--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: pkg-nagios-de...@lists.alioth.debian.org
Control: affects -1 + src:monitoring-plugins
Please see these changes for monitoring-plugins. 2.3.3-4 is already
uploaded into unstable (containing one fix from upstream) but is blocked
due missing autopkgtests. I prepared another upload containing two fixes
from upstream, which is not uploaded yet.
[ Reason ]
This release targets several fixes that should go into bookworm:
* [953ee52] Adding d/p/13_check_icmp_improvements from upstream
* [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream
* [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream
[ Impact ]
Included patches fixes regressions from latest upstream release.
[ Tests ]
Upstream testsuite passes as well as Salsa CI
(https://salsa.debian.org/nagios-team/monitoring-plugins/-/pipelines/514242)
tests (ignoring the blhc).
[ Risks ]
The code changes are trivial enough to not expect regressions.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
unblock monitoring-plugins/2.3.3-5
diff --git a/debian/changelog b/debian/changelog
index caf2e31..c738c88 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+monitoring-plugins (2.3.3-5) unstable; urgency=medium
+
+ * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream
+ * [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream
+
+ -- Jan Wagner <w...@cyconet.org> Fri, 24 Mar 2023 19:16:16 +0000
+
+monitoring-plugins (2.3.3-4) unstable; urgency=medium
+
+ * [953ee52] Adding d/p/13_check_icmp_improvements from upstream
+
+ -- Jan Wagner <w...@cyconet.org> Tue, 07 Mar 2023 13:29:35 +0000
+
monitoring-plugins (2.3.3-3) unstable; urgency=medium
* [15d0c56] Adding d/p/12_check_curl_improvements from upstream
diff --git a/debian/patches/13_check_icmp_improvements b/debian/patches/13_check_icmp_improvements
new file mode 100644
index 0000000..0eb2748
--- /dev/null
+++ b/debian/patches/13_check_icmp_improvements
@@ -0,0 +1,200 @@
+From 413af1955538b06803458c628099f1ba9da1966b Mon Sep 17 00:00:00 2001
+From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com>
+Date: Fri, 4 Nov 2022 16:51:32 +0100
+Subject: [PATCH 1/5] Remove trailing whitespaces
+
+---
+ plugins-root/check_icmp.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
+index f8f153512..abd88c4e7 100644
+--- a/plugins-root/check_icmp.c
++++ b/plugins-root/check_icmp.c
+@@ -1,39 +1,39 @@
+ /*****************************************************************************
+-*
++*
+ * Monitoring check_icmp plugin
+-*
++*
+ * License: GPL
+ * Copyright (c) 2005-2008 Monitoring Plugins Development Team
+ * Original Author : Andreas Ericsson <a...@op5.se>
+-*
++*
+ * Description:
+-*
++*
+ * This file contains the check_icmp plugin
+-*
++*
+ * Relevant RFC's: 792 (ICMP), 791 (IP)
+-*
++*
+ * This program was modeled somewhat after the check_icmp program,
+ * which was in turn a hack of fping (www.fping.org) but has been
+ * completely rewritten since to generate higher precision rta values,
+ * and support several different modes as well as setting ttl to control.
+ * redundant routes. The only remainders of fping is currently a few
+ * function names.
