Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 2a9ffe58ac6d3f337c48e12c012e8296b7aecd5d
https://github.com/tribe29/checkmk/commit/2a9ffe58ac6d3f337c48e12c012e8296b…
Author: Gav <gavin.mcguigan(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
A .werks/15433
Log Message:
-----------
15433 FIX service_discovery: response for non-existing jobs now include detail
This werk fixes an issue with the problem response in the service discovery GET
endpoint.
Previously, it would return a 404 with a title attribute only. It now conforms to
our other endpoints and returns a problem response with status code, title and detail
attribute.
Change-Id: Ifba5314c92a7c576986642ece0a9830a4d32ea19
Commit: d916194df6d387d8b71a6fc8d9869f7b7aa3da4b
https://github.com/tribe29/checkmk/commit/d916194df6d387d8b71a6fc8d9869f7b7…
Author: Gav <gavin.mcguigan(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M .werks/15380
Log Message:
-----------
werk: editing werk to only mention the activate changes change
Change-Id: I748ca126d6643e89e7f6a9c6beadfd5cac985d80
Commit: d389bd54deca4b02dda82d9a34bb5a34d0be62ef
https://github.com/tribe29/checkmk/commit/d389bd54deca4b02dda82d9a34bb5a34d…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
A .werks/14980
M cmk/gui/views/painter/v0/painters.py
Log Message:
-----------
14980 FIX service details view: unable to render view due to long filename
Check manuals are
* supported for Checkmk-based checks only
* enforced via our CI
There is no need to display a "no check manual" message. If it's not
found, it can be assumed that it's not supported.
SUP-13452
Change-Id: Ie82c63253d4d52a4e0e3dc69f06bcbc3417448f1
Commit: 94ab5487a1e8d4d7a57f12b7f2a75ad2cc171735
https://github.com/tribe29/checkmk/commit/94ab5487a1e8d4d7a57f12b7f2a75ad2c…
Author: Lukas Lengler <lukas.lengler(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
R checks/arista_bgp
A cmk/base/plugins/agent_based/bgp_peer.py
R tests/unit/checks/generictests/datasets/arista_bgp_dataset.py
R tests/unit/checks/test_check_arista_bgp.py
M tests/unit/checks/test_generic_legacy_conversion.py
A tests/unit/cmk/base/plugins/agent_based/test_bgp_peer.py
Log Message:
-----------
Migrate Arista BGP check plugin to new Check API
SUP-10721
Change-Id: I66ce4f1dae94bf715e361579c9baac0e8873fe41
Compare: https://github.com/tribe29/checkmk/compare/a2a593876d03...94ab5487a1e8
Branch: refs/heads/2.2.0
Home: https://github.com/tribe29/checkmk
Commit: a482902288347312c445134df7fe1596ba5d8cba
https://github.com/tribe29/checkmk/commit/a482902288347312c445134df7fe1596b…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M cmk/base/agent_based/checking/_checking.py
M cmk/base/agent_based/confcheckers.py
M cmk/base/agent_based/data_provider.py
M cmk/base/agent_based/inventory/_active.py
M cmk/base/agent_based/inventory/_autoinventory.py
M cmk/base/agent_based/inventory/_inventory.py
M cmk/base/agent_based/inventory/commandline.py
M cmk/base/config.py
M cmk/checkers/__init__.py
M cmk/checkers/_api.py
M tests/unit/cmk/base/test_config.py
Log Message:
-----------
Raise abstraction -> InventoryPlugin
This severes one dependency on base and on the concrete
implementation of the API.
CMK-12002
Change-Id: I947e24b6ff1fcae6a535b06e1063b37785a4aca7
(cherry picked from commit c8217707d0353d92db9495f3f7cb70892fa4d438)
Commit: 8deed217372594e3242a409f002fdb4ea0563dfe
https://github.com/tribe29/checkmk/commit/8deed217372594e3242a409f002fdb4ea…
Author: Wontek Hong <wontek.hong(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M tests/unit/cmk/special_agents/agent_kube/test_namespace.py
Log Message:
-----------
agent_kube: adapting namespace to new write out model
Change-Id: I4da377686382828a0eea72f73e1f9330bcba2d79
Commit: a0845d2eebaafdab0e3548840a866a568cdb892c
https://github.com/tribe29/checkmk/commit/a0845d2eebaafdab0e3548840a866a568…
Author: Wontek Hong <wontek.hong(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
A .werks/15385
M cmk/special_agents/agent_kube.py
M tests/unit/cmk/special_agents/agent_kube/test_namespace.py
Log Message:
-----------
15385 FIX agent_kube: ignore resource quota with no hard resource requirement
Previously, the Kubernetes special agent failed when the Kubernetes API reported
a resource quota but with no underlying hard resource requirement for either memory
or cpu. This werk fixes this issue.
Change-Id: Iada96a1df05929d1c4464b9f207f9504a657b1b5
Commit: 9204da97acf0ca8124e93ea9f59023d548012f32
https://github.com/tribe29/checkmk/commit/9204da97acf0ca8124e93ea9f59023d54…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M cmk/base/automations/check_mk.py
Log Message:
-----------
Simpler function signature removes dep on check API 2
Change-Id: Ia397c2d950794a2a138059952f5acba361af9ab4
Commit: e985385298c079378bd4b92dd2773e1db937861d
https://github.com/tribe29/checkmk/commit/e985385298c079378bd4b92dd2773e1db…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M cmk/base/agent_based/discovery/_discovered_services.py
M tests/unit/cmk/base/agent_based/discovery/test_discovery.py
Log Message:
-----------
Simpler function signature removes dep on Check API 3
Change-Id: Ie11a9d71a7561d07e9e21720206db137b541288e
Compare: https://github.com/tribe29/checkmk/compare/c6d6c28c5fd4...e985385298c0
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: e9e3bb237cc8a1b4496e866ef450b88f3d315999
https://github.com/tribe29/checkmk/commit/e9e3bb237cc8a1b4496e866ef450b88f3…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
A .werks/15068
Log Message:
-----------
15068 SEC Fix improper certificate validation in agent updater
The compiled version of the agent-updater uses its own collection of trusted Certificate Authorities.
This collection comes from the Python package certifi and is based on the collection of Mozilla Firefox.
The used Python package and therefore the collection was outdated and is subject to CVE-2022-23491.
This collection included a CA certificate of TrustCor which is not considered trustworthy anymore.
(See: https://security.googleblog.com/2023/01/sustaining-digital-certificate-secu…)
If an attacker was able to create certificates for arbitrary domains signed by this CA, machine-in-the-middle attacks could be possible.
To mitigate this vulnerability please update and rollout the agent-updater (typical agent-update is sufficient).
If an update is currently not possible one can set the <tt>Certificates for HTTPS verification</tt> option for the agent updater.
If this option is set a custom list of trusted certificates is used to verify the HTTPS connection instead of the CA collection.
All versions up to 1.6 are vulnerable.
This vulnerability was found internally.
We calculated a CVSS 3.1 score of 6.2 (medium) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:R
Please note that we rate this rather low since this is more a hypothetical attack and no wrong-doing of the CA was ever proven.
This also includes these changes:
- 40cd46cfbf7f9da5e68f75f24a272c772f700722.
- I05ffb5a41216740a561a7e574be45b59943bef1c
- I026fc7c30fc4ed10579fb40e5f2995346376084c
- I257fe2b5ae07673002c67162566dbcd14216b006
- I9b925a40fd53ce63d877c55b7b13a178bb716c49
- I0aa79606a5697cdb0e9aff09116e0c23a61cb2a8
- Ia23359a5fb9e3f1fd92b6d1d777e82d85229efe6
Change-Id: Ia23359a5fb9e3f1fd92b6d1d777e82d85229efe6
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 4618d5104d5dc251068e1a09fc5d4867fa0e84f7
https://github.com/tribe29/checkmk/commit/4618d5104d5dc251068e1a09fc5d4867f…
Author: Lukas Lengler <lukas.lengler(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M checks/arista_bgp
M checks/juniper_bgp_state
R cmk/base/check_legacy_includes/ip_format.py
A cmk/base/plugins/agent_based/utils/ip_format.py
Log Message:
-----------
Move ip_format check legacy include to check plugin utils
SUP-10721
Change-Id: I51e17aafbc5f150450d587b9d3474cef3494c7aa
Commit: a2125681c92756142deda5c077e2009be068a55d
https://github.com/tribe29/checkmk/commit/a2125681c92756142deda5c077e2009be…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M cmk/update_config/main.py
Log Message:
-----------
update config: actually validate the base config
Change-Id: Ifc1c8f541735e434e0b890ecad428051fd566668
Commit: 231a3edc989b347ce978c6e206d4ea4f6ee15f0c
https://github.com/tribe29/checkmk/commit/231a3edc989b347ce978c6e206d4ea4f6…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M cmk/base/agent_based/checking/_checking.py
M cmk/base/agent_based/confcheckers.py
M cmk/base/agent_based/data_provider.py
M cmk/base/agent_based/inventory/_active.py
M cmk/base/agent_based/inventory/_autoinventory.py
M cmk/base/agent_based/inventory/_inventory.py
M cmk/base/agent_based/inventory/commandline.py
M cmk/base/config.py
M cmk/checkers/__init__.py
M cmk/checkers/_api.py
M tests/unit/cmk/base/test_config.py
Log Message:
-----------
Raise abstraction -> InventoryPlugin
This severes one dependency on base and on the concrete
implementation of the API.
