From 54ab01d89bc97973b15480c9731d3b93d29cc343 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: May 02 2017 19:22:27 +0000 Subject: Merge branch 'f25' into f26 --- diff --git a/nrpe-0000-nrpe310-git-20170502-e89e8323666 b/nrpe-0000-nrpe310-git-20170502-e89e8323666 new file mode 100644 index 0000000..422ee8d --- /dev/null +++ b/nrpe-0000-nrpe310-git-20170502-e89e8323666 @@ -0,0 +1,645 @@ +diff -up ./Changelog.git-20170502-e89e8323666 ./Changelog +--- ./Changelog.git-20170502-e89e8323666 2017-05-02 14:27:48.423453697 -0400 ++++ ./Changelog 2017-05-02 14:29:51.680774186 -0400 +@@ -2,7 +2,21 @@ + NRPE Changelog + ************** + +-3.x.x - 201x-xx-xx ++x.x.x - xxxx-xx-xx ++------------------ ++FIXES ++- The '--log-file=' or '-g' option is missing from the help (John Frickson) ++- check_nrpe = segfault when specifying a config file (John Frickson) ++- Alternate log file not being used soon enough (John Frickson) ++- Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson) ++- Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson) ++- Can't build on Debian Stretch, openssl 1.1.0c (John Frickson) ++- Fix build failure with -Werror=format-security (Bas Couwenberg) ++- Fixed a typo in `nrpe.spec.in` (John Frickson) ++- More detailed error logging for SSL (John Frickson) ++ ++ ++3.1.0 - 2017-04-17 + ------------------ + ENHANCEMENTS + - Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson) +diff -up ./configure.ac.git-20170502-e89e8323666 ./configure.ac +--- ./configure.ac.git-20170502-e89e8323666 2017-05-02 14:27:48.425453670 -0400 ++++ ./configure.ac 2017-05-02 14:29:52.544762413 -0400 +@@ -5,15 +5,15 @@ define([AC_CACHE_LOAD],) + define([AC_CACHE_SAVE],) + + m4_include([build-aux/custom_help.m4]) +-AC_INIT([nrpe],[3.1.0-rc1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/]) ++AC_INIT([nrpe],[3.1.0],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/]) + AC_CONFIG_SRCDIR([src/nrpe.c]) + AC_CONFIG_AUX_DIR([build-aux]) + AC_PREFIX_DEFAULT(/usr/local/nagios) + + PKG_NAME=nrpe +-PKG_VERSION="3.1.0-rc1" ++PKG_VERSION="3.1.0" + PKG_HOME_URL="http://www.nagios.org/" +-PKG_REL_DATE="2017-04-06" ++PKG_REL_DATE="2017-04-19" + RPM_RELEASE=1 + + LANG=C +@@ -304,10 +304,18 @@ AC_ARG_ENABLE([ssl], + fi + ],check_for_ssl=yes) + ++need_dh=yes ++AC_ARG_WITH([need_dh], ++ AS_HELP_STRING([--with-need-dh],[set to 'no' to not include Diffie-Hellman SSL logic]), ++ [need_dh=$withval], ++ [nrpe_group=need_dh]) ++ + dnl Optional SSL library and include paths + if test x$check_for_ssl = xyes; then + # need_dh should only be set for NRPE +- need_dh=yes ++# need_dh=yes ++echo "need_dh = |$need_dh|" ++sleep 10; + AC_NAGIOS_GET_SSL + fi + +diff -up ./configure.git-20170502-e89e8323666 ./configure +--- ./configure.git-20170502-e89e8323666 2017-05-02 14:27:48.424453683 -0400 ++++ ./configure 2017-05-02 14:29:52.152767759 -0400 +@@ -1,6 +1,6 @@ + #! /bin/sh + # Guess values for system-dependent variables and create Makefiles. +-# Generated by GNU Autoconf 2.69 for nrpe 3.1.0-rc1. ++# Generated by GNU Autoconf 2.69 for nrpe 3.1.0. + # + # Report bugs to . + # +@@ -580,8 +580,8 @@ MAKEFLAGS= + # Identity of this package. + PACKAGE_NAME='nrpe' + PACKAGE_TARNAME='nrpe' +-PACKAGE_VERSION='3.1.0-rc1' +-PACKAGE_STRING='nrpe 3.1.0-rc1' ++PACKAGE_VERSION='3.1.0' ++PACKAGE_STRING='nrpe 3.1.0' + PACKAGE_BUGREPORT='nagios-users@lists.sourceforge.net' + PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/' + +@@ -757,6 +757,7 @@ with_logdir + with_piddir + with_pipedir + enable_ssl ++with_need_dh + with_ssl + with_ssl_inc + with_ssl_lib +@@ -1319,7 +1320,7 @@ if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +-\`configure' configures nrpe 3.1.0-rc1 to adapt to many kinds of systems. ++\`configure' configures nrpe 3.1.0 to adapt to many kinds of systems. + + Usage: $0 [OPTION]... [VAR=VALUE]... + +@@ -1369,7 +1370,7 @@ fi + + if test -n "$ac_init_help"; then + case $ac_init_help in +- short | recursive ) echo "Configuration of nrpe 3.1.0-rc1:";; ++ short | recursive ) echo "Configuration of nrpe 3.1.0:";; + esac + cat <<\_ACEOF + +@@ -1422,6 +1423,7 @@ Optional Packages: + --with-logdir=DIR where log files should be placed + --with-piddir=DIR where the PID file should be placed + --with-pipedir=DIR where socket and pipe files should be placed ++ --with-need-dh set to 'no' to not include Diffie-Hellman SSL logic + --with-ssl=DIR sets location of the SSL installation + --with-ssl-inc=DIR sets location of the SSL include files + --with-ssl-lib=DIR sets location of the SSL libraries +@@ -1514,7 +1516,7 @@ fi + test -n "$ac_init_help" && exit $ac_status + if $ac_init_version; then + cat <<\_ACEOF +-nrpe configure 3.1.0-rc1 ++nrpe configure 3.1.0 + generated by GNU Autoconf 2.69 + + Copyright (C) 2012 Free Software Foundation, Inc. +@@ -2120,7 +2122,7 @@ cat >config.log <<_ACEOF + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. + +-It was created by nrpe $as_me 3.1.0-rc1, which was ++It was created by nrpe $as_me 3.1.0, which was + generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ +@@ -2485,9 +2487,9 @@ ac_configure="$SHELL $ac_aux_dir/configu + + + PKG_NAME=nrpe +-PKG_VERSION="3.1.0-rc1" ++PKG_VERSION="3.1.0" + PKG_HOME_URL="http://www.nagios.org/" +-PKG_REL_DATE="2017-04-06" ++PKG_REL_DATE="2017-04-19" + RPM_RELEASE=1 + + LANG=C +@@ -3020,29 +3022,29 @@ fi + + inetd_disabled="" + +- if test x"$init_type" = "xupstart"; then +- inetd_type="upstart" +- elif test "$opsys" = "osx"; then +- inetd_type="launchd" +- fi +- +- if test x"$inetd_type" = x; then +- case $dist_type in #( ++ case $dist_type in #( + solaris) : + if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then +- inetd_type="$init_type" +- else +- inetd_type="inetd" +- fi ;; #( ++ inetd_type="$init_type" ++ else ++ inetd_type="inetd" ++ fi ;; #( + *bsd*) : + inetd_type=`ps -A -o comm -c | grep inetd` ;; #( ++ osx) : ++ inetd_type=`launchd` ;; #( + aix|hp-ux) : + inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1` ;; #( + *) : +- inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND` ;; #( ++ inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1` ;; #( + *) : + ;; + esac ++ ++ if test x"$inetd_type" = x; then ++ if test x"$init_type" = "xupstart"; then ++ inetd_type="upstart" ++ fi + fi + + if test x"$inetd_type" = x; then +@@ -4346,7 +4348,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri + # report actual input values of CONFIG_FILES etc. instead of their + # values after options handling. + ac_log=" +-This file was extended by nrpe $as_me 3.1.0-rc1, which was ++This file was extended by nrpe $as_me 3.1.0, which was + generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES +@@ -4400,7 +4402,7 @@ _ACEOF + cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" + ac_cs_version="\\ +-nrpe config.status 3.1.0-rc1 ++nrpe config.status 3.1.0 + configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +@@ -7278,9 +7280,21 @@ else + fi + + ++need_dh=yes ++ ++# Check whether --with-need_dh was given. ++if test "${with_need_dh+set}" = set; then : ++ withval=$with_need_dh; need_dh=$withval ++else ++ nrpe_group=need_dh ++fi ++ ++ + if test x$check_for_ssl = xyes; then + # need_dh should only be set for NRPE +- need_dh=yes ++# need_dh=yes ++echo "need_dh = |$need_dh|" ++sleep 10; + + + # ------------------------------- +@@ -8272,7 +8286,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri + # report actual input values of CONFIG_FILES etc. instead of their + # values after options handling. + ac_log=" +-This file was extended by nrpe $as_me 3.1.0-rc1, which was ++This file was extended by nrpe $as_me 3.1.0, which was + generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES +@@ -8335,7 +8349,7 @@ _ACEOF + cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" + ac_cs_version="\\ +-nrpe config.status 3.1.0-rc1 ++nrpe config.status 3.1.0 + configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +diff -up ./include/common.h.in.git-20170502-e89e8323666 ./include/common.h.in +--- ./include/common.h.in.git-20170502-e89e8323666 2017-05-02 14:27:48.426453656 -0400 ++++ ./include/common.h.in 2017-05-02 14:29:52.890757698 -0400 +@@ -2,7 +2,7 @@ + * + * COMMON.H - NRPE Common Include File + * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org) +- * Last Modified: 2017-04-06 ++ * Last Modified: 2017-04-19 + * + * License: + * +@@ -33,8 +33,8 @@ + # endif + #endif + +-#define PROGRAM_VERSION "3.1.0-rc1" +-#define MODIFICATION_DATE "2017-04-06" ++#define PROGRAM_VERSION "3.1.0" ++#define MODIFICATION_DATE "2017-04-19" + + #define OK 0 + #define ERROR -1 +diff -up ./macros/ax_nagios_get_inetd.git-20170502-e89e8323666 ./macros/ax_nagios_get_inetd +--- ./macros/ax_nagios_get_inetd.git-20170502-e89e8323666 2017-05-02 14:27:48.427453643 -0400 ++++ ./macros/ax_nagios_get_inetd 2017-05-02 14:29:53.260752658 -0400 +@@ -93,29 +93,30 @@ AC_SUBST(inetd_type) + + inetd_disabled="" + +- if test x"$init_type" = "xupstart"; then +- inetd_type="upstart" +- elif test "$opsys" = "osx"; then +- inetd_type="launchd" +- fi ++ AS_CASE([$dist_type], ++ [solaris], ++ if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then ++ inetd_type="$init_type" ++ else ++ inetd_type="inetd" ++ fi, ++ ++ [*bsd*], ++ inetd_type=`ps -A -o comm -c | grep inetd`, + +- if test x"$inetd_type" = x; then +- AS_CASE([$dist_type], +- [solaris], +- if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then +- inetd_type="$init_type" +- else +- inetd_type="inetd" +- fi, ++ [osx], ++ inetd_type=`launchd`, + +- [*bsd*], +- inetd_type=`ps -A -o comm -c | grep inetd`, ++ [aix|hp-ux], ++ inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`, + +- [aix|hp-ux], +- inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`, ++ [*], ++ inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`]) + +- [*], +- inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`]) ++ if test x"$inetd_type" = x; then ++ if test x"$init_type" = "xupstart"; then ++ inetd_type="upstart" ++ fi + fi + + if test x"$inetd_type" = x; then +diff -up ./nrpe.spec.in.git-20170502-e89e8323666 ./nrpe.spec.in +--- ./nrpe.spec.in.git-20170502-e89e8323666 2017-05-02 14:27:48.427453643 -0400 ++++ ./nrpe.spec.in 2017-05-02 14:29:53.628747644 -0400 +@@ -9,7 +9,7 @@ + %endif + %if %{islinux} + %define _init_dir @initdir@ +- %define _init_tyhpe @init_type@ ++ %define _init_type @init_type@ + %define _exec_prefix %{_prefix}/sbin + %define _bindir %{_prefix}/sbin + %define _sbindir %{_prefix}/lib/nagios/cgi +@@ -22,7 +22,7 @@ + %define _sysconfdir /etc/nagios + + %define name @PACKAGE_NAME@ +-%define version 3.1.0-rc1 ++%define version 3.1.0 + %define release @RPM_RELEASE@ + %define nsusr @nrpe_user@ + %define nsgrp @nrpe_group@ +diff -up ./src/check_nrpe.c.git-20170502-e89e8323666 ./src/check_nrpe.c +--- ./src/check_nrpe.c.git-20170502-e89e8323666 2017-05-02 14:27:48.428453629 -0400 ++++ ./src/check_nrpe.c 2017-05-02 14:29:54.004742521 -0400 +@@ -4,7 +4,7 @@ + * Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org) + * License: GPL + * +- * Last Modified: 2017-04-06 ++ * Last Modified: 2017-04-19 + * + * Command line: CHECK_NRPE -H [-p port] [-c command] [-to to_sec] + * +@@ -116,8 +116,6 @@ int main(int argc, char **argv) + + result = process_arguments(argc, argv, 0); + +- open_log_file(); +- + if (result != OK || show_help == TRUE || show_license == TRUE || show_version == TRUE) + usage(result); /* usage() will call exit() */ + +@@ -466,6 +464,7 @@ int process_arguments(int argc, char **a + break; + } + log_file = strdup(optarg); ++ open_log_file(); + break; + + default: +@@ -558,10 +557,10 @@ int