merge maint into master

Author: hedenface

.gitignore

@@ -8,6 +8,7 @@ autom4te.cache
 config.log
 config.status
 daemon-init
+openrc-init
 Makefile
 tags
 .deps/

Changelog

@@ -2,6 +2,15 @@
 Nagios Core 4 Change Log
 ########################
 
+
+4.3.4 - 2017-08-24
+------------------
+* Improved config file parsing (Mark Felder)
+* Fixed configure script to check for existence of /run for lock file (in regards to CVE-2017-12847, Bryan Heden)
+* Use absolute paths when deleting check results files (Emmanuel Dreyfus)
+* Add sanity checking in reassign_worker (sq5bpf)
+
+
 4.3.3 - 2017-08-12
 ------------------
 * xodtemplate.c wrong option-deprecation code warning (alex2grad / John Frickson)
@@ -10,7 +19,7 @@ Nagios Core 4 Change Log
 * New Macro(s) to generate URL for host / service object (John Frickson)
 * Fix minor map issues (Troy Lea)
 * Fix lockfile issues (Bryan Heden)
-* Switch order of daemon_init and drop_priveleges (Bryan Heden)
+* Switch order of daemon_init and drop_priveleges (CVE-2017-12847, Bryan Heden)
 * Add an OpenRC init script (Michael Orlitzky)
 
 

THANKS

@@ -184,10 +184,12 @@ wrong, please let me know.
 * Luigi Balzano
 * Luiz Felipe R E
 * Luke Ross
+* Emmanuel Dreyfus
 * Marc Powell
 * Marcus Fleige
 * Marcus Hildenbrand
 * Mark DeTrano
+* Mark Felder
 * Mark Frost
 * Mark Goldfinch
 * Mark Schenker
@@ -285,6 +287,7 @@ wrong, please let me know.
 * Sergio Guzman
 * Shad Lords
 * Simon Beale
+* sq5bpf
 * Stanley Hopcroft
 * Stefan Rompf
 * Stefan Schurtz

base/config.c

@@ -107,7 +107,7 @@ int read_main_config_file(char *main_config_file) {
 	/* open the config file for reading */
 	if((thefile = mmap_fopen(main_config_file)) == NULL) {
 		logit(NSLOG_CONFIG_ERROR, TRUE, "Error: Cannot open main configuration file '%s' for reading!", main_config_file);
-		return ERROR;
+		exit(ERROR);
 		}
 
 	/* save the main config file macro */
@@ -1272,12 +1272,11 @@ int read_main_config_file(char *main_config_file) {
 	my_free(value);
 
 	/* make sure a log file has been specified */
-	strip(log_file);
-	if(!strcmp(log_file, "")) {
-		if(daemon_mode == FALSE)
-			printf("Error: Log file is not specified anywhere in main config file '%s'!\n", main_config_file);
-		return ERROR;
+	if(log_file == NULL) {
+		logit(NSLOG_CONFIG_ERROR, TRUE, "Error: Log file is not specified anywhere in main config file '%s'!", main_config_file);
+		exit(ERROR);
 		}
+	strip(log_file);
 
 	return OK;
 	}

base/utils.c

@@ -2133,7 +2133,11 @@ int process_check_result_queue(char *dirname) {
 
 			/* if the file is too old, we delete it */
 			if (stat_buf.st_mtime + max_check_result_file_age < time(NULL)) {
-				delete_check_result_file(dirfile->d_name);
+
+				if (delete_check_result_file(file) != OK 
+					&& delete_check_result_file(dirfile->d_name) != OK)
+						logit(NSLOG_RUNTIME_WARNING, TRUE, "Error: Unable to delete '%s' or '%s'!", file, dirfile->d_name);
+
 				continue;
 				}
 
@@ -2363,16 +2367,17 @@ int process_check_result_file(char *fname) {
 /* deletes as check result file, as well as its ok-to-go file */
 int delete_check_result_file(char *fname) {
 	char *temp_buffer = NULL;
+	int result = OK;
 
 	/* delete the result file */
-	unlink(fname);
+	result = unlink(fname);
 
 	/* delete the ok-to-go file */
 	asprintf(&temp_buffer, "%s.ok", fname);
-	unlink(temp_buffer);
+	result |= unlink(temp_buffer);
 	my_free(temp_buffer);
 
