From 7a67d7c03bbbbc3a81ce80c3f5aaf4e931402a12 Mon Sep 17 00:00:00 2001 From: Tomas Mozes Date: Wed, 8 Aug 2018 08:21:04 +0200 Subject: net-analyzer/nagios-core: bump to 4.4.1 Closes: https://bugs.gentoo.org/662194 Package-Manager: Portage-2.3.44, Repoman-2.3.10 Signed-off-by: Michael Orlitzky --- net-analyzer/nagios-core/Manifest | 1 + .../nagios-core/files/nagios-4.4.2-pre.patch | 209 ++++++++++++++++++++ net-analyzer/nagios-core/nagios-core-4.4.1.ebuild | 218 +++++++++++++++++++++ 3 files changed, 428 insertions(+) create mode 100644 net-analyzer/nagios-core/files/nagios-4.4.2-pre.patch create mode 100644 net-analyzer/nagios-core/nagios-core-4.4.1.ebuild (limited to 'net-analyzer') diff --git a/net-analyzer/nagios-core/Manifest b/net-analyzer/nagios-core/Manifest index f051a22305cf..11a8055082ab 100644 --- a/net-analyzer/nagios-core/Manifest +++ b/net-analyzer/nagios-core/Manifest @@ -1,4 +1,5 @@ DIST nagios-4.3.3.tar.gz 11101531 BLAKE2B 537d49ecf28b457fbc1e24eaaa9c5d9e8c4db59ed69c91a573c0cacb6cfb6fd2d52c31e87c0cef34b81a69247bb5b9513983d95e7eae3ea7f861742da485d2d4 SHA512 588292a95342cb2d95d7b58f70442b82b99a23dd9fdc1390e9ae0743626a047e5127d77b1d7e6a1d8edd6f34a425e581bcd42459b673a0ddea14125bde4b7d9e DIST nagios-4.3.4.tar.gz 11101966 BLAKE2B 6cb8182f40a4f83875c94df040bb1c62ce078d4130e10fa8595ea0b14cf715fc2a237ffb34199da9c1528e4789f3ce8deae3d993b5b795ad712d48b1e5fdb820 SHA512 f4e92aa98151739442a225a245871d93b5560d89510bdacb1a615959b9687f7a92675f10fcba71078b104ca8f237b0155a9261d67ec66f80aec7f033b4b3e316 DIST nagios-4.4.0.tar.gz 11295727 BLAKE2B f89e7934b13814ec8c0ae7a19f14eed8842c7b0044fb2812f1399f27a82e5a639b63cc53f04b58ae99aa87bf595b2e25642ad3eb134a041e39f744919bd46d2f SHA512 8c136463133cf26c756ccd39b158ed417297e30f8a0b12d063a4dba6a43f126b27bb5f7ea962c8cde9fb9c1fd8d3439d7cfeaab833045315a9800c993fa0676f +DIST nagios-4.4.1.tar.gz 11296403 BLAKE2B fdbaec5f913d18d5591f44cd1e0622b9741d7415b591f24f1521f2897b8a1bdbff00e9378ef6b3a6a99ab8d639960abd3d734fd66b665ea88ea1de169b552ace SHA512 d84f22a8fd21a573b4162f232c3a6bb2ba0b7d3a470e5fd80183a1862d2ae666956cfc2dd4c7fe6319ee7ccedb9f8a6920ba39a6b499ed9ff5b8be60a9779fa9 DIST nagios-core-gentoo-icons-20141125.tar 40960 BLAKE2B 31c1953e1160c7c7b89606b72b1a80407e4c1b7a7938b40bd1c577cd0c309dd88ca6b775d692a9b846dbf67736537fa9c91e56aa15fdd447769608ca525bff09 SHA512 bf109879cddd6136b76baba55d0b60b2596e37431dcf5ce0905d34a9fa292ebf7e4bde82d9a084362c486e8fac344c76d88f9298b1b85541ed70ffd608493766 diff --git a/net-analyzer/nagios-core/files/nagios-4.4.2-pre.patch b/net-analyzer/nagios-core/files/nagios-4.4.2-pre.patch new file mode 100644 index 000000000000..6483b9df9f29 --- /dev/null +++ b/net-analyzer/nagios-core/files/nagios-4.4.2-pre.patch @@ -0,0 +1,209 @@ +diff --git a/Changelog b/Changelog +index 1e1bd9e2..8dd26fec 100644 +--- a/Changelog ++++ b/Changelog +@@ -2,6 +2,18 @@ + Nagios Core 4 Change Log + ######################## + ++4.4.2 - ?????????? ++------------------ ++FIXES ++* Fix comment data being duplicated after a `service nagios reload` or similar (Bryan Heden) ++* Fix check_interval and retry_interval not changing at the appropriate times (Scott Wilkerson) ++* Fixed passive checks sending recovery email when host was previously UP (Scott Wilkerson) ++* Fixed flapping comments duplication on nagios reload (Christian Jung) ++* Fix for CVE-2018-13441, CVE-2018-13458, CVE-2018-13457 null pointer dereference (Trevor McDonald) ++* Fixed syntax error in file: default-init.in (#558) (Christian Zettel) ++* Reset current notification number and state flags when the host recovers, reset all service variables when they recover fixes (#557) (Scott Wilkerson) ++* Fixed wrong counting of service status totals when showing servicegroup details (#548) (Christian Zettel, Bryan Heden) ++ + 4.4.1 - 2018-06-25 + ------------------ + FIXES +diff --git a/base/checks.c b/base/checks.c +index 725dec9d..d45b6ac4 100644 +--- a/base/checks.c ++++ b/base/checks.c +@@ -911,6 +911,11 @@ static inline void service_state_or_hard_state_type_change(service * svc, int st + + if (state_or_type_change) { + ++ /* check if service should go into downtime from flexible downtime */ ++ if (svc->pending_flex_downtime > 0) { ++ check_pending_flex_service_downtime(svc); ++ } ++ + /* reset notification times and suppression option */ + svc->last_notification = (time_t)0; + svc->next_notification = (time_t)0; +@@ -941,7 +946,10 @@ static inline void host_state_or_hard_state_type_change(host * hst, int state_ch + + log_debug_info(DEBUGL_CHECKS, 2, "Check type passive and passive host checks aren't false\n"); + +- hst->current_attempt = 1; ++ if (state_change == TRUE) { ++ hst->current_attempt = 1; ++ } ++ + hard_state_change = TRUE; + } + +@@ -989,6 +997,9 @@ static inline void host_state_or_hard_state_type_change(host * hst, int state_ch + + if (state_or_type_change) { + ++ /* check if host should go into downtime from flexible downtime */ ++ check_pending_flex_host_downtime(hst); ++ + /* reset notification times and suppression option */ + hst->last_notification = (time_t)0; + hst->next_notification = (time_t)0; +@@ -1228,7 +1239,7 @@ int handle_async_service_check_result(service *svc, check_result *cr) + next_check = (time_t)(svc->last_check + (svc->check_interval * interval_length)); + + /***********************************************/ +- /********** SCHEDULE HOST CHECK LOGIC **********/ ++ /********** SCHEDULE SERVICE CHECK LOGIC **********/ + /***********************************************/ + if (svc->current_state == STATE_OK) { + +@@ -1269,6 +1280,7 @@ int handle_async_service_check_result(service *svc, check_result *cr) + + svc->host_problem_at_last_check = TRUE; + } ++ + } + else { + +@@ -1368,6 +1380,9 @@ int handle_async_service_check_result(service *svc, check_result *cr) + else { + + log_debug_info(DEBUGL_CHECKS, 1, "Service is a non-OK state (%s)!", service_state_name(svc->current_state)); ++ ++ svc->state_type = SOFT_STATE; ++ svc->current_attempt = 1; + + handle_event = TRUE; + } +@@ -1395,6 +1410,21 @@ int handle_async_service_check_result(service *svc, check_result *cr) + + log_debug_info(DEBUGL_CHECKS, 1, "Service experienced a SOFT recovery.\n"); + } ++ ++ ++ /* reset all service variables because its okay now... */ ++ svc->host_problem_at_last_check = FALSE; ++ svc->current_attempt = 1; ++ svc->state_type = HARD_STATE; ++ svc->last_hard_state = STATE_OK; ++ svc->last_notification = (time_t)0; ++ svc->next_notification = (time_t)0; ++ svc->current_notification_number = 0; ++ svc->problem_has_been_acknowledged = FALSE; ++ svc->acknowledgement_type = ACKNOWLEDGEMENT_NONE; ++ svc->notified_on = 0; ++ ++ hard_state_change = TRUE; + } + + /***** SERVICE IS STILL IN PROBLEM STATE *****/ +@@ -1418,6 +1448,14 @@ int handle_async_service_check_result(service *svc, check_result *cr) + } + } + } ++ ++ /* soft states should be using retry_interval */ ++ if (svc->state_type == SOFT_STATE) { ++ ++ log_debug_info(DEBUGL_CHECKS, 2, "Service state type is soft, using retry_interval\n"); ++ ++ next_check = (unsigned long) (current_time + svc->retry_interval * interval_length); ++ } + + /* check for a state change */ + if (svc->current_state != svc->last_state || (svc->current_state == STATE_OK && svc->state_type == SOFT_STATE)) { +@@ -1454,6 +1492,8 @@ int handle_async_service_check_result(service *svc, check_result *cr) + if (svc->current_attempt >= svc->max_attempts && svc->current_state != svc->last_hard_state) { + + log_debug_info(DEBUGL_CHECKS, 2, "Service had a HARD STATE CHANGE!!\n"); ++ ++ next_check = (unsigned long)(current_time + (svc->check_interval * interval_length)); + + hard_state_change = TRUE; + +@@ -2197,6 +2237,9 @@ int handle_async_host_check_result(host *hst, check_result *cr) + else { + + log_debug_info(DEBUGL_CHECKS, 1, "Host is no longer UP (%s)!\n", host_state_name(hst->current_state)); ++ ++ hst->state_type = SOFT_STATE; ++ hst->current_attempt = 1; + + /* propagate checks to immediate parents if they are UP */ + host_propagate_checks_to_immediate_parents(hst, FALSE, current_time); +@@ -2276,7 +2319,9 @@ int handle_async_host_check_result(host *hst, check_result *cr) + if (hst->current_state != HOST_UP && (hst->check_type == CHECK_TYPE_ACTIVE || translate_passive_host_checks == TRUE)) { + + hst->current_state = determine_host_reachability(hst); +- next_check = (unsigned long)(current_time + (hst->retry_interval * interval_length)); ++ if (hst->state_type == SOFT_STATE) ++ next_check = (unsigned long)(current_time + (hst->retry_interval * interval_length)); ++ + } + + /* check for state change */ +@@ -2310,7 +2355,9 @@ int handle_async_host_check_result(host *hst, check_result *cr) + + log_debug_info(DEBUGL_CHECKS, 2, "Host had a HARD STATE CHANGE!!\n"); + +- hard_state_change = TRUE; ++ next_check = (unsigned long)(current_time + (hst->check_interval * interval_length)); ++ ++ hard_state_change = TRUE; + send_notification = TRUE; + } + +@@ -2372,6 +2419,12 @@ int handle_async_host_check_result(host *hst, check_result *cr) + } + } + ++ /* the host recovered, so reset the current notification number and state flags (after the recovery notification has gone out) */ ++ if(hst->current_state == HOST_UP && hst->state_type == HARD_STATE && hard_state_change == TRUE) { ++ hst->current_notification_number = 0; ++ hst->notified_on = 0; ++ } ++ + if (obsess_over_hosts == TRUE) { + obsessive_compulsive_host_check_processor(hst); + } +diff --git a/base/nagios.c b/base/nagios.c +index 520ba71e..24719647 100644 +--- a/base/nagios.c ++++ b/base/nagios.c +@@ -878,6 +878,9 @@ int main(int argc, char **argv) { + /* clean up the scheduled downtime data */ + cleanup_downtime_data(); + ++ /* clean up comment data */ ++ free_comment_data(); ++ + /* clean up the status data if we are not restarting */ + if(sigrestart == FALSE) { + cleanup_status_data(TRUE); +diff --git a/cgi/status.c b/cgi/status.c +index 20c4ed48..8b1c8b31 100644 +--- a/cgi/status.c ++++ b/cgi/status.c +@@ -873,6 +873,11 @@ void show_service_status_totals(void) { + count_service = 1; + } + else if(display_type == DISPLAY_SERVICEGROUPS) { ++ ++ if (is_service_member_of_servicegroup(find_servicegroup(servicegroup_name), temp_service) == FALSE) { ++ continue; ++ } ++ + if(show_all_servicegroups == TRUE) { + count_service = 1; + } diff --git a/net-analyzer/nagios-core/nagios-core-4.4.1.ebuild