This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch master
in repository pkg-nsca.
commit 80fafa8f3cfc3e9bbec32af77d5eccd2165893db
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Mon Dec 5 21:02:46 2016 +0100
Add upstream patch to fix signal handling. (closes: #743493)
---
debian/changelog | 2 +
debian/patches/07_signal-handler.patch | 118 +++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 121 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index deca34f..0792b2e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -23,6 +23,8 @@ nsca (2.9.1-4) UNRELEASED; urgency=medium
* Bump Standards-Version to 3.9.8, changes:
Vcs-* fields, copyright-format 1.0.
* Redirect update-rc.d output to /dev/null.
+ * Add upstream patch to fix signal handling.
+ (closes: #743493)
-- Bas Couwenberg <sebastic at debian.org> Sun, 04 Dec 2016 00:04:22 +0100
diff --git a/debian/patches/07_signal-handler.patch b/debian/patches/07_signal-handler.patch
new file mode 100644
index 0000000..9b82689
--- /dev/null
+++ b/debian/patches/07_signal-handler.patch
@@ -0,0 +1,118 @@
+Description: NRPE uses signals unsafely, hangs, can bring down system
+ Fix for issues:
+ http://tracker.nagios.org/view.php?id=377
+ http://tracker.nagios.org/view.php?id=548 (nagios dies on restart while sending command to cmd file)
+ http://tracker.nagios.org/view.php?id=592 (send_nsca signal handling is undefined behaviour, causes SEGVs)
+ .
+ Replaced all instances of signal() with sigaction() and blocked all signals during
+ signal processing using sigfillset(). This should prevent any reentrant problems during
+ signal handling.
+ .
+ Also replaced as many unsafe function calls with safe ones (not very many, mainly some
+ printf()s to write()s).
+Author: John C. Frickson <jfrickson at nagios.com>
+Origin: https://github.com/NagiosEnterprises/nsca/commit/a51cadfab5354f0257fa584cbf037c4f68b4a21c
+Bug-Debian: https://bugs.debian.org/743493
+
+--- a/configure.in
++++ b/configure.in
+@@ -104,7 +104,7 @@ AC_CHECK_LIB(wrap,main,[
+ AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
+ ])
+ AC_SUBST(LIBWRAPLIBS)
+-AC_CHECK_FUNCS(strdup strstr strtoul)
++AC_CHECK_FUNCS(strdup strstr strtoul sigaction)
+
+ dnl Define sig_atomic_t to int if it's not available.
+ AC_CHECK_TYPE([sig_atomic_t],[],[
+--- a/include/config.h.in
++++ b/include/config.h.in
+@@ -42,6 +42,7 @@
+ #undef HAVE_INITGROUPS
+ #undef HAVE_LIMITS_H
+ #undef HAVE_SYS_RESOURCE_H
++#undef HAVE_SIGACTION
+
+ #undef HAVE_LIBWRAP
+
+--- a/src/nsca.c
++++ b/src/nsca.c
+@@ -84,6 +84,9 @@ int main(int argc, char **argv){
+ int result;
+ uid_t uid=-1;
+ gid_t gid=-1;
++#ifdef HAVE_SIGACTION
++ struct sigaction sig_action;
++#endif
+
+
+ /* process command-line arguments */
+@@ -207,9 +210,19 @@ int main(int argc, char **argv){
+ setsid();
+
+ /* handle signals */
++#ifdef HAVE_SIGACTION
++ sig_action.sa_sigaction = NULL;
++ sig_action.sa_handler = sighandler;
++ sigfillset(&sig_action.sa_mask);
++ sig_action.sa_flags = SA_NODEFER|SA_RESTART;
++ sigaction(SIGQUIT, &sig_action, NULL);
++ sigaction(SIGTERM, &sig_action, NULL);
++ sigaction(SIGHUP, &sig_action, NULL);
++#else /* HAVE_SIGACTION */
+ signal(SIGQUIT,sighandler);
+ signal(SIGTERM,sighandler);
+ signal(SIGHUP,sighandler);
++#endif /* HAVE_SIGACTION */
+
+ /* close standard file descriptors */
+ close(0);
+--- a/src/send_nsca.c
++++ b/src/send_nsca.c
+@@ -72,6 +72,9 @@ int main(int argc, char **argv){
+ int16_t return_code;
+ u_int32_t calculated_crc32;
+ char *inputptr, *ptr1, *ptr2, *ptr3, *ptr4;
++#ifdef HAVE_SIGACTION
++ struct sigaction sig_action;
++#endif
+
+
+ /* process command-line arguments */
+@@ -142,7 +145,15 @@ int main(int argc, char **argv){
+ generate_crc32_table();
+
+ /* initialize alarm signal handling */
++#ifdef HAVE_SIGACTION
++ sig_action.sa_sigaction = NULL;
++ sig_action.sa_handler = alarm_handler;
++ sigfillset(&sig_action.sa_mask);
++ sig_action.sa_flags = SA_NODEFER|SA_RESTART;
++ sigaction(SIGALRM, &sig_action, NULL);
++#else
+ signal(SIGALRM,alarm_handler);
++#endif /* HAVE_SIGACTION */
+
+ /* set socket timeout */
+ alarm(socket_timeout);
+@@ -318,7 +329,7 @@ static void do_exit(int return_code){
+ alarm(0);
+
+ /* encryption/decryption routine cleanup */
+- encrypt_cleanup(encryption_method,CI);
++ /* encrypt_cleanup(encryption_method,CI); */
+
+ #ifdef DEBUG
+ printf("Cleaned up encryption routines\n");
+@@ -467,8 +478,9 @@ int process_arguments(int argc, char **a
+
+ /* handle timeouts */
+ void alarm_handler(int sig){
+-
+- fprintf(stderr, "Error: Timeout after %d seconds\n",socket_timeout);
++ const char msg[] = "Error: Timeout after %d seconds\n";
++ /* printf("Error: Timeout after %d seconds\n",socket_timeout); */
++ write(STDOUT_FILENO, msg, sizeof(msg) - 1);
+
+ do_exit(STATE_CRITICAL);
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 687a17b..fafae79 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
04_nsca.cfg_nagios_vs_nagios.patch
05_spelling-errors.patch
06_open-arguments.patch
+07_signal-handler.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nsca.git