Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package monitoring-plugins-smart for
openSUSE:Factory checked in at 2026-05-10 16:48:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/monitoring-plugins-smart (Old)
and /work/SRC/openSUSE:Factory/.monitoring-plugins-smart.new.1966 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "monitoring-plugins-smart"
Sun May 10 16:48:04 2026 rev:19 rq:1352213 version:6.18.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/monitoring-plugins-smart/monitoring-plugins-smart.changes
2026-04-29 19:20:31.419668306 +0200
+++
/work/SRC/openSUSE:Factory/.monitoring-plugins-smart.new.1966/monitoring-plugins-smart.changes
2026-05-10 16:48:37.257507671 +0200
@@ -1,0 +2,8 @@
+Sat May 9 09:55:05 UTC 2026 - Martin Hauke <[email protected]>
+
+- Update to version 6.18.2
+ * This release fixes a regression, introduced in 6.18.1, in the
+ symlink handling of block devices.
+ For example /dev/disk/by-id/ata... .
+
+-------------------------------------------------------------------
Old:
----
check_smart-6.18.1.tar.gz
New:
----
check_smart-6.18.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ monitoring-plugins-smart.spec ++++++
--- /var/tmp/diff_new_pack.0FdJzf/_old 2026-05-10 16:48:38.353552526 +0200
+++ /var/tmp/diff_new_pack.0FdJzf/_new 2026-05-10 16:48:38.365553017 +0200
@@ -17,7 +17,7 @@
Name: monitoring-plugins-smart
-Version: 6.18.1
+Version: 6.18.2
Release: 0
Summary: Check SMART status of a given disk
License: GPL-3.0-or-later
++++++ check_smart-6.18.1.tar.gz -> check_smart-6.18.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/check_smart-6.18.1/check_smart.pl
new/check_smart-6.18.2/check_smart.pl
--- old/check_smart-6.18.1/check_smart.pl 2026-04-24 14:55:25.000000000
+0200
+++ new/check_smart-6.18.2/check_smart.pl 2026-05-09 10:15:59.000000000
+0200
@@ -68,13 +68,15 @@
# Dec 15, 2025: Philippe Beaumont - Add areca devices (6.17.0)
# Apr 21, 2026: Claudio Kuenzler - Fix sys path for sudo command. Detect NVME
input/output error (6.18.0)
# Apr 24, 2026: Claudio Kuenzler - Fix command injection vulnerability in
interface parameter (6.18.1)
+# May 9, 2026: Claudio Kuenzler - Fix regression with symlink paths (6.18.2)
use strict;
use Getopt::Long;
use File::Basename qw(basename);
+use Cwd qw(abs_path);
my $basename = basename($0);
-my $revision = '6.18.1';
+my $revision = '6.18.2';
# Standard Nagios return codes
my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
@@ -160,7 +162,14 @@
foreach my $opt_dl (@dev){
warn "(debug) Found $opt_dl\n" if $opt_debug;
if (-l $opt_dl) {
- warn "(debug) $opt_dl is a symlink, skipping for security
reasons\n" if $opt_debug;
+ # Resolve symlink and use the real path to prevent command
injection
+ my $real_path = abs_path($opt_dl);
+ if (defined($real_path) && (-b $real_path || -c $real_path)) {
+ warn "(debug) $opt_dl is a symlink to block device
$real_path, using resolved path\n" if $opt_debug;
+ $device .= $real_path."|";
+ } else {
+ warn "(debug) $opt_dl is a symlink not pointing to a valid
block device, skipping\n" if $opt_debug;
+ }
} elsif (-b $opt_dl || -c $opt_dl || $opt_dl =~
m/^\/dev\/bus\/\d$/) {
$device .= $opt_dl."|";
} else {
