Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package nagios for openSUSE:Factory checked
in at 2021-05-17 18:45:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nagios (Old)
and /work/SRC/openSUSE:Factory/.nagios.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nagios"
Mon May 17 18:45:42 2021 rev:20 rq:893800 version:4.4.6
Changes:
--------
--- /work/SRC/openSUSE:Factory/nagios/nagios.changes 2020-06-04
17:55:23.624809095 +0200
+++ /work/SRC/openSUSE:Factory/.nagios.new.2988/nagios.changes 2021-05-17
18:46:12.288397020 +0200
@@ -1,0 +2,12 @@
+Mon May 10 14:53:04 UTC 2021 - l...@linux-schulserver.de - 4.4.6
+
+- new nagios-exec-start-post script to fix bsc#1003362
+
+-------------------------------------------------------------------
+Mon May 10 11:24:02 UTC 2021 - l...@linux-schulserver.de - 4.4.6
+
+- fix nagios_upgrade.sh writing to log file in user controlled
+ directory (bsc#1182398). The nagios_upgrade.sh script writes the
+ logfile directly below /var/log/
+
+-------------------------------------------------------------------
@@ -10 +22 @@
- (CVE-2020-1408)
+ (CVE-2020-13977, bsc#1172794)
@@ -324 +336 @@
- * Fix for CVE-2016-6209 - The "corewindow" parameter (as in
+ * Fix for CVE-2016-6209 (bsc#989759) - The "corewindow" parameter (as in
@@ -368 +380 @@
- bringing this to our attention go to Dawid Golunski
+ bringing this to our attention go to Dawid Golunski (bsc#1014637)
New:
----
nagios-exec-start-post
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nagios.spec ++++++
--- /var/tmp/diff_new_pack.NJ6ZsC/_old 2021-05-17 18:46:13.092393610 +0200
+++ /var/tmp/diff_new_pack.NJ6ZsC/_new 2021-05-17 18:46:13.096393593 +0200
@@ -43,6 +43,7 @@
Source4: suse.de-nagios
Source5: nagios.8
Source6: nagiosstats.8
+Source7: nagios-exec-start-post
Source8: upgrade_nagios.sh
Source9: upgrade_nagios.8
Source10: %{name}-README.SuSE
@@ -349,6 +350,7 @@
%if %{with systemd}
install -D -m0755 %{SOURCE100} %{buildroot}%{_sbindir}/rc%{name}
install -D -m0755 %{SOURCE2}
%{buildroot}/%{nagios_libdir}/%{name}-exec-start-pre
+install -D -m0755 %{SOURCE7}
%{buildroot}/%{nagios_libdir}/%{name}-exec-start-post
install -D -m0644 %{SOURCE12} %{buildroot}/%{_unitdir}/%{name}.service
install -D -m0644 %{SOURCE13}
%{buildroot}/%{_prefix}/lib/tmpfiles.d/%{name}.conf
%else
@@ -558,6 +560,7 @@
%{_fillupdir}/sysconfig.%{name}
%if %{with systemd}
%attr(0755,root,root) %{nagios_libdir}/%{name}-exec-start-pre
+%attr(0755,root,root) %{nagios_libdir}/%{name}-exec-start-post
%{_unitdir}/%{name}.service
%{_prefix}/lib/tmpfiles.d/%{name}.conf
%attr(0755,root,root) %{_sbindir}/nagios-archive
++++++ nagios-exec-start-post ++++++
#! /bin/sh
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany
#
# Original Author: Tim Hardeck
# bases on the SUSE Icinga init script from Wolfgang Rosenauer, Lars Vogdt
#
CONFIG='/etc/nagios/nagios.cfg'
