Additional technical context – divergence between main and 4.x-master
Hi all,
Below is *a summary of the divergence* between "*main" (4.3.30) *and "*4.x-master"(4.4 dev). *Repo: github.com/xymon-monitoring/*xymon*
*INTRODUCTION*
*Goal: identify what exists in "main" and is missing in "4.x-master".* Focus on bug fixes and security.
*MISSING COMMITS (GIT commands)* Functional commits present only in main (excluding releases): 28
Scope of unmatched commits:
- 6,489 insertions
- 4,333 deletions
- Net +2,156 LOC (Line of Code) (See Git commands below.)
*MISSING COMMITS without semantic equivalent (AI powered analysis)* Security / CVE
- 484edeb2 – CVE-2019-* buffer overflow / XSS
- 6dbcd04e – CVE-2016-2056 / 2058 command + JS injection
- 1a4511a7 – CVE-2016-2057 IPC permissions
- df404398 – CVE-2016-2055 config file exposure
Crash / memory safety
- ba47d2f9 – xymongen availability segfault
- 81656c6a – crash on missing allevents
- c3a8a2c9 – RPC buffer size miscalculation
- 4f444be0 – netapp RRD memory leak
- bee6eee8 – double-free in xymond
- 1ab01960 – NULL checks to prevent segfault
Correctness / parsing
- 8ab6c328 – RRD DS comma parsing
- eda84777 – SNMPv3 config parsing
- a123a029 – do_temperature parentheses parsing
- 3f266c08 – do_temperature parsing fixes
- 3227f657 – logfetch off-by-one with triggers
- 95092119 – history logs with dash/underscore names
- 9f62e942 – NONETPAGE parsing tightening
Build / portability
- 4e846f16 – GCC diagnostics guards
- b1414cd8 – stdint.h include tightening
- 3eed090e – Fedora/GCC compile fixes
- 0a546cc1 – avoid unnecessary mod_authz_groupfile loading
Total: 21 commits
*GIT COMMANDS USED *
- Identify unmatched commits: git log --oneline --cherry-pick --left-right main...4.x-master | grep '^<'
- Per-commit size: git show --shortstat
- LOC aggregation: git log --cherry-pick --left-right --numstat main...4.x-master
- Rewrite-aware comparison: git range-diff --stat 4.3.22-root..main 4.3.22-root..4.x-master
- Security commit isolation: git log 4.3.22-root..main --oneline | grep -Ei 'CVE|security|XSS|overflow'
I can make mistakes.
Bruno
On 1/16/26 12:46, Bruno Manzoni via Xymon wrote:
*MISSING COMMITS without semantic equivalent (AI powered analysis)* Security / CVE
- 484edeb2 – CVE-2019-* buffer overflow / XSS
- 6dbcd04e – CVE-2016-2056 / 2058 command + JS injection
- 1a4511a7 – CVE-2016-2057 IPC permissions
- df404398 – CVE-2016-2055 config file exposure
Crash / memory safety
- ba47d2f9 – xymongen availability segfault
- 81656c6a – crash on missing allevents
- c3a8a2c9 – RPC buffer size miscalculation
- 4f444be0 – netapp RRD memory leak
- bee6eee8 – double-free in xymond
- 1ab01960 – NULL checks to prevent segfault
Correctness / parsing
- 8ab6c328 – RRD DS comma parsing
- eda84777 – SNMPv3 config parsing
- a123a029 – do_temperature parentheses parsing
- 3f266c08 – do_temperature parsing fixes
- 3227f657 – logfetch off-by-one with triggers
- 95092119 – history logs with dash/underscore names
- 9f62e942 – NONETPAGE parsing tightening
Build / portability
- 4e846f16 – GCC diagnostics guards
- b1414cd8 – stdint.h include tightening
- 3eed090e – Fedora/GCC compile fixes
- 0a546cc1 – avoid unnecessary mod_authz_groupfile loading
This is useful, but I think it would be better served as an issue to investigate opened in the git repo. I will say that while I was fixing another issue I encountered:
- 8ab6c328 – RRD DS comma parsing
so I'll have to investigate this commit further. I think cherry-picking these commits is probably a fairly high priority.
Thanks
Mark
Hi Mark, Yes, good idea! Done! Bruno
Le 16.01.2026 à 22:11, Mark Felder via Xymon a écrit :
On 1/16/26 12:46, Bruno Manzoni via Xymon wrote:
*MISSING COMMITS without semantic equivalent (AI powered analysis)* Security / CVE
- 484edeb2 – CVE-2019-* buffer overflow / XSS
- 6dbcd04e – CVE-2016-2056 / 2058 command + JS injection
- 1a4511a7 – CVE-2016-2057 IPC permissions
- df404398 – CVE-2016-2055 config file exposure
Crash / memory safety
- ba47d2f9 – xymongen availability segfault
- 81656c6a – crash on missing allevents
- c3a8a2c9 – RPC buffer size miscalculation
- 4f444be0 – netapp RRD memory leak
- bee6eee8 – double-free in xymond
- 1ab01960 – NULL checks to prevent segfault
Correctness / parsing
- 8ab6c328 – RRD DS comma parsing
- eda84777 – SNMPv3 config parsing
- a123a029 – do_temperature parentheses parsing
- 3f266c08 – do_temperature parsing fixes
- 3227f657 – logfetch off-by-one with triggers
- 95092119 – history logs with dash/underscore names
- 9f62e942 – NONETPAGE parsing tightening
Build / portability
- 4e846f16 – GCC diagnostics guards
- b1414cd8 – stdint.h include tightening
- 3eed090e – Fedora/GCC compile fixes
- 0a546cc1 – avoid unnecessary mod_authz_groupfile loading
This is useful, but I think it would be better served as an issue to investigate opened in the git repo. I will say that while I was fixing another issue I encountered:
- 8ab6c328 – RRD DS comma parsing
so I'll have to investigate this commit further. I think cherry-picking these commits is probably a fairly high priority.
Thanks
Mark
Xymon mailing list -- xymon@xymon.com To unsubscribe send an email to xymon-leave@xymon.com
participants (2)
-
Bruno Manzoni
-
Mark Felder