+-*
+-*
++*
++*
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+-*
++*
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+-*
++*
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+-*
+-*
++*
++*
+ *****************************************************************************/
+
+ /* progname may change */
+
+From 7d074091dba8c1d4081971bf62e694d0b1a03d41 Mon Sep 17 00:00:00 2001
+From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com>
+Date: Fri, 4 Nov 2022 16:53:57 +0100
+Subject: [PATCH 2/5] Remove hardcoded DBL_MAX definition
+
+---
+ plugins-root/check_icmp.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
+index abd88c4e7..0d10d22db 100644
+--- a/plugins-root/check_icmp.c
++++ b/plugins-root/check_icmp.c
+@@ -95,10 +95,6 @@ const char *email = "de...@monitoring-plugins.org";
+ # define ICMP_UNREACH_PRECEDENCE_CUTOFF 15
+ #endif
+
+-#ifndef DBL_MAX
+-# define DBL_MAX 9.9999999999e999
+-#endif
+-
+ typedef unsigned short range_t; /* type for get_range() -- unimplemented */
+
+ typedef struct rta_host {
+
+From 9a73a94258689cd9337fe7a7937fe85e4670aaeb Mon Sep 17 00:00:00 2001
+From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com>
+Date: Fri, 4 Nov 2022 17:08:36 +0100
+Subject: [PATCH 3/5] Replace DBL_MAX with INFITY to check if value was set
+
+---
+ plugins-root/check_icmp.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
+index 0d10d22db..7f3c4b5ba 100644
+--- a/plugins-root/check_icmp.c
++++ b/plugins-root/check_icmp.c
+@@ -55,6 +55,7 @@ const char *email = "de...@monitoring-plugins.org";
+ #include <errno.h>
+ #include <signal.h>
+ #include <ctype.h>
++#include <float.h>
+ #include <net/if.h>
+ #include <netinet/in_systm.h>
+ #include <netinet/in.h>
+@@ -1220,7 +1221,7 @@ finish(int sig)
+ host->rta / 1000, (float)warn.rta / 1000, (float)crit.rta / 1000,
+ (targets > 1) ? host->name : "", host->pl, warn.pl, crit.pl,
+ (targets > 1) ? host->name : "", (float)host->rtmax / 1000,
+- (targets > 1) ? host->name : "", (host->rtmin < DBL_MAX) ? (float)host->rtmin / 1000 : (float)0);
++ (targets > 1) ? host->name : "", (host->rtmin < INFINITY) ? (float)host->rtmin / 1000 : (float)0);
+
+ host = host->next;
+ }
+@@ -1323,7 +1324,7 @@ add_target_ip(char *arg, struct sockaddr_storage *in)
+ memcpy(host_sin6->sin6_addr.s6_addr, sin6->sin6_addr.s6_addr, sizeof host_sin6->sin6_addr.s6_addr);
+ }
+
+- host->rtmin = DBL_MAX;
++ host->rtmin = INFINITY;
+
+ if(!list) list = cursor = host;
+ else cursor->next = host;
+
+From d3a4bad51d72a3c5bcc06ceb5e0a823dcc24bf49 Mon Sep 17 00:00:00 2001
+From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com>
+Date: Sun, 19 Feb 2023 14:31:21 +0100
+Subject: [PATCH 4/5] check_icmp: Fix compiler warning
+
+This fixes a compiler warning with no real world impact.
+The compiler complains about a missing return, which is correct, but
+in that scenario the program would crash anyways, so this has no impact.
+---
+ plugins-root/check_icmp.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
+index 7f3c4b5ba..317cd5357 100644
+--- a/plugins-root/check_icmp.c
++++ b/plugins-root/check_icmp.c
+@@ -1430,20 +1430,21 @@ set_source_ip(char *arg)
+ static in_addr_t
+ get_ip_address(const char *ifname)
+ {
++ // TODO: Rewrite this so the function return an error and we exit somewhere else
++ struct sockaddr_in ip;
+ #if defined(SIOCGIFADDR)
+ struct ifreq ifr;
+- struct sockaddr_in ip;
+
+ strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1);
+ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
+ if(ioctl(icmp_sock, SIOCGIFADDR, &ifr) == -1)
+ crash("Cannot determine IP address of interface %s", ifname);
+ memcpy(&ip, &ifr.ifr_addr, sizeof(ip));
+- return ip.sin_addr.s_addr;
+ #else
+ errno = 0;
+ crash("Cannot get interface IP address on this platform.");
+ #endif
++ return ip.sin_addr.s_addr;
+ }
+
+ /*
+
+From 423284edfa980fc3fdb51ab20af96685a988ba97 Mon Sep 17 00:00:00 2001
+From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com>
+Date: Sun, 19 Feb 2023 14:34:29 +0100
+Subject: [PATCH 5/5] check_icmp: Fix compiler warning
+
+This fixes a compiler warning which complains about an uninitialized
+value for a variable which is then returned.
+This had no real world impact, since the program would crash in the
+branch where result is not set.
+The variable is initialized to "-1" which would be the error for
+inet_pton.
