diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-06-05 13:39:23 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-06-05 13:39:23 +0000 |
| commit | b3c4cba85e047ff7101bb58a0acf2a266f0d3f34 (patch) | |
| tree | 77a374e597864ca05955465ee2b979429b4b8b95 /main | |
| parent | 587d0f6837182b94b1c14fb78949b85ac188c60c (diff) | |
main/monit: security fixes (CVE-2019-11454, CVE-2019-11455)
Fixes #10492
Diffstat (limited to 'main')
| -rw-r--r-- | main/monit/APKBUILD | 16 | ||||
| -rw-r--r-- | main/monit/CVE-2019-11454.patch | 26 | ||||
| -rw-r--r-- | main/monit/CVE-2019-11455.patch | 64 |
3 files changed, 103 insertions, 3 deletions
diff --git a/main/monit/APKBUILD b/main/monit/APKBUILD index 46957fe31cc..346662de7d9 100644 --- a/main/monit/APKBUILD +++ b/main/monit/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=monit pkgver=5.25.2 -pkgrel=0 +pkgrel=1 pkgdesc="Managing and monitoring on a UNIX system" url="http://mmonit.com/monit/" arch="all" @@ -11,9 +11,17 @@ license="AGPL" makedepends="openssl-dev zlib-dev" subpackages="$pkgname-doc $pkgname-openrc" source="http://mmonit.com/monit/dist/monit-$pkgver.tar.gz - $pkgname.initd" + $pkgname.initd + CVE-2019-11454.patch + CVE-2019-11455.patch + " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 5.25.2-r1: +# - CVE-2019-11454 +# - CVE-2019-11455 + check() { cd "$builddir" make check @@ -49,4 +57,6 @@ package() { } sha512sums="e9b6ce60bf82c2564a084fc42b65ef432ee35855cad038fe6ae209047abaa1c54cabb4cd75c8a85c1102844a1b90c3c5f8ddbbd56711665b9bea616bcc02ec86 monit-5.25.2.tar.gz -94d67a995c6028d48cb729a60157ab42f2a3c15d59284f1de56c35b44bf83929ba9c42a5cbfe3bb4df0def70465cf3dff0ad6e532b6a02805840dc57785e1cc9 monit.initd" +94d67a995c6028d48cb729a60157ab42f2a3c15d59284f1de56c35b44bf83929ba9c42a5cbfe3bb4df0def70465cf3dff0ad6e532b6a02805840dc57785e1cc9 monit.initd +8325384c70e47a7f1da75998c0f86f23578592d43469bdff7823e2be5eb8de75eb2b7234edd1bacbd0d28aa0fdb264aafbf437aceb0c8718d2dbac1c41892a7f CVE-2019-11454.patch +86050e4ec84100e15220ef3b4b821f67109b8db3410dc695ce2d1977b9442d2d273e9c44093ba5426dc7465cfc39fc872edc3c2b33c70b82df0b926744056b2e CVE-2019-11455.patch" diff --git a/main/monit/CVE-2019-11454.patch b/main/monit/CVE-2019-11454.patch new file mode 100644 index 00000000000..bae12581a9f --- /dev/null +++ b/main/monit/CVE-2019-11454.patch @@ -0,0 +1,26 @@ +From 328f60773057641c4b2075fab9820145e95b728c Mon Sep 17 00:00:00 2001 +From: tildeslash <info@tildeslash.com> +Date: Mon, 4 Mar 2019 14:13:42 +0100 +Subject: [PATCH] Fixed: HTML escape the log file content when viewed via Monit + GUI. + +--- + src/http/cervlet.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/http/cervlet.c b/src/http/cervlet.c +index 9e3cd9c..afba84b 100644 +--- a/src/http/cervlet.c ++++ b/src/http/cervlet.c +@@ -907,7 +907,7 @@ static void do_viewlog(HttpRequest req, HttpResponse res) { + StringBuffer_append(res->outputbuffer, "<br><p><form><textarea cols=120 rows=30 readonly>"); + while ((n = fread(buf, sizeof(char), sizeof(buf) - 1, f)) > 0) { + buf[n] = 0; +- StringBuffer_append(res->outputbuffer, "%s", buf); ++ escapeHTML(res->outputbuffer, buf); + } + fclose(f); + StringBuffer_append(res->outputbuffer, "</textarea></form>"); +-- +2.10.5 + diff --git a/main/monit/CVE-2019-11455.patch b/main/monit/CVE-2019-11455.patch new file mode 100644 index 00000000000..65d32b2a917 --- /dev/null +++ b/main/monit/CVE-2019-11455.patch @@ -0,0 +1,64 @@ +From f12d0cdb42d4e74dffe1525d4062c815c48ac57a Mon Sep 17 00:00:00 2001 +From: tildeslash <info@tildeslash.com> +Date: Mon, 4 Mar 2019 15:49:08 +0100 +Subject: [PATCH] Fixed: Buffer overrun vulnerability in URL decoding. Thanks + to Zack Flack for report. + +--- + src/util.c | 16 +++++++++------- + 2 files changed, 11 insertions(+), 7 deletions(-) + +diff --git a/src/util.c b/src/util.c +index 401a9bc..ab1b48d 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -234,7 +234,7 @@ static char *is_str_defined(char *s) { + /** + * Convert a hex char to a char + */ +-static char x2c(char *hex) { ++static char _x2c(char *hex) { + register char digit; + digit = ((hex[0] >= 'A') ? ((hex[0] & 0xdf) - 'A')+10 : (hex[0] - '0')); + digit *= 16; +@@ -525,7 +525,7 @@ void Util_handleEscapes(char *buf) { + */ + *(buf + insertpos) = *(buf+editpos); + } else { +- *(buf + insertpos) = x2c(&buf[editpos + 3]); ++ *(buf + insertpos) = _x2c(&buf[editpos + 3]); + editpos += 4; + } + } +@@ -561,7 +561,7 @@ int Util_handle0Escapes(char *buf) { + switch (*(buf + editpos + 1)) { + case '0': + if (*(buf + editpos + 2) == 'x') { +- *(buf + insertpos) = x2c(&buf[editpos+3]); ++ *(buf + insertpos) = _x2c(&buf[editpos+3]); + editpos += 4; + } + break; +@@ -1551,13 +1551,15 @@ char *Util_urlDecode(char *url) { + if (url && *url) { + register int x, y; + for (x = 0, y = 0; url[y]; x++, y++) { +- if ((url[x] = url[y]) == '+') ++ if (url[y] == '+') { + url[x] = ' '; +- else if (url[x] == '%') { +- if (! (url[x + 1] && url[x + 2])) ++ } else if (url[y] == '%') { ++ if (! url[y + 1] || ! url[y + 2]) + break; +- url[x] = x2c(url + y + 1); ++ url[x] = _x2c(url + y + 1); + y += 2; ++ } else { ++ url[x] = url[y]; + } + } + url[x] = 0; +-- +2.10.5 + |