net-analyzer/nagios-core: bring back the 3.x ebuild to save pnp4nagios.

I tried removing the old versions of nagios to address a CVE, but
net-analyzer/pnp4nagios on three arches requires nagios-3.x. I've
filed a keyword request for icinga (which can also satisfy the
dependency), and after those keywords are added and everything is
stabilized we can try this again.

Gentoo-Bug: 602216
Gentoo-Bug: 605724

Package-Manager: portage-2.3.0

4 files changed, 267 insertions, 0 deletions

diff --git a/net-analyzer/nagios-core/files/99_nagios3.conf b/net-analyzer/nagios-core/files/99_nagios3.conf
new file mode 100644
index 000000000000..074f9ce5e4a9
--- /dev/null
+++ b/net-analyzer/nagios-core/files/99_nagios3.conf
@@ -0,0 +1,15 @@
+<IfDefine NAGIOS>
+	ScriptAlias /nagios/cgi-bin/ /usr/lib/nagios/cgi-bin/
+	<Directory "/usr/lib/nagios/cgi-bin/">
+		AllowOverride AuthConfig
+		Options ExecCGI
+		Order allow,deny
+		Allow from all
+	</Directory>
+	Alias /nagios /usr/share/nagios/htdocs
+	<Directory "/usr/share/nagios/htdocs">
+		AllowOverride AuthConfig
+		Order allow,deny
+		Allow from all
+	</Directory>
+</IfDefine>
diff --git a/net-analyzer/nagios-core/files/lighttpd_nagios3-r1.conf b/net-analyzer/nagios-core/files/lighttpd_nagios3-r1.conf
new file mode 100644
index 000000000000..6e2577029aca
--- /dev/null
+++ b/net-analyzer/nagios-core/files/lighttpd_nagios3-r1.conf
@@ -0,0 +1,24 @@
+server.modules += ("mod_cgi")
+server.modules += ("mod_auth")
+server.modules += ("mod_alias")
+
+auth.require += ( "/nagios" =>
+  (
+    "method"  => "digest",
+    "realm"   => "nagios",
+    "require" => "valid-user"
+  )
+)
+
+$HTTP["url"] =~ "^/nagios/cgi-bin/" {
+  dir-listing.activate = "disable"
+  cgi.assign = (
+    ".pl"  => "/usr/bin/perl",
+    ".cgi" => ""
+  )
+}
+
+alias.url += (
+  "/nagios/cgi-bin" => "/usr/lib/nagios/cgi-bin",
+  "/nagios"         => "/usr/share/nagios/htdocs"
+)
diff --git a/net-analyzer/nagios-core/files/nagios-core-3.5.1-process_cgivars.patch b/net-analyzer/nagios-core/files/nagios-core-3.5.1-process_cgivars.patch
new file mode 100644
index 000000000000..9d9536747794
--- /dev/null
+++ b/net-analyzer/nagios-core/files/nagios-core-3.5.1-process_cgivars.patch
@@ -0,0 +1,175 @@
+commit d97e03f32741a7d851826b03ed73ff4c9612a866
+Author: Eric Stanley <estanley@nagios.com>
+Date:   Fri Dec 20 13:14:30 2013 -0600
+
+    CGIs: Fixed minor vulnerability where a custom query could crash the CGI.
+    
+    Most CGIs previously incremented the input variable counter twice when
+    it encountered a long key value. This could cause the CGI to read past
+    the end of the list of CGI variables. This commit removes the second
+    increment, removing the possibility of reading past the end of the list
+    of CGI variables.
+
+diff --git a/cgi/avail.c b/cgi/avail.c
+index 76afd86..64eaadc 100644
+--- a/cgi/avail.c
++++ b/cgi/avail.c
+@@ -1096,7 +1096,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/cmd.c b/cgi/cmd.c
+index fa6cf5a..50504eb 100644
+--- a/cgi/cmd.c
++++ b/cgi/cmd.c
+@@ -311,7 +311,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/config.c b/cgi/config.c
+index f061b0f..3360e70 100644
+--- a/cgi/config.c
++++ b/cgi/config.c
+@@ -344,7 +344,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/extinfo.c b/cgi/extinfo.c
+index 62a1b18..5113df4 100644
+--- a/cgi/extinfo.c
++++ b/cgi/extinfo.c
+@@ -591,7 +591,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/histogram.c b/cgi/histogram.c
+index 4616541..f6934d0 100644
