Nagios Core 3.5.0rc1
Eric Stanley
estanley at nagios.com
Sat Mar 9 22:13:27 CET 2013
Thank, Phil. I found my logic error and corrected it.
On 3/8/13 2:49 PM, Randal, Phil wrote:
> Hi Eric,
>
> I’ve double checked my configs against the base 3.5.0rc1 cgi.cfg and nagios.cfg, nothing in them to cause a problem (except I made sure cgi.cfg had
>
> escape_html_tags=0
>
> What’s happening is that the double quote character in a href="www.dell.com ..." is being escaped into "
>
> Even if it was correct to escape it at that point, there's a bug (no semicolon at end of string, e.g. &h34;)
>
> Patch to fix that issue:
>
> diff -Naur cgiutils.c.old cgiutils.c
> --- cgiutils.c.old 2013-03-08 20:14:51.000000000 +0000
> +++ cgiutils.c 2013-03-08 20:16:17.000000000 +0000
> @@ -1055,7 +1055,7 @@
>
> /* for simplicity, all other chars represented by their numeric value */
> else {
> - sprintf( temp_expansion, "&#%u", *( unsigned int *)inwcp);
> + sprintf( temp_expansion, "&#%u;", *( unsigned int *)inwcp);
> if((( outstp - encoded_html_string) + strlen( temp_expansion)) <
> output_max) {
> strncpy( outstp, temp_expansion, strlen( temp_expansion));
> @@ -1154,7 +1154,7 @@
>
> /* Encode everything else (this may be excessive) */
> else {
> - sprintf( temp_expansion, "&#%u", ( unsigned int)wctemp[ 0]);
> + sprintf( temp_expansion, "&#%u;", ( unsigned int)wctemp[ 0]);
> if((( stp - encoded_html_string) + strlen( temp_expansion)) <
> output_max) {
> strncpy( stp, temp_expansion, strlen( temp_expansion));
>
>
> Even with that issue fixed firefox and IE mishandle urls of form
>
> href="http://www.dell.com/support/troubleshooting/uk/en/nodhs1/Index?t=warranty&servicetag=xxxxxxx"
>
> It expects
>
> href="http://www.dell.com/support/troubleshooting/uk/en/nodhs1/Index?t=warranty&servicetag=xxxxxxx"
>
> which is the original plugin output.
>
> status.cgi in 3.4.4 didn't escape the double quote character, which is the difference between the working 3.4.4 and broken 3.5.0rc1
>
> CentOS 5.9, Apache httpd-2.2.3-76.el5.centos
>
> Cheers,
>
> Phil
>
> From: Eric Stanley [mailto:estanley at nagios.com]
> Sent: 08 March 2013 17:27
> To: Nagios Developers List
> Subject: Re: [Nagios-devel] Nagios Core 3.5.0rc1
>
> Sorry, Phil, but I'm still not able to reproduce it. I tried using the check_esxi_hardware.py plugin and I get the following displayed in the 'Status Information' column on the status.cgi:
>
> OK - Server: Dell Inc. <a href="http://support.dell.com/support/edocs/systems/peT710/">PowerEdge T710</a> s/n: <a href="http://www.dell.com/support/troubleshooting/us/en/nodhs1/Index?t=warranty&servicetag=xxxxxxx">xxxxxxxx</a> System BIOS: 6.0.7 2011-08-18
>
> Can you send the applicable configs?
>
> Thanks,
>
> Eric
>
> On 3/7/13 6:48 AM, Randal, Phil wrote:
> ./check_openmanage -H hc-server -I
>
> OK - System: '<a target="_blank" href=http://support.dell.com/support/edocs/systems/pe1955/>PowerEdge 1955</a>', SN: '<a target="_blank" href="http://www.dell.com/support/troubleshooting/Index?t=warranty&servicetag=xxxxxx">xxxxxxx</a>', 16 GB ram (8 dimms), 1 logical drives, 2 physical drives
>
> The href lines are what are getting mangled (appended in quotes) to the base cgi url
>
> Both 3.4.4 and 3.4.5rc1 work fine.
>
> It's my own rpm build, but that shouldn't make any difference.
>
> Cheers,
>
> Phil
> -----Original Message-----
> From: Eric Stanley [mailto:estanley at nagios.com]
> Sent: 07 March 2013 12:03
> To: nagios-devel at lists.sourceforge.net
> Subject: Re: [Nagios-devel] Nagios Core 3.5.0rc1
>
> Thanks for the report, Phil.
>
> I'm having a hard time guessing what might have broken that between
> 3.4.4 and now. I did a quick test using check_dummy and I don't see the issue.
>
> Are you running 3.4.4? If not, what version are you running where it works correctly? Also, where do you see the broken URL?
>
> Could you send me the output of the plugin(s) run from the command line?
>
> Thanks,
>
> Eric
>
> On 3/5/13 11:53 AM, Randal, Phil wrote:
> 3.5.0rc1 breaks check_openmanage output (and check_esxi_hardware.py
> output in the same way)
>
> A link which should be, for example,
>
> http://support.dell.com/support/edocs/systems/peR815/
>
> gets mangled into something liek
>
> http://<yournagiosserver>/nagios/cgi-bin/"http://support.dell.com/support/edocs/systems/peR815/"
>
> Cheers,
>
> Phil
>
> -----Original Message-----
> From: Eric Stanley [mailto:estanley at nagios.com]
> Sent: 28 February 2013 11:59
> To: Nagios Developers List
> Subject: [Nagios-devel] Nagios Core 3.5.0rc1
>
> Sorry for multiple release candidates, but I fixed two more issues with the CGIs that are very closely related to issues fixed in the 3.4.5rc1 tarball.
>
> The release has also been bumped to 3.5.0 because of an ABI change. (It should have been bumped prior to 3.4.5rc1.) The downtime structure had a member added to help resolve the downtime notification problem. This means that modules will need to be recompiled to use this version.
>
> You can download the 3.5.0rc1 tarball from http://sourceforge.net/projects/nagios/files/nagios-3.x/nagios-3.5.0/nagios-3.5.0rc1.tar.gz/download.
>
> Feel free to compile it and try it (on a test system, please). The 3.4.5 candidate did not generate much feedback and I'm hoping no news is good news. The changes between 3.4.5rc1 and 3.5.0rc1 are relatively minor, so I don't plan to wait long until releasing 3.5.0.
>
> The complete changelog since 3.4.4 is as follows:
>
> * Fixed bug #403: The "configuration" page of the webui doesn't use
> entity encoding when displaying the "command expansion" item (Eric
> Stanley)
> * Fixed bug #424: Nagios Core 3.4.4 seg fault (core dump) on restart
> after removing config for running service (Eric Stanley)
> * Updated CGI utility functions to support UTF-8 characters (Eric
> Stanley)
> * Fixed bug where selecting Command Expansion from Configuration CGI
> page would display commands instead (Eric Stanley)
> * Fixed bug #369: status.cgi crashes with segfault when there are
> german ulauts (äöüß) in the hostname or the servicename (Eric Stanley)
> * Fixed bug #418: Scheduled Downtime Notifications Resent On Nagios
> Restart/reload (Eric Stanley)
>
>
> --
> Eric Stanley
> ___
> Developer
> Nagios Enterprises, LLC
> Email: estanley at nagios.com
> Web: www.nagios.com
>
>
> ----------------------------------------------------------------------
> -------- Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics Download AppDynamics Lite
> for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-devel
> “Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
> ----------------------------------------------------------------------
> -------- Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics Download AppDynamics Lite
> for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-devel
>
>
> --
> Eric Stanley
> ___
> Developer
> Nagios Enterprises, LLC
> Email: estanley at nagios.com
> Web: www.nagios.com
>
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-devel
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-devel
>
>
>
--
Eric Stanley
___
Developer
Nagios Enterprises, LLC
Email: estanley at nagios.com
Web: www.nagios.com
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
More information about the Developers
mailing list