From b023e5f2398121269729610dcf06c2800409349c Mon Sep 17 00:00:00 2001 From: wxs Date: Tue, 18 Nov 2008 23:21:09 +0000 Subject: Add patch to fix chroot vulnerability. PR: ports/128960 Submitted by: Eygene Ryabinkin Approved by: Ivan Lago (maintainer) Security: http://www.vuxml.org/freebsd/75f2382e-b586-11dd-95f9-00e0815b8da8.html --- sysutils/syslog-ng-devel/Makefile | 9 ++++----- sysutils/syslog-ng-devel/files/patch-src_main.c | 22 ++++++++++++++++++++++ 2 files changed, 26 insertions(+), 5 deletions(-) create mode 100644 sysutils/syslog-ng-devel/files/patch-src_main.c (limited to 'sysutils/syslog-ng-devel') diff --git a/sysutils/syslog-ng-devel/Makefile b/sysutils/syslog-ng-devel/Makefile index 9ba5a261535b..d3958e7ae664 100644 --- a/sysutils/syslog-ng-devel/Makefile +++ b/sysutils/syslog-ng-devel/Makefile @@ -7,7 +7,7 @@ PORTNAME= syslog-ng PORTVERSION= 2.0.9 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= sysutils MASTER_SITES= http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/ PKGNAMESUFFIX= 2 @@ -27,12 +27,11 @@ USE_GNOME= glib20 SUB_FILES= pkg-message SUB_LIST= RC_SUBR_SUFFIX=${RC_SUBR_SUFFIX} -LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config +LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config CONFIGURE_ARGS= --sysconfdir=${LOCALBASE}/etc --localstatedir=/var/db \ - --enable-dynamic-linking --mandir=${PREFIX}/man \ - --with-libnet=${LOCALBASE}/bin -CONFIGURE_ENV= CFLAGS="`${LIBNET_CONFIG} --cflags`" \ + --enable-dynamic-linking --with-libnet=${LOCALBASE}/bin +CONFIGURE_ENV= CFLAGS="`${LIBNET_CONFIG} --cflags`" \ LDFLAGS="`${LIBNET_CONFIG} --libs`" .if defined(WITH_TCP_WRAPPERS) diff --git a/sysutils/syslog-ng-devel/files/patch-src_main.c b/sysutils/syslog-ng-devel/files/patch-src_main.c new file mode 100644 index 000000000000..e6423ef8fa25 --- /dev/null +++ b/sysutils/syslog-ng-devel/files/patch-src_main.c @@ -0,0 +1,22 @@ +Patch for CVE-2008-5110 + +Obtained from: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=14;mbox=yes;bug=505791 +Note: was not able to cleanly apply the original patch, so it was recreated + by hand using the original submission contents + +--- src/main.c.orig 2008-03-23 23:35:27.000000000 +0300 ++++ src/main.c 2008-11-18 14:38:13.000000000 +0300 +@@ -275,6 +275,13 @@ + { + if (chroot_dir) + { ++ if (chdir(chroot_dir) < 0) ++ { ++ msg_error("Error during chdir() before chroot()", ++ evt_tag_errno(EVT_TAG_OSERROR, errno), ++ NULL); ++ return 0; ++ } + if (chroot(chroot_dir) < 0) + { + msg_error("Error during chroot()", -- cgit