head 1.5; access; symbols pkgsrc-2014Q1:1.4.0.12 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.10 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.8 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.4.0.6 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.4 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.4.0.2 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q3:1.3.0.10 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.8 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.6 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.4 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.2 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.1.0.46 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.44 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.42 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.40 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.38 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.36 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.34 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.32 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.30 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.28 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.26 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.24 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.22 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.20 pkgsrc-2008Q1:1.1.0.18 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.16 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.14 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.12 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.10 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.8 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.6 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.4 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.2; locks; strict; comment @# @; 1.5 date 2014.04.02.10.22.37; author he; state dead; branches; next 1.4; commitid ZT1334FQMmX8V5vx; 1.4 date 2012.12.14.18.49.51; author manu; state Exp; branches; next 1.3; 1.3 date 2011.08.02.14.03.18; author bouyer; state Exp; branches; next 1.2; 1.2 date 2011.04.08.22.37.25; author morr; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2006.05.17.20.47.41; author bouyer; state Exp; branches 1.1.2.1; next ; 1.2.2.1 date 2011.08.03.17.51.52; author tron; state Exp; branches; next ; 1.1.2.1 date 2006.05.17.20.47.41; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.05.17.21.36.41; author salo; state Exp; branches; next ; desc @@ 1.5 log @Import a fix for CVE-2013-7108 and CVE-2013-7205, which is multiple off-by-one errors causing information leakage and possibly DoS. Restructure the patch files to follow the newer naming conventions. Add the rc.d script to PLIST. Bump PKGREVISION. @ text @$NetBSD: patch-ah,v 1.4 2012/12/14 18:49:51 manu Exp $ --- cgi/getcgi.c.orig 2012-10-04 18:31:47.000000000 +0200 +++ cgi/getcgi.c 2012-10-04 18:31:57.000000000 +0200 @@@@ -10,6 +10,7 @@@@ #include "../include/getcgi.h" #include #include +#include #undef PARANOID_CGI_INPUT @ 1.4 log @Upgrade nagios to 3.4.3, from Benoit Godefert Changelog since 3.3.1 3.4.3 - 11/30/2012 ------------------ - Reverted squeue changes intended for Nagios 4 - Reapplied all patches from 3.4.2 release - Applied fix for pagination and sorting on status.cgi #381 (Phil Randal) 3.4.2 - 11/09/2012 ------------------ FIXES * Fixed issue where deleting a downtime could cause Nagios to crash (Eric Stanley) * Corrected logic so that end times for flexible downtimes are calculated from the dow ntime start rather than the current time in the case where Nagios is restarted (Eric S tanley) * Fixed issue introduced by fix for bug #124 where flexible downtimes are not taken in to account on Nagios restart. (Scott Wilkerson, Eric Stanley) * Fixed bug #247: If a service reports no performance data, the perfdata log file has no line indicating the test. (omnikron@@free.fr) * Fixed link for unhandled unreachable host problems on tactical overview page (Rudolf Cejka) * Fixed bug #345 with wild card searches not paging properly on status.cgi (Phil Randa l) * Fixed bug #343 on status.cgi where Service Group Summary can potentially show wrong totals (Mark Ziesemer) * Fixed memory leaks on SIGHUP (Carlos Velasco) 3.4.1 - 05/11/2012 ------------------ FIXES * Double quotes in check_command definition break functionality (#332, reverts #86) 3.4.0 - 05/04/2012 ------------------ ENHANCEMENTS * Added service_check_timeout_state configuration variable (Bill McGonigle) * Permanently remove sleep on run_event == FALSE in main loop (Max ) * Reduce notification load by moving notification viability check into notification li st creation (Opsview Team) * Added code to apply allow_empty_hostgroup_assignment flag to host and service depend encies (Daniel Wittenberg) * Users can now see hostgroups and servicegroups that contain at least one host or ser vice they are authorized for, instead of having to be authorized for them all (Ethan G alstad) * RSS feed boxes fallback if an error occurs (Ethan Galstad) * RSS feeds no longer block main page load (Mike Guthrie) FIXES * Fix $NOTIFICATIONRECIPIENTS$ macro to contain all contacts assigned to host|service, not only notified contacts (Bug #98 Matt Harrington) * Scheduled Downtime Notifications Resent On Nagios Restart/reload (Bug #124 - ricardo ) * NOTIFICATIONTYPE MACRO never became CUSTOM (Bug #168 - Alexey Dvoryanchikov) * Plugged minor memory leaks in notification logic @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Update nagios-base to 3.3.1, fixig CVE-2011-1523 and CVE-2011-2179. Changes since 3.2.3: ENHANCEMENTS * Added support for same host service dependencies with servicegroups (Mathieu Gagné) * Empty hostgroups referenced from services now optionally generate a warning instead of an error. * Documentation links now point to online resources * Matt Wall's Exfoliation theme is now installed by default. You can reinstall the classic theme with "make install-classicui" * Downtime delete commands made "distributable" by deleting by host group name, host name or start time/comment (Opsview team) * Allow status.cgi to order by "host urgency" (Jochen Bern) * Added news items and quick links to main splash page * Added ability to authenticate to CGIs using contactgroup name (Stephen Gran) FIXES * Fixes status.cgi when called with no parameters, where host should be set to all if none specified (Michael Friedrich) * Fixes possible validation error with empty hostgroups/servicegroups (Sven-Göran Bergh) * Performance-data handling and checking is now thread-safe so long as embedded perl is not used. * Children should no longer hang on mutex locks held in parent for localtime() (and similar) calls. * Debug logging is now properly serialized, using soft-locking with a timeout of 150 milliseconds to avoid multiple threads competing for the privilege to write debug info. * Fixed extraneous alerts for services when host is down * Fixed incorrect parsing of multi-line host check results (Jochen Bern) * Fixed bug with passive host checks being incorrectly sent to event brokers as active checks * Fixed bug where passive host check status updates were not being propagated to event brokers * Reverted 'Fix for retaining host display name and alias, as well as service display name' as configuration information stored incorrectly over a reload * Fixed compile warnings for size_t (Michael Friedrich) * Fixed problem where acknowledgements were getting reset when a hard state change occurred * Removed duplicated unlinks for check result files with multiple results * Fixed race condition on flexible downtime commands when duration not set or zero (Michael Friedrich) * Fixed flexible downtime on service hard state change doesn't get triggered/activated (Michael Friedrich) * Fixed XSS vulnerability in config.cgi and statusmap.cgi (Stefan Schurtz) * Fixed segfault when sending host notifications (Michael Friedrich) * Fixed bug where unauthorized contacts could issue hostgroup and servicegroup commands (Sven Nierlein) @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.2 2011/04/08 22:37:25 morr Exp $ d3 2 a4 2 --- cgi/getcgi.c.orig 2011-07-26 02:16:13.000000000 +0200 +++ cgi/getcgi.c 2011-08-01 18:37:39.000000000 +0200 d6 3 a8 3 #include "../include/getcgi.h" #include #include d10 3 a12 3 #undef PARANOID_CGI_INPUT @ 1.2 log @Update nagios-base to 3.2.3. While there, add DESTDIR support and set LICENSE. ChangeLog: * Fixes problem where disabling all active hosts/services was not taking effect * Fixes for compiler warnings (code cleanup by Stephen Gran) * Fixes for format errors in event handler logging (Guillaume Rousse) * Fixed incorrect info in sample nagios.cfg file for state_retention_file (Michael Friedrich) * Fixed broker_event_handler() to return ERR if data is NULL (Michael Friedrich) * Patch to new_mini_epn to allow any command line length without breaking on extra trailing or leading whitespace (Ray Bengen) * Patch to mini_epn to allow any command line length (Thomas Guyot-Sionnest) * Patch to speed up loading of state retention data (Matthieu Kermagoret) * Custom notifications are now suppressed during scheduled downtime (Sven Nierlein) * Added code to warn user about exit code of 126 meaning plugin is not executable (bug #153) * Scheduled downtime can now start on SOFT error states (bug #47) * Main window frame URL can now be specify with a "corewindow=" parameter * Improved config CGI shows commands, command args in an easier to use manner (Jochen Bern) * Added ability for NEB modules to override execution of event handlers (Sven Nierlein) * Custom macros are no longer cleaned/stripped as they are user-defined and should be trusted (Peter Morch) * Fix for choosing next valid time on day of DST change when clocks go one hour backwards * Fix for nagios now erroring when "Error: Could not find any contactgroup matching..." displayed * Fix tap tests for Sol0 and newer versions of Test::Harness * Fix for notifications not being sent out when scheduled downtime is canceluzzner) * Fix for first notification delay being calculated incorrectly, and notifications potentially going out early (Plachowski) * Fix for text of scheduling downtime of all services on a host (Holger Weiss) * Fix for services inheriting notification period from hosts if not defined (Gordon Messmer) * Fix for incorrect service states on host failures (bug #130 Pet) * Fix for incorrect service state attributes being set on host failures (bug #128 Petya Kohts) * Fix for non-scheduled hostsnd services not being updated in NDOUtils * Fix for typos in TAC, CMD CGIs (bugs #150, #144, #148) * Fix for types in documentation (bugs #145, #105, #106) * Fix for incorrect host state counts in status CGI when viewing servicegroups (bug #72) * Fix few Splunk integration query parameters (bug #136) * Fix for extra field header in availability CSV export (bug #113) * Fix foracro processing code modifying input string (Jochen Bern) * Fix for update check API * Fix for CGI speedup when persistent=0 f comments * Fix for event execution loop re-scheduling host checks instead of executing them if service checks are disabled (b #152) * Fix for segfaults on Solaris (Torsten Huebler) * Fix for incorrect comment expiration times being passed to event bror (Mattieu Kermagot) * Doc updates related to cleaning of custom macros (Peter Valdemar Morch) * Fix to sample notify-service--email command (bug #62) * Fix for retaining host display name and alias, as well as service display name (Folkert van Heusden* Link to allow scheduling downtime for all services on a host (Hendrik Baecker) * Speedup to CGIs when lots of comments or dotimes in status.dat file (Jonathan Kamens) * Patch for new_mini_epn to allow for any command line length without breaking extra trailing or leading whitespace (Ray Bengen) * Fix for incorrect scheduling when time has gone back an hour (partial fix for 24x7) * Fix for compile on Fedora Core 3 (bug #0000082) * Fix for compile on Solaris * Fix for logging test, which was not timezone aware (bug #0000077 - Allan Clark) * Trivial cleanups for autoconf (Allan Clark) * Fix for CSS validation of padding: X * Fix for documentation re: case-insensitive nature of custom variables (Marc Powell) * Fix for template configurations which use negated wildcards (Tim Wilde) * Fix for read-only permissions bug in CGIs that caused problems viewing comments (bug #0000029) * Fix for incorrect CGI reports (availability, trends, etc.) when reporting period spans Daylight Savings Time (bug #0000046) * Fix for detection of truecolor support in GD library (Lars Hecking) * Reverted to use --datadir configure script option instead of the more recently introduced --datarootdir option * Status and retention files are now flushed/synced to disk to prevent incomplete information being displayed in CGIs * Fix for incorrect next service check time calculation when Nagios is reloaded with different timeperiod ranges * Updated Fedora quistart guide to indicate PHP requirements * Known issue: Service checks that are defined with timeperiods that contain "exclude" directives are incorrectly re-scheduled. Don't use these for now - we'll get this fixed for 3.4 @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.1 2006/05/17 20:47:41 bouyer Exp $ d3 2 a4 2 --- cgi/getcgi.c.orig 2006-05-15 16:59:24.000000000 +0000 +++ cgi/getcgi.c d6 3 a8 3 #include "../include/getcgi.h" #include #include d10 3 a12 3 #undef PARANOID_CGI_INPUT @ 1.2.2.1 log @Pullup ticket #3488 - requested by bouyer net/nagios-base: security update Revisions pulled up: - net/nagios-base/Makefile 