./net/xymonclient, Network services monitor a la Big Brother

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.3.29nb1, Package name: xymonclient-4.3.29nb1, Maintainer: spz

Xymon is the successor to (rename of) Hobbit which was the successor
to the bbgen toolkit, which had been available as an add-on to Big Brother
since late 2002.

Xymon monitors your hosts, your network services, and anything else
you configure it to do via extensions. This is the client (agent) package.


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: faf18c75839b4ec0863cbf309651c54bb2890988
RMD160: 5a1bac0ae5674db6e3d810a25597373fdc6b7238
Filesize: 3465.12 KB

Version history: (Expand)


CVS history: (Expand)


   2020-10-14 12:53:44 by Hauke Fath | Files touched by this commit (2)
Log message:
Add SMF support for Solarish OSes.
   2020-01-26 06:26:29 by Roland Illig | Files touched by this commit (189)
Log message:
all: migrate some SourceForge homepage URLs back from https to http

https://mail-index.netbsd.org/pkgsrc-ch … 05146.html

In the above commit, the homepage URLs were migrated from http to https,
assuming that SourceForge would use the same host names for both http and
https connections. This assumption was wrong. Their documentation at
https://sourceforge.net/p/forge/documen … %20VHOSTs/ states
that the https URLs use the domain sourceforge.io instead.

To make the homepages from the above commit reachable again, pkglint has
been extended to check for reachable homepages. This check is only
enabled when the --network command line option is given.

Each of the homepages that referred to https://$project.sourceforge.net
before was migrated to https://$project.sourceforge.io (27), and if that
was not reachable, to the fallback URL http://$project.sourceforge.net
(163).
   2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046)
Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
   2019-11-24 21:16:55 by S.P.Zeidler | Files touched by this commit (23) | Package updated
Log message:
Update xymon and xymonclient to version 4.3.29.
Add patches to xymon from the xymon code repository to fix compatibility
issues in 4.3.29.

Upstream changelog:

   Changes for 4.3.29
   ==================

   Several buffer overflow security issues have been resolved, as well as
   a potential XSS attack on certain CGI interfaces. Although the ability
   to exploit is limited, all users are urged to upgrade.
   The assigned CVE numbers are:

     CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
     CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486

   In addition, revisions have been made to a number of places throughout
   the code to convert the most common sprintf statements to snprintf for
   safer processing, which should reduce the impact of similar parsing.
   Additional work on this will continue in the future.

   The affected CGIs are:

   	history.c (overflow of histlogfn) = CVE-2019-13451
   	reportlog.c (overflow of histlogfn) = CVE-2019-13452
   	csvinfo.c (overflow of dbfn) = CVE-2019-13273
   	csvinfo.c (reflected XSS) = CVE-2019-13274
   	acknowledge.c (overflow of msgline) = CVE-2019-13455

   	appfeed.c (overflow of errtxt) = CVE-2019-13484
   	history.c (overflow of selfurl) = CVE-2019-13485
   	svcstatus.c (overflow of errtxt) = CVE-2019-13486

   We would like to thank the University of Cambridge Computer Security
   Incident Response Team for their assistance in reporting and helping
   resolve these issues.

   Additional Changes:

   On Linux, a few additional tmpfs volumes are ignored by default
   on new (or unmodified) installs. This includes /run/user/<uid>,
   which is a transient, per-session tmpfs on some systems. To re-
   enable monitoring for this (if you are running services under
   a user with a login session), you may need to edit the analysis.cfg(5)
   file.

   After upgrade, these partitions will no longer be alerted on or
   tracked, and their associated RRD files may also be removed:

    /run/user/<uid> (but NOT /run)
    /dev (but NOT /dev/shm)
    /sys/fs/cgroup
    /lib/init/rw

   The default hard limit for an incoming message has been raised from
   10MB to 64MB

   The secure apache config snippet no longer requires a xymongroups file
   to be present (and module loaded), since it's not used by default. This
   will not affect existing installs.

   A --no-cpu-listing option has been added to xymond_client to suppress the
   'top' output in cpu test status messages.

   The conversation used in SMTP checks has been adjusted to perform a proper
   "EHLO" greeting against servers, using the host string 'xymonnet'. \ 
If the
   string needs to be adjusted, however, see protocols.cfg(5)

   "Actual" memory usage (as a percentage) may be >100% on some \ 
platforms
   in certain situations. This alone will not be tagged as "invalid" data
   and should be graphed in RRD.
   2017-09-28 12:40:35 by S.P.Zeidler | Files touched by this commit (37) | Package updated
Log message:
update xymon + xymonclient to 4.3.28

notable changes: OpenSSL 1.1.0 is now supported, and c-ares has been updated

While touching the package anyhow, it has been taught to pass down hardening
flags, so that the various PKGSRC_USE_ flags now have effect.
   2016-12-09 22:08:34 by S.P.Zeidler | Files touched by this commit (4) | Package updated
Log message:
update xymon and xymonclient to the current version, 4.3.27

Upstream relnotes:

Changes for 4.3.27
==================

Fixes for CGI acknowledgements and NK/criticalview web redirects.

Xymon should now properly check for lack of SSLv3 (or v2) support at compile-
time and exclude the openssl options as needed.

Completely empty directories (on Windows) are no longer considered errors.

Changes for 4.3.26
==================

This is mostly a bug fix release for javascript issues on the info and
trends pages, along with the enable / disable CGI. Several browsers had
difficulty with the new CSP rules introduced in 4.3.25.

XYMWEBREFRESH is now used as the default refresh interval for dynamic
status pages and various other xymongen destinations. Non-svcstatus
pages can be overridden by altering the appropriate *_header template
files, but svcstatus refresh interval uses this value. (default: 60s)
Set in xymonserver.cfg(5).

Incoming test names are now restricted to alphanumeric characters, colons
dashes, underscores, and slashes. Slashes and colons may be restricted in
a future release.

Unconfigured (ghost) host names are now restricted to alphanumerics, colons,
commas, periods, dashes, and underscores. It is strongly recommended to use only
valid hostnames and DNS components in servers names.

Files matched multiple times by logfetch in the client config retrieved
from config-local.cfg (such as a file matching multiple globs) will now only
be scanned once and only use the ignore/trigger rules from its first entry.
(Note: A future version of Xymon may combine all matching rules for a file together.)

CLASS groupings in analysis.cfg and alerts.cfg will now reliably work for
hosts with a CLASS override in hosts.cfg. Previous, this class was not used
in favor of the class type sent in on any specific client message.
   2016-02-16 06:58:57 by S.P.Zeidler | Files touched by this commit (7) | Package updated
Log message:
update of xymon and xymonclient from 4.3.17 to 4.3.25

The following security issues are fixed with this update:
* Resolve buffer overflow when handling "config" file requests \ 
(CVE-2016-2054)
* Restrict "config" files to regular files inside the $XYMONHOME/etc/ \ 
directory
  (symlinks disallowed) (CVE-2016-2055). Also, require that the initial filename
  end in '.cfg' by default
* Resolve shell command injection vulnerability in useradm and chpasswd CGIs
  (CVE-2016-2056)
* Tighten permissions on the xymond BFQ used for message submission to restrict
  access to the xymon user and group. It is now 0620. (CVE-2016-2057)
* Restrict javascript execution in current and historical status messages by
  the addition of appropriate Content-Security-Policy headers to prevent XSS
  attacks. (CVE-2016-2058)
* Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
  Thank you to Mark Felder for noting the impact and Martin Lenko
  for the original patch.
* Mitigate CVE-2014-6271 (bash 'Shell shock' vulnerability) by
  eliminating the shell script CGI wrappers

Please refer to
https://sourceforge.net/projects/xymon/ … s/download
for further information on fixes and new features.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.