tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-04-08 17:05:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,222 Commits 421 Branches 120 Tags
Commit Graph

13222 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander A. Klimov
0eb2949923 Icinga 2.13.10 v2.13.10 2024-10-25 16:40:16 +02:00
Alexander A. Klimov
5ea8dcf471 Bump OpenSSL shipped for Windows to v3.0.15 2024-10-22 10:55:14 +02:00
Julian Brost
3504fc7ed6 Security: fix TLS certificate validation bypass 
The previous validation in set_verify_callback() could be bypassed, tricking
Icinga 2 into treating invalid certificates as valid. To fix this, the
validation checks were moved into the IsVerifyOK() function.

This is tracked as CVE-2024-49369, more details will be published at a later time.
 2024-10-22 10:42:15 +02:00
Alexander Aleksandrovič Klimov
84672b34b2
Merge pull request #9939 from Icinga/2139 
Icinga 2.13.9
v2.13.9 		2023-12-20 17:21:34 +01:00
Alexander Aleksandrovič Klimov
600e631a4d
Merge pull request #9945 from Icinga/2139backport 
Disable TLS renegotiation, bump Windows deps and fix Icinga DB crashes
 2023-12-20 12:14:30 +01:00
Alexander A. Klimov
b2d975f916 IcingaDB#SendConfigDelete(): fix missing nullptr check before deref 2023-12-20 10:29:17 +01:00
Alexander A. Klimov
873988129f Icinga DB downtime history: provide cancel_time where has_been_cancelled may be 1 
The table sla_history_downtime requires a downtime_end.
The Go daemon takes the cancel_time if has_been_cancelled is 1.
So we must supply a cancel_time whereever has_been_cancelled is 1.
Otherwise the Go daemon can't process some entries.
 2023-12-20 10:29:17 +01:00
Alexander A. Klimov
3bcd4db967 Icinga 2.13.9 2023-12-20 10:11:29 +01:00
Alexander A. Klimov
4aefab59ae Bump OpenSSL shipped for Windows to v3.0.12 2023-12-20 10:06:03 +01:00
Alexander A. Klimov
d856dc9638 Bump Boost shipped for Windows to v1.83 
Note: For doc/21-development.md use:

