diff --git a/nagios-0015-Changelog.patch b/nagios-0015-Changelog.patch deleted file mode 100644 index 5ef34903c79e01effd4cc295c5a98a43032dfe4a..0000000000000000000000000000000000000000 --- a/nagios-0015-Changelog.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Changelog b/Changelog -index a5fd04c6..51394645 100644 ---- a/Changelog -+++ b/Changelog -@@ -9,7 +9,7 @@ FIXES - * Fixed duplicate properties appearing in statusjson.cgi (#718) (Sebastian Wolf) - * Fixed NERD not building when enabled in ./configure (#723) (Sebastian Wolf) - * Fixed build process when using GCC 10 (#721) (Michael Orlitzky) --* Fixed postauth vulnerabilities in histogram.js, map.js, trends.js (CVE-2020-1408) (Thanks UraSec Team) (Sebastian Wolf) -+* Fixed postauth vulnerabilities in histogram.js, map.js, trends.js (CVE-2020-13977) (Thanks UraSec Team) (Sebastian Wolf) - * When using systemd, configuration will be verified before reloading (#715) (tatref) - * Fixed HARD OK states triggering on the maximum check attempt (#757) (Sebastian Wolf) - diff --git a/nagios-4.4.6.tar.gz b/nagios-4.4.13.tar.gz similarity index 70% rename from nagios-4.4.6.tar.gz rename to nagios-4.4.13.tar.gz index 57cbc618199b81c2decd0acb6f5f651d8a7876a3..61cf099398c14b4ac5889008cc03b36bca436123 100644 Binary files a/nagios-4.4.6.tar.gz and b/nagios-4.4.13.tar.gz differ diff --git a/nagios-socket.te b/nagios-socket.te deleted file mode 100644 index d9ed56b932589c330af23eda4e6a5585f79d04a5..0000000000000000000000000000000000000000 --- a/nagios-socket.te +++ /dev/null @@ -1,16 +0,0 @@ -module nagios-socket 1.1; - -require { - type nagios_t; - type nagios_spool_t; - class sock_file { write create unlink }; - class unix_stream_socket connectto; -} - - -#============= nagios_t ============== - -#!!!! This avc is allowed in the current policy -allow nagios_t nagios_spool_t:sock_file { write create unlink }; -#!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode' -allow nagios_t self:unix_stream_socket connectto; diff --git a/nagios.spec b/nagios.spec index f2c4b1440d2e2062c1620bae7431e469a7870774..62358ad40275cce48c9dab372c24bd8d43cb797f 100644 --- a/nagios.spec +++ b/nagios.spec @@ -1,5 +1,5 @@ Name: nagios -Version: 4.4.6 +Version: 4.4.13 Release: 1 Summary: Host/service/network monitoring program License: GPLv2 @@ -16,8 +16,9 @@ Source10: printer.png Source11: router.png Source12: switch.png Source13: nagios.README.SELinux.rst -Source14: nagios_epel7.te -Source15: nagios_epel.fc +Source14: nagios.te +Source15: nagios.fc +Source16: nagios.if Patch0001: nagios-0001-default-init.patch Patch0002: nagios-0002-Fix-installation-of-httpd-conf.d-config-file.patch Patch0003: nagios-0003-Install-config-files-too.patch @@ -31,11 +32,12 @@ Patch0011: nagios-0011-remove-rpmbuild.patch Patch0012: nagios-0012-fix-spool.patch Patch0013: nagios-0013-fix-plugin.patch Patch0014: nagios-0014-fix-uidgid.patch -Patch0015: nagios-0015-Changelog.patch BuildRequires: doxygen gcc gperf libjpeg-devel libpng-devel zlib-devel gd-devel > 1.8 BuildRequires: perl-generators perl(CPAN) perl(ExtUtils::MakeMaker) perl(ExtUtils::Embed) BuildRequires: perl(Test::Harness) perl(Test::More) perl(Test::Simple) BuildRequires: checkpolicy, selinux-policy-devel libtool systemd +BuildRequires: openssl-devel ima-evm-utils + Requires: httpd php mailx nagios-common Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) @@ -64,7 +66,7 @@ Provides common directories, uid and gid among nagios-related packages. %package devel Summary: Provides include files that Nagios-related applications may compile against -Requires: nagios = 4.4.6-%release +Requires: nagios = %{version}-%{release} %description devel Nagios is a program that will monitor hosts and services on your @@ -77,7 +79,7 @@ may compile against. %package selinux Summary: SELinux context for nagios -Requires: nagios = 4.4.6-%release +Requires: nagios = %{version}-%{release} Requires(post): policycoreutils Requires(postun): policycoreutils @@ -87,13 +89,13 @@ SElinux context for nagios. %package contrib Summary: Eventhandlers contributed to nagios -Requires: nagios = 4.4.6-%release +Requires: nagios = %{version}-%{release} %description contrib Various contributed items used by plugins and other tools. %prep -%autosetup -n nagioscore-nagios-4.4.6 -p1 +%autosetup -n nagios-%{version} -p1 install -p -m 0644 %{SOURCE10} %{SOURCE11} %{SOURCE12} html/images/logos/ @@ -136,11 +138,11 @@ cp -f %{SOURCE6} UpgradeToVersion4.sh echo >> html/stylesheets/common.css mkdir selinux -install -pm 644 %{SOURCE13} README.SELinux.rst -cp -p %{SOURCE14} selinux/%{name}_epel.te -cp -p %{SOURCE15} selinux/%{name}_epel.fc -touch selinux/%{name}_epel.if -make -f %{_datadir}/selinux/devel/Makefile +cp -p %{SOURCE14} selinux/%{name}.te +cp -p %{SOURCE15} selinux/%{name}.fc +cp -p %{SOURCE16} selinux/%{name}.if +%make_build -f %{_datadir}/selinux/devel/Makefile %{name}.pp +bzip2 -9 %{name}.pp %install rm -rf $RPM_BUILD_ROOT @@ -168,7 +170,9 @@ chmod 755 %{buildroot}%{_sbindir}/nagios install -d -m 0755 %{buildroot}%{_datadir}/nagios/html/docs %{__cp} -a Documentation/html/* %{buildroot}%{_datadir}/nagios/html/docs -install -p -m 644 -D %{name}_epel.