nagios: 4.0.8 -> 4.2.3 (for CVE) #20763
Merged
+6
−6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This update includes many security related fixes. Version 4.2.0 fixes: - CVE-2008-4796 - CVE-2013-4214 Version 4.2.2 fixes: - CVE-2016-9565 Version 4.2.3 fixes: - CVE-2016-8641 See https://www.nagios.org/projects/nagios-core/history/4x/ for full detail changes.
|
@lsix, thanks for your PR! By analyzing the history of the files in this pull request, we identified @thoughtpolice and @edolstra to be potential reviewers. |
domenkozar
added
the
1.severity: security
grahamc
reviewed
Nov 28, 2016
| }; | ||
|
|
||
| patches = [ ./nagios.patch ]; | ||
| buildInputs = [ php perl gd libpng zlib ]; | ||
| buildInputs = [ php perl gd libpng zlib unzip ]; |
There was a problem hiding this comment.
Does something about the patch for the CVE involve needing unzip? This is fine of course, but looks a bit like a mistake.
There was a problem hiding this comment.
I do not think that unzip it is related to the CVE:
$ nix-build -A nagios
…
gcc -Wall -I.. -g -O2 -DHAVE_CONFIG_H -DNSCGI -o summary.cgi summary.c ../common/shared.o getcgi.o cgiutils.o cgiauth.o macros-cgi.o objects-cgi.o xobjects-cgi.o statusdata-cgi.o xstatusdata-cgi.o comments-cgi.o downtime-cgi.o ../lib/libnagios.a
gcc -Wall -I.. -g -O2 -DHAVE_CONFIG_H -DNSCGI -o tac.cgi tac.c ../common/shared.o getcgi.o cgiutils.o cgiauth.o macros-cgi.o objects-cgi.o xobjects-cgi.o statusdata-cgi.o xstatusdata-cgi.o comments-cgi.o downtime-cgi.o ../lib/libnagios.a
gcc -Wall -I.. -g -O2 -DHAVE_CONFIG_H -DNSCGI -o statuswrl.cgi statuswrl.c ../common/shared.o getcgi.o cgiutils.o cgiauth.o macros-cgi.o objects-cgi.o xobjects-cgi.o statusdata-cgi.o xstatusdata-cgi.o comments-cgi.o downtime-cgi.o ../lib/libnagios.a -lm
gcc -Wall -I.. -g -O2 -DHAVE_CONFIG_H -DNSCGI -o statusmap.cgi statusmap.c ../common/shared.o getcgi.o cgiutils.o cgiauth.o macros-cgi.o objects-cgi.o xobjects-cgi.o statusdata-cgi.o xstatusdata-cgi.o comments-cgi.o downtime-cgi.o ../lib/libnagios.a -lgd -lpng -ljpeg -lz -lm
gcc -Wall -I.. -g -O2 -DHAVE_CONFIG_H -DNSCGI -o trends.cgi trends.c ../common/shared.o getcgi.o cgiutils.o cgiauth.o macros-cgi.o objects-cgi.o xobjects-cgi.o statusdata-cgi.o xstatusdata-cgi.o comments-cgi.o downtime-cgi.o ../lib/libnagios.a -lgd -lpng -ljpeg -lz -lm
gcc -Wall -I.. -g -O2 -DHAVE_CONFIG_H -DNSCGI -o histogram.cgi histogram.c ../common/shared.o getcgi.o cgiutils.o cgiauth.o macros-cgi.o objects-cgi.o xobjects-cgi.o statusdata-cgi.o xstatusdata-cgi.o comments-cgi.o downtime-cgi.o ../lib/libnagios.a -lgd -lpng -ljpeg -lz -lm
make[1]: Leaving directory '/tmp/nix-build-nagios-4.2.3.drv-0/nagios-4.2.3/cgi'
cd ./html && make
make[1]: Entering directory '/tmp/nix-build-nagios-4.2.3.drv-0/nagios-4.2.3/html'
(cd angularjs && unzip -u angular-1.3.9.zip)
/nix/store/mgdm9y2lhmyb74wwa42qhcl633vbwn26-bash-4.3-p46/bin/bash: unzip: command not found
make[1]: *** [Makefile:20: all] Error 127
make[1]: Leaving directory '/tmp/nix-build-nagios-4.2.3.drv-0/nagios-4.2.3/html'
make: *** [Makefile:75: all] Error 2
builder for ‘/nix/store/zisvfirpbs454rdskf92f31q02g3gv1b-nagios-4.2.3.drv’ failed with exit code 2
error: build of ‘/nix/store/zisvfirpbs454rdskf92f31q02g3gv1b-nagios-4.2.3.drv’ failedThis version seems to embed a web UI build on angularjs, and angular is embedded as a zip in the distribution. Not having it would mean that we would have to cherry-pick the security related updates from nagios-4.2.3 into nagios-4.0.8.
|
I'd merge and cherry-pick as soon as I heard back on the unzip. |
|
Ok, LGTM, thank you. merging and backporting. |
|
Backported at 7fc197f and a9523ed. Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
Nagios update contains many security related fixes (see https://www.nagios.org/projects/nagios-core/history/4x/) . 5b6d52b should probably be backported to stable.
Nagios version 4.2.0 fixes:
Nagios version 4.2.2 fixes:
Nagios version 4.2.3 fixes:
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)
nix-shell -p nox --run "nox-review wip"./result/bin/)