Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 53592fc9d4394d358e71dd6561755f477a6f1c4f
https://github.com/tribe29/checkmk/commit/53592fc9d4394d358e71dd6561755f477…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M .werks/first_free
Log Message:
-----------
Reserved 20 Werk IDS
Change-Id: I36bc50bf824cdfec500e22153829e2f69c0f584d
Commit: be4d6414752a39d543de88cb7a1df124cee22f5c
https://github.com/tribe29/checkmk/commit/be4d6414752a39d543de88cb7a1df124c…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py
Log Message:
-----------
fix github actions: cee import from unit tests
Change-Id: I41b2eb9d4361cb735e4fd7d8607e753d7b4b94f3
Commit: 0f81893f3d0125f67d2768d9a85e2f1015bc6f0a
https://github.com/tribe29/checkmk/commit/0f81893f3d0125f67d2768d9a85e2f101…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M Makefile
Log Message:
-----------
Add zxcvbn to Makefile
Change-Id: If6a4dc2eccd7151e91e84ce5d9c7febddd50b53e
Commit: 6fe80403ef6678ebf587207f12c7a0ab513960a4
https://github.com/tribe29/checkmk/commit/6fe80403ef6678ebf587207f12c7a0ab5…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py
Log Message:
-----------
fix github actions: ignore cee import in pylint
Change-Id: I3a6c994368f71a3dd8184816e14c966cdde9ba50
Commit: e00fbd4ec5976268d77cd102b55eaa7e1209ca29
https://github.com/tribe29/checkmk/commit/e00fbd4ec5976268d77cd102b55eaa7e1…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14381
M notifications/sms
Log Message:
-----------
14381 SEC Fix command injection in SMS notification script
Previous to this Werk it was possible to inject arbitrary shell commands
when sending SMS notifications. For this, attackers would have needed to
place a crafted string in a user's Pager Address, which was not properly
escaped by the SMS script.
In most setups, this issue will not be exploitable: Changing a user's
Pager Address requires the User Management permission. Users with that
permission are effectively Administrators and can thus already
legitimately execute code in the Site context. Note however, that in
some setups the attribute can also be configured by external interfaces,
for example via LDAP User Synchronization.
<b>Affected Versions</b>: All currently supported versions are affected:
1.6, 2.0, and 2.1.
<b>Mitigations</b>: As an immediate mitigation all notifications via the
method "SMS (using smstools)" can be disabled. Note that users' personal
notification rules are affected as well.
<b>Indicators of Compromise</b>: If you suspect this issue might have
been exploited in your installation, validate users' Pager Address
fields. Check the Audit Log for changes to this field.
<b>Vulnerability Management</b>: We have rated the issue with a CVSS
Score of 8.0 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>. A CVE has been
requested.
<b>Changes</b>: This Werk replaces a hazardous call to
<tt>os.system</tt> by a safer alternative and adds additional validation
to the Pager Address before attempting to send SMS to it. Valid Pager
Addresses may now include letters, numbers, space characters, any of the
characters <tt>. / - ()</tt>, as well as a <tt>+</tt> character at the
beginning.
Change-Id: I75d5ea3ac8cc3e0e9eb9390cef2d70cfa4cac38d
Commit: a8a47e0269d21a26608a2051232c8914348101aa
https://github.com/tribe29/checkmk/commit/a8a47e0269d21a26608a2051232c89143…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14383
M cmk/gui/watolib/auth_php.py
M cmk/gui/watolib/tags.py
M cmk/gui/watolib/utils.py
M tests/unit/cmk/gui/watolib/test_watolib.py
Log Message:
-----------
14383 SEC Fix code injection in watolib
This Werk fixes a code injection vulnerability in watolib.
Prior to this Werk it was possible for authenticated users to inject PHP
code in files generated by Wato for NagVis integration. The code would
be executed once a request to the respective NagVis component is made.
The underlying reason for this issue was that user data entered in Wato
was not properly sanitized when writing to the PHP file.
We thank Stefan Schiller (SonarSource) for reporting this issue.
Affected Versions: All currently supported versions are affected:
1.6, 2.0, and 2.1.
Mitigations: As an immediate mitigation you can entirely disable
PHP on your server. Note that NagVis will not work anymore without PHP.
Indicators of Compromise: Malicious code is injected in either of
the files <tt>var/check_mk/wato/auth/auth.php</tt> or
<tt>var/check_mk/wato/php-api/hosttags.php</tt>. Check these files for
suspicious code.
Vulnerability Management: We have rated the issue with a CVSS
Score of 9.1 (Critical) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L</tt>. A CVE has been
requested.
Changes: This Werk fixes the vulnerability by improving
sanitization.
CMK-11206
Change-Id: I54e0dc8ed44df4cbb4d873de2bab9b91f391368c
Commit: adfcbe1af54e90b4b74cce7f079922f65f1c9efc
https://github.com/tribe29/checkmk/commit/adfcbe1af54e90b4b74cce7f079922f65…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py
Log Message:
-----------
fix github actions: ignore no-name-in-module in cee tests
Change-Id: Ia0e54be0951ae274a98294bcc850f2a4b10559a2
Commit: 54d9d1e024949f56e1137303b0febefeac02c1a5
https://github.com/tribe29/checkmk/commit/54d9d1e024949f56e1137303b0febefea…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove migration of pagetype topics to IDs
This has been taken care of with 2.1.
CMK-10788
Change-Id: I36b06cd72d8d45e6df696aea397fb528f37ee3d3
Commit: 7e5d79525625aff1ce7724bc062670e43c829395
https://github.com/tribe29/checkmk/commit/7e5d79525625aff1ce7724bc062670e43…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
M tests/unit/cmk/test_update_config.py
Log Message:
-----------
update_config: Remove migration of pre-2.0 audit log
All done in 2.1.
CMK-10788
Change-Id: Ifa698b034d19eb5554ce14b2f1de0c79b37cb13c
Commit: a01adbe571dea050e26a06c168d8c161fadefb0b
https://github.com/tribe29/checkmk/commit/a01adbe571dea050e26a06c168d8c161f…
Author: Gav <gavin.mcguigan(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/gui/watolib/site_management.py
Log Message:
-----------
site_management.py: changes to boolean attributes that are now set to string literals
Change-Id: I8e731e6b60040c2439f9c9f5ad1aa3ab94ff2182
Commit: 2cb4b1248b290ff6de493521c0e097f0690ee811
https://github.com/tribe29/checkmk/commit/2cb4b1248b290ff6de493521c0e097f06…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py
Log Message:
-----------
github actions: finlly fix pylint error
Change-Id: I52640fdced83f56719f22d87aa71aca040f3a4ff
Commit: 61ee3613e86595e7fddf7d58efb53ae9c11f222d
https://github.com/tribe29/checkmk/commit/61ee3613e86595e7fddf7d58efb53ae9c…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14718
Log Message:
-----------
14718 FIX SAP HANA bakery plugin: Handle user store key correctly
Change-Id: I14e2252c302f4c0bb6f9f7e461a164affdf0607f
Commit: 82b1064d7fac562e877ba29c7260c93ec41ad303
https://github.com/tribe29/checkmk/commit/82b1064d7fac562e877ba29c7260c93ec…
Author: Benedikt Seidl <benedikt.seidl(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/gui/valuespec.py
A tests/unit/cmk/gui/valuespecs/test_vs_dropdownchoice.py
M tests/unit/cmk/gui/valuespecs/utils.py
Log Message:
-----------
Add tests for DropdownChoice
Change-Id: Idde1eb9e6bad86b3cd2a0ad78295c36312c87828
Commit: 4bd697f66d472864459d8e14339207a6e84a54b9
https://github.com/tribe29/checkmk/commit/4bd697f66d472864459d8e14339207a6e…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove renewal of site certificate
All done in 2.1.
CMK-10788
Change-Id: Iaaee1a2611e409d90f61c0947630a450ac688025
Commit: c898fb4292ac1000ffce6275e41581bd14d4fc56
https://github.com/tribe29/checkmk/commit/c898fb4292ac1000ffce6275e41581bd1…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
M tests/unit/cmk/test_update_config.py
Log Message:
-----------
update_config: Remove update of mknotifyd config
All done in 2.1.
CMK-10788
Change-Id: I544f758f2b94d102488c39bcfef01d6deb35c77b
Commit: 0c5b1a92966c6dac4194e05a7bdc23fca3ae7843
https://github.com/tribe29/checkmk/commit/0c5b1a92966c6dac4194e05a7bdc23fca…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove rewriting of discovered host labels
All done in 2.1.
CMK-10788
Change-Id: I625964ad211903694fa433f39ca3f75d030924ed
Commit: 23d0dd4a44737e0bebaed7ae1b43350f5a2c417e
https://github.com/tribe29/checkmk/commit/23d0dd4a44737e0bebaed7ae1b43350f5…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove hosts and folders rewriting
All transforms haven been done in 2.1 already.
CMK-10788
Change-Id: I133e87ba73cd9dab448238694f713330ce4b8ac8
Commit: 4d5bf91715b2716bb38ed5472b9ec34732a911ff
https://github.com/tribe29/checkmk/commit/4d5bf91715b2716bb38ed5472b9ec3473…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/gui/watolib/hosts_and_folders.py
M tests/unit/cmk/gui/watolib/test_hosts_and_folders.py
Log Message:
-----------
hosts and folders: remove transformations
All current transformations have been applied when upgrading to 2.1.
CMK-10788
Change-Id: I21bb0a018898706b0c411d29d10eab7e6a0e6a03
Commit: ee2c73d6628052b693bd7fcaf3dfc13ecd33a6aa
https://github.com/tribe29/checkmk/commit/ee2c73d6628052b693bd7fcaf3dfc13ec…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
M tests/unit/cmk/test_update_config.py
Log Message:
-----------
update_config: small testability improvement
CMK-10788
Change-Id: I151141451af1c756258b4a6dd814f6f911398595
Commit: 290d03a5b25de9252567b0f7a1c043c0cedc18bc
https://github.com/tribe29/checkmk/commit/290d03a5b25de9252567b0f7a1c043c0c…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
M tests/unit/cmk/test_update_config.py
Log Message:
-----------
update_config: remove now unnecessary steps from rule updates
All done in 2.1.
