net-analyzer/ndoutils: new version 2.1.3.

This is somewhat of a work in progress. The new version 2.1.3 is
intended mainly to fix the compatibility with modern versions of
nagios-core. However, there are still several fixes in the pipeline
that we're having to carry patches for in the meantime:

  * format-security warnings (upstream pull request 42)
  * default PID file location (upstream pull request 44)
  * asprintf compile warnings (upstream issue 43)
  * openrc service file improvements (not yet submitted)

The last patch has not been submitted because I'm waiting on a
response for upstream issue 45 that affects the init scripts.
Regardless, we might as well push out v2.1.3 now, since it has
to work better than v2.0.0.

Closes: https://bugs.gentoo.org/599452
Package-Manager: Portage-2.3.8, Repoman-2.3.3

6 files changed, 253 insertions, 34 deletions

diff --git a/net-analyzer/ndoutils/files/format-security.patch b/net-analyzer/ndoutils/files/format-security.patch
new file mode 100644
index 000000000000..75be7dc32103
--- /dev/null
+++ b/net-analyzer/ndoutils/files/format-security.patch
@@ -0,0 +1,115 @@
+From 07891e8fcf692552c57e64429fd52da9e682f6d2 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Sat, 22 Jul 2017 16:38:03 -0400
+Subject: [PATCH 1/1] src/queue.c: fix format-security warnings with explicit
+ "%s" format string.
+
+The syslog() function takes as its second argument a format string (a
+la printf), but if the third parameter is a string, then the format
+string can be omitted. This has led to security vulnerabilities in the
+past, and compilers can now warn about it. In particular, GCC has the
+-Wformat-security option, which can be made an error with
+-Werror=format-security.
+
+A few such two-argument calls were present in src/queue.c, where
+constant strings were being logged to syslog. This commit adds the
+second format string parameter (simply "%s" in this case) to avoid the
+compiler warnings.
+
+More information about format-security can be found in Fedora's FAQ:
+
+  https://fedoraproject.org/wiki/Format-Security-FAQ
+---
+ src/queue.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/src/queue.c b/src/queue.c
+index 8cb7445..50bb519 100644
+--- a/src/queue.c
++++ b/src/queue.c
+@@ -50,7 +50,7 @@ void del_queue() {
+ 	struct msqid_ds buf;
+ 
+ 	if (msgctl(queue_id,IPC_RMID,&buf) < 0) {
+-		syslog(LOG_ERR,"Error: queue remove error.\n");
++		syslog(LOG_ERR, "%s", "Error: queue remove error.\n");
+ 	}
+ }
+ 
+@@ -58,7 +58,7 @@ int get_queue_id(int id) {
+ 	key_t key = ftok(NDO_QUEUE_PATH, NDO_QUEUE_ID+id);
+ 
+ 	if ((queue_id = msgget(key, IPC_CREAT | 0600)) < 0) {
+-		syslog(LOG_ERR,"Error: queue init error.\n");
++		syslog(LOG_ERR, "%s", "Error: queue init error.\n");
+ 	}
+ }
+ 
+@@ -99,7 +99,7 @@ void log_retry( void) {
+ 		if(msgctl(queue_id, IPC_STAT, &queue_stats)) {
+ 			sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_STAT: %d", errno);
+ 			sprintf(logmsg, logfmt, curstats);
+-			syslog(LOG_ERR, logmsg);
++			syslog(LOG_ERR, "%s", logmsg);
+ 			}
+ 		else {
+ #if defined( __linux__)
+@@ -108,24 +108,24 @@ void log_retry( void) {
+ 			if( msgmni < 0) {
+ 				sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_INFO: %d", errno);
+ 				sprintf(logmsg, logfmt, curstats);
+-				syslog(LOG_ERR, logmsg);
++				syslog(LOG_ERR, "%s", logmsg);
+ 				}
+ 			else {
+ 				sprintf(curstats, statsfmt, queue_stats.msg_qnum,
+ 						(unsigned long)msgmni, queue_stats.__msg_cbytes,
+ 						queue_stats.msg_qbytes);
+ 				sprintf(logmsg, logfmt, curstats);
+-				syslog(LOG_ERR, logmsg);
++				syslog(LOG_ERR, "%s", logmsg);
+ 				}
+ #else
+ 			sprintf(logmsg, logfmt, "");
+-			syslog(LOG_ERR, logmsg);
++			syslog(LOG_ERR, "%s", logmsg);
+ #endif
+ 			}
+ 		last_retry_log_time = now;
+ 		}
+ 	else {
+-		syslog(LOG_ERR,"Warning: queue send error, retrying...\n");
++		syslog(LOG_ERR, "%s", "Warning: queue send error, retrying...\n");
+ 		}
+ }
