SECURITY
Secunia Advisory SA39119: Zabbix PHP Frontend "user" SQL Injection Vulnerability
Update zabbix to version 1.8.2.
Set FULLPKG{NAME,PATH} for the -web subpackage as it is database
independant do we don't need a flavored pkg.
"go ahead" sthen, ok jasper@
This commit is contained in:
ajacoutot
parent
189c77e882
commit
f863d50f38
@ -1,15 +1,16 @@
|
||||
# $OpenBSD: Makefile,v 1.18 2010/02/27 18:47:19 espie Exp $
|
||||
# $OpenBSD: Makefile,v 1.19 2010/04/09 10:17:59 ajacoutot Exp $
|
||||
|
||||
COMMENT-main = network and application monitoring - agent
|
||||
COMMENT-server = network and application monitoring - server
|
||||
COMMENT-web = network and application monitoring - web frontend
|
||||
|
||||
VERSION = 1.8
|
||||
VERSION = 1.8.2
|
||||
DISTNAME = zabbix-${VERSION}
|
||||
FULLPKGNAME-main = zabbix-agent-${VERSION}p2
|
||||
FULLPKGNAME-main = zabbix-agent-${VERSION}
|
||||
FULLPKGPATH-main = net/zabbix,-main
|
||||
PKGNAME-server = zabbix-server-${VERSION}p2
|
||||
PKGNAME-web = zabbix-web-${VERSION}p1
|
||||
PKGNAME-server = zabbix-server-${VERSION}
|
||||
FULLPKGNAME-web = zabbix-web-${VERSION}
|
||||
FULLPKGPATH-web = net/zabbix,-web
|
||||
CATEGORIES = net
|
||||
|
||||
HOMEPAGE = http://www.zabbix.com/
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
MD5 (zabbix-1.8.tar.gz) = BmFTcTwF+HO0NE5OoeBl6Q==
|
||||
RMD160 (zabbix-1.8.tar.gz) = HroarLdXm/VgBX/pzB1me/Nqxgg=
|
||||
SHA1 (zabbix-1.8.tar.gz) = +oJyG3RcyqhMM2AvQBbEBXtSRbM=
|
||||
SHA256 (zabbix-1.8.tar.gz) = Z0PwHycRbq17SJJ6wYRwi7kgVByI5jYC/h8rdAGGbuw=
|
||||
SIZE (zabbix-1.8.tar.gz) = 3549582
|
||||
MD5 (zabbix-1.8.2.tar.gz) = +kvk+nrCCjPMCqXCe4J3Rg==
|
||||
RMD160 (zabbix-1.8.2.tar.gz) = YzO7TGdkIpVqYMAcruPGfJwF3eI=
|
||||
SHA1 (zabbix-1.8.2.tar.gz) = WVc+/f/kgfHg0CD051tnDaqDfe0=
|
||||
SHA256 (zabbix-1.8.2.tar.gz) = uh0ARUVRwcbw0nD3Zxi2nOn1TEJ+Iqy1oTzLyeYh/YE=
|
||||
SIZE (zabbix-1.8.2.tar.gz) = 3706540
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
$OpenBSD: patch-misc_conf_zabbix_proxy_conf,v 1.3 2010/01/11 18:30:01 jasper Exp $
|
||||
--- misc/conf/zabbix_proxy.conf.orig Wed Dec 23 23:56:09 2009
|
||||
+++ misc/conf/zabbix_proxy.conf Wed Dec 23 23:57:56 2009
|
||||
$OpenBSD: patch-misc_conf_zabbix_proxy_conf,v 1.4 2010/04/09 10:17:59 ajacoutot Exp $
|
||||
--- misc/conf/zabbix_proxy.conf.orig Mon Mar 29 19:22:44 2010
|
||||
+++ misc/conf/zabbix_proxy.conf Fri Apr 9 10:23:05 2010
|
||||
@@ -55,8 +55,6 @@ Server=127.0.0.1
|
||||
# Default:
|
||||
# LogFile=
|
||||
@ -10,7 +10,7 @@ $OpenBSD: patch-misc_conf_zabbix_proxy_conf,v 1.3 2010/01/11 18:30:01 jasper Exp
