[Pkg-nagios-changes] [pkg-nagios3] 01/01: push 3.4.1-3+deb7u1 to wheezy branch
Jonas Meurer
mejo at alioth.debian.org
Mon Nov 4 19:48:18 UTC 2013
This is an automated email from the git hooks/post-receive script.
mejo pushed a commit to branch wheezy
in repository pkg-nagios3.
commit 57e31d7f3af6638c2aba6c6a64aac5acdbab7de6
Author: Jonas Meurer <jonas at freesources.org>
Date: Mon Nov 4 20:48:12 2013 +0100
push 3.4.1-3+deb7u1 to wheezy branch
---
...ime-Handle-loading-effective-downtime-fr.dpatch | 74 +++++++++++
debian/patches/99_security_cve_2012_6096.dpatch | 128 ++++++++++++++++++++
.../99_security_status_cgi_servicegroup.dpatch | 56 +++++++++
3 files changed, 258 insertions(+)
diff --git a/debian/patches/999_daemon-downtime-Handle-loading-effective-downtime-fr.dpatch b/debian/patches/999_daemon-downtime-Handle-loading-effective-downtime-fr.dpatch
new file mode 100755
index 0000000..d6fcb38
--- /dev/null
+++ b/debian/patches/999_daemon-downtime-Handle-loading-effective-downtime-fr.dpatch
@@ -0,0 +1,74 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## daemon downtime: Handle loading effective downtime from retention
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: From 9f18395268dda948265722984097735d48d72197 Mon Sep 17 00:00:00 2001
+## DP: From: Andreas Ericsson <ae at op5.se>
+## DP: Date: Wed, 6 Jun 2012 09:38:06 +0000
+## DP: Subject: [PATCH] daemon downtime: Handle loading effective downtime from
+## DP: retention
+## DP:
+## DP: Without this patch, Nagios would forget about downtime that starts
+## DP: before the core is stopped and ends after the core is restarted.
+## DP:
+## DP: According to testers, the original problem with notifications being
+## DP: re-sent does not crop up again when this patch is applied.
+## DP:
+## DP: Tested-by: Mark Elsen <mark.elsen at gmail.com>
+## DP: Tested-by: Phil Randal <phil.randal at hoopleltd.co.uk>
+## DP: Patched-by: Carlos Velasco <carlos.velasco at nimastelecom.com>
+## DP: Signed-off-by: Andreas Ericsson <ae at op5.se>
+## DP:
+## DP: git-svn-id: https://nagios.svn.sourceforge.net/svnroot/nagios/nagioscore/trunk@1953 5f96b256-904b-4d8d-8c98-d829582c6739
+## DP: ---
+## DP: THANKS | 1 +
+## DP: common/downtime.c | 31 +++++++++++++++++++++++++++----
+## DP: 2 files changed, 28 insertions(+), 4 deletions(-)
+
+ at DPATCH@
+diff --git a/common/downtime.c b/common/downtime.c
+index 09a0333..0193c50 100644
+--- a/common/downtime.c
++++ b/common/downtime.c
+@@ -401,11 +401,34 @@ int handle_scheduled_downtime(scheduled_downtime *temp_downtime) {
+ }
+
+ /* if downtime handler gets triggerd in between then there seems to be a restart */
+- /* Don't do anything just return */
+- time( ¤t_time);
+- if( temp_downtime->start_time < current_time && current_time < temp_downtime->end_time && temp_downtime->is_in_effect == TRUE)
+- return OK;
++ time(¤t_time);
++ if(temp_downtime->start_time < current_time && current_time < temp_downtime->end_time && temp_downtime->is_in_effect == TRUE) {
++#ifdef USE_EVENT_BROKER
++ /* send data to event broker */
++ broker_downtime_data(NEBTYPE_DOWNTIME_START, NEBFLAG_NONE, NEBATTR_NONE, temp_downtime->type, temp_downtime->host_name, temp_downtime->service_description, temp_downtime->entry_time, temp_downtime->author, temp_downtime->comment, temp_downtime->start_time, temp_downtime->end_time, temp_downtime->fixed, temp_downtime->triggered_by, temp_downtime->duration, temp_downtime->downtime_id, NULL);
++#endif
++
++ /* increment the downtime depth variable */
++ if(temp_downtime->type == HOST_DOWNTIME) {
++ hst->scheduled_downtime_depth++;
++ update_host_status(hst, FALSE);
++ }
++ else {
++ svc->scheduled_downtime_depth++;
++ update_service_status(svc, FALSE);
++ }
+
++ /* schedule an event */
++ if(temp_downtime->fixed == FALSE)
++ event_time = (time_t)((unsigned long)time(NULL) + temp_downtime->duration);
++ else
++ event_time = temp_downtime->end_time;
++ if((new_downtime_id = (unsigned long *)malloc(sizeof(unsigned long)))) {
++ *new_downtime_id = temp_downtime->downtime_id;
++ schedule_new_event(EVENT_SCHEDULED_DOWNTIME, TRUE, event_time, FALSE, 0, NULL, FALSE, (void *)new_downtime_id, NULL, 0);
++ }
++ return OK;
++ }
+
+ /* have we come to the end of the scheduled downtime? */
+ if(temp_downtime->is_in_effect == TRUE) {
+--
+1.8.2
+
diff --git a/debian/patches/99_security_cve_2012_6096.dpatch b/debian/patches/99_security_cve_2012_6096.dpatch
new file mode 100755
index 0000000..bdec71f
--- /dev/null
+++ b/debian/patches/99_security_cve_2012_6096.dpatch
@@ -0,0 +1,128 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99_securit_cve_2012_6096.dpatch by Alexander Wirt <formorer at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix overflows in getcgi.c and history.cgi (CVE 2012-6096)
+## DP: Debian Bug #697930
+## DP: http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' nagios3-3.4.1~/cgi/getcgi.c nagios3-3.4.1/cgi/getcgi.c
+--- nagios3-3.4.1~/cgi/getcgi.c 2011-08-17 09:36:27.000000000 +0200
++++ nagios3-3.4.1/cgi/getcgi.c 2013-01-27 17:10:41.725700070 +0100
+@@ -137,14 +137,15 @@
+ /* check for NULL query string environment variable - 04/28/00 (Ludo Bosmans) */
+ if(getenv("QUERY_STRING") == NULL) {
+ cgiinput = (char *)malloc(1);
+- if(cgiinput == NULL) {
+- printf("getcgivars(): Could not allocate memory for CGI input.\n");
+- exit(1);
+- }
+- cgiinput[0] = '\x0';
++ if(cgiinput != NULL)
++ cgiinput[0] = '\x0';
+ }
+ else
+ cgiinput = strdup(getenv("QUERY_STRING"));
++ if(cgiinput == NULL) {
++ printf("getcgivars(): Could not allocate memory for CGI input.\n");
++ exit(1);
++ }
+ }
+
+ else if(!strcmp(request_method, "POST") || !strcmp(request_method, "PUT")) {
+@@ -220,7 +221,12 @@
+ paircount = 0;
+ nvpair = strtok(cgiinput, "&");
+ while(nvpair) {
+- pairlist[paircount++] = strdup(nvpair);
++ pairlist[paircount] = strdup(nvpair);
++ if( NULL == pairlist[paircount]) {
++ printf("getcgivars(): Could not allocate memory for name-value pair #%d.\n", paircount);
++ exit(1);
++ }
++ paircount++;
+ if(!(paircount % 256)) {
+ pairlist = (char **)realloc(pairlist, (paircount + 256) * sizeof(char **));
+ if(pairlist == NULL) {
+@@ -245,13 +251,29 @@
+ /* get the variable name preceding the equal (=) sign */
+ if((eqpos = strchr(pairlist[i], '=')) != NULL) {
+ *eqpos = '\0';
+- unescape_cgi_input(cgivars[i * 2 + 1] = strdup(eqpos + 1));
++ cgivars[i * 2 + 1] = strdup(eqpos + 1);
++ if( NULL == cgivars[ i * 2 + 1]) {
++ printf("getcgivars(): Could not allocate memory for cgi value #%d.\n", i);
++ exit(1);
++ }
++ unescape_cgi_input(cgivars[i * 2 + 1]);
++ }
++ else {
++ cgivars[i * 2 + 1] = strdup("");
++ if( NULL == cgivars[ i * 2 + 1]) {
++ printf("getcgivars(): Could not allocate memory for empty stringfor variable value #%d.\n", i);
++ exit(1);
++ }
++ unescape_cgi_input(cgivars[i * 2 + 1]);
+ }
+- else
+- unescape_cgi_input(cgivars[i * 2 + 1] = strdup(""));
+
+ /* get the variable value (or name/value of there was no real "pair" in the first place) */
+- unescape_cgi_input(cgivars[i * 2] = strdup(pairlist[i]));
++ cgivars[i * 2] = strdup(pairlist[i]);
++ if( NULL == cgivars[ i * 2]) {
++ printf("getcgivars(): Could not allocate memory for cgi name #%d.\n", i);
++ exit(1);
++ }
++ unescape_cgi_input(cgivars[i * 2]);
+ }
+
+ /* terminate the name-value list */
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' nagios3-3.4.1~/cgi/history.c nagios3-3.4.1/cgi/history.c
+--- nagios3-3.4.1~/cgi/history.c 2011-08-17 09:36:27.000000000 +0200
++++ nagios3-3.4.1/cgi/history.c 2013-01-27 17:10:41.721700070 +0100
+@@ -805,16 +805,22 @@
+ else if(display_type == DISPLAY_HOSTS) {
+
+ if(history_type == HOST_HISTORY || history_type == SERVICE_HISTORY) {
+- sprintf(match1, " HOST ALERT: %s;", host_name);
+- sprintf(match2, " SERVICE ALERT: %s;", host_name);
++ snprintf(match1, sizeof( match1),
++ " HOST ALERT: %s;", host_name);
++ snprintf(match2, sizeof( match2),
++ " SERVICE ALERT: %s;", host_name);
+ }
+ else if(history_type == HOST_FLAPPING_HISTORY || history_type == SERVICE_FLAPPING_HISTORY) {
+- sprintf(match1, " HOST FLAPPING ALERT: %s;", host_name);
+- sprintf(match2, " SERVICE FLAPPING ALERT: %s;", host_name);
++ snprintf(match1, sizeof( match1),
++ " HOST FLAPPING ALERT: %s;", host_name);
++ snprintf(match2, sizeof( match2),
++ " SERVICE FLAPPING ALERT: %s;", host_name);
+ }
+ else if(history_type == HOST_DOWNTIME_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY) {
+- sprintf(match1, " HOST DOWNTIME ALERT: %s;", host_name);
+- sprintf(match2, " SERVICE DOWNTIME ALERT: %s;", host_name);
++ snprintf(match1, sizeof( match1),
++ " HOST DOWNTIME ALERT: %s;", host_name);
++ snprintf(match2, sizeof( match2),
++ " SERVICE DOWNTIME ALERT: %s;", host_name);
+ }
+
+ if(show_all_hosts == TRUE)
+@@ -853,11 +859,11 @@
+ else if(display_type == DISPLAY_SERVICES) {
+
+ if(history_type == SERVICE_HISTORY)
+- sprintf(match1, " SERVICE ALERT: %s;%s;", host_name, svc_description);
++ snprintf(match1, sizeof( match1), " SERVICE ALERT: %s;%s;", host_name, svc_description);
+ else if(history_type == SERVICE_FLAPPING_HISTORY)
+- sprintf(match1, " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);
++ snprintf(match1, sizeof( match1), " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);
+ else if(history_type == SERVICE_DOWNTIME_HISTORY)
+- sprintf(match1, " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);
++ snprintf(match1, sizeof( match1), " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);
+
+ if(strstr(temp_buffer, match1) && (history_type == SERVICE_HISTORY || history_type == SERVICE_FLAPPING_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY))
+ display_line = TRUE;
diff --git a/debian/patches/99_security_status_cgi_servicegroup.dpatch b/debian/patches/99_security_status_cgi_servicegroup.dpatch
new file mode 100755
index 0000000..3c850e1
--- /dev/null
+++ b/debian/patches/99_security_status_cgi_servicegroup.dpatch
@@ -0,0 +1,56 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99_security_status_cgi_servicegroup.dpatch by Jonas Meurer <jmeurer at inet.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Stop cgi-bin/status.c from listing unauthorized hosts and
+## DP: services in servicegroup view
+## DP: Upstream bugreport: http://tracker.nagios.org/view.php?id=456
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' nagios3-3.4.1~/cgi/status.c nagios3-3.4.1/cgi/status.c
+--- nagios3-3.4.1~/cgi/status.c 2012-02-13 21:40:42.000000000 +0100
++++ nagios3-3.4.1/cgi/status.c 2013-06-26 16:52:37.668132234 +0200
+@@ -2534,6 +2534,10 @@
+ if(temp_host == NULL)
+ continue;
+
++ /* make sure user has rights to view this host */
++ if(is_authorized_for_host(temp_host, ¤t_authdata) == FALSE)
++ continue;
++
+ /* skip this if it isn't a new host... */
+ if(temp_host == last_host)
+ continue;
+@@ -2739,6 +2743,10 @@
+ if(temp_host == NULL)
+ continue;
+
++ /* make sure user has rights to view this host */
++ if(is_authorized_for_host(temp_host, ¤t_authdata) == FALSE)
++ continue;
++
+ /* skip this if it isn't a new host... */
+ if(temp_host == last_host)
+ continue;
+@@ -2918,6 +2926,10 @@
+ if(temp_service == NULL)
+ continue;
+
++ /* make sure user has rights to view this service */
++ if(is_authorized_for_service(temp_service, ¤t_authdata) == FALSE)
++ continue;
++
+ /* find the service status */
+ temp_servicestatus = find_servicestatus(temp_service->host_name, temp_service->description);
+ if(temp_servicestatus == NULL)
+@@ -3270,6 +3282,10 @@
+ if(temp_host == NULL)
+ continue;
+
++ /* make sure user has rights to view this host */
++ if(is_authorized_for_host(temp_host, ¤t_authdata) == FALSE)
++ continue;
++
+ /* get the status of the host */
+ temp_hoststatus = find_hoststatus(temp_host->name);
+ if(temp_hoststatus == NULL)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nagios3.git
More information about the Pkg-nagios-changes
mailing list