Path to this page:
Subject: CVS commit: pkgsrc/net/nagios-nrpe
From: Mark Davies
Date: 2023-05-30 12:45:30
Message id: 20230530104531.2BF54FA85@cvs.NetBSD.org
Log Message:
nagios-nrpe: update to 4.1.0
4.1.0 - 2022-06-??
------------------
**ENHANCEMENTS**
- Add support for OpenSSL 3 (and EL9/Debian 11/Ubuntu 22)
- Allow tcpd/libwrap to be excluded from build when present on the system
- Allow loading of full certificate chains
- Change -u (connection issues return UNKNOWN) to include all SSL-layer failures.
- Disable renegotiation and enforce server cipher order when using SSL
- Verify that private keys match certificates when using SSL
**FIXES**
- Fixed incorrect default for nasty_metachars in nrpe.cfg
- Fixed incorrect help text for --use-adh
- Fixed potential out-of-bound read when used with IPv6
[4.0.3] - 2020-04-28
----------------------------------------------------------------------------
**FIXES**
- Fixed nasty_metachars not being read from config file (Sebastian Wolf)
[4.0.2] - 2020-03-11
----------------------------------------------------------------------------
**FIXES**
- Fixed buffer length calculations/writing past memory boundaries on some
systems (Andreas Baumann, hariwe, Sebastian Wolf)
- Fixed use of uninitialized variable when validating requests (hariwe, \
Sebastian Wolf)
[4.0.1] - 2020-01-22
----------------------------------------------------------------------------
**FIXES**
* Fixed syslog flooding with CRC-checking errors when both plugin and agent
were updated to version 4 (Sebastian Wolf)
[4.0.0] - 2019-01-13
----------------------------------------------------------------------------
Note: This update includes security fixes which affect both the check_nrpe
plugin and the NRPE daemon. The latest version of NRPE is still able to
interoperate with previous versions, but for best results, both programs
should be updated.
**ENHANCEMENTS**
* Added TLSv1.3 and TLSv1.3+ support for systems that have it (Nigel Yong, Rahul \
Golam)
* Added IPv6 ip address to list of default allow_from hosts (Troy Lea)
* Added -D option to disable logging to syslog (Tom Griep, Sebastian Wolf)
* Added -3 option to force check_nrpe to use NRPE v3 packets
* OpenRC: provide a default path for nrpe.cfg (Michael Orlitzky)
* OpenRC: Use RC_SVCNAME over a hard-coded PID file (j-licht)
**FIXES**
* Checks for '!' now only occur inside the command buffer (Joni Eskelinen)
* NRPE daemon is more resilient to DOS attacks (Leonid Vasiliev)
* allowed_hosts will no longer test getaddrinfo records against the wrong protocol
(dombenson)
* nasty_metachars will now handle C escape sequences properly when specified in the
config file (Sebastian Wolf)
* Calculated packet sizes now struct padding/alignment when sending and receiving
messages (Sebastian Wolf)
* Buffer sizes are now checked before use in packet size calculation (Sebastian Wolf)
* When using `include_dir`, individual files' errors do not prevent the remaining
files from being read (Sebastian Wolf)
[3.2.1] - 2017-08-31
----------------------------------------------------------------------------
**FIXES**
* Change seteuid error messages to warning/debug (Bryan Heden)
* Fix segfault when no nrpe_user is specified (Stephen Smoogen, Bryan Heden)
* Added additional strings to error messages to remove duplicates (Bryan Heden)
* Fix nrpe.spec for rpmbuild (Bryan Heden)
* Fix error for drop_privileges when using inetd (xalasys-luc, Bryan Heden)
Files: