Hello community,
here is the log from the commit of package nagios for openSUSE:Factory
checked in at Fri Jul 8 15:48:35 CEST 2011.
--------
--- nagios/nagios.changes 2010-10-06 22:25:41.000000000 +0200
+++ /mounts/work_src_done/STABLE/nagios/nagios.changes 2011-07-08 13:42:00.000000000 +0200
@@ -1,0 +2,27 @@
+Fri Jul 8 11:35:37 UTC 2011 - lars@linux-schulserver.de
+
+- removed setuid bit from /var/spool/nagios - configure the
+ right permissions on service start instead
+- use the right STDERR in the cron script
+- cleanup files section
+
+-------------------------------------------------------------------
+Tue Jul 5 14:57:40 UTC 2011 - lars@linux-schulserver.de
+
+- integrated cron script from Daniel Kozar (bnc#701208)
+
+-------------------------------------------------------------------
+Mon Jul 4 17:03:22 UTC 2011 - lars@linux-schulserver.de
+
+- fixes in init script if check_external_commands are enabled
+- added nagios-3.2.3-CVE-2011-1523.patch to fix
+ CVE-2011-1523 (bnc#682966)
+
+-------------------------------------------------------------------
+Sun Mar 13 16:21:14 UTC 2011 - lars@linux-schulserver.de
+
+- install /var/spool/nagios with setgroup bit set, so all new files
+ in this directory belong to the command group (maybe we should
+ use a permissions file for this?)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
nagios-3.2.3-CVE-2011-1523.patch
nagios-htpasswd.users
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nagios.spec ++++++
--- /var/tmp/diff_new_pack.hRVFoM/_old 2011-07-08 15:46:21.000000000 +0200
+++ /var/tmp/diff_new_pack.hRVFoM/_new 2011-07-08 15:46:21.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package nagios (Version 3.2.3)
+# spec file for package nagios
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
%define nnmmsg logger -t %{name}/rpm
Summary: The Nagios Network Monitor
Version: 3.2.3
-Release: 1
+Release: 5
License: GPLv2+
Group: System/Monitoring
Url: http://www.nagios.org/
@@ -40,6 +40,7 @@
Source4: suse.de-nagios
Source5: nagios.8
Source6: nagiosstats.8
+Source7: nagios-htpasswd.users
#
Source10: %{name}-README.SuSE
# PATCH-FIX-UPSTREAM fix for missing expression in return statement bnc#395203
@@ -56,7 +57,8 @@
Patch10: nagios-p1.pl-location.patch
# PATCH-FIX-OPENSUSE disable Nagios online update checks for distributed packages
Patch11: nagios-disable_phone_home.patch
-#
+# PATCH-FIX-UPSTREAM fix CVE-2011-1523
+Patch12: nagios-3.2.3-CVE-2011-1523.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq
PreReq: %insserv_prereq
@@ -186,6 +188,7 @@
%patch7 -p0
%patch10 -p0
%patch11 -p0
+%patch12 -p0
find -name ".cvsignore" | xargs rm
find -name ".gitignore" | xargs rm
# fix p1.pl pathname of mini_epn
@@ -222,7 +225,7 @@
--enable-event-broker \
--enable-embedded-perl
#
-# %bindir/p1.pl is not a good place for a perl-_module_!
+# /usr/bin/p1.pl is not a good place for a perl-_module_!