-	return OK;
+	return result;
 	}
 
 

base/workers.c

@@ -604,9 +604,13 @@ static void fo_reassign_wproc_job(void *job_)
 {
 	struct wproc_job *job = (struct wproc_job *)job_;
 	job->wp = get_worker(job->command);
-	job->id = get_job_id(job->wp);
-	/* macros aren't used right now anyways */
-	wproc_run_job(job, NULL);
+	if (job->wp != NULL) {
+		job->id = get_job_id(job->wp);
+		/* macros aren't used right now anyways */
+		wproc_run_job(job, NULL);
+	} else {
+		logit(NSLOG_RUNTIME_WARNING, TRUE, "wproc: Error: can't get_worker() in fo_reassign_wproc_job\n");
+	}
 }
 
 static int handle_worker_result(int sd, int events, void *arg)

configure

@@ -1405,7 +1405,8 @@ Optional Packages:
                           sets path to check results spool directory
   --with-temp-dir=<path>  sets path to temp directory
   --with-init-dir=<path>  sets directory to place init script into
-  --with-lockfile=<path>  sets path for lock file (default: /run/nagios.lock)
+  --with-lockfile=<path>  sets path for lock file (default:
+                          [/var]/run/nagios.lock)
   --with-iobroker=<method>
                           specify the method to use with iobroker: epoll,
                           poll, or select
@@ -2353,9 +2354,9 @@ ac_config_headers="$ac_config_headers include/config.h lib/snprintf.h lib/iobrok
 
 PKG_NAME=nagios
 
-PKG_VERSION="4.3.3"
+PKG_VERSION="4.3.4"
 PKG_HOME_URL="https://www.nagios.org/"
-PKG_REL_DATE="2017-08-12"
+PKG_REL_DATE="2017-08-24"
 
 ac_aux_dir=
 for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
@@ -4942,11 +4943,17 @@ fi
 
 
 
+default_lockfile_path=/var/run/nagios.lock
+if test -d /run; then
+	default_lockfile_path=/run/nagios.lock
+fi
+
+
 # Check whether --with-lockfile was given.
 if test "${with_lockfile+set}" = set; then :
   withval=$with_lockfile; lockfile=$withval
 else
-  lockfile=/run/nagios.lock
+  lockfile=$default_lockfile_path
 
 fi
 

configure.ac

@@ -10,9 +10,9 @@ AC_PREFIX_DEFAULT(/usr/local/nagios)
 
 PKG_NAME=nagios
 
-PKG_VERSION="4.3.3"
+PKG_VERSION="4.3.4"
 PKG_HOME_URL="https://www.nagios.org/"
-PKG_REL_DATE="2017-08-12"
+PKG_REL_DATE="2017-08-24"
 
 dnl Figure out how to invoke "install" and what install options to use.
 AC_PROG_INSTALL
@@ -265,11 +265,19 @@ AC_ARG_WITH(init_dir,
 AC_SUBST(init_dir)
 
 dnl User can override lock file location
+dnl Use the /var/run/ path by default
+dnl and use /run if it is available
+
+default_lockfile_path=/var/run/nagios.lock
+if test -d /run; then
+	default_lockfile_path=/run/nagios.lock
+fi
+
 AC_ARG_WITH(lockfile,
 	AC_HELP_STRING([--with-lockfile=<path>],
-		[sets path for lock file (default: /run/nagios.lock)]),
+		[sets path for lock file (default: [/var]/run/nagios.lock)]),
 	lockfile=$withval,
-	lockfile=/run/nagios.lock
+	lockfile=$default_lockfile_path
 )
 AC_SUBST(lockfile)
 

daemon-init.in

@@ -209,7 +209,7 @@ case "$1" in
 
 		su $NagiosUser -c "touch $NagiosVarDir/nagios.log $NagiosRetentionFile"
 		remove_commandfile
-		su $NagiosUser -c "touch $NagiosRunFile"
+		touch $NagiosRunFile
 		$NagiosBin -d $NagiosCfgFile
 		if [ -d $NagiosLockDir ]; then touch $NagiosLockDir/$NagiosLockFile; fi
 

doxy.conf

@@ -1,5 +1,5 @@
 PROJECT_NAME = Nagios
-PROJECT_NUMBER = 4.3.3
+PROJECT_NUMBER = 4.3.4
 PROJECT_BRIEF = "Dev docs for Nagios core and neb-module hackers"
 
 INPUT            = lib/ docs/

html/main.php

@@ -1,7 +1,7 @@
 <?php
 include_once(dirname(__FILE__).'/includes/utils.inc.php');
 
