head	1.5;
access;
symbols
	pkgsrc-2022Q4:1.2.0.16
	pkgsrc-2022Q4-base:1.2
	pkgsrc-2022Q3:1.2.0.14
	pkgsrc-2022Q3-base:1.2
	pkgsrc-2022Q2:1.2.0.12
	pkgsrc-2022Q2-base:1.2
	pkgsrc-2022Q1:1.2.0.10
	pkgsrc-2022Q1-base:1.2
	pkgsrc-2021Q4:1.2.0.8
	pkgsrc-2021Q4-base:1.2
	pkgsrc-2021Q3:1.2.0.6
	pkgsrc-2021Q3-base:1.2
	pkgsrc-2021Q2:1.2.0.4
	pkgsrc-2021Q2-base:1.2
	pkgsrc-2021Q1:1.2.0.2
	pkgsrc-2021Q1-base:1.2;
locks; strict;
comment	@# @;


1.5
date	2025.10.19.13.49.30;	author adam;	state dead;
branches;
next	1.4;
commitid	KJH6SY1YYQN4vbfG;

1.4
date	2025.09.27.07.00.56;	author adam;	state Exp;
branches;
next	1.3;
commitid	6HIMr6Fv89hPWjcG;

1.3
date	2023.01.22.17.34.20;	author ryoon;	state dead;
branches;
next	1.2;
commitid	VyjPTi9ewVPgVyaE;

1.2
date	2021.01.17.13.22.26;	author wiz;	state Exp;
branches;
next	1.1;
commitid	CxizHIYVwqUw95EC;

1.1
date	2021.01.15.00.37.17;	author wiz;	state Exp;
branches;
next	;
commitid	wH57GdvbJdc9ZKDC;


desc
@@


1.5
log
@icinga2: updated to 2.15.1

2.15.1 (2025-10-16)

This release fixes multiple security issues. Two of them allow authenticated
API users to learn restricted information or crash Icinga 2. A third issue
affects the scripts provided with Icinga 2 and allows a limited privilege
escalation where the Icinga 2 daemon user can trick root into sending signals to
arbitrary processes.

In addition, this version also includes bug fixes regarding config deployments
and improvements to allow for better debugging of problems related to JSON-RPC
cluster communication.

Note that one fix affects the logrotate configuration. If it was modified
locally, it might not be updated automatically by the package manager and
applying the changes manually is necessary. For details, please check the
[upgrading docs](https://icinga.com/docs/icinga-2/latest/doc/16-upgrading-icinga-2/#upgrading-to-2-15-1).

Security

* CVE-2025-61907: Prevent API users from accessing variables and objects they
  don't have access to within filter expressions. This allowed authenticated
  API users to learn information they aren't allowed to access directly.
* CVE-2025-61908: Add a missing null pointer check while evaluating
  expressions. This allowed authenticated API users to crash the Icinga 2
  daemon by supplying a crafted filter expression.
* CVE-2025-61909: Don't send signals as root in safe-reload script and
  logrotate config. This allowed a limited privilege escalation from the Icinga
  2 service user to root. The scope is limited to sending SIGHUP or SIGUSR1 to
  an arbitrary process.
* Windows: Update to OpenSSL 3.0.18.

Bugfixes

* When a reload triggered from Icinga Director (or the /v1/config API) fails,
  the corresponding state is cleared, allowing to deploy a new config without
  having to restart Icinga 2 manually first.

Enhancements

* Add JSON-RPC utilization metrics and troubleshooting docs.
* When sending cluster messages to other zones, prefer endpoints in the order
  as specified in the zone configuration.
* Track the number of JSON-RPC messages received for each message type per
  endpoint.
* Add support for building with Boost v1.89 and use it on Windows.
@
text
@$NetBSD: patch-CMakeLists.txt,v 1.4 2025/09/27 07:00:56 adam Exp $

Do not look for boost_system library.

--- CMakeLists.txt.orig	2025-09-25 07:29:04.993972901 +0000
+++ CMakeLists.txt
@@@@ -172,7 +172,7 @@@@ else()
   set(LOGROTATE_CREATE "\n\tcreate 644 ${ICINGA2_USER} ${ICINGA2_GROUP}")
 endif()
 
-find_package(Boost ${BOOST_MIN_VERSION} COMPONENTS coroutine context date_time filesystem iostreams thread system program_options regex REQUIRED)
+find_package(Boost ${BOOST_MIN_VERSION} COMPONENTS coroutine context date_time filesystem iostreams thread program_options regex REQUIRED)
 
 # Boost.Coroutine2 (the successor of Boost.Coroutine)
 # (1) doesn't even exist in old Boost versions and
@


1.4
log
@icinga2: updated to 2.15.0

Icinga 2 v2.15.0

This Icinga 2 release is focused on adding Icinga 2 dependencies support to
Icinga DB, but also includes a number of bugfixes, enhancements and code
quality improvements. Below is a summary of the most important changes, for the
complete list of issues and PRs, please see the milestone on GitHub.
@
text
@d1 1
a1 1
$NetBSD$
@


1.3
log
@icinga2: Update to 2.12.9

* Remove some patches backported from upstream.
* Fix build with Boost 1.81.0.

