Hello community, here is the log from the commit of package syslogd for openSUSE:Factory checked in at 2014-10-15 16:19:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/syslogd (Old) and /work/SRC/openSUSE:Factory/.syslogd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "syslogd" Changes: -------- --- /work/SRC/openSUSE:Factory/syslogd/syslogd.changes 2014-09-02 08:22:18.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.syslogd.new/syslogd.changes 2014-10-15 16:19:49.000000000 +0200 @@ -1,0 +2,24 @@ +Thu Oct 9 13:01:26 UTC 2014 - [email protected] + +- Update patch sysklogd-1.4.1-CVE-2014-3634.patch (boo#899756) + +------------------------------------------------------------------- +Mon Sep 29 14:14:14 UTC 2014 - [email protected] + +- sysklogd-1.4.1-reload.dif: remove bogus use of feature test macro +- sysklogd-1.4.1.dif: refresh +- sysklogd-1.4.1-glibc.patch: remove obsolete patch + +------------------------------------------------------------------- +Wed Sep 24 08:07:49 UTC 2014 - [email protected] + +- Add patch sysklogd-1.4.1-CVE-2014-3634.patch bsc#897262, + CVE-2014-3634 rsyslog/syslogd: remote syslog PRI vulnerability + +------------------------------------------------------------------- +Mon Sep 15 13:07:38 UTC 2014 - [email protected] + +- Add patch sysklogd-1.4.1-glibc.patch + newer glibc versions do not set nor use _BSD_SOURCE anymore + +------------------------------------------------------------------- New: ---- sysklogd-1.4.1-CVE-2014-3634.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ syslogd.spec ++++++ --- /var/tmp/diff_new_pack.2E7CFT/_old 2014-10-15 16:19:50.000000000 +0200 +++ /var/tmp/diff_new_pack.2E7CFT/_new 2014-10-15 16:19:50.000000000 +0200 @@ -82,6 +82,8 @@ Patch24: sysklogd-1.4.1-systemd.dif Patch25: sysklogd-1.4.1-systemd-multi.dif Patch26: sysklogd-1.4.1-systemd-sock-name.patch +# PATCH-FIX-SUSE bsc#897262, CVE-2014-3634 rsyslog/syslogd: remote syslog PRI vulnerability +Patch28: sysklogd-1.4.1-CVE-2014-3634.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -171,6 +173,7 @@ %patch24 -p0 -b .sd %patch25 -p0 -b .sd2 %patch26 -p0 -b .sd3 +%patch28 -p0 -b .cve20143634 %patch0 -p0 %build ++++++ sysklogd-1.4.1-CVE-2014-3634.patch ++++++ --- syslog.c | 6 ++++++ syslogd.c | 7 +++++++ 2 files changed, 13 insertions(+) --- syslog.c +++ syslog.c 2014-09-24 16:09:26.062235727 +0000 @@ -72,6 +72,13 @@ static char sccsid[] = "@(#)syslog.c 5.2 #define _PATH_LOGNAME "/dev/log" +#undef LOG_FAC +static inline int LOG_FAC(const int pri) +{ + unsigned int fac = pri >> 3; + return (fac > 23) ? 23 : fac; +} + #include "fortify.h" static int LogFile = -1; /* fd for log */ --- syslogd.c +++ syslogd.c 2014-09-22 08:18:13.122235747 +0000 @@ -565,6 +565,13 @@ static char sccsid[] __attribute__ ((un #define SYSTEMD_PATH_LOG "/run/systemd/journal/syslog" #endif +#undef LOG_FAC +static inline int LOG_FAC(const int pri) +{ + unsigned int fac = pri >> 3; + return (fac > 23) ? 23 : fac; +} + char *ConfFile = _PATH_LOGCONF; char *PidFile = _PATH_LOGPID; char ctty[] = _PATH_CONSOLE; ++++++ sysklogd-1.4.1-reload.dif ++++++ --- /var/tmp/diff_new_pack.2E7CFT/_old 2014-10-15 16:19:50.000000000 +0200 +++ /var/tmp/diff_new_pack.2E7CFT/_new 2014-10-15 16:19:50.000000000 +0200 @@ -1,5 +1,7 @@ ---- syslogd.c -+++ syslogd.c 2010-03-29 15:12:11.000000000 +0000 +Index: syslogd.c +=================================================================== +--- syslogd.c.orig ++++ syslogd.c @@ -565,7 +565,7 @@ char **parts; int inetm = 0; static int debugging_on = 0; @@ -17,127 +19,105 @@ #ifndef TESTING if ( Debug ) { -@@ -1167,9 +1168,22 @@ int main(argc, argv) +@@ -1167,9 +1168,14 @@ int main(argc, argv) (fd_set *) NULL, (struct timeval *) NULL); if ( restart ) { -+#ifndef _BSD_SOURCE -+ int omask = sigblock(sigmask(SIGHUP)); -+#else + sigset_t blockhup; + sigemptyset(&blockhup); + sigaddset (&blockhup, SIGHUP); + (void) sigprocmask(SIG_BLOCK, &blockhup, NULL); -+#endif + restart = 0; dprintf("\nReceived SIGHUP, reloading syslogd.\n"); init(); - restart = 0; -+#ifndef _BSD_SOURCE -+ (void) sigsetmask(omask); -+#else + (void) sigprocmask (SIG_UNBLOCK, &blockhup, NULL); -+#endif continue; } if (nfds == 0) { -@@ -1676,17 +1690,23 @@ void logmsg(pri, msg, from, flags) +@@ -1676,18 +1682,16 @@ void logmsg(pri, msg, from, flags) register struct filed *f; int fac, prilev; int msglen; -#ifndef SYSV -+#ifndef _BSD_SOURCE - int omask; - #else +- int omask; +-#else int lognum; +-#endif + sigset_t nset, oset; - #endif char *timestamp; dprintf("logmsg: %s, flags %x, from %s, msg %s\n", textpri(pri), flags, from, msg); -#ifndef SYSV -+#ifndef _BSD_SOURCE - omask = sigblock(sigmask(SIGHUP)|sigmask(SIGALRM)); -+#else +- omask = sigblock(sigmask(SIGHUP)|sigmask(SIGALRM)); +-#endif + sigemptyset(&nset); + sigaddset (&nset, SIGHUP); + sigaddset (&nset, SIGALRM); + (void)sigprocmask(SIG_BLOCK, &nset, &oset); - #endif /* -@@ -1724,8 +1744,10 @@ void logmsg(pri, msg, from, flags) + * Check to see if msg looks non-standard. +@@ -1724,9 +1728,7 @@ void logmsg(pri, msg, from, flags) (void) close(f->f_file); f->f_file = -1; } -#ifndef SYSV -+#ifndef _BSD_SOURCE - (void) sigsetmask(omask); -+#else +- (void) sigsetmask(omask); +-#endif + (void)sigprocmask(SIG_SETMASK, &oset, NULL); - #endif return; } -@@ -1789,8 +1811,10 @@ void logmsg(pri, msg, from, flags) + #ifdef SYSV +@@ -1789,9 +1791,7 @@ void logmsg(pri, msg, from, flags) } } } -#ifndef SYSV -+#ifndef _BSD_SOURCE - (void) sigsetmask(omask); -+#else +- (void) sigsetmask(omask); +-#endif + (void)sigprocmask(SIG_SETMASK, &oset, NULL); - #endif } #if FALSE -@@ -2108,7 +2132,7 @@ void wallmsg(f, iov) + } /* balance parentheses for emacs */ +@@ -2108,10 +2108,6 @@ void wallmsg(f, iov) (void) signal(SIGTERM, SIG_DFL); (void) alarm(0); (void) signal(SIGALRM, endtty); -#ifndef SYSV -+#ifndef _BSD_SOURCE - (void) signal(SIGTTOU, SIG_IGN); - (void) sigsetmask(0); - #endif -@@ -2178,14 +2202,14 @@ void wallmsg(f, iov) +- (void) signal(SIGTTOU, SIG_IGN); +- (void) sigsetmask(0); +-#endif + (void) snprintf(greetings, sizeof(greetings), + "\r\n\7Message from syslogd@%s at %.24s ...\r\n", + (char *) iov[2].iov_base, ctime(&now)); +@@ -2178,16 +2174,8 @@ void wallmsg(f, iov) void reapchild() { int saved_errno = errno; -#if defined(SYSV) && !defined(linux) -+#if defined(SYSV) && !defined(_BSD_SOURCE) - (void) signal(SIGCHLD, reapchild); /* reset signal handler -ASP */ - wait ((int *)0); - #else +- (void) signal(SIGCHLD, reapchild); /* reset signal handler -ASP */ +- wait ((int *)0); +-#else while (waitpid(-1, (int*)0, WNOHANG|WUNTRACED) > 0) ; - #endif +-#endif -#ifdef linux -+#ifndef _BSD_SOURCE - (void) signal(SIGCHLD, reapchild); /* reset signal handler -ASP */ - #endif +- (void) signal(SIGCHLD, reapchild); /* reset signal handler -ASP */ +-#endif errno = saved_errno; -@@ -2318,7 +2342,9 @@ void debug_switch() + } + +@@ -2318,7 +2306,6 @@ void debug_switch() { dprintf("Switching debugging_on to %s\n", (debugging_on == 0) ? "true" : "false"); debugging_on = (debugging_on == 0) ? 1 : 0; -+#ifndef _BSD_SOURCE - signal(SIGUSR1, debug_switch); -+#endif +- signal(SIGUSR1, debug_switch); } -@@ -2350,7 +2376,9 @@ void die(int sig) - (void) snprintf(buf, sizeof(buf), "exiting on signal %d", sig); - errno = 0; - logmsg(LOG_SYSLOG|LOG_INFO, buf, LocalHostName, ADDDATE); -+#ifdef _BSD_SOURCE - signal(sig, SIG_IGN); -+#endif - } - - void dienow(void) -@@ -2664,7 +2692,6 @@ void init() +@@ -2664,7 +2651,6 @@ void init() logmsg(LOG_SYSLOG|LOG_INFO, "syslogd " VERSION "." PATCHLEVEL \ ": restart." , LocalHostName, ADDDATE); #endif @@ -145,13 +125,11 @@ dprintf("syslogd: restarted.\n"); } #if FALSE -@@ -3061,7 +3088,9 @@ void sighup_handler() +@@ -3061,7 +3047,6 @@ void sighup_handler() { restart = 1; -+#ifndef _BSD_SOURCE - signal(SIGHUP, sighup_handler); -+#endif +- signal(SIGHUP, sighup_handler); return; } ++++++ sysklogd-1.4.1.dif ++++++ --- /var/tmp/diff_new_pack.2E7CFT/_old 2014-10-15 16:19:50.000000000 +0200 +++ /var/tmp/diff_new_pack.2E7CFT/_new 2014-10-15 16:19:50.000000000 +0200 @@ -1,5 +1,7 @@ ---- .pkgextract -+++ .pkgextract 2006-02-08 16:29:50.000000000 +0000 +Index: .pkgextract +=================================================================== +--- /dev/null ++++ .pkgextract @@ -0,0 +1,20 @@ +patch -p0 -b --suffix=.dgram -s < ../sysklogd-1.4.1-dgram.patch +patch -p0 -b --suffix=.sparc -s < ../sysklogd-1.4.1-sparc.patch @@ -21,8 +23,10 @@ +patch -p1 -b --suffix=.sleep -s < ../sysklogd-1.4.1-dontsleep.patch +patch -p0 -b --suffix=.signal -s < ../sysklogd-1.4.1-signal.dif +patch -p0 -b --suffix=.clear -s < ../sysklogd-1.4.1-clearing.patch ---- Makefile -+++ Makefile 2010-11-26 16:28:02.996425919 +0000 +Index: Makefile +=================================================================== +--- Makefile.orig ++++ Makefile @@ -1,14 +1,17 @@ # Makefile for syslogd and klogd daemons. @@ -73,8 +77,10 @@ + ${INSTALL} -m 644 syslogd.8 ${DESTDIR}${MANDIR}/man8/syslogd.8 + ${INSTALL} -m 644 syslog.conf.5 ${DESTDIR}${MANDIR}/man5/syslog.conf.5 + ${INSTALL} -m 644 klogd.8 ${DESTDIR}${MANDIR}/man8/klogd.8 ---- klogd.c -+++ klogd.c 2008-05-30 10:23:07.616318420 +0000 +Index: klogd.c +=================================================================== +--- klogd.c.orig ++++ klogd.c @@ -277,15 +277,21 @@ _syscall3(int,ksyslog,int, type, char *, #include <sys/utsname.h> @@ -202,8 +208,10 @@ } /* The main loop. */ ---- pidfile.c -+++ pidfile.c 2008-05-29 22:04:24.000000000 +0000 +Index: pidfile.c +=================================================================== +--- pidfile.c.orig ++++ pidfile.c @@ -46,11 +46,11 @@ int read_pid (char *pidfile) { @@ -244,8 +252,10 @@ if (!fprintf(f,"%d\n", pid)) { fprintf(stderr, "Can't write pid , %s.