#
sed -i 's#@p1pldir@#%{_prefix}/lib/nagios#g' Makefile include/locations.h sample-config/nagios.cfg
#
@@ -269,6 +272,7 @@
# install event handlers
%{__install} -d -m0755 %{buildroot}%{_prefix}/lib/%{name}/plugins/eventhandlers/
%{__cp} -afpv contrib/eventhandlers/* %{buildroot}%{_prefix}/lib/%{name}/plugins/eventhandlers/
+find %{buildroot}%{_prefix}/lib/%{name}/plugins/eventhandlers/ -type f -exec chmod +x {} \;
# install directory for event brokers like ndoutils
%{__install} -d -m0755 %{buildroot}%{_prefix}/lib/%{name}/brokers
# install headers for development package
@@ -302,9 +306,10 @@
# sysconfig script
%{__install} -D -m 0644 %{S:3} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
# install cronjob (gzip' the logfiles)
-%{__install} -D -m 0640 %{S:4} %{buildroot}%{_sysconfdir}/cron.weekly/%{name}
+%{__install} -D -m 0755 %{S:4} %{buildroot}%{_sysconfdir}/cron.weekly/%{name}
+# install htpasswd file
+%{__install} -m 0640 %{S:7} %{buildroot}%{_sysconfdir}/%{name}/htpasswd.users
# important ghost files
-touch %{buildroot}%{_sysconfdir}/%{name}/htpasswd.users
touch %{buildroot}%{_localstatedir}/lib/%{name}/retention.dat
touch %{buildroot}%{_localstatedir}/lib/%{name}/status.dat
touch %{buildroot}%{_localstatedir}/log/%{name}/config.err
@@ -314,7 +319,7 @@
install -Dm644 %{S:6} %{buildroot}%{_mandir}/man8/nagiosstats.8
# some rpmlint stuff
%if 0%{?suse_version} > 1020
-%fdupes -s %{buildroot}
+%fdupes -s %{buildroot}%{_datadir}
%endif
%clean
@@ -450,12 +455,23 @@
fi
# if apache user is not in cmdgrp, add it
if id -Gn $wwwusr 2>/dev/null | grep -q %{cmdgrp} >/dev/null 2>&1 ; then
- : # $wwwusr (default: %cmdusr) is already in nagiocmd group
+ : # $wwwusr (default: %cmdusr) is already in Nagios cmd group
else
# modify apache user, adding it to cmdgrp
groupmod -A $wwwusr %{cmdgrp} 2>/dev/null
%nnmmsg "User $wwwusr added to group %{cmdgrp} so sending commands to Nagios from the CGI is possible."
fi
+# Update ?
+if [ ${1:-0} -eq 1 ]; then
+ if [ -x %{_sbindir}/a2enmod ]; then
+ # enable authentification in apache config
+ %{_sbindir}/a2enmod authn_file >/dev/null
+ %{_sbindir}/a2enmod auth_basic >/dev/null
+ %{_sbindir}/a2enmod authz_user >/dev/null
+ # enable php5 in apache config
+ %{_sbindir}/a2enmod php5
+ fi
+fi
%restart_on_update apache2
%preun www
@@ -467,14 +483,12 @@
%{_mandir}/man8/%{name}*
%_sysconfdir/init.d/%name
%ghost %config(missingok,noreplace) /var/log/%name/config.err
-%config(noreplace) %_sysconfdir/%name/resource.cfg
-%config(noreplace) %_sysconfdir/%name/cgi.cfg
-%config(noreplace) %_sysconfdir/%name/%{name}.cfg
+%config(noreplace) %_sysconfdir/%name/*.cfg
%config(noreplace) %_sysconfdir/%name/objects/*.cfg
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
-%defattr(755,root,root)
%{_sysconfdir}/cron.weekly/*
%{_prefix}/lib/%name/
+%attr(0755,root,root) %{_prefix}/lib/%name/p1.pl
%exclude %{_prefix}/lib/%name/cgi/*
%{_sbindir}/convertcfg
%{_sbindir}/mini_epn
@@ -484,7 +498,7 @@
%defattr(-,%{nsusr},%{cmdgrp})
%dir %_sysconfdir/%name
%dir %_sysconfdir/%name/objects
-%dir /var/spool/%name
+%dir /var/spool/%{name}
# defattr change
%defattr(-,%{nsusr},%nsgrp)
%dir /var/lib/%name
@@ -504,7 +518,7 @@
%defattr(-,root,root)
%{_datadir}/%{name}/
%config(noreplace) %{apache2_sysconfdir}/%{name}.conf
-%attr(0640,root,%cmdgrp) %ghost %config(missingok,noreplace) %{_sysconfdir}/%{name}/htpasswd.users
+%attr(0640,root,%cmdgrp) %config(missingok,noreplace) %{_sysconfdir}/%{name}/htpasswd.users
%files devel
%defattr(-,root,root)
++++++ nagios-3.2.3-CVE-2011-1523.patch ++++++
Index: cgi/config.c
===================================================================
--- cgi/config.c.orig
+++ cgi/config.c
@@ -2275,9 +2275,9 @@ void display_command_expansion(void){
if ((*to_expand)!='\0'){
arg_count[0]=0;
- printf("<TR CLASS='dataEven'><TD CLASS='dataEven'>To expand:</TD><TD CLASS='dataEven'>%s",command_args[0]);
+ printf("<TR CLASS='dataEven'><TD CLASS='dataEven'>To expand:</TD><TD CLASS='dataEven'>%s",escape_string(command_args[0]));
for (i=1;(i