Hello community, here is the log from the commit of package nagios for openSUSE:Factory checked in at 2013-08-05 20:48:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nagios (Old) and /work/SRC/openSUSE:Factory/.nagios.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "nagios" Changes: -------- --- /work/SRC/openSUSE:Factory/nagios/nagios.changes 2013-03-20 09:53:32.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.nagios.new/nagios.changes 2013-08-05 20:48:15.000000000 +0200 @@ -1,0 +2,17 @@ +Fri Jul 26 09:50:38 UTC 2013 - thardeck@suse.com + +- added icinga-monitoring-tools as recommend and removed the duplicated nagios files + +------------------------------------------------------------------- +Fri Jun 28 08:27:25 UTC 2013 - lars@linux-schulserver.de + +- added nagios-CVE-2013-2214.patch fixing unauthorized host/service + views displayed in servicegroup view (bnc#827020) + +------------------------------------------------------------------- +Thu Jun 27 15:47:56 UTC 2013 - lars@linux-schulserver.de + +- fix permission problem on /usr/lib/nagios/plugins introduced with + one of the latest updates + +------------------------------------------------------------------- Old: ---- convertcfg.8 mini_epn.8 new_mini_epn.8 New: ---- nagios-CVE-2013-2214.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nagios.spec ++++++ --- /var/tmp/diff_new_pack.eDLk0Z/_old 2013-08-05 20:48:16.000000000 +0200 +++ /var/tmp/diff_new_pack.eDLk0Z/_new 2013-08-05 20:48:16.000000000 +0200 @@ -25,14 +25,11 @@ Url: http://www.nagios.org/ Source0: %{name}-%{version}.tar.bz2 Source1: rc%{name} -Source2: convertcfg.8 Source3: %{name}.sysconfig Source4: suse.de-nagios Source5: nagios.8 Source6: nagiosstats.8 Source7: nagios-htpasswd.users -Source8: mini_epn.8 -Source9: new_mini_epn.8 # Source10: %{name}-README.SuSE Source11: %{name}-html-pages.tar.bz2 @@ -46,6 +43,8 @@ Patch10: nagios-p1.pl-location.patch # PATCH-FIX-OPENSUSE disable Nagios online update checks for distributed packages Patch11: nagios-disable_phone_home.patch +# PATCH-FIX-UPSTREAM fix CVE-2013-2214 +Patch12: nagios-CVE-2013-2214.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: monitoring_daemon PreReq: %fillup_prereq @@ -80,6 +79,7 @@ # we enable nagios embedded perl, but if people disable it... Recommends: perl = %{perl_version} %endif +Recommends: icinga-monitoring-tools %if 0%{?suse_version} > 1020 Recommends: %{name}-plugins %else @@ -186,12 +186,10 @@ %patch3 -p0 %patch10 -p0 %patch11 -p0 +%patch12 -p1 find -name ".gitignore" | xargs rm # fix p1.pl [dos] perl -p -i -e 's|\r\n|\n|' contrib/p1.pl -# fix p1.pl pathname of mini_epn -sed -i 's|p1.pl|%{nagios_libdir}/p1.pl|g' contrib/mini_epn.c -sed -i 's|p1.pl|%{nagios_libdir}/p1.pl|g' contrib/new_mini_epn.c # fix file permissions chmod -x Changelog LEGAL LICENSE README @@ -317,9 +315,6 @@ # install manpages install -Dm644 %{S:5} %{buildroot}%{_mandir}/man8/%{name}.8 install -Dm644 %{S:6} %{buildroot}%{_mandir}/man8/nagiostats.8 -install -Dm644 %{S:8} %{buildroot}%{_mandir}/man8/mini_epn.8 -install -Dm644 %{S:9} %{buildroot}%{_mandir}/man8/new_mini_epn.8 -install -Dm644 %{S:2} %{buildroot}%{_mandir}/man8/convertcfg.8 # fixing permissions the dirty way.... for file in "README sample-config/README sample-config/template-object/README"; do chmod 644 $RPM_BUILD_DIR/%{name}/$file @@ -345,6 +340,10 @@ EOF mv -f %{buildroot}%{apache2_sysconfdir}/%{name}.conf.in %{buildroot}%{apache2_sysconfdir}/%{name}.conf popd >/dev/null +#delete monitoring-tools because they are provided by icinga-monitoring-tools +rm -f %{buildroot}/%{_sbindir}/convertcfg +rm -f %{buildroot}/%{_sbindir}/mini_epn +rm -f %{buildroot}/%{_sbindir}/new_mini_epn %clean %{__rm} -rf %{buildroot} @@ -490,9 +489,7 @@ %files %defattr(-,root,root) %doc Changelog LEGAL LICENSE README README.SuSE sample-config/ -%{_mandir}/man8/convertcfg* %{_mandir}/man8/%{name}* -%{_mandir}/man8/*mini_epn* %_sysconfdir/init.d/%name %ghost %config(missingok,noreplace) %{nagios_logdir}/config.err %config(noreplace) %{nagios_sysconfdir}/*.cfg @@ -502,12 +499,9 @@ %{nagios_localstatedir} %attr(0755,root,root) %{nagios_libdir}/p1.pl %exclude %{nagios_cgidir}/* -%{_sbindir}/convertcfg -%{_sbindir}/mini_epn -%{_sbindir}/new_mini_epn %{_sbindir}/rc%name %dir %{nagios_libdir} -%dir %{nagios_plugindir} +%attr(755,root,root) %dir %{nagios_plugindir} %dir %{nagios_eventhandlerdir} %{nagios_eventhandlerdir}/* # defattr change ++++++ nagios-CVE-2013-2214.patch ++++++ Index: nagios/cgi/status.c =================================================================== --- nagios.orig/cgi/status.c +++ nagios/cgi/status.c @@ -2547,6 +2547,10 @@ void show_servicegroup_overview(serviceg if(temp_host == NULL) continue; + /* make sure user has rights to view this host */ + if(is_authorized_for_host(temp_host, ¤t_authdata) == FALSE) + continue; + /* skip this if it isn't a new host... */ if(temp_host == last_host) continue; @@ -2752,6 +2756,10 @@ void show_servicegroup_host_totals_summa if(temp_host == NULL) continue; + /* make sure user has rights to view this host */ + if(is_authorized_for_host(temp_host, ¤t_authdata) == FALSE) + continue; + /* skip this if it isn't a new host... */ if(temp_host == last_host) continue; @@ -2931,6 +2939,10 @@ void show_servicegroup_service_totals_su temp_service = find_service(temp_member->host_name, temp_member->service_description); if(temp_service == NULL) continue; + + /* make sure user has rights to view this service */ + if(is_authorized_for_service(temp_service, ¤t_authdata) == FALSE) + continue; /* skip this if it isn't a new service... */ if(temp_service == last_service) @@ -3290,6 +3302,10 @@ void show_servicegroup_grid(servicegroup if(temp_host == NULL) continue; + /* make sure user has rights to view this host */ + if(is_authorized_for_host(temp_host, ¤t_authdata) == FALSE) + continue; + /* get the status of the host */ temp_hoststatus = find_hoststatus(temp_host->name); if(temp_hoststatus == NULL) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org