* [Buildroot] [PATCHv2] rsyslog: security bump to version 7.6.6
@ 2014-10-01 13:23 Gustavo Zacarias
2014-10-01 13:42 ` Vicente Olivert Riera
2014-10-01 13:57 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Gustavo Zacarias @ 2014-10-01 13:23 UTC (permalink / raw)
To: buildroot
Fixes CVE-2014-3634 - potential abort when a message with PRI > 191 was
processed if the "pri-text" property was used in active templates, this
could be abused to a remote denial of service from permitted senders.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/rsyslog/rsyslog-0001-revert-strdup.patch | 27 ++++++++++++++++++++++++
package/rsyslog/rsyslog.hash | 4 ++--
package/rsyslog/rsyslog.mk | 5 +++--
3 files changed, 32 insertions(+), 4 deletions(-)
create mode 100644 package/rsyslog/rsyslog-0001-revert-strdup.patch
diff --git a/package/rsyslog/rsyslog-0001-revert-strdup.patch b/package/rsyslog/rsyslog-0001-revert-strdup.patch
new file mode 100644
index 0000000..5e82018
--- /dev/null
+++ b/package/rsyslog/rsyslog-0001-revert-strdup.patch
@@ -0,0 +1,27 @@
+Revert upstream 0403361ac57082dc47840d1f31832f1a0e319078
+It breaks the build when it's defined.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nura rsyslog-7.6.6.orig/grammar/lexer.c rsyslog-7.6.6/grammar/lexer.c
+--- rsyslog-7.6.6.orig/grammar/lexer.c 2014-10-01 10:12:34.960082719 -0300
++++ rsyslog-7.6.6/grammar/lexer.c 2014-10-01 10:13:24.512769964 -0300
+@@ -1459,7 +1459,6 @@
+ #line 32 "lexer.l"
+ #include "config.h"
+ #include "parserif.h"
+-extern char *strdup(char*); /* somehow we do not get this from string.h... */
+ /*%option noyywrap nodefault case-insensitive */
+ /* avoid compiler warning: `yyunput' defined but not used */
+ #define YY_NO_INPUT 1
+diff -Nura rsyslog-7.6.6.orig/grammar/lexer.l rsyslog-7.6.6/grammar/lexer.l
+--- rsyslog-7.6.6.orig/grammar/lexer.l 2014-10-01 10:12:34.960082719 -0300
++++ rsyslog-7.6.6/grammar/lexer.l 2014-10-01 10:13:41.935363172 -0300
+@@ -31,7 +31,6 @@
+ %{
+ #include "config.h"
+ #include "parserif.h"
+-extern char *strdup(char*); /* somehow we do not get this from string.h... */
+ %}
+
+ %option noyywrap nodefault case-insensitive yylineno
diff --git a/package/rsyslog/rsyslog.hash b/package/rsyslog/rsyslog.hash
index b47932a..afc75cc 100644
--- a/package/rsyslog/rsyslog.hash
+++ b/package/rsyslog/rsyslog.hash
@@ -1,2 +1,2 @@
-# From http://www.rsyslog.com/downloads/download-other/
-sha256 45bca1c1ffca6b8260363617897c09baeaf350e8b92c51361d2770375cdf4b34 rsyslog-7.6.5.tar.gz
+# From http://www.rsyslog.com/downloads/download-v7-stable/
+sha256 c77ae0db6204c5bd670fa96c354ee5fe1c62c876bd84ec06ed429138c78885bb rsyslog-7.6.6.tar.gz
diff --git a/package/rsyslog/rsyslog.mk b/package/rsyslog/rsyslog.mk
index 2ba4a9a..17fd13b 100644
--- a/package/rsyslog/rsyslog.mk
+++ b/package/rsyslog/rsyslog.mk
@@ -4,14 +4,15 @@
#
################################################################################
-RSYSLOG_VERSION = 7.6.5
+RSYSLOG_VERSION = 7.6.6
RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog
RSYSLOG_LICENSE = GPLv3 LGPLv3 Apache-2.0
RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20
RSYSLOG_DEPENDENCIES = zlib libestr liblogging json-c host-pkgconf
RSYSLOG_CONF_OPT = --disable-testbench \
- --enable-cached-man-pages
+ --enable-cached-man-pages \
+ --disable-generate-man-pages
# Build after BusyBox
ifeq ($(BR2_PACKAGE_BUSYBOX),y)
--
2.0.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCHv2] rsyslog: security bump to version 7.6.6
2014-10-01 13:23 [Buildroot] [PATCHv2] rsyslog: security bump to version 7.6.6 Gustavo Zacarias
@ 2014-10-01 13:42 ` Vicente Olivert Riera
2014-10-01 13:57 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Vicente Olivert Riera @ 2014-10-01 13:42 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On 10/01/2014 02:23 PM, Gustavo Zacarias wrote:
> Fixes CVE-2014-3634 - potential abort when a message with PRI > 191 was
> processed if the "pri-text" property was used in active templates, this
> could be abused to a remote denial of service from permitted senders.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/rsyslog/rsyslog-0001-revert-strdup.patch | 27 ++++++++++++++++++++++++
> package/rsyslog/rsyslog.hash | 4 ++--
> package/rsyslog/rsyslog.mk | 5 +++--
> 3 files changed, 32 insertions(+), 4 deletions(-)
> create mode 100644 package/rsyslog/rsyslog-0001-revert-strdup.patch
>
> diff --git a/package/rsyslog/rsyslog-0001-revert-strdup.patch b/package/rsyslog/rsyslog-0001-revert-strdup.patch
> new file mode 100644
> index 0000000..5e82018
> --- /dev/null
> +++ b/package/rsyslog/rsyslog-0001-revert-strdup.patch
> @@ -0,0 +1,27 @@
> +Revert upstream 0403361ac57082dc47840d1f31832f1a0e319078
> +It breaks the build when it's defined.
> +
> +Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> +
> +diff -Nura rsyslog-7.6.6.orig/grammar/lexer.c rsyslog-7.6.6/grammar/lexer.c
> +--- rsyslog-7.6.6.orig/grammar/lexer.c 2014-10-01 10:12:34.960082719 -0300
> ++++ rsyslog-7.6.6/grammar/lexer.c 2014-10-01 10:13:24.512769964 -0300
> +@@ -1459,7 +1459,6 @@
> + #line 32 "lexer.l"
> + #include "config.h"
> + #include "parserif.h"
> +-extern char *strdup(char*); /* somehow we do not get this from string.h... */
> + /*%option noyywrap nodefault case-insensitive */
> + /* avoid compiler warning: `yyunput' defined but not used */
> + #define YY_NO_INPUT 1
> +diff -Nura rsyslog-7.6.6.orig/grammar/lexer.l rsyslog-7.6.6/grammar/lexer.l
> +--- rsyslog-7.6.6.orig/grammar/lexer.l 2014-10-01 10:12:34.960082719 -0300
> ++++ rsyslog-7.6.6/grammar/lexer.l 2014-10-01 10:13:41.935363172 -0300
> +@@ -31,7 +31,6 @@
> + %{
> + #include "config.h"
> + #include "parserif.h"
> +-extern char *strdup(char*); /* somehow we do not get this from string.h... */
> + %}
> +
> + %option noyywrap nodefault case-insensitive yylineno
> diff --git a/package/rsyslog/rsyslog.hash b/package/rsyslog/rsyslog.hash
> index b47932a..afc75cc 100644
> --- a/package/rsyslog/rsyslog.hash
> +++ b/package/rsyslog/rsyslog.hash
> @@ -1,2 +1,2 @@
> -# From http://www.rsyslog.com/downloads/download-other/
> -sha256 45bca1c1ffca6b8260363617897c09baeaf350e8b92c51361d2770375cdf4b34 rsyslog-7.6.5.tar.gz
> +# From http://www.rsyslog.com/downloads/download-v7-stable/
> +sha256 c77ae0db6204c5bd670fa96c354ee5fe1c62c876bd84ec06ed429138c78885bb rsyslog-7.6.6.tar.gz
> diff --git a/package/rsyslog/rsyslog.mk b/package/rsyslog/rsyslog.mk
> index 2ba4a9a..17fd13b 100644
> --- a/package/rsyslog/rsyslog.mk
> +++ b/package/rsyslog/rsyslog.mk
> @@ -4,14 +4,15 @@
> #
> ################################################################################
>
> -RSYSLOG_VERSION = 7.6.5
> +RSYSLOG_VERSION = 7.6.6
> RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog
> RSYSLOG_LICENSE = GPLv3 LGPLv3 Apache-2.0
> RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20
> RSYSLOG_DEPENDENCIES = zlib libestr liblogging json-c host-pkgconf
>
> RSYSLOG_CONF_OPT = --disable-testbench \
> - --enable-cached-man-pages
> + --enable-cached-man-pages \
> + --disable-generate-man-pages
>
> # Build after BusyBox
> ifeq ($(BR2_PACKAGE_BUSYBOX),y)
>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
--
Vincent
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCHv2] rsyslog: security bump to version 7.6.6
2014-10-01 13:23 [Buildroot] [PATCHv2] rsyslog: security bump to version 7.6.6 Gustavo Zacarias
2014-10-01 13:42 ` Vicente Olivert Riera
@ 2014-10-01 13:57 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2014-10-01 13:57 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> Fixes CVE-2014-3634 - potential abort when a message with PRI > 191 was
> processed if the "pri-text" property was used in active templates, this
> could be abused to a remote denial of service from permitted senders.
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-10-01 13:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-10-01 13:23 [Buildroot] [PATCHv2] rsyslog: security bump to version 7.6.6 Gustavo Zacarias
2014-10-01 13:42 ` Vicente Olivert Riera
2014-10-01 13:57 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.