Add patch to fix chroot vulnerability.

PR: ports/128960 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Approved by: Ivan Lago <ivan.lago@ifom-ieo-campus.it> (maintainer) Security: http://www.vuxml.org/freebsd/75f2382e-b586-11dd-95f9-00e0815b8da8.html
svn path=/head/; revision=223029
2024-12-23 04:23:08 +00:00 · 2008-11-18 23:21:09 +00:00 · 2008-11-18 23:21:09 +00:00 · 7e7393f75e · 2021-03-31 03:12:20 +00:00
commit 7e7393f75e
parent d8e9ae25b1
8 changed files with 104 additions and 20 deletions
--- a/sysutils/syslog-ng-devel/Makefile
+++ b/sysutils/syslog-ng-devel/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	syslog-ng
 PORTVERSION=	2.0.9
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	sysutils
 MASTER_SITES=	http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/
 PKGNAMESUFFIX=	2
@ -27,12 +27,11 @@ USE_GNOME=	glib20
 SUB_FILES=	pkg-message
 SUB_LIST=	RC_SUBR_SUFFIX=${RC_SUBR_SUFFIX}

-LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config
+LIBNET_CONFIG?=	${LOCALBASE}/bin/libnet11-config

 CONFIGURE_ARGS=	--sysconfdir=${LOCALBASE}/etc --localstatedir=/var/db \
-		--enable-dynamic-linking --mandir=${PREFIX}/man \
-		--with-libnet=${LOCALBASE}/bin
-CONFIGURE_ENV=  CFLAGS="`${LIBNET_CONFIG} --cflags`" \
+		--enable-dynamic-linking --with-libnet=${LOCALBASE}/bin
+CONFIGURE_ENV=	CFLAGS="`${LIBNET_CONFIG} --cflags`" \
 		LDFLAGS="`${LIBNET_CONFIG} --libs`"

 .if defined(WITH_TCP_WRAPPERS)
--- a/sysutils/syslog-ng-devel/files/patch-src_main.c
+++ b/sysutils/syslog-ng-devel/files/patch-src_main.c
@ -0,0 +1,22 @@
+Patch for CVE-2008-5110
+
+Obtained from: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=14;mbox=yes;bug=505791
+Note: was not able to cleanly apply the original patch, so it was recreated
+      by hand using the original submission contents
+
+--- src/main.c.orig	2008-03-23 23:35:27.000000000 +0300
+++ src/main.c	2008-11-18 14:38:13.000000000 +0300
+@@ -275,6 +275,13 @@
+ {
+   if (chroot_dir) 
+     {
+      if (chdir(chroot_dir) < 0)
+        {
+          msg_error("Error during chdir() before chroot()",
+                    evt_tag_errno(EVT_TAG_OSERROR, errno),
+                    NULL);
+          return 0;
+        }
+       if (chroot(chroot_dir) < 0) 
+ 	{
+ 	  msg_error("Error during chroot()",
--- a/sysutils/syslog-ng2/Makefile
+++ b/sysutils/syslog-ng2/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	syslog-ng
 PORTVERSION=	2.0.9
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	sysutils
 MASTER_SITES=	http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/
 PKGNAMESUFFIX=	2
@ -27,12 +27,11 @@ USE_GNOME=	glib20
 SUB_FILES=	pkg-message
 SUB_LIST=	RC_SUBR_SUFFIX=${RC_SUBR_SUFFIX}

-LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config
+LIBNET_CONFIG?=	${LOCALBASE}/bin/libnet11-config

 CONFIGURE_ARGS=	--sysconfdir=${LOCALBASE}/etc --localstatedir=/var/db \
-		--enable-dynamic-linking --mandir=${PREFIX}/man \
-		--with-libnet=${LOCALBASE}/bin
-CONFIGURE_ENV=  CFLAGS="`${LIBNET_CONFIG} --cflags`" \
+		--enable-dynamic-linking --with-libnet=${LOCALBASE}/bin
+CONFIGURE_ENV=	CFLAGS="`${LIBNET_CONFIG} --cflags`" \
 		LDFLAGS="`${LIBNET_CONFIG} --libs`"

 .if defined(WITH_TCP_WRAPPERS)
--- a/sysutils/syslog-ng2/files/patch-src_main.c
+++ b/sysutils/syslog-ng2/files/patch-src_main.c
@ -0,0 +1,22 @@
+Patch for CVE-2008-5110
+
+Obtained from: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=14;mbox=yes;bug=505791
+Note: was not able to cleanly apply the original patch, so it was recreated
+      by hand using the original submission contents
+
+--- src/main.c.orig	2008-03-23 23:35:27.000000000 +0300
+++ src/main.c	2008-11-18 14:38:13.000000000 +0300
+@@ -275,6 +275,13 @@
+ {
+   if (chroot_dir) 
+     {
+      if (chdir(chroot_dir) < 0)
+        {
+          msg_error("Error during chdir() before chroot()",
+                    evt_tag_errno(EVT_TAG_OSERROR, errno),
+                    NULL);
+          return 0;
+        }
+       if (chroot(chroot_dir) < 0) 
+ 	{
+ 	  msg_error("Error during chroot()",
--- a/sysutils/syslog-ng3-devel/Makefile
+++ b/sysutils/syslog-ng3-devel/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	syslog-ng
 PORTVERSION=	2.0.9
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	sysutils
 MASTER_SITES=	http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/
 PKGNAMESUFFIX=	2
@ -27,12 +27,11 @@ USE_GNOME=	glib20
 SUB_FILES=	pkg-message
 SUB_LIST=	RC_SUBR_SUFFIX=${RC_SUBR_SUFFIX}

-LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config
+LIBNET_CONFIG?=	${LOCALBASE}/bin/libnet11-config

 CONFIGURE_ARGS=	--sysconfdir=${LOCALBASE}/etc --localstatedir=/var/db \
-		--enable-dynamic-linking --mandir=${PREFIX}/man \
-		--with-libnet=${LOCALBASE}/bin
-CONFIGURE_ENV=  CFLAGS="`${LIBNET_CONFIG} --cflags`" \
+		--enable-dynamic-linking --with-libnet=${LOCALBASE}/bin
+CONFIGURE_ENV=	CFLAGS="`${LIBNET_CONFIG} --cflags`" \
 		LDFLAGS="`${LIBNET_CONFIG} --libs`"

 .if defined(WITH_TCP_WRAPPERS)
--- a/sysutils/syslog-ng3-devel/files/patch-src_main.c
+++ b/sysutils/syslog-ng3-devel/files/patch-src_main.c
@ -0,0 +1,22 @@
+Patch for CVE-2008-5110
+
+Obtained from: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=14;mbox=yes;bug=505791
+Note: was not able to cleanly apply the original patch, so it was recreated
+      by hand using the original submission contents
+
+--- src/main.c.orig	2008-03-23 23:35:27.000000000 +0300
+++ src/main.c	2008-11-18 14:38:13.000000000 +0300
+@@ -275,6 +275,13 @@
+ {
+   if (chroot_dir) 
+     {
+      if (chdir(chroot_dir) < 0)
+        {
+          msg_error("Error during chdir() before chroot()",
+                    evt_tag_errno(EVT_TAG_OSERROR, errno),
+                    NULL);
+          return 0;
+        }
+       if (chroot(chroot_dir) < 0) 
+ 	{
+ 	  msg_error("Error during chroot()",
--- a/sysutils/syslog-ng3/Makefile
+++ b/sysutils/syslog-ng3/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	syslog-ng
 PORTVERSION=	2.0.9
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	sysutils
 MASTER_SITES=	http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/
 PKGNAMESUFFIX=	2
@ -27,12 +27,11 @@ USE_GNOME=	glib20
 SUB_FILES=	pkg-message
 SUB_LIST=	RC_SUBR_SUFFIX=${RC_SUBR_SUFFIX}

-LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config
+LIBNET_CONFIG?=	${LOCALBASE}/bin/libnet11-config

 CONFIGURE_ARGS=	--sysconfdir=${LOCALBASE}/etc --localstatedir=/var/db \
-		--enable-dynamic-linking --mandir=${PREFIX}/man \
-		--with-libnet=${LOCALBASE}/bin
-CONFIGURE_ENV=  CFLAGS="`${LIBNET_CONFIG} --cflags`" \
+		--enable-dynamic-linking --with-libnet=${LOCALBASE}/bin
+CONFIGURE_ENV=	CFLAGS="`${LIBNET_CONFIG} --cflags`" \
 		LDFLAGS="`${LIBNET_CONFIG} --libs`"

 .if defined(WITH_TCP_WRAPPERS)
--- a/sysutils/syslog-ng3/files/patch-src_main.c
+++ b/sysutils/syslog-ng3/files/patch-src_main.c
@ -0,0 +1,22 @@
+Patch for CVE-2008-5110
+
+Obtained from: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=14;mbox=yes;bug=505791
+Note: was not able to cleanly apply the original patch, so it was recreated
+      by hand using the original submission contents
+
+--- src/main.c.orig	2008-03-23 23:35:27.000000000 +0300
+++ src/main.c	2008-11-18 14:38:13.000000000 +0300
+@@ -275,6 +275,13 @@
+ {
+   if (chroot_dir) 
+     {
+      if (chdir(chroot_dir) < 0)
+        {
+          msg_error("Error during chdir() before chroot()",
+                    evt_tag_errno(EVT_TAG_OSERROR, errno),
+                    NULL);
+          return 0;
+        }
+       if (chroot(chroot_dir) < 0) 
+ 	{
+ 	  msg_error("Error during chroot()",