NAV 3.1.1 is out

NAV - Network Administration Visualized
1

[html] 

NAV 3.1.0 is now available for download at SourceForge, see
http://sourceforge.net/projects/nav  :frowning: 

This is mainly a bugfix release, and some serious issues have been fixed
in this version, including one security vulnerability discovered by Jim
Gallacher.

Binary packages for Debian will be available at a later time. The Debian
package is maintained by Morten Werner Olsen, and he is currently
polishing his nearly finished packaging of the 3.1.0 release.

We would also like to welcome anyone interested in maintaining packages
for RPM-based distributions!


– 
mvh
Morten Vold
UNINETT







=============================
 Release notes for NAV 3.1.1
=============================
Please report bugs at http://sourceforge.net/projects/nav

Upgrading from NAV 3.0.1
========================

An old error, confusing HP hardware versions with firmware versions, caused
storms of incorrect devHwVerChanged alerts for HP equipment in previous
versions of NAV.  The fix in version 3.1.1 involves changing an entry in the
NAVdb’s snmpoid table - the entry for oidkey=‘hpHwVer’ should be changed to
’hpFwVer’.

The new hpFwVer OID will be inserted into the snmpoid table when you re-run
the snmpoid.sql script, but to make sure the existing entry is renamed, the
following SQL command should be performed on the manage database using psql
(running psql manage as the postgres user):

  UPDATE snmpoid 
  SET oidkey=‘hpFwVer’, descr=‘Firmware revision number’ 
  WHERE snmpoid = ‘1.3.6.1.4.1.11.2.14.11.5.1.1.4.0’
    AND oidkey=‘hpHwVer’;


Upgrading from NAV 3.0
======================

Database upgrade
----------------
You must remember to upgrade your database scheme. The new Arnold subsystem
requires its own database.  Please read doc/sql/README for instructions on how
to create this database and initialize it.  Use the script and instructions
provided in doc/sql/upgrades/3.1.0.sql to upgrade the rest of the database
schema.

The recommended database setup has changed.  Previously, the README suggested
creating two database users navread and navwrite, and sometimes even a
manage superuser.  It then suggested creating the NAV databases as the
postgres/manage superuser, while the provided sql scripts would grant
read/write privileges on the tables to the navread and navwrite users.  The
new recommendation is to create only one database user called nav, and
specify this user as the owner of the databases when creating them.  Hence,
the provided db.conf has been changed to reference only this one user.

PostgreSQL versions prior to 8.0 do not have explicit commands to change a
database’s owner.  Because of this, we’ve prepared an SQL script which should
be suitable to use for upgrading to the new user scheme on both PostgreSQL 7.4
and 8.  Be warned though, that this script will create a new database user
called nav, DELETE the old users and reset all privileges on the NAV tables.
If you’ve made any customizations here, they will be lost by running the
script.

The script is located in doc/sql/upgrades/3.0-to-3.1-users.sql.  To run it,
simply perform the following as the postgres user:

  psql -f doc/sql/upgrades/3.0-to-3.1-users.sql template1

If you don’t want to use this script, and you are running PostgreSQL 8.0 or
newer, you can create the nav user as suggested in the README, and the use
the following SQL commands to make it the owner of the NAV databases:

  ALTER DATABASE manage OWNER TO nav;
  ALTER DATABASE navprofiles OWNER TO nav;
  ALTER DATABASE logger OWNER TO nav;

Which ever solution you choose, make sure to update your db.conf to at least
include the bits about Arnold in the db.conf supplied with this version.


pysnmp
------
pysnmp must be downgraded to version 2.  Any release from the major version 2
will do, as of this writing the latest version is 2.0.9.


forgetSQL
---------
forgetSQL 0.5.1 has a bug which may affect the web interface of NAV 3.1 in
weird ways (looks like a deadlock, which makes page loads hang forever). The
upstream author is working on making a bugfix release, but if you’re an
impatient expert, you can manually patch your forgetSQL 0.5.1 installation.
The patch is contained in contrib/patches/forgetSQL-0.5.1.patch (this is the
same patch that was sent upstream).


Version 3.1.1
(released 08 November 2006)

 Security fixes:

 * The session mechanism of the web interface contained a potential directory
   traversal vulnerability.  A mitigating factor was that an attacker would
   first need write access to the local file system of the NAV server.  The
   vulnerability was discovered by Jim Gallacher, and is similar to a
   vulnerability discovered in mod_python:
   http://issues.apache.org/jira/browse/MODPYTHON-135

 Bugfixes:

 * getDeviceData no longer attempts to map Cisco submodules into NAV’s data
   model.  This solves several Cisco related module problems.

 * Any module without switch ports would erroneously be detected as down when
   the module monitor ran single handedly.  Typically, they would stay marked
   as down for five hours, go up for one hour, then down again for another
   five (#1583453).

 * getDeviceData threads working with equipment that enabled VLANs above 1023
   would crash, causing incomplete information to be collected from these
   devices…  It no longer crashes, but NAV still will not properly support
   more than 1024 vlans (#1518783)

 * getDeviceData should no longer generate repeated, incorrect
   deviceHwVerChanged alerts for HP equipment (#1550393).

 * Fixed bug that would cause a getDeviceData collector thread to crash when a
   device appeared not to support the ifHighSpeed OID.

 * A couple of getDeviceData plugins had NullPointerExceptions.

 * Initial Cricket/makecricketconfig setup was botched after directory
   restructuing.  Makecricketconfig is now more flexible when locating a
   system’s cricket installation, and where its config and data are placed.

 * Some SQL errors in EditDB were fixed.

 * Fixed bugs in SNMP getnext handling in EditDB.

 * Fixed an EditDB hardcoded limitation of 10 characters in an IP device’s
   orgid field - the database allows up to 30 characters.

 * EditDB would crash when inserting devices that happened to return non-ASCII
   serial numbers.  Non-ASCII serial numbers are now ignored.

 * Removed code from networkDiscovery that attempted to traverse non-routed
   VLANs.  This code was not properly tested, and potentially caused several
   topology related problems.

 * Build/install errors related to Arnold were fixed.

 * A bug caused by hardcoded values in Arnold prevented it from blocking ports
   on equipment of other categories than EDGE, even if it was configured to
   allow this.

 * Status page preferences no longer crashes with a Python traceback
   (#1521695).

 * The Traffic Map admin buttons no longer disappear when the Traffic Map
   applet is reloaded (#1495566).
 
 * The traffic map would never display any load data for links on interfaces
   with spaces in their names (such as ATM interfaces on Cisco devices).

 * The “black load” syndrome of the Traffic Map has been compensated for. 

 * The cam collector would not insert port numbers in cam records unless NAV
   had collected proper ifName/ifDescr values for the ports in question.

 * The pping and servicemon processes now properly perform a double fork and
   detach completely from the controlling terminal when daemonized.  When the
   daemons had been started/restarted in an SSH session, this bug would
   sometimes cause said SSH session to hang on logout.

 * Fixed a bug which rendered NAV’s Cheetah templates incompatible with
   Cheetah 2.

 * Various other small bugfixes and cosmetic changes.

[/html]