Commit fba37d23 authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Peter Korsgaard
Browse files

rsyslog: security bump to version 7.6.6 



Fixes CVE-2014-3634 - potential abort when a message with PRI > 191 was
processed if the "pri-text" property was used in active templates, this
could be abused to a remote denial of service from permitted senders.

Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: default avatarVicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent d89a2610

package/rsyslog/rsyslog-0001-revert-strdup.patch

0 → 100644
+27 −0
Original line number Diff line number Diff line 
Revert upstream 0403361ac57082dc47840d1f31832f1a0e319078

It breaks the build when it's defined.



Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>



diff -Nura rsyslog-7.6.6.orig/grammar/lexer.c rsyslog-7.6.6/grammar/lexer.c

--- rsyslog-7.6.6.orig/grammar/lexer.c	2014-10-01 10:12:34.960082719 -0300

+++ rsyslog-7.6.6/grammar/lexer.c	2014-10-01 10:13:24.512769964 -0300

@@ -1459,7 +1459,6 @@

 #line 32 "lexer.l"

 #include "config.h"

 #include "parserif.h"

-extern char *strdup(char*); /* somehow we do not get this from string.h... */

 /*%option noyywrap nodefault case-insensitive */

 /* avoid compiler warning: `yyunput' defined but not used */

 #define YY_NO_INPUT 1

diff -Nura rsyslog-7.6.6.orig/grammar/lexer.l rsyslog-7.6.6/grammar/lexer.l

--- rsyslog-7.6.6.orig/grammar/lexer.l	2014-10-01 10:12:34.960082719 -0300

+++ rsyslog-7.6.6/grammar/lexer.l	2014-10-01 10:13:41.935363172 -0300

@@ -31,7 +31,6 @@

 %{

 #include "config.h"

 #include "parserif.h"

-extern char *strdup(char*); /* somehow we do not get this from string.h... */

 %}

 

 %option noyywrap nodefault case-insensitive yylineno

package/rsyslog/rsyslog.hash

+2 −2
Original line number Diff line number Diff line 
# From http://www.rsyslog.com/downloads/download-other/

sha256	45bca1c1ffca6b8260363617897c09baeaf350e8b92c51361d2770375cdf4b34	rsyslog-7.6.5.tar.gz
 
# From http://www.rsyslog.com/downloads/download-v7-stable/

sha256	c77ae0db6204c5bd670fa96c354ee5fe1c62c876bd84ec06ed429138c78885bb	rsyslog-7.6.6.tar.gz

package/rsyslog/rsyslog.mk

+3 −2
Original line number Diff line number Diff line
@@ -4,14 +4,15 @@ 
#

################################################################################



RSYSLOG_VERSION = 7.6.5

RSYSLOG_VERSION = 7.6.6

RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog

RSYSLOG_LICENSE = GPLv3 LGPLv3 Apache-2.0

RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20

RSYSLOG_DEPENDENCIES = zlib libestr liblogging json-c host-pkgconf



RSYSLOG_CONF_OPT = --disable-testbench \

		   --enable-cached-man-pages

		   --enable-cached-man-pages \

		   --disable-generate-man-pages



# Build after BusyBox

ifeq ($(BR2_PACKAGE_BUSYBOX),y)