diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-07-07 07:43:37 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-07-07 07:48:46 +0000 |
commit | 151b7f5b135aace48e29a362401b4e4c4ac79e8f (patch) | |
tree | e5328156a594aa5aaf355d1dc19de87ba7418211 | |
parent | 909606ff2be492d24dbaa11e5d440ffcd7af1df9 (diff) | |
download | aports-151b7f5b135aace48e29a362401b4e4c4ac79e8f.tar.bz2 aports-151b7f5b135aace48e29a362401b4e4c4ac79e8f.tar.xz |
main/cacti: security fix for various CVEs
CVE-2014-2326
CVE-2014-2327
CVE-2014-2328
CVE-2014-2708
CVE-2014-2709
CVE-2014-4002
fixes #3127
(cherry picked from commit fa2998fd037f72a85b53903b13a23d50a22aa3c9)
-rw-r--r-- | main/cacti/APKBUILD | 17 | ||||
-rw-r--r-- | main/cacti/security.patch | 139 |
2 files changed, 150 insertions, 6 deletions
diff --git a/main/cacti/APKBUILD b/main/cacti/APKBUILD index 332a99e639..ad32f080da 100644 --- a/main/cacti/APKBUILD +++ b/main/cacti/APKBUILD @@ -1,14 +1,16 @@ # Maintainer: Jeff Bilyk <jbilyk@gmail.com> pkgname=cacti pkgver=0.8.8b -pkgrel=0 +pkgrel=1 pkgdesc="Network monitoring tool based on RRDtool" url="http://www.cacti.net" arch="noarch" license="GPL" depends="mysql php php-mysql php-snmp rrdtool net-snmp php-sockets php-xml php-gd" -makedepends= -source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz" +makedepends="" +source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz + security.patch + " _builddir="$srcdir"/$pkgname-$pkgver @@ -31,6 +33,9 @@ package() { mv "$srcdir"/$pkgname-$pkgver/* "$pkgdir"/usr/share/webapps/cacti/ || return 1 } -md5sums="acb40deae073ca22e5c01a8e3ba389fb cacti-0.8.8b.tar.gz" -sha256sums="ef0e2a813139e0b4c2e066f0fdae1f4ad086bef0aa23446055df6331cb1af98c cacti-0.8.8b.tar.gz" -sha512sums="98b216f3beb8e90dc554a16ca07cc8b3c9e247335786d8b5e76001d7293251a8a6e03bbe2464f7e9f8e0721359e7cd4a40615dd93ac7b1cc0bec507f01fa24c1 cacti-0.8.8b.tar.gz" +md5sums="acb40deae073ca22e5c01a8e3ba389fb cacti-0.8.8b.tar.gz +bd18f265cca1f9713f88296f0be1ef56 security.patch" +sha256sums="ef0e2a813139e0b4c2e066f0fdae1f4ad086bef0aa23446055df6331cb1af98c cacti-0.8.8b.tar.gz +73758bdf3f7846875f1620c35d1d982fa27366b053d8bd87363c618e7747c163 security.patch" +sha512sums="98b216f3beb8e90dc554a16ca07cc8b3c9e247335786d8b5e76001d7293251a8a6e03bbe2464f7e9f8e0721359e7cd4a40615dd93ac7b1cc0bec507f01fa24c1 cacti-0.8.8b.tar.gz +bed640fb64584b877348cf8163cebe39f6786a2fb8a7e735a81e9a0504b53005feec13e9911566690426f63d120b3744b755c0cbffcb67c44e9fe6dae3ccae80 security.patch" diff --git a/main/cacti/security.patch b/main/cacti/security.patch new file mode 100644 index 0000000000..3891da8ae7 --- /dev/null +++ b/main/cacti/security.patch @@ -0,0 +1,139 @@ +diff -ruBbd cacti-0.8.8b/cdef.php cacti-0.8.8b.patched/cdef.php +--- cacti-0.8.8b/cdef.php 2013-08-06 22:31:19.000000000 -0400 ++++ cacti-0.8.8b.patched/cdef.php 2014-04-04 21:39:04.000000000 -0400 +@@ -431,7 +431,7 @@ + <a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a> + </td> + <td> +- <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong> ++ <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong> + </td> + <td> + <a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a> +diff -ruBbd cacti-0.8.8b/graph_xport.php cacti-0.8.8b.patched/graph_xport.php +--- cacti-0.8.8b/graph_xport.php 2013-08-06 22:31:19.000000000 -0400 ++++ cacti-0.8.8b.patched/graph_xport.php 2014-04-04 21:39:04.000000000 -0400 +@@ -47,43 +47,48 @@ + + $graph_data_array = array(); + ++/* ================= input validation ================= */ ++input_validate_input_number(get_request_var("local_graph_id")); ++input_validate_input_number(get_request_var("rra_id")); ++/* ==================================================== */ ++ + /* override: graph start time (unix time) */ +-if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) { +- $graph_data_array["graph_start"] = $_GET["graph_start"]; ++if (!empty($_GET["graph_start"]) && is_numeric($_GET["graph_start"] && $_GET["graph_start"] < 1600000000)) { ++ $graph_data_array["graph_start"] = get_request_var("graph_start"); + } + + /* override: graph end time (unix time) */ +-if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) { +- $graph_data_array["graph_end"] = $_GET["graph_end"]; ++if (!empty($_GET["graph_end"]) && is_numeric($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) { ++ $graph_data_array["graph_end"] = get_request_var("graph_end"); + } + + /* override: graph height (in pixels) */ +-if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) { +- $graph_data_array["graph_height"] = $_GET["graph_height"]; ++if (!empty($_GET["graph_height"]) && is_numeric($_GET["graph_height"]) && $_GET["graph_height"] < 3000) { ++ $graph_data_array["graph_height"] = get_request_var("graph_height"); + } + + /* override: graph width (in pixels) */ +-if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) { +- $graph_data_array["graph_width"] = $_GET["graph_width"]; ++if (!empty($_GET["graph_width"]) && is_numeric($_GET["graph_width"]) && $_GET["graph_width"] < 3000) { ++ $graph_data_array["graph_width"] = get_request_var("graph_width"); + } + + /* override: skip drawing the legend? */ + if (!empty($_GET["graph_nolegend"])) { +- $graph_data_array["graph_nolegend"] = $_GET["graph_nolegend"]; ++ $graph_data_array["graph_nolegend"] = get_request_var("graph_nolegend"); + } + + /* print RRDTool graph source? */ + if (!empty($_GET["show_source"])) { +- $graph_data_array["print_source"] = $_GET["show_source"]; ++ $graph_data_array["print_source"] = get_request_var("show_source"); + } + +-$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . $_REQUEST["local_graph_id"] . "'"); ++$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . get_request_var("local_graph_id") . "'"); + + /* for bandwidth, NThPercentile */ + $xport_meta = array(); + + /* Get graph export */ +-$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], $_GET["rra_id"], $graph_data_array, $xport_meta); ++$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], get_request_var("rra_id"), $graph_data_array, $xport_meta); + + /* Make graph title the suggested file name */ + if (is_array($xport_array["meta"])) { +diff -ruBbd cacti-0.8.8b/lib/graph_export.php cacti-0.8.8b.patched/lib/graph_export.php +--- cacti-0.8.8b/lib/graph_export.php 2013-08-06 22:31:19.000000000 -0400 ++++ cacti-0.8.8b.patched/lib/graph_export.php 2014-04-04 21:39:05.000000000 -0400 +@@ -339,7 +339,7 @@ + chdir($stExportDir); + + /* set the initial command structure */ +- $stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password']; ++ $stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']); + + /* if the user requested passive mode, use it */ + if ($aFtpExport['passive']) { +@@ -347,7 +347,7 @@ + } + + /* setup the port, server, remote directory and all files */ +- $stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . "."; ++ $stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . "."; + + /* run the command */ + $iExecuteReturns = 0; +diff -ruBbd cacti-0.8.8b/lib/rrd.php cacti-0.8.8b.patched/lib/rrd.php +--- cacti-0.8.8b/lib/rrd.php 2013-08-06 22:31:18.000000000 -0400 ++++ cacti-0.8.8b.patched/lib/rrd.php 2014-04-04 21:39:04.000000000 -0400 +@@ -865,13 +865,13 @@ + /* basic graph options */ + $graph_opts .= + "--imgformat=" . $image_types{$graph["image_format_id"]} . RRD_NL . +- "--start=$graph_start" . RRD_NL . +- "--end=$graph_end" . RRD_NL . ++ "--start=" . cacti_escapeshellarg($graph_start) . RRD_NL . ++ "--end=" . cacti_escapeshellarg($graph_end) . RRD_NL . + "--title=" . cacti_escapeshellarg($graph["title_cache"]) . RRD_NL . + "$rigid" . +- "--base=" . $graph["base_value"] . RRD_NL . +- "--height=$graph_height" . RRD_NL . +- "--width=$graph_width" . RRD_NL . ++ "--base=" . cacti_escapeshellarg($graph["base_value"]) . RRD_NL . ++ "--height=" . cacti_escapeshellarg($graph_height) . RRD_NL . ++ "--width=" . cacti_escapeshellarg($graph_width) . RRD_NL . + "$scale" . + "$unit_value" . + "$unit_exponent_value" . +@@ -1606,8 +1606,8 @@ + + /* basic export options */ + $xport_opts = +- "--start=$xport_start" . RRD_NL . +- "--end=$xport_end" . RRD_NL . ++ "--start=" . cacti_escapeshellarg($xport_start) . RRD_NL . ++ "--end=" . cacti_escapeshellarg($xport_end) . RRD_NL . + "--maxrows=10000" . RRD_NL; + + $xport_defs = ""; +@@ -1997,7 +1997,7 @@ + $stacked_columns["col" . $j] = ($graph_item_types{$xport_item["graph_type_id"]} == "STACK") ? 1 : 0; + $j++; + +- $txt_xport_items .= "XPORT:" . $data_source_name . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ; ++ $txt_xport_items .= "XPORT:" . cacti_escapeshellarg($data_source_name) . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ; + }else{ + $need_rrd_nl = FALSE; + } |