diff -Nru nagios-plugins-contrib-20.20170118/check_ssl_cert/tests nagios-plugins-contrib-21.20170222/check_ssl_cert/tests --- nagios-plugins-contrib-20.20170118/check_ssl_cert/tests 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-21.20170222/check_ssl_cert/tests 2017-02-22 13:32:22.000000000 +0000 @@ -0,0 +1,2 @@ +Depends: openssl, curl, file +Test-Command: /usr/lib/nagios/plugins/check_ssl_cert -H www.debian.org diff -Nru nagios-plugins-contrib-20.20170118/debian/changelog nagios-plugins-contrib-21.20170222/debian/changelog --- nagios-plugins-contrib-20.20170118/debian/changelog 2017-01-18 21:18:18.000000000 +0000 +++ nagios-plugins-contrib-21.20170222/debian/changelog 2017-02-22 13:32:22.000000000 +0000 @@ -1,3 +1,26 @@ +nagios-plugins-contrib (21.20170222) unstable; urgency=medium + + [ Bernd Zeimetz ] + * [5091e4a] Disable EPN for check_raid. + Thanks to Daniel Pocock (Closes: #851351) + * [5bdff51] check_raid: fix failed mdadm hotspare detection. + Thanks to Sascha Steinbiss (Closes: #855054) + * [5232be1] percona-nagios-plugins: fix bashism. + Thanks to Raphael Geissert (Closes: #772278) + + [ Stefan Schörghofer ] + * [6495faa] Fixes check_ssl_cert problems with Openssl > 1.1.x + (Closes: #855253) + + [ Bernd Zeimetz ] + * [bf4fb49] Add autopkgtest for check_ssl_cert. + * [9aacdb6] Auto update of debian/tests/control + * [0d7ac29] Fix check_cert_expire_dirs to make it work at all. + check_cert_expire_dirs was not able to find + check_cert_expire. Fixing that. (Closes: #855155) + + -- Bernd Zeimetz Wed, 22 Feb 2017 14:32:22 +0100 + nagios-plugins-contrib (20.20170118) unstable; urgency=medium [ Evgeni Golov ] diff -Nru nagios-plugins-contrib-20.20170118/debian/patches/check_raid/fix_mdadm_hotspare_failure_detection nagios-plugins-contrib-21.20170222/debian/patches/check_raid/fix_mdadm_hotspare_failure_detection --- nagios-plugins-contrib-20.20170118/debian/patches/check_raid/fix_mdadm_hotspare_failure_detection 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-21.20170222/debian/patches/check_raid/fix_mdadm_hotspare_failure_detection 2017-02-22 13:32:22.000000000 +0000 @@ -0,0 +1,11 @@ +--- a/check_raid/check_raid ++++ b/check_raid/check_raid +@@ -3661,7 +3661,7 @@ $fatpacked{"App/Monitoring/Plugin/CheckR + } elsif (@fd > 0) { + # FIXME: this is same as above? + $this->warning; +- $s .= "hot-spare failure:". join(",", @{$md{failed_disks}}) .":$md{status}"; ++ $s .= "hot-spare failure:". join(",", @fd) .":$md{status}"; + + } else { + $s .= "$md{status}"; diff -Nru nagios-plugins-contrib-20.20170118/debian/patches/check_raid/no_epn nagios-plugins-contrib-21.20170222/debian/patches/check_raid/no_epn --- nagios-plugins-contrib-20.20170118/debian/patches/check_raid/no_epn 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-21.20170222/debian/patches/check_raid/no_epn 2017-02-22 13:32:22.000000000 +0000 @@ -0,0 +1,8 @@ +--- a/check_raid/check_raid ++++ b/check_raid/check_raid +@@ -1,4 +1,5 @@ + #!