Bug#1033439: pre-unblock: monitoring-plugins/2.3.3-5
Control: tags -1 moreinfo
On 2023-03-24 20:55:28 +0100, Jan Wagner wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: pkg-nagios-devel@lists.alioth.debian.org
> Control: affects -1 + src:monitoring-plugins
>
> Please see these changes for monitoring-plugins. 2.3.3-4 is already uploaded
> into unstable (containing one fix from upstream) but is blocked due missing
> autopkgtests. I prepared another upload containing two fixes from upstream,
> which is not uploaded yet.
>
> [ Reason ]
> This release targets several fixes that should go into bookworm:
>
> * [953ee52] Adding d/p/13_check_icmp_improvements from upstream
> * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream
> * [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream
What's the rationale to include these patches? Do they fix bugs reported
in the BTS or upstream?
Cheers
>
> [ Impact ]
> Included patches fixes regressions from latest upstream release.
>
> [ Tests ]
> Upstream testsuite passes as well as Salsa CI
> (https://salsa.debian.org/nagios-team/monitoring-plugins/-/pipelines/514242)
> tests (ignoring the blhc).
>
> [ Risks ]
> The code changes are trivial enough to not expect regressions.
>
> [ Checklist ]
> [x] all changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in testing
>
> [ Other info ]
>
> unblock monitoring-plugins/2.3.3-5
> diff --git a/debian/changelog b/debian/changelog
> index caf2e31..c738c88 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,16 @@
> +monitoring-plugins (2.3.3-5) unstable; urgency=medium
> +
> + * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream
> + * [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream
> +
> + -- Jan Wagner <waja@cyconet.org> Fri, 24 Mar 2023 19:16:16 +0000
> +
> +monitoring-plugins (2.3.3-4) unstable; urgency=medium
> +
> + * [953ee52] Adding d/p/13_check_icmp_improvements from upstream
> +
> + -- Jan Wagner <waja@cyconet.org> Tue, 07 Mar 2023 13:29:35 +0000
> +
> monitoring-plugins (2.3.3-3) unstable; urgency=medium
>
> * [15d0c56] Adding d/p/12_check_curl_improvements from upstream
> diff --git a/debian/patches/13_check_icmp_improvements b/debian/patches/13_check_icmp_improvements
> new file mode 100644
> index 0000000..0eb2748
> --- /dev/null
> +++ b/debian/patches/13_check_icmp_improvements
> @@ -0,0 +1,200 @@
> +From 413af1955538b06803458c628099f1ba9da1966b Mon Sep 17 00:00:00 2001
> +From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>
> +Date: Fri, 4 Nov 2022 16:51:32 +0100
> +Subject: [PATCH 1/5] Remove trailing whitespaces
> +
> +---
> + plugins-root/check_icmp.c | 24 ++++++++++++------------
> + 1 file changed, 12 insertions(+), 12 deletions(-)
> +
> +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
> +index f8f153512..abd88c4e7 100644
> +--- a/plugins-root/check_icmp.c
> ++++ b/plugins-root/check_icmp.c
> +@@ -1,39 +1,39 @@
> + /*****************************************************************************
> +-*
> ++*
> + * Monitoring check_icmp plugin
> +-*
> ++*
> + * License: GPL
> + * Copyright (c) 2005-2008 Monitoring Plugins Development Team
> + * Original Author : Andreas Ericsson <ae@op5.se>
> +-*
> ++*
> + * Description:
> +-*
> ++*
> + * This file contains the check_icmp plugin
> +-*
> ++*
> + * Relevant RFC's: 792 (ICMP), 791 (IP)
> +-*
> ++*
> + * This program was modeled somewhat after the check_icmp program,
> + * which was in turn a hack of fping (www.fping.org) but has been
> + * completely rewritten since to generate higher precision rta values,
> + * and support several different modes as well as setting ttl to control.
> + * redundant routes. The only remainders of fping is currently a few
> + * function names.
> +-*
> +-*
> ++*
> ++*
> + * This program is free software: you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation, either version 3 of the License, or
> + * (at your option) any later version.
