Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 698794

Summary: net-analyzer/nrpe - should not hard-depend on tcp-wrappers
Product: Gentoo Linux Reporter: Jaco Kroon <jaco>
Component: Current packagesAssignee: Jaco Kroon <jaco>
Status: RESOLVED FIXED    
Severity: normal CC: hydrapolic, jstein, sam
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=326367
https://github.com/gentoo/gentoo/pull/19376
Whiteboard:
Package list:
Runtime testing required: ---

Description Jaco Kroon 2019-10-28 19:23:28 UTC 
nrpe is hard-depending on tcp-wrappers.  We don't use tcp-wrappers (aka tcpd) for various reasons, and nrpe upgrade now forces the use thereof.  We use a firewall (iptables) to control this level and tcp-wrappers is just an additional layer (and have been the root cause of a few absolutely pointless DoS situations on our end).  We would highly appreciate if this can be made optional again.

This issue is similar to a previous bug from around 7 years back, referenced in the URL field.

Reproducible: Always
Comment 1 Jaco Kroon 2019-10-28 19:31:42 UTC 
It doesn't look like there is a ./configure option (If you're willing to take it I'll be happy to write a patch).

However, I can confirm that by removing the tcp-wrappers dependency nrpe still merges and installs without tcp-wrappers pre-installed.

the configure script checks for the existence and availability of tcp-wrappers.  So by force-depending on tcp-wrappers we force the use.  This is better than the alternative of simply not depending on it and having random installation but it's still not good.  I'm currently hand-merging on probably about 30 systems to avoid tcp-wrappers.
Comment 2 Jaco Kroon 2020-03-29 07:32:52 UTC 
ping.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-06 22:02:02 UTC 
(In reply to Jaco Kroon from comment #1)
> It doesn't look like there is a ./configure option (If you're willing to
> take it I'll be happy to write a patch).
> 

PR? :)
Comment 4 Larry the Git Cow gentoo-dev 2021-03-10 15:40:22 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1df43041963603de62674b76888b68ddae5ee97f

commit 1df43041963603de62674b76888b68ddae5ee97f
Author:     Jaco Kroon <jaco@uls.co.za>
AuthorDate: 2021-02-08 16:55:39 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-03-10 15:39:51 +0000

    net-analyzer/nrpe: version bump + add USE=tcpd
    
    This includes a patch for ./configure that has also been submitted
    upstream:
    
    https://github.com/NagiosEnterprises/nrpe/pull/247
    
    Dropped libressl support.
    
    Closes:  https://bugs.gentoo.org/698794
    Closes:  https://bugs.gentoo.org/737038
    Signed-off-by: Jaco Kroon <jaco@uls.co.za>
    Closes: https://github.com/gentoo/gentoo/pull/19376
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-analyzer/nrpe/Manifest                         |   1 +
 .../nrpe/files/nrpe-4.0.2-disable-tcpd.patch       |  62 +++++++++++++
 net-analyzer/nrpe/nrpe-4.0.3.ebuild                | 101 +++++++++++++++++++++
 3 files changed, 164 insertions(+)