Commit Graph

13570 Commits

Author SHA1 Message Date
Alexander Aleksandrovič Klimov 08a4aef4df
Doc: ITL: correct $ifw_api_crl$ default
In contrast to cert/key/CA, no CRL means no CRL.
(The behavior of the API is the same.)
2023-08-25 12:26:32 +02:00
Alexander Aleksandrovič Klimov e5d988a2fe
Merge pull request #7799 from Icinga/bugfix/file-end
Fix file endings
2023-08-25 11:06:19 +02:00
Alexander Aleksandrovič Klimov 66088050b5
Merge pull request #9848 from Icinga/mailmap-mathiasaerts
Update .mailmap
2023-08-14 12:58:47 +02:00
Julian Brost e94ca5b24e Update .mailmap 2023-08-14 09:45:00 +02:00
Julian Brost 986991ed48
Merge pull request #9802 from mathiasaerts/patch-1
Fix 'healt' typo
2023-08-14 09:38:41 +02:00
Julian Brost 7ae91ce504
Merge pull request #9826 from Icinga/Al2Klimov-patch-9
Release issue template: Harden OpenSSL Defaults
2023-08-01 10:31:07 +02:00
Alexander A. Klimov b84dda1790 .github/ISSUE_TEMPLATE/release.md: Harden global TLS defaults 2023-07-31 16:30:20 +02:00
Julian Brost 756aa18c18
Merge pull request #9828 from Icinga/release.md
Replace `RELEASE.md' with issue template
2023-07-31 16:18:01 +02:00
Alexander A. Klimov 4164bee6c7 Release issue template: restore non-trivial info from removed RELEASE.md
We have dedicated repositories for packages, so this stuff is already
fragmented into visible and invisible. The docs can be fragmented the same
way. But then everything about this repo should be documented in this repo,
too. This just re-adds docs about the publicly visible stuff. Ex. the last
section, but it is easy to miss, so it's here.
2023-07-31 10:46:12 +02:00
Julian Brost 2d6ea43a7b
Merge pull request #9834 from Icinga/probot/update-authors/master/e3cca711ef464505db0cd891239bc66686b641b6
Update AUTHORS
2023-07-24 14:01:04 +02:00
icinga-probot[bot] 7e5dc97ecb
Update AUTHORS 2023-07-14 12:56:21 +00:00
Alexander Aleksandrovič Klimov e3cca711ef
Merge pull request #9831 from Icinga/probot/update-authors/master/a81f95d6abcbf8b6811b1379badb262abedee46a
Update AUTHORS
2023-07-14 14:55:56 +02:00
Alexander Aleksandrovič Klimov 52a3604680
Merge pull request #9759 from liip-forks/OdyX-sslcert_allow-setting-url
ssl_cert allow HTTP request URL setting
2023-07-14 10:24:23 +02:00
Alexander Aleksandrovič Klimov 1af5109ad3
Merge pull request #9734 from Icinga/remove-unused-stream-peek-
Remove unused Stream#Peek()
2023-07-13 16:52:29 +02:00
icinga-probot[bot] b6c5e1663c
Update AUTHORS 2023-07-13 11:57:09 +00:00
Alexander Aleksandrovič Klimov a81f95d6ab
Merge pull request #9746 from LordHepipud/patch-1
Adds ProgressPreference SilentlyContinue
2023-07-13 13:56:38 +02:00
Alexander Aleksandrovič Klimov 0d5802937b
Merge pull request #9829 from Icinga/probot/sync-changelog/master/cc104f8208351785aba6ee031d92c978d4f5c966
CHANGELOG.md: add v2.13.8
2023-07-12 11:00:28 +02:00
Alexander A. Klimov 0ef0c7a3fd CHANGELOG.md: add v2.13.8 2023-07-12 08:19:38 +00:00
Alexander Aleksandrovič Klimov cc104f8208
Icinga 2.14 (#9760) 2023-07-12 10:19:24 +02:00
Eric Lippmann 62d7e2af80 Replace `RELEASE.md' with issue template
Apart from the Windows-related notes, all instructions are common to our
releases and therefore do not need to be explicitly listed here. In
addition, most of the information was severely outdated, especially with
respect to how our packaging works.
2023-07-11 15:40:59 +02:00
Alexander Aleksandrovič Klimov 1df14d60d2
Merge pull request #9827 from Icinga/application-m_lastreloadfailed-uint32_t
Application::m_LastReloadFailed: if double isn't always lock free, use uint32_t
2023-07-10 14:14:58 +02:00
Alexander A. Klimov 8f8a6ee2a0 Application::m_LastReloadFailed: if double isn't always lock free, use uint32_t
which will overflow in 2106, not 2038.
This fixes a compile failure on 32-bit Raspbian.
