This release is mostly small bug fixes and additional protections against the SUID vulnerability discovered by Dawid Golunski. As we are now using coverity to scan for small bugs, there will be a number of small commits in the near future.
The mailq autodetection commits were reverted as there were issues with parsing performed by the awk script. We decided to use FindBin in lieu of shimming the awk regex. You can try out the proposed FindBin changes in the branch “findbin”. Expect the branches findbin and timeout_state to be merged into the next major release (2.1.0).
A full list of included enhancements and fixes are listed below:
- parse_ini.c – Additional fixes for the SUID plugins vulnerabilities (sreinhardt)
- Added Gnulib module idpriv-droptemp (weiss)
- check_dns.c – Resolved issues with reverse lookup (sreinhardt)
- check_dns.c – Changed query types from ALL to ANY (sreinhardt)
- common.h – Include fixes for esoteric AIX compile issues (emislivec)
- negate.c – Small fixes from coverity (66479) (66480) (sreinhardt)
- check_dhcp.c – Small fix from coverity (66488) (sreinhardt)
- check_http.c – Potential memory leak and overflow fixed from coverity (66514) (sreinhardt)
- check_ntp.c – Small fix from coverity (66524) (sreinhardt)
- utils_cmd.c – Small file descriptor fix from coverity (66502) (sreinhardt)
- check_apt.c – Small fix for from coverity (66531) (sreinhardt)
- check_mailq – Reverted autodetection commits to avoid awk parsing issues. Autodetection will return in version 2.1.0 as part of the changes in the FindBin branch (abrist)
Thanks to all who have contributed toward this release. If you need assistance installing or using the plugins, please visit our general support forum. Bug reports, feature requests, and additional comments are welcome and may be posted to our plugin development forum.