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/%{name}_epel.pp +install -pm 644 %{SOURCE13} README.SELinux.rst +install -D -m 0644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}.pp.bz2 +install -D -p -m 0644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if make install -C contrib DESTDIR="%{buildroot}" INSTALL_OPTS="" install -p -m 644 contrib/eventhandlers/disable_active_service_checks %{buildroot}%{_libdir}/nagios/plugins/eventhandlers/ @@ -204,25 +208,29 @@ fi %postun /usr/bin/systemctl condrestart httpd > /dev/null 2>&1 || : +triggerun -- %{name} < 3.5.1-2 +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply opensips +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save %{name} >/dev/null 2>&1 ||: + +# Run these because the SysV package being removed won't do them +/sbin/chkconfig --del %{name} >/dev/null 2>&1 || : +/bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || : + %post selinux +%selinux_modules_install -s %{name} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +%selinux_relabel_post -s %{name} + if [ "$1" -le "1" ]; then # First install - semodule -i %{_datadir}/selinux/packages/%{name}/%{name}_epel.pp 2>/dev/null || : - fixfiles -R %{name} restore >/dev/null 2>&1 || : %systemd_postun_with_restart %{name}.service fi -%preun selinux -if [ "$1" -lt "1" ]; then # Final removal - semodule -r %{name}_epel 2>/dev/null || : - fixfiles -R %{name} restore >/dev/null 2>&1 || : - %systemd_postun_with_restart %{name}.service -fi - %postun selinux -if [ "$1" -ge "1" ]; then # Upgrade - # Replaces the module if it is already loaded - semodule -i %{_datadir}/selinux/packages/%{name}/%{name}_epel.pp 2>/dev/null || : - # no need to restart the daemon +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{name} %{name} + %selinux_relabel_post -s %{name} + %systemd_postun_with_restart %{name}.service fi %files @@ -269,7 +277,10 @@ fi %files selinux %doc README.SELinux.rst -%{_datadir}/selinux/packages/%{name}/nagios_epel.pp +%{_datadir}/selinux/packages/%{name}/%{name}.pp.* +%{_datadir}/selinux/devel/include/distributed/%{name}.if +%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{name}/active/modules/200/%{name} + %files contrib %doc contrib/README.contrib @@ -277,6 +288,9 @@ fi %{_libdir}/%{name}/cgi/ %changelog +* Thu Jul 27 2023 chenchen - 4.4.13-1 +- Upgrade to version 4.4.13 + * Tue Jan 18 2022 SimpleUpdate Robot - 4.4.6-1 - Upgrade to version 4.4.6 diff --git a/nagios_epel.fc b/nagios_epel.fc deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/nagios_epel7.te b/nagios_epel7.te deleted file mode 100644 index a325233659089ed0fab787abf6d9447d74176684..0000000000000000000000000000000000000000 --- a/nagios_epel7.te +++ /dev/null @@ -1,39 +0,0 @@ -module nagios_epel 1.1; - -require { - type devlog_t; - type hostname_exec_t; - type kernel_t; - type ldconfig_exec_t; - type initrc_tmp_t; - type nagios_exec_t; - type nagios_script_t; - type nagios_services_plugin_t; - type nagios_spool_t; - type nagios_system_plugin_t; - type nagios_t; - class capability chown; - class file { execute execute_no_trans getattr open read }; - class sock_file { write create unlink }; - class unix_dgram_socket { connect create sendto }; - class unix_stream_socket connectto; -} - -#============= nagios_services_plugin_t ============== -allow nagios_services_plugin_t devlog_t:sock_file write; -allow nagios_services_plugin_t kernel_t:unix_dgram_socket sendto; -allow nagios_services_plugin_t self:unix_dgram_socket { connect create }; - -#============= nagios_t ============== -allow nagios_t hostname_exec_t:file { read getattr open execute execute_no_trans }; -allow nagios_t ldconfig_exec_t:file { execute execute_no_trans open read }; -allow nagios_t nagios_exec_t:file execute_no_trans; -allow nagios_t nagios_spool_t:sock_file { write create unlink }; -allow nagios_t self:capability chown; -allow nagios_t self:unix_stream_socket connectto; - -#============= nagios_script_t ============== -allow nagios_script_t nagios_spool_t:file { getattr open read }; - -#============= nagios_system_plugin_t ============== -allow nagios_system_plugin_t nagios_spool_t:file { getattr open read };