LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25836 Commits
1 Branch
46 MiB
Tree: 545629e386
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '545629e386'
${ noResults }
openwrt-packages-dist/net/fail2ban/patches/CVE-2021-32749.patch

143 lines
6.2 KiB
Raw Normal View History

fail2ban: patch CVE-2021-32749 * switch to AUTORELEASE Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
3 years ago
 
  1. From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
  2. From: sebres <serg.brester@sebres.de>
  3. Date: Mon, 21 Jun 2021 17:12:53 +0200
  4. Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
  5.  (default tilde) stops consider "~" char after new-line as composing escape
  6.  sequence
  7. 

  8. ---

  9.  config/action.d/complain.conf         | 2 +-
  10.  config/action.d/dshield.conf          | 2 +-
  11.  config/action.d/mail-buffered.conf    | 8 ++++----
  12.  config/action.d/mail-whois-lines.conf | 2 +-
  13.  config/action.d/mail-whois.conf       | 6 +++---
  14.  config/action.d/mail.conf             | 6 +++---
  15.  6 files changed, 13 insertions(+), 13 deletions(-)
  16. 

  17. --- a/config/action.d/complain.conf

  18. +++ b/config/action.d/complain.conf

  19. @@ -102,7 +102,7 @@ logpath = /dev/null

  20.  # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
  21.  # Values:  CMD
  22.  #
  23. -mailcmd = mail -s

  24. +mailcmd = mail -E 'set escape' -s

  25.  
  26.  # Option:  mailargs
  27.  # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
  28. --- a/config/action.d/dshield.conf

  29. +++ b/config/action.d/dshield.conf

  30. @@ -179,7 +179,7 @@ tcpflags =

  31.  # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
  32.  # Values:  CMD
  33.  #
  34. -mailcmd = mail -s

  35. +mailcmd = mail -E 'set escape' -s

  36.  
  37.  # Option:  mailargs
  38.  # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
  39. --- a/config/action.d/mail-buffered.conf

  40. +++ b/config/action.d/mail-buffered.conf

  41. @@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n

  42.                The jail <name> has been started successfully.\n
  43.                Output will be buffered until <lines> lines are available.\n
  44.                Regards,\n
  45. -              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>

  46. +              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>

  47.  
  48.  # Option:  actionstop
  49.  # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
  50. @@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then

  51.                   These hosts have been banned by Fail2Ban.\n
  52.                   `cat <tmpfile>`
  53.                   Regards,\n
  54. -                 Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>

  55. +                 Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>

  56.                   rm <tmpfile>
  57.               fi
  58.               printf %%b "Hi,\n
  59.               The jail <name> has been stopped.\n
  60.               Regards,\n
  61. -             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>

  62. +             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>

  63.  
  64.  # Option:  actioncheck
  65.  # Notes.:  command executed once before each actionban command
  66. @@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<f

  67.                  These hosts have been banned by Fail2Ban.\n
  68.                  `cat <tmpfile>`
  69.                  \nRegards,\n
  70. -                Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>

  71. +                Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>

  72.                  rm <tmpfile>
  73.              fi
  74.  
  75. --- a/config/action.d/mail-whois-lines.conf

  76. +++ b/config/action.d/mail-whois-lines.conf

  77. @@ -72,7 +72,7 @@ actionunban =

  78.  # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
  79.  # Values:  CMD
  80.  #
  81. -mailcmd = mail -s

  82. +mailcmd = mail -E 'set escape' -s

  83.  
  84.  # Default name of the chain
  85.  #
  86. --- a/config/action.d/mail-whois.conf

  87. +++ b/config/action.d/mail-whois.conf

  88. @@ -20,7 +20,7 @@ norestored = 1

  89.  actionstart = printf %%b "Hi,\n
  90.                The jail <name> has been started successfully.\n
  91.                Regards,\n
  92. -              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>

  93. +              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>

  94.  
  95.  # Option:  actionstop
  96.  # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
  97. @@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n

  98.  actionstop = printf %%b "Hi,\n
  99.               The jail <name> has been stopped.\n
  100.               Regards,\n
  101. -             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>

  102. +             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>

  103.  
  104.  # Option:  actioncheck
  105.  # Notes.:  command executed once before each actionban command
  106. @@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n

  107.              Here is more information about <ip> :\n
  108.              `%(_whois_command)s`\n
  109.              Regards,\n
  110. -            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>

  111. +            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>

  112.  
  113.  # Option:  actionunban
  114.  # Notes.:  command executed when unbanning an IP. Take care that the
  115. --- a/config/action.d/mail.conf

  116. +++ b/config/action.d/mail.conf

  117. @@ -16,7 +16,7 @@ norestored = 1

  118.  actionstart = printf %%b "Hi,\n
  119.                The jail <name> has been started successfully.\n
  120.                Regards,\n
  121. -              Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>

  122. +              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>

  123.  
  124.  # Option:  actionstop
  125.  # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
  126. @@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n

  127.  actionstop = printf %%b "Hi,\n
  128.               The jail <name> has been stopped.\n
  129.               Regards,\n
  130. -             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>

  131. +             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>

  132.  
  133.  # Option:  actioncheck
  134.  # Notes.:  command executed once before each actionban command
  135. @@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n

  136.              The IP <ip> has just been banned by Fail2Ban after
  137.              <failures> attempts against <name>.\n
  138.              Regards,\n
  139. -            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>

  140. +            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>

  141.  
  142.  # Option:  actionunban
  143.  # Notes.:  command executed when unbanning an IP. Take care that the