[arch-commits] Commit in nrpe/repos (10 files)
Jan de Groot
jgc at archlinux.org
Tue Mar 21 09:57:26 UTC 2017
Date: Tuesday, March 21, 2017 @ 09:57:26
Author: jgc
Revision: 217997
archrelease: copy trunk to community-staging-i686, community-staging-x86_64
Added:
nrpe/repos/community-staging-i686/
nrpe/repos/community-staging-i686/PKGBUILD
(from rev 217996, nrpe/trunk/PKGBUILD)
nrpe/repos/community-staging-i686/nrpe-0010-opensslv110-strict.patch
(from rev 217996, nrpe/trunk/nrpe-0010-opensslv110-strict.patch)
nrpe/repos/community-staging-i686/nrpe-0011-opensslv110-nosslv2.patch
(from rev 217996, nrpe/trunk/nrpe-0011-opensslv110-nosslv2.patch)
nrpe/repos/community-staging-i686/nrpe.install
(from rev 217996, nrpe/trunk/nrpe.install)
nrpe/repos/community-staging-x86_64/
nrpe/repos/community-staging-x86_64/PKGBUILD
(from rev 217996, nrpe/trunk/PKGBUILD)
nrpe/repos/community-staging-x86_64/nrpe-0010-opensslv110-strict.patch
(from rev 217996, nrpe/trunk/nrpe-0010-opensslv110-strict.patch)
nrpe/repos/community-staging-x86_64/nrpe-0011-opensslv110-nosslv2.patch
(from rev 217996, nrpe/trunk/nrpe-0011-opensslv110-nosslv2.patch)
nrpe/repos/community-staging-x86_64/nrpe.install
(from rev 217996, nrpe/trunk/nrpe.install)
--------------------------------------------------------------+
community-staging-i686/PKGBUILD | 68 ++++++
community-staging-i686/nrpe-0010-opensslv110-strict.patch | 54 ++++
community-staging-i686/nrpe-0011-opensslv110-nosslv2.patch | 113 ++++++++++
community-staging-i686/nrpe.install | 21 +
community-staging-x86_64/PKGBUILD | 68 ++++++
community-staging-x86_64/nrpe-0010-opensslv110-strict.patch | 54 ++++
community-staging-x86_64/nrpe-0011-opensslv110-nosslv2.patch | 113 ++++++++++
community-staging-x86_64/nrpe.install | 21 +
8 files changed, 512 insertions(+)
Copied: nrpe/repos/community-staging-i686/PKGBUILD (from rev 217996, nrpe/trunk/PKGBUILD)
===================================================================
--- community-staging-i686/PKGBUILD (rev 0)
+++ community-staging-i686/PKGBUILD 2017-03-21 09:57:26 UTC (rev 217997)
@@ -0,0 +1,68 @@
+# Maintainer: Jonathan Steel <jsteel at archlinux.org>
+# Contributor: Phillip Smith <fukawi2 at NO-SPAM.gmail.com>
+# Contributor: Dale Blount <dale at archlinux.org>
+
+pkgname=nrpe
+pkgver=3.0.1
+pkgrel=4
+pkgdesc="Nagios Remote Plugin Executor"
+arch=('i686' 'x86_64')
+license=('GPL')
+depends=('openssl')
+optdepends=("monitoring-plugins: common tools for monitoring using $pkgname")
+install=$pkgname.install
+backup=('etc/nrpe/nrpe.cfg' 'etc/xinetd.d/nrpe')
+url="https://github.com/NagiosEnterprises/nrpe"
+source=(https://github.com/NagiosEnterprises/nrpe/releases/download/$pkgver/$pkgname-$pkgver.tar.gz
+ nrpe-0010-opensslv110-strict.patch
+ nrpe-0011-opensslv110-nosslv2.patch)
+sha256sums=('8f56da2d74f6beca1a04fe04ead84427e582b9bb88611e04e290f59617ca3ea3'
+ '58ca691a11f5005631f4e940daa18c344b3d2f322184506d63cc1eb2633d30a3'
+ 'e4383c8261b7097a46d8fe54c97391767a4ef0107d551f55d71940469f5e433f')
+
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../nrpe-0010-opensslv110-strict.patch
+ patch -Np1 -i ../nrpe-0011-opensslv110-nosslv2.patch
+}
+
+build() {
+ cd $pkgname-$pkgver
+
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc/nrpe \
+ --libexecdir=/usr/lib/monitoring-plugins \
+ --enable-command-args \
+ --with-nrpe-user=31 --with-nrpe-group=31 \
+ --with-nagios-user=31 --with-nagios-group=31 \
+ --with-piddir=/run/nrpe
+
+ make all
+}
+
+package() {
+ cd $pkgname-$pkgver
+
+ make DESTDIR="$pkgdir" install
+
+ install -Dm644 sample-config/nrpe.cfg "$pkgdir"/etc/nrpe/nrpe.cfg
+ install -Dm644 startup/default-service "$pkgdir"/usr/lib/systemd/system/nrpe.service
+ install -Dm644 startup/default-socket "$pkgdir"/usr/lib/systemd/system/nrpe.socket
+ install -Dm644 startup/default-xinetd "$pkgdir"/etc/xinetd.d/nrpe
+ install -Dm644 startup/tmpfile.conf "$pkgdir"/usr/lib/tmpfiles.d/nrpe.conf
+
+ install -Dm644 README.md "$pkgdir"/usr/share/doc/$pkgname/README.md
+ install -Dm644 README.SSL.md "$pkgdir"/usr/share/doc/$pkgname/README.SSL.md
+ install -Dm644 SECURITY.md "$pkgdir"/usr/share/doc/$pkgname/SECURITY.md
+ install -Dm644 LEGAL "$pkgdir"/usr/share/licenses/$pkgname/LEGAL
+
+ # FS#52873
+ sed -i 's/=31$/=nrpe/g' "$pkgdir"/etc/nrpe/nrpe.cfg
+
+ # Tidy up
+ chmod 755 "$pkgdir"/usr/lib/monitoring-plugins
+ chown -R root:root "$pkgdir"/usr/lib/monitoring-plugins
+ rm -f "$pkgdir"/usr/bin/nrpe-uninstall
+ rm -rf "$pkgdir"/run
+}
Copied: nrpe/repos/community-staging-i686/nrpe-0010-opensslv110-strict.patch (from rev 217996, nrpe/trunk/nrpe-0010-opensslv110-strict.patch)
===================================================================
--- community-staging-i686/nrpe-0010-opensslv110-strict.patch (rev 0)
+++ community-staging-i686/nrpe-0010-opensslv110-strict.patch 2017-03-21 09:57:26 UTC (rev 217997)
@@ -0,0 +1,54 @@
+diff -up ./src/check_nrpe.c.opensslv110 ./src/check_nrpe.c
+--- ./src/check_nrpe.c.opensslv110 2017-02-07 11:08:23.647733686 -0500
++++ ./src/check_nrpe.c 2017-02-07 12:44:22.314160593 -0500
+@@ -980,9 +980,10 @@ int connect_to_remote()
+ if (peer) {
+ if (sslprm.log_opts & SSL_LogIfClientCert)
+ syslog(LOG_NOTICE, "SSL %s has %s certificate",
+- rem_host, peer->valid ? "a valid" : "an invalid");
++ rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
+ if (sslprm.log_opts & SSL_LogCertDetails) {
+- syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name);
++ X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
++ syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
+ X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
+ syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
+ }
+@@ -1427,7 +1428,7 @@ int verify_callback(int preverify_ok, X5
+ ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+
+ X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
+- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
++ X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256);
+
+ if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
+ && (sslprm.log_opts & SSL_LogCertDetails)) {
+diff -up ./src/nrpe.c.opensslv110 ./src/nrpe.c
+--- ./src/nrpe.c.opensslv110 2016-09-08 12:18:58.000000000 -0400
++++ ./src/nrpe.c 2017-02-07 12:42:35.667799987 -0500
+@@ -614,7 +614,7 @@ int verify_callback(int preverify_ok, X5
+ ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+
+ X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
+- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
++ X509_NAME_oneline(err_cert, issuer, 256);
+
+ if (!preverify_ok && (sslprm.log_opts & SSL_LogCertDetails)) {
+ syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
+@@ -1785,12 +1785,14 @@ int handle_conn_ssl(int sock, void *ssl_
+ peer = SSL_get_peer_certificate(ssl);
+
+ if (peer) {
++
+ if (sslprm.log_opts & SSL_LogIfClientCert)
+ syslog(LOG_NOTICE, "SSL Client %s has %svalid certificate",
+- remote_host, peer->valid ? "a " : "an in");
++ remote_host, SSL_get_verify_result(ssl) ? "a " : "an in");
+ if (sslprm.log_opts & SSL_LogCertDetails) {
++ X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
+ syslog(LOG_NOTICE, "SSL Client %s Cert Name: %s",
+- remote_host, peer->name);
++ remote_host, buffer);
+ X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
+ syslog(LOG_NOTICE, "SSL Client %s Cert Issuer: %s",
+ remote_host, buffer);
Copied: nrpe/repos/community-staging-i686/nrpe-0011-opensslv110-nosslv2.patch (from rev 217996, nrpe/trunk/nrpe-0011-opensslv110-nosslv2.patch)
===================================================================
--- community-staging-i686/nrpe-0011-opensslv110-nosslv2.patch (rev 0)
+++ community-staging-i686/nrpe-0011-opensslv110-nosslv2.patch 2017-03-21 09:57:26 UTC (rev 217997)
@@ -0,0 +1,113 @@
+diff -up ./src/check_nrpe.c.opensslv110_nossl2 ./src/check_nrpe.c
+--- ./src/check_nrpe.c.opensslv110_nossl2 2017-02-07 13:51:02.848680596 -0500
++++ ./src/check_nrpe.c 2017-02-07 13:56:14.134901320 -0500
+@@ -64,7 +64,7 @@ int use_ssl = FALSE;
+
+ /* SSL/TLS parameters */
+ typedef enum _SSL_VER {
+- SSL_Ver_Invalid = 0, SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus,
++ SSL_Ver_Invalid = 0, SSLv3=3, SSLv3_plus,
+ TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
+ } SslVer;
+
+@@ -402,11 +402,7 @@ int process_arguments(int argc, char **a
+ "overrides the config file option.");
+ break;
+ }
+- if (!strcmp(optarg, "SSLv2"))
+- sslprm.ssl_min_ver = SSLv2;
+- else if (!strcmp(optarg, "SSLv2+"))
+- sslprm.ssl_min_ver = SSLv2_plus;
+- else if (!strcmp(optarg, "SSLv3"))
++ if (!strcmp(optarg, "SSLv3"))
+ sslprm.ssl_min_ver = SSLv3;
+ else if (!strcmp(optarg, "SSLv3+"))
+ sslprm.ssl_min_ver = SSLv3_plus;
+@@ -665,8 +661,8 @@ void usage(int result)
+ printf(" 2 = Force Anonymous Diffie Hellman\n");
+ printf(" <size> = Specify non-default payload size for NSClient++\n");
+ printf
+- (" <ssl ver> = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
+- printf(" SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n");
++ (" <ssl ver> = The SSL/TLS version to use. Can be any one of: \n");
++ printf(" SSLv3 (only), SSLv3+ (or above),\n");
+ printf(" TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n");
+ printf(" TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n");
+ printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
+@@ -736,12 +732,6 @@ void setup_ssl()
+ sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
+ syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
+ switch (sslprm.ssl_min_ver) {
+- case SSLv2:
+- val = "SSLv2";
+- break;
+- case SSLv2_plus:
+- val = "SSLv2 And Above";
+- break;
+ case SSLv3:
+ val = "SSLv3";
+ break;
+@@ -779,10 +769,6 @@ void setup_ssl()
