libexecdir)/$$p"; \
- 	chown root $(DESTDIR)$(libexecdir)/$$p; \
- 	echo " chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p"; \
- 	chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p; \
-@@ -64,7 +63,7 @@ install-exec-local: $(noinst_PROGRAMS)
- 	echo > $$TMPFILE; \
- 	## See if we can create a setuid root executable in $(libexecdir).
- 	## If not, then don't even try to install setuid plugins.
-	can_create_suid_root_executable=no; \
-+	can_create_suid_root_executable=yes; \
- 	chown root $$TMPFILE > /dev/null 2>&1 \
- 	  && chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \
- 	  && can_create_suid_root_executable=yes; \
--- a/monitoring-plugins-2.3.5.tar.gz
+++ b/monitoring-plugins-2.3.5.tar.gz
--- a/monitoring-plugins-2.3.5.tar.gz.sha1
+++ b/monitoring-plugins-2.3.5.tar.gz.sha1
@@ -1 +0,0 @@
-fcbe2068cb55aeaca3ebe67b619cb345a6705184 *monitoring-plugins-2.3.5.tar.gz
--- a/monitoring-plugins-2.4.0-check_dbi-type_mismatch.patch
+++ b/monitoring-plugins-2.4.0-check_dbi-type_mismatch.patch
@@ -0,0 +1,14 @@
+--- monitoring-plugins-2.4.0/plugins/check_dbi.c	2024/12/02 16:16:03	1.1
+++ monitoring-plugins-2.4.0/plugins/check_dbi.c	2024/12/02 17:02:44
+@@ -141,9 +141,9 @@
+ 	if (verbose > 2)
+ 		printf ("Initializing DBI\n");
+ 
+-	dbi_inst *instance_p = { 0 };
+	dbi_inst instance_p = { 0 };
+ 
+-	if (dbi_initialize_r(NULL, instance_p) < 0) {
+	if (dbi_initialize_r(NULL, &instance_p) < 0) {
+ 		printf ("UNKNOWN - failed to initialize DBI; possibly you don't have any drivers installed.\n");
+ 		return STATE_UNKNOWN;
+ 	}
--- a/monitoring-plugins-2.4.0-check_http-proxy.patch
+++ b/monitoring-plugins-2.4.0-check_http-proxy.patch
@@ -0,0 +1,169 @@
+diff --git a/plugins/check_http.c b/plugins/check_http.c
+index 425ce86bb..e460e11ac 100644
+--- a/plugins/check_http.c
+++ b/plugins/check_http.c
+@@ -126,6 +126,9 @@ int sd;
+ int min_page_len = 0;
+ int max_page_len = 0;
+ int redir_depth = 0;
+bool ssl_proxy = false;
+char *proxy_server_address;
+int proxy_server_port;
+ int max_depth = DEFAULT_MAX_REDIRS;
+ char *http_method;
+ char *http_method_proxy;
+@@ -139,6 +142,7 @@ char *client_privkey = NULL;
+ bool process_arguments (int, char **);
+ int check_http (void);
+ void redir (char *pos, char *status_line);
+const char *find_uri_path (const char *url);
+ bool server_type_check(const char *type);
+ int server_port_check(int ssl_flag);
+ char *perfd_time (double microsec);
+@@ -608,6 +612,17 @@ bool process_arguments (int argc, char **argv)
+   if (virtual_port == 0)
+     virtual_port = server_port;
+ 
+  /* if we are called with the -I option, the -j method is CONNECT and */
+  /* we received -S for SSL, then we tunnel the request through a proxy*/
+  /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
+
+  ssl_proxy = server_address != NULL && strcmp(http_method, "CONNECT") == 0
+    && host_name != NULL && use_ssl == true;
+  if (ssl_proxy) {
+    proxy_server_address = strdup(server_address);
+    proxy_server_port = server_port;
+  }
+
+   return true;
+ }
+ 
+@@ -939,18 +954,18 @@ check_http (void)
+ 
+   /* try to connect to the host at the given port number */
+   gettimeofday (&tv_temp, NULL);
+-  if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
+  result = ssl_proxy ?
+    my_tcp_connect (proxy_server_address, proxy_server_port, &sd) :
+    my_tcp_connect (server_address, server_port, &sd);
+  if (result != STATE_OK)
+     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+   microsec_connect = deltime (tv_temp);
+ 
+-    /* if we are called with the -I option, the -j method is CONNECT and */
+-    /* we received -S for SSL, then we tunnel the request through a proxy*/
+-    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
+  /* handle connection via SSL proxy */
+  if (ssl_proxy) {
+ 
+-    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+-      && host_name != NULL && use_ssl == true) {
+-
+-    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
+    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n",
+      proxy_server_address, proxy_server_port, host_name, HTTPS_PORT);
+     asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+     if (strlen(proxy_auth)) {
+       base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+@@ -985,7 +1000,7 @@ check_http (void)
+   if (use_ssl == true) {
+     gettimeofday (&tv_temp, NULL);
+     result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
+-    if (verbose) printf ("SSL initialized\n");
+    if (verbose) printf ("SSL initialization %s\n", result == STATE_OK ? "successful" : "failed");
+     if (result != STATE_OK)
+       die (STATE_CRITICAL, NULL);
+     microsec_ssl = deltime (tv_temp);
+@@ -1001,9 +1016,8 @@ check_http (void)
+   }
+ #endif /* HAVE_SSL */
+ 
+-  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+-       && host_name != NULL && use_ssl == true)
+-    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  if (ssl_proxy)
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, find_uri_path(server_url), host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+   else
+     asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+ 
+@@ -1032,8 +1046,7 @@ check_http (void)
+        */
+       if ((use_ssl == false && virtual_port == HTTP_PORT) ||
+           (use_ssl == true && virtual_port == HTTPS_PORT) ||
