Package Release Info

nagios-4.4.5-bp151.4.3.1

Update Info: openSUSE-2020-517
Available in Package Hub : 15 SP1 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

nagios
nagios-contrib
nagios-devel
nagios-theme-exfoliation
nagios-www
nagios-www-dch

Change Logs

* Mon Apr 06 2020 lars@linux-schulserver.de - 4.4.5
- fix boo#1156309, CVE-2019-3698 : Symbolic Link (Symlink) following
  vulnerability in the cronjob allows local attackers to cause cause
  DoS or potentially escalate privileges by winning a race.
- enhance systemd service: check nagios config before reloading
- enable build for SLE11 by excluding some special macros and
  directories via 'sles_version != 11' condition
- add nagios-archive.service and nagios-archive.timer as replacement
  for the script in cron.weekly: no need for cron on systemd systems
- run set_permissions and verifyscript for /etc/cron.weekly on those
  distributions that need it
- enhance rpmlint: ignore empty htpasswd file
- enable php apache module and not php5 on newer distributions
- try to harden the rcnagios script
* Mon Feb 03 2020 Dominique Leuenberger <dimstar@opensuse.org>
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
  shortcut through the -mini flavors.
* Fri Dec 20 2019 Stefan Botter <obs@botter.cc>
- 4.4.5
  * Reverted changes related to #625 due to CPU load issues
  * Partially reverted changes for #647 due to CPU load issues
  * Fixed "Quick Search" so that leading/trailing whitespace doesn't affect output (#681) (Sebastian Wolf)
  * Fixed build issues on non-RPM-based platforms (#617) (T.J. Yang)
- 4.4.4
  * Fixed log rotation logic to not repeatedly schedule rotation on a DST change (#610, #626) (Jaroslav Jindrak & Sebastian Wolf)
  * Fixed $SERVICEPROBLEMID$ to be reset after service recovery (#621) (Sebastian Wolf)
  * Fixed defunct worker processes appearing after nagios was reloaded (#441, #620) (Sebastian Wolf)
  * Fixed main nagios thread to release nagios.qh on a closed connection (#635) (Sebastian Wolf)
  * Fixed semicolon escaping to remove prepended backslash (\) (#643) (Sebastian Wolf)
  * Fixed 'Checks of this host have been disabled' message showing on passive-only hosts (#632) (Vojtěch Širůček & Sebastian Wolf)
  * Fixed last_hard_state showing the current hard state when service status is brokered (#633) (Sebastian Wolf)
  * Fixed long plugin output (>8KB) occasionally getting truncated (#625) (Sebastian Wolf)
  * Fixed check scheduling for objects with large check_intervals and small timeperiods (#647) (Sebastian Wolf)
  * Fixed SOFT recoveries sending when services had HARD recovery some time after host recovery (#651) (Sebastian Wolf)
  * Fixed incorrect permissions on debugging builds of FreeBSD (#420) (Sebastian Wolf)
  * Fixed NEB callback lists being partially orphaned when multiple modules subscribe to one callback (#590) (Sebastian Wolf)
  * Fixed memory leaks in run_async_service_check(), run_async_host_check() when checks are brokered (#664) (Sebastian Wolf)
  * Fixed potential XSS in main.php, map.php (#671, #672) (Jak Gibb)
  * Removed NEB brokering for nagios daemonization, since daemonization occurs before NEB initialization (#591) (Sebastian Wolf)
* Wed Nov 13 2019 Ansgar Esztermann <aeszter@gwdg.de>
- compile with -ffat-lto-objects to prevent build failure
* Tue Aug 20 2019 kukuk@suse.de
- Add /etc/cron.weekly to filelist, as this is now part of cron,
  which we don't want to require
* Sat Apr 20 2019 Stefan <obs@botter.cc>
- revert setting of sbindir back to nagios_cgidir
* Sun Jan 20 2019 obs@botter.cc - 4.4.3
- update to 4.4.3
  * Fixed services sending recovery emails when they recover if host in
  down state (#572) (Scott Wilkerson)
  * Fixed a make error when building on the aarch64 architecture (#598)
  (Gareth Randall)
  * Fixed --with-cgibindir and --with-webdir to actually set values given
