[pkg-nagios-changes] [Git][nagios-team/nagios-plugins-contrib][master] 2 commits: check_ssl_cert: Update to 2.61.0
Jan Wagner (@waja)
gitlab at salsa.debian.org
Mon Jun 12 10:04:01 BST 2023
Jan Wagner pushed to branch master at Debian Nagios Maintainer Group / nagios-plugins-contrib
Commits:
986d8b79 by Jan Wagner at 2023-03-13T09:59:15+00:00
check_ssl_cert: Update to 2.61.0
- - - - -
857613bb by Jan Wagner at 2023-06-12T11:02:34+02:00
CI: Disable BLHC job
- - - - -
19 changed files:
- − check_ssl_cert/check_ssl_cert_2.60.0/VERSION
- check_ssl_cert/check_ssl_cert_2.60.0/AUTHORS.md → check_ssl_cert/check_ssl_cert_2.61.0/AUTHORS.md
- check_ssl_cert/check_ssl_cert_2.60.0/CITATION.cff → check_ssl_cert/check_ssl_cert_2.61.0/CITATION.cff
- check_ssl_cert/check_ssl_cert_2.60.0/COPYING.md → check_ssl_cert/check_ssl_cert_2.61.0/COPYING.md
- check_ssl_cert/check_ssl_cert_2.60.0/COPYRIGHT.md → check_ssl_cert/check_ssl_cert_2.61.0/COPYRIGHT.md
- check_ssl_cert/check_ssl_cert_2.60.0/ChangeLog → check_ssl_cert/check_ssl_cert_2.61.0/ChangeLog
- check_ssl_cert/check_ssl_cert_2.60.0/GNUmakefile → check_ssl_cert/check_ssl_cert_2.61.0/GNUmakefile
- check_ssl_cert/check_ssl_cert_2.60.0/INSTALL.md → check_ssl_cert/check_ssl_cert_2.61.0/INSTALL.md
- check_ssl_cert/check_ssl_cert_2.60.0/Makefile → check_ssl_cert/check_ssl_cert_2.61.0/Makefile
- check_ssl_cert/check_ssl_cert_2.60.0/NEWS.md → check_ssl_cert/check_ssl_cert_2.61.0/NEWS.md
- check_ssl_cert/check_ssl_cert_2.60.0/README.md → check_ssl_cert/check_ssl_cert_2.61.0/README.md
- + check_ssl_cert/check_ssl_cert_2.61.0/VERSION
- check_ssl_cert/check_ssl_cert_2.60.0/check_ssl_cert → check_ssl_cert/check_ssl_cert_2.61.0/check_ssl_cert
- check_ssl_cert/check_ssl_cert_2.60.0/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert_2.61.0/check_ssl_cert.1
- check_ssl_cert/check_ssl_cert_2.60.0/check_ssl_cert.completion → check_ssl_cert/check_ssl_cert_2.61.0/check_ssl_cert.completion
- check_ssl_cert/check_ssl_cert_2.60.0/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert_2.61.0/check_ssl_cert.spec
- check_ssl_cert/control
- check_ssl_cert/src
- debian/.gitlab-ci.yml
Changes:
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/VERSION deleted
=====================================
@@ -1 +0,0 @@
-2.60.0
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/AUTHORS.md → check_ssl_cert/check_ssl_cert_2.61.0/AUTHORS.md
=====================================
@@ -146,3 +146,4 @@ Maintainer: [Matteo Corti](https://github.com/matteocorti) <[matteo at corti.li](ma
* Many thanks to [Lukas Tribus](https://github.com/lukastribus) for the Python 3 patch
* Many thanks to [Peter](https://github.com/Peter2121) for the FreeBSD jail patch
* Many thanks to [Marcel Burkhalter](https://github.com/marcel-burkhalter) for the path check
+* Many thanks to [Slavko](https://github.com/slavkoja) for the RSA algorithms patch
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/CITATION.cff → check_ssl_cert/check_ssl_cert_2.61.0/CITATION.cff
=====================================
@@ -161,6 +161,8 @@ authors:
- family-names: "Shmanko"
given-names: "Sergei"
website: https://github.com/sshmanko
+- name: Slavko
+ website: https://github.com/slavkoja
- family-names: "Schlesinger"
given-names: "Stefan"
- family-names: "Nierlein"
@@ -246,8 +248,8 @@ authors:
given-names: "Дилян"
website: https://github.com/dilyanpalauzov
title: "check_ssl_cert"
-version: 2.60.0
-date-released: 2023-02-15
+version: 2.61.0
+date-released: 2023-03-09
url: "https://github.com/matteocorti/check_ssl_cert"
repository-code: "https://github.com/matteocorti/check_ssl_cert"
keywords:
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/COPYING.md → check_ssl_cert/check_ssl_cert_2.61.0/COPYING.md
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/COPYRIGHT.md → check_ssl_cert/check_ssl_cert_2.61.0/COPYRIGHT.md
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/ChangeLog → check_ssl_cert/check_ssl_cert_2.61.0/ChangeLog
=====================================
@@ -1,5 +1,19 @@
+2023-03-09 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert (main): Fixed the RSA algorithms
+
+2023-03-06 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert: removed hard coded 'grep' invocations
+
+2023-02-26 Matteo Corti <matteo at corti.li>
+
+ * test/unit_tests.sh (testRequireOCSP): Fixed the test (videolan.org certificate was not OK)
+
2023-02-15 Matteo Corti <matteo at corti.li>
+ * test/unit_tests.sh: Two new tests for wrong hostname
+
* check_ssl_cert (main): Fixes --ignore-host-cn behaviour with --match
2023-01-27 Matteo Corti <matteo at corti.li>
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/GNUmakefile → check_ssl_cert/check_ssl_cert_2.61.0/GNUmakefile
=====================================
@@ -9,7 +9,7 @@ DIST_FILES=AUTHORS.md COPYING.md ChangeLog INSTALL.md Makefile GNUmakefile NEWS.
YEAR=`date +"%Y"`
# file to be checked for formatting
-FORMATTED_FILES=test/unit_tests.sh ChangeLog INSTALL.md Makefile VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT.md ${PLUGIN}.1 .github/workflows/* utils/*.sh check_ssl_cert.completion
+FORMATTED_FILES=test/unit_tests.sh test/integration_tests.sh ChangeLog INSTALL.md Makefile VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT.md ${PLUGIN}.1 .github/workflows/* utils/*.sh check_ssl_cert.completion
# shell scripts (to be checked with ShellCheck)
SCRIPTS=check_ssl_cert test/*.sh utils/*.sh
@@ -117,7 +117,9 @@ disttest: dist formatting_check shellcheck codespell
./utils/check_documentation.sh
man ./check_ssl_cert.1 > /dev/null
-test: formatting_check shellcheck
+test: formatting_check shellcheck unit_tests integration_tests
+
+unit_tests:
ifndef SHUNIT
echo "No shUnit2 installed: see README.md"
exit 1
@@ -125,6 +127,13 @@ else
( export SHUNIT2=$(SHUNIT) && export LC_ALL=C && cd test && ./unit_tests.sh )
endif
+integration_tests:
+ifndef SHUNIT
+ echo "No shUnit2 installed: see README.md"
+ exit 1
+else
+ ( export SHUNIT2=$(SHUNIT) && export LC_ALL=C && cd test && ./integration_tests.sh )
+endif
shellcheck:
ifndef SHELLCHECK
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/INSTALL.md → check_ssl_cert/check_ssl_cert_2.61.0/INSTALL.md
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/Makefile → check_ssl_cert/check_ssl_cert_2.61.0/Makefile
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/NEWS.md → check_ssl_cert/check_ssl_cert_2.61.0/NEWS.md
=====================================
@@ -1,5 +1,7 @@
# News
+* 2023-03-09 Version 2.61.0
+ * Fixed the algorithms used by ```--rsa```
* 2023-02-15 Version 2.60.0
* Hot fix for version 2.59 (bug fix for ```--ignore-host-name```)
* 2023-02-15 Version 2.59.0
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/README.md → check_ssl_cert/check_ssl_cert_2.61.0/README.md
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.61.0/VERSION
=====================================
@@ -0,0 +1 @@
+2.61.0
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/check_ssl_cert → check_ssl_cert/check_ssl_cert_2.61.0/check_ssl_cert
=====================================
@@ -31,7 +31,7 @@
################################################################################
# Constants
-VERSION=2.60.0
+VERSION=2.61.0
SHORTNAME="SSL_CERT"
VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -2556,7 +2556,7 @@ fetch_certificate() {
unknown "Error converting ${FILE}: ${CONVERSION_ERROR_TMP}"
fi
- elif [ -n "${JKSALIAS}" ] && "${FILE_BIN}" -L -b "${FILE}" | grep -q -E 'KeyStore|data'; then
+ elif [ -n "${JKSALIAS}" ] && "${FILE_BIN}" -L -b "${FILE}" | "${GREP_BIN}" -q -E 'KeyStore|data'; then
debuglog 'converting JKS to PEM'
@@ -3486,7 +3486,7 @@ parse_command_line_options() {
;;
--security-level)
check_option_argument '--security-level' "$2"
- if ! echo "$2" | grep -q '^[0-5]$' ; then
+ if ! echo "$2" | "${GREP_BIN}" -q '^[0-5]$' ; then
unknown 'Invalid secuirity level'
fi
SECURITY_LEVEL="-cipher DEFAULT at SECLEVEL=$2"
@@ -3874,7 +3874,7 @@ main() {
##############################################################################
# we need grep from the beginning (will fix later if --grep-bin is specified)
if [ -z "${GREP_BIN}" ]; then
- GREP_BIN='grep'
+ GREP_BIN=$(command -v grep)
fi
# Default values
@@ -3954,6 +3954,10 @@ main() {
parse_command_line_options "$@"
+ if ! [ -x "${GREP_BIN}" ] ; then
+ unknown "${GREP_BIN} in not executable"
+ fi
+
if [ "${DEBUG}" -ge 1 ]; then
debuglog "check_ssl_cert version: ${VERSION}"
@@ -4077,7 +4081,7 @@ main() {
debuglog "grep: ${GREP_BIN}"
GREP_VERSION=$(${GREP_BIN} --version 2>&1)
- if echo "${GREP_VERSION}" | grep -q BusyBox ; then
+ if echo "${GREP_VERSION}" | "${GREP_BIN}" -q BusyBox ; then
# BusyBox grep does not have a -version option
GREP_VERSION=$( echo "${GREP_VERSION}" | sed -e 's/.*BusyBox/BusyBox/' -e 's/\. Usage.*//' )
fi
@@ -4301,7 +4305,7 @@ main() {
PYTHON_BIN="${PROG}"
# check Python major version
- if "${PYTHON_BIN}" --version 2>&1 | grep -q '^Python 2'; then
+ if "${PYTHON_BIN}" --version 2>&1 | "${GREP_BIN}" -q '^Python 2'; then
unknown "Python 2 is not supported"
fi
@@ -4623,7 +4627,8 @@ main() {
[ -n "${NO_PSS}" ]; then
# see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344
# see https://github.com/matteocorti/check_ssl_cert/issues/167
- SSL_AU="RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1"
+ # see https://github.com/matteocorti/check_ssl_cert/issues/446
+ SSL_AU="RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1:RSA-PSS+SHA256"
else
# see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344
SSL_AU="RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256:RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1"
@@ -5673,7 +5678,7 @@ EOF
# 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
# i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
- matches=$(grep '^ [0-9 ] [si]:' "${CERT}" | tail -n 2 | sed 's/^[ 0-9]* [si]://' | uniq -c | wc -l)
+ matches=$("${GREP_BIN}" '^ [0-9 ] [si]:' "${CERT}" | tail -n 2 | sed 's/^[ 0-9]* [si]://' | uniq -c | wc -l)
if [ "${matches}" -eq 1 ]; then
debuglog "The root certificate is present in the chain"
@@ -6103,7 +6108,7 @@ EOF
MESSAGE_TMP=$(echo "${critical}" | sed 's/^[^:]*:[^:]*://')
# check if the warning is overridden by another certificate for the same CN
- if echo "${CN_OK}" | grep -q "${CN_TMP}"; then
