Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 8fd4db3c8c649a1be5e1460af04425137fd4f2f6
https://github.com/tribe29/checkmk/commit/8fd4db3c8c649a1be5e1460af04425137…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
A .werks/14919
Log Message:
-----------
14919 SEC Do not log host secret (2)
Unfortunately Werk #14916 was insufficient.
Therefore the vulnerability still exists.
This Werk fixes the problem.
When using the <i>Agent updater</i> the Checkmk server needs a secret in order to allow the agent to download new agents.
For security reasons this secret is unique for each host and generated with the <tt>cmk-update-agent register</tt> command.
Unfortunately the generated host secret was written to the cmk-update-agent.log.
This logfile is not protected and usually world-readable.
With this secret one can download the current agent from the Checkmk server.
Included in that agent package are the plugin configs which can contain other secrets. (e.g. database credentials)
Mitigations without updating:
LI: Reregister the agent-updater. Then sanitize the cmk-update-agent.log files.
LI: If you cannot rule out that any unauthorized user read <tt>/var/lib/check_mk_agent/cmk-update-agent.log</tt> respectively <tt>C:\ProgramData\checkmk\agent\log\cmk-update-agent.log</tt> you should rotate all secrets that might be or were included in the agent configurations.
Steps needed with the update:
LI: Update your agent.
LI: Reregister the agent-updater.
All versions including 1.5 are subject to this vulnerability.
We found this vulnerability internally and have no indication of any exploitation.
We calculated a CVSS 3.1 score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Change-Id: I0451ef054f04ca77257ca8d46bd1cb1c6d87acfe
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 83f4352633bf0f1c8cf1e4043326fac5c4bcc159
https://github.com/tribe29/checkmk/commit/83f4352633bf0f1c8cf1e4043326fac5c…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
M cmk/gui/plugins/views/utils.py
M cmk/gui/views/page_show_view.py
Log Message:
-----------
Extract implicit dependency on permitted_views from Cell
Next we can remove the import cycle between data_source and Cell.
Change-Id: Ib4c13ba00005f5133802877f205f81ef88690508
Commit: 8abe1b1f5ecacb5dc1a8521e93c4746b6a04a50c
https://github.com/tribe29/checkmk/commit/8abe1b1f5ecacb5dc1a8521e93c4746b6…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
M cmk/gui/plugins/views/layouts.py
M cmk/gui/plugins/views/mobile.py
M cmk/gui/plugins/views/utils.py
M tests/unit/cmk/gui/plugins/views/test_painters.py
Log Message:
-----------
Had over link renderer to cell to prevent import cycle
This is a preparation to remove the cycle between data_source and Cell.
Change-Id: Ief889be11d29b2f842dd9bcd2ae30c726f349d47
Commit: 9159a8f9ae580a931f1c7e02d120d76df306699c
https://github.com/tribe29/checkmk/commit/9159a8f9ae580a931f1c7e02d120d76df…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
M cmk/gui/plugins/views/utils.py
M cmk/gui/view.py
M cmk/gui/view_renderer.py
M cmk/gui/views/page_show_view.py
Log Message:
-----------
Move view specific painter option computation to View class
The function is responsible for computing the painter options based on the
different parts of a view configuration.
Change-Id: I7e3b986c8a2f6f2c450403af81f1a4e62e1696b8
Commit: 7768f80391d6ed6af866a06043c0882218f4b786
https://github.com/tribe29/checkmk/commit/7768f80391d6ed6af866a06043c088221…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
M cmk/gui/logwatch.py
M cmk/gui/painter_options.py
M cmk/gui/plugins/views/utils.py
M cmk/gui/prediction.py
M cmk/gui/robotmk.py
M cmk/gui/view.py
A cmk/gui/view_breadcrumbs.py
M cmk/gui/views/__init__.py
M cmk/gui/wato/pages/fetch_agent_output.py
M tests/Makefile
Log Message:
-----------
Move internal code to cmk.gui
This change now finally clears the import cycle between data_source and
Cell.
