Additional technical context – divergence between main and 4.x-master
list Bruno Manzoni
Hi all,
Below is a summary of the divergence between "main" (4.3.30) and "4.x-master"(4.4 dev).
Repo: github.com/xymon-monitoring/xymon
INTRODUCTION
Goal: identify what exists in "main" and is missing in "4.x-master".
Focus on bug fixes and security.
MISSING COMMITS (GIT commands)
Functional commits present only in main (excluding releases): 28
Scope of unmatched commits:
- 6,489 insertions
- 4,333 deletions
- Net +2,156 LOC (Line of Code)
(See Git commands below.)
MISSING COMMITS without semantic equivalent (AI powered analysis)
Security / CVE
- 484edeb2 – CVE-2019-* buffer overflow / XSS
- 6dbcd04e – CVE-2016-2056 / 2058 command + JS injection
- 1a4511a7 – CVE-2016-2057 IPC permissions
- df404398 – CVE-2016-2055 config file exposure
Crash / memory safety
- ba47d2f9 – xymongen availability segfault
- 81656c6a – crash on missing allevents
- c3a8a2c9 – RPC buffer size miscalculation
- 4f444be0 – netapp RRD memory leak
- bee6eee8 – double-free in xymond
- 1ab01960 – NULL checks to prevent segfault
Correctness / parsing
- 8ab6c328 – RRD DS comma parsing
- eda84777 – SNMPv3 config parsing
- a123a029 – do_temperature parentheses parsing
- 3f266c08 – do_temperature parsing fixes
- 3227f657 – logfetch off-by-one with triggers
- 95092119 – history logs with dash/underscore names
- 9f62e942 – NONETPAGE parsing tightening
Build / portability
- 4e846f16 – GCC diagnostics guards
- b1414cd8 – stdint.h include tightening
- 3eed090e – Fedora/GCC compile fixes
- 0a546cc1 – avoid unnecessary mod_authz_groupfile loading
Total: 21 commits
GIT COMMANDS USED
- Identify unmatched commits:
git log --oneline --cherry-pick --left-right main...4.x-master | grep '^<'
- Per-commit size:
git show --shortstat
- LOC aggregation:
git log --cherry-pick --left-right --numstat main...4.x-master
- Rewrite-aware comparison:
git range-diff --stat 4.3.22-root..main 4.3.22-root..4.x-master
- Security commit isolation:
git log 4.3.22-root..main --oneline | grep -Ei 'CVE|security|XSS|overflow'
I can make mistakes.
Bruno
Below is a summary of the divergence between "main" (4.3.30) and "4.x-master"(4.4 dev).
Repo: github.com/xymon-monitoring/xymon
INTRODUCTION
Goal: identify what exists in "main" and is missing in "4.x-master".
Focus on bug fixes and security.
MISSING COMMITS (GIT commands)
Functional commits present only in main (excluding releases): 28
Scope of unmatched commits:
- 6,489 insertions
- 4,333 deletions
- Net +2,156 LOC (Line of Code)
(See Git commands below.)
MISSING COMMITS without semantic equivalent (AI powered analysis)
Security / CVE
- 484edeb2 – CVE-2019-* buffer overflow / XSS
- 6dbcd04e – CVE-2016-2056 / 2058 command + JS injection
- 1a4511a7 – CVE-2016-2057 IPC permissions
- df404398 – CVE-2016-2055 config file exposure
Crash / memory safety
- ba47d2f9 – xymongen availability segfault
- 81656c6a – crash on missing allevents
- c3a8a2c9 – RPC buffer size miscalculation
- 4f444be0 – netapp RRD memory leak
- bee6eee8 – double-free in xymond
- 1ab01960 – NULL checks to prevent segfault
Correctness / parsing
- 8ab6c328 – RRD DS comma parsing
- eda84777 – SNMPv3 config parsing
- a123a029 – do_temperature parentheses parsing
- 3f266c08 – do_temperature parsing fixes
- 3227f657 – logfetch off-by-one with triggers
- 95092119 – history logs with dash/underscore names
- 9f62e942 – NONETPAGE parsing tightening
Build / portability
- 4e846f16 – GCC diagnostics guards
- b1414cd8 – stdint.h include tightening
- 3eed090e – Fedora/GCC compile fixes
- 0a546cc1 – avoid unnecessary mod_authz_groupfile loading
Total: 21 commits
GIT COMMANDS USED
- Identify unmatched commits:
git log --oneline --cherry-pick --left-right main...4.x-master | grep '^<'
- Per-commit size:
git show --shortstat
- LOC aggregation:
git log --cherry-pick --left-right --numstat main...4.x-master
- Rewrite-aware comparison:
git range-diff --stat 4.3.22-root..main 4.3.22-root..4.x-master
- Security commit isolation:
git log 4.3.22-root..main --oneline | grep -Ei 'CVE|security|XSS|overflow'
I can make mistakes.
Bruno
list Mark Felder
▸
On 1/16/26 12:46, Bruno Manzoni via Xymon wrote:
*MISSING COMMITS without semantic equivalent (AI powered analysis)* Security / CVE - 484edeb2 – CVE-2019-* buffer overflow / XSS - 6dbcd04e – CVE-2016-2056 / 2058 command + JS injection - 1a4511a7 – CVE-2016-2057 IPC permissions - df404398 – CVE-2016-2055 config file exposure Crash / memory safety - ba47d2f9 – xymongen availability segfault - 81656c6a – crash on missing allevents - c3a8a2c9 – RPC buffer size miscalculation - 4f444be0 – netapp RRD memory leak - bee6eee8 – double-free in xymond - 1ab01960 – NULL checks to prevent segfault Correctness / parsing - 8ab6c328 – RRD DS comma parsing - eda84777 – SNMPv3 config parsing - a123a029 – do_temperature parentheses parsing - 3f266c08 – do_temperature parsing fixes - 3227f657 – logfetch off-by-one with triggers - 95092119 – history logs with dash/underscore names - 9f62e942 – NONETPAGE parsing tightening Build / portability - 4e846f16 – GCC diagnostics guards - b1414cd8 – stdint.h include tightening - 3eed090e – Fedora/GCC compile fixes - 0a546cc1 – avoid unnecessary mod_authz_groupfile loading
This is useful, but I think it would be better served as an issue to investigate opened in the git repo. I will say that while I was fixing another issue I encountered:
- 8ab6c328 – RRD DS comma parsing
so I'll have to investigate this commit further. I think cherry-picking these commits is probably a fairly high priority. Thanks Mark
list Bruno Manzoni
Hi Mark, Yes, good idea! Done! Bruno
▸
Le 16.01.2026 à 22:11, Mark Felder via Xymon a écrit :On 1/16/26 12:46, Bruno Manzoni via Xymon wrote:*MISSING COMMITS without semantic equivalent (AI powered analysis)* Security / CVE - 484edeb2 – CVE-2019-* buffer overflow / XSS - 6dbcd04e – CVE-2016-2056 / 2058 command + JS injection - 1a4511a7 – CVE-2016-2057 IPC permissions - df404398 – CVE-2016-2055 config file exposure Crash / memory safety - ba47d2f9 – xymongen availability segfault - 81656c6a – crash on missing allevents - c3a8a2c9 – RPC buffer size miscalculation - 4f444be0 – netapp RRD memory leak - bee6eee8 – double-free in xymond - 1ab01960 – NULL checks to prevent segfault Correctness / parsing - 8ab6c328 – RRD DS comma parsing - eda84777 – SNMPv3 config parsing - a123a029 – do_temperature parentheses parsing - 3f266c08 – do_temperature parsing fixes - 3227f657 – logfetch off-by-one with triggers - 95092119 – history logs with dash/underscore names - 9f62e942 – NONETPAGE parsing tightening Build / portability - 4e846f16 – GCC diagnostics guards - b1414cd8 – stdint.h include tightening - 3eed090e – Fedora/GCC compile fixes - 0a546cc1 – avoid unnecessary mod_authz_groupfile loadingThis is useful, but I think it would be better served as an issue to investigate opened in the git repo. I will say that while I was fixing another issue I encountered:- 8ab6c328 – RRD DS comma parsingso I'll have to investigate this commit further. I think cherry-picking these commits is probably a fairly high priority. Thanks Mark