[pkg-nagios-changes] [Git][nagios-team/nagvis][master] 4 commits: New upstream version 1.9.45
Bas Couwenberg (@sebastic)
gitlab at salsa.debian.org
Fri Mar 21 17:01:44 GMT 2025
Bas Couwenberg pushed to branch master at Debian Nagios Maintainer Group / nagvis
Commits:
590aa0f8 by Bas Couwenberg at 2025-03-21T17:56:02+01:00
New upstream version 1.9.45
- - - - -
a0ca90c7 by Bas Couwenberg at 2025-03-21T17:56:07+01:00
Update upstream source from tag 'upstream/1.9.45'
Update to upstream version '1.9.45'
with Debian dir e560c0c9490848d9eecfbe466dd21aa489f43e82
- - - - -
d53e982b by Bas Couwenberg at 2025-03-21T17:56:24+01:00
New upstream release.
- - - - -
08c9f46d by Bas Couwenberg at 2025-03-21T17:57:13+01:00
Set distribution to experimental.
- - - - -
19 changed files:
- ChangeLog
- debian/changelog
- docs/de_DE/nagvis_config_format_description.html
- docs/en_US/backend_mkbi.html
- docs/en_US/hover_templates.html
- docs/en_US/map_config_format_description.html
- docs/en_US/nagvis_config_format_description.html
- docs/en_US/toc.html
- etc/nagvis.ini.php-sample
- share/frontend/nagvis-js/classes/NagVisInfoView.php
- share/frontend/nagvis-js/js/ElementLine.js
- share/server/core/classes/CoreAuthorisationModGroups.php
- share/server/core/classes/CoreAuthorisationModMultisite.php
- share/server/core/classes/CoreLogonMultisite.php
- share/server/core/classes/CoreModMultisite.php
- share/server/core/classes/GlobalBackendmkbi.php
- share/server/core/classes/objects/NagVisAggr.php
- share/server/core/classes/objects/NagVisStatefulObject.php
- share/server/core/defines/global.php
Changes:
=====================================
ChangeLog
=====================================
@@ -1,3 +1,8 @@
+1.9.45
+ * FIX: Fix XSS on support info page (Thanks to jmacario24)
+ * FIX: Fix not working cookie session timestamps validation introduced with 1.9.43 in
+ when localhost is blocked or takes a long time to resolve
+
1.9.44
* FIX: Fix not working cookie session timestamps validation introduced with 1.9.43 in
some HTTPS scenarios
=====================================
debian/changelog
=====================================
@@ -1,11 +1,12 @@
-nagvis (1:1.9.44-2) UNRELEASED; urgency=medium
+nagvis (1:1.9.45-1) unstable; urgency=medium
* Team upload.
+ * New upstream release.
* Update Portuguese debconf translation.
(closes: #1100066)
* Bump Standards-Version to 4.7.2, no changes.
- -- Bas Couwenberg <sebastic at debian.org> Tue, 11 Mar 2025 05:23:37 +0100
+ -- Bas Couwenberg <sebastic at debian.org> Fri, 21 Mar 2025 17:57:02 +0100
nagvis (1:1.9.44-1) unstable; urgency=medium
=====================================
docs/de_DE/nagvis_config_format_description.html
=====================================
@@ -119,7 +119,7 @@
NagVis vertraut dem gelieferten Benutzernamen implizit. NagVis benutzt die konfigurierte Umgebungsvariable, um den Benutzer zu identifizieren. Sie können Ihrem Webserver verschiedene Authentifizierungsmechanismen hinzufügen, angefangen mit der Basic-Authentifizierung, die von Nagios genutzt wird (.htaccess) bis hin zu Single-Sign-On-Umgebungen.<br>
Setzen Sie einfach logonmodule auf "LogonEnv", setzen Sie die als Benutzername zu verwendende Umgebungsvariable auf die Option logonenvvar und teilen Sie dem Authentifizierungsmodul mit, dass Benutzer in der Datenbank neu anzulegen sind, wenn der gelieferte Benutzer noch nicht vorhanden ist. Die Option logonenvcreaterole weist das Authentifizierungsmodul an, den neuen Benutzer einer Rolle zuzuweisen. Setzen Sie die Option auf einen leeren String, um dieses Verhalten auszuschalten.</p>
- <p><i>LogonMultisite</i>: Dieses Modul benutzt die Authentifizierung von auth_*-Cookies, die von Check_MK-Multisite geliefert werden, wenn die Cookie-basierte Authentifizierung verwendet wird.</p>
+ <p><i>LogonMultisite</i>: Dieses Modul benutzt die Authentifizierung von auth_*-Cookies, die von Checkmk-Multisite geliefert werden, wenn die Cookie-basierte Authentifizierung verwendet wird.</p>
<p>Es ist möglich, eigene Logon-Module hinzuzufügen, um andere Dialoge zu bedienen.</p></td>
=====================================
docs/en_US/backend_mkbi.html
=====================================
@@ -1,31 +1,31 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
- <title>NagVis Check_MK Business Intelligence Backend</title>
+ <title>NagVis Checkmk Business Intelligence Backend</title>
<link rel="stylesheet" type="text/css" media="screen" href="../general/css/style.css" />
</head>
<body>
- <h1>Check_MK Business Intelligence Backend</h1>
- <p>The Check_MK Business Intelligence (BI) Backend is used to connect NagVis directly with the
- aggregations configured within <a href="https://docs.checkmk.com/latest/en/bi.html" target="_blank">Check_MK BI</a>.</p>
+ <h1>Checkmk Business Intelligence Backend</h1>
+ <p>The Checkmk Business Intelligence (BI) Backend is used to connect NagVis directly with the
+ aggregations configured within <a href="https://docs.checkmk.com/latest/en/bi.html" target="_blank">Checkmk BI</a>.</p>
- <h2>The Check_MK BI API</h2>
- <p>Check_MK BI offers a webservice which is called by HTTP GET requests and
+ <h2>The Checkmk BI API</h2>
+ <p>Checkmk BI offers a webservice which is called by HTTP GET requests and
responds with JSON objects.</p>
<h2>Representation in NagVis</h2>
<p>This backend is a special one compared to the other backends which handle Nagios status
- information 1:1. This backend only handles Check_MK BI aggregations as dedicated object.</p>
+ information 1:1. This backend only handles Checkmk BI aggregations as dedicated object.</p>
<p>The backend only provides information for objects of the type <code>aggr</code>, which
has been introduced to represent aggregation objects.</p>
<p>The aggregations objects link (left click on icon) are automatically set by the mkbi
- backend to point to the Check_MK Web-GUI, except when the <code>url</code> parameter
+ backend to point to the Checkmk Web-GUI, except when the <code>url</code> parameter
of the aggr object is configured to point to another map
(e.g. <code>[htmlbase]/index.php?mod=Map&act=view&show=bi-webshop-details</code>).</p>
<h2>Configuration</h2>
- <p>You can use the following parameters to configure the Check_MK BI backend:</p>
+ <p>You can use the following parameters to configure the Checkmk BI backend:</p>
<table style="width:100%">
<tr>
@@ -33,8 +33,8 @@
</tr>
<tr>
<td><strong>base_url</strong></td>
- <td>http://localhost/check_mk/</td>
- <td>The full base URL to the <code>view.py</code> script which is part of Check_MK.
+ <td>http://localhost/[site_id]/check_mk/</td>
+ <td>The full base URL to the <code>view.py</code> script which is part of Checkmk.
It serves the AJAX-API which the backend connects to. This URL must be reachable
from the host NagVis is running on.</td>
</tr>
@@ -42,13 +42,13 @@
<td>auth_user</td>
<td></td>
<td>User to use for authentication when accessing the <code>base_url</code>. It
- has to be created within Check_MK as "automation" user in order to
- configure a backend which is allowed to retrieve Check_MK BI states.</td>
+ has to be created within Checkmk as "automation" user in order to
+ configure a backend which is allowed to retrieve Checkmk BI states.</td>
</tr>
<tr>
<td>auth_secret</td>
<td></td>
- <td>The authentication secret configured within Check_MK for the tiven user.</td>
+ <td>The authentication secret configured within Checkmk for the tiven user.</td>
</tr>
<tr>
<td>verify_peer</td>
@@ -73,7 +73,7 @@
<td>5</td>
<td>
<font color="#f00">New in 1.9b11</font>: This option controls the request timeout
- of the HTTP requests to Check_MK BI.
+ of the HTTP requests to Checkmk BI.
</td>
</tr>
</table>
=====================================
docs/en_US/hover_templates.html
=====================================
@@ -193,28 +193,28 @@
</tr>
<tr>
<td>[obj_taggroup_<group_id>_title]</td>
- <td>When using NagVis together with Check_MK (version 1.2.5i6p4 or newer) in an OMD environment, you can use
+ <td>When using NagVis together with Checkmk (version 1.2.5i6p4 or newer) in an OMD environment, you can use
this macro to display tag and taggroup related information in hover menus.
