Imported Debian patch 2.15-1

debian/NEWS

@@ -0,0 +1,38 @@
+nagios-nrpe (2.15-1) unstable; urgency=high
+
+  This update disables the command-args support in nrpe. The feature
+  has several security problems and is often used wrong. If you have to
+  use this feature recompile the package with --enable-command-args
+  in debian/rules.
+
+ -- Alexander Wirt <formorer@debian.org>  Tue, 15 Jul 2014 09:52:48 +0200
+
+nagios-nrpe (2.12-4) unstable; urgency=low
+
+  The pidfile creation mechanism changed with this update. If you do not 
+  add "pid_file=/var/run/nagios/nrpe.pid" to you nrpe config take care that
+  the user "nagios" is able to write to your pidfile location. You can also 
+  change the initscript to create the pid directory on your own. 
+
+ -- Alexander Wirt <formorer@debian.org>  Tue, 07 Jul 2009 07:42:13 +0200
+
+nagios-nrpe (2.12-3) unstable; urgency=low
+
+  The homedirectory of the nagios user moved to /var/lib/nagios
+  which is now common on all nagios related packages. Its recommended
+  that you migrate an already existing nagios user to use /var/lib/nagios 
+  as homedirectory. 
+
+ -- Alexander Wirt <formorer@debian.org>  Sat, 21 Mar 2009 09:08:58 +0100
+
+nagios-nrpe (2.4-1) unstable; urgency=low
+
+  the nagios-nrpe-doc package is no longer provided.  the documentation
+  can now be found in /usr/share/doc/nagios-nrpe-{server|plugins}.  new
+  versions of the plugin and server packages conflict with the doc
+  package to prevent the old (and possibly incorrect in the future)
+  documentation from remaining.  to fully purge all information about
+  the package you should run:
+  	dpkg -P nagios-nrpe-doc
+
+ -- sean finney <seanius@debian.org>  Mon, 13 Mar 2006 15:47:47 +0100

debian/README.Debian

@@ -0,0 +1,23 @@
+nrpe
+----
+
+Put any local check command you need into /etc/nagios/nrpe_local.cfg or
+as a *.cfg file in /etc/nagios/nrpe.d/
+This files are included from the /etc/nagios/nrpe.cfg
+
+This package is built without support for command argument processing. If you
+want to enable it, you will have to rebuild this package with
+--enable-command-args in debian/rules.
+The feature has several security problems and should not be used. If you
+really need some dynamic argument processing try check_by_ssh or something
+similar.
+
+Do not rely on SSL mode for security
+------------------------------------
+
+NRPE contains an SSL mode which encrypts the data over the NRPE channel.
+The current implementation does not verify client or server and uses
+pregenerated key data by default. It cannot be fixed right away because
+it would break the existing NRPE protocol.
+
+Please refer to the file SECURITY in this directory for more information.

debian/README.source

@@ -0,0 +1,3 @@
+This package uses dpatch for its patch management, see
+/usr/share/doc/dpatch/README.source.gz if you are unfamiliar with it.
+

debian/TODO

@@ -0,0 +1,5 @@
+TODO
+====
+
+
+Add a nagios-common package which ships a user and homedir

