diff --git a/sysklogd-1.4.1-CVE-2014-3634.patch b/sysklogd-1.4.1-CVE-2014-3634.patch new file mode 100644 index 0000000..79ee4d0 --- /dev/null +++ b/sysklogd-1.4.1-CVE-2014-3634.patch @@ -0,0 +1,37 @@ +--- + syslog.c | 6 ++++++ + syslogd.c | 7 +++++++ + 2 files changed, 13 insertions(+) + +--- syslog.c ++++ syslog.c 2014-09-24 16:09:26.062235727 +0000 +@@ -72,6 +72,13 @@ static char sccsid[] = "@(#)syslog.c 5.2 + + #define _PATH_LOGNAME "/dev/log" + ++#undef LOG_FAC ++static inline int LOG_FAC(int pri) ++{ ++ int fac = pri >> 3; ++ return (fac > 23) ? 23 : fac; ++} ++ + #include "fortify.h" + + static int LogFile = -1; /* fd for log */ +--- syslogd.c ++++ syslogd.c 2014-09-22 08:18:13.122235747 +0000 +@@ -565,6 +565,13 @@ static char sccsid[] __attribute__ ((un + #define SYSTEMD_PATH_LOG "/run/systemd/journal/syslog" + #endif + ++#undef LOG_FAC ++static inline int LOG_FAC(int pri) ++{ ++ int fac = pri >> 3; ++ return (fac > 23) ? 23 : fac; ++} ++ + char *ConfFile = _PATH_LOGCONF; + char *PidFile = _PATH_LOGPID; + char ctty[] = _PATH_CONSOLE; diff --git a/sysklogd-1.4.1.dif b/sysklogd-1.4.1.dif index 03787c5..f66d655 100644 --- a/sysklogd-1.4.1.dif +++ b/sysklogd-1.4.1.dif @@ -413,22 +413,21 @@ +local4,local5.* -/var/log/localmessages +local6,local7.* -/var/log/localmessages --- syslog.c -+++ syslog.c 2006-02-08 16:29:50.000000000 +0000 -@@ -70,7 +70,13 @@ static char sccsid[] = "@(#)syslog.c 5.2 ++++ syslog.c 2014-09-24 16:11:22.314736955 +0000 +@@ -70,7 +70,12 @@ static char sccsid[] = "@(#)syslog.c 5.2 #include #include -#define _PATH_LOGNAME "/dev/log" +#ifdef _PATH_LOG -+# define _PATH_LOGNAME _PATH_LOG ++# define _PATH_LOGNAME _PATH_LOG +#endif +#ifndef _PATH_LOGNAME -+# define _PATH_LOGNAME "/dev/log" ++# define _PATH_LOGNAME "/dev/log" +#endif -+ - - #include "fortify.h" + #undef LOG_FAC + static inline int LOG_FAC(int pri) --- syslogd.c +++ syslogd.c 2008-05-28 10:14:25.000000000 +0000 @@ -466,6 +466,7 @@ static char sccsid[] __attribute__ ((un diff --git a/syslogd.changes b/syslogd.changes index 669e913..0c52771 100644 --- a/syslogd.changes +++ b/syslogd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Sep 24 08:07:49 UTC 2014 - werner@suse.de + +- Add patch sysklogd-1.4.1-CVE-2014-3634.patch bsc#897262, + CVE-2014-3634 rsyslog/syslogd: remote syslog PRI vulnerability + ------------------------------------------------------------------- Mon Sep 15 13:07:38 UTC 2014 - werner@suse.de diff --git a/syslogd.spec b/syslogd.spec index aaadb19..a4c41e0 100644 --- a/syslogd.spec +++ b/syslogd.spec @@ -82,7 +82,10 @@ Patch23: sysklogd-1.4.1-reload.dif Patch24: sysklogd-1.4.1-systemd.dif Patch25: sysklogd-1.4.1-systemd-multi.dif Patch26: sysklogd-1.4.1-systemd-sock-name.patch +# PATCH-FIX-SUSE Newer glibc versions do not set nor use _BSD_SOURCE anymore Patch27: sysklogd-1.4.1-glibc.patch +# PATCH-FIX-SUSE bsc#897262, CVE-2014-3634 rsyslog/syslogd: remote syslog PRI vulnerability +Patch28: sysklogd-1.4.1-CVE-2014-3634.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -172,8 +175,8 @@ Authors: %patch24 -p0 -b .sd %patch25 -p0 -b .sd2 %patch26 -p0 -b .sd3 -# PATCH-FIX-SUSE Newer glibc versions do not set nor use _BSD_SOURCE anymore %patch27 -p0 -b .glibc +%patch28 -p0 -b .cve20143634 %patch0 -p0 %build