head	1.5;
access;
symbols
	pkgsrc-2014Q1:1.4.0.24
	pkgsrc-2014Q1-base:1.4
	pkgsrc-2013Q4:1.4.0.22
	pkgsrc-2013Q4-base:1.4
	pkgsrc-2013Q3:1.4.0.20
	pkgsrc-2013Q3-base:1.4
	pkgsrc-2013Q2:1.4.0.18
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2013Q1:1.4.0.16
	pkgsrc-2013Q1-base:1.4
	pkgsrc-2012Q4:1.4.0.14
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2012Q3:1.4.0.12
	pkgsrc-2012Q3-base:1.4
	pkgsrc-2012Q2:1.4.0.10
	pkgsrc-2012Q2-base:1.4
	pkgsrc-2012Q1:1.4.0.8
	pkgsrc-2012Q1-base:1.4
	pkgsrc-2011Q4:1.4.0.6
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q3:1.4.0.4
	pkgsrc-2011Q3-base:1.4
	pkgsrc-2011Q2:1.4.0.2
	pkgsrc-2011Q2-base:1.4
	pkgsrc-2011Q1:1.3.0.24
	pkgsrc-2011Q1-base:1.3
	pkgsrc-2010Q4:1.3.0.22
	pkgsrc-2010Q4-base:1.3
	pkgsrc-2010Q3:1.3.0.20
	pkgsrc-2010Q3-base:1.3
	pkgsrc-2010Q2:1.3.0.18
	pkgsrc-2010Q2-base:1.3
	pkgsrc-2010Q1:1.3.0.16
	pkgsrc-2010Q1-base:1.3
	pkgsrc-2009Q4:1.3.0.14
	pkgsrc-2009Q4-base:1.3
	pkgsrc-2009Q3:1.3.0.12
	pkgsrc-2009Q3-base:1.3
	pkgsrc-2009Q2:1.3.0.10
	pkgsrc-2009Q2-base:1.3
	pkgsrc-2009Q1:1.3.0.8
	pkgsrc-2009Q1-base:1.3
	pkgsrc-2008Q4:1.3.0.6
	pkgsrc-2008Q4-base:1.3
	pkgsrc-2008Q3:1.3.0.4
	pkgsrc-2008Q3-base:1.3
	cube-native-xorg:1.3.0.2
	cube-native-xorg-base:1.3
	pkgsrc-2008Q2:1.2.0.2
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.1.0.2
	pkgsrc-2008Q1-base:1.1;
locks; strict;
comment	@# @;


1.5
date	2014.04.02.10.22.37;	author he;	state dead;
branches;
next	1.4;
commitid	ZT1334FQMmX8V5vx;

1.4
date	2011.04.08.22.37.25;	author morr;	state Exp;
branches;
next	1.3;

1.3
date	2008.07.21.00.36.11;	author tonnerre;	state Exp;
branches;
next	1.2;

1.2
date	2008.06.21.14.35.49;	author tonnerre;	state dead;
branches;
next	1.1;

1.1
date	2008.03.18.21.53.41;	author tonnerre;	state Exp;
branches;
next	;


desc
@@


1.5
log
@Import a fix for CVE-2013-7108 and CVE-2013-7205, which is multiple
off-by-one errors causing information leakage and possibly DoS.

Restructure the patch files to follow the newer naming conventions.
Add the rc.d script to PLIST.

Bump PKGREVISION.
@
text
@$NetBSD: patch-ai,v 1.4 2011/04/08 22:37:25 morr Exp $

--- include/locations.h.in.orig	2008-11-30 17:22:59.000000000 +0000
+++ include/locations.h.in
@@@@ -20,7 +20,7 @@@@
 
 #define DEFAULT_TEMP_FILE			"@@localstatedir@@/tempfile"
 #define DEFAULT_TEMP_PATH                       "/tmp"
-#define DEFAULT_CHECK_RESULT_PATH		"@@localstatedir@@/spool/checkresults"
+#define DEFAULT_CHECK_RESULT_PATH		"@@localstatedir@@/checkresults"
 #define DEFAULT_STATUS_FILE			"@@localstatedir@@/status.dat"
 #define DEFAULT_LOG_FILE			"@@localstatedir@@/nagios.log"
 #define DEFAULT_LOG_ARCHIVE_PATH		"@@localstatedir@@/archives/"
@


