xymon

Check-in [001ecb4d01]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Changelog/RELEASENOTES/CREDITS for 4.3.19 (rc1) git-svn-id: http://svn.code.sf.net/p/xymon/code/branches/4.3.19@7617 44351d6e-118b-4698-b696-ce33095ecaa4
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk | origin/4.3.19
Files: files | file ages | folders
SHA3-256: 001ecb4d0100d7bb721424e43a0de888b5835a083bee219c90162181caaef17c
User & Date: jccleaver@users.sf.net 2015-03-25 07:04:08
Context
2015-03-30
03:27
Use forest mode with 'ps' output when available git-svn-id: http://svn.code.sf.net/p/xymon/code/branches/4.3.19@7618 44351d6e-118b-4698-b696-ce33095ecaa4 check-in: a6c792952f user: jccleaver@users.sf.net tags: trunk, origin/4.3.19
2015-03-25
07:04
Changelog/RELEASENOTES/CREDITS for 4.3.19 (rc1) git-svn-id: http://svn.code.sf.net/p/xymon/code/branches/4.3.19@7617 44351d6e-118b-4698-b696-ce33095ecaa4 check-in: 001ecb4d01 user: jccleaver@users.sf.net tags: trunk, origin/4.3.19
03:47
Ensure status text in Windows svcs test updated git-svn-id: http://svn.code.sf.net/p/xymon/code/branches/4.3.19@7616 44351d6e-118b-4698-b696-ce33095ecaa4 check-in: dba9139eba user: jccleaver@users.sf.net tags: trunk, origin/4.3.19
Changes
Hide Diffs Unified Diffs Show Whitespace Changes Patch

Changes to CREDITS.

6
7
8
9
10
11
12
13
14
15
16
17

18

19
20
21
22
23
24
25
..
40
41
42
43
44
45
46

47
48
49
50
51
52
53
..
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

Marco Avvisano
Paul Backer
Olivier Beau
Adamets Bluejay
Brian Buchanan
Massimo Carnevali
J Cleaver
Craig Cook
Douwe Dijkstra
Francesco Duranti
Lars Ebeling

David Ferrest

Tom Georgoulias
Laurent Grilli
Kevin Hanrahan
Malcolm Hunter
Knud Højgaard
Asif Iqbal
Charles Jones
................................................................................
Tim Rotunda
Thomas Rucker
Mirko Saam
Thomas Schäfer
Tom Schmidt
Eric Schwimmer
Bill Simaz

Gavin Stone-Tolcher
Jeff Stoner
David Stuffle
Christian Thibodeau
Rick Waegner
Rob Watson

................................................................................
	 important while it was in use)
	http://curl.haxx.se/
	Daniel Steenberg and others

libCARES
	Based on the ARES library by Greg Hudson of MIT, 
	C-ARES provides asynchronous parallel DNS lookups.
	http://daniel.haxx.se/projects/c-ares/
	Greg Hudson, Daniel Steenberg and others

RRDtool
	http://www.mrtg.org/rrdtool/

OpenSSL
	http://www.openssl.org/

OpenLDAP
	http://www.openldap.org/

PCRE
	http://www.pcre.org/








|




>

>







 







>







 







|



|










6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
..
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
..
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

Marco Avvisano
Paul Backer
Olivier Beau
Adamets Bluejay
Brian Buchanan
Massimo Carnevali
Japheth Cleaver
Craig Cook
Douwe Dijkstra
Francesco Duranti
Lars Ebeling
Mark Felder
David Ferrest
Franco Gasperino
Tom Georgoulias
Laurent Grilli
Kevin Hanrahan
Malcolm Hunter
Knud Højgaard
Asif Iqbal
Charles Jones
................................................................................
Tim Rotunda
Thomas Rucker
Mirko Saam
Thomas Schäfer
Tom Schmidt
Eric Schwimmer
Bill Simaz
Andy Smith
Gavin Stone-Tolcher
Jeff Stoner
David Stuffle
Christian Thibodeau
Rick Waegner
Rob Watson

