
xymon (4.3.25) stable; urgency=high

   * rev 7890

   * Resolve buffer overflow when handling "config" file requests (CVE-2016-2054)
   * Restrict "config" files to regular files inside the $XYMONHOME/etc/ directory 
     (symlinks disallowed) (CVE-2016-2055). Also, require that the initial filename
     end in '.cfg' by default
   * Resolve shell command injection vulnerability in useradm and chpasswd CGIs
     (CVE-2016-2056)
   * Tighten permissions on the xymond BFQ used for message submission to restrict
     access to the xymon user and group. It is now 0620. (CVE-2016-2057)
   * Restrict javascript execution in current and historical status messages by
     the addition of appropriate Content-Security-Policy headers to prevent XSS
     attacks. (CVE-2016-2058)
   * We would like to thank Markus Krell for reporting the above issues, and for  
      working with us to resolve them.
   * 
   * Fix "TRENDS" entries in hosts.cfg improperly handling partial matches with 
     other graph names (Reported by Jeremy Laidman) 
   * A possible crash in when loading confreport.cgi has been fixed
     (Thanks, Axel Beckert)
   * Improve error handling slightly in the CGI wrapper
   * Fix missing network interface graph data on FreeBSD (Niko <nicolas@lienard.name>)
   * In xymonnet, a rare SSL error state that could occur after a 
     connection is opened will now be considered "service down"        
   * Fix a crash in xymonnet when handling certain malformed SSL certificates
     (Reported by Thomas Leavitt, originally via Jeremy Laidman)
   * Add new trends_header and trends_footer for use on associated Trends pages
   * "Jump to page" redirect functionality fixed on findhost.sh (Reported by Francois Claire)
   * When a note is present for a host, the info page no longer has a spurious
     hostname on the text link
   * xymonclient.cfg: Add variables in for overriding config files for xymond_client
     and logfetch when in local mode without editing xymonclient.sh
   * xymonclient: Allow LOCALMODE to be set in xymonclient.cfg w/o passing --local option
   * logfetch: Add --noexec option to ignore commands to dynamically list files
     for scanning (Suggested by Jeremy Laidman)                                      
   * Add file globbing capabilities to logfetch to avoid need to fork commands      
     to create dynamic lists (Suggested by Jeremy Laidman)
   * The "Valid Until" time for an acknowledgement is now displayed on the ack log
     report page (Thanks, Dominique Frise)
   * The xymon.sh and runclient.sh scripts are themselves now more LSB compliant 
     (Thanks, Nikolai Lifanov)
   * Windows systems now have a better calculation of "Actual" memory usage 
     (Thanks, John Rothlisberger)
   * A bug in xymond_alert that could cause pages about hosts.cfg not present at inital start
     to cause inconsistent alerting has been fixed
   * xymond_alert now reloads its hostlist at regular intervals

 -- Japheth Cleaver <cleaver-xymon@terabithia.org>  Fri, 05 Feb 2016 13:00:00 -0800


xymon (4.3.24) stable; urgency=high

   * rev 7774

   * Fix occasional crash in xymond when handling group names (Thanks, Franco Gasperino)
   * Fix non-special HTTP <400 status codes red instead of yellow >.<   

 -- Japheth Cleaver <cleaver-xymon@terabithia.org>  Mon, 23 Nov 2015 17:40:00 -0800


xymon (4.3.23) unstable; urgency=high

   * rev 7740

   * Fix broken 'TRACK' and 'OPTIONAL' identifiers in analysis.cfg
   * Prevent logfetch from segfaulting if a file we're tracking line matching
     deltacounts for wasn't found      
   * Fix a type mismatch compiler warning in display group name alert matching

 -- Japheth Cleaver <cleaver-xymon@terabithia.org>  Thu, 12 Nov 2015 12:00:00 -0800


xymon (4.3.22) unstable; urgency=medium

   * rev 7723

   * Ensure we don't leave xymond_hostdata or xymond_history zombies lying around
     after dropping host records (Reported by Scot Kreienkamp)
   * Fix up HTML list layout to reflect current standards (Thanks, hallik@calyc3.com)
   * Fix documentation incorrectly describing multigraph syntax as (e.g.) GRAPH_cpu. 
     Should be GRAPHS_cpu (Thanks, Galen Johnson)
   * Supports scientific notation for NCV data (Thanks, Axel Beckert)
   * Increase resolution of xymonnet poll timing results (Thanks, Christoph Berg)
   * New clock skew RRD files will allow for negative delta values (Thanks, Axel Beckert)
   * Fix lots of typos! (Debian)
   * Don't skip over "mailq.rrd" (Roland Rosenfeld)
   * The signature algorithm used on an SSL-enabled TCP test run by xymonnet is now shown
     on the sslcert page. (Thanks, Ralph Mitchell)
   * The cipher list displayed in 'sslcert' tests will now be limited to the cipher that was 
     actually used on the SSL connection. The --showallciphers option to xymonnet will
     restore the previous behavior. (From idea from Ralph Mitchell)
   * Provide configurable environment overrides in xymonserver.cfg for standard xymonnet 
     options to fping/xymonping, ntpdate, and traceroute binaries. In regular installs, the   
     intended default options to traceroute (-n -q 2 -w 2 -m 15) were not actually used. This
     may change in a future release, so it's suggested that users move any custom options to    
     the new TRACEROUTEOPTS setting in xymonserver.cfg.
     (Orig. thanks, Axel Beckert, ntpdate issues pointed out by Matt Vander Werf)  
   * Enable latent additional SHA digest strengths (sha256, sha512, sha224, sha384)
   * Don't crash generating wml cards for statuses w/ very long lines (Reported by Axel Beckert)
   * Flip SenderIP and Hostname columns on ghostlist pages to allow easier cutting and pasting 
     to hosts files
   * Fix multiple disk volumes reported in on Darwin (OS X) clients. (Thanks, Axel Beckert)
   * Fix COMPACT parsing; update docs to match expected syntax (Thanks, Brian Scott)
   * Trailing slash no longer required for URL alias ("http://www.example.com/xymon" should work)
   * A new XYMONLOCALCLIENTOPTS variable in xymonclient.cfg allows options (e.g., --no-port-listing)
     to be given to xymond_client when running in local client mode.
   * Add a method to indicate lines which should be skipped by the NCV RRD processor or
     which mark the end of data-to-be-processed in the message.
   * Ensure that nostale is passed down during graph zooming (Thanks, Stef Coene)
   * Add missing XMH_DATA in loadhosts (Thanks, Jacek Tomasiak)
   * Search in more locations for default environment files when using xymoncmd
   * Add a "noflap" override to disable flap detection for any/all tests on a given host (Thanks, Martin Lenko)
   * Simplify default HTTP error code settings for xymonnet (2xx = green; 3xx = yellow; 4xx/5xx = red)
   * The protocol.cfg entry for RDP network tests has been updated and should work again (Thanks, Rob Steuer)
   * Add UDP ports to netstat output returned from darwin clients (Mac OS X)
   * Fixes to df/inode parsing on darwin clients (Mac OS X) (Thanks, Jason White et al.)
   * Add httphdr= tag to hosts.cfg to inject arbitrary headers into xymonnet HTTP tests for that host.
   * Turn memory test yellow if nonsensical numbers are found (>100% used for 'Actual' or Swap)
   * "optional include" and "optional directory" support actually added
   * xymongrep: load from the hosts.cfg file and error if unable, unless --loadhostsfromxymond is specified
   * Collect number of total cores in client data
   * combostatus: Fix parenthesis processing (Thanks, Andy Smith)
   * Add per-group anchors to generated pages when a group title is present (Thanks, Thomas Giordmaina)
   * xymongen: Display group tables even if group has no test results yet unless --no-showemptygroups given
   * Add chpasswd CGI for user-level htpasswd file updates. Requires Apache 2.4.5 or later (Thanks, Andy Smith)
   * Fix memory/display on multihost hostgraphs.cgi reports; remove multi-disk (which won't work as-is)
   * Add ACK_COOKIE_EXPIRATION for environment control of cookie validity duration (Noted by Thomas Giordmaina)
   * combostatus: fix core dumps on Solaris when dealing with erroneous config

