Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: ef6a1ae08763ad1e14844f4a6886c17aa7f6aaab
https://github.com/tribe29/checkmk/commit/ef6a1ae08763ad1e14844f4a6886c17aa…
Author: Max Linke <max.linke(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M cmk/base/plugins/agent_based/apt.py
M cmk/base/plugins/agent_based/utils/apt.py
M tests/unit/cmk/base/plugins/agent_based/test_apt.py
Log Message:
-----------
FIX Ignore ubuntu pro advertisment
Ubuntu started to show advertisments on apt-get calls. We now ignore lines contained the words 'Ubuntu Pro'.
Change-Id: I6b4d87c01cbbe5621a4522aa1b6b84bda963fcf1
Closes: #519
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 790b07abef90b54c754d465a595afb06d0b39324
https://github.com/tribe29/checkmk/commit/790b07abef90b54c754d465a595afb06d…
Author: LukaRacic <luka.racic(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
A .werks/14622
M cmk/base/plugins/agent_based/apt.py
M cmk/base/plugins/agent_based/utils/apt.py
M tests/unit/cmk/base/plugins/agent_based/test_apt.py
Log Message:
-----------
14622 FIX mk_apt: Now supports new Ubuntu Pro advertisement in agent output
Now supports the new Ubuntu Pro advertisement. The message looks like:
Receive additional future security updates with Ubuntu Pro.
Learn more about Ubuntu Pro at https://ubuntu.com/pro
Change-Id: I0e97d3de41400cbb828642fe10130ddb367ea53a
Commit: a9224cee37685e6376a2ea9ff5a165bebb671d38
https://github.com/tribe29/checkmk/commit/a9224cee37685e6376a2ea9ff5a165beb…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
R .werks/14483
M Pipfile
M Pipfile.lock
R omd/packages/python3-modules/patches/0003-setup.py-for-typing-extensions_4.3.0.dif
M omd/packages/python3-modules/python3-modules.make
R omd/packages/python3-modules/src/Babel-2.10.3.tar.gz
A omd/packages/python3-modules/src/Babel-2.8.0.tar.gz
A omd/packages/python3-modules/src/PyJWT-1.7.1.tar.gz
R omd/packages/python3-modules/src/PyJWT-2.4.0.tar.gz
A omd/packages/python3-modules/src/PyPDF2-1.26.0.tar.gz
R omd/packages/python3-modules/src/PyPDF2-2.10.2.tar.gz
A omd/packages/python3-modules/src/reportlab-3.5.34.tar.gz
R omd/packages/python3-modules/src/reportlab-3.6.11.tar.gz
A omd/packages/python3-modules/src/rsa-4.6.tar.gz
R omd/packages/python3-modules/src/rsa-4.9.tar.gz
A omd/packages/python3-modules/src/typing_extensions-3.7.4.1.tar.gz
R omd/packages/python3-modules/src/typing_extensions-4.3.0.tar.gz
Log Message:
-----------
Revert "14483 SEC Update dependencies"
This reverts commit 1dadb088a18682d3f7959a15237c7dd43764d5f4.
Compare: https://github.com/tribe29/checkmk/compare/4ef2517060bc...a9224cee3768
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 4a0840bfff2e5a00e29b1ee4840e34bd6e726c42
https://github.com/tribe29/checkmk/commit/4a0840bfff2e5a00e29b1ee4840e34bd6…
Author: Max Linke <max.linke(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M cmk/base/plugins/agent_based/apt.py
M cmk/base/plugins/agent_based/utils/apt.py
M tests/unit/cmk/base/plugins/agent_based/test_apt.py
Log Message:
-----------
FIX Ignore ubuntu pro advertisment
Ubuntu started to show advertisments on apt-get calls. We now ignore lines contained the words 'Ubuntu Pro'.
Change-Id: I6b4d87c01cbbe5621a4522aa1b6b84bda963fcf1
Closes: #519
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 4ef2517060bc003a944dab954295a55c421e9175
https://github.com/tribe29/checkmk/commit/4ef2517060bc003a944dab954295a55c4…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
A .werks/14916
Log Message:
-----------
14916 SEC Do not log host secret
When using the <i>Agent updater</i> the Checkmk server needs a secret in order to allow the agent to download new agents.
For security reasons this secret is unique for each host and generated with the <tt>cmk-update-agent register</tt> command.
Unfortunately the generated host secret was written to the cmk-update-agent.log.
This logfile is not protected and usually world-readable.
With this secret one can download the current agent from the Checkmk server.
Included in that agent package are the plugin configs which can contain other secrets. (e.g. database credentials)
Mitigations without updateing:
LI: Reregister the agent-updater. Then sanitize the cmk-update-agent.log files.
LI: If you cannot rule out that any unauthorized user read <tt>/var/lib/check_mk_agent/cmk-update-agent.log</tt> respectively <tt>C:\ProgramData\checkmk\agent\log\cmk-update-agent.log</tt> you should rotate all secrets that might be or were included in the agent configurations.
