* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/files/, net-analyzer/nrpe/
@ 2015-08-31 15:45 Michael Orlitzky
0 siblings, 0 replies; 4+ messages in thread
From: Michael Orlitzky @ 2015-08-31 15:45 UTC (permalink / raw
To: gentoo-commits
commit: 9dc0aa1615c187829e2d3c1f9019a72559ee185f
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 31 15:43:48 2015 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 15:44:05 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dc0aa16
net-analyzer/nrpe: remove old ebuilds and patches.
Package-Manager: portage-2.2.20.1
.../nrpe/files/nagios-nrpe-2.13-command-args.patch | 15 --
.../nrpe/files/nagios-nrpe-2.13-multiline.patch | 200 ---------------------
.../nrpe/files/nagios-nrpe-2.13-tcpd.patch | 33 ----
net-analyzer/nrpe/files/nrpe-2.14-tcpd-et-al.patch | 74 --------
net-analyzer/nrpe/nrpe-2.15-r1.ebuild | 127 -------------
net-analyzer/nrpe/nrpe-2.15.ebuild | 127 -------------
6 files changed, 576 deletions(-)
diff --git a/net-analyzer/nrpe/files/nagios-nrpe-2.13-command-args.patch b/net-analyzer/nrpe/files/nagios-nrpe-2.13-command-args.patch
deleted file mode 100644
index fe6751a..0000000
--- a/net-analyzer/nrpe/files/nagios-nrpe-2.13-command-args.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- configure.old 2008-03-10 22:04:41.000000000 +0100
-+++ configure.in 2012-01-04 09:46:38.000000000 +0100
-@@ -362,7 +362,11 @@
- AC_SUBST(NAGIOS_INSTALL_OPTS)
-
-
--AC_ARG_ENABLE(command-args,--enable-command-args allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!,AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS))
-+AC_ARG_ENABLE(command-args,--enable-command-args allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!,[
-+ if test x$enableval = xyes; then
-+ AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS)
-+ fi
-+ ])
-
-
- AC_PATH_PROG(PERL,perl)
diff --git a/net-analyzer/nrpe/files/nagios-nrpe-2.13-multiline.patch b/net-analyzer/nrpe/files/nagios-nrpe-2.13-multiline.patch
deleted file mode 100644
index 8d96149..0000000
--- a/net-analyzer/nrpe/files/nagios-nrpe-2.13-multiline.patch
+++ /dev/null
@@ -1,200 +0,0 @@
-diff --git a/include/common.h b/include/common.h
-index 202dec4..86f8e32 100755
---- a/include/common.h
-+++ b/include/common.h
-@@ -41,7 +41,7 @@
- #define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */
- #define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for connection more than this time */
-
--#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */
-+#define MAX_INPUT_BUFFER 16384 /* max size of most buffers we use */
- #define MAX_FILENAME_LENGTH 256
-
- #define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */
-@@ -55,12 +55,14 @@
-
- #define QUERY_PACKET 1 /* id code for a packet containing a query */
- #define RESPONSE_PACKET 2 /* id code for a packet containing a response */
-+#define RESPONSE_PACKET_WITH_MORE 3 /* id code for a packet containing a response, with more data to follow */
-
- #define NRPE_PACKET_VERSION_3 3 /* packet version identifier */
- #define NRPE_PACKET_VERSION_2 2
- #define NRPE_PACKET_VERSION_1 1 /* older packet version identifiers (no longer supported) */
-
- #define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */
-+ /* WARNING - do not change this as older clients/servers will not work */
-
- typedef struct packet_struct{
- int16_t packet_version;
-diff --git a/src/check_nrpe.c b/src/check_nrpe.c
-index 0adced1..ff4b920 100755
---- a/src/check_nrpe.c
-+++ b/src/check_nrpe.c
-@@ -221,6 +221,11 @@ int main(int argc, char **argv){
- return STATE_UNKNOWN;
- }
-
-+ /* Altinity patch: Allow multiple packets to be received */
-+ /* Indentation not corrected to allow simpler patching */
-+ /* START MULTI_PACKET LOOP */
-+ do {
-+
- /* wait for the response packet */
- bytes_to_recv=sizeof(receive_packet);
- if(use_ssl==FALSE)
-@@ -233,31 +238,24 @@ int main(int argc, char **argv){
- /* reset timeout */
- alarm(0);
-
-- /* close the connection */
--#ifdef HAVE_SSL
-- if(use_ssl==TRUE){
-- SSL_shutdown(ssl);
-- SSL_free(ssl);
-- SSL_CTX_free(ctx);
-- }
--#endif
-- graceful_close(sd,1000);
--
- /* recv() error */
- if(rc<0){
- printf("CHECK_NRPE: Error receiving data from daemon.\n");
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
- /* server disconnected */
- else if(rc==0){
- printf("CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.\n");
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
- /* receive underflow */
- else if(bytes_to_recv<sizeof(receive_packet)){
- printf("CHECK_NRPE: Receive underflow - only %d bytes received (%d expected).\n",bytes_to_recv,sizeof(receive_packet));
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
-@@ -271,21 +269,21 @@ int main(int argc, char **argv){
- calculated_crc32=calculate_crc32((char *)&receive_packet,sizeof(receive_packet));
- if(packet_crc32!=calculated_crc32){
- printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
-- close(sd);
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
- /* check packet version */
- if(ntohs(receive_packet.packet_version)!=NRPE_PACKET_VERSION_2){
- printf("CHECK_NRPE: Invalid packet version received from server.\n");
-- close(sd);
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
- /* check packet type */
-- if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET){
-+ if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET && ntohs(receive_packet.packet_type)!=RESPONSE_PACKET_WITH_MORE){
- printf("CHECK_NRPE: Invalid packet type received from server.\n");
-- close(sd);
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
-@@ -297,8 +295,18 @@ int main(int argc, char **argv){
- if(!strcmp(receive_packet.buffer,""))
- printf("CHECK_NRPE: No output returned from daemon.\n");
- else
-- printf("%s\n",receive_packet.buffer);
-- }
-+ printf("%s",receive_packet.buffer);
-+
-+ } while (ntohs(receive_packet.packet_type)==RESPONSE_PACKET_WITH_MORE);
-+ /* END MULTI_PACKET LOOP */
-+
-+ /* Finish output with newline */
-+ printf("\n");
-+
-+ /* close the connection */
-+ graceful_close(sd,1000);
-+
-+ }
-
- /* reset the alarm */
- else
-@@ -434,6 +442,14 @@ int graceful_close(int sd, int timeout){
- struct timeval tv;
- char buf[1000];
-
-+#ifdef HAVE_SSL
-+ if(use_ssl==TRUE){
-+ SSL_shutdown(ssl);
-+ SSL_free(ssl);
-+ SSL_CTX_free(ctx);
-+ }
-+#endif
-+
- /* send FIN packet */
- shutdown(sd,SHUT_WR);
- for(;;){
-diff --git a/src/nrpe.c b/src/nrpe.c
-index f2b0164..dfa8262 100755
---- a/src/nrpe.c
-+++ b/src/nrpe.c
-@@ -972,6 +972,8 @@ void handle_connection(int sock){
- char processed_command[MAX_INPUT_BUFFER];
- int result=STATE_OK;
- int early_timeout=FALSE;
-+ int bytes_copied=0;
-+ char *pbuffer=&buffer[0];
- int rc;
- int x;
- #ifdef DEBUG
-@@ -1188,6 +1190,14 @@ void handle_connection(int sock){
- if(buffer[strlen(buffer)-1]=='\n')
