diff options
| -rw-r--r-- | app-admin/sysklogd/ChangeLog | 13 | ||||
| -rw-r--r-- | app-admin/sysklogd/Manifest | 20 | ||||
| -rw-r--r-- | app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff | 162 | ||||
| -rw-r--r-- | app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-bind.diff | 103 | ||||
| -rw-r--r-- | app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff | 118 | ||||
| -rw-r--r-- | app-admin/sysklogd/files/sysklogd-1.5-build.patch | 20 | ||||
| -rw-r--r-- | app-admin/sysklogd/files/sysklogd-1.5-debian-cron.patch | 38 | ||||
| -rw-r--r-- | app-admin/sysklogd/sysklogd-1.5.ebuild | 56 |
8 files changed, 528 insertions, 2 deletions
diff --git a/app-admin/sysklogd/ChangeLog b/app-admin/sysklogd/ChangeLog index aa301981cb31..d4cae923ab71 100644 --- a/app-admin/sysklogd/ChangeLog +++ b/app-admin/sysklogd/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for app-admin/sysklogd # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sysklogd/ChangeLog,v 1.70 2008/05/11 03:41:44 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysklogd/ChangeLog,v 1.71 2008/06/07 16:24:09 vapier Exp $ + +*sysklogd-1.5 (07 Jun 2008) + + 07 Jun 2008; Mike Frysinger <vapier@gentoo.org> + +files/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff, + +files/sysklogd-1.4.2-caen-owl-syslogd-bind.diff, + +files/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff, + +files/sysklogd-1.5-build.patch, +files/sysklogd-1.5-debian-cron.patch, + +sysklogd-1.5.ebuild: + Version bump #225053 by Fabio Rossi and switch to Debian /etc files (which + we were using anyways) for #40304 #69391 #204843. 11 May 2008; <solar@gentoo.org> sysklogd-1.4.2_pre20061230-r2.ebuild: - cross compile fix diff --git a/app-admin/sysklogd/Manifest b/app-admin/sysklogd/Manifest index bb985a4af157..5b597b719b75 100644 --- a/app-admin/sysklogd/Manifest +++ b/app-admin/sysklogd/Manifest @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX sysklogd-1.4.1-2.6.headers.patch 25062 RMD160 8b0b177d2a3741e452243f465158110bf981dcf6 SHA1 b45f5a5ecf6354ac83245aaf5b91cad9a640488c SHA256 206aa506b0943e24b5f5305c669ddcfe88a72fc18e221b6eaf087cefb39c50d6 AUX sysklogd-1.4.1-SO_BSDCOMPAT.patch 2523 RMD160 be25a8670bc2653344e4a8412feb0649ab3885d1 SHA1 a3025dc6468ed132d325b038f32107637cb5c5e9 SHA256 e86b24d2f8312b2d4ccfc1d0bb14c5e4553494732758170ba3efae0713eef8b9 AUX sysklogd-1.4.1-accept.patch 292 RMD160 27b857446e00e6f90576efebccc5c5d316978758 SHA1 3cb2a4e61a53d8f217b6eaa05822d1910fa34e26 SHA256 b0aca8d3a1c3421348f74be265aa4c9b2528c9114bd22a0b849a9efcef37e1d3 @@ -8,6 +11,11 @@ AUX sysklogd-1.4.1-ksym-headers.patch 481 RMD160 7bdca2d72cdb1c1acf8b1cd346a0874 AUX sysklogd-1.4.1-mips.patch 363 RMD160 1ea8316ee6d38b7049581882b91490f515ac0eb9 SHA1 b834fc373a108194e086436c3030d4081e99113e SHA256 b5369c61e9c169ab8ee6a82c0f4f7678f001403098bc233a5139e4045dc4d22c AUX sysklogd-1.4.1-punt-SO_BSDCOMPAT.patch 641 RMD160 d74e697fb671bd09751d704f7a61d1534396b00a SHA1 d594fa11793e87e85637640f272ac539d50d3aaa SHA256 f08817a6974dbb3d331a4a6f1793a213862b16feff16bddd5ba320d9b63bd04c AUX sysklogd-1.4.1-querymod.patch 10599 RMD160 cedf716eddae02391be3b88f2013a13eadff767d SHA1 2512a7a2e9110082515fe4dda87d53749108e7e0 SHA256 a6033fd938b5febacad4f8ce056a3e17ed8942e861849744730e266b0ede9770 +AUX sysklogd-1.4.2-caen-owl-klogd-drop-root.diff 