From 76ad2836c001cd029db7dec0db006108b1456f6f Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Thu, 23 Nov 2017 00:56:34 +0100 Subject: main/sysklogd: Apply diffs that weren't applied since modernization. APKBUILD modernization commit 9c2d3b2f6b2eb35dc349ef1eeafac6bedef96ec0 didn't take into account that only *.patch files are applied by default by abuild. We may improve abuild behavior in future (possibly after releasing Alpine Linux 3.7), but for now let's rename patches from *.diff to *.patch. --- main/sysklogd/APKBUILD | 18 +-- main/sysklogd/ksym-fclose-fix.diff | 12 -- main/sysklogd/ksym-fclose-fix.patch | 12 ++ .../sysklogd-1.4.2-caen-owl-klogd-drop-root.diff | 162 --------------------- .../sysklogd-1.4.2-caen-owl-klogd-drop-root.patch | 162 +++++++++++++++++++++ .../sysklogd-1.4.2-caen-owl-syslogd-bind.diff | 103 ------------- .../sysklogd-1.4.2-caen-owl-syslogd-bind.patch | 103 +++++++++++++ .../sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff | 118 --------------- ...sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch | 118 +++++++++++++++ 9 files changed, 404 insertions(+), 404 deletions(-) delete mode 100644 main/sysklogd/ksym-fclose-fix.diff create mode 100644 main/sysklogd/ksym-fclose-fix.patch delete mode 100644 main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff create mode 100644 main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.patch delete mode 100644 main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff create mode 100644 main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.patch delete mode 100644 main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff create mode 100644 main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch (limited to 'main/sysklogd') diff --git a/main/sysklogd/APKBUILD b/main/sysklogd/APKBUILD index adf2f73ecf..3e15a8444d 100644 --- a/main/sysklogd/APKBUILD +++ b/main/sysklogd/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=sysklogd pkgver=1.5.1 -pkgrel=0 +pkgrel=1 pkgdesc="System and kernel log daemons" url="http://www.infodrom.org/projects/sysklogd/" arch="all" @@ -15,11 +15,11 @@ source="http://www.infodrom.org/projects/$pkgname/download/$pkgname-$pkgver.tar. sysklogd.daily sysklogd.initd sysklogd.confd - sysklogd-1.4.2-caen-owl-klogd-drop-root.diff - sysklogd-1.4.2-caen-owl-syslogd-bind.diff - sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff + sysklogd-1.4.2-caen-owl-klogd-drop-root.patch + sysklogd-1.4.2-caen-owl-syslogd-bind.patch + sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch sysklogd-1.5-build.patch - ksym-fclose-fix.diff + ksym-fclose-fix.patch fix-includes.patch syslog.conf LICENSE" @@ -50,11 +50,11 @@ d82caedfa61bfefc0162e5c416ff75a5cd8f60abe1cf8a3c5c4e7775aeb7bb64e712c783031659d3 87a95d612b9841a022c91a219ff4f69f57badb7f84178f06fc8abec242df948540582f27146b34c6ce730a451ddfc5195b24237cd70c70896ef040148789dd20 sysklogd.daily eb4c2c411d75315e113efe40c8445dd2eb7aa88e3318ce3d7624916005ec82325a877c83f5816231fc25d5103ac5be1fc58a4d9593b99fea24c87805abd03039 sysklogd.initd 4553d85e93fb07e7d4a6ed0b47a3ea2044a5605adaac05223724c32a60bb8ae96d99ca95965c3931640beef234e976c1141b83f603aa8c6e8aca1dec20ca807c sysklogd.confd -1a5cf4a5dec3ecaa8258110820b64d6a8e1e768e841a3f0ade8d7827b91e73c2d8a49a9d8b74566373133627af88dd46d14e83ae1940a0b2e6cd6fe8710a7e7a sysklogd-1.4.2-caen-owl-klogd-drop-root.diff -995c240fc54681445f68f7681173e1e1860aaab309edc8ac3531881c63c8889f009a7fd622d37145e80fe187410b80c28554140d6a6660134ca87a1c8d13570d sysklogd-1.4.2-caen-owl-syslogd-bind.diff -87865e069f9c78990660cf29a37ba1ded7cc078ea8f05af63fc6068c470d1881181387477dccb830d96af05f352959181619380d61afccf3a11d213372e68852 sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff +1a5cf4a5dec3ecaa8258110820b64d6a8e1e768e841a3f0ade8d7827b91e73c2d8a49a9d8b74566373133627af88dd46d14e83ae1940a0b2e6cd6fe8710a7e7a sysklogd-1.4.2-caen-owl-klogd-drop-root.patch +995c240fc54681445f68f7681173e1e1860aaab309edc8ac3531881c63c8889f009a7fd622d37145e80fe187410b80c28554140d6a6660134ca87a1c8d13570d sysklogd-1.4.2-caen-owl-syslogd-bind.patch +87865e069f9c78990660cf29a37ba1ded7cc078ea8f05af63fc6068c470d1881181387477dccb830d96af05f352959181619380d61afccf3a11d213372e68852 sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch ab979b36f091c62ada916246723cd75a71319a6c3687c034167b9caafc53807e6d224e0d6c836bc4b81b61c1d02ec21a1cb19477396a416c62f097d4b9ccc678 sysklogd-1.5-build.patch -ceb1f7cb70f526dd285fc8bad5511cdef603fc1296f69cc0e7ec4901f11685fae083d028687765b233ca074dfbe0cdafa921de6c80a5cbced94de1059d9761ee ksym-fclose-fix.diff +ceb1f7cb70f526dd285fc8bad5511cdef603fc1296f69cc0e7ec4901f11685fae083d028687765b233ca074dfbe0cdafa921de6c80a5cbced94de1059d9761ee ksym-fclose-fix.patch 0208662a0158ecb6b0a387bd1bf467c866105dac02767209aeaaaeb02762d6c2b814a2707315f8f6cd40f46c4b7744b74653e30973c31354998c27cd7c966dbd fix-includes.patch 49f73b8a16b92d0cda56db9cfc16d5322e797590dfc998282a62560d54205042af953837f5f94b45a3de403fdf5f63efe65d72e9908c7185a2cd5941275abf33 syslog.conf 7b3de1d38b50df14ceaada900f2e8f23b0d5035278c9eacb06d2578ccdcf64ffc44bbb76ed6a10d80f4b883bf36a3ecd2bf60897321e4eae7aed7d8a5a36d86c LICENSE" diff --git a/main/sysklogd/ksym-fclose-fix.diff b/main/sysklogd/ksym-fclose-fix.diff deleted file mode 100644 index a1b3401e22..0000000000 --- a/main/sysklogd/ksym-fclose-fix.diff +++ /dev/null @@ -1,12 +0,0 @@ -Index: sysklogd-1.5/ksym_mod.c -=================================================================== ---- sysklogd-1.5.orig/ksym_mod.c 2009-08-04 09:47:53.000000000 +0300 -+++ sysklogd-1.5/ksym_mod.c 2009-08-04 09:48:05.000000000 +0300 -@@ -189,7 +189,6 @@ - else - Syslog(LOG_ERR, "Error loading kernel symbols " \ - "- %s\n", strerror(errno)); -- fclose(ksyms); - return(0); - } - diff --git a/main/sysklogd/ksym-fclose-fix.patch b/main/sysklogd/ksym-fclose-fix.patch new file mode 100644 index 0000000000..a1b3401e22 --- /dev/null +++ b/main/sysklogd/ksym-fclose-fix.patch @@ -0,0 +1,12 @@ +Index: sysklogd-1.5/ksym_mod.c +=================================================================== +--- sysklogd-1.5.orig/ksym_mod.c 2009-08-04 09:47:53.000000000 +0300 ++++ sysklogd-1.5/ksym_mod.c 2009-08-04 09:48:05.000000000 +0300 +@@ -189,7 +189,6 @@ + else + Syslog(LOG_ERR, "Error loading kernel symbols " \ + "- %s\n", strerror(errno)); +- fclose(ksyms); + return(0); + } + diff --git a/main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff b/main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff deleted file mode 100644 index 40b8817d4e..0000000000 --- a/main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff +++ /dev/null @@ -1,162 +0,0 @@ -http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff?rev=1.2;content-type=text%2Fplain -diff -upk.orig sysklogd-1.4.2.orig/klogd.8 sysklogd-1.4.2/klogd.8 ---- sysklogd-1.4.2.orig/klogd.8 2005-03-11 16:12:09 +0000 -+++ sysklogd-1.4.2/klogd.8 2005-08-18 14:37:47 +0000 -@@ -18,6 +19,12 @@ klogd \- Kernel Log Daemon - .RB [ " \-f " - .I fname - ] -+.RB [ " \-u " -+.I username -+] -+.RB [ " \-j " -+.I chroot_dir -+] - .RB [ " \-iI " ] - .RB [ " \-n " ] - .RB [ " \-o " ] -@@ -53,6 +60,20 @@ stderr. - .BI "\-f " file - Log messages to the specified filename rather than