Your message dated Wed, 17 Apr 2024 14:49:24 +0000
with message-id <e1rx6be-00espt...@fasolo.debian.org>
and subject line Bug#1067532: fixed in nagios-plugins-contrib 46.20240417
has caused the Debian Bug report #1067532,
regarding nagios-plugins-contrib: Testsuite fails with openssl 3.2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067532
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nagios-plugins-contrib
Version: 45.20231212
Severity: important
Tags: sid patch
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2
The package fails the debci testsuite with OpenSSL 3.2 due to output on
stderr. The patch attached is a backport from upstream which avoids
output on stderr.
Sebastian
From: Matteo Corti <mat...@corti.li>
Date: Fri, 24 Nov 2023 13:20:59 +0100
Subject: [PATCH] First fix for the STDIN warning on OpenSSL 3.2.0
Applied-Upstream: https://github.com/matteocorti/check_ssl_cert/commit/2c2795860adc165c35f5948116261cb76a94c954
---
check_ssl_cert/check_ssl_cert_2.75.0/check_ssl_cert | 72 ++++++++++----------
1 file changed, 36 insertions(+), 36 deletions(-)
--- a/check_ssl_cert/check_ssl_cert_2.75.0/check_ssl_cert
+++ b/check_ssl_cert/check_ssl_cert_2.75.0/check_ssl_cert
@@ -1557,8 +1557,8 @@ extract_cert_attribute() {
# shellcheck disable=SC2086,SC2016
case $1 in
cn)
- if echo "${cert_content}" | "${OPENSSL}" x509 -noout ${OPENSSL_PARAMS} -subject 2>/dev/null | "${GREP_BIN}" -F -q 'CN' >/dev/null; then
- echo "${cert_content}" | "${OPENSSL}" x509 -noout ${OPENSSL_PARAMS} -subject |
+ if echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout ${OPENSSL_PARAMS} -subject 2>/dev/null | "${GREP_BIN}" -F -q 'CN' >/dev/null; then
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout ${OPENSSL_PARAMS} -subject |
sed -e "s/^.*[[:space:]]*CN[[:space:]]=[[:space:]]//" -e 's/\/[[:alpha:]][[:alpha:]]*=.*$//' -e "s/,.*//"
else
echo 'CN unavailable'
@@ -1567,76 +1567,76 @@ extract_cert_attribute() {
;;
subject)
# the Subject could contain UTF-8 characters
- echo "${cert_content}" | "${OPENSSL}" x509 -noout ${OPENSSL_PARAMS} -subject -nameopt utf8
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout ${OPENSSL_PARAMS} -subject -nameopt utf8
;;
serial)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -serial | sed -e "s/^serial=//"
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -serial | sed -e "s/^serial=//"
;;
fingerprint)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -fingerprint -sha1 | sed -e "s/^SHA1 Fingerprint=//"
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -fingerprint -sha1 | sed -e "s/^SHA1 Fingerprint=//"
;;
oscp_uri)
- echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -ocsp_uri
+ echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -in /dev/stdin -noout ${OPENSSL_PARAMS} -ocsp_uri
;;
oscp_uri_single)
extract_cert_attribute 'oscp_uri' "${cert_content}" | head -n 1
;;
hash)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -hash
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -hash
;;
modulus)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -modulus
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -modulus
;;
issuer)
# see https://unix.stackexchange.com/questions/676776/parse-comma-separated-string-ignoring-commas-between-quotes
- echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout -nameopt sep_multiline,utf8,esc_ctrl -issuer |
+ echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -in /dev/stdin -noout -nameopt sep_multiline,utf8,esc_ctrl -issuer |
tail -n +2 |
sed 's/^ *//'
;;
issuer_uri)
- echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -F "CA Issuers" | "${GREP_BIN}" -F -i "http" | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;${}<>`&'
+ echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -in /dev/stdin -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -F "CA Issuers" | "${GREP_BIN}" -F -i "http" | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;${}<>`&'
;;
issuer_uri_single)
extract_cert_attribute 'issuer_uri' "${cert_content}" | head -n 1
;;
issuer_hash)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -issuer_hash
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -issuer_hash
;;
org)
- cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -nameopt utf8 -noout -subject)
+ cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -nameopt utf8 -noout -subject)
parse_subject "O" "${cert_subject}"
;;
org_unit)
- cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -nameopt utf8 -noout -subject)
+ cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -nameopt utf8 -noout -subject)
parse_subject "OU" "${cert_subject}"
;;
key_length)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -text | "${GREP_BIN}" 'Public-Key:' | sed -e 's/.*(//' | sed -e 's/).*//'
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -text | "${GREP_BIN}" 'Public-Key:' | sed -e 's/.*(//' | sed -e 's/).*//'
;;
country)
- cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -nameopt utf8 -noout -subject)
+ cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -nameopt utf8 -noout -subject)
parse_subject "C" "${cert_subject}"
;;
state)
- cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -nameopt utf8 -noout -subject)
+ cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -nameopt utf8 -noout -subject)
parse_subject "ST" "${cert_subject}"
;;
locality)
- cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -nameopt utf8 -noout -subject)
+ cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -nameopt utf8 -noout -subject)
parse_subject "L" "${cert_subject}"
;;
email)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -email
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -email
;;
crl_uri)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -text |
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -text |
"${GREP_BIN}" -A 4 'X509v3 CRL Distribution Points' |
"${GREP_BIN}" 'URI:' |
sed 's/.*URI://' |
head -n 1
;;
version)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -text | "${GREP_BIN}" Version | head -n 1 | sed 's/.*Version: //'
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -text | "${GREP_BIN}" Version | head -n 1 | sed 's/.*Version: //'
;;
pub_key_algo)
@@ -1646,9 +1646,9 @@ extract_cert_attribute() {
#
# see https://security.stackexchange.com/questions/141661/whats-the-difference-between-public-key-algorithm-and-signature-algorithm-i
- ALGORITHM=$(echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -m 1 -F 'Public Key Algorithm' | sed -e 's/.*: //')
+ ALGORITHM=$(echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -in /dev/stdin -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -m 1 -F 'Public Key Algorithm' | sed -e 's/.*: //')
- PUBLIC_KEY=$(echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -m 1 -F 'Signature' | sed 's/.*: //')
+ PUBLIC_KEY=$(echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -in /dev/stdin -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -m 1 -F 'Signature' | sed 's/.*: //')
echo "${ALGORITHM} ${PUBLIC_KEY}"
;;
@@ -1660,24 +1660,24 @@ extract_cert_attribute() {
#
# see https://security.stackexchange.com/questions/141661/whats-the-difference-between-public-key-algorithm-and-signature-algorithm-i
- ALGORITHM=$(echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -m 1 -F 'Signature Algorithm' | sed -e 's/.*: //')
+ ALGORITHM=$(echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -in /dev/stdin -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -m 1 -F 'Signature Algorithm' | sed -e 's/.*: //')
- PUBLIC_KEY=$(echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -m 1 -F 'Public-Key' | sed 's/.*: //')
+ PUBLIC_KEY=$(echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -in /dev/stdin -noout ${OPENSSL_PARAMS} -text | "${GREP_BIN}" -m 1 -F 'Public-Key' | sed 's/.*: //')
echo "${ALGORITHM} ${PUBLIC_KEY}"
;;
startdate)
- echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -startdate | sed -e "s/^notBefore=//"
+ echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -in /dev/stdin -noout ${OPENSSL_PARAMS} -startdate | sed -e "s/^notBefore=//"
;;
enddate)
- echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} "${OPENSSL_ENDDATE_OPTION}" | sed -e "s/^notAfter=//" -e "s/^nextUpdate=//"
+ echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -in /dev/stdin -noout ${OPENSSL_PARAMS} "${OPENSSL_ENDDATE_OPTION}" | sed -e "s/^notAfter=//" -e "s/^nextUpdate=//"
;;
sct)
- echo "${cert_content}" | "${OPENSSL}" x509 -noout -text | "${GREP_BIN}" -E -q 'SCTs|1\.3\.6\.1\.4\.1\.11129\.2\.4\.2'
+ echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -text | "${GREP_BIN}" -E -q 'SCTs|1\.3\.6\.1\.4\.1\.11129\.2\.4\.2'
;;
subjectAlternativeName)
- echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -text |
+ echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in /dev/stdin -text |
"${GREP_BIN}" -F -A 1 "509v3 Subject Alternative Name:" |
tail -n 1 |
sed -e "s/DNS://g" |
@@ -1686,7 +1686,7 @@ extract_cert_attribute() {
sed -e 's/^ *//'
;;
keyUsage)
- KEY_USAGE_TMP=$(echo "${cert_content}" | "${OPENSSL}" x509 -noout -ext keyUsage 2>&1)
+ KEY_USAGE_TMP=$(echo "${cert_content}" | "${OPENSSL}" x509 -in /dev/stdin -noout -ext keyUsage 2>&1)
if echo "${KEY_USAGE_TMP}" | "${GREP_BIN}" -q 'No extensions in certificate'; then
echo
else
@@ -2059,7 +2059,7 @@ check_ocsp() {
open_for_writing "${ISSUER_CERT_TMP2}"
cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}"
- ${OPENSSL} x509 -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}"
+ ${OPENSSL} x509 -in /dev/stdin -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}"
elif "${FILE_BIN}" -L -b "${ISSUER_CERT_TMP}" | "${GREP_BIN}" -E -q 'empty'; then
@@ -2320,9 +2320,9 @@ check_cert_end_date() {
# x509 certificates (default)
# We always check expired certificates
- debuglog "executing: ${OPENSSL} x509 -noout -checkend 0 on cert element ${el_number} (${element_cn})"
+ debuglog "executing: ${OPENSSL} x509 -in /dev/stdin -noout -checkend 0 on cert element ${el_number} (${element_cn})"
- if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend 0 >/dev/null; then
+ if ! echo "${1}" | ${OPENSSL} x509 -in /dev/stdin -noout -checkend 0 >/dev/null; then
if compare "${ELEM_DAYS_VALID}" ">=" 0 && compare "${ELEM_DAYS_VALID}" "<" 1; then
DAYS_AGO='less than a day ago'
else
@@ -2347,9 +2347,9 @@ check_cert_end_date() {
if [ -n "${CRITICAL_DAYS}" ] && [ -n "${CRITICAL_SECONDS}" ]; then
- debuglog "executing: ${OPENSSL} x509 -noout -checkend ${CRITICAL_SECONDS} on cert element ${el_number} (${element_cn})"
+ debuglog "executing: ${OPENSSL} x509 -in /dev/stdin -noout -checkend ${CRITICAL_SECONDS} on cert element ${el_number} (${element_cn})"
- if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend "${CRITICAL_SECONDS}" >/dev/null; then
+ if ! echo "${1}" | ${OPENSSL} x509 -in /dev/stdin -noout -checkend "${CRITICAL_SECONDS}" >/dev/null; then
debuglog "CRITICAL: certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}"
CN_EXPIRED_TMP="${element_cn}:${replace_current_message}:${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}"
if [ -z "${CN_EXPIRED_CRITICAL}" ]; then
@@ -2369,9 +2369,9 @@ check_cert_end_date() {
if [ -n "${WARNING_DAYS}" ] && [ -n "${WARNING_SECONDS}" ]; then
- debuglog "executing: ${OPENSSL} x509 -noout -checkend ${WARNING_SECONDS} on cert element ${el_number}"
+ debuglog "executing: ${OPENSSL} x509 -in /dev/stdin -noout -checkend ${WARNING_SECONDS} on cert element ${el_number}"
- if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend "${WARNING_SECONDS}" >/dev/null; then
+ if ! echo "${1}" | ${OPENSSL} x509 -in /dev/stdin -noout -checkend "${WARNING_SECONDS}" >/dev/null; then
debuglog "WARNING: certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}"
CN_EXPIRED_TMP="${element_cn}:${replace_current_message}:${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}"
if [ -z "${CN_EXPIRED_WARNING}" ]; then
--- End Message ---
--- Begin Message ---
Source: nagios-plugins-contrib
Source-Version: 46.20240417
Done: Jan Wagner <w...@cyconet.org>
We believe that the bug you reported is fixed in the latest version of
nagios-plugins-contrib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jan Wagner <w...@cyconet.org> (supplier of updated nagios-plugins-contrib
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 17 Apr 2024 11:50:13 +0000
Source: nagios-plugins-contrib
Architecture: source
Version: 46.20240417
Distribution: unstable
Urgency: medium
Maintainer: Debian Nagios Maintainer Group
<pkg-nagios-de...@lists.alioth.debian.org>
Changed-By: Jan Wagner <w...@cyconet.org>
Closes: 1038281 1066576 1067532
Changes:
nagios-plugins-contrib (46.20240417) unstable; urgency=medium
.