+---
+ plugins-root/check_icmp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
+index 317cd5357..e59e92d33 100644
+--- a/plugins-root/check_icmp.c
++++ b/plugins-root/check_icmp.c
+@@ -1339,7 +1339,7 @@ add_target_ip(char *arg, struct sockaddr_storage *in)
+ static int
+ add_target(char *arg)
+ {
+- int error, result;
++ int error, result = -1;
+ struct sockaddr_storage ip;
+ struct addrinfo hints, *res, *p;
+ struct sockaddr_in *sin;
diff --git a/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs
new file mode 100644
index 0000000..7d1418a
--- /dev/null
+++ b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs
@@ -0,0 +1,211 @@
+From 03f86b5d0809967855fbaafb4d600dc5b82081fa Mon Sep 17 00:00:00 2001
+From: Andreas Baumann <m...@andreasbaumann.cc>
+Date: Tue, 7 Mar 2023 19:51:33 +0100
+Subject: [PATCH 1/4] check_curl: in SSL host caching mode try to connect and
+ bind and take the first getaddrinfo result which succeeds
+
+---
+ plugins/check_curl.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/plugins/check_curl.c b/plugins/check_curl.c
+index c37d45d91..e1bc98dc9 100644
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -386,6 +386,7 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ struct addrinfo hints, *res, *result;
+ int errcode;
+ void *ptr;
++ int s;
+
+ memset (&hints, 0, sizeof (hints));
+ hints.ai_family = address_family;
+@@ -399,19 +400,26 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ res = result;
+
+ while (res) {
+- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+- switch (res->ai_family) {
+- case AF_INET:
+- ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
++ inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
++ switch (res->ai_family) {
++ case AF_INET:
++ ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
++ break;
++ case AF_INET6:
++ ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+ break;
+- case AF_INET6:
+- ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+- break;
+ }
++
+ inet_ntop (res->ai_family, ptr, buf, buflen);
+ if (verbose >= 1)
+ printf ("* getaddrinfo IPv%d address: %s\n",
+ res->ai_family == PF_INET6 ? 6 : 4, buf);
++
++ if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1)
++ continue;
++ if (bind (s, res->ai_addr, res->ai_addrlen == 0) )
++ break;
++
+ res = res->ai_next;
+ }
+
+
+From 2902381c5de01f69d61569b0c8dae6a92e2b9843 Mon Sep 17 00:00:00 2001
+From: Barak Shohat <ba...@bazzisoft.com>
+Date: Wed, 8 Mar 2023 11:56:43 +0200
+Subject: [PATCH 2/4] check_curl.c: Include all IPs from getaddrinfo() in curl
+ DNS cache
+
+---
+ plugins/check_curl.c | 39 ++++++++++++++++++++++++++-------------
+ 1 file changed, 26 insertions(+), 13 deletions(-)
+
+diff --git a/plugins/check_curl.c b/plugins/check_curl.c
+index e1bc98dc9..512fb88a6 100644
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -384,9 +384,12 @@ int
+ lookup_host (const char *host, char *buf, size_t buflen)
+ {
+ struct addrinfo hints, *res, *result;
++ char addrstr[100];
++ size_t addrstr_len;
+ int errcode;
+ void *ptr;
+ int s;
++ size_t buflen_remaining = buflen - 1;
+
+ memset (&hints, 0, sizeof (hints));
+ hints.ai_family = address_family;
+@@ -396,33 +399,40 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ errcode = getaddrinfo (host, NULL, &hints, &result);
+ if (errcode != 0)
+ return errcode;
+-
++
++ strcpy(buf, "");
+ res = result;
+
+ while (res) {
+- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+ switch (res->ai_family) {
+ case AF_INET:
+ ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+ break;
+ case AF_INET6:
+ ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+- break;
++ break;
+ }
+
+- inet_ntop (res->ai_family, ptr, buf, buflen);
+- if (verbose >= 1)
++ inet_ntop (res->ai_family, ptr, addrstr, 100);
++ if (verbose >= 1) {
+ printf ("* getaddrinfo IPv%d address: %s\n",
+- res->ai_family == PF_INET6 ? 6 : 4, buf);
++ res->ai_family == PF_INET6 ? 6 : 4, addrstr);
++ }
+
+- if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1)
+- continue;
+- if (bind (s, res->ai_addr, res->ai_addrlen == 0) )
+- break;
++ // Append all IPs to buf as a comma-separated string
