main/nagios: security fix (CVE-2012-6096)

fixes #1703

2 files changed, 48 insertions, 4 deletions

diff --git a/main/nagios/APKBUILD b/main/nagios/APKBUILD
index c26ee8d23a..859a5b8c6c 100644
--- a/main/nagios/APKBUILD
+++ b/main/nagios/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Carlo Landmeter <clandmeter at gmail>
 pkgname=nagios
 pkgver=3.2.3
-pkgrel=5
+pkgrel=6
 pkgdesc="Popular monitoring tool"
 url="http://www.nagios.org/"
 arch="all"
@@ -14,13 +14,14 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
 	cve-2011-1523.patch
 	nagios.confd
 	nagios.initd
-	lighttpd-nagios.conf"
+	lighttpd-nagios.conf
+	CVE-2012-6096.patch
+	"
 subpackages="${pkgname}-web"
 pkgusers="nagios"
 pkggroups="nagios"
 
 _builddir="$srcdir/$pkgname-$pkgver"
-
 prepare() {
 	cd "$_builddir"
 	for i in $source; do
@@ -73,4 +74,5 @@ md5sums="fe1be46e6976a52acdb021a782b5d04b  nagios-3.2.3.tar.gz
 1d55432308d049f2c0dbbbbe1322d83e  cve-2011-1523.patch
 431dfe7403323e247a88b97beade5d78  nagios.confd
 2ead8695b32222abe922692664aa9de1  nagios.initd
-d63c36f47d26f1f71ae2faf272eec640  lighttpd-nagios.conf"
+d63c36f47d26f1f71ae2faf272eec640  lighttpd-nagios.conf
+22239c4df4d5e7f8e3aea19b276a9974  CVE-2012-6096.patch"
diff --git a/main/nagios/CVE-2012-6096.patch b/main/nagios/CVE-2012-6096.patch
new file mode 100644
index 0000000000..1ce1790bab
--- /dev/null
+++ b/main/nagios/CVE-2012-6096.patch
@@ -0,0 +1,42 @@
+diff --git a/cgi/history.c b/cgi/history.c
+index 23c1146..9e018db 100644
+--- a/cgi/history.c
++++ b/cgi/history.c
+@@ -805,16 +805,16 @@ void get_history(void){
+ 			else if(display_type==DISPLAY_HOSTS){
+ 
+ 				if(history_type==HOST_HISTORY || history_type==SERVICE_HISTORY){
+-					sprintf(match1," HOST ALERT: %s;",host_name);
+-					sprintf(match2," SERVICE ALERT: %s;",host_name);
++					snprintf(match1, sizeof(match1), " HOST ALERT: %s;",host_name);
++					snprintf(match2, sizeof(match2), " SERVICE ALERT: %s;",host_name);
+ 				        }
+ 				else if(history_type==HOST_FLAPPING_HISTORY || history_type==SERVICE_FLAPPING_HISTORY){
+-					sprintf(match1," HOST FLAPPING ALERT: %s;",host_name);
+-					sprintf(match2," SERVICE FLAPPING ALERT: %s;",host_name);
++					snprintf(match1, sizeof(match1), " HOST FLAPPING ALERT: %s;",host_name);
++					snprintf(match2, sizeof(match2), " SERVICE FLAPPING ALERT: %s;",host_name);
+ 				        }
+ 				else if(history_type==HOST_DOWNTIME_HISTORY || history_type==SERVICE_DOWNTIME_HISTORY){
+-					sprintf(match1," HOST DOWNTIME ALERT: %s;",host_name);
+-					sprintf(match2," SERVICE DOWNTIME ALERT: %s;",host_name);
++					snprintf(match1, sizeof(match1), " HOST DOWNTIME ALERT: %s;",host_name);
++					snprintf(match2, sizeof(match2), " SERVICE DOWNTIME ALERT: %s;",host_name);
+ 				        }
+ 
+ 				if(show_all_hosts==TRUE)
+@@ -853,11 +853,11 @@ void get_history(void){
+ 			else if(display_type==DISPLAY_SERVICES){
+ 
+ 				if(history_type==SERVICE_HISTORY)
+-					sprintf(match1," SERVICE ALERT: %s;%s;",host_name,svc_description);
++					snprintf(match1, sizeof(match1), " SERVICE ALERT: %s;%s;",host_name,svc_description);
+ 				else if(history_type==SERVICE_FLAPPING_HISTORY)
+-					sprintf(match1," SERVICE FLAPPING ALERT: %s;%s;",host_name,svc_description);
++					snprintf(match1, sizeof(match1), " SERVICE FLAPPING ALERT: %s;%s;",host_name,svc_description);
+ 				else if(history_type==SERVICE_DOWNTIME_HISTORY)
+-					sprintf(match1," SERVICE DOWNTIME ALERT: %s;%s;",host_name,svc_description);
++					snprintf(match1, sizeof(match1), " SERVICE DOWNTIME ALERT: %s;%s;",host_name,svc_description);
+ 
+ 				if(strstr(temp_buffer,match1) && (history_type==SERVICE_HISTORY || history_type==SERVICE_FLAPPING_HISTORY || history_type==SERVICE_DOWNTIME_HISTORY))
+ 					display_line=TRUE;