Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 8ab9c752b7fe8afd6ee3b5f85163e2501852503d
https://github.com/tribe29/checkmk/commit/8ab9c752b7fe8afd6ee3b5f85163e2501…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-07-14 (Thu, 14 Jul 2022)
Changed paths:
M tests/unit/omdlib/conftest.py
M tests/unit/omdlib/test_omdlib_main.py
M tests/unit/omdlib/test_site_context.py
Log Message:
-----------
Generalize fixtures
Change-Id: I04a498c76564cae8ece6d143d315a01bd55bd6af
Commit: 95f52b3841f49e05d10cb04332da30c1cd205f40
https://github.com/tribe29/checkmk/commit/95f52b3841f49e05d10cb04332da30c1c…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-07-14 (Thu, 14 Jul 2022)
Changed paths:
M omd/packages/omd/omdlib/main.py
Log Message:
-----------
Consolidate system apache related logic
Extracted the logic for writing the apache config hook and applying it
to the system apache to separate functions. Preparte to move them over
to a separate module in the next step.
Change-Id: I6a9e1d81450111ea3f6c024b946d7c1c24d5c4c6
Commit: 9383ad4e72d3d827f2766123d9d19a04a54d9764
https://github.com/tribe29/checkmk/commit/9383ad4e72d3d827f2766123d9d19a04a…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-07-14 (Thu, 14 Jul 2022)
Changed paths:
A omd/packages/omd/omdlib/console.py
M omd/packages/omd/omdlib/main.py
A omd/packages/omd/omdlib/system_apache.py
M omd/packages/omd/omdlib/tmpfs.py
M omd/packages/omd/omdlib/utils.py
Log Message:
-----------
Move system apache to separate module
Change-Id: I2745c2b094f420b647aa915b4ebf5e167a262b1d
Commit: 0cba5c88b2278505d8713bbda4e4cd9e3aacc549
https://github.com/tribe29/checkmk/commit/0cba5c88b2278505d8713bbda4e4cd9e3…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-07-14 (Thu, 14 Jul 2022)
Changed paths:
A .werks/14281
M omd/packages/apache-omd/APACHE_TCP_ADDR
M omd/packages/apache-omd/APACHE_TCP_PORT
M omd/packages/omd/hooks/APACHE_MODE
M omd/packages/omd/omd.8
M omd/packages/omd/omdlib/main.py
M omd/packages/omd/omdlib/system_apache.py
A tests/unit/omdlib/test_system_apache.py
Log Message:
-----------
14281 SEC Fix local privilege escalation from site users
Each Checkmk site provides it's HTTP services (UI, APIs) using it's own site
Apache process. Global access to this site Apache is provided via the system
Apache which is opening the 80 and 443 ports for external requests, depending
on your system configuration.
To learn about the site Apache, the system Apache reads a reverse proxy
configuration provided by the site user. This could be used by a site user to
make the system Apache execute code as root user, since the System Apache is
typically started initially with root privileges.
To close this gap, we now need to separate the system Apache configuration from
the site user access.
To eliminate the privilege escalation, you will have to execute the command
<tt>omd update-apache-config [SITE]</tt> once for each of your sites after
the <tt>omd update</tt> command.
Besides the one-time fix, this change has a consequence for the use of <tt>omd
config</tt> and <tt>omd update</tt>. There are two situations where this is
relevant:
a) If you change the options APACHE_TCP_ADDR, APACHE_TCP_PORT or APACHE_MODE
You will have to call <tt>omd update-apache-config [SITE]</tt> as root user after
changing one of the site configuration options APACHE_TCP_ADDR, APACHE_TCP_PORT
or APACHE_MODE. This needs to be done to update and apply the system Apache
configuration. If you don't do this and start your site, your UI may be not
available anymore.
The <tt>omd config</tt> command will output a warning to notify you about this
necessary step in the future.
b) If you execute <tt>omd update</tt> and the proxy configuration changes
The update is performed as site user. Which means that, after this werk, we can
not update and apply the system apache configuration anymore automatically.
To apply the latest apache configuration, the command <tt>omd
update-apache-config [SITE]</tt> needs to be executed after the update.
The <tt>omd update</tt> will automatically detect the need for this additional
step and show you a confirmation dialog before starting the update to notify
you about this necessary step and giving you the chance to interrupt the
procedure in case you don't have the option to execute the command as root
user.
All maintained versions (>=1.6) are subject to this vulnerability. It is likely
that also previous versions were vulnerable. Users of previous versions are
highly recommended to update or consider other mitigations.
We thank Jan-Philipp Litza (PLUTEX GmbH) for reporting this issue!
