Update xymon and xymonclient to 4.3.5

adjust Makefile to avoid/fix problems found by dholland

Upstream changelog:

Changes from 4.3.4 -> 4.3.5 (9 Sep 2011)
========================================
* rev 6754
* Fix crash in CGI generating the "info" status column.
* Fix broken handling of IGNORE for log-file analysis.
* Fix broken clean-up of obsolete cookies (no user impact).
* Devmon RRD handler: Fix missing initialisation, which
  might cause crashes of the RRD handler.
* Fix crashes in xymond caused by faulty new library for
  storing cookies and host-information.
* Fix memory corruption/crash in xymond caused by logging
  of multi-source statuses.
* New "delayred" and "delayyellow" definitions for a host
  can be used to delay change to a yellow/red status for
  any status column (replaces the network-specific "badFOO"
  definitions).
* analysis.cfg and alerts.cfg: New DISPLAYGROUP setting to
  select hosts by the group/group-only/group-except text.
* New HOSTDOCURL setting in xymonserver.cfg. Replaces the
  xymongen "--docurl" and "--doccgi" options, and is used
  by all tools.
* xymond_history option to control location of PID file.
* Critical Systems view: Optionally show eventlog for the
  hosts present on the CS view.
* Critical Systems view: Multiple --config options can
  now be used, to display critical systems from multiple
  configurations on one page.
* Detailed status display: Speedup by no longer having to
  load the hosts.cfg file.
* xymongen and xymonnet: Optionally load the hosts.cfg
  from xymond instead of having to read the file.

Changes from 4.3.3 -> 4.3.4 (1 Aug 2011)
========================================
* rev 6722
* Fix crashes and data corruption in Xymon worker modules
  (xymond_client, xymond_rrd etc) after handling large
  messages.
* Fix xymond lock-up when renaming/deleting hosts
* Fix xymond cookie lookup mechanism
* Webpages: Add new HOSTPOPUP setting to control what values from
  hosts.cfg are displayed as a "comment" to the hostname (either
  in pop-up's or next to the hostname).
* Fix xymond_client crash if analysis.cfg contains invalid configuration
  entries, e.g. expressions that do not compile.
* Fix showgraph CGI crash when legends contain colon.
* xymonnet: Include hostname when reporting erroneous test-spec
* CGI utils: Multiple potential security fixes involving buffer-
  overruns when generating responses.
* CGI utils: Fix crash when invoked with HTTP "HEAD"
* CGI utils: Fix crashes on 64-bit platforms due to missing prototype
  of "basename()" function.
* svcstatus CGI: Dont crash if history log is not a file.
* Critical systems view CGI: Cross-site scripting fix
* Fix recovery-messages for alerts sent to a GROUP
* RRD "memory" status handler now recognizes the output from the
  bb-xsnmp.pl module (for Cisco routers).
* Web templates modified so the menu CSS can override the default
  body CSS.
* Acknowledge web page now allows selecting minutes/hours/days
* Enable/Disable webpage enhanced, so when selecting multiple hosts
  the "Tests" column only lists the tests those hosts have.

Changes from 4.3.2 -> 4.3.3 (6 May 2011)
========================================
* rev6684
* SECURITY FIX: Some CGI parameters were used to construct
  filenames of historical logfiles without being sanitized,
  so they could be abused to read files on the webserver.
* SECURITY FIX: More cross-site scripting vulnerabilities.
* Remove extra "," before "History" button on status-view
* Critical view: Shring priority-column to 10% width
* hosts.cfg loader: Check for valid IP spec (nibbles in
  0-255 range). Large numbers in a nibble were accepted,
  triggering problems when trying to ping the host.
* Alert macros no longer limited to 8kB

net/xymon/MESSAGE

@@ -1,9 +1,9 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.2 2011/04/22 14:52:18 spz Exp $
+$NetBSD: MESSAGE,v 1.3 2011/10/15 23:07:24 spz Exp $
 
 Please note that the
 ${SECCGIDIR}
-directory has been created with all permissions removed for security
+directory and its contents had most of their permissions removed for security
 reasons. Check what the scripts do and enable those that are useful to you
 and of acceptable security impact.
 

net/xymon/Makefile

@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.12 2011/10/15 18:09:28 dholland Exp $
+# $NetBSD: Makefile,v 1.13 2011/10/15 23:07:24 spz Exp $
 #
 
-DISTNAME=		xymon-4.3.2
-PKGNAME=		xymon-4.3.2
-PKGREVISION=		1
+DISTNAME=		xymon-4.3.5
+PKGNAME=		xymon-4.3.5
 CATEGORIES=		net
 MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=xymon/}
 