+ if echo "${CN_OK}" | "${GREP_BIN}" -q "${CN_TMP}"; then
verboselog "Both a valid and an expired certificate were found"
if [ -n "${CHECK_CHAIN}" ]; then
prepend_critical_message "Both a valid and an expired certificate were found"
@@ -6126,7 +6131,7 @@ INPUT
MESSAGE_TMP=$(echo "${warning}" | sed 's/^[^:]*:[^:]*://')
# check if the warning is overridden by another certificate for the same CN
- if echo "${CN_OK}" | grep -q "${CN_TMP}"; then
+ if echo "${CN_OK}" | "${GREP_BIN}" -q "${CN_TMP}"; then
verboselog "Both a valid and an expired certificate were found"
if [ -n "${CHECK_CHAIN}" ]; then
prepend_critical_message "Both a valid and an expired certificate were found"
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert_2.61.0/check_ssl_cert.1
=====================================
@@ -1,7 +1,7 @@
.\" Process this file with
.\" groff -man -Tascii check_ssl_cert.1
.\"
-.TH "check_ssl_cert" 1 "February, 2023" "2.60.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "March, 2023" "2.61.0" "USER COMMANDS"
.SH NAME
check_ssl_cert \- checks the validity of X.509 certificates
.SH SYNOPSIS
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/check_ssl_cert.completion → check_ssl_cert/check_ssl_cert_2.61.0/check_ssl_cert.completion
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.60.0/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert_2.61.0/check_ssl_cert.spec
=====================================
@@ -1,4 +1,4 @@
-%global version 2.60.0
+%global version 2.61.0
%global release 0
%global sourcename check_ssl_cert
%global packagename nagios-plugins-check_ssl_cert
@@ -54,6 +54,9 @@ rm -rf $RPM_BUILD_ROOT
%endif
%changelog
+* Thu Mar 9 2023 Matteo Corti <matteo at corti.li> - 2.61.0-0
+- Updated to 2.61.0
+
* Wed Feb 15 2023 Matteo Corti <matteo at corti.li> - 2.60.0-0
- Updated to 2.60.0
=====================================
check_ssl_cert/control
=====================================
@@ -1,7 +1,7 @@
Uploaders: Jan Wagner <waja at cyconet.org>
Recommends: bc, curl, file, openssl
Suggests: expect, iproute2, dnsutils
-Version: 2.60.0
+Version: 2.61.0
Homepage: https://github.com/matteocorti/check_ssl_cert
Watch: https://github.com/matteocorti/check_ssl_cert/releases >check_ssl_cert-([0-9.]+)<
Description: plugin to check the CA and validity of an
=====================================
check_ssl_cert/src
=====================================
@@ -1 +1 @@
-check_ssl_cert_2.60.0/
\ No newline at end of file
+check_ssl_cert_2.61.0
\ No newline at end of file
=====================================
debian/.gitlab-ci.yml
=====================================
@@ -6,7 +6,7 @@ variables:
RELEASE: 'unstable'
SALSA_CI_DISABLE_APTLY: 0
SALSA_CI_DISABLE_AUTOPKGTEST: 0
- SALSA_CI_DISABLE_BLHC: 0
+ SALSA_CI_DISABLE_BLHC: 1
SALSA_CI_DISABLE_LINTIAN: 0
SALSA_CI_DISABLE_PIUPARTS: 0
SALSA_CI_DISABLE_REPROTEST: 0
View it on GitLab: https://salsa.debian.org/nagios-team/nagios-plugins-contrib/-/compare/fa7b90cd221f9412302ad08ded7580cc0d02cfbb...857613bbf7320840351393ebf5088f0f9ce28990
--
View it on GitLab: https://salsa.debian.org/nagios-team/nagios-plugins-contrib/-/compare/fa7b90cd221f9412302ad08ded7580cc0d02cfbb...857613bbf7320840351393ebf5088f0f9ce28990
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20230612/32168875/attachment-0001.htm>
More information about the pkg-nagios-changes
mailing list