[meta-virtualization][PATCH] nagios-nrpe: Fix CVE-2020-6581

All of lore.kernel.org
 help / color / mirror / Atom feed

* [meta-virtualization][PATCH] nagios-nrpe: Fix CVE-2020-6581
@ 2020-04-30 23:48 sakib.sajal
  2020-05-02 15:08 ` Bruce Ashfield
  0 siblings, 1 reply; 2+ messages in thread
From: sakib.sajal @ 2020-04-30 23:48 UTC (permalink / raw)
  To: meta-virtualization

Backport fix for CVE-2020-6581

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
 ...asty_metachars-was-not-being-returne.patch | 30 +++++++++++++++++++
 recipes-extended/nagios/nagios-nrpe_4.0.2.bb  |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch

diff --git a/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch b/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch
new file mode 100644
index 0000000..7a12e73
--- /dev/null
+++ b/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch
@@ -0,0 +1,30 @@
+From 4f7dd1199f1f3f72f9197e8565da339a4a2490b7 Mon Sep 17 00:00:00 2001
+From: madlohe <swolf@nagios.com>
+Date: Thu, 23 Apr 2020 15:33:18 -0500
+Subject: [PATCH] Should fix #235 (nasty_metachars was not being returned when
+ specified in cfg file
+
+CVE: CVE-2020-6581
+Upstream Status: Backport [4f7dd1199f1f3f72f9197e8565da339a4a2490b7]
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ src/nrpe.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/nrpe.c b/src/nrpe.c
+index 01fbd1d..bf64963 100644
+--- a/src/nrpe.c
++++ b/src/nrpe.c
+@@ -823,6 +823,8 @@ char* process_metachars(const char* input)
+ 		}
+ 	}
+ 	copy[j] = '\0';
++
++	return copy;
+ }
+ 
+ /* read in the configuration file */
+-- 
+2.20.1
+
diff --git a/recipes-extended/nagios/nagios-nrpe_4.0.2.bb b/recipes-extended/nagios/nagios-nrpe_4.0.2.bb
index c8875fc..d9c7b15 100644
--- a/recipes-extended/nagios/nagios-nrpe_4.0.2.bb
+++ b/recipes-extended/nagios/nagios-nrpe_4.0.2.bb
@@ -13,6 +13,7 @@ SRCNAME = "nrpe"
 SRC_URI = "https://github.com/NagiosEnterprises/nrpe/releases/download/${SRCNAME}-${PV}/${SRCNAME}-${PV}.tar.gz \
            file://check_nrpe.cfg \
            file://nagios-nrpe.service \
+           file://0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch \
 "
 
 SRC_URI[md5sum] = "37b9e23b3e8d75308f8b31f3b61ee8a4"
-- 
2.24.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [meta-virtualization][PATCH] nagios-nrpe: Fix CVE-2020-6581
  2020-04-30 23:48 [meta-virtualization][PATCH] nagios-nrpe: Fix CVE-2020-6581 sakib.sajal
@ 2020-05-02 15:08 ` Bruce Ashfield
  0 siblings, 0 replies; 2+ messages in thread
From: Bruce Ashfield @ 2020-05-02 15:08 UTC (permalink / raw)
  To: meta-virtualization

merged

(repeat comment about dunfell and uprevs in master).

Bruce

In message: [meta-virtualization][PATCH] nagios-nrpe: Fix CVE-2020-6581
on 30/04/2020 sakib.sajal@windriver.com wrote:

> Backport fix for CVE-2020-6581
> 
> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> ---
>  ...asty_metachars-was-not-being-returne.patch | 30 +++++++++++++++++++
>  recipes-extended/nagios/nagios-nrpe_4.0.2.bb  |  1 +
>  2 files changed, 31 insertions(+)
>  create mode 100644 recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch
> 
> diff --git a/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch b/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch
> new file mode 100644
> index 0000000..7a12e73
> --- /dev/null
> +++ b/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch
> @@ -0,0 +1,30 @@
> +From 4f7dd1199f1f3f72f9197e8565da339a4a2490b7 Mon Sep 17 00:00:00 2001
> +From: madlohe <swolf@nagios.com>
> +Date: Thu, 23 Apr 2020 15:33:18 -0500
> +Subject: [PATCH] Should fix #235 (nasty_metachars was not being returned when
> + specified in cfg file
> +
> +CVE: CVE-2020-6581
> +Upstream Status: Backport [4f7dd1199f1f3f72f9197e8565da339a4a2490b7]
> +
> +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> +---
> + src/nrpe.c | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/src/nrpe.c b/src/nrpe.c
> +index 01fbd1d..bf64963 100644
> +--- a/src/nrpe.c
> ++++ b/src/nrpe.c
> +@@ -823,6 +823,8 @@ char* process_metachars(const char* input)
> + 		}
> + 	}
> + 	copy[j] = '\0';
> ++
> ++	return copy;
> + }
> + 
> + /* read in the configuration file */
> +-- 
> +2.20.1
> +
> diff --git a/recipes-extended/nagios/nagios-nrpe_4.0.2.bb b/recipes-extended/nagios/nagios-nrpe_4.0.2.bb
> index c8875fc..d9c7b15 100644
> --- a/recipes-extended/nagios/nagios-nrpe_4.0.2.bb
> +++ b/recipes-extended/nagios/nagios-nrpe_4.0.2.bb
> @@ -13,6 +13,7 @@ SRCNAME = "nrpe"
>  SRC_URI = "https://github.com/NagiosEnterprises/nrpe/releases/download/${SRCNAME}-${PV}/${SRCNAME}-${PV}.tar.gz \
>             file://check_nrpe.cfg \
>             file://nagios-nrpe.service \
> +           file://0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch \
>  "
>  
>  SRC_URI[md5sum] = "37b9e23b3e8d75308f8b31f3b61ee8a4"
> -- 
> 2.24.1
> 

> 


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-05-02 15:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-30 23:48 [meta-virtualization][PATCH] nagios-nrpe: Fix CVE-2020-6581 sakib.sajal
2020-05-02 15:08 ` Bruce Ashfield

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.