[nagios/el5/master] Fixed segfault in status.cgi (see rhbz #512130)
Peter Lemenkov
peter at fedoraproject.org
Sat Sep 11 18:03:17 UTC 2010
commit d5b78f3b7b1da4cadd512d3b12acecbabaeb59d1
Author: Peter Lemenkov <lemenkov at gmail.com>
Date: Sat Sep 11 22:03:04 2010 +0400
Fixed segfault in status.cgi (see rhbz #512130)
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
.gitignore | 1 +
nagios-0001-Fix-init-script.patch | 6 +-
nagios-0002-Increased-plugin-output-buffer.patch | 6 +-
nagios-0003-Fix-for-CVE-2009-2288.patch | 6 +-
...Backported-fix-for-segfault-in-status.cgi.patch | 26 +++++++++++
nagios.spec | 48 +++++++++++---------
6 files changed, 63 insertions(+), 30 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index bfbdcdd..4ed439a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
nagios-2.12.tar.gz
+/nagios-2.12.tar.gz
diff --git a/nagios-0001-Fix-init-script.patch b/nagios-0001-Fix-init-script.patch
index 5213b95..7d2d599 100644
--- a/nagios-0001-Fix-init-script.patch
+++ b/nagios-0001-Fix-init-script.patch
@@ -1,7 +1,7 @@
-From 1e0fd9da39f538f0e1ea16ea374e9043667f8dbc Mon Sep 17 00:00:00 2001
+From 378fbc68edaf6f1a4612c76b5882a58c0db3c4a6 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Mon, 26 Apr 2010 14:35:44 +0400
-Subject: [PATCH 1/3] Fix init-script
+Subject: [PATCH 1/4] Fix init-script
---
daemon-init.in | 4 +++-
@@ -27,5 +27,5 @@ index cba88cf..a8c5532 100644
echo " done."
exit 0
--
-1.6.6.1
+1.7.2.2
diff --git a/nagios-0002-Increased-plugin-output-buffer.patch b/nagios-0002-Increased-plugin-output-buffer.patch
index 8ff65a3..01cdc82 100644
--- a/nagios-0002-Increased-plugin-output-buffer.patch
+++ b/nagios-0002-Increased-plugin-output-buffer.patch
@@ -1,7 +1,7 @@
-From d0fcb1040a6776b393539d37c05da8a73ddbecde Mon Sep 17 00:00:00 2001
+From cfa618c3f66de65cec725dca0ef4a697b909b669 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Mon, 26 Apr 2010 14:36:57 +0400
-Subject: [PATCH 2/3] Increased plugin output buffer
+Subject: [PATCH 2/4] Increased plugin output buffer
---
include/common.h | 2 +-
@@ -35,5 +35,5 @@ index c6d4b4f..f3b3e3d 100644
#define MAX_STATE_HISTORY_ENTRIES 21 /* max number of old states to keep track of for flap detection */
--
-1.6.6.1
+1.7.2.2
diff --git a/nagios-0003-Fix-for-CVE-2009-2288.patch b/nagios-0003-Fix-for-CVE-2009-2288.patch
index 08018da..1111cdd 100644
--- a/nagios-0003-Fix-for-CVE-2009-2288.patch
+++ b/nagios-0003-Fix-for-CVE-2009-2288.patch
@@ -1,7 +1,7 @@
-From 02c7fa8d8e1999eabe84534439923189d8285e0a Mon Sep 17 00:00:00 2001
+From 2092ca282c27c5f1917520eae4c2c2a7a9319307 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Mon, 26 Apr 2010 14:40:56 +0400
-Subject: [PATCH 3/3] Fix for CVE-2009-2288
+Subject: [PATCH 3/4] Fix for CVE-2009-2288
A remote shell code injection flaw was found in statuswml.cgi script in nagios.
