Date: Sat, 16 Feb 2013 21:33:49 +1030 (CST) From: Jarrod Sayers <jarrod@downtools.com.au> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/176188: [maintainer-update] net-mgmt/nagios: Update to Nagios 3.4.4 Message-ID: <201302161103.r1GB3nnS049978@mail.downtools.com.au> Resent-Message-ID: <201302161110.r1GBA1LT053336@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 176188 >Category: ports >Synopsis: [maintainer-update] net-mgmt/nagios: Update to Nagios 3.4.4 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Feb 16 11:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Jarrod Sayers >Release: FreeBSD 9.0-RELEASE-p5 i386 >Organization: >Environment: System: FreeBSD mail.downtools.com.au 9.0-RELEASE-p5 FreeBSD 9.0-RELEASE-p5 #23: Sat Dec 15 08:56:43 CST 2012 root@burbank.downtools.com.au:/usr/obj/usr/src/sys/BURBANK i386 >Description: Update to Nagios 3.4.4 Modified files: - ports/net-mgmt/nagios/Makefile - ports/net-mgmt/nagios/distinfo - ports/net-mgmt/nagios/files/patch-html-main.php Removed files: - ports/net-mgmt/nagios/files/patch-CVE-2012-6096 >How-To-Repeat: >Fix: Patch can be downloaded from: http://www.downtools.com.au/~jarrod/FreeBSD/net-mgmt-nagios-3.4.4.diff --- net-mgmt-nagios-3.4.4.diff begins here --- diff -ruN ports/net-mgmt/nagios.orig/Makefile ports/net-mgmt/nagios/Makefile --- ports/net-mgmt/nagios.orig/Makefile 2013-02-16 18:33:28.000000000 +1030 +++ ports/net-mgmt/nagios/Makefile 2013-02-16 18:09:02.000000000 +1030 @@ -2,8 +2,7 @@ # $FreeBSD: head/net-mgmt/nagios/Makefile 310219 2013-01-11 07:42:34Z rm $ PORTNAME= nagios -PORTVERSION= 3.4.3 -PORTREVISION= 1 +PORTVERSION= 3.4.4 CATEGORIES= net-mgmt MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-3.x/${PORTNAME}-${PORTVERSION} diff -ruN ports/net-mgmt/nagios.orig/distinfo ports/net-mgmt/nagios/distinfo --- ports/net-mgmt/nagios.orig/distinfo 2013-02-16 18:33:28.000000000 +1030 +++ ports/net-mgmt/nagios/distinfo 2013-02-16 18:11:44.000000000 +1030 @@ -1,2 +1,2 @@ -SHA256 (nagios-3.4.3.tar.gz) = 2d5c0cc56bafb08a71840a6efa349afc1eebb2761fea0d403e1b929e7c801b10 -SIZE (nagios-3.4.3.tar.gz) = 1784746 +SHA256 (nagios-3.4.4.tar.gz) = cf6c4c82c4d8dd42e5daae92c20682574f001f03d062600327372c8274fc338e +SIZE (nagios-3.4.4.tar.gz) = 1786507 diff -ruN ports/net-mgmt/nagios.orig/files/patch-CVE-2012-6096 ports/net-mgmt/nagios/files/patch-CVE-2012-6096 --- ports/net-mgmt/nagios.orig/files/patch-CVE-2012-6096 2013-02-16 18:33:30.000000000 +1030 +++ ports/net-mgmt/nagios/files/patch-CVE-2012-6096 1970-01-01 09:30:00.000000000 +0930 @@ -1,117 +0,0 @@ ---- cgi/getcgi.c.orig 2011-08-17 17:06:27.000000000 +0930 -+++ cgi/getcgi.c 2013-01-11 17:02:53.000000000 +1030 -@@ -137,14 +137,15 @@ - /* check for NULL query string environment variable - 04/28/00 (Ludo Bosmans) */ - if(getenv("QUERY_STRING") == NULL) { - cgiinput = (char *)malloc(1); -- if(cgiinput == NULL) { -- printf("getcgivars(): Could not allocate memory for CGI input.\n"); -- exit(1); -- } -- cgiinput[0] = '\x0'; -+ if(cgiinput != NULL) -+ cgiinput[0] = '\x0'; - } - else - cgiinput = strdup(getenv("QUERY_STRING")); -+ if(cgiinput == NULL) { -+ printf("getcgivars(): Could not allocate memory for CGI input.\n"); -+ exit(1); -+ } - } - - else if(!strcmp(request_method, "POST") || !strcmp(request_method, "PUT")) { -@@ -220,7 +221,12 @@ - paircount = 0; - nvpair = strtok(cgiinput, "&"); - while(nvpair) { -- pairlist[paircount++] = strdup(nvpair); -+ pairlist[paircount] = strdup(nvpair); -+ if( NULL == pairlist[paircount]) { -+ printf("getcgivars(): Could not allocate memory for name-value pair #%d.\n", paircount); -+ exit(1); -+ } -+ paircount++; - if(!(paircount % 256)) { - pairlist = (char **)realloc(pairlist, (paircount + 256) * sizeof(char **)); - if(pairlist == NULL) { -@@ -245,13 +251,29 @@ - /* get the variable name preceding the equal (=) sign */ - if((eqpos = strchr(pairlist[i], '=')) != NULL) { - *eqpos = '\0'; -- unescape_cgi_input(cgivars[i * 2 + 1] = strdup(eqpos + 1)); -+ cgivars[i * 2 + 1] = strdup(eqpos + 1); -+ if( NULL == cgivars[ i * 2 + 1]) { -+ printf("getcgivars(): Could not allocate memory for cgi value #%d.\n", i); -+ exit(1); -+ } -+ unescape_cgi_input(cgivars[i * 2 + 1]); -+ } -+ else { -+ cgivars[i * 2 + 1] = strdup(""); -+ if( NULL == cgivars[ i * 2 + 1]) { -+ printf("getcgivars(): Could not allocate memory for empty stringfor variable value #%d.\n", i); -+ exit(1); -+ } -+ unescape_cgi_input(cgivars[i * 2 + 1]); - } -- else -- unescape_cgi_input(cgivars[i * 2 + 1] = strdup("")); - - /* get the variable value (or name/value of there was no real "pair" in the first place) */ -- unescape_cgi_input(cgivars[i * 2] = strdup(pairlist[i])); -+ cgivars[i * 2] = strdup(pairlist[i]); -+ if( NULL == cgivars[ i * 2]) { -+ printf("getcgivars(): Could not allocate memory for cgi name #%d.\n", i); -+ exit(1); -+ } -+ unescape_cgi_input(cgivars[i * 2]); - } - - /* terminate the name-value list */ ---- cgi/history.c.orig 2011-08-17 17:06:27.000000000 +0930 -+++ cgi/history.c 2013-01-11 17:03:18.000000000 +1030 -@@ -805,16 +805,22 @@ - else if(display_type == DISPLAY_HOSTS) { - - if(history_type == HOST_HISTORY || history_type == SERVICE_HISTORY) { -- sprintf(match1, " HOST ALERT: %s;", host_name); -- sprintf(match2, " SERVICE ALERT: %s;", host_name); -+ snprintf(match1, sizeof( match1), -+ " HOST ALERT: %s;", host_name); -+ snprintf(match2, sizeof( match2), -+ " SERVICE ALERT: %s;", host_name); - } - else if(history_type == HOST_FLAPPING_HISTORY || history_type == SERVICE_FLAPPING_HISTORY) { -- sprintf(match1, " HOST FLAPPING ALERT: %s;", host_name); -- sprintf(match2, " SERVICE FLAPPING ALERT: %s;", host_name); -+ snprintf(match1, sizeof( match1), -+ " HOST FLAPPING ALERT: %s;", host_name); -+ snprintf(match2, sizeof( match2), -+ " SERVICE FLAPPING ALERT: %s;", host_name); - } - else if(history_type == HOST_DOWNTIME_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY) { -- sprintf(match1, " HOST DOWNTIME ALERT: %s;", host_name); -- sprintf(match2, " SERVICE DOWNTIME ALERT: %s;", host_name); -+ snprintf(match1, sizeof( match1), -+ " HOST DOWNTIME ALERT: %s;", host_name); -+ snprintf(match2, sizeof( match2), -+ " SERVICE DOWNTIME ALERT: %s;", host_name); - } - - if(show_all_hosts == TRUE) -@@ -853,11 +859,11 @@ - else if(display_type == DISPLAY_SERVICES) { - - if(history_type == SERVICE_HISTORY) -- sprintf(match1, " SERVICE ALERT: %s;%s;", host_name, svc_description); -+ snprintf(match1, sizeof( match1), " SERVICE ALERT: %s;%s;", host_name, svc_description); - else if(history_type == SERVICE_FLAPPING_HISTORY) -- sprintf(match1, " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description); -+ snprintf(match1, sizeof( match1), " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description); - else if(history_type == SERVICE_DOWNTIME_HISTORY) -- sprintf(match1, " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description); -+ snprintf(match1, sizeof( match1), " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description); - - if(strstr(temp_buffer, match1) && (history_type == SERVICE_HISTORY || history_type == SERVICE_FLAPPING_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY)) - display_line = TRUE; diff -ruN ports/net-mgmt/nagios.orig/files/patch-html-main.php ports/net-mgmt/nagios/files/patch-html-main.php --- ports/net-mgmt/nagios.orig/files/patch-html-main.php 2013-02-16 18:33:29.000000000 +1030 +++ ports/net-mgmt/nagios/files/patch-html-main.php 2013-02-16 18:15:43.000000000 +1030 @@ -1,10 +1,10 @@ ---- html/main.php.orig 2012-12-01 03:28:25.000000000 +1030 -+++ html/main.php 2012-12-28 14:23:47.000000000 +1030 +--- html/main.php.orig 2013-01-12 23:51:46.000000000 +1030 ++++ html/main.php 2013-02-16 18:15:16.000000000 +1030 @@ -40,35 +40,10 @@ <div class="product">Nagios<sup><span style="font-size: small;">®</span></sup> Core<sup><span style="font-size: small;">™</span></sup></div> - <div class="version">Version 3.4.3</div> - <div class="releasedate">November 30, 2012</div> --<div class="checkforupdates"><a href="http://www.nagios.org/checkforupdates/?version=3.4.3&product=nagioscore" target="_blank">Check for updates</a></div> + <div class="version">Version 3.4.4</div> + <div class="releasedate">January 12, 2013</div> +-<div class="checkforupdates"><a href="http://www.nagios.org/checkforupdates/?version=3.4.4&product=nagioscore" target="_blank">Check for updates</a></div> <!--<div class="whatsnew"><a href="http://go.nagios.com/nagioscore/whatsnew">Read what's new in Nagios Core 3</a></div>--> </div> --- net-mgmt-nagios-3.4.4.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302161103.r1GB3nnS049978>