to the syslog facility. - .TP -+.BI "\-u " username -+Tells klogd to become the specified user and drop root privileges before -+starting logging. -+.TP -+.BI "\-j " chroot_dir -+Tells klogd to -+.BR chroot (2) -+into this directory after initializing. -+This option is only valid if the \-u option is also used to run klogd -+without root privileges. -+Note that the use of this option will prevent \-i and \-I from working -+unless you set up the chroot directory in such a way that klogd can still -+read the kernel module symbols. -+.TP - .BI "\-i \-I" - Signal the currently executing klogd daemon. Both of these switches control - the loading/reloading of symbol information. The \-i switch signals the -diff -upk.orig sysklogd-1.4.2.orig/klogd.c sysklogd-1.4.2/klogd.c ---- sysklogd-1.4.2.orig/klogd.c 2005-08-18 12:29:52 +0000 -+++ sysklogd-1.4.2/klogd.c 2005-08-18 14:37:47 +0000 -@@ -261,6 +261,8 @@ - #include - #include - #include -+#include -+#include - #include "klogd.h" - #include "ksyms.h" - #ifndef TESTING -@@ -315,6 +317,9 @@ static enum LOGSRC {none, proc, kernel} - int debugging = 0; - int symbols_twice = 0; - -+char *server_user = NULL; -+char *chroot_dir = NULL; -+int log_flags = 0; - - /* Function prototypes. */ - extern int ksyslog(int type, char *buf, int len); -@@ -535,8 +540,9 @@ static enum LOGSRC GetKernelLogSrc(void) - * First do a stat to determine whether or not the proc based - * file system is available to get kernel messages from. - */ -- if ( use_syscall || -- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) ) -+ if (!server_user && -+ (use_syscall || -+ ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)))) - { - /* Initialize kernel logging. */ - ksyslog(1, NULL, 0); -@@ -983,6 +989,27 @@ static void LogProcLine(void) - } - - -+static int drop_root(void) -+{ -+ struct passwd *pw; -+ -+ if (!(pw = getpwnam(server_user))) return -1; -+ -+ if (!pw->pw_uid) return -1; -+ -+ if (chroot_dir) { -+ if (chdir(chroot_dir)) return -1; -+ if (chroot(".")) return -1; -+ } -+ -+ if (setgroups(0, NULL)) return -1; -+ if (setgid(pw->pw_gid)) return -1; -+ if (setuid(pw->pw_uid)) return -1; -+ -+ return 0; -+} -+ -+ - int main(argc, argv) - - int argc; -@@ -1000,7 +1027,7 @@ int main(argc, argv) - chdir ("/"); - #endif - /* Parse the command-line. */ -- while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF) -+ while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF) - switch((char)ch) - { - case '2': /* Print lines with symbols twice. */ -@@ -1022,6 +1049,10 @@ int main(argc, argv) - case 'I': - SignalDaemon(SIGUSR2); - return(0); -+ case 'j': /* chroot 'j'ail */ -+ chroot_dir = optarg; -+ log_flags |= LOG_NDELAY; -+ break; - case 'k': /* Kernel symbol file. */ - symfile = optarg; - break; -@@ -1037,6 +1068,9 @@ int main(argc, argv) - case 's': /* Use syscall interface. */ - use_syscall = 1; - break; -+ case 'u': /* Run as this user */ -+ server_user = optarg; -+ break; - case 'v': - printf("klogd %s.%s\n", VERSION, PATCHLEVEL); - exit (1); -@@ -1045,6 +1079,10 @@ int main(argc, argv) - break; - } - -+ if (chroot_dir && !server_user) { -+ fputs("'-j' is only valid with '-u'\n", stderr); -+ exit(1); -+ } - - /* Set console logging level. */ - if ( log_level != (char *) 0 ) -@@ -1158,7 +1196,7 @@ int main(argc, argv) - } - } - else -- openlog("kernel", 0, LOG_KERN); -+ openlog("kernel", log_flags, LOG_KERN); - - - /* Handle one-shot logging. */ -@@ -1191,6 +1229,11 @@ int main(argc, argv) - } - } - -+ if (server_user && drop_root()) { -+ syslog(LOG_ALERT, "klogd: failed to drop root"); -+ Terminate(); -+ } -+ - /* The main loop. */ - while (1) - { diff --git a/main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.patch b/main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.patch new file mode 100644 index 0000000000..40b8817d4e --- /dev/null +++ b/main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.patch @@ -0,0 +1,162 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff?rev=1.2;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/klogd.8 sysklogd-1.4.2/klogd.8 +--- sysklogd-1.4.2.orig/klogd.8 2005-03-11 16:12:09 +0000 ++++ sysklogd-1.4.2/klogd.8 2005-08-18 14:37:47 +0000 +@@ -18,6 +19,12 @@ klogd \- Kernel Log Daemon + .RB [ " \-f " + .I fname + ] ++.RB [ " \-u " ++.I username ++] ++.RB [ " \-j " ++.I chroot_dir ++] + .RB [ " \-iI " ] + .RB [ " \-n " ] + .RB [ " \-o " ] +@@ -53,6 +60,20 @@ stderr. + .BI "\-f " file + Log messages to the specified filename rather than to the syslog facility. + .TP ++.BI "\-u " username ++Tells klogd to become the specified user and drop root privileges before ++starting logging. ++.TP ++.BI "\-j " chroot_dir ++Tells klogd to ++.BR chroot (2) ++into this directory after initializing. ++This option is only valid if the \-u option is also used to run klogd ++without root privileges. ++Note that the use of this option will prevent \-i and \-I from working ++unless you set up the chroot directory in such a way that klogd can still ++read the kernel module symbols. ++.TP + .BI "\-i \-I" + Signal the currently executing klogd daemon. Both of these switches control + the loading/reloading of symbol information. The \-i switch signals the +diff -upk.orig sysklogd-1.4.2.orig/klogd.c sysklogd-1.4.2/klogd.c +--- sysklogd-1.4.2.orig/klogd.c 2005-08-18 12:29:52 +0000 ++++ sysklogd-1.4.2/klogd.c 2005-08-18 14:37:47 +0000 +@@ -261,6 +261,8 @@ + #include + #include + #include ++#include ++#include + #include "klogd.h" + #include "ksyms.h" + #ifndef TESTING +@@ -315,6 +317,9 @@ static enum LOGSRC {none, proc, kernel} + int debugging = 0; + int symbols_twice = 0; + ++char *server_user = NULL; ++char *chroot_dir = NULL; ++int log_flags = 0; + + /* Function prototypes. */ + extern int ksyslog(int type, char *buf, int len); +@@ -535,8 +540,9 @@ static enum LOGSRC GetKernelLogSrc(void) + * First do a stat to determine whether or not the proc based + * file system is available to get kernel messages from. + */ +- if ( use_syscall || +- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) ) ++ if (!server_user && ++ (use_syscall || ++ ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)))) + { + /* Initialize kernel logging. */ + ksyslog(1, NULL, 0); +@@ -983,6 +989,27 @@ static void LogProcLine(void) + } + + ++static int drop_root(void) ++{ ++ struct passwd *pw; ++ ++ if (!(pw = getpwnam(server_user))) return -1; ++ ++ if (!pw->pw_uid) return -1; ++ ++ if (chroot_dir) { ++ if (chdir(chroot_dir)) return -1; ++ if (chroot(".")) return -1; ++ } ++ ++ if (setgroups(0, NULL)) return -1; ++ if (setgid(pw->pw_gid)) return -1; ++ if (setuid(pw->pw_uid)) return -1; ++ ++ return 0; ++} ++ ++ + int main(argc, argv) + + int argc; +@@ -1000,7 +1027,7 @@ int main(argc, argv) + chdir ("/"); + #endif + /* Parse the command-line. */ +- while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF) ++ while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF) + switch((char)ch) + { + case '2': /* Print lines with symbols twice. */ +@@ -1022,6 +1049,10 @@ int main(argc, argv) + case 'I': + SignalDaemon(SIGUSR2); + return(0); ++ case 'j': /* chroot 'j'ail */ ++ chroot_dir = optarg; ++ log_flags |= LOG_NDELAY; ++ break; + case 'k': /* Kernel symbol file. */ + symfile = optarg; + break; +@@ -1037,6 +1068,9 @@ int main(argc, argv) + case 's': /* Use syscall interface. */ + use_syscall = 1; + break; ++ case 'u': /* Run as this user */ ++ server_user = optarg; ++ break; + case 'v': + printf("klogd %s.