sysklogd: Update to 1.5.1
Message ID | 20170129133743.14184-1-matthias.fischer@ipfire.org |
---|---|
State | Accepted |
Commit | 8d07810dcefece495e8f3d321cb85e22ae5c6bd1 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id 4E01E61E1B for <patchwork@ipfire.org>; Sun, 29 Jan 2017 14:37:54 +0100 (CET) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 3939F9AC; Sun, 29 Jan 2017 14:37:52 +0100 (CET) Received: from Devel.localdomain (p5DD829A2.dip0.t-ipconnect.de [93.216.41.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id DA039963 for <development@lists.ipfire.org>; Sun, 29 Jan 2017 14:37:48 +0100 (CET) From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] sysklogd: Update to 1.5.1 Date: Sun, 29 Jan 2017 14:37:43 +0100 Message-Id: <20170129133743.14184-1-matthias.fischer@ipfire.org> X-Mailer: git-send-email 2.11.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Matthias Fischer
Jan. 30, 2017, 12:37 a.m. UTC
...and now to something completely different... ;-)
Changelog:
- Bugfix against invalid PRI values (CVE-2014-3634)
CVE-2014-3634:
"...sysklogd 1.5 and earlier allows remote attackers to cause a
denial of service (crash), possibly execute arbitrary code,
or have other unspecified impact via a crafted priority (PRI)
value that triggers an out-of-bounds array access."
Nothing good for a firewall...and besides, 'sysklogd' wasn't updated since 2010.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
config/rootfiles/common/sysklogd | 2 ++
lfs/sysklogd | 9 +++------
2 files changed, 5 insertions(+), 6 deletions(-)
Comments
Hi, On Sun, 2017-01-29 at 14:37 +0100, Matthias Fischer wrote: > ...and now to something completely different... ;-) > > Changelog: > > - Bugfix against invalid PRI values (CVE-2014-3634) > > CVE-2014-3634: > "...sysklogd 1.5 and earlier allows remote attackers to cause a > denial of service (crash), possibly execute arbitrary code, > or have other unspecified impact via a crafted priority (PRI) > value that triggers an out-of-bounds array access." > > Nothing good for a firewall...and besides, 'sysklogd' wasn't updated > since 2010. Very very true. If we are behind on any other important package, please feel free to send updates, as always. Best, -Michael > > Best, > Matthias > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> > --- > config/rootfiles/common/sysklogd | 2 ++ > lfs/sysklogd | 9 +++------ > 2 files changed, 5 insertions(+), 6 deletions(-) > > diff --git a/config/rootfiles/common/sysklogd > b/config/rootfiles/common/sysklogd > index 9792097ce..f5d55c220 100644 > --- a/config/rootfiles/common/sysklogd > +++ b/config/rootfiles/common/sysklogd > @@ -1,6 +1,8 @@ > usr/sbin/klogd > usr/sbin/syslogd > +#usr/share/man/man5/syslog.conf.5 > #usr/share/man/man8/klogd.8 > #usr/share/man/man8/sysklogd.8 > +#usr/share/man/man8/syslogd.8 > var/log/dhcpcd.log > var/log/messages > diff --git a/lfs/sysklogd b/lfs/sysklogd > index ca6110a6d..75bde5fee 100644 > --- a/lfs/sysklogd > +++ b/lfs/sysklogd > @@ -1,7 +1,7 @@ > #################################################################### > ########### > # > # > # IPFire.org - A linux based > firewall # > -# Copyright (C) 2007 Michael Tremer & Christian > Schmidt # > +# Copyright (C) 2007-2017 IPFire Team <info@ipfire.org> > # > # > # > # This program is free software: you can redistribute it and/or > modify # > # it under the terms of the GNU General Public License as published > by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 1.5 > +VER = 1.5.1 > > THISAPP = sysklogd-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = e053094e8103165f98ddafe828f6ae4b > +$(DL_FILE)_MD5 = c70599ab0d037fde724f7210c2c8d7f8 > > install : $(TARGET) > > @@ -70,9 +70,6 @@ $(subst %,%_MD5,$(objects)) : > $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @$(PREBUILD) > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf > $(DIR_DL)/$(DL_FILE) > - #cd $(DIR_APP) && patch -Np1 < > $(DIR_SRC)/src/patches/$(THISAPP)-fixes-1.patch > - #cd $(DIR_APP) && patch -Np1 < > $(DIR_SRC)/src/patches/$(THISAPP)-8bit-1.patch > - #cd $(DIR_APP) && patch -Np1 < > $(DIR_SRC)/src/patches/$(THISAPP)_xen_empty_buffer_check.patch > cd $(DIR_APP) && make $(MAKETUNING) > cd $(DIR_APP) && make install > touch /var/log/{dhcpcd.log,messages}