-MAINTAINER=		pkgsrc-users@NetBSD.org
+MAINTAINER=		spz@NetBSD.org
 HOMEPAGE=		http://sourceforge.net/projects/xymon/
 COMMENT=		Network services monitor a la Big Brother
 LICENSE=		gnu-gpl-v2
@@ -95,21 +94,21 @@ MESSAGE_SUBST+=		SECCGIDIR=${SECCGIDIR}
 EVAL_PREFIX+=		PREFIX.fping=fping
 
 CONFIGURE_ARGS+=	"--server"
+CONFIGURE_ARGS+=	"--rrdinclude ${BUILDLINK_PREFIX.rrdtool}/include"
+CONFIGURE_ARGS+=	"--rrdlib ${BUILDLINK_PREFIX.rrdtool}/lib/librrd.a"
+CONFIGURE_ARGS+=	"--pnglib ${BUILDLINK_PREFIX.png}/lib/libpng.a"
+CONFIGURE_ARGS+=	"--pcreinclude ${BUILDLINK_PREFIX.pcre}/include"
+CONFIGURE_ARGS+=	"--pcrelib ${BUILDLINK_PREFIX.pcre}/lib"
+CONFIGURE_ARGS+=	"--sslinclude ${BUILDLINK_PREFIX.openssl}/include"
+CONFIGURE_ARGS+=	"--ssllib ${BUILDLINK_PREFIX.openssl}/lib"
+CONFIGURE_ARGS+=	"--ldapinclude ${BUILDLINK_PREFIX.openldap-client}/include"
+CONFIGURE_ARGS+=	"--ldaplib ${BUILDLINK_PREFIX.openldap-client}/lib"
+CONFIGURE_ARGS+=	"--fping ${PREFIX.fping}/sbin/fping"
 
-CONFIGURE_ENV+=		USERFPING=${PREFIX.fping}/sbin/fping
 CONFIGURE_ENV+=		USEXYMONPING=n
-CONFIGURE_ENV+=		RRDINC=${BUILDLINK_PREFIX.rrdtool}/include
-CONFIGURE_ENV+=		RRDLIB=${BUILDLINK_PREFIX.rrdtool}/lib/librrd.a
-CONFIGURE_ENV+=		PNGLIB=${BUILDLINK_PREFIX.png}/lib/libpng.a
 CONFIGURE_ENV+=		ENABLESSL=y
-CONFIGURE_ENV+=		OSSLINC=${BUILDLINK_PREFIX.openssl}/include
-CONFIGURE_ENV+=		OSSLLIB=${BUILDLINK_PREFIX.openssl}/lib
 CONFIGURE_ENV+=		ENABLELDAP=y
 CONFIGURE_ENV+=		ENABLELDAPSSL=y
-CONFIGURE_ENV+=		LDAPINC=${BUILDLINK_PREFIX.openldap-client}/include
-CONFIGURE_ENV+=		LDAPLIB=${BUILDLINK_PREFIX.openldap-client}/lib
-CONFIGURE_ENV+=		PCREINC=${BUILDLINK_PREFIX.pcre}/include
-CONFIGURE_ENV+=		PCRELIB=${BUILDLINK_PREFIX.pcre}/lib
 CONFIGURE_ENV+=		XYMONHOSTNAME=${XYMONSERVERNAME:Q}
 CONFIGURE_ENV+=		XYMONHOSTIP=${XYMONSERVERIP:Q}
 CONFIGURE_ENV+=		XYMONUSER=${XYMONUSER:Q}
@@ -150,6 +149,7 @@ USE_TOOLS+=	tr:run		wc:run		bash:run
 MAKE_DIRS+=		${XYMONTOPDIR}
 MAKE_DIRS+=		${XYMONHOME}
 
+
 OWN_DIRS_PERMS+=	${XYEXTDIR} ${XYMONUSER} ${XYMONGROUP} 0755
 OWN_DIRS_PERMS+=	${XYMONLOGDIR} ${XYMONUSER} ${XYMONGROUP} 0755
 OWN_DIRS_PERMS+=	${XYTMPDIR} ${XYMONUSER} ${XYMONGROUP} 0755
@@ -168,7 +168,7 @@ OWN_DIRS_PERMS+=	${XYWWWDIR}/${dir} ${XYMONUSER} ${XYMONGROUP} 0755
 OWN_DIRS_PERMS+=	${XYWWWDIR}/rep ${XYMONUSER} ${APACHE_GROUP} 0755
 OWN_DIRS_PERMS+=	${XYWWWDIR}/snap ${XYMONUSER} ${APACHE_GROUP} 0755
 