b/net-analyzer/nagios-core/nagios-core-4.4.1.ebuild new file mode 100644 index 000000000000..bfc0aac4a73d --- /dev/null +++ b/net-analyzer/nagios-core/nagios-core-4.4.1.ebuild @@ -0,0 +1,218 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit toolchain-funcs user + +MY_P=${PN/-core}-${PV} +DESCRIPTION="Nagios core - monitoring daemon, web GUI, and documentation" +HOMEPAGE="https://www.nagios.org/" + +# The name of the directory into which our Gentoo icons will be +# extracted, and also the basename of the archive containing it. +GENTOO_ICONS="${PN}-gentoo-icons-20141125" +SRC_URI="mirror://sourceforge/nagios/${MY_P}.tar.gz + web? ( https://dev.gentoo.org/~mjo/distfiles/${GENTOO_ICONS}.tar )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="apache2 classicui lighttpd perl +web vim-syntax" + +# In pkg_postinst(), we change the group of the Nagios configuration +# directory to that of the web server user. It can't belong to both +# apache/lighttpd groups at the same time, so we block this combination +# for our own sanity. +# +# This could be made to work, but we would need a better way to allow +# the web user read-only access to Nagios's configuration directory. +# +REQUIRED_USE="apache2? ( !lighttpd )" + +# sys-devel/libtool dependency is bug #401237. +# +# Note, we require one of the apache2 CGI modules: +# +# * mod_cgi +# * mod_cgid +# * mod_fcgid +# +# We just don't care /which/ one. And of course PHP supports both CGI +# (USE=cgi) and FastCGI (USE=fpm). We're pretty lenient with the +# dependencies, and expect the user not to do anything /too/ +# stupid. (For example, installing Apache with only FastCGI support, and +# PHP with only CGI support.) +# +# Another annoyance is that the upstream Makefile uses app-arch/unzip to +# extract a snapshot of AngularJS, but that's only needed when USE=web. +# +MOD_ALIAS=apache2_modules_alias +DEPEND="sys-devel/libtool + virtual/mailx + perl? ( dev-lang/perl:= ) + web? ( + app-arch/unzip + media-libs/gd[jpeg,png] + lighttpd? ( www-servers/lighttpd[php] ) + apache2? ( + || ( + >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgi] + >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgid] + >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_fcgid] ) + || ( + dev-lang/php:*[apache2] + dev-lang/php:*[cgi] + dev-lang/php:*[fpm] ) + ) + )" +RDEPEND="${DEPEND} + vim-syntax? ( app-vim/nagios-syntax )" + +PATCHES=( + "${FILESDIR}/nagios-4.4.2-pre.patch" +) + +S="${WORKDIR}/${MY_P}" + +pkg_setup() { + enewgroup nagios + enewuser nagios -1 /bin/bash /var/nagios/home nagios +} + +src_configure() { + local myconf + + if use perl; then + myconf="${myconf} --enable-embedded-perl --with-perlcache" + fi + + if use !apache2 && use !lighttpd ; then + myconf="${myconf} --with-command-group=nagios" + else + if use apache2 ; then + myconf="${myconf} --with-command-group=apache" + myconf="${myconf} --with-httpd-conf=/etc/apache2/conf.d" + elif use lighttpd ; then + myconf="${myconf} --with-command-group=lighttpd" + fi + fi + + econf ${myconf} \ + --prefix=/usr \ + --bindir=/usr/sbin \ + --sbindir=/usr/$(get_libdir)/nagios/cgi-bin \ + --datadir=/usr/share/nagios/htdocs \ + --localstatedir=/var/nagios \ + --sysconfdir=/etc/nagios \ + --libexecdir=/usr/$(get_libdir)/nagios/plugins +} + +src_compile() { + emake CC=$(tc-getCC) nagios + + if use web; then + # Only compile the CGIs/HTML when USE=web is set. + emake CC=$(tc-getCC) DESTDIR="${D}" cgis