Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: pkg-nagios-de...@lists.alioth.debian.org Control: affects -1 + src:monitoring-plugins
Please see these changes for monitoring-plugins. 2.3.3-4 is already uploaded into unstable (containing one fix from upstream) but is blocked due missing autopkgtests. I prepared another upload containing two fixes from upstream, which is not uploaded yet.
[ Reason ] This release targets several fixes that should go into bookworm: * [953ee52] Adding d/p/13_check_icmp_improvements from upstream * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream * [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream [ Impact ] Included patches fixes regressions from latest upstream release. [ Tests ]Upstream testsuite passes as well as Salsa CI (https://salsa.debian.org/nagios-team/monitoring-plugins/-/pipelines/514242) tests (ignoring the blhc).
[ Risks ] The code changes are trivial enough to not expect regressions. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] unblock monitoring-plugins/2.3.3-5
diff --git a/debian/changelog b/debian/changelog index caf2e31..c738c88 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +monitoring-plugins (2.3.3-5) unstable; urgency=medium + + * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream + * [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream + + -- Jan Wagner <w...@cyconet.org> Fri, 24 Mar 2023 19:16:16 +0000 + +monitoring-plugins (2.3.3-4) unstable; urgency=medium + + * [953ee52] Adding d/p/13_check_icmp_improvements from upstream + + -- Jan Wagner <w...@cyconet.org> Tue, 07 Mar 2023 13:29:35 +0000 + monitoring-plugins (2.3.3-3) unstable; urgency=medium * [15d0c56] Adding d/p/12_check_curl_improvements from upstream diff --git a/debian/patches/13_check_icmp_improvements b/debian/patches/13_check_icmp_improvements new file mode 100644 index 0000000..0eb2748 --- /dev/null +++ b/debian/patches/13_check_icmp_improvements @@ -0,0 +1,200 @@ +From 413af1955538b06803458c628099f1ba9da1966b Mon Sep 17 00:00:00 2001 +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> +Date: Fri, 4 Nov 2022 16:51:32 +0100 +Subject: [PATCH 1/5] Remove trailing whitespaces + +--- + plugins-root/check_icmp.c | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c +index f8f153512..abd88c4e7 100644 +--- a/plugins-root/check_icmp.c ++++ b/plugins-root/check_icmp.c +@@ -1,39 +1,39 @@ + /***************************************************************************** +-* ++* + * Monitoring check_icmp plugin +-* ++* + * License: GPL + * Copyright (c) 2005-2008 Monitoring Plugins Development Team + * Original Author : Andreas Ericsson <a...@op5.se> +-* ++* + * Description: +-* ++* + * This file contains the check_icmp plugin +-* ++* + * Relevant RFC's: 792 (ICMP), 791 (IP) +-* ++* + * This program was modeled somewhat after the check_icmp program, + * which was in turn a hack of fping (www.fping.org) but has been + * completely rewritten since to generate higher precision rta values, + * and support several different modes as well as setting ttl to control. + * redundant routes. The only remainders of fping is currently a few + * function names. +-* +-* ++* ++* + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. +-* ++* + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. +-* ++* + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. +-* +-* ++* ++* + *****************************************************************************/ + + /* progname may change */ + +From 7d074091dba8c1d4081971bf62e694d0b1a03d41 Mon Sep 17 00:00:00 2001 +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> +Date: Fri, 4 Nov 2022 16:53:57 +0100 +Subject: [PATCH 2/5] Remove hardcoded DBL_MAX definition + +--- + plugins-root/check_icmp.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c +index abd88c4e7..0d10d22db 100644 +--- a/plugins-root/check_icmp.c ++++ b/plugins-root/check_icmp.c +@@ -95,10 +95,6 @@ const char *email = "de...