%s\n", VERSION, PATCHLEVEL); + exit (1); +@@ -1045,6 +1079,10 @@ int main(argc, argv) + break; + } + ++ if (chroot_dir && !server_user) { ++ fputs("'-j' is only valid with '-u'\n", stderr); ++ exit(1); ++ } + + /* Set console logging level. */ + if ( log_level != (char *) 0 ) +@@ -1158,7 +1196,7 @@ int main(argc, argv) + } + } + else +- openlog("kernel", 0, LOG_KERN); ++ openlog("kernel", log_flags, LOG_KERN); + + + /* Handle one-shot logging. */ +@@ -1191,6 +1229,11 @@ int main(argc, argv) + } + } + ++ if (server_user && drop_root()) { ++ syslog(LOG_ALERT, "klogd: failed to drop root"); ++ Terminate(); ++ } ++ + /* The main loop. */ + while (1) + { diff --git a/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff deleted file mode 100644 index ad311a512c..0000000000 --- a/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff +++ /dev/null @@ -1,103 +0,0 @@ -http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff?rev=1.1;content-type=text%2Fplain -diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 ---- sysklogd-1.4.2.orig/sysklogd.8 2004-07-09 17:33:32 +0000 -+++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:40:25 +0000 -@@ -15,6 +15,9 @@ sysklogd \- Linux system logging utiliti - .I config file - ] - .RB [ " \-h " ] -+.RB [ " \-i " -+.I IP address -+] - .RB [ " \-l " - .I hostlist - ] -@@ -104,6 +107,13 @@ Specifying this switch on the command li - This can cause syslog loops that fill up hard disks quite fast and - thus needs to be used with caution. - .TP -+.BI "\-i " "IP address" -+If -+.B syslogd -+is configured to accept log input from a UDP port, specify an IP address -+to bind to, rather than the default of INADDR_ANY. The address must be in -+dotted quad notation, DNS host names are not allowed. -+.TP - .BI "\-l " "hostlist" - Specify a hostname that should be logged only with its simple hostname - and not the fqdn. Multiple hosts may be specified using the colon -diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c ---- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:33:22 +0000 -+++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:40:25 +0000 -@@ -774,6 +774,8 @@ char **LocalHosts = NULL; /* these hosts - int NoHops = 1; /* Can we bounce syslog messages through an - intermediate host. */ - -+char *bind_addr = NULL; /* bind UDP port to this interface only */ -+ - extern int errno; - - /* Function prototypes. */ -@@ -878,7 +880,7 @@ int main(argc, argv) - funix[i] = -1; - } - -- while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:v")) != EOF) -+ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) - switch((char)ch) { - case 'a': - if (nfunix < MAXFUNIX) -@@ -895,9 +897,17 @@ int main(argc, argv) - case 'h': - NoHops = 0; - break; -+ case 'i': -+ if (bind_addr) { -+ fprintf(stderr, "Only one -i argument allowed, " -+ "the first one is taken.\n"); -+ break; -+ } -+ bind_addr = optarg; -+ break; - case 'l': - if (LocalHosts) { -- fprintf (stderr, "Only one -l argument allowed," \ -+ fprintf(stderr, "Only one -l argument allowed, " - "the first one is taken.