← Back to branch summary

~ubuntu-dev/ubuntu/lucid/zabbix/lucid-201002110857

~ubuntu-dev/ubuntu/lucid/zabbix/lucid-201002110857

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2007-6210.dpatch

Committer: Bazaar Package Importer
Author(s): Stephan Hermann
Date: 2008-06-04 09:22:37 UTC
mfrom: (1.1.6 upstream)
Revision ID: james.westby@ubuntu.com-20080604092237-zgwq7kmraj1oohoz

Tags: 1:1.4.5-1ubuntu1

https://launchpad.net/bugs/172775

* Merge from debian unstable, remaining changes:
+ fixing missing pid directory in /var/run
* Added the same patch to debian/zabbix-server-{mysql,pgsql}.zabbix-server.init
(LP: #172775)

files added:
build/win32/project/ZABBIX.sln

build/win32/project/zabbix_agentd.vcproj

build/win32/project/zabbix_get.vcproj

build/win32/project/zabbix_sender.vcproj

create/data/images

create/data/images/Hub.png

create/data/images/Hub_small.png

create/data/images/Network.png

create/data/images/Network_small.png

create/data/images/Notebook.png

create/data/images/Notebook_small.png

create/data/images/Phone.png

create/data/images/Phone_small.png

create/data/images/Printer.png

create/data/images/Printer_small.png

create/data/images/Router.png

create/data/images/Router_small.png

create/data/images/Satellite.png

create/data/images/Satellite_small.png

create/data/images/Server.png

create/data/images/Server_small.png

create/data/images/UPS.png

create/data/images/UPS_small.png

create/data/images/Workstation.png

create/data/images/Workstation_small.png

debian/po/nl.po

debian/po/pl.po

docs/ZABBIX Manual v1.4 rev 12.pdf

frontends/php/images/general/zabbix.ico

frontends/php/include/locales/hu_hu.inc.php

frontends/php/include/locales/pt_br.inc.php

frontends/php/js/blink.js

src/libs/zbxsysinfo/freebsd/boottime.c

src/libs/zbxsysinfo/openbsd/boottime.c

files removed:
build/win32/project/ZABBIX.dsw

build/win32/project/zabbix_agentd.dsp

build/win32/project/zabbix_get.dsp

build/win32/project/zabbix_sender.dsp

debian/patches

debian/patches/00list

debian/patches/CVE-2007-6210.dpatch

debian/patches/DPATCH

debian/patches/vm-memory-size.dpatch

docs/ZABBIX Manual v1.4 rev 9.pdf

files modified:
ChangeLog

Makefile.in

bin/win32/zabbix_agentd.exe

bin/win32/zabbix_get.exe

bin/win32/zabbix_sender.exe

bin/win64/zabbix_agentd.exe

config.guess

config.sub

configure

configure.in

create/Makefile.am

create/Makefile.in

create/data/data.sql

create/schema/Makefile.in

debian/changelog

debian/control

debian/rules

debian/zabbix-agent.init

debian/zabbix-server-mysql.zabbix-server.init

debian/zabbix-server-pgsql.zabbix-server.init

frontends/php/acknow.php

frontends/php/actionconf.php

frontends/php/actions.php

frontends/php/audit.php

frontends/php/chart3.php

frontends/php/chart4.php

frontends/php/charts.php

frontends/php/config.php

frontends/php/discovery.php

frontends/php/discoveryconf.php

frontends/php/events.php

frontends/php/exp_imp.php

frontends/php/graphs.php

frontends/php/history.php

frontends/php/hostprofiles.php

