Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package monitoring-plugins-bind for
openSUSE:Factory checked in at 2021-05-04 22:01:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/monitoring-plugins-bind (Old)
and /work/SRC/openSUSE:Factory/.monitoring-plugins-bind.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "monitoring-plugins-bind"
Tue May 4 22:01:21 2021 rev:4 rq:890401 version:1.3
Changes:
--------
---
/work/SRC/openSUSE:Factory/monitoring-plugins-bind/monitoring-plugins-bind.changes
2014-12-16 14:49:12.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.monitoring-plugins-bind.new.2988/monitoring-plugins-bind.changes
2021-05-04 22:01:34.072470183 +0200
@@ -1,0 +2,8 @@
+Tue May 4 11:26:37 UTC 2021 - [email protected] - 1.3
+
+- check_bind.sh uses a static temporary file, allowing users
+ to break the script by creating the same file with permissions
+ that don't allow the nagios user to write to it (bsc#1183201).
+ + added monitoring-plugins-bind_-_use_path_tmp.patch
+
+-------------------------------------------------------------------
New:
----
monitoring-plugins-bind_-_use_path_tmp.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ monitoring-plugins-bind.spec ++++++
--- /var/tmp/diff_new_pack.Z4Es8z/_old 2021-05-04 22:01:34.488468620 +0200
+++ /var/tmp/diff_new_pack.Z4Es8z/_new 2021-05-04 22:01:34.488468620 +0200
@@ -1,7 +1,7 @@
#
# spec file for package monitoring-plugins-bind
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -20,13 +20,14 @@
Version: 1.3
Release: 0
Summary: Check whether BIND is running and to get the performance data
via rndc stats
-License: GPL-2.0+
+License: GPL-2.0-or-later
Group: System/Monitoring
-Url:
http://exchange.nagios.org/directory/Plugins/Network-Protocols/DNS/check_bind-2Esh/details
+URL:
http://exchange.nagios.org/directory/Plugins/Network-Protocols/DNS/check_bind-2Esh/details
Source0: check_bind.sh
Source1: LICENSE
Source2: check_bind.php
Patch0: check_bind-fix-bashisms.patch
+Patch1: monitoring-plugins-bind_-_use_path_tmp.patch
BuildRequires: nagios-rpm-macros
Provides: nagios-plugins-bind = %{version}-%{release}
Obsoletes: nagios-plugins-bind < %{version}-%{release}
@@ -49,7 +50,8 @@
%prep
%setup -cT
install -m 0644 %{SOURCE0} ./check_bind.sh
-%patch0
+%patch0 -p0
+%patch1 -p0
%build
++++++ monitoring-plugins-bind_-_use_path_tmp.patch ++++++
--- check_bind.sh.orig 2021-05-04 13:24:36.732856067 +0200
+++ check_bind.sh 2021-05-04 13:25:17.608843986 +0200
@@ -26,7 +26,7 @@
name_pid="named.pid"
path_rndc="/usr/sbin"
path_stats="/var/bind"
-path_tmp="/tmp"
+path_tmp="$(mktemp -d named.XXXXXX)"
version=9.4
pid_check=1