Steps needed with the update:
LI: Update your agent.
LI: Reregister the agent-updater.
All versions including 1.5 are subject to this vulnerability.
We found this vulnerability internally and have no indication of any exploitation.
We calculated a CVSS 3.1 score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CMK-11366
Change-Id: I8d37f9350c33cdee00cb708a616265f80c07ab81
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: b7b644ef7e8eb7273224e2ef5e0417860e938f56
https://github.com/tribe29/checkmk/commit/b7b644ef7e8eb7273224e2ef5e0417860…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M .werks/14916
Log Message:
-----------
Fix Werk
Change-Id: I2b063936ceb63fb1e6b1fbe01ad871d8f6026a89
Commit: 8487a8199e5e9db72f3f4185d21d8d58183941ec
https://github.com/tribe29/checkmk/commit/8487a8199e5e9db72f3f4185d21d8d581…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
omd: remove pointless error handling
Change-Id: I2db207cdc7046805b81f9fd0d24cb854ed7d28c8
Commit: d5d5b51a674cd8be79ccb41c44d829367d674205
https://github.com/tribe29/checkmk/commit/d5d5b51a674cd8be79ccb41c44d829367…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
omd backup: return early
If the connection fails, we will simply run into another error in the
next try block.
Change-Id: Iaef386977cff4af6bf3004ff4c88c31bbae02054
Commit: c59d46100e0e85265c001f34c1c5496facea29fd
https://github.com/tribe29/checkmk/commit/c59d46100e0e85265c001f34c1c5496fa…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
omd backup: move socket communication out of BackTarFile
Change-Id: I0e61c89e2bc848e5b6606ff9f30be2f16c3ecd24
Commit: 1ebb82f6d295d725ae9f91c4ad7182b168e78f99
https://github.com/tribe29/checkmk/commit/1ebb82f6d295d725ae9f91c4ad7182b16…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
omd backup: remove ignores of warnings
* Removes the too-many-branches warning by moving code to a different method.
* Removes try-except-raise ignore, which was not needed
Change-Id: I6ed3de1337e888c0ba89e5abdfd7aadda5a9e629
Commit: 588b8f32228a49b5ec262d7b13813335b441cd37
https://github.com/tribe29/checkmk/commit/588b8f32228a49b5ec262d7b13813335b…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
omd backup: more declararitive exception handling
Change-Id: I7a0cdc9d3e32341282c3727ee850aaabe0097a84
Commit: 8056b3c9b57e158ae4ec4c61606e60696c915fc9
https://github.com/tribe29/checkmk/commit/8056b3c9b57e158ae4ec4c61606e60696…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
omd backup: reduce exception control flow
Change-Id: Ie288b5653c0a12896b97552e5ac6dad649e173cb
Commit: 06846d97fb63f4886fed0e88cc2540c3f4556263
https://github.com/tribe29/checkmk/commit/06846d97fb63f4886fed0e88cc2540c3f…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
omd backup: move more rrd stuff into RRDSocket
Change-Id: Icf77c7685328abd5d721e65b37cc7571bbdf864a
Commit: 6ade8f79a434b2f96ee8f34a01e5a1a2fde23ca2
https://github.com/tribe29/checkmk/commit/6ade8f79a434b2f96ee8f34a01e5a1a2f…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
omd backup: let contextmanager handle resuming RRD
In case of an exception, the close method of BackTarFile will be
invoked. Therefore, resulting exceptions from tar.addfile do not need to
be handled.
Change-Id: I7dc3c7a8cb66e5e59ae8fa6c6a2e1fe5a18e9664
Commit: 203bf5fc64906eff66967422c604335f9bbddb98
https://github.com/tribe29/checkmk/commit/203bf5fc64906eff66967422c604335f9…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M omd/packages/omd/omdlib/backup.py
Log Message:
-----------
omd backup: inline function
Options are now read in a more central location.
Change-Id: I0e22a4705f54efbc50f6b5a9b5713644e5cbbe4a
Compare: https://github.com/tribe29/checkmk/compare/796328cfb6c2...203bf5fc6490
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 034ad8f78a449a668cdf7574bf0b0ef7958c2761
https://github.com/tribe29/checkmk/commit/034ad8f78a449a668cdf7574bf0b0ef79…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
A .werks/14916
Log Message:
-----------
14916 SEC Do not log host secret
When using the <i>Agent updater</i> the Checkmk server needs a secret in order to allow the agent to download new agents.
For security reasons this secret is unique for each host and generated with the <tt>cmk-update-agent register</tt> command.
Unfortunately the generated host secret was written to the cmk-update-agent.log.
This logfile is not protected and usually world-readable.
With this secret one can download the current agent from the Checkmk server.
Included in that agent package are the plugin configs which can contain other secrets. (e.g. database credentials)
Mitigations without updateing:
LI: Reregister the agent-updater. Then sanitize the cmk-update-agent.log files.
