[pkg-nagios-changes] [Git][nagios-team/nagvis][upstream] New upstream version 1.9.38

Bas Couwenberg (@sebastic) gitlab at salsa.debian.org
Sun Oct 15 10:29:59 BST 2023 


Bas Couwenberg pushed to branch upstream at Debian Nagios Maintainer Group / nagvis


Commits:
caf1e27e by Bas Couwenberg at 2023-10-15T11:23:20+02:00
New upstream version 1.9.38
- - - - -


8 changed files:

- ChangeLog
- share/server/core/classes/objects/NagVisHost.php
- share/server/core/classes/objects/NagVisShape.php
- share/server/core/defines/global.php
- share/server/core/ext/php-gettext-1.0.12/gettext.inc
- share/server/core/functions/html.php
- share/server/core/sources/automap.php
- share/userfiles/gadgets/std_speedometer.php


Changes:

=====================================
ChangeLog
=====================================
@@ -1,3 +1,10 @@
+1.9.38
+Frontend:
+  * FIX: Fix XSS vulnerability
+  * FIX: Fix PHP 8.2 deprecation warnings caused by shapes on automaps and host alias
+  * FIX: Fix PHP 8.2 deprecation warnings caused by gettext.inc
+  * FIX: Fix PHP 8.2 deprecation warnings caused by std_speedometer gadget
+
 1.9.37
 Frontend:
   * FIX: Fix "mb_convert_encoding(): Argument #2 ($to_encoding) must be a valid encoding,..."


=====================================
share/server/core/classes/objects/NagVisHost.php
=====================================
@@ -33,6 +33,7 @@ class NagVisHost extends NagVisStatefulObject {
     protected static $langServices = null;
 
     protected $host_name;
+    protected $alias;
 
     protected $members = array();
 


=====================================
share/server/core/classes/objects/NagVisShape.php
=====================================
@@ -29,6 +29,7 @@
 class NagVisShape extends NagVisStatelessObject {
     protected $enable_refresh;
     protected $icon;
+    protected $icon_size;
 
     /**
      * Class constructor


=====================================
share/server/core/defines/global.php
=====================================
@@ -23,7 +23,7 @@
  *****************************************************************************/
  
 // NagVis Version
-define('CONST_VERSION', '1.9.37');
+define('CONST_VERSION', '1.9.38');
 
 // Set PHP error handling to standard level
 // Different levels for php versions below 5.1 because PHP 5.1 reports


=====================================
share/server/core/ext/php-gettext-1.0.12/gettext.inc
=====================================
@@ -88,18 +88,18 @@ function get_list_of_locales($locale) {
       if ($modifier) {
         if ($country) {
           if ($charset)
-            array_push($locale_names, "${lang}_$country.$charset@$modifier");
-          array_push($locale_names, "${lang}_$country@$modifier");
+            array_push($locale_names, "{$lang}_$country.$charset@$modifier");
+          array_push($locale_names, "{$lang}_$country@$modifier");
         } elseif ($charset)
-            array_push($locale_names, "${lang}.$charset@$modifier");
+            array_push($locale_names, "{$lang}.$charset@$modifier");
         array_push($locale_names, "$lang@$modifier");
       }
       if ($country) {
         if ($charset)
-          array_push($locale_names, "${lang}_$country.$charset");
-        array_push($locale_names, "${lang}_$country");
+          array_push($locale_names, "{$lang}_$country.$charset");
+        array_push($locale_names, "{$lang}_$country");
       } elseif ($charset)
-          array_push($locale_names, "${lang}.$charset");
+          array_push($locale_names, "{$lang}.$charset");
       array_push($locale_names, $lang);
     }
 


=====================================
share/server/core/functions/html.php
=====================================
@@ -326,7 +326,7 @@ function select($name, $options, $default = '', $onchange = '', $style = '', $si
         $select = '';
         if($value == $default)
             $select = ' selected';
-        $ret .= '<option value="'.$value.'"'.$select.'>'.$display.'</option>'.N;
+        $ret .= '<option value="'.htmlspecialchars($value).'"'.$select.'>'.htmlspecialchars($display).'</option>'.N;
     }
     $ret .= '</select>'.N;
     echo $ret;


=====================================
share/server/core/sources/automap.php
=====================================
@@ -378,12 +378,12 @@ function automap_obj($MAPCFG, &$params, &$saved_config, $obj_name) {
 
         $obj['.width']  = $w;
         $obj['.height'] = $h;
-    }
 
-    $obj['label_show']       = $MAPCFG->getValue(0, 'label_show');
-    $obj['label_border']     = $MAPCFG->getValue(0, 'label_border');
-    $obj['label_background'] = $MAPCFG->getValue(0, 'label_background');
-    $obj['label_maxlen']     = $MAPCFG->getValue(0, 'label_maxlen');
+        $obj['label_show']       = $MAPCFG->getValue(0, 'label_show');
+        $obj['label_border']     = $MAPCFG->getValue(0, 'label_border');
+        $obj['label_background'] = $MAPCFG->getValue(0, 'label_background');
+        $obj['label_maxlen']     = $MAPCFG->getValue(0, 'label_maxlen');
+    }
 
     // Header menu has z-index 100, this object's label the below+1
     $obj['z']           = 98;
@@ -610,6 +610,10 @@ function automap_tree_to_map_config($MAPCFG, &$params, &$saved_config, &$map_con
     }
 
     $map_config[$tree['object_id']] = $tree;
+
+    // Remove automap internal attribute from <<<monitoring>>> node
+    if ($map_config[$tree['object_id']]['type'] == 'shape')
+        unset($map_config[$tree['object_id']]['host_name']);
     
     // Remove internal attributes here
     unset($map_config[$tree['object_id']]['.childs']);


=====================================
share/userfiles/gadgets/std_speedometer.php
=====================================
@@ -158,30 +158,30 @@ imagefill($img, 0, 0, $oBackground);
 imagecolortransparent($img, $oBackground);
 
 // Base
-imagefilledarc($img,$centerx, $centery, $outerdia, $outerdia, 180, 0, $oGreen, IMG_ARC_EDGED);
+imagefilledarc($img, intval($centerx), intval($centery), intval($outerdia), intval($outerdia), 180, 0, $oGreen, IMG_ARC_EDGED);
 
 // Warning
 if($warn && $warnp <= -1) {
 	// The "360 +" fix has been worked out by hipska. Thanks for that!
-	imagefilledarc($img, $centerx, $centery, $outerdia, $outerdia, 360 + $warnp, 0, $oYellow, IMG_ARC_EDGED);
+	imagefilledarc($img, intval($centerx), intval($centery), intval($outerdia), intval($outerdia), intval(360 + $warnp), 0, $oYellow, IMG_ARC_EDGED);
 }
 // Critical
 if($crit && $critp <= -1) {
 	// The "360 +" fix has been worked out by hipska. Thanks for that!
-	imagefilledarc($img,$centerx, $centery, $outerdia, $outerdia, 360 + $critp, 0, $oRed, IMG_ARC_EDGED);
+	imagefilledarc($img, intval($centerx), intval($centery), intval($outerdia), intval($outerdia), intval(360 + $critp), 0, $oRed, IMG_ARC_EDGED);
 }
 
 // Borders
-imagearc($img, $centerx, $centery+1, $outerdia+2, $outerdia+2, 180, 0, $oBlack);
-imagefilledarc($img, $centerx, $centery, $outerdia/10, $outerdia/10,180, 0, $oBlue, IMG_ARC_EDGED);
+imagearc($img, intval($centerx), intval($centery+1), intval($outerdia+2), intval($outerdia+2), 180, 0, $oBlack);
+imagefilledarc($img, intval($centerx), intval($centery), intval($outerdia/10), intval($outerdia/10), 180, 0, $oBlue, IMG_ARC_EDGED);
 
 //===================
 // Create tacho line.
 //===================
 
-$diffy = sin (deg2rad(-$p+360))*(($outerdia+10)/2);
-$diffx = cos (deg2rad(-$p+360))*(($outerdia+10)/2);
-imagefilledarc($img, ($centerx-$diffx), ($centery+$diffy), ($outerdia+10), ($outerdia+10),($p-1),($p+1), $oBlue, IMG_ARC_EDGED);
+$diffy = sin(deg2rad(-$p+360))*(($outerdia+10)/2);
+$diffx = cos(deg2rad(-$p+360))*(($outerdia+10)/2);
+imagefilledarc($img, intval($centerx-$diffx), intval($centery+$diffy), intval($outerdia+10), intval($outerdia+10),intval($p-1),intval($p+1), $oBlue, IMG_ARC_EDGED);
 
 //===================
 // Labels
@@ -189,9 +189,9 @@ imagefilledarc($img, ($centerx-$diffx), ($centery+$diffy), ($outerdia+10), ($out
 
 // Speedometer labels
 
-imageline($img, ($centerx-$outerdia/2-5), ($centery+1), ($centerx+$outerdia/2+5), ($centery+1), $oBlack);
-imagestring($img, 1, ($centerx-$outerdia/2-15), ($centery-6), $min , $oBlack); 
-imagestring($img, 1, ($centerx+$outerdia/2+8), ($centery-6), $max, $oBlack);
+imageline($img, intval($centerx-$outerdia/2-5), intval($centery+1), intval($centerx+$outerdia/2+5), intval($centery+1), $oBlack);
+imagestring($img, 1, intval($centerx-$outerdia/2-15), intval($centery-6), $min , $oBlack); 
+imagestring($img, 1, intval($centerx+$outerdia/2+8), intval($centery-6), $max, $oBlack);
 
 $count = 1;
 $iOffsetX = -10;
@@ -200,10 +200,10 @@ for($degrees=45; $degrees<180; $degrees = $degrees+45) {
 	$bediffx=cos (deg2rad(-$degrees+360))*(($outerdia+10)/2);
 	$bediffy1=sin (deg2rad(-$degrees+360))*(($outerdia-10)/2);
 	$bediffx1=cos (deg2rad(-$degrees+360))*(($outerdia-10)/2);
-	
-	imageline($img, ($centerx-$bediffx), ($centery+$bediffy),($centerx-$bediffx1), ($centery+$bediffy1), $oBlack);
-	imagestring($img , 1 ,($centerx-$bediffx+$iOffsetX-8), ($centery+$bediffy-10) , (($max-$min)/4*$count+$min) , $oBlack); 
-	
+
+	imageline($img, intval($centerx-$bediffx), intval($centery+$bediffy),intval($centerx-$bediffx1), intval($centery+$bediffy1), $oBlack);
+	imagestring($img , 1 ,intval($centerx-$bediffx+$iOffsetX-8), intval($centery+$bediffy-10) , intval(($max-$min)/4*$count+$min) , $oBlack); 
+
 	$count = $count+1;
 	$iOffsetX = $iOffsetX + 10;
 }



View it on GitLab: https://salsa.debian.org/nagios-team/nagvis/-/commit/caf1e27ebfbb3a016d6ecc03b0f9e72bb1774af0

-- 
View it on GitLab: https://salsa.debian.org/nagios-team/nagvis/-/commit/caf1e27ebfbb3a016d6ecc03b0f9e72bb1774af0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20231015/55b42f12/attachment-0001.htm>

More information about the pkg-nagios-changes mailing list