|
||||
### Option: LogFileSize
|
||||
# Maximum size of log file in MB.
|
||||
# 0 - disable automatic log rotation.
|
||||
@@ -83,6 +81,7 @@ LogFile=/tmp/zabbix_proxy.log
|
||||
@@ -85,6 +83,7 @@ LogFile=/tmp/zabbix_proxy.log
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# PidFile=/tmp/zabbix_proxy.pid
|
||||
@ -18,7 +18,7 @@ $OpenBSD: patch-misc_conf_zabbix_proxy_conf,v 1.3 2010/01/11 18:30:01 jasper Exp
|
||||
|
||||
### Option: DBHost
|
||||
# Database host name.
|
||||
@@ -108,7 +107,7 @@ DBName=zabbix
|
||||
@@ -110,7 +109,7 @@ DBName=zabbix
|
||||
# Default:
|
||||
# DBUser=
|
||||
|
||||
@ -27,7 +27,7 @@ $OpenBSD: patch-misc_conf_zabbix_proxy_conf,v 1.3 2010/01/11 18:30:01 jasper Exp
|
||||
|
||||
### Option: DBPassword
|
||||
# Database password. Ignored for SQLite.
|
||||
@@ -124,6 +123,7 @@ DBUser=root
|
||||
@@ -126,6 +125,7 @@ DBUser=root
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# DBSocket=/tmp/mysql.sock
|
||||
@ -35,7 +35,7 @@ $OpenBSD: patch-misc_conf_zabbix_proxy_conf,v 1.3 2010/01/11 18:30:01 jasper Exp
|
||||
|
||||
# Option: DBPort
|
||||
# Database port when not using local socket. Ignored for SQLite.
|
||||
@@ -357,6 +357,7 @@ DBUser=root
|
||||
@@ -359,6 +359,7 @@ DBUser=root
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# ExternalScripts=/etc/zabbix/externalscripts
|
||||
@ -43,7 +43,7 @@ $OpenBSD: patch-misc_conf_zabbix_proxy_conf,v 1.3 2010/01/11 18:30:01 jasper Exp
|
||||
|
||||
### Option: FpingLocation
|
||||
# Location of fping.
|
||||
@@ -365,6 +366,7 @@ DBUser=root
|
||||
@@ -367,6 +368,7 @@ DBUser=root
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# FpingLocation=/usr/sbin/fping
|
||||
@ -51,7 +51,7 @@ $OpenBSD: patch-misc_conf_zabbix_proxy_conf,v 1.3 2010/01/11 18:30:01 jasper Exp
|
||||
|
||||
### Option: Fping6Location
|
||||
# Location of fping6.
|
||||
@@ -373,6 +375,7 @@ DBUser=root
|
||||
@@ -376,6 +378,7 @@ DBUser=root
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# Fping6Location=/usr/sbin/fping6
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
$OpenBSD: patch-misc_conf_zabbix_server_conf,v 1.3 2010/01/11 18:30:01 jasper Exp $
|
||||
--- misc/conf/zabbix_server.conf.orig Wed Dec 23 23:58:05 2009
|
||||
+++ misc/conf/zabbix_server.conf Wed Dec 23 23:59:44 2009
|
||||
@@ -35,8 +35,6 @@
|
||||
$OpenBSD: patch-misc_conf_zabbix_server_conf,v 1.4 2010/04/09 10:17:59 ajacoutot Exp $
|
||||
--- misc/conf/zabbix_server.conf.orig Mon Mar 29 19:22:44 2010
|
||||
+++ misc/conf/zabbix_server.conf Fri Apr 9 10:23:05 2010
|
||||
@@ -36,8 +36,6 @@
|
||||
# Default:
|
||||
# LogFile=
|
||||
|
||||
@ -10,7 +10,7 @@ $OpenBSD: patch-misc_conf_zabbix_server_conf,v 1.3 2010/01/11 18:30:01 jasper Ex
|
||||
### Option: LogFileSize
|
||||
# Maximum size of log file in MB.
|
||||
# 0 - disable automatic log rotation.
|
||||
@@ -63,6 +61,7 @@ LogFile=/tmp/zabbix_server.log
|
||||
@@ -66,6 +64,7 @@ LogFile=/tmp/zabbix_server.log
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# PidFile=/tmp/zabbix_server.pid
|
||||
@ -18,7 +18,7 @@ $OpenBSD: patch-misc_conf_zabbix_server_conf,v 1.3 2010/01/11 18:30:01 jasper Ex
