nagios-4.3.4-bp151.3.2

- remove unused xorg-x11-devel BuildRequires

- fix upstream issue #455, memleak introduced with 4.3.3
  nagios-4.3.4-fix_memleak_4.3.3.diff

- update to 4.1.0 fixed boo#939829 already, mentioned here just
  for reference

- fix a possible symlink attack for files/dirs created by root
  fixes CVE-2016-8641 (bsc#1011630 and bsc#1018047)
- remove the pre-configured administrative account with fixed
  password from the htpasswd file and provide an empty one instead
  (fixes boo#961115 - CVE-2016-0726)

- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)

- Do not introduce new RPM group just for nagios-contrib.
  Use established Development/Tools/Other instead.

- update to 4.3.4
  * Improved config file parsing (Mark Felder)
  * Fixed configure script to check for existence of /run for lock
    file (in regards to CVE-2017-12847, Bryan Heden)
  * Use absolute paths when deleting check results files (Emmanuel Dreyfus)
  * Add sanity checking in reassign_worker (sq5bpf)
  * xodtemplate.c wrong option-deprecation code warning (alex2grad / John Frickson)
  * On-demand host check always use cached host state (John Frickson)
  * 'á' causes Serivce Status Information to not be displayed (John Frickson)
  * New Macro(s) to generate URL for host / service object (John Frickson)
  * Fix minor map issues (Troy Lea)
  * Fix lockfile issues (Bryan Heden)
  * Switch order of daemon_init and drop_priveleges (CVE-2017-12847, Bryan Heden)
  * Add an OpenRC init script (Michael Orlitzky)
- only require insserv on older SUSE distributions

- update to 4.3.2
  FIXED
  * Every 15sec /var/log/messages is flooded with
    "nagios: set_environment_var" (John Frickson)
  * Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
  * `make all` fails if unzip is not installed (John Frickson)
  * Quick Search no longer allows search by Alias (John Frickson)
  * flexible downtime on a service immediately turns off notifications
    (John Frickson)
  * Fix to allow url_encode to be called twice (Z. Liu)
  * Update timeperiods.cfg.in (spelling) (Parth Laxmikant Kolekar)
  * Spelling fixes (Josh Soref)
  * Vent command pipe before remove to avoid deadlocks on
    writing end (Kai Kunstmann)
  * CGI utility cgiutil.c does not process relative config file
    path names properly (John Frickson)
  * xdata/xodtemplate.c bug in option-deprecation code (John Frickson)
  * Wildcard searching causes service status links to not work properly
    (John Frickson)
  * Quick search with no hits shows a permission denied error (John Frickson)
  * Setting a service as its own parent is not caught by the sanity
    checker (-v) and causes a segfault (John Frickson)
- removed nagios-4.3.1-remove-flooding-messages.patch (fixed upstream)

- fix upstream issue #337: remove debugging messages:
  nagios-4.3.1-remove-flooding-messages.patch

- Update to 4.3.1
  SECURITY FIXES
  * Fix for CVE-2016-6209 - The "corewindow" parameter (as in
    http://localhost/nagios?corewindow=www.somewhere.com) has been disabled by
    default. See the UPGRADING document for how to enable it. (John Frickson)
  FIXES
  * Service hard state generation and host hard or soft down status (John Frickson)
  * Comments are duplicated through Nagios reload (John Frickson)
  * host hourly value is incorrectly dumped as json boolean (John Frickson)
  * Bug - Quick Search no longer allows search by IP (John Frickson)
  * Config: status_update_interval can not be set to 1 (John Frickson)
  * Check attempts not increasing if nagios is reloaded (John Frickson)
  * nagios hangs on reload while sending external command to cmd file (John Frickson)
  * Feature Request: return code xxx out of bounds - include message as well (John Frickson)
  * Fix early event scheduling (pmalek / John Frickson)
  * on-demand host checks triggered by service checks cause attempt number increments (fredericve)
  * Service notification not being send when host is in soft down state (John Frickson)
  * configure does not error if no perl installed on CentOS 7 (John Frickson)
  * failed passive requests leave .ok files in checkresults dir (caronc)
  * Services don't show in status.cgi if "noheader" specified (John Frickson)
  * Standardized check interval config file names (John Frickson)
  * "Event Log" (showlog.cgi) could not open log file (John Frickson)
  * "nagios_check_command" has been deprecated since v3.0. Last vestiges
    removed (John Frickson)
  ENHANCEMENTS
  * Added new flag to cgi.cfg: tac_cgi_hard_only to show only HARD
    states (John Frickson)
  * Add broker-event for the end of a timed event (NEBTYPE_TIMEDEVENT_END) (John Frickson)
  * There is no Macro to retrieve addresses of hostgroup members
    (now $HOSTGROUPMEMBERADDRESSES$) (John Frickson)
  * Add "Page Tour" videos to several of the core web pages (John Frickson)
  * Added a login page, and a `Logoff` links (John Frickson)
  * On the status map, the host name will be colored if services are
    not all OK. (John Frickson)
  * Added "Clear flapping state" command on host and services
    detail pages. (John Frickson)
  * User-entered comment now displays below generated comment for
    downtime (John Frickson)
- refreshed patches