2023-07-10 10:51:02 +02:00
Alexander Aleksandrovič Klimov 2e4af46d46
Merge pull request #9787 from Icinga/OpenSSL30
Windows: bump OpenSSL v1.1 (soon EOL) -> v3.0
2023-07-07 10:17:17 +02:00
Alexander Aleksandrovič Klimov 681f9eed62
Merge pull request #9743 from Icinga/Al2Klimov-patch-5
GHA: Linux: add Fedora 38, Ubuntu 23.04, Debian 12, openSUSE 15.5
2023-07-06 17:26:54 +02:00
Alexander A. Klimov 656d9d439b GHA: add Amazon Linux 2023
which unfortunately seems not to have ccache. 🤷
2023-07-06 14:21:03 +02:00
Alexander Aleksandrovič Klimov 000a776dfb
Built-in check command: ifw-api (#9062) 2023-07-06 14:18:21 +02:00
Julian Brost 26a75f8a6f
Merge pull request #9812 from Icinga/support-elasticsearch-8-0-9251
ElasticsearchWriter: switch to v7+ URL schema to support v8
2023-07-05 10:15:10 +02:00
Alexander Aleksandrovič Klimov 8047c25537
GHA: add Debian and Raspbian 12 2023-07-04 14:49:32 +02:00
Alexander Aleksandrovič Klimov c8d5c579ce
GHA: add openSUSE and SLES 15.5 2023-07-04 11:33:42 +02:00
Julian Brost fe13b96226
Merge pull request #9809 from Icinga/reevaluate-and-update-default-tls-cipher-list-9808
Copy and paste global default TLS cipher set from ssl-config.mozilla.org
2023-07-03 19:13:10 +02:00
Alexander A. Klimov 617dda61fb Re-order global default TLS cipher list to prefer AES256 over AES128 2023-07-03 15:36:11 +02:00
Alexander A. Klimov 4c2e59a690 ElasticsearchWriter: switch to v7+ URL schema to support v8
and OpenSearch 2. This breaks the EOL v5 and v6.
2023-07-03 14:43:45 +02:00
Julian Brost 70d6b6e424
Merge pull request #9810 from Icinga/Al2Klimov-patch-8
ElasticsearchWriter#Pause(): call Flush() only once
2023-06-30 17:21:16 +02:00
Alexander Aleksandrovič Klimov 076eb59443
ElasticsearchWriter#Pause(): lock m_DataBufferMutex during Flush()
just to be sure regarding race conditions.
2023-06-30 14:57:18 +02:00
Julian Brost fdaa96ece1
Merge pull request #9811 from Icinga/allow-dhe-tls-ciphers
Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers
2023-06-30 10:41:32 +02:00
Julian Brost a2e05f89e8 Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers
Non-ECC DHE ciphers in the `cipher_list` attribute of `ApiListener` (the
default value includes these) had no effect as no DH parameters were available
and therefore the server wouldn't offer these ciphers. OpenSSL provides
built-in DH parameters starting from version 1.1.0, however, these have to be
enables explicitly using the `SSL_CTX_set_dh_auto()` function. This commit does
so and thereby makes it possible to establish a connection to an Icinga 2
server using a DHE cipher.
2023-06-29 12:06:26 +02:00
Alexander Aleksandrovič Klimov d5e6ecec8a
ElasticsearchWriter#Pause(): call Flush() only once
The first Flush() is redundant and may access m_DataBuffer at the same time as some Flush() in m_WorkQueue (race condition) which isn't joined, yet.
2023-06-29 10:42:12 +02:00
Alexander A. Klimov 2e053b0e06 Copy and paste global default TLS cipher set from ssl-config.mozilla.org
which got more secure by now, but still overlaps with v2.13.x' set.
2023-06-28 14:49:08 +02:00
Julian Brost a2926b8604
Merge pull request #9794 from Icinga/round-notification-times-begin-end-not-to-crash-go-daemon
IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon
2023-06-27 17:08:41 +02:00
Alexander A. Klimov dccb678882 IcingaDB::PrepareObject(): cut off (null) negative Notification#times.{begin,end} not to crash Go daemon
At least our PostgreSQL schema enforces positive values.
2023-06-27 12:58:08 +02:00
Alexander A. Klimov 415b810abf IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon
The latter expects ints, not floats - not to mention strings.
Luckily Icinga already enforces numeric strings so that we can cast it to number.
2023-06-27 12:53:08 +02:00
Julian Brost 9cf519316e
Merge pull request #9805 from Icinga/checkcommand-timeout-0-crashes-icinga-db-daemon-9804
IcingaDB::PrepareObject(): cut off (0) negative Command#timeout for Redis
2023-06-27 10:45:02 +02:00
Julian Brost c08d3beeb1
Merge pull request #9785 from Icinga/Al2Klimov-patch-8
Icinga DB: also write ConfigObject#original_attributes into Redis
2023-06-27 10:24:41 +02:00
Julian Brost bd11bc2eb4
Merge pull request #9793 from Icinga/unmarshal-number-42-5-into-go-struct-field-notification-notification_interval
IcingaDB::PrepareObject(): round Notification#interval and limit it to >=0
2023-06-27 10:12:13 +02:00
Alexander A. Klimov d641a3c799 IcingaDB::PrepareObject(): cut off (0) negative Command#timeout for Redis
not to crash the Go daemon which expects positive values there.
2023-06-26 15:36:47 +02:00
Julian Brost 5350aa3c72
Merge pull request #9792 from Icinga/icingadb-conversion-of-strings-to-number-types-to-avoid-crashes-9791
IcingaDB::PrepareObject(): convert non-null Checkable#check_timeout to number
2023-06-26 15:03:21 +02:00
Mathias Aerts 006ab1fe70
Fix typo 2023-06-26 09:17:26 +02:00
Julian Brost eddd4c7bf7
Merge pull request #9783 from Icinga/restore_attrs
POST /v1/objects: allow array of attrs to undo modifications of
2023-06-20 10:16:40 +02:00
Alexander A. Klimov 273aa6f997 IcingaDB::PrepareObject(): round Notification#interval and limit it to >=0
otherwise, e.g. with -42.5, the Go daemon crashes. It expects uints there.
2023-06-19 12:46:40 +02:00
Alexander A. Klimov 9f08bad395 IcingaDB::PrepareObject(): convert non-null Checkable#check_timeout to number
and, in case of null, fall back to Checkable#check_command.timeout, just like
IcingaDB#SerializeState(). Otherwise the Go daemon crashes. It expects a number.
2023-06-15 12:29:42 +02:00