[pkg-nagios-changes] [Git][nagios-team/icinga2][master] 5 commits: New upstream version 2.15.2

Bas Couwenberg (@sebastic) gitlab at salsa.debian.org
Thu Jan 29 16:23:48 GMT 2026 


Bas Couwenberg pushed to branch master at Debian Nagios Maintainer Group / icinga2


Commits:
b500d2ea by Bas Couwenberg at 2026-01-29T17:00:02+01:00
New upstream version 2.15.2
- - - - -
2324bf93 by Bas Couwenberg at 2026-01-29T17:00:23+01:00
Update upstream source from tag 'upstream/2.15.2'

Update to upstream version '2.15.2'
with Debian dir a8199497dba48c582958b1e013874612789b238f
- - - - -
58d51641 by Bas Couwenberg at 2026-01-29T17:00:39+01:00
New upstream release.

- - - - -
d38788e4 by Bas Couwenberg at 2026-01-29T17:13:13+01:00
Update lintian overrides.

- - - - -
d5d77f4a by Bas Couwenberg at 2026-01-29T17:13:13+01:00
Set distribution to unstable.

- - - - -


15 changed files:

- .github/workflows/authors-file.yml
- .github/workflows/linux.yml
- .github/workflows/windows.yml
- AUTHORS
- CHANGELOG.md
- ICINGA2_VERSION
- debian/changelog
- − debian/icinga2-ido-mysql.lintian-overrides
- − debian/icinga2-ido-pgsql.lintian-overrides
- doc/21-development.md
- doc/win-dev.ps1
- icinga-installer/icinga-installer.cpp
- tools/selinux/icinga2.if
- tools/selinux/icinga2.te
- tools/win32/configure.ps1


Changes:

=====================================
.github/workflows/authors-file.yml
=====================================
@@ -10,7 +10,7 @@ jobs:
 
     steps:
       - name: Checkout HEAD
-        uses: actions/checkout at v4
+        uses: actions/checkout at v6
         with:
           fetch-depth: 0
 


=====================================
.github/workflows/linux.yml
=====================================
@@ -36,6 +36,7 @@ jobs:
 
           - fedora:41
           - fedora:42
+          - fedora:43
 
           - opensuse/leap:15.6
 
@@ -47,10 +48,12 @@ jobs:
 
           - registry.suse.com/suse/sle15:15.6
           - registry.suse.com/suse/sle15:15.7
+          - registry.suse.com/bci/bci-base:16.0
 
           - ubuntu:22.04
           - ubuntu:24.04
           - ubuntu:25.04
+          - ubuntu:25.10
 
         platform:
           - linux/amd64
@@ -63,10 +66,10 @@ jobs:
 
     steps:
       - name: Checkout HEAD
-        uses: actions/checkout at v4
+        uses: actions/checkout at v6
 
       - name: Restore/backup ccache
-        uses: actions/cache at v4
+        uses: actions/cache at v5
         with:
           path: ccache
           key: ccache/${{ matrix.distro }}


=====================================
.github/workflows/windows.yml
=====================================
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout HEAD
-        uses: actions/checkout at v4
+        uses: actions/checkout at v6
         with:
           fetch-depth: 0
 


=====================================
AUTHORS
=====================================
@@ -88,6 +88,7 @@ Edvin Seferovic <edvin at seferovic.net>
 Elias Ohm <eohm at novomind.com>
 Élie Bouttier <elie at bouttier.eu>
 Eric Lippmann <eric.lippmann at icinga.com>
+ETES-Stuttgart <support at etes.de>
 Evgeni Golov <evgeni at golov.de>
 Ewoud Kohl van Wijngaarden <ewoud at kohlvanwijngaarden.nl>
 Fabian Röhl <mail at fabian-roehl.de>


=====================================
CHANGELOG.md
=====================================
@@ -7,6 +7,19 @@ documentation before upgrading to a new release.
 
 Released closed milestones can be found on [GitHub](https://github.com/Icinga/icinga2/milestones?state=closed).
 
+## 2.15.2 (2026-01-29)
+
+This security release fixes a problem in the Icinga 2 Windows MSI that did not
+set proper permissions for `%ProgramData%\icinga2\var`. Additionally, it includes
+two minor bug fixes regarding our SELinux policy and updates the OpenSSL version
+shipped on Windows.
+
+* CVE-2026-24413: Fix permissions of `%ProgramData%\icinga2\var` on Windows.
+* Windows: Update to OpenSSL 3.0.19. #10706
+* SELinux: Fix policy to allow `logrotate` to execute the `icinga2` binary in order to send `SIGUSR1` for log rotation. #10643
+* SELinux: Fix policy to allow `icinga2` to send `SIGTERM` to nagios plugins processes on timeout. #10694
+* doc: Update Windows development docs to use Visual Studio 2022 instead of 2019. #10695
+
 ## 2.15.1 (2025-10-16)
 
 This release fixes multiple security issues. Two of them allow authenticated


=====================================
ICINGA2_VERSION
=====================================
@@ -1,2 +1,2 @@
-Version: 2.15.1
+Version: 2.15.2
 Revision: 1


=====================================
debian/changelog
=====================================
@@ -1,12 +1,14 @@
-icinga2 (2.15.1-2) UNRELEASED; urgency=medium
+icinga2 (2.15.2-1) unstable; urgency=medium
 
+  * New upstream release.
   * Use test-build-validate-cleanup instead of test-build-twice.
   * Add myself to Uploaders.
   * Use debrebuild instead of reprotest.
   * Drop Priority: optional, default since dpkg 1.22.13.
   * Bump Standards-Version to 4.7.3, changes: priority.
+  * Update lintian overrides.
 
- -- Bas Couwenberg <sebastic at debian.org>  Sat, 25 Oct 2025 12:34:09 +0200
+ -- Bas Couwenberg <sebastic at debian.org>  Thu, 29 Jan 2026 17:01:26 +0100
 
 icinga2 (2.15.1-1) unstable; urgency=medium
 


=====================================
debian/icinga2-ido-mysql.lintian-overrides deleted
=====================================
@@ -1,3 +0,0 @@
-# Not a problem
-library-not-linked-against-libc [usr/lib/*/icinga2/*_shim.so.*]
-


=====================================
debian/icinga2-ido-pgsql.lintian-overrides deleted
=====================================
@@ -1,3 +0,0 @@
-# Not a problem
-library-not-linked-against-libc [usr/lib/*/icinga2/*_shim.so.*]
-


=====================================
doc/21-development.md
=====================================
@@ -1813,12 +1813,12 @@ cd .\icinga2\
 mkdir build
 cd .\build\
 
-& "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe" `
+& "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe" `
   -DICINGA2_UNITY_BUILD=OFF -DBoost_INCLUDE_DIR=C:\local\boost_1_85_0-Win64 `
   -DBISON_EXECUTABLE=C:\ProgramData\chocolatey\lib\winflexbison3\tools\win_bison.exe `
   -DFLEX_EXECUTABLE=C:\ProgramData\chocolatey\lib\winflexbison3\tools\win_flex.exe ..
 
-& "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Current\Bin\MSBuild.exe" .\icinga2.sln
+& "C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\MSBuild.exe" .\icinga2.sln
 ```
 
 Building icinga2.sln via Visual Studio itself seems to require a reboot


=====================================
doc/win-dev.ps1
=====================================
@@ -14,7 +14,7 @@ function ThrowOnNativeFailure {
 $VsVersion = 2022
 $MsvcVersion = '14.3'
 $BoostVersion = @(1, 89, 0)
-$OpensslVersion = '3_0_18'
+$OpensslVersion = '3_0_19'
 
 switch ($Env:BITS) {
 	32 { }


=====================================
icinga-installer/icinga-installer.cpp
=====================================
@@ -270,8 +270,15 @@ static int InstallIcinga(void)
 	// TODO: In Icinga 2.14, rename features-available/mainlog.conf to mainlog.conf.deprecated
 	//       so that it's no longer listed as an available feature.
 
-	ExecuteCommand("icacls", "\"" + dataDir + "\" /grant *S-1-5-20:(oi)(ci)m");
-	ExecuteCommand("icacls", "\"" + dataDir + "\\etc\" /inheritance:r /grant:r *S-1-5-20:(oi)(ci)m *S-1-5-32-544:(oi)(ci)f");
+	if (!ExecuteCommand("icacls", "\"" + dataDir + "\" /grant *S-1-5-20:(oi)(ci)m")){
+		throw std::runtime_error("failed to set ACLs for " + dataDir);
+	}
+	if (!ExecuteCommand("icacls", "\"" + dataDir + "\\etc\" /inheritance:r /grant:r *S-1-5-20:(oi)(ci)m *S-1-5-32-544:(oi)(ci)f")) {
+		throw std::runtime_error("failed to set ACLs for " + dataDir + "\\etc");
+	}
+	if (!ExecuteCommand("icacls", "\"" + dataDir + "\\var\" /inheritance:r /grant:r *S-1-5-20:(oi)(ci)m *S-1-5-32-544:(oi)(ci)f")) {
+		throw std::runtime_error("failed to set ACLs for " + dataDir + "\\var");
+	}
 
 	ExecuteIcingaCommand("--scm-install daemon");
 


=====================================
tools/selinux/icinga2.if
=====================================
@@ -364,7 +364,7 @@ interface(`icinga2_execstrans',`
 	')
 
 	domtrans_pattern(icinga2_t, $1, $2)
-        allow icinga2_t $2:process sigkill;
+        allow icinga2_t $2:process { signal sigkill };
 ')
 
 ######################################


=====================================
tools/selinux/icinga2.te
=====================================
@@ -242,7 +242,18 @@ optional_policy(`
     ')
 ')
 
+########################################
+#
+# Logrotate
+#
 
+# Allow logrotate to execute the Icinga 2 binary for sending USR1 signal to reopen log files.
+optional_policy(`
+    require {
+        type logrotate_t;
+    }
+	can_exec(logrotate_t, icinga2_exec_t)
+')
 
 ########################################
 #


=====================================
tools/win32/configure.ps1
=====================================
@@ -33,7 +33,7 @@ if (-not (Test-Path env:CMAKE_ARGS)) {
   $env:CMAKE_ARGS = '[]'
 }
 if (-not (Test-Path env:OPENSSL_ROOT_DIR)) {
-  $env:OPENSSL_ROOT_DIR = "c:\local\OpenSSL_3_0_18-Win${env:BITS}"
+  $env:OPENSSL_ROOT_DIR = "c:\local\OpenSSL_3_0_19-Win${env:BITS}"
 }
 if (-not (Test-Path env:BOOST_ROOT)) {
   $env:BOOST_ROOT = "c:\local\boost_1_89_0-Win${env:BITS}"



View it on GitLab: https://salsa.debian.org/nagios-team/icinga2/-/compare/539e427a5527d7ca769d135942de689a43e31aaa...d5d77f4a2b9efdadd00169768025554ff5ec06c2

-- 
View it on GitLab: https://salsa.debian.org/nagios-team/icinga2/-/compare/539e427a5527d7ca769d135942de689a43e31aaa...d5d77f4a2b9efdadd00169768025554ff5ec06c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20260129/0b65540f/attachment-0001.htm>

More information about the pkg-nagios-changes mailing list