- update to 4.2.4
  SECURITY FIXES
  * Fixed another root privilege escalation (CVE-2016-9566) Thanks for
    bringing this to our attention go to Dawid Golunski
    (http://legalhackers.com).

- update to 4.2.3
  SECURITY FIXES
  * Fixed a root privilege escalation (CVE-2016-8641) (John Frickson)
  FIXES
  * external command during reload doesn't work (John Frickson)
  * Nagios provides no error condition as to why it fails on the
    verify for serviceescalation (John Frickson)
  * No root group in FreeBSD and Apple OS X (John Frickson)
  * jsonquery.html doesn't display scheduled_time_ok correctly (John Frickson)
  * daemon_dumps_core=1 has no effect on Linux when Nagios
    started as root (John Frickson)
  * Configuration check in hostgroup - misspelled hostname does
    not error (John Frickson)
  * contacts or contact_groups directive with no value should not
    be allowed (John Frickson)
  * Compile 64-bit on SPARC produces LD error (John Frickson)
  * HOSTSTATEID returns 0 even if host does not exist (John Frickson)
  * Submitting UNREACHABLE passive result for host sets it as DOWN
    if the host has no parents (John Frickson)
  * nagios: job XX (pid=YY): read() returned error 11 (changed from
    LOG_ERR to LOG_NOTICE) (John Frickson)
  * Fix for quick search not showing services if wildcard used
    (John Frickson)

- use faster find variants

- allow ppc64le builds in contrib Makefile:
  nagios-4.2.2-enable-ppc64le.patch

- update to 4.2.2
  SECURITY
  + There was a fix to vulnerability CVE-2008-4796 in the 4.2.0 release
    on August 1, 2016. The fix was apparently incomplete, as there was
    still a problem. However, we are now getting all RSS feeds using AJAX
    calls instead of the (outdated) MagpieRSS package. Thanks for bringing
    this to our attention go to Dawid Golunski (http://legalhackers.com).
  ENHANCEMENTS
  + Update status.c to display passive check icon for hosts when
    passive checks are enabled and actives disabled
  FIXES
  + Fix permissions for Host Groups reports (status.cgi)
  + Service Parents does not appear to be functioning as intended
  + Availability report mixes up scheduled and unscheduled warning percentages
  + Invalid values for saved_stamp in comput_subject_downtime_times()
  + Remove deprecated ?framespacing?
  + The nagios tarball contains two identical jquery copies
  + extinfo.cgi does not set content-type (most cgi?s don?t)
  + Timeperiods are corrupted by external command CHANGE_SVC_CHECK_TIMEPERIOD
  + Quick search doesn?t show hosts without services (service status detail page)
  + In host/services details view, if exactly 100 entries would not show last one
  + nagios host URL parameter for NEW map doesn`t work ? Network Map for All Hosts
  + next_problem_id is improperly initialized
  + Passive problems not showing as ?unhandled?
  + September reported as Sept instead of Sep
  + Notifications are not sent for active alerts after scheduled downtime ends
  + Nagios 4.2.0 not working on Solaris
  + install-exfoliation and install-classicui don?t work FreeBSD and Mac OS X
  + Updated makefile to delete some no-longer-needed files

