Hi Lars, Lars Kollstedt wrote: > I can't find Ulric's patch in neither in 4.3.10 and 4.3.11 from > http://xymon.sourceforge.net/ nor in 4.3.7-1. They all still contain > the bug in strfunc.c: > > | static strbuffer_t *result = NULL; > | char *inp, *endp; > | char c; > | > | if (!result) result = newstrbuffer(4096); > | clearstrbuffer(result);
Same impression here. Except for whitespace garbage and an additional line which has been added upstream, the patch can be used against 4.3.11. > Might be the patch was in in for a short time. I rather expected that it was fixed in another way, but I haven't found any evidence. I can apply that patch for the upcoming 4.3.11-1 experimental package if wanted. I though never ran into that issue (running 4.3.0~beta2.dfsg-6+squeeze1 on Squeeze and a 4.3.10 packaging snapshot on Squeeze and Wheezy) and hence can't check if it works. (I also ran 4.3.7-1 for a while on Squeeze and didn't notice it there, but also didn't use history a lot there.) > But they all use /var/lib/xymon and /etc/xymon which is not suitable > to the very complex installations of Xymon Servers running Ubuntu > 10.04LTS (lucid) and 12.04LTS (precise). Speaking from the Admin's > view. > > They are using /etc/hobbit at the moment, and might loose their > whole configuration and data when this is changed withing the stable > release. That (and not the freeze for Wheezy) is the reason why newer Xymon packages are just in Debian Experimental and should never have made it into Ubuntu Quantal. :-/ We're still working on a sane automated upgrade path and we're not yet there. > The Bug came in with the 2011-1716 Patch. I guess you mean CVE-2011-1716. So 4.3.0~beta2.dfsg-9.1 is fine, but 4.3.0~beta2.dfsg-9.1ubuntu0.1 introduced this issue? Because upstream CVE-2011-1716 is only fixed with 4.3.1. (I suspect with the same fix, since the patch matched to the 4.3.10 or 4.3.11 code -- can't remember against which I checked.) > And should be all affected by this Bug. I didn't understand that sentence. Did you mean "And all should be affected by this bug"? > I'm sorry I selected the wrong patch file in #22. I'll corect it, now. Thanks for the update and thanks for the patch in general! > ** Patch added: "This is what I wanted to post in #22 (Patch for lucid for > the patch dir)." > > https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1103428/+attachment/3685152/+files/lk1103428-lucid_2013-01-29.patch This patch though has, as the one before, unnecessary whitespace changes in it, which makes it hard to see the real functional changes. I had to check every single line manually to actually see the functional changes. Could you please post a patch without changing the indentation of unchanged lines? TIA! P.S.: Launchpad Bug Tracker schrieb am Thu, May 23, 2013 at 05:58:21PM -0000: > You have been subscribed to a public bug by Lars Kollstedt (lk-x): Huh, why that? I'm already subscribed for all bugs affecting Xymon in Ubuntu, so this shouldn't be necessary. (Nor change anything, so I wonder why Launchpad notifies me about a no-op...) Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1103428 Title: Xymon history page does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1103428/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
