tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-04-08 17:05:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,547 Commits 421 Branches 120 Tags
Commit Graph

11547 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander A. Klimov
5cde51ca35 Icinga 2.11.12 v2.11.12 2024-10-28 16:18:24 +01:00
Alexander A. Klimov
b68139d609 Windows: bump OpenSSL v1.1 (EOL) -> v3.0 2024-10-22 10:53:57 +02:00
Julian Brost
8fed660891 Security: fix TLS certificate validation bypass 
The previous validation in set_verify_callback() could be bypassed, tricking
Icinga 2 into treating invalid certificates as valid. To fix this, the
validation checks were moved into the IsVerifyOK() function.

This is tracked as CVE-2024-49369, more details will be published at a later time.
 2024-10-22 10:43:13 +02:00
Noah Hilverling
08e2d9fc00 Add 2.11.11 changelog and bump VERSION v2.11.11 2021-08-18 17:11:38 +02:00
Julian Brost
c2abb0c9dc GelfWriter: show error message of exceptions 2021-08-17 18:49:36 +02:00
Julian Brost
8da90d44fa InfluxdbWriter: actually verify TLS server certificates 
And add a new option ssl_insecure_noverify to explicitly disable it if desired.
 2021-08-17 18:49:36 +02:00
Julian Brost
037944a51b GelfWriter: actually verify TLS server certificates 
And add a new option insecure_noverify to explicitly disable it if desired.
 2021-08-17 18:49:35 +02:00
Julian Brost
78aa348e6a ElasticsearchWriter: actually verify TLS server certificates 
And add a new option insecure_noverify to explicitly disable it if desired.
 2021-08-17 18:49:35 +02:00
Julian Brost
5c35ab551b Enable hostname verification in UnbufferedAsioTlsStream 2021-08-17 18:49:35 +02:00
Julian Brost
236e10d7b3
Merge pull request from GHSA-98wp-jc6q-x5q5 
API: hide ApiListener#ticket_salt (2.11)
 2021-07-15 11:13:35 +02:00
Julian Brost
8773251688
Merge pull request from GHSA-wrpw-pmr8-qgj7 
Remove passwords from API (2.11)
 2021-07-15 11:12:29 +02:00
Julian Brost
3e0cfde299 Icinga 2.11.10 v2.11.10 2021-07-09 16:34:18 +02:00
Alexander A. Klimov
caf697b868 API: hide ApiListener#ticket_salt 2021-07-09 09:30:01 +02:00
Julian Brost
5f9957c7d5 Remove passwords from API 
IdoMysqlConnection, IdoPgsqlConnection, and ElasticsearchWriter require
passwords in their configuration to authenticate against external services.
This commit ensures that these can no longer be accessed using the API.
 2021-07-09 09:05:40 +02:00
Julian Brost
aac5946d5d
Merge pull request #8869 from Icinga/feature/improve-crashlog-211 
Improve crashlog
 2021-07-09 08:21:54 +02:00
Julian Brost
58be537557
Merge pull request #8891 from Icinga/bugfix/trigger-fixed-downtimes-immediately-211 
Downtime#Start(): trigger fixed downtimes immediately instead of waiting for the timer
 2021-07-08 15:33:52 +02:00
Julian Brost
ab77dabc43 Stacktrace test: try to prevent inlining even harder 
- Explicitly disable optimizations for MSVC
- Make stack_test_func_a bigger
 2021-07-08 13:59:39 +02:00
Julian Brost
a261a96a99 Add comments to stack trace formatter and test case 2021-07-08 13:59:39 +02:00
Julian Brost
f78d39639a Compile with -D_GNU_SOURCE 
Needed by `boost::stacktrace` for `_Unwind_Backtrace()`.
 2021-07-08 13:59:39 +02:00
Julian Brost
a74cd966d1 CMakeLists: use HAVE_LIBEXECINFO only after actually checking for it 
So far, the check that actually sets HAVE_LIBEXECINFO was executed after
it was already used to add dependencies.
 2021-07-08 13:59:39 +02:00
Julian Brost
edeb8f6904 Add a test case for the stack trace formatter 2021-07-08 13:59:39 +02:00
Julian Brost
3d650e865d Use backtrace_symbols() when printing stack traces on FreeBSD 
Unfortunately, the symbol resolution of boost::stacktrace is broken on
FreeBSD, therefore fall back to using backtrace_symbols() to print the
stack trace saved by Boost.

