diff options
author | Mike Frysinger <vapier@gentoo.org> | 2008-06-07 16:24:09 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2008-06-07 16:24:09 +0000 |
commit | c000921fbd5380d37f7851900ebeb6c57d1f9b1c (patch) | |
tree | e51e6886ac58f8e1337998c9378a8ab030a48724 /app-admin/sysklogd/files | |
parent | remove old (diff) | |
download | historical-c000921fbd5380d37f7851900ebeb6c57d1f9b1c.tar.gz historical-c000921fbd5380d37f7851900ebeb6c57d1f9b1c.tar.bz2 historical-c000921fbd5380d37f7851900ebeb6c57d1f9b1c.zip |
Version bump #225053 by Fabio Rossi and switch to Debian /etc files (which we were using anyways) for #40304 #69391 #204843.
Package-Manager: portage-2.2_pre5.spank.spunk
Diffstat (limited to 'app-admin/sysklogd/files')
5 files changed, 441 insertions, 0 deletions
diff --git a/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff new file mode 100644 index 000000000000..40b8817d4e28 --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff @@ -0,0 +1,162 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff?rev=1.2;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/klogd.8 sysklogd-1.4.2/klogd.8 +--- sysklogd-1.4.2.orig/klogd.8 2005-03-11 16:12:09 +0000 ++++ sysklogd-1.4.2/klogd.8 2005-08-18 14:37:47 +0000 +@@ -18,6 +19,12 @@ klogd \- Kernel Log Daemon + .RB [ " \-f " + .I fname + ] ++.RB [ " \-u " ++.I username ++] ++.RB [ " \-j " ++.I chroot_dir ++] + .RB [ " \-iI " ] + .RB [ " \-n " ] + .RB [ " \-o " ] +@@ -53,6 +60,20 @@ stderr. + .BI "\-f " file + Log messages to the specified filename rather than to the syslog facility. + .TP ++.BI "\-u " username ++Tells klogd to become the specified user and drop root privileges before ++starting logging. ++.TP ++.BI "\-j " chroot_dir ++Tells klogd to ++.BR chroot (2) ++into this directory after initializing. ++This option is only valid if the \-u option is also used to run klogd ++without root privileges. ++Note that the use of this option will prevent \-i and \-I from working ++unless you set up the chroot directory in such a way that klogd can still ++read the kernel module symbols. ++.TP + .BI "\-i \-I" + Signal the currently executing klogd daemon. Both of these switches control + the loading/reloading of symbol information. The \-i switch signals the +diff -upk.orig sysklogd-1.4.2.orig/klogd.c sysklogd-1.4.2/klogd.c +--- sysklogd-1.4.2.orig/klogd.c 2005-08-18 12:29:52 +0000 ++++ sysklogd-1.4.2/klogd.c 2005-08-18 14:37:47 +0000 +@@ -261,6 +261,8 @@ + #include <stdarg.h> + #include <paths.h> + #include <stdlib.h> ++#include <pwd.h> ++#include <grp.h> + #include "klogd.h" + #include "ksyms.h" + #ifndef TESTING +@@ -315,6 +317,9 @@ static enum LOGSRC {none, proc, kernel} + int debugging = 0; + int symbols_twice = 0; + ++char *server_user = NULL; ++char *chroot_dir = NULL; ++int log_flags = 0; + + /* Function prototypes. */ + extern int ksyslog(int type, char *buf, int len); +@@ -535,8 +540,9 @@ static enum LOGSRC GetKernelLogSrc(void) + * First do a stat to determine whether or not the proc based + * file system is available to get kernel messages from. + */ +- if ( use_syscall || +- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) ) ++ if (!server_user && ++ (use_syscall || ++ ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)))) + { + /* Initialize kernel logging. */ + ksyslog(1, NULL, 0); +@@ -983,6 +989,27 @@ static void LogProcLine(void) + } + + ++static int drop_root(void) ++{ ++ struct passwd *pw; ++ ++ if (!