Change-Id: Ieba955430acb59b2efe59881df2f6adbee305f79
Compare: https://github.com/tribe29/checkmk/compare/255a50a23dbe...7768f80391d6
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: f3588b4784cde1d47374284881173efb984317df
https://github.com/tribe29/checkmk/commit/f3588b4784cde1d47374284881173efb9…
Author: LukaRacic <luka.racic(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
A tests/unit/checks/test_3par_volumes.py
Log Message:
-----------
3par_volumes: Added unit tests
Change-Id: I6fadfe7008f0120cffbd70f49d06a80568179728
Commit: 0e15fab0f78c49b421b5b379d34936065e9764fc
https://github.com/tribe29/checkmk/commit/0e15fab0f78c49b421b5b379d34936065…
Author: LukaRacic <luka.racic(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
R checks/enviromux_sems_digital
R checks/enviromux_sems_external
R checks/enviromux_sems_internal
R cmk/base/check_legacy_includes/enviromux.py
A cmk/base/plugins/agent_based/enviromux_sems_digital.py
A cmk/base/plugins/agent_based/enviromux_sems_external.py
A cmk/base/plugins/agent_based/enviromux_sems_internal.py
M tests/unit/checks/test_generic_legacy_conversion.py
R tests/unit/cmk/base/check_legacy_includes/test_enviromux.py
Log Message:
-----------
nti_enviromux: Migrated second bucket of checks to new API
Change-Id: Ibe53522cc3a5369cf655b47f503ffa3d443d6afd
Compare: https://github.com/tribe29/checkmk/compare/952a67627922...0e15fab0f78c
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 37c91cdb4fb7c4f447814268f4ee9fcd8eaf61a9
https://github.com/tribe29/checkmk/commit/37c91cdb4fb7c4f447814268f4ee9fcd8…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
A buildscripts/docker_image_aliases/IMAGE_SLES_15SP4/Dockerfile
A buildscripts/docker_image_aliases/IMAGE_SLES_15SP4/meta.yml
Log Message:
-----------
Add base image alias
CMK-11458
Change-Id: I050dd1e9bc183124bf96eecdea5644f15df7cdf6
Commit: 2f18c44c7a3eada4fc36dbba4fda0fff58493daf
https://github.com/tribe29/checkmk/commit/2f18c44c7a3eada4fc36dbba4fda0fff5…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
A buildscripts/infrastructure/build-nodes/sles-15sp4/Dockerfile
Log Message:
-----------
Add build node for sles-15sp4
CMK-11458
Change-Id: I755e7b03ef8585db77e239487808f61a6732ff54
Commit: d19c42bdcd7837b76aed115f7c1673ef76334d3f
https://github.com/tribe29/checkmk/commit/d19c42bdcd7837b76aed115f7c1673ef7…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
A .werks/14783
M editions.json
A omd/distros/SLES_15SP4.mk
M omd/packages/libgsf/libgsf.make
M omd/packages/msitools/msitools.make
M omd/packages/omd/omd.make
A omd/packages/omd/pdftoppm_system_openssl
Log Message:
-----------
14783 Add Support for SLES15sp4
With this werk, Checkmk is build for SUSE Linux Enterprise Server 15SP4.
CMK-11458
Change-Id: I50767cb807bf6ac3c10b2167b02538d6819226b3
Commit: 952a67627922ac4b2af987d09acab6161bd9b9c9
https://github.com/tribe29/checkmk/commit/952a67627922ac4b2af987d09acab6161…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
M omd/packages/omd/omd.make
R omd/packages/omd/pdftoppm_system_openssl
R omd/packages/omd/ssh_system_openssl
A omd/packages/omd/use_system_openssl
Log Message:
-----------
Streamline using system openssl
... for omd binaries which need to use system openssl
CMK-11458
Change-Id: Icc08178c09bc54bae9692409a23ab56365f3da57
Compare: https://github.com/tribe29/checkmk/compare/c7ff95dd6380...952a67627922
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: fbf4f3b79f32586bd9dbb5571b39e333fccfd178
https://github.com/tribe29/checkmk/commit/fbf4f3b79f32586bd9dbb5571b39e333f…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-10-31 (Mon, 31 Oct 2022)
Changed paths:
A .werks/14769
M cmk/gui/watolib/activate_changes.py
M tests/unit/cmk/gui/watolib/test_config_sync.py
Log Message:
-----------
14769 FIX Activate Changes does not respect site-specific synchronisation settings
* it does not matter whether the snapshots of the sites contain the
exluded paths
* excluded paths are removed from the site snapshot settings in
_get_replication_components
* site snapshot settings are the basis of the files chosen for config sync in
_incremental_config_sync
CMK-11136
Change-Id: I71cfbd38c44847e752057738e282a6183890c244