debian/changelog

@@ -0,0 +1,314 @@
+nagios-nrpe (2.15-1) unstable; urgency=high
+
+  * [f2cea9f] Imported Upstream version 2.15
+  * [023e909] Disable command-args in nrpe. (Closes: #745272)
+  * [6369220] Use restorecon to set SE Linux context on $PIDDIR
+    (Closes: #679241)
+  * [a484e7d] Switch order of nagios-plugins recommends to prefer -basic.
+    (Closes: #752243)
+  * [b1ef043] Don't recommend a core implementation for the plugin
+  * [16dbf01] Remove obsolete patch
+  * [694b804] Remove luk from uploaders. (Closes: #719636)
+  * [28d9004] Remove obsolete patch
+  * [86ea67e] 08_CVE-2013-1362.dpatch is now obsolete
+  * [74e3b07] Refresh patches
+  * [1258ab2] Reword NEWS entry
+  * [744eec6] configure is buggy: --disable- in fact enables a feautre.
+  * [eec54b6] Adjust README.Debian for the removal or argument processing
+
+ -- Alexander Wirt <formorer@debian.org>  Tue, 15 Jul 2014 18:30:36 +0200
+
+nagios-nrpe (2.13-4) unstable; urgency=low
+
+  * [dcffec6] Do not remove the PID file after a connection error.
+    Original patch from Hiren Patel. (Closes: #716949)
+
+ -- Bernd Zeimetz <bzed@debian.org>  Mon, 15 Jul 2013 16:07:54 +0200
+
+nagios-nrpe (2.13-3) unstable; urgency=high
+
+  * [e55afd1] Add 08_CVE-2013-1362.dpatch patch.
+    If command arguments are enabled in the NRPE configuration, it was
+    possible to pass $() as arguments as the checking for nasty caracters
+    was not strict enough to catch $(). This allowed executing shell
+    commands under a subprocess and pass the output as a parameter to the
+    called script (if run under bash). CVE-2013-1362 (Closes: #701227)
+
+ -- Alexander Wirt <formorer@debian.org>  Sat, 09 Mar 2013 08:42:05 +0100
+
+nagios-nrpe (2.13-2) unstable; urgency=high
+
+  [ Thijs Kinkhorst ]
+  * Add warning about the inadequateness of the 'ssl' option.
+
+ -- Alexander Wirt <formorer@debian.org>  Mon, 11 Feb 2013 17:45:20 +0100
+
+nagios-nrpe (2.13-1) unstable; urgency=low
+
+  * [3e113b5] Imported Upstream version 2.13
+  * [acc152b] Bump standards version
+  * [c707bce] Use dh9 for hardening
+  * Updated patches
+
+ -- Alexander Wirt <formorer@debian.org>  Sat, 30 Jun 2012 11:08:22 +0200
+
+nagios-nrpe (2.12-6) unstable; urgency=low
+
+  * [36b1062] Add add icinga to the list of recommends
+  * [a698acb] Don't remove homedirectory of the nagios user (Closes: #665845)
+  * [4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe
+    (Closes: #650464)
+
+ -- Alexander Wirt <formorer@debian.org>  Mon, 30 Apr 2012 09:25:45 +0200
+
+nagios-nrpe (2.12-5) unstable; urgency=low
+
+  [ Alexander Wirt ]
+  * [e3af3bd] Bump compat to 8
+  * [4f9e892] Add versioned depends to dpatch for sequence support
+  * [5ec5a3b] Install example nrpe_local.cfg
+  * [69ea7b9] Move rules file to dh
+  * [298f725] Use autotools_dev dh sequence helper
+  * [10da37d] Bump debhelper dependency to 8
+  * [2b009ae] Bump standards version
+  * [4d093e3] Ignore usermod failure (Closes: #538894)
+  * [e776f7b] Use pidfile for start-stop-daemon and fix pidfile deletion
+    (Closes: #548157, #639523)
+  * [8050c97] Support multiarch in rulesfile (Closes: #642790)
+  * [027274f] Use pidfile for start-stop-daemon in start()
+  * [1f69c63] Support status in nrpe initscript
+  * [42ccdcc] Add a comment to nrpe.cfg that snipplets have to end .cfg
+    (Closes: #641933)
+
+  [ Jan Wagner ]
+  * [0a80fdb] Update debian/README.Debian about conf.d/
+
+ -- Alexander Wirt <formorer@debian.org>  Sun, 25 Sep 2011 08:35:48 +0200
+
+nagios-nrpe (2.12-4) unstable; urgency=low
+
+  * Build against libwrap0-dev (Closes: #412705)
+  * Remove 'last modified header' from nrpe config (Closes: #499280)
+  * Create /etc/nagios/nrpe.d (Closes: #505700, #474333)
+  * Fix pidfile handling (Closes: #411046)
+  * Add newer config.{guess,sub} (Closes: #535737)
+    - Build-depend on autotools-dev
+  * Delete /var/lib/nagios if empty after purge (Closes: #527069)
+  * Bump standards version (add README.source)
+  * Bump dh_compat version (remove -k from dh_clean)
+
+ -- Alexander Wirt <formorer@debian.org>  Mon, 06 Jul 2009 07:08:26 +0200
+
+nagios-nrpe (2.12-3.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix bashism (Closes: #530149).
+
+ -- Raphael Geissert <geissert@debian.org>  Sat, 04 Jul 2009 20:23:23 -0500
+
+nagios-nrpe (2.12-3) unstable; urgency=low
+
+  * Sync homedirectory of the nagios user with the nagios3 package 
+    (Closes: #479051)
+  * Removed now empty nagios-nrpe-plugins.post* scripts 
+
+ -- Alexander Wirt <formorer@debian.org>  Sat, 21 Mar 2009 09:33:39 +0100
+
+nagios-nrpe (2.12-2) unstable; urgency=low
+
+  * Add myself to uploaders.
+  * Clean buffer before use (Closes: #498749).
+  * Remove pid file before creating a new ones (Closes: #411046).
+  * Include inetd support (Closes: #409772).
+
+ -- Luk Claes <luk@debian.org>  Sun, 14 Sep 2008 16:04:17 +0200
+
+nagios-nrpe (2.12-1) unstable; urgency=low
+
+  * Support an nrpe.d config directory in addition to nrpe_local.cfg 
+    (Closes: #474333)
+  * Add myself to uploaders
+  * Add watch file 
+  * New upstream version (Closes: #475081)
+  * Acknowledge NMU from Chris Lamb (Closes: #484412) 
+  * Recommend Nagios 3 instead of Nagios 2 
+  * Update copyright file
+  * Use the same homedir as nagios3 (Closes: #479051)
+
+ -- Alexander Wirt <formorer@debian.org>  Wed, 06 Aug 2008 20:33:57 +0200
+
+nagios-nrpe (2.8.1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix bashism in debian/rules (Closes: #484412)
+  * Bump Standards-Version to 3.8.0.
+
+ -- Chris Lamb <chris@chris-lamb.co.uk>  Sat, 12 Jul 2008 01:09:21 +0100
+
+nagios-nrpe (2.8.1-1) unstable; urgency=low
+
+  * New upstream release
+  * bump Recommends to nagios2, thanks to Henning Sprang
+    for suggesting this (closes: #399856).
+  * fix typo in package description, thanks to Tilman Koschnick for
+    noticing this (closes: #419130).
+
+ -- sean finney <seanius@debian.org>  Sat, 12 May 2007 12:27:30 +0200
+
+nagios-nrpe (2.5.1-3) unstable; urgency=high
+
+  * apparently we were already including another default file
+    without installing it, and some people were using it.  so
+    now we include this one as well as the new default, with this
+    one taking precedence since it was there first.  thanks to
+    Peter Palfrader for catching this (closes: #398914).
+
+ -- sean finney <seanius@debian.org>  Fri, 17 Nov 2006 09:17:55 +0100
+
+nagios-nrpe (2.5.1-2) unstable; urgency=low
+
+  * include a /etc/default/nagios-nrpe-server where variables
+    such as DAEMON_OPTS can be set (closes: #396709).
+  * bump standards version to 3.7.2
+  * add pre-depends on adduser
+  * LSB-ize init script, and add dependency on lsb-base
+
+ -- sean finney <seanius@debian.org>  Sat, 04 Nov 2006 17:38:34 +0100
+
+nagios-nrpe (2.5.1-1) unstable; urgency=low
+
+  * new upstream release.  includes fix from Peter Palfrader to catch
+    invalid free()'s when nrpe is called with --no-ssl (closes: #361233).
+
+ -- sean finney <seanius@debian.org>  Sun, 14 May 2006 21:38:48 -0500
+
+nagios-nrpe (2.4-2) unstable; urgency=low
+
+  [sean finney]
+  * removing nrpe_local.cfg caused trouble for some people, so
+    i've added it back in (closes: #360093).
+
+ -- sean finney <seanius@debian.org>  Fri, 31 Mar 2006 07:02:31 +0200
+
+nagios-nrpe (2.4-1) unstable; urgency=low
+
+  * new upstream release.
+
+  [sean finney]
+  * (NEEDS TESTING) move away from cdbs for my own sanity.
+  * add build-dependency on dpatch.
+  * no longer create nrpe_local.cfg.  no reason to have it.
+  * remove postinst script for nagios-nrpe-server, as all it
+    did was touch the previously mentioned file.
+  * upstream has incorporated the following patches:
+    - 02_global-cmd-prefix.dpatch
+    - 03_nrpe-trailing-whitespace.dpatch
+  * check_nrpe -h provides what "-a" does, but i've gone ahead and
+    added a comment in check_nrpe.cfg too, because it can't hurt
+    to do so :) (closes: #351714).