@monitoring-plugins.org"; + # define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 + #endif + +-#ifndef DBL_MAX +-# define DBL_MAX 9.9999999999e999 +-#endif +- + typedef unsigned short range_t; /* type for get_range() -- unimplemented */ + + typedef struct rta_host { + +From 9a73a94258689cd9337fe7a7937fe85e4670aaeb Mon Sep 17 00:00:00 2001 +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> +Date: Fri, 4 Nov 2022 17:08:36 +0100 +Subject: [PATCH 3/5] Replace DBL_MAX with INFITY to check if value was set + +--- + plugins-root/check_icmp.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c +index 0d10d22db..7f3c4b5ba 100644 +--- a/plugins-root/check_icmp.c ++++ b/plugins-root/check_icmp.c +@@ -55,6 +55,7 @@ const char *email = "de...@monitoring-plugins.org"; + #include <errno.h> + #include <signal.h> + #include <ctype.h> ++#include <float.h> + #include <net/if.h> + #include <netinet/in_systm.h> + #include <netinet/in.h> +@@ -1220,7 +1221,7 @@ finish(int sig) + host->rta / 1000, (float)warn.rta / 1000, (float)crit.rta / 1000, + (targets > 1) ? host->name : "", host->pl, warn.pl, crit.pl, + (targets > 1) ? host->name : "", (float)host->rtmax / 1000, +- (targets > 1) ? host->name : "", (host->rtmin < DBL_MAX) ? (float)host->rtmin / 1000 : (float)0); ++ (targets > 1) ? host->name : "", (host->rtmin < INFINITY) ? (float)host->rtmin / 1000 : (float)0); + + host = host->next; + } +@@ -1323,7 +1324,7 @@ add_target_ip(char *arg, struct sockaddr_storage *in) + memcpy(host_sin6->sin6_addr.s6_addr, sin6->sin6_addr.s6_addr, sizeof host_sin6->sin6_addr.s6_addr); + } + +- host->rtmin = DBL_MAX; ++ host->rtmin = INFINITY; + + if(!list) list = cursor = host; + else cursor->next = host; + +From d3a4bad51d72a3c5bcc06ceb5e0a823dcc24bf49 Mon Sep 17 00:00:00 2001 +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> +Date: Sun, 19 Feb 2023 14:31:21 +0100 +Subject: [PATCH 4/5] check_icmp: Fix compiler warning + +This fixes a compiler warning with no real world impact. +The compiler complains about a missing return, which is correct, but +in that scenario the program would crash anyways, so this has no impact. +--- + plugins-root/check_icmp.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c +index 7f3c4b5ba..317cd5357 100644 +--- a/plugins-root/check_icmp.c ++++ b/plugins-root/check_icmp.c +@@ -1430,20 +1430,21 @@ set_source_ip(char *arg) + static in_addr_t + get_ip_address(const char *ifname) + { ++ // TODO: Rewrite this so the function return an error and we exit somewhere else ++ struct sockaddr_in ip; + #if defined(SIOCGIFADDR) + struct ifreq ifr; +- struct sockaddr_in ip; + + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; + if(ioctl(icmp_sock, SIOCGIFADDR, &ifr) == -1) + crash("Cannot determine IP address of interface %s", ifname); + memcpy(&ip, &ifr.ifr_addr, sizeof(ip)); +- return ip.sin_addr.s_addr; + #else + errno = 0; + crash("Cannot get interface IP address on this platform."); + #endif ++ return ip.sin_addr.s_addr; + } + + /* + +From 423284edfa980fc3fdb51ab20af96685a988ba97 Mon Sep 17 00:00:00 2001 +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> +Date: Sun, 19 Feb 2023 14:34:29 +0100 +Subject: [PATCH 5/5] check_icmp: Fix compiler warning + +This fixes a compiler warning which complains about an uninitialized +value for a variable which is then returned. +This had no real world impact, since the program would crash in the +branch where result is not set. +The variable is initialized to "-1" which would be the error for +inet_pton. +--- + plugins-root/check_icmp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c +index 317cd5357..e59e92d33 100644 +--- a/plugins-root/check_icmp.c ++++ b/plugins-root/check_icmp.c +@@ -1339,7 +1339,7 @@ add_target_ip(char *arg, struct sockaddr_storage *in) + static int + add_target(char *arg) + { +- int error, result; ++ int error, result = -1; + struct sockaddr_storage ip; + struct addrinfo hints, *res, *p; + struct sockaddr_in *sin; diff --git a/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs new file mode 100644 index 0000000..7d1418a --- /dev/null +++ b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs @@ -0,0 +1,211 @@ +From 03f86b5d0809967855fbaafb4d600dc5b82081fa Mon Sep 17 00:00:00 2001 +From: Andreas Baumann <m...