Changelog:
Not available for 2.12.9
@
text
@d1 1
a1 1
$NetBSD: patch-CMakeLists.txt,v 1.2 2021/01/17 13:22:26 wiz Exp $
d3 1
a3 5
Define BOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT
Upstream Issue #8185, Pull Request #8192, commit 34942a35112438a91ef25ffa5f0c6c18f1999303
 
Rename VERSION to ICINGA2_VERSION to avoid name clashes on case-insensitive file systems.
Upstream Pull Request #8596
d5 5
a9 21
--- CMakeLists.txt.orig	2020-12-15 12:30:19.000000000 +0100
+++ CMakeLists.txt	2021-01-15 16:06:03.000000000 +0100
@@@@ -89,7 +89,7 @@@@
 set(ICINGA2_LICENSE "${ICINGA2_LICENSE_GPL}\n\n---\n\n${ICINGA2_LICENSE_ADDITIONS}")
 file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/LICENSE.txt" ${ICINGA2_LICENSE})
 
-file(STRINGS VERSION SPEC_VERSION REGEX "^Version:")
+file(STRINGS ICINGA2_VERSION SPEC_VERSION REGEX "^Version:")
 string(LENGTH "${SPEC_VERSION}" SPEC_VERSION_LENGTH)
 math(EXPR SPEC_VERSION_LENGTH "${SPEC_VERSION_LENGTH} - 9")
 string(SUBSTRING ${SPEC_VERSION} 9 ${SPEC_VERSION_LENGTH} SPEC_VERSION)
@@@@ -102,7 +102,7 @@@@
   configure_file(icinga-version.h.force ${CMAKE_CURRENT_BINARY_DIR}/icinga-version.h COPYONLY)
 else()
   if(NOT ICINGA2_GIT_VERSION_INFO OR GIT_VERSION MATCHES "-NOTFOUND$")
-    file(STRINGS VERSION SPEC_REVISION REGEX "^Revision: ")
+    file(STRINGS ICINGA2_VERSION SPEC_REVISION REGEX "^Revision: ")
     string(LENGTH "${SPEC_REVISION}" SPEC_REVISION_LENGTH)
     math(EXPR SPEC_REVISION_LENGTH "${SPEC_REVISION_LENGTH} - 10")
     string(SUBSTRING ${SPEC_REVISION} 10 ${SPEC_REVISION_LENGTH} SPEC_REVISION)
@@@@ -172,6 +172,9 @@@@
d11 2
a12 11
 add_definitions(-DBOOST_FILESYSTEM_NO_DEPRECATED)
 
+# Required for Boost v1.74+
+add_definitions(-DBOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT)
+
 link_directories(${Boost_LIBRARY_DIRS})
 include_directories(${Boost_INCLUDE_DIRS})
 
@@@@ -520,4 +523,4 @@@@
   )
 endif()
d14 2
a15 3
-include(CPack)
\ No newline at end of file
+include(CPack)
@


1.2
log
@icinga2: fix build/package on macOS

From MAINTAINER Edgar Fuß.
@
text
@d1 1
a1 1
$NetBSD: patch-CMakeLists.txt,v 1.1 2021/01/15 00:37:17 wiz Exp $
@


1.1
log
@net/icinga2: import icinga2-2.12.3

Packaged by Edgar Fuß for pkgsrc-wip.

Icinga 2 is an open source monitoring system which checks the
availability of your network resources, notifies users of outages,
and generates performance data for reporting.

Scalable and extensible, Icinga 2 can monitor large, complex
environments across multiple locations.
@
text
@d1 1
a1 1
$NetBSD: patch-CMakeListe.txt $
a3 1

d5 3
d9 21
a29 3
--- CMakeLists.txt.orig
+++ CMakeLists.txt
@@@@ -172,6 +172,9 @@@@ add_definitions(-DBOOST_COROUTINES_NO_DEPRECATION_WARNING)
d39 7
@