Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi,
several updates for xymon have accumulated since the last upload. We'd
like to have them in Jessie, so we are asking for approval of the
changes below.
Changelog:
diff -Nru xymon-4.3.17/debian/changelog xymon-4.3.17/debian/changelog
--- xymon-4.3.17/debian/changelog 2014-10-23 16:50:53.000000000 +0200
+++ xymon-4.3.17/debian/changelog 2015-01-22 17:37:30.000000000 +0100
@@ -1,3 +1,21 @@
+xymon (4.3.17-5) unstable; urgency=medium
+
+ [ Christoph Berg ]
+ * Restore the lost ROOTFS variable in xymonclient-linux.sh, and patch
+ xymond/rrd/do_disk.c to ignore duplicate submissions for the / partition.
+ (Closes: #767901)
+ * Fix buffer overrun in web/acknowledge.c (Closes: #776007)
+ * Debconf translations, thanks!
+ + pt by Américo Monteiro (Closes: #767840)
+ + fr by Jean-Pierre Giraud (Closes: #770168)
+ + nl by Frans Spiesschaert (Closes: #771182)
+
+ [ Axel Beckert ]
+ * Fix aborting installation in cases where a hobbit user exists despite
+ hobbit-client was not installed before. (LP: #1407498)
+
+ -- Christoph Berg <christoph.b...@credativ.de> Thu, 22 Jan 2015 17:37:26
+0100
+
xymon (4.3.17-4) unstable; urgency=medium
* Add debconf question to disable the automatic migration from hobbit to
The first patch is the buffer overrun from #776007:
diff -Nru xymon-4.3.17/debian/patches/acknowledge-malloc
xymon-4.3.17/debian/patches/acknowledge-malloc
--- xymon-4.3.17/debian/patches/acknowledge-malloc 1970-01-01
01:00:00.000000000 +0100
+++ xymon-4.3.17/debian/patches/acknowledge-malloc 2015-01-22
16:49:28.000000000 +0100
@@ -0,0 +1,11 @@
+--- a/web/acknowledge.c
++++ b/web/acknowledge.c
+@@ -289,7 +289,7 @@ int main(int argc, char *argv[])
+ pcre *dummy;
+ char *re;
+
+- re = (char *)malloc(8 +
strlen(pagename));
++ re = (char *)malloc(8 +
2*strlen(pagename));
+ sprintf(re, "%s$|^%s/.+", pagename,
pagename);
+ dummy = compileregex(re);
+ if (dummy) {
(This is probably exploitable, but the URL for this is only accessible
for authenticated admin users, so it's not a very bad security issue.)
The next one is the #767901 issue that causes monitoring graphs for
the / partition (disk space and inodes) to be broken. The C part
accounts for the fact that the "df" output in the default
installations have "/" listed twice, and suppresses duplicate updates
for that partitions (which cause rrd to get confused).
The hard-to-read sh diff below merely restores the ROOTFS line that's
present in the upstream version of the original file, but got lost
during some patch update.
diff -Nru xymon-4.3.17/debian/patches/disk-no-duplicate-root
xymon-4.3.17/debian/patches/disk-no-duplicate-root
--- xymon-4.3.17/debian/patches/disk-no-duplicate-root 1970-01-01
01:00:00.000000000 +0100
+++ xymon-4.3.17/debian/patches/disk-no-duplicate-root 2015-01-21
16:31:46.000000000 +0100
@@ -0,0 +1,30 @@
+--- a/xymond/rrd/do_disk.c
++++ b/xymond/rrd/do_disk.c
+@@ -20,6 +20,7 @@ int do_disk_rrd(char *hostname, char *te
+ static int ptnsetup = 0;
+ static pcre *inclpattern = NULL;
+ static pcre *exclpattern = NULL;
++ int seen_root_fs = 0;
+
+ if (strstr(msg, "netapp.pl")) return do_netapp_disk_rrd(hostname,
testname, classname, pagepaths, msg, tstamp);
+ if (strstr(msg, "dbcheck.pl")) return
do_dbcheck_tablespace_rrd(hostname, testname, classname, pagepaths, msg,
tstamp);
+@@ -163,6 +164,19 @@ int do_disk_rrd(char *hostname, char *te
+
+ /* Check include/exclude patterns */
+ wanteddisk = 1;
++ /*
++ * On some systems, including the Debian Wheezy default setup,
++ * df shows two entries for / (one for "rootfs", one for the
++ * real device). Skip the second one or else the rrd files
++ * produced contain ugly gaps. (A complete fix would do this
++ * for all filesystems, but this case should be rare.)
