Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 866c437b02f849737f049cc8f16fd25b09a48470
https://github.com/tribe29/checkmk/commit/866c437b02f849737f049cc8f16fd25b0…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M bin/cmk-update-config
M cmk/.f12
A cmk/update_config/main.py
A cmk/update_config/plugins/__init__.py
A cmk/update_config/plugins/actions/__init__.py
A cmk/update_config/registry.py
M omd/packages/check_mk/check_mk.make
M scripts/find-python-files
A tests/unit/cmk/post_rename_site/__init__.py
A tests/unit/cmk/update_config/__init__.py
A tests/unit/cmk/update_config/test_main.py
Log Message:
-----------
Revert "Revert "Plugin architecture for update_config""
This reverts commit 6d500eec297eb0ba2c3c5ae5ba1a2d08ee43fae5.
Change-Id: I2d1cc23ffbe92b399f3bc969fcb648f37c55bafb
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: a4595acd95737b617b0ec8c2bc25abf55dcfd0b1
https://github.com/tribe29/checkmk/commit/a4595acd95737b617b0ec8c2bc25abf55…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M cmk/gui/plugins/dashboard/graph.py
M tests/unit/cmk/gui/test_dashboard.py
Log Message:
-----------
Add missing type hints to dashlets
Change-Id: I432a24beb86742c9e76a3b7e0dc95107c37a20bd
Commit: 9c91b3a60bf7be2c879bf4ba90dfd6528d8aa52c
https://github.com/tribe29/checkmk/commit/9c91b3a60bf7be2c879bf4ba90dfd6528…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M cmk/gui/dashboard.py
M cmk/gui/plugins/dashboard/custom_url.py
M cmk/gui/plugins/dashboard/failed_notifications.py
M cmk/gui/plugins/dashboard/graph.py
M cmk/gui/plugins/dashboard/logo.py
M cmk/gui/plugins/dashboard/overview.py
M cmk/gui/plugins/dashboard/snapin.py
M cmk/gui/plugins/dashboard/static_text.py
M cmk/gui/plugins/dashboard/user_messages.py
M cmk/gui/plugins/dashboard/utils.py
M cmk/gui/plugins/dashboard/view.py
M tests/unit/cmk/gui/test_dashboard.py
Log Message:
-----------
Prepare dashlet config for typing
With this change we prepare for making DashletConfig a typed dict. We
introduce a dashlet type specific dashlet config class which defines the
attribute that can be configured for that dashlet while keeping
DashletConfig a regular dict. This way we can prepare the code step py
step for the final change.
Change-Id: I6462076814df63371602a6ad45bc2412ba1db2dc
Commit: 906e02adffbd6b7d619b652bd93ef64b0a643a37
https://github.com/tribe29/checkmk/commit/906e02adffbd6b7d619b652bd93ef64b0…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M cmk/gui/plugins/dashboard/graph.py
M cmk/gui/type_defs.py
M tests/unit/cmk/gui/test_dashboard.py
Log Message:
-----------
Clean up graph dashlet hierarchy
GraphDashlet was used as concrete class for template graphs and as base
class for custom and single timeseries graph dashlets. Separated both
into ABCGraphDashlet and TemplateGraphDashlet.
Also clarified the DashletConfig and GraphIdentifier types for the
different concrete graph dashlets.
Change-Id: I8bcf51ecc7024512001b709174712e534cae914c
Commit: bd0a39ba5b75a89a060e2b7820b388756f1b0ede
https://github.com/tribe29/checkmk/commit/bd0a39ba5b75a89a060e2b7820b388756…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M cmk/gui/plugins/dashboard/graph.py
Log Message:
-----------
Graph dashlets: Cleanup _graph_identification and _graph_title
Move the dynamically computed attributes out of the GraphDashlet config
and make it regular attributes.
Change-Id: Ia4aca5cb4a6565ff3053219fb61ab171e4320470
Compare: https://github.com/tribe29/checkmk/compare/a62b28887943...bd0a39ba5b75
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 7749ffc51a7f90d76f6572fce62aca5430b62e77
https://github.com/tribe29/checkmk/commit/7749ffc51a7f90d76f6572fce62aca543…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M livestatus/api/python/livestatus.py
Log Message:
-----------
Remove ununsed add_headers field
Change-Id: Ide8a9adbcb4e8b695ca4d676b93109b225e612d4
Commit: a62b2888794362d14cc25c38536d12cc2b516b1d
https://github.com/tribe29/checkmk/commit/a62b2888794362d14cc25c38536d12cc2…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
A buildscripts/infrastructure/build-nodes/aws/roles/add-localhost/files/perform_rest_action.py
M buildscripts/infrastructure/build-nodes/aws/roles/add-localhost/tasks/main.yml
Log Message:
-----------
Provide a host with pre discovered services in AMI
... and use our REST API for that
Change-Id: Icd990c97a16bfbf56bac64d567dbe442b51de9f7
Compare: https://github.com/tribe29/checkmk/compare/37c456556fc6...a62b28887943
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 1a5feb45c9ea39f9d9f769d77d14467302288c0d
https://github.com/tribe29/checkmk/commit/1a5feb45c9ea39f9d9f769d77d1446730…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
A .werks/14384
M livestatus/api/python/livestatus.py
M tests/unit/livestatus/test_livestatus_unit.py
Log Message:
-----------
14384 SEC Fix command injection in livestatus query headers
Prior to this Werk it was possible to inject livestatus commands in
Checkmk's livestatus wrapper and python API. Attackers could add
additional commands in the AuthUser query header using newline
characters. This allowed running arbitrary livestatus commands,
including external commands to the core.
The issue could only be exploited by attackers from localhost, where the
tampered header could be injected in a request to graph data.
We thank Stefan Schiller (SonarSource) for reporting this issue.
<b>Affected Versions</b>: All currently supported versions are affected:
1.6, 2.0, and 2.1.
<b>Mitigations</b>: Immediate mitigations are not available.
<b>Indicators of Compromise</b>: Review the logs of Nagios / CMC for
suspicious commands.
<b>Vulnerability Management</b>: We have rated the issue with a CVSS
Score of 6.8 (Medium) with the following CVSS vector:
<tt>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L</tt>. A CVE has been
requested.
<b>Changes</b>: This Werk adds sanitization for the AuthUser header
field.
CMK-11203
Change-Id: Ie34b324ab57e84df03fd0ecbf54d22804d101723
Branch: refs/heads/1.6.0
Home: https://github.com/tribe29/checkmk
Commit: 16cea8572bd3ff594110b97e12408fcb939c487b
https://github.com/tribe29/checkmk/commit/16cea8572bd3ff594110b97e12408fcb9…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
A .werks/14384
M livestatus/api/python/livestatus.py
M tests/unit/livestatus/test_livestatus_unit.py
Log Message:
-----------
14384 SEC Fix command injection in livestatus query headers
Prior to this Werk it was possible to inject livestatus commands in
Checkmk's livestatus wrapper and python API. Attackers could add
additional commands in the AuthUser query header using newline
characters. This allowed running arbitrary livestatus commands,
including external commands to the core.
The issue could only be exploited by attackers from localhost, where the
tampered header could be injected in a request to graph data.
We thank Stefan Schiller (SonarSource) for reporting this issue.
<b>Affected Versions</b>: All currently supported versions are affected:
1.6, 2.0, and 2.1.
<b>Mitigations</b>: Immediate mitigations are not available.
<b>Indicators of Compromise</b>: Review the logs of Nagios / CMC for
suspicious commands.
<b>Vulnerability Management</b>: We have rated the issue with a CVSS
Score of 6.8 (Medium) with the following CVSS vector:
<tt>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L</tt>. A CVE has been
requested.
<b>Changes</b>: This Werk adds sanitization for the AuthUser header
field.
CMK-11203
Change-Id: Ie34b324ab57e84df03fd0ecbf54d22804d101723