 -- Japheth Cleaver <cleaver-xymon@terabithia.org>  Fri, 6 Nov 2015 06:00:00 -0800


xymon (4.3.21) unstable; urgency=medium

   * rev 7668

   * RSS feeds should now display the short description of the event again.

 -- Japheth Cleaver <cleaver-xymon@terabithia.org>  Fri, 22 May 2015 18:15:00 -0700


xymon (4.3.20) unstable; urgency=medium

   * rev 7661

   * Summaries should be properly displayed again, and will display on the
     nongreen.html page as well.
   * An icon for green acknowledged states is now included -- ironically, the
     original icon that the other checkmarks were based off of.
   * The various utilities in cgi-bin and cgi-secure are now hardlinked to
     cgiwrap at install time instead of softlink, to allow for FollowSymLinks-less
     apache configurations
   * The protocol section of URLs in hosts.cfg is now case-insensitive, and ftps
     URLs (FTP-over-SSL, not sftp) are recognized as a protocol.
   * hosts.cfg docs have been clarified to include delayyellow and delayred as 
     allowable options (Reported by John Thurston)
   * 'optional include' and 'optional directory' syntax has been documented
   * pulldata directives in the hosts.cfg file now honor a given IP address and port
   * confreport.sh not displaying time-restricted alerts properly has been fixed
     (Reported by Gavin Stone-Tolcher)
   * Planned downtime settings are now applied to 'purple' statuses as well
     (Thanks, Torsten Richter)
   * Column documentation links should be working again (Reported by Andy Smith)
   * Fix missing null termination in certain logfetch situations (Reported by
     Johan Sj�berg)
   * New httphead tag to force an http request using HEAD instead of GET
   * Fix a memory leak introduced in parsing Windows SVCS test data
   * A divide-by-zero condition when systems erroneously report 0MB of physical
     memory has been corrected (Reported by John Thurston)
   * Parse either critical config or xymond-formatted acknowledgements on the
     report page, and add documentation for the --ack-log option in xymond
     (Thanks, Andy Smith)
   * The graphs to be displayed on a specific status page can be customized
     with environment variables - see xymonserver.cfg(5). From Werner Maier.
   * When clients are in "server" mode (sending raw data to the xymond server
     to be centrally processed), a 'clientlog' column will now be shown on
     xymon pages (similar to trends and info columns). This can be disabled on 
     a per-host basis by adding a 'noclient' tag to the hosts.cfg line, 
     or globally by adding that to the .default. host.
   * Add protocols.cfg entries for amqp(s), svn, ircd, and mail (submission).     
     (Note that smtp testing here may suffer the same occasional issue as  
     regular smtp conversations with regard to out-of-order commands.)
   * Fix a crash on non-glibc systems when testing xymond_alert configs with
     a host not in hosts.cfg (Reported by John Thurston)
   * On newer Linux kernels with recent procps-ng, use the "Available" memory
     reported by the kernel to give a more accurate reading for "Actual Used"
     in the client's memory status. (Reported by Dominique Frise)

 -- Japheth Cleaver <cleaver-xymon@terabithia.org>  Fri, 15 May 2015 08:15:00 -0700


xymon (4.3.19) unstable; urgency=medium

   * rev 7619
   
   * Don't crash when receiving an AAAA DNS response (BSD, thanks Mark Felder)
   * xymonclient.sh running in --local mode was generating reports that were
     marked as duplicates (and thus being ignored). Reported by Guillaume Chane.
   * Building with old versions of libpcre not supporting PCRE_FIRSTLINE should
     once again work
   * Memory reporting on FreeBSD and OpenBSD has been fixed (Mark Felder)
   * The process list visible in the 'procs' test of Linux and FreeBSD clients
     is now generated in ASCII "forest" mode for increased legibility.
   * clientlog, hostinfo, and modify messages are now tracked in xymond stats
   * In environment config files (xymonserver.cfg, xymonclient.cfg, and cfgoptions.cfg)
     an initial "export " line (as if it were actually a shell script) will be
     ignored and the remainder of the line parsed as normal.
   * headermatch will now match the headers of an HTTP response even if the body
     is empty (eg, matching for a 302 Redirect)
   * --debug mode in most daemons should cause *much* less of a performance hit, and
     output will be timestamped in microseconds
   * xymondboard can now be used to PCRE-match against the raw message, and 
     acknowledgement and disable comments. Inequalities can be specified against the 
     lastchange, logtime, validtime, acktime, disabletime fields (in epoch timestamps).
     The existing net= and tag= filters have been documented.
   * The sample xymon.conf apache snippet now supports apache 2.4 syntax
   * Fix missing newline when returning upcoming 'schedule' commands.
   * EXTIME= syntax in analysis.cfg and alerts.cfg has been added. This is applied
     after any TIME= filter. Use (e.g.) to exclude Wednesday afternoons on a line 
     which is already restricted to 9:00a to 5:00p on weekdays only.
   * The included version of c-ares has been bumped to version 1.10.0.
   * Support for older EGD (entropy gathering daemon) has been removed (Thanks, Bernard Spil)
   * A crash when xymond_rrd was run in --debug mode on non GNU/glibc systems has 
     been fixed
   * The msgs and procs tests are now HTML-encoded to ensure that lines with brackets
     are properly displayed
   * An acknowledgements.sh log report has been added in (Submitted by Andy Smith)
   * A number of logfetch issues have been addressed:
     - --debug syntax is now supported. (If modifying the command line in xymonclient.sh,
       use --debug=stderr to prevent spurious lines being sent in the client report.)
     - Invalid POSIX regular expressions for ignore or trigger lines will now be reported
       but should not cause crashes
     - Null characters in a log file will no longer cause further processing to stop (Thanks,
       Franco Gasperino.)
     - All lines matching a 'trigger' regex will be reported back, even if the total size
       exceeds the "maxbytes" limit. (Up to the maximum compiled buffer size.) As much of
       the final section as can be fit in the space remaining will be included, similar
       to the previous behavior if maxbytes was exceeded but no trigger lines were given.
       (Thanks, Franco Gasperino.)
     - The current location (where the previous run left off) is now marked in the status 
       report.
     - The '<...SKIPPED...>' and '<...CURRENT...>' texts can be overridden by specifying 
       values for LOGFETCHSKIPTEXT and LOGFETCHCURRENTTEXT in xymonclient.cfg
     - The "scrollback" (number of positions in previous "runs" back) that logfetch starts
       at can now be specified with the LOGFETCHSCROLLBACK variable, from 0 - 6 (the default)
   * "deltacount" can be used to count the number of lines matching a specific regex in 
     client-local.cfg, counting only since the last run. These will be shown on the trends page.
     NOTE: Unlike the "linecount:" option, deltacount is specified after a specific "log:" line.
     See the client-local.cfg file for details.
   * ifstat and netstat output from the new Windows PowerShell client is now graphed properly.
   * Hostnames beginning with a number (allowed by RFC1123) are now supported in combo.cfg
   * When a Windows service's status has been changed (ie, stopped or started), the relevant line
     in the 'svcs' test will now be updated to reflect this. (Reported by Gavin Stone-Tolcher and
     Neil Simmonds)
   * Various build issues, compiler fixes, and valgrind complaints have been fixed.

 -- Japheth Cleaver <cleaver-xymon@terabithia.org>  Mon, 30 Mar 2015 22:39:17 -0700


xymon (4.3.18) unstable; urgency=medium

   * rev 7494

   * Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
     Thank you to Mark Felder for noting the impact and Martin Lenko
     for the original patch.
   * Mitigate CVE-2014-6271 (bash 'Shell shock' vulnerability) by
     eliminating the shell script CGI wrappers
   * Don't crash in XML board output when there is no sender for status
   * Fix IP sender-address check for maintenance commands, when
     the target host is listed with IP 0.0.0.0 in hosts.cfg.
   * Linux client:
       - Generate 'raid' status from mdstat data
       - Include UDP listen ports in netstat data
       - Include full OS version data from SuSE clients
   * FreeBSD client: Handle 'actual' memory item, once the client
     starts reporting it.
   * Additional bugfixes:
     - xymond_capture: Fix exclude-test pattern handling
     - xymonlaunch: Guard against cron-times triggering twice in one minute
     - xymond_client: Fix DISPLAYGROUP handling in analysis.cfg rules
     - xymonnet: Handle AAAA records in dns checks
     - xymond_channel: Fix matching in --filter code
     - xymond: BFQ id may be zero
     - xymond: Fix bug in hostfilter matching code
     - xymond: Fix memory leak
     - xymond: Fix list manipulation for "modify" commands
     - xymond_rrd: Fix restart of external processor
     - Linux client: Set CPULOOP for correct top output
     - AIX client: vmstat behaves differently

 -- Japheth Cleaver <cleaver-xymon@terabithia.org>  Tue, 3 Feb 2015 11:35:11 -0800

xymon (4.3.17) unstable; urgency=low

   * rev 7446

   * Fix crash in xymond when using 'schedule' command
   * Configure/build/install fixes:
     - Allow specifying location of the PCRE include/library files 
       for client-side configuration build. 
     - Pass IDTOOL to client installation (for Solaris).
     - Fix broken configure+Makefiles for client-side configuration
     - C-ARES: Fix wrong call to Makefile.test-cares during configure
     - Dont error out if www-dir or man-dir is empty. Mostly an
       issue when building packages with non-standard layouts.
   * Fix wrong timestamp on a new status arriving with a non-green
     status while DOWNTIME was active. Such a status would appear to
     have been created on Jan 1st, 1970.
   * Fix hostgraphs so it obeys RRDWIDTH / RRDHEIGHT settings
   * Add upper limit to showgraph CGI when generating self-referring URI's
     From Werner Maier
   * Extra sanity check on extcombo message offsets.
   * The Enable/Disable webpage now permits filtering on CLASS value.
     From Galen Johnson