|
||||
|
||||
### Option: DBHost
|
||||
# Database host name.
|
||||
@@ -88,7 +87,7 @@ DBName=zabbix
|
||||
@@ -92,7 +91,7 @@ DBName=zabbix
|
||||
# Default:
|
||||
# DBUser=
|
||||
|
||||
@ -27,7 +27,7 @@ $OpenBSD: patch-misc_conf_zabbix_server_conf,v 1.3 2010/01/11 18:30:01 jasper Ex
|
||||
|
||||
### Option: DBPassword
|
||||
# Database password. Ignored for SQLite.
|
||||
@@ -104,6 +103,7 @@ DBUser=root
|
||||
@@ -108,6 +107,7 @@ DBUser=root
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# DBSocket=/tmp/mysql.sock
|
||||
@ -35,7 +35,7 @@ $OpenBSD: patch-misc_conf_zabbix_server_conf,v 1.3 2010/01/11 18:30:01 jasper Ex
|
||||
|
||||
### Option: DBPort
|
||||
# Database port when not using local socket. Ignored for SQLite.
|
||||
@@ -316,6 +316,7 @@ DBUser=root
|
||||
@@ -335,6 +335,7 @@ DBUser=root
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# AlertScriptsPath=/home/zabbix/bin/
|
||||
@ -43,7 +43,7 @@ $OpenBSD: patch-misc_conf_zabbix_server_conf,v 1.3 2010/01/11 18:30:01 jasper Ex
|
||||
|
||||
### Option: ExternalScripts
|
||||
# Location of external scripts
|
||||
@@ -323,6 +324,7 @@ DBUser=root
|
||||
@@ -342,6 +343,7 @@ DBUser=root
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# ExternalScripts=/etc/zabbix/externalscripts
|
||||
@ -51,7 +51,7 @@ $OpenBSD: patch-misc_conf_zabbix_server_conf,v 1.3 2010/01/11 18:30:01 jasper Ex
|
||||
|
||||
### Option: FpingLocation
|
||||
# Location of fping.
|
||||
@@ -331,6 +333,7 @@ DBUser=root
|
||||
@@ -350,6 +352,7 @@ DBUser=root
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# FpingLocation=/usr/sbin/fping
|
||||
@ -59,7 +59,7 @@ $OpenBSD: patch-misc_conf_zabbix_server_conf,v 1.3 2010/01/11 18:30:01 jasper Ex
|
||||
|
||||
### Option: Fping6Location
|
||||
# Location of fping6.
|
||||
@@ -339,6 +342,7 @@ DBUser=root
|
||||
@@ -359,6 +362,7 @@ DBUser=root
|
||||
# Mandatory: no
|
||||
# Default:
|
||||
# Fping6Location=/usr/sbin/fping6
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
$OpenBSD: patch-src_libs_zbxsysinfo_openbsd_diskspace_c,v 1.2 2010/01/11 18:30:01 jasper Exp $
|
||||
--- src/libs/zbxsysinfo/openbsd/diskspace.c.orig Thu Dec 24 00:01:41 2009
|
||||
+++ src/libs/zbxsysinfo/openbsd/diskspace.c Thu Dec 24 00:03:36 2009
|
||||
$OpenBSD: patch-src_libs_zbxsysinfo_openbsd_diskspace_c,v 1.3 2010/04/09 10:17:59 ajacoutot Exp $
|
||||
--- src/libs/zbxsysinfo/openbsd/diskspace.c.orig Mon Mar 29 19:22:44 2010
|
||||
+++ src/libs/zbxsysinfo/openbsd/diskspace.c Fri Apr 9 10:23:49 2010
|
||||
@@ -25,7 +25,7 @@ static int get_fs_size_stat(const char *fs, zbx_uint64
|
||||
{
|
||||
#ifdef HAVE_SYS_STATVFS_H
|
||||
# define STATFS statvfs
|
||||
-# define BSIZE f_frsize
|
||||
+# define BSIZE f_frsize / 1024.0
|
||||
# define ZBX_STATFS statvfs
|
||||
-# define ZBX_BSIZE f_frsize
|
||||
+# define ZBX_BSIZE f_frsize / 1024.0
|
||||
#else
|
||||
# define STATFS statfs
|
||||
# define BSIZE f_bsize
|
||||
# define ZBX_STATFS statfs
|
||||
# define ZBX_BSIZE f_bsize
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
@comment $OpenBSD: PLIST-main,v 1.7 2010/01/24 14:09:01 okan Exp $
|
||||
@comment $OpenBSD: PLIST-main,v 1.8 2010/04/09 10:17:59 ajacoutot Exp $
|
||||
@pkgpath net/zabbix,-main,mysql
|
||||
@pkgpath net/zabbix,-main,pgsql
|
||||
@pkgpath net/zabbix,-doc,mysql
|
||||
@ -28,5 +28,3 @@ share/examples/zabbix/zabbix_agentd.conf
|
||||
@group _zabbix
|
||||
@sample ${SYSCONFDIR}/zabbix/zabbix_agentd.conf
|
||||
@comment share/examples/zabbix/zabbix_agentd.win.conf
|
||||
@mode
|
||||
@group
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
@comment $OpenBSD: PLIST-server,v 1.6 2010/01/24 14:09:01 okan Exp $
|
||||
@bin sbin/zabbix_proxy
|
||||
@bin sbin/zabbix_server
|
||||
@comment $OpenBSD: PLIST-server,v 1.7 2010/04/09 10:17:59 ajacoutot Exp $
|
||||
@man man/man8/zabbix_proxy.8
|
||||
@man man/man8/zabbix_server.8
|
||||
share/examples/zabbix/
|
||||
@sample ${SYSCONFDIR}/zabbix/
|
||||
@bin sbin/zabbix_proxy
|
||||
@bin sbin/zabbix_server
|
||||
share/examples/zabbix/
|
||||
share/examples/zabbix/zabbix_proxy.conf
|
||||
@mode 640
|
||||
@group _zabbix
|
||||
|
||||
@ -1,4 +1,6 @@
|
||||
@comment $OpenBSD: PLIST-web,v 1.8 2010/01/24 14:09:01 okan Exp $
|
||||
@comment $OpenBSD: PLIST-web,v 1.9 2010/04/09 10:17:59 ajacoutot Exp $
|
||||
@pkgpath net/zabbix,-web,mysql
|
||||
@pkgpath net/zabbix,-web,pgsql
|
||||
conf/modules.sample/zabbix.conf
|
||||
@comment conf/php5.sample/
|
||||
conf/php5.sample/zabbix.ini
|
||||
@ -8,6 +10,7 @@ zabbix/actionconf.php
|
||||
zabbix/api/
|
||||
zabbix/api/.htaccess
|
||||
zabbix/api/classes/
|
||||
zabbix/api/classes/class.apiexception.php
|
||||
zabbix/api/classes/class.caction.php
|
||||
zabbix/api/classes/class.calert.php
|
||||
zabbix/api/classes/class.capiinfo.php
|
||||
@ -17,9 +20,11 @@ zabbix/api/classes/class.cgraph.php
|
||||
zabbix/api/classes/class.cgraphitem.php
|
||||
zabbix/api/classes/class.chost.php
|
||||
zabbix/api/classes/class.chostgroup.php
|
||||
zabbix/api/classes/class.cimage.php
|
||||
zabbix/api/classes/class.citem.php
|
||||
zabbix/api/classes/class.cmaintenance.php
|
||||
zabbix/api/classes/class.cmap.php
|
||||
zabbix/api/classes/class.cproxy.php
|
||||
zabbix/api/classes/class.cscreen.php
|
||||
zabbix/api/classes/class.cscript.php
|
||||
zabbix/api/classes/class.ctemplate.php
|
||||
@ -63,6 +68,7 @@ zabbix/conf/zabbix.conf.php.example
|
||||
zabbix/config.php
|
||||
zabbix/css.css
|
||||
zabbix/dashboard.php
|
||||
zabbix/dashconf.php
|
||||
zabbix/discovery.php
|
||||
zabbix/discoveryconf.php
|
||||
zabbix/events.php
|
||||
@ -105,6 +111,10 @@ zabbix/images/general/bttn/arrowright.png
|
||||
zabbix/images/general/bttn/arrowright_bb.png
|
||||
zabbix/images/general/bttn/arrowup.png
|
||||
zabbix/images/general/bttn/arrowup_bb.png
|
||||
zabbix/images/general/bttn/config.png
|
||||
zabbix/images/general/bttn/config_bb.png
|
||||
zabbix/images/general/bttn/config_hl.png
|
||||
zabbix/images/general/bttn/config_hl_bb.png
|
||||
zabbix/images/general/bttn/down.png
|
||||
zabbix/images/general/bttn/down_bb.png
|
||||
zabbix/images/general/bttn/fullscreen.png
|
||||
@ -143,6 +153,7 @@ zabbix/images/general/ipmi_available.png
|
||||
zabbix/images/general/ipmi_available_bb.png
|
||||
zabbix/images/general/ipmi_unavailable.png
|
||||
zabbix/images/general/ipmi_unknown.png
|
||||
zabbix/images/general/no_icon.png
|
||||
zabbix/images/general/ok.png
|
||||
zabbix/images/general/ok_bb.png
|
||||
zabbix/images/general/ok_icon.png
|
||||
@ -240,6 +251,7 @@ zabbix/include/
|
||||
zabbix/include/.htaccess
|
||||
zabbix/include/acknow.inc.php
|
||||
zabbix/include/actions.inc.php
|
||||
zabbix/include/apicalls.inc.php
|
||||
zabbix/include/audit.inc.php
|
||||
zabbix/include/blocks.inc.php
|
||||
zabbix/include/classes/
|
||||
@ -306,6 +318,7 @@ zabbix/include/classes/class.cwidget.php
|
||||
zabbix/include/config.inc.php
|
||||
zabbix/include/copt.lib.php
|
||||
zabbix/include/db.inc.php
|
||||
zabbix/include/debug.inc.php
|
||||
zabbix/include/defines.inc.php
|
||||
zabbix/include/discovery.inc.php
|
||||
zabbix/include/events.inc.php
|
||||
@ -316,6 +329,7 @@ zabbix/include/graphs.inc.php
|
||||
zabbix/include/hosts.inc.php
|
||||
zabbix/include/html.inc.php
|
||||
zabbix/include/httptest.inc.php
|
||||
zabbix/include/ident.inc.php
|
||||
zabbix/include/images.inc.php
|
||||
zabbix/include/items.inc.php
|
||||
zabbix/include/js.inc.php
|
||||
@ -336,6 +350,7 @@ zabbix/include/locales/pt_br.inc.php
|
||||
zabbix/include/locales/ru_ru.inc.php
|
||||
zabbix/include/locales/sp_sp.inc.php
|
||||
zabbix/include/locales/sv_se.inc.php
|
||||
zabbix/include/locales/ua_ua.inc.php
|
||||
zabbix/include/maintenances.inc.php
|
||||
zabbix/include/maps.inc.php
|
||||
zabbix/include/media.inc.php
|
||||
@ -347,6 +362,7 @@ zabbix/include/perm.inc.php
|
||||
zabbix/include/profiles.inc.php
|
||||
zabbix/include/regexp.inc.php
|
||||
zabbix/include/reports.inc.php
|
||||
zabbix/include/requirements.inc.php
|
||||
zabbix/include/screens.inc.php
|
||||
zabbix/include/scripts.inc.php
|
||||
zabbix/include/services.inc.php
|
||||
@ -359,13 +375,14 @@ zabbix/instal.php
|
||||
zabbix/items.php
|
||||
zabbix/js/
|
||||
zabbix/js/class.calendar.js
|
||||
zabbix/js/class.cdate.js
|
||||
zabbix/js/class.cmap.js
|
||||
zabbix/js/class.cookie.js
|
||||
zabbix/js/class.cscreen.js
|
||||
zabbix/js/class.cswitcher.js
|
||||
zabbix/js/class.ctree.js
|
||||
zabbix/js/class.curl.js
|
||||
zabbix/js/class.pmaster.js
|
||||
zabbix/js/class.switcher.js
|
||||
zabbix/js/common.js
|
||||
zabbix/js/functions.js
|
||||
zabbix/js/gtlc.js
|
||||
|
||||
Loading…
Reference in New Issue
Block a user