aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2019-06-05 13:39:23 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2019-06-05 14:16:54 +0000
commit165df433b6fd3e30ce578c4f54946a2079aa963c (patch)
tree8cadd989ee3d17d31ad72bb9c654be684a024bd6
parent18070a9ba09af91c141de190a77de4d154f310e4 (diff)
downloadaports-165df433b6fd3e30ce578c4f54946a2079aa963c.tar.gz
aports-165df433b6fd3e30ce578c4f54946a2079aa963c.tar.bz2
aports-165df433b6fd3e30ce578c4f54946a2079aa963c.tar.xz
main/monit: upgrade to 5.25.2, security fixes
-rw-r--r--main/monit/APKBUILD16
-rw-r--r--main/monit/CVE-2019-11454.patch13
-rw-r--r--main/monit/CVE-2019-11455.patch64
3 files changed, 90 insertions, 3 deletions
diff --git a/main/monit/APKBUILD b/main/monit/APKBUILD
index 3875c42df8..0da005e3c5 100644
--- a/main/monit/APKBUILD
+++ b/main/monit/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=monit
pkgver=5.24.0
-pkgrel=1
+pkgrel=2
pkgdesc="Managing and monitoring on a UNIX system"
url="http://mmonit.com/monit/"
arch="all"
@@ -11,9 +11,17 @@ license="AGPL"
makedepends="libressl-dev zlib-dev"
subpackages="$pkgname-doc"
source="http://mmonit.com/monit/dist/monit-$pkgver.tar.gz
- $pkgname.initd"
+ $pkgname.initd
+ CVE-2019-11454.patch
+ CVE-2019-11455.patch
+ "
builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+# 5.24.0-r2:
+# - CVE-2019-11454
+# - CVE-2019-11455
+
check() {
cd "$builddir"
make check
@@ -49,4 +57,6 @@ package() {
}
sha512sums="5260a1b543495c650e2e91ad38129c65253ce6649150e0e51d11b2902723cb7dd8e1a874c473bec3ba5b51721f2b61fdec92cf445f11cc217c1a6fcc0fab1a1e monit-5.24.0.tar.gz
-94d67a995c6028d48cb729a60157ab42f2a3c15d59284f1de56c35b44bf83929ba9c42a5cbfe3bb4df0def70465cf3dff0ad6e532b6a02805840dc57785e1cc9 monit.initd"
+94d67a995c6028d48cb729a60157ab42f2a3c15d59284f1de56c35b44bf83929ba9c42a5cbfe3bb4df0def70465cf3dff0ad6e532b6a02805840dc57785e1cc9 monit.initd
+91c8a3371bb764ab866c7754ee315e8adf797810f6eaec2178713c1507a626bd123c69d233aae5afa548a5bda2ab7913b16533e4cf336ec77f52b15bc7599ecb CVE-2019-11454.patch
+86050e4ec84100e15220ef3b4b821f67109b8db3410dc695ce2d1977b9442d2d273e9c44093ba5426dc7465cfc39fc872edc3c2b33c70b82df0b926744056b2e CVE-2019-11455.patch"
diff --git a/main/monit/CVE-2019-11454.patch b/main/monit/CVE-2019-11454.patch
new file mode 100644
index 0000000000..51b24afb27
--- /dev/null
+++ b/main/monit/CVE-2019-11454.patch
@@ -0,0 +1,13 @@
+diff --git a/src/http/cervlet.c b/src/http/cervlet.c
+index dd822d8..b3ba3de 100644
+--- a/src/http/cervlet.c
++++ b/src/http/cervlet.c
+@@ -903,7 +903,7 @@ static void do_viewlog(HttpRequest req, HttpResponse res) {
+ StringBuffer_append(res->outputbuffer, "<br><p><form><textarea cols=120 rows=30 readonly>");
+ while ((n = fread(buf, sizeof(char), BUFSIZE, f)) > 0) {
+ buf[n] = 0;
+- StringBuffer_append(res->outputbuffer, "%s", buf);
++ escapeHTML(res->outputbuffer, buf);
+ }
+ fclose(f);
+ StringBuffer_append(res->outputbuffer, "</textarea></form>");
diff --git a/main/monit/CVE-2019-11455.patch b/main/monit/CVE-2019-11455.patch
new file mode 100644
index 0000000000..65d32b2a91
--- /dev/null
+++ b/main/monit/CVE-2019-11455.patch
@@ -0,0 +1,64 @@
+From f12d0cdb42d4e74dffe1525d4062c815c48ac57a Mon Sep 17 00:00:00 2001
+From: tildeslash <info@tildeslash.com>
+Date: Mon, 4 Mar 2019 15:49:08 +0100
+Subject: [PATCH] Fixed: Buffer overrun vulnerability in URL decoding. Thanks
+ to Zack Flack for report.
+
+---
+ src/util.c | 16 +++++++++-------
+ 2 files changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/src/util.c b/src/util.c
+index 401a9bc..ab1b48d 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -234,7 +234,7 @@ static char *is_str_defined(char *s) {
+ /**
+ * Convert a hex char to a char
+ */
+-static char x2c(char *hex) {
++static char _x2c(char *hex) {
+ register char digit;
+ digit = ((hex[0] >= 'A') ? ((hex[0] & 0xdf) - 'A')+10 : (hex[0] - '0'));
+ digit *= 16;
+@@ -525,7 +525,7 @@ void Util_handleEscapes(char *buf) {
+ */
+ *(buf + insertpos) = *(buf+editpos);
+ } else {
+- *(buf + insertpos) = x2c(&buf[editpos + 3]);
++ *(buf + insertpos) = _x2c(&buf[editpos + 3]);
+ editpos += 4;
+ }
+ }
+@@ -561,7 +561,7 @@ int Util_handle0Escapes(char *buf) {
+ switch (*(buf + editpos + 1)) {
+ case '0':
+ if (*(buf + editpos + 2) == 'x') {
+- *(buf + insertpos) = x2c(&buf[editpos+3]);
++ *(buf + insertpos) = _x2c(&buf[editpos+3]);
+ editpos += 4;
+ }
+ break;
+@@ -1551,13 +1551,15 @@ char *Util_urlDecode(char *url) {
+ if (url && *url) {
+ register int x, y;
+ for (x = 0, y = 0; url[y]; x++, y++) {
+- if ((url[x] = url[y]) == '+')
++ if (url[y] == '+') {
+ url[x] = ' ';
+- else if (url[x] == '%') {
+- if (! (url[x + 1] && url[x + 2]))
++ } else if (url[y] == '%') {
++ if (! url[y + 1] || ! url[y + 2])
+ break;
+- url[x] = x2c(url + y + 1);
++ url[x] = _x2c(url + y + 1);
+ y += 2;
++ } else {
++ url[x] = url[y];
+ }
+ }
+ url[x] = 0;
+--
+2.10.5
+