- buffer[strlen(buffer)-1]='\x0';
-
-+ /* Altinity patch to allow multi packet responses */
-+ /* Loop not indented to allow easier patching */
-+ /* START MULTI_PACKET LOOP */
-+ do {
-+
-+ if(debug==TRUE)
-+ syslog(LOG_DEBUG,"Sending response - bytes left: %d", strlen(pbuffer));
-+
- /* clear the response packet buffer */
- bzero(&send_packet,sizeof(send_packet));
-
-@@ -1196,11 +1206,17 @@ void handle_connection(int sock){
-
- /* initialize response packet data */
- send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2);
-- send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET);
- send_packet.result_code=(int16_t)htons(result);
-- strncpy(&send_packet.buffer[0],buffer,MAX_PACKETBUFFER_LENGTH);
-+ strncpy(&send_packet.buffer[0],pbuffer,MAX_PACKETBUFFER_LENGTH);
- send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
--
-+
-+ bytes_copied = strlen(&send_packet.buffer[0]);
-+ pbuffer = pbuffer+bytes_copied;
-+ if(strlen(pbuffer)>0)
-+ send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET_WITH_MORE);
-+ else
-+ send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET);
-+
- /* calculate the crc 32 value of the packet */
- send_packet.crc32_value=(u_int32_t)0L;
- calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet));
-@@ -1219,6 +1235,9 @@ void handle_connection(int sock){
- SSL_write(ssl,&send_packet,bytes_to_send);
- #endif
-
-+ } while (strlen(pbuffer) > 0);
-+ /* END MULTI_PACKET LOOP */
-+
- #ifdef HAVE_SSL
- if(ssl){
- SSL_shutdown(ssl);
diff --git a/net-analyzer/nrpe/files/nagios-nrpe-2.13-tcpd.patch b/net-analyzer/nrpe/files/nagios-nrpe-2.13-tcpd.patch
deleted file mode 100644
index 67dd22e..0000000
--- a/net-analyzer/nrpe/files/nagios-nrpe-2.13-tcpd.patch
+++ /dev/null
@@ -1,33 +0,0 @@
---- configure.in.orig 2008-03-10 22:04:41.000000000 +0100
-+++ configure.in 2012-01-08 17:59:49.804613011 +0100
-@@ -147,11 +147,27 @@
- AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
- AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
- AC_SUBST(SOCKETLIBS)
--AC_CHECK_LIB(wrap,main,[
-- LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
-+
-+AC_ARG_ENABLE(tcp-wrapper,--enable-tcp-wrapper enables support for TCP wrappers. *** DISABLING IS A SECURITY RISK! *** Read the SECURITY file before using this option! (default: auto),[
-+ if test x$enableval = xyes; then
-+ enable_tcp_wrapper=yes
-+ else
-+ enable_tcp_wrapper=no
-+ fi
-+ ],enable_tcp_wrapper="auto")
-+
-+LIBWRAPLIBS=""
-+if test "x$enable_tcp_wrapper" = "xauto"; then
-+ AC_CHECK_LIB(wrap,main,[
-+ LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
-+ AC_DEFINE(HAVE_LIBWRAP)
-+ ])
-+elif test "x$enable_tcp_wrapper" = "xyes"; then
-+ AC_CHECK_LIB(wrap,main,LIBWRAPLIBS="$LIBWRAPLIBS -lwrap",[AC_MSG_ERROR([TCP wrapper library not found])])
- AC_DEFINE(HAVE_LIBWRAP)
-- ])
-+fi
- AC_SUBST(LIBWRAPLIBS)
-+
- AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket)
-
- dnl socklen_t check - from curl
diff --git a/net-analyzer/nrpe/files/nrpe-2.14-tcpd-et-al.patch b/net-analyzer/nrpe/files/nrpe-2.14-tcpd-et-al.patch
deleted file mode 100644
index f18bc31..0000000
--- a/net-analyzer/nrpe/files/nrpe-2.14-tcpd-et-al.patch
+++ /dev/null
@@ -1,74 +0,0 @@
---- nrpe-2.14.orig/configure.in
-+++ nrpe-2.14/configure.in
-@@ -1,12 +1,8 @@
- dnl Process this -*-m4-*- file with autoconf to produce a configure script.
-
--dnl Disable caching
--define([AC_CACHE_LOAD],)
--define([AC_CACHE_SAVE],)
--
--2.14([nrpe],[2.13],[nagios-users@lists.sourceforge.net],[nrpe],[http://www.nagios.org])
-+AC_INIT([nrpe],[2.14],[nagios-users@lists.sourceforge.net],[nrpe],[http://www.nagios.org])
- AC_CONFIG_SRCDIR([src/nrpe.c])
--AC_CONFIG_HEADERS([include/config.h])
-+
- AC_CONFIG_FILES([Makefile
- subst
- src/Makefile
-@@ -16,7 +12,8 @@
- init-script.suse
- nrpe.spec
- sample-config/nrpe.cfg
-- sample-config/nrpe.xinetd])
-+ sample-config/nrpe.xinetd
-+ include/config.h])
- AC_PREFIX_DEFAULT(/usr/local/nagios)
-
- PKG_NAME=nrpe
-@@ -45,7 +42,7 @@
- AC_HEADER_STDC
- AC_HEADER_TIME
- AC_HEADER_SYS_WAIT
--AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
-+AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
-
- dnl Checks for typedefs, structures, and compiler characteristics.
- AC_C_CONST
-@@ -164,11 +161,20 @@
- AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
- AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
- AC_SUBST(SOCKETLIBS)
--AC_CHECK_LIB(wrap,main,[
-- LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
-+
-+AC_ARG_ENABLE([tcp-wrapper],
-+ AS_HELP_STRING([--disable-tcp-wrapper], [Disable building with TCP wrappers. *** DISABLING IS A SECURITY RISK! *** Read the SECURITY file before using this option! @<:@default=enable@:>@]))
-+
-+LIBWRAPLIBS=""
-+AS_IF([test "x$enable_tcp_wrapper" != "xno"], [
-+ AC_CHECK_LIB([wrap],[hosts_access],[
-+ LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
- AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
-- ])
-+ AC_DEFINE(HAVE_TCPD_H,[1],[Have the TCP wrappers library])
-+ ])
-+])
- AC_SUBST(LIBWRAPLIBS)
-+
- AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket)
-
- dnl socklen_t check - from curl
-@@ -438,8 +444,11 @@
- AC_SUBST(TARGET_PLATFORM)
-
- AC_ARG_ENABLE([command-args],
-- AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]),
-- AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments]))
-+ AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]))
-+
-+AS_IF([test "x$enable_command_args" = "xyes"], [
-+ AC_DEFINE(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments])
-+])
-
- AC_ARG_ENABLE([bash-command-substitution],
- AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to pass bash command substitutions of the form $(command). *** THIS IS A HIGH SECURITY RISK! *** Read the SECURITY file before using this option!]),
diff --git a/net-analyzer/nrpe/nrpe-2.15-r1.ebuild b/net-analyzer/nrpe/nrpe-2.15-r1.ebuild
deleted file mode 100644
index 4da6838..0000000
--- a/net-analyzer/nrpe/nrpe-2.15-r1.ebuild
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-inherit eutils systemd toolchain-funcs multilib user autotools
-
-DESCRIPTION="Nagios Remote Plugin Executor"
-HOMEPAGE="http://www.nagios.org/"
-SRC_URI="mirror://sourceforge/nagios/${P}.tar.gz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
-IUSE="command-args ssl tcpd minimal"
-
-DEPEND="ssl? ( dev-libs/openssl )
- !minimal? ( tcpd? ( sys-apps/tcp-wrappers ) )"
-RDEPEND="${DEPEND}
- !minimal? ( >=net-analyzer/nagios-plugins-1.3.0 )"
-
-pkg_setup() {
- enewgroup nagios
- enewuser nagios -1 /bin/bash /dev/null nagios
-
- elog "If you plan to use \"nrpe_check_control\" then you may want to specify"
- elog "different command and services files. You can override the defaults"
- elog "through the \"NAGIOS_COMMAND_FILE\" and \"NAGIOS_SERVICES_FILE\" environment variables."