This macro can be used to display the title of a taggroup matching the given
group_id. <font color="#ff0000">(New in 1.8rc1)</font></td>
</tr>
<tr>
<td>[obj_taggroup_<group_id>_topic]</td>
- <td>When using NagVis together with Check_MK (version 1.2.5i6p4 or newer) in an OMD environment, you can use
+ <td>When using NagVis together with Checkmk (version 1.2.5i6p4 or newer) in an OMD environment, you can use
this macro to display tag and taggroup related information in hover menus.
This macro can be used to display the tag group topic of the taggroup
matching the given group_id. <font color="#ff0000">(New in 1.8rc1)</font></td>
</tr>
<tr>
<td>[obj_taggroup_<group_id>_value]</td>
- <td>When using NagVis together with Check_MK (version 1.2.5i6p4 or newer) in an OMD environment, you can use
+ <td>When using NagVis together with Checkmk (version 1.2.5i6p4 or newer) in an OMD environment, you can use
this macro to display tag and taggroup related information in hover menus.
This macro can be used to display the raw value, means the choosen tag, of a taggroup
matching the given group_id. <font color="#ff0000">(New in 1.8rc1)</font></td>
</tr>
<tr>
<td>[obj_taggroup_<group_id>_value_title]</td>
- <td>When using NagVis together with Check_MK (version 1.2.5i6p4 or newer) in an OMD environment, you can use
+ <td>When using NagVis together with Checkmk (version 1.2.5i6p4 or newer) in an OMD environment, you can use
this macro to display tag and taggroup related information in hover menus.
This macro can be used to display the title of the choosen tag, of a taggroup
matching the given group_id. <font color="#ff0000">(New in 1.8rc1)</font></td>
=====================================
docs/en_US/map_config_format_description.html
=====================================
@@ -1651,7 +1651,7 @@
<a name="aggr"></a><h3>Aggregation</h3>
<p><i>Please note:</i> Aggregations can currently only be used with the "mkbi" backend.</p>
- <p>This example creates an object showing the state of a Check_MK BI Aggregation which is named "Host localhost".
+ <p>This example creates an object showing the state of a Checkmk BI Aggregation which is named "Host localhost".
All used options have to be set (note that options already defined in the global section are optional):</p>
<pre>define aggr {
name=Host localhost
@@ -1672,7 +1672,7 @@
<tr>
<td><b>name</b></td>
<td></td>
- <td>The name you configure here needs to match the name of the Check_MK BI Aggregation you
+ <td>The name you configure here needs to match the name of the Checkmk BI Aggregation you
like to show the state of.</td>
</tr>
<tr>
@@ -1780,7 +1780,7 @@
<tr>
<td>url</td>
<td></td>
- <td> URL where the Icon should link to. Default link is to the Check_MK BI Aggregation in Check_MK Web-GUI.
+ <td> URL where the Icon should link to. Default link is to the Checkmk BI Aggregation in Checkmk Web-GUI.
Macros [aggr_name], [htmlcgi] and [htmlbase] are available.
The value can be set to an empty string to disable the link.</td>
</tr>
=====================================
docs/en_US/nagvis_config_format_description.html
=====================================
@@ -184,7 +184,7 @@
string to disable that behaviour.</p>
<p><i>LogonMultisite</i>: This module uses the authentication
- provided by auth_* cookies which have been generated by Check_MK
+ provided by auth_* cookies which have been generated by Checkmk
multisite when using the cookie based authentication.</p>
<p>It is possible to add own logon modules for serving other
@@ -275,7 +275,7 @@
<td>1.5</td>
<td>
Staleness threshold (Only used with livestatus backend). Take a look at the
- Check_MK documentation for details about the staleness of hosts/services.
+ Checkmk documentation for details about the staleness of hosts/services.
The staleness means that an object has not received any state information for
a given time. The configured value is a factor of the regular check interval.
A value of 1.5 means that an object is marked as stale after one and a half
=====================================
docs/en_US/toc.html
=====================================
@@ -57,7 +57,7 @@
<dd><a href="backend_mklivestatus.html" target="Main"><strong>MKLivestatus</strong></a></dd>
<dd><a href="backend_ndomy.html" target="Main"><strong>NDOMy</strong></a></dd>
<dd><a href="backend_nagiosbp.html" target="Main"><strong>NagiosBP</strong></a></dd>
- <dd><a href="backend_mkbi.html" target="Main"><strong>Check_MK BI</strong></a></dd>
+ <dd><a href="backend_mkbi.html" target="Main"><strong>Checkmk BI</strong></a></dd>
</dl>
<dd><a href="gadgets.html" target="Main"><strong>Gadgets</strong></a></dd>
<dd><a href="context_templates.html" target="Main"><strong>Context Templates</strong></a></dd>
=====================================
etc/nagvis.ini.php-sample
=====================================
@@ -31,7 +31,7 @@
;
; - CoreAuthorisationModMySQL: Uses the same data structure as the SQLite authorisation
; module, but stores the data in a MySQL database.
-; - CoreAuthorisationModMultisite: Uses information exported by Check_MKs Multisite
+; - CoreAuthorisationModMultisite: Uses information exported by Checkmks Multisite
; to gather user permissions. This makes use of the roles defined for a user within
; multisite and the resulting permissions.
; - CoreAuthorisationModGroups: Assumes all users which should access NagVis are
@@ -133,10 +133,10 @@
; set to empty string to disable that behaviour.
;
; LogonMultisite: This module uses the authentication provided by auth_* cookies
-; which have been generated by Check_MK multisite when using the cookie based
-; authentication. Since 1.2.1i2 Check_MK uses a new cookie format. To be able
+; which have been generated by Checkmk multisite when using the cookie based
+; authentication. Since 1.2.1i2 Checkmk uses a new cookie format. To be able
; to use this, you need to define a new option called logon_multisite_serials
-; which points to the auth.serial file generated by Check_MK.
+; which points to the auth.serial file generated by Checkmk.
; Special options for this module:
;
; logon_multisite_htpasswd="/path/to/htpasswd"
@@ -193,7 +193,7 @@
;sesscookiesecure=0
;
; Staleness threshold (Only used with livestatus backend). Take a look at the
-; Check_MK documentation for details about the staleness of hosts/services.
+; Checkmk documentation for details about the staleness of hosts/services.
; The staleness means that an object has not received any state information for
; a given time. The configured value is a factor of the regular check interval.
; A value of 1.5 means that an object is marked as stale after one and a half
=====================================
share/frontend/nagvis-js/classes/NagVisInfoView.php
=====================================
@@ -63,7 +63,7 @@ class NagVisInfoView {
'phpMaxExecTime' => ini_get('max_execution_time'),
'phpMemoryLimit' => ini_get('memory_limit'),
'phpLoadedExtensions' => implode(", ",get_loaded_extensions()),
- 'userAgent' => $_SERVER['HTTP_USER_AGENT'],
+ 'userAgent' => htmlspecialchars($_SERVER['HTTP_USER_AGENT']),
// Auth details
'logonModule' => cfg('global', 'logonmodule'),
'authModule' => cfg('global', 'authmodule'),
=====================================
share/frontend/nagvis-js/js/ElementLine.js
=====================================
@@ -755,7 +755,7 @@ var ElementLine = Element.extend({
// This is the correct place to handle other perfdata format than the percent value
// When no UOM is set try to calculate something...
- // This can fix the perfdata values from Check_MKs if and if64 checks.
+ // This can fix the perfdata values from Checkmks if and if64 checks.
// The assumption is that there are perfdata values 'in' and 'out' with byte rates
// and maximum values given to be able to calculate the percentage usage
if (perf[0][2] === null || perf[0][2] === ''
@@ -815,7 +815,7 @@ var ElementLine = Element.extend({
var line_label_in = 'in';
var line_label_out = 'out';
- // Check_MK if/if64 checks support switching between bytes/bits.
+ // Checkmk if/if64 checks support switching between bytes/bits.
var display_bits = false;
if (output.match('In: [0-9].*(Bit|bit)/s.*Out: [0-9]+')) {
=====================================
share/server/core/classes/CoreAuthorisationModGroups.php
=====================================
@@ -2,7 +2,7 @@
/*******************************************************************************
*
* CoreAuthorisationModGroups.php - Authorsiation module based on the
- * permissions granted in Check_MK Groups
+ * permissions granted in Checkmk Groups
*
* Copyright (c) 2004-2016 NagVis Project (Contact: info at nagvis.org)
*
=====================================
share/server/core/classes/CoreAuthorisationModMultisite.php
=====================================
@@ -2,7 +2,7 @@
/*******************************************************************************
*
* CoreAuthorisationModMultisite.php - Authorsiation module based on the
- * permissions granted in Check_MK multisite
+ * permissions granted in Checkmk multisite
*
* Copyright (c) 2004-2016 NagVis Project (Contact: info at nagvis.org)
*
=====================================
share/server/core/classes/CoreLogonMultisite.php
=====================================
@@ -137,8 +137,9 @@ class CoreLogonMultisite extends CoreLogonModule {
// Check session periods validity
$site = getenv('OMD_SITE');
- $port = $_SERVER['SERVER_PORT'];
- $url = "http://localhost:$port/$site/check_mk/api/1.0/version";
+ $port = getenv('CONFIG_APACHE_TCP_PORT');
+ $host = getenv('CONFIG_APACHE_TCP_ADDR');
+ $url = "http://$host:$port/$site/check_mk/api/1.0/version";
$headers = [
'Content-type: application/json',
=====================================
share/server/core/classes/CoreModMultisite.php
=====================================
@@ -104,7 +104,7 @@ class CoreModMultisite extends CoreModule {
// Wraps the getMaps() function by applying a short livetime cache based
// on the maps a user can access. This respects the map access permissions.
- // The cache optimizes the case where a lot of users having the Check_MK
+ // The cache optimizes the case where a lot of users having the Checkmk
// NagVis maps snapin open at the same time while most of the users have
// equal permissions.
private function getMapsCached() {
=====================================
share/server/core/classes/GlobalBackendmkbi.php
=====================================
@@ -2,7 +2,7 @@
/*****************************************************************************
*
* GlobalBackendmkbi.php - backend class for connecting NagVis directly
- * to Check_MK Business Intelligence via JSON
+ * to Checkmk Business Intelligence via JSON
*
* Copyright (c) 2004-2016 NagVis Project (Contact: info at nagvis.org)
*
@@ -254,7 +254,7 @@ class GlobalBackendmkbi implements GlobalBackendInterface {
return $this->getAggrElementsFromString($aggr["aggr_treestate"]);
}
- // Be compatible to Check_MK <1.2.9
+ // Be compatible to Checkmk <1.2.9
private function getAggrElementsFromString($aggr_treestate) {
// remove leading/trailing newlines
$raw_states = trim($aggr_treestate);
@@ -277,7 +277,7 @@ class GlobalBackendmkbi implements GlobalBackendInterface {
$element = array(
"title" => $title,
"state" => $bi_state,
- // unknown infos in old Check_MK versions:
+ // unknown infos in old Checkmk versions:
"assumed" => false,
"acknowledged" => false,
"in_downtime" => false,
=====================================
share/server/core/classes/objects/NagVisAggr.php
=====================================
@@ -2,7 +2,7 @@
/*****************************************************************************
*
* NagVisAggr.php - Handles aggregations of either hosts or services
- * for example Check_MK BI aggregations
+ * for example Checkmk BI aggregations
*
* Copyright (c) 2004-2016 NagVis Project (Contact: info at nagvis.org)
*
=====================================
share/server/core/classes/objects/NagVisStatefulObject.php
=====================================
@@ -395,13 +395,13 @@ class NagVisStatefulObject extends NagVisObject {
if($this->type == 'host' || $this->type == 'service') {
$arr['custom_variables'] = val($this->state, CUSTOM_VARS);
- // Add (Check_MK) tags as array of tags (when available)
+ // Add (Checkmk) tags as array of tags (when available)
if (isset($arr['custom_variables']['TAGS']))
$arr['tags'] = explode(' ', $arr['custom_variables']['TAGS']);
else
$arr['tags'] = array();
- // Now, to be very user friendly, we now try to use the Check_MK WATO php-api to gather
+ // Now, to be very user friendly, we now try to use the Checkmk WATO php-api to gather
// titles and grouping information of the tags. These can, for example, be used in the hover
// templates. This has been implemented to only work in OMD environments.
$arr['taggroups'] = array();
=====================================
share/server/core/defines/global.php
=====================================
@@ -23,7 +23,7 @@
*****************************************************************************/
// NagVis Version
-define('CONST_VERSION', '1.9.44');
+define('CONST_VERSION', '1.9.45');
// Set PHP error handling to standard level
// Different levels for php versions below 5.1 because PHP 5.1 reports
View it on GitLab: https://salsa.debian.org/nagios-team/nagvis/-/compare/5c20ab118246031bce953b7e2c3eef72fcd10409...08c9f46d0b2caa9f8c86cb707b807d6a21556848
--
View it on GitLab: https://salsa.debian.org/nagios-team/nagvis/-/compare/5c20ab118246031bce953b7e2c3eef72fcd10409...08c9f46d0b2caa9f8c86cb707b807d6a21556848
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20250321/f84dc15c/attachment-0001.htm>
More information about the pkg-nagios-changes
mailing list