read_config_file(char *fname) + + bufp = buf; + while (argc < 50) { ++ while (*bufp && strchr(delims, *bufp)) ++ ++bufp; + if (*bufp == '\0') + break; +- while (strchr(delims, *bufp)) +- ++bufp; + argv[argc] = my_strsep(&bufp, delims); + if (!argv[argc++]) + break; +@@ -667,7 +666,7 @@ void usage(int result) + printf("Usage: check_nrpe -H [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d ]\n" + " [-P ] [-S ] [-L ] [-C ]\n" + " [-K ] [-A ] [-s ] [-b ]\n" +- " [-f ] [-p ] [-t :]\n" ++ " [-f ] [-p ] [-t :] [-g ]\n" + " [-c ] [-a ]\n"); + printf("\n"); + printf("Options:\n"); +@@ -704,6 +703,7 @@ void usage(int result) + printf(" = SSL Logging Options\n"); + printf(" = bind to local address\n"); + printf(" = configuration file to use\n"); ++ printf(" = full path to the log file to write to\n"); + printf(" [port] = The port on which the daemon is running (default=%d)\n", + DEFAULT_SERVER_PORT); + printf(" [command] = The name of the command that the remote daemon should run\n"); +@@ -743,7 +743,7 @@ void usage(int result) + void setup_ssl() + { + #ifdef HAVE_SSL +- int vrfy; ++ int vrfy, x; + + if (sslprm.log_opts & SSL_LogStartup) { + char *val; +@@ -878,7 +878,9 @@ void setup_ssl() + break; + case TLSv1_2: + case TLSv1_2_plus: ++#ifdef SSL_OP_NO_TLSv1_1 + ssl_opts |= SSL_OP_NO_TLSv1_1; ++#endif + case TLSv1_1: + case TLSv1_1_plus: + ssl_opts |= SSL_OP_NO_TLSv1; +@@ -897,14 +899,23 @@ void setup_ssl() + + if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) { + if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) { +- SSL_CTX_free(ctx); + printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file); ++ while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { ++ printf("Error: could not use certificate file '%s': %s\n", ++ sslprm.cert_file, ERR_reason_error_string(x)); ++ } ++ SSL_CTX_free(ctx); + exit(STATE_CRITICAL); + } + if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) { + SSL_CTX_free(ctx); + printf("Error: could not use private key file '%s'.\n", + sslprm.privatekey_file); ++ while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { ++ printf("Error: could not use private key file '%s': %s\n", ++ sslprm.privatekey_file, ERR_reason_error_string(x)); ++ } ++ SSL_CTX_free(ctx); + exit(STATE_CRITICAL); + } + } +@@ -913,8 +924,12 @@ void setup_ssl() + vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + SSL_CTX_set_verify(ctx, vrfy, verify_callback); + if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) { +- SSL_CTX_free(ctx); + printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file); ++ while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { ++ printf("Error: could not use CA certificate '%s': %s\n", ++ sslprm.privatekey_file, ERR_reason_error_string(x)); ++ } ++ SSL_CTX_free(ctx); + exit(STATE_CRITICAL); + } + } +@@ -932,8 +947,12 @@ void setup_ssl() + } + + if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) { +- SSL_CTX_free(ctx); + printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list); ++ while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { ++ printf("Could not set SSL/TLS cipher list '%s': %s\n", ++ sslprm.cipher_list, ERR_reason_error_string(x)); ++ } ++ SSL_CTX_free(ctx); + exit(STATE_CRITICAL); + } + } +diff -up ./src/nrpe.c.git-20170502-e89e8323666 ./src/nrpe.c +--- ./src/nrpe.c.git-20170502-e89e8323666 2017-05-02 14:27:48.429453615 -0400 ++++ ./src/nrpe.c 2017-05-02 14:29:54.358737697 -0400 +@@ -186,8 +186,6 @@ int main(int argc, char **argv) + return STATE_CRITICAL; + } + +- open_log_file(); +- + if (!nasty_metachars) + nasty_metachars = strdup(NASTY_METACHARS); + +@@ -244,6 +242,7 @@ void init_ssl(void) + #ifdef HAVE_SSL + DH *dh; + char seedfile[FILENAME_MAX]; ++ char errstr[120] = { "" }; + int i, c, x, vrfy; + unsigned long ssl_opts = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE; + +@@ -315,7 +314,10 @@ void init_ssl(void) + + ctx = SSL_CTX_new(meth); + if (ctx == NULL) { +- logit(LOG_ERR, "Error: could not create SSL context"); ++ while ((x = ERR_get_error()) != 0) { ++ ERR_error_string(x, errstr); ++ logit(LOG_ERR, "Error: could not create SSL context : %s", errstr); ++ } + SSL_CTX_free(ctx); + exit(STATE_CRITICAL); + } +@@ -359,7 +361,9 @@ void init_ssl(void) + break; + case TLSv1_2: + case TLSv1_2_plus: ++#ifdef SSL_OP_NO_TLSv1_1 + ssl_opts |= SSL_OP_NO_TLSv1_1; ++#endif + case TLSv1_1: + case TLSv1_1_plus: + ssl_opts |= SSL_OP_NO_TLSv1; +@@ -377,7 +381,6 @@ void init_ssl(void) + SSL_CTX_set_options(ctx, ssl_opts); + + if (sslprm.cert_file != NULL) { +- char errstr[120] = { "" }; + if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) { + SSL_CTX_free(ctx); + while ((x = ERR_get_error()) != 0) { +@@ -388,9 +391,12 @@ void init_ssl(void) + exit(STATE_CRITICAL); + } + if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) { ++ while ((x = ERR_get_error()) != 0) { ++ ERR_error_string(x, errstr); ++ logit(LOG_ERR, "Error: could not use private key file '%s' : %s", ++ sslprm.privatekey_file, errstr); ++ } + SSL_CTX_free(ctx); +- logit(LOG_ERR, "Error: could not use private key file '%s'", +- sslprm.privatekey_file); + exit(STATE_CRITICAL); + } + } +@@ -401,6 +407,10 @@ void init_ssl(void) + vrfy |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + SSL_CTX_set_verify(ctx, vrfy, verify_callback); + if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) { ++ while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) { ++ logit(LOG_ERR, "Error: could not use certificate file '%s': %s\n", ++ sslprm.cacert_file, ERR_reason_error_string(x)); ++ } + SSL_CTX_free(ctx); + logit(LOG_ERR, "Error: could not use CA certificate '%s'", sslprm.cacert_file); + exit(STATE_CRITICAL); +@@ -651,13 +661,13 @@ void cleanup(void) + free_memory(); /* free all memory we allocated */ + + if (sigrestart == TRUE && sigshutdown == FALSE) { ++ close_log_file(); + result = read_config_file(config_file); /* read the config file */ + + if (result == ERROR) { /* exit if there are errors... */ + logit(LOG_ERR, "Config file '%s' contained errors, bailing out...", config_file); + exit(STATE_CRITICAL); + } +- open_log_file(); + return; + } + +@@ -950,10 +960,11 @@ int read_config_file(char *filename) + else if (!strcmp(varname, "nasty_metachars")) + nasty_metachars = strdup(varvalue); + +- else if (!strcmp(varname, "log_file")) ++ else if (!strcmp(varname, "log_file")) { + log_file = strdup(varvalue); ++ open_log_file(); + +- else { ++ } else { + logit(LOG_WARNING, "Unknown option specified in config file '%s' - Line %d\n", + filename, line); + continue; +diff -up ./src/utils.c.git-20170502-e89e8323666 ./src/utils.c +--- ./src/utils.c.git-20170502-e89e8323666 2017-05-02 14:27:48.430453602 -0400 ++++ ./src/utils.c 2017-05-02 14:29:54.742732466 -0400 +@@ -31,6 +31,7 @@ + + #include "../include/common.h" + #include "../include/utils.h" ++#include + #ifdef HAVE_PATHS_H + #include + #endif +@@ -469,6 +470,7 @@ char *my_strsep(char **stringp, const ch + void open_log_file() + { + int fh; ++ int flags = O_RDWR|O_APPEND|O_CREAT; + struct stat st; + + close_log_file(); +@@ -476,7 +478,10 @@ void open_log_file() + if (!log_file) + return; + +- if ((fh = open(log_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) { ++#ifdef O_NOFOLLOW ++ flags |= O_NOFOLLOW; ++#endif ++ if ((fh = open(log_file, flags, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) { + printf("Warning: Cannot open log file '%s' for writing\n", log_file); + logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file); + return; +@@ -527,7 +532,7 @@ void logit(int priority, const char *for + fflush(log_fp); + + } else +- syslog(priority, buffer); ++ syslog(priority, "%s", buffer); + + free(buffer); + } +diff -up ./update-version.git-20170502-e89e8323666 ./update-version +--- ./update-version.git-20170502-e89e8323666 2017-05-02 14:27:48.431453588 -0400 ++++ ./update-version 2017-05-02 14:29:55.204726168 -0400 +@@ -28,10 +28,10 @@ else + fi + + # Current version number +-CURRENTVERSION=3.1.0-rc1 ++CURRENTVERSION=3.1.0 + + # Last date +-LASTDATE=2017-04-06 ++LASTDATE=2017-04-19 + + if [ "x$1" = "x" ] + then diff --git a/nrpe-0001-gitupdates-20170321.patch b/nrpe-0001-gitupdates-20170321.patch deleted file mode 100644 index 58467b6..0000000 --- a/nrpe-0001-gitupdates-20170321.patch +++ /dev/null @@ -1,2220 +0,0 @@ -diff -up ./Changelog.git_20170321 ./Changelog ---- ./Changelog.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./Changelog 2017-03-21 15:59:04.851507165 -0400 -@@ -2,6 +2,29 @@ - NRPE Changelog - ************** - -+3.0.x - 2016-xx-xx -+------------------ -+FIXES -+- Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach) -+- Fix help output for ssl option (configure) (Ruben Kerkhof) -+- Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe) -+- Changed the 'check_load' command in nrpe.cfg.in (minusdavid) -+- Cleanup of config.h.in suggested by Ruben Kerkhof -+- Minor change to logging in check_nrpe (John Frickson) -+- Solaris 11 detection is broken in configure (John Frickson) -+- Removed function `b64_decode` which wasn't being used (John Frickson) -+- check_nrpe ignores -a option when -f option is specified (John Frickson) -+- Added missing LICENSE file (John Frickson) -+- Off-by-one BO in my_system() (John Frickson) -+- Got rid of some compiler warnings (Stefan Krüger / John Frickson) -+- Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg) -+- nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson) -+- "Remote %s accepted a Version %s Packet", please add to debug (John Frickson) -+- nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson) -+- Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev) -+- Changed release date to ISO format (yyyy-mm-dd) (John Frickson) -+ -+ - 3.0.1 - 2016-09-08 - ------------------ - FIXES -diff -up ./LICENSE.git_20170321 ./LICENSE ---- ./LICENSE.git_20170321 2017-03-21 15:59:04.852507149 -0400 -+++ ./LICENSE 2017-03-21 15:59:04.852507149 -0400 -@@ -0,0 +1,339 @@ -+ GNU GENERAL PUBLIC LICENSE -+ Version 2, June 1991 -+ -+ Copyright (C) 1989, 1991 Free Software Foundation, Inc., -+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ Everyone is permitted to copy and distribute verbatim copies -+ of this license document, but changing it is not allowed. -+ -+ Preamble -+ -+ The licenses for most software are designed to take away your -+freedom to share and change it. By contrast, the GNU General Public -+License is intended to guarantee your freedom to share and change free -+software--to make sure the software is free for all its users. This -+General Public License applies to most of the Free Software -+Foundation's software and to any other program whose authors commit to -+using it. (Some other Free Software Foundation software is covered by -+the GNU Lesser General Public License instead.) You can apply it to -+your programs, too. -+ -+ When we speak of free software, we are referring to freedom, not -+price. Our General Public Licenses are designed to make sure that you -+have the freedom to distribute copies of free software (and charge for -+this service if you wish), that you receive source code or can get it -+if you want it, that you can change the software or use pieces of it -+in new free programs; and that you know you can do these things. -+ -+ To protect your rights, we need to make restrictions that forbid -+anyone to deny you these rights or to ask you to surrender the rights. -+These restrictions translate to certain responsibilities for you if you -+distribute copies of the software, or if you modify it. -+ -+ For example, if you distribute copies of such a program, whether -+gratis or for a fee, you must give the recipients all the rights that -+you have. You must make sure that they, too, receive or can get the -+source code. And you must show them these terms so they know their -+rights. -+ -+ We protect your rights with two steps: (1) copyright the software, and -+(2) offer you this license which gives you legal permission to copy, -+distribute and/or modify the software. -+ -+ Also, for each author's protection and ours, we want to make certain -+that everyone understands that there is no warranty for this free -+software. If the software is modified by someone else and passed on, we -+want its recipients to know that what they have is not the original, so -+that any problems introduced by others will not reflect on the original -+authors' reputations. -+ -+ Finally, any free program is threatened constantly by software -+patents. We wish to avoid the danger that redistributors of a free -+program will individually obtain patent licenses, in effect making the -+program proprietary. To prevent this, we have made it clear that any -+patent must be licensed for everyone's free use or not licensed at all. -+ -+ The precise terms and conditions for copying, distribution and -+modification follow. -+ -+ GNU GENERAL PUBLIC LICENSE -+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION -+ -+ 0. This License applies to any program or other work which contains -+a notice placed by the copyright holder saying it may be distributed -+under the terms of this General Public License. The "Program", below, -+refers to any such program or work, and a "work based on the Program" -+means either the Program or any derivative work under copyright law: -+that is to say, a work containing the Program or a portion of it, -+either verbatim or with modifications and/or translated into another -+language. (Hereinafter, translation is included without limitation in -+the term "modification".) Each licensee is addressed as "you". -+ -+Activities other than copying, distribution and modification are not -+covered by this License; they are outside its scope. The act of -+running the Program is not restricted, and the output from the Program -+is covered only if its contents constitute a work based on the -+Program (independent of having been made by running the Program). -+Whether that is true depends on what the Program does. -+ -+ 1. You may copy and distribute verbatim copies of the Program's -+source code as you receive it, in any medium, provided that you -+conspicuously and appropriately publish on each copy an appropriate -+copyright notice and disclaimer of warranty; keep intact all the -+notices that refer to this License and to the absence of any warranty; -+and give any other recipients of the Program a copy of this License -+along with the Program. -+ -+You may charge a fee for the physical act of transferring a copy, and -+you may at your option offer warranty protection in exchange for a fee. -+ -+ 2. You may modify your copy or copies of the Program or any portion -+of it, thus forming a work based on the Program, and copy and -+distribute such modifications or work under the terms of Section 1 -+above, provided that you also meet all of these conditions: -+ -+ a) You must cause the modified files to carry prominent notices -+ stating that you changed the files and the date of any change. -+ -+ b) You must cause any work that you distribute or publish, that in -+ whole or in part contains or is derived from the Program or any -+ part thereof, to be licensed as a whole at no charge to all third -+ parties under the terms of this License. -+ -+ c) If the modified program normally reads commands interactively -+ when run, you must cause it, when started running for such -+ interactive use in the most ordinary way, to print or display an -+ announcement including an appropriate copyright notice and a -+ notice that there is no warranty (or else, saying that you provide -+ a warranty) and that users may redistribute the program under -+ these conditions, and telling the user how to view a copy of this -+ License. (Exception: if the Program itself is interactive but -+ does not normally print such an announcement, your work based on -+ the Program is not required to print an announcement.) -+ -+These requirements apply to the modified work as a whole. If -+identifiable sections of that work are not derived from the Program, -+and can be reasonably considered independent and separate works in -+themselves, then this License, and its terms, do not apply to those -+sections when you distribute them as separate works. But when you -+distribute the same sections as part of a whole which is a work based -+on the Program, the distribution of the whole must be on the terms of -+this License, whose permissions for other licensees extend to the -+entire whole, and thus to each and every part regardless of who wrote it. -+ -+Thus, it is not the intent of this section to claim rights or contest -+your rights to work written entirely by you; rather, the intent is to -+exercise the right to control the distribution of derivative or -+collective works based on the Program. -+ -+In addition, mere aggregation of another work not based on the Program -+with the Program (or with a work based on the Program) on a volume of -+a storage or distribution medium does not bring the other work under -+the scope of this License. -+ -+ 3. You may copy and distribute the Program (or a work based on it, -+under Section 2) in object code or executable form under the terms of -+Sections 1 and 2 above provided that you also do one of the following: -+ -+ a) Accompany it with the complete corresponding machine-readable -+ source code, which must be distributed under the terms of Sections -+ 1 and 2 above on a medium customarily used for software interchange; or, -+ -+ b) Accompany it with a written offer, valid for at least three -+ years, to give any third party, for a charge no more than your -+ cost of physically performing source distribution, a complete -+ machine-readable copy of the corresponding source code, to be -+ distributed under the terms of Sections 1 and 2 above on a medium -+ customarily used for software interchange; or, -+ -+ c) Accompany it with the information you received as to the offer -+ to distribute corresponding source code. (This alternative is -+ allowed only for noncommercial distribution and only if you -+ received the program in object code or executable form with such -+ an offer, in accord with Subsection b above.) -+ -+The source code for a work means the preferred form of the work for -+making modifications to it. For an executable work, complete source -+code means all the source code for all modules it contains, plus any -+associated interface definition files, plus the scripts used to -+control compilation and installation of the executable. However, as a -+special exception, the source code distributed need not include -+anything that is normally distributed (in either source or binary -+form) with the major components (compiler, kernel, and so on) of the -+operating system on which the executable runs, unless that component -+itself accompanies the executable. -+ -+If distribution of executable or object code is made by offering -+access to copy from a designated place, then offering equivalent -+access to copy the source code from the same place counts as -+distribution of the source code, even though third parties are not -+compelled to copy the source along with the object code. -+ -+ 4. You may not copy, modify, sublicense, or distribute the Program -+except as expressly provided under this License. Any attempt -+otherwise to copy, modify, sublicense or distribute the Program is -+void, and will automatically terminate your rights under this License. -+However, parties who have received copies, or rights, from you under -+this License will not have their licenses terminated so long as such -+parties remain in full compliance. -+ -+ 5. You are not required to accept this License, since you have not -+signed it. However, nothing else grants you permission to modify or -+distribute the Program or its derivative works. These actions are -+prohibited by law if you do not accept this License. Therefore, by -+modifying or distributing the Program (or any work based on the -+Program), you indicate your acceptance of this License to do so, and -+all its terms and conditions for copying, distributing or modifying -+the Program or works based on it. -+ -+ 6. Each time you redistribute the Program (or any work based on the -+Program), the recipient automatically receives a license from the -+original licensor to copy, distribute or modify the Program subject to -+these terms and conditions. You may not impose any further -+restrictions on the recipients' exercise of the rights granted herein. -+You are not responsible for enforcing compliance by third parties to -+this License. -+ -+ 7. If, as a consequence of a court judgment or allegation of patent -+infringement or for any other reason (not limited to patent issues), -+conditions are imposed on you (whether by court order, agreement or -+otherwise) that contradict the conditions of this License, they do not -+excuse you from the conditions of this License. If you cannot -+distribute so as to satisfy simultaneously your obligations under this -+License and any other pertinent obligations, then as a consequence you -+may not distribute the Program at all. For example, if a patent -+license would not permit royalty-free redistribution of the Program by -+all those who receive copies directly or indirectly through you, then -+the only way you could satisfy both it and this License would be to -+refrain entirely from distribution of the Program. -+ -+If any portion of this section is held invalid or unenforceable under -+any particular circumstance, the balance of the section is intended to -+apply and the section as a whole is intended to apply in other -+circumstances. -+ -+It is not the purpose of this section to induce you to infringe any -+patents or other property right claims or to contest validity of any -+such claims; this section has the sole purpose of protecting the -+integrity of the free software distribution system, which is -+implemented by public license practices. Many people have made -+generous contributions to the wide range of software distributed -+through that system in reliance on consistent application of that -+system; it is up to the author/donor to decide if he or she is willing -+to distribute software through any other system and a licensee cannot -+impose that choice. -+ -+This section is intended to make thoroughly clear what is believed to -+be a consequence of the rest of this License. -+ -+ 8. If the distribution and/or use of the Program is restricted in -+certain countries either by patents or by copyrighted interfaces, the -+original copyright holder who places the Program under this License -+may add an explicit geographical distribution limitation excluding -+those countries, so that distribution is permitted only in or among -+countries not thus excluded. In such case, this License incorporates -+the limitation as if written in the body of this License. -+ -+ 9. The Free Software Foundation may publish revised and/or new versions -+of the General Public License from time to time. Such new versions will -+be similar in spirit to the present version, but may differ in detail to -+address new problems or concerns. -+ -+Each version is given a distinguishing version number. If the