[ Bas Couwenberg ]
* [13d5bbd] Replace pkg-config build dependency with pkgconf.
.
[ Jan Wagner ]
* [2141896] check_hpasm: Update to 4.9
* [85805f4] check_ssl_cert: Update to 2.80.0 (Closes: #1067532)
* [50bbecf] Drop nagios-plugins-contrib binary transitional package
(Closes: #1038281)
* [d7c7c50] check_haproxy: Update Upstream and to Revision 1.1
* [fd82fc4] Drop obsolete d/patches/check_haproxy/monitoring-plugin
* [093ad47] Adding d/p/check_memcached/fix_compile_warnings
(Closes: #1066576), thanks Sebastian Andrzej Siewior
* [079ab68] check_ssl_cert: Update to 2.81.0
* [9be161f] check_rbl: Update to 1.7.3
Checksums-Sha1:
e287723d54403354163d40422c811e44621dc5b1 2383
nagios-plugins-contrib_46.20240417.dsc
668b3b6d6ea54db054dea42566367013685cc8a0 987348
nagios-plugins-contrib_46.20240417.tar.xz
2143bbb56d71384779d0bce393f3dd551d36943a 7509
nagios-plugins-contrib_46.20240417_amd64.buildinfo
Checksums-Sha256:
6cbaa6a9b717f22cee5f09805edccde9b7f26739802d9750055c5dcd4dfc9129 2383
nagios-plugins-contrib_46.20240417.dsc
82911636f175b84d83909c89269b5a9c42ffc227e8835a25609122e3bf325795 987348
nagios-plugins-contrib_46.20240417.tar.xz
287eb72e6979a00fa06e27ff76aacea740f4cb329dab700394f5de784e6ad5d8 7509
nagios-plugins-contrib_46.20240417_amd64.buildinfo
Files:
ec548afc9e37d3931b0bdf8ed69722c7 2383 net optional
nagios-plugins-contrib_46.20240417.dsc
64233ee1df30459769d34e162b08fb5b 987348 net optional
nagios-plugins-contrib_46.20240417.tar.xz
69b52c22b2d5a82cfc40a42c8233e8e8 7509 net optional
nagios-plugins-contrib_46.20240417_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXOdRCo+8DU5yq7qbDHBVe1oGUT4FAmYfuUcACgkQDHBVe1oG
UT6ndhAAkMkhvWJqM/J7ScHD7A9W0uRjgphjLlDO2ty4aUgVDquyClZPgM6W/mg2
SreiK3Q6HXwQxRLBF9jhc9flTcRC8qR1pLWYboQMvw8J4lQbgAAgNSVWQlbyTnuG
q8ubxyakajWJtx6xfn3YN+3RzX0PqKpxxcZpLJx9hgSkLtZXin/ZtnQJyAQvF5Y3
aTTADZcabB687qU6DwCTu/cLA+Z5c/s2woWAGrLTMhoTr0DFHdHHYiQsqHt3+9na
6o9QDiP14wDoT2cbuCCDo/93/P82wiwbalqEdYQ3iydQCsm5vHnxyrRAhOBrs5z+
T7kdkW9ygjGaHDul/BPavKmS6CmOvlnJuezLAtN/l+OBOkIfhMjI+HL5jCMbLCc6
+UW+nSpT4GULHWGDMQqhO1CS5JOGiyLB+uAEbUfrbAEB8Ss3S7X5MhgL3OmGNY5N
fT1WTbX9SoU7dPvzcPaIeE73LDwi1N7S0Vl0OXhVAy4kR8bMaGMccPgaJ+NzjSmV
u6xerYheHb0kFMMDOJP2j6/YPU6yhRDjC1SZV0o1KvFS23o40uucav/4BNz9HxxM
hjaARwzsjN/iY7lMgYPFMjMFJ3HQLU/btmAOD4bJx6RvXqUCgtUQK8HheGSdOihn
1HiIrgcY1c8FybYGwKeloR1ko/bmu+lWIA9mn9VFYoRRPCoqZMw=
=0HBj
-----END PGP SIGNATURE-----
pgpB2nLsryR2e.pgp
Description: PGP signature
--- End Message ---