- elog "NAGIOS_COMMAND_FILE=${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}"
- elog "NAGIOS_SERVICES_FILE=${NAGIOS_SERVICES_FILE:-/etc/services.cfg}"
-}
-
-src_prepare() {
- # Add support for large output,
- # http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.html
- epatch "${FILESDIR}"/${PN}-2.14-multiline.patch
- # fix configure, among others #326367, #397603
- epatch "${FILESDIR}"/${PN}-2.15-tcpd-et-al.patch
- # otherwise autoconf will overwrite the custom include/config.h.in
- epatch "${FILESDIR}"/${PN}-2.15-autoconf-header.patch
- # improve handling of metachars for security
- epatch "${FILESDIR}"/${PN}-2.15-metachar-security-fix.patch
-
- sed -i -e '/define \(COMMAND\|SERVICES\)_FILE/d' contrib/nrpe_check_control.c || die
-
- # change the default location of the pid file
- sed -i -e '/pid_file/s:/var/run:/run:' sample-config/nrpe.cfg.in || die
-
- # fix TFU handling of autoheader
- sed -i -e '/#undef/d' include/config.h.in || die
-
- eautoreconf
-}
-
-src_configure() {
- local myconf
- if use minimal; then
- myconf="--disable-tcp-wrapper --disable-command-args"
- else
- myconf="$(use_enable tcpd tcp-wrapper) $(use_enable command-args)"
- fi
-
- econf \
- --libexecdir=/usr/$(get_libdir)/nagios/plugins \
- --localstatedir=/var/nagios \
- --sysconfdir=/etc/nagios \
- --with-nrpe-user=nagios \
- --with-nrpe-group=nagios \
- $(use_enable ssl) \
- ${myconf}
-}
-
-src_compile() {
- emake -C src check_nrpe $(use minimal || echo nrpe)
-
- # Add nifty nrpe check tool
- $(tc-getCC) ${CPPFLAGS} ${CFLAGS} \
- -DCOMMAND_FILE=\"${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}\" \
- -DSERVICES_FILE=\"${NAGIOS_SERVICES_FILE:-/etc/services.cfg}\" \
- ${LDFLAGS} -o nrpe_check_control contrib/nrpe_check_control.c || die
-}
-
-src_install() {
- dodoc LEGAL Changelog README SECURITY \
- contrib/README.nrpe_check_control \
- $(use ssl && echo README.SSL)
-
- exeinto /usr/$(get_libdir)/nagios/plugins
- doexe src/check_nrpe nrpe_check_control
-
- use minimal && return 0
-
- ## NON-MINIMAL INSTALL FOLLOWS ##
-
- insinto /etc/nagios
- newins sample-config/nrpe.cfg nrpe.cfg
- fowners root:nagios /etc/nagios/nrpe.cfg
- fperms 0640 /etc/nagios/nrpe.cfg
-
- exeinto /usr/libexec
- doexe src/nrpe
-
- newinitd "${FILESDIR}"/nrpe.init nrpe
- systemd_dounit "${FILESDIR}/${PN}.service"
-
- insinto /etc/xinetd.d/
- newins "${FILESDIR}/nrpe.xinetd.2" nrpe
-
- if use tcpd; then
- sed -i -e '/^reload()/, /^}/ d' -e '/extra_started_commands/s:reload::' \
- "${D}"/etc/init.d/nrpe
- fi
-}
-
-pkg_postinst() {
- elog "If you are using the nrpe daemon, remember to edit"
- elog "the config file /etc/nagios/nrpe.cfg"
-
- if use command-args ; then
- ewarn ""
- ewarn "You have enabled command-args for NRPE. This enables"
- ewarn "the ability for clients to supply arguments to commands"
- ewarn "which should be run. "
- ewarn "THIS IS CONSIDERED A SECURITY RISK!"
- ewarn "Please read /usr/share/doc/${PF}/SECURITY.bz2 for more info"
- fi
-}
diff --git a/net-analyzer/nrpe/nrpe-2.15.ebuild b/net-analyzer/nrpe/nrpe-2.15.ebuild
deleted file mode 100644
index 51046f6..0000000
--- a/net-analyzer/nrpe/nrpe-2.15.ebuild
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=4
-
-inherit eutils toolchain-funcs multilib user autotools
-
-DESCRIPTION="Nagios Remote Plugin Executor"
-HOMEPAGE="http://www.nagios.org/"
-SRC_URI="mirror://sourceforge/nagios/${P}.tar.gz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"
-IUSE="command-args ssl tcpd minimal"
-
-DEPEND="ssl? ( dev-libs/openssl )
- !minimal? ( tcpd? ( sys-apps/tcp-wrappers ) )"
-RDEPEND="${DEPEND}
- !minimal? ( >=net-analyzer/nagios-plugins-1.3.0 )"
-
-pkg_setup() {
- enewgroup nagios
- enewuser nagios -1 /bin/bash /dev/null nagios
-
- elog "If you plan to use \"nrpe_check_control\" then you may want to specify"
- elog "different command and services files. You can override the defaults"
- elog "through the \"NAGIOS_COMMAND_FILE\" and \"NAGIOS_SERVICES_FILE\" environment variables."
- elog "NAGIOS_COMMAND_FILE=${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}"
- elog "NAGIOS_SERVICES_FILE=${NAGIOS_SERVICES_FILE:-/etc/services.cfg}"
-}
-
-src_prepare() {
- # Add support for large output,
- # http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.html
- epatch "${FILESDIR}"/${PN}-2.14-multiline.patch
- # fix configure, among others #326367, #397603
- epatch "${FILESDIR}"/${PN}-2.15-tcpd-et-al.patch
- # otherwise autoconf will overwrite the custom include/config.h.in
- epatch "${FILESDIR}"/${PN}-2.15-autoconf-header.patch
- # improve handling of metachars for security
- epatch "${FILESDIR}"/${PN}-2.15-metachar-security-fix.patch
-
- sed -i -e '/define \(COMMAND\|SERVICES\)_FILE/d' contrib/nrpe_check_control.c || die
-
- # change the default location of the pid file
- sed -i -e '/pid_file/s:/var/run:/run:' sample-config/nrpe.cfg.in || die
-
- # fix TFU handling of autoheader
- sed -i -e '/#undef/d' include/config.h.in || die
-
- eautoreconf
-}
-
-src_configure() {
- local myconf
- if use minimal; then
- myconf="--disable-tcp-wrapper --disable-command-args"
- else
- myconf="$(use_enable tcpd tcp-wrapper) $(use_enable command-args)"
- fi
-
- econf \
- --libexecdir=/usr/$(get_libdir)/nagios/plugins \
- --localstatedir=/var/nagios \
- --sysconfdir=/etc/nagios \
- --with-nrpe-user=nagios \
- --with-nrpe-group=nagios \
- $(use_enable ssl) \
- ${myconf}
-}
-
-src_compile() {
- emake -C src check_nrpe $(use minimal || echo nrpe)
-
- # Add nifty nrpe check tool
- $(tc-getCC) ${CPPFLAGS} ${CFLAGS} \
- -DCOMMAND_FILE=\"${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}\" \
- -DSERVICES_FILE=\"${NAGIOS_SERVICES_FILE:-/etc/services.cfg}\" \
- ${LDFLAGS} -o nrpe_check_control contrib/nrpe_check_control.c || die
-}
-
-src_install() {
- dodoc LEGAL Changelog README SECURITY \
- contrib/README.nrpe_check_control \
- $(use ssl && echo README.SSL)
-
- exeinto /usr/$(get_libdir)/nagios/plugins
- doexe src/check_nrpe nrpe_check_control
-
- use minimal && return 0
-
- ## NON-MINIMAL INSTALL FOLLOWS ##
-
- insinto /etc/nagios
- newins sample-config/nrpe.cfg nrpe.cfg
- fowners root:nagios /etc/nagios/nrpe.cfg
- fperms 0640 /etc/nagios/nrpe.cfg
-
- exeinto /usr/libexec
- doexe src/nrpe
-
- newinitd "${FILESDIR}"/nrpe.init nrpe
-
- insinto /etc/xinetd.d/
- newins "${FILESDIR}/nrpe.xinetd.2" nrpe
-
- if use tcpd; then
- sed -i -e '/^reload()/, /^}/ d' -e '/extra_started_commands/s:reload::' \
- "${D}"/etc/init.d/nrpe
- fi
-}
-
-pkg_postinst() {
- elog "If you are using the nrpe daemon, remember to edit"
- elog "the config file /etc/nagios/nrpe.cfg"
-
- if use command-args ; then
- ewarn ""
- ewarn "You have enabled command-args for NRPE. This enables"
- ewarn "the ability for clients to supply arguments to commands"
- ewarn "which should be run. "
- ewarn "THIS IS CONSIDERED A SECURITY RISK!"
