Hello community,
here is the log from the commit of package rsyslog for openSUSE:11.3
checked in at Mon Sep 5 17:36:31 CEST 2011.
--------
--- old-versions/11.3/all/rsyslog/rsyslog.changes 2010-04-28
19:26:59.000000000 +0200
+++ 11.3/rsyslog/rsyslog.changes 2011-08-29 19:21:32.000000000 +0200
@@ -1,0 +2,8 @@
+Mon Aug 29 16:48:30 UTC 2011 - m...@suse.com
+
+- Applied patch for 1/2 byte buffer overflow while parsing legacy
+ syslog messages that may cause a crash (CVE-2011-3200,bnc#714658).
+- Applied a fix for a memcpy overflow while processing allowed sender
+ rules in the config that resolve to IPv4-mapped-on-IPv6 addresses.
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback
old-versions/11.3/all/rsyslog
Destination is old-versions/11.3/UPDATES/all/rsyslog
calling whatdependson for 11.3-i586
New:
----
rsyslog-5.x-memcpy-overflow.patch
rsyslog-CVE-2011-3200.bnc714658.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rsyslog.spec ++++++
--- /var/tmp/diff_new_pack.YMM6Ia/_old 2011-09-05 17:36:18.000000000 +0200
+++ /var/tmp/diff_new_pack.YMM6Ia/_new 2011-09-05 17:36:18.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package rsyslog (Version 5.4.0)
+# spec file for package rsyslog
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -30,7 +30,7 @@
%define rsyslog_module_dir_nodeps %{_libdir}/rsyslog/
%define rsyslog_module_dir_withdeps %{_prefix}/%{_lib}/rsyslog/
Version: 5.4.0
-Release: 2
+Release: 3.<RELEASE2>
License: GPLv3+
Group: System/Daemons
Summary: Rsyslog, the enhanced syslogd for Linux and Unix
@@ -56,6 +56,8 @@
Source3: rsyslog.early.conf.in
Source4: rsyslog.d.remote.conf.in
Patch1: rsyslog.xconsole-pipe-loop.patch
+Patch2: rsyslog-5.x-memcpy-overflow.patch
+Patch3: rsyslog-CVE-2011-3200.bnc714658.patch
%description
Rsyslog is an enhanced multi-threaded syslogd supporting, among others,
@@ -246,6 +248,8 @@
%setup -q -n %{name}-%{upstream_version}
dos2unix doc/*.html
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
%build
export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -W -Wall"
++++++ rsyslog-5.x-memcpy-overflow.patch ++++++
--- rsyslog-5.x/runtime/net.c
+++ rsyslog-5.x/runtime/net.c 2011/08/29 16:38:49
@@ -721,7 +721,7 @@ static rsRetVal AddAllowedSender(struct
SIN(allowIP.addr.NetAddr)->sin_port = 0;
memcpy(&(SIN(allowIP.addr.NetAddr)->sin_addr.s_addr),
&(SIN6(res->ai_addr)->sin6_addr.s6_addr32[3]),
- sizeof (struct
sockaddr_in));
+ sizeof (in_addr_t));
if((iRet =
AddAllowedSenderEntry(ppRoot, ppLast, &allowIP,
iSignificantBits))
++++++ rsyslog-CVE-2011-3200.bnc714658.patch ++++++
diff --git a/tools/pmrfc3164.c b/tools/pmrfc3164.c
index 635ca98..6d2d22b 100644
--- a/tools/pmrfc3164.c
+++ b/tools/pmrfc3164.c
@@ -177,7 +177,7 @@ CODESTARTparse
* outputs so that only 32 characters max are used by default.
*/
i = 0;
- while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i <
CONF_TAG_MAXSIZE) {
+ while(lenMsg > 0 && *p2parse != ':' && *p2parse != ' ' && i <
CONF_TAG_MAXSIZE - 2) {
bufParseTAG[i++] = *p2parse++;
--lenMsg;
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