CMK-10788
Change-Id: Idbad12bdc4a47180f771e861510bcb7225d99ac0
Commit: 172e8a97162a309a181dff8be70b9a3480feea6c
https://github.com/tribe29/checkmk/commit/172e8a97162a309a181dff8be70b9a348…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/gui/plugins/wato/check_mk_configuration.py
M tests/unit/cmk/gui/plugins/wato/test_check_mk_configuration.py
Log Message:
-----------
Clean up transforms in check_mk_configuration
CMK-10788
Change-Id: If4ff242910e507ebde4c26e365ce202bcd2f0a80
Commit: 05e8c6bb2031342191a559d5635bc4442397639f
https://github.com/tribe29/checkmk/commit/05e8c6bb2031342191a559d5635bc4442…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A cmk/gui/plugins/wato/active_checks/mailbox.py
R cmk/gui/plugins/wato/active_checks_mailbox.py
Log Message:
-----------
Move active_checks_mailbox to its right place
Change-Id: I0fbb0beb79d6319f60894273de6cff2cf05af646
Commit: 744c0a329596e12de87c20a29baa3f168781d99f
https://github.com/tribe29/checkmk/commit/744c0a329596e12de87c20a29baa3f168…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/gui/plugins/wato/active_checks/bi_aggr.py
M cmk/gui/plugins/wato/active_checks/common.py
M cmk/gui/plugins/wato/active_checks/form_submit.py
M cmk/gui/plugins/wato/active_checks/ftp.py
M cmk/gui/plugins/wato/active_checks/http.py
M cmk/gui/plugins/wato/active_checks/mailbox.py
M cmk/gui/plugins/wato/active_checks/smtp.py
M cmk/gui/plugins/wato/active_checks/sql.py
M cmk/gui/plugins/wato/active_checks/tcp.py
M cmk/gui/plugins/wato/active_checks/traceroute.py
R tests/unit/cmk/gui/plugins/wato/active_checks/test_form_submit.py
Log Message:
-----------
Clean up transforms in active checks rulesets
CMK-10788
Change-Id: Ia67a314cbb275dbb4aaf9053b31329ab9f8a5744
Commit: b6441f869c62b2c96d35ca0a526a6f9ae0026a90
https://github.com/tribe29/checkmk/commit/b6441f869c62b2c96d35ca0a526a6f9ae…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/gui/plugins/wato/special_agents/3par.py
M cmk/gui/plugins/wato/special_agents/activemq.py
M cmk/gui/plugins/wato/special_agents/aws.py
M cmk/gui/plugins/wato/special_agents/bi.py
M cmk/gui/plugins/wato/special_agents/common.py
M cmk/gui/plugins/wato/special_agents/emcvnx.py
M cmk/gui/plugins/wato/special_agents/ibmsvc.py
M cmk/gui/plugins/wato/special_agents/innovaphone.py
M cmk/gui/plugins/wato/special_agents/ipmi_sensors.py
M cmk/gui/plugins/wato/special_agents/jenkins.py
M cmk/gui/plugins/wato/special_agents/kubernetes.py
M cmk/gui/plugins/wato/special_agents/netapp.py
M cmk/gui/plugins/wato/special_agents/prometheus.py
M cmk/gui/plugins/wato/special_agents/siemens_plc.py
M cmk/gui/plugins/wato/special_agents/vsphere.py
R tests/unit/cmk/gui/plugins/wato/special_agents/test_bi.py
R tests/unit/cmk/gui/plugins/wato/special_agents/test_innovaphone.py
R tests/unit/cmk/gui/plugins/wato/special_agents/test_kubernetes.py
R tests/unit/cmk/gui/plugins/wato/special_agents/test_prometheus.py
Log Message:
-----------
Clean up transforms in special agents rulesets
CMK-10788
Change-Id: I909cf24aeafcd00be23e3407211783a46a23092a
Commit: a8ced45efc76c1925b55a04646f1174b65b11e3b
https://github.com/tribe29/checkmk/commit/a8ced45efc76c1925b55a04646f1174b6…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M tests/unit/cmk/test_update_config.py
Log Message:
-----------
Make test_update_config more independent of currently registered rules
This is a preparation for cleaning up transforms in check parameter
rulesets.
CMK-10788
Change-Id: Ifc857940149bbfd4d6b357f60a86d323e9f26872
Commit: c373d393a03c6c2db327e9bb6db9aea0c337c0d7
https://github.com/tribe29/checkmk/commit/c373d393a03c6c2db327e9bb6db9aea0c…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M checks/akcp_daisy_temp
M checks/allnet_ip_sensoric
M checks/apc_inrow_temp
M checks/apc_netbotz_sensors
M checks/apc_symmetra_ext_temp
M checks/arris_cmts_temp
M checks/artec_temp
M checks/avaya_45xx_temp
M checks/avaya_88xx
M checks/avaya_chassis_temp
M checks/bintec_sensors
M checks/bluenet2_powerrail
M checks/bluenet_sensor
M checks/brocade_mlx_temp
M checks/bvip_temp
M checks/checkpoint_temp
M checks/cisco_ucs_temp_cpu
M checks/cisco_ucs_temp_env
M checks/cisco_ucs_temp_mem
M checks/climaveneta_temp
M checks/cmc_temp
M checks/datapower_temp
M checks/dell_chassis_temp
M checks/dell_om_sensors
M checks/dell_powerconnect_temp
M checks/emc_isilon_temp
M checks/emerson_temp
M checks/enterasys_temp
M checks/etherbox2_temp
M checks/gude_temp
M checks/hp_msa_psu
M checks/hp_psu
M checks/huawei_osn_temp
M checks/ibm_svc_enclosurestats
M checks/icom_repeater
M checks/infoblox_temp
M checks/innovaphone_temp
M checks/ipr400_temp
M checks/juniper_screenos_temp
M checks/juniper_temp
M checks/knuerr_rms_temp
M checks/mbg_lantime_ng_temp
M checks/netextreme_temp
M checks/netscaler_health
M checks/nvidia
M checks/qnap_hdd_temp
M checks/rms200_temp
M checks/siemens_plc
M checks/smart
M checks/stulz_temp
M checks/ucs_bladecenter_fans
M checks/ucs_bladecenter_psu
M checks/ups_bat_temp
M checks/wagner_titanus_topsense
M checks/wut_webtherm
M cmk/base/check_legacy_includes/akcp_sensor.py
M cmk/base/check_legacy_includes/alcatel.py
M cmk/base/check_legacy_includes/pandacom_temp.py
M cmk/base/plugins/agent_based/ciena_cpu_util.py
M cmk/gui/plugins/wato/check_parameters/apc_symmetra.py
M cmk/gui/plugins/wato/check_parameters/aws.py
M cmk/gui/plugins/wato/check_parameters/checkpoint_connections.py
M cmk/gui/plugins/wato/check_parameters/cpu_load.py
M cmk/gui/plugins/wato/check_parameters/cpu_utilization.py
M cmk/gui/plugins/wato/check_parameters/cpu_utilization_multiitem.py
M cmk/gui/plugins/wato/check_parameters/db_connections.py
M cmk/gui/plugins/wato/check_parameters/diskstat.py
M cmk/gui/plugins/wato/check_parameters/domino_tasks.py
M cmk/gui/plugins/wato/check_parameters/elphase.py
M cmk/gui/plugins/wato/check_parameters/esx_host_memory.py
M cmk/gui/plugins/wato/check_parameters/fileinfo_groups.py
M cmk/gui/plugins/wato/check_parameters/filesystem.py
M cmk/gui/plugins/wato/check_parameters/heartbeat_crm.py
M cmk/gui/plugins/wato/check_parameters/humidity.py
M cmk/gui/plugins/wato/check_parameters/hw_fans.py
M cmk/gui/plugins/wato/check_parameters/ibm_svc_host.py
M cmk/gui/plugins/wato/check_parameters/interfaces.py
M cmk/gui/plugins/wato/check_parameters/ipmi.py
M cmk/gui/plugins/wato/check_parameters/ipsecvpn.py
M cmk/gui/plugins/wato/check_parameters/juniper_cpu_util.py
M cmk/gui/plugins/wato/check_parameters/jvm_gc.py
M cmk/gui/plugins/wato/check_parameters/jvm_memory.py
M cmk/gui/plugins/wato/check_parameters/local.py
M cmk/gui/plugins/wato/check_parameters/logwatch_ec.py
M cmk/gui/plugins/wato/check_parameters/mail_queue_length.py
M cmk/gui/plugins/wato/check_parameters/mailqueue_length.py
M cmk/gui/plugins/wato/check_parameters/mcafee_av_client.py
M cmk/gui/plugins/wato/check_parameters/memory.py
M cmk/gui/plugins/wato/check_parameters/memory_linux.py
M cmk/gui/plugins/wato/check_parameters/memory_simple.py
M cmk/gui/plugins/wato/check_parameters/msx_queues.py
M cmk/gui/plugins/wato/check_parameters/mtr.py
M cmk/gui/plugins/wato/check_parameters/multipath_count.py
M cmk/gui/plugins/wato/check_parameters/netapp_disks.py
M cmk/gui/plugins/wato/check_parameters/ntp.py
M cmk/gui/plugins/wato/check_parameters/oracle_instance.py
M cmk/gui/plugins/wato/check_parameters/oracle_logswitches.py
M cmk/gui/plugins/wato/check_parameters/oracle_sessions.py
M cmk/gui/plugins/wato/check_parameters/plugs.py
M cmk/gui/plugins/wato/check_parameters/printer_supply.py
M cmk/gui/plugins/wato/check_parameters/ps.py
M cmk/gui/plugins/wato/check_parameters/raid_disk.py
M cmk/gui/plugins/wato/check_parameters/smoke.py
M cmk/gui/plugins/wato/check_parameters/sshd_config.py
M cmk/gui/plugins/wato/check_parameters/systemd_services.py
M cmk/gui/plugins/wato/check_parameters/systemtime.py
M cmk/gui/plugins/wato/check_parameters/temperature.py
M cmk/gui/plugins/wato/check_parameters/threads.py
M cmk/gui/plugins/wato/check_parameters/ups_out_load.py
M cmk/gui/plugins/wato/check_parameters/websphere_mq.py
M cmk/gui/plugins/wato/check_parameters/win_dhcp_pools.py
M cmk/gui/plugins/wato/check_parameters/windows_printer_queues.py
M cmk/gui/plugins/wato/check_parameters/windows_updates.py
M cmk/gui/plugins/wato/check_parameters/wlc_clients.py
R tests/unit/cmk/gui/plugins/wato/check_parameters/test_domino_tasks_parameters.py
R tests/unit/cmk/gui/plugins/wato/check_parameters/test_if_parameters.py
R tests/unit/cmk/gui/plugins/wato/check_parameters/test_jvm_memory_parameters.py
R tests/unit/cmk/gui/plugins/wato/check_parameters/test_msx_queues_parameters.py
M tests/unit/cmk/gui/plugins/wato/check_parameters/test_ps_parameters.py
R tests/unit/cmk/gui/plugins/wato/check_parameters/test_windows_updates.py
Log Message:
-----------
Clean up transforms in check parameter rulesets
CMK-10788
Change-Id: Ida2f414ab73deed52d4931d5557e47c5cdd3856a
Commit: 2c49c3ef5ce8969da5e51fde6d99013b0e79e402
https://github.com/tribe29/checkmk/commit/2c49c3ef5ce8969da5e51fde6d99013b0…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/gui/plugins/wato/inventory.py
M cmk/gui/plugins/wato/notifications.py
M cmk/gui/wato/mkeventd.py
Log Message:
-----------
Clean up various remaining transforms
CMK-10788
Change-Id: I0fcc4cd89834effdc8d302ceecdb9829d8a02a8a
Commit: 17d292bf08b002269ed930fcb40e0726f659e0c9
https://github.com/tribe29/checkmk/commit/17d292bf08b002269ed930fcb40e0726f…
Author: Ronny Bruska <ronny.bruska(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14742
M cmk/gui/plugins/sidebar/search.py
Log Message:
-----------
14742 FIX Fix combined search for tag groups
SUP-11113
Change-Id: Ic855e62fec22b96ca7dd6753bf488d49d8e7e340
Commit: 3b36ca84966d93254db5d33c5840a3383db54c82
https://github.com/tribe29/checkmk/commit/3b36ca84966d93254db5d33c5840a3383…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove irrelevant comment
The line it refers to had already been removed earlier.
CMK-10788
Change-Id: I1621db3b2e7c476a1c06466c479418e070815c36
Commit: 8aa3303660edc0abd32d28d0dec38a86b723da7c
https://github.com/tribe29/checkmk/commit/8aa3303660edc0abd32d28d0dec38a86b…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
M tests/unit/cmk/test_update_config.py
Log Message:
-----------
update_config: Remove transformation of InfluxDB connections
All done in 2.1.
CMK-10788
Change-Id: Ib4a8f6004798219458ce6822650d779782e54d02
Commit: 4e59f4f9ba589f7ce278ff2de67886ab01a90863
https://github.com/tribe29/checkmk/commit/4e59f4f9ba589f7ce278ff2de67886ab0…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
M tests/unit/cmk/test_update_config.py
Log Message:
-----------
update_config: Remove transformation of contact groups
All done in 2.1.
CMK-10788
Change-Id: I5c096183c49602e05ba5b4397cb34c7bf1fa119e
Commit: b392f791cbcd5b5aefa9200228f1a913a0addf19
https://github.com/tribe29/checkmk/commit/b392f791cbcd5b5aefa9200228f1a913a…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove update of ServiceNow notification rules
All done in 2.1.
CMK-10788
Change-Id: Ifebb797a7f8d89852432ae9ee2cb6d4a113aa8a2
Commit: a33a8b8913fd154da56556f86b2f4dcf5941eee8
https://github.com/tribe29/checkmk/commit/a33a8b8913fd154da56556f86b2f4dcf5…
Author: Marcel Arentz <marcel.arentz(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M .werks/13991
M cmk/base/plugins/agent_based/palo_alto.py
M tests/unit/cmk/base/plugins/agent_based/test_palo_alto.py
Log Message:
-----------
disable checking of local and peer if HA is disabled
Change-Id: I5da34e4dc44c6247490da33d26590b278f4ee043
Commit: 3e4f3ca3d4372221b47dcf269fd4539986fa6951
https://github.com/tribe29/checkmk/commit/3e4f3ca3d4372221b47dcf269fd453998…
Author: Sven Panne <sven.panne(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M buildscripts/docker_image_aliases/IMAGE_TESTING/Dockerfile
M buildscripts/docker_image_aliases/IMAGE_TESTING/meta.yml
Log Message:
-----------
Repin IMAGE_TESTING
Change-Id: I0b0d682d5971a9e85477f128aa9641f377abf576
Commit: 50fae8a11d93b7715aa7e28e346e49fb3c298d14
https://github.com/tribe29/checkmk/commit/50fae8a11d93b7715aa7e28e346e49fb3…
Author: Sven Panne <sven.panne(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M buildscripts/infrastructure/build-nodes/scripts/install-gnu-toolchain.sh
Log Message:
-----------
Bumped GDB version 11.1 => 12.1
Change-Id: I1844839110c190da627ae7bc9c33ad98576459a9
Commit: bcdc1a056b50680a13b94c43b52a4083382daef2
https://github.com/tribe29/checkmk/commit/bcdc1a056b50680a13b94c43b52a40833…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/gui/config.py
M cmk/gui/metrics.py
M cmk/gui/mobile.py
M cmk/gui/permissions.py
M cmk/gui/plugins/dashboard/graph.py
M cmk/gui/plugins/views/painters.py
M cmk/gui/views/__init__.py
M cmk/gui/visuals.py
M cmk/gui/webapi.py
Log Message:
-----------
Cleaned up unused-import (pre 1.6 plugin compatibility)
Since 1.6 the plugins need to import the names they need explicitly. The
internal imports we kept for compatibility are now cleaned up with this
change to clarify the internal code.
All old plugins which now fail with some NameError will have to add
imports of the needed names.
Change-Id: I7355fedfdeb1904714fe2e430abcf6377790e43f
Commit: 84712e97760f6ecd9383b12b1f2b009377aad139
https://github.com/tribe29/checkmk/commit/84712e97760f6ecd9383b12b1f2b00937…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14291
A omd/packages/nagvis/nagvis-1.9.34.tar.gz
M omd/packages/nagvis/nagvis.make
Log Message:
-----------
14291 SEC NagVis: Updated to 1.9.34 (Fix security issues)
This update of NagVis fixes the following security issues:
1. Fix SSRF (triggerable by admin users)
An administrative user with access to the global options, could perform a
server-side request forgery.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2)
2. Fix arbitrary file read
An authenticated attacker can read arbitrary files with the permissions of the
web server user.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1)
3. Fix type juggling vulnerability in cookie hash processing
An attacker could bypass the authentication and gain access to the NagVis
component of checkmk.
Change-Id: I014996ba270dc1fc0ef7829ee85f8f716aa9cd03
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7)
Commit: 683fa5404b4068a8acdc5370bbba9ddcc32b096c
https://github.com/tribe29/checkmk/commit/683fa5404b4068a8acdc5370bbba9ddcc…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/gui/config.py
M cmk/gui/metrics.py
M cmk/gui/mobile.py
M cmk/gui/permissions.py
M cmk/gui/plugins/dashboard/graph.py
M cmk/gui/plugins/views/painters.py
M cmk/gui/views/__init__.py
M cmk/gui/visuals.py
M cmk/gui/webapi.py
Log Message:
-----------
Revert "Cleaned up unused-import (pre 1.6 plugin compatibility)"
This reverts commit bcdc1a056b50680a13b94c43b52a4083382daef2.
Accidentally pushed.
Commit: 6caeace2bee88c1bfe04e7e69b511f7102b30aed
https://github.com/tribe29/checkmk/commit/6caeace2bee88c1bfe04e7e69b511f710…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove migration of LDAP connections
All done 2.1.
CMK-10788
Change-Id: I54a1989bb14dec09a80795f5fe5312d214b76a1b
Commit: 895fd19ff982c16941e308bebbc024faeb6e7bef
https://github.com/tribe29/checkmk/commit/895fd19ff982c16941e308bebbc024fae…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Trim down udpate of user attributes
Remove steps already done in 2.1.
CMK-10788
Change-Id: I7f0ab00afca6ac6980c6556b98248ae9c66d67fa
Commit: 3e812f4b35f3b7d82e08589e0daca7fcd7596630
https://github.com/tribe29/checkmk/commit/3e812f4b35f3b7d82e08589e0daca7fcd…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove rewriting of Python 2 inventory data
All done in 2.1.
CMK-10788
Change-Id: I296166327d52cb091999b8f0330d817283a5bae1
Commit: b9d02a63bdbdfd2ad5fb114fab915e3e327f4911
https://github.com/tribe29/checkmk/commit/b9d02a63bdbdfd2ad5fb114fab915e3e3…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/update_config.py
M tests/unit/cmk/test_update_config.py
Log Message:
-----------
update_config: Remove audit log sanitation
All done in 2.1.
CMK-10788
Change-Id: Iaef855c73f0adbe68a6bfb8a063cf779225029ac
Commit: f27924d6101deddb8a50d55a8b391bade25d54b8
https://github.com/tribe29/checkmk/commit/f27924d6101deddb8a50d55a8b391bade…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/update_config.py
M tests/unit/cmk/test_update_config.py
Log Message:
-----------
update_config: Remove renaming of discovered host label files
All done in 2.1.
CMK-10788
Change-Id: I8e02a6abb076d8203cf8430cf043abe904f28cc2
Commit: 721912e4faba3636e12a4c3eefac59a9740a97c1
https://github.com/tribe29/checkmk/commit/721912e4faba3636e12a4c3eefac59a97…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove adding of site CA to trusted CAs
All done in 2.1.