1.4
log
@Update nagios-base to 3.2.3. While there, add DESTDIR support and set LICENSE.
ChangeLog:
* Fixes problem where disabling all active hosts/services was not taking effect
* Fixes for compiler warnings (code cleanup by Stephen Gran)
* Fixes for format errors in event handler logging (Guillaume Rousse)
* Fixed incorrect info in sample nagios.cfg file for state_retention_file (Michael Friedrich)
* Fixed broker_event_handler() to return ERR if data is NULL (Michael Friedrich)
* Patch to new_mini_epn to allow any command line length without breaking on extra trailing or leading whitespace (Ray Bengen)
* Patch to mini_epn to allow any command line length (Thomas Guyot-Sionnest)
* Patch to speed up loading of state retention data (Matthieu Kermagoret)
* Custom notifications are now suppressed during scheduled downtime (Sven Nierlein)
* Added code to warn user about exit code of 126 meaning plugin is not executable (bug #153)
* Scheduled downtime can now start on SOFT error states (bug #47)
* Main window frame URL can now be specify with a "corewindow=" parameter
* Improved config CGI shows commands, command args in an easier to use manner (Jochen Bern)
* Added ability for NEB modules to override execution of event handlers (Sven Nierlein)
* Custom macros are no longer cleaned/stripped as they are user-defined and should be trusted (Peter Morch)
* Fix for choosing next valid time on day of DST change when clocks go one hour backwards
* Fix for nagios now erroring when "Error: Could not find any contactgroup matching..." displayed
* Fix tap tests for Sol0 and newer versions of Test::Harness
* Fix for notifications not being sent out when scheduled downtime is canceluzzner)
* Fix for first notification delay being calculated incorrectly, and notifications potentially going out early (Plachowski)
* Fix for text of scheduling downtime of all services on a host (Holger Weiss)
* Fix for services inheriting notification period from hosts if not defined (Gordon Messmer)
* Fix for incorrect service states on host failures (bug #130 Pet)
* Fix for incorrect service state attributes being set on host failures (bug #128 Petya Kohts)
* Fix for non-scheduled hostsnd services not being updated in NDOUtils
* Fix for typos in TAC, CMD CGIs (bugs #150, #144, #148)
* Fix for types in documentation (bugs #145, #105, #106)
* Fix for incorrect host state counts in status CGI when viewing servicegroups (bug #72)
* Fix few Splunk integration query parameters (bug #136)
* Fix for extra field header in availability CSV export (bug #113)
* Fix foracro processing code modifying input string (Jochen Bern)
* Fix for update check API
* Fix for CGI speedup when persistent=0 f comments
* Fix for event execution loop re-scheduling host checks instead of executing them if service checks are disabled (b #152)
* Fix for segfaults on Solaris (Torsten Huebler)
* Fix for incorrect comment expiration times being passed to event bror (Mattieu Kermagot)
* Doc updates related to cleaning of custom macros (Peter Valdemar Morch)
* Fix to sample notify-service--email command (bug #62)
* Fix for retaining host display name and alias, as well as service display name (Folkert van Heusden* Link to allow scheduling downtime for all services on a host (Hendrik Baecker)
* Speedup to CGIs when lots of comments or dotimes in status.dat file (Jonathan Kamens)
* Patch for new_mini_epn to allow for any command line length without breaking extra trailing or leading whitespace (Ray Bengen)
* Fix for incorrect scheduling when time has gone back an hour (partial fix for 24x7)
* Fix for compile on Fedora Core 3 (bug #0000082)
* Fix for compile on Solaris
* Fix for logging test, which was not timezone aware (bug #0000077 - Allan Clark)
* Trivial cleanups for autoconf (Allan Clark)
* Fix for CSS validation of padding: X
* Fix for documentation re: case-insensitive nature of custom variables (Marc Powell)
* Fix for template configurations which use negated wildcards (Tim Wilde)
* Fix for read-only permissions bug in CGIs that caused problems viewing comments (bug #0000029)
* Fix for incorrect CGI reports (availability, trends, etc.) when reporting period spans Daylight Savings Time (bug #0000046)
* Fix for detection of truecolor support in GD library (Lars Hecking)
* Reverted to use --datadir configure script option instead of the more recently introduced --datarootdir option
* Status and retention files are now flushed/synced to disk to prevent incomplete information being displayed in CGIs
* Fix for incorrect next service check time calculation when Nagios is reloaded with different timeperiod ranges
* Updated Fedora quistart guide to indicate PHP requirements
* Known issue: Service checks that are defined with timeperiods that contain "exclude" directives are incorrectly re-scheduled.  Don't use these for now - we'll get this
 fixed for 3.4
@
text
@d1 1
a1 1
$NetBSD: patch-ai,v 1.3 2008/07/21 00:36:11 tonnerre Exp $
@


1.3
log
@Also add two missing nagios patches...
@
text
@d1 1
a1 1
$NetBSD$
d3 1
a3 1
--- include/locations.h.in.orig	2007-05-01 00:45:57.000000000 +0200
@


1.2
log
@Upgrade nagios to 2.12. Changes are mostly bugfixes since this is the legacy
branch.

