Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
PUBLIC_REPOS
/
buildroot
-ын хуулбар git://git.buildroot.net/buildroot
2
1
Салаа 0
Файлууд
Эх сурвалжийг харах

package/rsyslog: ignore CVE-2015-3243

https://security-tracker.debian.org/tracker/CVE-2015-3243
 "Rsyslog uses weak permissions for generating log files."

Ignoring this CVE for Buildroot as normally there are not local
users and a build could customize the rsyslog.conf to be more
restrictive ($FileCreateMode 0640).

Example fix from Alpino Linux
 https://github.com/libTorrentUser/alpino-linux-aports/commit/3cb5210cdac46fb8805d4028df16f5889f393a09

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fb4402b51693e8d191bb568622ed9cf9315493fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber 4 жил өмнө
parent
3bf84c7ce0
commit
ea5323f16a
1 өөрчлөгдсөн 4 нэмэгдсэн , 0 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 4 0
      package/rsyslog/rsyslog.mk

+ 4 - 0
package/rsyslog/rsyslog.mk
Файл харах 

@@ -9,6 +9,10 @@ RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog
 
 RSYSLOG_LICENSE = GPL-3.0, LGPL-3.0, Apache-2.0
 
 RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20
 
 RSYSLOG_CPE_ID_VENDOR = rsyslog
 
+# rsyslog uses weak permissions for generating log files.
 
+# Ignoring this CVE as Buildroot normally doesn't have local users and a build
 
+# could customize the rsyslog.conf to be more restrictive ($FileCreateMode 0640)
 
+RSYSLOG_IGNORE_CVES += CVE-2015-3243
 
 RSYSLOG_DEPENDENCIES = zlib libestr liblogging libfastjson host-pkgconf
 
 RSYSLOG_CONF_ENV = ac_cv_prog_cc_c99='-std=c99'
 
 RSYSLOG_PLUGINS = imdiag imfile impstats imptcp \