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 23 Feb 2014 10:44:18 +0100

xymon (4.3.16) unstable; urgency=low

   * rev 7394

   * Fix xymonnet crash on sending http test results
   * Fix xymond crash if client-local.cfg contains empty sections
   * Fix RPM-based initscript for clients with explicit hostname
   * Fix misleading error-message when testing for C-ARES library
   * Fix client-local.cfg handling, so by default it will not merge
     sections together, i.e. behave like previous 4.x releases.
     NOTE: The new regexp matching can still be used.
   * Add "--merge-clientlocal" option for xymond, which causes it
     to merge all matching sections from client-local.cfg into one.
   * Use native POSIX binary-tree handling code

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 9 Feb 2014 10:16:02 +0100

xymon (4.3.15) unstable; urgency=low

   * rev 7384

   * Fix xymond_alert crashes introduced in 4.3.14
   * Fix missing C-ARES build files
   * client-local.cfg: Support expression matching of sections
   * acknowledge.cgi: Acks are enabled for all ALERTCOLORS, not just red and yellow

 -- Henrik Stoerner <henrik@hswn.dk>  Fri, 31 Jan 2014 13:49:02 +0100

xymon (4.3.14) unstable; urgency=low

   * rev 7376
   * Fix critical ack not working for hosts where the display-name is
     set (via "NAME:" tag). From Any Smith.
   * SNI (Server Name Indication) causes some SSL connections to fail
     due to server-side buggy SSL implementations. Add "sni" and "nosni" 
     flags to control SNI for specific hosts, and "--sni" option for 
     xymonnet to control the default. Reported by Mark Felder.
   * Fix build process to fully obey any XYMONTOPDIR setting from the
     top-level Makefile. NOTE: Client-only builds no longer install the
     client in a "client/" subdirectory below XYMONHOME.
   * Fix showgraph so it silently ignores stale rrdctl files when trying
     to flush RRD data before showing a graph.
   * Fix xymond_alert crashing when trying to strip <cr> characters
     from the alert message. Bug introduced in 4.3.13.
   * Fix Solaris client to report memory even when no swap is configured.
   * Fix bug where alerts that were initially suppressed due to TIME
     restrictions are delayed until REPEAT interval expires.
   * Fix crash in xymonlaunch when trying to find tasks.cfg
   * Fix HTML generated by acknowledge.cgi (missing '>')
   * Fix Linux client reporting garbled client data if top output ends 
     without a new-line (causes CPU load and other vmstat graphs to
     stop updating)
   * Fix Debian installation so it enables Apache mod_rewrite
   * Fix merge-lines utility crashing when first line was an include
   * Fix "make install" failing when server/www/help was a symlink
   * Document existing OPTIONAL setting in analysis.cfg for file-checks 
     on files which may not exist.
   * Document existing CLASS setting in alerts.cfg
   * Add new INFOCOLUMNGIF and TRENDSCOLUMNGIF settings so the icons 
     used for these pages are configurable.
   * Enhance Solaris client to correctly handle Solaris zones.
   * Add new search facilities to xymond to select hosts with the
     'xymondboard' and 'hostinfo' commands.
   * New --ack-each-color option for xymondd changes ack behaviour so a 
     yellow ack does not apply when status changed to red, but a red ack 
     applies if status goes yellow
   * New "headermatch" tag for http tests so content checks can look at
     HTTP headers in addition to the HTML body.
   * Use system-wide c-ares library. NB: Now requires libc-ares2.

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 26 Jan 2014 13:49:02 +0100

xymon (4.3.13) unstable; urgency=low

   * rev 7339
   * Fixes to FreeBSD client code, from Mark Felder (FreeBSD maintainer)
   * Fix crash on "client" data sent via status channel when host is unknown
   * HTTP tests now use "Cache-control" header for HTTP/1.1 (default) and
     "Pragma" for HTTP/1.0, so it is protocol compliant.
   * xymonnet network tester supports Server Name Indication (SNI) for SSL
     enabled virtual websites.
   * Strip carriage-return from text sent to mail alerts, to avoid mail
     programs treating the message as binary and putting it in an attachment
   * netbios-ssn, snpp and lpd protocol.cfg entries (Tom Schmidt)
   * "temperature" status strips html tags from sensor names (Tom Schmidt)
   * Extra "total network I/O" line on ifstat graph (Tom Schmidt)
   * New "backfeed" queue for high-speed transmission of Xymon status updates 
     between modules located on the same server as xymond. Note: This is
     disabled by default, see the README.backfeed file.
   * New "extcombo" message type allows for combo messages of all types
     (usually "status" and "data").
   * New setting IMAGEFILETYPE removes hardcoded ".gif" on the various
     image-files in the "gifs" directory. Directory name is unchanged, though.
   * New modifier for https tests for selecting only TLSv1 as protocol
   * CGI's now return a proper HTTP status code in case of errors (e.g. "404"
     when requesting a status for a non-existing host).
   * Fix problem with xymond_rrd dying if an external processors crashes
     (from J. Cleaver)
   * Fix configure/build problem with detecting POSIX realtime-clock functions.
   * Fix for FreeBSD 5+ vmstat reporting (from Jeremy Laidman)
   * Fix for "make install" not setting correct file/directory permissions
   * Re-add the "--hf-file" option for criticalview CGI (removed in 4.3.7)

 -- Henrik Stoerner <henrik@hswn.dk>  Wed, 8 Jan 2014 16:43:32 +0100

xymon (4.3.12) unstable; urgency=high

   * rev 7211
   * Security fix: Guard against directory traversal via hostname in "drophost" commands.
   * Fix crash in xymongen introduced in 4.3.11
   * SCO client: Fix overflow in memory calculation when >2 GB memory
   * Fix so "include" and "directory" definitions in configuration files now handle <tab> after the keyword
   * Fix for the Xymon webpage menu on iPad's and Android (touch devices)
   * Fix "drophost" handling so the host data directory is also cleared
   * xymond_rrd now processes data from "clear" status messages
   * Xymon clients now report the version number in the client data
   * Linux clients now align "ps" output so it is more readable.
   * New "generic" client message handler allows log/file monitoring from systems that are not known to Xymon.
   * The Xymon client now works if invoked with a relative path to the runclient.sh script
   * Other minor / internal bugfixes