-$this_version = '4.3.3';
+$this_version = '4.3.4';
 $this_year = '2017';
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
@@ -140,7 +140,7 @@ function setCoreStatusHTML(image, text) {
 <div id="currentversioninfo">
 	<div class="product">Nagios<sup><span style="font-size: small;">&reg;</span></sup> Core<sup><span style="font-size: small;">&trade;</span></sup></div>
 	<div class="version">Version <?php echo $this_version; ?></div>
-	<div class="releasedate">August 12, 2017</div>
+	<div class="releasedate">August 24, 2017</div>
 	<div class="checkforupdates"><a href="https://www.nagios.org/checkforupdates/?version=<?php echo $this_version; ?>&amp;product=nagioscore" target="_blank">Check for updates</a></div>
 </div>
 

html/side.php

@@ -1,7 +1,7 @@
 <?php
 include_once(dirname(__FILE__).'/includes/utils.inc.php');
 
-$this_version = '4.3.3';
+$this_version = '4.3.4';
 $link_target = 'main';
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

include/common.h

@@ -24,8 +24,8 @@
 
 #include "shared.h"
 
-#define PROGRAM_VERSION "4.3.3"
-#define PROGRAM_MODIFICATION_DATE "2017-08-12"
+#define PROGRAM_VERSION "4.3.4"
+#define PROGRAM_MODIFICATION_DATE "2017-08-24"
 
 NAGIOS_BEGIN_DECL
 

nagios.spec

@@ -21,7 +21,7 @@
 
 Summary: Open Source host, service and network monitoring program
 Name: nagios
-Version: 4.3.3
+Version: 4.3.4
 Release: 2%{?dist}
 License: GPL
 Group: Applications/System

update-version

@@ -12,10 +12,10 @@ else
 fi
 
 # Current version number
-CURRENTVERSION=4.3.3
+CURRENTVERSION=4.3.4
 
 # Last date
-LASTDATE=2017-08-12
+LASTDATE=2017-08-24
 
 if [ "x$1" = "x" ]
 then

xdata/xodtemplate.c

@@ -679,15 +679,31 @@ int xodtemplate_process_config_file(char *filename, int options) {
 				}
 
 			/* check validity of object type */
-			if(strcmp(input, "timeperiod") && strcmp(input, "command") && strcmp(input, "contact") && strcmp(input, "contactgroup") && strcmp(input, "host") && strcmp(input, "hostgroup") && strcmp(input, "servicegroup") && strcmp(input, "service") && strcmp(input, "servicedependency") && strcmp(input, "serviceescalation") && strcmp(input, "hostgroupescalation") && strcmp(input, "hostdependency") && strcmp(input, "hostescalation")) {
-				if(strcmp(input, "hostextinfo") && strcmp(input, "serviceextinfo")) {
+			if(    strcmp(input, "timeperiod") 
+				&& strcmp(input, "command") 
+				&& strcmp(input, "contact") 
+				&& strcmp(input, "contactgroup") 
+				&& strcmp(input, "host") 
+				&& strcmp(input, "hostgroup") 
+				&& strcmp(input, "servicegroup") 
+				&& strcmp(input, "service") 
+				&& strcmp(input, "servicedependency") 
+				&& strcmp(input, "serviceescalation") 
+				&& strcmp(input, "hostgroupescalation") 
+				&& strcmp(input, "hostdependency") 
+				&& strcmp(input, "hostescalation")) {
+				
+				if (   strcmp(input, "hostextinfo") 
+				    && strcmp(input, "serviceextinfo")) {
+
 					logit(NSLOG_CONFIG_ERROR, TRUE, "Error: Invalid object definition type '%s' in file '%s' on line %d.\n", input, filename, current_line);
 					result = ERROR;
 					break;
-					}
-					logit(NSLOG_CONFIG_WARNING, TRUE, "WARNING: Extinfo objects are deprecated and will be removed in future versions\n");
 				}
 
+				logit(NSLOG_CONFIG_WARNING, TRUE, "WARNING: Extinfo objects are deprecated and will be removed in future versions\n");
+			}
+
 			/* we're already in an object definition... */
 			if(in_definition == TRUE) {
 				logit(NSLOG_CONFIG_ERROR, TRUE, "Error: Unexpected start of object definition in file '%s' on line %d.  Make sure you close preceding objects before starting a new one.\n", filename, current_line);