- update to 4.1.0
ENHANCEMENTS
+ Add support for OpenSSL 3 (and EL9/Debian 11/Ubuntu 22)
+ Allow tcpd/libwrap to be excluded from build when present on the system
+ Allow loading of full certificate chains
+ Change -u (connection issues return UNKNOWN) to include all SSL-layer failures.
+ Disable renegotiation and enforce server cipher order when using SSL
+ Verify that private keys match certificates when using SSL
FIXES
+ Fixed incorrect default for nasty_metachars in nrpe.cfg
+ Fixed incorrect help text for --use-adh
+ Fixed potential out-of-bound read when used with IPv6
- use system-user-nagios package to create the neccessary
user and group
- remove macros for old, unsupported SUSE versions
- refresh patches:
+ nrpe-implicit_declaration.patch
+ nrpe-static_dh_parameters.patch
+ nrpe-4.0.4-silence_wrong_package_version_messages.patch
- remove patches:
+ nrpe-disable-chkconfig_in_Makefile.patch (obsolete)
+ nrpe-improved_help.patch (fixed upstream)
+ nrpe_check_control.patch (better fix inside the spec file
and use existing nagios macros)
- remove obsolete nrpe-rpmlintrc
OBS-URL: https://build.opensuse.org/request/show/1145416
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nrpe?expand=0&rev=19
ENHANCEMENTS
+ Add support for OpenSSL 3 (and EL9/Debian 11/Ubuntu 22)
+ Allow tcpd/libwrap to be excluded from build when present on the system
+ Allow loading of full certificate chains
+ Change -u (connection issues return UNKNOWN) to include all SSL-layer failures.
+ Disable renegotiation and enforce server cipher order when using SSL
+ Verify that private keys match certificates when using SSL
FIXES
+ Fixed incorrect default for nasty_metachars in nrpe.cfg
+ Fixed incorrect help text for --use-adh
+ Fixed potential out-of-bound read when used with IPv6
- use system-user-nagios package to create the neccessary
user and group
- remove macros for old, unsupported SUSE versions
- refresh patches:
+ nrpe-implicit_declaration.patch
+ nrpe-static_dh_parameters.patch
+ nrpe-4.0.4-silence_wrong_package_version_messages.patch
- remove patches:
+ nrpe-disable-chkconfig_in_Makefile.patch (obsolete)
+ nrpe-improved_help.patch (fixed upstream)
+ nrpe_check_control.patch (better fix inside the spec file
and use existing nagios macros)
- remove obsolete nrpe-rpmlintrc
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/nrpe?expand=0&rev=91
NRPE logs 'packet version was invalid' and 'Could not read request
from client' if the NRPE version on the client does not match the
one on the server side.
This patch reduces the importance of the log entry to be just
informal, which should silent most client logs, while it makes
it still available for debugging.
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/nrpe?expand=0&rev=82
ENHANCEMENTS
* Added TLSv1.3 and TLSv1.3+ support for systems that have it (Nigel Yong, Rahul Golam)
* Added IPv6 ip address to list of default allow_from hosts (Troy Lea)
* Added -D option to disable logging to syslog (Tom Griep, Sebastian Wolf)
* Added -3 option to force check_nrpe to use NRPE v3 packets
* OpenRC: provide a default path for nrpe.cfg (Michael Orlitzky)
* OpenRC: Use RC_SVCNAME over a hard-coded PID file (j-licht)
FIXES
* Fixed nasty_metachars not being read from config file (#235) (Sebastian Wolf)
* Fixed buffer length calculations/writing past memory boundaries
on some systems (#227, #228) (Andreas Baumann, hariwe, Sebastian Wolf)
* Fixed use of uninitialized variable when validating requests (#229) (hariwe, Sebastian Wolf)
* Fixed syslog flooding with CRC-checking errors when both plugin
and agent were updated to version 4 (Sebastian Wolf)
* Checks for '!' now only occur inside the command buffer (Joni Eskelinen)
* NRPE daemon is more resilient to DOS attacks (Leonid Vasiliev)
* allowed_hosts will no longer test getaddrinfo records against the
wrong protocol (dombenson)
* nasty_metachars will now handle C escape sequences properly when
specified in the config file (Sebastian Wolf)
* Calculated packet sizes now struct padding/alignment when sending
and receiving messages (Sebastian Wolf)
* Buffer sizes are now checked before use in packet size calculation (Sebastian Wolf)
* When using include_dir, individual files' errors do not prevent
the remaining files from being read (Sebastian Wolf)
- refreshed the following patches:
* nrpe-implicit_declaration.patch
* nrpe-improved_help.patch
* nrpe_check_control.patch
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/nrpe?expand=0&rev=80
- nrpe.xml firewalld file is handled by firewalld package
- Leap 15.1 is suse_version 1500 (thanks, dimstar)
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut through the -mini flavors.