 -- Henrik Stoerner <henrik@hswn.dk>  Wed, 24 Jul 2013 10:24:01 +0200

xymon (4.3.11) unstable; urgency=low

   * rev 7188
   * Fix wrong file permissions when installing
   * Linux client: Fix handling of root filesystem when mounted on "/dev/root"
   * trends webpage: Fix case where hostname disappears after zoom.
   * FreeBSD client: Memory patch for FreeBSD 8.0+
   * xymond_alert: Fix problem with UNMATCHED rules triggering when there are
     actual recipients, but their alerts are suppressed due to a REPEAT
     setting not having expired.
   * xymond_rrd: Dont crash if called with an empty status/data message
   * xymond_channel: Report cause when channel-child exits/crashes
   * xymongen: Geneate an overview page with only reds (like non-green)
   * xymongen: Optionally define env. variable BOARDFILTER to select
     hosts/tests included in the generated pages
   * links: Add pdf, docx and odt as known document formats
   * Fix potential crashes after an alert cookie expired
   * Fix potential crash after deleting/renaming a host
   * Speedup loading of the hosts.cfg file, noticeable with very
     large hosts.cfg files (100.000+ hosts)

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 21 Apr 2013 15:24:01 +0200

xymon (4.3.10) unstable; urgency=low

   * rev 7164

   * Fix build problems with "errno"
   * Fix build problems with OpenSSL in non-default locations
   * Fix build problems with certain LDAP configurations
   * Fix build problems with RRDtool on FreeBSD / OpenBSD
   * Fix problem with ifstat data from Fedora in graphs
   * "inode" check on FreeBSD, OpenBSD, OSX, Solaris, HP/UX, AIX
     in addition to existing support for Linux
   * Document building and installing Xymon on common platforms 
     (Linux, FreeBSD, OpenBSD, Solaris)
   * Enhance xymoncfg so it can be used to import Xymon configuration
     settings into shell-scripts.

 -- Henrik Stoerner <henrik@hswn.dk>  Sat, 4 Aug 2012 13:47:00 +0200

xymon (4.3.9) unstable; urgency=low

   * rev 7120

   * Fix crash when XYMSRV is undefined but XYMSERVERS is
   * Fix error in calculating combo-status messages with
     forward references
   * Fix error in disable-until-TIME or disable-until-OK code
   * Fix documentation of DURATION in alerts.cfg / xymond_alert so
     it is consistenly listed as being in "minutes".
   * Permit explicit use of ">" and ">=" in alerts.cfg
   * Permit building without the RRDtool libraries, e.g. for
     a network-tester build, but with trend-graphing disabled.
   * Full compiler-warning cleanup
   * Various configuration/build-script issues fixed.

 -- Henrik Stoerner <henrik@hswn.dk>  Tue, 24 Jul 2012 18:21:00 +0200

xymon (4.3.8) unstable; urgency=low

   * rev 7082

   Bugfixes
   * Workaround for DNS timeout handling, now fixed at approximately 25
     seconds.
   * "hostinfo" command for xymond documented
   * confreport only shows processes that are monitored
   * analysis.cfg parsing of COLOR for UP rules was broken
   * RRD handlers no longer crash after receiving 1 billion updates
   * Using .netrc for authentication could crash xymonnet
   * "directory" includes would report the wrong filename for missing
     directories.
   * useradm CGI would invoke htpassword twice
   * "include" and "directory" now ignores trailing whitespace
   * SSLv2 support disabled if SSL-library does not support it
   * Minor bugfixes and cleanups of compiler warnings.

   Enhancements
   * Service status on info page now links to the detailed status page.
   * Add RRDGRAPHOPTS setting to permit global user-specified RRD options,
     e.g. for font to showgraph CGI
   * Add check for the size of public keys used in SSL certificates
     (enabled via --sslkeysize=N option for xymonnet)
   * Optionally disable the display of SSL ciphers in the sslcert status
     (the --no-cipherlist option for xymonnet)
   * Improved build-scripts works on newer systems with libraries in
     new and surprising places
   * Reduce xymonnet memory usage and runtime for ping tests when there 
     are multiple hosts.cfg entries with the same IP-address.
   * Add code for inode-monitoring on Linux. Does not currently work on
     any other client platform.
   * Added the ability to disable tests until a specific time, instead of
     for some interval. Disabling a test also now computes the expire time 
     for the disable to happen at the next closest minute.

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 15 Jul 2012 17:00:00 +0200

xymon (4.3.7) unstable; urgency=low

   * rev 6803
   * Fix acknowledge CGI (broken in 4.3.6)
   * Fix broken uptime calculation for systems reporting "1 day"
   * Workaround Solaris breakage in the LFS-support detection
   * Fix/add links to the HTML man-page index.
   * Fix "Stop after" value not being shown on the "info" page.
   * Fix broken alert texts when using FORMAT=SMS
   * Fix wrong description of xymondboard CRITERIA in xymon(1)
   * Fix missing columnname in analysis.cfg(5) DS example
   * Fix missing space in output from disk IGNORE rules in
     xymond_client --dump-config
   * Fix overwrite of xymon-apache.conf when upgrading
   * Fix installation so it does not remove include/directory 
     lines from configuration files.
   * Add client/local/ directory for custom client script

