diff --git a/net/monitoring-plugins/Makefile b/net/monitoring-plugins/Makefile index f65f4ab41e1..a64232346c3 100644 --- a/net/monitoring-plugins/Makefile +++ b/net/monitoring-plugins/Makefile @@ -9,6 +9,7 @@ COMMENT-snmp= monitoring plugins using snmp COMMENT-radius= RADIUS monitoring plugin V= 3.0.0rc2pl1 +REVISION-main= 0 #SITES= https://www.monitoring-plugins.org/download/ GH_ACCOUNT= monitoring-plugins GH_PROJECT= monitoring-plugins @@ -35,6 +36,7 @@ MAINTAINER= Stuart Henderson # GPLv2 PERMIT_PACKAGE= Yes +# uses pledge() WANTLIB= c crypto pthread COMPILER= base-clang ports-gcc diff --git a/net/monitoring-plugins/patches/patch-plugins-root_check_icmp_c b/net/monitoring-plugins/patches/patch-plugins-root_check_icmp_c index 32b4818817b..b223a97f42d 100644 --- a/net/monitoring-plugins/patches/patch-plugins-root_check_icmp_c +++ b/net/monitoring-plugins/patches/patch-plugins-root_check_icmp_c @@ -1,12 +1,52 @@ -https://github.com/monitoring-plugins/monitoring-plugins/pull/2211 +- https://github.com/monitoring-plugins/monitoring-plugins/pull/2225 +add pledge() +- https://github.com/monitoring-plugins/monitoring-plugins/pull/2211 on OpenBSD, time_t is always 64-bit, even on 32-bit archs. %lld format string with a cast is portable (as long as %lld is supported). Index: plugins-root/check_icmp.c --- plugins-root/check_icmp.c.orig +++ plugins-root/check_icmp.c -@@ -940,15 +940,15 @@ int main(int argc, char **argv) { +@@ -812,6 +812,15 @@ void parse_address(const struct sockaddr_storage *addr + } + + int main(int argc, char **argv) { ++#ifdef __OpenBSD__ ++ /* - rpath is required to read --extra-opts (given up later) ++ * - inet is required for sockets ++ * - dns is required for name lookups (given up later) ++ * - id is required for temporary privilege drops in configparsing and for ++ * permanent privilege dropping after opening the socket (given up later) */ ++ pledge("stdio rpath inet dns id", NULL); ++#endif // __OpenBSD__ ++ + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); +@@ -836,6 +845,10 @@ int main(int argc, char **argv) { + crash("failed to parse config"); + } + ++#ifdef __OpenBSD__ ++ pledge("stdio inet dns id", NULL); ++#endif // __OpenBSD__ ++ + const check_icmp_config config = tmp_config.config; + + if (config.output_format_is_set) { +@@ -898,6 +911,10 @@ int main(int argc, char **argv) { + return 1; + } + ++#ifdef __OpenBSD__ ++ pledge("stdio inet", NULL); ++#endif // __OpenBSD__ ++ + if (sockset.socket4) { + int result = setsockopt(sockset.socket4, SOL_IP, IP_TTL, &config.ttl, sizeof(config.ttl)); + if (debug) { +@@ -940,15 +957,15 @@ int main(int argc, char **argv) { if (debug) { if (max_completion_time > (timeout * 1000000)) { @@ -27,7 +67,7 @@ Index: plugins-root/check_icmp.c printf("icmp_pkt_size: %u timeout: %u\n", config.icmp_data_size + ICMP_MINLEN, timeout); } -@@ -1049,8 +1049,8 @@ static void run_checks(unsigned short icmp_pkt_size, t +@@ -1049,8 +1066,8 @@ static void run_checks(unsigned short icmp_pkt_size, t time_t final_wait = max_completion_time - time_passed; if (debug) { @@ -38,7 +78,7 @@ Index: plugins-root/check_icmp.c } if (time_passed > max_completion_time) { if (debug) { -@@ -1062,7 +1062,7 @@ static void run_checks(unsigned short icmp_pkt_size, t +@@ -1062,7 +1079,7 @@ static void run_checks(unsigned short icmp_pkt_size, t /* catch the packets that might