A remote attacker able to access nagios web pages (usually protected by HTTP
@@ -87,5 +87,5 @@ index 0bebc68..40644cf 100644
/* main intro screen */
void display_index(void){
--
-1.6.6.1
+1.7.2.2
diff --git a/nagios-0004-Backported-fix-for-segfault-in-status.cgi.patch b/nagios-0004-Backported-fix-for-segfault-in-status.cgi.patch
new file mode 100644
index 0000000..5d1c704
--- /dev/null
+++ b/nagios-0004-Backported-fix-for-segfault-in-status.cgi.patch
@@ -0,0 +1,26 @@
+From 49c8272ac4482264f9aae32b1b886bd586bcff9a Mon Sep 17 00:00:00 2001
+From: Peter Lemenkov <lemenkov at gmail.com>
+Date: Sat, 11 Sep 2010 21:50:10 +0400
+Subject: [PATCH 4/4] Backported fix for segfault in status.cgi
+
+---
+ cgi/cgiutils.c | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/cgi/cgiutils.c b/cgi/cgiutils.c
+index c5e86b6..6ff6707 100644
+--- a/cgi/cgiutils.c
++++ b/cgi/cgiutils.c
+@@ -1300,6 +1300,9 @@ char * url_encode(char *input){
+ static int i = 0;
+ char* str = encoded_url_string[i];
+
++ if(input==NULL)
++ return '\x0';
++
+ len=(int)strlen(input);
+ output_len=(int)sizeof(encoded_url_string[0]);
+
+--
+1.7.2.2
+
diff --git a/nagios.spec b/nagios.spec
index 2a78528..5c09835 100644
--- a/nagios.spec
+++ b/nagios.spec
@@ -2,7 +2,7 @@
Name: nagios
Version: 2.12
-Release: 9%{?dist}
+Release: 10%{?dist}
Summary: Host/service/network monitoring program
Group: Applications/System
@@ -14,6 +14,7 @@ Source2: nagios.htaccess
Patch1: nagios-0001-Fix-init-script.patch
Patch2: nagios-0002-Increased-plugin-output-buffer.patch
Patch3: nagios-0003-Fix-for-CVE-2009-2288.patch
+Patch4: nagios-0004-Backported-fix-for-segfault-in-status.cgi.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gd-devel > 1.8, mailx, libjpeg-devel, libpng-devel
@@ -82,6 +83,7 @@ may compile against.
%patch1 -p1 -b .fix_init
%patch2 -p1 -b .increase_output_buffer
%patch3 -p1 -b .CVE-2009-2288
+%patch4 -p1 -b .segfault
%build
./configure \
@@ -105,34 +107,34 @@ may compile against.
--with-template-extinfo
make %{?_smp_mflags} all
-%{__sed} -e "s| package Embed::Persistent;|#\!%{_bindir}/perl\npackage Embed::Persistent;|" < p1.pl > p1.pl.fedora
-%{__sed} -e "s/# chkconfig: 345/# chkconfig: - /" \
+sed -e "s| package Embed::Persistent;|#\!%{_bindir}/perl\npackage Embed::Persistent;|" < p1.pl > p1.pl.fedora
+sed -e "s/# chkconfig: 345/# chkconfig: - /" \
-e "s|NagiosCmd=/var/log/nagios/rw/nagios.cmd|NagiosCmd=%{_localstatedir}/spool/%{name}/cmd/nagios.cmd|" < daemon-init > daemon-init.fedora
-%{__sed} -e "s|resource.cfg|private/resource.cfg|" \
+sed -e "s|resource.cfg|private/resource.cfg|" \
-e "s|command_file=/var/log/nagios/rw/nagios.cmd|command_file=%{_localstatedir}/spool/%{name}/cmd/nagios.cmd|" < sample-config/nagios.cfg > sample-config/nagios.cfg.fedora
-%{__sed} -e "s|/usr/lib/|%{_libdir}/|" %{SOURCE2} > %{name}.htaccess
+sed -e "s|/usr/lib/|%{_libdir}/|" %{SOURCE2} > %{name}.htaccess
%{__mv} -f sample-config/nagios.cfg.fedora sample-config/nagios.cfg
echo >> html/stylesheets/common.css
%install
rm -rf %{buildroot}
make DESTDIR=%{buildroot} INSTALL_OPTS="" COMMAND_OPTS="" install-config
-%{__install} -d -m 0775 %{buildroot}/%{_localstatedir}/spool/%{name}/cmd
-%{__install} -d -m 0755 %{buildroot}/%{_prefix}/include/%{name}
-%{__install} -d -m 0755 %{buildroot}/%{_sysconfdir}/%{name}
-%{__install} -d -m 0755 %{buildroot}/%{_sysconfdir}/%{name}/private
-%{__install} -D -m 0755 base/nagios %{buildroot}/%{_sbindir}/nagios
-%{__install} -D -m 0755 base/nagiostats %{buildroot}/%{_bindir}/nagiostats
-%{__install} -d -m 0755 cgi/ %{buildroot}/%{_libdir}/%{name}/cgi-bin/
-%{__install} -D -m 0755 cgi/*cgi %{buildroot}/%{_libdir}/%{name}/cgi-bin/
-%{__install} -D -m 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
-%{__install} -d -m 0755 %{buildroot}/%{_libdir}/%{name}/plugins/eventhandlers
-%{__install} -D -m 0644 include/locations.h %{buildroot}/%{_includedir}/%{name}/locations.h
-%{__install} -D -m 0644 %{name}.htaccess %{buildroot}/%{_sysconfdir}/httpd/conf.d/%{name}.conf
-%{__install} -D -m 0755 daemon-init.fedora %{buildroot}/%{_initrddir}/%{name}
-%{__install} -d -m 0755 html/ %{buildroot}/%{_datadir}/%{name}/html
-%{__install} -d -m 0755 %{buildroot}/%{_localstatedir}/log/%{name}/archives
-%{__install} -D -m 0755 p1.pl.fedora %{buildroot}/%{_sbindir}/p1.pl
+install -d -m 0775 %{buildroot}/%{_localstatedir}/spool/%{name}/cmd
+install -d -m 0755 %{buildroot}/%{_prefix}/include/%{name}
+install -d -m 0755 %{buildroot}/%{_sysconfdir}/%{name}
+install -d -m 0755 %{buildroot}/%{_sysconfdir}/%{name}/private
+install -D -m 0755 base/nagios %{buildroot}/%{_sbindir}/nagios
+install -D -m 0755 base/nagiostats %{buildroot}/%{_bindir}/nagiostats
+install -d -m 0755 cgi/ %{buildroot}/%{_libdir}/%{name}/cgi-bin/
+install -D -m 0755 cgi/*cgi %{buildroot}/%{_libdir}/%{name}/cgi-bin/
+install -D -m 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
+install -d -m 0755 %{buildroot}/%{_libdir}/%{name}/plugins/eventhandlers
+install -D -m 0644 include/locations.h %{buildroot}/%{_includedir}/%{name}/locations.h
+install -D -m 0644 %{name}.htaccess %{buildroot}/%{_sysconfdir}/httpd/conf.d/%{name}.conf
+install -D -m 0755 daemon-init.fedora %{buildroot}/%{_initrddir}/%{name}
+install -d -m 0755 html/ %{buildroot}/%{_datadir}/%{name}/html
+install -d -m 0755 %{buildroot}/%{_localstatedir}/log/%{name}/archives
+install -D -m 0755 p1.pl.fedora %{buildroot}/%{_sbindir}/p1.pl
%{__mkdir} -p %{buildroot}/%{_initrddir}
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/
%{__cp} -a html/* %{buildroot}/%{_datadir}/%{name}/html/
@@ -198,6 +200,10 @@ fi
%{_includedir}/%{name}
%changelog
+* Sat Sep 11 2010 Peter Lemenkov <lemenkov at gmail.com> - 2.12-10
+- Fixed segfault in status.cgi (see rhbz #512130).
+- Cleaned up spec-file.
+
* Wed Jun 9 2010 Peter Lemenkov <lemenkov at gmail.com> - 2.12-9
- Removed obsoletes: nagios < 2.12-7
More information about the scm-commits
mailing list