frontends/php/hosts.php

frontends/php/httpconf.php

frontends/php/httpdetails.php

frontends/php/httpmon.php

frontends/php/include/actions.inc.php

frontends/php/include/classes/ccombobox.inc.php

frontends/php/include/classes/cform.inc.php

frontends/php/include/classes/cformtable.inc.php

frontends/php/include/classes/ciframe.inc.php

frontends/php/include/classes/ctable.inc.php

frontends/php/include/classes/ctag.inc.php

frontends/php/include/classes/ctree.inc.php

frontends/php/include/classes/graph.inc.php

frontends/php/include/config.inc.php

frontends/php/include/copt.lib.php

frontends/php/include/db.inc.php

frontends/php/include/defines.inc.php

frontends/php/include/events.inc.php

frontends/php/include/export.inc.php

frontends/php/include/forms.inc.php

frontends/php/include/graphs.inc.php

frontends/php/include/hosts.inc.php

frontends/php/include/html.inc.php

frontends/php/include/import.inc.php

frontends/php/include/items.inc.php

frontends/php/include/js.inc.php

frontends/php/include/locales.inc.php

frontends/php/include/locales/en_gb.inc.php

frontends/php/include/locales/fr_fr.inc.php

frontends/php/include/locales/ru_ru.inc.php

frontends/php/include/locales/sp_sp.inc.php

frontends/php/include/maps.inc.php

frontends/php/include/media.inc.php

frontends/php/include/nodes.inc.php

frontends/php/include/page_header.php

frontends/php/include/perm.inc.php

frontends/php/include/screens.inc.php

frontends/php/include/services.inc.php

frontends/php/include/setup.inc.php

frontends/php/include/triggers.inc.php

frontends/php/include/users.inc.php

frontends/php/include/validate.inc.php

frontends/php/items.php

frontends/php/js/common.js

frontends/php/js/services.js

frontends/php/js/tree.js

frontends/php/latest.php

frontends/php/maps.php

frontends/php/media_types.php

frontends/php/nodes.php

frontends/php/overview.php

frontends/php/popup.php

frontends/php/popup_trexpr.php

frontends/php/profile.php

frontends/php/queue.php

frontends/php/report2.php

frontends/php/report3.php

frontends/php/report4.php

frontends/php/report5.php

frontends/php/screenconf.php

frontends/php/screenedit.php

frontends/php/screens.php

frontends/php/services_form.php

frontends/php/srv_status.php

frontends/php/sysmaps.php

frontends/php/tr_events.php

frontends/php/tr_status.php

frontends/php/triggers.php

frontends/php/users.php

include/common.h

include/comms.h

include/config.h

include/config.h.in

include/db.h

include/dbsync.h

include/service.h

include/sysinc.h

include/zbxdb.h

include/zbxtypes.h

m4/jabber.m4

m4/libcurl.m4

misc/Makefile.in

misc/conf/zabbix_agentd.conf

misc/conf/zabbix_server.conf

src/Makefile.in

src/libs/Makefile.in

src/libs/zbxcommon/Makefile.in

src/libs/zbxcommon/comms.c

src/libs/zbxcommon/gnuregex.c

src/libs/zbxcommon/misc.c

src/libs/zbxcommon/regexp.c

src/libs/zbxcommon/str.c

src/libs/zbxcomms/Makefile.in

src/libs/zbxcomms/comms.c

src/libs/zbxconf/Makefile.in

src/libs/zbxcrypto/Makefile.in

src/libs/zbxdb/Makefile.in

src/libs/zbxdb/db.c

src/libs/zbxdbhigh/Makefile.in

src/libs/zbxdbhigh/db.c

src/libs/zbxdbhigh/host.c

src/libs/zbxemail/Makefile.in

src/libs/zbxemail/email.c

src/libs/zbxjabber/Makefile.in

src/libs/zbxlog/Makefile.in

src/libs/zbxnix/Makefile.in

src/libs/zbxnix/daemon.c

src/libs/zbxplugin/Makefile.in

src/libs/zbxsms/Makefile.in

src/libs/zbxsms/sms.c

src/libs/zbxsys/Makefile.in

src/libs/zbxsys/mutexs.c

src/libs/zbxsysinfo/Makefile.in

src/libs/zbxsysinfo/aix/Makefile.in

src/libs/zbxsysinfo/aix/diskspace.c

src/libs/zbxsysinfo/common/Makefile.in

src/libs/zbxsysinfo/common/common.c

src/libs/zbxsysinfo/common/file.c

src/libs/zbxsysinfo/common/http.c

src/libs/zbxsysinfo/common/net.c

src/libs/zbxsysinfo/freebsd/Makefile.am

src/libs/zbxsysinfo/freebsd/Makefile.in

src/libs/zbxsysinfo/freebsd/cpu.c

src/libs/zbxsysinfo/freebsd/diskspace.c

src/libs/zbxsysinfo/freebsd/freebsd.c

src/libs/zbxsysinfo/freebsd/memory.c

src/libs/zbxsysinfo/hpux/Makefile.in

src/libs/zbxsysinfo/hpux/diskspace.c

src/libs/zbxsysinfo/linux/Makefile.in

src/libs/zbxsysinfo/linux/cpu.c

src/libs/zbxsysinfo/linux/diskspace.c

src/libs/zbxsysinfo/linux/memory.c

src/libs/zbxsysinfo/linux/proc.c

src/libs/zbxsysinfo/linux/sensors.c

src/libs/zbxsysinfo/netbsd/Makefile.in

src/libs/zbxsysinfo/netbsd/diskspace.c

src/libs/zbxsysinfo/openbsd/Makefile.am

src/libs/zbxsysinfo/openbsd/Makefile.in

src/libs/zbxsysinfo/openbsd/cpu.c

src/libs/zbxsysinfo/openbsd/diskspace.c

src/libs/zbxsysinfo/openbsd/openbsd.c

src/libs/zbxsysinfo/openbsd/proc.c

src/libs/zbxsysinfo/openbsd/uptime.c

src/libs/zbxsysinfo/osf/Makefile.in

src/libs/zbxsysinfo/osf/cpu.c

src/libs/zbxsysinfo/osf/diskspace.c

src/libs/zbxsysinfo/osx/Makefile.in

src/libs/zbxsysinfo/osx/cpu.c

src/libs/zbxsysinfo/osx/diskspace.c

src/libs/zbxsysinfo/simple/Makefile.in

src/libs/zbxsysinfo/simple/ntp.c

src/libs/zbxsysinfo/simple/simple.c

src/libs/zbxsysinfo/solaris/Makefile.in

src/libs/zbxsysinfo/solaris/cpu.c

src/libs/zbxsysinfo/solaris/diskspace.c

src/libs/zbxsysinfo/unknown/Makefile.in

src/libs/zbxsysinfo/unknown/diskspace.c

src/libs/zbxsysinfo/win32/memory.c

src/libs/zbxwin32/perfmon.c

src/libs/zbxwin32/service.c

src/zabbix_agent/Makefile.in

src/zabbix_agent/active.c

src/zabbix_agent/cpustat.c

src/zabbix_agent/cpustat.h

src/zabbix_agent/eventlog.c

src/zabbix_agent/logfiles.c

src/zabbix_agent/zabbix_agentd.c

src/zabbix_get/Makefile.in

src/zabbix_get/zabbix_get.c

src/zabbix_sender/Makefile.in

src/zabbix_sender/zabbix_sender.c

src/zabbix_server/Makefile.in

src/zabbix_server/actions.c

src/zabbix_server/actions.h

src/zabbix_server/alerter/Makefile.in

src/zabbix_server/alerter/alerter.c

src/zabbix_server/alerter/alerter.h

src/zabbix_server/discoverer/Makefile.in

src/zabbix_server/discoverer/discoverer.c

src/zabbix_server/discoverer/discoverer.h

src/zabbix_server/evalfunc.c

src/zabbix_server/evalfunc.h

src/zabbix_server/expression.c

src/zabbix_server/functions.c

src/zabbix_server/housekeeper/Makefile.in