Program -+specifies a version number of this License which applies to it and "any -+later version", you have the option of following the terms and conditions -+either of that version or of any later version published by the Free -+Software Foundation. If the Program does not specify a version number of -+this License, you may choose any version ever published by the Free Software -+Foundation. -+ -+ 10. If you wish to incorporate parts of the Program into other free -+programs whose distribution conditions are different, write to the author -+to ask for permission. For software which is copyrighted by the Free -+Software Foundation, write to the Free Software Foundation; we sometimes -+make exceptions for this. Our decision will be guided by the two goals -+of preserving the free status of all derivatives of our free software and -+of promoting the sharing and reuse of software generally. -+ -+ NO WARRANTY -+ -+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -+REPAIR OR CORRECTION. -+ -+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -+POSSIBILITY OF SUCH DAMAGES. -+ -+ END OF TERMS AND CONDITIONS -+ -+ How to Apply These Terms to Your New Programs -+ -+ If you develop a new program, and you want it to be of the greatest -+possible use to the public, the best way to achieve this is to make it -+free software which everyone can redistribute and change under these terms. -+ -+ To do so, attach the following notices to the program. It is safest -+to attach them to the start of each source file to most effectively -+convey the exclusion of warranty; and each file should have at least -+the "copyright" line and a pointer to where the full notice is found. -+ -+ -+ Copyright (C) -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License along -+ with this program; if not, write to the Free Software Foundation, Inc., -+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -+ -+Also add information on how to contact you by electronic and paper mail. -+ -+If the program is interactive, make it output a short notice like this -+when it starts in an interactive mode: -+ -+ Gnomovision version 69, Copyright (C) year name of author -+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. -+ This is free software, and you are welcome to redistribute it -+ under certain conditions; type `show c' for details. -+ -+The hypothetical commands `show w' and `show c' should show the appropriate -+parts of the General Public License. Of course, the commands you use may -+be called something other than `show w' and `show c'; they could even be -+mouse-clicks or menu items--whatever suits your program. -+ -+You should also get your employer (if you work as a programmer) or your -+school, if any, to sign a "copyright disclaimer" for the program, if -+necessary. Here is a sample; alter the names: -+ -+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program -+ `Gnomovision' (which makes passes at compilers) written by James Hacker. -+ -+ , 1 April 1989 -+ Ty Coon, President of Vice -+ -+This General Public License does not permit incorporating your program into -+proprietary programs. If your program is a subroutine library, you may -+consider it more useful to permit linking proprietary applications with the -+library. If this is what you want to do, use the GNU Lesser General -+Public License instead of this License. -diff -up ./README.SSL.md.git_20170321 ./README.SSL.md ---- ./README.SSL.md.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./README.SSL.md 2017-03-21 15:59:04.852507149 -0400 -@@ -171,14 +171,14 @@ run the nrpe daemon: `db_server` and `bo - As root, do the following: - - mkdir -p -m 750 /usr/local/nagios/etc/ssl -- chown root.nagios /usr/local/nagios/etc/ssl -+ chown root:nagios /usr/local/nagios/etc/ssl - cd /usr/local/nagios/etc/ssl - mkdir -m 750 ca -- chown root.root ca -+ chown root:root ca - mkdir -m 750 server_certs -- chown root.nagios server_certs -+ chown root:nagios server_certs - mkdir -m 750 client_certs -- chown root.nagios client_certs -+ chown root:nagios client_certs - - - ####Create Certificate Authority -@@ -229,7 +229,7 @@ If you have the default `/etc/openssl.cn - mkdir demoCA/newcerts - touch demoCA/index.txt - echo "01" > demoCA/serial -- chown -R root.root demoCA -+ chown -R root:root demoCA - chmod 700 demoCA - chmod 700 demoCA/newcerts - chmod 600 demoCA/serial -@@ -242,13 +242,13 @@ Now, sign the CSRs. As root, do the foll - -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \ - -in server_certs/db_server.csr \ - -out server_certs/db_server.pem -- chown root.nagios server_certs/db_server.pem -+ chown root:nagios server_certs/db_server.pem - chmod 440 server_certs/db_server.pem - openssl ca -days 365 -notext -md sha256 \ - -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \ - -in server_certs/bobs_workstation.csr \ - -out server_certs/bobs_workstation.pem -- chown root.nagios server_certs/bobs_workstation.pem -+ chown root:nagios server_certs/bobs_workstation.pem - chmod 440 server_certs/bobs_workstation.pem - - Now, copy the `db_server.pem` and `db_server.key` files to the -@@ -271,7 +271,7 @@ running the check_nrpe program. - -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \ - -in client_certs/nag_serv.csr \ - -out client_certs/nag_serv.pem -- chown root.nagios client_certs/nag_serv.pem -+ chown root:nagios client_certs/nag_serv.pem - chmod 440 client_certs/nag_serv.pem - - Now, copy the `nag_serv.pem`, `nag_serv.key` and `ca/ca_cert.pem` -diff -up ./SECURITY.md.git_20170321 ./SECURITY.md ---- ./SECURITY.md.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./SECURITY.md 2017-03-21 15:59:04.852507149 -0400 -@@ -64,7 +64,7 @@ To help prevent some nasty things from b - clients, the following metacharacters are not allowed - in client command arguments: - -- | ` & > < ' " \ [ ] { } ; ! -+ | ` & > < ' \ [ ] { } ; ! \r \n - - Any client request which contains the above mentioned metachars - is discarded. -diff -up ./THANKS.git_20170321 ./THANKS ---- ./THANKS.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./THANKS 2017-03-21 15:59:04.852507149 -0400 -@@ -4,10 +4,12 @@ Andrew Boyce-Lewis - Andrew Ryder - Andrew Widdersheim - Bartosz Woronicz -+Bas Couwenberg - Bill Mitchell - Bjoern Beutel - Brian Seklecki - Derrick Bennett -+Elan Ruusamäe - Eric Mislivec - Eric Stanley - Gerhard Lausser -@@ -17,6 +19,7 @@ Grégory Starck - James Peterson - Jari Takkala - Jason Cook -+Jobst Schmalenbach - John Maag - Jon Andrews - Kaspersky Lab -@@ -30,12 +33,15 @@ Matthias Flacke - Niels Endres - Patric Wust - Peter Palfrader -+Philippe Kueck - Rene Klootwijk - Robert Peaslee -+Ruben Kerkhof - Ryan McGarry - Ryan Ordway - Sean Finney - Spenser Reinhardt -+Stefan Krüger - Subhendu Ghosh - Thierry Bertaud - Ton Voon -diff -up ./configure.ac.git_20170321 ./configure.ac ---- ./configure.ac.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./configure.ac 2017-03-21 15:59:04.854507118 -0400 -@@ -60,7 +60,7 @@ AC_NAGIOS_GET_INETD - AC_NAGIOS_GET_PATHS - AC_NAGIOS_GET_FILES - --if test "$dist_type" = solaris -a "$dist_ver" != smf11; then -+if test "$dist_type" = solaris -a "$dist_ver" = 10; then - AC_DEFINE(SOLARIS_10,yes) - fi - -@@ -296,7 +296,7 @@ AC_TRY_COMPILE([#include - - dnl Does user want to check for SSL? - AC_ARG_ENABLE([ssl], -- AS_HELP_STRING([--enable-ssl],[enables native SSL support]),[ -+ AS_HELP_STRING([--disable-ssl],[disables native SSL support @<:@default=check@:>@]),[ - if test x$enableval = xyes; then - check_for_ssl=yes - else -diff -up ./configure.git_20170321 ./configure ---- ./configure.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./configure 2017-03-21 15:59:04.853507133 -0400 -@@ -630,6 +630,7 @@ SSL_LIB_DIR - SSL_INC_PREFIX - SSL_HDR - SSL_INC_DIR -+SSL_TYPE - HAVE_SSL - EGREP - GREP -@@ -1388,7 +1389,7 @@ Optional Features: - '--enable-install-method', so you can see the - destinations before a full './configure', 'make', - 'make install' process. -- --enable-ssl enables native SSL support -+ --disable-ssl disables native SSL support [default=check] - --enable-command-args allows clients to specify command arguments. *** - THIS IS A SECURITY RISK! *** Read the SECURITY file - before using this option! -@@ -2751,10 +2752,12 @@ fi - bsd) : - dist_type=`uname -s | tr "A-Z" "a-z"` - dist_ver=`uname -r` ;; #( -- aix|hp-ux) : -- dist_ver=$OSTYPE ;; #( -+ aix) : -+ dist_ver="`uname -v`.`uname -r`" ;; #( -+ hp-ux) : -+ dist_ver=`uname -r | cut -d'.' -f1-3` ;; #( - solaris) : -- dist_ver=`echo $OSTYPE | cut -d'.' -f2` ;; #( -+ dist_ver=`uname -r | cut -d'.' -f2` ;; #( - *) : - dist_ver=$OSTYPE - ;; #( -@@ -2888,20 +2891,19 @@ fi - elif test "$dist_type" = "slackware"; then - init_type="bsd" - init_type_wanted=no -+ elif test "$dist_type" = "aix"; then -+ init_type="bsd" -+ init_type_wanted=no -+ elif test "$dist_type" = "hp-ux"; then -+ init_type="unknown" -+ init_type_wanted=no - fi - fi - - PSCMD="ps -p1 -o args" -- case $dist_type in #( -- aix) : -- PSCMD="env UNIX95=1; ps -p1 -o args" ;; #( -- solaris) : -- PSCMD="env UNIX95=1; ps -p1 -o args" ;; #( -- hp-ux) : -- PSCMD="env UNIX95=1; ps -p1 -o args" ;; #( -- *) : -- ;; --esac -+ if test $dist_type = solaris; then -+ PSCMD="env UNIX95=1; ps -p1 -o args" -+ fi - - if test "$init_type_wanted" = yes; then - pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1` -@@ -2948,7 +2950,7 @@ esac - - if test "$init_type_wanted" = yes; then - if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then -- if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then -+ if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then - init_type="upstart" - init_type_wanted=no - elif test -f "/etc/rc" -a ! -L "/etc/rc"; then -@@ -3154,16 +3156,21 @@ case $dist_type in #( - esac - - --need_cgi=no --need_web=no --need_brk=no --need_plg=no --need_pipe=no --need_spl=no --need_loc=no --need_log_subdir=no --need_etc_subdir=no --need_pls_dir=no -+ # Does this package need to know: -+need_cgi=no # where the cgi-bin directory is -+need_web=no # where the website directory is -+need_brk=no # where the event broker modules directory is -+need_plg=no # where the plugins directory is -+need_pipe=no # where the pipe directory is -+need_spl=no # where the spool directory is -+need_loc=no # where the locale directory is -+need_log_subdir=no # where the loc sub-directory is -+need_etc_subdir=no # where the etc sub-directory is -+need_pls_dir=no # where the package locate state directory is -+ -+if test x"$INIT_PROG" = x; then -+ INIT_PROG="$PKG_NAME" -+fi - - case $PKG_NAME in #( - nagios) : -@@ -3177,7 +3184,8 @@ case $PKG_NAME in #( - need_cgi=yes - need_web=yes ;; #( - ndoutils) : -- need_spl=yes ;; #( -+ need_brk=yes -+ need_spl=yes ;; #( - nrpe) : - need_plg=yes ;; #( - nsca) : -@@ -3348,14 +3356,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles - if test ! -d "$tmpfilesd"; then - tmpfilesd="N/A" - else -- tmpfilesd="$tmpfilesd/$PKG_NAME.conf" -+ tmpfilesd="$tmpfilesd/$INIT_PROG.conf" - fi - subsyslockdir=${subsyslockdir="/var/lock/subsys"} - if test ! -d "$subsyslockdir"; then - subsyslockdir="N/A" - subsyslockfile="N/A" - else -- subsyslockfile="$subsyslockdir/$PKG_NAME" -+ subsyslockfile="$subsyslockdir/$INIT_PROG" - fi - if test "$need_loc" = no; then - localedir="N/A" -@@ -3436,23 +3444,23 @@ elif test $opsys = "linux"; then - fi - privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"} - if test $need_log_subdir = yes; then -- logdir=${logdir="$localstatedir/log/$PKG_NAME"} -+ logdir=${logdir="$localstatedir/log/$INIT_PROG"} - else - logdir=${logdir="$localstatedir/log"} - fi -- piddir=${piddir="$localstatedir/run/${PKG_NAME}"} -+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"} - if test "$need_pipe" = yes; then -- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"} -+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"} - else - pipedir="N/A" - fi - if test "$need_pls_dir" = yes; then -- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"} -+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"} - else - pkglocalstatedir="N/A" - fi - if test "$need_spl" = yes; then -- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"} -+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"} - else - spooldir="N/A" - fi -@@ -3501,7 +3509,7 @@ elif test $opsys = "unix"; then - fi - privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"} - if test "$need_pls_dir" = yes; then -- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"} -+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"} - else - pkglocalstatedir="N/A" - fi -@@ -3509,7 +3517,7 @@ elif test $opsys = "unix"; then - localedir=${localedir="/usr/local/share/locale//LC_MESSAGES/nagios-plugins.mo"} - fi - if test "$need_spl" = yes; then -- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"} -+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"} - else - spooldir="N/A" - fi -@@ -3534,14 +3542,14 @@ elif test $opsys = "unix"; then - pipedir=${pipedir="$pkglocalstatedir"} - logdir=${logdir="$pkglocalstatedir/log"} ;; #( - *) : -- piddir=${piddir="$localstatedir/run/${PKG_NAME}"} -+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"} - if test "$need_pipe" = yes; then -- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"} -+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"} - else - pipedir="N/A" - fi - if test $need_log_subdir = yes; then -- logdir=${logdir="$localstatedir/log/$PKG_NAME"} -+ logdir=${logdir="$localstatedir/log/$INIT_PROG"} - else - logdir=${logdir="$localstatedir/log"} - fi -@@ -3594,7 +3602,7 @@ elif test $opsys = "bsd"; then - fi - privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"} - if test "$need_pls_dir" = yes; then -- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"} -+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"} - else - pkglocalstatedir="N/A" - fi -@@ -3602,7 +3610,7 @@ elif test $opsys = "bsd"; then - localedir=${localedir="/usr/local/share/locale//LC_MESSAGES/nagios-plugins.mo"} - fi - if test "$need_spl" = yes; then -- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"} -+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"} - else - spooldir="N/A" - fi -@@ -3627,14 +3635,14 @@ elif test $opsys = "bsd"; then - else - cgibindir="N/A" - fi -- piddir=${piddir="$localstatedir/run/${PKG_NAME}"} -+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"} - if test "$need_pipe" = yes; then -- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"} -+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"} - else - pipedir="N/A" - fi - if test $need_log_subdir = yes; then -- logdir=${logdir="$localstatedir/log/$PKG_NAME"} -+ logdir=${logdir="$localstatedir/log/$INIT_PROG"} - else - logdir=${logdir="$localstatedir/log"} - fi -@@ -3670,6 +3678,7 @@ eval libexecdir=$libexecdir - eval brokersdir=$brokersdir - eval pluginsdir=$pluginsdir - eval cgibindir=$cgibindir -+eval localstatedir=$localstatedir - eval pkglocalstatedir=$pkglocalstatedir - eval webdir=$webdir - eval localedir=$localedir -@@ -3687,51 +3696,56 @@ case $init_type in #( - else - initdir=${initdir="/etc/init.d"} - fi -- initname=${initname="$PKG_NAME"} -+ initname=${initname="$INIT_PROG"} - initconfdir=${initconfdir="/etc/conf.d"} -- initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #( -+ initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #( - systemd) : - if test $dist_type = "debian"; then - initdir=${initdir="/lib/systemd/system"} - else - initdir=${initdir="/usr/lib/systemd/system"} - fi -- initname=${initname="$PKG_NAME.service"} ;; #( -+ initname=${initname="$INIT_PROG.service"} ;; #( - bsd) : -- initdir=${initdir="/etc/rc.d"} -- initname=${initname="rc.$PKG_NAME"} ;; #( -+ if test $dist_type = "aix"; then -+ initdir=${initdir="/sbin/rc.d/init.d"} -+ initname=${initname="$INIT_PROG"} -+ else -+ initdir=${initdir="/etc/rc.d"} -+ initname=${initname="rc.$INIT_PROG"} -+ fi ;; #( - newbsd) : - initdir=${initdir="/etc/rc.d"} -- initname=${initname="$PKG_NAME"} ;; #( -+ initname=${initname="$INIT_PROG"} ;; #( - gentoo) : - initdir=${initdir="/etc/init.d"} -- initname=${initname="$PKG_NAME"} -+ initname=${initname="$INIT_PROG"} - initconfdir=${initconfdir="/etc/init.d"} -- initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #( -+ initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #( - openrc) : - initdir=${initdir="/etc/init.d"} -- initname=${initname="$PKG_NAME"} -+ initname=${initname="$INIT_PROG"} - initconfdir=${initconfdir="/etc/conf.d"} -- initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #( -+ initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #( - smf*) : - if test $init_type = smf10; then - initdir=${initdir="/var/svc/manifest/network/nagios"} - else - initdir=${initdir="/lib/svc/manifest/network/nagios"} - fi -- initname=${initname="$PKG_NAME.xml"} -+ initname=${initname="$INIT_PROG.xml"} - initconfdir=unknown - initconf=unknown ;; #( - upstart) : - initdir=${initdir="/etc/init"} -- initname=${initname="$PKG_NAME.conf"} -+ initname=${initname="$INIT_PROG.conf"} - initconfdir=${initconfdir="/etc/default"} -- initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #( -+ initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #( - launchd) : - initdir=${initdir="/Library/LaunchDaemons"} -- initname=${initname="org.nagios.$PKG_NAME.plist"} ;; #( -+ initname=${initname="org.nagios.$INIT_PROG.plist"} ;; #( - # initconfdir=${initconfdir="/private/etc"} --# initconf=${initconf="$initconfdir/$PKG_NAME"}, -+# initconf=${initconf="$initconfdir/$INIT_PROG"}, - - - *) : -@@ -3750,28 +3764,28 @@ case $inetd_type in #( - inetdname=${inetdname="inetd.conf"} ;; #( - xinetd) : - inetddir=${inetddir="/etc/xinetd.d"} -- inetdname=${inetdname="$PKG_NAME"} ;; #( -+ inetdname=${inetdname="$INIT_PROG"} ;; #( - systemd) : - if test $dist_type = "debian"; then - inetddir=${inetddir="/lib/systemd/system"} - else - inetddir=${inetddir="/usr/lib/systemd/system"} - fi -- netdname=${inetdname="$PKG_NAME.socket"} ;; #( -+ netdname=${inetdname="$INIT_PROG.socket"} ;; #( - smf*) : - if test $init_type = smf10; then - inetddir=${inetddir="/var/svc/manifest/network/nagios"} - else - inetddir=${inetddir="/lib/svc/manifest/network/nagios"} - fi -- inetdname=${inetdname="$PKG_NAME.xml"} ;; #( -+ inetdname=${inetdname="$INIT_PROG.xml"} ;; #( - # [upstart], - # inetddir=${inetddir="/etc/init.d"} --# inetdname=${inetdname="$PKG_NAME"}, -+# inetdname=${inetdname="$INIT_PROG"}, - - launchd) : - inetddir=${inetddir="/Library/LaunchDaemons"} -- inetdname=${inetdname="org.nagios.$PKG_NAME.plist"} ;; #( -+ inetdname=${inetdname="org.nagios.$INIT_PROG.plist"} ;; #( - *) : - inetddir=${inetddir="unknown"} - inetdname=${inetdname="unknown"} ;; #( -@@ -3829,12 +3843,12 @@ case $init_type in #( - src_init=upstart-init - fi ;; #( - launchd) : -- src_init="mac-init.plist" -- -- * ;; #( -+ src_init="mac-init.plist" ;; #( - *) : - src_init="unknown" -- ;; -+ ;; #( -+ *) : -+ ;; - esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $src_init" >&5 - $as_echo "$src_init" >&6; } -@@ -3866,7 +3880,7 @@ $as_echo "$src_inetd" >&6; } - - - --if test "$dist_type" = solaris -a "$dist_ver" != smf11; then -+if test "$dist_type" = solaris -a "$dist_ver" = 10; then - $as_echo "#define SOLARIS_10 yes" >>confdefs.h - - fi -@@ -7266,7 +7280,7 @@ fi - - if test x$check_for_ssl = xyes; then - # need_dh should only be set for NRPE -- need_dh=yes -+ need_dh=no - - - # ------------------------------- -@@ -7285,6 +7299,7 @@ SSL_LIB_DIR= - - - -+ - - - -diff -up ./include/common.h.in.git_20170321 ./include/common.h.in ---- ./include/common.h.in.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./include/common.h.in 2017-03-21 15:59:04.854507118 -0400 -@@ -23,8 +23,14 @@ - - #include "config.h" - -+#define SSL_TYPE_@SSL_TYPE@ -+ - #ifdef HAVE_SSL - #include <@SSL_INC_PREFIX@@SSL_HDR@> -+# ifdef SSL_TYPE_openssl -+# include <@SSL_INC_PREFIX@err.h> -+# include <@SSL_INC_PREFIX@rand.h> -+# endif - #endif - - #define PROGRAM_VERSION "3.0.1" -diff -up ./include/config.h.in.git_20170321 ./include/config.h.in ---- ./include/config.h.in.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./include/config.h.in 2017-03-21 15:59:04.854507118 -0400 -@@ -28,30 +28,67 @@ - #include - - --#define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */ -+/* Default port for NRPE daemon */ -+#undef DEFAULT_SERVER_PORT - --#define NRPE_LOG_FACILITY @log_facility@ -+/* NRPE syslog facility */ -+#undef NRPE_LOG_FACILITY - -+/* Enable command-line arguments */ - #undef ENABLE_COMMAND_ARGUMENTS -+ -+/* Enable bash command substitution */ - #undef ENABLE_BASH_COMMAND_SUBSTITUTION -+ -+/* type to use in place of socklen_t if not defined */ - #undef socklen_t -+ -+/* Define to 1 if you have the `getopt_long' function. */ - #undef HAVE_GETOPT_LONG -+ -+/* Have the TCP wrappers library */ - #undef HAVE_LIBWRAP -+ -+/* Define to 1 if you have the ANSI C header files. */ - #undef STDC_HEADERS -+ -+/* Define to 1 if you have the `strdup' function. */ - #undef HAVE_STRDUP -+ -+/* Define to 1 if you have the `strstr' function. */ - #undef HAVE_STRSTR -+ -+/* Define to 1 if you have the `strtoul' function. */ - #undef HAVE_STRTOUL -+ -+/* Define to 1 if you have the `strtok_r' function. */ - #undef HAVE_STRTOK_R -+ -+/* Define to 1 if you have the `initgroups' function. */ - #undef HAVE_INITGROUPS -+ -+/* Define to 1 if you have the `closesocket' function. */ - #undef HAVE_CLOSESOCKET -+ -+/* Define to 1 if you have the `sigaction' function. */ - #undef HAVE_SIGACTION -+ -+/* Set to 1 if you have rfc931_timeout */ - #undef HAVE_RFC931_TIMEOUT - -+/* The size of `int', as computed by sizeof. */ - #undef SIZEOF_INT -+ -+/* The size of `short', as computed by sizeof. */ - #undef SIZEOF_SHORT -+ -+/* The size of `long', as computed by sizeof. */ - #undef SIZEOF_LONG - --/* #undef const */ -+/* Define to empty if `const' does not conform to ANSI C. */ -+#undef const -+ -+/* Set to 1 to use SSL DH */ - #undef USE_SSL_DH - - /* stupid stuff for u_int32_t */ -@@ -91,71 +128,98 @@ typedef int int32_t; - - /***** ASPRINTF() AND FRIENDS *****/ - -+/* Whether vsnprintf() is available */ - #undef HAVE_VSNPRINTF -+/* Whether snprintf() is available */ - #undef HAVE_SNPRINTF -+/* Whether aprintf() is available */ - #undef HAVE_ASPRINTF -+/* Whether vaprintf() is available */ - #undef HAVE_VASPRINTF -+/* Define if system has C99 compatible vsnprintf */ - #undef HAVE_C99_VSNPRINTF -+ -+/* Whether va_copy() is available */ - #undef HAVE_VA_COPY -+ -+/* Whether __va_copy() is available */ - #undef HAVE___VA_COPY - - --#define SOCKET_SIZE_TYPE "" --#define GETGROUPS_T "" --#define RETSIGTYPE "" -+/* Socket Size Type */ -+#undef SOCKET_SIZE_TYPE -+ -+/* Define to the type of elements in the array set by `getgroups'. Usually -+ this is either `int' or `gid_t'. */ -+#undef GETGROUPS_T -+ -+/* Define as the return type of signal handlers (`int' or `void'). */ -+#undef RETSIGTYPE -+ -+/* Define to 1 if the system has the type `struct sockaddr_storage'. */ - #undef HAVE_STRUCT_SOCKADDR_STORAGE - - /* Use seteuid() or setresuid() depending on the platform */ - #undef SETEUID - --/* Is this a Solaris 10 machine? */ -+/* Set to 1 if we are on Solaris 