................................................................................
	 important while it was in use)
	http://curl.haxx.se/
	Daniel Steenberg and others

libCARES
	Based on the ARES library by Greg Hudson of MIT, 
	C-ARES provides asynchronous parallel DNS lookups.
	http://c-ares.haxx.se/
	Greg Hudson, Daniel Steenberg and others

RRDtool
	http://oss.oetiker.ch/rrdtool/

OpenSSL
	http://www.openssl.org/

OpenLDAP
	http://www.openldap.org/

PCRE
	http://www.pcre.org/

Changes to Changes.


































































1
2
3
4
5
6
7

































































Changes from 4.3.17 -> 4.3.18 (3 Feb 2015)
===========================================

* rev 7494

* Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
  Thank you to Mark Felder for noting the impact and Martin Lenko
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Changes from 4.3.18 -> 4.3.19 (2x Mar 2015)
===========================================

* rev 76xx

* Don't crash when receiving an AAAA DNS response (BSD, thanks Mark Felder)
* xymonclient.sh running in --local mode was generating reports that were
  marked as duplicates (and thus being ignored). Reported by Guillaume Chane.
* Building with old versions of libpcre not supporting PCRE_FIRSTLINE should
  once again work
* Memory reporting on FreeBSD and OpenBSD has been fixed (Mark Felder)
* clientlog, hostinfo, and modify messages are now tracked in xymond stats
* In environment config files (xymonserver.cfg, xymonclient.cfg, and cfgoptions.cfg)
  an initial "export " line (as if it were actually a shell script) will be
  ignored and the remainder of the line parsed as normal.
* headermatch will now match the headers of an HTTP response even if the body
  is empty (eg, matching for a 302 Redirect)
* --debug mode in most daemons should cause *much* less of a performance hit, and
  output will be timestamped in microseconds
* xymondboard can now be used to PCRE-match against the raw message, and 
  acknowledgement and disable comments. Inequalities can be specified against the 
  lastchange, logtime, validtime, acktime, disabletime fields (in epoch timestamps).
  The existing net= and tag= filters have been documented.
* The sample xymon.conf apache snippet now supports apache 2.4 syntax
* Fix missing newline when returning upcoming 'schedule' commands.
* EXTIME= syntax in analysis.cfg and alerts.cfg has been added. This is applied
  after any TIME= filter. Use (e.g.) to exclude Wednesday afternoons on a line 
  which is already restricted to 9:00a to 5:00p on weekdays only.
* The included version of c-ares has been bumped to version 1.10.0.
* Support for older EGD (entropy gathering daemon) has been removed
* A crash when xymond_rrd was run in --debug mode on non GNU/glibc systems has 
  been fixed
* The msgs and procs tests are now HTML-encoded to ensure that lines with brackets
  are properly displayed
* An acknowledgements.sh log report has been added in (Submitted by Andy Smith)
* A number of logfetch issues have been addressed:
  - --debug syntax is now supported. (If modifying the command line in xymonclient.sh,
    use --debug=stderr to prevent spurious lines being sent in the client report.)
  - Invalid POSIX regular expressions for ignore or trigger lines will now be reported
    but should not cause crashes
  - Null characters in a log file will no longer cause further processing to stop (Thanks,
    Franco Gasperino.)
  - All lines matching a 'trigger' regex will be reported back, even if the total size
    exceeds the "maxbytes" limit. (Up to the maximum compiled buffer size.) As much of
    the final section as can be fit in the space remaining will be included, similar
    to the previous behavior if maxbytes was exceeded but no trigger lines were given.
    (Thanks, Franco Gasperino.)
  - The current location (where the previous run left off) is now marked in the status 
    report.
  - The '<...SKIPPED...>' and '<...CURRENT...>' texts can be overridden by specifying 
    values for LOGFETCHSKIPTEXT and LOGFETCHCURRENTTEXT in xymonclient.cfg
  - The "scrollback" (number of positions in previous "runs" back) that logfetch starts
    at can now be specified with the LOGFETCHSCROLLBACK variable, from 0 - 6 (the default)
* "deltacount" can be used to count the number of lines matching a specific regex in 
  client-local.cfg, counting only since the last run. These will be shown on the trends page.
  NOTE: Unlike the "linecount:" option, deltacount is specified after a specific "log:" line.
  See the client-local.cfg file for details.
* ifstat and netstat output from the new Windows PowerShell client is now graphed properly.
* Hostnames beginning with a number (allowed by RFC1123) are now supported in combo.cfg
* When a Windows service's status has been changed (ie, stopped or started), the relevant line
  in the 'svcs' test will now be updated to reflect this. (Reported by Gavin Stone-Tolcher and
  Neil Simmonds)
* Various build issues, compiler fixes, and valgrind complaints have been fixed.


Changes from 4.3.17 -> 4.3.18 (3 Feb 2015)
===========================================

* rev 7494

* Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
  Thank you to Mark Felder for noting the impact and Martin Lenko

Changes to RELEASENOTES.

1
2
3
4
5
6
7
8
9
10
11
































12
13
14
15
16
17
18
          <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
           * * *   Release notes for Xymon 4.3.18   * * *
          <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>


This documents the important changes between Xymon releases, i.e.
changes you should be aware of when upgrading.

For a full list of changes and enhancements, please see the 
Changes file.


































Changes for 4.3.18
==================
4.3.18 fixes a buffer overflow vulnerability in the acknowledge.cgi
script (CVE-2015-1430). All users are encouraged to upgrade.

Thank you to Mark Felder for noting the impact and Martin Lenko

|









>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
          <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
           * * *   Release notes for Xymon 4.3.19   * * *
          <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>


This documents the important changes between Xymon releases, i.e.
changes you should be aware of when upgrading.

For a full list of changes and enhancements, please see the 
Changes file.


Changes for 4.3.19
==================
This is mostly a bugfix release (see the Changes file for a full list), 
but there are some enhancements:

Apache 2.4 syntax is now supported by the sample xymon.conf file.

EXTIME= syntax in analysis.cfg and alerts.cfg files is now supported.
Note that this exclusion is applied *after* any normal TIME= 
specifiers. (If a TIME= modifier is present, then times outside of
that range are already excluded.)

An Acknowledgements report CGI is now available, similar to 
the Notifications report. (Thanks, Andy Smith)

Client logs with multiple trigger lines found are guaranteed to have all
the sections returned, even if this exceeds the "maxbytes" specified (up to
the compiled-in limit). Additionally, the "current" location of new log 
data written since the last time xymonclient was run is now marked for 
reference. (Thanks, Franco Gasperino)

A new "deltacount" option is available in client-local.cfg. It functions
similarly to "linecount", but only counts lines written in the log
file since the last run.

Additional filtration options are available for the xymondboard command,
including the full body of the message, and acknoweldgement and disable
comments. Also, inequalities can be used to filter an epoch timestamp
against any of: lastchange, logtime, validtime, acktime, or disabletime.
See the xymon(1) man page for details.


Changes for 4.3.18
==================
4.3.18 fixes a buffer overflow vulnerability in the acknowledge.cgi
script (CVE-2015-1430). All users are encouraged to upgrade.

Thank you to Mark Felder for noting the impact and Martin Lenko

Changes to debian/changelog.



































































1
2
3
4
5
6
7



































































xymon (4.3.18) unstable; urgency=medium

   * rev 7494

   * Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
     Thank you to Mark Felder for noting the impact and Martin Lenko
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

xymon (4.3.19) unstable; urgency=medium

   * rev 76xx
   
   * Don't crash when receiving an AAAA DNS response (BSD, thanks Mark Felder)
   * xymonclient.sh running in --local mode was generating reports that were
     marked as duplicates (and thus being ignored). Reported by Guillaume Chane.
   * Building with old versions of libpcre not supporting PCRE_FIRSTLINE should
     once again work
   * Memory reporting on FreeBSD and OpenBSD has been fixed (Mark Felder)
   * clientlog, hostinfo, and modify messages are now tracked in xymond stats
   * In environment config files (xymonserver.cfg, xymonclient.cfg, and cfgoptions.cfg)
     an initial "export " line (as if it were actually a shell script) will be
     ignored and the remainder of the line parsed as normal.
   * headermatch will now match the headers of an HTTP response even if the body
     is empty (eg, matching for a 302 Redirect)
   * --debug mode in most daemons should cause *much* less of a performance hit, and
     output will be timestamped in microseconds
   * xymondboard can now be used to PCRE-match against the raw message, and 
     acknowledgement and disable comments. Inequalities can be specified against the 
     lastchange, logtime, validtime, acktime, disabletime fields (in epoch timestamps).
     The existing net= and tag= filters have been documented.
   * The sample xymon.conf apache snippet now supports apache 2.4 syntax
   * Fix missing newline when returning upcoming 'schedule' commands.
   * EXTIME= syntax in analysis.cfg and alerts.cfg has been added. This is applied
     after any TIME= filter. Use (e.g.) to exclude Wednesday afternoons on a line 
     which is already restricted to 9:00a to 5:00p on weekdays only.
   * The included version of c-ares has been bumped to version 1.10.0.
   * Support for older EGD (entropy gathering daemon) has been removed
   * A crash when xymond_rrd was run in --debug mode on non GNU/glibc systems has 
     been fixed
   * The msgs and procs tests are now HTML-encoded to ensure that lines with brackets
     are properly displayed
   * An acknowledgements.sh log report has been added in (Submitted by Andy Smith)
   * A number of logfetch issues have been addressed:
     - --debug syntax is now supported. (If modifying the command line in xymonclient.sh,
       use --debug=stderr to prevent spurious lines being sent in the client report.)
     - Invalid POSIX regular expressions for ignore or trigger lines will now be reported
       but should not cause crashes
     - Null characters in a log file will no longer cause further processing to stop (Thanks,
       Franco Gasperino.)
     - All lines matching a 'trigger' regex will be reported back, even if the total size
       exceeds the "maxbytes" limit. (Up to the maximum compiled buffer size.) As much of
       the final section as can be fit in the space remaining will be included, similar
       to the previous behavior if maxbytes was exceeded but no trigger lines were given.
       (Thanks, Franco Gasperino.)
     - The current location (where the previous run left off) is now marked in the status 
       report.
     - The '<...SKIPPED...>' and '<...CURRENT...>' texts can be overridden by specifying 
       values for LOGFETCHSKIPTEXT and LOGFETCHCURRENTTEXT in xymonclient.cfg
     - The "scrollback" (number of positions in previous "runs" back) that logfetch starts
       at can now be specified with the LOGFETCHSCROLLBACK variable, from 0 - 6 (the default)
   * "deltacount" can be used to count the number of lines matching a specific regex in 
     client-local.cfg, counting only since the last run. These will be shown on the trends page.
     NOTE: Unlike the "linecount:" option, deltacount is specified after a specific "log:" line.
     See the client-local.cfg file for details.
   * ifstat and netstat output from the new Windows PowerShell client is now graphed properly.
   * Hostnames beginning with a number (allowed by RFC1123) are now supported in combo.cfg
   * When a Windows service's status has been changed (ie, stopped or started), the relevant line
     in the 'svcs' test will now be updated to reflect this. (Reported by Gavin Stone-Tolcher and
     Neil Simmonds)
   * Various build issues, compiler fixes, and valgrind complaints have been fixed.

 -- Japheth Cleaver <cleaver-xymon@terabithia.org>  XXX, 2x Mar 2015 XX:XX:XX -0700


xymon (4.3.18) unstable; urgency=medium

   * rev 7494

   * Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
     Thank you to Mark Felder for noting the impact and Martin Lenko

Changes to include/version.h.

7
8
9
10
11
12
13
14
15
16
17
/* version 2. See the file "COPYING" for details.                             */
/*                                                                            */
/*----------------------------------------------------------------------------*/

#ifndef __VERSION_H__
#define __VERSION_H__

#define VERSION "4.3.18"

#endif








|



7
8
9
10
11
12
13
14
15
16
17
/* version 2. See the file "COPYING" for details.                             */
/*                                                                            */
/*----------------------------------------------------------------------------*/

#ifndef __VERSION_H__
#define __VERSION_H__

#define VERSION "4.3.19-rc1"

#endif