+-          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
+-         && host_name != NULL && use_ssl == true))
+          ssl_proxy)
+         xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+       else
+         xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
+@@ -1137,10 +1150,17 @@ check_http (void)
+   /* leave full_page untouched so we can free it later */
+   page = full_page;
+ 
+-  if (verbose)
+-    printf ("%s://%s:%d%s is %d characters\n",
+-      use_ssl ? "https" : "http", server_address,
+-      server_port, server_url, (int)pagesize);
+  if (verbose) {
+    if (ssl_proxy)  {
+      printf ("[via proxy %s://%s:%d] %s returned %d bytes\n",
+        use_ssl ? "https" : "http", proxy_server_address, proxy_server_port,
+        server_url, (int)pagesize);
+    } else {
+      printf ("%s://%s:%d%s returned %d bytes\n",
+        use_ssl ? "https" : "http", server_address,
+        server_port, server_url, (int)pagesize);
+    }
+  }
+ 
+   /* find status line and null-terminate it */
+   status_line = page;
+@@ -1300,7 +1320,12 @@ check_http (void)
+         bcopy("...", &output_string_search[sizeof(output_string_search) - 4],
+               4);
+       }
+-      xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      if (ssl_proxy) {
+        xasprintf (&msg, _("%sstring '%s' not found on '%s', "), msg, output_string_search, server_url);
+      } else {
+        xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search,
+          use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      }
+       result = STATE_CRITICAL;
+     }
+   }
+@@ -1641,6 +1666,25 @@ redir (char *pos, char *status_line)
+   check_http ();
+ }
+ 
+// Locate the URI path inside a complete URL. If we fail, just return the original URL.
+const char *
+find_uri_path (const char *url)
+{
+  const char *s = url;
+
+  if (strncmp(s, "http://", 7) == 0)
+    s += 7;
+  else if (strncmp(s, "https://", 8) == 0)
+    s += 8;
+  else
+    return url;
+  while (*s != '\0') {
+    if (strchr("/?#", *s) != NULL)
+      return s;
+    s++;
+  }
+  return url;
+}
+ 
+ bool
+ server_type_check (const char *type)
+@@ -1860,7 +1904,7 @@ print_help (void)
+   printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+   printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
+   printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+-
+  printf ("\n");
+   printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+   printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+   printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
--- a/monitoring-plugins-2.4.0-check_log_-_quoting.patch
+++ b/monitoring-plugins-2.4.0-check_log_-_quoting.patch
@@ -0,0 +1,33 @@
+Index: monitoring-plugins-2.4.0/plugins-scripts/check_log.sh
+===================================================================
+--- monitoring-plugins-2.4.0.orig/plugins-scripts/check_log.sh
+++ monitoring-plugins-2.4.0/plugins-scripts/check_log.sh
+@@ -112,23 +112,23 @@ while test -n "$1"; do
+             exit "$STATE_UNKNOWN"
+             ;;
+         -F | --filename)
+-            logfile=$2
+            logfile="$2"
+             shift 2
+             ;;
+         -O | --oldlog)
+-            oldlog=$2
+            oldlog="$2"
+             shift 2
+             ;;
+         -q | --query)
+-            query=$2
+            query="$2"
+             shift 2
+             ;;
+         --exclude)
+-            exclude=$2
+            exclude="$2"
+             shift 2
+             ;;
+         -x | --exitstatus)
+-            exitstatus=$2
+            exitstatus="$2"
+             shift 2
+             ;;
+         -e | --extended-regex)
--- a/monitoring-plugins-2.4.0-check_ntp_perf_absolute.patch
+++ b/monitoring-plugins-2.4.0-check_ntp_perf_absolute.patch
@@ -0,0 +1,13 @@
+Index: monitoring-plugins-2.4.0/plugins/check_ntp_time.c
+===================================================================
+--- monitoring-plugins-2.4.0.orig/plugins/check_ntp_time.c
+++ monitoring-plugins-2.4.0/plugins/check_ntp_time.c
+@@ -532,7 +532,7 @@ int process_arguments(int argc, char **a
+ }
+ 
+ char *perfd_offset (double offset) {
+-	return fperfdata ("offset", offset, "s",
+	return fperfdata ("offset", fabs(offset), "s",
+ 		true, offset_thresholds->warning->end,
+ 		true, offset_thresholds->critical->end,
+ 		false, 0, false, 0);
--- a/monitoring-plugins-2.3.3-wrong_percent_in_check_swap.patch
+++ b/monitoring-plugins-2.3.3-wrong_percent_in_check_swap.patch
@@ -33,12 +33,12 @@ Index: monitoring-plugins-2.3.3/plugins/check_swap.c
 ===================================================================
 --- monitoring-plugins-2.3.3.orig/plugins/check_swap.c
 +++ monitoring-plugins-2.3.3/plugins/check_swap.c
-@@ -137,7 +137,7 @@ main (int argc, char **argv)
+@@ -134,7 +134,7 @@ main (int argc, char **argv)
 			free_swap_mb += dskfree_mb;
 			if (allswaps) {
 				if (dsktotal_mb == 0)
 -					percent=100.0;
-+					percent= 0.0;
+					percent = 0.0;
 				else
 					percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
 				result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));
--- a/monitoring-plugins-2.4.0-plugins-root-Makefile_-_no_chown.patch
+++ b/monitoring-plugins-2.4.0-plugins-root-Makefile_-_no_chown.patch
@@ -0,0 +1,23 @@
+Index: monitoring-plugins-2.4.0/plugins-root/Makefile.am
+===================================================================
+--- monitoring-plugins-2.4.0.orig/plugins-root/Makefile.am
+++ monitoring-plugins-2.4.0/plugins-root/Makefile.am
+@@ -49,8 +49,6 @@ INSTALL_SUID = \
+ 	p=$$f; \
+ 	echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p"; \
+ 	$(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p; \
+-	echo " chown root $(DESTDIR)$(libexecdir)/$$p"; \
+-	chown root $(DESTDIR)$(libexecdir)/$$p; \
+ 	echo " chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p"; \
+ 	chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p; \
+ 	done
+@@ -65,8 +63,7 @@ install-exec-local: $(noinst_PROGRAMS)
+ 	## See if we can create a setuid root executable in $(libexecdir).
+ 	## If not, then don't even try to install setuid plugins.
+ 	can_create_suid_root_executable=no; \
+-	chown root $$TMPFILE > /dev/null 2>&1 \
+-	  && chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \
+	  chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \
+ 	  && can_create_suid_root_executable=yes; \
+ 	rm -f $$TMPFILE; \
+ 	if test $$can_create_suid_root_executable = yes; then \
--- a/monitoring-plugins-2.4.0.tar.gz
+++ b/monitoring-plugins-2.4.0.tar.gz
--- a/monitoring-plugins-2.4.0.tar.gz.sha1
+++ b/monitoring-plugins-2.4.0.tar.gz.sha1
@@ -0,0 +1 @@
+595fcfe92a5273031e8ad7f294ba683c27078a1a *monitoring-plugins-2.4.0.tar.gz
--- a/monitoring-plugins.changes
+++ b/monitoring-plugins.changes
@@ -1,3 +1,170 @@
+-------------------------------------------------------------------
+Fri Mar 28 01:13:14 UTC 2025 - William Brown <william.brown@suse.com>
+
+- Backport MTU checking support for fping, and v4/v6 handling improvements
+  * 0001-Backport-fping-MTU-and-ipv4-6-handling-improvements.patch
+
+-------------------------------------------------------------------
+Fri Feb  7 13:52:07 CET 2025 - ro@suse.de
+
+- update apparmor profiles:
+  - check_load: allow to read /run/systemd/sessions/*
+  - check_procs: allow to read /sys/devices/system/node/
+
+-------------------------------------------------------------------
+Mon Dec  2 17:52:44 CET 2024 - ro@suse.de
+
+- add patch monitoring-plugins-2.4.0-check_dbi-type_mismatch.patch
+  to fix compilation with gcc-14
+  passing argument 2 of ‘dbi_driver_open_r’ from incompatible pointer type 
+- change mode to "manual" in service file
+
+-------------------------------------------------------------------
+Mon Jul 29 08:06:37 UTC 2024 - Lars Vogdt <lars@linux-schulserver.de>
+
+- update to 2.4.0
+  General
+  + Use C99 booleans @RincewindsHat
+  + Improve negate plugin helptext @euniceremoquillo
+  + Add new test function for percentage expressions @RincewindsHat
+  Single Plugins
+  + check_mailq: remove trailing whitespaces @sni
+  + check_mailq: unify tabs/spaces @sni
+  + check_oracle: Shellcheck fixes @RincewindsHat
+  + check_ups: output ups.realpower if supported @sbraz
+  + check_disk: add -n short option for --ignore-missing @sni
+  + check_procs: Improve help text, mentioning excluded processes @shartge
+  + check_procs: Generalise wording, remove mentioning of nrpe @shartge
+  + check_curl: add haproxy protocol option @emriver
+  + check_disk: increase alert precision @sni
+  + check_ircd: IPv6 support @oxzi
+  + check_nwstat: adds percentage used space
+  + check_swap: Possibility to run check_swap without thresholds @Napsty
+  + check_ups: additional alarm conditions @RincewindsHat
+  + check_http/check_curl: added a --regex-state option to change the state of a regex check @andreasbaumann
+  General Fixes
+  + Fixes for -Wsign-compare @RincewindsHat
+  + Fix logic in is_uint64_t to fix type-limit warning @RincewindsHat
+  + Prevent -lcrypto from showing up in Makefile dependencies @EricFromCanada
+  + Change irritating NULL assignment @RincewindsHat
+  Single Plugin Fixes
+  + check_dbi: Compiler warning for uninitialized variable @RincewindsHat
+  + check_curl: Initialize pointer before usage @RincewindsHat
+  + check_ntp: Initialize intermediate results in any case @RincewindsHat
+  + check_tcp: Fixes an error with using the wrong type for a variable @RincewindsHat
+  + check_mailq: exit on empty strings and exit early @sni
+  + check_users: Change option for sanity checking arguments to avoid segfault @RincewindsHat
+  + check_users: Update help to properly show that thresholds are ranges @RincewindsHat
+  + check_users: fix segfault @RincewindsHat
+  + check_dbi: Fix compiler warning for uninitialized variable @RincewindsHat
+  + check_curl: Initialize pointer before usage @RincewindsHat
+  + check_ntp: Initialize intermediate results in any case @RincewindsHat
+  + check_ntp_peer: Fixes for Wmaybe-unitialized and some restructuring @RincewindsHat
+  + check_dns: Remove unused variable @RincewindsHat
+  + check_disk: fix ignore-missing in combination with includes @sni
+  + check_procs: ignore our own children @shartge
+  + check_http: Remove self assignment of a variable and add some comments @RincewindsHat
+  + check_snmp: Remove unused variable @RincewindsHat
+  + check_dhcp: Make implicit conversion explicit to dismiss warning @RincewindsHat
+  + Ini Parser: Avoid freeing symbols from text section @RincewindsHat
+  + check_icmp: keep performance data order in case of none-reachable hosts @sni
+  + check_swap: Change another fake boolean to a real one @RincewindsHat
+  + check_swap: Rename type since *_t is reserved for C standard types @RincewindsHat
+  + check_ssh: Fix a typo in "remote-protocol parameter
+  + check_ssh: Handle non-alpha software versions
+  + check_ssh: properly parse a delayed version control string
+  + check_disk: Fail on missing arguments for --warning and --critical and fix a test case @RincewindsHat
+  + check_disk: Use new test function for percentage expressions @RincewindsHat
+  + check_load: remove unused code @RincewindsHat
+  + check_curl/check_http: clarified format of POST data @andreasbaumann
+- introduce _service
+- refresh patches:
+  + monitoring-plugins-2.3.5-check_http-proxy.patch
+    -> monitoring-plugins-2.4.0-check_http-proxy.patch
+  + monitoring-plugins-2.3.5-check_log_-_quoting.patch
+    -> monitoring-plugins-2.4.0-check_log_-_quoting.patch
+  + monitoring-plugins-2.3.5-check_ntp_perf_absolute.patch
+    -> monitoring-plugins-2.4.0-check_ntp_perf_absolute.patch
+  + monitoring-plugins-2.3.5-check_swap_wrong_percent.patch
+    -> monitoring-plugins-2.4.0-check_swap_wrong_percent.patch
+  + monitoring-plugins-2.3.5-plugins-root-Makefile_-_no_chown.patch 
+    -> monitoring-plugins-2.4.0-plugins-root-Makefile_-_no_chown.patch
+- dropped patches:
+  + monitoring-plugins-2.3.5-check_ssh.patch
+  + monitoring-plugins-2.3.5-check_ssh.t_-_improve_testing.patch
+- remove old distribution flags and following subpackages:
+  + monitoring-plugins-apt
+  + monitoring-plugins-game
+
+-------------------------------------------------------------------
+Mon Apr  8 15:31:23 CEST 2024 - ro@suse.de
+
+- update apparmor profiles:
+  - check_load: allow to read /run/systemd/sessions/1 while we
+    still have to use "uptime" (upstream issue 1999)
+  - check_disk: allow to read /proc/pid/mountinfo 
+
+-------------------------------------------------------------------
+Tue Feb 27 15:19:55 UTC 2024 - Lars Vogdt <lars@linux-schulserver.de>
+
+- naming the renamed patches exactly, to make factory-auto happy:
+  + monitoring-plugins-2.3.3-wrong_percent_in_check_swap.patch to
+    monitoring-plugins-2.3.5-check_swap_wrong_percent.patch
+  + monitoring-plugins-2.3.3-check_ssh.patch to
+    monitoring-plugins-2.3.5-check_ssh.patch
+  + monitoring-plugins-2.3.3-check_ssh.t_-_improve_testing.patch to
+    monitoring-plugins-2.3.5-check_ssh.t_-_improve_testing.patch
+  + monitoring-plugins-2.3.3-check_ntp_perf_absolute.patch to
+    monitoring-plugins-2.3.5-check_ntp_perf_absolute.patch
+  + monitoring-plugins-2.3.3-root-plugins-Makefile_-_no_chown.patch to
+    monitoring-plugins-2.3.5-plugins-root-Makefile_-_no_chown.patch
+  + monitoring-plugins-2.3.3-check_log_-_quoting.patch to
+    monitoring-plugins-2.3.5-check_log_-_quoting.patch
+  + monitoring-plugins-2.3.3-check_http-proxy.patch to
+    monitoring-plugins-2.3.5-check_http-proxy.patch
+
+-------------------------------------------------------------------
+Fri Feb 23 08:48:34 UTC 2024 - pgajdos@suse.com
+
+- Use %patch -P N instead of deprecated %patchN.
+
+-------------------------------------------------------------------
+Mon Feb  5 22:34:58 UTC 2024 - Andrew Daugherity <adaugherity@tamu.edu>
+
+- enable check_curl by BuildRequiring its dependencies 
+- restore patches not yet applied upstream (and rename to 2.3.5):
+  + monitoring-plugins-2.3.3-check_log_-_quoting.patch
+  + monitoring-plugins-2.3.3-check_http-proxy.patch
+- drop upstreamed patches:
+  + monitoring-plugins-2.3.3-check_by_ssh.patch (GitHub #1774)
+  + monitoring-plugins-2.3.3-check_disk_on_btrfs.patch (GH #1388)
+  - GitHub issues for patches upstreamed on 2023-12-05:
+    + monitoring-plugins-2.3.3-check_snmp.arrayaddress.patch (GH #1870)
+    + monitoring-plugins-2.3.3-mariadb_102_build_fix.patch (GH #1522)
+    + monitoring-plugins-2.3.3-check_dhcp_-_detect_rogue_dhcp_servers.patch (GH #1906)
+    + monitoring-plugins-2.3.3-check_icmp.patch (GH #1807)
+    + systemd-not-utmp.patch (GH #1888)
+- Repair the "no chown" patch to actually avoid calling chown; avoid
+  automake build deps by patching Makefile.in rather than Makefile.am.
+  + After upstream updated the gl subdir, it complains that the automake
+    in SLE 12 SP5 is too old.
+- Fix build on SLE 12 SP5 (link failure due to mixing OpenSSL 1.0 & 1.1)
+  by using only OpenSSL 1.1, and excluding curl subpackage (needs uriparser).
+- Rename patch files to match version number.
+- sync check_mssql package description with plugin's help output
+  + Note that not all distros contain perl-DBD-Sybase and/or freetds
+- remove obsolete configure options
+  + --with-ntp{q,dc,date}-command dropped upstream in 1.4.4 (e667553)
+  + --with-proc-loadavg dropped in 1.4.6 (fe856aa)
+- remove unnecessary chmod commands during build
+- disable gettextize as upstream has (temporarily?) removed translations (GH #1947)
+
+-------------------------------------------------------------------
+Mon Jan 29 15:11:15 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Do not ship check_mssql unless built explicitly with mssql
+  support. DBD::Sybase is not available in openSUSE distros.
+
 -------------------------------------------------------------------
 Mon Jan 15 10:44:48 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

--- a/monitoring-plugins.spec
+++ b/monitoring-plugins.spec
@@ -15,9 +15,10 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #

+%bcond_with mssql

 Name:           monitoring-plugins
-Version:        2.3.5
+Version:        2.4.0
 Release:        0
 Summary:        The Monitoring Plug-Ins
 License:        GPL-2.0-or-later AND GPL-3.0-only
@@ -61,18 +62,21 @@ Source57:       nrpe-check_users
 Source58:       nrpe-check_zombie_procs
 Source59:       nrpe-check_mysql
 Source60:       nrpe-check_ups
+# PATCH-FIX-UPSTREAM Quote the options comming in from users (path names might contain whitespaces)
+Patch1:         %{name}-2.4.0-check_log_-_quoting.patch
 # PATH-FIX-openSUSE - do not use/run chown in Makefile: we use RPM for this
-Patch6:         %{name}-2.3.3-root-plugins-Makefile_-_no_chown.patch
+Patch6:         %{name}-2.4.0-plugins-root-Makefile_-_no_chown.patch
 # PATCH-FIX-UPSTREAM see https://bugzilla.redhat.com/512559
-Patch121:       %{name}-2.3.3-wrong_percent_in_check_swap.patch
+Patch121:       %{name}-2.4.0-check_swap_wrong_percent.patch
 # PATCH-FIX-UPSTREAM - return ntp offset absolute (as positive value) in performance data since warn and crit are also positive values 
-Patch122:       %{name}-2.3.3-check_ntp_perf_absolute.patch
-# PATCH-FIX-UPSTREAM - see https://github.com/monitoring-plugins/monitoring-plugins/pull/1322
-Patch125:       monitoring-plugins-2.3.3-check_ssh.patch
-Patch126:       monitoring-plugins-2.3.3-check_ssh.t_-_improve_testing.patch
-Patch128:       monitoring-plugins-2.3.3-check_disk_on_btrfs.patch
-# PATCH-FIX-UPSTREAM - see https://github.com/monitoring-plugins/monitoring-plugins/pull/1774
-Patch129:       monitoring-plugins-2.3.3-check_by_ssh.patch
+Patch122:       %{name}-2.4.0-check_ntp_perf_absolute.patch
+Patch130:       %{name}-2.4.0-check_http-proxy.patch
+Patch131:       %{name}-2.4.0-check_dbi-type_mismatch.patch
+
+# Backport MTU checking and fixes for v4/v6 handling with dualstack IPs
+Patch200:       0001-Backport-fping-MTU-and-ipv4-6-handling-improvements.patch
+
+BuildRequires:  automake
 BuildRequires:  bind-utils
 BuildRequires:  dhcp-devel
 BuildRequires:  fping
@@ -80,8 +84,6 @@ BuildRequires:  fping
 PreReq:         permissions
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  autoconf
-BuildRequires:  automake
 %if 0%{?suse_version} > 1599
 BuildRequires:  coreutils-systemd
 %endif
@@ -94,7 +96,13 @@ BuildRequires:  nagios-rpm-macros
 BuildRequires:  net-snmp-devel
 BuildRequires:  openldap2-devel
 BuildRequires:  openssh
+%if 0%{?suse_version} == 1315
+# force OpenSSL 1.1 on SLE 12, and avoid old pgsql which wants 1.0
+BuildRequires:  libopenssl-1_1-devel
+BuildConflicts: postgresql10-devel
+%else
 BuildRequires:  openssl-devel
+%endif
 %if 0%{?fedora_version} ||  0%{?rhel_version} || 0%{?centos_version}
 BuildRequires:  net-snmp-perl
 BuildRequires:  net-snmp-utils
@@ -109,20 +117,11 @@ BuildRequires:  systemd-devel
 %endif
 BuildRequires:  samba-client
 %if 0%{?suse_version}
-%if 0%{?suse_version} > 1020
 BuildRequires:  freeradius-client-devel
 BuildRequires:  rpcbind
-%else
-BuildRequires:  portmap
-BuildRequires:  radiusclient
-%endif
-%if 0%{?suse_version} > 910
-BuildRequires:  krb5-devel
-%else
-BuildRequires:  heimdal-devel
