main/nagios: security fix (CVE-2012-6096)

fixes #1701

2 files changed, 55 insertions, 3 deletions

diff --git a/main/nagios/APKBUILD b/main/nagios/APKBUILD
index e505ccd36..e69632b5d 100644
--- a/main/nagios/APKBUILD
+++ b/main/nagios/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=nagios
 pkgver=3.3.1
-pkgrel=0
+pkgrel=1
 pkgdesc="Popular monitoring tool"
 url="http://www.nagios.org/"
 arch="all"
@@ -13,12 +13,23 @@ makedepends="gd-dev pkgconfig perl-dev libpng-dev libjpeg perl-net-snmp"
 source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
 	nagios.confd
 	nagios.initd
-	lighttpd-nagios.conf"
+	lighttpd-nagios.conf
+	CVE-2012-6096.patch
+	"
 subpackages="${pkgname}-web"
 pkgusers="nagios"
 pkggroups="nagios"
 
 _builddir="$srcdir/$pkgname"
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
 
 build() {
 	cd "$_builddir"
@@ -62,4 +73,5 @@ web() {
 md5sums="c935354ce0d78a63bfabc3055fa77ad5  nagios-3.3.1.tar.gz
 431dfe7403323e247a88b97beade5d78  nagios.confd
 2ead8695b32222abe922692664aa9de1  nagios.initd
-d63c36f47d26f1f71ae2faf272eec640  lighttpd-nagios.conf"
+d63c36f47d26f1f71ae2faf272eec640  lighttpd-nagios.conf
+507cb7a3143b91d17af7b3013b488d7b  CVE-2012-6096.patch"
diff --git a/main/nagios/CVE-2012-6096.patch b/main/nagios/CVE-2012-6096.patch
new file mode 100644
index 000000000..018d2c86c
--- /dev/null
+++ b/main/nagios/CVE-2012-6096.patch
@@ -0,0 +1,40 @@
+--- ./cgi/history.c.orig
++++ ./cgi/history.c
+@@ -805,16 +805,16 @@
+ 			else if(display_type == DISPLAY_HOSTS) {

+ 

+ 				if(history_type == HOST_HISTORY || history_type == SERVICE_HISTORY) {

+-					sprintf(match1, " HOST ALERT: %s;", host_name);

+-					sprintf(match2, " SERVICE ALERT: %s;", host_name);

++					snprintf(match1, sizeof(match1), " HOST ALERT: %s;", host_name);

++					snprintf(match2, sizeof(match2), " SERVICE ALERT: %s;", host_name);

+ 					}

+ 				else if(history_type == HOST_FLAPPING_HISTORY || history_type == SERVICE_FLAPPING_HISTORY) {

+-					sprintf(match1, " HOST FLAPPING ALERT: %s;", host_name);

+-					sprintf(match2, " SERVICE FLAPPING ALERT: %s;", host_name);

++					snprintf(match1, sizeof(match1), " HOST FLAPPING ALERT: %s;", host_name);

++					snprintf(match2, sizeof(match2), " SERVICE FLAPPING ALERT: %s;", host_name);

+ 					}

+ 				else if(history_type == HOST_DOWNTIME_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY) {

+-					sprintf(match1, " HOST DOWNTIME ALERT: %s;", host_name);

+-					sprintf(match2, " SERVICE DOWNTIME ALERT: %s;", host_name);

++					snprintf(match1, sizeof(match1), " HOST DOWNTIME ALERT: %s;", host_name);

++					snprintf(match2, sizeof(match2), " SERVICE DOWNTIME ALERT: %s;", host_name);

+ 					}

+ 

+ 				if(show_all_hosts == TRUE)

+@@ -853,11 +853,11 @@
+ 			else if(display_type == DISPLAY_SERVICES) {

+ 

+ 				if(history_type == SERVICE_HISTORY)

+-					sprintf(match1, " SERVICE ALERT: %s;%s;", host_name, svc_description);

++					snprintf(match1, sizeof(match1), " SERVICE ALERT: %s;%s;", host_name, svc_description);

+ 				else if(history_type == SERVICE_FLAPPING_HISTORY)

+-					sprintf(match1, " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);

++					snprintf(match1, sizeof(match1), " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description);

+ 				else if(history_type == SERVICE_DOWNTIME_HISTORY)

+-					sprintf(match1, " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);

++					snprintf(match1, sizeof(match1), " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description);

+ 

+ 				if(strstr(temp_buffer, match1) && (history_type == SERVICE_HISTORY || history_type == SERVICE_FLAPPING_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY))

+ 					display_line = TRUE;