 -- Henrik Stoerner <henrik@hswn.dk>  Tue, 13 Dec 2011 13:15:00 +0100

xymon (4.3.6) unstable; urgency=low

   rev 6788
   * Optionally choose the color for the "cpu" status when it goes
     non-green due to uptime or clock offset.
   * Allow for "include" and "directory" in combo.cfg and protocols.cfg
   * New INTERFACES definition in hosts.cfg to select which network
     interfaces are tracked in graphs.
   * New access control mechanism for some CGI scripts returning host-specific 
     information. Access optionally checked against an Apache-style "group" file 
     (see xymonwebaccess(5) CGI manpage).
   * New "vertical" page-definitions (vpage, vsubpage,vsubparent) for listing hosts 
     across and tests down on a page.
   * Fix hostlist CGI crash when called with HTTP "HEAD"
   * Fix svcstatus CGI crash when called with non-existing hostname
   * Fix "ackinfo" updates being cleared when host hits a DOWNTIME period.
   * Fix compile-errors on Solaris due to network libraries not being included.
   * Fix "logrotate" messages not being sent to some channels.
   * STATUSLIFETIME now provides the default time a status is valid (in xymond).
   * Critical systems view: Use priority 99 for un-categorised priorities (imported from 
     NK tags) and show this as 'No priority' on the webpage.
   * useradm CGI: Sort usernames
   * New xymond module - xymond_distribute - can forward administrative commands (drop, rename, 
     disable, enable) from one Xymon server to another.
   * New tool: appfeed CGI provides data for the Android "xymonQV" app by Darrik Mazey.

 -- Henrik Stoerner <henrik@hswn.dk>  Mon, 5 Dec 2011 08:00:00 +0100

xymon (4.3.5) unstable; urgency=medium

   rev 6755
   * Fix crash in CGI generating the "info" status column.
   * Fix broken handling of IGNORE for log-file analysis.
   * Fix broken clean-up of obsolete cookies (no user impact).
   * Devmon RRD handler: Fix missing initialisation, which
     might cause crashes of the RRD handler.
   * Fix crashes in xymond caused by faulty new library for
     storing cookies and host-information.
   * Fix memory corruption/crash in xymond caused by logging 
     of multi-source statuses.
   * New "delayred" and "delayyellow" definitions for a host
     can be used to delay change to a yellow/red status for
     any status column (replaces the network-specific "badFOO"
     definitions).
   * analysis.cfg and alerts.cfg: New DISPLAYGROUP setting to
     select hosts by the group/group-only/group-except text.
   * New HOSTDOCURL setting in xymonserver.cfg. Replaces the
     xymongen "--docurl" and "--doccgi" options, and is used
     by all tools.
   * xymond_history option to control location of PID file.
   * Critical Systems view: Optionally show eventlog for the
     hosts present on the CS view.
   * Critical Systems view: Multiple --config options can
     now be used, to display critical systems from multiple
     configurations on one page.
   * Detailed status display: Speedup by no longer having
     to load the hosts.cfg file.
   * xymongen / xymonnet: New "--loadhostsfromxymond" option.

 -- Henrik Stoerner <henrik@hswn.dk>  Fri, 9 Sep 2011 10:35:00 +0200

xymon (4.3.4) unstable; urgency=medium

   rev 6720
   * Fix crashes and data corruption in Xymon worker modules
     (xymond_client, xymond_rrd etc) after handling large messages.
   * Fix xymond lock-up when renaming/deleting hosts
   * Fix xymond cookie lookup mechanism
   * Fix xymond_client crash if analysis.cfg contains invalid
     configuration entries, e.g. expressions that do not compile.
   * Fix showgraph CGI crash when legends contain colon.
   * CGI utils: Fix potential security issues involving buffer-
     overruns when generating responses.
   * CGI utils: Fix crash when invoked with HTTP "HEAD"
   * CGI utils: Fix crashes on 64-bit platforms due to missing
     prototype of "basename()" function.
   * svcstatus CGI: Fix crash if history log is not a file.
   * Critical systems view CGI: Fix cross-site scripting
   * Fix recovery-messages for alerts sent to a GROUP
   * xymonnet: Include hostname when reporting erroneous test-spec
   * Webpages: Add new HOSTPOPUP setting to control what values from
     hosts.cfg are displayed as a "comment" to the hostname (either
     in pop-up's or next to the hostname).
   * RRD "memory" status handler now recognizes the output from the
     bb-xsnmp.pl module (for Cisco routers).
   * Web templates modified so the menu CSS can override the default
     body CSS.
   * Acknowledge web page now allows selecting minutes/hours/days
   * Enable/Disable webpage enhanced, so when selecting multiple hosts
     the "Tests" column only lists the tests those hosts have.

 -- Henrik Stoerner <henrik@hswn.dk>  Mon, 1 Aug 2011 23:26:00 +0200

xymon (4.3.3) unstable; urgency=high

  rev 6684
  * SECURITY FIX: Some CGI parameters were used to construct
    filenames of historical logfiles without being sanitized,
    so they could be abused to read files on the webserver.
  * SECURITY FIX: More cross-site scripting vulnerabilities.
  * Remove extra "," before "History" button on status-view
  * Critical view: Shring priority-column to 10% width
  * hosts.cfg loader: Check for valid IP spec (nibbles in 
    0-255 range). Large numbers in a nibble were accepted,
    triggering problems when trying to ping the host.
  * Alert macros no longer limited to 8kB

 -- Henrik Stoerner <henrik@hswn.dk>  Mon, 6 May 2011 07:51:00 +0200

xymon (4.3.2) unstable; urgency=medium

  rev 6672
  * Bugfix for problems caused by the XSS fixes.

 -- Henrik Stoerner <henrik@hswn.dk>  Mon, 4 Apr 2011 07:34:00 +0200

xymon (4.3.1) unstable; urgency=medium

  rev 6667

  * Web UI: SECURITY FIX - fix potential cross-site scripting vulnerabilities. 
    Initial report by David Ferrest (email April 1st 2011).
  * Solaris Makefile: Drop guessing of what linker is being used, since we 
    get it wrong too often.
  * configure: Add missing <string.h> include to fix compile failure on 
    some systems.
  * get_ostype(): Check that we have a valid OS identifier. 
    Dont assume we can write to the string passed us.
  * xymond user messages: Improve error message for oversize messages. 
    Document the MAXMSG_USER setting.
  * combostatus: Make the set of error-colors configurable. Change default set so 
    BLUE and PURPLE are not considered errors (only RED is an error by default).
  * xymon(1) manpage: Add missing description of some fields available in the 
    xymondboard command.
  * hosts.cfg manpage: Fix wrong NOPROP interpretation. From Thomas Brand.
  * Demotool: Change Hobbit->Xymon