> +-*
> ++*
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> +-*
> ++*
> + * You should have received a copy of the GNU General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> +-*
> +-*
> ++*
> ++*
> + *****************************************************************************/
> +
> + /* progname may change */
> +
> +From 7d074091dba8c1d4081971bf62e694d0b1a03d41 Mon Sep 17 00:00:00 2001
> +From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>
> +Date: Fri, 4 Nov 2022 16:53:57 +0100
> +Subject: [PATCH 2/5] Remove hardcoded DBL_MAX definition
> +
> +---
> + plugins-root/check_icmp.c | 4 ----
> + 1 file changed, 4 deletions(-)
> +
> +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
> +index abd88c4e7..0d10d22db 100644
> +--- a/plugins-root/check_icmp.c
> ++++ b/plugins-root/check_icmp.c
> +@@ -95,10 +95,6 @@ const char *email = "devel@monitoring-plugins.org";
> + # define ICMP_UNREACH_PRECEDENCE_CUTOFF 15
> + #endif
> +
> +-#ifndef DBL_MAX
> +-# define DBL_MAX 9.9999999999e999
> +-#endif
> +-
> + typedef unsigned short range_t; /* type for get_range() -- unimplemented */
> +
> + typedef struct rta_host {
> +
> +From 9a73a94258689cd9337fe7a7937fe85e4670aaeb Mon Sep 17 00:00:00 2001
> +From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>
> +Date: Fri, 4 Nov 2022 17:08:36 +0100
> +Subject: [PATCH 3/5] Replace DBL_MAX with INFITY to check if value was set
> +
> +---
> + plugins-root/check_icmp.c | 5 +++--
> + 1 file changed, 3 insertions(+), 2 deletions(-)
> +
> +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
> +index 0d10d22db..7f3c4b5ba 100644
> +--- a/plugins-root/check_icmp.c
> ++++ b/plugins-root/check_icmp.c
> +@@ -55,6 +55,7 @@ const char *email = "devel@monitoring-plugins.org";
> + #include <errno.h>
> + #include <signal.h>
> + #include <ctype.h>
> ++#include <float.h>
> + #include <net/if.h>
> + #include <netinet/in_systm.h>
> + #include <netinet/in.h>
> +@@ -1220,7 +1221,7 @@ finish(int sig)
> + host->rta / 1000, (float)warn.rta / 1000, (float)crit.rta / 1000,
> + (targets > 1) ? host->name : "", host->pl, warn.pl, crit.pl,
> + (targets > 1) ? host->name : "", (float)host->rtmax / 1000,
> +- (targets > 1) ? host->name : "", (host->rtmin < DBL_MAX) ? (float)host->rtmin / 1000 : (float)0);
> ++ (targets > 1) ? host->name : "", (host->rtmin < INFINITY) ? (float)host->rtmin / 1000 : (float)0);
> +
> + host = host->next;
> + }
> +@@ -1323,7 +1324,7 @@ add_target_ip(char *arg, struct sockaddr_storage *in)
> + memcpy(host_sin6->sin6_addr.s6_addr, sin6->sin6_addr.s6_addr, sizeof host_sin6->sin6_addr.s6_addr);
> + }
> +
> +- host->rtmin = DBL_MAX;
> ++ host->rtmin = INFINITY;
> +
> + if(!list) list = cursor = host;
> + else cursor->next = host;
> +
> +From d3a4bad51d72a3c5bcc06ceb5e0a823dcc24bf49 Mon Sep 17 00:00:00 2001
> +From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>
> +Date: Sun, 19 Feb 2023 14:31:21 +0100
> +Subject: [PATCH 4/5] check_icmp: Fix compiler warning
> +
> +This fixes a compiler warning with no real world impact.
> +The compiler complains about a missing return, which is correct, but
> +in that scenario the program would crash anyways, so this has no impact.
> +---
> + plugins-root/check_icmp.c | 5 +++--
> + 1 file changed, 3 insertions(+), 2 deletions(-)
> +
> +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
> +index 7f3c4b5ba..317cd5357 100644
> +--- a/plugins-root/check_icmp.c
> ++++ b/plugins-root/check_icmp.c
> +@@ -1430,20 +1430,21 @@ set_source_ip(char *arg)
> + static in_addr_t
> + get_ip_address(const char *ifname)
> + {
> ++ // TODO: Rewrite this so the function return an error and we exit somewhere else
> ++ struct sockaddr_in ip;
> + #if defined(SIOCGIFADDR)
> + struct ifreq ifr;
> +- struct sockaddr_in ip;
> +
> + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1);
> + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
> + if(ioctl(icmp_sock, SIOCGIFADDR, &ifr) == -1)
> + crash("Cannot determine IP address of interface %s", ifname);
> + memcpy(&ip, &ifr.ifr_addr, sizeof(ip));
> +- return ip.sin_addr.s_addr;
> + #else
> + errno = 0;
> + crash("Cannot get interface IP address on this platform.");
> + #endif
> ++ return ip.sin_addr.s_addr;
> + }
> +
> + /*
> +
> +From 423284edfa980fc3fdb51ab20af96685a988ba97 Mon Sep 17 00:00:00 2001
> +From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>
> +Date: Sun, 19 Feb 2023 14:34:29 +0100
> +Subject: [PATCH 5/5] check_icmp: Fix compiler warning
> +
> +This fixes a compiler warning which complains about an uninitialized
> +value for a variable which is then returned.
> +This had no real world impact, since the program would crash in the
> +branch where result is not set.
> +The variable is initialized to "-1" which would be the error for
> +inet_pton.
> +---
> + plugins-root/check_icmp.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
> +index 317cd5357..e59e92d33 100644
> +--- a/plugins-root/check_icmp.c
> ++++ b/plugins-root/check_icmp.c
> +@@ -1339,7 +1339,7 @@ add_target_ip(char *arg, struct sockaddr_storage *in)
> + static int
> + add_target(char *arg)
> + {
> +- int error, result;
> ++ int error, result = -1;
> + struct sockaddr_storage ip;
> + struct addrinfo hints, *res, *p;
> + struct sockaddr_in *sin;
> diff --git a/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs
> new file mode 100644
> index 0000000..7d1418a
> --- /dev/null
> +++ b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs
> @@ -0,0 +1,211 @@
> +From 03f86b5d0809967855fbaafb4d600dc5b82081fa Mon Sep 17 00:00:00 2001
> +From: Andreas Baumann <mail@andreasbaumann.cc>
> +Date: Tue, 7 Mar 2023 19:51:33 +0100
> +Subject: [PATCH 1/4] check_curl: in SSL host caching mode try to connect and
> + bind and take the first getaddrinfo result which succeeds
> +
> +---
> + plugins/check_curl.c | 22 +++++++++++++++-------
> + 1 file changed, 15 insertions(+), 7 deletions(-)
> +
> +diff --git a/plugins/check_curl.c b/plugins/check_curl.c
> +index c37d45d91..e1bc98dc9 100644
> +--- a/plugins/check_curl.c
> ++++ b/plugins/check_curl.c
> +@@ -386,6 +386,7 @@ lookup_host (const char *host, char *buf, size_t buflen)
> + struct addrinfo hints, *res, *result;
> + int errcode;
> + void *ptr;
> ++ int s;
> +
> + memset (&hints, 0, sizeof (hints));
> + hints.ai_family = address_family;
> +@@ -399,19 +400,26 @@ lookup_host (const char *host, char *buf, size_t buflen)
> + res = result;
> +
> + while (res) {
> +- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
> +- switch (res->ai_family) {
> +- case AF_INET:
> +- ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
> ++ inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
> ++ switch (res->ai_family) {
> ++ case AF_INET:
> ++ ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
> ++ break;
> ++ case AF_INET6:
> ++ ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
> + break;
> +- case AF_INET6:
> +- ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
> +- break;
> + }
> ++
> + inet_ntop (res->ai_family, ptr, buf, buflen);
> + if (verbose >= 1)
> + printf ("* getaddrinfo IPv%d address: %s\n",
> + res->ai_family == PF_INET6 ? 6 : 4, buf);
> ++
> ++ if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1)
> ++ continue;
> ++ if (bind (s, res->ai_addr, res->ai_addrlen == 0) )
> ++ break;
> ++
> + res = res->ai_next;
> + }
> +
> +
> +From 2902381c5de01f69d61569b0c8dae6a92e2b9843 Mon Sep 17 00:00:00 2001
> +From: Barak Shohat <barak@bazzisoft.com>
> +Date: Wed, 8 Mar 2023 11:56:43 +0200
> +Subject: [PATCH 2/4] check_curl.c: Include all IPs from getaddrinfo() in curl
> + DNS cache
> +
> +---
> + plugins/check_curl.c | 39 ++++++++++++++++++++++++++-------------
> + 1 file changed, 26 insertions(+), 13 deletions(-)
> +
> +diff --git a/plugins/check_curl.c b/plugins/check_curl.c
> +index e1bc98dc9..512fb88a6 100644
> +--- a/plugins/check_curl.c
> ++++ b/plugins/check_curl.c
> +@@ -384,9 +384,12 @@ int
> + lookup_host (const char *host, char *buf, size_t buflen)
> + {
> + struct addrinfo hints, *res, *result;
> ++ char addrstr[100];
> ++ size_t addrstr_len;
> + int errcode;
> + void *ptr;
> + int s;
> ++ size_t buflen_remaining = buflen - 1;
> +
> + memset (&hints, 0, sizeof (hints));
> + hints.ai_family = address_family;
> +@@ -396,33 +399,40 @@ lookup_host (const char *host, char *buf, size_t buflen)
> + errcode = getaddrinfo (host, NULL, &hints, &result);
> + if (errcode != 0)
> + return errcode;
> +-
> ++
> ++ strcpy(buf, "");
> + res = result;
> +
> + while (res) {
> +- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
> + switch (res->ai_family) {
> + case AF_INET:
> + ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
> + break;
> + case AF_INET6:
> + ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
> +- break;
> ++ break;
> + }
> +
> +- inet_ntop (res->ai_family, ptr, buf, buflen);
> +- if (verbose >= 1)
> ++ inet_ntop (res->ai_family, ptr, addrstr, 100);
> ++ if (verbose >= 1) {
> + printf ("* getaddrinfo IPv%d address: %s\n",
> +- res->ai_family == PF_INET6 ? 6 : 4, buf);
> ++ res->ai_family == PF_INET6 ? 6 : 4, addrstr);
> ++ }
> +
> +- if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1)
> +- continue;
> +- if (bind (s, res->ai_addr, res->ai_addrlen == 0) )
> +- break;
> ++ // Append all IPs to buf as a comma-separated string
> ++ addrstr_len = strlen(addrstr);
> ++ if (buflen_remaining > addrstr_len + 1) {
> ++ if (buf[0] != NULL) {
> ++ strncat(buf, ",", 1);
> ++ buflen_remaining -= 1;
> ++ }
> ++ strncat(buf, addrstr, buflen_remaining);
> ++ buflen_remaining -= addrstr_len;
> ++ }
> +
> + res = res->ai_next;
> + }
> +-
> ++
> + freeaddrinfo(result);
> +
> + return 0;
> +@@ -453,7 +463,7 @@ check_http (void)
> + int i;
> + char *force_host_header = NULL;
> + struct curl_slist *host = NULL;
> +- char addrstr[100];
> ++ char addrstr[DEFAULT_BUFFER_SIZE/2];
> + char dnscache[DEFAULT_BUFFER_SIZE];
> +
> + /* initialize curl */
> +@@ -505,7 +515,7 @@ check_http (void)
> +
> + // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
> + if(use_ssl && host_name != NULL) {
> +- if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
> ++ if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
> + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
> + server_address, res, gai_strerror (res));
> + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
> +@@ -800,6 +810,9 @@ check_http (void)
> + /* free header and server IP resolve lists, we don't need it anymore */
> + curl_slist_free_all (header_list); header_list = NULL;
> + curl_slist_free_all (server_ips); server_ips = NULL;
> ++ if (host) {
> ++ curl_slist_free_all (host); host = NULL;
> ++ }
> +
> + /* Curl errors, result in critical Nagios state */
> + if (res != CURLE_OK) {
> +
> +From fc927e98db73850e760f490117ed36f2de20270c Mon Sep 17 00:00:00 2001
> +From: Andreas Baumann <mail@andreasbaumann.cc>
> +Date: Wed, 8 Mar 2023 16:10:45 +0100
> +Subject: [PATCH 3/4] fixed a wrong compare and a wrong size in strncat
> +
> +---
> + plugins/check_curl.c | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/plugins/check_curl.c b/plugins/check_curl.c
> +index 512fb88a6..cc17ef58a 100644
> +--- a/plugins/check_curl.c
> ++++ b/plugins/check_curl.c
> +@@ -422,8 +422,8 @@ lookup_host (const char *host, char *buf, size_t buflen)
> + // Append all IPs to buf as a comma-separated string
> + addrstr_len = strlen(addrstr);
> + if (buflen_remaining > addrstr_len + 1) {
> +- if (buf[0] != NULL) {
> +- strncat(buf, ",", 1);
> ++ if (buf[0] != '\0') {
> ++ strncat(buf, ",", buflen_remaining);
> + buflen_remaining -= 1;
> + }
> + strncat(buf, addrstr, buflen_remaining);
> +
> +From ea53555f2d6254da5fec0c1061899a01dd5321ec Mon Sep 17 00:00:00 2001
> +From: Andreas Baumann <mail@andreasbaumann.cc>
> +Date: Sat, 11 Mar 2023 11:40:00 +0100
> +Subject: [PATCH 4/4] check_curl: removed a superflous variable
> +
> +---
> + plugins/check_curl.c | 1 -
> + 1 file changed, 1 deletion(-)
> +
> +diff --git a/plugins/check_curl.c b/plugins/check_curl.c
> +index cc17ef58a..e5be1ad56 100644
> +--- a/plugins/check_curl.c
> ++++ b/plugins/check_curl.c
> +@@ -388,7 +388,6 @@ lookup_host (const char *host, char *buf, size_t buflen)
> + size_t addrstr_len;
> + int errcode;
> + void *ptr;
> +- int s;
> + size_t buflen_remaining = buflen - 1;
> +
> + memset (&hints, 0, sizeof (hints));
> diff --git a/debian/patches/15_check_swap_remove_includes b/debian/patches/15_check_swap_remove_includes
> new file mode 100644
> index 0000000..fb65026
> --- /dev/null
> +++ b/debian/patches/15_check_swap_remove_includes
> @@ -0,0 +1,23 @@
> +From 8a8ee58e8925019b7532e7d14ebe488bb21fb3e6 Mon Sep 17 00:00:00 2001
> +From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>
> +Date: Thu, 16 Mar 2023 15:26:52 +0100
> +Subject: [PATCH] check_swap: Remove unnecessary and problematic includes
> +
> +---
> + plugins/check_swap.c | 3 ---
> + 1 file changed, 3 deletions(-)
> +
> +diff --git a/plugins/check_swap.c b/plugins/check_swap.c
> +index a607da1e9..25d5f21d0 100644
> +--- a/plugins/check_swap.c
> ++++ b/plugins/check_swap.c
> +@@ -34,9 +34,6 @@ const char *email = "devel@monitoring-plugins.org";
> + #include "common.h"
> + #include "popen.h"
> + #include "utils.h"
> +-#include <string.h>
> +-#include <math.h>
> +-#include <libintl.h>
> +
> + #ifdef HAVE_DECL_SWAPCTL
> + # ifdef HAVE_SYS_PARAM_H
> diff --git a/debian/patches/series b/debian/patches/series
> index 7791bb8..3e14114 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -4,3 +4,6 @@
> 10_check_http_chunked_wo_actual_content
> 11_fallback_for_gnutls
> 12_check_curl_improvements
> +13_check_icmp_improvements
> +14_check_curl_fix_SSL_with_multiple_IPs
> +15_check_swap_remove_includes
--
Sebastian Ramacher
Reply to: