diff options
author | spz <spz> | 2016-02-16 05:58:56 +0000 |
---|---|---|
committer | spz <spz> | 2016-02-16 05:58:56 +0000 |
commit | 571f4ac87af82305ebfc8b1aeea1eae78b7fd403 (patch) | |
tree | b378828845cc93af15405cbaa3b6041fc9322c08 /net/xymonclient | |
parent | 22d269ed861fb8d95886d2fbd7adb1c387fc2133 (diff) | |
download | pkgsrc-571f4ac87af82305ebfc8b1aeea1eae78b7fd403.tar.gz |
update of xymon and xymonclient from 4.3.17 to 4.3.25
The following security issues are fixed with this update:
* Resolve buffer overflow when handling "config" file requests (CVE-2016-2054)
* Restrict "config" files to regular files inside the $XYMONHOME/etc/ directory
(symlinks disallowed) (CVE-2016-2055). Also, require that the initial filename
end in '.cfg' by default
* Resolve shell command injection vulnerability in useradm and chpasswd CGIs
(CVE-2016-2056)
* Tighten permissions on the xymond BFQ used for message submission to restrict
access to the xymon user and group. It is now 0620. (CVE-2016-2057)
* Restrict javascript execution in current and historical status messages by
the addition of appropriate Content-Security-Policy headers to prevent XSS
attacks. (CVE-2016-2058)
* Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
Thank you to Mark Felder for noting the impact and Martin Lenko
for the original patch.
* Mitigate CVE-2014-6271 (bash 'Shell shock' vulnerability) by
eliminating the shell script CGI wrappers
Please refer to
https://sourceforge.net/projects/xymon/files/Xymon/4.3.25/Changes/download
for further information on fixes and new features.
Diffstat (limited to 'net/xymonclient')
-rw-r--r-- | net/xymonclient/Makefile | 6 | ||||
-rw-r--r-- | net/xymonclient/distinfo | 12 | ||||
-rw-r--r-- | net/xymonclient/patches/patch-configure | 10 |
3 files changed, 14 insertions, 14 deletions
diff --git a/net/xymonclient/Makefile b/net/xymonclient/Makefile index 23bc8280384..51acc8e1f7e 100644 --- a/net/xymonclient/Makefile +++ b/net/xymonclient/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.18 2014/02/27 20:22:41 spz Exp $ +# $NetBSD: Makefile,v 1.19 2016/02/16 05:58:57 spz Exp $ # -DISTNAME= xymon-4.3.17 -PKGNAME= xymonclient-4.3.17 +DISTNAME= xymon-4.3.25 +PKGNAME= xymonclient-4.3.25 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=xymon/} diff --git a/net/xymonclient/distinfo b/net/xymonclient/distinfo index 4e9dd1b5f66..0a85e524388 100644 --- a/net/xymonclient/distinfo +++ b/net/xymonclient/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.13 2015/11/04 00:35:46 agc Exp $ +$NetBSD: distinfo,v 1.14 2016/02/16 05:58:57 spz Exp $ -SHA1 (xymon-4.3.17.tar.gz) = 1a8ba9e42f27fe3ce4625be745a41bd16ed2d1f9 -RMD160 (xymon-4.3.17.tar.gz) = 09b88d228633daa0f904567102a4c697b5651b73 -SHA512 (xymon-4.3.17.tar.gz) = 4fcea3763c310f6b201fe02a54adcc2dd2537798e80dbea2a15ae6da57c864ae1c6dd955b934fd38ab3eabe93f04c09975910ecc01dc6fbb5cd0d970830e4737 -Size (xymon-4.3.17.tar.gz) = 2772765 bytes +SHA1 (xymon-4.3.25.tar.gz) = 049bf7e908032e9780e3c67fd5e10dd399c811f3 +RMD160 (xymon-4.3.25.tar.gz) = 1c8315e88a5b418d77e7c6e1c4f5f2e034f049e3 +SHA512 (xymon-4.3.25.tar.gz) = c438ecaac18ca64222643fa361254e7c7a27c60ca3bb27fc092da8182e7c1c7862677b544e4d634ae73bbaa7954a3bb0920ce570d99e8ffd899419119075a940 +Size (xymon-4.3.25.tar.gz) = 2996840 bytes SHA1 (patch-aa) = c44f791ef6005c809127175cb563bd8f0ac74642 SHA1 (patch-ab) = db0c5808cfad75aaf37217509399597191236180 SHA1 (patch-ac) = e36db5081c7461eeec32a9be6e480c8d9643ea41 @@ -12,4 +12,4 @@ SHA1 (patch-ae) = 218ef05eb3d51d779230c357d731b2f904d4559f SHA1 (patch-af) = 5e71a56cf827f9b30147dd577c295f10c150cd27 SHA1 (patch-build_Makefile.FreeBSD) = e58b50f35068cba6fed89cc21bcc4eb7d30efd23 SHA1 (patch-client_xymonclient-netbsd.sh) = 739a201806144ef0e34c1f668ad3a4d9e2b9f9fb -SHA1 (patch-configure) = 7b71ed7a567124a2aa36d9bf9188209649e88a4d +SHA1 (patch-configure) = 305a74a2383dcd37ea93456272d4254483023aa5 diff --git a/net/xymonclient/patches/patch-configure b/net/xymonclient/patches/patch-configure index 193110b3a49..4e9f8eda1ae 100644 --- a/net/xymonclient/patches/patch-configure +++ b/net/xymonclient/patches/patch-configure @@ -1,4 +1,4 @@ -$NetBSD: patch-configure,v 1.1 2011/10/15 23:04:51 spz Exp $ +$NetBSD: patch-configure,v 1.2 2016/02/16 05:58:57 spz Exp $ Make sure the toplevel configure script exits on failure. @@ -8,13 +8,13 @@ Make sure the toplevel configure script exits on failure. case "$TARGET" in "--client") -- $BASEDIR/configure.client $* -+ $BASEDIR/configure.client "$@" || exit 1 +- exec $BASEDIR/configure.client $* ++ exec $BASEDIR/configure.client "$@" || exit 1 ;; "--server"|"") -- $BASEDIR/configure.server $* -+ $BASEDIR/configure.server "$@" || exit 1 +- exec $BASEDIR/configure.server $* ++ exec $BASEDIR/configure.server "$@" || exit 1 ;; "--help") |