- ewarn "Please read /usr/share/doc/${PF}/SECURITY.bz2 for more info"
- fi
-}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/files/, net-analyzer/nrpe/
@ 2017-05-12 21:57 Michael Orlitzky
0 siblings, 0 replies; 4+ messages in thread
From: Michael Orlitzky @ 2017-05-12 21:57 UTC (permalink / raw
To: gentoo-commits
commit: 1aa4d1f895af173e41d53f5d811a62788a68d7f2
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Fri May 12 21:56:12 2017 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Fri May 12 21:56:29 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1aa4d1f8
net-analyzer/nrpe: new version 3.1.0.
This new ebuild is missing a lot of the custom patching of the 2.x
series, ultimately because I just don't have time to forward-port a
bunch of patches. Here's a quick summary of the changes:
* Command arguments are unconditionally disabled, because they're
a security risk. This flag would be easy to bring back, but it
should be masked if we do.
* The daemon and tcp wrappers are no longer optional. While I admit
that having them be optional is useful, a giant patch to the build
system is not the way to go about it. Send that mess upstream!
* The nrpe_check_control tool is not installed. This is "contrib"
upstream, and doesn't use the correct paths from the build
system. Needs to be fixed upstream.
Thanks to Tomáš Mózes for the heads-up about the new version, and for
testing the ebuild and init script. It looks like our nrpe-2.x and
nrpe-3.x have some incompatibilities, possibly due to our patches
against the 2.x series. I've added an elog recommending that users not
mix major versions on the client/server.
Gentoo-Bug: 616092
Package-Manager: Portage-2.3.3, Repoman-2.3.1
net-analyzer/nrpe/Manifest | 1 +
net-analyzer/nrpe/files/nrpe-3.1.0.init | 16 +++++++++
net-analyzer/nrpe/nrpe-3.1.0.ebuild | 64 +++++++++++++++++++++++++++++++++
3 files changed, 81 insertions(+)
diff --git a/net-analyzer/nrpe/Manifest b/net-analyzer/nrpe/Manifest
index 51876a8e1c1..9dbbbda4871 100644
--- a/net-analyzer/nrpe/Manifest
+++ b/net-analyzer/nrpe/Manifest
@@ -1 +1,2 @@
DIST nrpe-2.15.tar.gz 419695 SHA256 66383b7d367de25ba031d37762d83e2b55de010c573009c6f58270b137131072 SHA512 03ce9774b5112d03235dc9da075770d89d1bcc5ffa5faf221ff7ea8ec5c92ded1e1ae9222581a87cf53736d190ac047e1acce7edc2f31f26c432d786cdef0e73 WHIRLPOOL f97ad7431138fd96588bb4e9d13404a0425bbdb8582c7c472cb20621bb77a9e9ecdeed88b9247ea20815da33c5b123368a540c5a0a058921e59367c2ce2a2b10
+DIST nrpe-3.1.0.tar.gz 501028 SHA256 22942b546f1af9b3f277daa68742b7f72a53145079adf0f086e4554e1482f24a SHA512 d67ae7cbd7f72fccc341e7da6d8774ee28da93dd14a18e6c6fbce6c9ba3fab19451ededea3cff0945ec1569026ee10f12a44bebbeac12a3b8210ed9aec4b39b8 WHIRLPOOL ecb41098e5bc87a8eaa0af8853fbe48b85a1c84a01ad5484f89aa231bb99a7604e4d67aa495651487577e3c85471bc274123809b40d791ade2c55d46d37b3e1b
diff --git a/net-analyzer/nrpe/files/nrpe-3.1.0.init b/net-analyzer/nrpe/files/nrpe-3.1.0.init
new file mode 100644
index 00000000000..acf8b549ee7
--- /dev/null
+++ b/net-analyzer/nrpe/files/nrpe-3.1.0.init
@@ -0,0 +1,16 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+: ${CFGFILE:=/etc/nagios/nrpe.cfg}
+
+extra_started_commands="reload"
+command="/usr/bin/${SVCNAME}"
+command_args="-c ${CFGFILE} --daemon"
+pidfile=/run/nrpe.pid
+
+reload() {
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --exec $command --pidfile $pidfile --signal HUP
+ eend $?
+}
diff --git a/net-analyzer/nrpe/nrpe-3.1.0.ebuild b/net-analyzer/nrpe/nrpe-3.1.0.ebuild
new file mode 100644
index 00000000000..e6ed550c91c
--- /dev/null
+++ b/net-analyzer/nrpe/nrpe-3.1.0.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit systemd user
+
+DESCRIPTION="Nagios Remote Plugin Executor"
+HOMEPAGE="https://github.com/NagiosEnterprises/nrpe"
+SRC_URI="${HOMEPAGE}/releases/download/release-${PV}/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="selinux ssl"
+
+DEPEND="sys-apps/tcp-wrappers
+ ssl? ( dev-libs/openssl:0 )"
+RDEPEND="${DEPEND}
+ || ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins )
+ selinux? ( sec-policy/selinux-nagios )"
+
+pkg_setup() {
+ enewgroup nagios
+ enewuser nagios -1 /bin/bash /var/nagios/home nagios
+}
+
+src_configure() {
+ econf \
+ --libexecdir=/usr/$(get_libdir)/nagios/plugins \
+ --localstatedir=/var/nagios \
+ --sysconfdir=/etc/nagios \
+ --with-nrpe-user=nagios \
+ --with-nrpe-group=nagios \
+ --with-piddir=/run \
+ $(use_enable ssl)
+}
+
+src_compile() {
+ emake all
+}
+
+src_install() {
+ default
+
+ dodoc Changelog SECURITY.md
+ insinto /etc/nagios
+ newins sample-config/nrpe.cfg nrpe.cfg
+ fowners root:nagios /etc/nagios/nrpe.cfg
+ fperms 0640 /etc/nagios/nrpe.cfg
+
+ newinitd "${FILESDIR}/nrpe-${PV}.init" nrpe
+ systemd_dounit "${FILESDIR}/${PN}.service"
+
+ insinto /etc/xinetd.d/
+ newins "${FILESDIR}/nrpe.xinetd.2" nrpe
+
+ rm "${D}/usr/bin/nrpe-uninstall" || die 'failed to remove uninstall tool'
+}
+
+pkg_postinst(){
+ elog 'Some users have reported incompatibilities between nrpe-2.x and'
+ elog 'nrpe-3.x. We recommend that you use the same major version for'
+ elog 'both your server and clients.'