  (#585) (lawsontyler)
  * Fixed soft recovery states for services (#575) (Jake Omann)
  * Fixed XSS vulnerability in Alert Summary report (CVE-2018-18245, boo#1119832)
  (Jake Omann)
  * Fixed services in soft states sometimes not switching into hard states
  (#576) (Jake Omann)
  * Fixed last_state_change to update when a state goes from soft -> hard
  state (#592) (Jake Omann)
  * Fixed Map link always being set to undefined host and don't show link
  for Nagios Process root note (#539) (Jake Omann)
  * Fixed notifications sending when services went into hard state on a
  down or unreachable host (#584) (Jake Omann)
  * Fixed log_host_retries not logging the host soft state checks (#599)
  (Jake Omann)
  * Fixed stalking_options N option to properly log only when a
  notification is actually sent (#604) (Jake Omann)
  * Fixed issue with service status totals being zero when
  servicegroup=all on servicegroup status page (#579) (Jake Omann)
  * Fixed escalation notifications logic and recovery notifications not
  going out (#582) (Jake Omann)
  * Fixed not finding child index causing duplicate hosts showing in the
  Map (#471) (Jake Omann)
  * Fixed Map configuration popup checkboxes not working and Root Node
  not populating (#543) (Jake Omann)
  * Fixed cleanup and deinit of neb modules on reload (#573) (Jake Omann)
- rebase nagios-4.2.2-enable-ppc64le.patch (allow ppc64le builds in
  contrib Makefile) to:
  nagios-4.4.3-enable-ppc64le.patch
* Mon Oct 15 2018 aeszter@gwdg.de
- install /var/spool/nagios setgid nagcmd so external applications
  like the webinterface can issue commands to nagios (boo#1028975)
* Mon Oct 15 2018 lars@linux-schulserver.de - 4.4.2
- update to 4.4.2
  * Fix comment data being duplicated after a `service nagios reload`
  or similar (#549) (Bryan Heden)
  * Fix check_interval and retry_interval not changing at the
  appropriate times (#551) (Scott Wilkerson)
  * Fixed passive checks sending recovery email when host was
  previously UP (#552) (Scott Wilkerson)
  * Fixed flapping comments duplication on nagios reload (#554)
  (Christian Jung)
  * Fix for CVE-2018-13441, CVE-2018-13458, CVE-2018-13457 null
  pointer dereference (Trevor McDonald) (boo#1101293, boo#1101289, boo#1101290)
  * Fixed syntax error in file: default-init.in (#558) (Christian Zettel)
  * Reset current notification number and state flags when the host recovers,
  reset all service variables when they recover fixes (#557) (Scott Wilkerson)
  * Fixed wrong counting of service status totals when showing
  servicegroup details (#548) (Christian Zettel, Bryan Heden)
  * Fixed avail.cgi not printing CSV output when checkbox is checked
  (for any type: host/service/hostgroup/servicegroup) (#570) (Bryan Heden)
  * Fixed nagios not logging SOFT state changes after 1 (Scott Wilkerson)
  4.4.1 - 2018-06-25
  * Revert some macro->kvvec changes causing problems when
  `enable_environment_macros` was enabled (Bryan Heden)
  * Adjust `process_macro_r` function logic so that it handles
  macros properly (Bryan Heden)
  * Fix spec file for systemd (Karsten Weiss, Fr3dY, Bryan Heden)
  * Fix bug where `ssize_t` typedef to int on some systems (Bryan Heden)
  4.4.0 - 2018-06-19
  ENHANCEMENTS
  * new status for check dependencies (John Frickson)
  * Allow more flexible requirements for comments (John Frickson)
  * Add a `statusCRITICALACK` class for the status column (John Frickson)
  * CSV output based on groups (all options) (John Frickson)
  * New Macro(s) to generate URL for host / service object to be
  used in notifications (John Frickson)
  * New Macro(s) to determine if host/service notifications are
  enabled (#419) (Bryan Heden)
  * New Macro(s) for obtaining the host/service notification
  periods (#350) (Bryan Heden)
  * enable_page_tour interface option (Bryan Heden)