-%endif
-%else
 BuildRequires:  krb5-devel
+BuildRequires:  libcurl-devel
+BuildRequires:  uriparser-devel
 %endif
 # recommend the old, included checks to allow an easy update - but
 # also allow users to deselect some of the new sub-packages
@@ -199,7 +198,9 @@ Requires:       %{name}-common = %{version}
 Recommends:     %{name}-fping
 Recommends:     %{name}-hpjd
 Recommends:     %{name}-ldap
+%if %{with mssql}
 Recommends:     %{name}-mssql
+%endif
 Recommends:     %{name}-mysql
 Recommends:     %{name}-pgsql
 Recommends:     %{name}-snmp
@@ -227,6 +228,7 @@ Recommends:     %{name}-clamav
 Recommends:     %{name}-cluster
 Recommends:     %{name}-contentage
 Recommends:     %{name}-cups
+Recommends:     %{name}-curl
 Recommends:     %{name}-dbi-mysql
 Recommends:     %{name}-dbi-pgsql
 Recommends:     %{name}-dbi-sqlite3
@@ -259,7 +261,9 @@ Recommends:     %{name}-maintenance
 Recommends:     %{name}-mem
 Recommends:     %{name}-mrtg
 Recommends:     %{name}-mrtgtraf
+%if %{with mssql}
 Recommends:     %{name}-mssql
+%endif
 Recommends:     %{name}-mysql
 Recommends:     %{name}-mysql_health
 Recommends:     %{name}-nagios
@@ -306,20 +310,6 @@ This virtual package recommends all currently available, official
 Monitoring plugins and additional packages that are available in
 https://build.opensuse.org/project/show/server:monitoring

-%if 0%{?suse_version} < 01310
-%package apt
-Summary:        Check for software updates via apt-get
-Group:          System/Monitoring
-Requires:       %{apt_get_command}
-Provides:       nagios-plugins-apt = %{version}
-Obsoletes:      nagios-plugins-apt <= 1.5
-
-%description apt
-This plugin checks for software updates on systems that use package management
-systems based on the apt-get command found in Debian GNU/Linux or Ubuntu for
-example.
-%endif
-
 %package breeze
 Summary:        Monitor Breezecom wireless equipment
 Group:          System/Monitoring
@@ -375,6 +365,21 @@ Obsoletes:      nagios-plugins-common <= 1.5
 This package includes the libraries (scripts) that are included by many
 of the standard checks.

+%package curl
+Summary:        Test the HTTP service on the specified host, via libcurl
+Group:          System/Monitoring
+Provides:       nagios-plugins-curl = %{version}
+Obsoletes:      nagios-plugins-curl <= 1.5
+
+%description curl
+This plugin tests the HTTP service on the specified host. It can test
+normal (http) and secure (https) servers, follow redirects, search for
+strings and regular expressions, check connection times, and report on
+certificate expiration times.
+
+It makes use of libcurl to do so. It tries to be as compatible to check_http
+as possible.
+
 %package dbi
 Summary:        Check databases using DBI
 Group:          System/Monitoring
@@ -448,9 +453,6 @@ Obsoletes:      nagios-plugins-dhcp <= 1.5
 %if 0%{?suse_version}
 Recommends:     apparmor-parser
 Recommends:     apparmor-profiles
-%else
-#Requires:       apparmor-parser
-#Requires:       apparmor-profiles
 %endif

 %description dhcp
@@ -552,19 +554,6 @@ Obsoletes:      nagios-plugins-fping <= 1.5
 This plugin will use the fping command to ping the specified host for
 a fast check. Note that it is necessary to set the suid flag on fping.

-%if 0%{?suse_version} < 01310
-%package game
-Summary:        Gameserver check
-Group:          System/Monitoring
-Requires:       %{qstat_command}
-Provides:       nagios-plugins-game = %{version}
-Obsoletes:      nagios-plugins-game <= 1.5
-
-%description game
-Check connections to game servers. This plugin uses the 'qstat' command, the
-popular game server status query tool.
-%endif
-
 %package hpjd
 Summary:        Check status of an HP printer
 Group:          System/Monitoring
@@ -742,6 +731,7 @@ incoming or outgoing rates exceed the <icl> or <ocl> thresholds (in
 Bytes/sec), a CRITICAL status results.  If either of the rates exceed
 the <iwl> or <owl> thresholds (in Bytes/sec), a WARNING status results.

+%if %{with mssql}
 %package mssql
 Summary:        MS-SQL server or Sybase server query check
 Group:          System/Monitoring
@@ -752,10 +742,14 @@ Requires:       perl(FindBin)
 Requires:       perl

 %description mssql
-This plugin runs a query against a MS-SQL server or Sybase server and returns
-the first row. It returns an error if no responses are running. Row is passed
-to perfdata	in semicolon delimited format.
-A simple sql statement like \"select getdate()\" verifies server responsiveness.
+Runs a query against a Microsoft SQL or Sybase server and returns the first
+row; returns an error if no responses are found.  The row is passed to perfdata
+in semicolon-delimited format.
+A simple sql statement like "select getdate()" verifies server responsiveness.
+
+This plugin is written in Perl and requires DBD::Sybase, which in turn needs
+freetds.  Those may require additional repositories.
+%endif

 %package mysql
 Summary:        Test a MySQL DBMS
@@ -815,9 +809,6 @@ Provides:       %{name}-ntp = %{version}
 %if 0%{?suse_version}
 Recommends:     apparmor-parser
 Recommends:     apparmor-profiles
-%else
-#Requires:       apparmor-parser
-#Requires:       apparmor-profiles
 %endif

 %description ntp_time
@@ -1111,7 +1102,7 @@ or one selected. It can also check queue there:
 it will provide the size of the queue of age of queue.

 %prep
-%setup -q
+%autosetup -p1
 %if 0%{?suse_version}
 mkdir -p example/permissions.d
 cp %{S:11} example/permissions.d/%{name}
@@ -1137,23 +1128,13 @@ with the libdbi driver for $extension.
 EOF
 done

-%patch6 -p1
-# Debian patches
-%patch121 -p1
-%patch122 -p1
-# Github patches
-%patch125 -p1
-%patch126 -p1
-%patch128 -p1
-%patch129 -p1
-find -type f -exec chmod 644 {} +

 %build
+autoreconf -v --force --install
 export CFLAGS="%{optflags} -fno-strict-aliasing -DLDAP_DEPRECATED"
-gettextize -f --no-changelog
-autoreconf -fi
-chmod a+x NP-VERSION-GEN
-chmod +x configure # needed as configure script is not executable in 1.5..
+# Translations were (temporarily?) removed upstream:
+#   https://github.com/monitoring-plugins/monitoring-plugins/pull/1947
+#gettextize -f --no-changelog
 %configure \
 	--enable-static=no \
 	--enable-extra-opts \
@@ -1162,32 +1143,24 @@ chmod +x configure # needed as configure script is not executable in 1.5..
 	--with-apt-get-command=%{apt_get_command} \
 	--with-cgiurl=/nagios/cgi-bin \
 	--with-fping-command=%{_sbindir}/fping \
-    --with-fping6-command=%{_sbindir}/fping6 \
 	--with-ipv6 \
-	--with-ntpq-command=%{_sbindir}/ntpq \
-	--with-ntpdc-command=%{_sbindir}/ntpdc \
-	--with-ntpdate-command=%{_sbindir}/ntpdate \
 	--with-openssl=%{_prefix} \
 	--with-perl=%{_bindir}/perl \
 	--with-pgsql=%{_prefix} \
 	--with-ping6-command='/bin/ping6 -n -U -w %d -c %d %s' \
-	--with-proc-loadavg=/proc/loadavg \
 	--with-ps-command="/bin/ps axwo 'stat uid pid ppid vsz rss pcpu etime comm args'" \
 	--with-ps-format='%s %d %d %d %d %d %f %s %s %n' \
 	--with-ps-cols=10 \
 	--with-ps-varlist='procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,procetime,procprog,&pos' \
-%if 0%{?suse_version} > 1300
 	--with-rpcinfo-command=/sbin/rpcinfo \
-%else
-	--with-rpcinfo-command=%{_sbindir}/rpcinfo \
-%endif
 	--with-qstat-command=%{qstat_command} \
 	--with-mysql=%{_prefix} \
 	--disable-rpath
+
 make all %{?_smp_mflags}