+ 
+@@ -155,14 +155,14 @@ void push_into_queue (char* buf) {
+ 					#endif
+ 				}
+ 				if (retrynum < MAX_RETRIES) {
+-					syslog(LOG_ERR,"Message sent to queue.\n");
++					syslog(LOG_ERR, "%s", "Message sent to queue.\n");
+ 					}
+ 				else {
+-					syslog(LOG_ERR,"Error: max retries exceeded sending message to queue. Kernel queue parameters may need to be tuned. See README.\n");
++					syslog(LOG_ERR, "%s", "Error: max retries exceeded sending message to queue. Kernel queue parameters may need to be tuned. See README.\n");
+ 				}
+ 			}
+ 		else {
+-			syslog(LOG_ERR,"Error: queue send error.\n");
++			syslog(LOG_ERR, "%s", "Error: queue send error.\n");
+ 			}
+ 		}
+ 
+@@ -175,7 +175,7 @@ char* pop_from_queue() {
+ 	zero_string(msg.text, NDO_MAX_MSG_SIZE);
+ 
+ 	if (msgrcv(queue_id, &msg, queue_buff_size, NDO_MSG_TYPE, MSG_NOERROR) < 0) {
+-		syslog(LOG_ERR,"Error: queue recv error.\n");
++		syslog(LOG_ERR, "%s", "Error: queue recv error.\n");
+ 	}
+ 
+ 	int size = strlen(msg.text);
+-- 
+2.13.0
+
diff --git a/net-analyzer/ndoutils/files/ndo2db.init-nagios3 b/net-analyzer/ndoutils/files/ndo2db.init-nagios3
deleted file mode 100644
index 3e1e262f6e0c..000000000000
--- a/net-analyzer/ndoutils/files/ndo2db.init-nagios3
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depends() {
-	before nagios
-	need mysql
-}
-
-start() {
-	ebegin "Starting ndo2db"
-	if [ -S /var/nagios/ndo.sock ] ; then
-		rm -f /var/nagios/ndo.sock
-	fi
-	start-stop-daemon --start --quiet --exec /usr/bin/ndo2db \
-	-- -c /etc/nagios/ndo2db.cfg
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping ndo2db"
-	start-stop-daemon --stop --quiet --exec /usr/bin/ndo2db
-	eend $?
-}
diff --git a/net-analyzer/ndoutils/files/ndoutils-2.0.0-asprintf.patch b/net-analyzer/ndoutils/files/ndoutils-2.0.0-asprintf.patch
index 146132c21de3..21cf837ba36d 100644
--- a/net-analyzer/ndoutils/files/ndoutils-2.0.0-asprintf.patch
+++ b/net-analyzer/ndoutils/files/ndoutils-2.0.0-asprintf.patch
@@ -1,3 +1,9 @@
+This is a fix for the QA warnings that result from using asprintf()
+without defining it. That happens because asprintf() is a GNU
+extension, but somehow gets used before _GNU_SOURCE is defined.
+
+Upstream-Bug: https://github.com/NagiosEnterprises/ndoutils/issues/43
+
 --- a/include/config.h.in
 +++ b/include/config.h.in
 @@ -9,6 +9,7 @@
diff --git a/net-analyzer/ndoutils/files/ndoutils-2.0.0-sleep.patch b/net-analyzer/ndoutils/files/ndoutils-2.0.0-sleep.patch
deleted file mode 100644
index 61694baee9e3..000000000000
--- a/net-analyzer/ndoutils/files/ndoutils-2.0.0-sleep.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/src/queue.c
-+++ b/src/queue.c
-@@ -8,6 +8,7 @@
- #include "../include/queue.h"
- #include <errno.h>
- #include <time.h>
-+#include <unistd.h> /* sleep() */
- 
- #define RETRY_LOG_INTERVAL	600		/* Seconds */
- #define MAX_RETRIES	20				/* Max number of times to retry sending message */
diff --git a/net-analyzer/ndoutils/files/openrc-init.patch b/net-analyzer/ndoutils/files/openrc-init.patch
new file mode 100644
index 000000000000..07fcc63b7f3d
--- /dev/null
+++ b/net-analyzer/ndoutils/files/openrc-init.patch
@@ -0,0 +1,100 @@
+From 61c6e9295bae755713b403626f702b5ac90f2448 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Sat, 22 Jul 2017 17:25:29 -0400
+Subject: [PATCH 1/1] startup: simplify the OpenRC init scripts and conf file.
+
+This commit largely rewrites the OpenRC init script with the goal of
+simplifying it. The end result should be functionally the same, but is
+much shorter. The changes are as follows:
+
+ 1. Replace the deprecated /sbin/runscript shebang with /sbin/openrc-run.
+
+ 2. Replace the existing dependencies with "need mysql nagios". The
+    ndo2db daemon needs Nagios to create the TCP or Unix socket over
+    which it will communicate, and obviously it needs mysql to be
+    up and running in order to save any data. The dependencies
