From 74c4c7b061e71bf5b0407542599318de00d01895 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Fri, 12 Apr 2013 08:12:17 +0000 Subject: main/nagios: security fix (CVE-2012-6096) fixes #1701 --- main/nagios/APKBUILD | 18 +++++++++++++++--- main/nagios/CVE-2012-6096.patch | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 main/nagios/CVE-2012-6096.patch diff --git a/main/nagios/APKBUILD b/main/nagios/APKBUILD index e505ccd36..e69632b5d 100644 --- a/main/nagios/APKBUILD +++ b/main/nagios/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter pkgname=nagios pkgver=3.3.1 -pkgrel=0 +pkgrel=1 pkgdesc="Popular monitoring tool" url="http://www.nagios.org/" arch="all" @@ -13,12 +13,23 @@ makedepends="gd-dev pkgconfig perl-dev libpng-dev libjpeg perl-net-snmp" source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz nagios.confd nagios.initd - lighttpd-nagios.conf" + lighttpd-nagios.conf + CVE-2012-6096.patch + " subpackages="${pkgname}-web" pkgusers="nagios" pkggroups="nagios" _builddir="$srcdir/$pkgname" +prepare() { + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + build() { cd "$_builddir" @@ -62,4 +73,5 @@ web() { md5sums="c935354ce0d78a63bfabc3055fa77ad5 nagios-3.3.1.tar.gz 431dfe7403323e247a88b97beade5d78 nagios.confd 2ead8695b32222abe922692664aa9de1 nagios.initd -d63c36f47d26f1f71ae2faf272eec640 lighttpd-nagios.conf" +d63c36f47d26f1f71ae2faf272eec640 lighttpd-nagios.conf +507cb7a3143b91d17af7b3013b488d7b CVE-2012-6096.patch" diff --git a/main/nagios/CVE-2012-6096.patch b/main/nagios/CVE-2012-6096.patch new file mode 100644 index 000000000..018d2c86c --- /dev/null +++ b/main/nagios/CVE-2012-6096.patch @@ -0,0 +1,40 @@ +--- ./cgi/history.c.orig ++++ ./cgi/history.c +@@ -805,16 +805,16 @@ + else if(display_type == DISPLAY_HOSTS) { + + if(history_type == HOST_HISTORY || history_type == SERVICE_HISTORY) { +- sprintf(match1, " HOST ALERT: %s;", host_name); +- sprintf(match2, " SERVICE ALERT: %s;", host_name); ++ snprintf(match1, sizeof(match1), " HOST ALERT: %s;", host_name); ++ snprintf(match2, sizeof(match2), " SERVICE ALERT: %s;", host_name); + } + else if(history_type == HOST_FLAPPING_HISTORY || history_type == SERVICE_FLAPPING_HISTORY) { +- sprintf(match1, " HOST FLAPPING ALERT: %s;", host_name); +- sprintf(match2, " SERVICE FLAPPING ALERT: %s;", host_name); ++ snprintf(match1, sizeof(match1), " HOST FLAPPING ALERT: %s;", host_name); ++ snprintf(match2, sizeof(match2), " SERVICE FLAPPING ALERT: %s;", host_name); + } + else if(history_type == HOST_DOWNTIME_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY) { +- sprintf(match1, " HOST DOWNTIME ALERT: %s;", host_name); +- sprintf(match2, " SERVICE DOWNTIME ALERT: %s;", host_name); ++ snprintf(match1, sizeof(match1), " HOST DOWNTIME ALERT: %s;", host_name); ++ snprintf(match2, sizeof(match2), " SERVICE DOWNTIME ALERT: %s;", host_name); + } + + if(show_all_hosts == TRUE) +@@ -853,11 +853,11 @@ + else if(display_type == DISPLAY_SERVICES) { + + if(history_type == SERVICE_HISTORY) +- sprintf(match1, " SERVICE ALERT: %s;%s;", host_name, svc_description); ++ snprintf(match1, sizeof(match1), " SERVICE ALERT: %s;%s;", host_name, svc_description); + else if(history_type == SERVICE_FLAPPING_HISTORY) +- sprintf(match1, " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description); ++ snprintf(match1, sizeof(match1), " SERVICE FLAPPING ALERT: %s;%s;", host_name, svc_description); + else if(history_type == SERVICE_DOWNTIME_HISTORY) +- sprintf(match1, " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description); ++ snprintf(match1, sizeof(match1), " SERVICE DOWNTIME ALERT: %s;%s;", host_name, svc_description); + + if(strstr(temp_buffer, match1) && (history_type == SERVICE_HISTORY || history_type == SERVICE_FLAPPING_HISTORY || history_type == SERVICE_DOWNTIME_HISTORY)) + display_line = TRUE; -- cgit v1.2.3