[Bug 240421] Please branch/build syslog-ng for EPEL (EL-5)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=240421
Ray Van Dolson <rvandolson(a)esri.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rvandolson(a)esri.com
--- Comment #8 from Ray Van Dolson <rvandolson(a)esri.com> 2009-03-16 20:01:34 EDT ---
Have started some initial work on getting this to compile for EL5 with one
.spec file.
Patch to configure.in is attached.
http://rayvd.fedorapeople.org/syslog-ng/syslog-ng.spec
http://rayvd.fedorapeople.org/syslog-ng/syslog-ng-2.0.10-2.el5.src.rpm
Some notes:
* EL4 issues still need addressed (glib2 needs to be statically linked)
* Assuming this is a branch agnostic patch, it should probably be modified
to only patch configure.in if we're on EL4 or EL5.
* There is an rpmlint complaint about the Provides:
syslog-ng.src:44: W: unversioned-explicit-provides syslog
rsyslog provides syslog in exactly the same way though.
Comments? I'm not sure if this is the cleanest way to do a static patch short
of getting upstream to make some changes to the autoconf files before packaging
up their tarball.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
15 years, 3 months
[Bug 187353] CVE-2006-1390 nethack: Local privilege escalation via crafted score file
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=187353
--- Comment #15 from Luke Macken <lmacken(a)redhat.com> 2009-03-15 16:42:19 EDT ---
Reply from nethack upstream about this issue, and the potential rumour that it
has been fixed upstream.
"""
> Someone in the Gentoo community mentioned a while back that the
> dev team had patched the buffer overflow.
We could probably extract the relevant changes, but I don't
think that you actually need them. The real security bug is
being caused by gentoo's policy of giving users full access to
the same group as nethack's setgid setting. They shot themselves
in the foot here, by allowing users to modify the score file
outside of nethack. The lax buffer handling has been (or will
be, from a 3.4.3 perspective...) fixed, but it is not exploitable
in a standard installation where nethack runs in a group whose
files can't be manipulated by arbitrary users.
I assume that redhat/fedora doesn't have the same config
issue as gentoo. If I'm wrong, then you should change nethack
to run in a distinct group rather than--or in addition to--
patching its score file parsing code.
"""
+1 for closing this bug :)
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
15 years, 3 months