++ */
++ if (!strcmp(diskname, "/")) {
++ if (seen_root_fs)
++ wanteddisk = 0;
++ else
++ seen_root_fs = 1;
++ }
+ if (exclpattern) {
+ int ovector[30];
+ int result;
diff -Nru xymon-4.3.17/debian/patches/hobbitclient-tmpfs
xymon-4.3.17/debian/patches/hobbitclient-tmpfs
--- xymon-4.3.17/debian/patches/hobbitclient-tmpfs 2014-10-01
15:41:26.000000000 +0200
+++ xymon-4.3.17/debian/patches/hobbitclient-tmpfs 2014-11-03
13:05:02.000000000 +0100
@@ -15,31 +15,27 @@
-- Christoph Berg <m...@debian.org> Sat, 05 Jul 2008 14:43:23 +0200
-Index: xymon/client/xymonclient-linux.sh
-===================================================================
---- xymon.orig/client/xymonclient-linux.sh 2013-05-20 16:04:13.319498276
+0200
-+++ xymon/client/xymonclient-linux.sh 2013-05-20 16:04:13.299497611 +0200
-@@ -45,9 +45,13 @@
+--- a/client/xymonclient-linux.sh
++++ b/client/xymonclient-linux.sh
+@@ -45,9 +45,14 @@ uptime
echo "[who]"
who
echo "[df]"
-EXCLUDES=`cat /proc/filesystems | grep nodev | grep -v rootfs | awk '{print
$2}' | xargs echo | sed -e 's! ! -x !g'`
--ROOTFS=`readlink -m /dev/root`
--df -Pl -x iso9660 -x $EXCLUDES | sed -e '/^[^ ][^ ]*$/{
+if test -f /proc/filesystems ; then # Linux
+ EXCLUDES=`cat /proc/filesystems | grep nodev | egrep -v 'tmpfs|rootfs'
| awk '{print $2}' | xargs echo | sed -e 's! ! -x !g'`
+else # kfreebsd (or /proc not mounted)
+ EXCLUDES=`mount | grep -v '^/' | egrep -v 'tmpfs|rootfs' | awk '{print
$1}' | xargs echo | sed -e 's! ! -x !g'`
+fi
+ ROOTFS=`readlink -m /dev/root`
+-df -Pl -x iso9660 -x $EXCLUDES | sed -e '/^[^ ][^ ]*$/{
+# kfreebsd needs an extra grep -v
+df -Pl -x iso9660 -x $EXCLUDES | grep -v '^/sys' | sed -e '/^[^ ][^
]*$/{
N
s/[ ]*\n[ ]*/ /
}' -e "s&^rootfs&${ROOTFS}&"
-Index: xymon/xymond/etcfiles/analysis.cfg
-===================================================================
---- xymon.orig/xymond/etcfiles/analysis.cfg 2013-05-20 16:04:13.319498276
+0200
-+++ xymon/xymond/etcfiles/analysis.cfg 2013-05-20 16:04:13.307497876 +0200
+--- a/xymond/etcfiles/analysis.cfg
++++ b/xymond/etcfiles/analysis.cfg
@@ -353,6 +353,11 @@
... the inevitable debian/patches/series update for the above:
diff -Nru xymon-4.3.17/debian/patches/series xymon-4.3.17/debian/patches/series
--- xymon-4.3.17/debian/patches/series 2014-10-01 15:41:26.000000000 +0200
+++ xymon-4.3.17/debian/patches/series 2015-01-22 16:49:00.000000000 +0100
@@ -23,3 +23,5 @@
fix-exp-values-in-ncv
netstat-ant-vs-ipv6-address-truncating
apache2.4
+disk-no-duplicate-root
+acknowledge-malloc
... some i18n updates:
diff -Nru xymon-4.3.17/debian/po/fr.po xymon-4.3.17/debian/po/fr.po
diff -Nru xymon-4.3.17/debian/po/nl.po xymon-4.3.17/debian/po/nl.po
diff -Nru xymon-4.3.17/debian/po/pt.po xymon-4.3.17/debian/po/pt.po
... and finally a fix for the migration from the old hobbit user that
avoids invoking "find" on non-existing directories (LP #1407498)
diff -Nru xymon-4.3.17/debian/xymon-client.postinst
xymon-4.3.17/debian/xymon-client.postinst
--- xymon-4.3.17/debian/xymon-client.postinst 2014-10-23 14:57:28.000000000
+0200
+++ xymon-4.3.17/debian/xymon-client.postinst 2015-01-21 16:31:46.000000000
+0100
@@ -49,7 +49,9 @@
--gecos "Xymon System Monitor" xymon
if [ "$MIGRATE" ] && getent passwd hobbit > /dev/null; then
for d in /etc/hobbit /etc/xymon /var/*/hobbit /var/*/xymon; do
- find $d -user hobbit -print0 2>/dev/null | xargs -0 -r chown
xymon
+ if [ -d $d ]; then
+ find $d -user hobbit -print0 2>/dev/null | xargs -0 -r
chown xymon
+ fi
done
pkill -u hobbit vmstat || true
deluser hobbit || echo "Couldn't delete user hobbit, please remove
it manually"
@@ -58,7 +60,9 @@
# Migrate old group
if [ "$MIGRATE" ] && getent group hobbit > /dev/null; then
for d in /etc/hobbit /etc/xymon /var/*/hobbit /var/*/xymon; do
- find $d -group hobbit -print0 2>/dev/null | xargs -0 -r chgrp
xymon
+ if [ -d $d ]; then
+ find $d -group hobbit -print0 2>/dev/null | xargs -0 -r
chgrp xymon
+ fi
done
delgroup --only-if-empty hobbit || echo "Couldn't delete group
hobbit, please remove it manually"
fi
I've uploaded the package to DELAYED/15. Are these ok for Jessie? I'd
either reschedule the upload for immediate release, or cancel the
upload.
Thanks,
Christoph
--
c...@df7cb.de | http://www.df7cb.de/
signature.asc
Description: Digital signature
