Commit b3c4cba8 authored by Leonardo Arena's avatar Leonardo Arena

main/monit: security fixes (CVE-2019-11454, CVE-2019-11455)

Fixes #10492
parent 587d0f68
......@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=monit
pkgver=5.25.2
pkgrel=0
pkgrel=1
pkgdesc="Managing and monitoring on a UNIX system"
url="http://mmonit.com/monit/"
arch="all"
......@@ -11,9 +11,17 @@ license="AGPL"
makedepends="openssl-dev zlib-dev"
subpackages="$pkgname-doc $pkgname-openrc"
source="http://mmonit.com/monit/dist/monit-$pkgver.tar.gz
$pkgname.initd"
$pkgname.initd
CVE-2019-11454.patch
CVE-2019-11455.patch
"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 5.25.2-r1:
# - CVE-2019-11454
# - CVE-2019-11455
check() {
cd "$builddir"
make check
......@@ -49,4 +57,6 @@ package() {
}
sha512sums="e9b6ce60bf82c2564a084fc42b65ef432ee35855cad038fe6ae209047abaa1c54cabb4cd75c8a85c1102844a1b90c3c5f8ddbbd56711665b9bea616bcc02ec86 monit-5.25.2.tar.gz
94d67a995c6028d48cb729a60157ab42f2a3c15d59284f1de56c35b44bf83929ba9c42a5cbfe3bb4df0def70465cf3dff0ad6e532b6a02805840dc57785e1cc9 monit.initd"
94d67a995c6028d48cb729a60157ab42f2a3c15d59284f1de56c35b44bf83929ba9c42a5cbfe3bb4df0def70465cf3dff0ad6e532b6a02805840dc57785e1cc9 monit.initd
8325384c70e47a7f1da75998c0f86f23578592d43469bdff7823e2be5eb8de75eb2b7234edd1bacbd0d28aa0fdb264aafbf437aceb0c8718d2dbac1c41892a7f CVE-2019-11454.patch
86050e4ec84100e15220ef3b4b821f67109b8db3410dc695ce2d1977b9442d2d273e9c44093ba5426dc7465cfc39fc872edc3c2b33c70b82df0b926744056b2e CVE-2019-11455.patch"
From 328f60773057641c4b2075fab9820145e95b728c Mon Sep 17 00:00:00 2001
From: tildeslash <info@tildeslash.com>
Date: Mon, 4 Mar 2019 14:13:42 +0100
Subject: [PATCH] Fixed: HTML escape the log file content when viewed via Monit
GUI.
---
src/http/cervlet.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/http/cervlet.c b/src/http/cervlet.c
index 9e3cd9c..afba84b 100644
--- a/src/http/cervlet.c
+++ b/src/http/cervlet.c
@@ -907,7 +907,7 @@ static void do_viewlog(HttpRequest req, HttpResponse res) {
StringBuffer_append(res->outputbuffer, "<br><p><form><textarea cols=120 rows=30 readonly>");
while ((n = fread(buf, sizeof(char), sizeof(buf) - 1, f)) > 0) {
buf[n] = 0;
- StringBuffer_append(res->outputbuffer, "%s", buf);
+ escapeHTML(res->outputbuffer, buf);
}
fclose(f);
StringBuffer_append(res->outputbuffer, "</textarea></form>");
--
2.10.5
From f12d0cdb42d4e74dffe1525d4062c815c48ac57a Mon Sep 17 00:00:00 2001
From: tildeslash <info@tildeslash.com>
Date: Mon, 4 Mar 2019 15:49:08 +0100
Subject: [PATCH] Fixed: Buffer overrun vulnerability in URL decoding. Thanks
to Zack Flack for report.
---
src/util.c | 16 +++++++++-------
2 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/src/util.c b/src/util.c
index 401a9bc..ab1b48d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -234,7 +234,7 @@ static char *is_str_defined(char *s) {
/**
* Convert a hex char to a char
*/
-static char x2c(char *hex) {
+static char _x2c(char *hex) {
register char digit;
digit = ((hex[0] >= 'A') ? ((hex[0] & 0xdf) - 'A')+10 : (hex[0] - '0'));
digit *= 16;
@@ -525,7 +525,7 @@ void Util_handleEscapes(char *buf) {
*/
*(buf + insertpos) = *(buf+editpos);
} else {
- *(buf + insertpos) = x2c(&buf[editpos + 3]);
+ *(buf + insertpos) = _x2c(&buf[editpos + 3]);
editpos += 4;
}
}
@@ -561,7 +561,7 @@ int Util_handle0Escapes(char *buf) {
switch (*(buf + editpos + 1)) {
case '0':
if (*(buf + editpos + 2) == 'x') {
- *(buf + insertpos) = x2c(&buf[editpos+3]);
+ *(buf + insertpos) = _x2c(&buf[editpos+3]);
editpos += 4;
}
break;
@@ -1551,13 +1551,15 @@ char *Util_urlDecode(char *url) {
if (url && *url) {
register int x, y;
for (x = 0, y = 0; url[y]; x++, y++) {
- if ((url[x] = url[y]) == '+')
+ if (url[y] == '+') {
url[x] = ' ';
- else if (url[x] == '%') {
- if (! (url[x + 1] && url[x + 2]))
+ } else if (url[y] == '%') {
+ if (! url[y + 1] || ! url[y + 2])
break;
- url[x] = x2c(url + y + 1);
+ url[x] = _x2c(url + y + 1);
y += 2;
+ } else {
+ url[x] = url[y];
}
}
url[x] = 0;
--
2.10.5
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment