head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.18 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.16 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.14 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.12 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.10 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.8 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.6 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.4 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.2 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.1.0.2 pkgsrc-2008Q1-base:1.1; locks; strict; comment @# @; 1.2 date 2008.06.21.14.35.49; author tonnerre; state dead; branches; next 1.1; 1.1 date 2008.03.18.21.53.41; author tonnerre; state Exp; branches; next ; desc @@ 1.2 log @Upgrade nagios to 2.12. Changes are mostly bugfixes since this is the legacy branch. Changes since old version 2.5: * Fix for unscheduled triggered downtime entries. * Fix for embedded audio in tac and status CGIs. * Fixed bug in nagiostats utility when reporting host/service check latency. * Misc code cleanups for compiler warnings. * Fixed error when reading empty (zero byte) config files. * Default is now to check for orphaned service checks. * Fixed bug with non-standard CGI config file location in status data. * Fixed bugs and simplified examples in sample config files. * Fix for leading whitespace before comments in object config files. * Fix for scheduling immediate service check through WAP interface. * Fix for segfault during expiration or deletion of scheduled downtime. * Minor documentation updates. * Minor patches to availability and status CGIs. * Updated nagiostats with new MRTG vars for tracking buffer usage. * p1.pl now sets environment var (NAGIOS_PLUGIN) to indicate patch of plugin being executed. * Added error messages for passive service checks that don't correspond to a defined service. * Fix for handling signals under NPTL. * Fix for missing check timeout in event broker calls. * Possible segfault fix during restarts when daemon was performing host checks. * Bug fix for bad date format submission in command CGI. * Bug fix for using servicegroups in service dependency definitions. * Bug fix for calculating notification interval with service escalations. * Program version is now displayed in CGIs. * Fix for keeping service checks in the event queue when active service checks are disabled globally. * Bug fix with attempting to access an uninitalized mutex if external commands are disabled. * Fix for incorrect latency calculation for passive service checks. * Fix for a segfault when processing passive host check results with empty output/perfdata. * Minor bug fixes in CGIs. * Fix for not logging passive host check results. * Minor fix for notification timeout log messages. * Fix for SIGTERMs being seen as SIGEXITs, non-logging of SIGTERMs/shutdowns. * Patch to allow non-ASCII characters in notifications, etc. * Fix for flap detection information not be retained across restarts. * Fix for cfg_dir directive not working on Solaris. * Fix for segfault in event broker module code. * Fix for a possible memory leak in situations where overflow occurs in check result buffer. * Fix for a bug with processing service dependency templates with null master host(group) names. * Better error logging when failing to rename/move files. * Minor bug fixes in CGIs to ensure extra host/servicegroup url strings are terminated properly. * Patches for possible XSS vulnerability in CGIs (CVE-2007-5803). Please note that this now needs PTHREAD_DIAGASSERT=A to run properly under NetBSD-4.0 without the fixsa patch. @ text @$NetBSD: patch-au,v 1.1 2008/03/18 21:53:41 tonnerre Exp $ --- cgi/cgiutils.c.orig 2006-05-20 20:37:29.000000000 +0200 +++ cgi/cgiutils.c @@@@ -1393,6 +1393,28 @@@@ char * html_encode(char *input){ } + /* strip > and < from string */ + void strip_html_brackets(char *buffer){ + register int x; + register int y; + register int z; + + if(buffer==NULL || buffer[0]=='\x0') + return; + + /* remove all occurances in string */ + z=(int)strlen(buffer); + for(x=0,y=0;x') + continue; + buffer[y++]=buffer[x]; + } + buffer[y++]='\x0'; + + return; + } + + /* determines the log file we should use (from current time) */ void get_log_archive_to_use(int archive,char *buffer,int buffer_length){ @ 1.1 log @Fix several cross site scripting vulnerabilities in Nagios 2.5 Take over maintainership as suggested by jlam Approved-by: jlam @ text @d1 1 a1 1 $NetBSD$ @