+}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/files/, net-analyzer/nrpe/
@ 2017-06-07 12:23 Michael Orlitzky
0 siblings, 0 replies; 4+ messages in thread
From: Michael Orlitzky @ 2017-06-07 12:23 UTC (permalink / raw
To: gentoo-commits
commit: c4935b71037ff671ee78d8185e657c87cc29a76e
Author: Tomas Mozes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Fri Jun 2 05:54:42 2017 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Jun 7 12:23:15 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4935b71
net-analyzer/nrpe: bump to 3.1.1, drop old
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
net-analyzer/nrpe/Manifest | 2 +-
net-analyzer/nrpe/files/{nrpe-3.1.0.init => nrpe-3.1.1.init} | 0
net-analyzer/nrpe/{nrpe-3.1.0.ebuild => nrpe-3.1.1.ebuild} | 0
3 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/net-analyzer/nrpe/Manifest b/net-analyzer/nrpe/Manifest
index 9dbbbda4871..1ec17f2638d 100644
--- a/net-analyzer/nrpe/Manifest
+++ b/net-analyzer/nrpe/Manifest
@@ -1,2 +1,2 @@
DIST nrpe-2.15.tar.gz 419695 SHA256 66383b7d367de25ba031d37762d83e2b55de010c573009c6f58270b137131072 SHA512 03ce9774b5112d03235dc9da075770d89d1bcc5ffa5faf221ff7ea8ec5c92ded1e1ae9222581a87cf53736d190ac047e1acce7edc2f31f26c432d786cdef0e73 WHIRLPOOL f97ad7431138fd96588bb4e9d13404a0425bbdb8582c7c472cb20621bb77a9e9ecdeed88b9247ea20815da33c5b123368a540c5a0a058921e59367c2ce2a2b10
-DIST nrpe-3.1.0.tar.gz 501028 SHA256 22942b546f1af9b3f277daa68742b7f72a53145079adf0f086e4554e1482f24a SHA512 d67ae7cbd7f72fccc341e7da6d8774ee28da93dd14a18e6c6fbce6c9ba3fab19451ededea3cff0945ec1569026ee10f12a44bebbeac12a3b8210ed9aec4b39b8 WHIRLPOOL ecb41098e5bc87a8eaa0af8853fbe48b85a1c84a01ad5484f89aa231bb99a7604e4d67aa495651487577e3c85471bc274123809b40d791ade2c55d46d37b3e1b
+DIST nrpe-3.1.1.tar.gz 515215 SHA256 cfb3d4fb036e81cbb8a6d9c34f24b7d9395ecfaa55234a0572382ea30c54fd8d SHA512 1d4cb6e35ad88f1dcd66b552ac1b3892cbd894f182b2ab35929bb656423187a7e93ac3e9c812a72f10aaecd0924fc7bc36719abbeec2d65363534830972b5d92 WHIRLPOOL f77db69c351488ea2e83d60094f82447c1bf4adea9da0cff2264346fdc7679941fb148546bd290da3d498851f84859164ac13c55e58e24785f808309bb8e14ae
diff --git a/net-analyzer/nrpe/files/nrpe-3.1.0.init b/net-analyzer/nrpe/files/nrpe-3.1.1.init
similarity index 100%
rename from net-analyzer/nrpe/files/nrpe-3.1.0.init
rename to net-analyzer/nrpe/files/nrpe-3.1.1.init
diff --git a/net-analyzer/nrpe/nrpe-3.1.0.ebuild b/net-analyzer/nrpe/nrpe-3.1.1.ebuild
similarity index 100%
rename from net-analyzer/nrpe/nrpe-3.1.0.ebuild
rename to net-analyzer/nrpe/nrpe-3.1.1.ebuild
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/files/, net-analyzer/nrpe/
@ 2019-08-31 21:35 Michael Orlitzky
0 siblings, 0 replies; 4+ messages in thread
From: Michael Orlitzky @ 2019-08-31 21:35 UTC (permalink / raw
To: gentoo-commits
commit: bc77e1137940198a2ff4ca5f62842dcfdf1bb3e4
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 31 20:47:22 2019 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Sat Aug 31 21:34:56 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc77e113
net-analyzer/nrpe: remove "unused" nrpe-{2.15-r3,3.2.1}.ebuild.
Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
net-analyzer/nrpe/Manifest | 1 -
net-analyzer/nrpe/files/nrpe-2.14-multiline.patch | 204 ---------------------
| 24 ---
.../files/nrpe-2.15-metachar-security-fix.patch | 26 ---
net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch | 39 ----
net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch | 50 -----
net-analyzer/nrpe/metadata.xml | 3 -
net-analyzer/nrpe/nrpe-2.15-r3.ebuild | 140 --------------
net-analyzer/nrpe/nrpe-3.2.1.ebuild | 77 --------
9 files changed, 564 deletions(-)
diff --git a/net-analyzer/nrpe/Manifest b/net-analyzer/nrpe/Manifest
index 8b0da4d1b7d..0091826d876 100644
--- a/net-analyzer/nrpe/Manifest
+++ b/net-analyzer/nrpe/Manifest
@@ -1,2 +1 @@
-DIST nrpe-2.15.tar.gz 419695 BLAKE2B 999ecc633cbd2dc516ff0654db3ac0cc58a88d93ae4ace1040888fe73d8fb471306d95312ac364c79b3a47300ac57c0c429a24697c37bfa639f1da55cb6bc756 SHA512 03ce9774b5112d03235dc9da075770d89d1bcc5ffa5faf221ff7ea8ec5c92ded1e1ae9222581a87cf53736d190ac047e1acce7edc2f31f26c432d786cdef0e73
DIST nrpe-3.2.1.tar.gz 518015 BLAKE2B c9be2bf24e3d9977a7ff5c2f0e08bfe841729289af836bb7ac6ccb2c173a519958b12cc3e90ece612ac6c2527ad472ef1464be648a66b11ff8ad483d5ad78cc1 SHA512 ec6ff42a00bd97ed80010a82e26dc35fd419f2feda65820cda0108068173c1ae44eee698833a50fd2079429a6f5eb1321c4f06b09c6708bc5fbe48f176389856
diff --git a/net-analyzer/nrpe/files/nrpe-2.14-multiline.patch b/net-analyzer/nrpe/files/nrpe-2.14-multiline.patch
deleted file mode 100644
index 3af2ef95bab..00000000000
--- a/net-analyzer/nrpe/files/nrpe-2.14-multiline.patch
+++ /dev/null
@@ -1,204 +0,0 @@
-Add support for large output
-
-http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.htmlIndex: nrpe-2.14/include/common.h
-===================================================================
-Index: nrpe-2.14/include/common.h
-===================================================================
---- nrpe-2.14.orig/include/common.h
-+++ nrpe-2.14/include/common.h
-@@ -41,7 +41,7 @@
- #define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */
- #define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for connection more than this time */
-
--#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */
-+#define MAX_INPUT_BUFFER 16384 /* max size of most buffers we use */
- #define MAX_FILENAME_LENGTH 256
-
- #define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */
-@@ -55,12 +55,14 @@
-
- #define QUERY_PACKET 1 /* id code for a packet containing a query */
- #define RESPONSE_PACKET 2 /* id code for a packet containing a response */
-+#define RESPONSE_PACKET_WITH_MORE 3 /* id code for a packet containing a response, with more data to follow */
-
- #define NRPE_PACKET_VERSION_3 3 /* packet version identifier */
- #define NRPE_PACKET_VERSION_2 2
- #define NRPE_PACKET_VERSION_1 1 /* older packet version identifiers (no longer supported) */
-
- #define MAX_PACKETBUFFER_LENGTH 1024 /* max amount of data we'll send in one query/response */
-+ /* WARNING - do not change this as older clients/servers will not work */
-
- typedef struct packet_struct{
- int16_t packet_version;
-Index: nrpe-2.14/src/check_nrpe.c
-===================================================================
---- nrpe-2.14.orig/src/check_nrpe.c
-+++ nrpe-2.14/src/check_nrpe.c
-@@ -221,6 +221,11 @@ int main(int argc, char **argv){
- return STATE_UNKNOWN;
- }
-
-+ /* Altinity patch: Allow multiple packets to be received */
-+ /* Indentation not corrected to allow simpler patching */
-+ /* START MULTI_PACKET LOOP */
-+ do {
-+
- /* wait for the response packet */
- bytes_to_recv=sizeof(receive_packet);
- if(use_ssl==FALSE)
-@@ -233,31 +238,24 @@ int main(int argc, char **argv){
- /* reset timeout */
- alarm(0);
-
-- /* close the connection */
--#ifdef HAVE_SSL
-- if(use_ssl==TRUE){
-- SSL_shutdown(ssl);
-- SSL_free(ssl);
-- SSL_CTX_free(ctx);
-- }
--#endif
-- graceful_close(sd,1000);
--
- /* recv() error */
- if(rc<0){
- printf("CHECK_NRPE: Error receiving data from daemon.\n");
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
- /* server disconnected */
- else if(rc==0){
- printf("CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.\n");
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
- /* receive underflow */
- else if(bytes_to_recv<sizeof(receive_packet)){
- printf("CHECK_NRPE: Receive underflow - only %d bytes received (%d expected).\n",bytes_to_recv,sizeof(receive_packet));
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
-@@ -271,21 +269,21 @@ int main(int argc, char **argv){
- calculated_crc32=calculate_crc32((char *)&receive_packet,sizeof(receive_packet));
- if(packet_crc32!=calculated_crc32){
- printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
-- close(sd);
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
- /* check packet version */
- if(ntohs(receive_packet.packet_version)!=NRPE_PACKET_VERSION_2){
- printf("CHECK_NRPE: Invalid packet version received from server.\n");
-- close(sd);
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
- /* check packet type */
-- if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET){
-+ if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET && ntohs(receive_packet.packet_type)!=RESPONSE_PACKET_WITH_MORE){
- printf("CHECK_NRPE: Invalid packet type received from server.\n");
-- close(sd);
-+ graceful_close(sd,1000);
- return STATE_UNKNOWN;
- }
-
-@@ -297,8 +295,18 @@ int main(int argc, char **argv){
- if(!strcmp(receive_packet.buffer,""))
- printf("CHECK_NRPE: No output returned from daemon.\n");
- else
-- printf("%s\n",receive_packet.buffer);
-- }
-+ printf("%s",receive_packet.buffer);
-+
-+ } while (ntohs(receive_packet.packet_type)==RESPONSE_PACKET_WITH_MORE);
-+ /* END MULTI_PACKET LOOP */
-+
-+ /* Finish output with newline */
-+ printf("\n");
-+
-+ /* close the connection */
-+ graceful_close(sd,1000);
-+
-+ }
-
- /* reset the alarm */
- else
-@@ -434,6 +442,14 @@ int graceful_close(int sd, int timeout){
- struct timeval tv;
- char buf[1000];
-
-+#ifdef HAVE_SSL
-+ if(use_ssl==TRUE){
-+ SSL_shutdown(ssl);
-+ SSL_free(ssl);
-+ SSL_CTX_free(ctx);
-+ }
-+#endif
-+
- /* send FIN packet */
- shutdown(sd,SHUT_WR);
- for(;;){
-Index: nrpe-2.14/src/nrpe.c
-===================================================================
---- nrpe-2.14.orig/src/nrpe.c
-+++ nrpe-2.14/src/nrpe.c
-@@ -1056,6 +1056,8 @@ void handle_connection(int sock){
- char processed_command[MAX_INPUT_BUFFER];
- int result=STATE_OK;
- int early_timeout=FALSE;
-+ int bytes_copied=0;
-+ char *pbuffer=&buffer[0];
- int rc;
- int x;
- #ifdef DEBUG
-@@ -1272,6 +1274,14 @@ void handle_connection(int sock){
- if(buffer[strlen(buffer)-1]=='\n')
- buffer[strlen(buffer)-1]='\x0';
-
-+ /* Altinity patch to allow multi packet responses */
-+ /* Loop not indented to allow easier patching */
-+ /* START MULTI_PACKET LOOP */
-+ do {
-+
-+ if(debug==TRUE)
-+ syslog(LOG_DEBUG,"Sending response - bytes left: %d", strlen(pbuffer));
-+
- /* clear the response packet buffer */
- bzero(&send_packet,sizeof(send_packet));
-
-@@ -1280,11 +1290,17 @@ void handle_connection(int sock){
-
- /* initialize response packet data */
- send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2);
-- send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET);
- send_packet.result_code=(int16_t)htons(result);
-- strncpy(&send_packet.buffer[0],buffer,MAX_PACKETBUFFER_LENGTH);
-+ strncpy(&send_packet.buffer[0],pbuffer,MAX_PACKETBUFFER_LENGTH);
- send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
--
-+
-+ bytes_copied = strlen(&send_packet.buffer[0]);
-+ pbuffer = pbuffer+bytes_copied;
-+ if(strlen(pbuffer)>0)
-+ send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET_WITH_MORE);
-+ else
-+ send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET);
-+
- /* calculate the crc 32 value of the packet */
- send_packet.crc32_value=(u_int32_t)0L;
- calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet));
-@@ -1303,6 +1319,9 @@ void handle_connection(int sock){
- SSL_write(ssl,&send_packet,bytes_to_send);
- #endif
-
-+ } while (strlen(pbuffer) > 0);
-+ /* END MULTI_PACKET LOOP */
-+
- #ifdef HAVE_SSL
- if(ssl){
- complete_SSL_shutdown( ssl);
diff --git a/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch b/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch
deleted file mode 100644
index 81078c44971..00000000000
--- a/net-analyzer/nrpe/files/nrpe-2.15-autoconf-header.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -Nuar --exclude '*.orig' nrpe-2.15.orig/configure.in nrpe-2.15/configure.in
---- nrpe-2.15.orig/configure.in 2013-09-06 08:27:13.000000000 -0700
-+++ nrpe-2.15/configure.in 2014-04-19 09:32:52.251766643 -0700
-@@ -6,7 +6,8 @@
-
- AC_INIT([nrpe],[2.15],[nagios-users@lists.sourceforge.net],[nrpe],[http://www.nagios.org])
- AC_CONFIG_SRCDIR([src/nrpe.c])
--AC_CONFIG_HEADERS([include/config.h])
-+AC_CONFIG_HEADERS([include/autoconf.h])
- AC_CONFIG_FILES([Makefile
-+ include/config.h
- subst
- src/Makefile
-diff -Nuar --exclude '*.orig' nrpe-2.15.orig/include/config.h.in nrpe-2.15/include/config.h.in
---- nrpe-2.15.orig/include/config.h.in 2013-09-06 08:27:13.000000000 -0700
-+++ nrpe-2.15/include/config.h.in 2014-04-19 09:33:07.620035056 -0700
-@@ -26,6 +26,7 @@
-
- #include <stdio.h>
- #include <stdlib.h>
-+#include "autoconf.h"
-
-
- #define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */
diff --git a/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch b/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch
deleted file mode 100644
index c42f8bfdec0..00000000000
--- a/net-analyzer/nrpe/files/nrpe-2.15-metachar-security-fix.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Disallow all control characters in argument handling.
-
-This closes a security hole that allowed passing commands via the argument
-handling, if a newline was used to seperate the argument from the rest of the
-command.
-
-X-URL: http://www.exploit-db.com/exploits/32925/
-Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-
---
-I didn't find any patches from upstream NRPE, so I wrote this quick one.
-If somebody else has a valid use for control characters in NRPE arguments, then
-this could be relaxed slightly.
-
-diff -Nuar --exclude '*.orig' nrpe-2.15.orig/src/nrpe.c nrpe-2.15/src/nrpe.c
---- nrpe-2.15.orig/src/nrpe.c 2014-04-19 09:37:16.022373910 -0700
-+++ nrpe-2.15/src/nrpe.c 2014-04-19 09:46:53.237458939 -0700
-@@ -53,7 +53,7 @@
-
- #define DEFAULT_COMMAND_TIMEOUT 60 /* default timeout for execution of plugins */
- #define MAXFD 64
--#define NASTY_METACHARS "|`&><'\"\\[]{};"
-+#define NASTY_METACHARS "|`&><'\"\\[]{};\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"
- #define howmany(x,y) (((x)+((y)-1))/(y))
- #define MAX_LISTEN_SOCKS 16
-
diff --git a/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch b/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch
deleted file mode 100644
index 3b3fc135455..00000000000
--- a/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Without this patch, you can't build nrpe without SSL support. It was
-originally submitted on the Nagios forums by user Matthew L. Daniel:
-
- https://support.nagios.com/forum/viewtopic.php?t=27027
-
-It was merged into the upstream github repo (NagiosEnterprises/nrpe)
-in commit 3736fdeeac11a.
-
-
-diff --git a/src/nrpe.c b/src/nrpe.c
-index 4bc849b..1e55ab4 100644
---- a/src/nrpe.c
-+++ b/src/nrpe.c
-@@ -102,7 +102,9 @@ int use_src=FALSE; /* Define parameter for SRC option */
- int listen_queue_size=DEFAULT_LISTEN_QUEUE_SIZE;
-
-
-+#ifdef HAVE_SSL
- void complete_SSL_shutdown( SSL *);
-+#endif
-
-
- int main(int argc, char **argv){
-@@ -1815,6 +1817,7 @@ int remove_pid_file(void){
- return OK;
- }
-
-+#ifdef HAVE_SSL
- void complete_SSL_shutdown( SSL *ssl) {
-
- /*
-@@ -1835,6 +1838,7 @@ void complete_SSL_shutdown( SSL *ssl) {
- if( SSL_shutdown( ssl)) break;
- }
- }
-+#endif/*HAVE_SSL*/
-
- /* bail if daemon is running as root */
- int check_privileges(void){
diff --git a/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch b/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch
deleted file mode 100644
index b8a0811b831..00000000000
--- a/net-analyzer/nrpe/files/nrpe-2.15-tcpd-et-al.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-diff -Nuar --exclude '*.orig' nrpe-2.15.orig/configure.in nrpe-2.15/configure.in
---- nrpe-2.15.orig/configure.in 2013-09-06 08:27:13.000000000 -0700
-+++ nrpe-2.15/configure.in 2014-04-19 09:20:50.406150828 -0700
-@@ -45,7 +45,7 @@
- AC_HEADER_STDC
- AC_HEADER_TIME
- AC_HEADER_SYS_WAIT
--AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h tcpd.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
-+AC_CHECK_HEADERS(ctype.h dirent.h errno.h fcntl.h getopt.h grp.h inttypes.h netdb.h pwd.h signal.h stdint.h strings.h string.h syslog.h unistd.h arpa/inet.h netinet/in.h socket.h sys/types.h sys/time.h sys/resource.h sys/wait.h sys/socket.h sys/stat.h)
-
- dnl Checks for typedefs, structures, and compiler characteristics.
- AC_C_CONST
-@@ -164,11 +164,20 @@
- AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
- AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
- AC_SUBST(SOCKETLIBS)
--AC_CHECK_LIB(wrap,main,[
-- LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
-+
-+AC_ARG_ENABLE([tcp-wrapper],
-+ AS_HELP_STRING([--disable-tcp-wrapper], [Disable building with TCP wrappers. *** DISABLING IS A SECURITY RISK! *** Read the SECURITY file before using this option! @<:@default=enable@:>@]))
-+
-+LIBWRAPLIBS=""
-+AS_IF([test "x$enable_tcp_wrapper" != "xno"], [
-+ AC_CHECK_LIB([wrap],[hosts_access],[
-+ LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
- AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
-- ])
-+ AC_DEFINE(HAVE_TCPD_H,[1],[Have the TCP wrappers library])
-+ ])
-+])
- AC_SUBST(LIBWRAPLIBS)
-+
- AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket)
-
- dnl socklen_t check - from curl
-@@ -440,8 +449,11 @@
- AC_SUBST(TARGET_PLATFORM)
-
- AC_ARG_ENABLE([command-args],
-- AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]),
-- AC_DEFINE_UNQUOTED(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments]))
-+ AS_HELP_STRING([--enable-command-args],[allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option!]))
-+
-+AS_IF([test "x$enable_command_args" = "xyes"], [
-+ AC_DEFINE(ENABLE_COMMAND_ARGUMENTS,[1],[Enable command-line arguments])
-+])
-
- AC_ARG_ENABLE([bash-command-substitution],
- AS_HELP_STRING([--enable-bash-command-substitution],[allows clients to pass bash command substitutions of the form $(command). *** THIS IS A HIGH SECURITY RISK! *** Read the SECURITY file before using this option!]),
diff --git a/net-analyzer/nrpe/metadata.xml b/net-analyzer/nrpe/metadata.xml
index e47fd6fd83c..6d48b12e1ab 100644
--- a/net-analyzer/nrpe/metadata.xml
+++ b/net-analyzer/nrpe/metadata.xml
@@ -15,9 +15,6 @@
Nagios/Icinga master. Make sure you understand the implications
of this flag as it can be a security risk.
</flag>
- <flag name="minimal">
- Only build the check plugins for Nagios/Icinga, and not the daemon.
- </flag>
</use>
<upstream>
<remote-id type="sourceforge">nagios</remote-id>
diff --git a/net-analyzer/nrpe/nrpe-2.15-r3.ebuild b/net-analyzer/nrpe/nrpe-2.15-r3.ebuild
deleted file mode 100644
index afdbdc893c4..00000000000
--- a/net-analyzer/nrpe/nrpe-2.15-r3.ebuild
+++ /dev/null
@@ -1,140 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-inherit eutils systemd toolchain-funcs multilib user autotools
-
-DESCRIPTION="Nagios Remote Plugin Executor"
-HOMEPAGE="http://www.nagios.org/"
-SRC_URI="mirror://sourceforge/nagios/${P}.tar.gz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"
-IUSE="command-args libressl minimal selinux ssl tcpd"
-
-DEPEND="
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- )
- !minimal? ( tcpd? ( sys-apps/tcp-wrappers ) )"
-RDEPEND="${DEPEND}
- !minimal? (
- || ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins )
- )
- selinux? ( sec-policy/selinux-nagios )"
-
-pkg_setup() {
- enewgroup nagios
- enewuser nagios -1 /bin/bash /dev/null nagios
-
- elog "If you plan to use \"nrpe_check_control\" then you may want to specify"
- elog "different command and services files. You can override the defaults"
- elog "through the \"NAGIOS_COMMAND_FILE\" and \"NAGIOS_SERVICES_FILE\" environment variables."