 %install
-sed -i 's,^MKINSTALLDIRS.*,MKINSTALLDIRS = ../mkinstalldirs,' po/Makefile
+# sed -i 's,^MKINSTALLDIRS.*,MKINSTALLDIRS = ../mkinstalldirs,' po/Makefile
 %make_install install-root
 install -m 0755 %{S:18} %{buildroot}%{nagios_plugindir}/check_cups
 # provide check_host and check_rta_multi as on Debian
@@ -1198,9 +1171,12 @@ if [ -x %{buildroot}%{nagios_plugindir}/check_icmp ] ; then
 	ln -s %{nagios_plugindir}/check_icmp %{buildroot}%{nagios_plugindir}/check_rta_multi ;
 fi
 # Factory maintainers do not want packages requiring software not in Factory: remove the checks
-%if 0%{?suse_version} >= 01310
 rm %{buildroot}%{nagios_plugindir}/check_apt
 rm %{buildroot}%{nagios_plugindir}/check_game
+
+# mssql plugin is not installable due to missing package DBD::Sybase - Do not ship until built --with=mssql
+%if %{without mssql}
+rm %{buildroot}%{nagios_plugindir}/check_mssql
 %endif

 # fix "use lib" on installed perl checks
@@ -1268,41 +1244,31 @@ EOF
 install -Dm 644  %{SOURCE27} %{buildroot}%{_sysconfdir}/%{name}/README
 touch %{buildroot}%{_sysconfdir}/%{name}/%{name}.ini

-# find locale files
-%find_lang %{name}
+
+%check
+#
+

 %if 0%{?suse_version}
 %post dhcp
 # in case somebody uses the permissions file we provide
 # in docdir, run permission here
 if [ -f %{_sysconfdir}/permissions.d/monitoring-plugins ]; then
-%if 0%{?suse_version} < 1210
-%run_permissions
-%else
 	%set_permissions monitoring-plugins
-%endif
 fi

 %post icmp
 if [ -f %{_sysconfdir}/permissions.d/monitoring-plugins ]; then
 # in case somebody uses the permissions file we provide
 # in docdir, run permission here
-%if 0%{?suse_version} < 1210
-%run_permissions
-%else
 %set_permissions monitoring-plugins
-%endif
 fi

 %post ide_smart
 if [ -f %{_sysconfdir}/permissions.d/monitoring-plugins ]; then
 # in case somebody uses the permissions file we provide
 # in docdir, run permission here
-%if 0%{?suse_version} < 1210
-%run_permissions
-%else
 %set_permissions monitoring-plugins
-%endif
 fi
 %endif

@@ -1345,7 +1311,7 @@ fi
 %dir %{nagios_plugindir}
 %{nagios_plugindir}/check_cluster

-%files common -f %{name}.lang
+%files common 
 %defattr(-,root,root)
 %doc ABOUT-NLS ACKNOWLEDGEMENTS AUTHORS ChangeLog CODING FAQ
 %doc NEWS README REQUIREMENTS SUPPORT README.SUSE
@@ -1368,6 +1334,11 @@ fi
 %{nagios_plugindir}/utils.sh
 %attr(0644,root,root) %{nagios_plugindir}/utils.pm

+%files curl
+%defattr(0755,root,root)
+%dir %{nagios_plugindir}
+%{nagios_plugindir}/check_curl
+
 %files dbi
 %defattr(-,root,root)
 %dir %{nagios_plugindir}
@@ -1439,13 +1410,6 @@ fi
 %dir %{nagios_plugindir}
 %{nagios_plugindir}/check_fping

-%if 0%{?suse_version} < 01310
-%files game
-%defattr(0755,root,root)
-%dir %{nagios_plugindir}
-%{nagios_plugindir}/check_game
-%endif
-
 %files hpjd
 %defattr(0755,root,root)
 %dir %{nagios_plugindir}
@@ -1522,11 +1486,12 @@ fi
 %dir %{nagios_plugindir}
 %{nagios_plugindir}/check_mrtgtraf

-
+%if %{with mssql}
 %files mssql
 %defattr(0755,root,root)
 %dir %{nagios_plugindir}
 %{nagios_plugindir}/check_mssql
+%endif

 %files mysql
 %defattr(0755,root,root)
--- a/usr.lib.nagios.plugins.check_disk
+++ b/usr.lib.nagios.plugins.check_disk
@@ -4,6 +4,7 @@
   #include <abstractions/consoles>
   #include <abstractions/nameservice>
   /etc/mtab                        r,
-   @{PROC}/[0-9]*/mounts            r,
+   @{PROC}/@{pid}/mounts            r,
+   @{PROC}/@{pid}/mountinfo         r,
   /usr/lib/nagios/plugins/check_disk rm,
 }
--- a/usr.lib.nagios.plugins.check_load
+++ b/usr.lib.nagios.plugins.check_load
@@ -8,4 +8,5 @@
   /proc/uptime r,
   /proc/meminfo r,
   /proc/loadavg r,
+   /run/systemd/sessions/* r,
 }
--- a/usr.lib.nagios.plugins.check_procs
+++ b/usr.lib.nagios.plugins.check_procs
@@ -9,5 +9,6 @@
  /{usr/,}bin/ps rix,
  /proc/ r,
  /proc/** r,
+  /sys/devices/system/node/ r,
  /usr/lib/nagios/plugins/check_procs mr,
 }
				`@@ -1 +0,0 @@`
				`fcbe2068cb55aeaca3ebe67b619cb345a6705184 *monitoring-plugins-2.3.5.tar.gz`
				`@@ -0,0 +1 @@`
				`595fcfe92a5273031e8ad7f294ba683c27078a1a *monitoring-plugins-2.4.0.tar.gz`