[BACK]Return to distinfo CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / net / xymonclient

File: [cvs.NetBSD.org] / pkgsrc / net / xymonclient / distinfo (download)

Revision 1.17, Sun Nov 24 20:16:55 2019 UTC (8 months, 1 week ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, HEAD
Changes since 1.16: +6 -6 lines

Update xymon and xymonclient to version 4.3.29.
Add patches to xymon from the xymon code repository to fix compatibility
issues in 4.3.29.

Upstream changelog:

   Changes for 4.3.29
   ==================

   Several buffer overflow security issues have been resolved, as well as
   a potential XSS attack on certain CGI interfaces. Although the ability
   to exploit is limited, all users are urged to upgrade.
   The assigned CVE numbers are:

     CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
     CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486

   In addition, revisions have been made to a number of places throughout
   the code to convert the most common sprintf statements to snprintf for
   safer processing, which should reduce the impact of similar parsing.
   Additional work on this will continue in the future.

   The affected CGIs are:

   	history.c (overflow of histlogfn) = CVE-2019-13451
   	reportlog.c (overflow of histlogfn) = CVE-2019-13452
   	csvinfo.c (overflow of dbfn) = CVE-2019-13273
   	csvinfo.c (reflected XSS) = CVE-2019-13274
   	acknowledge.c (overflow of msgline) = CVE-2019-13455

   	appfeed.c (overflow of errtxt) = CVE-2019-13484
   	history.c (overflow of selfurl) = CVE-2019-13485
   	svcstatus.c (overflow of errtxt) = CVE-2019-13486

   We would like to thank the University of Cambridge Computer Security
   Incident Response Team for their assistance in reporting and helping
   resolve these issues.




   Additional Changes:

   On Linux, a few additional tmpfs volumes are ignored by default
   on new (or unmodified) installs. This includes /run/user/<uid>,
   which is a transient, per-session tmpfs on some systems. To re-
   enable monitoring for this (if you are running services under
   a user with a login session), you may need to edit the analysis.cfg(5)
   file.

   After upgrade, these partitions will no longer be alerted on or
   tracked, and their associated RRD files may also be removed:

    /run/user/<uid> (but NOT /run)
    /dev (but NOT /dev/shm)
    /sys/fs/cgroup
    /lib/init/rw


   The default hard limit for an incoming message has been raised from
   10MB to 64MB

   The secure apache config snippet no longer requires a xymongroups file
   to be present (and module loaded), since it's not used by default. This
   will not affect existing installs.

   A --no-cpu-listing option has been added to xymond_client to suppress the
   'top' output in cpu test status messages.

   The conversation used in SMTP checks has been adjusted to perform a proper
   "EHLO" greeting against servers, using the host string 'xymonnet'. If the
   string needs to be adjusted, however, see protocols.cfg(5)

   "Actual" memory usage (as a percentage) may be >100% on some platforms
   in certain situations. This alone will not be tagged as "invalid" data
   and should be graphed in RRD.

$NetBSD: distinfo,v 1.17 2019/11/24 20:16:55 spz Exp $

SHA1 (xymon-4.3.29.tar.gz) = faf18c75839b4ec0863cbf309651c54bb2890988
RMD160 (xymon-4.3.29.tar.gz) = 5a1bac0ae5674db6e3d810a25597373fdc6b7238
SHA512 (xymon-4.3.29.tar.gz) = 63db006baa0cf0a4e3b85d2cbe0a6e230f87922d0b9cc21792672a1551d40f60ea371a34337a93df248456731709a91bafdb630a219a25ba9d76043e54ded196
Size (xymon-4.3.29.tar.gz) = 3548283 bytes
SHA1 (patch-aa) = c44f791ef6005c809127175cb563bd8f0ac74642
SHA1 (patch-ab) = db0c5808cfad75aaf37217509399597191236180
SHA1 (patch-ac) = d1694c2b67e6f2ae616b2a46de1a01d3199b45f5
SHA1 (patch-ad) = 7519eaeecab9f5d4b6956e0fd426548ec7990a0b
SHA1 (patch-ae) = 4b5413ee14d035fb1b588207b86ebaf0ac122951
SHA1 (patch-af) = 5e71a56cf827f9b30147dd577c295f10c150cd27
SHA1 (patch-build_Makefile.AIX) = e3a06992b075507a02f77a6b04ee4425cc2f8dd1
SHA1 (patch-build_Makefile.Darwin) = 3b86292fba80a05c03e8ace424cddfb726a974fc
SHA1 (patch-build_Makefile.FreeBSD) = 18010c36f754f28d50a921eac59382393f90cf4d
SHA1 (patch-build_Makefile.HP-UX) = bdd713b83f3670096bb10def6c59036d0a4aa377
SHA1 (patch-build_Makefile.IRIX) = b0ce34295d199ffd1e9008569667abbe436a2355
SHA1 (patch-build_Makefile.Linux) = bddfea6c8400fdd7d8a83a6958f1e4139ef988b6
SHA1 (patch-build_Makefile.OSF1) = 1a7afce4beeef249b2435c2ef14f45b2c2dbf8a2
SHA1 (patch-build_Makefile.OSX) = a72b748600b043f458452ab37175c38087375559
SHA1 (patch-build_Makefile.OpenBSD) = cf40c7839ba6290d349328e2e01a20bdaf274fc6
SHA1 (patch-build_Makefile.SunOS) = 71d134a30825a2d36fbb17731e722c89c79da807
SHA1 (patch-build_Makefile.generic) = e96d5ee29630c9133caebfa752880be90726607c
SHA1 (patch-client_logfetch.c) = f99fa015fe597bfb37f1d288c4e5e3b99b65397d
SHA1 (patch-client_xymonclient-netbsd.sh) = 739a201806144ef0e34c1f668ad3a4d9e2b9f9fb
SHA1 (patch-common_Makefile) = 32b7da06cd9d22f98ee0f83bb36ed6441c066707
SHA1 (patch-configure) = 305a74a2383dcd37ea93456272d4254483023aa5