+--- a/cgi/histogram.c
++++ b/cgi/histogram.c
+@@ -1060,7 +1060,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/notifications.c b/cgi/notifications.c
+index 8ba11c1..461ae84 100644
+--- a/cgi/notifications.c
++++ b/cgi/notifications.c
+@@ -327,7 +327,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/outages.c b/cgi/outages.c
+index 426ede6..cb58dee 100644
+--- a/cgi/outages.c
++++ b/cgi/outages.c
+@@ -225,7 +225,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/status.c b/cgi/status.c
+index 3253340..4ec1c92 100644
+--- a/cgi/status.c
++++ b/cgi/status.c
+@@ -567,7 +567,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/statusmap.c b/cgi/statusmap.c
+index ea48368..2580ae5 100644
+--- a/cgi/statusmap.c
++++ b/cgi/statusmap.c
+@@ -400,7 +400,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/statuswml.c b/cgi/statuswml.c
+index bd8cea2..d25abef 100644
+--- a/cgi/statuswml.c
++++ b/cgi/statuswml.c
+@@ -226,8 +226,13 @@ int process_cgivars(void) {
+ 
+ 	for(x = 0; variables[x] != NULL; x++) {
+ 
++		/* do some basic length checking on the variable identifier to prevent buffer overflows */
++		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
++			continue;
++			}
++
+ 		/* we found the hostgroup argument */
+-		if(!strcmp(variables[x], "hostgroup")) {
++		else if(!strcmp(variables[x], "hostgroup")) {
+ 			display_type = DISPLAY_HOSTGROUP;
+ 			x++;
+ 			if(variables[x] == NULL) {
+diff --git a/cgi/summary.c b/cgi/summary.c
+index 126ce5e..749a02c 100644
+--- a/cgi/summary.c
++++ b/cgi/summary.c
+@@ -725,7 +725,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/cgi/trends.c b/cgi/trends.c
+index b35c18e..895db01 100644
+--- a/cgi/trends.c
++++ b/cgi/trends.c
+@@ -1263,7 +1263,6 @@ int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 
+diff --git a/contrib/daemonchk.c b/contrib/daemonchk.c
+index 78716e5..9bb6c4b 100644
+--- a/contrib/daemonchk.c
++++ b/contrib/daemonchk.c
+@@ -174,7 +174,6 @@ static int process_cgivars(void) {
+ 
+ 		/* do some basic length checking on the variable identifier to prevent buffer overflows */
+ 		if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+-			x++;
+ 			continue;
+ 			}
+ 		}
diff --git a/net-analyzer/nagios-core/files/nagios3 b/net-analyzer/nagios-core/files/nagios3
new file mode 100644
index 000000000000..48b4f46eea3e
--- /dev/null
+++ b/net-analyzer/nagios-core/files/nagios3
@@ -0,0 +1,53 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+nagios_config="/etc/nagios/nagios.cfg"
+nagios_cmdfile="/var/nagios/rw/nagios.cmd"
+
+command="/usr/sbin/nagios"
+command_args="-d ${nagios_config}"
+pidfile="/var/nagios/nagios.lock"
+start_stop_daemon_args="-e HOME=/var/nagios/home"
+
+depend() {
+	need net
+	use dns logger firewall
+	after mysql postgresql
+}
+
+reload()
+{
+	checkconfig || return 1
+	ebegin "Reloading configuration"
+	start-stop-daemon --signal HUP --pidfile ${pidfile}
+	eend $?
+}
+
+checkconfig() {
+	ebegin "Verifying config files"
+
+	# Silent Check
+	/usr/sbin/nagios -v ${nagios_config} &>/dev/null && return 0
+
+	# Now we know there's problem - run again and display errors
+	/usr/sbin/nagios -v ${nagios_config}
+	eend $? "Configuration Error. Please fix your configfile"
+}
+
+start_pre() {
+	checkconfig || return 1
+
+	touch /var/nagios/nagios.log /var/nagios/status.sav
+	chown nagios:nagios /var/nagios/nagios.log /var/nagios/status.sav
+	rm -f ${nagios_cmdfile}
+}
+
+stop_post() {
+	rm -f /var/nagios/status.log /var/nagios/nagios.tmp ${pidfile} \
+		${nagios_cmdfile}
+}