(pw = getpwnam(server_user))) return -1; ++ ++ if (!pw->pw_uid) return -1; ++ ++ if (chroot_dir) { ++ if (chdir(chroot_dir)) return -1; ++ if (chroot(".")) return -1; ++ } ++ ++ if (setgroups(0, NULL)) return -1; ++ if (setgid(pw->pw_gid)) return -1; ++ if (setuid(pw->pw_uid)) return -1; ++ ++ return 0; ++} ++ ++ + int main(argc, argv) + + int argc; +@@ -1000,7 +1027,7 @@ int main(argc, argv) + chdir ("/"); + #endif + /* Parse the command-line. */ +- while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF) ++ while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF) + switch((char)ch) + { + case '2': /* Print lines with symbols twice. */ +@@ -1022,6 +1049,10 @@ int main(argc, argv) + case 'I': + SignalDaemon(SIGUSR2); + return(0); ++ case 'j': /* chroot 'j'ail */ ++ chroot_dir = optarg; ++ log_flags |= LOG_NDELAY; ++ break; + case 'k': /* Kernel symbol file. */ + symfile = optarg; + break; +@@ -1037,6 +1068,9 @@ int main(argc, argv) + case 's': /* Use syscall interface. */ + use_syscall = 1; + break; ++ case 'u': /* Run as this user */ ++ server_user = optarg; ++ break; + case 'v': + printf("klogd %s.%s\n", VERSION, PATCHLEVEL); + exit (1); +@@ -1045,6 +1079,10 @@ int main(argc, argv) + break; + } + ++ if (chroot_dir && !server_user) { ++ fputs("'-j' is only valid with '-u'\n", stderr); ++ exit(1); ++ } + + /* Set console logging level. */ + if ( log_level != (char *) 0 ) +@@ -1158,7 +1196,7 @@ int main(argc, argv) + } + } + else +- openlog("kernel", 0, LOG_KERN); ++ openlog("kernel", log_flags, LOG_KERN); + + + /* Handle one-shot logging. */ +@@ -1191,6 +1229,11 @@ int main(argc, argv) + } + } + ++ if (server_user && drop_root()) { ++ syslog(LOG_ALERT, "klogd: failed to drop root"); ++ Terminate(); ++ } ++ + /* The main loop. */ + while (1) + { diff --git a/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-bind.diff b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-bind.diff new file mode 100644 index 000000000000..ad311a512c0f --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-bind.diff @@ -0,0 +1,103 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff?rev=1.1;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 +--- sysklogd-1.4.2.orig/sysklogd.8 2004-07-09 17:33:32 +0000 ++++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:40:25 +0000 +@@ -15,6 +15,9 @@ sysklogd \- Linux system logging utiliti + .I config file + ] + .RB [ " \-h " ] ++.RB [ " \-i " ++.I IP address ++] + .RB [ " \-l " + .I hostlist + ] +@@ -104,6 +107,13 @@ Specifying this switch on the command li + This can cause syslog loops that fill up hard disks quite fast and + thus needs to be used with caution. + .TP ++.BI "\-i " "IP address" ++If ++.B syslogd ++is configured to accept log input from a UDP port, specify an IP address ++to bind to, rather than the default of INADDR_ANY. The address must be in ++dotted quad notation, DNS host names are not allowed. ++.TP + .BI "\-l " "hostlist" + Specify a hostname that should be logged only with its simple hostname + and not the fqdn. Multiple hosts may be specified using the colon +diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c +--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:33:22 +0000 ++++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:40:25 +0000 +@@ -774,6 +774,8 @@ char **LocalHosts = NULL; /* these hosts + int NoHops = 1; /* Can we bounce syslog messages through an + intermediate host. */ + ++char *bind_addr = NULL; /* bind UDP port to this interface only */ ++ + extern int errno; + + /* Function prototypes. */ +@@ -878,7 +880,7 @@ int main(argc, argv) + funix[i] = -1; + } + +- while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:v")) != EOF) ++ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) + switch((char)ch) { + case 'a': + if (nfunix < MAXFUNIX) +@@ -895,9 +897,17 @@ int main(argc, argv) + case 'h': + NoHops = 0; + break; ++ case 'i': ++ if (bind_addr) { ++ fprintf(stderr, "Only one -i argument allowed, " ++ "the first one is taken.\n"); ++ break; ++ } ++ bind_addr = optarg; ++ break; + case 'l': + if (LocalHosts) { +- fprintf (stderr, "Only one -l argument allowed," \ ++ fprintf(stderr, "Only one -l argument allowed, " + "the first one is taken.\n"); + break; + } +@@ -1244,7 +1254,7 @@ int main(argc, argv) + int usage() + { + fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ +- " [-s domainlist] [-f conffile]\n"); ++ " [-s domainlist] [-f conffile] [-i IP address]\n"); + exit(1); + } + +@@ -1286,15 +1296,22 @@ static int create_inet_socket() + int fd, on = 1; + struct sockaddr_in sin; + ++ memset(&sin, 0, sizeof(sin)); ++ sin.sin_family = AF_INET; ++ sin.sin_port = LogPort; ++ if (bind_addr) { ++ if (!inet_aton(bind_addr, &sin.sin_addr)) { ++ logerror("syslog: not a valid IP address to bind to."); ++ return -1; ++ } ++ } ++ + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) { + logerror("syslog: Unknown protocol, suspending inet service."); + return fd; + } + +- memset(&sin, 0, sizeof(sin)); +- sin.sin_family = AF_INET; +- sin.sin_port = LogPort; + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, \ + (char *) &on, sizeof(on)) < 0 ) { + logerror("setsockopt(REUSEADDR), suspending inet"); diff --git a/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff new file mode 100644 index 000000000000..8c3f571f3ca2 --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff @@ -0,0 +1,118 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff?rev=1.1;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 +--- sysklogd-1.4.2.orig/sysklogd.8 2005-08-18 14:40:25 +0000 ++++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:41:26 +0000 +@@ -32,6 +32,9 @@ sysklogd \- Linux system logging utiliti + .RB [ " \-s " + .I domainlist + ] ++.RB [ " \-u" ++.IB username ++] + .RB [ " \-v " ] + .LP + .SH DESCRIPTION +@@ -161,6 +164,19 @@ is specified and the host logging resolv + no domain would be cut, you will have to specify two domains like: + .BR "\-s north.de:infodrom.north.de" . + .TP ++.BI "\-u " "username" ++This causes the ++.B syslogd ++daemon to become the named user before starting up logging. ++ ++Note that when this option is in use, ++.B syslogd ++will open all log files as root when the daemon is first started; ++however, after a ++.B SIGHUP ++the files will be reopened as the non-privileged user. You should ++take this into account when deciding the ownership of the log files. ++.TP + .B "\-v" + Print version and exit. + .LP +diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c +--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:40:25 +0000 ++++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:41:26 +0000 +@@ -524,6 +524,10 @@ static char sccsid[] = "@(#)syslogd.c 5. + #include <arpa/nameser.h> + #include <arpa/inet.h> + #include <resolv.h> ++ ++#include <pwd.h> ++#include <grp.h> ++ + #ifndef TESTING + #include "pidfile.h" + #endif +@@ -775,6 +779,7 @@ int NoHops = 1; /* Can we bounce syslog + intermediate host. */ + + char *bind_addr = NULL; /* bind UDP port to this interface only */ ++char *server_user = NULL; /* user name to run server as */ + + extern int errno; + +@@ -827,6 +832,21 @@ static int set_nonblock_flag(int desc) + return fcntl(desc, F_SETFL, flags | O_NONBLOCK); + } + ++static int drop_root(void) ++{ ++ struct passwd *pw; ++ ++ if (!