html + fi +} + +src_install() { + dodoc Changelog CONTRIBUTING.md README.md THANKS UPGRADING + + # There is no way to install the CGIs unstripped from the top-level + # makefile, so descend into base/ here. The empty INSTALL_OPTS + # ensures that root:root: owns the nagios executables. + cd "${S}/base" || die + emake INSTALL_OPTS="" DESTDIR="${D}" install-unstripped + cd "${S}" || die + + # Otherwise this gets installed as 770 and you get "access denied" + # for some reason or other when starting nagios. The permissions + # on nagiostats are just for consistency (these should both get + # fixed upstream). + fperms 775 /usr/sbin/nagios /usr/sbin/nagiostats + + # INSTALL_OPTS are needed for most of install-basic, but we don't + # want them on the LIBEXECDIR, argh. + emake DESTDIR="${D}" install-basic + fowners root:root /usr/$(get_libdir)/nagios/plugins + + # Don't make the configuration owned by the nagios user, because + # then he can edit nagios.cfg and trick nagios into running as root + # and doing his bidding. + emake INSTALL_OPTS="" DESTDIR="${D}" install-config + + # No INSTALL_OPTS used in install-commandmode, thankfully. + emake DESTDIR="${D}" install-commandmode + + if use web; then + # There is no way to install the CGIs unstripped from the + # top-level makefile, so descend into cgi/ here. The empty + # INSTALL_OPTS ensures that root:root: owns the CGI executables. + cd "${S}/cgi" || die + emake INSTALL_OPTS="" DESTDIR="${D}" install-unstripped + cd "${S}" || die + + # install-html installs the new exfoliation theme + emake INSTALL_OPTS="" DESTDIR="${D}" install-html + + if use classicui; then + # This overwrites the already-installed exfoliation theme + emake INSTALL_OPTS="" DESTDIR="${D}" install-classicui + fi + + # Install cute Gentoo icons (bug #388323), setting their + # owner, group, and mode to match those of the rest of Nagios's + # images. + insinto /usr/share/nagios/htdocs/images/logos + doins "${WORKDIR}/${GENTOO_ICONS}"/*.* + fi + + newinitd startup/openrc-init nagios + + if use web ; then + if use apache2 ; then + # Install the Nagios configuration file for Apache. + insinto "/etc/apache2/modules.d" + doins "${FILESDIR}"/99_nagios4.conf + elif use lighttpd ; then + # Install the Nagios configuration file for Lighttpd. + insinto /etc/lighttpd + newins "${FILESDIR}/lighttpd_nagios4.conf" nagios.conf + else + ewarn "${CATEGORY}/${PF} only supports apache or lighttpd" + ewarn "out of the box. Since you are not using one of them, you" + ewarn "will have to configure your webserver yourself." + fi + fi +} + +pkg_postinst() { + + if use web; then + if use apache2 || use lighttpd ; then + if use apache2; then + elog "To enable the Nagios web front-end, please edit" + elog "${ROOT}etc/conf.d/apache2 and add \"-D NAGIOS -D PHP\"" + elog "to APACHE2_OPTS. Then Nagios will be available at," + elog + elif use lighttpd; then + elog "To enable the Nagios web front-end, please add" + elog "'include \"nagios.conf\"' to the lighttpd configuration" + elog "file at ${ROOT}etc/lighttpd/lighttpd.conf. Then Nagios" + elog "will be available at," + elog + fi + + elog " http://localhost/nagios/" + fi + fi + + elog + elog "If your kernel has /proc protection, nagios" + elog "will not be happy as it relies on accessing the proc" + elog "filesystem. You can fix this by adding nagios into" + elog "the group wheel, but this is not recomended." + elog +} -- cgit v1.2.3-65-gdbad