[BACK]Return to distinfo CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / net / xymon

File: [cvs.NetBSD.org] / pkgsrc / net / xymon / distinfo (download)

Revision 1.18, Sun Nov 24 20:16:55 2019 UTC (3 years, 10 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.17: +23 -6 lines

Update xymon and xymonclient to version 4.3.29.
Add patches to xymon from the xymon code repository to fix compatibility
issues in 4.3.29.

Upstream changelog:

   Changes for 4.3.29

   Several buffer overflow security issues have been resolved, as well as
   a potential XSS attack on certain CGI interfaces. Although the ability
   to exploit is limited, all users are urged to upgrade.
   The assigned CVE numbers are:

     CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
     CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486

   In addition, revisions have been made to a number of places throughout
   the code to convert the most common sprintf statements to snprintf for
   safer processing, which should reduce the impact of similar parsing.
   Additional work on this will continue in the future.

   The affected CGIs are:

   	history.c (overflow of histlogfn) = CVE-2019-13451
   	reportlog.c (overflow of histlogfn) = CVE-2019-13452
   	csvinfo.c (overflow of dbfn) = CVE-2019-13273
   	csvinfo.c (reflected XSS) = CVE-2019-13274
   	acknowledge.c (overflow of msgline) = CVE-2019-13455

   	appfeed.c (overflow of errtxt) = CVE-2019-13484
   	history.c (overflow of selfurl) = CVE-2019-13485
   	svcstatus.c (overflow of errtxt) = CVE-2019-13486

   We would like to thank the University of Cambridge Computer Security
   Incident Response Team for their assistance in reporting and helping
   resolve these issues.

   Additional Changes:

   On Linux, a few additional tmpfs volumes are ignored by default
   on new (or unmodified) installs. This includes /run/user/<uid>,
   which is a transient, per-session tmpfs on some systems. To re-
   enable monitoring for this (if you are running services under
   a user with a login session), you may need to edit the analysis.cfg(5)

   After upgrade, these partitions will no longer be alerted on or
   tracked, and their associated RRD files may also be removed:

    /run/user/<uid> (but NOT /run)
    /dev (but NOT /dev/shm)

   The default hard limit for an incoming message has been raised from
   10MB to 64MB

   The secure apache config snippet no longer requires a xymongroups file
   to be present (and module loaded), since it's not used by default. This
   will not affect existing installs.

   A --no-cpu-listing option has been added to xymond_client to suppress the
   'top' output in cpu test status messages.

   The conversation used in SMTP checks has been adjusted to perform a proper
   "EHLO" greeting against servers, using the host string 'xymonnet'. If the
   string needs to be adjusted, however, see protocols.cfg(5)

   "Actual" memory usage (as a percentage) may be >100% on some platforms
   in certain situations. This alone will not be tagged as "invalid" data
   and should be graphed in RRD.

$NetBSD: distinfo,v 1.18 2019/11/24 20:16:55 spz Exp $

SHA1 (xymon-4.3.29.tar.gz) = faf18c75839b4ec0863cbf309651c54bb2890988
RMD160 (xymon-4.3.29.tar.gz) = 5a1bac0ae5674db6e3d810a25597373fdc6b7238
SHA512 (xymon-4.3.29.tar.gz) = 63db006baa0cf0a4e3b85d2cbe0a6e230f87922d0b9cc21792672a1551d40f60ea371a34337a93df248456731709a91bafdb630a219a25ba9d76043e54ded196
Size (xymon-4.3.29.tar.gz) = 3548283 bytes
SHA1 (patch-aa) = 227b631c6e002712ebf6019d8473ca4b44904e4a
SHA1 (patch-ab) = 39a6af51ec216bb8cbdb57a3c07d82fce559b27f
SHA1 (patch-ac) = 518abacafb7f082ab2de6bcaace27d3e3d4de633
SHA1 (patch-ad) = 4b5413ee14d035fb1b588207b86ebaf0ac122951
SHA1 (patch-ae) = 7519eaeecab9f5d4b6956e0fd426548ec7990a0b
SHA1 (patch-af) = e8c3fd4ed1de6f7a74db8fac152534a1fe9f29f5
SHA1 (patch-ah) = db3ea148759f970d9c5e3ef600836751b7aafe12
SHA1 (patch-build_Makefile.AIX) = e3a06992b075507a02f77a6b04ee4425cc2f8dd1
SHA1 (patch-build_Makefile.Darwin) = 3b86292fba80a05c03e8ace424cddfb726a974fc
SHA1 (patch-build_Makefile.FreeBSD) = 6ebfa5bab2955eaa42b0021de085eb7ba536432b
SHA1 (patch-build_Makefile.HP-UX) = bdd713b83f3670096bb10def6c59036d0a4aa377
SHA1 (patch-build_Makefile.IRIX) = b0ce34295d199ffd1e9008569667abbe436a2355
SHA1 (patch-build_Makefile.Linux) = bddfea6c8400fdd7d8a83a6958f1e4139ef988b6
SHA1 (patch-build_Makefile.OSF1) = 1a7afce4beeef249b2435c2ef14f45b2c2dbf8a2
SHA1 (patch-build_Makefile.OSX) = a72b748600b043f458452ab37175c38087375559
SHA1 (patch-build_Makefile.OpenBSD) = cf40c7839ba6290d349328e2e01a20bdaf274fc6
SHA1 (patch-build_Makefile.SunOS) = 71d134a30825a2d36fbb17731e722c89c79da807
SHA1 (patch-build_Makefile.generic) = e96d5ee29630c9133caebfa752880be90726607c
SHA1 (patch-build_rrd.sh) = cfafece75defb13b413917bfddedb41cb9bb3c8b
SHA1 (patch-build_snmp.sh) = 4141c6e2bebea078ac662b7585e579f2af8ee64f
SHA1 (patch-common_Makefile) = 32b7da06cd9d22f98ee0f83bb36ed6441c066707
SHA1 (patch-configure) = 3754b9056c365b8664e5fc9620b17c4e13453b2e
SHA1 (patch-lib_acklog.c) = 053e63b7b5d55345360c49279eacc7ae470cc3a4
SHA1 (patch-lib_availability.c) = 04d6133f00811afd1aa1263a00ae6396df5202e3
SHA1 (patch-lib_availability.h) = 89ac49779c9bd5090718dfdc24949c6eb67b5705
SHA1 (patch-lib_eventlog.c) = b1b8ee4ffb211f2461cc3d6e3055d9ee045a4da0
SHA1 (patch-lib_holidays.c) = 980d42b5780e37a483fde6a2059294e050abba85
SHA1 (patch-lib_htmllog.c) = 7184ec5014f9b19916541b5ac4c7b7f393623a4d
SHA1 (patch-lib_misc.c) = 2ee78934dfb5c25f78fc9c5400baadd3e2e7b70b
SHA1 (patch-lib_stackio.c) = 6e97fde074ce41b39c29bf280c560b01d885f875
SHA1 (patch-lib_timefunc.c) = 7e7d7e17252a8ea2e4b7d5bd8e5c2fa7247b9287
SHA1 (patch-lib_tree.c) = 13f8d0d89cb0e0cb9e023734b60f9d67707b0a99
SHA1 (patch-web_Makefile) = a27fbb7e97ce0c2f30093d5b05b0af2708fb594b
SHA1 (patch-web_history.c) = cdddc0230efdb79dbae3055a93e252f43dc49524
SHA1 (patch-web_reportlog.c) = 78068e40253ab295dced37368f19bf1bbe5bd747
SHA1 (patch-web_showgraph.c) = 9c5542975ffd65aff9d2fd03a3d63fde10648ad4
SHA1 (patch-xymond_client_netbsd.c) = 9034777cbf12e3e168cf1598bfd444468e3a5086
SHA1 (patch-xymond_combostatus.c) = cce34cc01bfaba9f171e7d90d3ec398a97e4c4d5
SHA1 (patch-xymond_rrd_do__disk.c) = e72cb0364e4e949e02a045da0abca46083624253
SHA1 (patch-xymond_rrd_do__temperature.c) = bf78c81b6f189e6424574eae53921cf44d653a0d
SHA1 (patch-xymond_rrd_do__vmstat.c) = 8062acc24e9b0e767c5abd3373641aa7b9a5b2ae
SHA1 (patch-xymond_xymond__history.c) = 4fadebc1caaba9a0368de7626ed389040718d1ac
SHA1 (patch-xymonnet_xymonnet.c) = 849cb3c3f3e673dc3927ce34195f9bc6c594d895
SHA1 (patch-xymonproxy_Makefile) = 8ecfa4ceb66f66b7d5f40c01339479b26865746e