Changeset 1653

Timestamp:

11/07/08 22:34:35 (2 months ago)

Author:

ton

Message:

Security patches backported from Nagios 3.0.5 to disable linefeeds
in freetext data, and to ignore CHANGE_* commands, which do not appear to work
correctly anyway

Files:

• trunk/CHANGES (modified) (1 diff)
• trunk/opsview-base/Makefile (modified) (1 diff)
• trunk/opsview-base/patches/nagios_block_external_change_commands.patch (added)
• trunk/opsview-base/patches/nagios_cgi_encoded_linefeeds.patch (added)

trunk/CHANGES

@@ -2 +2 @@
-
-2.14.1 ???
+        Security patch to stop linefeeds from being entered through Nagios' cmd.cgi
+        Disabling of CHANGE_* Nagios commands, which don't appear to work anyway
-        Amended some page titles from the default 'Opsview' to aid browser history usage
-        Allow use of IPv6 addresses for hosts

trunk/opsview-base/Makefile

@@ -262 +262 @@
-        # Credit to Jason Mogavero and Mike Dorman @ Data393 for this patch. Already in Nagios 3.0.4
-        cd ${NAGIOS} && patch -p1 < ../patches/nagios_status_cgi_passive_sounds.patch
+        cd ${NAGIOS} && patch -p1 < ../patches/nagios_cgi_encoded_linefeeds.patch
+        cd ${NAGIOS} && patch -p1 < ../patches/nagios_block_external_change_commands.patch
-        cd ${NAGIOS} && cp ../patches/unlit-bulb.gif ./html/images/action.gif
-        cd ${NAGIOS} && cp ../patches/comment.gif ./html/images/comment.gif