rsyslog: upgrade from v8.1908.0 to v8.1910.0

Upgrade rsyslog to latest version for various fixes including the following CVEs: CVE: CVE-2019-17040 CVE: CVE-2019-17041 Backported patches for those fixes were removed since they are contained in v8.1910.0. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> [Bug fix only https://www.adiscon.com/news/rsyslog-8-1910-0-released/] Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Trevor Gamblin <trevor.gamblin@windriver.com> 2019-10-28 10:46:05 -0700
committer: Armin Kuster <akuster808@gmail.com> 2019-11-24 12:48:26 -0800
commit: b784eca9a065d839bcc07487a0ad30eb854dd4aa (patch)
tree: 532745ed50597681077353a601c7f514209da313 /meta-oe
parent: 866866c06d6a98b4f9e298a39de7383485751165 (diff)
download: meta-openembedded-b784eca9a065d839bcc07487a0ad30eb854dd4aa.tar.gz
3 files changed, 2 insertions, 78 deletions
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
deleted file mode 100644
index b494ca687..000000000
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From b0894088b680666035a3418326e13bc99d4fed49 Mon Sep 17 00:00:00 2001
-From: Philippe Duveau <pduveau@users.noreply.github.com>
-Date: Tue, 24 Sep 2019 20:45:25 +0200
-Subject: [PATCH] Out of bounds issue
-Add a new sanity check after determining the level len.
---
- contrib/pmdb2diag/pmdb2diag.c | 4 ++++
- 1 file changed, 4 insertions(+)
-Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/commit/b0894088b6]
-CVE: CVE-2019-17040
-Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
-diff --git a/contrib/pmdb2diag/pmdb2diag.c b/contrib/pmdb2diag/pmdb2diag.c
-index 2b5916301..5810eb4df 100644
--- a/contrib/pmdb2diag/pmdb2diag.c
-+++ b/contrib/pmdb2diag/pmdb2diag.c
-@@ -134,6 +134,10 @@ CODESTARTparse2
-                ABORT_FINALIZE(0);
-        }
- 
-+       /* let recheck with the real level len */
-+       if(pMsg->iLenRawMsg - (int)pMsg->offAfterPRI < pInst->levelpos+lvl_len)
-+               ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
-+
-        DBGPRINTF("db2parse Level %d\n", pMsg->iSeverity);
- 
-        end = (char*)pMsg->pszRawMsg + pMsg->iLenRawMsg ;
-- 
-2.17.1
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
deleted file mode 100644
index 0b32766a5..000000000
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 10549ba915556c557b22b3dac7e4cb73ad22d3d8 Mon Sep 17 00:00:00 2001
-From: Rainer Gerhards <rgerhards@adiscon.com>
-Date: Fri, 27 Sep 2019 13:36:02 +0200
-Subject: [PATCH] pmaixforwardedfrom bugfix: potential misadressing
---
- contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/pull/3884]
-CVE: CVE-2019-17041
-Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
-diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
-index 37157c7d4..ebf12ebbe 100644
--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
-+++ b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
-@@ -109,6 +109,10 @@ CODESTARTparse
-        /* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from
- " or "From " with the hostname */
-        lenMsg -=skipLen;
-+       if(lenMsg < 2) {
-+               dbgprintf("not a AIX message forwarded from message has nothing after header\n");
-+               ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
-+       }
-        memmove(p2parse, p2parse + skipLen, lenMsg);
-        *(p2parse + lenMsg) = '\n';
-        *(p2parse + lenMsg + 1)  = '\0';
-@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
-                --lenMsg;
-                ++p2parse;
-        }
-+       if (lenMsg < 1) {
-+               dbgprintf("not a AIX message forwarded from message has nothing after colon "
-+                       "or no colon at all\n");
-+               ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
-+       }
-        if (lenMsg && *p2parse != ':') {
-        DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has "
-                "been removed\n");
-- 
-2.17.1
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
index f9e44421d..f50f9a34b 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
@@ -23,16 +23,14 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t
           file://rsyslog.logrotate \
           file://use-pkgconfig-to-check-libgcrypt.patch \
           file://run-ptest \
-           file://0001-Out-of-bounds-issue.patch \
-           file://0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch \
 "
 SRC_URI_append_libc-musl = " \
    file://0001-Include-sys-time-h.patch \
 "
-SRC_URI[md5sum] = "6e9aa4ef4cad8ae49affa0a786cc9e2f"
+SRC_URI[md5sum] = "6d4d94359d083f449f089b8dbb93c423"
-SRC_URI[sha256sum] = "f8c8e53b651e03a011667c60bd2d4dba7a7cb6ec04b247c8ea8514115527863b"
+SRC_URI[sha256sum] = "0219ee692f31a39743acb62aaf4196b644ce94edf386df4605fd6a11a4fe0c93"
 UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)"
author	Trevor Gamblin <trevor.gamblin@windriver.com>	2019-10-28 10:46:05 -0700
committer	Armin Kuster <akuster808@gmail.com>	2019-11-24 12:48:26 -0800
commit	b784eca9a065d839bcc07487a0ad30eb854dd4aa (patch)
tree	532745ed50597681077353a601c7f514209da313 /meta-oe
parent	866866c06d6a98b4f9e298a39de7383485751165 (diff)
download	meta-openembedded-b784eca9a065d839bcc07487a0ad30eb854dd4aa.tar.gz

diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch deleted file mode 100644 index b494ca687..000000000 --- a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	From b0894088b680666035a3418326e13bc99d4fed49 Mon Sep 17 00:00:00 2001
2	From: Philippe Duveau <pduveau@users.noreply.github.com>
3	Date: Tue, 24 Sep 2019 20:45:25 +0200
4	Subject: [PATCH] Out of bounds issue
5
6	Add a new sanity check after determining the level len.
7	---
8	contrib/pmdb2diag/pmdb2diag.c \| 4 ++++
9	1 file changed, 4 insertions(+)
10
11	Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/commit/b0894088b6]
12	CVE: CVE-2019-17040
13	Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
14	diff --git a/contrib/pmdb2diag/pmdb2diag.c b/contrib/pmdb2diag/pmdb2diag.c
15	index 2b5916301..5810eb4df 100644
16	--- a/contrib/pmdb2diag/pmdb2diag.c
17	+++ b/contrib/pmdb2diag/pmdb2diag.c
18	@@ -134,6 +134,10 @@ CODESTARTparse2
19	ABORT_FINALIZE(0);
20	}
21
22	+ /* let recheck with the real level len */
23	+ if(pMsg->iLenRawMsg - (int)pMsg->offAfterPRI < pInst->levelpos+lvl_len)
24	+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
25	+
26	DBGPRINTF("db2parse Level %d\n", pMsg->iSeverity);
27
28	end = (char*)pMsg->pszRawMsg + pMsg->iLenRawMsg ;
29	--
30	2.17.1
31


diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch deleted file mode 100644 index 0b32766a5..000000000 --- a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch +++ /dev/null
@@ -1,43 +0,0 @@
1	From 10549ba915556c557b22b3dac7e4cb73ad22d3d8 Mon Sep 17 00:00:00 2001
2	From: Rainer Gerhards <rgerhards@adiscon.com>
3	Date: Fri, 27 Sep 2019 13:36:02 +0200
4	Subject: [PATCH] pmaixforwardedfrom bugfix: potential misadressing
5
6	---
7	contrib/pmaixforwardedfrom/pmaixforwardedfrom.c \| 9 +++++++++
8	1 file changed, 9 insertions(+)
9
10	Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/pull/3884]
11	CVE: CVE-2019-17041
12	Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
13
14	diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
15	index 37157c7d4..ebf12ebbe 100644
16	--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
17	+++ b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
18	@@ -109,6 +109,10 @@ CODESTARTparse
19	/* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from
20	" or "From " with the hostname */
21	lenMsg -=skipLen;
22	+ if(lenMsg < 2) {
23	+ dbgprintf("not a AIX message forwarded from message has nothing after header\n");
24	+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
25	+ }
26	memmove(p2parse, p2parse + skipLen, lenMsg);
27	*(p2parse + lenMsg) = '\n';
28	*(p2parse + lenMsg + 1) = '\0';
29	@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
30	--lenMsg;
31	++p2parse;
32	}
33	+ if (lenMsg < 1) {
34	+ dbgprintf("not a AIX message forwarded from message has nothing after colon "
35	+ "or no colon at all\n");
36	+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
37	+ }
38	if (lenMsg && *p2parse != ':') {
39	DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has "
40	"been removed\n");
41	--
42	2.17.1
43


diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb index f9e44421d..f50f9a34b 100644 --- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb +++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1910.0.bb
@@ -23,16 +23,14 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t
23	file://rsyslog.logrotate \	23	file://rsyslog.logrotate \
24	file://use-pkgconfig-to-check-libgcrypt.patch \	24	file://use-pkgconfig-to-check-libgcrypt.patch \
25	file://run-ptest \	25	file://run-ptest \
26	file://0001-Out-of-bounds-issue.patch \
27	file://0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch \
28	"	26	"
29		27
30	SRC_URI_append_libc-musl = " \	28	SRC_URI_append_libc-musl = " \
31	file://0001-Include-sys-time-h.patch \	29	file://0001-Include-sys-time-h.patch \
32	"	30	"
33		31
34	SRC_URI[md5sum] = "6e9aa4ef4cad8ae49affa0a786cc9e2f"	32	SRC_URI[md5sum] = "6d4d94359d083f449f089b8dbb93c423"
35	SRC_URI[sha256sum] = "f8c8e53b651e03a011667c60bd2d4dba7a7cb6ec04b247c8ea8514115527863b"	33	SRC_URI[sha256sum] = "0219ee692f31a39743acb62aaf4196b644ce94edf386df4605fd6a11a4fe0c93"
36		34
37	UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases"	35	UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases"
38	UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)"	36	UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)"