1.32 - net/nagios-base/Makefile.common 1.12 - net/nagios-base/PLIST 1.10 - net/nagios-base/distinfo 1.13 - net/nagios-base/patches/patch-aa 1.9 - net/nagios-base/patches/patch-ad 1.8 - net/nagios-base/patches/patch-ag 1.8 - net/nagios-base/patches/patch-ah 1.3 - net/nagios-plugins/Makefile.common 1.9 --- Module Name: pkgsrc Committed By: bouyer Date: Tue Aug 2 14:03:18 UTC 2011 Modified Files: pkgsrc/net/nagios-base: Makefile Makefile.common PLIST distinfo pkgsrc/net/nagios-base/patches: patch-aa patch-ad patch-ag patch-ah pkgsrc/net/nagios-plugins: Makefile.common Log Message: Update nagios-base to 3.3.1, fixig CVE-2011-1523 and CVE-2011-2179. Changes since 3.2.3: ENHANCEMENTS * Added support for same host service dependencies with servicegroups (Mathieu Gagn?) * Empty hostgroups referenced from services now optionally generate a warning instead of an error. * Documentation links now point to online resources * Matt Wall's Exfoliation theme is now installed by default. You can reinstall the classic theme with "make install-classicui" * Downtime delete commands made "distributable" by deleting by host group name, host name or start time/comment (Opsview team) * Allow status.cgi to order by "host urgency" (Jochen Bern) * Added news items and quick links to main splash page * Added ability to authenticate to CGIs using contactgroup name (Stephen Gran) FIXES * Fixes status.cgi when called with no parameters, where host should be set to all if none specified (Michael Friedrich) * Fixes possible validation error with empty hostgroups/servicegroups (Sven-G?ran Bergh) * Performance-data handling and checking is now thread-safe so long as embedded perl is not used. * Children should no longer hang on mutex locks held in parent for localtime() (and similar) calls. * Debug logging is now properly serialized, using soft-locking with a timeout of 150 milliseconds to avoid multiple threads competing for the privilege to write debug info. * Fixed extraneous alerts for services when host is down * Fixed incorrect parsing of multi-line host check results (Jochen Bern) * Fixed bug with passive host checks being incorrectly sent to event brokers as active checks * Fixed bug where passive host check status updates were not being propagated to event brokers * Reverted 'Fix for retaining host display name and alias, as well as service display name' as configuration information stored incorrectly over a reload * Fixed compile warnings for size_t (Michael Friedrich) * Fixed problem where acknowledgements were getting reset when a hard state change occurred * Removed duplicated unlinks for check result files with multiple results * Fixed race condition on flexible downtime commands when duration not set or zero (Michael Friedrich) * Fixed flexible downtime on service hard state change doesn't get triggered/activated (Michael Friedrich) * Fixed XSS vulnerability in config.cgi and statusmap.cgi (Stefan Schurtz) * Fixed segfault when sending host notifications (Michael Friedrich) * Fixed bug where unauthorized contacts could issue hostgroup and servicegroup commands (Sven Nierlein) @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 2 --- cgi/getcgi.c.orig 2011-07-26 02:16:13.000000000 +0200 +++ cgi/getcgi.c 2011-08-01 18:37:39.000000000 +0200 d6 3 a8 3 #include "../include/getcgi.h" #include #include d10 3 a12 3 #undef PARANOID_CGI_INPUT @ 1.1 log @Update to 2.3.1: fix another content-length buffer overflow in CGIs. @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.1.1.1 2006/02/18 17:12:20 bouyer Exp $ d3 2 a4 2 --- cgi/getcgi.c.orig 2006-05-17 22:25:16.000000000 +0200 +++ cgi/getcgi.c 2006-05-17 22:25:26.000000000 +0200 @ 1.1.2.1 log @file patch-ah was added on branch pkgsrc-2006Q1 on 2006-05-17 20:47:41 +0000 @ text @d1 12 @ 1.1.2.2 log @Pullup ticket 1605 - requested by bouyer security update for nagios Revisions pulled up: - pkgsrc/net/nagios-base/Makefile 1.8 - pkgsrc/net/nagios-base/distinfo 1.3 - pkgsrc/net/nagios-base/patches/patch-ah 1.1 Module Name: pkgsrc Committed By: bouyer Date: Wed May 17 20:47:41 UTC 2006 Modified Files: pkgsrc/net/nagios-base: Makefile distinfo Added Files: pkgsrc/net/nagios-base/patches: patch-ah Log Message: Update to 2.3.1: fix another content-length buffer overflow in CGIs. @ text @a0 12 $NetBSD: patch-ah,v 1.1.2.1 2006/05/17 21:36:41 salo Exp $ --- cgi/getcgi.c.orig 2006-05-17 22:25:16.000000000 +0200 +++ cgi/getcgi.c 2006-05-17 22:25:26.000000000 +0200 @@@@ -10,6 +10,7 @@@@ #include "../include/getcgi.h" #include #include +#include #undef PARANOID_CGI_INPUT @