SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for nrpe-4.1.1-150400.95.2.x86_64.rpm :

* Wed Aug 07 2024 larsAATTlinux-schulserver.de- update to 4.1.1 + Use correct HUP signal for Solaris- introduced a simple check section
* Thu Feb 22 2024 dimstarAATTopensuse.org- Use %patch -P N instead of deprecated %patchN.
* Tue Feb 06 2024 larsAATTlinux-schulserver.de- update to 4.1.0 ENHANCEMENTS + Add support for OpenSSL 3 (and EL9/Debian 11/Ubuntu 22) + Allow tcpd/libwrap to be excluded from build when present on the system + Allow loading of full certificate chains + Change -u (connection issues return UNKNOWN) to include all SSL-layer failures. + Disable renegotiation and enforce server cipher order when using SSL + Verify that private keys match certificates when using SSL FIXES + Fixed incorrect default for nasty_metachars in nrpe.cfg + Fixed incorrect help text for --use-adh + Fixed potential out-of-bound read when used with IPv6- use system-user-nagios package to create the neccessary user and group- remove macros for old, unsupported SUSE versions- refresh patches: + nrpe-implicit_declaration.patch + nrpe-static_dh_parameters.patch + nrpe-4.0.4-silence_wrong_package_version_messages.patch- remove patches: + nrpe-disable-chkconfig_in_Makefile.patch (obsolete) + nrpe-improved_help.patch (fixed upstream) + nrpe_check_control.patch (better fix inside the spec file and use existing nagios macros)- remove obsolete nrpe-rpmlintrc
* Wed Nov 01 2023 msvecAATTsuse.com- Fixed SLES 12 build
* Thu Mar 16 2023 larsAATTlinux-schulserver.de- use getent to check if the nrpe port is already added to the services description in post-script (bsc#1205157)- remove xinetd snipplets on newer (>15.5) distributions: xinetd is not supported any longer
* Thu Oct 07 2021 larsAATTlinux-schulserver.de- follow /bin/bash -> /usr/bin/bash in the apparmor profile
* Mon Feb 15 2021 roAATTsuse.de- fix apparmor profile to allow /run as well as /var/run
* Thu Feb 04 2021 larsAATTlinux-schulserver.de- added nrpe-4.0.4-silence_wrong_package_version_messages.patch NRPE logs \'packet version was invalid\' and \'Could not read request from client\' if the NRPE version on the client does not match the one on the server side. This patch reduces the importance of the log entry to be just informal, which should silent most client logs, while it makes it still available for debugging.
* Fri Jan 22 2021 larsAATTlinux-schulserver.de- update to 4.0.3 ENHANCEMENTS
* Added TLSv1.3 and TLSv1.3+ support for systems that have it (Nigel Yong, Rahul Golam)
* Added IPv6 ip address to list of default allow_from hosts (Troy Lea)
* Added -D option to disable logging to syslog (Tom Griep, Sebastian Wolf)
* Added -3 option to force check_nrpe to use NRPE v3 packets
* OpenRC: provide a default path for nrpe.cfg (Michael Orlitzky)
* OpenRC: Use RC_SVCNAME over a hard-coded PID file (j-licht) FIXES
* Fixed nasty_metachars not being read from config file (#235) (Sebastian Wolf)
* Fixed buffer length calculations/writing past memory boundaries on some systems (#227, #228) (Andreas Baumann, hariwe, Sebastian Wolf)
* Fixed use of uninitialized variable when validating requests (#229) (hariwe, Sebastian Wolf)
* Fixed syslog flooding with CRC-checking errors when both plugin and agent were updated to version 4 (Sebastian Wolf)
* Checks for \'!\' now only occur inside the command buffer (Joni Eskelinen)
* NRPE daemon is more resilient to DOS attacks (Leonid Vasiliev)
* allowed_hosts will no longer test getaddrinfo records against the wrong protocol (dombenson)
* nasty_metachars will now handle C escape sequences properly when specified in the config file (Sebastian Wolf)
* Calculated packet sizes now struct padding/alignment when sending and receiving messages (Sebastian Wolf)
* Buffer sizes are now checked before use in packet size calculation (Sebastian Wolf)
* When using include_dir, individual files\' errors do not prevent the remaining files from being read (Sebastian Wolf)- refreshed the following patches:
* nrpe-implicit_declaration.patch
* nrpe-improved_help.patch
* nrpe_check_control.patch- renamed and refreshed the following patches/sources:
* nrpe-3.2.1-disable-chkconfig_in_Makefile.patch - > nrpe-disable-chkconfig_in_Makefile.patch
* nrpe-3.2.1-static_dh_parameters.patch - > nrpe-static_dh_parameters.patch
* nrpe-3.2.1-dh.h -> nrpe-dh.h- enhanced README.SUSE with some words about Apparmor- added an include directive in usr.sbin.nrpe apparmor config and a basic local/usr.sbin.nrpe file in the docu-directory
* Tue Jul 28 2020 kukukAATTsuse.com- Don\'t install SuSEfirewall2 service file, SuSEfirewall2 is gone
* Fri Feb 21 2020 larsAATTlinux-schulserver.de- nrpe.xml firewalld file is handled by firewalld package- Leap 15.1 is suse_version 1500 (thanks, dimstar)
* Mon Feb 03 2020 dimstarAATTopensuse.org- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut through the -mini flavors.
* Sun Mar 17 2019 larsAATTlinux-schulserver.de- Do not package nrpe.xml for Leap 15.0, as it is included in firewalld package there.
* Sun Feb 17 2019 larsAATTlinux-schulserver.de- add nrpe.xml snipplet for firewalld- still ship nrpe snipplet for SuSEfirewalld for now- use systemd files directly from upstream: + drop Requires=var-run.mount line from service file + drop nrpe.service + drop nrpe.socket + do not create tmpfiles.d/nrpe in spec any longer- handle migration from /etc/nagios/nrpe.cfg to /etc/nrpe.cfg also for systemd case (triggerun)- increase warn/crit level for processes to 350/400 in a default installation- added patch and dh.h file to NOT re-calculate dh.h parameters during each build (for reproducable builds). Can be enable/disable by setting the \'reproducable\' build condition. Default is: \"on\" for suse_version >= 15 + nrpe-3.2.1-static_dh_parameters.patch + nrpe-3.2.1-dh.h- use _rundir and _tmpfilesdir macros everywhere- do not create nagios user/group during install on (open)SUSE systems and rely on the files section here instead- rename nagios-nrpe-rpmlintrc and nagios-nrpe-SuSEfirewall2 to nrpe-rpmlintrc and nrpe-SuSEfirewall2- simplify rpmlintrc- build nrpe-doc package as noarch- specfile cleanup & remove other distribution specials- disable chkconfig call in Makefile on old distributions nrpe-3.2.1-disable-chkconfig_in_Makefile.patch
* Mon Jun 04 2018 larsAATTlinux-schulserver.de- only include %{_sysconfdir}/xinetd.d on newer distributions (fixes submission of this package as update for SLE12-SP4 and Leap 42.3 - boo#938906)
* Mon Mar 26 2018 dimstarAATTopensuse.org- Own %{_sysconfdir}/xinetd.d: filesystem won\'t own this directory much longer (boo#1084457).
* Fri Dec 15 2017 obsAATTbotter.cc- remove additional reference to removed nrpeAATT.service file
* Wed Dec 06 2017 larsAATTlinux-schulserver.de- remove unneeded nrpeAATT.service file- cleanup the %%pre/%%post commands
* Tue Dec 05 2017 roAATTsuse.de- update to 3.2.1: FIXES - Change seteuid error messages to warning/debug (Bryan Heden) - Fix segfault when no nrpe_user is specified (Stephen Smoogen, Bryan Heden) - Added additional strings to error messages to remove duplicates (Bryan Heden) - Fix nrpe.spec for rpmbuild (Bryan Heden) - Fix error for drop_privileges when using inetd (xalasys-luc, Bryan Heden)- update to 3.2.0: ENHANCEMENTS - Added max_commands definition to nrpe.cfg to rate limit simultaneous fork()ed children (Bryan Heden) - Added -E, --stderr-to-stdout options for check_nrpe to redirect output (Bryan Heden) - Added support for Gentoo init (Troy Lea AATTbox293) - Cleaned up code a bit, updated readmes and comments across the board (Bryan Heden) - Added -V, --version to nrpe and fixed the output (Bryan Heden) - Added different SSL error messages to be able to pinpoint where some SSL errors occured (Bryan Heden) - Updated logic in al parse_allowed_hosts (Bryan Heden) - Added builtin OpenSSL Engine support where available (Bryan Heden + AATTskrueger8) - Clean up compilation warnings (Bryan Heden) - Added more commented commands in nrpe.cfg (Bryan Heden) FIXES - Undefined check returns UNKNOWN (Bryan Heden) - Fix incompatibility with OpenSSL 1.1.0 via SECLEVEL distinction (Bryan Heden) - Fix ipv4 error in logfile even if address is ipv6 (Bryan Heden) - Fix improper valid/invalid certificate warnings (Bryan Heden)
* Tue Jul 25 2017 roAATTsuse.de- change prereq from /bin/logger to /usr/bin/logger except for code11 and older
* Mon May 29 2017 larsAATTlinux-schulserver.de- update to 3.1.1: FIXES - The \'--log-file=\' or \'-g\' option is missing from the help (John Frickson) - check_nrpe = segfault when specifying a config file (John Frickson) - Alternate log file not being used soon enough (John Frickson) - Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson) - Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson) - Can\'t build on Debian Stretch, openssl 1.1.0c (John Frickson) - Fix build failure with -Werror=format-security (Bas Couwenberg) - Fixed a typo in `nrpe.spec.in` (John Frickson) - More detailed error logging for SSL (John Frickson) - Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)- refreshed all patches
* Fri Apr 21 2017 roAATTsuse.de- require inet-daemon only if suse_version is set- call centos macros for systemd- drop Requires=var-run.mount line from service file on centos
* Fri Apr 21 2017 roAATTsuse.de- fix buildrequires for centos: - tcpd-devel is tcp_wrappers-devel - kerberos is krb5-devel
* Mon Apr 17 2017 larsAATTlinux-schulserver.de-update to 3.1.0: ENHANCEMENTS - Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson) - While processing \'include_dir\' statement, sort the files (Philippe Kueck / John Frickson) - nrpe can now write to a log file using \'log_file=\' in nrpe.cfg (John Frickson) - check_nrpe can now write to a log file using \'--log-file=\' or \'-g\' options (John Frickson) FIXES - Added missing debugging syslog entries, and changed printf()\'s to syslog()\'s. (Jobst Schmalenbach) - Fix help output for ssl option (configure) (Ruben Kerkhof) - Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe) - Changed the \'check_load\' command in nrpe.cfg.in (minusdavid) - Minor change to logging in check_nrpe (John Frickson) - Removed function `b64_decode` which wasn\'t being used (John Frickson) - check_nrpe ignores -a option when -f option is specified (John Frickson) - Added missing LICENSE file (John Frickson) - Off-by-one BO in my_system() (John Frickson) - Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg) - nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson) - \"Remote %s accepted a Version %s Packet\", please add to debug (John Frickson) - nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson) - Fixed a couple of typos in docs/NRPE.
* files (Ludmil Meltchev) - Changed release date to ISO format (yyyy-mm-dd) (John Frickson) - Fix systemd unit description (Bas Couwenberg) - Add reload command to systemd service file (Bas Couwenberg) - fix file not found error when updating version (Sven Nierlein) - Spelling fixes (Josh Soref) - Return UNKNOWN when check_nrpe cannot communicate with nrpe and -u set (John Frickson) - xinetd.d parameter causes many messages in log file (John Frickson) - Fixes for openssl 1.1.x (Stephen Smoogen / John Frickson) - PATH and other environment variables not set with numeric nrpe_user (John Frickson)- remove upstreamed patches: + nrpe-more_random.patch + nrpe-drop_privileges_before_writing_pidfile.patch + nrpe-3.0-Makefile_use_DESTDIR.patch- refreshed other patches
* Wed Dec 07 2016 larsAATTlinux-schulserver.de- correctly call the systemd macros for all systemd units
* Sun Oct 30 2016 jengelhAATTinai.de- Description updates
* Wed Oct 12 2016 roAATTsuse.de- add usr.sbin.nrpe as source12 (only example for now)- call tmpfiles_create in postinstall (bsc#1080637 and bsc#924649)- add /run/nrpe as ghost
* Wed Aug 10 2016 larsAATTlinux-schulserver.de- remove patches that are fixed upstream: + nagios-nrpe-buffersize.patch + nrpe-weird_output.patch
* Fri Jul 22 2016 larsAATTlinux-schulserver.de- update to 3.0: SECURITY- Fix for CVE-2014-2913- Added function to clean the environment before forking. (John Frickson) ENHANCEMENTS- Added support for optional config file to check_nrpe. With the new SSL parameters, the line was getting long. The config file is specified with - -config-file= or -f parameters. The config file must look like command line options, but the options can be on separate lines. It MUST NOT include --config-file (-f), --command (-c) or --args (-a). If any options are in both the config file and on the command line, the command line options are used.- Added \"nrpe-uninstall\" script to the same directory nrpe get installed to (John Frickson)- Added command-line option to prevent forking, since some of the init replacements (such as systemd, etc.) don\'t want daemons to fork (John Frickson)- Added listen_queue_size as configuration option (Vadim Antipov, Kaspersky Lab)- Reworked SSL/TLS. See the README.SSL.md file for full info. (John Frickson)- Added support for version 3 variable sized packets up to 64KB. nrpe will accept either version from check_nrpe. check_nrpe will try to send a version 3 packet first, and fall back to version 2. check_nrpe can be forced to only send version 2 packets if the switch `-2` is used. (John Frickson)- Added extended timeout syntax in the -t : format. (ABrist) FIXES- check_nrpe does not parse passed arguments correctly (John Frickson)- NRPE should not start if cannot write pid file (John Frickson)- Fixed out-of-bounds error (return code 255) for some failures (John Frickson)- Connection Timeout and Connection Refused messages need a new line (Andrew Widdersheim)- allowed_hosts doesn\'t work, if one of the hostnames can\'t be resolved by dns (John Frickson)- allowed_hosts doesn\'t work with a hostname resolving to an IPv6 address (John Frickson)- Return UNKNOWN when issues occur (Andrew Widdersheim)- NRPE returns OK if check can\'t be executed (Andrew Widdersheim)- sample configuration for check_load has crazy sample load avg (ernestoongaro)- deleted patches: + nrpe-xinetd.patch (fixed upstream) + nrpe-weird_output.patch (fixed in anothr way upstream)- refresh all other patches- added new patch: + nrpe-3.0-Makefile_use_DESTDIR.patch (allow DESTDIR)- added /usr/share/doc/packages/nrpe/examples/update-cfg.pl to allow easy upgrade of configuration file
* Sun Mar 29 2015 larsAATTlinux-schulserver.de- add missing (empty) argument to tmpfiles.d file
* Sun Jan 18 2015 larsAATTlinux-schulserver.de- add reload option to systemd service- let the tmpfiles config use the tmpdir macro to define the place of the tmpdir- use bcond for building with systemd support
 
ICM