@andreasbaumann.cc> +Date: Tue, 7 Mar 2023 19:51:33 +0100 +Subject: [PATCH 1/4] check_curl: in SSL host caching mode try to connect and + bind and take the first getaddrinfo result which succeeds + +--- + plugins/check_curl.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/plugins/check_curl.c b/plugins/check_curl.c +index c37d45d91..e1bc98dc9 100644 +--- a/plugins/check_curl.c ++++ b/plugins/check_curl.c +@@ -386,6 +386,7 @@ lookup_host (const char *host, char *buf, size_t buflen) + struct addrinfo hints, *res, *result; + int errcode; + void *ptr; ++ int s; + + memset (&hints, 0, sizeof (hints)); + hints.ai_family = address_family; +@@ -399,19 +400,26 @@ lookup_host (const char *host, char *buf, size_t buflen) + res = result; + + while (res) { +- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); +- switch (res->ai_family) { +- case AF_INET: +- ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; ++ inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); ++ switch (res->ai_family) { ++ case AF_INET: ++ ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; ++ break; ++ case AF_INET6: ++ ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; + break; +- case AF_INET6: +- ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; +- break; + } ++ + inet_ntop (res->ai_family, ptr, buf, buflen); + if (verbose >= 1) + printf ("* getaddrinfo IPv%d address: %s\n", + res->ai_family == PF_INET6 ? 6 : 4, buf); ++ ++ if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1) ++ continue; ++ if (bind (s, res->ai_addr, res->ai_addrlen == 0) ) ++ break; ++ + res = res->ai_next; + } + + +From 2902381c5de01f69d61569b0c8dae6a92e2b9843 Mon Sep 17 00:00:00 2001 +From: Barak Shohat <ba...@bazzisoft.com> +Date: Wed, 8 Mar 2023 11:56:43 +0200 +Subject: [PATCH 2/4] check_curl.c: Include all IPs from getaddrinfo() in curl + DNS cache + +--- + plugins/check_curl.c | 39 ++++++++++++++++++++++++++------------- + 1 file changed, 26 insertions(+), 13 deletions(-) + +diff --git a/plugins/check_curl.c b/plugins/check_curl.c +index e1bc98dc9..512fb88a6 100644 +--- a/plugins/check_curl.c ++++ b/plugins/check_curl.c +@@ -384,9 +384,12 @@ int + lookup_host (const char *host, char *buf, size_t buflen) + { + struct addrinfo hints, *res, *result; ++ char addrstr[100]; ++ size_t addrstr_len; + int errcode; + void *ptr; + int s; ++ size_t buflen_remaining = buflen - 1; + + memset (&hints, 0, sizeof (hints)); + hints.ai_family = address_family; +@@ -396,33 +399,40 @@ lookup_host (const char *host, char *buf, size_t buflen) + errcode = getaddrinfo (host, NULL, &hints, &result); + if (errcode != 0) + return errcode; +- ++ ++ strcpy(buf, ""); + res = result; + + while (res) { +- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); + switch (res->ai_family) { + case AF_INET: + ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; + break; + case AF_INET6: + ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; +- break; ++ break; + } + +- inet_ntop (res->ai_family, ptr, buf, buflen); +- if (verbose >= 1) ++ inet_ntop (res->ai_family, ptr, addrstr, 100); ++ if (verbose >= 1) { + printf ("* getaddrinfo IPv%d address: %s\n", +- res->ai_family == PF_INET6 ? 6 : 4, buf); ++ res->ai_family == PF_INET6 ? 