  * Code cleanups in important sections (Workers, Handling Results) (Bryan Heden)
  * Automatic mail program detection (with same /bin/mail failback) (Bryan Heden)
  * Incorporated [autoconf-macros](https://github.com/NagiosEnterprises/autoconf-macros)
  into Core (Bryan Heden)
  * Lots of enhancements/additions to configure/make process. (Bryan Heden)
  + Moved all files to startup/
  + Added upstart job
  * Added system limit detection (RLIMIT_NPROC) to check for anticipated
  fork() failures (#434) (Bryan Heden)
  * Added stalking on notifications (`N` or `notifications` option when
  specifying `stalking_options`) (#342) (Bryan Heden)
  * Added automatic `systemctl daemon-reload` and `initctl reload-configuration`
  where applicable on `make install-init` (Bryan Heden)
  * Added case-insentive command submission. (#373) (Bryan Heden)
  * Enabled `check_external_commands` by default (Bryan Heden)
  FIXES
  * Command line macro detection skips potential macros with no ending
  dollar sign (Bryan Heden, Jake Omann)
  * Fixed a lockup condition sometimes encountered on shutdown or restart (Aaron Beck)
  * Fixed negative time offset calculations computing incorrectly sometimes (bbeutel)
  * Fixed reloads causing defunct (zombie) processes (#441) (Bryan Heden)
  * Fixed wait3(), wait4() implementations (replaced with waitpid()) (#326) (Bryan Heden)
  * Fixed additive inheritance not testing for duplicates in
  hosts/services/(+escalations) (#392) (Bryan Heden)
  * Fixed very very (around 600k chars or greater) large plugin
  output crashing Nagios (#432) (Bryan Heden)
  * Fixed first_notification_delay not beeing calculated from
  last_hard_state_change (#425) (Christian Zettel)
  * Fixed duplicate downtime ID occuring from downtimes in retention
  file (#506) (Franz [feisenko])
  * Fixed segfault when navbarsearch was used in status.cgi for something
  other than a host (#489) (Bryan Heden)
  * Fixed some miscellaneous ./configure issues on Solaris (Bryan Heden, Troy Lea)
  * Fixed "Locate host on map" link (#496) (Troy Lea)
  * Fixed service groups defined with unknown service members
  (that aren't first in the list) not erroring out (#500) (Bryan Heden)
  * Fixed tac.cgi to have consistent behavior with the other cgis (#481)
  (Bryan Heden, Matt Capra)
  * Fixed clear_host/service_flapping command logic to broker/notify
  properly (#525) (Bryan Heden, Karsten Weiss)
- removed upstreamed patches:
  + nagios-fix_spurious_dollar_signs_added_to_command_lines.patch
  + nagios-4.3.4-fix_memleak_4.3.3.diff
- refreshed patches:
  + nagios-4.0.6-remove-date-time.patch
  + nagios-4.1.0-add_KOHANNA.conf
  + nagios-4.2.2-enable-ppc64le.patch
  + nagios-disable_phone_home.patch
  + nagios-fix_encoding_trends.cgi.patch
  + nagios-output-length.patch
  + nagios-random_data.patch
* Tue Jun 05 2018 adaugherity@tamu.edu
- fix setting default values in nagios-exec-start-pre
Version: 4.3.4-bp150.1.3
* Thu Mar 08 2018 crrodriguez@opensuse.org
- remove unused xorg-x11-devel BuildRequires
* Tue Jan 30 2018 obs@botter.cc
- fix upstream issue #455, memleak introduced with 4.3.3
  nagios-4.3.4-fix_memleak_4.3.3.diff
* Fri Dec 01 2017 lars@linux-schulserver.de
- update to 4.1.0 fixed boo#939829 already, mentioned here just
  for reference
* Fri Dec 01 2017 lars@linux-schulserver.de
- fix a possible symlink attack for files/dirs created by root
  fixes CVE-2016-8641 (bsc#1011630 and bsc#1018047)
- remove the pre-configured administrative account with fixed
  password from the htpasswd file and provide an empty one instead
  (fixes boo#961115 - CVE-2016-0726)
* Thu Nov 23 2017 rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
* Thu Oct 12 2017 sbrabec@suse.com
- Do not introduce new RPM group just for nagios-contrib.
  Use established Development/Tools/Other instead.
