Merge branch 'release-3.1.0-rc1'

Changelog

@@ -2,6 +2,44 @@
 NRPE Changelog
 **************
 
+3.x.x - 201x-xx-xx
+------------------
+ENHANCEMENTS
+- Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson)
+- While processing 'include_dir' statement, sort the files (Philippe Kueck / John Frickson)
+- nrpe can now write to a log file using 'log_file=' in nrpe.cfg (John Frickson)
+- check_nrpe can now write to a log file using '--log-file=' or '-g' options (John Frickson)
+
+FIXES
+- Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach)
+- Fix help output for ssl option (configure) (Ruben Kerkhof)
+- Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe)
+- Changed the 'check_load' command in nrpe.cfg.in (minusdavid)
+- Cleanup of config.h.in suggested by Ruben Kerkhof
+- Minor change to logging in check_nrpe (John Frickson)
+- Solaris 11 detection is broken in configure (John Frickson)
+- Removed function `b64_decode` which wasn't being used (John Frickson)
+- check_nrpe ignores -a option when -f option is specified (John Frickson)
+- Added missing LICENSE file (John Frickson)
+- Off-by-one BO in my_system() (John Frickson)
+- Got rid of some compiler warnings (Stefan Krüger / John Frickson)
+- Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg)
+- nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson)
+- "Remote %s accepted a Version %s Packet", please add to debug (John Frickson)
+- nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson)
+- Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev)
+- Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
+- Fix systemd unit description (Bas Couwenberg)
+- Add reload command to systemd service file (Bas Couwenberg)
+- fix file not found error when updating version (Sven Nierlein)
+- Spelling fixes (Josh Soref)
+- Return UNKNOWN when check_nrpe cannot communicate with nrpe and -u set (John Frickson)
+- xinetd.d parameter causes many messages in log file (John Frickson)
+- Fixes for openssl 1.1.x (Stephen Smoogen / John Frickson)
+- PATH and other environment variables not set with numeric nrpe_user (John Frickson)
+- rpmbuild -ta nrpe-3.0.1.tar.gz failed File not found: /etc/init.d/nrpe (bvandi / John Frickson)
+
+
 3.0.1 - 2016-09-08
 ------------------
 FIXES

Makefile.in

@@ -70,7 +70,7 @@ all:
 	echo "";\
 	echo "You can now continue with the installation or upgrade process.";\
 	echo "";\
-	echo "Read the PDF documentation (NRPE.pdf) for information on the next";\
+	echo "Read the PDF documentation (docs/NRPE.pdf) for information on the next";\
 	echo "steps you should take to complete the installation or upgrade.";\
 	echo ""
 
@@ -126,7 +126,9 @@ install-init:
 			launchctl load $(INIT_DIR)/$(INIT_FILE); \
 		else\
 			if test -f /sbin/chkconfig ; then \
-			    /sbin/chkconfig nrpe on;\
+			    case "$(DESTDIR)" in */rpmbuild/*) break;; \
+			    *)/sbin/chkconfig nrpe on;; \
+			    esac; \
 			else\
 				echo "Make sure to enable the nrpe daemon";\
 			fi;\

README.SSL.md

@@ -171,14 +171,14 @@ run the nrpe daemon: `db_server` and `bobs_workstation`.
 As root, do the following:
 
         mkdir -p -m 750 /usr/local/nagios/etc/ssl
-        chown root.nagios /usr/local/nagios/etc/ssl
+        chown root:nagios /usr/local/nagios/etc/ssl
         cd /usr/local/nagios/etc/ssl
         mkdir -m 750 ca
-        chown root.root ca
+        chown root:root ca
         mkdir -m 750 server_certs
-        chown root.nagios server_certs
+        chown root:nagios server_certs
         mkdir -m 750 client_certs
-        chown root.nagios client_certs
+        chown root:nagios client_certs
 
 
 ####Create Certificate Authority
@@ -229,7 +229,7 @@ If you have the default `/etc/openssl.cnf`, either change it, or as root, do:
         mkdir demoCA/newcerts
         touch demoCA/index.txt
 		echo "01" > demoCA/serial
-        chown -R root.root demoCA
+        chown -R root:root demoCA
         chmod 700 demoCA
         chmod 700 demoCA/newcerts
         chmod 600 demoCA/serial
@@ -242,13 +242,13 @@ Now, sign the CSRs. As root, do the following:
            -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
            -in server_certs/db_server.csr \
            -out server_certs/db_server.pem
-        chown root.nagios server_certs/db_server.pem
+        chown root:nagios server_certs/db_server.pem
         chmod 440 server_certs/db_server.pem
         openssl ca -days 365 -notext -md sha256 \
            -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
            -in server_certs/bobs_workstation.csr \
            -out server_certs/bobs_workstation.pem
-        chown root.nagios server_certs/bobs_workstation.pem
+        chown root:nagios server_certs/bobs_workstation.pem
         chmod 440 server_certs/bobs_workstation.pem
 
 Now, copy the `db_server.pem` and `db_server.key` files to the
@@ -271,7 +271,7 @@ running the check_nrpe program.
            -keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
            -in client_certs/nag_serv.csr \
            -out client_certs/nag_serv.pem
-        chown root.nagios client_certs/nag_serv.pem
+        chown root:nagios client_certs/nag_serv.pem
         chmod 440 client_certs/nag_serv.pem
 
 Now, copy the `nag_serv.pem`, `nag_serv.key` and `ca/ca_cert.pem`

SECURITY.md

@@ -46,7 +46,7 @@ do two things:
 
 #### ENABLING BASH COMMAND SUBSTITUTION ####
 
-To enable support for arguments containing bash command substitions, 
+To enable support for arguments containing bash command substitutions, 
 you must do two things:
 
    1.  Enable arguments as described above
@@ -64,7 +64,7 @@ To help prevent some nasty things from being done by evil
 clients, the following metacharacters are not allowed
 in client command arguments:
 
-	| ` & > < ' " \ [ ] { } ; !
+	| ` & > < ' \ [ ] { } ; ! \r \n
 
 Any client request which contains the above mentioned metachars
 is discarded.

THANKS

@@ -4,10 +4,12 @@ Andrew Boyce-Lewis
 Andrew Ryder
 Andrew Widdersheim
 Bartosz Woronicz
+Bas Couwenberg
 Bill Mitchell
 Bjoern Beutel
 Brian Seklecki
 Derrick Bennett
+Elan Ruusamäe
 Eric Mislivec
 Eric Stanley
 Gerhard Lausser
@@ -17,8 +19,10 @@ Grégory Starck
 James Peterson
 Jari Takkala
 Jason Cook
+Jobst Schmalenbach
 John Maag
 Jon Andrews
+Josh Soref
 Kaspersky Lab
 Kevin Pendleton
 Konstantin Malov
@@ -30,13 +34,18 @@ Matthias Flacke
 Niels Endres
 Patric Wust
 Peter Palfrader
+Philippe Kueck
 Rene Klootwijk
 Robert Peaslee
+Ruben Kerkhof
 Ryan McGarry
 Ryan Ordway
 Sean Finney
 Spenser Reinhardt
+Stefan Krüger
+Stephen Smoogen
 Subhendu Ghosh
+Sven Nierlein
 Thierry Bertaud
 Ton Voon
 Vadim Antipov