LI: If you cannot rule out that any unauthorized user read <tt>/var/lib/check_mk_agent/cmk-update-agent.log</tt> respectively <tt>C:\ProgramData\checkmk\agent\log\cmk-update-agent.log</tt> you should rotate all secrets that might be or were included in the agent configurations.
Steps needed with the update:
LI: Update your agent.
LI: Reregister the agent-updater.
All versions including 1.5 are subject to this vulnerability.
We found this vulnerability internally and have no indication of any exploitation.
We calculated a CVSS 3.1 score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CMK-11366
Change-Id: I8d37f9350c33cdee00cb708a616265f80c07ab81
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: e6449f00392e33173ec3ce8c95e10928a2ddba18
https://github.com/tribe29/checkmk/commit/e6449f00392e33173ec3ce8c95e10928a…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M buildscripts/infrastructure/build-nodes/centos-7/Dockerfile
M buildscripts/infrastructure/build-nodes/debian-10/Dockerfile
M buildscripts/infrastructure/build-nodes/debian-11/Dockerfile
M buildscripts/infrastructure/build-nodes/debian-9/Dockerfile
M omd/distros/CENTOS_7.mk
M omd/distros/CENTOS_8.mk
M omd/distros/DEBIAN_10.mk
M omd/distros/DEBIAN_11.mk
M omd/distros/DEBIAN_9.mk
M omd/distros/UBUNTU_16.04.mk
M omd/distros/UBUNTU_17.04.mk
M omd/distros/UBUNTU_18.04.mk
M omd/distros/UBUNTU_19.04.mk
M omd/distros/UBUNTU_20.04.mk
M omd/distros/UBUNTU_22.04.mk
M omd/packages/rrdtool/rrdtool.make
Log Message:
-----------
Purge libdbi
CMK-11364
Change-Id: If279aee88fc8b15bd38638e6f06bc069433a80d0
Commit: f357f5f70e9de5cd7090ea6db6e5cf5f72ca25be
https://github.com/tribe29/checkmk/commit/f357f5f70e9de5cd7090ea6db6e5cf5f7…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
A .werks/14916
Log Message:
-----------
14916 SEC Do not log host secret
When using the <i>Agent updater</i> the Checkmk server needs a secret in order to allow the agent to download new agents.
For security reasons this secret is unique for each host and generated with the <tt>cmk-update-agent register</tt> command.
Unfortunately the generated host secret was written to the cmk-update-agent.log.
This logfile is not protected and usually world-readable.
With this secret one can download the current agent from the Checkmk server.
Included in that agent package are the plugin configs which can contain other secrets. (e.g. database credentials)
Mitigations without updateing:
LI: Reregister the agent-updater. Then sanitize the cmk-update-agent.log files.
LI: If you cannot rule out that any unauthorized user read <tt>/var/lib/check_mk_agent/cmk-update-agent.log</tt> respectively <tt>C:\ProgramData\checkmk\agent\log\cmk-update-agent.log</tt> you should rotate all secrets that might be or were included in the agent configurations.
Steps needed with the update:
LI: Update your agent.
LI: Reregister the agent-updater.
All versions including 1.5 are subject to this vulnerability.
We found this vulnerability internally and have no indication of any exploitation.
We calculated a CVSS 3.1 score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CMK-11366
Change-Id: I8d37f9350c33cdee00cb708a616265f80c07ab81
Compare: https://github.com/tribe29/checkmk/compare/9659b0eb7da9...f357f5f70e9d
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 9659b0eb7da902233307302c6811ee57f49b9a78
https://github.com/tribe29/checkmk/commit/9659b0eb7da902233307302c6811ee57f…
Author: Gavin McGuigan <gavin.mcguigan(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
R .werks/14901
M cmk/gui/plugins/openapi/endpoints/user_config.py
M cmk/gui/plugins/openapi/restful_objects/response_schemas.py
M tests/testlib/openapi_session.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_user.py
Log Message:
-----------
Revert "14901 FIX user_config: REST API fix to ensure the request and response schemas align"
This reverts commit b3cb78f355fe2b7b109bc442c8c91f839448feb8.
Reason for revert: Failing tests
Change-Id: Ie4576f8137cbea1bba5abd5bc273c45744481341
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: db3b6d535cc4127840d02bd4c4e260fd9ae7d869
https://github.com/tribe29/checkmk/commit/db3b6d535cc4127840d02bd4c4e260fd9…
Author: Sven Panne <sven.panne(a)tribe29.com>
Date: 2022-10-11 (Tue, 11 Oct 2022)
Changed paths:
M tests/unit/cmk/gui/plugins/openapi/test_swagger_ui.py
Log Message:
-----------
Unbreak unit tests on Jammy.
/etc/mime.types has changed a lot from Impish => Jammy, and the test
/ ultimately relies on this.
Change-Id: I47967452f01240081ffc71814dba09d2ee6fefb5