\n"); - break; - } -@@ -1244,7 +1254,7 @@ int main(argc, argv) - int usage() - { - fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ -- " [-s domainlist] [-f conffile]\n"); -+ " [-s domainlist] [-f conffile] [-i IP address]\n"); - exit(1); - } - -@@ -1286,15 +1296,22 @@ static int create_inet_socket() - int fd, on = 1; - struct sockaddr_in sin; - -+ memset(&sin, 0, sizeof(sin)); -+ sin.sin_family = AF_INET; -+ sin.sin_port = LogPort; -+ if (bind_addr) { -+ if (!inet_aton(bind_addr, &sin.sin_addr)) { -+ logerror("syslog: not a valid IP address to bind to."); -+ return -1; -+ } -+ } -+ - fd = socket(AF_INET, SOCK_DGRAM, 0); - if (fd < 0) { - logerror("syslog: Unknown protocol, suspending inet service."); - return fd; - } - -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- sin.sin_port = LogPort; - if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, \ - (char *) &on, sizeof(on)) < 0 ) { - logerror("setsockopt(REUSEADDR), suspending inet"); diff --git a/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.patch b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.patch new file mode 100644 index 0000000000..ad311a512c --- /dev/null +++ b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.patch @@ -0,0 +1,103 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff?rev=1.1;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 +--- sysklogd-1.4.2.orig/sysklogd.8 2004-07-09 17:33:32 +0000 ++++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:40:25 +0000 +@@ -15,6 +15,9 @@ sysklogd \- Linux system logging utiliti + .I config file + ] + .RB [ " \-h " ] ++.RB [ " \-i " ++.I IP address ++] + .RB [ " \-l " + .I hostlist + ] +@@ -104,6 +107,13 @@ Specifying this switch on the command li + This can cause syslog loops that fill up hard disks quite fast and + thus needs to be used with caution. + .TP ++.BI "\-i " "IP address" ++If ++.B syslogd ++is configured to accept log input from a UDP port, specify an IP address ++to bind to, rather than the default of INADDR_ANY. The address must be in ++dotted quad notation, DNS host names are not allowed. ++.TP + .BI "\-l " "hostlist" + Specify a hostname that should be logged only with its simple hostname + and not the fqdn. Multiple hosts may be specified using the colon +diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c +--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:33:22 +0000 ++++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:40:25 +0000 +@@ -774,6 +774,8 @@ char **LocalHosts = NULL; /* these hosts + int NoHops = 1; /* Can we bounce syslog messages through an + intermediate host. */ + ++char *bind_addr = NULL; /* bind UDP port to this interface only */ ++ + extern int errno; + + /* Function prototypes. */ +@@ -878,7 +880,7 @@ int main(argc, argv) + funix[i] = -1; + } + +- while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:v")) != EOF) ++ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) + switch((char)ch) { + case 'a': + if (nfunix < MAXFUNIX) +@@ -895,9 +897,17 @@ int main(argc, argv) + case 'h': + NoHops = 0; + break; ++ case 'i': ++ if (bind_addr) { ++ fprintf(stderr, "Only one -i argument allowed, " ++ "the first one is taken.\n"); ++ break; ++ } ++ bind_addr = optarg; ++ break; + case 'l': + if (LocalHosts) { +- fprintf (stderr, "Only one -l argument allowed," \ ++ fprintf(stderr, "Only one -l argument allowed, " + "the first one is taken.\n"); + break; + } +@@ -1244,7 +1254,7 @@ int main(argc, argv) + int usage() + { + fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ +- " [-s domainlist] [-f conffile]\n"); ++ " [-s domainlist] [-f conffile] [-i IP address]\n"); + exit(1); + } + +@@ -1286,15 +1296,22 @@ static int create_inet_socket() + int fd, on = 1; + struct sockaddr_in sin; + ++ memset(&sin, 0, sizeof(sin)); ++ sin.sin_family = AF_INET; ++ sin.sin_port = LogPort; ++ if (bind_addr) { ++ if (!inet_aton(bind_addr, &sin.sin_addr)) { ++ logerror("syslog: not a valid IP address to bind to."); ++ return -1; ++ } ++ } ++ + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) { + logerror("syslog: Unknown protocol, suspending inet service."); + return fd; + } + +- memset(&sin, 0, sizeof(sin)); +- sin.sin_family = AF_INET; +- sin.sin_port = LogPort; + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, \ + (char *) &on, sizeof(on)) < 0 ) { + logerror("setsockopt(REUSEADDR), suspending inet"); diff --git a/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff deleted file mode 100644 index 8c3f571f3c..0000000000 --- a/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff +++ /dev/null @@ -1,118 +0,0 @@ -http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff?rev=1.1;content-type=text%2Fplain -diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 ---- sysklogd-1.4.2.orig/sysklogd.8 2005-08-18 14:40:25 +0000 -+++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:41:26 +0000 -@@ -32,6 +32,9 @@ sysklogd \- Linux system logging utiliti - .RB [ " \-s " - .I domainlist - ] -+.RB [ " \-u" -+.IB username -+] - .RB [ " \-v " ] - .LP - .SH DESCRIPTION -@@ -161,6 +164,19 @@ is specified and the host logging resolv - no domain would be cut, you will have to specify two domains like: - .BR "\-s north.de:infodrom.north.de" . - .TP -+.BI "\-u " "username" -+This causes the -+.B syslogd -+daemon to become the named user before starting up logging. -+ -+Note that when this option is in use, -+.B syslogd -+will open all log files as root when the daemon is first started; -+however, after a -+.B SIGHUP -+the files will be reopened as the non-privileged user. You should -+take this into account when deciding the ownership of the log files. -+.TP - .B "\-v" - Print version and exit. - .LP -diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c ---- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:40:25 +0000 -+++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:41:26 +0000 -@@ -524,6 +524,10 @@ static char sccsid[] = "@(#)syslogd.c 5. - #include - #include - #include -+ -+#include -+#include -+ - #ifndef TESTING - #include "pidfile.h" - #endif -@@ -775,6 +779,7 @@ int NoHops = 1; /* Can we bounce syslog - intermediate host. */ - - char *bind_addr = NULL; /* bind UDP port to this interface only */ -+char *server_user = NULL; /* user name to run server as */ - - extern int errno; - -@@ -827,6 +832,21 @@ static int set_nonblock_flag(int desc) - return fcntl(desc, F_SETFL, flags | O_NONBLOCK); - } - -+static int drop_root(void) -+{ -+ struct passwd *pw; -+ -+ if (!(pw = getpwnam(server_user))) return -1; -+ -+ if (!pw->pw_uid) return -1; -+ -+ if (initgroups(server_user, pw->pw_gid)) return -1; -+ if (setgid(pw->pw_gid)) return -1; -+ if (setuid(pw->pw_uid)) return -1; -+ -+ return 0; -+} -+ - int main(argc, argv) - int argc; - char **argv; -@@ -880,7 +900,7 @@ int main(argc, argv) - funix[i] = -1; - } - -- while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) -+ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF) - switch((char)ch) { - case 'a': - if (nfunix < MAXFUNIX) -@@ -933,6 +953,9 @@ int main(argc, argv) - } - StripDomains = crunch_list(optarg); - break; -+ case 'u': -+ server_user = optarg; -+ break; - case 'v': - printf("syslogd %s.