[Xymon] Xymon 4.3.29 Released - Important Security Update

[Robert Herron]

JC

Just getting back in the office.  I didn't have the scroll back log so I
reran the configure, make, and install today with the real IP defined
instead of 127.0.0.1  I cannot reproduce it so I guess I messed up
something previously.

So, my apologies for the wild goose chase.

On Mon, Aug 12, 2019, 3:16 PM Japheth Cleaver <cleaver at terabithia.org>
wrote:

> Richard:
> Can you provide the output of --debug on a xymonnet run off-list? This
> could be a parsing issue somewhere, but from glancing at the code I'm not
> sure where the logic might be diverging.
>
> Robert:
>
> So far I haven't been able to duplicate this one. Do you happen to have
> ./configure output in scrollback? While an IP that doesn't match hostname
> or isn't up *could* affect something, the compilation check for SSL support
> seems totally distinct. Were other SSL tests also failing? Alternatively,
> is there a chance the SSL versioning/cypher lockdown might be different on
> this endpoint?
>
> -jc
>
>
> On 8/9/2019 7:47 AM, Richard L. Hamilton wrote:
>
> I think I had to add login and password to the URL for an http test (to
> something that required those), where previously an entry in
> $HOME/server/etc/netrc sufficed.  In other words, the behavior changed with
> the update.
>
> On Aug 9, 2019, at 09:23, Robert Herron <robert.herron at gmail.com> wrote:
>
> I had a similar issue with the HTTPS test. I found specifying the Xymon
> server's IP during the configure script caused the problem. The OpenSSL
> info didn't show up on the xymonnet page.  Rerunning configure, leaving
> 127.0.0.1 for the IP, rebuilding, and reinstalling fixed it.
>
> I still had other issues so I reverted my test server back to 4.3.28 since
> I was leaving for vacation.
>
> Running on Oracle Linux 6.x, used the patches available thru last Friday
> but don't recall if libtirpc-devel is installed.
>
>
>
> On Fri, Aug 9, 2019, 12:15 AM Bruce Ferrell <bferrell at baywinds.org> wrote:
>
>>
>> I did the same thing and did it from source.
>>
>> After removing the #pragma statements and adding libtirpc-devel to get it
>> to compile, I found the https sites failed.  They do pass the sslcert test.
>>
>> I just rolled back to 4.3.28
>>
>> I'll figure it out later, after I figure out how the rollback screwed up
>> the built in SNMP support that I so painfully got working and was still
>> documenting.
>>
>> sigh
>>
>>
>>
>> On 8/5/19 6:19 AM, Dirk Kastens wrote:
>> > Hi,
>> >
>> > I just upgraded our xymon server on Scientific Linux release 6.10 frpm
>> xymon 4.3.28 to 4.3.29.
>> >
>> > Two things are not working any longer:
>> >
>> > http authentication: I defined the login information in the file
>> /etc/xymon/netrc, which worked before the upgrade. Now the http test are
>> red with the message "Authorization
>> > Required".
>> >
>> > history files cannot be opened any more. When I click on the history
>> button of a test, I get an empty page with the message "Cannot open history
>> file"
>> >
>> > Am 29.07.2019 um 19:41 schrieb Japheth Cleaver:
>> >> The Terabithia Xymon 4.3.29-1 packages have been updated in the
>> production repositories and should be available for download at
>> https://terabithia.org/rpms/xymon/
>> >>
>> >> As a reminder, EL3 and EL4 and Fedora 18-27 have been retired -- those
>> repos have been moved to the /retired/ directory.
>> >>
>> >> As EPEL8 has not yet been released, an fping package is available in
>> the EL8 repository, as well as man2html (needed for rebuilds).
>> >
>> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20190813/046071e1/attachment.htm>