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 3 Apr 2011 12:03:00 +0200

xymon (4.3.0) unstable; urgency=medium

  * Critical view and other webpages: Make the 'All systems OK' message 
    configurable. Also allow the header/footer for the Critical Systems 
    view to be configurable.
    Suggestion and preliminary patch from Buchan Milne.
  * xymonnet: Improve error report when HTTP tests get an empty response - 
    'HTTP error 0' sounds weird.
  * report / snapshot CGI's: Fix buffer overrun in the HTML delimiter 
    generated in the "please wait..." message. Also, fix potential buffer 
    overrun in report CGI if invoked with a large value for the "style" 
    parameter. 
    Reported by Rolf Biesbroek.
  * Graph definitions (graphs.cfg): Multi graphs cannot use a regex pattern. 
    Problem report by Brian Majeska
  * Solaris interface statistics: Filter out "mac" and "wrsmd" devices at
    the client side. 
    Update RRD handler to also filter "wrsmd" at the server side, like we 
    already did for "mac" devices. 
    Cf. http://www.xymon.com/archive/2009/06/msg00204.html
  * Documentation: Document the XMH_* fields available in xymondboard commands.
  * Documentation: Document SPLITNCV and "trends" methods of doing 
    custom graphs.
  * RRD definitions: Allow override of --step/-s option for rrdcreate, 
    from template supplied in rrddefinitions.cfg. 
    Suggestion from Brian Majeska.
  * mailack: Remove restriction on how long a subjectline/message body can be.
  * Build procedure: Add notice about running upgrade script before 
    installing the new version.
  * xymond_alert: Document --trace option
  * Alerts: For recovery messages, add information so you can tell 
    whether the recovery was due to the service actually recovering, or 
    if it was merely disabled.
  * xymond_alert: Fix missing element in array of alert status texts used 
    for tracing. 
    Spotted by Dominique Frise.
  * Add support for FreeBSD v8 modified ifstat output
  * Documentation: Update information about the Xymon mailing lists 
    following move to Mailman and new archive URL.
  * HP/UX client: Use "swapinfo" to extract memory utilisation data, 
    instead of the hpux-meminfo utility. 
    By Earl Flack http://lists.xymon.com/pipermail/xymon/2010-December/030100.html

 -- Henrik Stoerner <henrik@hswn.dk>  Fri, 4 Mar 2011 11:08:00 +0100

xymon (4.3.0-0.20110120.rc1) unstable; urgency=low

  * 4.3.0 RC1 release - rev 6627

  * hosts.cfg badldap documentation: Document that for LDAP URL's you must use 'badldapurl'. Reported by Simo Hmami.
  * xymond flap detection: Make number of tracked status changes and the flap-check period configurable. Change the defaults to trigger flapping at more than 5 status changes in a 30 minute period.
  * sendmessage: Enhanced error reporting, to help track down communication problems.
  * xymond_client: Fix Windows SVC status handling to avoid coredumps, memory corruption and other nasties. 
    Will now report the real name of the service, instead of the pattern used in the analysis.cfg file.
    NOTE: Slight change to status message format.
  * Client handler: Fix owner/user check parsing. Reported by Ian Marsh http://www.xymon.com/archive/2011/01/msg00133.html (also broken in 4.2.3).
  * xymongen: Fix broken --doc-window option handling. Reported by Tom Schmitt.
  * Xymongen: Fix documentation of the --doc-window/--no-doc-window options.
  * Webpage background: Use a CSS and a new set of gif's to implement a background that works on all displays, regardless of width. Uses a new xymonbody.css stylesheet which can also control some other aspects of the webpage. From Francois Claire.
  * Documentation: The xymon 'rename' command should be used AFTER renaming a host in hosts.cfg, not before. From Tom Georgoulias.
  * Memory status: Add some sanity checks for the memory utilisation reported by clients. Occasionally we get completely bogus data from clients, so only act on them if percentages do not exceed 100.
  * Critical systems view: Add "--tooltips" option so you can save screen space by hiding the host descriptions in a tooltip, like we do on the statically generated pages. Feature request from Chris Morris.
  * Solaris client: Report "swap -l" in addition to "swap -s" for swap usage. Backend prefers output from "swap -l" when determining swap utilisation.
  * Webpage menu: Use the CSS and GIF's by Malcolm Hunter - they are much nicer than the ones from Debian. Distribute both the blue and the grey version, and configure which one to use in xymonserver.cfg.
  * Graph zoom: Use float variables when calculating the upper/lower limits of the graph. Fixes vertical zoom.
  * xymond: Make sure we do not perform socket operations on invalid sockets (e.g. those from a scheduled task pseudo-connection)
  * Installation: Remove any existing old commands before creating symlinks
  * xymonproxy: Fix broken compatibility option '--bbdisplay'
  * Fix eventlog summary/count enums so they dont clash with Solaris predefined entities
  * History- and hostdata-modules: Dont save data if there is less than 5% free space on the filesystem. Also, dont save hostdata info more than 5 times per hour.
  * Historical statuslog display: Work-around for crash when status-log is empty
  * fping.sh configure sub-script: Fix syntax error in suggested 'sudoers' configuration, and point to the found fping binary. From Steff Coene.
  * namematch routine: Fix broken matching when doing simple matching against two strings where one was a subset of the other. http://www.xymon.com/archive/2010/11/msg00177.html .  Reported by Elmar Heeb who also provided a patch, although I chose a different solution to this.
  * Xymon net: Fix broken compile when LDAP-checks are disabled. Reported by Roland Soderstrom, fix from Ralph Mitchell.
  * xymon(7) manpage: Drop notice that renaming in 4.3.0 is not complete
  * Installation: Setup links for the commonly used Hobbit binaries (bb, bbcmd, bbdigest, bbhostgrep, bbhostshow)
  * Upgrade script: Setup symlinks for the old names of the standard webpages
  * xymonserver.cfg.DIST: Missing end-quote in compatibility BBSERVERSECURECGIURL setting. From Ralph Mitchell
  * xymongrep: Fix broken commandline parsing resulting from trying to be backwards-compatible. Reported by Jason Chambers.