4315 RMD160 eb257b55725ddac95e231073e1bd017ee228a159 SHA1 40a4830ee390f6335c80671074a6a9e9acdf8ca7 SHA256 f316586561ec40eb185bb83b6e785185b9e33b8290767336cdab626767f88060 +AUX sysklogd-1.4.2-caen-owl-syslogd-bind.diff 3242 RMD160 e5824419061b5a295c3fa580c901c2ce98ea65d7 SHA1 03ffe5f72ccfaa0d6dc7bb40f50279c42fbf894d SHA256 1818aee4cb0d501542721468199e376b73c71d8635b178b6a8d7bd6aff49aa9d +AUX sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff 3245 RMD160 734ff347c4ffd0f58b81d8fd6dd2374ce3734b8b SHA1 009c1fdbac91708ecda292eb0c106c20d96efc2b SHA256 0105d924d9451531645a9957ec7d40228cf2a1cb4ccdf3d89ff255dfec0841b9 +AUX sysklogd-1.5-build.patch 626 RMD160 0b1877a192c9bcf4a1d8f3dd1907707c310313f2 SHA1 f749c046c9417b9f810e76d55b8b1c318d3517e0 SHA256 1395e48418e0790cec2a8af9a3821b5d2c0bafe11cd599e181f90f4e720835f6 +AUX sysklogd-1.5-debian-cron.patch 954 RMD160 c9a03f6cf1b6c1cd82b1fb01b36fc2d265ecbe37 SHA1 b65c1df436d1e5361305e2bc41b0490217074b1c SHA256 5b56ccf418840cd215925902d1c6dc4366c568e1824c93d4e876448566f29c0c AUX sysklogd.confd 113 RMD160 08edc849adba1b6678832f50fb822b6338c464d5 SHA1 edb73eace5bdf91f8557cae95ca6ea1c62772f27 SHA256 11a1eeb9edd09639d5143227bada137945822b23c5abb88fec5ebaef064b991d AUX sysklogd.rc6 1575 RMD160 963226c78967f912735d9fc32945d71a9fcae04e SHA1 e37b494fa7580c7035784cb7e9193e5310eedc4c SHA256 d62ddc4d2750dca70c577f497bde69e30d9d258f709326aa4ecb8d75995f78a9 AUX syslog-cron 658 RMD160 e157e9ca0592bca51c626c11d86ab889cdf4f684 SHA1 89b6f7bc2d8e1870eb6ef55e1138080cae7b55d6 SHA256 cdf96a7283b8fcf51797ff3483393b25f658979015b46aa570c22da719b7bf8c @@ -17,10 +25,20 @@ AUX syslogd-listfiles.8 2540 RMD160 338e2e6313f7ff0b7f5939ee4297000e91927084 SHA DIST sysklogd-1.4.1-cvs-20051017.patch.gz 11006 RMD160 7ab9d246106c262e8983d0e927167e73b6c1fb70 SHA1 7af5d0c2acdac5041ab7c367108434444f8fb8a8 SHA256 bbc08f11de085880eee1b1ba715a86515f6a500de51e01f4e7fb287c850b984a DIST sysklogd-1.4.1-cvs-20061230.patch.bz2 12584 RMD160 50dd59916af80b84618b98229cfafc21b547d2c0 SHA1 385301f964025633e2033f856b196f5e7a3e9236 SHA256 4ca2fd34dacd1c10018b6a786c24faa392d6fef57607e240e3bcaf925231e2b2 DIST sysklogd-1.4.1.tar.gz 81784 RMD160 5e60f1294c45932915a3dcd1018cdc02d005a3e0 SHA1 093775da0e429d0768cf195ceb20fdd6d96aeeea SHA256 44357e0fae8c8f0e315bf130b4e86a4f96b91d66eeb4e473def4ce8336fff102 +DIST sysklogd-1.5.tar.gz 86557 RMD160 1839516cbb112ccff9987fec8c954d2f2696d301 SHA1 070cce745b023f2ce7ca7d9888af434d6d61c236 SHA256 6169b8e91d29288e90404f01462b69e7f2afb1161aa419826fe4736c7f9eb773 +DIST sysklogd_1.5-3.diff.gz 24368 RMD160 347d67d23de1435c28498b737a17754f59e2b7fa SHA1 00704a376e0a50dd15f066d185207684790117ec SHA256 80662200cdd32860ce43fd4cb725a73d0ff9744a34a037f5bfe9ffadb8505822 EBUILD sysklogd-1.4.1-r11.ebuild 1437 RMD160 b7db590d1cb67fb2dd6ac969a2b9ceee00d13fa5 SHA1 4e4a11c386c81b75dee37e556427aa9baa07d1f4 SHA256 dc9d01ed4331c17c294a1fe8e65e47608c247b1843228109b0262b2ff72284b2 EBUILD sysklogd-1.4.2_pre20051017.ebuild 2016 RMD160 9d6b5b8dbdb9184a16085ea8220452eedb1b44a4 SHA1 de5b52044b5c3c5c128d16550cf996ba6312745a SHA256 93b3bcf34ccb58f0dac41c190034f674c5442c74600326ba6a29eec8c8790bc4 EBUILD sysklogd-1.4.2_pre20061230-r1.ebuild 1819 RMD160 18bbc6859a62dfde7044e46ddb86ad7fe6cf1163 SHA1 67d3786ce46cdb77c4d7f9de3bad360fb220aa4a SHA256 36ec97a6728e09f474f3b28997734a6bcf1afcafd1d84dd3247b9264c840b5ec EBUILD sysklogd-1.4.2_pre20061230-r2.ebuild 1867 RMD160 f14a1b9034fe8a27db08dff38256d7a34e4e869a SHA1 f62f5f39a0baca3743cbf4c62416561b4fd0364e SHA256 f76e3acf45f2c2dbd60644057dbe12d2da517e7030875579adb919b363af32fb EBUILD sysklogd-1.4.2_pre20061230.ebuild 1814 RMD160 e3a83276db1e5f1945148ee3a896615cbd75f0d6 SHA1 1db0ee1cce7198290a0915ac2f452f3b03651ee2 SHA256 fe9cf8c3c94a56e882ec4b7438cb59c04a2a32b66b379e6bfda96aa2aa9db77e -MISC ChangeLog 10229 RMD160 3a3270c63f46301dcf44211bc9eaef9171e0f4b8 SHA1 90f22a3e53fee40ebfaed8144e8f7aea561c019b SHA256 5ec6c2a871c205f4fd03016f45d407066140d5e2b9dc26d51144f253a3ad18c1 +EBUILD sysklogd-1.5.ebuild 1650 RMD160 67c7dc0b6a9103a6fd72950c46a1bc6f3888afb9 SHA1 c11008101ad374b28f0835d1219004ff4218ea5a SHA256 8979e63539deb21e5bdb93c0dcddd95746bdaa62ab4068b6b9de3753b8fa3dd0 +MISC ChangeLog 10701 RMD160 b0ec3dd11dc661f1cb9ae1575d5a2e87e113dec6 SHA1 eb36ebdfbd59ac4b3be95259ad2aadffb4ca5b88 SHA256 c481d3d637d86058903a62ce5e70337e4ada9ecb1085fd8e264f516cc6dac827 MISC metadata.xml 165 RMD160 84307ea324cd4f0f46d52f2fa096a1873e2fbe53 SHA1 c7b83ef947fe7e8273cc512fee9bba06586a58f9 SHA256 23a8851c12bd4cf7cf0528250ad5605be6b0780bbec0c51331d6d2c618c13f6a +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.7 (GNU/Linux) + +iD8DBQFISrYvj9hvisErhMIRAiQhAJ4/yEgXYLktiizLZbwoKI7Wh+K5RQCglvke +t/uO+5N8JLjNNXdNxYbIWfc= +=9VHN +-----END PGP SIGNATURE----- diff --git a/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff new file mode 100644 index 000000000000..40b8817d4e28 --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff @@ -0,0 +1,162 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff?rev=1.2;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/klogd.8 sysklogd-1.4.2/klogd.8 +--- sysklogd-1.4.2.orig/klogd.8 2005-03-11 16:12:09 +0000 ++++ sysklogd-1.4.2/klogd.8 2005-08-18 14:37:47 +0000 +@@ -18,6 +19,12 @@ klogd \- Kernel Log Daemon + .RB [ " \-f " + .I fname + ] ++.RB [ " \-u " ++.I username ++] ++.RB [ " \-j " ++.I chroot_dir ++] + .RB [ " \-iI " ] + .RB [ " \-n " ] + .RB [ " \-o " ] +@@ -53,6 +60,20 @@ stderr. + .BI "\-f " file + Log messages to the specified filename rather than to the syslog facility. + .TP ++.BI "\-u " username ++Tells klogd to become the specified user and drop root privileges before ++starting logging. ++.TP ++.BI "\-j " chroot_dir ++Tells klogd to ++.BR chroot (2) ++into this directory after initializing. ++This option is only valid if the \-u option is also used to run klogd ++without root privileges. ++Note that the use of this option will prevent \-i and \-I from working ++unless you set up the chroot directory in such a way that klogd can still ++read the kernel module symbols. ++.TP + .BI "\-i \-I" + Signal the currently executing klogd daemon. Both of these switches control + the loading/reloading of symbol information. The \-i switch signals the +diff -upk.orig sysklogd-1.4.2.orig/klogd.c sysklogd-1.4.2/klogd.c +--- sysklogd-1.4.2.orig/klogd.c 2005-08-18 12:29:52 +0000 ++++ sysklogd-1.4.2/klogd.c 2005-08-18 14:37:47 +0000 +@@ -261,6 +261,8 @@ + #include <stdarg.h> + #include <paths.h> + #include <stdlib.h> ++#include <pwd.h> ++#include <grp.h> + #include "klogd.h" + #include "ksyms.h" + #ifndef TESTING +@@ -315,6 +317,9 @@ static enum LOGSRC {none, proc, kernel} + int debugging = 0; + int symbols_twice = 0; + ++char *server_user = NULL; ++char *chroot_dir = NULL; ++int log_flags = 0; + + /* Function prototypes. */ + extern int ksyslog(int type, char *buf, int len); +@@ -535,8 +540,9 @@ static enum LOGSRC GetKernelLogSrc(void) + * First do a stat to determine whether or not the proc based + * file system is available to get kernel messages from. + */ +- if ( use_syscall || +- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) ) ++ if (!server_user && ++ (use_syscall || ++ ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)))) + { + /* Initialize kernel logging. */ + ksyslog(1, NULL, 0); +@@ -983,6 +989,27 @@ static void LogProcLine(void) + } + + ++static int drop_root(void) ++{ ++ struct passwd *pw; ++ ++ if (!(pw = getpwnam(server_user))) return -1; ++ ++ if (!pw->pw_uid) return -1; ++ ++ if (chroot_dir) { ++ if (chdir(chroot_dir)) return -1; ++ if (chroot(".")) return -1; ++ } ++ ++ if (setgroups(0, NULL)) return -1; ++ if (setgid(pw->pw_gid)) return -1; ++ if (setuid(pw->pw_uid)) return -1; ++ ++ return 0; ++} ++ ++ + int main(argc, argv) + + int argc; +@@ -1000,7 +1027,7 @@ int main(argc, argv) + chdir ("/"); + #endif + /* Parse the command-line. */ +- while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF) ++ while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF) + switch((char)ch) + { + case '2': /* Print lines with symbols twice. */ +@@ -1022,6 +1049,10 @@ int main(argc, argv) + case 'I': + SignalDaemon(SIGUSR2); + return(0); ++ case 'j': /* chroot 'j'ail */ ++ chroot_dir = optarg; ++ log_flags |= LOG_NDELAY; ++ break; + case 'k': /* Kernel symbol file. */ + symfile = optarg; + break; +@@ -1037,6 +1068,9 @@ int main(argc, argv) + case 's': /* Use syscall interface. */ + use_syscall = 1; + break; ++ case 'u': /* Run as this user */ ++ server_user = optarg; ++ break; + case 'v': + printf("klogd %s.%s\n", VERSION, PATCHLEVEL); + exit (1); +@@ -1045,6 +1079,10 @@ int main(argc, argv) + break; + } + ++ if (chroot_dir && !server_user) { ++ fputs("'-j' is only valid with '-u'\n", stderr); ++ exit(1); ++ } + + /* Set console logging level. */ + if ( log_level != (char *) 0 ) +@@ -1158,7 +1196,7 @@ int main(argc, argv) + } + } + else +- openlog("kernel", 0, LOG_KERN); ++ openlog("kernel", log_flags, LOG_KERN); + + + /* Handle one-shot logging. */ +@@ -1191,6 +1229,11 @@ int main(argc, argv) + } + } + ++ if (server_user && drop_root()) { ++ syslog(LOG_ALERT, "klogd: failed to drop root"); ++ Terminate(); ++ } ++ + /* The main loop. */ + while (1) + { diff --git a/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-bind.diff b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-bind.diff new file mode 100644 index 000000000000..ad311a512c0f --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-bind.diff @@ -0,0 +1,103 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff?rev=1.1;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 +--- sysklogd-1.4.2.orig/sysklogd.8 2004-07-09 17:33:32 +0000 ++++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:40:25 +0000 +@@ -15,6 +15,9 @@ sysklogd \- Linux system logging utiliti + .I config file + ] + .RB [ " \-h " ] ++.RB [ " \-i " ++.I IP address ++] + .RB [ " \-l " + .I hostlist + ] +@@ -104,6 +107,13 @@ Specifying this switch on the command li + This can cause syslog loops that fill up hard disks quite fast and + thus needs to be used with caution. + .TP ++.BI "\-i " "IP address" ++If ++.B syslogd ++is configured to accept log input from a UDP port, specify an IP address ++to bind to, rather than the default of INADDR_ANY. The address must be in ++dotted quad notation, DNS host names are not allowed. ++.TP + .BI "\-l " "hostlist" + Specify a hostname that should be logged only with its simple hostname + and not the fqdn. Multiple hosts may be specified using the colon +diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c +--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:33:22 +0000 ++++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:40:25 +0000 +@@ -774,6 +774,8 @@ char **LocalHosts = NULL; /* these hosts + int NoHops = 1; /* Can we bounce syslog messages through an + intermediate host. */ + ++char *bind_addr = NULL; /* bind UDP port to this interface only */ ++ + extern int errno; + + /* Function prototypes. */ +@@ -878,7 +880,7 @@ int main(argc, argv) + funix[i] = -1; + } + +- while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:v")) != EOF) ++ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) + switch((char)ch) { + case 'a': + if (nfunix < MAXFUNIX) +@@ -895,9 +897,17 @@ int main(argc, argv) + case 'h': + NoHops = 0; + break; ++ case 'i': ++ if (bind_addr) { ++ fprintf(stderr, "Only one -i argument allowed, " ++ "the first one is taken.\n"); ++ break; ++ } ++ bind_addr = optarg; ++ break; + case 'l': + if (LocalHosts) { +- fprintf (stderr, "Only one -l argument allowed," \ ++ fprintf(stderr, "Only one -l argument allowed, " + "the first one is taken.\n"); + break; + } +@@ -1244,7 +1254,7 @@ int main(argc, argv) + int usage() + { + fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ +- " [-s domainlist] [-f conffile]\n"); ++ " [-s domainlist] [-f conffile] [-i IP address]\n"); + exit(1); + } + +@@ -1286,15 +1296,22 @@ static int create_inet_socket() + int fd, on = 1; + struct sockaddr_in sin; + ++ memset(&sin, 0, sizeof(sin)); ++ sin.sin_family = AF_INET; ++ sin.sin_port = LogPort; ++ if (bind_addr) { ++ if (!inet_aton(bind_addr, &sin.sin_addr)) { ++ logerror("syslog: not a valid IP address to bind to."); ++ return -1; ++ } ++ } ++ + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) { + logerror("syslog: Unknown protocol, suspending inet service."); + return fd; + } + +- memset(&sin, 0, sizeof(sin)); +- sin.sin_family = AF_INET; +- sin.sin_port = LogPort; + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, \ + (char *) &on, sizeof(on)) < 0 ) { + logerror("setsockopt(REUSEADDR), suspending inet"); diff --git a/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff new file mode 100644 index 000000000000..8c3f571f3ca2 --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff @@ -0,0 +1,118 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff?rev=1.1;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 +--- sysklogd-1.4.2.orig/sysklogd.8 2005-08-18 14:40:25 +0000 ++++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:41:26 +0000 +@@ -32,6 +32,9 @@ sysklogd \- Linux system logging utiliti + .RB [ " \-s " + .I domainlist + ] ++.RB [ " \-u" ++.IB username ++] + .RB [ " \-v " ] + .LP + .SH DESCRIPTION +@@ -161,6 +164,19 @@ is specified and the host logging resolv + no domain would be cut, you will have to specify two domains like: + .BR "\-s north.de:infodrom.north.de" . + .TP ++.BI "\-u " "username" ++This causes the ++.B syslogd ++daemon to become the named user before starting up logging. ++ ++Note that when this option is in use, ++.B syslogd ++will open all log files as root when the daemon is first started; ++however, after a ++.B SIGHUP ++the files will be reopened as the non-privileged user. You should ++take this into account when deciding the ownership of the log files. ++.TP + .B "\-v" + Print version and exit. + .LP +diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c +--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:40:25 +0000 ++++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:41:26 +0000 +@@ -524,6 +524,10 @@ static char sccsid[] = "@(#)syslogd.c 5. + #include <arpa/nameser.h> + #include <arpa/inet.h> + #include <resolv.h> ++ ++#include <pwd.h> ++#include <grp.h> ++ + #ifndef TESTING + #include "pidfile.h" + #endif +@@ -775,6 +779,7 @@ int NoHops = 1; /* Can we bounce syslog + intermediate host. */ + + char *bind_addr = NULL; /* bind UDP port to this interface only */ ++char *server_user = NULL; /* user name to run server as */ + + extern int errno; + +@@ -827,6 +832,21 @@ static int set_nonblock_flag(int desc) + return fcntl(desc, F_SETFL, flags | O_NONBLOCK); + } + ++static int drop_root(void) ++{ ++ struct passwd *pw; ++ ++ if (!(pw = getpwnam(server_user))) return -1; ++ ++ if (!pw->pw_uid) return -1; ++ ++ if (initgroups(server_user, pw->pw_gid)) return -1; ++ if (setgid(pw->pw_gid)) return -1; ++ if (setuid(pw->pw_uid)) return -1; ++ ++ return 0; ++} ++ + int main(argc, argv) + int argc; + char **argv; +@@ -880,7 +900,7 @@ int main(argc, argv) + funix[i] = -1; + } + +- while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) ++ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF) + switch((char)ch) { + case 'a': + if (nfunix < MAXFUNIX) +@@ -933,6 +953,9 @@ int main(argc, argv) + } + StripDomains = crunch_list(optarg); + break; ++ case 'u': ++ server_user = optarg; ++ break; + case 'v': + printf("syslogd %s.%s\n", VERSION, PATCHLEVEL); + exit (0); +@@ -1100,6 +1123,11 @@ int main(argc, argv) + kill (ppid, SIGTERM); + #endif + ++ if (server_user && drop_root()) { ++ dprintf("syslogd: failed to drop root\n"); ++ exit(1); ++ } ++ + /* Main loop begins here. */ + for (;;) { + int nfds; +@@ -1254,7 +1282,7 @@ int main(argc, argv) + int usage() + { + fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ +- " [-s domainlist] [-f conffile] [-i IP address]\n"); ++ " [-s domainlist] [-f conffile] [-i IP address] [-u username]\n"); + exit(1); + } + diff --git a/app-admin/sysklogd/files/sysklogd-1.5-build.patch b/app-admin/sysklogd/files/sysklogd-1.5-build.patch new file mode 100644 index 000000000000..12f4822cd265 --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.5-build.patch @@ -0,0 +1,20 @@ +respect env CC/CFLAGS/CPPFLAGS/LDFLAGS + +--- Makefile ++++ Makefile +@@ -17,14 +17,12 @@ + # along with this program; if not, write to the Free Software + # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +-CC= gcc + #SKFLAGS= -g -DSYSV -Wall + #LDFLAGS= -g +-SKFLAGS= $(RPM_OPT_FLAGS) -O3 -DSYSV -fomit-frame-pointer -Wall -fno-strength-reduce ++SKFLAGS= $(CFLAGS) $(CPPFLAGS) -DSYSV -Wall -fno-strength-reduce + # -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE + # -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE + # $(shell getconf LFS_SKFLAGS) +-LDFLAGS= -s + + # Look where your install program is. + INSTALL = /usr/bin/install diff --git a/app-admin/sysklogd/files/sysklogd-1.5-debian-cron.patch b/app-admin/sysklogd/files/sysklogd-1.5-debian-cron.patch new file mode 100644 index 000000000000..7f6c2a79b0b2 --- /dev/null +++ b/app-admin/sysklogd/files/sysklogd-1.5-debian-cron.patch @@ -0,0 +1,38 @@ +--- debian/cron.daily ++++ debian/cron.daily +@@ -20,10 +20,6 @@ + # Written by Martin Schulze <joey@debian.org>. + # $Id: cron.daily,v 1.14 2007-05-28 16:33:34 joey Exp $ + +-test -x /usr/sbin/syslogd-listfiles || exit 0 +-test -x /sbin/syslogd || exit 0 +-test -f /usr/share/sysklogd/dummy || exit 0 +- + set -e + + cd /var/log +@@ -41,4 +37,4 @@ + + # Restart syslogd + # +-/etc/init.d/sysklogd reload-or-restart > /dev/null ++/etc/init.d/sysklogd --quiet reload +--- debian/cron.weekly ++++ debian/cron.weekly +@@ -19,10 +19,6 @@ + # Written by Ian A. Murdock <imurdock@debian.org>. + # $Id: cron.weekly,v 1.11 2007-05-28 16:33:34 joey Exp $ + +-test -x /usr/sbin/syslogd-listfiles || exit 0 +-test -x /sbin/syslogd || exit 0 +-test -f /usr/share/sysklogd/dummy || exit 0 +- + set -e + + cd /var/log +@@ -40,4 +36,4 @@ + + # Restart syslogd + # +-/etc/init.d/sysklogd reload-or-restart > /dev/null ++/etc/init.d/sysklogd --quiet reload diff --git a/app-admin/sysklogd/sysklogd-1.5.ebuild b/app-admin/sysklogd/sysklogd-1.5.ebuild new file mode 100644 index 000000000000..5e4b1de5c2dd --- /dev/null +++ b/app-admin/sysklogd/sysklogd-1.5.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysklogd/sysklogd-1.5.ebuild,v 1.1 2008/06/07 16:24:09 vapier Exp $ + +inherit eutils flag-o-matic toolchain-funcs + +DEB_VER="3" +DESCRIPTION="Standard log daemons" +HOMEPAGE="http://www.infodrom.org/projects/sysklogd/" +SRC_URI="http://www.infodrom.org/projects/sysklogd/download/${P}.tar.gz + mirror://debian/pool/main/s/sysklogd/${PN}_${PV}-${DEB_VER}.diff.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="" +RESTRICT="test" + +DEPEND="" +RDEPEND="dev-lang/perl + sys-apps/debianutils" +PROVIDE="virtual/logger" + +src_unpack() { + unpack ${A} + epatch "${WORKDIR}"/${PN}_${PV}-${DEB_VER}.diff + cd "${S}" + epatch "${FILESDIR}"/${P}-debian-cron.patch + epatch "${FILESDIR}"/${P}-build.patch + + # CAEN/OWL security patches + epatch "${FILESDIR}"/${PN}-1.4.2-caen-owl-syslogd-bind.diff + epatch "${FILESDIR}"/${PN}-1.4.2-caen-owl-syslogd-drop-root.diff + epatch "${FILESDIR}"/${PN}-1.4.2-caen-owl-klogd-drop-root.diff + + append-lfs-flags +} + +src_compile() { + tc-export CC + emake || die +} + +src_install() { + dosbin syslogd klogd debian/syslog-facility debian/syslogd-listfiles || die "dosbin" + doman *.[1-9] debian/syslogd-listfiles.8 + insinto /etc + doins debian/syslog.conf || die + exeinto /etc/cron.daily + newexe debian/cron.daily syslog || die + exeinto /etc/cron.weekly + newexe debian/cron.weekly syslog || die + dodoc ANNOUNCE CHANGES NEWS README.1st README.linux + newinitd "${FILESDIR}"/sysklogd.rc6 sysklogd + newconfd "${FILESDIR}"/sysklogd.confd sysklogd +} |