+  * no longer generate the nagios-nrpe-doc package, and move copies of
+    the documentation into the plugin and server packages.  add a
+    Conflicts: nagios-nrpe-doc to the remaining packages to ensure
+    that the stale package doesn't remain.  NEWS.Debian also mentions
+    this and instructs the admin to purge the package too.
+
+ -- sean finney <seanius@debian.org>  Tue, 24 Jan 2006 18:16:54 +0100
+
+nagios-nrpe (2.2-1) unstable; urgency=low
+
+  * new upstream release.
+
+  [sean finney]
+  * debian packaging source repository is now migrated to svn.
+  * updated 01_nodevrandom-and-docoptions.dpatch and
+    02_global-cmd-prefix.dpatch to apply against the latest
+    upstream version.
+  * nrpe.cfg has moved location in the upstream tarball.
+  * introduced 03_nrpe-trailing-whitespace.dpatch to fix regression
+    in config file parsing until upstream incorporates it.
+
+ -- sean finney <seanius@debian.org>  Tue, 24 Jan 2006 17:52:54 +0100
+
+nagios-nrpe (2.0-9) unstable; urgency=low
+
+  * Sean Finney:
+    - nagios-nrpe has now joined forces with the debian pkg-nagios
+      project, updated Maintainer and Uploaders field accordingly.
+    - provide check_nrpe_1arg command definition so that one can call
+      check_nrpe both with and without arguments to the cmds 
+      (closes: #248424).
+    - changed nagios-nrpe-server's Recommends on nagios-plugins to reflect
+      the upcoming new nagios-plugins layout.
+    - changed nagios-nrpe-plugin's Depends on nagios to a Recommends.
+    - building issues seem to be resolved on arm now (closes: #259442).
+    - updated Standards-Version to 3.6.2
+    - included patch from joerg and weasel to document some cmdline options
+      and provide a better alternative to reading a random byte from
+      /dev/random (closes: #333552).
+    - included "global command prefix" patch from joerg jaspert
+      (closes: #332253).
+
+ -- sean finney <seanius@debian.org>  Tue, 25 Oct 2005 10:04:59 -0400
+
+nagios-nrpe (2.0-8) unstable; urgency=low
+
+  * debian/control: change depends on nagios-plugins, to recommends.
+    (closes: #327199)
+
+ -- Jason Thomas <jason@debian.org>  Mon, 10 Oct 2005 08:07:57 +1000
+
+nagios-nrpe (2.0-7) unstable; urgency=high
+
+  * The previous upload fixes a bug that breaks the install of this package so
+    this is a new upload with a high urgency to try and get it into sarge.
+
+ -- Jason Thomas <jason@debian.org>  Thu, 19 Aug 2004 22:47:40 +1000
+
+nagios-nrpe (2.0-6) unstable; urgency=low
+
+  * nagios plugin config dir changed to etc/nagios-plugins/configs/
+    (closes: #266826)
+
+ -- Jason Thomas <jason@debian.org>  Thu, 19 Aug 2004 21:17:28 +1000
+
+nagios-nrpe (2.0-5) unstable; urgency=low
+
+  * debian/nagios-nrpe-server.preinst: added code to create nagios user and
+    group.
+    (closes: #248995, #241168)
+
+ -- Jason Thomas <jason@debian.org>  Sat, 15 May 2004 12:02:35 +1000
+
+nagios-nrpe (2.0-4) unstable; urgency=low
+
+  * debian/nagios-nrpe-server.init.d: added missing -d to restart.
+    (closes: #248797)
+  * debian/nrpe.1: renamed to nrpe.8
+  * debian/nagios-nrpe-server.manpages: changed nrpe.1 to nrpe.8
+  * debian/dirs: deleted it as its not needed. 
+
+ -- Jason Thomas <jason@debian.org>  Fri, 14 May 2004 14:05:03 +1000
+
+nagios-nrpe (2.0-3) unstable; urgency=low
+
+  * debian/nagios-nrpe-server.init.d: added --oknodo to stop commands which
+    will make upgrades and purges clean.
+
+ -- Jason Thomas <jason@debian.org>  Wed, 24 Mar 2004 13:09:00 +1100
+
+nagios-nrpe (2.0-2) unstable; urgency=low
+
+  * debian/control: added build-depends cdbs
+    (closes: #230943)
+  * debian/control: nagios-nrpe-server now conflicts netsaint-nrpe-server
+    (closes: #230303)
+
+ -- Jason Thomas <jason@debian.org>  Wed, 11 Feb 2004 09:27:01 +1100
+
+nagios-nrpe (2.0-1) unstable; urgency=low
+
+  * Initial Release.
+    (closes: #209124)
+
+ -- Jason Thomas <jason@debian.org>  Wed, 14 Jan 2004 16:13:36 +1100
+

debian/check_nrpe.cfg

@@ -0,0 +1,11 @@
+# this command runs a program $ARG1$ with arguments $ARG2$
+define command {
+	command_name	check_nrpe
+	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$
+}
+
+# this command runs a program $ARG1$ with no arguments
+define command {
+	command_name	check_nrpe_1arg
+	command_line	/usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
+}

debian/compat

@@ -0,0 +1 @@
+9

debian/control

@@ -0,0 +1,36 @@
+Source: nagios-nrpe
+Section: net
+Priority: optional
+Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
+Uploaders: sean finney <seanius@debian.org>, Jason Thomas <jason@debian.org>, Alexander Wirt <formorer@debian.org>
+Build-Depends: debhelper (>= 9), openssl, dpatch (>= 2.0.32~), libssl-dev, libwrap0-dev, autotools-dev (>= 20100122.1)
+Standards-Version: 3.9.5
+
+Package: nagios-nrpe-server
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-3)
+Pre-Depends: adduser
+Conflicts: nagios-nrpe-doc
+Recommends: nagios-plugins-basic | nagios-plugins
+Description: Nagios Remote Plugin Executor Server
+ Nagios is a host/service/network monitoring and management system.
+ .
+ The purpose of this addon is to allow you to execute Nagios plugins on a
+ remote host in as transparent a manner as possible.
+ .
+ This program runs as a background process on the remote host and processes
+ command execution requests from the check_nrpe plugin on the Nagios host.
+
+Package: nagios-nrpe-plugin
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Conflicts: nagios-nrpe-doc
+Description: Nagios Remote Plugin Executor Plugin
+ Nagios is a host/service/network monitoring and management system.
+ .
+ The purpose of this addon is to allow you to execute Nagios plugins on a
+ remote host in as transparent a manner as possible.
+ .
+ This is a plugin that is run on the Nagios host and is used to contact the
+ NRPE process on remote hosts.
+

debian/copyright

@@ -0,0 +1,37 @@
+This package was debianized by Jason Thomas <jason@debian.org> on
+Wed, 14 Jan 2004 16:13:36 +1100.
+
+It was downloaded from http://www.nagios.org/download/extras.php
+
+Current Debian Maintainers: The nagios packaging team
+	http://alioth.debian.org/projects/pkg-nagios/
+
+Mailing-List: 
+	pkg-nagios-devel@lists.alioth.debian.org
+
+Upstream Author: Ethan Galstad (nagios@nagios.org) 
+
+Copyright (c) 1999-2009 Ethan Galstad (nagios@nagios.org)
+
+License:
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+On Debian systems, the complete text of the GNU General Public
+License can be found in /usr/share/common-licenses/GPL. 
+
+There is an exception in the sourcecode for linking against openssl: 
+
+  This program is released under the GPL (see below) with the additional
+  exemption that compiling, linking, and/or using OpenSSL is allowed.
+
+The file src/snprintf.c is Copyright 1995 by Patrick Powell
+
+This code is based on code written by Patrick Powell (papowell@astart.com)
+It may be used for any purpose as long as this notice remains intact
+on all source code distributions
+
+

debian/dirs

@@ -0,0 +1 @@
+/etc/nagios/nrpe.d

debian/docs

@@ -0,0 +1,3 @@
+README
+LEGAL
+SECURITY

debian/nagios-nrpe-plugin.install

@@ -0,0 +1,2 @@
+src/check_nrpe usr/lib/nagios/plugins/
+debian/check_nrpe.cfg etc/nagios-plugins/config/

debian/nagios-nrpe-plugin.postrm

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = purge ]; then
+	test -d /var/lib/nagios && rmdir /var/lib/nagios || true #ignore non-failure errors 
+fi
+
+#DEBHELPER#
+

debian/nagios-nrpe-server.default

@@ -0,0 +1,12 @@
+# defaults file for nagios-nrpe-server
+# (this file is a /bin/sh compatible fragment)
+
+# DAEMON_OPTS are any extra cmdline parameters you'd like to
+#             pass along to the nrpe daemon
+#DAEMON_OPTS="--no-ssl"
+
+# NICENESS is if you want to run the server at a different nice() priority
+#NICENESS=5
+
+# INETD is if you want to run the server via inetd (default=0, run as daemon)
+#INETD=0