+    of mysql and nagios themselves will bring up whatever else is
+    required; nothing else needs to be listed as a dependency of
+    ndo2db.
+
+ 3. Use the "command", "command_args", and "pidfile" OpenRC
+    variables. OpenRC is smart enough to start and stop a well-behaved
+    daemon on its own without a custom start/stop function. By
+    specifying those three variables, we are able to eliminate much of
+    the custom start/stop code in the init script.
+
+Finally, the default value of NDO2DB_CFG in the associated conf file has
+been updated to use @sysconfdir@ instead of @pkgsysconfdir@, which wasn't
+having any effect.
+---
+ startup/openrc-conf.in |  6 ++----
+ startup/openrc-init.in | 42 +++++++++---------------------------------
+ 2 files changed, 11 insertions(+), 37 deletions(-)
+
+diff --git a/startup/openrc-conf.in b/startup/openrc-conf.in
+index d7b5474..69b15b5 100644
+--- a/startup/openrc-conf.in
++++ b/startup/openrc-conf.in
+@@ -1,4 +1,2 @@
+-# /etc/conf.d/ndo2db : config file for /etc/init.d/ndo2db
+-
+-# Configuration file - default is @sysconfdir@/ndo2db.cfg
+-NDO2DB_CFG="@pkgsysconfdir@/ndo2db.cfg"
++# The configuration file to use for ndo2db.
++NDO2DB_CFG="@sysconfdir@/ndo2db.cfg"
+diff --git a/startup/openrc-init.in b/startup/openrc-init.in
+index 119e074..7b3fb40 100644
+--- a/startup/openrc-init.in
++++ b/startup/openrc-init.in
+@@ -1,39 +1,15 @@
+-#!/sbin/runscript
++#!/sbin/openrc-run
+ #
+-# Copyright (c) 2016 Nagios(R) Core(TM) Development Team
++# Copyright (c) 2017 Nagios(R) Core(TM) Development Team
+ #
+-# Start/stop the Nagios Data Out Daemon.
+-#
+-# Goes in /etc/init.d - Config is in /etc/conf.d/ndo2db
+ 
+-NDO2DB_BIN="@sbindir@/ndo2db"
+-NDO2DB_PID="@piddir@/ndo2db.pid"
++command="@sbindir@/ndo2db"
++command_args="-c ${NDO2DB_CFG}"
++description="Nagios Data Out daemon"
++pidfile="@piddir@/ndo2db.pid"
+ 
+ depend() {
+-	use logger dns net localmount netmount nfsmount
+-}
+-
+-checkconfig() {
+-	# Make sure the config file exists
+-	if [ ! -f $NDO2DB_CFG ]; then
+-		eerror "You need to setup $NDO2DB_CFG.
+-		return 1
+-	fi
+-	return 0
+-}
+-
+-start() {
+-	checkconfig || return 1
+-	ebegin "Starting ndo2db"
+-	# Make sure we have a sane current directory
+-	cd /
+-	start-stop-daemon --start --exec $NDO2DB_BIN --pidfile $PID_FILE \
+-		-- -c $NDO2DB_CFG -f
+-	eend $?
+-}
+-
+-stop() {
+-	ebegin "Stopping ndo2db"
+-	start-stop-daemon --stop --exec $NDO2DB_BIN --pidfile $PID_FILE
+-	eend $?
++    # The Nagios core daemon creates the socket that ndo2db tries to
++    # connect to upon starting.
++    need mysql nagios
+ }
+-- 
+2.13.0
+
diff --git a/net-analyzer/ndoutils/files/sample-config-piddir.patch b/net-analyzer/ndoutils/files/sample-config-piddir.patch
new file mode 100644
index 000000000000..902038204988
--- /dev/null
+++ b/net-analyzer/ndoutils/files/sample-config-piddir.patch
@@ -0,0 +1,32 @@
+From 560db1e2bc79bb3321c5f431e149418ec3c28a98 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Sun, 23 Jul 2017 07:13:46 -0400
+Subject: [PATCH 1/1] config/ndo2db.cfg-sample.in: use @piddir@ for the pid
+ file.
+
+The "lock_file" setting in ndo2db.cfg specifies where the daemon's pid
+file should be stored. In the past, it was stored in @localstatedir@,
+but @piddir@ is more appropriate. As evidence, all of the init scripts
+in the "startup" directory reference @piddir@ and not @localstatedir@
+for the location of the pid file. This commit updates the sample
+config to agree with the init scripts.
+---
+ config/ndo2db.cfg-sample.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/ndo2db.cfg-sample.in b/config/ndo2db.cfg-sample.in
+index 75266dc..5b46fc9 100644
+--- a/config/ndo2db.cfg-sample.in
++++ b/config/ndo2db.cfg-sample.in
+@@ -10,7 +10,7 @@
+ # This is the lockfile that NDO2DB will use to store its PID number
+ # in when it is running in daemon mode.
+ 
+-lock_file=@localstatedir@/ndo2db.pid
++lock_file=@piddir@/ndo2db.pid
+ 
+ 
+ 
+-- 
+2.13.0
+