+ SSL_library_init();
+ meth = SSLv23_client_method();
+
+-# ifndef OPENSSL_NO_SSL2
+- if (sslprm.ssl_min_ver == SSLv2)
+- meth = SSLv2_client_method();
+-# endif
+ # ifndef OPENSSL_NO_SSL3
+ if (sslprm.ssl_min_ver == SSLv3)
+ meth = SSLv3_client_method();
+diff -up ./src/nrpe.c.opensslv110_nossl2 ./src/nrpe.c
+--- ./src/nrpe.c.opensslv110_nossl2 2017-02-07 13:51:02.849680580 -0500
++++ ./src/nrpe.c 2017-02-07 13:51:02.851680549 -0500
+@@ -109,7 +109,7 @@ int listen_queue_size = DEFAULT_LI
+
+ /* SSL/TLS parameters */
+ typedef enum _SSL_VER {
+- SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus, TLSv1,
++ SSLv3=3, SSLv3_plus, TLSv1,
+ TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
+ } SslVer;
+
+@@ -278,10 +278,10 @@ void init_ssl(void)
+ }
+ }
+ }
+-# ifndef OPENSSL_NO_SSL2
+- if (sslprm.ssl_min_ver == SSLv2)
+- meth = SSLv2_server_method();
+-# endif
++
++
++
++
+ # ifndef OPENSSL_NO_SSL3
+ if (sslprm.ssl_min_ver == SSLv3)
+ meth = SSLv3_server_method();
+@@ -385,12 +385,6 @@ void log_ssl_startup(void)
+ 1 ? "Accept" : "Require"));
+ syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
+ switch (sslprm.ssl_min_ver) {
+- case SSLv2:
+- vers = "SSLv2";
+- break;
+- case SSLv2_plus:
+- vers = "SSLv2 And Above";
+- break;
+ case SSLv3:
+ vers = "SSLv3";
+ break;
+@@ -796,11 +790,7 @@ int read_config_file(char *filename)
+ }
+
+ } else if (!strcmp(varname, "ssl_version")) {
+- if (!strcmp(varvalue, "SSLv2"))
+- sslprm.ssl_min_ver = SSLv2;
+- else if (!strcmp(varvalue, "SSLv2+"))
+- sslprm.ssl_min_ver = SSLv2_plus;
+- else if (!strcmp(varvalue, "SSLv3"))
++ if (!strcmp(varvalue, "SSLv3"))
+ sslprm.ssl_min_ver = SSLv3;
+ else if (!strcmp(varvalue, "SSLv3+"))
+ sslprm.ssl_min_ver = SSLv3_plus;
Copied: nrpe/repos/community-staging-i686/nrpe.install (from rev 217996, nrpe/trunk/nrpe.install)
===================================================================
--- community-staging-i686/nrpe.install (rev 0)
+++ community-staging-i686/nrpe.install 2017-03-21 09:57:26 UTC (rev 217997)
@@ -0,0 +1,21 @@
+post_install() {
+ if [ -z "$(getent group nrpe)" ]; then
+ groupadd -g 31 nrpe
+ fi
+ if [ -z "$(getent passwd nrpe)" ]; then
+ useradd -u 31 -g nrpe -c "NRPE" -d /dev/null -s /usr/bin/nologin nrpe
+ fi
+
+ grep -Pq '^nrpe\s+' /etc/services || \
+ echo "nrpe 5666/tcp" >> /etc/services
+}
+
+post_upgrade() {
+ post_install $1
+}
+
+post_remove() {
+ # remove the line added to /etc/services
+ sed -e '/nrpe 5666\/tcp/d' \
+ -i /etc/services || true
+}
Copied: nrpe/repos/community-staging-x86_64/PKGBUILD (from rev 217996, nrpe/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD (rev 0)
+++ community-staging-x86_64/PKGBUILD 2017-03-21 09:57:26 UTC (rev 217997)
@@ -0,0 +1,68 @@
+# Maintainer: Jonathan Steel <jsteel at archlinux.org>
+# Contributor: Phillip Smith <fukawi2 at NO-SPAM.gmail.com>
+# Contributor: Dale Blount <dale at archlinux.org>
+
+pkgname=nrpe
+pkgver=3.0.1
+pkgrel=4
+pkgdesc="Nagios Remote Plugin Executor"
+arch=('i686' 'x86_64')
+license=('GPL')
+depends=('openssl')
+optdepends=("monitoring-plugins: common tools for monitoring using $pkgname")
+install=$pkgname.install
+backup=('etc/nrpe/nrpe.cfg' 'etc/xinetd.d/nrpe')