CMK-10788
Change-Id: I83f9e245e09903a74840e50ca0b00fa99560773a
Commit: 34b10fdda89de6dd4feaa2951aabb484af36e957
https://github.com/tribe29/checkmk/commit/34b10fdda89de6dd4feaa2951aabb484a…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/update_config.py
Log Message:
-----------
update_config: Remove check for macros in EC scripts
All done in 2.1.
CMK-10788
Change-Id: Iae842c9913dbfc0f2ab268f0e03083198a810c42
Commit: 4f7fe041645a8d6c05e20015c9b86c041140f8bf
https://github.com/tribe29/checkmk/commit/4f7fe041645a8d6c05e20015c9b86c041…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/utils/version.py
M tests/unit/cmk/gui/wato/pages/test_automation.py
Log Message:
-----------
Increment minimum patch release for 2.2
update_config has been cleaned up. By incrementing the required patch
release, we ensure that all customer configurations underwent all
necessary transforms in 2.1 before going to 2.2.
CMK-10788
Change-Id: I7a158ef32dee3283276131a8e81fae71237e4711
Commit: da4ad9c870a2c7f83dc8de0e823b25263c819955
https://github.com/tribe29/checkmk/commit/da4ad9c870a2c7f83dc8de0e823b25263…
Author: Max Linke <max.linke(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/gui/plugins/wato/special_agents/gcp.py
M cmk/special_agents/agent_gcp.py
Log Message:
-----------
Add http load balancer to gcp agent
Change-Id: I4550bbf7120ea65ff81dd7cbe38ebdd55cb742c7
Commit: 83c4c466853845f38ed7ee098a119d8d460b6dba
https://github.com/tribe29/checkmk/commit/83c4c466853845f38ed7ee098a119d8d4…
Author: Max Linke <max.linke(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A checkman/gcp_http_lb_latencies
A checkman/gcp_http_lb_requests
A checkman/gcp_http_lb_summary
M cmk/base/plugins/agent_based/gcp_assets.py
A cmk/base/plugins/agent_based/gcp_http_lb.py
M cmk/gui/plugins/wato/check_parameters/gcp_gcs.py
A tests/unit/cmk/base/plugins/agent_based/test_gcp_http_lb.py
Log Message:
-----------
Add gcp load balancer check plugin
Change-Id: Ia703aa6b4ce56743fafe8309f72d6dc6883c2c99
Commit: b6a9002b70801ab668c775527910dcb482b4f360
https://github.com/tribe29/checkmk/commit/b6a9002b70801ab668c775527910dcb48…
Author: Giordano Tomassorri <giordano.tomassorri(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/special_agents/agent_azure.py
Log Message:
-----------
agent azure: fetch metrics for PostgreSQL
Change-Id: I1525a4ce66d9050803c7e47691fc0122de483b1e
Commit: fdb4d7d3935c3e4bff99a41eab38909c113d8928
https://github.com/tribe29/checkmk/commit/fdb4d7d3935c3e4bff99a41eab38909c1…
Author: Giordano Tomassorri <giordano.tomassorri(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/base/plugins/agent_based/azure_mysql.py
A cmk/base/plugins/agent_based/azure_section_servers.py
Log Message:
-----------
Move azure servers section parsing to a dedicated file
The parse function will be the same for both the MySQL checks and the
PostgreSQL ones so we are moving it in a dedicated file
Change-Id: Ia3fcc12f1747e696ff2a6eb64216e1a137da11e7
Commit: 8123f18272cb66f22fc5cb934acef8494197ec7c
https://github.com/tribe29/checkmk/commit/8123f18272cb66f22fc5cb934acef8494…
Author: Giordano Tomassorri <giordano.tomassorri(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14532
A checkman/azure_postgresql_connections
A checkman/azure_postgresql_cpu
A checkman/azure_postgresql_memory
A checkman/azure_postgresql_network
A checkman/azure_postgresql_replication
A checkman/azure_postgresql_storage
M cmk/base/plugins/agent_based/azure_mysql.py
A cmk/base/plugins/agent_based/azure_postgresql.py
M cmk/base/plugins/agent_based/utils/azure.py
A tests/unit/cmk/base/plugins/agent_based/test_azure_postgresql.py
Log Message:
-----------
14532 azure_postgresql: Monitor Azure database for PostgreSQL
It's now possible to monitor Azure database for PostgreSQL in Checkmk.
Six new checks have been added:
<ul>
<li>Microsoft Azure PostgreSQL Database: CPU Utilization</li>
<li>Microsoft Azure PostgreSQL Database: Connections</li>
<li>Microsoft Azure PostgreSQL Database: Memory Utilization</li>
<li>Microsoft Azure PostgreSQL Database: Network</li>
<li>Microsoft Azure PostgreSQL Database: Replication</li>
<li>Microsoft Azure PostgreSQL Database: Storage</li>
</ul>
The new services will be automatically discovered if you have
an Azure database for PostgreSQL in the resource group already monitored
in Checkmk.
Change-Id: Iafdef57fdb892cbd9d91520a8115332bb117ff9d
Commit: 8f72c6918661ffd5ed16e62c7bc8a6c7ebf05b2f
https://github.com/tribe29/checkmk/commit/8f72c6918661ffd5ed16e62c7bc8a6c7e…
Author: Sven Panne <sven.panne(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M buildscripts/infrastructure/build-nodes/scripts/install-gnu-toolchain.sh
M defines.make
Log Message:
-----------
Bumped GCC version 11.2 => 12.2
Change-Id: I12f7129e1c64415a90f147fc6815eb3f104bf9c8
Commit: 1f28f546d8473d0070899f72246ae8584bd0edbe
https://github.com/tribe29/checkmk/commit/1f28f546d8473d0070899f72246ae8584…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M buildscripts/scripts/stages.yml
M package.json
A scripts/check-typescript-types.sh
M scripts/run-prettier
M tests/Makefile
Log Message:
-----------
Add a TypeScript TypeChecking stage to the CI
Change-Id: I1e9b2880a9d45be3bf861cc7f58516d73cf23dc0
Commit: 2703fddd2d7356c6c57e5bd84847be526316c190
https://github.com/tribe29/checkmk/commit/2703fddd2d7356c6c57e5bd84847be526…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
R buildscripts/scripts/test-build-js.jenkins
M package.json
A scripts/check-js-lint.sh
M scripts/run-webpack-watch
M tests/Makefile
Log Message:
-----------
Some cleanup of the testing/ci scripts and package.json
Change-Id: I2ba63f27052b419ef92ad1763b642e9bd7e12100
Commit: ce28ee1f92d1911a7c24e1baff003df3f45b7948
https://github.com/tribe29/checkmk/commit/ce28ee1f92d1911a7c24e1baff003df3f…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M tests/unit/cmk/gui/test_gui_config.py
A tests/unit/cmk/gui/test_permissions.py
Log Message:
-----------
Move permission tests
Change-Id: I130c6996e6d8b236ea98e91ec86ecda9be2566ea
Commit: 11a7abbcf6bb288dc0819a5d6cd0d871d4226948
https://github.com/tribe29/checkmk/commit/11a7abbcf6bb288dc0819a5d6cd0d871d…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/gui/config.py
M cmk/gui/metrics.py
M cmk/gui/mobile.py
M cmk/gui/permissions.py
M cmk/gui/plugins/dashboard/graph.py
M cmk/gui/plugins/views/painters.py
M cmk/gui/views/__init__.py
M cmk/gui/visuals.py
M cmk/gui/webapi.py
Log Message:
-----------
Cleaned up unused-import (pre 1.6 plugin compatibility)
Since 1.6 the plugins need to import the names they need explicitly. The
internal imports we kept for compatibility are now cleaned up with this
change to clarify the internal code.
All old plugins which now fail with some NameError will have to add
imports of the needed names.
Change-Id: Iec40846f450a264fdf2b55cf8ded2c181976a896
Commit: eaa0308a90c371402f78f335eeb5d34664e34910
https://github.com/tribe29/checkmk/commit/eaa0308a90c371402f78f335eeb5d3466…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/13956
M cmk/gui/plugins/openapi/endpoints/bi.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_bi.py
Log Message:
-----------
13956 FIX The BI Pack endpoints will now check if the given contact groups actually exist
The BI Pack endpoint will now check if the contact groups it is given actually exists.
If that is not the case, it will respond with an error.
SUP-10160
Change-Id: I23a62e55407a5dd4e35ba0b94d994f79f818a949
Commit: 9da7e504d5b9bc794d0d4c4c2565d41eda270d83
https://github.com/tribe29/checkmk/commit/9da7e504d5b9bc794d0d4c4c2565d41ed…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A tests/unit/checks/test_apc_mod_pdu_modules.py
Log Message:
-----------
apc_mod_pdu_modules: unit tests
SUP-11401
Change-Id: I7e051a709947665fe613f62241d653653b09c907
Commit: bf042bf175d166f3c6f8535e02db8e08437cc8d4
https://github.com/tribe29/checkmk/commit/bf042bf175d166f3c6f8535e02db8e084…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14764
M checks/apc_mod_pdu_modules
M tests/unit/checks/test_apc_mod_pdu_modules.py
Log Message:
-----------
14764 FIX apc_mod_pdu_modules: total power measurement displayed at wrong scale
SUP-11401
Change-Id: Idac32ec0c725f25778296bc33820a1767b74f03d
Commit: a92e8c20f2a5abd405a39e5d5c92985467410f99
https://github.com/tribe29/checkmk/commit/a92e8c20f2a5abd405a39e5d5c9298546…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14761
M agents/plugins/mk_sap_hana
Log Message:
-----------
14761 FIX SAP Hana fileinfo: negative file age causes crash
SUP-11334
Change-Id: Ifc8536b3f6f4580e476509cc9a6f1ab6d74fdf5e
Commit: 68bdae84fde7295ad06ecb3d6fe3c34aaa1fc7c0
https://github.com/tribe29/checkmk/commit/68bdae84fde7295ad06ecb3d6fe3c34aa…
Author: Ronny Bruska <ronny.bruska(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14745
M cmk/gui/plugins/metrics/graph_images.py
M cmk/notification_plugins/mail.py
Log Message:
-----------
14745 FIX Fix "Data: b''" in notification result of event console bulk notifications
SUP-11297
Change-Id: I14405d868ab0e565b2767aa6e7f0462c22457f14
Commit: e1ae25d8255116cc2b1c8ad59b5a8275754cc3fd
https://github.com/tribe29/checkmk/commit/e1ae25d8255116cc2b1c8ad59b5a82757…
Author: Sven Panne <sven.panne(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M buildscripts/docker_image_aliases/IMAGE_TESTING/Dockerfile
M buildscripts/docker_image_aliases/IMAGE_TESTING/meta.yml
Log Message:
-----------
Repin IMAGE_TESTING
Change-Id: I6db9dcfdf9eaa59b5ec4accb1d7d8a0ab550c9bc
Commit: 763e06eeac934f82fbcdc0569372d9e14c3272c2
https://github.com/tribe29/checkmk/commit/763e06eeac934f82fbcdc0569372d9e14…
Author: Sven Panne <sven.panne(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M livestatus/src/pnp4nagios.cc
Log Message:
-----------
Avoid a (useless) warning.
Change-Id: I087362ba31334f27770550da651c78187df1b9f6
Commit: 5b76b0cbfebc22048e9a10901610d7b98c50f55a
https://github.com/tribe29/checkmk/commit/5b76b0cbfebc22048e9a10901610d7b98…
Author: Weblate Transfer job <weblate(a)checkmk.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M locale/de/LC_MESSAGES/multisite.po
M locale/es/LC_MESSAGES/multisite.po
M locale/fr/LC_MESSAGES/multisite.po
M locale/it/LC_MESSAGES/multisite.po
M locale/ja/LC_MESSAGES/multisite.po
M locale/nl/LC_MESSAGES/multisite.po
M locale/pt_PT/LC_MESSAGES/multisite.po
M locale/ro/LC_MESSAGES/multisite.po
Log Message:
-----------
[Weblate] Updated translation files
Translation: checkmk/software
Translate-URL: https://translate.checkmk.com/projects/checkmk/software/
Compare: https://github.com/tribe29/checkmk/compare/9fbe8058003e...5b76b0cbfebc
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 88fc002e9f1980c190f85d1d8a4ca5771b3d94c2
https://github.com/tribe29/checkmk/commit/88fc002e9f1980c190f85d1d8a4ca5771…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
R .werks/14483
M Pipfile
M Pipfile.lock
M omd/packages/python3-modules/python3-modules.make
R omd/packages/python3-modules/src/Babel-2.10.3.tar.gz
A omd/packages/python3-modules/src/Babel-2.8.0.tar.gz
A omd/packages/python3-modules/src/PyJWT-1.7.1.tar.gz
R omd/packages/python3-modules/src/PyJWT-2.4.0.tar.gz
A omd/packages/python3-modules/src/PyPDF2-1.26.0.tar.gz
R omd/packages/python3-modules/src/PyPDF2-2.10.2.tar.gz
A omd/packages/python3-modules/src/reportlab-3.5.34.tar.gz
R omd/packages/python3-modules/src/reportlab-3.6.11.tar.gz
A omd/packages/python3-modules/src/rsa-4.6.tar.gz
R omd/packages/python3-modules/src/rsa-4.9.tar.gz
A omd/packages/python3-modules/src/typing_extensions-3.7.4.1.tar.gz
R omd/packages/python3-modules/src/typing_extensions-4.3.0.tar.gz
Log Message:
-----------
Revert "Revert "Revert "14483 SEC Update dependencies"""
This reverts commit e32d55125f760f318473b6228d5e706585fedf24.
Reason for revert: Tests fail
Change-Id: I5e724776991302216b079d9d02ecbb1b9d0bfcbf
Commit: 98978b78b5a1a6d71e1c4c91df1d69d004decd20
https://github.com/tribe29/checkmk/commit/98978b78b5a1a6d71e1c4c91df1d69d00…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M omd/packages/python3-modules/python3-modules.make
Log Message:
-----------
Revert "Add workaround for package build without setup.py"
This reverts commit 4166cd932aab5328b764149ea0af18f908254cb2.
Reason for revert: Tests fail
Change-Id: I0b4a32f89c5f95b6ff3fb86b14e2497b20121b15
Commit: 73a5201ded5c011549c6a743a63802677791d78c
https://github.com/tribe29/checkmk/commit/73a5201ded5c011549c6a743a63802677…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14381
M notifications/sms
Log Message:
-----------
14381 SEC Fix command injection in SMS notification script
Previous to this Werk it was possible to inject arbitrary shell commands
when sending SMS notifications. For this, attackers would have needed to
place a crafted string in a user's Pager Address, which was not properly
escaped by the SMS script.
In most setups, this issue will not be exploitable: Changing a user's
Pager Address requires the User Management permission. Users with that
permission are effectively Administrators and can thus already
legitimately execute code in the Site context. Note however, that in
some setups the attribute can also be configured by external interfaces,
for example via LDAP User Synchronization.
<b>Affected Versions</b>: All currently supported versions are affected:
1.6, 2.0, and 2.1.
<b>Mitigations</b>: As an immediate mitigation all notifications via the
method "SMS (using smstools)" can be disabled. Note that users' personal
notification rules are affected as well.
<b>Indicators of Compromise</b>: If you suspect this issue might have
been exploited in your installation, validate users' Pager Address
fields. Check the Audit Log for changes to this field.
<b>Vulnerability Management</b>: We have rated the issue with a CVSS
Score of 8.0 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>. A CVE has been
requested.
<b>Changes</b>: This Werk replaces a hazardous call to
<tt>os.system</tt> by a safer alternative and adds additional validation
to the Pager Address before attempting to send SMS to it. Valid Pager
Addresses may now include letters, numbers, space characters, any of the
characters <tt>. / - ()</tt>, as well as a <tt>+</tt> character at the
beginning.
Change-Id: I75d5ea3ac8cc3e0e9eb9390cef2d70cfa4cac38d
Commit: 509e7453c96f38e3d4c0fcf2d280f2faac08cbd9
https://github.com/tribe29/checkmk/commit/509e7453c96f38e3d4c0fcf2d280f2faa…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14383
M cmk/gui/watolib/auth_php.py
M cmk/gui/watolib/tags.py
M cmk/gui/watolib/utils.py
M tests/unit/cmk/gui/watolib/test_watolib.py
Log Message:
-----------
14383 SEC Fix code injection in watolib
This Werk fixes a code injection vulnerability in watolib.
Prior to this Werk it was possible for authenticated users to inject PHP
code in files generated by Wato for NagVis integration. The code would
be executed once a request to the respective NagVis component is made.
The underlying reason for this issue was that user data entered in Wato
was not properly sanitized when writing to the PHP file.
We thank Stefan Schiller (SonarSource) for reporting this issue.
Affected Versions: All currently supported versions are affected:
1.6, 2.0, and 2.1.
Mitigations: As an immediate mitigation you can entirely disable
PHP on your server. Note that NagVis will not work anymore without PHP.
Indicators of Compromise: Malicious code is injected in either of
the files <tt>var/check_mk/wato/auth/auth.php</tt> or
<tt>var/check_mk/wato/php-api/hosttags.php</tt>. Check these files for
suspicious code.
Vulnerability Management: We have rated the issue with a CVSS
Score of 9.1 (Critical) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L</tt>. A CVE has been
requested.
Changes: This Werk fixes the vulnerability by improving
sanitization.
CMK-11206
Change-Id: I54e0dc8ed44df4cbb4d873de2bab9b91f391368c
Commit: a08326084023c15b98f1c40181013ef7b4a3d1b9
https://github.com/tribe29/checkmk/commit/a08326084023c15b98f1c40181013ef7b…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14732
Log Message:
-----------
14732 FIX cmk-update-agent: Retry locking
The agent updater is designed to have no more than one instance running
at a time on a host. This is implemented by holding a file lock while running.
We recently observed that a lock may sometimes fail briefly after it was
released by a previous agent updater instance, possibly due to some anti virus
software.
To mitigate this situation, the locking is now retried 10 times before aborting
the agent updater call.
Change-Id: Ib7952650460b73b4f6317a2b18fa5ecd3580f08d
Commit: 2480848f9bcf00b7dee952336b938f83d5e4ee1f
https://github.com/tribe29/checkmk/commit/2480848f9bcf00b7dee952336b938f83d…
Author: Kenneth Okoh <kenneth.okoh(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M web/htdocs/themes/facelift/scss/_mega_menu.scss
Log Message:
-----------
Mega menu: Fix 'show more' for single-column menu
When the 'Monitor' or 'Setup' menu was displayed as a single column
(monitors of great height), the 'show more' button was rendered outside
of the menu.
Change-Id: I094755d64e0375bfee7713b03ad20011aa9365e6
Commit: 1a41c1795b9c97c2b212233411a40fd252c12ea3
https://github.com/tribe29/checkmk/commit/1a41c1795b9c97c2b212233411a40fd25…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14291
A omd/packages/nagvis/nagvis-1.9.34.tar.gz
M omd/packages/nagvis/nagvis.make
Log Message:
-----------
14291 SEC NagVis: Updated to 1.9.34 (Fix security issues)
This update of NagVis fixes the following security issues:
1. Fix SSRF (triggerable by admin users)
An administrative user with access to the global options, could perform a
server-side request forgery.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2)
2. Fix arbitrary file read
An authenticated attacker can read arbitrary files with the permissions of the
web server user.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1)
3. Fix type juggling vulnerability in cookie hash processing
An attacker could bypass the authentication and gain access to the NagVis
component of checkmk.
Change-Id: I014996ba270dc1fc0ef7829ee85f8f716aa9cd03
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7)
Commit: 62e8f8562273e170c153396f29e76426052d88b9
https://github.com/tribe29/checkmk/commit/62e8f8562273e170c153396f29e764260…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/websphere_mq
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M bin/mkbench
M cmk/utils/version.py
M configure.ac
M defines.make
M docker/Dockerfile
Log Message:
-----------
Set version to 2.0.0p29
Commit: 1e5a7a16ffbc5d2b70961c1901be13e4b1b614db
https://github.com/tribe29/checkmk/commit/1e5a7a16ffbc5d2b70961c1901be13e4b…
Author: Ronny Bruska <ronny.bruska(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14745
M cmk/gui/plugins/metrics/graph_images.py
M cmk/notification_plugins/mail.py
Log Message:
-----------
14745 FIX Fix "Data: b''" in notification result of event console bulk notifications
SUP-11297
Change-Id: I14405d868ab0e565b2767aa6e7f0462c22457f14
Commit: 5606798eb438a8075df40944470db03067da6bce
https://github.com/tribe29/checkmk/commit/5606798eb438a8075df40944470db0306…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A tests/unit/checks/test_apc_mod_pdu_modules.py
Log Message:
-----------
apc_mod_pdu_modules: unit tests
SUP-11401
Change-Id: I7e051a709947665fe613f62241d653653b09c907
Commit: 67165f12877c8e9af39c14c0c944f34e0d91e841
https://github.com/tribe29/checkmk/commit/67165f12877c8e9af39c14c0c944f34e0…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14764
M checks/apc_mod_pdu_modules
M tests/unit/checks/test_apc_mod_pdu_modules.py
Log Message:
-----------
14764 FIX apc_mod_pdu_modules: total power measurement displayed at wrong scale
SUP-11401
Change-Id: Idac32ec0c725f25778296bc33820a1767b74f03d
Commit: 6b92ee905f0b47eaf997f3dc54fc447b926266ac
https://github.com/tribe29/checkmk/commit/6b92ee905f0b47eaf997f3dc54fc447b9…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14761
M agents/plugins/mk_sap_hana
Log Message:
-----------
14761 FIX SAP Hana fileinfo: negative file age causes crash
SUP-11334
Change-Id: Ifc8536b3f6f4580e476509cc9a6f1ab6d74fdf5e
Compare: https://github.com/tribe29/checkmk/compare/e32d55125f76...6b92ee905f0b
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 6b50c90f6e5004292010ecb73c022bc8808680f7
https://github.com/tribe29/checkmk/commit/6b50c90f6e5004292010ecb73c022bc88…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M buildscripts/scripts/build-cmk-version.jenkins
Log Message:
-----------
Refactor VERSION_DIR
#rc-tagging
Change-Id: Iebdec2f85d809545fb9632e85b48c42df35c99bb
Commit: 942cf78bbd80ea9af9cf37a13cfc678bc116f5ba
https://github.com/tribe29/checkmk/commit/942cf78bbd80ea9af9cf37a13cfc678bc…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M buildscripts/scripts/build-cmk-version.jenkins
M buildscripts/scripts/lib/upload_artifacts.groovy
M buildscripts/scripts/lib/versioning.groovy
M tests/packaging/test_files.py
Log Message:
-----------
Use rc tags in package builds
#rc-tagging
Change-Id: I76db4f48d0ea2da6ef423cd34bc0bf941e1e60f2
Commit: 80d40160f149b68257357799f2ed30fb24f464f9
https://github.com/tribe29/checkmk/commit/80d40160f149b68257357799f2ed30fb2…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M buildscripts/scripts/build-cmk-container.sh
Log Message:
-----------
Refactor: centralize source tag
#rc-tagging
Change-Id: I80c49565599de0a550a6fa2034847f3cbc1c5512
Commit: 502f863fcea7fe296ceebb3b1f729df97ea188f3
https://github.com/tribe29/checkmk/commit/502f863fcea7fe296ceebb3b1f729df97…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M buildscripts/scripts/build-cmk-container.jenkins
M buildscripts/scripts/build-cmk-container.sh
Log Message:
-----------
Refactor: Inject source dir from groovy
... and derive version tag from source dir name
#rc-tagging
Change-Id: I7efaeb9de9bc8f6d3e31ff5a8f32b74d37c96286
Commit: e0413c36adaf58fc4fdc3bcce147c21ce6d4be2e
https://github.com/tribe29/checkmk/commit/e0413c36adaf58fc4fdc3bcce147c21ce…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M docker/Makefile
Log Message:
-----------
Nuke image-demo from Makefile
#rc-tagging
Change-Id: I0afcf00269f99c49cdb77528b1e465e0931092b6
Commit: 49573c045a32f3cca82fb585eb58af1069dc9627
https://github.com/tribe29/checkmk/commit/49573c045a32f3cca82fb585eb58af106…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M buildscripts/scripts/build-cmk-container.jenkins
M buildscripts/scripts/build-cmk-container.sh
M buildscripts/scripts/lib/upload_artifacts.groovy
M docker/Makefile
Log Message:
-----------
Use rc tags in docker builds
#rc-tagging
Change-Id: Idb9e31206d5b86d82c9edaf87e060850480b8810
Commit: d3a70c88a14f966b5a92fb7cfd03d614c47a7c1a
https://github.com/tribe29/checkmk/commit/d3a70c88a14f966b5a92fb7cfd03d614c…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14609
M agents/scripts/super-server/0_systemd/setup
M agents/scripts/super-server/1_xinetd/setup
M agents/scripts/super-server/setup
Log Message:
-----------
Add Werk 14609
Added purge mode to super server setup scripts, that is called
by agent bakery packages to remove old CRE config files.
Change-Id: Ieaaf52becd285290b00eeab605d894dc05204a52
Commit: 8005dc75e23c1db95b7ec479fe8fab96df2b388f
https://github.com/tribe29/checkmk/commit/8005dc75e23c1db95b7ec479fe8fab96d…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14731
M agents/scripts/super-server/0_systemd/setup
M agents/scripts/super-server/setup
Log Message:
-----------
Add Werk 14731
The super server setup script's $CONFIG variable was erroneously
set to /var/lib/cmk-agent/super-server.cfg, but it's located
at /etc/check_mk/super-server.cfg (At least for now)
Change-Id: I17b9478e4207a48a65da3f91e8eb6d4ac0c8c8d9
Commit: 0350093da862e8f0201bc1eead1f18a573a4d697
https://github.com/tribe29/checkmk/commit/0350093da862e8f0201bc1eead1f18a57…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14610
M agents/check-mk-agent.spec
Log Message:
-----------
Add Werk 14610
On RPM-based system, on package update, old files get removed after the
postinst step of the new package.
As we, starting with 2.1, deploy some files by script, RPM won't
recognize them as part of the new package, and delete them directly
afterwards, if they already have been shipped as a file with the old
package.
Hence, we have to run our script after all file transactions, i.e., as
posttrans step.
This did actually happen for the /etc/xinetd.d/check-mk-agent file.
Change-Id: I9a600ea902b00124cd2069edb2c60ce512edc5a3
Commit: 2679d98b6e1f542aacd00625acd5d71f65d3e38e
https://github.com/tribe29/checkmk/commit/2679d98b6e1f542aacd00625acd5d71f6…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14381
M notifications/sms
Log Message:
-----------
14381 SEC Fix command injection in SMS notification script
Previous to this Werk it was possible to inject arbitrary shell commands
when sending SMS notifications. For this, attackers would have needed to
place a crafted string in a user's Pager Address, which was not properly
escaped by the SMS script.
In most setups, this issue will not be exploitable: Changing a user's
Pager Address requires the User Management permission. Users with that
permission are effectively Administrators and can thus already
legitimately execute code in the Site context. Note however, that in
some setups the attribute can also be configured by external interfaces,
for example via LDAP User Synchronization.
<b>Affected Versions</b>: All currently supported versions are affected:
1.6, 2.0, and 2.1.
<b>Mitigations</b>: As an immediate mitigation all notifications via the
method "SMS (using smstools)" can be disabled. Note that users' personal
notification rules are affected as well.
<b>Indicators of Compromise</b>: If you suspect this issue might have
been exploited in your installation, validate users' Pager Address
fields. Check the Audit Log for changes to this field.
<b>Vulnerability Management</b>: We have rated the issue with a CVSS
Score of 8.0 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>. A CVE has been
requested.
<b>Changes</b>: This Werk replaces a hazardous call to
<tt>os.system</tt> by a safer alternative and adds additional validation
to the Pager Address before attempting to send SMS to it. Valid Pager
Addresses may now include letters, numbers, space characters, any of the
characters <tt>. / - ()</tt>, as well as a <tt>+</tt> character at the
beginning.
Change-Id: I75d5ea3ac8cc3e0e9eb9390cef2d70cfa4cac38d
Commit: 681fa395aeb0eba248dda985f216739777f750ea
https://github.com/tribe29/checkmk/commit/681fa395aeb0eba248dda985f21673977…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14383
M cmk/gui/watolib/auth_php.py
M cmk/gui/watolib/tags.py
M cmk/gui/watolib/utils.py
M tests/unit/cmk/gui/watolib/test_watolib.py
Log Message:
-----------
14383 SEC Fix code injection in watolib
This Werk fixes a code injection vulnerability in watolib.
Prior to this Werk it was possible for authenticated users to inject PHP
code in files generated by Wato for NagVis integration. The code would
be executed once a request to the respective NagVis component is made.
The underlying reason for this issue was that user data entered in Wato
was not properly sanitized when writing to the PHP file.
We thank Stefan Schiller (SonarSource) for reporting this issue.
Affected Versions: All currently supported versions are affected:
1.6, 2.0, and 2.1.
Mitigations: As an immediate mitigation you can entirely disable
PHP on your server. Note that NagVis will not work anymore without PHP.
Indicators of Compromise: Malicious code is injected in either of
the files <tt>var/check_mk/wato/auth/auth.php</tt> or
<tt>var/check_mk/wato/php-api/hosttags.php</tt>. Check these files for
suspicious code.
Vulnerability Management: We have rated the issue with a CVSS
Score of 9.1 (Critical) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L</tt>. A CVE has been
requested.
Changes: This Werk fixes the vulnerability by improving
sanitization.
CMK-11206
Change-Id: I54e0dc8ed44df4cbb4d873de2bab9b91f391368c
Commit: c742368650145326a6f9926c7609753fbcfb3d01
https://github.com/tribe29/checkmk/commit/c742368650145326a6f9926c7609753fb…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14718
Log Message:
-----------
14718 FIX SAP HANA bakery plugin: Handle user store key correctly
Change-Id: I14e2252c302f4c0bb6f9f7e461a164affdf0607f
Commit: 4c98677da9aee605a3eb14b7956fc7f28438335c
https://github.com/tribe29/checkmk/commit/4c98677da9aee605a3eb14b7956fc7f28…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/cmk-agent-ctl/src/constants.rs
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_backup
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/websphere_mq
M agents/plugins/zorp
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M bin/mkbench
M cmk/utils/version.py
M configure.ac
M defines.make
M docker/Dockerfile
Log Message:
-----------
Set version to 2.1.0p12
Commit: ee15443356ce5f3f675a8ac667a790c8c7bb9e5c
https://github.com/tribe29/checkmk/commit/ee15443356ce5f3f675a8ac667a790c8c…
Author: Ronny Bruska <ronny.bruska(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14742
M cmk/gui/plugins/sidebar/search.py
Log Message:
-----------
14742 FIX Fix combined search for tag groups
SUP-11113
Change-Id: Ic855e62fec22b96ca7dd6753bf488d49d8e7e340
Commit: a1cfc4ac183ed71baf28b0f879009418e6260136
https://github.com/tribe29/checkmk/commit/a1cfc4ac183ed71baf28b0f879009418e…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14291
A omd/packages/nagvis/nagvis-1.9.34.tar.gz
M omd/packages/nagvis/nagvis.make
Log Message:
-----------
14291 SEC NagVis: Updated to 1.9.34 (Fix security issues)
This update of NagVis fixes the following security issues:
1. Fix SSRF (triggerable by admin users)
An administrative user with access to the global options, could perform a
server-side request forgery.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2)
2. Fix arbitrary file read
An authenticated attacker can read arbitrary files with the permissions of the
web server user.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1)
3. Fix type juggling vulnerability in cookie hash processing
An attacker could bypass the authentication and gain access to the NagVis
component of checkmk.
Change-Id: I014996ba270dc1fc0ef7829ee85f8f716aa9cd03
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7)
Commit: f8fc5bc927aa54ed6b9adbfa0d3322b8135b5739
https://github.com/tribe29/checkmk/commit/f8fc5bc927aa54ed6b9adbfa0d3322b81…
Author: Sofia Colakovic <sofia.colakovic(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A cmk/base/plugins/agent_based/utils/azure.py
A tests/unit/cmk/base/plugins/agent_based/utils/test_azure.py
Log Message:
-----------
azure: add azure utils
Change-Id: I6fdb017b7163c7464a3f2c68460c05b65eabdee4
Commit: 672d121c578975d93bdef56b1de9ca2c88d8786e
https://github.com/tribe29/checkmk/commit/672d121c578975d93bdef56b1de9ca2c8…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M cmk/gui/login.py
M cmk/gui/wsgi/applications/rest_api.py
Log Message:
-----------
Check cookie also for active session
Change-Id: Ieb5fca27d685639c48019b5eb9082c233338e375
Commit: 24e247b8d83e59e3a8e29f86beadb31ca5b2401a
https://github.com/tribe29/checkmk/commit/24e247b8d83e59e3a8e29f86beadb31ca…
Author: Giordano Tomassorri <giordano.tomassorri(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14531
M checks/azure_usagedetails
M cmk/special_agents/agent_azure.py
M tests/unit/checks/generictests/datasets/azure_usagedetails.py
Log Message:
-----------
14531 azure special agent: fix usagedetails section
The usagedetails section was fetched using an api call that was no
longer supported by microsoft.
This commit fixes the issue and now the Cost services are working again.
Change-Id: I829e3996a7768c3741712e1d7696de7b4cbababa
Commit: 738756ac54b0a28548265733e511f404804bf75f
https://github.com/tribe29/checkmk/commit/738756ac54b0a28548265733e511f4048…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M docker/Makefile
Log Message:
-----------
Fix docker save after rc introduction
we need to "docker save" of course the rc aware version
#rc-tagging
Change-Id: I73c202a10d6189596475baf669e8056aaa41384d
Commit: 3f7abba7b8875a86f60cfd7db1672ec4107df56d
https://github.com/tribe29/checkmk/commit/3f7abba7b8875a86f60cfd7db1672ec41…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M buildscripts/scripts/lib/versioning.groovy
M buildscripts/scripts/windows-agent-build.jenkins
M buildscripts/scripts/windows-agent-modules-build.jenkins
Log Message:
-----------
Fix version of win agent during rc builds
... we always want the agent to have a non-rc aware version
#rc-tagging
Change-Id: I94346809aae6a216f5c5cbd22448b32d48119427
Commit: 0a6f68d0314b7f4a301483b0fbd653dba9195cd4
https://github.com/tribe29/checkmk/commit/0a6f68d0314b7f4a301483b0fbd653dba…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M docker/Makefile
Log Message:
-----------
Only test for VERSION_TAG when needed
#rc-tagging
Change-Id: I8af2a9579a7b8bd0c0645c420d793c22c45090d6
Commit: 9ec1f8528d68831a521010e79bd7b03839c2a5b1
https://github.com/tribe29/checkmk/commit/9ec1f8528d68831a521010e79bd7b0383…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M agents/check-mk-agent.spec
Log Message:
-----------
check-mk-agent package: Deploy DEB postinstall script
We have to deploy the DEB postinstall script by specifying a RPM
%post scriptlet, because we build the DEB package from the RPM
package with alien.
By looking for the DEB-specific "configure" argument, we can skip
this step for RPM-package.
Change-Id: Ib4183dab0d57a87ac48af3d37e7207e4dd9f54b4
Commit: c2bfc6e1339e6124d2d58d3d39bb60169a83c1c2
https://github.com/tribe29/checkmk/commit/c2bfc6e1339e6124d2d58d3d39bb60169…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M .werks/14291
M .werks/14531
M .werks/14742
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/cmk-agent-ctl/src/constants.rs
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_backup
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/websphere_mq
M agents/plugins/zorp
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M bin/mkbench
M cmk/utils/version.py
M configure.ac
M defines.make
M docker/Dockerfile
Log Message:
-----------
Revert "Set version to 2.1.0p12"
...and rewrite werks
This reverts commit 4c98677da9aee605a3eb14b7956fc7f28438335c.
Change-Id: Ic3859f51f481494e6f27e8211685c945f725551a
Commit: 61c4a7395bb265252e6c0605443109342c03c895
https://github.com/tribe29/checkmk/commit/61c4a7395bb265252e6c0605443109342…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A tests/unit/checks/test_apc_mod_pdu_modules.py
Log Message:
-----------
apc_mod_pdu_modules: unit tests
SUP-11401
Change-Id: I7e051a709947665fe613f62241d653653b09c907
Commit: 7cef4102b6d45b45caa8f498d2ff35d9d59e6718
https://github.com/tribe29/checkmk/commit/7cef4102b6d45b45caa8f498d2ff35d9d…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14764
M checks/apc_mod_pdu_modules
M tests/unit/checks/test_apc_mod_pdu_modules.py
Log Message:
-----------
14764 FIX apc_mod_pdu_modules: total power measurement displayed at wrong scale
SUP-11401
Change-Id: Idac32ec0c725f25778296bc33820a1767b74f03d
Commit: 2d33ada11c92739371ac5bbb8d284fc33c8f321f
https://github.com/tribe29/checkmk/commit/2d33ada11c92739371ac5bbb8d284fc33…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14761
M agents/plugins/mk_sap_hana
Log Message:
-----------
14761 FIX SAP Hana fileinfo: negative file age causes crash
SUP-11334
Change-Id: Ifc8536b3f6f4580e476509cc9a6f1ab6d74fdf5e
Commit: f01c9ad37dd540261e654e3e80d50e7e19a9d5ee
https://github.com/tribe29/checkmk/commit/f01c9ad37dd540261e654e3e80d50e7e1…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/13956
M cmk/gui/plugins/openapi/endpoints/bi.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_bi.py
Log Message:
-----------
13956 FIX The BI Pack endpoints will now check if the given contact groups actually exist
The BI Pack endpoint will now check if the contact groups it is given actually exists.
If that is not the case, it will respond with an error.
SUP-10160
Change-Id: I23a62e55407a5dd4e35ba0b94d994f79f818a949
Commit: 00f3ee7ef868bbc43f95976e63ecb5b6b50ca751
https://github.com/tribe29/checkmk/commit/00f3ee7ef868bbc43f95976e63ecb5b6b…
Author: Ronny Bruska <ronny.bruska(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14745
M cmk/gui/plugins/metrics/graph_images.py
M cmk/notification_plugins/mail.py
Log Message:
-----------
14745 FIX Fix "Data: b''" in notification result of event console bulk notifications
SUP-11297
Change-Id: I14405d868ab0e565b2767aa6e7f0462c22457f14
Commit: 4be57271cbf081c9a1719dc3b1718b43d5e52f4b
https://github.com/tribe29/checkmk/commit/4be57271cbf081c9a1719dc3b1718b43d…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M .werks/13956
M .werks/14761
M .werks/14764
Log Message:
-----------
Fix werk version
Change-Id: Ia037c6fe1c0ce05d79e7eb28dcc6a8a05c40e5be
Commit: 89ab5f008ca63e79bcd58871603dffd841f4f81f
https://github.com/tribe29/checkmk/commit/89ab5f008ca63e79bcd58871603dffd84…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/cmk-agent-ctl/src/constants.rs
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_backup
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/websphere_mq
M agents/plugins/zorp
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M bin/mkbench
M cmk/utils/version.py
M configure.ac
M defines.make
M docker/Dockerfile
Log Message:
-----------
Set version to 2.1.0p12
Compare: https://github.com/tribe29/checkmk/compare/51efd0dd0d0d...89ab5f008ca6
Branch: refs/heads/1.6.0
Home: https://github.com/tribe29/checkmk
Commit: bd2963292a03b7245c6c75b8803de323d381fa9b
https://github.com/tribe29/checkmk/commit/bd2963292a03b7245c6c75b8803de323d…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-25 (Thu, 25 Aug 2022)
Changed paths:
A .werks/14381
M notifications/sms
Log Message:
-----------
14381 SEC Fix command injection in SMS notification script
Previous to this Werk it was possible to inject arbitrary shell commands
when sending SMS notifications. For this, attackers would have needed to
place a crafted string in a user's Pager Address, which was not properly
escaped by the SMS script.
In most setups, this issue will not be exploitable: Changing a user's
Pager Address requires the User Management permission. Users with that
permission are effectively Administrators and can thus already
legitimately execute code in the Site context. Note however, that in
some setups the attribute can also be configured by external interfaces,
for example via LDAP User Synchronization.
<b>Affected Versions</b>: All currently supported versions are affected:
1.6, 2.0, and 2.1.
<b>Mitigations</b>: As an immediate mitigation all notifications via the
method "SMS (using smstools)" can be disabled. Note that users' personal
notification rules are affected as well.
<b>Indicators of Compromise</b>: If you suspect this issue might have
been exploited in your installation, validate users' Pager Address
fields. Check the Audit Log for changes to this field.
<b>Vulnerability Management</b>: We have rated the issue with a CVSS
Score of 8.0 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>. A CVE has been
requested.
<b>Changes</b>: This Werk replaces a hazardous call to
<tt>os.system</tt> by a safer alternative and adds additional validation
to the Pager Address before attempting to send SMS to it. Valid Pager
Addresses may now include letters, numbers, space characters, any of the
characters <tt>. / - ()</tt>, as well as a <tt>+</tt> character at the
beginning.
Change-Id: I75d5ea3ac8cc3e0e9eb9390cef2d70cfa4cac38d
Commit: 364d2c35ce060e23e780300b6be42545a1c835a0
https://github.com/tribe29/checkmk/commit/364d2c35ce060e23e780300b6be42545a…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14383
M cmk/gui/plugins/userdb/hook_auth.py
M cmk/gui/watolib/tags.py
M cmk/gui/watolib/utils.py
M tests/unit/cmk/gui/watolib/test_watolib.py
Log Message:
-----------
14383 SEC Fix code injection in watolib
This Werk fixes a code injection vulnerability in watolib.
Prior to this Werk it was possible for authenticated users to inject PHP
code in files generated by Wato for NagVis integration. The code would
be executed once a request to the respective NagVis component is made.
The underlying reason for this issue was that user data entered in Wato
was not properly sanitized when writing to the PHP file.
We thank Stefan Schiller (SonarSource) for reporting this issue.
Affected Versions: All currently supported versions are affected:
1.6, 2.0, and 2.1.
Mitigations: As an immediate mitigation you can entirely disable
PHP on your server. Note that NagVis will not work anymore without PHP.
Indicators of Compromise: Malicious code is injected in either of
the files <tt>var/check_mk/wato/auth/auth.php</tt> or
<tt>var/check_mk/wato/php-api/hosttags.php</tt>. Check these files for
suspicious code.
Vulnerability Management: We have rated the issue with a CVSS
Score of 9.1 (Critical) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L</tt>. A CVE has been
requested.
Changes: This Werk fixes the vulnerability by improving
sanitization.
CMK-11206
Change-Id: I54e0dc8ed44df4cbb4d873de2bab9b91f391368c
Commit: 5270f8ea1ee80ca492884ebde0c3d077fcc7dbfb
https://github.com/tribe29/checkmk/commit/5270f8ea1ee80ca492884ebde0c3d077f…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M cmk/gui/plugins/userdb/hook_auth.py
Log Message:
-----------
fix broken import
restore code duplication
Change-Id: Ic4c357dbd31fc9eb16de9e35a97de2af9792ca31
Commit: ece97ab915aa3335e4e10e65eb4b3184fd7caba6
https://github.com/tribe29/checkmk/commit/ece97ab915aa3335e4e10e65eb4b3184f…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14291
R omd/packages/nagvis/nagvis-1.9.29.tar.gz
A omd/packages/nagvis/nagvis-1.9.34.tar.gz
M omd/packages/nagvis/nagvis.make
Log Message:
-----------
14291 SEC NagVis: Updated to 1.9.34 (Fix security issues)
This update of NagVis fixes the following security issues:
1. Fix SSRF (triggerable by admin users)
An administrative user with access to the global options, could perform a
server-side request forgery.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2)
2. Fix arbitrary file read
An authenticated attacker can read arbitrary files with the permissions of the
web server user.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1)
3. Fix type juggling vulnerability in cookie hash processing
An attacker could bypass the authentication and gain access to the NagVis
component of checkmk.
Change-Id: I014996ba270dc1fc0ef7829ee85f8f716aa9cd03
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7)
Compare: https://github.com/tribe29/checkmk/compare/58546036bf54...ece97ab915aa
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 9fbe8058003ea10df5ca21ea69ee600fc761cddf
https://github.com/tribe29/checkmk/commit/9fbe8058003ea10df5ca21ea69ee600fc…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/13955
M cmk/fields/__init__.py
M cmk/fields/primitives.py
A cmk/gui/plugins/openapi/endpoints/graph/__init__.py
A cmk/gui/plugins/openapi/endpoints/graph/common.py
A cmk/gui/plugins/openapi/endpoints/graph/request_schemas.py
A cmk/gui/plugins/openapi/endpoints/graph/response_schemas.py
M cmk/gui/plugins/openapi/restful_objects/type_defs.py
M cmk/gui/plugins/views/utils.py
A tests/unit/cmk/gui/plugins/openapi/test_openapi_graph.py
Log Message:
-----------
13955 Add graph data endpoint to the REST API
The REST API now has an endpoints for querying graph data.
They are analogous to the Web API endpoint, that they replace.
If you have any calls to ".../cmk/check_mk/webapi.py?action=get_graph...",
please use the REST endpoint ("/domain-types/graph/actions/get_*_graph/invoke") instead.
Please note that the request and response schemas differ from the Web API.
The provided functionality is the same, but changes in client code are necessary.
To see the new schemas, use the REST API documentation under the section "Graphs".
Change-Id: I6269886db556aa5758a227c2ffd9d1f1ba404192
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 3a5316ec6126acab9be332825514b96dcd51fb5f
https://github.com/tribe29/checkmk/commit/3a5316ec6126acab9be332825514b96dc…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14484
Log Message:
-----------
14484 Add password strength meter
When changing the password or creating a new user you now see a password
strength meter indicating a estimation of the password strength.
Change-Id: I135c0856bf051251753fad7b096917c7c1bd2f9f
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: b44abe68f4fb5943ff89a91000bcf31fdfc037ac
https://github.com/tribe29/checkmk/commit/b44abe68f4fb5943ff89a91000bcf31fd…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14732
Log Message:
-----------
14732 FIX cmk-update-agent: Retry locking
The agent updater is designed to have no more than one instance running
at a time on a host. This is implemented by holding a file lock while running.
We recently observed that a lock may sometimes fail briefly after it was
released by a previous agent updater instance, possibly due to some anti virus
software.
To mitigate this situation, the locking is now retried 10 times before aborting
the agent updater call.
Change-Id: Ib7952650460b73b4f6317a2b18fa5ecd3580f08d
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 51efd0dd0d0d173f8ae165a0cad9bfc1da8ec337
https://github.com/tribe29/checkmk/commit/51efd0dd0d0d173f8ae165a0cad9bfc1d…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14732
Log Message:
-----------
14732 FIX cmk-update-agent: Retry locking
The agent updater is designed to have no more than one instance running
at a time on a host. This is implemented by holding a file lock while running.
We recently observed that a lock may sometimes fail briefly after it was
released by a previous agent updater instance, possibly due to some anti virus
software.
To mitigate this situation, the locking is now retried 10 times before aborting
the agent updater call.
Change-Id: Ib7952650460b73b4f6317a2b18fa5ecd3580f08d
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 4166cd932aab5328b764149ea0af18f908254cb2
https://github.com/tribe29/checkmk/commit/4166cd932aab5328b764149ea0af18f90…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-28 (Sun, 28 Aug 2022)
Changed paths:
M omd/packages/python3-modules/python3-modules.make
Log Message:
-----------
Add workaround for package build without setup.py
Newer packages use newer standards like pyproject.toml. To build these a
small setup.py file can be created as described in
https://setuptools.pypa.io/en/latest/userguide/pyproject_config.html
Change-Id: I47fe58fb9c63e0bda32fe289e25d2b09a5334d70
Commit: e32d55125f760f318473b6228d5e706585fedf24
https://github.com/tribe29/checkmk/commit/e32d55125f760f318473b6228d5e70658…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-28 (Sun, 28 Aug 2022)
Changed paths:
A .werks/14483
M Pipfile
M Pipfile.lock
M omd/packages/python3-modules/python3-modules.make
A omd/packages/python3-modules/src/Babel-2.10.3.tar.gz
R omd/packages/python3-modules/src/Babel-2.8.0.tar.gz
R omd/packages/python3-modules/src/PyJWT-1.7.1.tar.gz
A omd/packages/python3-modules/src/PyJWT-2.4.0.tar.gz
R omd/packages/python3-modules/src/PyPDF2-1.26.0.tar.gz
A omd/packages/python3-modules/src/PyPDF2-2.10.2.tar.gz
R omd/packages/python3-modules/src/reportlab-3.5.34.tar.gz
A omd/packages/python3-modules/src/reportlab-3.6.11.tar.gz
R omd/packages/python3-modules/src/rsa-4.6.tar.gz
A omd/packages/python3-modules/src/rsa-4.9.tar.gz
R omd/packages/python3-modules/src/typing_extensions-3.7.4.1.tar.gz
A omd/packages/python3-modules/src/typing_extensions-4.3.0.tar.gz
Log Message:
-----------
Revert "Revert "14483 SEC Update dependencies""
This reverts commit 8cb24520a2ee4b4ff130d421c5b81f725e96384c and
d56236d36047cd3b3369fb912ce3ca74c03269a5.
Change-Id: I05bbd609b403637b5f66d3a334c0cbfdb1c6b88d
Compare: https://github.com/tribe29/checkmk/compare/b9cf558acd1d...e32d55125f76