perl -pi -e 's/(boost[-\w]*?1[-_]?)82/${1}83/g' doc/21-development.md
 2023-12-20 10:05:46 +01:00
Alexander A. Klimov
89c54ca5e5 Disable TLS renegotiation 
The API doesn't need it and a customer's security scanner
is afraid of a potential DoS attack vector.
 2023-12-20 10:05:35 +01:00
Alexander Aleksandrovič Klimov
5acf3fb539
Merge pull request #9934 from Icinga/renew-the-ca-9890-213 
ApiListener#Start(): auto-renew CA on its owner
 2023-12-19 15:26:00 +01:00
Alexander A. Klimov
7a8bd0f6ea RequestCertificateHandler(): also renew if CA needs a renewal 
and a newer one is available.
 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
5bf8db41ef CertificateToString(): allow raw pointer input 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
e7a50f3e7c ApiListener#Start(): auto-renew CA on its owner 
otherwise it would expire.
 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
1e31bc13f0 ApiListener#RenewCert(): enable optional CA creation 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
d1098dc959 CreateCertIcingaCA(EVP_PKEY*, X509_NAME*): enable optional CA creation 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
9345caacec Test IsCertUptodate() and IsCaUptodate() 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
35317f14e7 Introduce IsCaUptodate() by splitting IsCertUptodate() 2023-12-18 17:07:44 +01:00
Alexander Aleksandrovič Klimov
f483d3757e
Merge pull request #9920 from Icinga/gha2139 
Update GitHub actions
 2023-11-24 19:11:02 +01:00
Alexander A. Klimov
d260a0aa6d Update AUTHORS 2023-11-24 17:26:57 +01:00
Lord Hepipud
215dba9d0f Adds ProgressPreference SilentlyContinue 
We should use `$Global:ProgressPreference = 'SilentlyContinue';` to disable the progress bar during download.
By doing so, information are directly written to the disk instead of written inside the memory and dumped to the disk afterwards
 2023-11-24 17:26:57 +01:00
Alexander Aleksandrovič Klimov
23feb5b374 GHA: drop EOL Fedora 36 2023-11-24 17:26:57 +01:00
Alexander A. Klimov
b9b127f25d GHA: complain if PR adds commits from people not yet listed in ./AUTHORS 
not to have to update ./AUTHORS or .mailmap after merging.
 2023-11-24 17:26:57 +01:00
Alexander A. Klimov
a019c63bd6 GHA: cancel runs on PR, but not on push 
In a PR one top commit replaces the previous one.
But the central branches are more like timelines.
It's nice to have red crosses in a such timeline
as clear indicators that something was actually broken.
 2023-11-24 17:26:57 +01:00
Alexander Aleksandrovič Klimov
ad93c0bbdd GHA: add upcoming (already frozen) Ubuntu 23.10 2023-11-24 17:26:57 +01:00
Alexander Aleksandrovič Klimov
9332aa5871 GHA: add upcoming (already frozen) Fedora 39 2023-11-24 17:26:57 +01:00
Alexander Aleksandrovič Klimov
b71a81b050 GHA: drop EOL Ubuntu 22.10 2023-11-24 17:26:57 +01:00
Alexander Aleksandrovič Klimov
fa00cf8352
Merge pull request #9824 from Icinga/2.13.8/CHANGELOG 
Icinga 2.13.8
v2.13.8 		2023-07-12 10:12:38 +02:00
Alexander Aleksandrovič Klimov
eacf5f27cf
Merge pull request #9816 from Icinga/2.13.8/vendor 
Update vendored libs
 2023-07-07 16:29:20 +02:00
Alexander Aleksandrovič Klimov
5c38c872df
Merge pull request #9823 from Icinga/2.13.8/gha 
Update GHA
 2023-07-07 13:30:17 +02:00
Alexander Aleksandrovič Klimov
e65c0a0d9e
Merge pull request #9819 from Icinga/2.13.8/syslog-SELinux 
Add syslog logging to SELinux during usage of sudo
 2023-07-07 10:16:41 +02:00
Alexander Aleksandrovič Klimov
3e682a99ef
Merge pull request #9814 from Icinga/2.13.8/icingadb 
Icinga DB feature: normalize several Redis data not to crash the Go daemon
 2023-07-06 17:32:14 +02:00
Alexander A. Klimov
51d0e9b5a9 GHA: add Amazon Linux 2023 
which unfortunately seems not to have ccache. 🤷
 2023-07-06 14:52:08 +02:00
Alexander Aleksandrovič Klimov
8b9060d77d GHA: add Debian and Raspbian 12 2023-07-06 14:52:08 +02:00
Alexander Aleksandrovič Klimov
08a8c302f4 GHA: add openSUSE and SLES 15.5 2023-07-06 14:52:08 +02:00
Alexander Aleksandrovič Klimov
c0ebdd69d4 GHA: Linux: add Fedora 38, Ubuntu 23.04 2023-07-06 14:52:08 +02:00
Alexander Aleksandrovič Klimov
8cd11a9146
Merge pull request #9822 from Icinga/2.13.8/bugfix/cluster-zone-own-zone-8570 
cluster-zone: consider own zone connected if there's only one endpoint
 2023-07-06 14:24:52 +02:00
Alexander Aleksandrovič Klimov
56a22461c9
Merge pull request #9818 from Icinga/2.13.8/ElasticsearchWriter-Pause 
ElasticsearchWriter#Pause(): call Flush() only once
 2023-07-06 10:17:57 +02:00
Alexander Aleksandrovič Klimov
45d5a3f5f3
Merge pull request #9817 from Icinga/flexible-downtimes-disappear-too-early-9797 
Downtime#Start(): trigger flexible downtimes not earlier than fixed ones
 2023-07-05 17:06:03 +02:00
Alexander A. Klimov
0f7be745a7 Icinga 2.13.8 2023-07-05 13:08:27 +02:00
Alexander Aleksandrovič Klimov
51afc74310
Merge pull request #9820 from Icinga/2.13.8/checkable-processcheckresult-only-clean-up-ack-comments-older-than-check-result-9718 
Checkable#ProcessCheckResult(): only clean up ack comments older than check result
 2023-07-05 11:20:55 +02:00
Alexander Aleksandrovič Klimov
3f9769f4ed
Merge pull request #9821 from Icinga/2.13.8/bugfix/perfdata-dont-get-parsed-correctly-8912 
PluginUtility: Fix PerfData parsing for values separated with multiple spaces
 2023-07-04 21:11:08 +02:00
Alexander Aleksandrovič Klimov
8fbfb2f816
Merge pull request #9815 from Icinga/2.13.8/stuck 
Don't hang in timed out connection attempt
 2023-07-04 17:34:24 +02:00
Alexander A. Klimov
286d288654 GHA: use a CMake version which can set(CMAKE_CXX_STANDARD 17) where possible 
especially on Amazon Linux which seems to have trouble with our workaround:
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17")
 2023-07-04 11:22:50 +02:00
Alexander Aleksandrovič Klimov
1883cae445 GHA: Drop openSUSE 15.3 (EOL) 2023-07-04 11:22:30 +02:00
Alexander A. Klimov
363c1b2986 cluster-zone: consider own zone connected if there's only one endpoint 
... because in this case only the checking node can be (not) connected to itself.

refs #8570
 2023-07-04 11:12:29 +02:00
Yonas Habteab
b6ba09e479 Test: Add multiline PerfData test case 2023-07-04 11:10:38 +02:00
Yonas Habteab
ff0b45eca0 PluginUtility: Fix PerfData don't get parsed correctly 
The problem was that some PerfData labels contained several whitespace characters,
not just one, and therefore it was parsed incorrectly in `SplitPerfdata()`. I.e. the condition
in line 144 checks whether the first and last character is a normal quote, but since the
label can contain spaces at the beginning and at the end respectively, this caused the problems.

This PR fixes the problem by removing all occurring whitespace from the beginning and end,
before starting to parse the actual label.
 2023-07-04 11:10:38 +02:00
Alexander A. Klimov
6dffc57a37 Checkable#ProcessCheckResult(): only clean up ack comments older than check result 
Normally if for some reason an ack comment still exists on a checkable not
acked anymore, still clean it up. But while replaying log config objects
incl. ack comments come before check results and acks. I.e. 1) ack comment,
2) DOWN check result and 3) ack. Not 1) DOWN check result, 2) ack and 3) ack
comment. So the checkable is temporarily not acked, but already has the ack
comment. In this case the DOWN check result which is older than the ack
comment shall not clean up the latter.
 2023-07-04 10:56:30 +02:00