+url="https://github.com/NagiosEnterprises/nrpe"
+source=(https://github.com/NagiosEnterprises/nrpe/releases/download/$pkgver/$pkgname-$pkgver.tar.gz
+ nrpe-0010-opensslv110-strict.patch
+ nrpe-0011-opensslv110-nosslv2.patch)
+sha256sums=('8f56da2d74f6beca1a04fe04ead84427e582b9bb88611e04e290f59617ca3ea3'
+ '58ca691a11f5005631f4e940daa18c344b3d2f322184506d63cc1eb2633d30a3'
+ 'e4383c8261b7097a46d8fe54c97391767a4ef0107d551f55d71940469f5e433f')
+
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../nrpe-0010-opensslv110-strict.patch
+ patch -Np1 -i ../nrpe-0011-opensslv110-nosslv2.patch
+}
+
+build() {
+ cd $pkgname-$pkgver
+
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc/nrpe \
+ --libexecdir=/usr/lib/monitoring-plugins \
+ --enable-command-args \
+ --with-nrpe-user=31 --with-nrpe-group=31 \
+ --with-nagios-user=31 --with-nagios-group=31 \
+ --with-piddir=/run/nrpe
+
+ make all
+}
+
+package() {
+ cd $pkgname-$pkgver
+
+ make DESTDIR="$pkgdir" install
+
+ install -Dm644 sample-config/nrpe.cfg "$pkgdir"/etc/nrpe/nrpe.cfg
+ install -Dm644 startup/default-service "$pkgdir"/usr/lib/systemd/system/nrpe.service
+ install -Dm644 startup/default-socket "$pkgdir"/usr/lib/systemd/system/nrpe.socket
+ install -Dm644 startup/default-xinetd "$pkgdir"/etc/xinetd.d/nrpe
+ install -Dm644 startup/tmpfile.conf "$pkgdir"/usr/lib/tmpfiles.d/nrpe.conf
+
+ install -Dm644 README.md "$pkgdir"/usr/share/doc/$pkgname/README.md
+ install -Dm644 README.SSL.md "$pkgdir"/usr/share/doc/$pkgname/README.SSL.md
+ install -Dm644 SECURITY.md "$pkgdir"/usr/share/doc/$pkgname/SECURITY.md
+ install -Dm644 LEGAL "$pkgdir"/usr/share/licenses/$pkgname/LEGAL
+
+ # FS#52873
+ sed -i 's/=31$/=nrpe/g' "$pkgdir"/etc/nrpe/nrpe.cfg
+
+ # Tidy up
+ chmod 755 "$pkgdir"/usr/lib/monitoring-plugins
+ chown -R root:root "$pkgdir"/usr/lib/monitoring-plugins
+ rm -f "$pkgdir"/usr/bin/nrpe-uninstall
+ rm -rf "$pkgdir"/run
+}
Copied: nrpe/repos/community-staging-x86_64/nrpe-0010-opensslv110-strict.patch (from rev 217996, nrpe/trunk/nrpe-0010-opensslv110-strict.patch)
===================================================================
--- community-staging-x86_64/nrpe-0010-opensslv110-strict.patch (rev 0)
+++ community-staging-x86_64/nrpe-0010-opensslv110-strict.patch 2017-03-21 09:57:26 UTC (rev 217997)
@@ -0,0 +1,54 @@
+diff -up ./src/check_nrpe.c.opensslv110 ./src/check_nrpe.c
+--- ./src/check_nrpe.c.opensslv110 2017-02-07 11:08:23.647733686 -0500
++++ ./src/check_nrpe.c 2017-02-07 12:44:22.314160593 -0500
+@@ -980,9 +980,10 @@ int connect_to_remote()
+ if (peer) {
+ if (sslprm.log_opts & SSL_LogIfClientCert)
+ syslog(LOG_NOTICE, "SSL %s has %s certificate",
+- rem_host, peer->valid ? "a valid" : "an invalid");
++ rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
+ if (sslprm.log_opts & SSL_LogCertDetails) {
+- syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name);
++ X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
++ syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
+ X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
+ syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
+ }
+@@ -1427,7 +1428,7 @@ int verify_callback(int preverify_ok, X5
+ ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+