- update to 4.2.1
  FIXES
  + Fix undefined variable php error (John Frickson)
  + Links on the sidebar menu under 'Problems' are indented too far
  + Using $ARGn$ Macros in perfdata (John Frickson)
  + using a wildcard in search returns service status total all zero's
  + read_only does not take priority (deppy)
  + Running nagios -v on 4.2.0 takes 90+ seconds (John Frickson)
  + Missing Image for Host and Service State Trends in Availability Report
  + Maintain non-persistent comments through reload (John Frickson)
  + Servicegroup availability report ignores includesoftstates in
    service report links (PriceChild)
  + error: format not a string literal and no format arguments (Karsten Weiss)
- ignore rpmlint warnings about tmpfile creating/listing: this is
  handled, but not properly detected by rpmlnt

- update to 4.2.0
  SECURITY FIXES
  + Fixed vulnerability CVE-2008-4796 (John Frickson)
  + Fixed vulnerability CVE-2013-4214 (John Frickson)
  + web interface vulnerable to Cross-Site Request Forgery attacks
  ENHANCEMENTS
  + Increase socket queue length for listen()
  + Added host name to the website page title (leres / John Frickson)
  + Added additional icons for NetBSD and SuSE (John Frickson)
  + The new Status Map will now use cgi.cfg options (John Frickson)
    default_statusmap_layout will default to "6" for the new map
  + The new Status Map will now show some valid values in the
    popup for "Nagios Process" (John Frickson)
  FIXES
  + Network outage view without access to all hosts (John Frickson)
  + Core workers looping (John Frickson)
  + service query returns duplicate host_name and description
    fields in the returned data (John Frickson)
  + HTML output of plug-ins is parsed in wrong way => webgui
    unusable (John Frickson)
  + Command worker fails to handle SIGPIPE
  + "View Status" links under "Map" broken in Nagios Core
    Version 4.1.1 (John Frickson)
  + Can't send big buffer - wproc: Core Worker seems to be choked
  + Too big CPU load on FreeBSD and other systems using poll() interface
  + Flexible downtime recorded as unscheduled downtime (John Frickson)
  + Service Flexible downtimes produce 1 notification before entering
  + Once you "set flap_detection_enabled 0" it should remove flapping
    state from the host/services page (John Frickson)
  + New map doesn't finish loading if a logo image is not found
  + Extraneous Div end tag in map.html (Scott Wilkerson)
  + Issue with "Problems" section (John Frickson)
  + Status Map icons and online/offline status dots disappear in IE11
  + New network map overlays the nagios process with objects
  + Added Default-Start and Default-Stop to the init script
  + Compile / logging issues with BSD 6
  + Related to above, Fixed a lot of incorrectly handled
    time_t's in *printf's
  + New map not working for RU locale (actually, most locales)
  + Replaced all instances of signal() with sigaction() + blockig
  + UTF-8 characters like german ä are not processed properly by
    function url_encode (John Frickson)
  + nagios worker processes can hog CPU (huxley / John Frickson)
  + custom time periods that include special characters were not
    being handled in reports (John Frickson)
  + Fixed init script to wait up to 90 seconds then kill the
    nagios process (John Frickson)
  + No Host Groups results in wrong error message (John Frickson)
  + Setup Nagios users to view specific host is not working in the
    new network map (John Frickson)
  + statusjson.cgi fails glibc realloc truncate response output (John Frickson)
  + Report Time Period does not work if an @ character is in
    the timeperiod name (John Frickson)
  + State History does not use actual plugin long_output (John Frickson)
  + Time period corruption (xoubih)
  + Tactical Overview - Disabled Flap Detection Link (John Frickson)
- add /var/run/nagios as ghost directory

- Fix nagios-www: keep nagios-www-dch from owning html files shipped with
  Nagios.
- Remove unused NAGIOSDCH apache flag.

- Update to 4.1.1
  FIXES
  * CGI Could not read object configuration data (broken by error in 4.1.0)
  * exclude (!) not working (broken by mis-applied fix for 4.1.0)
- Dropped patch nagios-issue_71.patch (included in sources)

- Add nagios-issue_71.patch
  * Fixes "CGI Could not read object configuration data" (boo#944102)