Upgrade to version 4.4.13
This commit is contained in:
chen-jan
parent
15e5837702
commit
2646c875b2
@ -1,13 +0,0 @@
|
||||
diff --git a/Changelog b/Changelog
|
||||
index a5fd04c6..51394645 100644
|
||||
--- a/Changelog
|
||||
+++ b/Changelog
|
||||
@@ -9,7 +9,7 @@ FIXES
|
||||
* Fixed duplicate properties appearing in statusjson.cgi (#718) (Sebastian Wolf)
|
||||
* Fixed NERD not building when enabled in ./configure (#723) (Sebastian Wolf)
|
||||
* Fixed build process when using GCC 10 (#721) (Michael Orlitzky)
|
||||
-* Fixed postauth vulnerabilities in histogram.js, map.js, trends.js (CVE-2020-1408) (Thanks UraSec Team) (Sebastian Wolf)
|
||||
+* Fixed postauth vulnerabilities in histogram.js, map.js, trends.js (CVE-2020-13977) (Thanks UraSec Team) (Sebastian Wolf)
|
||||
* When using systemd, configuration will be verified before reloading (#715) (tatref)
|
||||
* Fixed HARD OK states triggering on the maximum check attempt (#757) (Sebastian Wolf)
|
||||
|
||||
Binary file not shown.
@ -1,16 +0,0 @@
|
||||
module nagios-socket 1.1;
|
||||
|
||||
require {
|
||||
type nagios_t;
|
||||
type nagios_spool_t;
|
||||
class sock_file { write create unlink };
|
||||
class unix_stream_socket connectto;
|
||||
}
|
||||
|
||||
|
||||
#============= nagios_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
allow nagios_t nagios_spool_t:sock_file { write create unlink };
|
||||
#!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode'
|
||||
allow nagios_t self:unix_stream_socket connectto;
|
||||
70
nagios.spec
70
nagios.spec
@ -1,5 +1,5 @@
|
||||
Name: nagios
|
||||
Version: 4.4.6
|
||||
Version: 4.4.13
|
||||
Release: 1
|
||||
Summary: Host/service/network monitoring program
|
||||
License: GPLv2
|
||||
@ -16,8 +16,9 @@ Source10: printer.png
|
||||
Source11: router.png
|
||||
Source12: switch.png
|
||||
Source13: nagios.README.SELinux.rst
|
||||
Source14: nagios_epel7.te
|
||||
Source15: nagios_epel.fc
|
||||
Source14: nagios.te
|
||||
Source15: nagios.fc
|
||||
Source16: nagios.if
|
||||
Patch0001: nagios-0001-default-init.patch
|
||||
Patch0002: nagios-0002-Fix-installation-of-httpd-conf.d-config-file.patch
|
||||
Patch0003: nagios-0003-Install-config-files-too.patch
|
||||
@ -31,11 +32,12 @@ Patch0011: nagios-0011-remove-rpmbuild.patch
|
||||
Patch0012: nagios-0012-fix-spool.patch
|
||||
Patch0013: nagios-0013-fix-plugin.patch
|
||||
Patch0014: nagios-0014-fix-uidgid.patch
|
||||
Patch0015: nagios-0015-Changelog.patch
|
||||
BuildRequires: doxygen gcc gperf libjpeg-devel libpng-devel zlib-devel gd-devel > 1.8
|
||||
BuildRequires: perl-generators perl(CPAN) perl(ExtUtils::MakeMaker) perl(ExtUtils::Embed)
|
||||
BuildRequires: perl(Test::Harness) perl(Test::More) perl(Test::Simple)
|
||||
BuildRequires: checkpolicy, selinux-policy-devel libtool systemd
|
||||
BuildRequires: openssl-devel ima-evm-utils
|
||||
|
||||
Requires: httpd php mailx nagios-common
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
|
||||
@ -64,7 +66,7 @@ Provides common directories, uid and gid among nagios-related packages.
|
||||
|
||||
%package devel
|
||||
Summary: Provides include files that Nagios-related applications may compile against
|
||||
Requires: nagios = 4.4.6-%release
|
||||
Requires: nagios = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
Nagios is a program that will monitor hosts and services on your
|
||||
@ -77,7 +79,7 @@ may compile against.