+ X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
+- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
++ X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256);
+
+ if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
+ && (sslprm.log_opts & SSL_LogCertDetails)) {
+diff -up ./src/nrpe.c.opensslv110 ./src/nrpe.c
+--- ./src/nrpe.c.opensslv110 2016-09-08 12:18:58.000000000 -0400
++++ ./src/nrpe.c 2017-02-07 12:42:35.667799987 -0500
+@@ -614,7 +614,7 @@ int verify_callback(int preverify_ok, X5
+ ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+
+ X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
+- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
++ X509_NAME_oneline(err_cert, issuer, 256);
+
+ if (!preverify_ok && (sslprm.log_opts & SSL_LogCertDetails)) {
+ syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
+@@ -1785,12 +1785,14 @@ int handle_conn_ssl(int sock, void *ssl_
+ peer = SSL_get_peer_certificate(ssl);
+
+ if (peer) {
++
+ if (sslprm.log_opts & SSL_LogIfClientCert)
+ syslog(LOG_NOTICE, "SSL Client %s has %svalid certificate",
+- remote_host, peer->valid ? "a " : "an in");
++ remote_host, SSL_get_verify_result(ssl) ? "a " : "an in");
+ if (sslprm.log_opts & SSL_LogCertDetails) {
++ X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
+ syslog(LOG_NOTICE, "SSL Client %s Cert Name: %s",
+- remote_host, peer->name);
++ remote_host, buffer);
+ X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
+ syslog(LOG_NOTICE, "SSL Client %s Cert Issuer: %s",
+ remote_host, buffer);
Copied: nrpe/repos/community-staging-x86_64/nrpe-0011-opensslv110-nosslv2.patch (from rev 217996, nrpe/trunk/nrpe-0011-opensslv110-nosslv2.patch)
===================================================================
--- community-staging-x86_64/nrpe-0011-opensslv110-nosslv2.patch (rev 0)
+++ community-staging-x86_64/nrpe-0011-opensslv110-nosslv2.patch 2017-03-21 09:57:26 UTC (rev 217997)
@@ -0,0 +1,113 @@
+diff -up ./src/check_nrpe.c.opensslv110_nossl2 ./src/check_nrpe.c
+--- ./src/check_nrpe.c.opensslv110_nossl2 2017-02-07 13:51:02.848680596 -0500
++++ ./src/check_nrpe.c 2017-02-07 13:56:14.134901320 -0500
+@@ -64,7 +64,7 @@ int use_ssl = FALSE;
+
+ /* SSL/TLS parameters */
+ typedef enum _SSL_VER {
+- SSL_Ver_Invalid = 0, SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus,
++ SSL_Ver_Invalid = 0, SSLv3=3, SSLv3_plus,
+ TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
+ } SslVer;
+
+@@ -402,11 +402,7 @@ int process_arguments(int argc, char **a
+ "overrides the config file option.");
+ break;
+ }
+- if (!strcmp(optarg, "SSLv2"))
+- sslprm.ssl_min_ver = SSLv2;
+- else if (!strcmp(optarg, "SSLv2+"))
+- sslprm.ssl_min_ver = SSLv2_plus;
+- else if (!strcmp(optarg, "SSLv3"))
++ if (!strcmp(optarg, "SSLv3"))
+ sslprm.ssl_min_ver = SSLv3;
+ else if (!strcmp(optarg, "SSLv3+"))
+ sslprm.ssl_min_ver = SSLv3_plus;
+@@ -665,8 +661,8 @@ void usage(int result)
+ printf(" 2 = Force Anonymous Diffie Hellman\n");
+ printf(" <size> = Specify non-default payload size for NSClient++\n");
+ printf
+- (" <ssl ver> = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
+- printf(" SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n");