src/zabbix_server/housekeeper/housekeeper.h

src/zabbix_server/httppoller/Makefile.in

src/zabbix_server/httppoller/httppoller.h

src/zabbix_server/httppoller/httptest.c

src/zabbix_server/nodewatcher/Makefile.in

src/zabbix_server/nodewatcher/history.c

src/zabbix_server/nodewatcher/nodecomms.c

src/zabbix_server/nodewatcher/nodesender.c

src/zabbix_server/nodewatcher/nodewatcher.c

src/zabbix_server/operations.c

src/zabbix_server/operations.h

src/zabbix_server/pinger/Makefile.in

src/zabbix_server/pinger/pinger.c

src/zabbix_server/pinger/pinger.h

src/zabbix_server/poller/Makefile.in

src/zabbix_server/poller/checks_agent.c

src/zabbix_server/poller/checks_aggregate.c

src/zabbix_server/poller/checks_aggregate.h

src/zabbix_server/poller/checks_external.c

src/zabbix_server/poller/poller.c

src/zabbix_server/poller/poller.h

src/zabbix_server/server.c

src/zabbix_server/timer/Makefile.in

src/zabbix_server/timer/timer.h

src/zabbix_server/trapper/Makefile.in

src/zabbix_server/trapper/active.c

src/zabbix_server/trapper/active.h

src/zabbix_server/trapper/nodeevents.c

src/zabbix_server/trapper/nodeevents.h

src/zabbix_server/trapper/nodehistory.c

src/zabbix_server/trapper/nodehistory.h

src/zabbix_server/trapper/nodesync.c

src/zabbix_server/trapper/nodesync.h

src/zabbix_server/trapper/trapper.c

src/zabbix_server/utils/Makefile.in

src/zabbix_server/utils/nodechange.c

src/zabbix_server/watchdog/Makefile.in

src/zabbix_server/watchdog/watchdog.c

src/zabbix_server/watchdog/watchdog.h

upgrades/Makefile.in

upgrades/dbpatches/1.4/mysql/patch.sql

upgrades/dbpatches/1.4/oracle/patch.sql

Show diffs side-by-side

added added

removed removed

debian/patches/CVE-2007-6210.dpatch

1

#! /bin/sh /usr/share/dpatch/dpatch-run

2

# DP: fix UserParameter execution with gid 0.

3

4

@DPATCH@

5

--- /home/abi/zabbix-1.4.2/src/libs/zbxnix/daemon.c 2007-08-20 21:22:22.000000000 +0200

6

+++ zabbix-1.4.2/src/libs/zbxnix/daemon.c 2007-11-25 15:53:31.890046746 +0100

7

@@ -90,20 +90,33 @@

8

pid_t pid;

9

struct passwd *pwd;

10

struct sigaction phan;

11

+ char user[7] = "zabbix";

12

13

/* running as root ?*/

14

if((0 == allow_root) && (0 == getuid() || 0 == getgid()))

15

{

16

- pwd = getpwnam("zabbix");

17

+ pwd = getpwnam(user);

18

if (NULL == pwd)

19

{

20

zbx_error("User zabbix does not exist.");

21

zbx_error("Cannot run as root !");

22

exit(FAIL);

23

}

24

- if( (setgid(pwd->pw_gid) ==-1) || (setuid(pwd->pw_uid) == -1) )

25

+ if( (setgid(pwd->pw_gid) ==-1) )

26

{

27

- zbx_error("Cannot setgid or setuid to zabbix [%s].", strerror(errno));

28

+ zbx_error("Cannot setgid to zabbix [%s].", strerror(errno));

29

+ exit(FAIL);

30

+ }

31

+

32

+ if( (initgroups(user, pwd->pw_gid) == -1) )

33

+ {

34

+ zbx_error("Cannot initgroups to zabbix [%s].", strerror(errno));

35

+ exit(FAIL);

36

+ }

37

+

38

+ if( (setuid(pwd->pw_uid) ==-1) )

39

+ {

40

+ zbx_error("Cannot setuid to zabbix [%s].", strerror(errno));

41

exit(FAIL);

42

}

43

Older »