10 */ - #undef SOLARIS_10 - -+/* Define to 1 if you have the header file. */ - #undef HAVE_GETOPT_H - #ifdef HAVE_GETOPT_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_STRINGS_H --#undef HAVE_STRING_H - #ifdef HAVE_STRINGS_H - #include - #endif --#ifdef HAVE_STRINGS_H -+ -+/* Define to 1 if you have the header file. */ -+#undef HAVE_STRING_H -+#ifdef HAVE_STRING_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_UNISTD_H - #ifdef HAVE_UNISTD_H - #include - #endif - -- -+/* Define to 1 if you have the header file. */ - #undef HAVE_SIGNAL_H - #ifdef HAVE_SIGNAL_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_SYSLOG_H - #ifdef HAVE_SYSLOG_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_SYS_STAT_H - #ifdef HAVE_SYS_STAT_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_FCNTL_H - #ifdef HAVE_FCNTL_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_SYS_TYPES_H - #ifdef HAVE_SYS_TYPES_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_SYS_WAIT_H - #ifdef HAVE_SYS_WAIT_H - #include -@@ -168,14 +232,18 @@ typedef int int32_t; - # define WIFEXITED(stat_val) (((stat_val) & 255) == 0) - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_ERRNO_H - #ifdef HAVE_ERRNO_H - #include - #endif - --/* needed for the time_t structures we use later... */ -+/* Define to 1 if you can safely include both and . */ - #undef TIME_WITH_SYS_TIME -+ -+/* Define to 1 if you have the header file. */ - #undef HAVE_SYS_TIME_H -+ - #if TIME_WITH_SYS_TIME - # include - # include -@@ -188,68 +256,81 @@ typedef int int32_t; - #endif - - -+/* Define to 1 if you have the header file. */ - #undef HAVE_SYS_SOCKET_H - #ifdef HAVE_SYS_SOCKET_H - #include - #endif - --/* Define to 'int' if does not define */ --#undef socklen_t -- -+/* Define to 1 if you have the header file. */ - #undef HAVE_SOCKET_H - #ifdef HAVE_SOCKET_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_TCPD_H - #ifdef HAVE_TCPD_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_NETINET_IN_H - #ifdef HAVE_NETINET_IN_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_ARPA_INET_H - #ifdef HAVE_ARPA_INET_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_NETDB_H - #ifdef HAVE_NETDB_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_CTYPE_H - #ifdef HAVE_CTYPE_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_PWD_H - #ifdef HAVE_PWD_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_GRP_H - #ifdef HAVE_GRP_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_DIRENT_H - #ifdef HAVE_DIRENT_H - #include - #endif - -+/* Have SSL support */ - #undef HAVE_SSL - -+/* Have the krb5.h header file */ - #undef HAVE_KRB5_H - #ifdef HAVE_KRB5_H - #include - #endif - -+/* Define to 1 if you have the header file. */ - #undef HAVE_INTTYPES_H -+ -+/* Define to 1 if you have the header file. */ - #undef HAVE_STDINT_H -+ - #ifdef HAVE_INTTYPES_H - #include - #else -@@ -258,4 +339,10 @@ typedef int int32_t; - #endif - #endif - -+/* Define to 1 if you have the header file. */ -+#undef HAVE_PATHS_H -+ -+/* Define to 1 if you have the header file. */ -+#undef HAVE_SYS_RESOURCE_H -+ - #endif -diff -up ./include/utils.h.git_20170321 ./include/utils.h ---- ./include/utils.h.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./include/utils.h 2017-03-21 15:59:04.854507118 -0400 -@@ -49,7 +49,6 @@ char* strip(char*); - int sendall(int, char*, int*); - int recvall(int, char*, int*, int); - char *my_strsep(char**, const char*); --int b64_decode(unsigned char *encoded); - void display_license(void); - - #endif -diff -up ./macros/ax_nagios_get_distrib.git_20170321 ./macros/ax_nagios_get_distrib ---- ./macros/ax_nagios_get_distrib.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./macros/ax_nagios_get_distrib 2017-03-21 15:59:04.855507102 -0400 -@@ -96,10 +96,12 @@ AC_SUBST(dist_ver) - [bsd], - dist_type=`uname -s | tr ["[A-Z]" "[a-z]"]` - dist_ver=`uname -r`, -- [aix|hp-ux], -- dist_ver=$OSTYPE, -+ [aix], -+ dist_ver="`uname -v`.`uname -r`", -+ [hp-ux], -+ dist_ver=`uname -r | cut -d'.' -f1-3`, - [solaris], -- dist_ver=`echo $OSTYPE | cut -d'.' -f2`, -+ dist_ver=`uname -r | cut -d'.' -f2`, - [*], - dist_ver=$OSTYPE - ) -diff -up ./macros/ax_nagios_get_files.git_20170321 ./macros/ax_nagios_get_files ---- ./macros/ax_nagios_get_files.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./macros/ax_nagios_get_files 2017-03-21 15:59:04.855507102 -0400 -@@ -97,7 +97,7 @@ AS_CASE([$init_type], - fi, - - [launchd], -- src_init="mac-init.plist" -+ src_init="mac-init.plist", - - [*], - src_init="unknown" -diff -up ./macros/ax_nagios_get_init.git_20170321 ./macros/ax_nagios_get_init ---- ./macros/ax_nagios_get_init.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./macros/ax_nagios_get_init 2017-03-21 15:59:04.855507102 -0400 -@@ -119,14 +119,19 @@ AC_SUBST(init_type) - elif test "$dist_type" = "slackware"; then - init_type="bsd" - init_type_wanted=no -+ elif test "$dist_type" = "aix"; then -+ init_type="bsd" -+ init_type_wanted=no -+ elif test "$dist_type" = "hp-ux"; then -+ init_type="unknown" -+ init_type_wanted=no - fi - fi - - PSCMD="ps -p1 -o args" -- AS_CASE([$dist_type], -- [aix], PSCMD="env UNIX95=1; ps -p1 -o args", -- [solaris], PSCMD="env UNIX95=1; ps -p1 -o args", -- [hp-ux], PSCMD="env UNIX95=1; ps -p1 -o args") -+ if test $dist_type = solaris; then -+ PSCMD="env UNIX95=1; ps -p1 -o args" -+ fi - - if test "$init_type_wanted" = yes; then - pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1` -@@ -173,7 +178,7 @@ AC_SUBST(init_type) - - if test "$init_type_wanted" = yes; then - if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then -- if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then -+ if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then - init_type="upstart" - init_type_wanted=no - elif test -f "/etc/rc" -a ! -L "/etc/rc"; then -diff -up ./macros/ax_nagios_get_paths.git_20170321 ./macros/ax_nagios_get_paths ---- ./macros/ax_nagios_get_paths.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./macros/ax_nagios_get_paths 2017-03-21 15:59:04.856507086 -0400 -@@ -119,16 +119,21 @@ AS_CASE([$dist_type], - [*solaris*|*hp-ux*|*aix*|*osx*], opsys=unix) - - --need_cgi=no --need_web=no --need_brk=no --need_plg=no --need_pipe=no --need_spl=no --need_loc=no --need_log_subdir=no --need_etc_subdir=no --need_pls_dir=no -+ # Does this package need to know: -+need_cgi=no # where the cgi-bin directory is -+need_web=no # where the website directory is -+need_brk=no # where the event broker modules directory is -+need_plg=no # where the plugins directory is -+need_pipe=no # where the pipe directory is -+need_spl=no # where the spool directory is -+need_loc=no # where the locale directory is -+need_log_subdir=no # where the loc sub-directory is -+need_etc_subdir=no # where the etc sub-directory is -+need_pls_dir=no # where the package locate state directory is -+ -+if test x"$INIT_PROG" = x; then -+ INIT_PROG="$PKG_NAME" -+fi - - AS_CASE([$PKG_NAME], - [nagios], -@@ -143,6 +148,7 @@ AS_CASE([$PKG_NAME], - need_web=yes, - - [ndoutils], -+ need_brk=yes - need_spl=yes, - - [nrpe], -@@ -284,14 +290,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles - if test ! -d "$tmpfilesd"; then - tmpfilesd="N/A" - else -- tmpfilesd="$tmpfilesd/$PKG_NAME.conf" -+ tmpfilesd="$tmpfilesd/$INIT_PROG.conf" - fi - subsyslockdir=${subsyslockdir="/var/lock/subsys"} - if test ! -d "$subsyslockdir"; then - subsyslockdir="N/A" - subsyslockfile="N/A" - else -- subsyslockfile="$subsyslockdir/$PKG_NAME" -+ subsyslockfile="$subsyslockdir/$INIT_PROG" - fi - if test "$need_loc" = no; then - localedir="N/A" -@@ -372,23 +378,23 @@ elif test $opsys = "linux"; then - fi - privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"} - if test $need_log_subdir = yes; then -- logdir=${logdir="$localstatedir/log/$PKG_NAME"} -+ logdir=${logdir="$localstatedir/log/$INIT_PROG"} - else - logdir=${logdir="$localstatedir/log"} - fi -- piddir=${piddir="$localstatedir/run/${PKG_NAME}"} -+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"} - if test "$need_pipe" = yes; then -- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"} -+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"} - else - pipedir="N/A" - fi - if test "$need_pls_dir" = yes; then -- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"} -+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"} - else - pkglocalstatedir="N/A" - fi - if test "$need_spl" = yes; then -- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"} -+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"} - else - spooldir="N/A" - fi -@@ -437,7 +443,7 @@ elif test $opsys = "unix"; then - fi - privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"} - if test "$need_pls_dir" = yes; then -- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"} -+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"} - else - pkglocalstatedir="N/A" - fi -@@ -445,7 +451,7 @@ elif test $opsys = "unix"; then - localedir=${localedir="/usr/local/share/locale//LC_MESSAGES/nagios-plugins.mo"} - fi - if test "$need_spl" = yes; then -- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"} -+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"} - else - spooldir="N/A" - fi -@@ -471,14 +477,14 @@ elif test $opsys = "unix"; then - logdir=${logdir="$pkglocalstatedir/log"}, - - [*], -- piddir=${piddir="$localstatedir/run/${PKG_NAME}"} -+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"} - if test "$need_pipe" = yes; then -- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"} -+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"} - else - pipedir="N/A" - fi - if test $need_log_subdir = yes; then -- logdir=${logdir="$localstatedir/log/$PKG_NAME"} -+ logdir=${logdir="$localstatedir/log/$INIT_PROG"} - else - logdir=${logdir="$localstatedir/log"} - fi -@@ -528,7 +534,7 @@ elif test $opsys = "bsd"; then - fi - privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"} - if test "$need_pls_dir" = yes; then -- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"} -+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"} - else - pkglocalstatedir="N/A" - fi -@@ -536,7 +542,7 @@ elif test $opsys = "bsd"; then - localedir=${localedir="/usr/local/share/locale//LC_MESSAGES/nagios-plugins.mo"} - fi - if test "$need_spl" = yes; then -- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"} -+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"} - else - spooldir="N/A" - fi -@@ -561,14 +567,14 @@ elif test $opsys = "bsd"; then - else - cgibindir="N/A" - fi -- piddir=${piddir="$localstatedir/run/${PKG_NAME}"} -+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"} - if test "$need_pipe" = yes; then -- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"} -+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"} - else - pipedir="N/A" - fi - if test $need_log_subdir = yes; then -- logdir=${logdir="$localstatedir/log/$PKG_NAME"} -+ logdir=${logdir="$localstatedir/log/$INIT_PROG"} - else - logdir=${logdir="$localstatedir/log"} - fi -@@ -604,6 +610,7 @@ eval libexecdir=$libexecdir - eval brokersdir=$brokersdir - eval pluginsdir=$pluginsdir - eval cgibindir=$cgibindir -+eval localstatedir=$localstatedir - eval pkglocalstatedir=$pkglocalstatedir - eval webdir=$webdir - eval localedir=$localedir -@@ -622,9 +629,9 @@ AS_CASE([$init_type], - else - initdir=${initdir="/etc/init.d"} - fi -- initname=${initname="$PKG_NAME"} -+ initname=${initname="$INIT_PROG"} - initconfdir=${initconfdir="/etc/conf.d"} -- initconf=${initconf="$initconfdir/$PKG_NAME"}, -+ initconf=${initconf="$initconfdir/$INIT_PROG"}, - - [systemd], - if test $dist_type = "debian"; then -@@ -632,27 +639,32 @@ AS_CASE([$init_type], - else - initdir=${initdir="/usr/lib/systemd/system"} - fi -- initname=${initname="$PKG_NAME.service"}, -+ initname=${initname="$INIT_PROG.service"}, - - [bsd], -- initdir=${initdir="/etc/rc.d"} -- initname=${initname="rc.$PKG_NAME"}, -+ if test $dist_type = "aix"; then -+ initdir=${initdir="/sbin/rc.d/init.d"} -+ initname=${initname="$INIT_PROG"} -+ else -+ initdir=${initdir="/etc/rc.d"} -+ initname=${initname="rc.$INIT_PROG"} -+ fi, - - [newbsd], - initdir=${initdir="/etc/rc.d"} -- initname=${initname="$PKG_NAME"}, -+ initname=${initname="$INIT_PROG"}, - - [gentoo], - initdir=${initdir="/etc/init.d"} -- initname=${initname="$PKG_NAME"} -+ initname=${initname="$INIT_PROG"} - initconfdir=${initconfdir="/etc/init.d"} -- initconf=${initconf="$initconfdir/$PKG_NAME"}, -+ initconf=${initconf="$initconfdir/$INIT_PROG"}, - - [openrc], - initdir=${initdir="/etc/init.d"} -- initname=${initname="$PKG_NAME"} -+ initname=${initname="$INIT_PROG"} - initconfdir=${initconfdir="/etc/conf.d"} -- initconf=${initconf="$initconfdir/$PKG_NAME"}, -+ initconf=${initconf="$initconfdir/$INIT_PROG"}, - - [smf*], - if test $init_type = smf10; then -@@ -660,21 +672,21 @@ AS_CASE([$init_type], - else - initdir=${initdir="/lib/svc/manifest/network/nagios"} - fi -- initname=${initname="$PKG_NAME.xml"} -+ initname=${initname="$INIT_PROG.xml"} - initconfdir=unknown - initconf=unknown, - - [upstart], - initdir=${initdir="/etc/init"} -- initname=${initname="$PKG_NAME.conf"} -+ initname=${initname="$INIT_PROG.conf"} - initconfdir=${initconfdir="/etc/default"} -- initconf=${initconf="$initconfdir/$PKG_NAME"}, -+ initconf=${initconf="$initconfdir/$INIT_PROG"}, - - [launchd], - initdir=${initdir="/Library/LaunchDaemons"} -- initname=${initname="org.nagios.$PKG_NAME.plist"}, -+ initname=${initname="org.nagios.$INIT_PROG.plist"}, - # initconfdir=${initconfdir="/private/etc"} --# initconf=${initconf="$initconfdir/$PKG_NAME"}, -+# initconf=${initconf="$initconfdir/$INIT_PROG"}, - - - [*], -@@ -691,7 +703,7 @@ AS_CASE([$inetd_type], - - [xinetd], - inetddir=${inetddir="/etc/xinetd.d"} -- inetdname=${inetdname="$PKG_NAME"}, -+ inetdname=${inetdname="$INIT_PROG"}, - - [systemd], - if test $dist_type = "debian"; then -@@ -699,7 +711,7 @@ AS_CASE([$inetd_type], - else - inetddir=${inetddir="/usr/lib/systemd/system"} - fi -- netdname=${inetdname="$PKG_NAME.socket"}, -+ netdname=${inetdname="$INIT_PROG.socket"}, - - [smf*], - if test $init_type = smf10; then -@@ -707,15 +719,15 @@ AS_CASE([$inetd_type], - else - inetddir=${inetddir="/lib/svc/manifest/network/nagios"} - fi -- inetdname=${inetdname="$PKG_NAME.xml"}, -+ inetdname=${inetdname="$INIT_PROG.xml"}, - - # [upstart], - # inetddir=${inetddir="/etc/init.d"} --# inetdname=${inetdname="$PKG_NAME"}, -+# inetdname=${inetdname="$INIT_PROG"}, - - [launchd], - inetddir=${inetddir="/Library/LaunchDaemons"} -- inetdname=${inetdname="org.nagios.$PKG_NAME.plist"}, -+ inetdname=${inetdname="org.nagios.$INIT_PROG.plist"}, - - [*], - inetddir=${inetddir="unknown"} -diff -up ./macros/ax_nagios_get_ssl.git_20170321 ./macros/ax_nagios_get_ssl ---- ./macros/ax_nagios_get_ssl.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./macros/ax_nagios_get_ssl 2017-03-21 15:59:04.856507086 -0400 -@@ -59,6 +59,7 @@ SSL_HDR= - SSL_LIB_DIR= - - AC_SUBST(HAVE_SSL) -+AC_SUBST(SSL_TYPE) - AC_SUBST(SSL_INC_DIR) - AC_SUBST(SSL_HDR) - AC_SUBST(SSL_INC_PREFIX) -diff -up ./sample-config/nrpe.cfg.in.git_20170321 ./sample-config/nrpe.cfg.in ---- ./sample-config/nrpe.cfg.in.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./sample-config/nrpe.cfg.in 2017-03-21 15:59:04.856507086 -0400 -@@ -285,7 +285,7 @@ connection_timeout=300 - # The following examples use hardcoded command arguments... - - command[check_users]=@pluginsdir@/check_users -w 5 -c 10 --command[check_load]=@pluginsdir@/check_load -w 15,10,5 -c 30,25,20 -+command[check_load]=@pluginsdir@/check_load -r -w .15,.10,.05 -c .30,.25,.20 - command[check_hda1]=@pluginsdir@/check_disk -w 20% -c 10% -p /dev/hda1 - command[check_zombie_procs]=@pluginsdir@/check_procs -w 5 -c 10 -s Z - command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200 -diff -up ./src/acl.c.git_20170321 ./src/acl.c ---- ./src/acl.c.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./src/acl.c 2017-03-21 15:59:04.856507086 -0400 -@@ -29,6 +29,7 @@ - */ - - #include "../include/config.h" -+#include "../include/common.h" - - #include - #include -@@ -46,6 +47,8 @@ - - #include "../include/acl.h" - -+extern int debug; -+ - /* This function checks if a char argumnet from valid char range. - * Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma. - * -@@ -76,16 +79,12 @@ int isvalidchar(int c) { - switch (c) { - case '.': - return 4; -- break; - case '/': - return 5; -- break; - case '-': - return 6; -- break; - case ',': - return 7; -- break; - default: - return 0; - } -@@ -142,18 +141,27 @@ int add_ipv4_to_acl(char *ipv4) { - unsigned long ip, mask; - struct ip_acl *ip_acl_curr; - -+ if(debug == TRUE) -+ syslog(LOG_INFO, "add_ipv4_to_acl: checking ip-address >%s<", ipv4); -+ - /* Check for min and max IPv4 valid length */ -- if (len < 7 || len > 18) -- return 0; -+ if (len < 7 || len > 18) { -+ syslog(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect length", ipv4); -+ return 0; -+ } - - /* default mask for ipv4 */ - data[4] = 32; - - /* Basic IPv4 format check */ - for (i = 0; i < len; i++) { -- /* Return 0 on error state */ -- if (state == -1) -- return 0; -+ /* Return 0 on error state */ -+ if (state == -1) { -+ if(debug == TRUE) -+ syslog(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect " -+ "format, continue with next check ...", ipv4); -+ return 0; -+ } - - c = ipv4[i]; - -@@ -201,6 +209,7 @@ int add_ipv4_to_acl(char *ipv4) { - break; - default: - /* Bad states */ -+ syslog(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< bad state", ipv4); - return 0; - } - -@@ -247,6 +256,10 @@ int add_ipv4_to_acl(char *ipv4) { - ip_acl_prev->next = ip_acl_curr; - } - ip_acl_prev = ip_acl_curr; -+ -+ if(debug == TRUE) -+ syslog(LOG_INFO, "add_ipv4_to_acl: ip-address >%s< correct, adding.", ipv4); -+ - return 1; - } - -@@ -387,8 +400,12 @@ int add_domain_to_acl(char *domain) { - - struct dns_acl *dns_acl_curr; - -- if (len > 63) -+ if (len > 63) { -+ syslog(LOG_INFO, -+ "ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, too long!", -+ domain); - return 0; -+ } - - for (i = 0; i < len; i++) { - c = domain[i]; -@@ -426,7 +443,10 @@ int add_domain_to_acl(char *domain) { - } - break; - default: -- /* Not valid chars */ -+ syslog(LOG_INFO, -+ "ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, " -+ "invalid chars!", domain); -+ /* Not valid chars */ - return 0; - } - } -@@ -448,8 +468,13 @@ int add_domain_to_acl(char *domain) { - dns_acl_prev->next = dns_acl_curr; - - dns_acl_prev = dns_acl_curr; -+ if(debug == TRUE) -+ syslog(LOG_INFO, "ADD_DOMAIN_TO_ACL: added >%s< to acl list!", domain); - return 1; - default: -+ syslog(LOG_INFO, -+ "ADD_DOMAIN_TO_ACL: ERROR, did not add >%s< to acl list, " -+ "check allowed_host in config file!", domain); - return 0; - } - } -@@ -470,14 +495,23 @@ int is_an_allowed_host(int family, void - struct sockaddr_in *addr; - struct sockaddr_in6 addr6; - struct addrinfo *res, *ai; -+ struct in_addr tmp; - - while (ip_acl_curr != NULL) { - if(ip_acl_curr->family == family) { - switch(ip_acl_curr->family) { - case AF_INET: -+ if (debug == TRUE) { -+ tmp.s_addr = ((struct in_addr*)host)->s_addr; -+ syslog(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< " -+ "an allowed host >%s<\n", -+ inet_ntoa(tmp), inet_ntoa(ip_acl_curr->addr)); -+ } - if((((struct in_addr *)host)->s_addr & - ip_acl_curr->mask.s_addr) == - ip_acl_curr->addr.s_addr) { -+ if (debug == TRUE) -+ syslog(LOG_INFO, "is_an_allowed_host (AF_INET): host is in allowed host list!"); - return 1; - } - break; -@@ -509,9 +543,20 @@ int is_an_allowed_host(int family, void - switch(ai->ai_family) { - - case AF_INET: -+ if(debug == TRUE) { -+ tmp.s_addr=((struct in_addr *)host)->s_addr; -+ syslog(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< " -+ "an allowed host >%s<\n", -+ inet_ntoa(tmp), dns_acl_curr->domain); -+ } -+ - addr = (struct sockaddr_in*)(ai->ai_addr); -- if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr) -+ if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr) { -+ if (debug == TRUE) -+ syslog(LOG_INFO, "is_an_allowed_host (AF_INET): " -+ "host is in allowed host list!"); - return 1; -+ } - break; - - case AF_INET6: -@@ -559,19 +604,30 @@ void parse_allowed_hosts(char *allowed_h - const char *delim = ","; - char *trimmed_tok; - -+ if (debug == TRUE) -+ syslog(LOG_INFO, -+ "parse_allowed_hosts: parsing the allowed host string >%s< to add to ACL list\n", -+ allowed_hosts); -+ - #ifdef HAVE_STRTOK_R - tok = strtok_r(hosts, delim, &saveptr); - #else -+ if (debug == TRUE) -+ syslog(LOG_INFO,"parse_allowed_hosts: using strtok, this might lead to " -+ "problems in the allowed_hosts string determination!\n"); - tok = strtok(hosts, delim); - #endif - while( tok) { - trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1)); - trim( tok, trimmed_tok); -+ if(debug == TRUE) -+ syslog(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok); - if( strlen( trimmed_tok) > 0) { - if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok) - && !add_domain_to_acl(trimmed_tok)) { - syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok); -- } -+ } else if (debug == TRUE) -+ syslog(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n"); - } - free( trimmed_tok); - #ifdef HAVE_STRTOK_R -@@ -606,17 +662,21 @@ unsigned int prefix_from_mask(struct in_ - * It shows all hosts in ACL lists - */ - --void show_acl_lists(void) { -- struct ip_acl *ip_acl_curr = ip_acl_head; -- struct dns_acl *dns_acl_curr = dns_acl_head; -- -- while (ip_acl_curr != NULL) { -- printf(" IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr); -- ip_acl_curr = ip_acl_curr->next; -- } -+void show_acl_lists(void) -+{ -+ struct ip_acl *ip_acl_curr = ip_acl_head; -+ struct dns_acl *dns_acl_curr = dns_acl_head; - -- while (dns_acl_curr != NULL) { -- printf("DNS ACL: %s\n", dns_acl_curr->domain); -- dns_acl_curr = dns_acl_curr->next; -- } -+ syslog(LOG_INFO, "Showing ACL lists for both IP and DOMAIN acl's:\n" ); -+ -+ while (ip_acl_curr != NULL) { -+ syslog(LOG_INFO, " IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), -+ prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr); -+ ip_acl_curr = ip_acl_curr->next; -+ } -+ -+ while (dns_acl_curr != NULL) { -+ syslog(LOG_INFO, " DNS ACL: %s\n", dns_acl_curr->domain); -+ dns_acl_curr = dns_acl_curr->next; -+ } - } -diff -up ./src/check_nrpe.c.git_20170321 ./src/check_nrpe.c ---- ./src/check_nrpe.c.