-MAKE_DIRS_PERMS+=	${SECCGIDIR} root ${XYMONGROUP} 0000
+OWN_DIRS_PERMS+=	${SECCGIDIR} ${XYMONUSER} ${XYMONGROUP} 0700
 
 # actual config files
 
@@ -186,6 +186,12 @@ CFILES2=		critical.cfg critical.cfg.bak
 CONF_FILES_PERMS+=	${EXAMPLEDIR}/${file} ${PKG_SYSCONFDIR.xymon}/${file} ${XYMONUSER} ${XYMONGROUP} 0664
 .endfor
 
+SECCGIFILES=		ackinfo.sh acknowledge.sh criticaleditor.sh
+SECCGIFILES+=		enadis.sh useradm.sh
+.for file in ${SECCGIFILES}
+SPECIAL_PERMS+=		${SECCGIDIR}/${file} ${XYMONUSER} ${XYMONGROUP} 0400
+.endfor
+
 MAKE_ENV+=		MAKE=${MAKE_PROGRAM:Q}
 MAKE_ENV+=		PKGDIR=${PREFIX}
 MAKE_ENV+=		INSTALLROOT=${DESTDIR}

net/xymon/PLIST

@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2011/04/22 14:52:18 spz Exp $
+@comment $NetBSD: PLIST,v 1.3 2011/10/15 23:07:24 spz Exp $
 libexec/xymon/ackinfo.cgi
 libexec/xymon/acknowledge.cgi
 libexec/xymon/bb
@@ -332,6 +332,9 @@ share/xymon/web/critedit_form
 share/xymon/web/critedit_header
 share/xymon/web/critical_footer
 share/xymon/web/critical_header
+share/xymon/web/critmulti_header
+share/xymon/web/divider_footer
+share/xymon/web/divider_header
 share/xymon/web/event_footer
 share/xymon/web/event_form
 share/xymon/web/event_header

net/xymon/distinfo

@@ -1,12 +1,14 @@
-$NetBSD: distinfo,v 1.4 2011/10/15 18:09:28 dholland Exp $
+$NetBSD: distinfo,v 1.5 2011/10/15 23:07:24 spz Exp $
 
-SHA1 (xymon-4.3.2.tar.gz) = 6663470565545d1801d2ff05cab78bc89695a821
-RMD160 (xymon-4.3.2.tar.gz) = 45b75a7d3b8a57518aa12f12ee36c6de6de96aae
-Size (xymon-4.3.2.tar.gz) = 2698224 bytes
-SHA1 (patch-aa) = aa0634088b82ad045435321e354d39923c67873e
+SHA1 (xymon-4.3.5.tar.gz) = cd49d689bbf9c27ed4d2010cf75223d7f43f656e
+RMD160 (xymon-4.3.5.tar.gz) = 31110454d30835f758d844e3c142066566546548
+Size (xymon-4.3.5.tar.gz) = 2715187 bytes
+SHA1 (patch-aa) = 7e78416fe7bb3b0bc15397f7b4025bc1baa20a24
 SHA1 (patch-ab) = 9a8edca943211101f387e5a21d638d44a23cf6a7
 SHA1 (patch-ac) = c894c809ec4584636bb9705a521a0208dc2dbc05
-SHA1 (patch-ad) = 5073ccab556b2b6c787bcc640cd4c8b112f0c97d
+SHA1 (patch-ad) = dadd2d81ed55c70f03994b2d868cfe643969a8ba
 SHA1 (patch-ae) = aa29eefcf9f0fa87014166692dcf146cebd70ef5
 SHA1 (patch-af) = d486344e3f7fe05f61ea8ec0f811052a56ceb52f
 SHA1 (patch-ah) = 152d3b993559b349f241e0a2f6419721bfb3c4b3
+SHA1 (patch-build_rrd.sh) = 5abb10a959e0721b64d666c62e573e856a3404a9
+SHA1 (patch-configure) = 7b71ed7a567124a2aa36d9bf9188209649e88a4d

net/xymon/patches/patch-aa

@@ -1,8 +1,30 @@
-$NetBSD: patch-aa,v 1.2 2011/04/22 14:52:18 spz Exp $
+$NetBSD: patch-aa,v 1.3 2011/10/15 23:07:24 spz Exp $
 
 --- configure.server.orig	2011-03-08 17:20:28.000000000 +0000
 +++ configure.server
-@@ -507,6 +507,9 @@ fi
+@@ -17,6 +17,8 @@ do
+   To configure Xymon, the following options are available:
+      --rrdinclude DIRECTORY   : Specify location of RRDtool include files
+      --rrdlib DIRECTORY       : Specify location of RRDtool libraries
++     --pnglib DIRECTORY       : Specify location of PNG library
++     --zlib DIRECTORY         : Specify location of Z library
+      --pcreinclude DIRECTORY  : Specify location of PCRE include files
+      --pcrelib DIRECTORY      : Specify location of PCRE libraries
+      --sslinclude DIRECTORY   : Specify location of OpenSSL include files
+@@ -36,6 +38,12 @@ EOF
+ 	  "--rrdlib")
+ 	  	USERRRDLIB="$1"; shift
+ 		;;
++	  "--pnglib")
++	  	USERPNGLIB="$1"; shift
++		;;
++	  "--zlib")
++	  	USERZLIB="$1"; shift
++		;;
+ 	  "--pcreinclude")
+ 	  	USERPCREINC="$1"; shift
+ 		;;
+@@ -507,6 +515,9 @@ fi
  if test "$INSTALLETCDIR" != ""; then
  	echo "INSTALLETCDIR = $INSTALLETCDIR"   >>Makefile
  fi

net/xymon/patches/patch-build_rrd.sh

@@ -0,0 +1,17 @@
+$NetBSD: patch-build_rrd.sh,v 1.1 2011/10/15 23:07:24 spz Exp $
+
+--- build/rrd.sh.orig	2011-03-08 17:20:28.000000000 +0000
++++ build/rrd.sh
+@@ -70,6 +70,12 @@
+ 	if test "$USERRRDLIB" != ""; then
+ 		RRDLIB="$USERRRDLIB"
+ 	fi
++	if test "$USERPNGLIB" != ""; then
++		PNGLIB="$USERPNGLIB"
++	fi
++	if test "$USERZLIB" != ""; then
++		ZLIB="$USERZLIB"
++	fi
+ 
+ 	if test -z "$RRDINC" -o -z "$RRDLIB"; then
+ 		echo "RRDtool include- or library-files not found. These are REQUIRED for Xymon"

net/xymonclient/Makefile

@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.8 2011/04/22 20:36:49 spz Exp $
+# $NetBSD: Makefile,v 1.9 2011/10/15 23:07:24 spz Exp $
 #
 
-DISTNAME=		xymon-4.3.2
-PKGNAME=		xymonclient-4.3.2
-PKGREVISION=		1
+DISTNAME=		xymon-4.3.5
+PKGNAME=		xymonclient-4.3.5
 CATEGORIES=		net
 MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=xymon/}
 

net/xymonclient/distinfo

@@ -1,12 +1,13 @@
-$NetBSD: distinfo,v 1.4 2011/04/22 15:37:02 spz Exp $
+$NetBSD: distinfo,v 1.5 2011/10/15 23:07:24 spz Exp $
 
-SHA1 (xymon-4.3.2.tar.gz) = 6663470565545d1801d2ff05cab78bc89695a821
-RMD160 (xymon-4.3.2.tar.gz) = 45b75a7d3b8a57518aa12f12ee36c6de6de96aae
-Size (xymon-4.3.2.tar.gz) = 2698224 bytes
+SHA1 (xymon-4.3.5.tar.gz) = cd49d689bbf9c27ed4d2010cf75223d7f43f656e
+RMD160 (xymon-4.3.5.tar.gz) = 31110454d30835f758d844e3c142066566546548
+Size (xymon-4.3.5.tar.gz) = 2715187 bytes
 SHA1 (patch-aa) = 0475a9a92883ab3350bb8043366d455d841cb173
 SHA1 (patch-ab) = 7486e1cb5733898c8511d7ee212fd90741ba3d83
 SHA1 (patch-ac) = 1777cd0f2a179e4d4099130210396fd06e904187
 SHA1 (patch-ad) = aa29eefcf9f0fa87014166692dcf146cebd70ef5
-SHA1 (patch-ae) = e5a42cbc6537e23a5a44ed343c86e121adadb139
+SHA1 (patch-ae) = dadd2d81ed55c70f03994b2d868cfe643969a8ba
 SHA1 (patch-af) = ae5d0acde8e2cd05527253c41e31a806b04614f6
 SHA1 (patch-ag) = 11f03fba971ef26c2f95104615178a619d9ff159
+SHA1 (patch-configure) = 7b71ed7a567124a2aa36d9bf9188209649e88a4d