diff options
Diffstat (limited to 'main/mosquitto')
| -rw-r--r-- | main/mosquitto/APKBUILD | 13 | ||||
| -rw-r--r-- | main/mosquitto/mosquitto-1.4.x-cve-2018-12550.patch | 28 | ||||
| -rw-r--r-- | main/mosquitto/mosquitto-1.4.x-cve-2018-12551.patch | 94 |
3 files changed, 133 insertions, 2 deletions
diff --git a/main/mosquitto/APKBUILD b/main/mosquitto/APKBUILD index 04dbd89737..9be9820bd4 100644 --- a/main/mosquitto/APKBUILD +++ b/main/mosquitto/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=mosquitto pkgver=1.4.15 -pkgrel=3 +pkgrel=4 pkgdesc="An Open Source MQTT v3.1 Broker" url="http://mosquitto.org/" arch="all" @@ -18,10 +18,17 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-libs++:_pp $pkgname-openrc source="http://mosquitto.org/files/source/$pkgname-$pkgver.tar.gz libressl.patch config.patch - mosquitto.initd" + mosquitto-1.4.x-cve-2018-12550.patch + mosquitto-1.4.x-cve-2018-12551.patch + + mosquitto.initd + " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 1.4.15-r4: +# - CVE-2018-12550 +# - CVE-2018-12551 # 1.4.15-r0: # - CVE-2017-7652 # - CVE-2017-7651 @@ -89,4 +96,6 @@ clients() { sha512sums="36b06547553cf28af3ca9b728c42fc27e849c4ae84d7964572d430233ab26e2b59eee2a215ac23ddf2d0bef419e7c70e64e2a22c397fadb3e0677314d03f1100 mosquitto-1.4.15.tar.gz 53859b628f965b77f6e47910c0ceba2f2737b815131ed800dc64a80419e434d25b5ba0938ae645882e9aa5d475d4940c7d35cc6d56f54bc4937a66b32d7db4ad libressl.patch d5442373ae6ae8bc83eee59b425fbd76e80f905b9fd2bd2ed2a37a7e156fe95a9cf477c9c4dac0975c5fd90e70884de6fb8a16aefcd37b239199d5deae50b7d2 config.patch +58cf7211781c07d25ad555e982b66aca716230698ad239b964de073bb41dc2566d2c6fde379ded18106f704aba864859e36cb39c4c85762d00b5ed4f2b5cef58 mosquitto-1.4.x-cve-2018-12550.patch +b1ba9d61ede7b7f0232811d6e2381a2943ed12a3c8b83ea2c2e1d3fce153260565f48ca900d4e0590688031013e1f425dfa8b1d89e0f1194516438b42dc158e2 mosquitto-1.4.x-cve-2018-12551.patch 16f96d8f7f3a8b06e2b2e04d42d7e0d89a931b52277fc017e4802f7a3bc85aff4dd290b1a0c40382ea8f5568d0ceb7319c031d9be916f346d805231a002b0433 mosquitto.initd" diff --git a/main/mosquitto/mosquitto-1.4.x-cve-2018-12550.patch b/main/mosquitto/mosquitto-1.4.x-cve-2018-12550.patch new file mode 100644 index 0000000000..c6a4d9406e --- /dev/null +++ b/main/mosquitto/mosquitto-1.4.x-cve-2018-12550.patch @@ -0,0 +1,28 @@ +Description: Fix for CVE-2018-12550 +Author: Roger Light <roger@atchoo.org> +Forwarded: not-needed +Origin: upstream, https://mosquitto.org/files/cve/2018-12550/mosquitto-1.4.x_cve-2018-12550.patch +Index: mosquitto-1.4.10/src/security_default.c +=================================================================== +--- mosquitto-1.4.10.orig/src/security_default.c ++++ mosquitto-1.4.10/src/security_default.c +@@ -231,7 +231,7 @@ int mosquitto_acl_check_default(struct m + char *s; + + if(!db || !context || !topic) return MOSQ_ERR_INVAL; +- if(!db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS; ++ if(!db->config->acl_file && !db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS; + if(context->bridge) return MOSQ_ERR_SUCCESS; + if(!context->acl_list && !db->acl_patterns) return MOSQ_ERR_ACL_DENIED; + +@@ -442,6 +442,10 @@ static int _aclfile_parse(struct mosquit + fclose(aclfile); + return 1; + } ++ }else{ ++ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid line in acl_file \"%s\": %s.", db->config->acl_file, buf); ++ fclose(aclfile); ++ return 1; + } + } + } diff --git a/main/mosquitto/mosquitto-1.4.x-cve-2018-12551.patch b/main/mosquitto/mosquitto-1.4.x-cve-2018-12551.patch new file mode 100644 index 0000000000..fee254dea8 --- /dev/null +++ b/main/mosquitto/mosquitto-1.4.x-cve-2018-12551.patch @@ -0,0 +1,94 @@ +Description: Fix for CVE-2018-12551 +Author: Roger Light <roger@atchoo.org> +Forwarded: not-needed +Origin: upstream, https://mosquitto.org/files/cve/2018-12551/mosquitto-1.4.x_cve-2018-12551.patch +Index: mosquitto-1.4.10/src/security_default.c +=================================================================== +--- mosquitto-1.4.10.orig/src/security_default.c ++++ mosquitto-1.4.10/src/security_default.c +@@ -556,6 +556,9 @@ static int _pwfile_parse(const char *fil + + while(!feof(pwfile)){ + if(fgets(buf, 256, pwfile)){ ++ if(buf[0] == '#') continue; ++ if(!strchr(buf, ':')) continue; ++ + username = strtok_r(buf, ":", &saveptr); + if(username){ + unpwd = _mosquitto_calloc(1, sizeof(struct _mosquitto_unpwd)); +@@ -588,8 +591,13 @@ static int _pwfile_parse(const char *fil + unpwd->password[len-1] = '\0'; + len = strlen(unpwd->password); + } ++ ++ HASH_ADD_KEYPTR(hh, *root, unpwd->username, strlen(unpwd->username), unpwd); ++ }else{ ++ _mosquitto_log_printf(NULL, MOSQ_LOG_NOTICE, "Warning: Invalid line in password file '%s': %s", file, buf); ++ _mosquitto_free(unpwd->username); ++ _mosquitto_free(unpwd); + } +- HASH_ADD_KEYPTR(hh, *root, unpwd->username, strlen(unpwd->username), unpwd); + } + } + } +@@ -626,34 +634,39 @@ static int _unpwd_file_parse(struct mosq + token = strtok(NULL, "$"); + if(token){ + rc = _base64_decode(token, &salt, &salt_len); +- if(rc){ +- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password salt for user %s.", u->username); +- return MOSQ_ERR_INVAL; +- } +- u->salt = salt; +- u->salt_len = salt_len; +- token = strtok(NULL, "$"); +- if(token){ +- rc = _base64_decode(token, &password, &password_len); +- if(rc){ +- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password for user %s.", u->username); +- return MOSQ_ERR_INVAL; ++ if(rc == MOSQ_ERR_SUCCESS && salt_len == 12){ ++ u->salt = salt; ++ u->salt_len = salt_len; ++ token = strtok(NULL, "$"); ++ if(token){ ++ rc = _base64_decode(token, &password, &password_len); ++ if(rc == MOSQ_ERR_SUCCESS && password_len == 64){ ++ _mosquitto_free(u->password); ++ u->password = (char *)password; ++ u->password_len = password_len; ++ }else{ ++ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password for user %s, removing entry.", u->username); ++ HASH_DEL(db->unpwd, u); ++ } ++ }else{ ++ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s, removing entry.", u->username); ++ HASH_DEL(db->unpwd, u); + } +- _mosquitto_free(u->password); +- u->password = (char *)password; +- u->password_len = password_len; + }else{ +- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s.", u->username); +- return MOSQ_ERR_INVAL; ++ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password salt for user %s, removing entry.", u->username); ++ HASH_DEL(db->unpwd, u); + } + }else{ +- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s.", u->username); +- return MOSQ_ERR_INVAL; ++ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s, removing entry.", u->username); ++ HASH_DEL(db->unpwd, u); + } + }else{ +- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s.", u->username); +- return MOSQ_ERR_INVAL; ++ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s, removing entry.", u->username); ++ HASH_DEL(db->unpwd, u); + } ++ }else{ ++ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Missing password hash for user %s, removing entry.", u->username); ++ HASH_DEL(db->unpwd, u); + } + } + #endif |