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./src/check_nrpe.c 2017-03-21 15:59:04.857507070 -0400 -@@ -46,6 +46,7 @@ int show_help = FALSE; - int show_license = FALSE; - int show_version = FALSE; - int packet_ver = NRPE_PACKET_VERSION_3; -+int force_v2_packet = 0; - int payload_size = 0; - - #ifdef HAVE_SSL -@@ -57,7 +58,7 @@ const SSL_METHOD *meth; - SSL_CTX *ctx; - SSL *ssl; - int use_ssl = TRUE; --int ssl_opts = SSL_OP_ALL; -+unsigned long ssl_opts = SSL_OP_ALL; - #else - int use_ssl = FALSE; - #endif -@@ -149,7 +150,7 @@ int main(int argc, char **argv) - - if (result == -1) { - /* Failure reading from remote, so try version 2 packet */ -- syslog(LOG_NOTICE, "Remote %s does not support Version 3 Packets", rem_host); -+ syslog(LOG_INFO, "Remote %s does not support Version 3 Packets", rem_host); - packet_ver = NRPE_PACKET_VERSION_2; - - /* Rerun the setup */ -@@ -168,8 +169,8 @@ int main(int argc, char **argv) - result = read_response(); /* Get the response */ - } - -- if (result != -1) -- syslog(LOG_NOTICE, "Remote %s accepted a Version %d Packet", rem_host, packet_ver); -+ if (result != -1 && force_v2_packet == 0 && packet_ver == NRPE_PACKET_VERSION_2) -+ syslog(LOG_DEBUG, "Remote %s accepted a Version %d Packet", rem_host, packet_ver); - - return result; - } -@@ -220,12 +221,14 @@ int process_arguments(int argc, char **a - snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:246hlnuV"); - - while (1) { -+ if (argindex > 0) -+ break; - #ifdef HAVE_GETOPT_LONG - c = getopt_long(argc, argv, optchars, long_options, &option_index); - #else - c = getopt(argc, argv, optchars); - #endif -- if (c == -1 || c == EOF || argindex > 0) -+ if (c == -1 || c == EOF) - break; - - /* process all arguments */ -@@ -302,7 +305,6 @@ int process_arguments(int argc, char **a - if (from_config_file) { - printf("Error: The config file should not have a command (-c) option.\n"); - return ERROR; -- break; - } - command_name = strdup(optarg); - break; -@@ -311,7 +313,6 @@ int process_arguments(int argc, char **a - if (from_config_file) { - printf("Error: The config file should not have args (-a) arguments.\n"); - return ERROR; -- break; - } - argindex = optind; - break; -@@ -336,6 +337,7 @@ int process_arguments(int argc, char **a - break; - } - packet_ver = NRPE_PACKET_VERSION_2; -+ force_v2_packet = 1; - break; - - case '4': -@@ -448,17 +450,18 @@ int process_arguments(int argc, char **a - - default: - return ERROR; -- break; - } - } - - /* determine (base) command query */ -- snprintf(query, sizeof(query), "%s", -- (command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name); -- query[sizeof(query) - 1] = '\x0'; -+ if (!from_config_file) { -+ snprintf(query, sizeof(query), "%s", -+ (command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name); -+ query[sizeof(query) - 1] = '\x0'; -+ } - - /* get the command args */ -- if (argindex > 0) { -+ if (!from_config_file && argindex > 0) { - - for (c = argindex - 1; c < argc; c++) { - -@@ -471,7 +474,6 @@ int process_arguments(int argc, char **a - query[sizeof(query) - 1] = '\x0'; - } - } -- - if (!from_config_file && config_file != NULL) { - if ((rc = read_config_file(config_file)) != OK) - return rc; -@@ -803,10 +805,23 @@ void setup_ssl() - exit(STATE_CRITICAL); - } - -- if (sslprm.ssl_min_ver >= SSLv3) { -- ssl_opts |= SSL_OP_NO_SSLv2; -- if (sslprm.ssl_min_ver >= TLSv1) -+ switch(sslprm.ssl_min_ver) { -+ case SSLv2: -+ case SSLv2_plus: -+ break; -+ case TLSv1_2: -+ case TLSv1_2_plus: -+ ssl_opts |= SSL_OP_NO_TLSv1_1; -+ case TLSv1_1: -+ case TLSv1_1_plus: -+ ssl_opts |= SSL_OP_NO_TLSv1; -+ case TLSv1: -+ case TLSv1_plus: - ssl_opts |= SSL_OP_NO_SSLv3; -+ case SSLv3: -+ case SSLv3_plus: -+ ssl_opts |= SSL_OP_NO_SSLv2; -+ break; - } - SSL_CTX_set_options(ctx, ssl_opts); - -diff -up ./src/nrpe.c.git_20170321 ./src/nrpe.c ---- ./src/nrpe.c.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./src/nrpe.c 2017-03-21 15:59:04.857507070 -0400 -@@ -235,10 +235,10 @@ int init(void) - void init_ssl(void) - { - #ifdef HAVE_SSL -- DH *dh; -- char seedfile[FILENAME_MAX]; -- int i, c, x; -- int ssl_opts = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE, vrfy; -+ DH *dh; -+ char seedfile[FILENAME_MAX]; -+ int i, c, x, vrfy; -+ unsigned long ssl_opts = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE; - - if (use_ssl == FALSE) { - if (debug == TRUE) -@@ -304,19 +304,35 @@ void init_ssl(void) - exit(STATE_CRITICAL); - } - -- if (sslprm.ssl_min_ver >= SSLv3) { -- ssl_opts |= SSL_OP_NO_SSLv2; -- if (sslprm.ssl_min_ver >= TLSv1) -+ switch(sslprm.ssl_min_ver) { -+ case SSLv2: -+ case SSLv2_plus: -+ break; -+ case TLSv1_2: -+ case TLSv1_2_plus: -+ ssl_opts |= SSL_OP_NO_TLSv1_1; -+ case TLSv1_1: -+ case TLSv1_1_plus: -+ ssl_opts |= SSL_OP_NO_TLSv1; -+ case TLSv1: -+ case TLSv1_plus: - ssl_opts |= SSL_OP_NO_SSLv3; -+ case SSLv3: -+ case SSLv3_plus: -+ ssl_opts |= SSL_OP_NO_SSLv2; -+ break; - } - SSL_CTX_set_options(ctx, ssl_opts); - - if (sslprm.cert_file != NULL) { -+ char errstr[120] = { "" }; - if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) { - SSL_CTX_free(ctx); -- while ((x = ERR_get_error()) != 0) -+ while ((x = ERR_get_error()) != 0) { -+ ERR_error_string(x, errstr); - syslog(LOG_ERR, "Error: could not use certificate file %s : %s", -- sslprm.cert_file, ERR_error_string(x, NULL)); -+ sslprm.cert_file, errstr); -+ } - exit(STATE_CRITICAL); - } - if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) { -@@ -724,6 +740,8 @@ int read_config_file(char *filename) - } else if (!strcmp(varname, "allowed_hosts")) { - allowed_hosts = strdup(varvalue); - parse_allowed_hosts(allowed_hosts); -+ if (debug == TRUE) -+ show_acl_lists(); - - } else if (strstr(input_line, "command[")) { - temp_buffer = strtok(varname, "["); -@@ -1220,12 +1238,21 @@ void wait_for_connections(void) - void setup_wait_conn(void) - { - struct addrinfo *ai; -+ char addrstr[100]; -+ void *ptr; - - add_listen_addr(&listen_addrs, address_family, - (strcmp(server_address, "") == 0) ? NULL : server_address, server_port); - -- for (ai = listen_addrs; ai; ai = ai->ai_next) -+ for (ai = listen_addrs; ai; ai = ai->ai_next) { -+ if (debug == TRUE) { -+ inet_ntop (ai->ai_family, ai->ai_addr->sa_data, addrstr, 100); -+ ptr = &((struct sockaddr_in *) ai->ai_addr)->sin_addr; -+ inet_ntop (ai->ai_family, ptr, addrstr, 100); -+ syslog(LOG_INFO, "SETUP_WAIT_CONN FOR: IPv4 address: %s (%s)\n", addrstr, ai->ai_canonname); -+ } - create_listener(ai); -+ } - - if (!num_listen_socks) { - syslog(LOG_ERR, "Cannot bind to any address."); -@@ -1372,6 +1399,9 @@ void conn_check_peer(int sock) - break; - } - -+ if (debug == TRUE) -+ syslog(LOG_INFO, "CONN_CHECK_PEER: is this a blessed machine: %s port %d\n", -+ remote_host, nptr->sin_port); - - /* is this is a blessed machine? */ - if (allowed_hosts) { -@@ -2111,7 +2141,7 @@ int my_system(char *command, int timeout - break; - } - if (tot_bytes < output_size) /* If buffer is full, discard the rest */ -- strncat(*output, buffer, output_size - tot_bytes); -+ strncat(*output, buffer, output_size - tot_bytes - 1); - tot_bytes += bytes_read; - } - -@@ -2153,8 +2183,8 @@ void my_connection_sighandler(int sig) - /* drops privileges */ - int drop_privileges(char *user, char *group, int full_drop) - { -- uid_t uid = -1; -- gid_t gid = -1; -+ uid_t uid = (uid_t)-1; -+ gid_t gid = (gid_t)-1; - struct group *grp; - struct passwd *pw; - -@@ -2382,7 +2412,6 @@ void sighandler(int sig) - void child_sighandler(int sig) - { - exit(0); /* terminate */ -- return; /* so the compiler doesn't complain... */ - } - - /* tests whether or not a client request is valid */ -@@ -2680,7 +2709,6 @@ int process_arguments(int argc, char **a - - default: - return ERROR; -- break; - } - } - -diff -up ./src/utils.c.git_20170321 ./src/utils.c ---- ./src/utils.c.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./src/utils.c 2017-03-21 15:59:04.858507054 -0400 -@@ -31,6 +31,9 @@ - - #include "../include/common.h" - #include "../include/utils.h" -+#ifdef HAVE_PATHS_H -+#include -+#endif - - #ifndef HAVE_ASPRINTF - extern int asprintf(char **ptr, const char *format, ...); -@@ -242,7 +245,7 @@ void add_listen_addr(struct addrinfo **l - - int clean_environ(const char *keep_env_vars, const char *nrpe_user) - { --#ifdef HAVE_PATHS_H -+#if defined(HAVE_PATHS_H) && defined(_PATH_STDPATH) - static char *path = _PATH_STDPATH; - #else - static char *path = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"; -@@ -450,55 +453,6 @@ char *my_strsep(char **stringp, const ch - return begin; - } - --int b64_decode(unsigned char *encoded) --{ -- static const char *b64 = { -- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" -- }; -- int i, j, l, padding = 0; -- unsigned char c[4], *outp = encoded; -- -- union { -- unsigned c3; -- struct { -- unsigned f1:6; -- unsigned f2:6; -- unsigned f3:6; -- unsigned f4:6; -- } fields; -- } enc; -- -- enc.c3 = 0; -- l = strlen((char *)encoded); -- for (i = 0; i < l; i += 4) { -- for (j = 0; j < 4; ++j) { -- if (encoded[i + j] == '=') { -- c[j] = 0; -- ++padding; -- } else if (encoded[i + j] >= 'A' && encoded[i + j] <= 'Z') -- c[j] = encoded[i + j] - 'A'; -- else if (encoded[i + j] >= 'a' && encoded[i + j] <= 'z') -- c[j] = encoded[i + j] - 'a' + 26; -- else if (encoded[i + j] >= '0' && encoded[i + j] <= '9') -- c[j] = encoded[i + j] - '0' + 52; -- else if (encoded[i + j] == '+') -- c[j] = encoded[i + j] - '+' + 62; -- else -- c[j] = encoded[i + j] - '/' + 63; -- } -- enc.fields.f1 = c[3]; -- enc.fields.f2 = c[2]; -- enc.fields.f3 = c[1]; -- enc.fields.f4 = c[0]; -- *outp++ = (enc.c3 >> 16) & 0xff; -- *outp++ = (enc.c3 >> 8) & 0xff; -- *outp++ = (enc.c3) & 0xff; -- } -- *outp = '\0'; -- -- return outp - encoded - padding; --} -- - /* show license */ - void display_license(void) - { -diff -up ./update-version.git_20170321 ./update-version ---- ./update-version.git_20170321 2016-09-08 12:18:58.000000000 -0400 -+++ ./update-version 2017-03-21 15:59:04.858507054 -0400 -@@ -20,18 +20,18 @@ fi - - # Get date (two formats) - if [ -n "$2" ]; then -- LONGDATE=`date -d "$2" "+%B %d, %Y"` -- SHORTDATE=`date -d "$2" "+%m-%d-%Y"` -+ LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y") -+ SHORTDATE=$(date -u -d "$2" "+%Y-%m-%d") - else -- LONGDATE=`date "+%B %d, %Y"` -- SHORTDATE=`date "+%m-%d-%Y"` -+ LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y") -+ SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%Y-%m-%d") - fi - - # Current version number - CURRENTVERSION=3.0.1 - - # Last date --LASTDATE=09-08-2016 -+LASTDATE=2016-09-08 - - if [ "x$1" = "x" ] - then diff --git a/nrpe-0001-nrpe310-format-error.patch b/nrpe-0001-nrpe310-format-error.patch deleted file mode 100644 index daec6af..0000000 --- a/nrpe-0001-nrpe310-format-error.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./src/utils.c.format-error ./src/utils.c ---- ./src/utils.c.format-error 2017-04-17 10:21:54.000000000 -0400 -+++ ./src/utils.c 2017-04-20 17:52:36.012761311 -0400 -@@ -527,7 +527,7 @@ void logit(int priority, const char *for - fflush(log_fp); - - } else -- syslog(priority, buffer); -+ syslog(priority, "%s", buffer); - - free(buffer); - } diff --git a/nrpe.spec b/nrpe.spec index 944e83e..dbe2825 100644 --- a/nrpe.spec +++ b/nrpe.spec @@ -5,7 +5,7 @@ Name: nrpe Version: 3.1.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Host/service/network monitoring agent for Nagios Group: Applications/System @@ -18,8 +18,8 @@ Source3: nrpe.README.SELinux.rst Source4: nrpe.te Source5: nrpe.fc Source6: nrpe.service -#Patch1: nrpe-0001-gitupdates-20170321.patch -Patch1: nrpe-0001-nrpe310-format-error.patch + +Patch0: nrpe-0000-nrpe310-git-20170502-e89e8323666 Patch3: nrpe-0003-Include-etc-npre.d-config-directory.patch Patch13: nrpe-0013-service-rhel6.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -94,7 +94,7 @@ SElinux context for %{name}. %prep %setup -q -%patch1 -p1 -b .format-error +%patch0 -p1 -b .git-20170502-e89e8323666 %patch3 -p1 -b .include_etc_npre_d %patch13 -p1 -b .fix_service_rhel6 @@ -252,6 +252,9 @@ fi %endif %changelog +* Tue May 2 2017 Stephen Smoogen - 3.1.0-3 +- Grab updates from upstream to see why nrpe fails on fedora but not rhel + * Wed Apr 26 2017 Stephen Smoogen - 3.1.0-2 - Move to using original nirik nrpe service file for systemd. It worked and the others dont - NRPE fails to run using a /var/run/nrpe/ directory so trying to build without it.