kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/xymon/MESSAGE
spz e797649bd6 Update xymon and xymonclient to 4.3.5 
adjust Makefile to avoid/fix problems found by dholland

Upstream changelog:

Changes from 4.3.4 -> 4.3.5 (9 Sep 2011)
========================================
* rev 6754
* Fix crash in CGI generating the "info" status column.
* Fix broken handling of IGNORE for log-file analysis.
* Fix broken clean-up of obsolete cookies (no user impact).
* Devmon RRD handler: Fix missing initialisation, which
  might cause crashes of the RRD handler.
* Fix crashes in xymond caused by faulty new library for
  storing cookies and host-information.
* Fix memory corruption/crash in xymond caused by logging
  of multi-source statuses.
* New "delayred" and "delayyellow" definitions for a host
  can be used to delay change to a yellow/red status for
  any status column (replaces the network-specific "badFOO"
  definitions).
* analysis.cfg and alerts.cfg: New DISPLAYGROUP setting to
  select hosts by the group/group-only/group-except text.
* New HOSTDOCURL setting in xymonserver.cfg. Replaces the
  xymongen "--docurl" and "--doccgi" options, and is used
  by all tools.
* xymond_history option to control location of PID file.
* Critical Systems view: Optionally show eventlog for the
  hosts present on the CS view.
* Critical Systems view: Multiple --config options can
  now be used, to display critical systems from multiple
  configurations on one page.
* Detailed status display: Speedup by no longer having to
  load the hosts.cfg file.
* xymongen and xymonnet: Optionally load the hosts.cfg
  from xymond instead of having to read the file.

Changes from 4.3.3 -> 4.3.4 (1 Aug 2011)
========================================
* rev 6722
* Fix crashes and data corruption in Xymon worker modules
  (xymond_client, xymond_rrd etc) after handling large
  messages.
* Fix xymond lock-up when renaming/deleting hosts
* Fix xymond cookie lookup mechanism
* Webpages: Add new HOSTPOPUP setting to control what values from
  hosts.cfg are displayed as a "comment" to the hostname (either
  in pop-up's or next to the hostname).
* Fix xymond_client crash if analysis.cfg contains invalid configuration
  entries, e.g. expressions that do not compile.
* Fix showgraph CGI crash when legends contain colon.
* xymonnet: Include hostname when reporting erroneous test-spec
* CGI utils: Multiple potential security fixes involving buffer-
  overruns when generating responses.
* CGI utils: Fix crash when invoked with HTTP "HEAD"
* CGI utils: Fix crashes on 64-bit platforms due to missing prototype
  of "basename()" function.
* svcstatus CGI: Dont crash if history log is not a file.
* Critical systems view CGI: Cross-site scripting fix
* Fix recovery-messages for alerts sent to a GROUP
* RRD "memory" status handler now recognizes the output from the
  bb-xsnmp.pl module (for Cisco routers).
* Web templates modified so the menu CSS can override the default
  body CSS.
* Acknowledge web page now allows selecting minutes/hours/days
* Enable/Disable webpage enhanced, so when selecting multiple hosts
  the "Tests" column only lists the tests those hosts have.

Changes from 4.3.2 -> 4.3.3 (6 May 2011)
========================================
* rev6684
* SECURITY FIX: Some CGI parameters were used to construct
  filenames of historical logfiles without being sanitized,
  so they could be abused to read files on the webserver.
* SECURITY FIX: More cross-site scripting vulnerabilities.
* Remove extra "," before "History" button on status-view
* Critical view: Shring priority-column to 10% width
* hosts.cfg loader: Check for valid IP spec (nibbles in
  0-255 range). Large numbers in a nibble were accepted,
  triggering problems when trying to ping the host.
* Alert macros no longer limited to 8kB
2011-10-15 23:07:24 +00:00

19 lines
865 B
Text
Raw Blame History

===========================================================================
$NetBSD: MESSAGE,v 1.3 2011/10/15 23:07:24 spz Exp $
Please note that the
${SECCGIDIR}
directory and its contents had most of their permissions removed for security
reasons. Check what the scripts do and enable those that are useful to you
and of acceptable security impact.
Please also note that anything beyond the xymon front page (eg cpu reports,
which contain top output) are a privacy concern and also a potential
excessive information disclosure concern, so you may want to restrict
access to authenticated users.
If you are updating from an earlier version of xymon, many config files
and the directory names have changed. Refer to
${EXAMPLEDIR}/www/help/upgrade-to-430.txt
for the necessary changes.
===========================================================================
Reference in a new issue View git blame Copy permalink