Changes since old version 2.5:
 * Fix for unscheduled triggered downtime entries.
 * Fix for embedded audio in tac and status CGIs.
 * Fixed bug in nagiostats utility when reporting host/service check latency.
 * Misc code cleanups for compiler warnings.
 * Fixed error when reading empty (zero byte) config files.
 * Default is now to check for orphaned service checks.
 * Fixed bug with non-standard CGI config file location in status data.
 * Fixed bugs and simplified examples in sample config files.
 * Fix for leading whitespace before comments in object config files.
 * Fix for scheduling immediate service check through WAP interface.
 * Fix for segfault during expiration or deletion of scheduled downtime.
 * Minor documentation updates.
 * Minor patches to availability and status CGIs.
 * Updated nagiostats with new MRTG vars for tracking buffer usage.
 * p1.pl now sets environment var (NAGIOS_PLUGIN) to indicate patch of
   plugin being executed.
 * Added error messages for passive service checks that don't correspond to
   a defined service.
 * Fix for handling signals under NPTL.
 * Fix for missing check timeout in event broker calls.
 * Possible segfault fix during restarts when daemon was performing host
   checks.
 * Bug fix for bad date format submission in command CGI.
 * Bug fix for using servicegroups in service dependency definitions.
 * Bug fix for calculating notification interval with service escalations.
 * Program version is now displayed in CGIs.
 * Fix for keeping service checks in the event queue when active service
   checks are disabled globally.
 * Bug fix with attempting to access an uninitalized mutex if external
   commands are disabled.
 * Fix for incorrect latency calculation for passive service checks.
 * Fix for a segfault when processing passive host check results with empty
   output/perfdata.
 * Minor bug fixes in CGIs.
 * Fix for not logging passive host check results.
 * Minor fix for notification timeout log messages.
 * Fix for SIGTERMs being seen as SIGEXITs, non-logging of SIGTERMs/shutdowns.
 * Patch to allow non-ASCII characters in notifications, etc.
 * Fix for flap detection information not be retained across restarts.
 * Fix for cfg_dir directive not working on Solaris.
 * Fix for segfault in event broker module code.
 * Fix for a possible memory leak in situations where overflow occurs in
   check result buffer.
 * Fix for a bug with processing service dependency templates with null
   master host(group) names.
 * Better error logging when failing to rename/move files.
 * Minor bug fixes in CGIs to ensure extra host/servicegroup url strings
   are terminated properly.
 * Patches for possible XSS vulnerability in CGIs (CVE-2007-5803).

Please note that this now needs PTHREAD_DIAGASSERT=A to run properly under
NetBSD-4.0 without the fixsa patch.
@
text
@d1 1
a1 1
$NetBSD: patch-ai,v 1.1 2008/03/18 21:53:41 tonnerre Exp $
d3 11
a13 50
--- cgi/cmd.c.orig	2006-05-19 16:25:03.000000000 +0200
+++ cgi/cmd.c
@@@@ -380,6 +380,7 @@@@ int process_cgivars(void){
 				comment_author="";
 			else
 				strcpy(comment_author,variables[x]);
+			strip_html_brackets(comment_author);
 			}
 
 		/* we found the comment data */
@@@@ -395,6 +396,7 @@@@ int process_cgivars(void){
 				comment_data="";
 			else
 				strcpy(comment_data,variables[x]);
+			strip_html_brackets(comment_data);
 			}
 
 		/* we found the host name */
@@@@ -410,6 +412,7 @@@@ int process_cgivars(void){
 				host_name="";
 			else
 				strcpy(host_name,variables[x]);
+			strip_html_brackets(host_name);
 			}
 
 		/* we found the hostgroup name */
@@@@ -425,6 +428,7 @@@@ int process_cgivars(void){
 				hostgroup_name="";
 			else
 				strcpy(hostgroup_name,variables[x]);
+			strip_html_brackets(hostgroup_name);
 			}
 
 		/* we found the service name */
@@@@ -440,6 +444,7 @@@@ int process_cgivars(void){
 				service_desc="";
 			else
 				strcpy(service_desc,variables[x]);
+			strip_html_brackets(service_desc);
 			}
 
 		/* we found the servicegroup name */
@@@@ -455,6 +460,7 @@@@ int process_cgivars(void){
 				servicegroup_name="";
 			else
 				strcpy(servicegroup_name,variables[x]);
+			strip_html_brackets(servicegroup_name);
 			}
 
 		/* we got the persistence option for a comment */
@


1.1
log
@Fix several cross site scripting vulnerabilities in Nagios 2.5
Take over maintainership as suggested by jlam

Approved-by: jlam
@
text
@d1 1
a1 1
$NetBSD$
@