|
||||
|
||||
%package selinux
|
||||
Summary: SELinux context for nagios
|
||||
Requires: nagios = 4.4.6-%release
|
||||
Requires: nagios = %{version}-%{release}
|
||||
Requires(post): policycoreutils
|
||||
Requires(postun): policycoreutils
|
||||
|
||||
@ -87,13 +89,13 @@ SElinux context for nagios.
|
||||
|
||||
%package contrib
|
||||
Summary: Eventhandlers contributed to nagios
|
||||
Requires: nagios = 4.4.6-%release
|
||||
Requires: nagios = %{version}-%{release}
|
||||
|
||||
%description contrib
|
||||
Various contributed items used by plugins and other tools.
|
||||
|
||||
%prep
|
||||
%autosetup -n nagioscore-nagios-4.4.6 -p1
|
||||
%autosetup -n nagios-%{version} -p1
|
||||
|
||||
install -p -m 0644 %{SOURCE10} %{SOURCE11} %{SOURCE12} html/images/logos/
|
||||
|
||||
@ -136,11 +138,11 @@ cp -f %{SOURCE6} UpgradeToVersion4.sh
|
||||
echo >> html/stylesheets/common.css
|
||||
|
||||
mkdir selinux
|
||||
install -pm 644 %{SOURCE13} README.SELinux.rst
|
||||
cp -p %{SOURCE14} selinux/%{name}_epel.te
|
||||
cp -p %{SOURCE15} selinux/%{name}_epel.fc
|
||||
touch selinux/%{name}_epel.if
|
||||
make -f %{_datadir}/selinux/devel/Makefile
|
||||
cp -p %{SOURCE14} selinux/%{name}.te
|
||||
cp -p %{SOURCE15} selinux/%{name}.fc
|
||||
cp -p %{SOURCE16} selinux/%{name}.if
|
||||
%make_build -f %{_datadir}/selinux/devel/Makefile %{name}.pp
|
||||
bzip2 -9 %{name}.pp
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
@ -168,7 +170,9 @@ chmod 755 %{buildroot}%{_sbindir}/nagios
|
||||
install -d -m 0755 %{buildroot}%{_datadir}/nagios/html/docs
|
||||
%{__cp} -a Documentation/html/* %{buildroot}%{_datadir}/nagios/html/docs
|
||||
|
||||
install -p -m 644 -D %{name}_epel.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/%{name}_epel.pp
|
||||
install -pm 644 %{SOURCE13} README.SELinux.rst
|
||||
install -D -m 0644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}.pp.bz2
|
||||
install -D -p -m 0644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
|
||||
|
||||
make install -C contrib DESTDIR="%{buildroot}" INSTALL_OPTS=""
|
||||
install -p -m 644 contrib/eventhandlers/disable_active_service_checks %{buildroot}%{_libdir}/nagios/plugins/eventhandlers/
|
||||
@ -204,25 +208,29 @@ fi
|
||||
%postun
|
||||
/usr/bin/systemctl condrestart httpd > /dev/null 2>&1 || :
|
||||
|
||||
triggerun -- %{name} < 3.5.1-2
|
||||
# Save the current service runlevel info
|
||||
# User must manually run systemd-sysv-convert --apply opensips
|
||||
# to migrate them to systemd targets
|
||||
/usr/bin/systemd-sysv-convert --save %{name} >/dev/null 2>&1 ||:
|
||||
|
||||
# Run these because the SysV package being removed won't do them
|
||||
/sbin/chkconfig --del %{name} >/dev/null 2>&1 || :
|
||||
/bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || :
|
||||
|
||||
%post selinux
|
||||
%selinux_modules_install -s %{name} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
|
||||
%selinux_relabel_post -s %{name}
|
||||
|
||||
if [ "$1" -le "1" ]; then # First install
|
||||
semodule -i %{_datadir}/selinux/packages/%{name}/%{name}_epel.pp 2>/dev/null || :
|
||||
fixfiles -R %{name} restore >/dev/null 2>&1 || :
|
||||
%systemd_postun_with_restart %{name}.service