# grab a config option
get_var() {
if [ -n "$2" ]; then
set -- `grep ^$1 $2 | sed 's@=@ @' | tr -d '[:cntrl:]'`
else
set -- `grep ^$1 "$CONFIG" | sed 's@=@ @' | tr -d '[:cntrl:]'`
fi
shift # remove first ARG => search-string
echo $*
}
# get variables from config file
log_file="$(get_var log_file)"
nagios_user="$(get_var nagios_user)"
nagios_group="$(get_var nagios_group)"
nagios_cmdgrp="$(get_var nagios_cmdgrp)"
resource_file="$(get_var resource_file)"
state_retention_file="$(get_var state_retention_file)"
status_file="$(get_var status_file)"
# use default values if above check doesn't work
: ${log_file:=/var/log/nagios/nagios.log}
: ${nagios_user:=nagios}
: ${nagios_group:=nagios}
: ${nagios_cmdgrp:=nagcmd}
: ${resource_file:=/etc/nagios/resource.cfg}
: ${state_retention_file:=/var/log/nagios/retention.dat}
: ${status_file:=/var/log/nagios/status.dat}
# set default access rights for files and directories
for file in "$log_file" "$state_retention_file" "$status_file"; do
if [ ! -e "$file" ]; then
touch "$file"
fi
chown --no-dereference ${nagios_user}:${nagios_cmdgrp} "$file"
done
chmod 660 "$resource_file"
chown --no-dereference ${nagios_user}:${nagios_cmdgrp} "$resource_file"
++++++ nagios.service ++++++
--- /var/tmp/diff_new_pack.NJ6ZsC/_old 2021-05-17 18:46:13.272392846 +0200
+++ /var/tmp/diff_new_pack.NJ6ZsC/_new 2021-05-17 18:46:13.272392846 +0200
@@ -7,8 +7,10 @@
ExecStartPre=/usr/lib/nagios/nagios-exec-start-pre
ExecStartPre=/usr/sbin/nagios -v /etc/nagios/nagios.cfg
ExecStart=/usr/sbin/nagios /etc/nagios/nagios.cfg
+ExecStartPost=/usr/lib/nagios/nagios-exec-start-post
ExecReload=/usr/sbin/nagios -v /etc/nagios/nagios.cfg
ExecReload=/bin/kill -HUP $MAINPID
+ExecReload=/usr/lib/nagios/nagios-exec-start-post
[Install]
WantedBy=multi-user.target
++++++ upgrade_nagios.8 ++++++
--- /var/tmp/diff_new_pack.NJ6ZsC/_old 2021-05-17 18:46:13.380392388 +0200
+++ /var/tmp/diff_new_pack.NJ6ZsC/_new 2021-05-17 18:46:13.380392388 +0200
@@ -28,10 +28,10 @@
printed on STDOUT instead.
.TP
\fB\-l\fR
-Provide another path to the logfile. Default is
/var/log/nagios/nagios_upgrade.log
+Provide another path to the logfile. Default is /var/log/nagios_upgrade.log
.TP
\fB\-p\fR
-Provide another path to the Nagios lock file (default:
/var/run/nagios/nagios.pid).
+Provide another path to the Nagios lock file (default: /run/nagios/nagios.pid).
.SH FILES
.TP
++++++ upgrade_nagios.sh ++++++
--- /var/tmp/diff_new_pack.NJ6ZsC/_old 2021-05-17 18:46:13.400392303 +0200
+++ /var/tmp/diff_new_pack.NJ6ZsC/_new 2021-05-17 18:46:13.400392303 +0200
@@ -34,10 +34,10 @@
#set -x
VERSION=1
NAGIOS_CFG='/etc/nagios/nagios.cfg'
-LOCK_FILE='/var/run/nagios/nagios.pid'
+LOCK_FILE='/run/nagios/nagios.pid'
DATE=$(date "+%Y-%m-%d-%H:%M")
TMPFILE=$(mktemp /tmp/$(basename $0)-XXXXXX)
-LOGFILE='/var/log/nagios/nagios_upgrade.log'
+LOGFILE='/var/log/nagios_upgrade.log'
VERBOSE='no'
DO_ECHO=''
