[Pkg-nagios-changes] [pkg-nagios-plugins-contrib] 04/11: update dsa-chack-packages

Bernd Zeimetz bernd at bzed.de
Sun Apr 27 10:05:13 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bzed pushed a commit to branch master
in repository pkg-nagios-plugins-contrib.

commit cd35110226ea4a37081d292ab90aeb8227545aa4
Author: Evgeni Golov <evgeni.golov at credativ.de>
Date:   Sat Apr 26 18:03:29 2014 +0200

    update dsa-chack-packages
    
    Closes: #744922
---
 debian/patches/dsa/security_updates_critical | 73 ----------------------------
 debian/patches/series                        |  1 -
 dsa/checks/dsa-check-packages                | 27 +++++++++-
 3 files changed, 25 insertions(+), 76 deletions(-)

diff --git a/debian/patches/dsa/security_updates_critical b/debian/patches/dsa/security_updates_critical
deleted file mode 100644
index 1236d5e..0000000
--- a/debian/patches/dsa/security_updates_critical
+++ /dev/null
@@ -1,73 +0,0 @@
---- a/dsa/checks/dsa-check-packages
-+++ b/dsa/checks/dsa-check-packages
-@@ -94,6 +94,7 @@ sub get_packages {
- 	chomp(@lines);
- 
- 	my $pkgname = undef;
-+        my $candidate_found = 0;
- 	while (defined($line = shift @lines)) {
- 		if ($line =~ /^([^ ]*):$/) {
- 			# when we have multi-arch capable fu, we require that
-@@ -132,8 +133,19 @@ sub get_packages {
- 		} elsif ($line =~ /^ +Installed: (.*)$/) {
- 			# etch dpkg -l does not print epochs, so use this info, it's better
- 			$installed->{$pkgname}{'installed'} = $1;
-+                        # initialize security-update
-+                        $installed->{$pkgname}{'security-update'} = 0;
- 		} elsif ($line =~ /^ +Candidate: (.*)$/) {
- 			$installed->{$pkgname}{'candidate'} = $1;
-+                } elsif ($line =~ /     ([^ ]+) [0-9]+/) {
-+                        # check if the next lines show the sources of our candidate
-+                        if ($1 eq $installed->{$pkgname}{'candidate'}) {
-+                                $candidate_found = 1;
-+                        } else {
-+                                $candidate_found = 0;
-+                        }
-+                } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
-+                        $installed->{$pkgname}{'security-update'} = 1;
- 		} elsif ($line =~ /^ +\*\*\*/) {
- 			$line = shift @lines;
- 			my @l = split(/ +/, $line);
-@@ -141,7 +153,7 @@ sub get_packages {
- 		}
- 	}
- 
--	my (%current, %obsolete, %outofdate);
-+	my (%current, %obsolete, %outofdate, %security_outofdate);
- 	for my $pkgname (keys %$installed) {
- 		my $pkg = $installed->{$pkgname};
- 
-@@ -151,7 +163,11 @@ sub get_packages {
- 		}
- 
- 		if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
--			$outofdate{$pkgname} = $pkg;
-+			if ($pkg->{'security-update'}) {
-+				$security_outofdate{$pkgname} = $pkg;
-+			} else {
-+				$outofdate{$pkgname} = $pkg;
-+			}
- 			next;
- 		};
- 		if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
-@@ -163,6 +179,7 @@ sub get_packages {
- 
- 	$pkgs{'current'} = \%current;
- 	$pkgs{'outofdate'} = \%outofdate;
-+	$pkgs{'security_outofdate'} = \%security_outofdate;
- 	$pkgs{'obsolete'} = \%obsolete;
- 	return \%pkgs;
- }
-@@ -298,6 +315,12 @@ my @reportform = (
- 	  'short' => "%d pc",
- 	  'perf' => "prg_conf=%d;1;;0",
- 	  'status' => 'WARNING' },
-+	{ 'key' => 'security_outofdate',
-+	  'listpackages' => 1,
-+	  'long' => "%d packages with outstanding security updates: %s",
-+	  'short' => "%d security-updates",
-+	  'perf' => "security_outdated=%d;;1;0",
-+	  'status' => 'CRITICAL' },
- 	);
- 
- my @longout;
diff --git a/debian/patches/series b/debian/patches/series
index b6f8a37..7c3057c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,7 +5,6 @@ check_raid/prefer_cciss_vol_status_over_hpacucli
 check_clamav/clamav_locations
 check_nfsmounts/perl_module
 check_nfsmounts/nfs_write_location
-dsa/security_updates_critical
 dsa/check_packages_location
 check_libs/config_location
 check_libs/config_path
diff --git a/dsa/checks/dsa-check-packages b/dsa/checks/dsa-check-packages
index 3ea088d..28844e5 100644
--- a/dsa/checks/dsa-check-packages
+++ b/dsa/checks/dsa-check-packages
@@ -94,6 +94,7 @@ sub get_packages {
 	chomp(@lines);
 
 	my $pkgname = undef;
+	my $candidate_found = 0;
 	while (defined($line = shift @lines)) {
 		if ($line =~ /^([^ ]*):$/) {
 			# when we have multi-arch capable fu, we require that
@@ -115,6 +116,7 @@ sub get_packages {
 			# For squeeze systems (no m-a), apt-cache policy output
 			# is all different.
 			$pkgname = $1;
+			$candidate_found = 0;
 			if ($has_arch) {
 				my $from_list = shift @installed_packages;
 				next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
@@ -132,16 +134,26 @@ sub get_packages {
 		} elsif ($line =~ /^ +Installed: (.*)$/) {
 			# etch dpkg -l does not print epochs, so use this info, it's better
 			$installed->{$pkgname}{'installed'} = $1;
+			# initialize security-update
+			$installed->{$pkgname}{'security-update'} = 0;
 		} elsif ($line =~ /^ +Candidate: (.*)$/) {
 			$installed->{$pkgname}{'candidate'} = $1;
+		} elsif ($line =~ /     ([^ ]+) [0-9]+/) {
+			# check if the next lines show the sources of our candidate
+			if ($1 eq $installed->{$pkgname}{'candidate'}) {
+				$candidate_found = 1;
+			}
+		} elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
+			$installed->{$pkgname}{'security-update'} = 1;
 		} elsif ($line =~ /^ +\*\*\*/) {
 			$line = shift @lines;
 			my @l = split(/ +/, $line);
 			$installed->{$pkgname}{'origin'} = $l[2];
+			$candidate_found = 0;
 		}
 	}
 
-	my (%current, %obsolete, %outofdate);
+	my (%current, %obsolete, %outofdate, %security_outofdate);
 	for my $pkgname (keys %$installed) {
 		my $pkg = $installed->{$pkgname};
 
@@ -151,7 +163,11 @@ sub get_packages {
 		}
 
 		if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
-			$outofdate{$pkgname} = $pkg;
+			if ($pkg->{'security-update'}) {
+				$security_outofdate{$pkgname} = $pkg;
+			} else {
+				$outofdate{$pkgname} = $pkg;
+			}
 			next;
 		};
 		if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
@@ -163,6 +179,7 @@ sub get_packages {
 
 	$pkgs{'current'} = \%current;
 	$pkgs{'outofdate'} = \%outofdate;
+	$pkgs{'security_outofdate'} = \%security_outofdate;
 	$pkgs{'obsolete'} = \%obsolete;
 	return \%pkgs;
 }
@@ -298,6 +315,12 @@ my @reportform = (
 	  'short' => "%d pc",
 	  'perf' => "prg_conf=%d;1;;0",
 	  'status' => 'WARNING' },
+	{ 'key' => 'security_outofdate',
+	  'listpackages' => 1,
+	  'long' => "%d packages with outstanding security updates: %s",
+	  'short' => "%d security-updates",
+	  'perf' => "security_outdated=%d;;1;0",
+	  'status' => 'CRITICAL' },
 	);
 
 my @longout;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nagios-plugins-contrib

More information about the Pkg-nagios-changes mailing list