diff options
author | psykose <alice@ayaya.dev> | 2022-05-08 05:04:12 +0000 |
---|---|---|
committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2022-05-08 05:12:16 +0000 |
commit | 4c4ba9efeb1ebdd0827dff6d16ac4238136b85af (patch) | |
tree | c8cf27f4833d1fea132bbe474fc40f1c17fb7247 | |
parent | 5d007912bb341de2c1ce455d5f5b85ca3dc70035 (diff) | |
download | aports-4c4ba9efeb1ebdd0827dff6d16ac4238136b85af.tar.gz aports-4c4ba9efeb1ebdd0827dff6d16ac4238136b85af.tar.bz2 aports-4c4ba9efeb1ebdd0827dff6d16ac4238136b85af.tar.xz |
main/rsyslog: fix CVE-2022-24903
-rw-r--r-- | main/rsyslog/APKBUILD | 12 | ||||
-rw-r--r-- | main/rsyslog/CVE-2022-24903.patch | 42 |
2 files changed, 51 insertions, 3 deletions
diff --git a/main/rsyslog/APKBUILD b/main/rsyslog/APKBUILD index 43b695c77e4..4cdca6b5b57 100644 --- a/main/rsyslog/APKBUILD +++ b/main/rsyslog/APKBUILD @@ -6,7 +6,7 @@ # Maintainer: Cameron Banta <cbanta@gmail.com> pkgname=rsyslog pkgver=8.2004.0 -pkgrel=1 +pkgrel=2 pkgdesc="Enhanced multi-threaded syslogd with database support and more." url="https://www.rsyslog.com/" arch="all !s390x" # limited by czmq @@ -49,6 +49,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/rsyslog/rsyslog/archive/v$pk $pkgname.conf musl-fix.patch queue.patch + CVE-2022-24903.patch " # <subpackage>[:<module>...] @@ -92,6 +93,8 @@ for _i in $_plugins; do done # secfixes: +# 8.2004.0-r2: +# - CVE-2022-24903 # 8.1908.0-r1: # - CVE-2019-17040 # - CVE-2019-17041 @@ -187,9 +190,12 @@ _plugin() { done } -sha512sums="ade8a7beef641cba701341c12b7fd48f02cf8cdc083b290f965914f1f7f2c73f9866f8f1f1aa26a349c30cc06ffc3780bee9e0319acde9588dc583dfdf182207 rsyslog-8.2004.0.tar.gz +sha512sums=" +ade8a7beef641cba701341c12b7fd48f02cf8cdc083b290f965914f1f7f2c73f9866f8f1f1aa26a349c30cc06ffc3780bee9e0319acde9588dc583dfdf182207 rsyslog-8.2004.0.tar.gz bcd63c8df2ac63b80f3cb51ba7f544988df6cd875f4e81020e762dff30d7537f21b72c95a4b1c08baf15f4ed5f03defbf3f061673aabada5841f45ab9f579374 rsyslog.initd 6bf69f14746d0523a4e9189593bc62e14a6e05c7e17922e4398df4b951abdde165e826290f6b6cdc8149199288f555d098178d93d2fae202463ebc523626161b rsyslog.logrotate 517e3c9fced414d397ce946eed50534ea821cd1a7aee2e873d5ffa4c4df3b4433b4f2a2e063825641ce6aaeddd5bd1fd2508ad34099fe30d0d3d615d25121f67 rsyslog.conf 15745c8cdb730ae548d038ca4c04f9f48ef55c6e04949a8e86df356877563c0fcb9660445e47d3f9530925092d6dd80b2b2fc3f64a114ee85103d137327524cb musl-fix.patch -ef2e000b1c42cb5beffb26393952c2a692791e78972ee4b6f187ca53e338122b2004cc5216381c042195f12cc58f37f186a04e12a65b5bdfdcdf76b73393efb7 queue.patch" +ef2e000b1c42cb5beffb26393952c2a692791e78972ee4b6f187ca53e338122b2004cc5216381c042195f12cc58f37f186a04e12a65b5bdfdcdf76b73393efb7 queue.patch +42448f12a88c8c845001d903da70533b302bdf34097aa6bb7b69162df2e95ea2b3c0f89331ba374cab5a1178b99315b6f73418f18028b2c5cfefcc026147608d CVE-2022-24903.patch +" diff --git a/main/rsyslog/CVE-2022-24903.patch b/main/rsyslog/CVE-2022-24903.patch new file mode 100644 index 00000000000..2a8f1b6ce56 --- /dev/null +++ b/main/rsyslog/CVE-2022-24903.patch @@ -0,0 +1,42 @@ +Patch-Source: https://github.com/rsyslog/rsyslog/commit/89955b0bcb1ff105e1374aad7e0e993faa6a038f +From 89955b0bcb1ff105e1374aad7e0e993faa6a038f Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards <rgerhards@adiscon.com> +Date: Fri, 22 Apr 2022 09:49:46 +0200 +Subject: [PATCH] net bugfix: potential buffer overrun + +--- + contrib/imhttp/imhttp.c | 4 +++- + plugins/imptcp/imptcp.c | 4 +++- + runtime/tcps_sess.c | 4 +++- + 3 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c +index 2df46a236c..c32dec5851 100644 +--- a/plugins/imptcp/imptcp.c ++++ b/plugins/imptcp/imptcp.c +@@ -1107,7 +1107,9 @@ processDataRcvd(ptcpsess_t *const __restrict__ pThis, + if(pThis->iOctetsRemain <= 200000000) { + pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0'; + } +- *(pThis->pMsg + pThis->iMsg++) = c; ++ if(pThis->iMsg < iMaxLine) { ++ *(pThis->pMsg + pThis->iMsg++) = c; ++ } + } else { /* done with the octet count, so this must be the SP terminator */ + DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain); + prop.GetString(pThis->peerName, &propPeerName, &lenPeerName); +diff --git a/runtime/tcps_sess.c b/runtime/tcps_sess.c +index 0efa2c23c4..c5442f7638 100644 +--- a/runtime/tcps_sess.c ++++ b/runtime/tcps_sess.c +@@ -390,7 +390,9 @@ processDataRcvd(tcps_sess_t *pThis, + if(pThis->iOctetsRemain <= 200000000) { + pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0'; + } +- *(pThis->pMsg + pThis->iMsg++) = c; ++ if(pThis->iMsg < iMaxLine) { ++ *(pThis->pMsg + pThis->iMsg++) = c; ++ } + } else { /* done with the octet count, so this must be the SP terminator */ + DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain); + prop.GetString(pThis->fromHost, &propPeerName, &lenPeerName); |