/usr/bin/perl ++# nagios: -epn + + # This chunk of stuff was generated by App::FatPacker. To find the original + # file's code, look for the end of this BEGIN block or the string 'FATPACK' diff -Nru nagios-plugins-contrib-20.20170118/debian/patches/check_ssl_cert/bug-855253-fix nagios-plugins-contrib-21.20170222/debian/patches/check_ssl_cert/bug-855253-fix --- nagios-plugins-contrib-20.20170118/debian/patches/check_ssl_cert/bug-855253-fix 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-21.20170222/debian/patches/check_ssl_cert/bug-855253-fix 2017-02-22 13:32:22.000000000 +0000 @@ -0,0 +1,196 @@ +--- a/check_ssl_cert/check_ssl_cert-1.37/check_ssl_cert ++++ b/check_ssl_cert/check_ssl_cert-1.37/check_ssl_cert +@@ -969,8 +969,12 @@ + + if [ -n "${OCSP}" ] ; then + +- ISSUER_CERT="$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )" +- if [ -z "${ISSUER_CERT}" ] || [ ! -w "${ISSUER_CERT}" ] ; then ++ ISSUER_CERT_TMP="$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )" ++ if [ -z "${ISSUER_CERT_TMP}" ] || [ ! -w "${ISSUER_CERT_TMP}" ] ; then ++ unknown 'temporary file creation failure.' ++ fi ++ ISSUER_CERT_TMP2="$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )" ++ if [ -z "${ISSUER_CERT_TMP2}" ] || [ ! -w "${ISSUER_CERT_TMP2}" ] ; then + unknown 'temporary file creation failure.' + fi + +@@ -992,7 +996,7 @@ + + # Cleanup before program termination + # Using named signals to be POSIX compliant +- trap 'rm -f $CERT $ERROR $ISSUER_CERT' EXIT HUP INT QUIT TERM ++ trap 'rm -f $CERT $ERROR $ISSUER_CERT_TMP $ISSUER_CERT_TMP2' EXIT HUP INT QUIT TERM + + fetch_certificate + +@@ -1348,8 +1352,11 @@ + # Check the validity + if [ -z "${NOEXP}" ] ; then + ++ if [ -n "${DEBUG}" ] ; then ++ echo "[DBG] Checking expiration date" ++ fi + # We always check expired certificates +- if ! $OPENSSL x509 -in "${CERT}" -noout -checkend 0 ; then ++ if ! $OPENSSL x509 -in "${CERT}" -noout -checkend 0 > /dev/null ; then + critical "certificate is expired (was valid until $DATE)" + fi + +@@ -1359,7 +1366,7 @@ + echo "[DBG] executing: $OPENSSL x509 -in ${CERT} -noout -checkend $(( CRITICAL * 86400 ))" + fi + +- if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( CRITICAL * 86400 )) ; then ++ if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( CRITICAL * 86400 )) > /dev/null ; then + critical "certificate will expire on $DATE" + fi + +@@ -1371,7 +1378,7 @@ + echo "[DBG] executing: $OPENSSL x509 -in ${CERT} -noout -checkend $(( WARNING * 86400 ))" + fi + +- if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( WARNING * 86400 )) ; then ++ if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( WARNING * 86400 )) > /dev/null ; then + warning "certificate will expire on $DATE" + fi + +@@ -1504,34 +1511,36 @@ + if [ -n "${OCSP}" ]; then + + if [ -n "${DEBUG}" ] ; then +- echo "[DBG] OCSP: fetching issuer certificate ${ISSUER_URI} to ${ISSUER_CERT}" ++ echo "[DBG] OCSP: fetching issuer certificate ${ISSUER_URI} to ${ISSUER_CERT_TMP}" + fi + +- curl --silent "${ISSUER_URI}" > "${ISSUER_CERT}" ++ curl --silent "${ISSUER_URI}" > "${ISSUER_CERT_TMP}" + + if [ -n "${DEBUG}" ] ; then +- echo "[DBG] OCSP: issuer certificate type: $(${FILE_BIN} "${ISSUER_CERT}" | sed 's/.