%s\n", VERSION, PATCHLEVEL); - exit (0); -@@ -1100,6 +1123,11 @@ int main(argc, argv) - kill (ppid, SIGTERM); - #endif - -+ if (server_user && drop_root()) { -+ dprintf("syslogd: failed to drop root\n"); -+ exit(1); -+ } -+ - /* Main loop begins here. */ - for (;;) { - int nfds; -@@ -1254,7 +1282,7 @@ int main(argc, argv) - int usage() - { - fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ -- " [-s domainlist] [-f conffile] [-i IP address]\n"); -+ " [-s domainlist] [-f conffile] [-i IP address] [-u username]\n"); - exit(1); - } - diff --git a/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch new file mode 100644 index 0000000000..8c3f571f3c --- /dev/null +++ b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch @@ -0,0 +1,118 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff?rev=1.1;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 +--- sysklogd-1.4.2.orig/sysklogd.8 2005-08-18 14:40:25 +0000 ++++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:41:26 +0000 +@@ -32,6 +32,9 @@ sysklogd \- Linux system logging utiliti + .RB [ " \-s " + .I domainlist + ] ++.RB [ " \-u" ++.IB username ++] + .RB [ " \-v " ] + .LP + .SH DESCRIPTION +@@ -161,6 +164,19 @@ is specified and the host logging resolv + no domain would be cut, you will have to specify two domains like: + .BR "\-s north.de:infodrom.north.de" . + .TP ++.BI "\-u " "username" ++This causes the ++.B syslogd ++daemon to become the named user before starting up logging. ++ ++Note that when this option is in use, ++.B syslogd ++will open all log files as root when the daemon is first started; ++however, after a ++.B SIGHUP ++the files will be reopened as the non-privileged user. You should ++take this into account when deciding the ownership of the log files. ++.TP + .B "\-v" + Print version and exit. + .LP +diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c +--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:40:25 +0000 ++++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:41:26 +0000 +@@ -524,6 +524,10 @@ static char sccsid[] = "@(#)syslogd.c 5. + #include + #include + #include ++ ++#include ++#include ++ + #ifndef TESTING + #include "pidfile.h" + #endif +@@ -775,6 +779,7 @@ int NoHops = 1; /* Can we bounce syslog + intermediate host. */ + + char *bind_addr = NULL; /* bind UDP port to this interface only */ ++char *server_user = NULL; /* user name to run server as */ + + extern int errno; + +@@ -827,6 +832,21 @@ static int set_nonblock_flag(int desc) + return fcntl(desc, F_SETFL, flags | O_NONBLOCK); + } + ++static int drop_root(void) ++{ ++ struct passwd *pw; ++ ++ if (!(pw = getpwnam(server_user))) return -1; ++ ++ if (!pw->pw_uid) return -1; ++ ++ if (initgroups(server_user, pw->pw_gid)) return -1; ++ if (setgid(pw->pw_gid)) return -1; ++ if (setuid(pw->pw_uid)) return -1; ++ ++ return 0; ++} ++ + int main(argc, argv) + int argc; + char **argv; +@@ -880,7 +900,7 @@ int main(argc, argv) + funix[i] = -1; + } + +- while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) ++ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF) + switch((char)ch) { + case 'a': + if (nfunix < MAXFUNIX) +@@ -933,6 +953,9 @@ int main(argc, argv) + } + StripDomains = crunch_list(optarg); + break; ++ case 'u': ++ server_user = optarg; ++ break; + case 'v': + printf("syslogd %s.%s\n", VERSION, PATCHLEVEL); + exit (0); +@@ -1100,6 +1123,11 @@ int main(argc, argv) + kill (ppid, SIGTERM); + #endif + ++ if (server_user && drop_root()) { ++ dprintf("syslogd: failed to drop root\n"); ++ exit(1); ++ } ++ + /* Main loop begins here. */ + for (;;) { + int nfds; +@@ -1254,7 +1282,7 @@ int main(argc, argv) + int usage() + { + fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ +- " [-s domainlist] [-f conffile] [-i IP address]\n"); ++ " [-s domainlist] [-f conffile] [-i IP address] [-u username]\n"); + exit(1); + } + -- cgit v1.2.3