...and now to something completely different... ;-)
Changelog:
- Bugfix against invalid PRI values (CVE-2014-3634)
CVE-2014-3634: "...sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access."
Nothing good for a firewall...and besides, 'sysklogd' wasn't updated since 2010.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- config/rootfiles/common/sysklogd | 2 ++ lfs/sysklogd | 9 +++------ 2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/config/rootfiles/common/sysklogd b/config/rootfiles/common/sysklogd index 9792097ce..f5d55c220 100644 --- a/config/rootfiles/common/sysklogd +++ b/config/rootfiles/common/sysklogd @@ -1,6 +1,8 @@ usr/sbin/klogd usr/sbin/syslogd +#usr/share/man/man5/syslog.conf.5 #usr/share/man/man8/klogd.8 #usr/share/man/man8/sysklogd.8 +#usr/share/man/man8/syslogd.8 var/log/dhcpcd.log var/log/messages diff --git a/lfs/sysklogd b/lfs/sysklogd index ca6110a6d..75bde5fee 100644 --- a/lfs/sysklogd +++ b/lfs/sysklogd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2017 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.5 +VER = 1.5.1
THISAPP = sysklogd-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = e053094e8103165f98ddafe828f6ae4b +$(DL_FILE)_MD5 = c70599ab0d037fde724f7210c2c8d7f8
install : $(TARGET)
@@ -70,9 +70,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - #cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)-fixes-1.patch - #cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)-8bit-1.patch - #cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)_xen_empty_buffer_check.patch cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install touch /var/log/{dhcpcd.log,messages}
Hi,
On Sun, 2017-01-29 at 14:37 +0100, Matthias Fischer wrote:
...and now to something completely different... ;-)
Changelog:
- Bugfix against invalid PRI values (CVE-2014-3634)
CVE-2014-3634: "...sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access."
Nothing good for a firewall...and besides, 'sysklogd' wasn't updated since 2010.
Very very true.
If we are behind on any other important package, please feel free to send updates, as always.
Best, -Michael
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
config/rootfiles/common/sysklogd | 2 ++ lfs/sysklogd | 9 +++------ 2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/config/rootfiles/common/sysklogd b/config/rootfiles/common/sysklogd index 9792097ce..f5d55c220 100644 --- a/config/rootfiles/common/sysklogd +++ b/config/rootfiles/common/sysklogd @@ -1,6 +1,8 @@ usr/sbin/klogd usr/sbin/syslogd +#usr/share/man/man5/syslog.conf.5 #usr/share/man/man8/klogd.8 #usr/share/man/man8/sysklogd.8 +#usr/share/man/man8/syslogd.8 var/log/dhcpcd.log var/log/messages diff --git a/lfs/sysklogd b/lfs/sysklogd index ca6110a6d..75bde5fee 100644 --- a/lfs/sysklogd +++ b/lfs/sysklogd @@ -1,7 +1,7 @@ #################################################################### ########### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2017 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.5 +VER = 1.5.1 THISAPP = sysklogd-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = e053094e8103165f98ddafe828f6ae4b +$(DL_FILE)_MD5 = c70599ab0d037fde724f7210c2c8d7f8 install : $(TARGET) @@ -70,9 +70,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- #cd $(DIR_APP) && patch -Np1 <
$(DIR_SRC)/src/patches/$(THISAPP)-fixes-1.patch
- #cd $(DIR_APP) && patch -Np1 <
$(DIR_SRC)/src/patches/$(THISAPP)-8bit-1.patch
- #cd $(DIR_APP) && patch -Np1 <
$(DIR_SRC)/src/patches/$(THISAPP)_xen_empty_buffer_check.patch cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install touch /var/log/{dhcpcd.log,messages}