- Do not package nrpe.xml for Leap 15.0, as it is included in
firewalld package there.
- add nrpe.xml snipplet for firewalld
- still ship nrpe snipplet for SuSEfirewalld for now
- use systemd files directly from upstream:
+ drop Requires=var-run.mount line from service file
+ drop nrpe.service
+ drop nrpe.socket
+ do not create tmpfiles.d/nrpe in spec any longer
- handle migration from /etc/nagios/nrpe.cfg to /etc/nrpe.cfg also
for systemd case (triggerun)
- increase warn/crit level for processes to 350/400 in a default
installation
- added patch and dh.h file to NOT re-calculate dh.h parameters
during each build (for reproducable builds).
Can be enable/disable by setting the 'reproducable' build
condition. Default is: "on" for suse_version >= 15
+ nrpe-3.2.1-static_dh_parameters.patch
+ nrpe-3.2.1-dh.h
- use _rundir and _tmpfilesdir macros everywhere
- do not create nagios user/group during install on (open)SUSE
systems and rely on the files section here instead
- rename nagios-nrpe-rpmlintrc and nagios-nrpe-SuSEfirewall2 to
nrpe-rpmlintrc and nrpe-SuSEfirewall2
- simplify rpmlintrc
- build nrpe-doc package as noarch
- specfile cleanup & remove other distribution specials
- disable chkconfig call in Makefile on old distributions
nrpe-3.2.1-disable-chkconfig_in_Makefile.patch
OBS-URL: https://build.opensuse.org/request/show/780480
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nrpe?expand=0&rev=11
- still ship nrpe snipplet for SuSEfirewalld for now
- use systemd files directly from upstream:
+ drop Requires=var-run.mount line from service file
+ drop nrpe.service
+ drop nrpe.socket
+ do not create tmpfiles.d/nrpe in spec any longer
- handle migration from /etc/nagios/nrpe.cfg to /etc/nrpe.cfg also
for systemd case (triggerun)
- increase warn/crit level for processes to 350/400 in a default
installation
- added patch and dh.h file to NOT re-calculate dh.h parameters
during each build (for reproducable builds).
Can be enable/disable by setting the 'reproducable' build
condition. Default is: "on" for now
+ nrpe-3.2.1-static_dh_parameters.patch
+ nrpe-3.2.1-dh.h
- use _rundir and _tmpfilesdir macros everywhere
- do not create nagios user/group during install on (open)SUSE
systems and rely on the files section here instead
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/nrpe?expand=0&rev=66
- update to 3.2.1:
FIXES
- Change seteuid error messages to warning/debug (Bryan Heden)
- Fix segfault when no nrpe_user is specified (Stephen Smoogen, Bryan Heden)
- Added additional strings to error messages to remove duplicates (Bryan Heden)
- Fix nrpe.spec for rpmbuild (Bryan Heden)
- Fix error for drop_privileges when using inetd (xalasys-luc, Bryan Heden)
- update to 3.2.0:
ENHANCEMENTS
- Added max_commands definition to nrpe.cfg to rate limit simultaneous fork()ed children (Bryan Heden)
- Added -E, --stderr-to-stdout options for check_nrpe to redirect output (Bryan Heden)
- Added support for Gentoo init (Troy Lea @box293)
- Cleaned up code a bit, updated readmes and comments across the board (Bryan Heden)
- Added -V, --version to nrpe and fixed the output (Bryan Heden)
- Added different SSL error messages to be able to pinpoint where some SSL errors occured (Bryan Heden)
- Updated logic in al parse_allowed_hosts (Bryan Heden)
- Added builtin OpenSSL Engine support where available (Bryan Heden + @skrueger8)
- Clean up compilation warnings (Bryan Heden)
- Added more commented commands in nrpe.cfg (Bryan Heden)
FIXES
- Undefined check returns UNKNOWN (Bryan Heden)
- Fix incompatibility with OpenSSL 1.1.0 via SECLEVEL distinction (Bryan Heden)
- Fix ipv4 error in logfile even if address is ipv6 (Bryan Heden)
- Fix improper valid/invalid certificate warnings (Bryan Heden)
OBS-URL: https://build.opensuse.org/request/show/548780
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/nrpe?expand=0&rev=55
FIXES
- The '--log-file=' or '-g' option is missing from the help (John Frickson)
- check_nrpe = segfault when specifying a config file (John Frickson)
- Alternate log file not being used soon enough (John Frickson)
- Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson)
- Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson)
- Can't build on Debian Stretch, openssl 1.1.0c (John Frickson)
- Fix build failure with -Werror=format-security (Bas Couwenberg)
- Fixed a typo in `nrpe.spec.in` (John Frickson)
- More detailed error logging for SSL (John Frickson)
- Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)
- refreshed all patches
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/nrpe?expand=0&rev=51