++ (" <ssl ver> = The SSL/TLS version to use. Can be any one of: \n");
++ printf(" SSLv3 (only), SSLv3+ (or above),\n");
+ printf(" TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n");
+ printf(" TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n");
+ printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
+@@ -736,12 +732,6 @@ void setup_ssl()
+ sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
+ syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
+ switch (sslprm.ssl_min_ver) {
+- case SSLv2:
+- val = "SSLv2";
+- break;
+- case SSLv2_plus:
+- val = "SSLv2 And Above";
+- break;
+ case SSLv3:
+ val = "SSLv3";
+ break;
+@@ -779,10 +769,6 @@ void setup_ssl()
+ SSL_library_init();
+ meth = SSLv23_client_method();
+
+-# ifndef OPENSSL_NO_SSL2
+- if (sslprm.ssl_min_ver == SSLv2)
+- meth = SSLv2_client_method();
+-# endif
+ # ifndef OPENSSL_NO_SSL3
+ if (sslprm.ssl_min_ver == SSLv3)
+ meth = SSLv3_client_method();
+diff -up ./src/nrpe.c.opensslv110_nossl2 ./src/nrpe.c
+--- ./src/nrpe.c.opensslv110_nossl2 2017-02-07 13:51:02.849680580 -0500
++++ ./src/nrpe.c 2017-02-07 13:51:02.851680549 -0500
+@@ -109,7 +109,7 @@ int listen_queue_size = DEFAULT_LI
+
+ /* SSL/TLS parameters */
+ typedef enum _SSL_VER {
+- SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus, TLSv1,
++ SSLv3=3, SSLv3_plus, TLSv1,
+ TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
+ } SslVer;
+
+@@ -278,10 +278,10 @@ void init_ssl(void)
+ }
+ }
+ }
+-# ifndef OPENSSL_NO_SSL2
+- if (sslprm.ssl_min_ver == SSLv2)
+- meth = SSLv2_server_method();
+-# endif
++
++
++
++
+ # ifndef OPENSSL_NO_SSL3
+ if (sslprm.ssl_min_ver == SSLv3)
+ meth = SSLv3_server_method();
+@@ -385,12 +385,6 @@ void log_ssl_startup(void)
+ 1 ? "Accept" : "Require"));
+ syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
+ switch (sslprm.ssl_min_ver) {
+- case SSLv2:
+- vers = "SSLv2";
+- break;
+- case SSLv2_plus:
+- vers = "SSLv2 And Above";
+- break;
+ case SSLv3:
+ vers = "SSLv3";
+ break;
+@@ -796,11 +790,7 @@ int read_config_file(char *filename)
+ }
+
+ } else if (!strcmp(varname, "ssl_version")) {
+- if (!strcmp(varvalue, "SSLv2"))
+- sslprm.ssl_min_ver = SSLv2;
+- else if (!strcmp(varvalue, "SSLv2+"))
+- sslprm.ssl_min_ver = SSLv2_plus;
+- else if (!strcmp(varvalue, "SSLv3"))
++ if (!strcmp(varvalue, "SSLv3"))
+ sslprm.ssl_min_ver = SSLv3;
+ else if (!strcmp(varvalue, "SSLv3+"))
+ sslprm.ssl_min_ver = SSLv3_plus;
Copied: nrpe/repos/community-staging-x86_64/nrpe.install (from rev 217996, nrpe/trunk/nrpe.install)
===================================================================
--- community-staging-x86_64/nrpe.install (rev 0)
+++ community-staging-x86_64/nrpe.install 2017-03-21 09:57:26 UTC (rev 217997)
@@ -0,0 +1,21 @@
+post_install() {
+ if [ -z "$(getent group nrpe)" ]; then
+ groupadd -g 31 nrpe
+ fi
+ if [ -z "$(getent passwd nrpe)" ]; then
+ useradd -u 31 -g nrpe -c "NRPE" -d /dev/null -s /usr/bin/nologin nrpe
+ fi
+
+ grep -Pq '^nrpe\s+' /etc/services || \
+ echo "nrpe 5666/tcp" >> /etc/services
+}
+
+post_upgrade() {
+ post_install $1
+}
+
+post_remove() {
+ # remove the line added to /etc/services
+ sed -e '/nrpe 5666\/tcp/d' \
+ -i /etc/services || true
+}
More information about the arch-commits
mailing list