- elog "NAGIOS_COMMAND_FILE=${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}"
- elog "NAGIOS_SERVICES_FILE=${NAGIOS_SERVICES_FILE:-/etc/services.cfg}"
-}
-
-src_prepare() {
- # Add support for large output,
- # http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.html
- epatch "${FILESDIR}"/${PN}-2.14-multiline.patch
-
- # fix configure, among others #326367, #397603
- epatch "${FILESDIR}"/${PN}-2.15-tcpd-et-al.patch
-
- # otherwise autoconf will overwrite the custom include/config.h.in
- epatch "${FILESDIR}"/${PN}-2.15-autoconf-header.patch
-
- # improve handling of metachars for security
- epatch "${FILESDIR}"/${PN}-2.15-metachar-security-fix.patch
-
- # Fix build with USE="-ssl".
- epatch "${FILESDIR}"/${PN}-2.15-no-ssl.patch
-
- sed -i -e '/define \(COMMAND\|SERVICES\)_FILE/d' \
- contrib/nrpe_check_control.c || die
-
- # change the default location of the pid file
- sed -i -e '/pid_file/s:/var/run:/run:' sample-config/nrpe.cfg.in || die
-
- # fix TFU handling of autoheader
- sed -i -e '/#undef/d' include/config.h.in || die
-
- eautoreconf
-}
-
-src_configure() {
- local myconf
- if use minimal; then
- myconf="--disable-tcp-wrapper --disable-command-args"
- else
- myconf="$(use_enable tcpd tcp-wrapper) $(use_enable command-args)"
- fi
-
- econf \
- --libexecdir=/usr/$(get_libdir)/nagios/plugins \
- --localstatedir=/var/nagios \
- --sysconfdir=/etc/nagios \
- --with-nrpe-user=nagios \
- --with-nrpe-group=nagios \
- $(use_enable ssl) \
- ${myconf}
-}
-
-src_compile() {
- emake -C src check_nrpe $(use minimal || echo nrpe)
-
- # Add nifty nrpe check tool
- $(tc-getCC) ${CPPFLAGS} ${CFLAGS} \
- -DCOMMAND_FILE=\"${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}\" \
- -DSERVICES_FILE=\"${NAGIOS_SERVICES_FILE:-/etc/services.cfg}\" \
- ${LDFLAGS} -o nrpe_check_control contrib/nrpe_check_control.c || die
-}
-
-src_install() {
- dodoc LEGAL Changelog README SECURITY \
- contrib/README.nrpe_check_control \
- $(use ssl && echo README.SSL)
-
- exeinto /usr/$(get_libdir)/nagios/plugins
- doexe src/check_nrpe nrpe_check_control
-
- use minimal && return 0
-
- ## NON-MINIMAL INSTALL FOLLOWS ##
-
- insinto /etc/nagios
- newins sample-config/nrpe.cfg nrpe.cfg
- fowners root:nagios /etc/nagios/nrpe.cfg
- fperms 0640 /etc/nagios/nrpe.cfg
-
- exeinto /usr/libexec
- doexe src/nrpe
-
- newinitd "${FILESDIR}"/nrpe.init nrpe
- systemd_dounit "${FILESDIR}/${PN}.service"
-
- insinto /etc/xinetd.d/
- newins "${FILESDIR}/nrpe.xinetd.2" nrpe
-
- if use tcpd; then
- sed -i -e '/^reload()/, /^}/ d' -e '/extra_started_commands/s:reload::' \
- "${D}"/etc/init.d/nrpe
- fi
-}
-
-pkg_postinst() {
- elog "If you are using the nrpe daemon, remember to edit"
- elog "the config file /etc/nagios/nrpe.cfg"
-
- if use command-args ; then
- ewarn ""
- ewarn "You have enabled command-args for NRPE. This enables"
- ewarn "the ability for clients to supply arguments to commands"
- ewarn "which should be run. "
- ewarn "THIS IS CONSIDERED A SECURITY RISK!"
- ewarn "Please read /usr/share/doc/${PF}/SECURITY.bz2 for more info"
- fi
-}
diff --git a/net-analyzer/nrpe/nrpe-3.2.1.ebuild b/net-analyzer/nrpe/nrpe-3.2.1.ebuild
deleted file mode 100644
index 3a4f9d8d251..00000000000
--- a/net-analyzer/nrpe/nrpe-3.2.1.ebuild
+++ /dev/null
@@ -1,77 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit systemd user
-
-DESCRIPTION="Nagios Remote Plugin Executor"
-HOMEPAGE="https://github.com/NagiosEnterprises/nrpe"
-SRC_URI="${HOMEPAGE}/releases/download/${P}/${P}.tar.gz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
-IUSE="command-args libressl selinux ssl"
-
-DEPEND="sys-apps/tcp-wrappers
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- )"
-RDEPEND="${DEPEND}
- || ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins )
- selinux? ( sec-policy/selinux-nagios )"
-
-pkg_setup() {
- enewgroup nagios
- enewuser nagios -1 /bin/bash /var/nagios/home nagios
-}
-
-src_configure() {
- econf \
- --libexecdir=/usr/$(get_libdir)/nagios/plugins \
- --localstatedir=/var/nagios \
- --sysconfdir=/etc/nagios \
- --with-nrpe-user=nagios \
- --with-nrpe-group=nagios \
- --with-piddir=/run \
- $(use_enable command-args) \
- $(use_enable ssl)
-}
-
-src_compile() {
- emake all
-}
-
-src_install() {
- default
-
- dodoc CHANGELOG.md SECURITY.md
- insinto /etc/nagios
- newins sample-config/nrpe.cfg nrpe.cfg
- fowners root:nagios /etc/nagios/nrpe.cfg
- fperms 0640 /etc/nagios/nrpe.cfg
-
- newinitd "startup/openrc-init" nrpe
- newconfd "startup/openrc-conf" nrpe
- systemd_newunit "startup/default-service" "${PN}.service"
-
- insinto /etc/xinetd.d/
- newins "${FILESDIR}/nrpe.xinetd.2" nrpe
-
- rm "${D}/usr/bin/nrpe-uninstall" || die 'failed to remove uninstall tool'
-}
-
-pkg_postinst(){
- elog 'Some users have reported incompatibilities between nrpe-2.x and'
- elog 'nrpe-3.x. We recommend that you use the same major version for'
- elog 'both your server and clients.'
-
- if use command-args ; then
- ewarn ''
- ewarn 'You have enabled command-args for NRPE. That lets clients'
- ewarn 'supply arguments to the commands that are run, and IS A'
- ewarn 'SECURITY RISK!'
- ewarn''
- fi
-}
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-08-31 21:35 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-05-12 21:57 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/files/, net-analyzer/nrpe/ Michael Orlitzky
-- strict thread matches above, loose matches on Subject: below --
2019-08-31 21:35 Michael Orlitzky
2017-06-07 12:23 Michael Orlitzky
2015-08-31 15:45 Michael Orlitzky
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox