[pkg-nagios-changes] [Git][nagios-team/pkg-nrpe][buster-backports] 11 commits: Add upstream patch to fix check_nrpe buffer length calculation.
Bas Couwenberg
gitlab at salsa.debian.org
Sat Mar 28 06:18:01 GMT 2020
Bas Couwenberg pushed to branch buster-backports at Debian Nagios Maintainer Group / pkg-nrpe
Commits:
73ee7e81 by Bas Couwenberg at 2020-01-22T20:48:40+01:00
Add upstream patch to fix check_nrpe buffer length calculation.
- - - - -
d7c1d2f9 by Bas Couwenberg at 2020-01-23T05:40:35+01:00
Set distribution to unstable.
- - - - -
1bd11862 by Bas Couwenberg at 2020-01-25T11:24:13+01:00
Bump Standards-Version to 4.5.0, no changes.
- - - - -
e718e494 by Bas Couwenberg at 2020-03-23T06:00:13+01:00
New upstream version 4.0.2
- - - - -
27041c82 by Bas Couwenberg at 2020-03-23T06:00:17+01:00
Update upstream source from tag 'upstream/4.0.2'
Update to upstream version '4.0.2'
with Debian dir 87de992ac959a0526c7846cf2e4befa7bdff5b7a
- - - - -
17ea3755 by Bas Couwenberg at 2020-03-23T06:00:50+01:00
New upstream release.
- - - - -
01e397d3 by Bas Couwenberg at 2020-03-23T06:01:43+01:00
Don't explicitly enable systemd, enabled by default.
- - - - -
4a8bae9a by Bas Couwenberg at 2020-03-23T06:06:26+01:00
Drop check_nrpe-buffer-length.patch, included upstream.
Refresh patches.
- - - - -
bf62d7f7 by Bas Couwenberg at 2020-03-23T06:06:47+01:00
Set distribution to unstable.
- - - - -
c967c6c4 by Bas Couwenberg at 2020-03-28T07:06:09+01:00
Merge tag 'debian/4.0.2-1' into buster-backports
releasing package nagios-nrpe version 4.0.2-1
- - - - -
1f70de75 by Bas Couwenberg at 2020-03-28T07:09:31+01:00
Rebuild for buster-backports.
- - - - -
16 changed files:
- CHANGELOG.md
- README.md
- configure
- configure.ac
- debian/changelog
- debian/control
- debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch
- − debian/patches/check_nrpe-buffer-length.patch
- debian/patches/series
- debian/rules
- include/common.h.in
- nrpe.spec.in
- sample-config/nrpe.cfg.in
- src/check_nrpe.c
- src/nrpe.c
- update-version
Changes:
=====================================
CHANGELOG.md
=====================================
@@ -1,6 +1,17 @@
NRPE Changelog
==============
+[4.0.2](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.2) - 2020-03-11
+---------------------------------------------------------------------------------------
+**FIXES**
+- Fixed buffer length calculations/writing past memory boundaries on some systems (#227, #228) (Andreas Baumann, hariwe, Sebastian Wolf)
+- Fixed use of uninitialized variable when validating requests (#229) (hariwe, Sebastian Wolf)
+
+[4.0.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.1) - 2020-01-22
+---------------------------------------------------------------------------------------
+**FIXES**
+* Fixed syslog flooding with CRC-checking errors when both plugin and agent were updated to version 4 (Sebastian Wolf)
+
[4.0.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.0) - 2019-01-13
---------------------------------------------------------------------------------------
Note: This update includes security fixes which affect both the check_nrpe plugin and
=====================================
README.md
=====================================
@@ -2,11 +2,12 @@
[](https://travis-ci.org/NagiosEnterprises/nrpe)
-NRPE
-====
-
-## Nagios Remote Plugin Executor
+ 🔴 🔴 🔴
+***Notice: As of NRPE version 4.0.1, this project is deprecated. It will not receive any more bugfixes or features, except to resolve security issues.***
+ 🔴 🔴 🔴
+Nagios Remote Plugin Executor (NRPE)
+====================================
For installation instructions and information on the design overview
of the NRPE addon, please read the PDF documentation that is found in
=====================================
configure
=====================================
@@ -2487,9 +2487,9 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
PKG_NAME=nrpe
-PKG_VERSION="4.0.0"
+PKG_VERSION="4.0.2"
PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="2020-01-15"
+PKG_REL_DATE="2020-03-09"
RPM_RELEASE=1
LANG=C
=====================================
configure.ac
=====================================
@@ -11,9 +11,9 @@ AC_CONFIG_AUX_DIR([build-aux])
AC_PREFIX_DEFAULT(/usr/local/nagios)
PKG_NAME=nrpe
-PKG_VERSION="4.0.0"
+PKG_VERSION="4.0.2"
PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="2020-01-15"
+PKG_REL_DATE="2020-03-09"
RPM_RELEASE=1
LANG=C
=====================================
debian/changelog
=====================================
@@ -1,3 +1,25 @@
+nagios-nrpe (4.0.2-1~bpo10+1) buster-backports; urgency=medium
+
+ * Rebuild for buster-backports.
+
+ -- Bas Couwenberg <sebastic at debian.org> Sat, 28 Mar 2020 07:06:17 +0100
+
+nagios-nrpe (4.0.2-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Bump Standards-Version to 4.5.0, no changes.
+ * Don't explicitly enable systemd, enabled by default.
+ * Drop check_nrpe-buffer-length.patch, included upstream.
+ * Refresh patches.
+
+ -- Bas Couwenberg <sebastic at debian.org> Mon, 23 Mar 2020 06:06:35 +0100
+
+nagios-nrpe (4.0.0-2) unstable; urgency=medium
+
+ * Add upstream patch to fix check_nrpe buffer length calculation.
+
+ -- Bas Couwenberg <sebastic at debian.org> Thu, 23 Jan 2020 05:40:17 +0100
+
nagios-nrpe (4.0.0-1~bpo10+2) buster-backports; urgency=medium
* Add upstream patch to fix check_nrpe buffer length calculation.
=====================================
debian/control
=====================================
@@ -7,7 +7,7 @@ Build-Depends: debhelper (>= 10~),
libssl-dev,
libwrap0-dev,
openssl
-Standards-Version: 4.4.1
+Standards-Version: 4.5.0
Vcs-Browser: https://salsa.debian.org/nagios-team/pkg-nrpe
Vcs-Git: https://salsa.debian.org/nagios-team/pkg-nrpe.git -b buster-backports
Homepage: https://github.com/NagiosEnterprises/nrpe
=====================================
debian/patches/02_nrpe.cfg_local-include_support_nrpe.d.patch
=====================================
@@ -5,11 +5,10 @@ Forwarded: not-needed
--- a/sample-config/nrpe.cfg.in
+++ b/sample-config/nrpe.cfg.in
-@@ -361,3 +361,16 @@ command[check_total_procs]=@pluginsdir@/
-
+@@ -362,6 +362,19 @@ command[check_total_procs]=@pluginsdir@/
#include_dir=<somedirectory>
#include_dir=<someotherdirectory>
-+
+
+
+
+# local configuration:
@@ -22,3 +21,7 @@ Forwarded: not-needed
+
+include_dir=/etc/nagios/nrpe.d/
+
++
+ # KEEP ENVIRONMENT VARIABLES
+ # This directive allows you to retain specific variables from the environment
+ # when starting the NRPE daemon.
=====================================
debian/patches/check_nrpe-buffer-length.patch deleted
=====================================
@@ -1,56 +0,0 @@
-Description: Fix buffer length calculation in check_nrpe.
- - Buffer length was being calculated incorrectly when check_nrpe sends its
- request.
- - There was also a conditional that was missed when printing the final result,
- which would cause a segfault once the buffer length issue was corrected.
-Author: Sebastian Wolf <swolf at nagios.com>
-Origin: https://github.com/NagiosEnterprises/nrpe/pull/225/commits/4529829e0048059dd0514f9cde95d7edaf3c07c8
-Bug: https://github.com/NagiosEnterprises/nrpe/issues/223
-
---- a/CHANGELOG.md
-+++ b/CHANGELOG.md
-@@ -1,6 +1,11 @@
- NRPE Changelog
- ==============
-
-+[4.0.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.1) - 2020-01-22
-+---------------------------------------------------------------------------------------
-+**FIXES**
-+* Fixed syslog flooding with CRC-checking errors when both plugin and agent were updated to version 4 (Sebastian Wolf)
-+
- [4.0.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.0) - 2019-01-13
- ---------------------------------------------------------------------------------------
- Note: This update includes security fixes which affect both the check_nrpe plugin and
---- a/src/check_nrpe.c
-+++ b/src/check_nrpe.c
-@@ -1230,7 +1230,9 @@ int send_request()
- v3_send_packet->packet_version = htons(packet_ver);
- v3_send_packet->packet_type = htons(QUERY_PACKET);
- v3_send_packet->alignment = 0;
-- v3_send_packet->buffer_length = htonl(pkt_size - sizeof(v3_packet) + 1);
-+ v3_send_packet->buffer_length = pkt_size - sizeof(v3_packet);
-+ v3_send_packet->buffer_length += (packet_ver == NRPE_PACKET_VERSION_4 ? NRPE_V4_PACKET_SIZE_OFFSET : NRPE_V3_PACKET_SIZE_OFFSET);
-+ v3_send_packet->buffer_length = htonl(v3_send_packet->buffer_length);
- strcpy(&v3_send_packet->buffer[0], query);
-
- /* calculate the crc 32 value of the packet */
-@@ -1373,7 +1375,7 @@ int read_response()
-
- /* get the return code from the remote plugin */
- /* and print the output returned by the daemon */
-- if (packet_ver == NRPE_PACKET_VERSION_3) {
-+ if (packet_ver >= NRPE_PACKET_VERSION_3) {
- result = ntohs(v3_receive_packet->result_code);
- if (v3_receive_packet->buffer_length == 0) {
- printf("CHECK_NRPE: No output returned from daemon.\n");
-@@ -1612,8 +1614,9 @@ int read_packet(int sock, void *ssl_ptr,
- }
- }
- return -1;
-- } else
-+ } else {
- tot_bytes += rc;
-+ }
- }
- #endif
-
=====================================
debian/patches/series
=====================================
@@ -1,4 +1,3 @@
02_nrpe.cfg_local-include_support_nrpe.d.patch
07_warn_ssloption.patch
11_reproducible_dh.h.patch
-check_nrpe-buffer-length.patch
=====================================
debian/rules
=====================================
@@ -11,7 +11,7 @@ CFLAGS += $(CPPFLAGS)
export AUTOHEADER=true
%:
- dh $@ --with systemd
+ dh $@
override_dh_auto_configure:
dh_auto_configure -- \
=====================================
include/common.h.in
=====================================
@@ -37,8 +37,8 @@
# endif
#endif
-#define PROGRAM_VERSION "4.0.0"
-#define MODIFICATION_DATE "2020-01-15"
+#define PROGRAM_VERSION "4.0.2"
+#define MODIFICATION_DATE "2020-03-09"
#define OK 0
#define ERROR -1
=====================================
nrpe.spec.in
=====================================
@@ -22,7 +22,7 @@
%define _sysconfdir /etc/nagios
%define name @PACKAGE_NAME@
-%define version 4.0.0
+%define version 4.0.2
%define release @RPM_RELEASE@
%define nsusr @nrpe_user@
%define nsgrp @nrpe_group@
=====================================
sample-config/nrpe.cfg.in
=====================================
@@ -361,3 +361,9 @@ command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
#include_dir=<somedirectory>
#include_dir=<someotherdirectory>
+
+# KEEP ENVIRONMENT VARIABLES
+# This directive allows you to retain specific variables from the environment
+# when starting the NRPE daemon.
+
+#keep_env_vars=NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION
=====================================
src/check_nrpe.c
=====================================
@@ -1230,7 +1230,9 @@ int send_request()
v3_send_packet->packet_version = htons(packet_ver);
v3_send_packet->packet_type = htons(QUERY_PACKET);
v3_send_packet->alignment = 0;
- v3_send_packet->buffer_length = htonl(pkt_size - sizeof(v3_packet) + 1);
+ v3_send_packet->buffer_length = pkt_size - sizeof(v3_packet);
+ v3_send_packet->buffer_length += (packet_ver == NRPE_PACKET_VERSION_4 ? NRPE_V4_PACKET_SIZE_OFFSET : NRPE_V3_PACKET_SIZE_OFFSET);
+ v3_send_packet->buffer_length = htonl(v3_send_packet->buffer_length);
strcpy(&v3_send_packet->buffer[0], query);
/* calculate the crc 32 value of the packet */
@@ -1373,7 +1375,7 @@ int read_response()
/* get the return code from the remote plugin */
/* and print the output returned by the daemon */
- if (packet_ver == NRPE_PACKET_VERSION_3) {
+ if (packet_ver >= NRPE_PACKET_VERSION_3) {
result = ntohs(v3_receive_packet->result_code);
if (v3_receive_packet->buffer_length == 0) {
printf("CHECK_NRPE: No output returned from daemon.\n");
@@ -1592,10 +1594,9 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
break;
bytes_read += rc;
bytes_to_recv -= rc;
+ tot_bytes += rc;
}
- buff_ptr[bytes_read] = 0;
-
if (rc < 0 || bytes_read != buffer_size) {
if (packet_ver >= NRPE_PACKET_VERSION_3) {
free(*v3_pkt);
@@ -1612,8 +1613,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
}
}
return -1;
- } else
- tot_bytes += rc;
+ }
}
#endif
=====================================
src/nrpe.c
=====================================
@@ -1912,9 +1912,9 @@ void handle_connection(int sock)
} else {
- pkt_size = (sizeof(v3_packet) - NRPE_V4_PACKET_SIZE_OFFSET) + strlen(send_buff);
+ pkt_size = (sizeof(v3_packet) - NRPE_V4_PACKET_SIZE_OFFSET) + strlen(send_buff) + 1;
if (packet_ver == NRPE_PACKET_VERSION_3) {
- pkt_size = (sizeof(v3_packet) - NRPE_V3_PACKET_SIZE_OFFSET) + strlen(send_buff);
+ pkt_size = (sizeof(v3_packet) - NRPE_V3_PACKET_SIZE_OFFSET) + strlen(send_buff) + 1;
}
v3_send_packet = calloc(1, pkt_size);
send_pkt = (char *)v3_send_packet;
@@ -1923,7 +1923,7 @@ void handle_connection(int sock)
v3_send_packet->packet_type = htons(RESPONSE_PACKET);
v3_send_packet->result_code = htons(result);
v3_send_packet->alignment = 0;
- v3_send_packet->buffer_length = htonl(strlen(send_buff));
+ v3_send_packet->buffer_length = htonl(strlen(send_buff) + 1);
strcpy(&v3_send_packet->buffer[0], send_buff);
/* calculate the crc 32 value of the packet */
@@ -2748,10 +2748,6 @@ int validate_request(v2_packet * v2pkt, v3_packet * v3pkt)
if (packet_ver >= NRPE_PACKET_VERSION_3) {
buffer_size = ntohl(v3pkt->buffer_length);
- if (buffer_size < 0 || buffer_size > INT_MAX - pkt_size) {
- logit(LOG_ERR, "Error: Request packet had invalid buffer size.");
- return ERROR;
- }
pkt_size = sizeof(v3_packet);
pkt_size -= (packet_ver == NRPE_PACKET_VERSION_3 ? NRPE_V3_PACKET_SIZE_OFFSET : NRPE_V4_PACKET_SIZE_OFFSET);
=====================================
update-version
=====================================
@@ -28,10 +28,10 @@ else
fi
# Current version number
-CURRENTVERSION=4.0.0
+CURRENTVERSION=4.0.2
# Last date
-LASTDATE=2020-01-15
+LASTDATE=2020-03-09
if [ "x$1" = "x" ]
then
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nrpe/-/compare/f218452842acd9ad3812af2a8037ad8ef3b06f7b...1f70de752ccbf3cc6e9a8060835f9e2401c56b4e
--
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nrpe/-/compare/f218452842acd9ad3812af2a8037ad8ef3b06f7b...1f70de752ccbf3cc6e9a8060835f9e2401c56b4e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20200328/fa4e2228/attachment-0001.html>
More information about the pkg-nagios-changes
mailing list