|
||||
fi
|
||||
|
||||
%preun selinux
|
||||
if [ "$1" -lt "1" ]; then # Final removal
|
||||
semodule -r %{name}_epel 2>/dev/null || :
|
||||
fixfiles -R %{name} restore >/dev/null 2>&1 || :
|
||||
%systemd_postun_with_restart %{name}.service
|
||||
fi
|
||||
|
||||
%postun selinux
|
||||
if [ "$1" -ge "1" ]; then # Upgrade
|
||||
# Replaces the module if it is already loaded
|
||||
semodule -i %{_datadir}/selinux/packages/%{name}/%{name}_epel.pp 2>/dev/null || :
|
||||
# no need to restart the daemon
|
||||
if [ $1 -eq 0 ]; then
|
||||
%selinux_modules_uninstall -s %{name} %{name}
|
||||
%selinux_relabel_post -s %{name}
|
||||
%systemd_postun_with_restart %{name}.service
|
||||
fi
|
||||
|
||||
%files
|
||||
@ -269,7 +277,10 @@ fi
|
||||
|
||||
%files selinux
|
||||
%doc README.SELinux.rst
|
||||
%{_datadir}/selinux/packages/%{name}/nagios_epel.pp
|
||||
%{_datadir}/selinux/packages/%{name}/%{name}.pp.*
|
||||
%{_datadir}/selinux/devel/include/distributed/%{name}.if
|
||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{name}/active/modules/200/%{name}
|
||||
|
||||
|
||||
%files contrib
|
||||
%doc contrib/README.contrib
|
||||
@ -277,6 +288,9 @@ fi
|
||||
%{_libdir}/%{name}/cgi/
|
||||
|
||||
%changelog
|
||||
* Thu Jul 27 2023 chenchen <chen_aka_jan@163.com> - 4.4.13-1
|
||||
- Upgrade to version 4.4.13
|
||||
|
||||
* Tue Jan 18 2022 SimpleUpdate Robot <tc@openeuler.org> - 4.4.6-1
|
||||
- Upgrade to version 4.4.6
|
||||
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
module nagios_epel 1.1;
|
||||
|
||||
require {
|
||||
type devlog_t;
|
||||
type hostname_exec_t;
|
||||
type kernel_t;
|
||||
type ldconfig_exec_t;
|
||||
type initrc_tmp_t;
|
||||
type nagios_exec_t;
|
||||
type nagios_script_t;
|
||||
type nagios_services_plugin_t;
|
||||
type nagios_spool_t;
|
||||
type nagios_system_plugin_t;
|
||||
type nagios_t;
|
||||
class capability chown;
|
||||
class file { execute execute_no_trans getattr open read };
|
||||
class sock_file { write create unlink };
|
||||
class unix_dgram_socket { connect create sendto };
|
||||
class unix_stream_socket connectto;
|
||||
}
|
||||
|
||||
#============= nagios_services_plugin_t ==============
|
||||
allow nagios_services_plugin_t devlog_t:sock_file write;
|
||||
allow nagios_services_plugin_t kernel_t:unix_dgram_socket sendto;
|
||||
allow nagios_services_plugin_t self:unix_dgram_socket { connect create };
|
||||
|
||||
#============= nagios_t ==============
|
||||
allow nagios_t hostname_exec_t:file { read getattr open execute execute_no_trans };
|
||||
allow nagios_t ldconfig_exec_t:file { execute execute_no_trans open read };
|
||||
allow nagios_t nagios_exec_t:file execute_no_trans;
|
||||
allow nagios_t nagios_spool_t:sock_file { write create unlink };
|
||||
allow nagios_t self:capability chown;
|
||||
allow nagios_t self:unix_stream_socket connectto;
|
||||
|
||||
#============= nagios_script_t ==============
|
||||
allow nagios_script_t nagios_spool_t:file { getattr open read };
|
||||
|
||||
#============= nagios_system_plugin_t ==============
|
||||
allow nagios_system_plugin_t nagios_spool_t:file { getattr open read };
|
||||
Loading…
x
Reference in New Issue
Block a user