pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/sysutils/rsyslog
From: Filip Hajny
Date: 2014-10-26 22:11:09
Message id: 20141026211109.D86F098@cvs.netbsd.org

Log Message:
Update rsyslog to 8.4.2.

Version 8.4.2 [v8-stable] 2014-10-02
- bugfix: the fix for CVE-2014-3634 did not handle all cases. This is
  corrected now. see also: CVE-2014-3683
- fixed a build problem on some platforms. Thanks to Olaf for the patch
- behaviour change: "msg" of messages with invalid PRI set to \ 
"rawmsg"
  When the PRI is invalid, the rest of the header cannot be valid. So
  we move all of it to MSG and do not try to parse it out. Note that
  this is not directly related to the security issue but rather done
  because it makes most sense.

Version 8.4.1 [v8-stable] 2014-09-30
- imudp: add for bracketing mode, which makes parsing stats easier
- permit at-sign in variable names
  closes: https://github.com/rsyslog/rsyslog/issues/110
- bugfix: fix syntax error in anon_cc_numbers.py script
  Thanks to github user anthcourtney for the patch.
  closes: https://github.com/rsyslog/rsyslog/issues/109
- bugfix: ompgsql: don't loose uncomitted data on retry
  Thanks to Jared Johnson and Axel Rau for the patch.
- bugfix: imfile: if a state file for a different file name was set,
  that different file (name) was monitored instead of the configured
  one. Now, the state file is deleted and the correct file monitored.
  closes: https://github.com/rsyslog/rsyslog/issues/103
- bugfix: omudpspoof: source port was invalid
  Thanks to Pavel Levshin for the patch
- bugfix: build failure on systems which don't have json_tokener_errors
  Older versions of json-c need to use a different API (which don't
  exists on newer versions, unfortunately...)
  Thanks to Thomas D. for reporting this problem.
- bugfix: omelasticsearch does not work with broken/changed ES 1.0+ API
  closes: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: mmanon did not properly anonymize IP addresses starting with '9'
  Thanks to defa-at-so36.net for reporting this problem.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529
- bugfix: build problems on SuSe Linux
  Thanks Andreas Stieger for the patch
- bugfix: omelasticsearch error file did not work correctly on ES 1.0+
  due to a breaking change in the ElasticSearch API.
  see also: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: potential abort when a message with PRI > 191 was processed
  if the "pri-text" property was used in active templates, this could be
  abused to a remote denial of service from permitted senders
  see also: CVE-2014-3634

Files:

Revision	Action	file
1.3	modify	pkgsrc/sysutils/rsyslog/Makefile.common
1.2	modify	pkgsrc/sysutils/rsyslog/distinfo
1.2	modify	pkgsrc/sysutils/rsyslog/patches/patch-grammar_lexer.l
1.1	remove	pkgsrc/sysutils/rsyslog/patches/patch-runtime_msg.c