Path to this page:
Subject: CVS commit: [pkgsrc-2011Q2] pkgsrc/net
From: Matthias Scheler
Date: 2011-08-03 19:51:52
Message id: 20110803175152.A4A38175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3488 - requested by bouyer
net/nagios-base: security update
Revisions pulled up:
- net/nagios-base/Makefile 1.32
- net/nagios-base/Makefile.common 1.12
- net/nagios-base/PLIST 1.10
- net/nagios-base/distinfo 1.13
- net/nagios-base/patches/patch-aa 1.9
- net/nagios-base/patches/patch-ad 1.8
- net/nagios-base/patches/patch-ag 1.8
- net/nagios-base/patches/patch-ah 1.3
- net/nagios-plugins/Makefile.common 1.9
---
Module Name: pkgsrc
Committed By: bouyer
Date: Tue Aug 2 14:03:18 UTC 2011
Modified Files:
pkgsrc/net/nagios-base: Makefile Makefile.common PLIST distinfo
pkgsrc/net/nagios-base/patches: patch-aa patch-ad patch-ag patch-ah
pkgsrc/net/nagios-plugins: Makefile.common
Log Message:
Update nagios-base to 3.3.1, fixig CVE-2011-1523 and CVE-2011-2179.
Changes since 3.2.3:
ENHANCEMENTS
* Added support for same host service dependencies with servicegroups \
(Mathieu Gagn?)
* Empty hostgroups referenced from services now optionally generate a \
warning instead of an error.
* Documentation links now point to online resources
* Matt Wall's Exfoliation theme is now installed by default. You can \
reinstall the classic theme with "make install-classicui"
* Downtime delete commands made "distributable" by deleting by \
host group name, host name or start time/comment (Opsview team)
* Allow status.cgi to order by "host urgency" (Jochen Bern)
* Added news items and quick links to main splash page
* Added ability to authenticate to CGIs using contactgroup name (Stephen Gran)
FIXES
* Fixes status.cgi when called with no parameters, where host should be \
set to all if none specified (Michael Friedrich)
* Fixes possible validation error with empty hostgroups/servicegroups \
(Sven-G?ran Bergh)
* Performance-data handling and checking is now thread-safe so long as \
embedded perl is not used.
* Children should no longer hang on mutex locks held in parent for \
localtime() (and similar) calls.
* Debug logging is now properly serialized, using soft-locking with a \
timeout of 150 milliseconds to avoid multiple threads competing for the \
privilege to write debug info.
* Fixed extraneous alerts for services when host is down
* Fixed incorrect parsing of multi-line host check results (Jochen Bern)
* Fixed bug with passive host checks being incorrectly sent to event \
brokers as active checks
* Fixed bug where passive host check status updates were not being \
propagated to event brokers
* Reverted 'Fix for retaining host display name and alias, as well as \
service display name' as configuration information stored incorrectly over a \
reload
* Fixed compile warnings for size_t (Michael Friedrich)
* Fixed problem where acknowledgements were getting reset when a hard \
state change occurred
* Removed duplicated unlinks for check result files with multiple results
* Fixed race condition on flexible downtime commands when duration not \
set or zero (Michael Friedrich)
* Fixed flexible downtime on service hard state change doesn't get \
triggered/activated (Michael Friedrich)
* Fixed XSS vulnerability in config.cgi and statusmap.cgi (Stefan Schurtz)
* Fixed segfault when sending host notifications (Michael Friedrich)
* Fixed bug where unauthorized contacts could issue hostgroup and \
servicegroup commands (Sven Nierlein)
Files: