--- nagios-nrpe-2.15.orig/debian/NEWS +++ nagios-nrpe-2.15/debian/NEWS @@ -0,0 +1,38 @@ +nagios-nrpe (2.15-1) unstable; urgency=high + + This update disables the command-args support in nrpe. The feature + has several security problems and is often used wrong. If you have to + use this feature recompile the package with --enable-command-args + in debian/rules. + + -- Alexander Wirt Tue, 15 Jul 2014 09:52:48 +0200 + +nagios-nrpe (2.12-4) unstable; urgency=low + + The pidfile creation mechanism changed with this update. If you do not + add "pid_file=/var/run/nagios/nrpe.pid" to you nrpe config take care that + the user "nagios" is able to write to your pidfile location. You can also + change the initscript to create the pid directory on your own. + + -- Alexander Wirt Tue, 07 Jul 2009 07:42:13 +0200 + +nagios-nrpe (2.12-3) unstable; urgency=low + + The homedirectory of the nagios user moved to /var/lib/nagios + which is now common on all nagios related packages. Its recommended + that you migrate an already existing nagios user to use /var/lib/nagios + as homedirectory. + + -- Alexander Wirt Sat, 21 Mar 2009 09:08:58 +0100 + +nagios-nrpe (2.4-1) unstable; urgency=low + + the nagios-nrpe-doc package is no longer provided. the documentation + can now be found in /usr/share/doc/nagios-nrpe-{server|plugins}. new + versions of the plugin and server packages conflict with the doc + package to prevent the old (and possibly incorrect in the future) + documentation from remaining. to fully purge all information about + the package you should run: + dpkg -P nagios-nrpe-doc + + -- sean finney Mon, 13 Mar 2006 15:47:47 +0100 --- nagios-nrpe-2.15.orig/debian/README.Debian +++ nagios-nrpe-2.15/debian/README.Debian @@ -0,0 +1,23 @@ +nrpe +---- + +Put any local check command you need into /etc/nagios/nrpe_local.cfg or +as a *.cfg file in /etc/nagios/nrpe.d/ +This files are included from the /etc/nagios/nrpe.cfg + +This package is built without support for command argument processing. If you +want to enable it, you will have to rebuild this package with +--enable-command-args in debian/rules. +The feature has several security problems and should not be used. If you +really need some dynamic argument processing try check_by_ssh or something +similar. + +Do not rely on SSL mode for security +------------------------------------ + +NRPE contains an SSL mode which encrypts the data over the NRPE channel. +The current implementation does not verify client or server and uses +pregenerated key data by default. It cannot be fixed right away because +it would break the existing NRPE protocol. + +Please refer to the file SECURITY in this directory for more information. --- nagios-nrpe-2.15.orig/debian/README.source +++ nagios-nrpe-2.15/debian/README.source @@ -0,0 +1,3 @@ +This package uses dpatch for its patch management, see +/usr/share/doc/dpatch/README.source.gz if you are unfamiliar with it. + --- nagios-nrpe-2.15.orig/debian/TODO +++ nagios-nrpe-2.15/debian/TODO @@ -0,0 +1,5 @@ +TODO +==== + + +Add a nagios-common package which ships a user and homedir --- nagios-nrpe-2.15.orig/debian/changelog +++ nagios-nrpe-2.15/debian/changelog @@ -0,0 +1,461 @@ +nagios-nrpe (2.15-1ubuntu2) yakkety; urgency=medium + + * Use dpkg-dev's hardening support instead of hardening-includes. + + -- Matthias Klose Thu, 29 Sep 2016 21:06:08 +0200 + +nagios-nrpe (2.15-1ubuntu1) utopic; urgency=low + + [ Liam Young ] + LP: #1348142 + * Merge from Debian unstable (2.15-1). Remaining changes: + - debian/{rules,control}: Add hardening-includes to gain PIE security + builds. + * Changes gained from Debian: + - 01_nodevrandom-and-docoptions.dpatch: Patch dropped. Debian are + no longer carrying this patch and it does not seem to be needed. + 'l' is now listed as a doc option and it seems that using urandom + for seeding srand is unlikely to realistically exhaust a machines + entropy as was mentioned in Debian Bug #333552. + - debian/patches/00list: 04_weird_output.dpatch dropped + - debian/patches/05_pid_privileges.dpatch: Patch now matches debian + - debian/patches/09_noremove_pid.dpatch: Patch now matches debian + + -- Liam Young Thu, 24 Jul 2014 12:39:39 +0100 + +nagios-nrpe (2.15-1) unstable; urgency=high + + * [f2cea9f] Imported Upstream version 2.15 + * [023e909] Disable command-args in nrpe. (Closes: #745272) + * [6369220] Use restorecon to set SE Linux context on $PIDDIR + (Closes: #679241) + * [a484e7d] Switch order of nagios-plugins recommends to prefer -basic. + (Closes: #752243) + * [b1ef043] Don't recommend a core implementation for the plugin + * [16dbf01] Remove obsolete patch + * [694b804] Remove luk from uploaders. (Closes: #719636) + * [28d9004] Remove obsolete patch + * [86ea67e] 08_CVE-2013-1362.dpatch is now obsolete + * [74e3b07] Refresh patches + * [1258ab2] Reword NEWS entry + * [744eec6] configure is buggy: --disable- in fact enables a feautre. + * [eec54b6] Adjust README.Debian for the removal or argument processing + + -- Alexander Wirt Tue, 15 Jul 2014 18:30:36 +0200 + +nagios-nrpe (2.15-0ubuntu1) trusty; urgency=medium + + * New upstream release (2.15). + * Updated patches: + - 01_nodevrandom-and-docoptions.dpatch + - 04_weird_output.dpatch + - 05_pid_privileges.dpatch + - 09_noremove_pid.dpatch + * Dropped patches (upstream): + - 08_CVE-2013-1362.dpatch + + -- Stéphane Graber Mon, 13 Jan 2014 11:34:11 -0500 + +nagios-nrpe (2.13-4) unstable; urgency=low + + * [dcffec6] Do not remove the PID file after a connection error. + Original patch from Hiren Patel. (Closes: #716949) + + -- Bernd Zeimetz Mon, 15 Jul 2013 16:07:54 +0200 + +nagios-nrpe (2.13-3.1ubuntu1) trusty; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/{rules,control}: Add hardening-includes to gain PIE security + builds. + - debian/rules: Use dpkg-buildflags. + + -- Michael Terry Tue, 29 Oct 2013 09:14:34 -0700 + +nagios-nrpe (2.13-3.1) unstable; urgency=low + + [ Ivo De Decker ] + * Non-maintainer upload. + * Remove Luk Claes from uploaders (Closes: #719636) + + [ KURASHIKI Satoru ] + * debian/patches/09_noremove_pid.dpatch: + - Do not remove the PID file after a connection error + (original patch from Hiren Patel). (Closes: #716949) + + -- Ivo De Decker Sat, 05 Oct 2013 20:23:24 +0200 + +nagios-nrpe (2.13-3ubuntu2) saucy; urgency=low + + * debian/patches/09_noremove_pid.dpatch: + - Do not remove the PID file after a connection error + (original patch from Hiren Patel). (LP: #1126890) + + -- Michael Terry Fri, 24 May 2013 17:01:05 -0400 + +nagios-nrpe (2.13-3ubuntu1) saucy; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/{rules,control}: Add hardening-includes to gain PIE security + builds. + - debian/rules: Use dpkg-buildflags. + + -- Michael Terry Tue, 30 Apr 2013 09:24:13 -0700 + +nagios-nrpe (2.13-3) unstable; urgency=high + + * [e55afd1] Add 08_CVE-2013-1362.dpatch patch. + If command arguments are enabled in the NRPE configuration, it was + possible to pass $() as arguments as the checking for nasty caracters + was not strict enough to catch $(). This allowed executing shell + commands under a subprocess and pass the output as a parameter to the + called script (if run under bash). CVE-2013-1362 (Closes: #701227) + + -- Alexander Wirt Sat, 09 Mar 2013 08:42:05 +0100 + +nagios-nrpe (2.13-2ubuntu1) raring; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/{rules,control}: Add hardening-includes to gain PIE security + builds. + - debian/rules: Use dpkg-buildflags. + + -- Logan Rosen Sun, 24 Feb 2013 15:29:43 -0500 + +nagios-nrpe (2.13-2) unstable; urgency=high + + [ Thijs Kinkhorst ] + * Add warning about the inadequateness of the 'ssl' option. + + -- Alexander Wirt Mon, 11 Feb 2013 17:45:20 +0100 + +nagios-nrpe (2.13-1ubuntu1) raring; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/{rules,control}: Add hardening-includes to gain PIE security + builds. + - debian/rules: Use dpkg-buildflags. + + -- Logan Rosen Sat, 02 Feb 2013 18:16:48 -0500 + +nagios-nrpe (2.13-1) unstable; urgency=low + + * [3e113b5] Imported Upstream version 2.13 + * [acc152b] Bump standards version + * [c707bce] Use dh9 for hardening + * Updated patches + + -- Alexander Wirt Sat, 30 Jun 2012 11:08:22 +0200 + +nagios-nrpe (2.12-6ubuntu2) quantal; urgency=low + + * Fixed compiler hardening configuration. (LP: #1000379) + + -- Bryan D. Payne Wed, 16 May 2012 17:29:52 +0000 + +nagios-nrpe (2.12-6ubuntu1) quantal; urgency=low + + [ Dmitrijs Ledkovs ] + * Merge with Debian; remaining changes: + - debian/{rules,control}: add hardening-includes to gain PIE + security builds. + - Use dpkg-buildflags. + * Changes gained from Debian: + - [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe + (LP: #896388) + + [ Stéphane Graber ] + * Drop useless diff file in source package (xxx) that was added by + mistake in a previous merge. + + -- Stéphane Graber Thu, 03 May 2012 09:55:10 -0400 + +nagios-nrpe (2.12-6) unstable; urgency=low + + * [36b1062] Add add icinga to the list of recommends + * [a698acb] Don't remove homedirectory of the nagios user (Closes: #665845) + * [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe + (Closes: #650464) + + -- Alexander Wirt Mon, 30 Apr 2012 09:25:45 +0200 + +nagios-nrpe (2.12-5ubuntu1) precise; urgency=low + + * Merge with Debian; remaining changes: + - debian/{rules,control}: add hardening-includes to gain PIE + security builds. + * Use dpkg-buildflags. + + -- Matthias Klose Tue, 18 Oct 2011 15:09:21 +0200 + +nagios-nrpe (2.12-5) unstable; urgency=low + + [ Alexander Wirt ] + * [e3af3bd] Bump compat to 8 + * [4f9e892] Add versioned depends to dpatch for sequence support + * [5ec5a3b] Install example nrpe_local.cfg + * [69ea7b9] Move rules file to dh + * [298f725] Use autotools_dev dh sequence helper + * [10da37d] Bump debhelper dependency to 8 + * [2b009ae] Bump standards version + * [4d093e3] Ignore usermod failure (Closes: #538894) + * [e776f7b] Use pidfile for start-stop-daemon and fix pidfile deletion + (Closes: #548157, #639523) + * [8050c97] Support multiarch in rulesfile (Closes: #642790) + * [027274f] Use pidfile for start-stop-daemon in start() + * [1f69c63] Support status in nrpe initscript + * [42ccdcc] Add a comment to nrpe.cfg that snipplets have to end .cfg + (Closes: #641933) + + [ Jan Wagner ] + * [0a80fdb] Update debian/README.Debian about conf.d/ + + -- Alexander Wirt Sun, 25 Sep 2011 08:35:48 +0200 + +nagios-nrpe (2.12-4ubuntu3) oneiric; urgency=low + + * Configure with --with-ssl-lib=. LP: #829434. + + -- Matthias Klose Thu, 25 Aug 2011 21:10:45 +0200 + +nagios-nrpe (2.12-4ubuntu2) oneiric; urgency=low + + * Rebuild for OpenSSL 1.0.0. + + -- Colin Watson Tue, 17 May 2011 12:16:15 +0100 + +nagios-nrpe (2.12-4ubuntu1) lucid; urgency=low + + * debian/{rules,control}: add hardening-includes to gain PIE + security builds. + * debian/control: Update maintainer according to spec. + + -- Chuck Short Thu, 07 Jan 2010 14:31:00 -0500 + +nagios-nrpe (2.12-4) unstable; urgency=low + + * Build against libwrap0-dev (Closes: #412705) + * Remove 'last modified header' from nrpe config (Closes: #499280) + * Create /etc/nagios/nrpe.d (Closes: #505700, #474333) + * Fix pidfile handling (Closes: #411046) + * Add newer config.{guess,sub} (Closes: #535737) + - Build-depend on autotools-dev + * Delete /var/lib/nagios if empty after purge (Closes: #527069) + * Bump standards version (add README.source) + * Bump dh_compat version (remove -k from dh_clean) + + -- Alexander Wirt Mon, 06 Jul 2009 07:08:26 +0200 + +nagios-nrpe (2.12-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix bashism (Closes: #530149). + + -- Raphael Geissert Sat, 04 Jul 2009 20:23:23 -0500 + +nagios-nrpe (2.12-3) unstable; urgency=low + + * Sync homedirectory of the nagios user with the nagios3 package + (Closes: #479051) + * Removed now empty nagios-nrpe-plugins.post* scripts + + -- Alexander Wirt Sat, 21 Mar 2009 09:33:39 +0100 + +nagios-nrpe (2.12-2) unstable; urgency=low + + * Add myself to uploaders. + * Clean buffer before use (Closes: #498749). + * Remove pid file before creating a new ones (Closes: #411046). + * Include inetd support (Closes: #409772). + + -- Luk Claes Sun, 14 Sep 2008 16:04:17 +0200 + +nagios-nrpe (2.12-1) unstable; urgency=low + + * Support an nrpe.d config directory in addition to nrpe_local.cfg + (Closes: #474333) + * Add myself to uploaders + * Add watch file + * New upstream version (Closes: #475081) + * Acknowledge NMU from Chris Lamb (Closes: #484412) + * Recommend Nagios 3 instead of Nagios 2 + * Update copyright file + * Use the same homedir as nagios3 (Closes: #479051) + + -- Alexander Wirt Wed, 06 Aug 2008 20:33:57 +0200 + +nagios-nrpe (2.8.1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix bashism in debian/rules (Closes: #484412) + * Bump Standards-Version to 3.8.0. + + -- Chris Lamb Sat, 12 Jul 2008 01:09:21 +0100 + +nagios-nrpe (2.8.1-1) unstable; urgency=low + + * New upstream release + * bump Recommends to nagios2, thanks to Henning Sprang + for suggesting this (closes: #399856). + * fix typo in package description, thanks to Tilman Koschnick for + noticing this (closes: #419130). + + -- sean finney Sat, 12 May 2007 12:27:30 +0200 + +nagios-nrpe (2.5.1-3) unstable; urgency=high + + * apparently we were already including another default file + without installing it, and some people were using it. so + now we include this one as well as the new default, with this + one taking precedence since it was there first. thanks to + Peter Palfrader for catching this (closes: #398914). + + -- sean finney Fri, 17 Nov 2006 09:17:55 +0100 + +nagios-nrpe (2.5.1-2) unstable; urgency=low + + * include a /etc/default/nagios-nrpe-server where variables + such as DAEMON_OPTS can be set (closes: #396709). + * bump standards version to 3.7.2 + * add pre-depends on adduser + * LSB-ize init script, and add dependency on lsb-base + + -- sean finney Sat, 04 Nov 2006 17:38:34 +0100 + +nagios-nrpe (2.5.1-1) unstable; urgency=low + + * new upstream release. includes fix from Peter Palfrader to catch + invalid free()'s when nrpe is called with --no-ssl (closes: #361233). + + -- sean finney Sun, 14 May 2006 21:38:48 -0500 + +nagios-nrpe (2.4-2) unstable; urgency=low + + [sean finney] + * removing nrpe_local.cfg caused trouble for some people, so + i've added it back in (closes: #360093). + + -- sean finney Fri, 31 Mar 2006 07:02:31 +0200 + +nagios-nrpe (2.4-1) unstable; urgency=low + + * new upstream release. + + [sean finney] + * (NEEDS TESTING) move away from cdbs for my own sanity. + * add build-dependency on dpatch. + * no longer create nrpe_local.cfg. no reason to have it. + * remove postinst script for nagios-nrpe-server, as all it + did was touch the previously mentioned file. + * upstream has incorporated the following patches: + - 02_global-cmd-prefix.dpatch + - 03_nrpe-trailing-whitespace.dpatch + * check_nrpe -h provides what "-a" does, but i've gone ahead and + added a comment in check_nrpe.cfg too, because it can't hurt + to do so :) (closes: #351714). + * no longer generate the nagios-nrpe-doc package, and move copies of + the documentation into the plugin and server packages. add a + Conflicts: nagios-nrpe-doc to the remaining packages to ensure + that the stale package doesn't remain. NEWS.Debian also mentions + this and instructs the admin to purge the package too. + + -- sean finney Tue, 24 Jan 2006 18:16:54 +0100 + +nagios-nrpe (2.2-1) unstable; urgency=low + + * new upstream release. + + [sean finney] + * debian packaging source repository is now migrated to svn. + * updated 01_nodevrandom-and-docoptions.dpatch and + 02_global-cmd-prefix.dpatch to apply against the latest + upstream version. + * nrpe.cfg has moved location in the upstream tarball. + * introduced 03_nrpe-trailing-whitespace.dpatch to fix regression + in config file parsing until upstream incorporates it. + + -- sean finney Tue, 24 Jan 2006 17:52:54 +0100 + +nagios-nrpe (2.0-9) unstable; urgency=low + + * Sean Finney: + - nagios-nrpe has now joined forces with the debian pkg-nagios + project, updated Maintainer and Uploaders field accordingly. + - provide check_nrpe_1arg command definition so that one can call + check_nrpe both with and without arguments to the cmds + (closes: #248424). + - changed nagios-nrpe-server's Recommends on nagios-plugins to reflect + the upcoming new nagios-plugins layout. + - changed nagios-nrpe-plugin's Depends on nagios to a Recommends. + - building issues seem to be resolved on arm now (closes: #259442). + - updated Standards-Version to 3.6.2 + - included patch from joerg and weasel to document some cmdline options + and provide a better alternative to reading a random byte from + /dev/random (closes: #333552). + - included "global command prefix" patch from joerg jaspert + (closes: #332253). + + -- sean finney Tue, 25 Oct 2005 10:04:59 -0400 + +nagios-nrpe (2.0-8) unstable; urgency=low + + * debian/control: change depends on nagios-plugins, to recommends. + (closes: #327199) + + -- Jason Thomas Mon, 10 Oct 2005 08:07:57 +1000 + +nagios-nrpe (2.0-7) unstable; urgency=high + + * The previous upload fixes a bug that breaks the install of this package so + this is a new upload with a high urgency to try and get it into sarge. + + -- Jason Thomas Thu, 19 Aug 2004 22:47:40 +1000 + +nagios-nrpe (2.0-6) unstable; urgency=low + + * nagios plugin config dir changed to etc/nagios-plugins/configs/ + (closes: #266826) + + -- Jason Thomas Thu, 19 Aug 2004 21:17:28 +1000 + +nagios-nrpe (2.0-5) unstable; urgency=low + + * debian/nagios-nrpe-server.preinst: added code to create nagios user and + group. + (closes: #248995, #241168) + + -- Jason Thomas Sat, 15 May 2004 12:02:35 +1000 + +nagios-nrpe (2.0-4) unstable; urgency=low + + * debian/nagios-nrpe-server.init.d: added missing -d to restart. + (closes: #248797) + * debian/nrpe.1: renamed to nrpe.8 + * debian/nagios-nrpe-server.manpages: changed nrpe.1 to nrpe.8 + * debian/dirs: deleted it as its not needed. + + -- Jason Thomas Fri, 14 May 2004 14:05:03 +1000 + +nagios-nrpe (2.0-3) unstable; urgency=low + + * debian/nagios-nrpe-server.init.d: added --oknodo to stop commands which + will make upgrades and purges clean. + + -- Jason Thomas Wed, 24 Mar 2004 13:09:00 +1100 + +nagios-nrpe (2.0-2) unstable; urgency=low + + * debian/control: added build-depends cdbs + (closes: #230943) + * debian/control: nagios-nrpe-server now conflicts netsaint-nrpe-server + (closes: #230303) + + -- Jason Thomas Wed, 11 Feb 2004 09:27:01 +1100 + +nagios-nrpe (2.0-1) unstable; urgency=low + + * Initial Release. + (closes: #209124) + + -- Jason Thomas Wed, 14 Jan 2004 16:13:36 +1100 + --- nagios-nrpe-2.15.orig/debian/check_nrpe.cfg +++ nagios-nrpe-2.15/debian/check_nrpe.cfg @@ -0,0 +1,11 @@ +# this command runs a program $ARG1$ with arguments $ARG2$ +define command { + command_name check_nrpe + command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ +} + +# this command runs a program $ARG1$ with no arguments +define command { + command_name check_nrpe_1arg + command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ +} --- nagios-nrpe-2.15.orig/debian/compat +++ nagios-nrpe-2.15/debian/compat @@ -0,0 +1 @@ +9 --- nagios-nrpe-2.15.orig/debian/control +++ nagios-nrpe-2.15/debian/control @@ -0,0 +1,37 @@ +Source: nagios-nrpe +Section: net +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Nagios Maintainer Group +Uploaders: sean finney , Jason Thomas , Alexander Wirt +Build-Depends: debhelper (>= 9), openssl, dpatch (>= 2.0.32~), libssl-dev, libwrap0-dev, autotools-dev (>= 20100122.1) +Standards-Version: 3.9.5 + +Package: nagios-nrpe-server +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-3) +Pre-Depends: adduser +Conflicts: nagios-nrpe-doc +Recommends: nagios-plugins-basic | nagios-plugins +Description: Nagios Remote Plugin Executor Server + Nagios is a host/service/network monitoring and management system. + . + The purpose of this addon is to allow you to execute Nagios plugins on a + remote host in as transparent a manner as possible. + . + This program runs as a background process on the remote host and processes + command execution requests from the check_nrpe plugin on the Nagios host. + +Package: nagios-nrpe-plugin +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: nagios-nrpe-doc +Description: Nagios Remote Plugin Executor Plugin + Nagios is a host/service/network monitoring and management system. + . + The purpose of this addon is to allow you to execute Nagios plugins on a + remote host in as transparent a manner as possible. + . + This is a plugin that is run on the Nagios host and is used to contact the + NRPE process on remote hosts. + --- nagios-nrpe-2.15.orig/debian/copyright +++ nagios-nrpe-2.15/debian/copyright @@ -0,0 +1,37 @@ +This package was debianized by Jason Thomas on +Wed, 14 Jan 2004 16:13:36 +1100. + +It was downloaded from http://www.nagios.org/download/extras.php + +Current Debian Maintainers: The nagios packaging team + http://alioth.debian.org/projects/pkg-nagios/ + +Mailing-List: + pkg-nagios-devel@lists.alioth.debian.org + +Upstream Author: Ethan Galstad (nagios@nagios.org) + +Copyright (c) 1999-2009 Ethan Galstad (nagios@nagios.org) + +License: + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +On Debian systems, the complete text of the GNU General Public +License can be found in /usr/share/common-licenses/GPL. + +There is an exception in the sourcecode for linking against openssl: + + This program is released under the GPL (see below) with the additional + exemption that compiling, linking, and/or using OpenSSL is allowed. + +The file src/snprintf.c is Copyright 1995 by Patrick Powell + +This code is based on code written by Patrick Powell (papowell@astart.com) +It may be used for any purpose as long as this notice remains intact +on all source code distributions + + --- nagios-nrpe-2.15.orig/debian/dirs +++ nagios-nrpe-2.15/debian/dirs @@ -0,0 +1 @@ +/etc/nagios/nrpe.d --- nagios-nrpe-2.15.orig/debian/docs +++ nagios-nrpe-2.15/debian/docs @@ -0,0 +1,3 @@ +README +LEGAL +SECURITY --- nagios-nrpe-2.15.orig/debian/nagios-nrpe-plugin.install +++ nagios-nrpe-2.15/debian/nagios-nrpe-plugin.install @@ -0,0 +1,2 @@ +src/check_nrpe usr/lib/nagios/plugins/ +debian/check_nrpe.cfg etc/nagios-plugins/config/ --- nagios-nrpe-2.15.orig/debian/nagios-nrpe-plugin.postrm +++ nagios-nrpe-2.15/debian/nagios-nrpe-plugin.postrm @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +if [ "$1" = purge ]; then + test -d /var/lib/nagios && rmdir /var/lib/nagios || true #ignore non-failure errors +fi + +#DEBHELPER# + --- nagios-nrpe-2.15.orig/debian/nagios-nrpe-server.default +++ nagios-nrpe-2.15/debian/nagios-nrpe-server.default @@ -0,0 +1,12 @@ +# defaults file for nagios-nrpe-server +# (this file is a /bin/sh compatible fragment) + +# DAEMON_OPTS are any extra cmdline parameters you'd like to +# pass along to the nrpe daemon +#DAEMON_OPTS="--no-ssl" + +# NICENESS is if you want to run the server at a different nice() priority +#NICENESS=5 + +# INETD is if you want to run the server via inetd (default=0, run as daemon) +#INETD=0 --- nagios-nrpe-2.15.orig/debian/nagios-nrpe-server.init +++ nagios-nrpe-2.15/debian/nagios-nrpe-server.init @@ -0,0 +1,85 @@ +#! /bin/sh +# + +### BEGIN INIT INFO +# Provides: nagios-nrpe-server +# Required-Start: $local_fs $remote_fs $syslog $named $network $time +# Required-Stop: $local_fs $remote_fs $syslog $named $network +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start/Stop the Nagios remote plugin execution daemon +### END INIT INFO + + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nrpe +NAME=nagios-nrpe +DESC=nagios-nrpe +CONFIG=/etc/nagios/nrpe.cfg +PIDDIR=/var/run/nagios + +test -x $DAEMON || exit 0 + +if ! [ -x "/lib/lsb/init-functions" ]; then + . /lib/lsb/init-functions +else + echo "E: /lib/lsb/init-functions not found, lsb-base (>= 3.0-6) needed" + exit 1 +fi + +# Include nagios-nrpe defaults if available +if [ -f /etc/default/nagios-nrpe-server ] ; then + . /etc/default/nagios-nrpe-server +fi +# we also used to include this file, so if it's there +# we include it as well +if [ -f /etc/default/nagios-nrpe ]; then + . /etc/default/nagios-nrpe +fi +if [ "$NICENESS" ]; then NICENESS="-n $NICENESS"; fi + +#since /var/run can be wiped completly we create our run directory here +if [ ! -d "$PIDDIR" ]; then + mkdir "$PIDDIR" + chown nagios "$PIDDIR" + [ -x /sbin/restorecon ] && /sbin/restorecon "$PIDDIR" +fi + +set -e + +case "$1" in + start) + if [ "$INETD" = 1 ]; then + exit 1 + fi + log_daemon_msg "Starting $DESC" "$NAME" + start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON -c $CONFIG -d $DAEMON_OPTS + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDDIR/nrpe.pid --retry 15 + log_end_msg $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration files" "$NAME" + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDDIR/nrpe.pid + log_end_msg $? + ;; + status) + status_of_proc -p $PIDDIR/nrpe.pid "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + *) + log_failure_msg "Usage: $N {start|stop|restart|reload|force-reload}" + exit 1 + ;; +esac + +exit 0 --- nagios-nrpe-2.15.orig/debian/nagios-nrpe-server.install +++ nagios-nrpe-2.15/debian/nagios-nrpe-server.install @@ -0,0 +1,3 @@ +src/nrpe usr/sbin +sample-config/nrpe.cfg etc/nagios +debian/nrpe_local.cfg etc/nagios --- nagios-nrpe-2.15.orig/debian/nagios-nrpe-server.manpages +++ nagios-nrpe-2.15/debian/nagios-nrpe-server.manpages @@ -0,0 +1 @@ +debian/nrpe.8 --- nagios-nrpe-2.15.orig/debian/nagios-nrpe-server.preinst +++ nagios-nrpe-2.15/debian/nagios-nrpe-server.preinst @@ -0,0 +1,55 @@ +#! /bin/sh +# preinst script for nagios-nrpe-server +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + if id nagios >/dev/null 2>&1 ; then + # We have a nagios user. + if [ `id nagios -g -n` != "nagios" ] ; then + addgroup --system nagios || true + #this can fail sometimes (i.e. with LDAP) so ignore it + usermod -g nagios nagios || true + fi + else + adduser --system --group --home /var/lib/nagios --quiet nagios + fi + +# if [ "$1" = "upgrade" ] +# then +# start-stop-daemon --stop --quiet --oknodo \ +# --pidfile /var/run/bud.pid \ +# --exec /usr/sbin/bud 2>/dev/null || true +# fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- nagios-nrpe-2.15.orig/debian/nrpe.8 +++ nagios-nrpe-2.15/debian/nrpe.8 @@ -0,0 +1,52 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH NAGIOS-NRPE 8 "January 14, 2004" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +nrpe \- Nagios Remote Plugin Executor - Server +.SH SYNOPSIS +.B nagios-nrpe +\fI-c \fR +.SH DESCRIPTION +.PP +The purpose of this addon is to allow you to execute Nagios plugins on a +remote host in as transparent a manner as possible. +.PP +This program runs as a background process on the remote host and processes +command execution requests from the check_nrpe plugin on the Nagios host. +.SH OPTIONS +.IP + = Name of config file to use +.IP + = One of the following two operating modes: +.TP +\fB\-i\fR += Run as a service under inetd or xinetd +.TP +\fB\-d\fR += Run as a standalone daemon +.PP +Notes: +This program is designed to process requests from the check_nrpe +plugin on the host(s) running Nagios. It can run as a service +under inetd or xinetd (read the docs for info on this), or as a +standalone daemon. Once a request is received from an authorized +host, NRPE will execute the command/plugin (as defined in the +config file) and return the plugin output and return code to the +check_nrpe plugin. +.SH AUTHOR +This manual page was written by Jason Thomas , +for the Debian project (but may be used by others). --- nagios-nrpe-2.15.orig/debian/nrpe_local.cfg +++ nagios-nrpe-2.15/debian/nrpe_local.cfg @@ -0,0 +1,3 @@ +###################################### +# Do any local nrpe configuration here +###################################### --- nagios-nrpe-2.15.orig/debian/patches/00list +++ nagios-nrpe-2.15/debian/patches/00list @@ -0,0 +1,6 @@ +02_nrpe.cfg_local-include.dpatch +03_support_nrpe.d.dpatch +05_pid_privileges.dpatch +06_pid_directory.dpatch +07_warn_ssloption.dpatch +09_noremove_pid.dpatch --- nagios-nrpe-2.15.orig/debian/patches/02_nrpe.cfg_local-include.dpatch +++ nagios-nrpe-2.15/debian/patches/02_nrpe.cfg_local-include.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02_nrpe.cfg_local-include.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support nrpe_local.cfg + +@DPATCH@ +diff -urNad nagios-nrpe-2.4~/sample-config/nrpe.cfg.in nagios-nrpe-2.4/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.4~/sample-config/nrpe.cfg.in 2006-02-03 23:02:32.000000000 +0100 ++++ nagios-nrpe-2.4/sample-config/nrpe.cfg.in 2006-03-31 07:07:16.000000000 +0200 +@@ -178,3 +178,8 @@ + #command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$ + #command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ + #command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ ++ ++# ++# local configuration: ++# if you'd prefer, you can instead place directives here ++include=/etc/nagios/nrpe_local.cfg --- nagios-nrpe-2.15.orig/debian/patches/03_support_nrpe.d.dpatch +++ nagios-nrpe-2.15/debian/patches/03_support_nrpe.d.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_support_nrpe.d.dpatch by Alexander Wirt +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support an nrpe.d directory + +@DPATCH@ +diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2008-04-15 23:53:48.000000000 +0200 ++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2008-04-15 23:54:48.000000000 +0200 +@@ -211,3 +211,9 @@ + # local configuration: + # if you'd prefer, you can instead place directives here + include=/etc/nagios/nrpe_local.cfg ++ ++# ++# you can place your config snipplets into nrpe.d/ ++# only snipplets ending in .cfg will get included ++include_dir=/etc/nagios/nrpe.d/ ++ ++ --- nagios-nrpe-2.15.orig/debian/patches/04_weird_output.dpatch +++ nagios-nrpe-2.15/debian/patches/04_weird_output.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_weird_output.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Clean buffer before use + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2012-04-30 09:36:53.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2012-04-30 09:52:47.890535825 +0200 +@@ -1107,6 +1107,9 @@ + /* disable connection alarm - a new alarm will be setup during my_system */ + alarm(0); + ++ // null buffer before using it! ++ memset(buffer,0,sizeof(buffer)); ++ + /* if this is the version check command, just spew it out */ + if(!strcmp(command_name,NRPE_HELLO_COMMAND)){ + --- nagios-nrpe-2.15.orig/debian/patches/05_pid_privileges.dpatch +++ nagios-nrpe-2.15/debian/patches/05_pid_privileges.dpatch @@ -0,0 +1,27 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 05_pid_privileges.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2014-05-23 20:42:27.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2014-07-15 14:09:45.027422047 +0200 +@@ -317,13 +317,13 @@ + /* log info to syslog facility */ + syslog(LOG_NOTICE,"Starting up daemon"); + ++ /* drop privileges */ ++ drop_privileges(nrpe_user,nrpe_group); ++ + /* write pid file */ + if(write_pid_file()==ERROR) + return STATE_CRITICAL; + +- /* drop privileges */ +- drop_privileges(nrpe_user,nrpe_group); +- + /* make sure we're not root */ + check_privileges(); + --- nagios-nrpe-2.15.orig/debian/patches/06_pid_directory.dpatch +++ nagios-nrpe-2.15/debian/patches/06_pid_directory.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_pid_directory.dpatch by Alexander Wirt +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in +--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in 2007-03-09 19:08:58.000000000 +0100 ++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in 2009-07-06 07:43:09.000000000 +0200 +@@ -16,7 +16,7 @@ + # number. The file is only written if the NRPE daemon is started by the root + # user and is running in standalone mode. + +-pid_file=/var/run/nrpe.pid ++pid_file=/var/run/nagios/nrpe.pid + + + --- nagios-nrpe-2.15.orig/debian/patches/07_warn_ssloption.dpatch +++ nagios-nrpe-2.15/debian/patches/07_warn_ssloption.dpatch @@ -0,0 +1,30 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 07_warn_ssloption.dpatch by Thijs Kinkhorst +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Warn against inadequateness of NRPE's own SSL option. + +--- a/SECURITY 2013-02-10 15:07:18.000000000 +0100 ++++ b/SECURITY 2013-02-10 15:08:50.000000000 +0100 +@@ -67,14 +67,17 @@ + ---------- + + If you do enable support for command arguments in the NRPE daemon, +-make sure that you encrypt communications either by using: +- +- 1. Stunnel (see http://www.stunnel.org for more info) +- 2. Native SSL support ++make sure that you encrypt communications either by using, for ++example, Stunnel (see http://www.stunnel.org for more info). + + Do NOT assume that just because the daemon is behind a firewall + that you are safe! Always encrypt NRPE traffic! + ++NOTE: the currently shipped native SSL support of NRPE is not an ++adequante protection, because it does not verify clients and ++server, and uses pregenerated key material. NRPE's SSL option is ++advised against. For more information, see Debian bug #547092. ++ + + USING ARGUMENTS + --------------- --- nagios-nrpe-2.15.orig/debian/patches/09_noremove_pid.dpatch +++ nagios-nrpe-2.15/debian/patches/09_noremove_pid.dpatch @@ -0,0 +1,34 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 09_noremove_pid.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Do not remove the PID file after a connection error (original patch +## DP: from Hiren Patel) + +# Author: Hiren Patel +# From: http://comments.gmane.org/gmane.network.nagios.devel/6774 +# Bug-Debian: #716949 +# Bug-Ubuntu: https://launchpad.net/bugs/1126890 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c +--- pkg-nrpe~/src/nrpe.c 2014-07-15 14:20:02.000000000 +0200 ++++ pkg-nrpe/src/nrpe.c 2014-07-15 14:20:55.775429979 +0200 +@@ -998,7 +998,7 @@ + /* close socket prioer to exiting */ + close(sock); + +- return; ++ exit(STATE_CRITICAL); + } + + /* handle signals */ +@@ -1022,7 +1022,7 @@ + /* close socket prior to exiting */ + close(new_sd); + +- return; ++ exit(STATE_CRITICAL); + } + + /* is this is a blessed machine? */ --- nagios-nrpe-2.15.orig/debian/rules +++ nagios-nrpe-2.15/debian/rules @@ -0,0 +1,28 @@ +#!/usr/bin/make -f + +# newer dpkg set this by default. +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +# Include dpatch stuff. +include /usr/share/dpatch/dpatch.make + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +CFLAGS := $(shell dpkg-buildflags --get CFLAGS) +CXXFLAGS := $(shell dpkg-buildflags --get CXXFLAGS) +LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) + +%: + dh $@ --with dpatch,autotools_dev + +override_dh_auto_configure: + CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \ + --prefix=/usr \ + --enable-ssl \ + --with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib/nagios/plugins \ + --libdir=/usr/lib/nagios + +override_dh_auto_install: --- nagios-nrpe-2.15.orig/debian/watch +++ nagios-nrpe-2.15/debian/watch @@ -0,0 +1,3 @@ +version=3 + +http://sf.net/nagios/nrpe-([0-9.]+).tar.gz --- nagios-nrpe-2.15.orig/xxx +++ nagios-nrpe-2.15/xxx @@ -0,0 +1,234 @@ +diff -pruN 2.15-1/debian/changelog 2.15-1ubuntu1/debian/changelog +--- 2.15-1/debian/changelog 2014-07-25 13:07:59.000000000 +0000 ++++ 2.15-1ubuntu1/debian/changelog 2014-07-25 13:07:59.000000000 +0000 +@@ -1,3 +1,22 @@ ++nagios-nrpe (2.15-1ubuntu1) utopic; urgency=low ++ ++ [ Liam Young ] ++ LP: #1348142 ++ * Merge from Debian unstable (2.15-1). Remaining changes: ++ - debian/{rules,control}: Add hardening-includes to gain PIE security ++ builds. ++ * Changes gained from Debian: ++ - 01_nodevrandom-and-docoptions.dpatch: Patch dropped. Debian are ++ no longer carrying this patch and it does not seem to be needed. ++ 'l' is now listed as a doc option and it seems that using urandom ++ for seeding srand is unlikely to realistically exhaust a machines ++ entropy as was mentioned in Debian Bug #333552. ++ - debian/patches/00list: 04_weird_output.dpatch dropped ++ - debian/patches/05_pid_privileges.dpatch: Patch now matches debian ++ - debian/patches/09_noremove_pid.dpatch: Patch now matches debian ++ ++ -- Liam Young Thu, 24 Jul 2014 12:39:39 +0100 ++ + nagios-nrpe (2.15-1) unstable; urgency=high + + * [f2cea9f] Imported Upstream version 2.15 +@@ -18,6 +37,19 @@ nagios-nrpe (2.15-1) unstable; urgency=h + + -- Alexander Wirt Tue, 15 Jul 2014 18:30:36 +0200 + ++nagios-nrpe (2.15-0ubuntu1) trusty; urgency=medium ++ ++ * New upstream release (2.15). ++ * Updated patches: ++ - 01_nodevrandom-and-docoptions.dpatch ++ - 04_weird_output.dpatch ++ - 05_pid_privileges.dpatch ++ - 09_noremove_pid.dpatch ++ * Dropped patches (upstream): ++ - 08_CVE-2013-1362.dpatch ++ ++ -- Stéphane Graber Mon, 13 Jan 2014 11:34:11 -0500 ++ + nagios-nrpe (2.13-4) unstable; urgency=low + + * [dcffec6] Do not remove the PID file after a connection error. +@@ -25,6 +57,45 @@ nagios-nrpe (2.13-4) unstable; urgency=l + + -- Bernd Zeimetz Mon, 15 Jul 2013 16:07:54 +0200 + ++nagios-nrpe (2.13-3.1ubuntu1) trusty; urgency=low ++ ++ * Merge from Debian unstable. Remaining changes: ++ - debian/{rules,control}: Add hardening-includes to gain PIE security ++ builds. ++ - debian/rules: Use dpkg-buildflags. ++ ++ -- Michael Terry Tue, 29 Oct 2013 09:14:34 -0700 ++ ++nagios-nrpe (2.13-3.1) unstable; urgency=low ++ ++ [ Ivo De Decker ] ++ * Non-maintainer upload. ++ * Remove Luk Claes from uploaders (Closes: #719636) ++ ++ [ KURASHIKI Satoru ] ++ * debian/patches/09_noremove_pid.dpatch: ++ - Do not remove the PID file after a connection error ++ (original patch from Hiren Patel). (Closes: #716949) ++ ++ -- Ivo De Decker Sat, 05 Oct 2013 20:23:24 +0200 ++ ++nagios-nrpe (2.13-3ubuntu2) saucy; urgency=low ++ ++ * debian/patches/09_noremove_pid.dpatch: ++ - Do not remove the PID file after a connection error ++ (original patch from Hiren Patel). (LP: #1126890) ++ ++ -- Michael Terry Fri, 24 May 2013 17:01:05 -0400 ++ ++nagios-nrpe (2.13-3ubuntu1) saucy; urgency=low ++ ++ * Merge from Debian unstable. Remaining changes: ++ - debian/{rules,control}: Add hardening-includes to gain PIE security ++ builds. ++ - debian/rules: Use dpkg-buildflags. ++ ++ -- Michael Terry Tue, 30 Apr 2013 09:24:13 -0700 ++ + nagios-nrpe (2.13-3) unstable; urgency=high + + * [e55afd1] Add 08_CVE-2013-1362.dpatch patch. +@@ -36,6 +107,15 @@ nagios-nrpe (2.13-3) unstable; urgency=h + + -- Alexander Wirt Sat, 09 Mar 2013 08:42:05 +0100 + ++nagios-nrpe (2.13-2ubuntu1) raring; urgency=low ++ ++ * Merge from Debian unstable. Remaining changes: ++ - debian/{rules,control}: Add hardening-includes to gain PIE security ++ builds. ++ - debian/rules: Use dpkg-buildflags. ++ ++ -- Logan Rosen Sun, 24 Feb 2013 15:29:43 -0500 ++ + nagios-nrpe (2.13-2) unstable; urgency=high + + [ Thijs Kinkhorst ] +@@ -43,6 +123,15 @@ nagios-nrpe (2.13-2) unstable; urgency=h + + -- Alexander Wirt Mon, 11 Feb 2013 17:45:20 +0100 + ++nagios-nrpe (2.13-1ubuntu1) raring; urgency=low ++ ++ * Merge from Debian unstable. Remaining changes: ++ - debian/{rules,control}: Add hardening-includes to gain PIE security ++ builds. ++ - debian/rules: Use dpkg-buildflags. ++ ++ -- Logan Rosen Sat, 02 Feb 2013 18:16:48 -0500 ++ + nagios-nrpe (2.13-1) unstable; urgency=low + + * [3e113b5] Imported Upstream version 2.13 +@@ -52,6 +141,29 @@ nagios-nrpe (2.13-1) unstable; urgency=l + + -- Alexander Wirt Sat, 30 Jun 2012 11:08:22 +0200 + ++nagios-nrpe (2.12-6ubuntu2) quantal; urgency=low ++ ++ * Fixed compiler hardening configuration. (LP: #1000379) ++ ++ -- Bryan D. Payne Wed, 16 May 2012 17:29:52 +0000 ++ ++nagios-nrpe (2.12-6ubuntu1) quantal; urgency=low ++ ++ [ Dmitrijs Ledkovs ] ++ * Merge with Debian; remaining changes: ++ - debian/{rules,control}: add hardening-includes to gain PIE ++ security builds. ++ - Use dpkg-buildflags. ++ * Changes gained from Debian: ++ - [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe ++ (LP: #896388) ++ ++ [ Stéphane Graber ] ++ * Drop useless diff file in source package (xxx) that was added by ++ mistake in a previous merge. ++ ++ -- Stéphane Graber Thu, 03 May 2012 09:55:10 -0400 ++ + nagios-nrpe (2.12-6) unstable; urgency=low + + * [36b1062] Add add icinga to the list of recommends +@@ -61,6 +173,15 @@ nagios-nrpe (2.12-6) unstable; urgency=l + + -- Alexander Wirt Mon, 30 Apr 2012 09:25:45 +0200 + ++nagios-nrpe (2.12-5ubuntu1) precise; urgency=low ++ ++ * Merge with Debian; remaining changes: ++ - debian/{rules,control}: add hardening-includes to gain PIE ++ security builds. ++ * Use dpkg-buildflags. ++ ++ -- Matthias Klose Tue, 18 Oct 2011 15:09:21 +0200 ++ + nagios-nrpe (2.12-5) unstable; urgency=low + + [ Alexander Wirt ] +@@ -85,6 +206,26 @@ nagios-nrpe (2.12-5) unstable; urgency=l + + -- Alexander Wirt Sun, 25 Sep 2011 08:35:48 +0200 + ++nagios-nrpe (2.12-4ubuntu3) oneiric; urgency=low ++ ++ * Configure with --with-ssl-lib=. LP: #829434. ++ ++ -- Matthias Klose Thu, 25 Aug 2011 21:10:45 +0200 ++ ++nagios-nrpe (2.12-4ubuntu2) oneiric; urgency=low ++ ++ * Rebuild for OpenSSL 1.0.0. ++ ++ -- Colin Watson Tue, 17 May 2011 12:16:15 +0100 ++ ++nagios-nrpe (2.12-4ubuntu1) lucid; urgency=low ++ ++ * debian/{rules,control}: add hardening-includes to gain PIE ++ security builds. ++ * debian/control: Update maintainer according to spec. ++ ++ -- Chuck Short Thu, 07 Jan 2010 14:31:00 -0500 ++ + nagios-nrpe (2.12-4) unstable; urgency=low + + * Build against libwrap0-dev (Closes: #412705) +diff -pruN 2.15-1/debian/control 2.15-1ubuntu1/debian/control +--- 2.15-1/debian/control 2014-07-25 13:07:59.000000000 +0000 ++++ 2.15-1ubuntu1/debian/control 2014-07-25 13:07:59.000000000 +0000 +@@ -1,9 +1,10 @@ + Source: nagios-nrpe + Section: net + Priority: optional +-Maintainer: Debian Nagios Maintainer Group ++Maintainer: Ubuntu Developers ++XSBC-Original-Maintainer: Debian Nagios Maintainer Group + Uploaders: sean finney , Jason Thomas , Alexander Wirt +-Build-Depends: debhelper (>= 9), openssl, dpatch (>= 2.0.32~), libssl-dev, libwrap0-dev, autotools-dev (>= 20100122.1) ++Build-Depends: debhelper (>= 9), openssl, dpatch (>= 2.0.32~), libssl-dev, libwrap0-dev, autotools-dev (>= 20100122.1), hardening-includes + Standards-Version: 3.9.5 + + Package: nagios-nrpe-server +diff -pruN 2.15-1/debian/rules 2.15-1ubuntu1/debian/rules +--- 2.15-1/debian/rules 2014-07-25 13:07:59.000000000 +0000 ++++ 2.15-1ubuntu1/debian/rules 2014-07-25 13:07:59.000000000 +0000 +@@ -6,11 +6,16 @@ DEB_HOST_MULTIARCH ?= $(shell dpkg-archi + # Include dpatch stuff. + include /usr/share/dpatch/dpatch.make + ++include /usr/share/hardening-includes/hardening.make ++CFLAGS := $(shell dpkg-buildflags --get CFLAGS) $(HARDENING_CFLAGS) ++CXXFLAGS := $(shell dpkg-buildflags --get CXXFLAGS) $(HARDENING_CFLAGS) ++LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) $(HARDENING_LDFLAGS) ++ + %: + dh $@ --with dpatch,autotools_dev + + override_dh_auto_configure: +- ./configure \ ++ CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \ + --prefix=/usr \ + --enable-ssl \ + --with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \