ports/176188: [maintainer-update] net-mgmt/nagios: Update to Nagios 3.4.4
Jarrod Sayers
jarrod at downtools.com.au
Sat Feb 16 11:10:01 UTC 2013
>Number: 176188
>Category: ports
>Synopsis: [maintainer-update] net-mgmt/nagios: Update to Nagios 3.4.4
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 16 11:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Jarrod Sayers
>Release: FreeBSD 9.0-RELEASE-p5 i386
>Organization:
>Environment:
System: FreeBSD mail.downtools.com.au 9.0-RELEASE-p5 FreeBSD 9.0-RELEASE-p5 #23: Sat Dec 15 08:56:43 CST 2012 root at burbank.downtools.com.au:/usr/obj/usr/src/sys/BURBANK i386
>Description:
Update to Nagios 3.4.4
Modified files:
- ports/net-mgmt/nagios/Makefile
- ports/net-mgmt/nagios/distinfo
- ports/net-mgmt/nagios/files/patch-html-main.php
Removed files:
- ports/net-mgmt/nagios/files/patch-CVE-2012-6096
>How-To-Repeat:
>Fix:
Patch can be downloaded from:
http://www.downtools.com.au/~jarrod/FreeBSD/net-mgmt-nagios-3.4.4.diff
--- net-mgmt-nagios-3.4.4.diff begins here ---
diff -ruN ports/net-mgmt/nagios.orig/Makefile ports/net-mgmt/nagios/Makefile
--- ports/net-mgmt/nagios.orig/Makefile 2013-02-16 18:33:28.000000000 +1030
+++ ports/net-mgmt/nagios/Makefile 2013-02-16 18:09:02.000000000 +1030
@@ -2,8 +2,7 @@
# $FreeBSD: head/net-mgmt/nagios/Makefile 310219 2013-01-11 07:42:34Z rm $
PORTNAME= nagios
-PORTVERSION= 3.4.3
-PORTREVISION= 1
+PORTVERSION= 3.4.4
CATEGORIES= net-mgmt
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-3.x/${PORTNAME}-${PORTVERSION}
diff -ruN ports/net-mgmt/nagios.orig/distinfo ports/net-mgmt/nagios/distinfo
--- ports/net-mgmt/nagios.orig/distinfo 2013-02-16 18:33:28.000000000 +1030
+++ ports/net-mgmt/nagios/distinfo 2013-02-16 18:11:44.000000000 +1030
@@ -1,2 +1,2 @@
-SHA256 (nagios-3.4.3.tar.gz) = 2d5c0cc56bafb08a71840a6efa349afc1eebb2761fea0d403e1b929e7c801b10
-SIZE (nagios-3.4.3.tar.gz) = 1784746
+SHA256 (nagios-3.4.4.tar.gz) = cf6c4c82c4d8dd42e5daae92c20682574f001f03d062600327372c8274fc338e
+SIZE (nagios-3.4.4.tar.gz) = 1786507
diff -ruN ports/net-mgmt/nagios.orig/files/patch-CVE-2012-6096 ports/net-mgmt/nagios/files/patch-CVE-2012-6096
--- ports/net-mgmt/nagios.orig/files/patch-CVE-2012-6096 2013-02-16 18:33:30.000000000 +1030
+++ ports/net-mgmt/nagios/files/patch-CVE-2012-6096 1970-01-01 09:30:00.000000000 +0930
@@ -1,117 +0,0 @@
---- cgi/getcgi.c.orig 2011-08-17 17:06:27.000000000 +0930
-+++ cgi/getcgi.c 2013-01-11 17:02:53.000000000 +1030
-@@ -137,14 +137,15 @@
- /* check for NULL query string environment variable - 04/28/00 (Ludo Bosmans) */
- if(getenv("QUERY_STRING") == NULL) {
- cgiinput = (char *)malloc(1);
-- if(cgiinput == NULL) {
-- printf("getcgivars(): Could not allocate memory for CGI input.\n");
-- exit(1);
-- }
-- cgiinput[0] = '\x0';
-+ if(cgiinput != NULL)
-+ cgiinput[0] = '\x0';
- }
- else
- cgiinput = strdup(getenv("QUERY_STRING"));
-+ if(cgiinput == NULL) {
-+ printf("getcgivars(): Could not allocate memory for CGI input.\n");
-+ exit(1);
-+ }
- }
-
- else if(!strcmp(request_method, "POST") || !strcmp(request_method, "PUT")) {
-@@ -220,7 +221,12 @@
- paircount = 0;
- nvpair = strtok(cgiinput, "&");
- while(nvpair) {
-- pairlist[paircount++] = strdup(nvpair);
-+ pairlist[paircount] = strdup(nvpair);
-+ if( NULL == pairlist[paircount]) {
-+ printf("getcgivars(): Could not allocate memory for name-value pair #%d.\n", paircount);
-+ exit(1);
-+ }
-+ paircount++;
- if(!(paircount % 256)) {
- pairlist = (char **)realloc(pairlist, (paircount + 256) * sizeof(char **));
- if(pairlist == NULL) {
-@@ -245,13 +251,29 @@
- /* get the variable name preceding the equal (=) sign */
- if((eqpos = strchr(pairlist[i], '=')) != NULL) {
- *eqpos = '\0';
-- unescape_cgi_input(cgivars[i * 2 + 1] = strdup(eqpos + 1));
-+ cgivars[i * 2 + 1] = strdup(eqpos + 1);
-+ if( NULL == cgivars[ i * 2 + 1]) {
-+ printf("getcgivars(): Could not allocate memory for cgi value #%d.\n", i);
-+ exit(1);
-+ }
-+ unescape_cgi_input(cgivars[i * 2 + 1]);
-+ }
-+ else {
-+ cgivars[i * 2 + 1] = strdup("");
-+ if( NULL == cgivars[ i * 2 + 1]) {
-+ printf("getcgivars(): Could not allocate memory for empty stringfor variable value #%d.\n", i);
-+ exit(1);
-+ }
-+ unescape_cgi_input(cgivars[i * 2 + 1]);
- }
-- else
-- unescape_cgi_input(cgivars[i * 2 + 1] = strdup(""));
-
- /* get the variable value (or name/value of there was no real "pair" in the first place) */
-- unescape_cgi_input(cgivars[i * 2] = strdup(pairlist[i]));
-+ cgivars[i * 2] = strdup(pairlist[i]);
-+ if( NULL == cgivars[ i * 2]) {
-+ printf("getcgivars(): Could not allocate memory for cgi name #%d.\n", i);
-+ exit(1);
-+ }
-+ unescape_cgi_input(cgivars[i * 2]);
- }
-
- /* terminate the name-value list */
---- cgi/history.c.orig 2011-08-17 17:06:27.000000000 +0930
-+++ cgi/history.c 2013-01-11 17:03:18.000000000 +1030
-@@ -805,16 +805,22 @@
- else if(display_type == DISPLAY_HOSTS) {
-
- if(history_type == HOST_HISTORY || history_type == SERVICE_HISTORY) {
-- sprintf(match1, " HOST ALERT: %s;", host_name);
-- sprintf(match2, " SERVICE ALERT: %s;", host_name);
-+ snprintf(match1, sizeof( match1),
-+ " HOST ALERT: %s;", host_name);
-+ snprintf(match2, sizeof( match2),
-+ " SERVICE ALERT: %s;", host_name);
- }
- else if(history_type == HOST_FLAPPING_HISTORY || history_type == SERVICE_FLAPPING_HISTORY) {
-- sprintf(match1, " HOST FLAPPING ALERT: %s;", host_name);
-- sprintf(match2, " SERVICE FLAPPING ALERT: %s;", host_name);
-+ snprintf(match1, sizeof( match1),
-+ " HOST FLAPPING ALERT: %s;", host_name);
-+ snprintf(match2, sizeof( match2),
-+ " SERVICE FLAPPING ALERT: %s;", host_name);
- }
- else if(history_type == HOST_DOWNTIME_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY) {
-- sprintf(match1, " HOST DOWNTIME ALERT: %s;", host_name);
-- sprintf(match2, " SERVICE DOWNTIME ALERT: %s;", host_name);
-+ snprintf(match1, sizeof( match1),
-+ " HOST DOWNTIME ALERT: %s;", host_name);
-+ snprintf(match2, sizeof( match2),
-+ " SERVICE DOWNTIME ALERT: %s;", host_name);
- }
-
- if(show_all_hosts == TRUE)
-@@ -853,11 +859,11 @@
- else if(display_type == DISPLAY_SERVICES) {
-
- if(history_type == SERVICE_HISTORY)
-- sprintf(match1, " SERVICE ALERT: %s;%s;", host_name, svc_description);
-+ snprintf(match1, sizeof( match1), " SERVICE ALERT: %s;%s;", host_name, svc_description);
- else if(history_type == SERVICE_FLAPPING_HISTORY)
-- sprintf(match1, " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);
-+ snprintf(match1, sizeof( match1), " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);
- else if(history_type == SERVICE_DOWNTIME_HISTORY)
-- sprintf(match1, " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);
-+ snprintf(match1, sizeof( match1), " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);
-
- if(strstr(temp_buffer, match1) && (history_type == SERVICE_HISTORY || history_type == SERVICE_FLAPPING_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY))
- display_line = TRUE;
diff -ruN ports/net-mgmt/nagios.orig/files/patch-html-main.php ports/net-mgmt/nagios/files/patch-html-main.php
--- ports/net-mgmt/nagios.orig/files/patch-html-main.php 2013-02-16 18:33:29.000000000 +1030
+++ ports/net-mgmt/nagios/files/patch-html-main.php 2013-02-16 18:15:43.000000000 +1030
@@ -1,10 +1,10 @@
---- html/main.php.orig 2012-12-01 03:28:25.000000000 +1030
-+++ html/main.php 2012-12-28 14:23:47.000000000 +1030
+--- html/main.php.orig 2013-01-12 23:51:46.000000000 +1030
++++ html/main.php 2013-02-16 18:15:16.000000000 +1030
@@ -40,35 +40,10 @@
<div class="product">Nagios<sup><span style="font-size: small;">®</span></sup> Core<sup><span style="font-size: small;">™</span></sup></div>
- <div class="version">Version 3.4.3</div>
- <div class="releasedate">November 30, 2012</div>
--<div class="checkforupdates"><a href="http://www.nagios.org/checkforupdates/?version=3.4.3&product=nagioscore" target="_blank">Check for updates</a></div>
+ <div class="version">Version 3.4.4</div>
+ <div class="releasedate">January 12, 2013</div>
+-<div class="checkforupdates"><a href="http://www.nagios.org/checkforupdates/?version=3.4.4&product=nagioscore" target="_blank">Check for updates</a></div>
<!--<div class="whatsnew"><a href="http://go.nagios.com/nagioscore/whatsnew">Read what's new in Nagios Core 3</a></div>-->
</div>
--- net-mgmt-nagios-3.4.4.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list