Control: tags -1 moreinfo On 2023-03-24 20:55:28 +0100, Jan Wagner wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: pkg-nagios-de...@lists.alioth.debian.org > Control: affects -1 + src:monitoring-plugins > > Please see these changes for monitoring-plugins. 2.3.3-4 is already uploaded > into unstable (containing one fix from upstream) but is blocked due missing > autopkgtests. I prepared another upload containing two fixes from upstream, > which is not uploaded yet. > > [ Reason ] > This release targets several fixes that should go into bookworm: > > * [953ee52] Adding d/p/13_check_icmp_improvements from upstream > * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream > * [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream
What's the rationale to include these patches? Do they fix bugs reported in the BTS or upstream? Cheers > > [ Impact ] > Included patches fixes regressions from latest upstream release. > > [ Tests ] > Upstream testsuite passes as well as Salsa CI > (https://salsa.debian.org/nagios-team/monitoring-plugins/-/pipelines/514242) > tests (ignoring the blhc). > > [ Risks ] > The code changes are trivial enough to not expect regressions. > > [ Checklist ] > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in testing > > [ Other info ] > > unblock monitoring-plugins/2.3.3-5 > diff --git a/debian/changelog b/debian/changelog > index caf2e31..c738c88 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,16 @@ > +monitoring-plugins (2.3.3-5) unstable; urgency=medium > + > + * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from > upstream > + * [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream > + > + -- Jan Wagner <w...@cyconet.org> Fri, 24 Mar 2023 19:16:16 +0000 > + > +monitoring-plugins (2.3.3-4) unstable; urgency=medium > + > + * [953ee52] Adding d/p/13_check_icmp_improvements from upstream > + > + -- Jan Wagner <w...@cyconet.org> Tue, 07 Mar 2023 13:29:35 +0000 > + > monitoring-plugins (2.3.3-3) unstable; urgency=medium > > * [15d0c56] Adding d/p/12_check_curl_improvements from upstream > diff --git a/debian/patches/13_check_icmp_improvements > b/debian/patches/13_check_icmp_improvements > new file mode 100644 > index 0000000..0eb2748 > --- /dev/null > +++ b/debian/patches/13_check_icmp_improvements > @@ -0,0 +1,200 @@ > +From 413af1955538b06803458c628099f1ba9da1966b Mon Sep 17 00:00:00 2001 > +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> > +Date: Fri, 4 Nov 2022 16:51:32 +0100 > +Subject: [PATCH 1/5] Remove trailing whitespaces > + > +--- > + plugins-root/check_icmp.c | 24 ++++++++++++------------ > + 1 file changed, 12 insertions(+), 12 deletions(-) > + > +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c > +index f8f153512..abd88c4e7 100644 > +--- a/plugins-root/check_icmp.c > ++++ b/plugins-root/check_icmp.c > +@@ -1,39 +1,39 @@ > + > /***************************************************************************** > +-* > ++* > + * Monitoring check_icmp plugin > +-* > ++* > + * License: GPL > + * Copyright (c) 2005-2008 Monitoring Plugins Development Team > + * Original Author : Andreas Ericsson <a...@op5.se> > +-* > ++* > + * Description: > +-* > ++* > + * This file contains the check_icmp plugin > +-* > ++* > + * Relevant RFC's: 792 (ICMP), 791 (IP) > +-* > ++* > + * This program was modeled somewhat after the check_icmp program, > + * which was in turn a hack of fping (www.fping.org) but has been > + * completely rewritten since to generate higher precision rta values, > + * and support several different modes as well as setting ttl to control. > + * redundant routes. The only remainders of fping is currently a few > + * function names. > +-* > +-* > ++* > ++* > + * This program is free software: you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation, either version 3 of the License, or > + * (at your option) any later version. > +-* > ++* > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > +-* > ++* > + * You should have received a copy of the GNU General Public License > + * along with this program. If not, see <http://www.gnu.org/licenses/>. > +-* > +-* > ++* > ++* > + > *****************************************************************************/ > + > + /* progname may change */ > + > +From 7d074091dba8c1d4081971bf62e694d0b1a03d41 Mon Sep 17 00:00:00 2001 > +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> > +Date: Fri, 4 Nov 2022 16:53:57 +0100 > +Subject: [PATCH 2/5] Remove hardcoded DBL_MAX definition > + > +--- > + plugins-root/check_icmp.c | 4 ---- > + 1 file changed, 4 deletions(-) > + > +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c > +index abd88c4e7..0d10d22db 100644 > +--- a/plugins-root/check_icmp.c > ++++ b/plugins-root/check_icmp.c > +@@ -95,10 +95,6 @@ const char *email = "de...@monitoring-plugins.org"; > + # define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 > + #endif > + > +-#ifndef DBL_MAX > +-# define DBL_MAX 9.9999999999e999 > +-#endif > +- > + typedef unsigned short range_t; /* type for get_range() -- unimplemented */ > + > + typedef struct rta_host { > + > +From 9a73a94258689cd9337fe7a7937fe85e4670aaeb Mon Sep 17 00:00:00 2001 > +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> > +Date: Fri, 4 Nov 2022 17:08:36 +0100 > +Subject: [PATCH 3/5] Replace DBL_MAX with INFITY to check if value was set > + > +--- > + plugins-root/check_icmp.c | 5 +++-- > + 1 file changed, 3 insertions(+), 2 deletions(-) > + > +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c > +index 0d10d22db..7f3c4b5ba 100644 > +--- a/plugins-root/check_icmp.c > ++++ b/plugins-root/check_icmp.c > +@@ -55,6 +55,7 @@ const char *email = "de...@monitoring-plugins.org"; > + #include <errno.h> > + #include <signal.h> > + #include <ctype.h> > ++#include <float.h> > + #include <net/if.h> > + #include <netinet/in_systm.h> > + #include <netinet/in.h> > +@@ -1220,7 +1221,7 @@ finish(int sig) > + host->rta / 1000, (float)warn.rta / 1000, > (float)crit.rta / 1000, > + (targets > 1) ? host->name : "", host->pl, warn.pl, > crit.pl, > + (targets > 1) ? host->name : "", (float)host->rtmax > / 1000, > +- (targets > 1) ? host->name : "", (host->rtmin < > DBL_MAX) ? (float)host->rtmin / 1000 : (float)0); > ++ (targets > 1) ? host->name : "", (host->rtmin < > INFINITY) ? (float)host->rtmin / 1000 : (float)0); > + > + host = host->next; > + } > +@@ -1323,7 +1324,7 @@ add_target_ip(char *arg, struct sockaddr_storage *in) > + memcpy(host_sin6->sin6_addr.s6_addr, sin6->sin6_addr.s6_addr, > sizeof host_sin6->sin6_addr.s6_addr); > + } > + > +- host->rtmin = DBL_MAX; > ++ host->rtmin = INFINITY; > + > + if(!list) list = cursor = host; > + else cursor->next = host; > + > +From d3a4bad51d72a3c5bcc06ceb5e0a823dcc24bf49 Mon Sep 17 00:00:00 2001 > +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> > +Date: Sun, 19 Feb 2023 14:31:21 +0100 > +Subject: [PATCH 4/5] check_icmp: Fix compiler warning > + > +This fixes a compiler warning with no real world impact. > +The compiler complains about a missing return, which is correct, but > +in that scenario the program would crash anyways, so this has no impact. > +--- > + plugins-root/check_icmp.c | 5 +++-- > + 1 file changed, 3 insertions(+), 2 deletions(-) > + > +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c > +index 7f3c4b5ba..317cd5357 100644 > +--- a/plugins-root/check_icmp.c > ++++ b/plugins-root/check_icmp.c > +@@ -1430,20 +1430,21 @@ set_source_ip(char *arg) > + static in_addr_t > + get_ip_address(const char *ifname) > + { > ++ // TODO: Rewrite this so the function return an error and we exit > somewhere else > ++ struct sockaddr_in ip; > + #if defined(SIOCGIFADDR) > + struct ifreq ifr; > +- struct sockaddr_in ip; > + > + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); > + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; > + if(ioctl(icmp_sock, SIOCGIFADDR, &ifr) == -1) > + crash("Cannot determine IP address of interface %s", ifname); > + memcpy(&ip, &ifr.ifr_addr, sizeof(ip)); > +- return ip.sin_addr.s_addr; > + #else > + errno = 0; > + crash("Cannot get interface IP address on this platform."); > + #endif > ++ return ip.sin_addr.s_addr; > + } > + > + /* > + > +From 423284edfa980fc3fdb51ab20af96685a988ba97 Mon Sep 17 00:00:00 2001 > +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> > +Date: Sun, 19 Feb 2023 14:34:29 +0100 > +Subject: [PATCH 5/5] check_icmp: Fix compiler warning > + > +This fixes a compiler warning which complains about an uninitialized > +value for a variable which is then returned. > +This had no real world impact, since the program would crash in the > +branch where result is not set. > +The variable is initialized to "-1" which would be the error for > +inet_pton. > +--- > + plugins-root/check_icmp.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c > +index 317cd5357..e59e92d33 100644 > +--- a/plugins-root/check_icmp.c > ++++ b/plugins-root/check_icmp.c > +@@ -1339,7 +1339,7 @@ add_target_ip(char *arg, struct sockaddr_storage *in) > + static int > + add_target(char *arg) > + { > +- int error, result; > ++ int error, result = -1; > + struct sockaddr_storage ip; > + struct addrinfo hints, *res, *p; > + struct sockaddr_in *sin; > diff --git a/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs > b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs > new file mode 100644 > index 0000000..7d1418a > --- /dev/null > +++ b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs > @@ -0,0 +1,211 @@ > +From 03f86b5d0809967855fbaafb4d600dc5b82081fa Mon Sep 17 00:00:00 2001 > +From: Andreas Baumann <m...@andreasbaumann.cc> > +Date: Tue, 7 Mar 2023 19:51:33 +0100 > +Subject: [PATCH 1/4] check_curl: in SSL host caching mode try to connect and > + bind and take the first getaddrinfo result which succeeds > + > +--- > + plugins/check_curl.c | 22 +++++++++++++++------- > + 1 file changed, 15 insertions(+), 7 deletions(-) > + > +diff --git a/plugins/check_curl.c b/plugins/check_curl.c > +index c37d45d91..e1bc98dc9 100644 > +--- a/plugins/check_curl.c > ++++ b/plugins/check_curl.c > +@@ -386,6 +386,7 @@ lookup_host (const char *host, char *buf, size_t buflen) > + struct addrinfo hints, *res, *result; > + int errcode; > + void *ptr; > ++ int s; > + > + memset (&hints, 0, sizeof (hints)); > + hints.ai_family = address_family; > +@@ -399,19 +400,26 @@ lookup_host (const char *host, char *buf, size_t > buflen) > + res = result; > + > + while (res) { > +- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); > +- switch (res->ai_family) { > +- case AF_INET: > +- ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; > ++ inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); > ++ switch (res->ai_family) { > ++ case AF_INET: > ++ ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; > ++ break; > ++ case AF_INET6: > ++ ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; > + break; > +- case AF_INET6: > +- ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; > +- break; > + } > ++ > + inet_ntop (res->ai_family, ptr, buf, buflen); > + if (verbose >= 1) > + printf ("* getaddrinfo IPv%d address: %s\n", > + res->ai_family == PF_INET6 ? 6 : 4, buf); > ++ > ++ if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == > -1) > ++ continue; > ++ if (bind (s, res->ai_addr, res->ai_addrlen == 0) ) > ++ break; > ++ > + res = res->ai_next; > + } > + > + > +From 2902381c5de01f69d61569b0c8dae6a92e2b9843 Mon Sep 17 00:00:00 2001 > +From: Barak Shohat <ba...@bazzisoft.com> > +Date: Wed, 8 Mar 2023 11:56:43 +0200 > +Subject: [PATCH 2/4] check_curl.c: Include all IPs from getaddrinfo() in curl > + DNS cache > + > +--- > + plugins/check_curl.c | 39 ++++++++++++++++++++++++++------------- > + 1 file changed, 26 insertions(+), 13 deletions(-) > + > +diff --git a/plugins/check_curl.c b/plugins/check_curl.c > +index e1bc98dc9..512fb88a6 100644 > +--- a/plugins/check_curl.c > ++++ b/plugins/check_curl.c > +@@ -384,9 +384,12 @@ int > + lookup_host (const char *host, char *buf, size_t buflen) > + { > + struct addrinfo hints, *res, *result; > ++ char addrstr[100]; > ++ size_t addrstr_len; > + int errcode; > + void *ptr; > + int s; > ++ size_t buflen_remaining = buflen - 1; > + > + memset (&hints, 0, sizeof (hints)); > + hints.ai_family = address_family; > +@@ -396,33 +399,40 @@ lookup_host (const char *host, char *buf, size_t > buflen) > + errcode = getaddrinfo (host, NULL, &hints, &result); > + if (errcode != 0) > + return errcode; > +- > ++ > ++ strcpy(buf, ""); > + res = result; > + > + while (res) { > +- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); > + switch (res->ai_family) { > + case AF_INET: > + ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; > + break; > + case AF_INET6: > + ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; > +- break; > ++ break; > + } > + > +- inet_ntop (res->ai_family, ptr, buf, buflen); > +- if (verbose >= 1) > ++ inet_ntop (res->ai_family, ptr, addrstr, 100); > ++ if (verbose >= 1) { > + printf ("* getaddrinfo IPv%d address: %s\n", > +- res->ai_family == PF_INET6 ? 6 : 4, buf); > ++ res->ai_family == PF_INET6 ? 6 : 4, addrstr); > ++ } > + > +- if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == > -1) > +- continue; > +- if (bind (s, res->ai_addr, res->ai_addrlen == 0) ) > +- break; > ++ // Append all IPs to buf as a comma-separated string > ++ addrstr_len = strlen(addrstr); > ++ if (buflen_remaining > addrstr_len + 1) { > ++ if (buf[0] != NULL) { > ++ strncat(buf, ",", 1); > ++ buflen_remaining -= 1; > ++ } > ++ strncat(buf, addrstr, buflen_remaining); > ++ buflen_remaining -= addrstr_len; > ++ } > + > + res = res->ai_next; > + } > +- > ++ > + freeaddrinfo(result); > + > + return 0; > +@@ -453,7 +463,7 @@ check_http (void) > + int i; > + char *force_host_header = NULL; > + struct curl_slist *host = NULL; > +- char addrstr[100]; > ++ char addrstr[DEFAULT_BUFFER_SIZE/2]; > + char dnscache[DEFAULT_BUFFER_SIZE]; > + > + /* initialize curl */ > +@@ -505,7 +515,7 @@ check_http (void) > + > + // fill dns resolve cache to make curl connect to the given > server_address instead of the host_name, only required for ssl, because we > use the host_name later on to make SNI happy > + if(use_ssl && host_name != NULL) { > +- if ( (res=lookup_host (server_address, addrstr, 100)) != 0) { > ++ if ( (res=lookup_host (server_address, addrstr, > DEFAULT_BUFFER_SIZE/2)) != 0) { > + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address > for '%s': getaddrinfo returned %d - %s"), > + server_address, res, gai_strerror (res)); > + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); > +@@ -800,6 +810,9 @@ check_http (void) > + /* free header and server IP resolve lists, we don't need it anymore */ > + curl_slist_free_all (header_list); header_list = NULL; > + curl_slist_free_all (server_ips); server_ips = NULL; > ++ if (host) { > ++ curl_slist_free_all (host); host = NULL; > ++ } > + > + /* Curl errors, result in critical Nagios state */ > + if (res != CURLE_OK) { > + > +From fc927e98db73850e760f490117ed36f2de20270c Mon Sep 17 00:00:00 2001 > +From: Andreas Baumann <m...@andreasbaumann.cc> > +Date: Wed, 8 Mar 2023 16:10:45 +0100 > +Subject: [PATCH 3/4] fixed a wrong compare and a wrong size in strncat > + > +--- > + plugins/check_curl.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/plugins/check_curl.c b/plugins/check_curl.c > +index 512fb88a6..cc17ef58a 100644 > +--- a/plugins/check_curl.c > ++++ b/plugins/check_curl.c > +@@ -422,8 +422,8 @@ lookup_host (const char *host, char *buf, size_t buflen) > + // Append all IPs to buf as a comma-separated string > + addrstr_len = strlen(addrstr); > + if (buflen_remaining > addrstr_len + 1) { > +- if (buf[0] != NULL) { > +- strncat(buf, ",", 1); > ++ if (buf[0] != '\0') { > ++ strncat(buf, ",", buflen_remaining); > + buflen_remaining -= 1; > + } > + strncat(buf, addrstr, buflen_remaining); > + > +From ea53555f2d6254da5fec0c1061899a01dd5321ec Mon Sep 17 00:00:00 2001 > +From: Andreas Baumann <m...@andreasbaumann.cc> > +Date: Sat, 11 Mar 2023 11:40:00 +0100 > +Subject: [PATCH 4/4] check_curl: removed a superflous variable > + > +--- > + plugins/check_curl.c | 1 - > + 1 file changed, 1 deletion(-) > + > +diff --git a/plugins/check_curl.c b/plugins/check_curl.c > +index cc17ef58a..e5be1ad56 100644 > +--- a/plugins/check_curl.c > ++++ b/plugins/check_curl.c > +@@ -388,7 +388,6 @@ lookup_host (const char *host, char *buf, size_t buflen) > + size_t addrstr_len; > + int errcode; > + void *ptr; > +- int s; > + size_t buflen_remaining = buflen - 1; > + > + memset (&hints, 0, sizeof (hints)); > diff --git a/debian/patches/15_check_swap_remove_includes > b/debian/patches/15_check_swap_remove_includes > new file mode 100644 > index 0000000..fb65026 > --- /dev/null > +++ b/debian/patches/15_check_swap_remove_includes > @@ -0,0 +1,23 @@ > +From 8a8ee58e8925019b7532e7d14ebe488bb21fb3e6 Mon Sep 17 00:00:00 2001 > +From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com> > +Date: Thu, 16 Mar 2023 15:26:52 +0100 > +Subject: [PATCH] check_swap: Remove unnecessary and problematic includes > + > +--- > + plugins/check_swap.c | 3 --- > + 1 file changed, 3 deletions(-) > + > +diff --git a/plugins/check_swap.c b/plugins/check_swap.c > +index a607da1e9..25d5f21d0 100644 > +--- a/plugins/check_swap.c > ++++ b/plugins/check_swap.c > +@@ -34,9 +34,6 @@ const char *email = "de...@monitoring-plugins.org"; > + #include "common.h" > + #include "popen.h" > + #include "utils.h" > +-#include <string.h> > +-#include <math.h> > +-#include <libintl.h> > + > + #ifdef HAVE_DECL_SWAPCTL > + # ifdef HAVE_SYS_PARAM_H > diff --git a/debian/patches/series b/debian/patches/series > index 7791bb8..3e14114 100644 > --- a/debian/patches/series > +++ b/debian/patches/series > @@ -4,3 +4,6 @@ > 10_check_http_chunked_wo_actual_content > 11_fallback_for_gnutls > 12_check_curl_improvements > +13_check_icmp_improvements > +14_check_curl_fix_SSL_with_multiple_IPs > +15_check_swap_remove_includes -- Sebastian Ramacher
