CVS commit: pkgsrc/net/icinga2

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Sun Oct 19 13:49:30 UTC 2025

Modified Files:
        pkgsrc/net/icinga2: Makefile distinfo
Removed Files:
        pkgsrc/net/icinga2/patches: patch-CMakeLists.txt

Log Message:
icinga2: updated to 2.15.1

2.15.1 (2025-10-16)

This release fixes multiple security issues. Two of them allow authenticated
API users to learn restricted information or crash Icinga 2. A third issue
affects the scripts provided with Icinga 2 and allows a limited privilege
escalation where the Icinga 2 daemon user can trick root into sending signals to
arbitrary processes.

In addition, this version also includes bug fixes regarding config deployments
and improvements to allow for better debugging of problems related to JSON-RPC
cluster communication.

Note that one fix affects the logrotate configuration. If it was modified
locally, it might not be updated automatically by the package manager and
applying the changes manually is necessary. For details, please check the
[upgrading docs](https://icinga.com/docs/icinga-2/latest/doc/16-upgrading-icinga-2/#upgrading-to-2-15-1).

Security

* CVE-2025-61907: Prevent API users from accessing variables and objects they
  don't have access to within filter expressions. This allowed authenticated
  API users to learn information they aren't allowed to access directly.
* CVE-2025-61908: Add a missing null pointer check while evaluating
  expressions. This allowed authenticated API users to crash the Icinga 2
  daemon by supplying a crafted filter expression.
* CVE-2025-61909: Don't send signals as root in safe-reload script and
  logrotate config. This allowed a limited privilege escalation from the Icinga
  2 service user to root. The scope is limited to sending SIGHUP or SIGUSR1 to
  an arbitrary process.
* Windows: Update to OpenSSL 3.0.18.

Bugfixes

* When a reload triggered from Icinga Director (or the /v1/config API) fails,
  the corresponding state is cleared, allowing to deploy a new config without
  having to restart Icinga 2 manually first.

Enhancements

* Add JSON-RPC utilization metrics and troubleshooting docs.
* When sending cluster messages to other zones, prefer endpoints in the order
  as specified in the zone configuration.
* Track the number of JSON-RPC messages received for each message type per
  endpoint.
* Add support for building with Boost v1.89 and use it on Windows.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/icinga2/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/icinga2/distinfo
cvs rdiff -u -r1.4 -r0 pkgsrc/net/icinga2/patches/patch-CMakeLists.txt

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/icinga2/Makefile
diff -u pkgsrc/net/icinga2/Makefile:1.20 pkgsrc/net/icinga2/Makefile:1.21
--- pkgsrc/net/icinga2/Makefile:1.20    Sat Sep 27 09:57:32 2025
+++ pkgsrc/net/icinga2/Makefile Sun Oct 19 13:49:29 2025
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.20 2025/09/27 09:57:32 wiz Exp $
+# $NetBSD: Makefile,v 1.21 2025/10/19 13:49:29 adam Exp $
 
-DISTNAME=      icinga2-2.15.0
-PKGREVISION=   1
+DISTNAME=      icinga2-2.15.1
 CATEGORIES=    net sysutils
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=icinga/}
 GITHUB_TAG=    v${PKGVERSION_NOREV}

Index: pkgsrc/net/icinga2/distinfo
diff -u pkgsrc/net/icinga2/distinfo:1.8 pkgsrc/net/icinga2/distinfo:1.9
--- pkgsrc/net/icinga2/distinfo:1.8     Sat Sep 27 07:00:56 2025
+++ pkgsrc/net/icinga2/distinfo Sun Oct 19 13:49:29 2025
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.8 2025/09/27 07:00:56 adam Exp $
+$NetBSD: distinfo,v 1.9 2025/10/19 13:49:29 adam Exp $
 
-BLAKE2s (icinga2-2.15.0.tar.gz) = 76730e9afb3494370b740414830b543814b67cfe49ac3266a3b7fd76c0f6ed35
-SHA512 (icinga2-2.15.0.tar.gz) = 247372464f48e87175ca86862f69c82ed204f133b7f012ec78ff63eefc105e1614b5434b9dd3f654479132a0b387e12c7b92efbfb22383ba83304dcc25beb281
-Size (icinga2-2.15.0.tar.gz) = 9446841 bytes
-SHA1 (patch-CMakeLists.txt) = e56b93f517ae77601028d882acbce8ede07a4257
+BLAKE2s (icinga2-2.15.1.tar.gz) = e52b3663c5c74786c7ea1af93564af94e0d814c061114bb9bb018fc34de37103
+SHA512 (icinga2-2.15.1.tar.gz) = f3107b377e59257cdd6cabc978d2280f423e4419c5f70e43a2a62940993e2a4ef3e41c0d02566729854b7f3387034fd4161c6d82e68a28233f460d6a1cef7551
+Size (icinga2-2.15.1.tar.gz) = 9454711 bytes
 SHA1 (patch-third-party_cmake_FindMySQL.cmake) = a33567c30db47c4fab379f1b7c358174dd85fdd3