\n", strerror(errno)); close(fd); ---- resolve.c -+++ resolve.c 2006-02-08 16:29:50.000000000 +0000 +Index: resolve.c +=================================================================== +--- resolve.c.orig ++++ resolve.c @@ -13,6 +13,7 @@ #include <stdlib.h> #include <signal.h> @@ -286,8 +296,10 @@ + dprintf("failed to write: %s\n", strerror(errno)); + exit(1); } ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ sample-s390.conf 2006-02-08 16:29:50.000000000 +0000 +Index: sample-s390.conf +=================================================================== +--- /dev/null ++++ sample-s390.conf @@ -0,0 +1,60 @@ +# /etc/syslog.conf - Configuration file for syslogd(8) +# @@ -349,8 +361,10 @@ +local2,local3.* -/var/log/localmessages +local4,local5.* -/var/log/localmessages +local6,local7.* -/var/log/localmessages ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ sample.conf 2006-02-08 16:29:50.000000000 +0000 +Index: sample.conf +=================================================================== +--- /dev/null ++++ sample.conf @@ -0,0 +1,60 @@ +# /etc/syslog.conf - Configuration file for syslogd(8) +# @@ -412,9 +426,11 @@ +local2,local3.* -/var/log/localmessages +local4,local5.* -/var/log/localmessages +local6,local7.* -/var/log/localmessages ---- syslog.c -+++ syslog.c 2006-02-08 16:29:50.000000000 +0000 -@@ -70,7 +70,13 @@ static char sccsid[] = "@(#)syslog.c 5.2 +Index: syslog.c +=================================================================== +--- syslog.c.orig ++++ syslog.c +@@ -70,7 +70,12 @@ static char sccsid[] = "@(#)syslog.c 5.2 #include <paths.h> #include <stdio.h> @@ -425,12 +441,13 @@ +#ifndef _PATH_LOGNAME +# define _PATH_LOGNAME "/dev/log" +#endif -+ - - #include "fortify.h" ---- syslogd.c -+++ syslogd.c 2008-05-28 10:14:25.000000000 +0000 + #undef LOG_FAC + static inline int LOG_FAC(const int pri) +Index: syslogd.c +=================================================================== +--- syslogd.c.orig ++++ syslogd.c @@ -466,6 +466,7 @@ static char sccsid[] __attribute__ ((un #include <sys/types.h> #endif @@ -439,7 +456,7 @@ #include <ctype.h> #include <string.h> #include <setjmp.h> -@@ -579,7 +580,11 @@ int funix[MAXFUNIX] = { -1, }; +@@ -594,7 +595,11 @@ int sd_fds = 0; # define UNAMESZ 8 /* length of a login name */ #endif #define MAXUNAMES 20 /* maximum number of user names */ @@ -452,7 +469,7 @@ #define INTERNAL_NOPRI 0x10 /* the "no priority" priority */ #define TABLE_NOPRI 0 /* Value to indicate no priority in f_pmask */ -@@ -659,8 +664,8 @@ struct filed { +@@ -674,8 +679,8 @@ struct filed { * in seconds after previous message is logged. After each flush, * we move to the next interval until we reach the largest. */ @@ -463,7 +480,7 @@ #define REPEATTIME(f) ((f)->f_time + repeatinterval[(f)->f_repeatcount]) #define BACKOFF(f) { if (++(f)->f_repeatcount > MAXREPEAT) \ (f)->f_repeatcount = MAXREPEAT; \ -@@ -774,7 +779,7 @@ int usage(void); +@@ -789,7 +794,7 @@ int usage(void); static pid_t sid; #endif void untty(void); @@ -472,7 +489,7 @@ void printline(const char *hname, char *msg); void printsys(char *msg); void logmsg(int pri, char *msg, const char *from, int flags); -@@ -822,7 +827,7 @@ int main(argc, argv) +@@ -837,7 +842,7 @@ int main(argc, argv) #else /* __GLIBC__ */ #ifndef TESTING #ifdef SYSLOG_INET @@ -481,7 +498,7 @@ #endif #endif int num_fds; -@@ -868,7 +873,12 @@ int