diff --git a/munin-1.4.5.tar.gz b/munin-1.4.5.tar.gz deleted file mode 100644 index f5aa959..0000000 --- a/munin-1.4.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4f8632713c5267e282b091cf7ef5163c5de321536e76dbaab2204aa23c957138 -size 1231622 diff --git a/munin-1.4.7.tar.gz b/munin-1.4.7.tar.gz new file mode 100644 index 0000000..2af976a --- /dev/null +++ b/munin-1.4.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9a87356b1f8662f444a7a2a86ff36809124ffe787c442de0ea35850194d602af +size 1236273 diff --git a/munin-CVE-2012-2147.patch b/munin-CVE-2012-2147.patch new file mode 100644 index 0000000..29a0508 --- /dev/null +++ b/munin-CVE-2012-2147.patch @@ -0,0 +1,39 @@ +diff --git a/common/lib/Munin/Common/Config.pm b/common/lib/Munin/Common/Config.pm +index 81b1dc8..76ff088 100644 +--- a/common/lib/Munin/Common/Config.pm ++++ b/common/lib/Munin/Common/Config.pm +@@ -37,6 +37,7 @@ my %legal = map { $_ => 1 } ( + "cdef_name", "graphable", "process", "realname", + "onlynullcdef", "group_order", "pipe", "pipe_command", + "unknown_limit", "num_unknowns", "dropdownlimit", ++ "max_size_x", "max_size_y", + "max_graph_jobs", "max_cgi_graph_jobs", "munin_cgi_graph_jobs", + "max_html_jobs", "num_messages"); + +diff --git a/master/_bin/munin-cgi-graph.in b/master/_bin/munin-cgi-graph.in +index 72a13ba..f09ca17 100755 +--- a/master/_bin/munin-cgi-graph.in ++++ b/master/_bin/munin-cgi-graph.in +@@ -265,6 +265,22 @@ sub verify_parameters + exit 1; + } + } ++ ++ # Checks the image size requested. ++ if (( CGI::param("size_x") || "") =~ m/^(\d+)/) { ++ my $max_size_x = ( $config->{max_size_x} || 4000); ++ if ($1 > $max_size_x) { ++ print STDERR "Warning: Asked image size x too large : $1 > $max_size_x. Bailing out.\n"; ++ exit 1; ++ } ++ } ++ if (( CGI::param("size_y") || "") =~ m/^(\d+)/) { ++ my $max_size_y = ($config->{max_size_y} || 4000); ++ if ($1 > $max_size_y) { ++ print STDERR "Warning: Asked image size y too large : $1 > $max_size_y. Bailing out.\n"; ++ exit 1; ++ } ++ } + } + + diff --git a/munin.changes b/munin.changes new file mode 100644 index 0000000..e4b0680 --- /dev/null +++ b/munin.changes @@ -0,0 +1,165 @@ +------------------------------------------------------------------- +Thu May 3 15:09:14 UTC 2012 - wr@rosenauer.org + +- update to bugfix release 1.4.7 +- fixed CVE-2012-2147 (bnc#759910) + +------------------------------------------------------------------- +Wed Jun 9 00:00:00 UTC 2010 - detlef@links2linux.de + +- new upstream version <1.4.5> + * bugfix release + +------------------------------------------------------------------- +Sat Mar 6 00:00:00 UTC 2010 - detlef@links2linux.de + +- new upstream version <1.4.4> + +------------------------------------------------------------------- +Thu Dec 31 00:00:00 UTC 2009 - detlef@links2linux.de + +- new upstream release <1.4.3> + +------------------------------------------------------------------- +Mon Dec 21 00:00:00 UTC 2009 - detlef@links2linux.de + +- new upstream release <1.4.2> + +------------------------------------------------------------------- +Mon Dec 7 00:00:00 UTC 2009 - detlef@links2linux.de + +- new upstream release <1.4.1> + +------------------------------------------------------------------- +Sat Nov 28 00:00:00 UTC 2009 - detlef@links2linux.de + +- new upstream release <1.4.0> + +------------------------------------------------------------------- +Sat Dec 27 00:00:00 UTC 2008 - detlef@links2linux.de + +- add UTF8 patch + +------------------------------------------------------------------- +Sat Jul 19 00:00:00 UTC 2008 - detlef@links2linux.de + +- new upstream release <1.2.6> + +------------------------------------------------------------------- +Wed Aug 15 00:00:00 UTC 2007 - detlef@links2linux.de + +- new upstream release <1.2.5> + +------------------------------------------------------------------- +Mon Oct 17 00:00:00 UTC 2005 - detlef@links2linux.de + +- Fixed missing /sbin/rcmunin-node + +------------------------------------------------------------------- +Sun Oct 16 00:00:00 UTC 2005 - detlef@links2linux.de + +- First build for packman + +------------------------------------------------------------------- +Sun Apr 3 00:00:00 UTC 2005 - runesk@linpro.no + +- 1.2.3 release + +------------------------------------------------------------------- +Fri Apr 1 00:00:00 UTC 2005 - runesk@linpro.no + +- 1.2.2 release +- Fixed SF bug 1164481 (missing /srv/www/htdocs/munin) +- Fixed SF bug 1164477 (patch for Net::Domain on PPC64) + +------------------------------------------------------------------- +Fri Mar 11 00:00:00 UTC 2005 - runesk@linpro.no + +- 1.2.1 release + +------------------------------------------------------------------- +Wed Mar 9 00:00:00 UTC 2005 - runesk@linpro.no + +- Fixed erronumous path to web directory +- Added start of node if not running + +------------------------------------------------------------------- +Tue Mar 8 00:00:00 UTC 2005 - runesk@linpro.no + +- Fixed some build path problems + +------------------------------------------------------------------- +Thu Feb 24 00:00:00 UTC 2005 - runesk@linpro.no + +- New major release + +------------------------------------------------------------------- +Wed Feb 9 00:00:00 UTC 2005 - runesk@linpro.no + +- Updated to version 1.2.0rc2. +- Removed Nagios stuff +- Added noreplace for some central configuration files + +------------------------------------------------------------------- +Thu Nov 18 00:00:00 UTC 2004 - runesk@linpro.no + +- Updated to version 1.0.4 + +------------------------------------------------------------------- +Mon Nov 8 00:00:00 UTC 2004 - runesk@linpro.no + +- Updated version 1.0.3 / sync with redhat-build + +------------------------------------------------------------------- +Wed Aug 4 00:00:00 UTC 2004 - runesk@linpro.no + +- Initial SuSE build + +------------------------------------------------------------------- +Sun Feb 1 00:00:00 UTC 2004 - ingvar@linpro.no + +- Sync with CVS. Version 1.0.0pre2 + +------------------------------------------------------------------- +Sun Jan 18 00:00:00 UTC 2004 - ingvar@linpro.no + +- Sync with CVS. Change names to munin. + +------------------------------------------------------------------- +Fri Oct 31 00:00:00 UTC 2003 - ingvar@linpro.no + +- Lot of small fixes. Now builds on more RPM distros + +------------------------------------------------------------------- +Wed May 21 00:00:00 UTC 2003 - ingvar@linpro.no + +- Sync with CVS +- 0.9.5-1 + +------------------------------------------------------------------- +Tue Apr 1 00:00:00 UTC 2003 - ingvar@linpro.no + +- Sync with CVS +- Makefile-based install of core files +- Build doc (only pod2man) + +------------------------------------------------------------------- +Thu Jan 9 00:00:00 UTC 2003 - ingvar@linpro.no + +- Sync with CVS, auto rpmbuild + +------------------------------------------------------------------- +Thu Jan 2 00:00:00 UTC 2003 - ingvar@linpro.no + +- Fix spec file for RedHat 8.0 and new version of lrrd + +------------------------------------------------------------------- +Wed Sep 4 00:00:00 UTC 2002 - ingvar@linpro.no + +- Small bugfixes in the rpm package + +------------------------------------------------------------------- +Tue Jun 18 00:00:00 UTC 2002 - kjetilho@linpro.no + +- new package + diff --git a/munin.spec b/munin.spec index 2f00e4f..f26ebd6 100644 --- a/munin.spec +++ b/munin.spec @@ -8,7 +8,7 @@ Name: munin -Version: 1.4.5 +Version: 1.4.7 Release: 1 Summary: Network-wide graphing framework (grapher/gatherer) License: GPL @@ -22,6 +22,7 @@ Source4: munin.logrotate Source5: munin-node.logrotate Source6: munin-node.cron.d Source7: plugins.conf +Patch0: munin-CVE-2012-2147.patch Requires: perl-base = %{perl_version} Requires: perl-HTML-Template perl-Log-Log4perl perl-Net-Server perl-Net-SNMP %if %suse_version >= 1110 @@ -88,6 +89,7 @@ RRDtool. To see a real example of Munin in action, take a peek at %prep %setup -q cp %{SOURCE1} . +%patch0 -p1 %build