From 7544d63c6aab6c75c1675f3eab478f28d6278f69 Mon Sep 17 00:00:00 2001 From: Leo Date: Sat, 19 Oct 2019 22:37:18 -0300 Subject: main/rsyslog: fix CVE-2019-17041 and CVE-2019-17042 ref #10880 Closes !547 --- main/rsyslog/APKBUILD | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/main/rsyslog/APKBUILD b/main/rsyslog/APKBUILD index ee76846336..b930f05b2a 100644 --- a/main/rsyslog/APKBUILD +++ b/main/rsyslog/APKBUILD @@ -5,7 +5,7 @@ # Maintainer: Cameron Banta pkgname=rsyslog pkgver=8.31.0 -pkgrel=0 +pkgrel=1 pkgdesc="Enhanced multi-threaded syslogd with database support and more." url="http://www.rsyslog.com/" arch="all" @@ -23,9 +23,16 @@ source="http://www.rsyslog.com/files/download/$pkgname/$pkgname-$pkgver.tar.gz $pkgname.conf musl-fix.patch queue.patch + CVE-2019-17041.patch::https://github.com/rsyslog/rsyslog/commit/10549ba915556c557b22b3dac7e4cb73ad22d3d8.patch + CVE-2019-17042.patch::https://github.com/rsyslog/rsyslog/commit/abc0960a7561e18944a0e08d48f4eb570ea7435a.patch " builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 8.31.0-r1: +# - CVE-2019-17041 +# - CVE-2019-17042 + build() { cd "$builddir" @@ -103,11 +110,12 @@ snmp() { mv "$pkgdir"/usr/lib/rsyslog/omsnmp.so \ "$subpkgdir"/usr/lib/rsyslog/ } - sha512sums="aab888dda8df3ad7ff404767a58539cdc0bb92d0e537b703cf5833555688dd6d8223889b8d70bf8c594339a51831b57df7a65b397d8b40cded608dfb007befe7 rsyslog-8.31.0.tar.gz 9a4b184076a82e0899da79ab3749e1c67eac03f36c4460d34ed0385f4a3ffad53681a1cc25dd514e835c9399a9abd01c235743535ad549d5be7f66d9e127b9dc rsyslog.initd a4d969671800227129be870b0318961b79d16365663754111a136734bbf7005abd4da24853dfdc07b3b6691ab5a7b215f0ac6c19022b4c5c8dab06165a42431b rsyslog.confd d54377ddf39197656811a84272568ea761f984e19dd04fc54f372dd04a9244e66d02b26ab33073d0344d054f031660ec611f3c7a18c266e7b68cef5e2c47f06f rsyslog.logrotate 3bcd58b222eb7f4d8a42a0643cacb6ab44790f90c9bd550678e002bc19863d5d6a7341e5e5ba0b9292f85c6c04cd5cc42d174acdc63e8ba22022620db10f2b9b rsyslog.conf bd469f3126d9db65cbe6b48a0e6da3ae1a6ef0194b7132799b4fdfcfc50de750691f44de21905fe40c047b7281d3db64b74a473383dd07077c81170daaf3ec6b musl-fix.patch -7be105f9a30d23b48ee46e19d31ba37ec30477935a9f7ba3929666a9abe175313dbb7caf55fbb1c6579dd5d25fe037eea84cae9065fe3f765f23569344bce5d7 queue.patch" +7be105f9a30d23b48ee46e19d31ba37ec30477935a9f7ba3929666a9abe175313dbb7caf55fbb1c6579dd5d25fe037eea84cae9065fe3f765f23569344bce5d7 queue.patch +e9f75ce261dcefb4bd8f1f70707e1ee4221743f562882eb0e77bee0df468b4dd6aea0513a025909a8abb82d026ab010d8fc74a868c6cd8d5e244d5335d3fcf59 CVE-2019-17041.patch +2edf53a861d8bf20c2b7434cc13f0cf8d077dfa4d9a924742e521ff17088c5a1e6386af03ac1c1d5fd900fd0ce819f19011e4eb86d6844cb888d5d86bc268168 CVE-2019-17042.patch" -- cgit v1.2.3