Checkmk git commits August 2022

checkmk-commits@lists.checkmk.com

1 participants
525 discussions

[tribe29/checkmk] 53592f: Reserved 20 Werk IDS

by Lars

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 53592fc9d4394d358e71dd6561755f477a6f1c4f https://github.com/tribe29/checkmk/commit/53592fc9d4394d358e71dd6561755f477… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M .werks/first_free Log Message: ----------- Reserved 20 Werk IDS Change-Id: I36bc50bf824cdfec500e22153829e2f69c0f584d Commit: be4d6414752a39d543de88cb7a1df124cee22f5c https://github.com/tribe29/checkmk/commit/be4d6414752a39d543de88cb7a1df124c… Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py Log Message: ----------- fix github actions: cee import from unit tests Change-Id: I41b2eb9d4361cb735e4fd7d8607e753d7b4b94f3 Commit: 0f81893f3d0125f67d2768d9a85e2f1015bc6f0a https://github.com/tribe29/checkmk/commit/0f81893f3d0125f67d2768d9a85e2f101… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M Makefile Log Message: ----------- Add zxcvbn to Makefile Change-Id: If6a4dc2eccd7151e91e84ce5d9c7febddd50b53e Commit: 6fe80403ef6678ebf587207f12c7a0ab513960a4 https://github.com/tribe29/checkmk/commit/6fe80403ef6678ebf587207f12c7a0ab5… Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py Log Message: ----------- fix github actions: ignore cee import in pylint Change-Id: I3a6c994368f71a3dd8184816e14c966cdde9ba50 Commit: e00fbd4ec5976268d77cd102b55eaa7e1209ca29 https://github.com/tribe29/checkmk/commit/e00fbd4ec5976268d77cd102b55eaa7e1… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14381 M notifications/sms Log Message: ----------- 14381 SEC Fix command injection in SMS notification script Previous to this Werk it was possible to inject arbitrary shell commands when sending SMS notifications. For this, attackers would have needed to place a crafted string in a user's Pager Address, which was not properly escaped by the SMS script. In most setups, this issue will not be exploitable: Changing a user's Pager Address requires the User Management permission. Users with that permission are effectively Administrators and can thus already legitimately execute code in the Site context. Note however, that in some setups the attribute can also be configured by external interfaces, for example via LDAP User Synchronization. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: As an immediate mitigation all notifications via the method "SMS (using smstools)" can be disabled. Note that users' personal notification rules are affected as well. Indicators of Compromise: If you suspect this issue might have been exploited in your installation, validate users' Pager Address fields. Check the Audit Log for changes to this field. Vulnerability Management: We have rated the issue with a CVSS Score of 8.0 (High) with the following CVSS vector: <tt>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>. A CVE has been requested. Changes: This Werk replaces a hazardous call to <tt>os.system</tt> by a safer alternative and adds additional validation to the Pager Address before attempting to send SMS to it. Valid Pager Addresses may now include letters, numbers, space characters, any of the characters <tt>. / - ()</tt>, as well as a <tt>+</tt> character at the beginning. Change-Id: I75d5ea3ac8cc3e0e9eb9390cef2d70cfa4cac38d Commit: a8a47e0269d21a26608a2051232c8914348101aa https://github.com/tribe29/checkmk/commit/a8a47e0269d21a26608a2051232c89143… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14383 M cmk/gui/watolib/auth_php.py M cmk/gui/watolib/tags.py M cmk/gui/watolib/utils.py M tests/unit/cmk/gui/watolib/test_watolib.py Log Message: ----------- 14383 SEC Fix code injection in watolib This Werk fixes a code injection vulnerability in watolib. Prior to this Werk it was possible for authenticated users to inject PHP code in files generated by Wato for NagVis integration. The code would be executed once a request to the respective NagVis component is made. The underlying reason for this issue was that user data entered in Wato was not properly sanitized when writing to the PHP file. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: As an immediate mitigation you can entirely disable PHP on your server. Note that NagVis will not work anymore without PHP. Indicators of Compromise: Malicious code is injected in either of the files <tt>var/check_mk/wato/auth/auth.php</tt> or <tt>var/check_mk/wato/php-api/hosttags.php</tt>. Check these files for suspicious code. Vulnerability Management: We have rated the issue with a CVSS Score of 9.1 (Critical) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L</tt>. A CVE has been requested. Changes: This Werk fixes the vulnerability by improving sanitization. CMK-11206 Change-Id: I54e0dc8ed44df4cbb4d873de2bab9b91f391368c Commit: adfcbe1af54e90b4b74cce7f079922f65f1c9efc https://github.com/tribe29/checkmk/commit/adfcbe1af54e90b4b74cce7f079922f65… Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py Log Message: ----------- fix github actions: ignore no-name-in-module in cee tests Change-Id: Ia0e54be0951ae274a98294bcc850f2a4b10559a2 Commit: 54d9d1e024949f56e1137303b0febefeac02c1a5 https://github.com/tribe29/checkmk/commit/54d9d1e024949f56e1137303b0febefea… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove migration of pagetype topics to IDs This has been taken care of with 2.1. CMK-10788 Change-Id: I36b06cd72d8d45e6df696aea397fb528f37ee3d3 Commit: 7e5d79525625aff1ce7724bc062670e43c829395 https://github.com/tribe29/checkmk/commit/7e5d79525625aff1ce7724bc062670e43… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py M tests/unit/cmk/test_update_config.py Log Message: ----------- update_config: Remove migration of pre-2.0 audit log All done in 2.1. CMK-10788 Change-Id: Ifa698b034d19eb5554ce14b2f1de0c79b37cb13c Commit: a01adbe571dea050e26a06c168d8c161fadefb0b https://github.com/tribe29/checkmk/commit/a01adbe571dea050e26a06c168d8c161f… Author: Gav <gavin.mcguigan(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/gui/watolib/site_management.py Log Message: ----------- site_management.py: changes to boolean attributes that are now set to string literals Change-Id: I8e731e6b60040c2439f9c9f5ad1aa3ab94ff2182 Commit: 2cb4b1248b290ff6de493521c0e097f0690ee811 https://github.com/tribe29/checkmk/commit/2cb4b1248b290ff6de493521c0e097f06… Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py Log Message: ----------- github actions: finlly fix pylint error Change-Id: I52640fdced83f56719f22d87aa71aca040f3a4ff Commit: 61ee3613e86595e7fddf7d58efb53ae9c11f222d https://github.com/tribe29/checkmk/commit/61ee3613e86595e7fddf7d58efb53ae9c… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14718 Log Message: ----------- 14718 FIX SAP HANA bakery plugin: Handle user store key correctly Change-Id: I14e2252c302f4c0bb6f9f7e461a164affdf0607f Commit: 82b1064d7fac562e877ba29c7260c93ec41ad303 https://github.com/tribe29/checkmk/commit/82b1064d7fac562e877ba29c7260c93ec… Author: Benedikt Seidl <benedikt.seidl(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/gui/valuespec.py A tests/unit/cmk/gui/valuespecs/test_vs_dropdownchoice.py M tests/unit/cmk/gui/valuespecs/utils.py Log Message: ----------- Add tests for DropdownChoice Change-Id: Idde1eb9e6bad86b3cd2a0ad78295c36312c87828 Commit: 4bd697f66d472864459d8e14339207a6e84a54b9 https://github.com/tribe29/checkmk/commit/4bd697f66d472864459d8e14339207a6e… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove renewal of site certificate All done in 2.1. CMK-10788 Change-Id: Iaaee1a2611e409d90f61c0947630a450ac688025 Commit: c898fb4292ac1000ffce6275e41581bd14d4fc56 https://github.com/tribe29/checkmk/commit/c898fb4292ac1000ffce6275e41581bd1… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py M tests/unit/cmk/test_update_config.py Log Message: ----------- update_config: Remove update of mknotifyd config All done in 2.1. CMK-10788 Change-Id: I544f758f2b94d102488c39bcfef01d6deb35c77b Commit: 0c5b1a92966c6dac4194e05a7bdc23fca3ae7843 https://github.com/tribe29/checkmk/commit/0c5b1a92966c6dac4194e05a7bdc23fca… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove rewriting of discovered host labels All done in 2.1. CMK-10788 Change-Id: I625964ad211903694fa433f39ca3f75d030924ed Commit: 23d0dd4a44737e0bebaed7ae1b43350f5a2c417e https://github.com/tribe29/checkmk/commit/23d0dd4a44737e0bebaed7ae1b43350f5… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove hosts and folders rewriting All transforms haven been done in 2.1 already. CMK-10788 Change-Id: I133e87ba73cd9dab448238694f713330ce4b8ac8 Commit: 4d5bf91715b2716bb38ed5472b9ec34732a911ff https://github.com/tribe29/checkmk/commit/4d5bf91715b2716bb38ed5472b9ec3473… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/gui/watolib/hosts_and_folders.py M tests/unit/cmk/gui/watolib/test_hosts_and_folders.py Log Message: ----------- hosts and folders: remove transformations All current transformations have been applied when upgrading to 2.1. CMK-10788 Change-Id: I21bb0a018898706b0c411d29d10eab7e6a0e6a03 Commit: ee2c73d6628052b693bd7fcaf3dfc13ecd33a6aa https://github.com/tribe29/checkmk/commit/ee2c73d6628052b693bd7fcaf3dfc13ec… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py M tests/unit/cmk/test_update_config.py Log Message: ----------- update_config: small testability improvement CMK-10788 Change-Id: I151141451af1c756258b4a6dd814f6f911398595 Commit: 290d03a5b25de9252567b0f7a1c043c0cedc18bc https://github.com/tribe29/checkmk/commit/290d03a5b25de9252567b0f7a1c043c0c… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py M tests/unit/cmk/test_update_config.py Log Message: ----------- update_config: remove now unnecessary steps from rule updates All done in 2.1. CMK-10788 Change-Id: Idbad12bdc4a47180f771e861510bcb7225d99ac0 Commit: 172e8a97162a309a181dff8be70b9a3480feea6c https://github.com/tribe29/checkmk/commit/172e8a97162a309a181dff8be70b9a348… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/gui/plugins/wato/check_mk_configuration.py M tests/unit/cmk/gui/plugins/wato/test_check_mk_configuration.py Log Message: ----------- Clean up transforms in check_mk_configuration CMK-10788 Change-Id: If4ff242910e507ebde4c26e365ce202bcd2f0a80 Commit: 05e8c6bb2031342191a559d5635bc4442397639f https://github.com/tribe29/checkmk/commit/05e8c6bb2031342191a559d5635bc4442… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A cmk/gui/plugins/wato/active_checks/mailbox.py R cmk/gui/plugins/wato/active_checks_mailbox.py Log Message: ----------- Move active_checks_mailbox to its right place Change-Id: I0fbb0beb79d6319f60894273de6cff2cf05af646 Commit: 744c0a329596e12de87c20a29baa3f168781d99f https://github.com/tribe29/checkmk/commit/744c0a329596e12de87c20a29baa3f168… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/gui/plugins/wato/active_checks/bi_aggr.py M cmk/gui/plugins/wato/active_checks/common.py M cmk/gui/plugins/wato/active_checks/form_submit.py M cmk/gui/plugins/wato/active_checks/ftp.py M cmk/gui/plugins/wato/active_checks/http.py M cmk/gui/plugins/wato/active_checks/mailbox.py M cmk/gui/plugins/wato/active_checks/smtp.py M cmk/gui/plugins/wato/active_checks/sql.py M cmk/gui/plugins/wato/active_checks/tcp.py M cmk/gui/plugins/wato/active_checks/traceroute.py R tests/unit/cmk/gui/plugins/wato/active_checks/test_form_submit.py Log Message: ----------- Clean up transforms in active checks rulesets CMK-10788 Change-Id: Ia67a314cbb275dbb4aaf9053b31329ab9f8a5744 Commit: b6441f869c62b2c96d35ca0a526a6f9ae0026a90 https://github.com/tribe29/checkmk/commit/b6441f869c62b2c96d35ca0a526a6f9ae… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/gui/plugins/wato/special_agents/3par.py M cmk/gui/plugins/wato/special_agents/activemq.py M cmk/gui/plugins/wato/special_agents/aws.py M cmk/gui/plugins/wato/special_agents/bi.py M cmk/gui/plugins/wato/special_agents/common.py M cmk/gui/plugins/wato/special_agents/emcvnx.py M cmk/gui/plugins/wato/special_agents/ibmsvc.py M cmk/gui/plugins/wato/special_agents/innovaphone.py M cmk/gui/plugins/wato/special_agents/ipmi_sensors.py M cmk/gui/plugins/wato/special_agents/jenkins.py M cmk/gui/plugins/wato/special_agents/kubernetes.py M cmk/gui/plugins/wato/special_agents/netapp.py M cmk/gui/plugins/wato/special_agents/prometheus.py M cmk/gui/plugins/wato/special_agents/siemens_plc.py M cmk/gui/plugins/wato/special_agents/vsphere.py R tests/unit/cmk/gui/plugins/wato/special_agents/test_bi.py R tests/unit/cmk/gui/plugins/wato/special_agents/test_innovaphone.py R tests/unit/cmk/gui/plugins/wato/special_agents/test_kubernetes.py R tests/unit/cmk/gui/plugins/wato/special_agents/test_prometheus.py Log Message: ----------- Clean up transforms in special agents rulesets CMK-10788 Change-Id: I909cf24aeafcd00be23e3407211783a46a23092a Commit: a8ced45efc76c1925b55a04646f1174b65b11e3b https://github.com/tribe29/checkmk/commit/a8ced45efc76c1925b55a04646f1174b6… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M tests/unit/cmk/test_update_config.py Log Message: ----------- Make test_update_config more independent of currently registered rules This is a preparation for cleaning up transforms in check parameter rulesets. CMK-10788 Change-Id: Ifc857940149bbfd4d6b357f60a86d323e9f26872 Commit: c373d393a03c6c2db327e9bb6db9aea0c337c0d7 https://github.com/tribe29/checkmk/commit/c373d393a03c6c2db327e9bb6db9aea0c… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M checks/akcp_daisy_temp M checks/allnet_ip_sensoric M checks/apc_inrow_temp M checks/apc_netbotz_sensors M checks/apc_symmetra_ext_temp M checks/arris_cmts_temp M checks/artec_temp M checks/avaya_45xx_temp M checks/avaya_88xx M checks/avaya_chassis_temp M checks/bintec_sensors M checks/bluenet2_powerrail M checks/bluenet_sensor M checks/brocade_mlx_temp M checks/bvip_temp M checks/checkpoint_temp M checks/cisco_ucs_temp_cpu M checks/cisco_ucs_temp_env M checks/cisco_ucs_temp_mem M checks/climaveneta_temp M checks/cmc_temp M checks/datapower_temp M checks/dell_chassis_temp M checks/dell_om_sensors M checks/dell_powerconnect_temp M checks/emc_isilon_temp M checks/emerson_temp M checks/enterasys_temp M checks/etherbox2_temp M checks/gude_temp M checks/hp_msa_psu M checks/hp_psu M checks/huawei_osn_temp M checks/ibm_svc_enclosurestats M checks/icom_repeater M checks/infoblox_temp M checks/innovaphone_temp M checks/ipr400_temp M checks/juniper_screenos_temp M checks/juniper_temp M checks/knuerr_rms_temp M checks/mbg_lantime_ng_temp M checks/netextreme_temp M checks/netscaler_health M checks/nvidia M checks/qnap_hdd_temp M checks/rms200_temp M checks/siemens_plc M checks/smart M checks/stulz_temp M checks/ucs_bladecenter_fans M checks/ucs_bladecenter_psu M checks/ups_bat_temp M checks/wagner_titanus_topsense M checks/wut_webtherm M cmk/base/check_legacy_includes/akcp_sensor.py M cmk/base/check_legacy_includes/alcatel.py M cmk/base/check_legacy_includes/pandacom_temp.py M cmk/base/plugins/agent_based/ciena_cpu_util.py M cmk/gui/plugins/wato/check_parameters/apc_symmetra.py M cmk/gui/plugins/wato/check_parameters/aws.py M cmk/gui/plugins/wato/check_parameters/checkpoint_connections.py M cmk/gui/plugins/wato/check_parameters/cpu_load.py M cmk/gui/plugins/wato/check_parameters/cpu_utilization.py M cmk/gui/plugins/wato/check_parameters/cpu_utilization_multiitem.py M cmk/gui/plugins/wato/check_parameters/db_connections.py M cmk/gui/plugins/wato/check_parameters/diskstat.py M cmk/gui/plugins/wato/check_parameters/domino_tasks.py M cmk/gui/plugins/wato/check_parameters/elphase.py M cmk/gui/plugins/wato/check_parameters/esx_host_memory.py M cmk/gui/plugins/wato/check_parameters/fileinfo_groups.py M cmk/gui/plugins/wato/check_parameters/filesystem.py M cmk/gui/plugins/wato/check_parameters/heartbeat_crm.py M cmk/gui/plugins/wato/check_parameters/humidity.py M cmk/gui/plugins/wato/check_parameters/hw_fans.py M cmk/gui/plugins/wato/check_parameters/ibm_svc_host.py M cmk/gui/plugins/wato/check_parameters/interfaces.py M cmk/gui/plugins/wato/check_parameters/ipmi.py M cmk/gui/plugins/wato/check_parameters/ipsecvpn.py M cmk/gui/plugins/wato/check_parameters/juniper_cpu_util.py M cmk/gui/plugins/wato/check_parameters/jvm_gc.py M cmk/gui/plugins/wato/check_parameters/jvm_memory.py M cmk/gui/plugins/wato/check_parameters/local.py M cmk/gui/plugins/wato/check_parameters/logwatch_ec.py M cmk/gui/plugins/wato/check_parameters/mail_queue_length.py M cmk/gui/plugins/wato/check_parameters/mailqueue_length.py M cmk/gui/plugins/wato/check_parameters/mcafee_av_client.py M cmk/gui/plugins/wato/check_parameters/memory.py M cmk/gui/plugins/wato/check_parameters/memory_linux.py M cmk/gui/plugins/wato/check_parameters/memory_simple.py M cmk/gui/plugins/wato/check_parameters/msx_queues.py M cmk/gui/plugins/wato/check_parameters/mtr.py M cmk/gui/plugins/wato/check_parameters/multipath_count.py M cmk/gui/plugins/wato/check_parameters/netapp_disks.py M cmk/gui/plugins/wato/check_parameters/ntp.py M cmk/gui/plugins/wato/check_parameters/oracle_instance.py M cmk/gui/plugins/wato/check_parameters/oracle_logswitches.py M cmk/gui/plugins/wato/check_parameters/oracle_sessions.py M cmk/gui/plugins/wato/check_parameters/plugs.py M cmk/gui/plugins/wato/check_parameters/printer_supply.py M cmk/gui/plugins/wato/check_parameters/ps.py M cmk/gui/plugins/wato/check_parameters/raid_disk.py M cmk/gui/plugins/wato/check_parameters/smoke.py M cmk/gui/plugins/wato/check_parameters/sshd_config.py M cmk/gui/plugins/wato/check_parameters/systemd_services.py M cmk/gui/plugins/wato/check_parameters/systemtime.py M cmk/gui/plugins/wato/check_parameters/temperature.py M cmk/gui/plugins/wato/check_parameters/threads.py M cmk/gui/plugins/wato/check_parameters/ups_out_load.py M cmk/gui/plugins/wato/check_parameters/websphere_mq.py M cmk/gui/plugins/wato/check_parameters/win_dhcp_pools.py M cmk/gui/plugins/wato/check_parameters/windows_printer_queues.py M cmk/gui/plugins/wato/check_parameters/windows_updates.py M cmk/gui/plugins/wato/check_parameters/wlc_clients.py R tests/unit/cmk/gui/plugins/wato/check_parameters/test_domino_tasks_parameters.py R tests/unit/cmk/gui/plugins/wato/check_parameters/test_if_parameters.py R tests/unit/cmk/gui/plugins/wato/check_parameters/test_jvm_memory_parameters.py R tests/unit/cmk/gui/plugins/wato/check_parameters/test_msx_queues_parameters.py M tests/unit/cmk/gui/plugins/wato/check_parameters/test_ps_parameters.py R tests/unit/cmk/gui/plugins/wato/check_parameters/test_windows_updates.py Log Message: ----------- Clean up transforms in check parameter rulesets CMK-10788 Change-Id: Ida2f414ab73deed52d4931d5557e47c5cdd3856a Commit: 2c49c3ef5ce8969da5e51fde6d99013b0e79e402 https://github.com/tribe29/checkmk/commit/2c49c3ef5ce8969da5e51fde6d99013b0… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/gui/plugins/wato/inventory.py M cmk/gui/plugins/wato/notifications.py M cmk/gui/wato/mkeventd.py Log Message: ----------- Clean up various remaining transforms CMK-10788 Change-Id: I0fcc4cd89834effdc8d302ceecdb9829d8a02a8a Commit: 17d292bf08b002269ed930fcb40e0726f659e0c9 https://github.com/tribe29/checkmk/commit/17d292bf08b002269ed930fcb40e0726f… Author: Ronny Bruska <ronny.bruska(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14742 M cmk/gui/plugins/sidebar/search.py Log Message: ----------- 14742 FIX Fix combined search for tag groups SUP-11113 Change-Id: Ic855e62fec22b96ca7dd6753bf488d49d8e7e340 Commit: 3b36ca84966d93254db5d33c5840a3383db54c82 https://github.com/tribe29/checkmk/commit/3b36ca84966d93254db5d33c5840a3383… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove irrelevant comment The line it refers to had already been removed earlier. CMK-10788 Change-Id: I1621db3b2e7c476a1c06466c479418e070815c36 Commit: 8aa3303660edc0abd32d28d0dec38a86b723da7c https://github.com/tribe29/checkmk/commit/8aa3303660edc0abd32d28d0dec38a86b… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py M tests/unit/cmk/test_update_config.py Log Message: ----------- update_config: Remove transformation of InfluxDB connections All done in 2.1. CMK-10788 Change-Id: Ib4a8f6004798219458ce6822650d779782e54d02 Commit: 4e59f4f9ba589f7ce278ff2de67886ab01a90863 https://github.com/tribe29/checkmk/commit/4e59f4f9ba589f7ce278ff2de67886ab0… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py M tests/unit/cmk/test_update_config.py Log Message: ----------- update_config: Remove transformation of contact groups All done in 2.1. CMK-10788 Change-Id: I5c096183c49602e05ba5b4397cb34c7bf1fa119e Commit: b392f791cbcd5b5aefa9200228f1a913a0addf19 https://github.com/tribe29/checkmk/commit/b392f791cbcd5b5aefa9200228f1a913a… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove update of ServiceNow notification rules All done in 2.1. CMK-10788 Change-Id: Ifebb797a7f8d89852432ae9ee2cb6d4a113aa8a2 Commit: a33a8b8913fd154da56556f86b2f4dcf5941eee8 https://github.com/tribe29/checkmk/commit/a33a8b8913fd154da56556f86b2f4dcf5… Author: Marcel Arentz <marcel.arentz(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M .werks/13991 M cmk/base/plugins/agent_based/palo_alto.py M tests/unit/cmk/base/plugins/agent_based/test_palo_alto.py Log Message: ----------- disable checking of local and peer if HA is disabled Change-Id: I5da34e4dc44c6247490da33d26590b278f4ee043 Commit: 3e4f3ca3d4372221b47dcf269fd4539986fa6951 https://github.com/tribe29/checkmk/commit/3e4f3ca3d4372221b47dcf269fd453998… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M buildscripts/docker_image_aliases/IMAGE_TESTING/Dockerfile M buildscripts/docker_image_aliases/IMAGE_TESTING/meta.yml Log Message: ----------- Repin IMAGE_TESTING Change-Id: I0b0d682d5971a9e85477f128aa9641f377abf576 Commit: 50fae8a11d93b7715aa7e28e346e49fb3c298d14 https://github.com/tribe29/checkmk/commit/50fae8a11d93b7715aa7e28e346e49fb3… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M buildscripts/infrastructure/build-nodes/scripts/install-gnu-toolchain.sh Log Message: ----------- Bumped GDB version 11.1 => 12.1 Change-Id: I1844839110c190da627ae7bc9c33ad98576459a9 Commit: bcdc1a056b50680a13b94c43b52a4083382daef2 https://github.com/tribe29/checkmk/commit/bcdc1a056b50680a13b94c43b52a40833… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/gui/config.py M cmk/gui/metrics.py M cmk/gui/mobile.py M cmk/gui/permissions.py M cmk/gui/plugins/dashboard/graph.py M cmk/gui/plugins/views/painters.py M cmk/gui/views/__init__.py M cmk/gui/visuals.py M cmk/gui/webapi.py Log Message: ----------- Cleaned up unused-import (pre 1.6 plugin compatibility) Since 1.6 the plugins need to import the names they need explicitly. The internal imports we kept for compatibility are now cleaned up with this change to clarify the internal code. All old plugins which now fail with some NameError will have to add imports of the needed names. Change-Id: I7355fedfdeb1904714fe2e430abcf6377790e43f Commit: 84712e97760f6ecd9383b12b1f2b009377aad139 https://github.com/tribe29/checkmk/commit/84712e97760f6ecd9383b12b1f2b00937… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14291 A omd/packages/nagvis/nagvis-1.9.34.tar.gz M omd/packages/nagvis/nagvis.make Log Message: ----------- 14291 SEC NagVis: Updated to 1.9.34 (Fix security issues) This update of NagVis fixes the following security issues: 1. Fix SSRF (triggerable by admin users) An administrative user with access to the global options, could perform a server-side request forgery. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2) 2. Fix arbitrary file read An authenticated attacker can read arbitrary files with the permissions of the web server user. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1) 3. Fix type juggling vulnerability in cookie hash processing An attacker could bypass the authentication and gain access to the NagVis component of checkmk. Change-Id: I014996ba270dc1fc0ef7829ee85f8f716aa9cd03 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7) Commit: 683fa5404b4068a8acdc5370bbba9ddcc32b096c https://github.com/tribe29/checkmk/commit/683fa5404b4068a8acdc5370bbba9ddcc… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/gui/config.py M cmk/gui/metrics.py M cmk/gui/mobile.py M cmk/gui/permissions.py M cmk/gui/plugins/dashboard/graph.py M cmk/gui/plugins/views/painters.py M cmk/gui/views/__init__.py M cmk/gui/visuals.py M cmk/gui/webapi.py Log Message: ----------- Revert "Cleaned up unused-import (pre 1.6 plugin compatibility)" This reverts commit bcdc1a056b50680a13b94c43b52a4083382daef2. Accidentally pushed. Commit: 6caeace2bee88c1bfe04e7e69b511f7102b30aed https://github.com/tribe29/checkmk/commit/6caeace2bee88c1bfe04e7e69b511f710… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove migration of LDAP connections All done 2.1. CMK-10788 Change-Id: I54a1989bb14dec09a80795f5fe5312d214b76a1b Commit: 895fd19ff982c16941e308bebbc024faeb6e7bef https://github.com/tribe29/checkmk/commit/895fd19ff982c16941e308bebbc024fae… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Trim down udpate of user attributes Remove steps already done in 2.1. CMK-10788 Change-Id: I7f0ab00afca6ac6980c6556b98248ae9c66d67fa Commit: 3e812f4b35f3b7d82e08589e0daca7fcd7596630 https://github.com/tribe29/checkmk/commit/3e812f4b35f3b7d82e08589e0daca7fcd… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove rewriting of Python 2 inventory data All done in 2.1. CMK-10788 Change-Id: I296166327d52cb091999b8f0330d817283a5bae1 Commit: b9d02a63bdbdfd2ad5fb114fab915e3e327f4911 https://github.com/tribe29/checkmk/commit/b9d02a63bdbdfd2ad5fb114fab915e3e3… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/update_config.py M tests/unit/cmk/test_update_config.py Log Message: ----------- update_config: Remove audit log sanitation All done in 2.1. CMK-10788 Change-Id: Iaef855c73f0adbe68a6bfb8a063cf779225029ac Commit: f27924d6101deddb8a50d55a8b391bade25d54b8 https://github.com/tribe29/checkmk/commit/f27924d6101deddb8a50d55a8b391bade… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/update_config.py M tests/unit/cmk/test_update_config.py Log Message: ----------- update_config: Remove renaming of discovered host label files All done in 2.1. CMK-10788 Change-Id: I8e02a6abb076d8203cf8430cf043abe904f28cc2 Commit: 721912e4faba3636e12a4c3eefac59a9740a97c1 https://github.com/tribe29/checkmk/commit/721912e4faba3636e12a4c3eefac59a97… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove adding of site CA to trusted CAs All done in 2.1. CMK-10788 Change-Id: I83f9e245e09903a74840e50ca0b00fa99560773a Commit: 34b10fdda89de6dd4feaa2951aabb484af36e957 https://github.com/tribe29/checkmk/commit/34b10fdda89de6dd4feaa2951aabb484a… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/update_config.py Log Message: ----------- update_config: Remove check for macros in EC scripts All done in 2.1. CMK-10788 Change-Id: Iae842c9913dbfc0f2ab268f0e03083198a810c42 Commit: 4f7fe041645a8d6c05e20015c9b86c041140f8bf https://github.com/tribe29/checkmk/commit/4f7fe041645a8d6c05e20015c9b86c041… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/utils/version.py M tests/unit/cmk/gui/wato/pages/test_automation.py Log Message: ----------- Increment minimum patch release for 2.2 update_config has been cleaned up. By incrementing the required patch release, we ensure that all customer configurations underwent all necessary transforms in 2.1 before going to 2.2. CMK-10788 Change-Id: I7a158ef32dee3283276131a8e81fae71237e4711 Commit: da4ad9c870a2c7f83dc8de0e823b25263c819955 https://github.com/tribe29/checkmk/commit/da4ad9c870a2c7f83dc8de0e823b25263… Author: Max Linke <max.linke(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/gui/plugins/wato/special_agents/gcp.py M cmk/special_agents/agent_gcp.py Log Message: ----------- Add http load balancer to gcp agent Change-Id: I4550bbf7120ea65ff81dd7cbe38ebdd55cb742c7 Commit: 83c4c466853845f38ed7ee098a119d8d460b6dba https://github.com/tribe29/checkmk/commit/83c4c466853845f38ed7ee098a119d8d4… Author: Max Linke <max.linke(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A checkman/gcp_http_lb_latencies A checkman/gcp_http_lb_requests A checkman/gcp_http_lb_summary M cmk/base/plugins/agent_based/gcp_assets.py A cmk/base/plugins/agent_based/gcp_http_lb.py M cmk/gui/plugins/wato/check_parameters/gcp_gcs.py A tests/unit/cmk/base/plugins/agent_based/test_gcp_http_lb.py Log Message: ----------- Add gcp load balancer check plugin Change-Id: Ia703aa6b4ce56743fafe8309f72d6dc6883c2c99 Commit: b6a9002b70801ab668c775527910dcb482b4f360 https://github.com/tribe29/checkmk/commit/b6a9002b70801ab668c775527910dcb48… Author: Giordano Tomassorri <giordano.tomassorri(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/special_agents/agent_azure.py Log Message: ----------- agent azure: fetch metrics for PostgreSQL Change-Id: I1525a4ce66d9050803c7e47691fc0122de483b1e Commit: fdb4d7d3935c3e4bff99a41eab38909c113d8928 https://github.com/tribe29/checkmk/commit/fdb4d7d3935c3e4bff99a41eab38909c1… Author: Giordano Tomassorri <giordano.tomassorri(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/base/plugins/agent_based/azure_mysql.py A cmk/base/plugins/agent_based/azure_section_servers.py Log Message: ----------- Move azure servers section parsing to a dedicated file The parse function will be the same for both the MySQL checks and the PostgreSQL ones so we are moving it in a dedicated file Change-Id: Ia3fcc12f1747e696ff2a6eb64216e1a137da11e7 Commit: 8123f18272cb66f22fc5cb934acef8494197ec7c https://github.com/tribe29/checkmk/commit/8123f18272cb66f22fc5cb934acef8494… Author: Giordano Tomassorri <giordano.tomassorri(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14532 A checkman/azure_postgresql_connections A checkman/azure_postgresql_cpu A checkman/azure_postgresql_memory A checkman/azure_postgresql_network A checkman/azure_postgresql_replication A checkman/azure_postgresql_storage M cmk/base/plugins/agent_based/azure_mysql.py A cmk/base/plugins/agent_based/azure_postgresql.py M cmk/base/plugins/agent_based/utils/azure.py A tests/unit/cmk/base/plugins/agent_based/test_azure_postgresql.py Log Message: ----------- 14532 azure_postgresql: Monitor Azure database for PostgreSQL It's now possible to monitor Azure database for PostgreSQL in Checkmk. Six new checks have been added: <ul> <li>Microsoft Azure PostgreSQL Database: CPU Utilization</li> <li>Microsoft Azure PostgreSQL Database: Connections</li> <li>Microsoft Azure PostgreSQL Database: Memory Utilization</li> <li>Microsoft Azure PostgreSQL Database: Network</li> <li>Microsoft Azure PostgreSQL Database: Replication</li> <li>Microsoft Azure PostgreSQL Database: Storage</li> </ul> The new services will be automatically discovered if you have an Azure database for PostgreSQL in the resource group already monitored in Checkmk. Change-Id: Iafdef57fdb892cbd9d91520a8115332bb117ff9d Commit: 8f72c6918661ffd5ed16e62c7bc8a6c7ebf05b2f https://github.com/tribe29/checkmk/commit/8f72c6918661ffd5ed16e62c7bc8a6c7e… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M buildscripts/infrastructure/build-nodes/scripts/install-gnu-toolchain.sh M defines.make Log Message: ----------- Bumped GCC version 11.2 => 12.2 Change-Id: I12f7129e1c64415a90f147fc6815eb3f104bf9c8 Commit: 1f28f546d8473d0070899f72246ae8584bd0edbe https://github.com/tribe29/checkmk/commit/1f28f546d8473d0070899f72246ae8584… Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M buildscripts/scripts/stages.yml M package.json A scripts/check-typescript-types.sh M scripts/run-prettier M tests/Makefile Log Message: ----------- Add a TypeScript TypeChecking stage to the CI Change-Id: I1e9b2880a9d45be3bf861cc7f58516d73cf23dc0 Commit: 2703fddd2d7356c6c57e5bd84847be526316c190 https://github.com/tribe29/checkmk/commit/2703fddd2d7356c6c57e5bd84847be526… Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: R buildscripts/scripts/test-build-js.jenkins M package.json A scripts/check-js-lint.sh M scripts/run-webpack-watch M tests/Makefile Log Message: ----------- Some cleanup of the testing/ci scripts and package.json Change-Id: I2ba63f27052b419ef92ad1763b642e9bd7e12100 Commit: ce28ee1f92d1911a7c24e1baff003df3f45b7948 https://github.com/tribe29/checkmk/commit/ce28ee1f92d1911a7c24e1baff003df3f… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M tests/unit/cmk/gui/test_gui_config.py A tests/unit/cmk/gui/test_permissions.py Log Message: ----------- Move permission tests Change-Id: I130c6996e6d8b236ea98e91ec86ecda9be2566ea Commit: 11a7abbcf6bb288dc0819a5d6cd0d871d4226948 https://github.com/tribe29/checkmk/commit/11a7abbcf6bb288dc0819a5d6cd0d871d… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/gui/config.py M cmk/gui/metrics.py M cmk/gui/mobile.py M cmk/gui/permissions.py M cmk/gui/plugins/dashboard/graph.py M cmk/gui/plugins/views/painters.py M cmk/gui/views/__init__.py M cmk/gui/visuals.py M cmk/gui/webapi.py Log Message: ----------- Cleaned up unused-import (pre 1.6 plugin compatibility) Since 1.6 the plugins need to import the names they need explicitly. The internal imports we kept for compatibility are now cleaned up with this change to clarify the internal code. All old plugins which now fail with some NameError will have to add imports of the needed names. Change-Id: Iec40846f450a264fdf2b55cf8ded2c181976a896 Commit: eaa0308a90c371402f78f335eeb5d34664e34910 https://github.com/tribe29/checkmk/commit/eaa0308a90c371402f78f335eeb5d3466… Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/13956 M cmk/gui/plugins/openapi/endpoints/bi.py M tests/unit/cmk/gui/plugins/openapi/test_openapi_bi.py Log Message: ----------- 13956 FIX The BI Pack endpoints will now check if the given contact groups actually exist The BI Pack endpoint will now check if the contact groups it is given actually exists. If that is not the case, it will respond with an error. SUP-10160 Change-Id: I23a62e55407a5dd4e35ba0b94d994f79f818a949 Commit: 9da7e504d5b9bc794d0d4c4c2565d41eda270d83 https://github.com/tribe29/checkmk/commit/9da7e504d5b9bc794d0d4c4c2565d41ed… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A tests/unit/checks/test_apc_mod_pdu_modules.py Log Message: ----------- apc_mod_pdu_modules: unit tests SUP-11401 Change-Id: I7e051a709947665fe613f62241d653653b09c907 Commit: bf042bf175d166f3c6f8535e02db8e08437cc8d4 https://github.com/tribe29/checkmk/commit/bf042bf175d166f3c6f8535e02db8e084… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14764 M checks/apc_mod_pdu_modules M tests/unit/checks/test_apc_mod_pdu_modules.py Log Message: ----------- 14764 FIX apc_mod_pdu_modules: total power measurement displayed at wrong scale SUP-11401 Change-Id: Idac32ec0c725f25778296bc33820a1767b74f03d Commit: a92e8c20f2a5abd405a39e5d5c92985467410f99 https://github.com/tribe29/checkmk/commit/a92e8c20f2a5abd405a39e5d5c9298546… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14761 M agents/plugins/mk_sap_hana Log Message: ----------- 14761 FIX SAP Hana fileinfo: negative file age causes crash SUP-11334 Change-Id: Ifc8536b3f6f4580e476509cc9a6f1ab6d74fdf5e Commit: 68bdae84fde7295ad06ecb3d6fe3c34aaa1fc7c0 https://github.com/tribe29/checkmk/commit/68bdae84fde7295ad06ecb3d6fe3c34aa… Author: Ronny Bruska <ronny.bruska(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14745 M cmk/gui/plugins/metrics/graph_images.py M cmk/notification_plugins/mail.py Log Message: ----------- 14745 FIX Fix "Data: b''" in notification result of event console bulk notifications SUP-11297 Change-Id: I14405d868ab0e565b2767aa6e7f0462c22457f14 Commit: e1ae25d8255116cc2b1c8ad59b5a8275754cc3fd https://github.com/tribe29/checkmk/commit/e1ae25d8255116cc2b1c8ad59b5a82757… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M buildscripts/docker_image_aliases/IMAGE_TESTING/Dockerfile M buildscripts/docker_image_aliases/IMAGE_TESTING/meta.yml Log Message: ----------- Repin IMAGE_TESTING Change-Id: I6db9dcfdf9eaa59b5ec4accb1d7d8a0ab550c9bc Commit: 763e06eeac934f82fbcdc0569372d9e14c3272c2 https://github.com/tribe29/checkmk/commit/763e06eeac934f82fbcdc0569372d9e14… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M livestatus/src/pnp4nagios.cc Log Message: ----------- Avoid a (useless) warning. Change-Id: I087362ba31334f27770550da651c78187df1b9f6 Commit: 5b76b0cbfebc22048e9a10901610d7b98c50f55a https://github.com/tribe29/checkmk/commit/5b76b0cbfebc22048e9a10901610d7b98… Author: Weblate Transfer job <weblate(a)checkmk.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M locale/de/LC_MESSAGES/multisite.po M locale/es/LC_MESSAGES/multisite.po M locale/fr/LC_MESSAGES/multisite.po M locale/it/LC_MESSAGES/multisite.po M locale/ja/LC_MESSAGES/multisite.po M locale/nl/LC_MESSAGES/multisite.po M locale/pt_PT/LC_MESSAGES/multisite.po M locale/ro/LC_MESSAGES/multisite.po Log Message: ----------- [Weblate] Updated translation files Translation: checkmk/software Translate-URL: https://translate.checkmk.com/projects/checkmk/software/ Compare: https://github.com/tribe29/checkmk/compare/9fbe8058003e...5b76b0cbfebc

2 years

[tribe29/checkmk] 88fc00: Revert "Revert "Revert "14483 SEC Update dependenc...

by Lisa Pichler

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 88fc002e9f1980c190f85d1d8a4ca5771b3d94c2 https://github.com/tribe29/checkmk/commit/88fc002e9f1980c190f85d1d8a4ca5771… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: R .werks/14483 M Pipfile M Pipfile.lock M omd/packages/python3-modules/python3-modules.make R omd/packages/python3-modules/src/Babel-2.10.3.tar.gz A omd/packages/python3-modules/src/Babel-2.8.0.tar.gz A omd/packages/python3-modules/src/PyJWT-1.7.1.tar.gz R omd/packages/python3-modules/src/PyJWT-2.4.0.tar.gz A omd/packages/python3-modules/src/PyPDF2-1.26.0.tar.gz R omd/packages/python3-modules/src/PyPDF2-2.10.2.tar.gz A omd/packages/python3-modules/src/reportlab-3.5.34.tar.gz R omd/packages/python3-modules/src/reportlab-3.6.11.tar.gz A omd/packages/python3-modules/src/rsa-4.6.tar.gz R omd/packages/python3-modules/src/rsa-4.9.tar.gz A omd/packages/python3-modules/src/typing_extensions-3.7.4.1.tar.gz R omd/packages/python3-modules/src/typing_extensions-4.3.0.tar.gz Log Message: ----------- Revert "Revert "Revert "14483 SEC Update dependencies""" This reverts commit e32d55125f760f318473b6228d5e706585fedf24. Reason for revert: Tests fail Change-Id: I5e724776991302216b079d9d02ecbb1b9d0bfcbf Commit: 98978b78b5a1a6d71e1c4c91df1d69d004decd20 https://github.com/tribe29/checkmk/commit/98978b78b5a1a6d71e1c4c91df1d69d00… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M omd/packages/python3-modules/python3-modules.make Log Message: ----------- Revert "Add workaround for package build without setup.py" This reverts commit 4166cd932aab5328b764149ea0af18f908254cb2. Reason for revert: Tests fail Change-Id: I0b4a32f89c5f95b6ff3fb86b14e2497b20121b15 Commit: 73a5201ded5c011549c6a743a63802677791d78c https://github.com/tribe29/checkmk/commit/73a5201ded5c011549c6a743a63802677… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14381 M notifications/sms Log Message: ----------- 14381 SEC Fix command injection in SMS notification script Previous to this Werk it was possible to inject arbitrary shell commands when sending SMS notifications. For this, attackers would have needed to place a crafted string in a user's Pager Address, which was not properly escaped by the SMS script. In most setups, this issue will not be exploitable: Changing a user's Pager Address requires the User Management permission. Users with that permission are effectively Administrators and can thus already legitimately execute code in the Site context. Note however, that in some setups the attribute can also be configured by external interfaces, for example via LDAP User Synchronization. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: As an immediate mitigation all notifications via the method "SMS (using smstools)" can be disabled. Note that users' personal notification rules are affected as well. Indicators of Compromise: If you suspect this issue might have been exploited in your installation, validate users' Pager Address fields. Check the Audit Log for changes to this field. Vulnerability Management: We have rated the issue with a CVSS Score of 8.0 (High) with the following CVSS vector: <tt>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>. A CVE has been requested. Changes: This Werk replaces a hazardous call to <tt>os.system</tt> by a safer alternative and adds additional validation to the Pager Address before attempting to send SMS to it. Valid Pager Addresses may now include letters, numbers, space characters, any of the characters <tt>. / - ()</tt>, as well as a <tt>+</tt> character at the beginning. Change-Id: I75d5ea3ac8cc3e0e9eb9390cef2d70cfa4cac38d Commit: 509e7453c96f38e3d4c0fcf2d280f2faac08cbd9 https://github.com/tribe29/checkmk/commit/509e7453c96f38e3d4c0fcf2d280f2faa… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14383 M cmk/gui/watolib/auth_php.py M cmk/gui/watolib/tags.py M cmk/gui/watolib/utils.py M tests/unit/cmk/gui/watolib/test_watolib.py Log Message: ----------- 14383 SEC Fix code injection in watolib This Werk fixes a code injection vulnerability in watolib. Prior to this Werk it was possible for authenticated users to inject PHP code in files generated by Wato for NagVis integration. The code would be executed once a request to the respective NagVis component is made. The underlying reason for this issue was that user data entered in Wato was not properly sanitized when writing to the PHP file. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: As an immediate mitigation you can entirely disable PHP on your server. Note that NagVis will not work anymore without PHP. Indicators of Compromise: Malicious code is injected in either of the files <tt>var/check_mk/wato/auth/auth.php</tt> or <tt>var/check_mk/wato/php-api/hosttags.php</tt>. Check these files for suspicious code. Vulnerability Management: We have rated the issue with a CVSS Score of 9.1 (Critical) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L</tt>. A CVE has been requested. Changes: This Werk fixes the vulnerability by improving sanitization. CMK-11206 Change-Id: I54e0dc8ed44df4cbb4d873de2bab9b91f391368c Commit: a08326084023c15b98f1c40181013ef7b4a3d1b9 https://github.com/tribe29/checkmk/commit/a08326084023c15b98f1c40181013ef7b… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14732 Log Message: ----------- 14732 FIX cmk-update-agent: Retry locking The agent updater is designed to have no more than one instance running at a time on a host. This is implemented by holding a file lock while running. We recently observed that a lock may sometimes fail briefly after it was released by a previous agent updater instance, possibly due to some anti virus software. To mitigate this situation, the locking is now retried 10 times before aborting the agent updater call. Change-Id: Ib7952650460b73b4f6317a2b18fa5ecd3580f08d Commit: 2480848f9bcf00b7dee952336b938f83d5e4ee1f https://github.com/tribe29/checkmk/commit/2480848f9bcf00b7dee952336b938f83d… Author: Kenneth Okoh <kenneth.okoh(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M web/htdocs/themes/facelift/scss/_mega_menu.scss Log Message: ----------- Mega menu: Fix 'show more' for single-column menu When the 'Monitor' or 'Setup' menu was displayed as a single column (monitors of great height), the 'show more' button was rendered outside of the menu. Change-Id: I094755d64e0375bfee7713b03ad20011aa9365e6 Commit: 1a41c1795b9c97c2b212233411a40fd252c12ea3 https://github.com/tribe29/checkmk/commit/1a41c1795b9c97c2b212233411a40fd25… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14291 A omd/packages/nagvis/nagvis-1.9.34.tar.gz M omd/packages/nagvis/nagvis.make Log Message: ----------- 14291 SEC NagVis: Updated to 1.9.34 (Fix security issues) This update of NagVis fixes the following security issues: 1. Fix SSRF (triggerable by admin users) An administrative user with access to the global options, could perform a server-side request forgery. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2) 2. Fix arbitrary file read An authenticated attacker can read arbitrary files with the permissions of the web server user. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1) 3. Fix type juggling vulnerability in cookie hash processing An attacker could bypass the authentication and gain access to the NagVis component of checkmk. Change-Id: I014996ba270dc1fc0ef7829ee85f8f716aa9cd03 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7) Commit: 62e8f8562273e170c153396f29e76426052d88b9 https://github.com/tribe29/checkmk/commit/62e8f8562273e170c153396f29e764260… Author: Checkmk release system <feedback(a)checkmk.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M agents/check_mk_agent.aix M agents/check_mk_agent.freebsd M agents/check_mk_agent.hpux M agents/check_mk_agent.linux M agents/check_mk_agent.macosx M agents/check_mk_agent.netbsd M agents/check_mk_agent.openbsd M agents/check_mk_agent.openvms M agents/check_mk_agent.openwrt M agents/check_mk_agent.solaris M agents/plugins/apache_status.py M agents/plugins/asmcmd.sh M agents/plugins/db2_mem M agents/plugins/dnsclient M agents/plugins/hpux_lunstats M agents/plugins/hpux_statgrab M agents/plugins/ibm_mq M agents/plugins/isc_dhcpd.py M agents/plugins/jar_signature M agents/plugins/kaspersky_av M agents/plugins/lnx_quota M agents/plugins/lvm M agents/plugins/mailman_lists M agents/plugins/mk_apt M agents/plugins/mk_ceph M agents/plugins/mk_cups_queues M agents/plugins/mk_db2.aix M agents/plugins/mk_db2.linux M agents/plugins/mk_docker.py M agents/plugins/mk_errpt.aix M agents/plugins/mk_filehandler M agents/plugins/mk_filestats.py M agents/plugins/mk_haproxy.freebsd M agents/plugins/mk_informix M agents/plugins/mk_inotify.py M agents/plugins/mk_inventory.aix M agents/plugins/mk_inventory.linux M agents/plugins/mk_inventory.solaris M agents/plugins/mk_iptables M agents/plugins/mk_jolokia.py M agents/plugins/mk_logins M agents/plugins/mk_logwatch.py M agents/plugins/mk_mongodb.py M agents/plugins/mk_mysql M agents/plugins/mk_nfsiostat M agents/plugins/mk_omreport M agents/plugins/mk_oracle M agents/plugins/mk_oracle_crs M agents/plugins/mk_postgres.py M agents/plugins/mk_redis M agents/plugins/mk_sap.aix M agents/plugins/mk_sap.py M agents/plugins/mk_sap_hana M agents/plugins/mk_saprouter M agents/plugins/mk_scaleio M agents/plugins/mk_site_object_counts M agents/plugins/mk_sshd_config M agents/plugins/mk_suseconnect M agents/plugins/mk_tinkerforge.py M agents/plugins/mk_tsm M agents/plugins/mk_zypper M agents/plugins/mtr.py M agents/plugins/netstat.aix M agents/plugins/netstat.linux M agents/plugins/netstat.solaris M agents/plugins/nfsexports M agents/plugins/nfsexports.solaris M agents/plugins/nginx_status.py M agents/plugins/plesk_backups.py M agents/plugins/plesk_domains.py M agents/plugins/runas M agents/plugins/smart M agents/plugins/symantec_av M agents/plugins/unitrends_replication.py M agents/plugins/vxvm M agents/plugins/websphere_mq M agents/windows/plugins/ad_replication.bat M agents/windows/plugins/arcserve_backup.ps1 M agents/windows/plugins/citrix_farm.ps1 M agents/windows/plugins/citrix_licenses.vbs M agents/windows/plugins/citrix_xenapp.ps1 M agents/windows/plugins/hyperv_vms.ps1 M agents/windows/plugins/hyperv_vms_guestinfos.ps1 M agents/windows/plugins/iis_app_pool_state.ps1 M agents/windows/plugins/kaspersky_av_client.vbs M agents/windows/plugins/mcafee_av_client.bat M agents/windows/plugins/megaraid.bat M agents/windows/plugins/mk_dhcp_enabled.bat M agents/windows/plugins/mk_inventory.vbs M agents/windows/plugins/mk_msoffice.ps1 M agents/windows/plugins/mk_mysql.vbs M agents/windows/plugins/mk_oracle.ps1 M agents/windows/plugins/msexch_dag.ps1 M agents/windows/plugins/msexch_database.ps1 M agents/windows/plugins/mssql.vbs M agents/windows/plugins/netstat_an.bat M agents/windows/plugins/rds_licenses.vbs M agents/windows/plugins/rstcli.bat M agents/windows/plugins/sansymphony.ps1 M agents/windows/plugins/storcli.bat M agents/windows/plugins/tsm_checks.bat M agents/windows/plugins/veeam_backup_status.ps1 M agents/windows/plugins/win_dhcp_pools.bat M agents/windows/plugins/win_dmidecode.bat M agents/windows/plugins/win_license.bat M agents/windows/plugins/win_printers.ps1 M agents/windows/plugins/windows_broadcom_bonding.bat M agents/windows/plugins/windows_if.ps1 M agents/windows/plugins/windows_intel_bonding.bat M agents/windows/plugins/windows_multipath.vbs M agents/windows/plugins/windows_os_bonding.ps1 M agents/windows/plugins/windows_tasks.ps1 M agents/windows/plugins/windows_updates.vbs M agents/windows/plugins/wmic_if.bat M agents/wnx/src/common/wnx_version.h M bin/livedump M bin/mkbackup M bin/mkbench M cmk/utils/version.py M configure.ac M defines.make M docker/Dockerfile Log Message: ----------- Set version to 2.0.0p29 Commit: 1e5a7a16ffbc5d2b70961c1901be13e4b1b614db https://github.com/tribe29/checkmk/commit/1e5a7a16ffbc5d2b70961c1901be13e4b… Author: Ronny Bruska <ronny.bruska(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14745 M cmk/gui/plugins/metrics/graph_images.py M cmk/notification_plugins/mail.py Log Message: ----------- 14745 FIX Fix "Data: b''" in notification result of event console bulk notifications SUP-11297 Change-Id: I14405d868ab0e565b2767aa6e7f0462c22457f14 Commit: 5606798eb438a8075df40944470db03067da6bce https://github.com/tribe29/checkmk/commit/5606798eb438a8075df40944470db0306… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A tests/unit/checks/test_apc_mod_pdu_modules.py Log Message: ----------- apc_mod_pdu_modules: unit tests SUP-11401 Change-Id: I7e051a709947665fe613f62241d653653b09c907 Commit: 67165f12877c8e9af39c14c0c944f34e0d91e841 https://github.com/tribe29/checkmk/commit/67165f12877c8e9af39c14c0c944f34e0… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14764 M checks/apc_mod_pdu_modules M tests/unit/checks/test_apc_mod_pdu_modules.py Log Message: ----------- 14764 FIX apc_mod_pdu_modules: total power measurement displayed at wrong scale SUP-11401 Change-Id: Idac32ec0c725f25778296bc33820a1767b74f03d Commit: 6b92ee905f0b47eaf997f3dc54fc447b926266ac https://github.com/tribe29/checkmk/commit/6b92ee905f0b47eaf997f3dc54fc447b9… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14761 M agents/plugins/mk_sap_hana Log Message: ----------- 14761 FIX SAP Hana fileinfo: negative file age causes crash SUP-11334 Change-Id: Ifc8536b3f6f4580e476509cc9a6f1ab6d74fdf5e Compare: https://github.com/tribe29/checkmk/compare/e32d55125f76...6b92ee905f0b

2 years

[tribe29/checkmk] 6b50c9: Refactor VERSION_DIR

by Lars

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: 6b50c90f6e5004292010ecb73c022bc8808680f7 https://github.com/tribe29/checkmk/commit/6b50c90f6e5004292010ecb73c022bc88… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M buildscripts/scripts/build-cmk-version.jenkins Log Message: ----------- Refactor VERSION_DIR #rc-tagging Change-Id: Iebdec2f85d809545fb9632e85b48c42df35c99bb Commit: 942cf78bbd80ea9af9cf37a13cfc678bc116f5ba https://github.com/tribe29/checkmk/commit/942cf78bbd80ea9af9cf37a13cfc678bc… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M buildscripts/scripts/build-cmk-version.jenkins M buildscripts/scripts/lib/upload_artifacts.groovy M buildscripts/scripts/lib/versioning.groovy M tests/packaging/test_files.py Log Message: ----------- Use rc tags in package builds #rc-tagging Change-Id: I76db4f48d0ea2da6ef423cd34bc0bf941e1e60f2 Commit: 80d40160f149b68257357799f2ed30fb24f464f9 https://github.com/tribe29/checkmk/commit/80d40160f149b68257357799f2ed30fb2… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M buildscripts/scripts/build-cmk-container.sh Log Message: ----------- Refactor: centralize source tag #rc-tagging Change-Id: I80c49565599de0a550a6fa2034847f3cbc1c5512 Commit: 502f863fcea7fe296ceebb3b1f729df97ea188f3 https://github.com/tribe29/checkmk/commit/502f863fcea7fe296ceebb3b1f729df97… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M buildscripts/scripts/build-cmk-container.jenkins M buildscripts/scripts/build-cmk-container.sh Log Message: ----------- Refactor: Inject source dir from groovy ... and derive version tag from source dir name #rc-tagging Change-Id: I7efaeb9de9bc8f6d3e31ff5a8f32b74d37c96286 Commit: e0413c36adaf58fc4fdc3bcce147c21ce6d4be2e https://github.com/tribe29/checkmk/commit/e0413c36adaf58fc4fdc3bcce147c21ce… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M docker/Makefile Log Message: ----------- Nuke image-demo from Makefile #rc-tagging Change-Id: I0afcf00269f99c49cdb77528b1e465e0931092b6 Commit: 49573c045a32f3cca82fb585eb58af1069dc9627 https://github.com/tribe29/checkmk/commit/49573c045a32f3cca82fb585eb58af106… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M buildscripts/scripts/build-cmk-container.jenkins M buildscripts/scripts/build-cmk-container.sh M buildscripts/scripts/lib/upload_artifacts.groovy M docker/Makefile Log Message: ----------- Use rc tags in docker builds #rc-tagging Change-Id: Idb9e31206d5b86d82c9edaf87e060850480b8810 Commit: d3a70c88a14f966b5a92fb7cfd03d614c47a7c1a https://github.com/tribe29/checkmk/commit/d3a70c88a14f966b5a92fb7cfd03d614c… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14609 M agents/scripts/super-server/0_systemd/setup M agents/scripts/super-server/1_xinetd/setup M agents/scripts/super-server/setup Log Message: ----------- Add Werk 14609 Added purge mode to super server setup scripts, that is called by agent bakery packages to remove old CRE config files. Change-Id: Ieaaf52becd285290b00eeab605d894dc05204a52 Commit: 8005dc75e23c1db95b7ec479fe8fab96df2b388f https://github.com/tribe29/checkmk/commit/8005dc75e23c1db95b7ec479fe8fab96d… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14731 M agents/scripts/super-server/0_systemd/setup M agents/scripts/super-server/setup Log Message: ----------- Add Werk 14731 The super server setup script's $CONFIG variable was erroneously set to /var/lib/cmk-agent/super-server.cfg, but it's located at /etc/check_mk/super-server.cfg (At least for now) Change-Id: I17b9478e4207a48a65da3f91e8eb6d4ac0c8c8d9 Commit: 0350093da862e8f0201bc1eead1f18a573a4d697 https://github.com/tribe29/checkmk/commit/0350093da862e8f0201bc1eead1f18a57… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14610 M agents/check-mk-agent.spec Log Message: ----------- Add Werk 14610 On RPM-based system, on package update, old files get removed after the postinst step of the new package. As we, starting with 2.1, deploy some files by script, RPM won't recognize them as part of the new package, and delete them directly afterwards, if they already have been shipped as a file with the old package. Hence, we have to run our script after all file transactions, i.e., as posttrans step. This did actually happen for the /etc/xinetd.d/check-mk-agent file. Change-Id: I9a600ea902b00124cd2069edb2c60ce512edc5a3 Commit: 2679d98b6e1f542aacd00625acd5d71f65d3e38e https://github.com/tribe29/checkmk/commit/2679d98b6e1f542aacd00625acd5d71f6… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14381 M notifications/sms Log Message: ----------- 14381 SEC Fix command injection in SMS notification script Previous to this Werk it was possible to inject arbitrary shell commands when sending SMS notifications. For this, attackers would have needed to place a crafted string in a user's Pager Address, which was not properly escaped by the SMS script. In most setups, this issue will not be exploitable: Changing a user's Pager Address requires the User Management permission. Users with that permission are effectively Administrators and can thus already legitimately execute code in the Site context. Note however, that in some setups the attribute can also be configured by external interfaces, for example via LDAP User Synchronization. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: As an immediate mitigation all notifications via the method "SMS (using smstools)" can be disabled. Note that users' personal notification rules are affected as well. Indicators of Compromise: If you suspect this issue might have been exploited in your installation, validate users' Pager Address fields. Check the Audit Log for changes to this field. Vulnerability Management: We have rated the issue with a CVSS Score of 8.0 (High) with the following CVSS vector: <tt>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>. A CVE has been requested. Changes: This Werk replaces a hazardous call to <tt>os.system</tt> by a safer alternative and adds additional validation to the Pager Address before attempting to send SMS to it. Valid Pager Addresses may now include letters, numbers, space characters, any of the characters <tt>. / - ()</tt>, as well as a <tt>+</tt> character at the beginning. Change-Id: I75d5ea3ac8cc3e0e9eb9390cef2d70cfa4cac38d Commit: 681fa395aeb0eba248dda985f216739777f750ea https://github.com/tribe29/checkmk/commit/681fa395aeb0eba248dda985f21673977… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14383 M cmk/gui/watolib/auth_php.py M cmk/gui/watolib/tags.py M cmk/gui/watolib/utils.py M tests/unit/cmk/gui/watolib/test_watolib.py Log Message: ----------- 14383 SEC Fix code injection in watolib This Werk fixes a code injection vulnerability in watolib. Prior to this Werk it was possible for authenticated users to inject PHP code in files generated by Wato for NagVis integration. The code would be executed once a request to the respective NagVis component is made. The underlying reason for this issue was that user data entered in Wato was not properly sanitized when writing to the PHP file. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: As an immediate mitigation you can entirely disable PHP on your server. Note that NagVis will not work anymore without PHP. Indicators of Compromise: Malicious code is injected in either of the files <tt>var/check_mk/wato/auth/auth.php</tt> or <tt>var/check_mk/wato/php-api/hosttags.php</tt>. Check these files for suspicious code. Vulnerability Management: We have rated the issue with a CVSS Score of 9.1 (Critical) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L</tt>. A CVE has been requested. Changes: This Werk fixes the vulnerability by improving sanitization. CMK-11206 Change-Id: I54e0dc8ed44df4cbb4d873de2bab9b91f391368c Commit: c742368650145326a6f9926c7609753fbcfb3d01 https://github.com/tribe29/checkmk/commit/c742368650145326a6f9926c7609753fb… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14718 Log Message: ----------- 14718 FIX SAP HANA bakery plugin: Handle user store key correctly Change-Id: I14e2252c302f4c0bb6f9f7e461a164affdf0607f Commit: 4c98677da9aee605a3eb14b7956fc7f28438335c https://github.com/tribe29/checkmk/commit/4c98677da9aee605a3eb14b7956fc7f28… Author: Checkmk release system <feedback(a)checkmk.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M agents/check_mk_agent.aix M agents/check_mk_agent.freebsd M agents/check_mk_agent.hpux M agents/check_mk_agent.linux M agents/check_mk_agent.macosx M agents/check_mk_agent.netbsd M agents/check_mk_agent.openbsd M agents/check_mk_agent.openvms M agents/check_mk_agent.openwrt M agents/check_mk_agent.solaris M agents/cmk-agent-ctl/src/constants.rs M agents/plugins/apache_status.py M agents/plugins/asmcmd.sh M agents/plugins/db2_mem M agents/plugins/dnsclient M agents/plugins/hpux_lunstats M agents/plugins/hpux_statgrab M agents/plugins/ibm_mq M agents/plugins/isc_dhcpd.py M agents/plugins/jar_signature M agents/plugins/kaspersky_av M agents/plugins/lnx_quota M agents/plugins/lvm M agents/plugins/mailman_lists M agents/plugins/mk_apt M agents/plugins/mk_ceph M agents/plugins/mk_cups_queues M agents/plugins/mk_db2.aix M agents/plugins/mk_db2.linux M agents/plugins/mk_docker.py M agents/plugins/mk_errpt.aix M agents/plugins/mk_filehandler M agents/plugins/mk_filestats.py M agents/plugins/mk_haproxy.freebsd M agents/plugins/mk_informix M agents/plugins/mk_inotify.py M agents/plugins/mk_inventory.aix M agents/plugins/mk_inventory.linux M agents/plugins/mk_inventory.solaris M agents/plugins/mk_iptables M agents/plugins/mk_jolokia.py M agents/plugins/mk_logins M agents/plugins/mk_logwatch.py M agents/plugins/mk_mongodb.py M agents/plugins/mk_mysql M agents/plugins/mk_nfsiostat M agents/plugins/mk_omreport M agents/plugins/mk_oracle M agents/plugins/mk_oracle_crs M agents/plugins/mk_postgres.py M agents/plugins/mk_redis M agents/plugins/mk_sap.aix M agents/plugins/mk_sap.py M agents/plugins/mk_sap_hana M agents/plugins/mk_saprouter M agents/plugins/mk_scaleio M agents/plugins/mk_site_object_counts M agents/plugins/mk_sshd_config M agents/plugins/mk_suseconnect M agents/plugins/mk_tinkerforge.py M agents/plugins/mk_tsm M agents/plugins/mk_zypper M agents/plugins/mtr.py M agents/plugins/netstat.aix M agents/plugins/netstat.linux M agents/plugins/netstat.solaris M agents/plugins/nfsexports M agents/plugins/nfsexports.solaris M agents/plugins/nginx_status.py M agents/plugins/plesk_backups.py M agents/plugins/plesk_domains.py M agents/plugins/runas M agents/plugins/smart M agents/plugins/symantec_av M agents/plugins/unitrends_backup M agents/plugins/unitrends_replication.py M agents/plugins/vxvm M agents/plugins/websphere_mq M agents/plugins/zorp M agents/windows/plugins/ad_replication.bat M agents/windows/plugins/arcserve_backup.ps1 M agents/windows/plugins/citrix_farm.ps1 M agents/windows/plugins/citrix_licenses.vbs M agents/windows/plugins/citrix_xenapp.ps1 M agents/windows/plugins/hyperv_vms.ps1 M agents/windows/plugins/hyperv_vms_guestinfos.ps1 M agents/windows/plugins/iis_app_pool_state.ps1 M agents/windows/plugins/kaspersky_av_client.vbs M agents/windows/plugins/mcafee_av_client.bat M agents/windows/plugins/megaraid.bat M agents/windows/plugins/mk_dhcp_enabled.bat M agents/windows/plugins/mk_inventory.vbs M agents/windows/plugins/mk_msoffice.ps1 M agents/windows/plugins/mk_mysql.vbs M agents/windows/plugins/mk_oracle.ps1 M agents/windows/plugins/msexch_dag.ps1 M agents/windows/plugins/msexch_database.ps1 M agents/windows/plugins/mssql.vbs M agents/windows/plugins/netstat_an.bat M agents/windows/plugins/rds_licenses.vbs M agents/windows/plugins/rstcli.bat M agents/windows/plugins/sansymphony.ps1 M agents/windows/plugins/storcli.bat M agents/windows/plugins/tsm_checks.bat M agents/windows/plugins/veeam_backup_status.ps1 M agents/windows/plugins/win_dhcp_pools.bat M agents/windows/plugins/win_dmidecode.bat M agents/windows/plugins/win_license.bat M agents/windows/plugins/win_printers.ps1 M agents/windows/plugins/windows_broadcom_bonding.bat M agents/windows/plugins/windows_if.ps1 M agents/windows/plugins/windows_intel_bonding.bat M agents/windows/plugins/windows_multipath.vbs M agents/windows/plugins/windows_os_bonding.ps1 M agents/windows/plugins/windows_tasks.ps1 M agents/windows/plugins/windows_updates.vbs M agents/windows/plugins/wmic_if.bat M agents/wnx/src/common/wnx_version.h M bin/livedump M bin/mkbackup M bin/mkbench M cmk/utils/version.py M configure.ac M defines.make M docker/Dockerfile Log Message: ----------- Set version to 2.1.0p12 Commit: ee15443356ce5f3f675a8ac667a790c8c7bb9e5c https://github.com/tribe29/checkmk/commit/ee15443356ce5f3f675a8ac667a790c8c… Author: Ronny Bruska <ronny.bruska(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14742 M cmk/gui/plugins/sidebar/search.py Log Message: ----------- 14742 FIX Fix combined search for tag groups SUP-11113 Change-Id: Ic855e62fec22b96ca7dd6753bf488d49d8e7e340 Commit: a1cfc4ac183ed71baf28b0f879009418e6260136 https://github.com/tribe29/checkmk/commit/a1cfc4ac183ed71baf28b0f879009418e… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14291 A omd/packages/nagvis/nagvis-1.9.34.tar.gz M omd/packages/nagvis/nagvis.make Log Message: ----------- 14291 SEC NagVis: Updated to 1.9.34 (Fix security issues) This update of NagVis fixes the following security issues: 1. Fix SSRF (triggerable by admin users) An administrative user with access to the global options, could perform a server-side request forgery. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2) 2. Fix arbitrary file read An authenticated attacker can read arbitrary files with the permissions of the web server user. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1) 3. Fix type juggling vulnerability in cookie hash processing An attacker could bypass the authentication and gain access to the NagVis component of checkmk. Change-Id: I014996ba270dc1fc0ef7829ee85f8f716aa9cd03 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7) Commit: f8fc5bc927aa54ed6b9adbfa0d3322b8135b5739 https://github.com/tribe29/checkmk/commit/f8fc5bc927aa54ed6b9adbfa0d3322b81… Author: Sofia Colakovic <sofia.colakovic(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A cmk/base/plugins/agent_based/utils/azure.py A tests/unit/cmk/base/plugins/agent_based/utils/test_azure.py Log Message: ----------- azure: add azure utils Change-Id: I6fdb017b7163c7464a3f2c68460c05b65eabdee4 Commit: 672d121c578975d93bdef56b1de9ca2c88d8786e https://github.com/tribe29/checkmk/commit/672d121c578975d93bdef56b1de9ca2c8… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M cmk/gui/login.py M cmk/gui/wsgi/applications/rest_api.py Log Message: ----------- Check cookie also for active session Change-Id: Ieb5fca27d685639c48019b5eb9082c233338e375 Commit: 24e247b8d83e59e3a8e29f86beadb31ca5b2401a https://github.com/tribe29/checkmk/commit/24e247b8d83e59e3a8e29f86beadb31ca… Author: Giordano Tomassorri <giordano.tomassorri(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14531 M checks/azure_usagedetails M cmk/special_agents/agent_azure.py M tests/unit/checks/generictests/datasets/azure_usagedetails.py Log Message: ----------- 14531 azure special agent: fix usagedetails section The usagedetails section was fetched using an api call that was no longer supported by microsoft. This commit fixes the issue and now the Cost services are working again. Change-Id: I829e3996a7768c3741712e1d7696de7b4cbababa Commit: 738756ac54b0a28548265733e511f404804bf75f https://github.com/tribe29/checkmk/commit/738756ac54b0a28548265733e511f4048… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M docker/Makefile Log Message: ----------- Fix docker save after rc introduction we need to "docker save" of course the rc aware version #rc-tagging Change-Id: I73c202a10d6189596475baf669e8056aaa41384d Commit: 3f7abba7b8875a86f60cfd7db1672ec4107df56d https://github.com/tribe29/checkmk/commit/3f7abba7b8875a86f60cfd7db1672ec41… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M buildscripts/scripts/lib/versioning.groovy M buildscripts/scripts/windows-agent-build.jenkins M buildscripts/scripts/windows-agent-modules-build.jenkins Log Message: ----------- Fix version of win agent during rc builds ... we always want the agent to have a non-rc aware version #rc-tagging Change-Id: I94346809aae6a216f5c5cbd22448b32d48119427 Commit: 0a6f68d0314b7f4a301483b0fbd653dba9195cd4 https://github.com/tribe29/checkmk/commit/0a6f68d0314b7f4a301483b0fbd653dba… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M docker/Makefile Log Message: ----------- Only test for VERSION_TAG when needed #rc-tagging Change-Id: I8af2a9579a7b8bd0c0645c420d793c22c45090d6 Commit: 9ec1f8528d68831a521010e79bd7b03839c2a5b1 https://github.com/tribe29/checkmk/commit/9ec1f8528d68831a521010e79bd7b0383… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M agents/check-mk-agent.spec Log Message: ----------- check-mk-agent package: Deploy DEB postinstall script We have to deploy the DEB postinstall script by specifying a RPM %post scriptlet, because we build the DEB package from the RPM package with alien. By looking for the DEB-specific "configure" argument, we can skip this step for RPM-package. Change-Id: Ib4183dab0d57a87ac48af3d37e7207e4dd9f54b4 Commit: c2bfc6e1339e6124d2d58d3d39bb60169a83c1c2 https://github.com/tribe29/checkmk/commit/c2bfc6e1339e6124d2d58d3d39bb60169… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M .werks/14291 M .werks/14531 M .werks/14742 M agents/check_mk_agent.aix M agents/check_mk_agent.freebsd M agents/check_mk_agent.hpux M agents/check_mk_agent.linux M agents/check_mk_agent.macosx M agents/check_mk_agent.netbsd M agents/check_mk_agent.openbsd M agents/check_mk_agent.openvms M agents/check_mk_agent.openwrt M agents/check_mk_agent.solaris M agents/cmk-agent-ctl/src/constants.rs M agents/plugins/apache_status.py M agents/plugins/asmcmd.sh M agents/plugins/db2_mem M agents/plugins/dnsclient M agents/plugins/hpux_lunstats M agents/plugins/hpux_statgrab M agents/plugins/ibm_mq M agents/plugins/isc_dhcpd.py M agents/plugins/jar_signature M agents/plugins/kaspersky_av M agents/plugins/lnx_quota M agents/plugins/lvm M agents/plugins/mailman_lists M agents/plugins/mk_apt M agents/plugins/mk_ceph M agents/plugins/mk_cups_queues M agents/plugins/mk_db2.aix M agents/plugins/mk_db2.linux M agents/plugins/mk_docker.py M agents/plugins/mk_errpt.aix M agents/plugins/mk_filehandler M agents/plugins/mk_filestats.py M agents/plugins/mk_haproxy.freebsd M agents/plugins/mk_informix M agents/plugins/mk_inotify.py M agents/plugins/mk_inventory.aix M agents/plugins/mk_inventory.linux M agents/plugins/mk_inventory.solaris M agents/plugins/mk_iptables M agents/plugins/mk_jolokia.py M agents/plugins/mk_logins M agents/plugins/mk_logwatch.py M agents/plugins/mk_mongodb.py M agents/plugins/mk_mysql M agents/plugins/mk_nfsiostat M agents/plugins/mk_omreport M agents/plugins/mk_oracle M agents/plugins/mk_oracle_crs M agents/plugins/mk_postgres.py M agents/plugins/mk_redis M agents/plugins/mk_sap.aix M agents/plugins/mk_sap.py M agents/plugins/mk_sap_hana M agents/plugins/mk_saprouter M agents/plugins/mk_scaleio M agents/plugins/mk_site_object_counts M agents/plugins/mk_sshd_config M agents/plugins/mk_suseconnect M agents/plugins/mk_tinkerforge.py M agents/plugins/mk_tsm M agents/plugins/mk_zypper M agents/plugins/mtr.py M agents/plugins/netstat.aix M agents/plugins/netstat.linux M agents/plugins/netstat.solaris M agents/plugins/nfsexports M agents/plugins/nfsexports.solaris M agents/plugins/nginx_status.py M agents/plugins/plesk_backups.py M agents/plugins/plesk_domains.py M agents/plugins/runas M agents/plugins/smart M agents/plugins/symantec_av M agents/plugins/unitrends_backup M agents/plugins/unitrends_replication.py M agents/plugins/vxvm M agents/plugins/websphere_mq M agents/plugins/zorp M agents/windows/plugins/ad_replication.bat M agents/windows/plugins/arcserve_backup.ps1 M agents/windows/plugins/citrix_farm.ps1 M agents/windows/plugins/citrix_licenses.vbs M agents/windows/plugins/citrix_xenapp.ps1 M agents/windows/plugins/hyperv_vms.ps1 M agents/windows/plugins/hyperv_vms_guestinfos.ps1 M agents/windows/plugins/iis_app_pool_state.ps1 M agents/windows/plugins/kaspersky_av_client.vbs M agents/windows/plugins/mcafee_av_client.bat M agents/windows/plugins/megaraid.bat M agents/windows/plugins/mk_dhcp_enabled.bat M agents/windows/plugins/mk_inventory.vbs M agents/windows/plugins/mk_msoffice.ps1 M agents/windows/plugins/mk_mysql.vbs M agents/windows/plugins/mk_oracle.ps1 M agents/windows/plugins/msexch_dag.ps1 M agents/windows/plugins/msexch_database.ps1 M agents/windows/plugins/mssql.vbs M agents/windows/plugins/netstat_an.bat M agents/windows/plugins/rds_licenses.vbs M agents/windows/plugins/rstcli.bat M agents/windows/plugins/sansymphony.ps1 M agents/windows/plugins/storcli.bat M agents/windows/plugins/tsm_checks.bat M agents/windows/plugins/veeam_backup_status.ps1 M agents/windows/plugins/win_dhcp_pools.bat M agents/windows/plugins/win_dmidecode.bat M agents/windows/plugins/win_license.bat M agents/windows/plugins/win_printers.ps1 M agents/windows/plugins/windows_broadcom_bonding.bat M agents/windows/plugins/windows_if.ps1 M agents/windows/plugins/windows_intel_bonding.bat M agents/windows/plugins/windows_multipath.vbs M agents/windows/plugins/windows_os_bonding.ps1 M agents/windows/plugins/windows_tasks.ps1 M agents/windows/plugins/windows_updates.vbs M agents/windows/plugins/wmic_if.bat M agents/wnx/src/common/wnx_version.h M bin/livedump M bin/mkbackup M bin/mkbench M cmk/utils/version.py M configure.ac M defines.make M docker/Dockerfile Log Message: ----------- Revert "Set version to 2.1.0p12" ...and rewrite werks This reverts commit 4c98677da9aee605a3eb14b7956fc7f28438335c. Change-Id: Ic3859f51f481494e6f27e8211685c945f725551a Commit: 61c4a7395bb265252e6c0605443109342c03c895 https://github.com/tribe29/checkmk/commit/61c4a7395bb265252e6c0605443109342… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A tests/unit/checks/test_apc_mod_pdu_modules.py Log Message: ----------- apc_mod_pdu_modules: unit tests SUP-11401 Change-Id: I7e051a709947665fe613f62241d653653b09c907 Commit: 7cef4102b6d45b45caa8f498d2ff35d9d59e6718 https://github.com/tribe29/checkmk/commit/7cef4102b6d45b45caa8f498d2ff35d9d… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14764 M checks/apc_mod_pdu_modules M tests/unit/checks/test_apc_mod_pdu_modules.py Log Message: ----------- 14764 FIX apc_mod_pdu_modules: total power measurement displayed at wrong scale SUP-11401 Change-Id: Idac32ec0c725f25778296bc33820a1767b74f03d Commit: 2d33ada11c92739371ac5bbb8d284fc33c8f321f https://github.com/tribe29/checkmk/commit/2d33ada11c92739371ac5bbb8d284fc33… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14761 M agents/plugins/mk_sap_hana Log Message: ----------- 14761 FIX SAP Hana fileinfo: negative file age causes crash SUP-11334 Change-Id: Ifc8536b3f6f4580e476509cc9a6f1ab6d74fdf5e Commit: f01c9ad37dd540261e654e3e80d50e7e19a9d5ee https://github.com/tribe29/checkmk/commit/f01c9ad37dd540261e654e3e80d50e7e1… Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/13956 M cmk/gui/plugins/openapi/endpoints/bi.py M tests/unit/cmk/gui/plugins/openapi/test_openapi_bi.py Log Message: ----------- 13956 FIX The BI Pack endpoints will now check if the given contact groups actually exist The BI Pack endpoint will now check if the contact groups it is given actually exists. If that is not the case, it will respond with an error. SUP-10160 Change-Id: I23a62e55407a5dd4e35ba0b94d994f79f818a949 Commit: 00f3ee7ef868bbc43f95976e63ecb5b6b50ca751 https://github.com/tribe29/checkmk/commit/00f3ee7ef868bbc43f95976e63ecb5b6b… Author: Ronny Bruska <ronny.bruska(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14745 M cmk/gui/plugins/metrics/graph_images.py M cmk/notification_plugins/mail.py Log Message: ----------- 14745 FIX Fix "Data: b''" in notification result of event console bulk notifications SUP-11297 Change-Id: I14405d868ab0e565b2767aa6e7f0462c22457f14 Commit: 4be57271cbf081c9a1719dc3b1718b43d5e52f4b https://github.com/tribe29/checkmk/commit/4be57271cbf081c9a1719dc3b1718b43d… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M .werks/13956 M .werks/14761 M .werks/14764 Log Message: ----------- Fix werk version Change-Id: Ia037c6fe1c0ce05d79e7eb28dcc6a8a05c40e5be Commit: 89ab5f008ca63e79bcd58871603dffd841f4f81f https://github.com/tribe29/checkmk/commit/89ab5f008ca63e79bcd58871603dffd84… Author: Checkmk release system <feedback(a)checkmk.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: M agents/check_mk_agent.aix M agents/check_mk_agent.freebsd M agents/check_mk_agent.hpux M agents/check_mk_agent.linux M agents/check_mk_agent.macosx M agents/check_mk_agent.netbsd M agents/check_mk_agent.openbsd M agents/check_mk_agent.openvms M agents/check_mk_agent.openwrt M agents/check_mk_agent.solaris M agents/cmk-agent-ctl/src/constants.rs M agents/plugins/apache_status.py M agents/plugins/asmcmd.sh M agents/plugins/db2_mem M agents/plugins/dnsclient M agents/plugins/hpux_lunstats M agents/plugins/hpux_statgrab M agents/plugins/ibm_mq M agents/plugins/isc_dhcpd.py M agents/plugins/jar_signature M agents/plugins/kaspersky_av M agents/plugins/lnx_quota M agents/plugins/lvm M agents/plugins/mailman_lists M agents/plugins/mk_apt M agents/plugins/mk_ceph M agents/plugins/mk_cups_queues M agents/plugins/mk_db2.aix M agents/plugins/mk_db2.linux M agents/plugins/mk_docker.py M agents/plugins/mk_errpt.aix M agents/plugins/mk_filehandler M agents/plugins/mk_filestats.py M agents/plugins/mk_haproxy.freebsd M agents/plugins/mk_informix M agents/plugins/mk_inotify.py M agents/plugins/mk_inventory.aix M agents/plugins/mk_inventory.linux M agents/plugins/mk_inventory.solaris M agents/plugins/mk_iptables M agents/plugins/mk_jolokia.py M agents/plugins/mk_logins M agents/plugins/mk_logwatch.py M agents/plugins/mk_mongodb.py M agents/plugins/mk_mysql M agents/plugins/mk_nfsiostat M agents/plugins/mk_omreport M agents/plugins/mk_oracle M agents/plugins/mk_oracle_crs M agents/plugins/mk_postgres.py M agents/plugins/mk_redis M agents/plugins/mk_sap.aix M agents/plugins/mk_sap.py M agents/plugins/mk_sap_hana M agents/plugins/mk_saprouter M agents/plugins/mk_scaleio M agents/plugins/mk_site_object_counts M agents/plugins/mk_sshd_config M agents/plugins/mk_suseconnect M agents/plugins/mk_tinkerforge.py M agents/plugins/mk_tsm M agents/plugins/mk_zypper M agents/plugins/mtr.py M agents/plugins/netstat.aix M agents/plugins/netstat.linux M agents/plugins/netstat.solaris M agents/plugins/nfsexports M agents/plugins/nfsexports.solaris M agents/plugins/nginx_status.py M agents/plugins/plesk_backups.py M agents/plugins/plesk_domains.py M agents/plugins/runas M agents/plugins/smart M agents/plugins/symantec_av M agents/plugins/unitrends_backup M agents/plugins/unitrends_replication.py M agents/plugins/vxvm M agents/plugins/websphere_mq M agents/plugins/zorp M agents/windows/plugins/ad_replication.bat M agents/windows/plugins/arcserve_backup.ps1 M agents/windows/plugins/citrix_farm.ps1 M agents/windows/plugins/citrix_licenses.vbs M agents/windows/plugins/citrix_xenapp.ps1 M agents/windows/plugins/hyperv_vms.ps1 M agents/windows/plugins/hyperv_vms_guestinfos.ps1 M agents/windows/plugins/iis_app_pool_state.ps1 M agents/windows/plugins/kaspersky_av_client.vbs M agents/windows/plugins/mcafee_av_client.bat M agents/windows/plugins/megaraid.bat M agents/windows/plugins/mk_dhcp_enabled.bat M agents/windows/plugins/mk_inventory.vbs M agents/windows/plugins/mk_msoffice.ps1 M agents/windows/plugins/mk_mysql.vbs M agents/windows/plugins/mk_oracle.ps1 M agents/windows/plugins/msexch_dag.ps1 M agents/windows/plugins/msexch_database.ps1 M agents/windows/plugins/mssql.vbs M agents/windows/plugins/netstat_an.bat M agents/windows/plugins/rds_licenses.vbs M agents/windows/plugins/rstcli.bat M agents/windows/plugins/sansymphony.ps1 M agents/windows/plugins/storcli.bat M agents/windows/plugins/tsm_checks.bat M agents/windows/plugins/veeam_backup_status.ps1 M agents/windows/plugins/win_dhcp_pools.bat M agents/windows/plugins/win_dmidecode.bat M agents/windows/plugins/win_license.bat M agents/windows/plugins/win_printers.ps1 M agents/windows/plugins/windows_broadcom_bonding.bat M agents/windows/plugins/windows_if.ps1 M agents/windows/plugins/windows_intel_bonding.bat M agents/windows/plugins/windows_multipath.vbs M agents/windows/plugins/windows_os_bonding.ps1 M agents/windows/plugins/windows_tasks.ps1 M agents/windows/plugins/windows_updates.vbs M agents/windows/plugins/wmic_if.bat M agents/wnx/src/common/wnx_version.h M bin/livedump M bin/mkbackup M bin/mkbench M cmk/utils/version.py M configure.ac M defines.make M docker/Dockerfile Log Message: ----------- Set version to 2.1.0p12 Compare: https://github.com/tribe29/checkmk/compare/51efd0dd0d0d...89ab5f008ca6

2 years

[tribe29/checkmk] bd2963: 14381 SEC Fix command injection in SMS notificatio...

by Lars

Branch: refs/heads/1.6.0 Home: https://github.com/tribe29/checkmk Commit: bd2963292a03b7245c6c75b8803de323d381fa9b https://github.com/tribe29/checkmk/commit/bd2963292a03b7245c6c75b8803de323d… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-08-25 (Thu, 25 Aug 2022) Changed paths: A .werks/14381 M notifications/sms Log Message: ----------- 14381 SEC Fix command injection in SMS notification script Previous to this Werk it was possible to inject arbitrary shell commands when sending SMS notifications. For this, attackers would have needed to place a crafted string in a user's Pager Address, which was not properly escaped by the SMS script. In most setups, this issue will not be exploitable: Changing a user's Pager Address requires the User Management permission. Users with that permission are effectively Administrators and can thus already legitimately execute code in the Site context. Note however, that in some setups the attribute can also be configured by external interfaces, for example via LDAP User Synchronization. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: As an immediate mitigation all notifications via the method "SMS (using smstools)" can be disabled. Note that users' personal notification rules are affected as well. Indicators of Compromise: If you suspect this issue might have been exploited in your installation, validate users' Pager Address fields. Check the Audit Log for changes to this field. Vulnerability Management: We have rated the issue with a CVSS Score of 8.0 (High) with the following CVSS vector: <tt>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>. A CVE has been requested. Changes: This Werk replaces a hazardous call to <tt>os.system</tt> by a safer alternative and adds additional validation to the Pager Address before attempting to send SMS to it. Valid Pager Addresses may now include letters, numbers, space characters, any of the characters <tt>. / - ()</tt>, as well as a <tt>+</tt> character at the beginning. Change-Id: I75d5ea3ac8cc3e0e9eb9390cef2d70cfa4cac38d Commit: 364d2c35ce060e23e780300b6be42545a1c835a0 https://github.com/tribe29/checkmk/commit/364d2c35ce060e23e780300b6be42545a… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14383 M cmk/gui/plugins/userdb/hook_auth.py M cmk/gui/watolib/tags.py M cmk/gui/watolib/utils.py M tests/unit/cmk/gui/watolib/test_watolib.py Log Message: ----------- 14383 SEC Fix code injection in watolib This Werk fixes a code injection vulnerability in watolib. Prior to this Werk it was possible for authenticated users to inject PHP code in files generated by Wato for NagVis integration. The code would be executed once a request to the respective NagVis component is made. The underlying reason for this issue was that user data entered in Wato was not properly sanitized when writing to the PHP file. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: As an immediate mitigation you can entirely disable PHP on your server. Note that NagVis will not work anymore without PHP. Indicators of Compromise: Malicious code is injected in either of the files <tt>var/check_mk/wato/auth/auth.php</tt> or <tt>var/check_mk/wato/php-api/hosttags.php</tt>. Check these files for suspicious code. Vulnerability Management: We have rated the issue with a CVSS Score of 9.1 (Critical) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L</tt>. A CVE has been requested. Changes: This Werk fixes the vulnerability by improving sanitization. CMK-11206 Change-Id: I54e0dc8ed44df4cbb4d873de2bab9b91f391368c Commit: 5270f8ea1ee80ca492884ebde0c3d077fcc7dbfb https://github.com/tribe29/checkmk/commit/5270f8ea1ee80ca492884ebde0c3d077f… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: M cmk/gui/plugins/userdb/hook_auth.py Log Message: ----------- fix broken import restore code duplication Change-Id: Ic4c357dbd31fc9eb16de9e35a97de2af9792ca31 Commit: ece97ab915aa3335e4e10e65eb4b3184fd7caba6 https://github.com/tribe29/checkmk/commit/ece97ab915aa3335e4e10e65eb4b3184f… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2022-08-30 (Tue, 30 Aug 2022) Changed paths: A .werks/14291 R omd/packages/nagvis/nagvis-1.9.29.tar.gz A omd/packages/nagvis/nagvis-1.9.34.tar.gz M omd/packages/nagvis/nagvis.make Log Message: ----------- 14291 SEC NagVis: Updated to 1.9.34 (Fix security issues) This update of NagVis fixes the following security issues: 1. Fix SSRF (triggerable by admin users) An administrative user with access to the global options, could perform a server-side request forgery. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2) 2. Fix arbitrary file read An authenticated attacker can read arbitrary files with the permissions of the web server user. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1) 3. Fix type juggling vulnerability in cookie hash processing An attacker could bypass the authentication and gain access to the NagVis component of checkmk. Change-Id: I014996ba270dc1fc0ef7829ee85f8f716aa9cd03 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7) Compare: https://github.com/tribe29/checkmk/compare/58546036bf54...ece97ab915aa

2 years

[tribe29/checkmk]

by Timotheus Bachinger

Branch: refs/tags/v9.9.9p9-rc9 Home: https://github.com/tribe29/checkmk

2 years, 1 month

[tribe29/checkmk] 9fbe80: 13955 Add graph data endpoint to the REST API

by PhilippSiegmantel

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 9fbe8058003ea10df5ca21ea69ee600fc761cddf https://github.com/tribe29/checkmk/commit/9fbe8058003ea10df5ca21ea69ee600fc… Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/13955 M cmk/fields/__init__.py M cmk/fields/primitives.py A cmk/gui/plugins/openapi/endpoints/graph/__init__.py A cmk/gui/plugins/openapi/endpoints/graph/common.py A cmk/gui/plugins/openapi/endpoints/graph/request_schemas.py A cmk/gui/plugins/openapi/endpoints/graph/response_schemas.py M cmk/gui/plugins/openapi/restful_objects/type_defs.py M cmk/gui/plugins/views/utils.py A tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py Log Message: ----------- 13955 Add graph data endpoint to the REST API The REST API now has an endpoints for querying graph data. They are analogous to the Web API endpoint, that they replace. If you have any calls to ".../cmk/check_mk/webapi.py?action=get_graph...", please use the REST endpoint ("/domain-types/graph/actions/get_*_graph/invoke") instead. Please note that the request and response schemas differ from the Web API. The provided functionality is the same, but changes in client code are necessary. To see the new schemas, use the REST API documentation under the section "Graphs". Change-Id: I6269886db556aa5758a227c2ffd9d1f1ba404192

2 years, 1 month

[tribe29/checkmk] 3a5316: 14484 Add password strength meter

by Maximilian

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 3a5316ec6126acab9be332825514b96dcd51fb5f https://github.com/tribe29/checkmk/commit/3a5316ec6126acab9be332825514b96dc… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14484 Log Message: ----------- 14484 Add password strength meter When changing the password or creating a new user you now see a password strength meter indicating a estimation of the password strength. Change-Id: I135c0856bf051251753fad7b096917c7c1bd2f9f

2 years, 1 month

[tribe29/checkmk] b44abe: 14732 FIX cmk-update-agent: Retry locking

by Andreas Umbreit

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: b44abe68f4fb5943ff89a91000bcf31fdfc037ac https://github.com/tribe29/checkmk/commit/b44abe68f4fb5943ff89a91000bcf31fd… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14732 Log Message: ----------- 14732 FIX cmk-update-agent: Retry locking The agent updater is designed to have no more than one instance running at a time on a host. This is implemented by holding a file lock while running. We recently observed that a lock may sometimes fail briefly after it was released by a previous agent updater instance, possibly due to some anti virus software. To mitigate this situation, the locking is now retried 10 times before aborting the agent updater call. Change-Id: Ib7952650460b73b4f6317a2b18fa5ecd3580f08d

2 years, 1 month

[tribe29/checkmk] 51efd0: 14732 FIX cmk-update-agent: Retry locking

by Andreas Umbreit

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: 51efd0dd0d0d173f8ae165a0cad9bfc1da8ec337 https://github.com/tribe29/checkmk/commit/51efd0dd0d0d173f8ae165a0cad9bfc1d… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A .werks/14732 Log Message: ----------- 14732 FIX cmk-update-agent: Retry locking The agent updater is designed to have no more than one instance running at a time on a host. This is implemented by holding a file lock while running. We recently observed that a lock may sometimes fail briefly after it was released by a previous agent updater instance, possibly due to some anti virus software. To mitigate this situation, the locking is now retried 10 times before aborting the agent updater call. Change-Id: Ib7952650460b73b4f6317a2b18fa5ecd3580f08d

2 years, 1 month

[tribe29/checkmk] 4166cd: Add workaround for package build without setup.py

by Maximilian

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 4166cd932aab5328b764149ea0af18f908254cb2 https://github.com/tribe29/checkmk/commit/4166cd932aab5328b764149ea0af18f90… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-08-28 (Sun, 28 Aug 2022) Changed paths: M omd/packages/python3-modules/python3-modules.make Log Message: ----------- Add workaround for package build without setup.py Newer packages use newer standards like pyproject.toml. To build these a small setup.py file can be created as described in https://setuptools.pypa.io/en/latest/userguide/pyproject_config.html Change-Id: I47fe58fb9c63e0bda32fe289e25d2b09a5334d70 Commit: e32d55125f760f318473b6228d5e706585fedf24 https://github.com/tribe29/checkmk/commit/e32d55125f760f318473b6228d5e70658… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-08-28 (Sun, 28 Aug 2022) Changed paths: A .werks/14483 M Pipfile M Pipfile.lock M omd/packages/python3-modules/python3-modules.make A omd/packages/python3-modules/src/Babel-2.10.3.tar.gz R omd/packages/python3-modules/src/Babel-2.8.0.tar.gz R omd/packages/python3-modules/src/PyJWT-1.7.1.tar.gz A omd/packages/python3-modules/src/PyJWT-2.4.0.tar.gz R omd/packages/python3-modules/src/PyPDF2-1.26.0.tar.gz A omd/packages/python3-modules/src/PyPDF2-2.10.2.tar.gz R omd/packages/python3-modules/src/reportlab-3.5.34.tar.gz A omd/packages/python3-modules/src/reportlab-3.6.11.tar.gz R omd/packages/python3-modules/src/rsa-4.6.tar.gz A omd/packages/python3-modules/src/rsa-4.9.tar.gz R omd/packages/python3-modules/src/typing_extensions-3.7.4.1.tar.gz A omd/packages/python3-modules/src/typing_extensions-4.3.0.tar.gz Log Message: ----------- Revert "Revert "14483 SEC Update dependencies"" This reverts commit 8cb24520a2ee4b4ff130d421c5b81f725e96384c and d56236d36047cd3b3369fb912ce3ca74c03269a5. Change-Id: I05bbd609b403637b5f66d3a334c0cbfdb1c6b88d Compare: https://github.com/tribe29/checkmk/compare/b9cf558acd1d...e32d55125f76

2 years, 1 month

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits August 2022