CMK-12002
Change-Id: I947e24b6ff1fcae6a535b06e1063b37785a4aca7
Commit: 7a289d826444d721dd2f796c376a36df17108f44
https://github.com/tribe29/checkmk/commit/7a289d826444d721dd2f796c376a36df1…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M cmk/base/automations/check_mk.py
Log Message:
-----------
Simpler function signature removes dep on check API 2
Change-Id: Ia397c2d950794a2a138059952f5acba361af9ab4
Commit: 7cef3bd1ab894e3042c087f8f6a8ea66bc7ad855
https://github.com/tribe29/checkmk/commit/7cef3bd1ab894e3042c087f8f6a8ea66b…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
M cmk/base/agent_based/discovery/_discovered_services.py
M tests/unit/cmk/base/agent_based/discovery/test_discovery.py
Log Message:
-----------
Simpler function signature removes dep on Check API 3
Change-Id: Ie11a9d71a7561d07e9e21720206db137b541288e
Compare: https://github.com/tribe29/checkmk/compare/55d286ba3210...7cef3bd1ab89
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 8ee46030488e7bb0b975085f03e1cc748c6c5b03
https://github.com/tribe29/checkmk/commit/8ee46030488e7bb0b975085f03e1cc748…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2023-03-01 (Wed, 01 Mar 2023)
Changed paths:
A .werks/15068
Log Message:
-----------
15068 SEC Fix improper certificate validation in agent updater
The compiled version of the agent-updater uses its own collection of trusted Certificate Authorities.
This collection comes from the Python package certifi and is based on the collection of Mozilla Firefox.
The used Python package and therefore the collection was outdated and is subject to CVE-2022-23491.
This collection included a CA certificate of TrustCor which is not considered trustworthy anymore.
(See: https://security.googleblog.com/2023/01/sustaining-digital-certificate-secu…)
If an attacker was able to create certificates for arbitrary domains signed by this CA, machine-in-the-middle attacks could be possible.
To mitigate this vulnerability please update and rollout the agent-updater (typical agent-update is sufficient).
If an update is currently not possible one can set the <tt>Certificates for HTTPS verification</tt> option for the agent updater.
If this option is set a custom list of trusted certificates is used to verify the HTTPS connection instead of the CA collection.
All versions up to 1.6 are vulnerable.
This vulnerability was found internally.
We calculated a CVSS 3.1 score of 6.2 (medium) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:R
Please note that we rate this rather low since this is more a hypothetical attack and no wrong-doing of the CA was ever proven.
This also includes these changes:
- 40cd46cfbf7f9da5e68f75f24a272c772f700722.
- I05ffb5a41216740a561a7e574be45b59943bef1c
- I026fc7c30fc4ed10579fb40e5f2995346376084c
- I257fe2b5ae07673002c67162566dbcd14216b006
- I9b925a40fd53ce63d877c55b7b13a178bb716c49
- I0aa79606a5697cdb0e9aff09116e0c23a61cb2a8
- Ia23359a5fb9e3f1fd92b6d1d777e82d85229efe6
Change-Id: Ia23359a5fb9e3f1fd92b6d1d777e82d85229efe6
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: a20b43d90628c349b196527fe57e5388a4a73ba1
https://github.com/tribe29/checkmk/commit/a20b43d90628c349b196527fe57e5388a…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2023-03-06 (Mon, 06 Mar 2023)
Changed paths:
A .werks/15240
M cmk/update_config.py
Log Message:
-----------
15240 FIX Call variable validation during cmk-update-config
A validation step during cmk-update-config was unintentionally skipped.
This validation is regularly called during regular operation, but we
intended to already show them during update.
Change-Id: If73818d8eea69585df7225d546dc77c7df14065d