head 1.3; access; symbols pkgsrc-2023Q4:1.3.0.98 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.96 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.94 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.92 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.90 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.88 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.3.0.86 pkgsrc-2022Q2-base:1.3 pkgsrc-2022Q1:1.3.0.84 pkgsrc-2022Q1-base:1.3 pkgsrc-2021Q4:1.3.0.82 pkgsrc-2021Q4-base:1.3 pkgsrc-2021Q3:1.3.0.80 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.78 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.3.0.76 pkgsrc-2021Q1-base:1.3 pkgsrc-2020Q4:1.3.0.74 pkgsrc-2020Q4-base:1.3 pkgsrc-2020Q3:1.3.0.72 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.68 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.48 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.70 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.66 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.64 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.62 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.60 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.58 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.56 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.54 pkgsrc-2018Q1-base:1.3 pkgsrc-2017Q4:1.3.0.52 pkgsrc-2017Q4-base:1.3 pkgsrc-2017Q3:1.3.0.50 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.46 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.44 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.42 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.40 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.38 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.36 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.34 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.32 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.30 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.28 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.26 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.24 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.22 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.20 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.18 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.16 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.14 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.12 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.10 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.8 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.6 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.4 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.2 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.2.0.4 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.1.0.8 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.6 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.4 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.2 pkgsrc-2010Q2-base:1.1; locks; strict; comment @# @; 1.3 date 2011.10.15.23.07.24; author spz; state Exp; branches; next 1.2; 1.2 date 2011.04.22.14.52.18; author spz; state Exp; branches; next 1.1; 1.1 date 2010.04.14.19.50.48; author spz; state Exp; branches; next ; desc @@ 1.3 log @Update xymon and xymonclient to 4.3.5 adjust Makefile to avoid/fix problems found by dholland Upstream changelog: Changes from 4.3.4 -> 4.3.5 (9 Sep 2011) ======================================== * rev 6754 * Fix crash in CGI generating the "info" status column. * Fix broken handling of IGNORE for log-file analysis. * Fix broken clean-up of obsolete cookies (no user impact). * Devmon RRD handler: Fix missing initialisation, which might cause crashes of the RRD handler. * Fix crashes in xymond caused by faulty new library for storing cookies and host-information. * Fix memory corruption/crash in xymond caused by logging of multi-source statuses. * New "delayred" and "delayyellow" definitions for a host can be used to delay change to a yellow/red status for any status column (replaces the network-specific "badFOO" definitions). * analysis.cfg and alerts.cfg: New DISPLAYGROUP setting to select hosts by the group/group-only/group-except text. * New HOSTDOCURL setting in xymonserver.cfg. Replaces the xymongen "--docurl" and "--doccgi" options, and is used by all tools. * xymond_history option to control location of PID file. * Critical Systems view: Optionally show eventlog for the hosts present on the CS view. * Critical Systems view: Multiple --config options can now be used, to display critical systems from multiple configurations on one page. * Detailed status display: Speedup by no longer having to load the hosts.cfg file. * xymongen and xymonnet: Optionally load the hosts.cfg from xymond instead of having to read the file. Changes from 4.3.3 -> 4.3.4 (1 Aug 2011) ======================================== * rev 6722 * Fix crashes and data corruption in Xymon worker modules (xymond_client, xymond_rrd etc) after handling large messages. * Fix xymond lock-up when renaming/deleting hosts * Fix xymond cookie lookup mechanism * Webpages: Add new HOSTPOPUP setting to control what values from hosts.cfg are displayed as a "comment" to the hostname (either in pop-up's or next to the hostname). * Fix xymond_client crash if analysis.cfg contains invalid configuration entries, e.g. expressions that do not compile. * Fix showgraph CGI crash when legends contain colon. * xymonnet: Include hostname when reporting erroneous test-spec * CGI utils: Multiple potential security fixes involving buffer- overruns when generating responses. * CGI utils: Fix crash when invoked with HTTP "HEAD" * CGI utils: Fix crashes on 64-bit platforms due to missing prototype of "basename()" function. * svcstatus CGI: Dont crash if history log is not a file. * Critical systems view CGI: Cross-site scripting fix * Fix recovery-messages for alerts sent to a GROUP * RRD "memory" status handler now recognizes the output from the bb-xsnmp.pl module (for Cisco routers). * Web templates modified so the menu CSS can override the default body CSS. * Acknowledge web page now allows selecting minutes/hours/days * Enable/Disable webpage enhanced, so when selecting multiple hosts the "Tests" column only lists the tests those hosts have. Changes from 4.3.2 -> 4.3.3 (6 May 2011) ======================================== * rev6684 * SECURITY FIX: Some CGI parameters were used to construct filenames of historical logfiles without being sanitized, so they could be abused to read files on the webserver. * SECURITY FIX: More cross-site scripting vulnerabilities. * Remove extra "," before "History" button on status-view * Critical view: Shring priority-column to 10% width * hosts.cfg loader: Check for valid IP spec (nibbles in 0-255 range). Large numbers in a nibble were accepted, triggering problems when trying to ping the host. * Alert macros no longer limited to 8kB @ text @=========================================================================== $NetBSD: MESSAGE,v 1.2 2011/04/22 14:52:18 spz Exp $ Please note that the ${SECCGIDIR} directory and its contents had most of their permissions removed for security reasons. Check what the scripts do and enable those that are useful to you and of acceptable security impact. Please also note that anything beyond the xymon front page (eg cpu reports, which contain top output) are a privacy concern and also a potential excessive information disclosure concern, so you may want to restrict access to authenticated users. If you are updating from an earlier version of xymon, many config files and the directory names have changed. Refer to ${EXAMPLEDIR}/www/help/upgrade-to-430.txt for the necessary changes. =========================================================================== @ 1.2 log @package update to 4.3.2: + fixes cross-site scripting vulnerabilities (SA44036) + contains a lot of filename cleanup work (no more bb and hobbit) please read upgrade-to-430.txt when upgrading from a previous pkg (see also the install message) @ text @d2 1 a2 1 $NetBSD: MESSAGE,v 1.1 2010/04/14 19:50:48 spz Exp $ d6 1 a6 1 directory has been created with all permissions removed for security @ 1.1 log @adding a message + Makefile beautification @ text @d2 1 a2 1 $NetBSD$ d14 5 @