sysklogd: security bump to version 1.5.1

Fixes CVE-2014-3634 - invalid priority values between 192 and 1023
(directly or arrived at via overflow wraparound) can propagate through
code causing out-of-bounds access to the f_pmask array within the
'filed' structure by up to 104 bytes past its end.

Switch to vanilla since Debian hasn't handled this yet and add hash
file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Gustavo Zacarias 2014-10-08 10:19:49 -03:00 committed by Peter Korsgaard
parent d1058c2d2d
commit ff4201ed9c
3 changed files with 5 additions and 13 deletions

View File

@ -5,7 +5,7 @@ config BR2_PACKAGE_SYSKLOGD
help
System log daemons syslogd and klogd.
http://www.infodrom.org/products/sysklogd/
http://www.infodrom.org/projects/sysklogd/
comment "syslogd needs a toolchain w/ largefile"
depends on !BR2_LARGEFILE

View File

@ -0,0 +1,2 @@
# Locally calculated from download (no sig, hash)
sha256 5166c185ae23c92e8b9feee66a6e3d0bc944bf673112f53e3ecf62e08ce7c201 sysklogd-1.5.1.tar.gz

View File

@ -4,10 +4,8 @@
#
################################################################################
SYSKLOGD_VERSION = 1.5
SYSKLOGD_SOURCE = sysklogd_$(SYSKLOGD_VERSION).orig.tar.gz
SYSKLOGD_PATCH = sysklogd_$(SYSKLOGD_VERSION)-6.diff.gz
SYSKLOGD_SITE = $(BR2_DEBIAN_MIRROR)/debian/pool/main/s/sysklogd
SYSKLOGD_VERSION = 1.5.1
SYSKLOGD_SITE = http://www.infodrom.org/projects/sysklogd/download
SYSKLOGD_LICENSE = GPLv2+
SYSKLOGD_LICENSE_FILES = COPYING
@ -16,14 +14,6 @@ ifeq ($(BR2_PACKAGE_BUSYBOX),y)
SYSKLOGD_DEPENDENCIES = busybox
endif
define SYSKLOGD_DEBIAN_PATCHES
if [ -d $(@D)/debian/patches ]; then \
support/scripts/apply-patches.sh $(@D) $(@D)/debian/patches \*.patch; \
fi
endef
SYSKLOGD_POST_PATCH_HOOKS = SYSKLOGD_DEBIAN_PATCHES
define SYSKLOGD_BUILD_CMDS
$(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)
endef