rpms/nagios/EL-4 nagios-statuswml-remote-code.patch, NONE, 1.1 .cvsignore, 1.4, 1.5 nagios-initrd.patch, 1.1, 1.2 nagios.spec, 1.19, 1.20 sources, 1.10, 1.11

Tue Jul 7 14:20:57 UTC 2009

Author: mmcgrath

Update of /cvs/pkgs/rpms/nagios/EL-4
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22933

Modified Files:
	.cvsignore nagios-initrd.patch nagios.spec sources 
Added Files:
	nagios-statuswml-remote-code.patch 
Log Message:
updating to 2.12

nagios-statuswml-remote-code.patch:

--- NEW FILE nagios-statuswml-remote-code.patch ---
--- cgi/statuswml.c	2008/11/30 18:13:11	1.27
+++ cgi/statuswml.c	2009/06/19 04:30:26	1.28
@@ -67,6 +67,8 @@
 void document_header(void);
 void document_footer(void);
 int process_cgivars(void);
+int validate_arguments(void);
+int is_valid_hostip(char *hostip);
 
 int display_type=DISPLAY_INDEX;
 int hostgroup_style=DISPLAY_HOSTGROUP_SUMMARY;
@@ -108,6 +110,13 @@
 
 	document_header();
 
+	/* validate arguments in URL */
+	result=validate_arguments();
+	if(result==ERROR){
+		document_footer();
+		return ERROR;
+	        }
+	
 	/* read the CGI configuration file */
 	result=read_cgi_config_file(get_cgi_config_location());
 	if(result==ERROR){
@@ -334,7 +343,25 @@
 	return error;
         }
 
+int validate_arguments(void){
+	int result=OK;
+	if((strcmp(ping_address,"")) && !is_valid_hostip(ping_address)) {
+		printf("<p>Invalid host name/ip</p>\n");
+		result=ERROR;
+		}
+	if(strcmp(traceroute_address,"") && !is_valid_hostip(traceroute_address)){
+		printf("<p>Invalid host name/ip</p>\n");
+		result=ERROR;
+		}
+	return result;
+	}
 
+int is_valid_hostip(char *hostip) {
+	char *valid_domain_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-";
+	if(strcmp(hostip,"") && strlen(hostip)==strspn(hostip,valid_domain_chars) && hostip[0] != '-' && hostip[strlen(hostip)-1] != '-')
+		return TRUE;
+	return FALSE;
+	}
 
 /* main intro screen */
 void display_index(void){


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/nagios/EL-4/.cvsignore,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- .cvsignore	22 May 2006 00:48:31 -0000	1.4
+++ .cvsignore	7 Jul 2009 14:20:56 -0000	1.5
@@ -1 +1 @@
-nagios-2.3.1.tar.gz
+nagios-2.10.tar.gz

nagios-initrd.patch:

Index: nagios-initrd.patch
===================================================================
RCS file: /cvs/pkgs/rpms/nagios/EL-4/nagios-initrd.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- nagios-initrd.patch	22 May 2006 00:48:31 -0000	1.1
+++ nagios-initrd.patch	7 Jul 2009 14:20:56 -0000	1.2
@@ -1,7 +1,7 @@
---- nagios	2006-05-08 10:39:49.000000000 -0300
-+++ daemon-init.in	2006-05-08 10:33:26.000000000 -0300
-@@ -114,11 +114,13 @@
- 		echo "Starting network monitor: nagios"
+--- daemon-init.in.orig	2007-04-09 12:43:30.000000000 -0500
++++ daemon-init.in	2009-03-03 08:50:15.000000000 -0600
+@@ -124,11 +124,13 @@
+ 		echo -n "Starting nagios:"
  		$NagiosBin -v $NagiosCfgFile > /dev/null 2>&1;
  		if [ $? -eq 0 ]; then
 -			su - $NagiosUser -c "touch $NagiosVarDir/nagios.log $NagiosRetentionFile"
@@ -13,5 +13,5 @@
  			$NagiosBin -d $NagiosCfgFile
 +                        pidof nagios > $NagiosRunFile
  			if [ -d $NagiosLockDir ]; then touch $NagiosLockDir/$NagiosLockFile; fi
- 			#sleep 1
- 			#status_nagios nagios
+ 			echo " done."
+ 			exit 0


Index: nagios.spec
===================================================================
RCS file: /cvs/pkgs/rpms/nagios/EL-4/nagios.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -p -r1.19 -r1.20
--- nagios.spec	29 Nov 2007 17:48:22 -0000	1.19
+++ nagios.spec	7 Jul 2009 14:20:57 -0000	1.20
@@ -1,29 +1,33 @@
 
 Name: nagios
 
-Version: 2.10
-Release: 5%{?dist}
+Version: 2.12
+Release: 6%{?dist}
 Summary: Host/service/network monitoring program
 
 Group: Applications/System
-License: GPLv2+
+License: GPLv2
 URL: http://www.nagios.org/
 Source0: http://dl.sourceforge.net/nagios/%{name}-%{version}.tar.gz
 Source1: nagios.logrotate
 Source2: nagios.htaccess
 Patch0: nagios-initrd.patch
+Patch1: output_buffer.patch
+Patch2: nagios-statuswml-remote-code.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires: gd-devel > 1.8, mailx, libjpeg-devel, libpng-devel
 %if "%{?fedora}" > "7"
 BuildRequires:  perl-devel
+BuildRequires:  perl(ExtUtils::Embed)
 %endif
 
 Requires: httpd
-Requires(pre): %{_sbindir}/useradd
-Requires(preun): /sbin/service, /sbin/chkconfig
-Requires(post): /sbin/chkconfig, /sbin/service, %{_sbindir}/usermod
-Requires(postun): /sbin/service
+Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Requires(pre): shadow-utils
+Requires(preun): initscripts, chkconfig
+Requires(post): initscripts, chkconfig, shadow-utils
+Requires(postun): initscripts
 
 %description
 Nagios is a program that will monitor hosts and services on your
@@ -59,6 +63,8 @@ may compile against.
 %prep
 %setup -q
 %patch0 -p0 
+%patch1 -p1 
+%patch2 -p0
 
 %build
 ./configure \
@@ -167,6 +173,36 @@ fi
 %{_includedir}/%{name}
 
 %changelog
+* Tue Jul  4 2009 Mike McGrath <mmcgrath at redhat.com> 2.12-6
+- Fix for CVE-2009-2288
+
+* Tue Mar  3 2009 Mike McGrath <mmcgrath at redhat.com> 2.12-5
+- Fix for bug 469198, increased plugin output buffer
+
+* Sun Oct  5 2008 Mike McGrath <mmcgrath at redhat.com> 2.12-4
+- Rebuild to test build system
+
+* Sun Sep 28 2008 Mike McGrath <mmcgrath at redhat.com> 2.12-3
+- License fix for #452689
+
+* Sat Aug 23 2008 Mike McGrath <mmcgrath at redhat.com> 2.12-2
+- Release bump for buildsys test
+
+* Fri May 23 2008 Shawn Starr <shawn.starr at rogers.com> 2.12-1
+- Upstream released 2.12
+- Fixes CVE-2007-5803 XSS issues, Bugzilla #445512
+
+* Tue Mar 18 2008 Tom "spot" Callaway <tcallawa at redhat.com> 2.11-3
+- add Requires for versioned perl (libperl.so)
+- get rid of pointless file Requires
+
+* Mon Mar 17 2008 Mike McGrath <mmcgrath at redhat.com> 2.11-2
+- Upstream released new version
+- Added perl-ExtUtils-Embed
+
+* Tue Feb 12 2008 Mike McGrath <mmcgrath at redhat.com> 2.10-6
+- Rebuild for gcc43
+
 * Thu Nov 29 2007 Mike McGrath <mmcgrath at redhat.com> 2.10-5
 - Upstream released 2.10
 - Renamed cfg-sample configs to just .cfg


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/nagios/EL-4/sources,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -p -r1.10 -r1.11
--- sources	29 Nov 2007 16:58:56 -0000	1.10
+++ sources	7 Jul 2009 14:20:57 -0000	1.11
@@ -1 +1 @@
-8c3a29e138f2ff8c8abbd3dd8a40c4b6  nagios-2.10.tar.gz
+2219d90bb5f2282d5ac6d37ef60865b8  nagios-2.12.tar.gz