++ addrstr_len = strlen(addrstr);
++ if (buflen_remaining > addrstr_len + 1) {
++ if (buf[0] != NULL) {
++ strncat(buf, ",", 1);
++ buflen_remaining -= 1;
++ }
++ strncat(buf, addrstr, buflen_remaining);
++ buflen_remaining -= addrstr_len;
++ }
+
+ res = res->ai_next;
+ }
+-
++
+ freeaddrinfo(result);
+
+ return 0;
+@@ -453,7 +463,7 @@ check_http (void)
+ int i;
+ char *force_host_header = NULL;
+ struct curl_slist *host = NULL;
+- char addrstr[100];
++ char addrstr[DEFAULT_BUFFER_SIZE/2];
+ char dnscache[DEFAULT_BUFFER_SIZE];
+
+ /* initialize curl */
+@@ -505,7 +515,7 @@ check_http (void)
+
+ // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
+ if(use_ssl && host_name != NULL) {
+- if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
++ if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
+ snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
+ server_address, res, gai_strerror (res));
+ die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+@@ -800,6 +810,9 @@ check_http (void)
+ /* free header and server IP resolve lists, we don't need it anymore */
+ curl_slist_free_all (header_list); header_list = NULL;
+ curl_slist_free_all (server_ips); server_ips = NULL;
++ if (host) {
++ curl_slist_free_all (host); host = NULL;
++ }
+
+ /* Curl errors, result in critical Nagios state */
+ if (res != CURLE_OK) {
+
+From fc927e98db73850e760f490117ed36f2de20270c Mon Sep 17 00:00:00 2001
+From: Andreas Baumann <m...@andreasbaumann.cc>
+Date: Wed, 8 Mar 2023 16:10:45 +0100
+Subject: [PATCH 3/4] fixed a wrong compare and a wrong size in strncat
+
+---
+ plugins/check_curl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/check_curl.c b/plugins/check_curl.c
+index 512fb88a6..cc17ef58a 100644
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -422,8 +422,8 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ // Append all IPs to buf as a comma-separated string
+ addrstr_len = strlen(addrstr);
+ if (buflen_remaining > addrstr_len + 1) {
+- if (buf[0] != NULL) {
+- strncat(buf, ",", 1);
++ if (buf[0] != '\0') {
++ strncat(buf, ",", buflen_remaining);
+ buflen_remaining -= 1;
+ }
+ strncat(buf, addrstr, buflen_remaining);
+
+From ea53555f2d6254da5fec0c1061899a01dd5321ec Mon Sep 17 00:00:00 2001
+From: Andreas Baumann <m...@andreasbaumann.cc>
+Date: Sat, 11 Mar 2023 11:40:00 +0100
+Subject: [PATCH 4/4] check_curl: removed a superflous variable
+
+---
+ plugins/check_curl.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/plugins/check_curl.c b/plugins/check_curl.c
+index cc17ef58a..e5be1ad56 100644
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -388,7 +388,6 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ size_t addrstr_len;
+ int errcode;
+ void *ptr;
+- int s;
+ size_t buflen_remaining = buflen - 1;
+
+ memset (&hints, 0, sizeof (hints));
diff --git a/debian/patches/15_check_swap_remove_includes b/debian/patches/15_check_swap_remove_includes
new file mode 100644
index 0000000..fb65026
--- /dev/null
+++ b/debian/patches/15_check_swap_remove_includes
@@ -0,0 +1,23 @@
+From 8a8ee58e8925019b7532e7d14ebe488bb21fb3e6 Mon Sep 17 00:00:00 2001
+From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com>
+Date: Thu, 16 Mar 2023 15:26:52 +0100
+Subject: [PATCH] check_swap: Remove unnecessary and problematic includes
+
+---
+ plugins/check_swap.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/plugins/check_swap.c b/plugins/check_swap.c
+index a607da1e9..25d5f21d0 100644
+--- a/plugins/check_swap.c
++++ b/plugins/check_swap.c
+@@ -34,9 +34,6 @@ const char *email = "de...@monitoring-plugins.org";
+ #include "common.h"
+ #include "popen.h"
+ #include "utils.h"
+-#include <string.h>
+-#include <math.h>
+-#include <libintl.h>
+
+ #ifdef HAVE_DECL_SWAPCTL
+ # ifdef HAVE_SYS_PARAM_H
diff --git a/debian/patches/series b/debian/patches/series
index 7791bb8..3e14114 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,6 @@
10_check_http_chunked_wo_actual_content
11_fallback_for_gnutls
12_check_curl_improvements
+13_check_icmp_improvements
+14_check_curl_fix_SSL_with_multiple_IPs
+15_check_swap_remove_includes
--- End Message ---
