tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-09-23 17:57:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,296 Commits 279 Branches 124 Tags
Commit Graph

12296 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Julian Brost
0419a2c36d Security: fix TLS certificate validation bypass 
The previous validation in set_verify_callback() could be bypassed, tricking
Icinga 2 into treating invalid certificates as valid. To fix this, the
validation checks were moved into the IsVerifyOK() function.

This is tracked as CVE-2024-49369, more details will be published at a later time.
 2024-10-22 10:42:57 +02:00
Alexander Aleksandrovič Klimov
c890969e7b
Merge pull request #9691 from Icinga/changelog-2.12.10 
Icinga 2.12.10
v2.12.10 		2023-02-16 16:52:05 +01:00
Alexander Aleksandrovič Klimov
3f10f8d156
Merge pull request #9689 from Icinga/selinux-2.12.10 
Add role icinga2adm_r to SELinux policies
 2023-02-16 16:43:14 +01:00
Alexander Aleksandrovič Klimov
0c3dae9db9
Merge pull request #9686 from Icinga/deps-2.12.10 
Boost v1.81, OpenSSL v1.1.1t
 2023-02-16 16:43:00 +01:00
Henrik Triem
61dac6fbb2
Reword Changelog for SELinux Issue 2023-02-16 13:42:55 +01:00
Alexander A. Klimov
07ca2d5108 Icinga 2.12.10 
* Update CHANGELOG.md (WIP)
* Bump ICINGA2_VERSION
 2023-02-16 13:14:27 +01:00
Henrik Triem
d5e8872671 Add icinga2adm_r role def before creating SELinux user&domain 2023-02-16 12:18:29 +01:00
Alexander A. Klimov
e812f3eeef Bump Boost to v1.81 2023-02-15 13:36:58 +01:00
Alexander A. Klimov
75375e2edf Handle boost::beast::http::basic_fields#operator[]() signature change (v1.81) 
Use always working std::string(x), not broken x.to_string().
(x is a return value.)
 2023-02-15 13:36:58 +01:00
Alexander A. Klimov
21bc188f59 Handle boost::beast::http::basic_fields#set() signature change (v1.81) 
Make String convertible to boost::beast::string_view (always working),
not boost::string_view (broken).
 2023-02-15 13:36:58 +01:00
Alexander A. Klimov
0a5eb243ed Windows: bump OpenSSL to v1.1.1t 2023-02-15 13:36:58 +01:00
Julian Brost
e45fdd2234 Windows: update bundled OpenSSL to version 1.1.1s 2023-02-15 13:36:47 +01:00
Alexander A. Klimov
5b17f3c5aa Bump Boost v1.79 -> v1.80 2023-02-15 13:36:47 +01:00
Alexander A. Klimov
9d7ca8c14d Bump OpenSSL to 1.1.1q 2023-02-15 13:36:47 +01:00
Julian Brost
9fba5a6313
Merge pull request #9669 from Icinga/gha21210 
Update GHA
 2023-02-15 12:58:23 +01:00
Alexander A. Klimov
3f79016d0e GHA: build Icinga 2 from source 
as the package build images aren't public anymore.
 2023-02-14 12:27:43 +01:00
Johannes Meyer
773dc4fd2c Run only a single job per workflow matrix at a time 
This limits each run of these workflows to a single
active matrix job. This means, for each PR, merge or
release only five jobs run concurrently.
 2023-02-14 12:27:43 +01:00
Alexander Aleksandrovič Klimov
09b618eebd GHA: revert back to ubuntu-latest 
as that is 22.04 or later.
 2023-02-14 12:27:43 +01:00
Alexander A. Klimov
3f9b7ff620 GHA: let GitHub cancel redundant jobs 
This will also cancel not yet finished master builds, but that's not too bad.
 2023-02-14 12:27:43 +01:00
Alexander A. Klimov
32f403007a GHA: drop EOL OSes 2023-02-14 12:27:43 +01:00
Julian Brost
e42b52b20d GitHub Actions: no longer test builds on Fedora 35 
The repositories have been removed so builds are failing anyways.
 2023-02-14 12:27:43 +01:00
Alexander A. Klimov
41332e9e1e GHA: handle changed interface of Icinga/docker-icinga2 2023-02-14 12:27:43 +01:00
Alexander A. Klimov
0ee006d081 GHA: Update build targets 2023-02-14 12:27:43 +01:00
Julian Brost
33b0d06255 GitHub Actions: Build Raspbian on Ubuntu 22.04 
Raspbian builds were running on Ubuntu 20.04 but with qemu-user-static from Ubuntu 21.10 (impish) due to need for newer features. However, the impish package repos are no longer available as that version reached its EOL. ubuntu-latest still refers to 20.04 on GitHub Actions but 22.04 is already available when explicitly specified. This commit switches the build over to that version and removes the workaround.
 2023-02-14 12:27:43 +01:00
Alexander A. Klimov
25d06508a3 RELEASE.md: remove Chocolatey section 2023-02-14 12:27:38 +01:00
Alexander Aleksandrovič Klimov
dec63ce536
Merge pull request #9403 from Icinga/feature/release-2.12.9 
Release 2.12.9
v2.12.9 		2022-06-29 19:15:18 +02:00
Julian Brost
2b56b27e23 Release 2.12.9 2022-06-29 11:36:40 +02:00
Alexander Aleksandrovič Klimov
089086052d
Merge pull request #9414 from Icinga/update-windows-openssl-version-212 
Windows: Update openssl to the latest version 1_1_1p
 2022-06-24 01:35:57 +02:00
Yonas Habteab
21b59667ae Windows: Update openssl to the latest version 1_1_1p 2022-06-23 15:00:01 +02:00
Alexander Aleksandrovič Klimov
0b66a3578d
Merge pull request #9394 from Icinga/bugfix/atomic-members-2.12 
Synchronize all access to auto-generated class members (from .ti files)
 2022-06-23 11:32:33 +02:00
Alexander Aleksandrovič Klimov
42d33b8dd2
Merge pull request #9401 from Icinga/bugfix/remove-redundant-serialization-2.12 
Remove redundant call to Serialize() in ConfigItem::Commit()
 2022-06-23 11:32:07 +02:00
Julian Brost
71fc301702 Remove redundant call to Serialize() in ConfigItem::Commit() 
The very same object is already serialized a few lines above, the result is
even stored in a variable, but that variable was not used before. Simply using
this variable results in a noticeable improvement of config validation times.
 2022-06-15 11:04:37 +02:00
Julian Brost
33a52d8655 Replace EventuallyAtomic with AtomicOrLocked which falls back to a mutex 
Apparently there was a reason for making the members of generated classes
atomic. However, this was only done for some types, others were still accessed
using non-atomic operations. For members of type T::Ptr (i.e.  intrusive_ptr<T>),
this can result in a double free when multiple threads access the same variable
and at least one of them writes to the variable.

This commit makes use of std::atomic<T> for more T (it removes the additional
constraint sizeof(T) <= sizeof(void*)) and uses a type including a mutex for
load and store operations as a fallback.
 2022-06-14 12:23:04 +02:00
Alexander A. Klimov
dba78f73da mkclass: make .ti class members atomic if possible 
... not to have to lock the objects while setting attributes.
 2022-06-14 12:23:04 +02:00
Julian Brost
8e42d3ec93
Merge pull request #9357 from Icinga/feature/release-2.12.8 
Release 2.12.8
v2.12.8 		2022-04-27 15:40:39 +02:00
Julian Brost
9c3188b6c0 Release 2.12.8 2022-04-27 15:35:37 +02:00
Julian Brost
3572be48ce
Merge pull request #9359 from Icinga/feature/windows-boost-1.79-2.12 
Windows: update boost to version 1.79.0
 2022-04-27 15:33:32 +02:00
Julian Brost
213aab5435 Windows: update boost to version 1.79.0 2022-04-27 13:45:28 +02:00
Alexander Aleksandrovič Klimov
06a909803a
Merge pull request #9349 from Icinga/bugfix/downtime-args 
Fix mixed up arguments for AddDowntime/RemoveDowntime in 2.12.x
 2022-04-20 11:57:51 +02:00
Julian Brost
d281107f33 Fix mixed up arguments for Downtime::RemoveDowntime() 
PR #8879 backported a call to that function as is without considering the
different signature of that function between 2.12 and 2.13+.

master:
  static void RemoveDowntime(
    const String& id,      // downtime->GetName()
    bool includeChildren,  // false
    bool cancelled,        // true
    bool expired = false,
    const String& removedBy = "",
    const MessageOrigin::Ptr& origin = nullptr
  );

support/2.12 without this commit:
  static void RemoveDowntime(
    const String& id,      // downtime->GetName()
    bool cancelled,        // false
    bool expired = false,  // true
    const MessageOrigin::Ptr& origin = nullptr
  );

support/2.12 with this commit:
  static void RemoveDowntime(
    const String& id,  // downtime->GetName()
    bool cancelled,    // true
    bool expired = false,
    const MessageOrigin::Ptr& origin = nullptr
  );
 2022-04-19 17:32:56 +02:00
Julian Brost
15f71f434a Fix mixed up arguments for Downtime::AddDowntime() 
PR #9184 backported a call to that function as is without considering the
different signature of that function between 2.12 and 2.13+.

master:
  static Ptr AddDowntime(
    const intrusive_ptr<Checkable>& checkable,   // childService
    const String& author,                        // author
    const String& comment,                       // comment
    double startTime,                            // startTime
    double endTime,                              // endTime
    bool fixed,                                  // fixed
    const String& triggeredBy,                   // triggerName
    double duration,                             // duration
    const String& scheduledDowntime = String(),  // String()
    const String& scheduledBy = String(),        // String()
    const String& parent = String(),             // childDowntimeName
    const String& id = String(),
    const MessageOrigin::Ptr& origin = nullptr
  );

support/2.12 without this commit:
  static Ptr AddDowntime(
    const intrusive_ptr<Checkable>& checkable,   // childService
    const String& author,                        // author
    const String& comment,                       // comment
    double startTime,                            // startTime
    double endTime,                              // endTime
    bool fixed,                                  // fixed
    const String& triggeredBy,                   // triggerName
    double duration,                             // duration
    const String& scheduledDowntime = String(),  // String()
    const String& scheduledBy = String(),        // String()
    const String& id = String(),                 // childService
    const MessageOrigin::Ptr& origin = nullptr
  );

support/2.12 with this commit:
  static Ptr AddDowntime(
    const intrusive_ptr<Checkable>& checkable,   // childService
    const String& author,                        // author
    const String& comment,                       // comment
    double startTime,                            // startTime
    double endTime,                              // endTime
    bool fixed,                                  // fixed
    const String& triggeredBy,                   // triggerName
    double duration,                             // duration
    const String& scheduledDowntime = String(),
    const String& scheduledBy = String(),
    const String& id = String(),
    const MessageOrigin::Ptr& origin = nullptr
  );
 2022-04-19 17:18:06 +02:00
Julian Brost
ddae22a6d6
Merge pull request #9331 from Icinga/feature/release-2.12.7 
Release 2.12.7
v2.12.7 		2022-04-13 10:43:52 +02:00
Julian Brost
9ec8bd9a7f
Merge pull request #9344 from Icinga/gha2127 
Update GHA
 2022-04-13 09:50:37 +02:00
Alexander Aleksandrovič Klimov
b518435e4d GHA: add Fedora 36 2022-04-12 17:33:38 +02:00
Alexander Aleksandrovič Klimov
72a718246b GHA: add Ubuntu jammy 2022-04-12 17:33:38 +02:00
Alexander Aleksandrovič Klimov
ed886268ba Drop Ubuntu hirsute 
It's EOL.
 2022-04-12 17:33:38 +02:00
Julian Brost
4137746bbe Release 2.12.7 2022-04-12 17:10:52 +02:00
Julian Brost
372f8f3599
Merge pull request #9338 from Icinga/Al2Klimov-patch-3-212 
Let new cluster certificates expire after 397 days, not 15 years
 2022-04-12 09:50:37 +02:00
Julian Brost
c19a9192a1
Merge pull request #9334 from Icinga/bugfix/compare-cluster-tickets-in-constant-time-212 
Compare cluster tickets in constant time
 2022-04-11 20:28:51 +02:00
Julian Brost
3cd3766672
Merge pull request #9336 from Icinga/bugfix/startup-log-212 
Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage
 2022-04-11 18:05:53 +02:00