![[BACK]](/icons/back.gif){kind=icon}
Return to distinfo CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / xymon|
Return to distinfo CVS log | Up to [cvs.NetBSD.org] / pkgsrc / net / xymon |
| File: [cvs.NetBSD.org] / pkgsrc / net / xymon / distinfo (download)
Revision 1.18, Sun Nov 24 20:16:55 2019 UTC (3 years, 10 months ago) by spz
Update xymon and xymonclient to version 4.3.29.
Add patches to xymon from the xymon code repository to fix compatibility
issues in 4.3.29.
Upstream changelog:
Changes for 4.3.29
==================
Several buffer overflow security issues have been resolved, as well as
a potential XSS attack on certain CGI interfaces. Although the ability
to exploit is limited, all users are urged to upgrade.
The assigned CVE numbers are:
CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
In addition, revisions have been made to a number of places throughout
the code to convert the most common sprintf statements to snprintf for
safer processing, which should reduce the impact of similar parsing.
Additional work on this will continue in the future.
The affected CGIs are:
history.c (overflow of histlogfn) = CVE-2019-13451
reportlog.c (overflow of histlogfn) = CVE-2019-13452
csvinfo.c (overflow of dbfn) = CVE-2019-13273
csvinfo.c (reflected XSS) = CVE-2019-13274
acknowledge.c (overflow of msgline) = CVE-2019-13455
appfeed.c (overflow of errtxt) = CVE-2019-13484
history.c (overflow of selfurl) = CVE-2019-13485
svcstatus.c (overflow of errtxt) = CVE-2019-13486
We would like to thank the University of Cambridge Computer Security
Incident Response Team for their assistance in reporting and helping
resolve these issues.
Additional Changes:
On Linux, a few additional tmpfs volumes are ignored by default
on new (or unmodified) installs. This includes /run/user/<uid>,
which is a transient, per-session tmpfs on some systems. To re-
enable monitoring for this (if you are running services under
a user with a login session), you may need to edit the analysis.cfg(5)
file.
After upgrade, these partitions will no longer be alerted on or
tracked, and their associated RRD files may also be removed:
/run/user/<uid> (but NOT /run)
/dev (but NOT /dev/shm)
/sys/fs/cgroup
/lib/init/rw
The default hard limit for an incoming message has been raised from
10MB to 64MB
The secure apache config snippet no longer requires a xymongroups file
to be present (and module loaded), since it's not used by default. This
will not affect existing installs.
A --no-cpu-listing option has been added to xymond_client to suppress the
'top' output in cpu test status messages.
The conversation used in SMTP checks has been adjusted to perform a proper
"EHLO" greeting against servers, using the host string 'xymonnet'. If the
string needs to be adjusted, however, see protocols.cfg(5)
"Actual" memory usage (as a percentage) may be >100% on some platforms
in certain situations. This alone will not be tagged as "invalid" data
and should be graphed in RRD.
|
$NetBSD: distinfo,v 1.18 2019/11/24 20:16:55 spz Exp $ SHA1 (xymon-4.3.29.tar.gz) = faf18c75839b4ec0863cbf309651c54bb2890988 RMD160 (xymon-4.3.29.tar.gz) = 5a1bac0ae5674db6e3d810a25597373fdc6b7238 SHA512 (xymon-4.3.29.tar.gz) = 63db006baa0cf0a4e3b85d2cbe0a6e230f87922d0b9cc21792672a1551d40f60ea371a34337a93df248456731709a91bafdb630a219a25ba9d76043e54ded196 Size (xymon-4.3.29.tar.gz) = 3548283 bytes SHA1 (patch-aa) = 227b631c6e002712ebf6019d8473ca4b44904e4a SHA1 (patch-ab) = 39a6af51ec216bb8cbdb57a3c07d82fce559b27f SHA1 (patch-ac) = 518abacafb7f082ab2de6bcaace27d3e3d4de633 SHA1 (patch-ad) = 4b5413ee14d035fb1b588207b86ebaf0ac122951 SHA1 (patch-ae) = 7519eaeecab9f5d4b6956e0fd426548ec7990a0b SHA1 (patch-af) = e8c3fd4ed1de6f7a74db8fac152534a1fe9f29f5 SHA1 (patch-ah) = db3ea148759f970d9c5e3ef600836751b7aafe12 SHA1 (patch-build_Makefile.AIX) = e3a06992b075507a02f77a6b04ee4425cc2f8dd1 SHA1 (patch-build_Makefile.Darwin) = 3b86292fba80a05c03e8ace424cddfb726a974fc SHA1 (patch-build_Makefile.FreeBSD) = 6ebfa5bab2955eaa42b0021de085eb7ba536432b SHA1 (patch-build_Makefile.HP-UX) = bdd713b83f3670096bb10def6c59036d0a4aa377 SHA1 (patch-build_Makefile.IRIX) = b0ce34295d199ffd1e9008569667abbe436a2355 SHA1 (patch-build_Makefile.Linux) = bddfea6c8400fdd7d8a83a6958f1e4139ef988b6 SHA1 (patch-build_Makefile.OSF1) = 1a7afce4beeef249b2435c2ef14f45b2c2dbf8a2 SHA1 (patch-build_Makefile.OSX) = a72b748600b043f458452ab37175c38087375559 SHA1 (patch-build_Makefile.OpenBSD) = cf40c7839ba6290d349328e2e01a20bdaf274fc6 SHA1 (patch-build_Makefile.SunOS) = 71d134a30825a2d36fbb17731e722c89c79da807 SHA1 (patch-build_Makefile.generic) = e96d5ee29630c9133caebfa752880be90726607c SHA1 (patch-build_rrd.sh) = cfafece75defb13b413917bfddedb41cb9bb3c8b SHA1 (patch-build_snmp.sh) = 4141c6e2bebea078ac662b7585e579f2af8ee64f SHA1 (patch-common_Makefile) = 32b7da06cd9d22f98ee0f83bb36ed6441c066707 SHA1 (patch-configure) = 3754b9056c365b8664e5fc9620b17c4e13453b2e SHA1 (patch-lib_acklog.c) = 053e63b7b5d55345360c49279eacc7ae470cc3a4 SHA1 (patch-lib_availability.c) = 04d6133f00811afd1aa1263a00ae6396df5202e3 SHA1 (patch-lib_availability.h) = 89ac49779c9bd5090718dfdc24949c6eb67b5705 SHA1 (patch-lib_eventlog.c) = b1b8ee4ffb211f2461cc3d6e3055d9ee045a4da0 SHA1 (patch-lib_holidays.c) = 980d42b5780e37a483fde6a2059294e050abba85 SHA1 (patch-lib_htmllog.c) = 7184ec5014f9b19916541b5ac4c7b7f393623a4d SHA1 (patch-lib_misc.c) = 2ee78934dfb5c25f78fc9c5400baadd3e2e7b70b SHA1 (patch-lib_stackio.c) = 6e97fde074ce41b39c29bf280c560b01d885f875 SHA1 (patch-lib_timefunc.c) = 7e7d7e17252a8ea2e4b7d5bd8e5c2fa7247b9287 SHA1 (patch-lib_tree.c) = 13f8d0d89cb0e0cb9e023734b60f9d67707b0a99 SHA1 (patch-web_Makefile) = a27fbb7e97ce0c2f30093d5b05b0af2708fb594b SHA1 (patch-web_history.c) = cdddc0230efdb79dbae3055a93e252f43dc49524 SHA1 (patch-web_reportlog.c) = 78068e40253ab295dced37368f19bf1bbe5bd747 SHA1 (patch-web_showgraph.c) = 9c5542975ffd65aff9d2fd03a3d63fde10648ad4 SHA1 (patch-xymond_client_netbsd.c) = 9034777cbf12e3e168cf1598bfd444468e3a5086 SHA1 (patch-xymond_combostatus.c) = cce34cc01bfaba9f171e7d90d3ec398a97e4c4d5 SHA1 (patch-xymond_rrd_do__disk.c) = e72cb0364e4e949e02a045da0abca46083624253 SHA1 (patch-xymond_rrd_do__temperature.c) = bf78c81b6f189e6424574eae53921cf44d653a0d SHA1 (patch-xymond_rrd_do__vmstat.c) = 8062acc24e9b0e767c5abd3373641aa7b9a5b2ae SHA1 (patch-xymond_xymond__history.c) = 4fadebc1caaba9a0368de7626ed389040718d1ac SHA1 (patch-xymonnet_xymonnet.c) = 849cb3c3f3e673dc3927ce34195f9bc6c594d895 SHA1 (patch-xymonproxy_Makefile) = 8ecfa4ceb66f66b7d5f40c01339479b26865746e