come in within the timeframe, but * haven't yet */ if (debug) { @@ -47,7 +87,7 @@ Index: plugins-root/check_icmp.c (float)final_wait / 1000); } if (targets_alive(number_of_targets, program_state->targets_down) || -@@ -1125,7 +1125,7 @@ static int wait_for_reply(check_icmp_socket_set sockse +@@ -1125,7 +1142,7 @@ static int wait_for_reply(check_icmp_socket_set sockse &loop_time_interval, &packet_received_timestamp); if (!recv_foo.received) { if (debug > 1) { diff --git a/net/monitoring-plugins/patches/patch-plugins_check_curl_c b/net/monitoring-plugins/patches/patch-plugins_check_curl_c new file mode 100644 index 00000000000..5545efe8cd5 --- /dev/null +++ b/net/monitoring-plugins/patches/patch-plugins_check_curl_c @@ -0,0 +1,37 @@ +- https://github.com/monitoring-plugins/monitoring-plugins/pull/2225 +add pledge() + +Index: plugins/check_curl.c +--- plugins/check_curl.c.orig ++++ plugins/check_curl.c +@@ -120,6 +120,14 @@ mp_state_enum np_net_ssl_check_certificate(X509 *certi + #endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */ + + int main(int argc, char **argv) { ++#ifdef __OpenBSD__ ++ /* - rpath is required to read --extra-opts, CA and/or client certs ++ * - wpath is required to write --cookie-jar (possibly given up later) ++ * - inet is required for sockets ++ * - dns is required for name lookups */ ++ pledge("stdio rpath wpath inet dns", NULL); ++#endif // __OpenBSD__ ++ + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); +@@ -134,6 +142,15 @@ int main(int argc, char **argv) { + } + + const check_curl_config config = tmp_config.config; ++ ++#ifdef __OpenBSD__ ++ if (!config.curl_config.cookie_jar_file) { ++ if (verbose >= 2) { ++ printf(_("* No \"--cookie-jar\" is used, giving up \"wpath\" pledge(2)\n")); ++ } ++ pledge("stdio rpath inet dns", NULL); ++ } ++#endif // __OpenBSD__ + + if (config.output_format_is_set) { + mp_set_format(config.output_format); diff --git a/net/monitoring-plugins/patches/patch-plugins_check_ntp_time_c b/net/monitoring-plugins/patches/patch-plugins_check_ntp_time_c new file mode 100644 index 00000000000..9947f11eb54 --- /dev/null +++ b/net/monitoring-plugins/patches/patch-plugins_check_ntp_time_c @@ -0,0 +1,32 @@ +- https://github.com/monitoring-plugins/monitoring-plugins/pull/2225 +add pledge() + +Index: plugins/check_ntp_time.c +--- plugins/check_ntp_time.c.orig ++++ plugins/check_ntp_time.c +@@ -661,6 +661,14 @@ static check_ntp_time_config_wrapper process_arguments + } + + int main(int argc, char *argv[]) { ++#ifdef __OpenBSD__ ++ /* - rpath is required to read --extra-opts (given up later) ++ * - inet is required for sockets ++ * - unix is required for Unix domain sockets ++ * - dns is required for name lookups */ ++ pledge("stdio rpath inet unix dns", NULL); ++#endif // __OpenBSD__ ++ + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); +@@ -673,6 +681,10 @@ int main(int argc, char *argv[]) { + if (tmp_config.errorcode == ERROR) { + usage4(_("Could not parse arguments")); + } ++ ++#ifdef __OpenBSD__ ++ pledge("stdio inet unix dns", NULL); ++#endif // __OpenBSD__ + + const check_ntp_time_config config = tmp_config.config; + diff --git a/net/monitoring-plugins/patches/patch-plugins_check_smtp_c b/net/monitoring-plugins/patches/patch-plugins_check_smtp_c new file mode 100644 index 00000000000..2498a93fd8c --- /dev/null +++ b/net/monitoring-plugins/patches/patch-plugins_check_smtp_c @@ -0,0 +1,32 @@ +- https://github.com/monitoring-plugins/monitoring-plugins/pull/2225 +add pledge() + +Index: plugins/check_smtp.c +--- plugins/check_smtp.c.orig ++++ plugins/check_smtp.c +@@ -100,6 +100,14 @@ static int my_close(int /*socket_descriptor*/); + static int verbose = 0; + + int main(int argc, char **argv) { ++#ifdef __OpenBSD__ ++ /* - rpath is required to read --extra-opts (given up later) ++ * - inet is required for sockets ++ * - unix is required for Unix domain sockets ++ * - dns is required for name lookups */ ++ pledge("stdio rpath inet unix dns", NULL); ++#endif // __OpenBSD__ ++ + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); +@@ -112,6 +120,10 @@ int main(int argc, char **argv) { + if (tmp_config.errorcode == ERROR) { + usage4(_("Could not parse arguments")); + } ++ ++#ifdef __OpenBSD__ ++ pledge("stdio inet unix dns", NULL); ++#endif // __OpenBSD__ + + const check_smtp_config config = tmp_config.config; + diff --git a/net/monitoring-plugins/patches/patch-plugins_check_ssh_c b/net/monitoring-plugins/patches/patch-plugins_check_ssh_c new file mode 100644 index 00000000000..f58c8b08b25 --- /dev/null +++ b/net/monitoring-plugins/patches/patch-plugins_check_ssh_c @@ -0,0 +1,32 @@ +- https://github.com/monitoring-plugins/monitoring-plugins/pull/2225 +add pledge() + +Index: plugins/check_ssh.c +--- plugins/check_ssh.c.orig ++++ plugins/check_ssh.c +@@ -61,6 +61,14 @@ static int ssh_connect(mp_check *overall, char *haddr, + char *remote_protocol); + + int main(int argc, char **argv) { ++#ifdef __OpenBSD__ ++ /* - rpath is required to read --extra-opts (given up later) ++ * - inet is required for sockets ++ * - unix is required for Unix domain sockets ++ * - dns is required for name lookups */ ++ pledge("stdio rpath inet unix dns", NULL); ++#endif // __OpenBSD__ ++ + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); +@@ -73,6 +81,10 @@ int main(int argc, char **argv) { + if (tmp_config.errorcode == ERROR) { + usage4(_("Could not parse arguments")); + } ++ ++#ifdef __OpenBSD__ ++ pledge("stdio inet unix dns", NULL); ++#endif // __OpenBSD__ + + check_ssh_config config = tmp_config.config; + diff --git a/net/monitoring-plugins/patches/patch-plugins_check_tcp_c b/net/monitoring-plugins/patches/patch-plugins_check_tcp_c new file mode 100644 index 00000000000..eaecb15f3ca --- /dev/null +++ b/net/monitoring-plugins/patches/patch-plugins_check_tcp_c @@ -0,0 +1,32 @@ +- https://github.com/monitoring-plugins/monitoring-plugins/pull/2225 +add pledge() + +Index: plugins/check_tcp.c +--- plugins/check_tcp.c.orig ++++ plugins/check_tcp.c +@@ -89,6 +89,14 @@ const int DEFAULT_NNTPS_PORT = 563; + const int DEFAULT_CLAMD_PORT = 3310; + + int main(int argc, char **argv) { ++#ifdef __OpenBSD__ ++ /* - rpath is required to read --extra-opts (given up later) ++ * - inet is required for sockets ++ * - unix is required for Unix domain sockets ++ * - dns is required for name lookups */ ++ pledge("stdio rpath inet unix dns", NULL); ++#endif // __OpenBSD__ ++ + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); +@@ -215,6 +223,10 @@ int main(int argc, char **argv) { + if (paw.errorcode == ERROR) { + usage4(_("Could not parse arguments")); + } ++ ++#ifdef __OpenBSD__ ++ pledge("stdio inet unix dns", NULL); ++#endif // __OpenBSD__ + + config = paw.config; +