Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: e0ea6b14b170d5105435cac72727d85b6c97071d
https://github.com/tribe29/checkmk/commit/e0ea6b14b170d5105435cac72727d85b6…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
M agent-receiver/agent_receiver/checkmk_rest_api.py
M cmk/gui/plugins/openapi/endpoints/host_internal.py
M cmk/gui/plugins/openapi/restful_objects/response_schemas.py
M cmk/gui/plugins/openapi/restful_objects/type_defs.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_host_internal.py
Log Message:
-----------
REST API: add internal endpoint which shows some host attributes
This new endpoint will be used by the agent receiver during host
registration. To avoid collisions with the existing official endpoint,
the new endpoint uses the domain "host_config_internal".
Also move the existing endpoint link_uuid to host_config_internal for
consistency.
CMK-10258
Change-Id: If99aa74a1920e0bf5500ad3415d742981a2102e1
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 549b79ab2ee30881081be73b0b09d8de4fe0180d
https://github.com/tribe29/checkmk/commit/549b79ab2ee30881081be73b0b09d8de4…
Author: Sergey Kipnis <sergey.kipnis(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
A .werks/13851
M cmk/utils/msi_engine.py
M tests/integration/cmk/utils/test_msi_engine_it.py
Log Message:
-----------
13851 FIX Baked windows agent packages are not signed anymore
Previously the agent bakery used a signed MSI file as a basis to assemble
windows agent packages. As a result the package got an invalid signature.
With this release the agent bakery uses an unsigned MSI file, thus solving
the problem.
Change-Id: Ida08f23a0aa15724fc40b79664f6bf860d39a9e1
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 64fb7e6f00bd9830b8c26453711b5c9be63cb7d0
https://github.com/tribe29/checkmk/commit/64fb7e6f00bd9830b8c26453711b5c9be…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
A .werks/13897
M cmk/base/notify.py
Log Message:
-----------
Fix command injection vulnerability
Previously to this Werk an attacker who could control certain notification
variables such as <tt>NOTIFICATIONTYPE</tt> or <tt>HOSTNAME</tt> was able to
inject commands to the fall-back mail command. The commands were then executed
as site user.
With this werk the variable <tt>MAIL_COMMAND</tt> is no longer available
in notification scripts.
You can reduce the risk of exploitation with disabling the listening of the
notification spooler (the default is disabled) (CEE/CME only feature).
All maintained versions (>=1.6) are subject to this vulnerability. It is likely
that also previous versions were vulnerable.
To detect possible exploitation <tt>var/log/mknotifyd.log</tt> and
<tt>var/log/notify.log</tt> can be checked for special shell characters like
<tt>&&</tt> and odd quoting.
CMK-8780
Change-Id: I98236d1aa7854773862aee6fedcd669b09ba5fc0
Commit: 3e00e603e098801308444c0add7e6b2b3c5f7c0e
https://github.com/tribe29/checkmk/commit/3e00e603e098801308444c0add7e6b2b3…
Author: Sergey Kipnis <sergey.kipnis(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
M Makefile
M agents/wnx/clean_artefacts.cmd
M buildscripts/scripts/build-cmk-version.jenkins
M buildscripts/scripts/lib/windows.groovy
M scripts/fake-windows-artifacts
Log Message:
-----------
Rename MSI from `no_sign` to `unsigned`
Change-Id: I6f4e56fe6893329df3414e864ea2119aee1fb0a1
Compare: https://github.com/tribe29/checkmk/compare/37d591be6e82...3e00e603e098
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: de49f9f9b7611a8504aabfb5ffe3dea8c5fb16a6
https://github.com/tribe29/checkmk/commit/de49f9f9b7611a8504aabfb5ffe3dea8c…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
A .werks/13897
M cmk/base/notify.py
Log Message:
-----------
Fix command injection vulnerability
Previously to this Werk an attacker who could control certain notification
variables such as <tt>NOTIFICATIONTYPE</tt> or <tt>HOSTNAME</tt> was able to
inject commands to the fall-back mail command. The commands were then executed
as site user.
With this werk the variable <tt>MAIL_COMMAND</tt> is no longer available
in notification scripts.
You can reduce the risk of exploitation with disabling the listening of the
notification spooler (the default is disabled) (CEE/CME only feature).
All maintained versions (>=1.6) are subject to this vulnerability. It is likely
that also previous versions were vulnerable.
To detect possible exploitation <tt>var/log/mknotifyd.log</tt> and
<tt>var/log/notify.log</tt> can be checked for special shell characters like
<tt>&&</tt> and odd quoting.
CMK-8780
Change-Id: I98236d1aa7854773862aee6fedcd669b09ba5fc0
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 98419069aada791b8bbc70b8b3c74623072040e9
https://github.com/tribe29/checkmk/commit/98419069aada791b8bbc70b8b3c746230…
Author: Konstantin Baikov <konstantin.baikov(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
M cmk/gui/plugins/wato/special_agents/proxmox_ve.py
M cmk/special_agents/agent_proxmox_ve.py
Log Message:
-----------
Make the default timeout consistent in proxmox
It was 20 and 60 in different places.
50 is optimal becausethe global special
agent timeout is 60.
Change-Id: Ica0a55d1389019dd219d05c0d3533329662ea4cb
Commit: 189854f97b75d05704af36b60506629b6f02c2ae
https://github.com/tribe29/checkmk/commit/189854f97b75d05704af36b60506629b6…
Author: Sofia Colakovic <sofia.colakovic(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
M .werks/first_free
Log Message:
-----------
Reserved 30 Werk IDS
Change-Id: If43fb5f65a65170d37a81cdc5e4df9b3a1416891
Compare: https://github.com/tribe29/checkmk/compare/9463d4967430...189854f97b75
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 677477b58af5641cd74d128024c353f646dca6fd
https://github.com/tribe29/checkmk/commit/677477b58af5641cd74d128024c353f64…
Author: Sofia Colakovic <sofia.colakovic(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
A .werks/13464
Log Message:
-----------
13464 citrix_state.controller: Provide info on powered off machine
In case of an empty "controller" field, the message "Machine powered off"
is displayed.
Closes #454
Change-Id: I12b286bf70f3edb33cf84aaeeb6d3435db6157c9
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 440e3a9462eca1f208a7e242e092157fe54d8bed
https://github.com/tribe29/checkmk/commit/440e3a9462eca1f208a7e242e092157fe…
Author: Andreas Döhler <andreas.doehler(a)gmail.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
M checks/citrix_state
Log Message:
-----------
citrix_state.controller respects powered off machines
To get a valid output the check must handle powered off machines.
If a machine is powered off it has no assigned controller and the controller field is an empty string.
Change-Id: I875a45fc1cf2ba05267214e3f7172e48183d6bd6
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 37d591be6e82059fd410455a09569b4b5ad42ccd
https://github.com/tribe29/checkmk/commit/37d591be6e82059fd410455a09569b4b5…
Author: Thierry Trafelet <thierry.tra(a)bluewin.ch>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
M cmk/gui/plugins/openapi/restful_objects/request_schemas.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_downtime.py
Log Message:
-----------
REST API: Fix scheduling host downtimes from read-only sites
Because:
- Werk #13080 in b85f1c2ad4c07f4e08ddeb2fe554e959257d2fea
introduced a change that should have allowed read-only sites that
are attached to a master site to set downtimes for hosts.
- The original fix did not consider the default value for
`should_exist` on fields.HostField, which is `True`. And therefore,
had no effect.
This commit changes the following:
- Fix scheduling of host downtimes from read-only sites on REST API
- Add unit test for host downtime scheduling on host without config
- Fix unit test for scheduling host downtime on non-existing host
Change-Id: Idf193cff62d1641ebbaf7d05cd1a50d415ab3011
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 9e10043527e1e5d8b3cfd5ffc07d99c13c1a761a
https://github.com/tribe29/checkmk/commit/9e10043527e1e5d8b3cfd5ffc07d99c13…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
M cmk/utils/paths.py
M tests/unit/cmk/utils/test_paths.py
Log Message:
-----------
Switch bin_dir from str to Path object
Change-Id: I9c8624d558d5bc487a7a2b475d06298b93df9b64
Commit: 693535c45ddbe6330f61efed76521e0b46ef9e6a
https://github.com/tribe29/checkmk/commit/693535c45ddbe6330f61efed76521e0b4…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-04-14 (Thu, 14 Apr 2022)
Changed paths:
A .werks/13897
M cmk/base/notify.py
Log Message:
-----------
Fix command injection vulnerability
Previously to this Werk an attacker who could control certain notification
variables such as <tt>NOTIFICATIONTYPE</tt> or <tt>HOSTNAME</tt> was able to
inject commands to the fall-back mail command. The commands were then executed
as site user.
With this werk the variable <tt>MAIL_COMMAND</tt> is no longer available
in notification scripts.
You can reduce the risk of exploitation with disabling the listening of the
notification spooler (the default is disabled) (CEE/CME only feature).
All maintained versions (>=1.6) are subject to this vulnerability. It is likely
that also previous versions were vulnerable.
To detect possible exploitation <tt>var/log/mknotifyd.log</tt> and
<tt>var/log/notify.log</tt> can be checked for special shell characters like
<tt>&&</tt> and odd quoting.
CMK-8780
Change-Id: I98236d1aa7854773862aee6fedcd669b09ba5fc0
Compare: https://github.com/tribe29/checkmk/compare/fff03407ea47...693535c45ddb