debian/nagios-nrpe-server.init

@@ -0,0 +1,85 @@
+#! /bin/sh
+#
+
+### BEGIN INIT INFO
+# Provides:          nagios-nrpe-server
+# Required-Start:    $local_fs $remote_fs $syslog $named $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $named $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start/Stop the Nagios remote plugin execution daemon
+### END INIT INFO
+
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/nrpe
+NAME=nagios-nrpe
+DESC=nagios-nrpe
+CONFIG=/etc/nagios/nrpe.cfg
+PIDDIR=/var/run/nagios
+
+test -x $DAEMON || exit 0
+
+if ! [ -x "/lib/lsb/init-functions" ]; then
+	. /lib/lsb/init-functions
+else
+	echo "E: /lib/lsb/init-functions not found, lsb-base (>= 3.0-6) needed"
+	exit 1
+fi
+
+# Include nagios-nrpe defaults if available
+if [ -f /etc/default/nagios-nrpe-server ] ; then
+	. /etc/default/nagios-nrpe-server
+fi
+# we also used to include this file, so if it's there
+# we include it as well
+if [ -f /etc/default/nagios-nrpe ]; then
+	. /etc/default/nagios-nrpe
+fi
+if [ "$NICENESS" ]; then NICENESS="-n $NICENESS"; fi
+
+#since /var/run can be wiped completly we create our run directory here
+if [ ! -d "$PIDDIR" ]; then 
+	mkdir "$PIDDIR"
+	chown nagios "$PIDDIR"
+    [ -x /sbin/restorecon ] && /sbin/restorecon "$PIDDIR"
+fi
+
+set -e
+
+case "$1" in
+  start)
+	if [ "$INETD" = 1 ]; then
+		exit 1
+	fi
+	log_daemon_msg "Starting $DESC" "$NAME"
+	start_daemon -p $PIDDIR/nrpe.pid $NICENESS $DAEMON  -c $CONFIG -d $DAEMON_OPTS
+	log_end_msg $?
+	;;
+  stop)
+	log_daemon_msg "Stopping $DESC" "$NAME"
+	start-stop-daemon --stop --quiet --oknodo --pidfile $PIDDIR/nrpe.pid --retry 15
+	log_end_msg $?
+	;;
+  reload|force-reload)
+	log_daemon_msg "Reloading $DESC configuration files" "$NAME"
+	start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDDIR/nrpe.pid
+	log_end_msg $?
+	;;
+  status)
+    status_of_proc -p $PIDDIR/nrpe.pid "$DAEMON" "$NAME" && exit 0 || exit $?
+    ;;
+  restart)
+	$0 stop
+	sleep 1
+	$0 start
+	;;
+  *)
+	log_failure_msg "Usage: $N {start|stop|restart|reload|force-reload}" 
+	exit 1
+	;;
+esac
+
+exit 0

debian/nagios-nrpe-server.install

@@ -0,0 +1,3 @@
+src/nrpe usr/sbin
+sample-config/nrpe.cfg etc/nagios
+debian/nrpe_local.cfg etc/nagios

debian/nagios-nrpe-server.manpages

@@ -0,0 +1 @@
+debian/nrpe.8

debian/nagios-nrpe-server.preinst

@@ -0,0 +1,55 @@
+#! /bin/sh
+# preinst script for nagios-nrpe-server
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+#
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    install|upgrade)
+	if id nagios >/dev/null 2>&1 ; then
+		# We have a nagios user.
+		if [ `id nagios -g -n` != "nagios" ] ; then
+			addgroup --system nagios || true
+            #this can fail sometimes (i.e. with LDAP) so ignore it
+			usermod -g nagios nagios || true
+		fi
+	else
+		adduser --system --group --home /var/lib/nagios --quiet nagios
+	fi
+
+#        if [ "$1" = "upgrade" ]
+#        then
+#            start-stop-daemon --stop --quiet --oknodo  \
+#                --pidfile /var/run/bud.pid  \
+#                --exec /usr/sbin/bud 2>/dev/null || true
+#        fi
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+

debian/nrpe.8

@@ -0,0 +1,52 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH NAGIOS-NRPE 8 "January 14, 2004"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+nrpe \- Nagios Remote Plugin Executor - Server
+.SH SYNOPSIS
+.B nagios-nrpe
+\fI-c <config_file> <mode>\fR
+.SH DESCRIPTION
+.PP
+The purpose of this addon is to allow you to execute Nagios plugins on a
+remote host in as transparent a manner as possible.
+.PP
+This program runs as a background process on the remote host and processes
+command execution requests from the check_nrpe plugin on the Nagios host.
+.SH OPTIONS
+.IP
+<config_file> = Name of config file to use
+.IP
+<mode>        = One of the following two operating modes:
+.TP
+\fB\-i\fR
+=    Run as a service under inetd or xinetd
+.TP
+\fB\-d\fR
+=    Run as a standalone daemon
+.PP
+Notes:
+This program is designed to process requests from the check_nrpe
+plugin on the host(s) running Nagios.  It can run as a service
+under inetd or xinetd (read the docs for info on this), or as a
+standalone daemon. Once a request is received from an authorized
+host, NRPE will execute the command/plugin (as defined in the
+config file) and return the plugin output and return code to the
+check_nrpe plugin.
+.SH AUTHOR
+This manual page was written by Jason Thomas <jason@debian.org>,
+for the Debian project (but may be used by others).

debian/nrpe_local.cfg

@@ -0,0 +1,3 @@
+######################################
+# Do any local nrpe configuration here
+######################################

debian/patches/00list

@@ -0,0 +1,6 @@
+02_nrpe.cfg_local-include.dpatch
+03_support_nrpe.d.dpatch
+05_pid_privileges.dpatch
+06_pid_directory.dpatch
+07_warn_ssloption.dpatch
+09_noremove_pid.dpatch

debian/patches/02_nrpe.cfg_local-include.dpatch

@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 02_nrpe.cfg_local-include.dpatch by  <seanius@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Support nrpe_local.cfg 
+
+@DPATCH@
+diff -urNad nagios-nrpe-2.4~/sample-config/nrpe.cfg.in nagios-nrpe-2.4/sample-config/nrpe.cfg.in
+--- nagios-nrpe-2.4~/sample-config/nrpe.cfg.in	2006-02-03 23:02:32.000000000 +0100
++++ nagios-nrpe-2.4/sample-config/nrpe.cfg.in	2006-03-31 07:07:16.000000000 +0200
+@@ -178,3 +178,8 @@
+ #command[check_load]=@libexecdir@/check_load -w $ARG1$ -c $ARG2$
+ #command[check_disk]=@libexecdir@/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+ #command[check_procs]=@libexecdir@/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
++
++#
++# local configuration:
++#	if you'd prefer, you can instead place directives here
++include=/etc/nagios/nrpe_local.cfg

debian/patches/03_support_nrpe.d.dpatch

@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 03_support_nrpe.d.dpatch by Alexander Wirt <formorer@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Support an nrpe.d directory
+
+@DPATCH@
+diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in
+--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in	2008-04-15 23:53:48.000000000 +0200
++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in	2008-04-15 23:54:48.000000000 +0200
+@@ -211,3 +211,9 @@
+ # local configuration:
+ #	if you'd prefer, you can instead place directives here
+ include=/etc/nagios/nrpe_local.cfg
++
++# 
++# you can place your config snipplets into nrpe.d/
++# only snipplets ending in .cfg will get included
++include_dir=/etc/nagios/nrpe.d/
++
++

debian/patches/04_weird_output.dpatch

@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04_weird_output.dpatch by  <luk@luknote>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Clean buffer before use
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c
+--- pkg-nrpe~/src/nrpe.c	2012-04-30 09:36:53.000000000 +0200
++++ pkg-nrpe/src/nrpe.c	2012-04-30 09:52:47.890535825 +0200
+@@ -1107,6 +1107,9 @@
+ 	/* disable connection alarm - a new alarm will be setup during my_system */
+ 	alarm(0);
+ 
++	// null buffer before using it!
++	memset(buffer,0,sizeof(buffer));
++
+ 	/* if this is the version check command, just spew it out */
+ 	if(!strcmp(command_name,NRPE_HELLO_COMMAND)){
+ 

debian/patches/05_pid_privileges.dpatch

@@ -0,0 +1,27 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 05_pid_privileges.dpatch by  <luk@luknote>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c
+--- pkg-nrpe~/src/nrpe.c	2014-05-23 20:42:27.000000000 +0200
++++ pkg-nrpe/src/nrpe.c	2014-07-15 14:09:45.027422047 +0200
+@@ -317,13 +317,13 @@
+ 		/* log info to syslog facility */
+ 		syslog(LOG_NOTICE,"Starting up daemon");
+ 
++		/* drop privileges */
++		drop_privileges(nrpe_user,nrpe_group);
++
+ 		/* write pid file */
+ 		if(write_pid_file()==ERROR)
+ 			return STATE_CRITICAL;
+ 
+-		/* drop privileges */
+-		drop_privileges(nrpe_user,nrpe_group);
+-
+ 		/* make sure we're not root */
+ 		check_privileges();
+ 

debian/patches/06_pid_directory.dpatch

@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04_pid_directory.dpatch by Alexander Wirt <formorer@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in
+--- nagios-nrpe-2.8.1~/sample-config/nrpe.cfg.in	2007-03-09 19:08:58.000000000 +0100
++++ nagios-nrpe-2.8.1/sample-config/nrpe.cfg.in	2009-07-06 07:43:09.000000000 +0200
+@@ -16,7 +16,7 @@
+ # number.  The file is only written if the NRPE daemon is started by the root
+ # user and is running in standalone mode.
+ 
+-pid_file=/var/run/nrpe.pid
++pid_file=/var/run/nagios/nrpe.pid
+ 
+ 
+ 

debian/patches/07_warn_ssloption.dpatch

@@ -0,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 07_warn_ssloption.dpatch by Thijs Kinkhorst <thijs@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Warn against inadequateness of NRPE's own SSL option.
+
+--- a/SECURITY	2013-02-10 15:07:18.000000000 +0100
++++ b/SECURITY	2013-02-10 15:08:50.000000000 +0100
+@@ -67,14 +67,17 @@
+ ----------
+ 
+ If you do enable support for command arguments in the NRPE daemon,
+-make sure that you encrypt communications either by using:
+-
+-   1.  Stunnel (see http://www.stunnel.org for more info)
+-   2.  Native SSL support
++make sure that you encrypt communications either by using, for
++example, Stunnel (see http://www.stunnel.org for more info).
+ 
+ Do NOT assume that just because the daemon is behind a firewall
+ that you are safe!  Always encrypt NRPE traffic!
+ 
++NOTE: the currently shipped native SSL support of NRPE is not an
++adequante protection, because it does not verify clients and
++server, and uses pregenerated key material. NRPE's SSL option is
++advised against. For more information, see Debian bug #547092.
++
+ 
+ USING ARGUMENTS
+ ---------------

debian/patches/09_noremove_pid.dpatch

@@ -0,0 +1,34 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 09_noremove_pid.dpatch by  <simon.deziel@gmail.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Do not remove the PID file after a connection error (original patch 
+## DP: from Hiren Patel)
+
+# Author: Hiren Patel
+# From: http://comments.gmane.org/gmane.network.nagios.devel/6774
+# Bug-Debian: #716949
+# Bug-Ubuntu: https://launchpad.net/bugs/1126890
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c
+--- pkg-nrpe~/src/nrpe.c	2014-07-15 14:20:02.000000000 +0200
++++ pkg-nrpe/src/nrpe.c	2014-07-15 14:20:55.775429979 +0200
+@@ -998,7 +998,7 @@
+ 						/* close socket prioer to exiting */
+ 						close(sock);
+ 			
+-						return;
++                        exit(STATE_CRITICAL);
+ 						}
+ 
+ 					/* handle signals */
+@@ -1022,7 +1022,7 @@
+ 				        /* close socket prior to exiting */
+ 						close(new_sd);
+ 
+-						return;
++                        exit(STATE_CRITICAL);
+ 						}
+ 
+ 					/* is this is a blessed machine? */

debian/rules

@@ -0,0 +1,22 @@
+#!/usr/bin/make -f
+
+# newer dpkg set this by default.
+DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+
+# Include dpatch stuff.
+include /usr/share/dpatch/dpatch.make
+
+%:
+	    dh $@ --with dpatch,autotools_dev
+
+override_dh_auto_configure:
+	./configure \
+		--prefix=/usr \
+		--enable-ssl \
+		--with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
+		--sysconfdir=/etc \
+		--localstatedir=/var \
+		--libexecdir=/usr/lib/nagios/plugins \
+		--libdir=/usr/lib/nagios
+
+override_dh_auto_install:

debian/watch

@@ -0,0 +1,3 @@
+version=3
+
+http://sf.net/nagios/nrpe-([0-9.]+).tar.gz