* Wed Sep 13 2017 lars@linux-schulserver.de
- update to 4.3.4
  * Improved config file parsing (Mark Felder)
  * Fixed configure script to check for existence of /run for lock
    file (in regards to CVE-2017-12847, Bryan Heden)
  * Use absolute paths when deleting check results files (Emmanuel Dreyfus)
  * Add sanity checking in reassign_worker (sq5bpf)
  * xodtemplate.c wrong option-deprecation code warning (alex2grad / John Frickson)
  * On-demand host check always use cached host state (John Frickson)
  * 'á' causes Serivce Status Information to not be displayed (John Frickson)
  * New Macro(s) to generate URL for host / service object (John Frickson)
  * Fix minor map issues (Troy Lea)
  * Fix lockfile issues (Bryan Heden)
  * Switch order of daemon_init and drop_priveleges (CVE-2017-12847, Bryan Heden)
  * Add an OpenRC init script (Michael Orlitzky)
- only require insserv on older SUSE distributions
* Wed Jun 07 2017 lars@linux-schulserver.de
- update to 4.3.2
  FIXED
  * Every 15sec /var/log/messages is flooded with
    "nagios: set_environment_var" (John Frickson)
  * Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
  * `make all` fails if unzip is not installed (John Frickson)
  * Quick Search no longer allows search by Alias (John Frickson)
  * flexible downtime on a service immediately turns off notifications
    (John Frickson)
  * Fix to allow url_encode to be called twice (Z. Liu)
  * Update timeperiods.cfg.in (spelling) (Parth Laxmikant Kolekar)
  * Spelling fixes (Josh Soref)
  * Vent command pipe before remove to avoid deadlocks on
    writing end (Kai Kunstmann)
  * CGI utility cgiutil.c does not process relative config file
    path names properly (John Frickson)
  * xdata/xodtemplate.c bug in option-deprecation code (John Frickson)
  * Wildcard searching causes service status links to not work properly
    (John Frickson)
  * Quick search with no hits shows a permission denied error (John Frickson)
  * Setting a service as its own parent is not caught by the sanity
    checker (-v) and causes a segfault (John Frickson)
- removed nagios-4.3.1-remove-flooding-messages.patch (fixed upstream)
* Mon Mar 06 2017 obs@botter.cc
- fix upstream issue #337: remove debugging messages:
  nagios-4.3.1-remove-flooding-messages.patch
* Fri Feb 24 2017 lars@linux-schulserver.de
- Update to 4.3.1
  SECURITY FIXES
  * Fix for CVE-2016-6209 - The "corewindow" parameter (as in
    http://localhost/nagios?corewindow=www.somewhere.com) has been disabled by
    default. See the UPGRADING document for how to enable it. (John Frickson)
  FIXES
  * Service hard state generation and host hard or soft down status (John Frickson)
  * Comments are duplicated through Nagios reload (John Frickson)
  * host hourly value is incorrectly dumped as json boolean (John Frickson)
  * Bug - Quick Search no longer allows search by IP (John Frickson)
  * Config: status_update_interval can not be set to 1 (John Frickson)
  * Check attempts not increasing if nagios is reloaded (John Frickson)
  * nagios hangs on reload while sending external command to cmd file (John Frickson)
  * Feature Request: return code xxx out of bounds - include message as well (John Frickson)
  * Fix early event scheduling (pmalek / John Frickson)
  * on-demand host checks triggered by service checks cause attempt number increments (fredericve)
  * Service notification not being send when host is in soft down state (John Frickson)
  * configure does not error if no perl installed on CentOS 7 (John Frickson)
  * failed passive requests leave .ok files in checkresults dir (caronc)
  * Services don't show in status.cgi if "noheader" specified (John Frickson)
  * Standardized check interval config file names (John Frickson)
  * "Event Log" (showlog.cgi) could not open log file (John Frickson)
  * "nagios_check_command" has been deprecated since v3.0. Last vestiges
    removed (John Frickson)
  ENHANCEMENTS
  * Added new flag to cgi.cfg: tac_cgi_hard_only to show only HARD
    states (John Frickson)
  * Add broker-event for the end of a timed event (NEBTYPE_TIMEDEVENT_END) (John Frickson)
  * There is no Macro to retrieve addresses of hostgroup members
    (now $HOSTGROUPMEMBERADDRESSES$) (John Frickson)
  * Add "Page Tour" videos to several of the core web pages (John Frickson)
  * Added a login page, and a `Logoff` links (John Frickson)
  * On the status map, the host name will be colored if services are
    not all OK. (John Frickson)
  * Added "Clear flapping state" command on host and services
    detail pages. (John Frickson)
  * User-entered comment now displays below generated comment for
    downtime (John Frickson)
- refreshed patches
* Sun Dec 11 2016 lars@linux-schulserver.de
- update to 4.2.4
  SECURITY FIXES
  * Fixed another root privilege escalation (CVE-2016-9566) Thanks for
    bringing this to our attention go to Dawid Golunski
    (http://legalhackers.com).
* Tue Nov 29 2016 lars@linux-schulserver.de
- update to 4.2.3
  SECURITY FIXES
  * Fixed a root privilege escalation (CVE-2016-8641) (John Frickson)
  FIXES
  * external command during reload doesn't work (John Frickson)
  * Nagios provides no error condition as to why it fails on the
    verify for serviceescalation (John Frickson)
  * No root group in FreeBSD and Apple OS X (John Frickson)
  * jsonquery.html doesn't display scheduled_time_ok correctly (John Frickson)
  * daemon_dumps_core=1 has no effect on Linux when Nagios
    started as root (John Frickson)
  * Configuration check in hostgroup - misspelled hostname does
    not error (John Frickson)
  * contacts or contact_groups directive with no value should not
    be allowed (John Frickson)
  * Compile 64-bit on SPARC produces LD error (John Frickson)
  * HOSTSTATEID returns 0 even if host does not exist (John Frickson)
  * Submitting UNREACHABLE passive result for host sets it as DOWN
    if the host has no parents (John Frickson)
  * nagios: job XX (pid=YY): read() returned error 11 (changed from
    LOG_ERR to LOG_NOTICE) (John Frickson)
  * Fix for quick search not showing services if wildcard used
    (John Frickson)
* Wed Nov 09 2016 jengelh@inai.de
- use faster find variants
* Tue Nov 08 2016 lars@linux-schulserver.de
- allow ppc64le builds in contrib Makefile:
  nagios-4.2.2-enable-ppc64le.patch
* Tue Oct 25 2016 lars@linux-schulserver.de
- update to 4.2.2
  SECURITY
  + There was a fix to vulnerability CVE-2008-4796 in the 4.2.0 release
    on August 1, 2016. The fix was apparently incomplete, as there was
    still a problem. However, we are now getting all RSS feeds using AJAX
    calls instead of the (outdated) MagpieRSS package. Thanks for bringing
    this to our attention go to Dawid Golunski (http://legalhackers.com).
  ENHANCEMENTS
  + Update status.c to display passive check icon for hosts when
    passive checks are enabled and actives disabled
  FIXES
  + Fix permissions for Host Groups reports (status.cgi)
  + Service Parents does not appear to be functioning as intended
  + Availability report mixes up scheduled and unscheduled warning percentages
  + Invalid values for saved_stamp in comput_subject_downtime_times()
  + Remove deprecated ?framespacing?
  + The nagios tarball contains two identical jquery copies
  + extinfo.cgi does not set content-type (most cgi?s don?t)
  + Timeperiods are corrupted by external command CHANGE_SVC_CHECK_TIMEPERIOD
  + Quick search doesn?t show hosts without services (service status detail page)
  + In host/services details view, if exactly 100 entries would not show last one
  + nagios host URL parameter for NEW map doesn`t work ? Network Map for All Hosts
  + next_problem_id is improperly initialized
  + Passive problems not showing as ?unhandled?
  + September reported as Sept instead of Sep
  + Notifications are not sent for active alerts after scheduled downtime ends
  + Nagios 4.2.0 not working on Solaris
  + install-exfoliation and install-classicui don?t work FreeBSD and Mac OS X
  + Updated makefile to delete some no-longer-needed files
* Tue Sep 06 2016 lars@linux-schulserver.de
- update to 4.2.1
  FIXES
  + Fix undefined variable php error (John Frickson)
  + Links on the sidebar menu under 'Problems' are indented too far
  + Using $ARGn$ Macros in perfdata (John Frickson)
  + using a wildcard in search returns service status total all zero's
  + read_only does not take priority (deppy)
  + Running nagios -v on 4.2.0 takes 90+ seconds (John Frickson)
  + Missing Image for Host and Service State Trends in Availability Report
  + Maintain non-persistent comments through reload (John Frickson)
  + Servicegroup availability report ignores includesoftstates in
    service report links (PriceChild)
  + error: format not a string literal and no format arguments (Karsten Weiss)
- ignore rpmlint warnings about tmpfile creating/listing: this is
  handled, but not properly detected by rpmlnt
* Fri Sep 02 2016 lars.vogdt@suse.com
- update to 4.2.0
  SECURITY FIXES
  + Fixed vulnerability CVE-2008-4796 (John Frickson)
  + Fixed vulnerability CVE-2013-4214 (John Frickson)
  + web interface vulnerable to Cross-Site Request Forgery attacks
  ENHANCEMENTS
  + Increase socket queue length for listen()
  + Added host name to the website page title (leres / John Frickson)
  + Added additional icons for NetBSD and SuSE (John Frickson)
  + The new Status Map will now use cgi.cfg options (John Frickson)
    default_statusmap_layout will default to "6" for the new map
  + The new Status Map will now show some valid values in the
    popup for "Nagios Process" (John Frickson)
  FIXES
  + Network outage view without access to all hosts (John Frickson)
  + Core workers looping (John Frickson)
  + service query returns duplicate host_name and description
    fields in the returned data (John Frickson)
  + HTML output of plug-ins is parsed in wrong way => webgui
    unusable (John Frickson)
  + Command worker fails to handle SIGPIPE
  + "View Status" links under "Map" broken in Nagios Core
    Version 4.1.1 (John Frickson)
  + Can't send big buffer - wproc: Core Worker seems to be choked
  + Too big CPU load on FreeBSD and other systems using poll() interface
  + Flexible downtime recorded as unscheduled downtime (John Frickson)
  + Service Flexible downtimes produce 1 notification before entering
  + Once you "set flap_detection_enabled 0" it should remove flapping
    state from the host/services page (John Frickson)
  + New map doesn't finish loading if a logo image is not found
  + Extraneous Div end tag in map.html (Scott Wilkerson)
  + Issue with "Problems" section (John Frickson)
  + Status Map icons and online/offline status dots disappear in IE11
  + New network map overlays the nagios process with objects
  + Added Default-Start and Default-Stop to the init script
  + Compile / logging issues with BSD 6
  + Related to above, Fixed a lot of incorrectly handled
    time_t's in *printf's
  + New map not working for RU locale (actually, most locales)
  + Replaced all instances of signal() with sigaction() + blockig
  + UTF-8 characters like german ä are not processed properly by
    function url_encode (John Frickson)
  + nagios worker processes can hog CPU (huxley / John Frickson)
  + custom time periods that include special characters were not
    being handled in reports (John Frickson)
  + Fixed init script to wait up to 90 seconds then kill the
    nagios process (John Frickson)
  + No Host Groups results in wrong error message (John Frickson)
  + Setup Nagios users to view specific host is not working in the
    new network map (John Frickson)
  + statusjson.cgi fails glibc realloc truncate response output (John Frickson)
  + Report Time Period does not work if an @ character is in
    the timeperiod name (John Frickson)
  + State History does not use actual plugin long_output (John Frickson)
  + Time period corruption (xoubih)
  + Tactical Overview - Disabled Flap Detection Link (John Frickson)
- add /var/run/nagios as ghost directory
* Fri Oct 16 2015 adaugherity@tamu.edu
- Fix nagios-www: keep nagios-www-dch from owning html files shipped with
  Nagios.
- Remove unused NAGIOSDCH apache flag.
* Mon Sep 21 2015 aj@ajaissle.de
- Update to 4.1.1
  FIXES
  * CGI Could not read object configuration data (broken by error in 4.1.0)
  * exclude (!) not working (broken by mis-applied fix for 4.1.0)
- Dropped patch nagios-issue_71.patch (included in sources)
* Wed Sep 02 2015 archie@dellroad.org
- Add nagios-issue_71.patch
  * Fixes "CGI Could not read object configuration data" (boo#944102)