Checkmk git commits December 2022

checkmk-commits@lists.checkmk.com

1 participants
467 discussions

[tribe29/checkmk] dcb793: extensively use package id

by Moritz

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: dcb79341b1ed8b7ed8bc761a3ccb0c4a23bd126e https://github.com/tribe29/checkmk/commit/dcb79341b1ed8b7ed8bc761a3ccb0c4a2… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M cmk/base/packaging.py M cmk/utils/diagnostics.py M cmk/utils/packaging/__init__.py M tests/unit/cmk/base/test_diagnostics.py M tests/unit/cmk/utils/packaging/test_packaging.py Log Message: ----------- extensively use package id Change-Id: Ic56c9d35ec4a396b492f2f5fd326ed51d74dee9a Commit: fc561aeeeb67dc02528569b43bff0439fe895dd1 https://github.com/tribe29/checkmk/commit/fc561aeeeb67dc02528569b43bff0439f… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M cmk/utils/packaging/__init__.py Log Message: ----------- add get_package_path to PackageStore Change-Id: I80410098bcf3ddc0a58d90f3f186acae0c62f25d Commit: f375f5f3d719f5fb42ee33342a02266e6b6fe7ba https://github.com/tribe29/checkmk/commit/f375f5f3d719f5fb42ee33342a02266e6… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M cmk/base/packaging.py M cmk/utils/diagnostics.py M cmk/utils/packaging/__init__.py M tests/unit/cmk/utils/packaging/test_packaging.py Log Message: ----------- remove one indirection Change-Id: Iabf3222c8091b1aaead16a344c250aeea3b68fc6 Commit: 9dc416ab6c8696546942d9472c1dc252bf59259d https://github.com/tribe29/checkmk/commit/9dc416ab6c8696546942d9472c1dc252b… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M cmk/base/packaging.py M cmk/utils/diagnostics.py M cmk/utils/packaging/__init__.py A cmk/utils/packaging/_manifest.py R cmk/utils/packaging/_package.py M tests/unit/cmk/base/test_diagnostics.py M tests/unit/cmk/utils/packaging/test_packaging.py Log Message: ----------- Rename PackageInfo -> Manifest This is the word that the rest of the world uses. Change-Id: I6113e919a437fc1a271342eceb38836ece7112e7 Compare: https://github.com/tribe29/checkmk/compare/4895495736d9...9dc416ab6c86

1 year, 9 months

[tribe29/checkmk]

by Lars

Branch: refs/tags/v2.1.0p18-rc1 Home: https://github.com/tribe29/checkmk

1 year, 9 months

[tribe29/checkmk] 489549: 14924 SEC Fix CSRF in add-visual endpoint

by Maximilian

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 4895495736d9da1a7e22b9e9d7aa3291c7e3eef6 https://github.com/tribe29/checkmk/commit/4895495736d9da1a7e22b9e9d7aa3291c… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: A .werks/14924 M cmk/gui/visuals.py Log Message: ----------- 14924 SEC Fix CSRF in add-visual endpoint Previously to this Werk an attacker could utilize a cross site request forgery vulnerability in Checkmk to add elements to visuals (e.g. dashboards, reports, etc.). Mitigations: If you are unable to update in a timely manner you could remove the permission <tt>Customize dashboards and use them</tt> and <tt>Customize reports and use them</tt> from the used roles. So the users and admins cannot edit dashboards and reports anymore. Adding a <tt>Custom url</tt> with a malicious URL is blocked by the Content-Security-Policy. All versions of Checkmk including (1.6) are subject to this vulnerability. This vulnerability was found through a self commissioned Penetration test. We have rated the issue with a CVSS Score of 4.6 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L</tt> A CVE has been requested. CMK-11705 Change-Id: If71e0347339eb5bcb590b749476aab7939e0710e

1 year, 9 months

[tribe29/checkmk] 6f14b3: 14924 SEC Fix CSRF in add-visual endpoint

by Maximilian

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 6f14b34db40105e76752c8583c1128dc9d213d94 https://github.com/tribe29/checkmk/commit/6f14b34db40105e76752c8583c1128dc9… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: A .werks/14924 M cmk/gui/visuals.py Log Message: ----------- 14924 SEC Fix CSRF in add-visual endpoint Previously to this Werk an attacker could utilize a cross site request forgery vulnerability in Checkmk to add elements to visuals (e.g. dashboards, reports, etc.). Mitigations: If you are unable to update in a timely manner you could remove the permission <tt>Customize dashboards and use them</tt> and <tt>Customize reports and use them</tt> from the used roles. So the users and admins cannot edit dashboards and reports anymore. Adding a <tt>Custom url</tt> with a malicious URL is blocked by the Content-Security-Policy. All versions of Checkmk including (1.6) are subject to this vulnerability. This vulnerability was found through a self commissioned Penetration test. We have rated the issue with a CVSS Score of 4.6 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L</tt> A CVE has been requested. CMK-11705 Change-Id: If71e0347339eb5bcb590b749476aab7939e0710e

1 year, 9 months

[tribe29/checkmk] d2b1a6: 14924 SEC Fix CSRF in add-visual endpoint

by Lars

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: d2b1a66866b6d320fdae51a0609425ba609530e7 https://github.com/tribe29/checkmk/commit/d2b1a66866b6d320fdae51a0609425ba6… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: A .werks/14924 M cmk/gui/visuals.py Log Message: ----------- 14924 SEC Fix CSRF in add-visual endpoint Previously to this Werk an attacker could utilize a cross site request forgery vulnerability in Checkmk to add elements to visuals (e.g. dashboards, reports, etc.). Mitigations: If you are unable to update in a timely manner you could remove the permission <tt>Customize dashboards and use them</tt> and <tt>Customize reports and use them</tt> from the used roles. So the users and admins cannot edit dashboards and reports anymore. Adding a <tt>Custom url</tt> with a malicious URL is blocked by the Content-Security-Policy. All versions of Checkmk including (1.6) are subject to this vulnerability. This vulnerability was found through a self commissioned Penetration test. We have rated the issue with a CVSS Score of 4.6 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L</tt> A CVE has been requested. CMK-11705 Change-Id: If71e0347339eb5bcb590b749476aab7939e0710e Commit: 94944aa916fb91bb8045673ec815b34d41bb6cd1 https://github.com/tribe29/checkmk/commit/94944aa916fb91bb8045673ec815b34d4… Author: Checkmk release system <feedback(a)checkmk.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M agents/check_mk_agent.aix M agents/check_mk_agent.freebsd M agents/check_mk_agent.hpux M agents/check_mk_agent.linux M agents/check_mk_agent.macosx M agents/check_mk_agent.netbsd M agents/check_mk_agent.openbsd M agents/check_mk_agent.openvms M agents/check_mk_agent.openwrt M agents/check_mk_agent.solaris M agents/cmk-agent-ctl/src/constants.rs M agents/plugins/apache_status.py M agents/plugins/asmcmd.sh M agents/plugins/db2_mem M agents/plugins/dnsclient M agents/plugins/hpux_lunstats M agents/plugins/hpux_statgrab M agents/plugins/ibm_mq M agents/plugins/isc_dhcpd.py M agents/plugins/jar_signature M agents/plugins/kaspersky_av M agents/plugins/lnx_container_host_if.linux M agents/plugins/lnx_quota M agents/plugins/lvm M agents/plugins/mailman_lists M agents/plugins/mk_apt M agents/plugins/mk_ceph M agents/plugins/mk_cups_queues M agents/plugins/mk_db2.aix M agents/plugins/mk_db2.linux M agents/plugins/mk_docker.py M agents/plugins/mk_errpt.aix M agents/plugins/mk_filehandler M agents/plugins/mk_filestats.py M agents/plugins/mk_haproxy.freebsd M agents/plugins/mk_informix M agents/plugins/mk_inotify.py M agents/plugins/mk_inventory.aix M agents/plugins/mk_inventory.linux M agents/plugins/mk_inventory.solaris M agents/plugins/mk_iptables M agents/plugins/mk_jolokia.py M agents/plugins/mk_logins M agents/plugins/mk_logwatch.py M agents/plugins/mk_mongodb.py M agents/plugins/mk_mysql M agents/plugins/mk_nfsiostat M agents/plugins/mk_omreport M agents/plugins/mk_oracle M agents/plugins/mk_oracle_crs M agents/plugins/mk_postgres.py M agents/plugins/mk_redis M agents/plugins/mk_sap.aix M agents/plugins/mk_sap.py M agents/plugins/mk_sap_hana M agents/plugins/mk_saprouter M agents/plugins/mk_scaleio M agents/plugins/mk_site_object_counts M agents/plugins/mk_sshd_config M agents/plugins/mk_suseconnect M agents/plugins/mk_tinkerforge.py M agents/plugins/mk_tsm M agents/plugins/mk_zypper M agents/plugins/mtr.py M agents/plugins/netstat.aix M agents/plugins/netstat.linux M agents/plugins/netstat.solaris M agents/plugins/nfsexports M agents/plugins/nfsexports.solaris M agents/plugins/nginx_status.py M agents/plugins/plesk_backups.py M agents/plugins/plesk_domains.py M agents/plugins/runas M agents/plugins/smart M agents/plugins/symantec_av M agents/plugins/unitrends_backup M agents/plugins/unitrends_replication.py M agents/plugins/vxvm M agents/plugins/websphere_mq M agents/plugins/zorp M agents/windows/plugins/ad_replication.bat M agents/windows/plugins/arcserve_backup.ps1 M agents/windows/plugins/citrix_farm.ps1 M agents/windows/plugins/citrix_licenses.vbs M agents/windows/plugins/citrix_xenapp.ps1 M agents/windows/plugins/hyperv_vms.ps1 M agents/windows/plugins/hyperv_vms_guestinfos.ps1 M agents/windows/plugins/iis_app_pool_state.ps1 M agents/windows/plugins/kaspersky_av_client.vbs M agents/windows/plugins/mcafee_av_client.bat M agents/windows/plugins/megaraid.bat M agents/windows/plugins/mk_dhcp_enabled.bat M agents/windows/plugins/mk_inventory.vbs M agents/windows/plugins/mk_msoffice.ps1 M agents/windows/plugins/mk_mysql.vbs M agents/windows/plugins/mk_oracle.ps1 M agents/windows/plugins/msexch_dag.ps1 M agents/windows/plugins/msexch_database.ps1 M agents/windows/plugins/mssql.vbs M agents/windows/plugins/netstat_an.bat M agents/windows/plugins/rds_licenses.vbs M agents/windows/plugins/rstcli.bat M agents/windows/plugins/sansymphony.ps1 M agents/windows/plugins/storcli.bat M agents/windows/plugins/tsm_checks.bat M agents/windows/plugins/veeam_backup_status.ps1 M agents/windows/plugins/win_dhcp_pools.bat M agents/windows/plugins/win_dmidecode.bat M agents/windows/plugins/win_license.bat M agents/windows/plugins/win_printers.ps1 M agents/windows/plugins/windows_broadcom_bonding.bat M agents/windows/plugins/windows_if.ps1 M agents/windows/plugins/windows_intel_bonding.bat M agents/windows/plugins/windows_multipath.vbs M agents/windows/plugins/windows_os_bonding.ps1 M agents/windows/plugins/windows_tasks.ps1 M agents/windows/plugins/windows_updates.vbs M agents/windows/plugins/wmic_if.bat M agents/wnx/src/common/wnx_version.h M bin/livedump M bin/mkbackup M bin/mkbench M cmk/utils/version.py M configure.ac M defines.make M docker/Dockerfile Log Message: ----------- Set version to 2.1.0p19 Compare: https://github.com/tribe29/checkmk/compare/176d2e22f9cd...94944aa916fb

1 year, 9 months

[tribe29/checkmk] e32f4f: Move more simple attrs from HostConfig to ConfigCache

by Mathias Laurin

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: e32f4fe5a2034f41e5fb976e1e6b5e9ff5f02b1a https://github.com/tribe29/checkmk/commit/e32f4fe5a2034f41e5fb976e1e6b5e9ff… Author: Mathias Laurin <mathias.laurin(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M cmk/base/config.py M cmk/base/core_config.py M cmk/base/dump_host.py M cmk/base/plugins/agent_based/checkmk_agent.py M cmk/base/sources.py M tests/unit/cmk/base/test_config.py M tests/unit/cmk/snmplib/test_snmplib_snmp_table.py Log Message: ----------- Move more simple attrs from HostConfig to ConfigCache CMK-11862 Change-Id: Id945f6c2277c5d886c278c5c3eabb9099ab6d15c Commit: 48b3281b7a4d4c4ac554404f5123a3fd3adaacac https://github.com/tribe29/checkmk/commit/48b3281b7a4d4c4ac554404f5123a3fd3… Author: Mathias Laurin <mathias.laurin(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M cmk/base/config.py M cmk/base/dump_host.py Log Message: ----------- Move agent_description "config" to dump_host These are ad-hoc strings and have a single caller -> move to caller. CMK-11862 Change-Id: I0e19a567e548313d92f326e1f8693fdd1d4d767f Commit: a5c3937b6b9d82c4e0a6b2ff3807e81379b634d1 https://github.com/tribe29/checkmk/commit/a5c3937b6b9d82c4e0a6b2ff3807e8137… Author: Mathias Laurin <mathias.laurin(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M cmk/base/automations/check_mk.py M cmk/base/check_api.py M cmk/base/config.py M cmk/base/core_config.py M cmk/base/dump_host.py M cmk/base/export.py M cmk/base/modes/__init__.py M cmk/base/modes/check_mk.py M cmk/base/sources.py M tests/unit/cmk/base/test_config.py Log Message: ----------- Move tags & labels attrs to ConfigCache CMK-11862 Change-Id: Ibcd55a47a027276b6ed359a36e848f3b9754bcf9 Commit: 5305922be424756f9757fee8ef9265967a9d42a2 https://github.com/tribe29/checkmk/commit/5305922be424756f9757fee8ef9265967… Author: Mathias Laurin <mathias.laurin(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M cmk/base/config.py M cmk/base/core_nagios.py M cmk/base/notify.py M tests/unit/cmk/base/test_config.py Log Message: ----------- Move last two attrs from HostConfig CMK-11862 Change-Id: If538589a3e4fbc0c01729f042623009bf771482e Compare: https://github.com/tribe29/checkmk/compare/0e05e09eae67...5305922be424

1 year, 9 months

[tribe29/checkmk] 0e05e0: licensing: Online verification: Use real data #1

by Simon

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 0e05e09eae675fd38e2926a53bb959bb3cbb2720 https://github.com/tribe29/checkmk/commit/0e05e09eae675fd38e2926a53bb959bb3… Author: Simon Jess <simon.jess(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M cmk/utils/licensing/__init__.py M tests/unit/cmk/utils/test_utils_licensing.py Log Message: ----------- licensing: Online verification: Use real data #1 Change-Id: I163b90d7abeeda76e54746be3f980f8b4d9fb601

1 year, 9 months

[tribe29/checkmk] 0a10b0: Textual improvements to werk #14827

by Jörg Herbel

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 0a10b0a0f7b81b5867833d81df1bde5170b2c3a0 https://github.com/tribe29/checkmk/commit/0a10b0a0f7b81b5867833d81df1bde517… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M .werks/14827 Log Message: ----------- Textual improvements to werk #14827 Change-Id: Id510f62d4a716a9ec18bc01b7a376189484fc0b9

1 year, 9 months

[tribe29/checkmk] 176d2e: Textual improvements to werk #14827

by Jörg Herbel

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: 176d2e22f9cd18348a509470297c41790e531e7b https://github.com/tribe29/checkmk/commit/176d2e22f9cd18348a509470297c41790… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M .werks/14827 Log Message: ----------- Textual improvements to werk #14827 Change-Id: Id510f62d4a716a9ec18bc01b7a376189484fc0b9

1 year, 9 months

[tribe29/checkmk] ac88bc: Textual improvements to werk #14827

by Jörg Herbel

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: ac88bc4db1aea0c09ff9632f60ec25be2d259ae7 https://github.com/tribe29/checkmk/commit/ac88bc4db1aea0c09ff9632f60ec25be2… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-12-14 (Wed, 14 Dec 2022) Changed paths: M .werks/14827 Log Message: ----------- Textual improvements to werk #14827 Change-Id: Id510f62d4a716a9ec18bc01b7a376189484fc0b9

1 year, 9 months

← Newer
1
...
22
23
24
25
26
27
28
...
47
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits December 2022