*://' )" ++ echo "[DBG] OCSP: issuer certificate type: $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )" + fi + + # check the result +- if ! "${FILE_BIN}" "${ISSUER_CERT}" | grep -q ': (ASCII|PEM)' ; then ++ if ! "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -q ': (ASCII|PEM)' ; then + +- if "${FILE_BIN}" "${ISSUER_CERT}" | grep -q ': data' ; then ++ if "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -q ': data' ; then + + if [ -n "${DEBUG}" ] ; then + echo "[DBG] OCSP: converting issuer certificate from DER to PEM" + fi + +- openssl x509 -inform DER -outform PEM -in "${ISSUER_CERT}" -out "${ISSUER_CERT}" ++ cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}" ++ ++ $OPENSSL x509 -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}" + +- else ++ else + + unknown "Unable to fetch OCSP issuer certificate." + +- fi ++ fi + + +- fi ++ fi + + if [ -n "${DEBUG}" ] ; then + +@@ -1543,7 +1552,7 @@ + + echo "[DBG] OCSP: storing a copy of the retrieved issuer certificate to ${FILE_NAME}" + +- cp "${ISSUER_CERT}" "${FILE_NAME}" ++ cp "${ISSUER_CERT_TMP}" "${FILE_NAME}" + fi + + OCSP_HOST="$(echo "${OCSP_URI}" | sed -e "s@.*//\([^/]\+\)\(/.*\)\?\$@\1@g" | sed 's/^http:\/\///' | sed 's/\/.*//' )" +@@ -1563,33 +1572,54 @@ + echo "[DBG] openssl ocsp support the -header option" + fi + ++ # the -header option was first accepting key and value separated by space. The newer versions are using key=value ++ KEYVALUE="" ++ if openssl ocsp -help 2>&1 | grep header | grep -q 'key=value' ; then ++ if [ -n "${DEBUG}" ] ; then ++ echo "[DBG] openssl ocsp -header requires 'key=value'" ++ fi ++ KEYVALUE=1 ++ else ++ if [ -n "${DEBUG}" ] ; then ++ echo "[DBG] openssl ocsp -header requires 'key value'" ++ fi ++ fi ++ + # http_proxy is sometimes lower- and sometimes uppercase. Programs usually check both + # shellcheck disable=SC2154 + if [ -n "${http_proxy}" ] ; then + HTTP_PROXY="${http_proxy}" + fi + +- if [ -n "${HTTP_PROXY:-}" ] ; then ++ if [ -n "${HTTP_PROXY:-}" ] ; then ++ if [ -n "${KEYVALUE}" ] ; then ++ if [ -n "${DEBUG}" ] ; then ++ echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST=${OCSP_HOST}" ++ fi ++ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST="${OCSP_HOST}" 2>&1 )" ++ else ++ if [ -n "${DEBUG}" ] ; then ++ echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST ${OCSP_HOST}" ++ fi ++ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )" + +- if [ -n "${DEBUG}" ] ; then +- echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST ${OCSP_HOST}" +- fi +- +- OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 | grep -i "ssl_cert")" +- +- else +- +- if [ -n "${DEBUG}" ] ; then +- echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}" +- fi +- +- OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 | grep -i "ssl_cert")" ++ fi ++ fi + +- +- fi ++ if [ -n "${KEYVALUE}" ] ; then ++ if [ -n "${DEBUG}" ] ; then ++ echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST=${OCSP_HOST}" ++ fi ++ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -url "${OCSP_URI}" -header "HOST=${OCSP_HOST}" 2>&1 )" ++ else ++ if [ -n "${DEBUG}" ] ; then ++ echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}" ++ fi ++ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )" ++ fi + + if [ -n "${DEBUG}" ] ; then +- echo "[DBG] OCSP: response = ${OCSP_RESP}" ++ echo "${OCSP_RESP}" | sed 's/^/[DBG] OCSP: response = /' + fi + + if echo "${OCSP_RESP}" | grep -qi "revoked" ; then +@@ -1597,9 +1627,9 @@ + elif ! echo "${OCSP_RESP}" | grep -qi "good" ; then + + if [ -n "${HTTP_PROXY:-}" ] ; then +- OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )" ++ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )" + else +- OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )" ++ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )" + fi + critical "${OCSP_RESP}" + diff -Nru nagios-plugins-contrib-20.20170118/debian/patches/dsa/check_cert_expire_dir_check_name_fix nagios-plugins-contrib-21.20170222/debian/patches/dsa/check_cert_expire_dir_check_name_fix --- nagios-plugins-contrib-20.20170118/debian/patches/dsa/check_cert_expire_dir_check_name_fix 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-21.20170222/debian/patches/dsa/check_cert_expire_dir_check_name_fix 2017-02-22 13:32:22.000000000 +0000 @@ -0,0 +1,14 @@ +--- a/dsa/checks/dsa-check-cert-expire-dir ++++ b/dsa/checks/dsa-check-cert-expire-dir +@@ -26,9 +26,9 @@ + + sn="$0" + if [ "${sn%/*}" = "$sn" ]; then +- CERT_CHECK=dsa-check-cert-expire ++ CERT_CHECK=check_cert_expire + else +- CERT_CHECK="${sn%/*}/dsa-check-cert-expire" ++ CERT_CHECK="${sn%/*}/check_cert_expire" + fi + + if [ "$#" != 1 ] ; then diff -Nru nagios-plugins-contrib-20.20170118/debian/patches/percona-nagios-plugins/fix_bashism nagios-plugins-contrib-21.20170222/debian/patches/percona-nagios-plugins/fix_bashism --- nagios-plugins-contrib-20.20170118/debian/patches/percona-nagios-plugins/fix_bashism 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-21.20170222/debian/patches/percona-nagios-plugins/fix_bashism 2017-02-22 13:32:22.000000000 +0000 @@ -0,0 +1,8 @@ +--- a/percona-nagios-plugins/nagios/bin/pmp-check-mysql-ts-count ++++ b/percona-nagios-plugins/nagios/bin/pmp-check-mysql-ts-count +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + + # ######################################################################## + # This program is part of $PROJECT_NAME$ diff -Nru nagios-plugins-contrib-20.20170118/debian/patches/series nagios-plugins-contrib-21.20170222/debian/patches/series --- nagios-plugins-contrib-20.20170118/debian/patches/series 2017-01-18 21:18:18.000000000 +0000 +++ nagios-plugins-contrib-21.20170222/debian/patches/series 2017-02-22 13:32:22.000000000 +0000 @@ -1,3 +1,4 @@ +dsa/check_cert_expire_dir_check_name_fix dsa/check_running_kernel_jessie_centos_fix check_ajp/return_critical_on_failed_connection check_backuppc/use_nagios_plugins @@ -43,10 +44,13 @@ dsa/status_directory dsa/check_packages-inifile dsa/epn - dsa/check_packages_,_fix check_cups/ParseDateDelta check_printer/epn check_nfsmounts/nfs4_support check_httpd_status/htdigest_auth check_varnish/fix_for_v5 +check_raid/no_epn +check_raid/fix_mdadm_hotspare_failure_detection +percona-nagios-plugins/fix_bashism +check_ssl_cert/bug-855253-fix diff -Nru nagios-plugins-contrib-20.20170118/debian/tests/control nagios-plugins-contrib-21.20170222/debian/tests/control --- nagios-plugins-contrib-20.20170118/debian/tests/control 2017-01-18 21:18:18.000000000 +0000 +++ nagios-plugins-contrib-21.20170222/debian/tests/control 2017-02-22 13:32:22.000000000 +0000 @@ -19,6 +19,9 @@ Depends: lsof, libyaml-syck-perl, @ Test-Command: /usr/lib/nagios/plugins/check_libs +Depends: openssl, curl, file, @ +Test-Command: /usr/lib/nagios/plugins/check_ssl_cert -H www.debian.org + Depends: libmonitoring-plugin-perl | libnagios-plugin-perl, @ Test-Command: /usr/lib/nagios/plugins/check_uptime -f