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 23 Jan 2011 12:36:00 +0100

xymon (4.3.0-0.20101114.beta3) unstable; urgency=low

  * Beta-3 release - rev 6590

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 14 Nov 2010 19:00:00 +0100

hobbit (4.3.0-0.beta2) unstable; urgency=low

  * Xymon version 4.3.0 BETA 2

  Core changes:
  * New API's for loadhosts and sendmessage, in preparation for
    the full 5.0 changes.
  * Always use getcurrenttime() instead of time().
  * Support for defining holidays as non-working days in alerts and
    SLA calculations.
  * Hosts which appear on multiple pages in the web display can
    use any page they are on in the alerting rules and elsewhere.
  * Worker modules (RRD, client-data parsers etc) can operate on
    remote hosts from the hobbitd daemon, for load-sharing.
  * Various bugfixes collected over time.
  * New client support: z/OS, z/VSE and z/VM.

  Network test changes:
  * Merged new network tests from trunk: SOAP-over-HTTP,
    SSL minimum cipher strength
  * Changed network test code to always report a validity period
    for network tests, so it it possible to run network tests less
    often than every 30 minutes (e.g. once an hour).
  * Make the content-type setting in HTTP POST tests configurable.
  * Make the source-address used for TCP tests configurable.
  * Make the acceptable HTTP result codes configurable.
  * Use and save HTTP session cookies.

  Web changes
  * Support generic drop-down lists in templates.
  * "NOCOLUMNS" changed to work for all columns.
  * New "group-sorted" definition to auto-sort hosts in a group
  * Use browser tooltips for host comments
  * "Compact" status allows several statuses to appear as a single
    status on the overview webpages.
  * Trends page can select the time period to show. Buttons provided
    for the common selections.
  * Ghost list report now lists possible candidates for a ghost,
    based on IP-address or unqualified hostname.
  * Enhanced eventlog and top-changing hosts webpage

  Report changes
  * Number of outages as SLA parameter

  Miscellaneous
  * hobbitlaunch support for running tasks only on certain hosts,
    and for a maximum time.

 -- Henrik Stoerner <henrik@hswn.dk>  Fri, 24 May 2009 10:39:00 +0200

hobbit (4.2.3-1) unstable; urgency=low

  * Xymon version 4.2.3 release
  * Time-out code changed to use clock_gettime() with CLOCK_MONOTONIC
  * Bugfix for hobbitd/hobbitd_worker communication going out-of-sync
    resulting in "garbled data" being logged and worker modules 
    stopping.
  * NCV module now works with negative numbers.
  * Several bugfixes in DNS lookup code - could lead to crashes when
    performing DNS tests.
  * Switch to C-ARES 1.6.0 - drop support for older versions.
  * Run more TCP tests in parallel by not waiting for very slow
    connections to complete before starting new ones.
  * Added "hostlist" web utility for spreadsheet-reporting of the
    hosts in Hobbit.

 -- Henrik Stoerner <henrik@hswn.dk>  Mon, 09 Feb 2009 10:46:00 +0100

hobbit (4.2.2-1) unstable; urgency=low

  * Xymon version 4.2.2: 4.2.0 plus all-in-one patch
  * BBWin support added
  * Project renamed to "Xymon" - preliminary changes in
    documents and web templates, but no filename changes.

 -- Henrik Stoerner <henrik@hswn.dk>  Thu, 28 Sep 2008 14:52:00 +0100


hobbit (4.2.0-1) unstable; urgency=low

  * Hobbit version 4.2: New upstream release.

 -- Henrik Stoerner <henrik@hswn.dk>  Wed, 09 Aug 2006 21:48:00 +0200

hobbit (4.2-RC-20060712) unstable; urgency=low

  * Release candidate of 4.2

 -- Henrik Stoerner <henrik@hswn.dk>  Wed, 12 Jul 2006 23:13:00 +0200

hobbit (4.2-beta-20060605) unstable; urgency=low

  * Beta release of 4.2

 -- Henrik Stoerner <henrik@hswn.dk>  Mon, 05 Jun 2006 16:53:00 +0200

hobbit (4.2-alfa-20060404) unstable; urgency=low

  * Alfa release of 4.2

 -- Henrik Stoerner <henrik@hswn.dk>  Tue, 04 Apr 2006 23:30:00 +0200

hobbit (4.1.2p1-1) unstable; urgency=low

  * New upstream release

 -- Henrik Stoerner <henrik@hswn.dk>  Thu, 10 Nov 2005 17:32:00 +0100

hobbit (4.1.2-1) unstable; urgency=low

  * New upstream release

 -- Henrik Stoerner <henrik@hswn.dk>  Mon, 10 Oct 2005 22:30:00 +0200

hobbit (4.1.1-1) unstable; urgency=low

  * New upstream release.

 -- Henrik Stoerner <henrik@hswn.dk>  Mon, 25 Jul 2005 17:49:00 +0200

hobbit (4.1.0-1) unstable; urgency=low

  * New upstream release.

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 24 Jul 2005 23:27:00 +0200

hobbit (4.0.4-1) unstable; urgency=low

  * New upstream release.

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 29 May 2005 12:08:00 +0200

hobbit (4.0.3-1) unstable; urgency=low

  * New upstream release.

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 22 May 2005 09:34:57 +0200

hobbit (4.0.2-1) unstable; urgency=low

  * New upstream release.

 -- Henrik Stoerner <henrik@hswn.dk>  Sun, 10 Apr 2005 19:39:15 +0200

hobbit (4.0.1-1) unstable; urgency=low

  * Build problems fixed on Solaris, HP-UX
  * Zoomed graphs could lose the hostname in the title.

 -- Henrik Stoerner <henrik@hswn.dk>  Fri,  1 Apr 2005 07:43:42 +0200

hobbit (4.0-1) unstable; urgency=low

  * Upstream release of version 4.0

 -- Henrik Stoerner <henrik@hswn.dk>  Wed, 30 Mar 2005 21:31:03 +0200