(pw = getpwnam(server_user))) return -1; ++ ++ if (!pw->pw_uid) return -1; ++ ++ if (initgroups(server_user, pw->pw_gid)) return -1; ++ if (setgid(pw->pw_gid)) return -1; ++ if (setuid(pw->pw_uid)) return -1; ++ ++ return 0; ++} ++ + int main(argc, argv) + int argc; + char **argv; +@@ -880,7 +900,7 @@ int main(argc, argv) + funix[i] = -1; + } + +- while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) ++ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF) + switch((char)ch) { + case 'a': + if (nfunix < MAXFUNIX) +@@ -933,6 +953,9 @@ int main(argc, argv) + } + StripDomains = crunch_list(optarg); + break; ++ case 'u': ++ server_user = optarg; ++ break; + case 'v': + printf("syslogd %s.%s\n", VERSION, PATCHLEVEL); + exit (0); +@@ -1100,6 +1123,11 @@ int main(argc, argv) + kill (ppid, SIGTERM); + #endif + ++ if (server_user && drop_root()) { ++ dprintf("syslogd: failed to drop root\n"); ++ exit(1); ++ } ++ + /* Main loop begins here. */ + for (;;) { + int nfds; +@@ -1254,7 +1282,7 @@ int main(argc, argv) + int usage() + { + fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ +- " [-s domainlist] [-f conffile] [-i IP address]\n"); ++ " [-s domainlist] [-f conffile] [-i IP address] [-u username]\n"); + exit(1); + } + diff --git a/app-admin/sysklogd/files/sysklogd-1.5-build.patch b/app-admin/sysklogd/files/sysklogd-1.5-build.patch new file mode 100644 index 000000000000..12f4822cd265 --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.5-build.patch @@ -0,0 +1,20 @@ +respect env CC/CFLAGS/CPPFLAGS/LDFLAGS + +--- Makefile ++++ Makefile +@@ -17,14 +17,12 @@ + # along with this program; if not, write to the Free Software + # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +-CC= gcc + #SKFLAGS= -g -DSYSV -Wall + #LDFLAGS= -g +-SKFLAGS= $(RPM_OPT_FLAGS) -O3 -DSYSV -fomit-frame-pointer -Wall -fno-strength-reduce ++SKFLAGS= $(CFLAGS) $(CPPFLAGS) -DSYSV -Wall -fno-strength-reduce + # -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE + # -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE + # $(shell getconf LFS_SKFLAGS) +-LDFLAGS= -s + + # Look where your install program is. + INSTALL = /usr/bin/install diff --git a/app-admin/sysklogd/files/sysklogd-1.5-debian-cron.patch b/app-admin/sysklogd/files/sysklogd-1.5-debian-cron.patch new file mode 100644 index 000000000000..7f6c2a79b0b2 --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.5-debian-cron.patch @@ -0,0 +1,38 @@ +--- debian/cron.daily ++++ debian/cron.daily +@@ -20,10 +20,6 @@ + # Written by Martin Schulze <joey@debian.org>. + # $Id: cron.daily,v 1.14 2007-05-28 16:33:34 joey Exp $ + +-test -x /usr/sbin/syslogd-listfiles || exit 0 +-test -x /sbin/syslogd || exit 0 +-test -f /usr/share/sysklogd/dummy || exit 0 +- + set -e + + cd /var/log +@@ -41,4 +37,4 @@ + + # Restart syslogd + # +-/etc/init.d/sysklogd reload-or-restart > /dev/null ++/etc/init.d/sysklogd --quiet reload +--- debian/cron.weekly ++++ debian/cron.weekly +@@ -19,10 +19,6 @@ + # Written by Ian A. Murdock <imurdock@debian.org>. + # $Id: cron.weekly,v 1.11 2007-05-28 16:33:34 joey Exp $ + +-test -x /usr/sbin/syslogd-listfiles || exit 0 +-test -x /sbin/syslogd || exit 0 +-test -f /usr/share/sysklogd/dummy || exit 0 +- + set -e + + cd /var/log +@@ -40,4 +36,4 @@ + + # Restart syslogd + # +-/etc/init.d/sysklogd reload-or-restart > /dev/null ++/etc/init.d/sysklogd --quiet reload |