6 : 4, addrstr); ++ } + +- if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1) +- continue; +- if (bind (s, res->ai_addr, res->ai_addrlen == 0) ) +- break; ++ // Append all IPs to buf as a comma-separated string ++ addrstr_len = strlen(addrstr); ++ if (buflen_remaining > addrstr_len + 1) { ++ if (buf[0] != NULL) { ++ strncat(buf, ",", 1); ++ buflen_remaining -= 1; ++ } ++ strncat(buf, addrstr, buflen_remaining); ++ buflen_remaining -= addrstr_len; ++ } + + res = res->ai_next; + } +- ++ + freeaddrinfo(result); + + return 0; +@@ -453,7 +463,7 @@ check_http (void) + int i; + char *force_host_header = NULL; + struct curl_slist *host = NULL; +- char addrstr[100]; ++ char addrstr[DEFAULT_BUFFER_SIZE/2]; + char dnscache[DEFAULT_BUFFER_SIZE]; + + /* initialize curl */ +@@ -505,7 +515,7 @@ check_http (void) + + // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy + if(use_ssl && host_name != NULL) { +- if ( (res=lookup_host (server_address, addrstr, 100)) != 0) { ++ if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), + server_address, res, gai_strerror (res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); +@@ -800,6 +810,9 @@ check_http (void) + /* free header and server IP resolve lists, we don't need it anymore */ + curl_slist_free_all (header_list); header_list = NULL; + curl_slist_free_all (server_ips); server_ips = NULL; ++ if (host) { ++ curl_slist_free_all (host); host = NULL; ++ } + + /* Curl errors, result in critical Nagios state */ + if (res != CURLE_OK) { + +From fc927e98db73850e760f490117ed36f2de20270c Mon Sep 17 00:00:00 2001 +From: Andreas Baumann <m...@andreasbaumann.cc> +Date: Wed, 8 Mar 2023 16:10:45 +0100 +Subject: [PATCH 3/4] fixed a wrong compare and a wrong size in strncat + +--- + plugins/check_curl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/plugins/check_curl.c b/plugins/check_curl.c +index 512fb88a6..cc17ef58a 100644 +--- a/plugins/check_curl.c ++++ b/plugins/check_curl.c +@@ -422,8 +422,8 @@ lookup_host (const char *host, char *buf, size_t buflen) + // Append all IPs to buf as a comma-separated string + addrstr_len = strlen(addrstr); + if (buflen_remaining > addrstr_len + 1) { +- if (buf[0] != NULL) { +- strncat(buf, ",", 1); ++ if (buf[0] != '\0') { ++ strncat(buf, ",", buflen_remaining); + buflen_remaining -= 1; + } + strncat(buf, addrstr, buflen_remaining); + +From ea53555f2d6254da5fec0c1061899a01dd5321ec Mon Sep 17 00:00:00 2001 +From: Andreas Baumann <m...@andreasbaumann.cc> +Date: Sat, 11 Mar 2023 11:40:00 +0100 +Subject: [PATCH 4/4] check_curl: removed a superflous variable + +--- + plugins/check_curl.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/plugins/check_curl.c b/plugins/check_curl.c +index cc17ef58a..e5be1ad56 100644 +--- a/plugins/check_curl.c ++++ b/plugins/check_curl.c +@@ -388,7 +388,6 @@ lookup_host (const char *host, char *buf, size_t buflen) + size_t addrstr_len; + int errcode; + void *ptr; +- int s; + size_t buflen_remaining = buflen - 1; + + memset (&hints, 0, sizeof (hints)); diff --git a/debian/patches/15_check_swap_remove_includes b/debian/patches/15_check_swap_remove_includes new file mode 100644 index 0000000..fb65026 --- /dev/null +++ b/debian/patches/15_check_swap_remove_includes @@ -0,0 +1,23 @@ +From 8a8ee58e8925019b7532e7d14ebe488bb21fb3e6 Mon Sep 17 00:00:00 2001 +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> +Date: Thu, 16 Mar 2023 15:26:52 +0100 +Subject: [PATCH] check_swap: Remove unnecessary and problematic includes + +--- + plugins/check_swap.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/plugins/check_swap.c b/plugins/check_swap.c +index a607da1e9..25d5f21d0 100644 +--- a/plugins/check_swap.c ++++ b/plugins/check_swap.c +@@ -34,9 +34,6 @@ const char *email = "de...@monitoring-plugins.org"; + #include "common.h" + #include "popen.h" + #include "utils.h" +-#include <string.h> +-#include <math.h> +-#include <libintl.h> + + #ifdef HAVE_DECL_SWAPCTL + # ifdef HAVE_SYS_PARAM_H diff --git a/debian/patches/series b/debian/patches/series index 7791bb8..3e14114 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,6 @@ 10_check_http_chunked_wo_actual_content 11_fallback_for_gnutls 12_check_curl_improvements +13_check_icmp_improvements +14_check_curl_fix_SSL_with_multiple_IPs +15_check_swap_remove_includes