Change-Id: I03058d515dc4f53b3e998efd7b9e54389bf5656c
Compare: https://github.com/tribe29/checkmk/compare/79186f2f21f6...0cba5c88b227
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 1792efd7006fefef4fb11f7ca2b5a48037bdf7e8
https://github.com/tribe29/checkmk/commit/1792efd7006fefef4fb11f7ca2b5a4803…
Author: Sergey Kipnis <sergey.kipnis(a)tribe29.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
A .werks/14357
M omd/packages/openhardwaremonitor/openhardwaremonitor-0.8.0.zip
Log Message:
-----------
14357 Add support for new CPU's to the OHM plugin
- Intel CPU including 12-th generation
- Intel SSD SC2
- AMD CPU 10-th generation models 60 and 70
SUP-10718
CMK-10902
Change-Id: Id2d242a061d03c7d6d2de690e52ea017dda27721
Commit: d563e4430164337d760b7b62408b740f3cad4429
https://github.com/tribe29/checkmk/commit/d563e4430164337d760b7b62408b740f3…
Author: Frans Fürst <frans.fuerst(a)tribe29.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
R buildscripts/scripts/lib/docker_util.groovy
R buildscripts/scripts/lib/gerrit_stages.groovy
R buildscripts/scripts/lib/integration.groovy
R buildscripts/scripts/lib/notify.groovy
R buildscripts/scripts/lib/ntop_rules.json
R buildscripts/scripts/lib/str_mod.groovy
R buildscripts/scripts/lib/upload_artifacts.groovy
R buildscripts/scripts/lib/versioning.groovy
R buildscripts/scripts/lib/windows.groovy
A buildscripts/scripts/utils/common.groovy
A buildscripts/scripts/utils/docker_util.groovy
A buildscripts/scripts/utils/gerrit_stages.groovy
A buildscripts/scripts/utils/integration.groovy
A buildscripts/scripts/utils/notify.groovy
A buildscripts/scripts/utils/ntop_rules.json
A buildscripts/scripts/utils/str_mod.groovy
A buildscripts/scripts/utils/upload_artifacts.groovy
A buildscripts/scripts/utils/versioning.groovy
A buildscripts/scripts/utils/windows.groovy
Log Message:
-----------
Renames buildscripts/scripts/lib to utils as a preparation for refactoring
#jjb-migration
Change-Id: Ie5734853b02612ca0c77be4ec00fb5ea5783721e
Commit: c1f922be5f872e484b5dbaaed6fd461924416b12
https://github.com/tribe29/checkmk/commit/c1f922be5f872e484b5dbaaed6fd46192…
Author: Frans Fürst <frans.fuerst(a)tribe29.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
A buildscripts/scripts/lib/docker_util.groovy
A buildscripts/scripts/lib/gerrit_stages.groovy
A buildscripts/scripts/lib/integration.groovy
A buildscripts/scripts/lib/notify.groovy
A buildscripts/scripts/lib/ntop_rules.json
A buildscripts/scripts/lib/str_mod.groovy
A buildscripts/scripts/lib/upload_artifacts.groovy
A buildscripts/scripts/lib/versioning.groovy
A buildscripts/scripts/lib/windows.groovy
Log Message:
-----------
Add deprecated scripts/lib folder for backwards compatibility while migrating
#jjb-migration
Change-Id: I311184126114382783f1ad52d808f32e921d6118
Commit: 9bb49b4c9d4b7cb43c05db6d6e7904b7afc45b3e
https://github.com/tribe29/checkmk/commit/9bb49b4c9d4b7cb43c05db6d6e7904b7a…
Author: Frans Fürst <frans.fuerst(a)tribe29.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
A buildscripts/scripts/jenkins_job_entry.groovy
Log Message:
-----------
Adds jenkins_job_entry.groovy which acts as Checkmk specific entry point for Jenkins jobs
#jjb-migration
Change-Id: I3c7d3b5382dce51f98403ef777ead97319f1bcf2
Commit: c619cf96c35f6275227eb9ded60bea19ec129efe
https://github.com/tribe29/checkmk/commit/c619cf96c35f6275227eb9ded60bea19e…
Author: Frans Fürst <frans.fuerst(a)tribe29.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
R buildscripts/scripts/build-build-containers.jenkins
A buildscripts/scripts/build-build-images.groovy
Log Message:
-----------
rename build-build-containers.jenkins to build-build-images.groovy
#jjb-migration
Change-Id: I8c26fccde79180943df14fae8e57e4e9b7c2c907
Commit: 348a8a456f9369a2da8bb6b81f2cbad7af604285
https://github.com/tribe29/checkmk/commit/348a8a456f9369a2da8bb6b81f2cbad7a…
Author: Frans Fürst <frans.fuerst(a)tribe29.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M buildscripts/scripts/build-build-images.groovy
Log Message:
-----------
refactor build-build-images.groovy to meet JJB requirements
#jjb-migration
Change-Id: If0704e52ffe24dc51dd4eae2c6a4d00085ce2fe7
Compare: https://github.com/tribe29/checkmk/compare/2c5875ccc3e3...348a8a456f93