main(argc, argv) +@@ -883,7 +888,12 @@ int main(argc, argv) int maxfds; #ifndef TESTING @@ -495,7 +512,7 @@ #endif for (i = 1; i < MAXFUNIX; i++) { funixn[i] = ""; -@@ -1074,13 +1084,15 @@ int main(argc, argv) +@@ -1138,13 +1148,15 @@ int main(argc, argv) leave = 0; (void) signal(SIGTERM, die); @@ -512,7 +529,7 @@ /* Create a partial message table for all file descriptors. */ num_fds = getdtablesize(); -@@ -1243,7 +1255,7 @@ int main(argc, argv) +@@ -1313,7 +1325,7 @@ int main(argc, argv) * -Joey */ printchopped(from, line, \ @@ -521,7 +538,7 @@ } else if (i < 0 && errno != EINTR) { dprintf("INET socket error: %d = %s.\n", \ errno, strerror(errno)); -@@ -1262,7 +1274,7 @@ int main(argc, argv) +@@ -1332,7 +1344,7 @@ int main(argc, argv) parts[fileno(stdin)] = (char *) 0; i = read(fileno(stdin), line, MAXLINE); if (i > 0) { @@ -530,7 +547,7 @@ } else if (i < 0) { if (errno != EINTR) { logerror("stdin"); -@@ -1307,8 +1319,9 @@ static int create_unix_socket(const char +@@ -1406,8 +1418,9 @@ static int create_unix_socket(const char close(fd); #ifndef SYSV dienow(); @@ -541,7 +558,7 @@ } return fd; } -@@ -1485,7 +1498,7 @@ void untty() +@@ -1584,7 +1597,7 @@ void untty() void printchopped(hname, msg, len, fd) const char *hname; char *msg; @@ -550,7 +567,7 @@ int fd; { auto int ptlngth; -@@ -1585,6 +1598,8 @@ void printline(hname, msg) +@@ -1684,6 +1697,8 @@ void printline(hname, msg) while ((c = *p++) && q < &line[sizeof(line) - 4]) { if (c == '\n') *q++ = ' '; @@ -559,7 +576,7 @@ else if (c < 040) { *q++ = '^'; *q++ = c ^ 0100; -@@ -1756,7 +1771,7 @@ void logmsg(pri, msg, from, flags) +@@ -1851,7 +1866,7 @@ void logmsg(pri, msg, from, flags) !strcmp(from, f->f_prevhost)) { (void) strncpy(f->f_lasttime, timestamp, 15); f->f_prevcount++; @@ -568,7 +585,7 @@ f->f_prevcount, now - f->f_time, repeatinterval[f->f_repeatcount]); /* -@@ -2085,13 +2100,7 @@ void wallmsg(f, iov) +@@ -2178,13 +2193,7 @@ void wallmsg(f, iov) register struct filed *f; struct iovec *iov; { @@ -582,7 +599,7 @@ if (reenter++) return; -@@ -2105,9 +2114,18 @@ void wallmsg(f, iov) +@@ -2198,9 +2207,18 @@ void wallmsg(f, iov) * and doing notty(). */ if (fork() == 0) { @@ -598,10 +615,10 @@ (void) alarm(0); (void) signal(SIGALRM, endtty); + (void) siginterrupt(SIGALRM,1); /* Make recvfrom() be able to receive EINTR */ - #ifndef _BSD_SOURCE - (void) signal(SIGTTOU, SIG_IGN); - (void) sigsetmask(0); -@@ -2123,7 +2141,7 @@ void wallmsg(f, iov) + (void) snprintf(greetings, sizeof(greetings), + "\r\n\7Message from syslogd@%s at %.24s ...\r\n", + (char *) iov[2].iov_base, ctime(&now)); +@@ -2212,7 +2230,7 @@ void wallmsg(f, iov) /* is this slot used? */ if (ut.ut_name[0] == '\0') continue; @@ -610,7 +627,7 @@ continue; if (!(strcmp (ut.ut_name,"LOGIN"))) /* paranoia */ continue; -@@ -2301,7 +2319,7 @@ void domark() +@@ -2382,7 +2400,7 @@ void domark() for (f = Files; f; f = f->f_next) { #endif if (f->f_prevcount && now >= REPEATTIME(f)) { @@ -619,7 +636,7 @@ TypeNames[f->f_type], f->f_prevcount, repeatinterval[f->f_repeatcount]); fprintlog(f, LocalHostName, 0, (char *)NULL); -@@ -2311,6 +2329,7 @@ void domark() +@@ -2392,6 +2410,7 @@ void domark() } (void) signal(SIGALRM, domark); (void) alarm(TIMERINTVL); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
