From 8a52368e6a35515b79c35269568b95fdcf606b4f Mon Sep 17 00:00:00 2001 From: Leo Date: Sat, 19 Oct 2019 22:37:18 -0300 Subject: [PATCH] main/rsyslog: fix CVE-2019-17041 and CVE-2019-17042 ref #10880 Closes !544 --- main/rsyslog/APKBUILD | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/main/rsyslog/APKBUILD b/main/rsyslog/APKBUILD index 5af6c2cd158..742c4f48ac0 100644 --- a/main/rsyslog/APKBUILD +++ b/main/rsyslog/APKBUILD @@ -6,7 +6,7 @@ # Maintainer: Cameron Banta pkgname=rsyslog pkgver=8.1904.0 -pkgrel=0 +pkgrel=1 pkgdesc="Enhanced multi-threaded syslogd with database support and more." url="https://www.rsyslog.com/" arch="all !s390x" # limited by czmq @@ -44,6 +44,8 @@ source="https://www.rsyslog.com/files/download/$pkgname/$pkgname-$pkgver.tar.gz $pkgname.conf musl-fix.patch queue.patch + CVE-2019-17041.patch::https://github.com/rsyslog/rsyslog/commit/10549ba915556c557b22b3dac7e4cb73ad22d3d8.patch + CVE-2019-17042.patch::https://github.com/rsyslog/rsyslog/commit/abc0960a7561e18944a0e08d48f4eb570ea7435a.patch " builddir="$srcdir/$pkgname-$pkgver" @@ -85,6 +87,11 @@ for _i in $_plugins; do subpackages="$subpackages $pkgname-${_i%%:*}:_plugin" done +# secfixes: +# 8.1904.0-r1: +# - CVE-2019-17041 +# - CVE-2019-17042 + build() { cd "$builddir" @@ -177,4 +184,6 @@ bcd63c8df2ac63b80f3cb51ba7f544988df6cd875f4e81020e762dff30d7537f21b72c95a4b1c08b b5cbdcfa601ae8e7617289e7805fe71daa17bd03a7a30e1e1aad7a58a4ad4c1d89c9a203228f15816232ab6ab6d7a2752f7bbf4d259bbd5eccbe9728dc7e8aaa rsyslog.logrotate 9c9913b3367ac4d0b0f998ffa3aaaf136cf939ed4275f13f79d4c7336d0978007af13cb2c6f35d17ef25a53907fb064705f23c3b3a6a6fcd06ae85c3c51c7e38 rsyslog.conf ce686b9529cdc74bd633a6fce169c1fdacf5266b4ca6fc731f8cea08080a1106f93dc048af9966cab09947100890170197c59d3f880992001a8ddfd084ffe2aa musl-fix.patch -ef2e000b1c42cb5beffb26393952c2a692791e78972ee4b6f187ca53e338122b2004cc5216381c042195f12cc58f37f186a04e12a65b5bdfdcdf76b73393efb7 queue.patch" +ef2e000b1c42cb5beffb26393952c2a692791e78972ee4b6f187ca53e338122b2004cc5216381c042195f12cc58f37f186a04e12a65b5bdfdcdf76b73393efb7 queue.patch +e9f75ce261dcefb4bd8f1f70707e1ee4221743f562882eb0e77bee0df468b4dd6aea0513a025909a8abb82d026ab010d8fc74a868c6cd8d5e244d5335d3fcf59 CVE-2019-17041.patch +2edf53a861d8bf20c2b7434cc13f0cf8d077dfa4d9a924742e521ff17088c5a1e6386af03ac1c1d5fd900fd0ce819f19011e4eb86d6844cb888d5d86bc268168 CVE-2019-17042.patch"