merged (repeat comment about dunfell and uprevs in master).
Bruce In message: [meta-virtualization][PATCH] nagios-nrpe: Fix CVE-2020-6581 on 30/04/2020 [email protected] wrote: > Backport fix for CVE-2020-6581 > > Signed-off-by: Sakib Sajal <[email protected]> > --- > ...asty_metachars-was-not-being-returne.patch | 30 +++++++++++++++++++ > recipes-extended/nagios/nagios-nrpe_4.0.2.bb | 1 + > 2 files changed, 31 insertions(+) > create mode 100644 > recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch > > diff --git > a/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch > > b/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch > new file mode 100644 > index 0000000..7a12e73 > --- /dev/null > +++ > b/recipes-extended/nagios/nagios-nrpe/0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch > @@ -0,0 +1,30 @@ > +From 4f7dd1199f1f3f72f9197e8565da339a4a2490b7 Mon Sep 17 00:00:00 2001 > +From: madlohe <[email protected]> > +Date: Thu, 23 Apr 2020 15:33:18 -0500 > +Subject: [PATCH] Should fix #235 (nasty_metachars was not being returned when > + specified in cfg file > + > +CVE: CVE-2020-6581 > +Upstream Status: Backport [4f7dd1199f1f3f72f9197e8565da339a4a2490b7] > + > +Signed-off-by: Sakib Sajal <[email protected]> > +--- > + src/nrpe.c | 2 ++ > + 1 file changed, 2 insertions(+) > + > +diff --git a/src/nrpe.c b/src/nrpe.c > +index 01fbd1d..bf64963 100644 > +--- a/src/nrpe.c > ++++ b/src/nrpe.c > +@@ -823,6 +823,8 @@ char* process_metachars(const char* input) > + } > + } > + copy[j] = '\0'; > ++ > ++ return copy; > + } > + > + /* read in the configuration file */ > +-- > +2.20.1 > + > diff --git a/recipes-extended/nagios/nagios-nrpe_4.0.2.bb > b/recipes-extended/nagios/nagios-nrpe_4.0.2.bb > index c8875fc..d9c7b15 100644 > --- a/recipes-extended/nagios/nagios-nrpe_4.0.2.bb > +++ b/recipes-extended/nagios/nagios-nrpe_4.0.2.bb > @@ -13,6 +13,7 @@ SRCNAME = "nrpe" > SRC_URI = > "https://github.com/NagiosEnterprises/nrpe/releases/download/${SRCNAME}-${PV}/${SRCNAME}-${PV}.tar.gz > \ > file://check_nrpe.cfg \ > file://nagios-nrpe.service \ > + > file://0001-Should-fix-235-nasty_metachars-was-not-being-returne.patch \ > " > > SRC_URI[md5sum] = "37b9e23b3e8d75308f8b31f3b61ee8a4" > -- > 2.24.1 > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5302): https://lists.yoctoproject.org/g/meta-virtualization/message/5302 Mute This Topic: https://lists.yoctoproject.org/mt/73387878/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/1014668956/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