Additionally, -D_GNU_SOURCE is required on FreeBSD for the
_Unwind_Backtrace function used by boost::stacktrace.
 2021-07-08 13:59:39 +02:00
Julian Brost
0246765a5c Crash handlers: use more compact string representation 2021-07-08 13:59:39 +02:00
Julian Brost
0dda2de696 Begin crash log for SIGABRT with error message and timestamp 
This makes the format more similar to what the uncaught C++ and SEH
exception handlers write. Previously there was no indication in the
crash log that a SIGABRT happened.
 2021-07-08 13:59:39 +02:00
Julian Brost
97a7945532 Windows: require at least MSVC 19.20 to build 
Older versions of MSVC fail to rethrow an unhandled C++ exception (using
`throw;`) in the termination handler (`std::set_terminate`), however
Icinga relies on this behavior in its crash handler
(`Application::ExceptionHandler`).
 2021-07-08 13:59:39 +02:00
Julian Brost
9374c308de docs: mention use of boost::stacktrace 2021-07-08 13:59:39 +02:00
Julian Brost
a342d75cc3 Add some comments to __cxa_throw 
Maybe this will save the next person who has to look at this code some
time. Please don't blame me for the implementation, I'm just trying to
reconstruct what it does.
 2021-07-08 13:59:39 +02:00
Julian Brost
9aeb962863 Restructure stack and context trace selection in DiagnosticInformation and document behavior 
The logic for selecting the traces to print stays the same, but there
are fewer nested ifs now. This changes the format of the returned string
a bit by adding a heading for both traces.
 2021-07-08 13:59:39 +02:00
Julian Brost
6104df37dc Add documentation for cast_exception function 2021-07-08 13:59:39 +02:00
Julian Brost
27767b1aa3 Pass fallback stacktrace to DiagnosticInformation in terminate handler 
By default, DiagnosticInformation uses the stack trace saved when the
exception was thrown, but this mechanism is not in use on Windows.
Gathering a stacktrace in the terminate handler serves as a fallback.
 2021-07-08 13:59:39 +02:00
Julian Brost
58d553a971 Replace icinga::StackTrace with boost::stacktrace::stacktrace 
Provides roughly the same functionality but works better on certain
platforms (especially Windows) and is less code to maintain.
 2021-07-08 13:59:39 +02:00
Julian Brost
fb303f5205 Print details in uncaught SEH exception handler 2021-07-08 13:59:39 +02:00
Julian Brost
a77c37da8e Move error message and time to the beginning of the SEH crash log 
This is more similar to the normal exception crashlog which also states
the problem and time at the beginning of the file.
 2021-07-08 13:59:39 +02:00
Julian Brost
2c9b1d8415 Use boost::stacktrace instead of custom implementation in Windows SEH filter 2021-07-08 13:59:39 +02:00
Julian Brost
0b9ef5ab6d Run termination handler for uncaught C++ exceptions on Windows 
On Windows, the termination handler is executed for uncaught C++
exceptions unless a SEH unhandled exception filter is also set. In this
case, this filter has to explicitly chain the default filter to keep
this behavior.
 2021-07-08 13:59:39 +02:00
Alexander Aleksandrovič Klimov
7c4996d1c2
Merge pull request #8878 from Icinga/bugfix/fixed-dt-end-notify-211 
Checkable::NotifyDowntimeEnd(): don't send Downtime end notification unless triggered
 2021-07-07 22:37:04 +02:00
Alexander Aleksandrovič Klimov
8a80e43507
Merge pull request #8880 from Icinga/feature/scheduleddowntime-change-remove-downtimes-211 
On ScheduledDowntime change: remove downtimes created before change
 2021-07-07 21:31:29 +02:00
Alexander Aleksandrovič Klimov
56f4313aed
Merge pull request #8888 from Icinga/feature/openssl-1.1.1k-2.11 
Bump OpenSSL to 1.1.1k
 2021-07-07 21:30:12 +02:00
Julian Brost
0f6e31d7a1 Bump OpenSSL to 1.1.1k 2021-07-07 16:48:27 +02:00
Julian Brost
b43c23296f
Merge pull request #8887 from Icinga/feature/windows-build-scripts-32-bit-2.11 
Windows build scripts: allow setting BITS=32 to use 32 bit dependency paths by default
 2021-07-07 16:46:32 +02:00
Alexander A. Klimov
05b2606fbb Checkable::NotifyDowntimeEnd(): don't send Downtime end notification unless triggered 
... for fixed Downtimes as well.
 2021-07-07 15:44:48 +02:00
Alexander A. Klimov
084acbe028 On ScheduledDowntime change: remove future downtimes created before change 
refs #8309
 2021-07-07 15:44:46 +02:00
Alexander A. Klimov
ffa3872b28 On ScheduledDowntime change: ignore downtimes created before change 
... while creating new downtimes.

refs #8309
 2021-07-07 15:44:46 +02:00
Alexander A. Klimov
a262d18921 Introduce Downtime#config_owner_hash 
refs #8309
 2021-07-07 15:44:46 +02:00
Alexander A. Klimov
743af40114 ScheduledDowntime: ignore not related Downtimes while creating Downtimes 2021-07-07 15:44:46 +02:00
Alexander A. Klimov
4216ed018c Downtime#Start(): trigger fixed downtimes immediately instead of waiting for the timer 
... not to cause e.g. notifications if a problem occurs
between the downtime start time and the timer routine.
 2021-07-07 15:34:04 +02:00
Julian Brost
a038f513aa Bump OpenSSL to 1.1.1k 2021-07-07 15:28:50 +02:00
Julian Brost
1c8b075efd Windows build scripts: allow setting BITS=32 to use 32 bit dependency paths by default 2021-07-07 15:02:48 +02:00
Noah Hilverling
013ff97ae1
Merge pull request #8870 from Icinga/bugfix/downtime-for-host-service-with-long-name-8022-211 
ConfigObjectUtility::GetObjectConfigPath(): hash names of not already existing objects
 2021-07-07 10:39:03 +02:00
Noah Hilverling
13f091272f
Merge pull request #8871 from Icinga/bugfix/harden-scheduled-downtimes-211 
ScheduledDowntime::TimerProc(): Catch exceptions to make sure other downtimes are still created
 2021-07-07 10:38:57 +02:00