update to 3.2.4, fixes pcre security flaw

2011-05-17 12:35:43 +02:00 · 2011-05-17 12:35:43 +02:00 · 65b133d016
parent 4cad221c05
commit 65b133d016
1 changed files with 119 additions and 63 deletions
--- a/syslog-ng.spec
+++ b/syslog-ng.spec
@ -1,30 +1,29 @@
-%define evtlog_ver 0.2.12
+%global evtlog_ver 0.2.12

-%define _sbindir /sbin
-%define _localstatedir /var/lib/syslog-ng
-%define _libdir /%{_lib}
-%define system_service /lib/systemd/system
+%global _sbindir /sbin
+%global _libdir /%{_lib}

 Name: syslog-ng
-Version: 3.2.3
-Release: 2%{?dist}
+Version: 3.2.4
+Release: 3%{?dist}
 Summary: Next-generation syslog server

 Group: System Environment/Daemons
 License: GPLv2+
-Url: http://www.balabit.com/products/syslog_ng/
+Url: http://www.balabit.com/network-security/syslog-ng
 Source0: http://www.balabit.com/downloads/files?path=/syslog-ng/sources/%{version}/source/%{name}_%{version}.tar.gz
 Source1: syslog-ng.conf
 Source2: syslog-ng.service
 Source3: syslog-ng.sysconfig
 Source4: syslog-ng.logrotate

+Patch0: syslog-ng-3.2.4-disable-sql-and-ssl-tests.patch
+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

+BuildRequires: systemd-units
 BuildRequires: pkgconfig
 BuildRequires: libtool
-BuildRequires: bison
-BuildRequires: flex
 BuildRequires: eventlog-devel >= %{evtlog_ver}
 BuildRequires: glib2-devel >= 2.10.1
 #BuildRequires: libdbi-devel
@ -65,6 +64,7 @@ developing applications that use %{name}.

 %prep
 %setup -q
+%patch0 -p1

 # fix perl path
 %{__sed} -i 's|^#!/usr/local/bin/perl|#!%{__perl}|' contrib/relogger.pl
@ -72,24 +72,30 @@ developing applications that use %{name}.
 # fix executable perms on contrib files
 %{__chmod} -c a-x contrib/syslog2ng

+# fix authors file
+/usr/bin/iconv -f iso8859-1 -t utf-8 AUTHORS > AUTHORS.conv && \
+    %{__mv} -f AUTHORS.conv AUTHORS
+

 %build
 %configure \
-	--prefix=/ \
-	--libdir=/%{_lib} \
-	--includedir=%{_includedir} \
-	--enable-ipv6 \
-	--sysconfdir=%{_sysconfdir}/%{name} \
-	--enable-tcp-wrapper \
-	--enable-pcre \
-	--enable-shared \
-	--disable-static \
-	--disable-sql \
-	--disable-ssl \
-	--with-module-dir=/%{_lib}/%{name} \
-	--enable-spoof-source \
-	--enable-dynamic-linking \
-	--enable-systemd
+    --prefix=/ \
+    --libdir=/%{_lib} \
+    --includedir=%{_includedir} \
+    --sysconfdir=%{_sysconfdir}/%{name} \
+    --localstatedir=%{_sharedstatedir}/%{name} \
+    --datadir=%{_datadir}/%{name} \
+    --with-module-dir=/%{_lib}/%{name} \
+    --enable-ipv6 \
+    --enable-tcp-wrapper \
+    --enable-pcre \
+    --enable-spoof-source \
+    --disable-sql \
+    --disable-ssl \
+    --enable-shared \
+    --disable-static \
+    --enable-dynamic-linking \
+    --enable-systemd

 # remove rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
@ -102,11 +108,12 @@ make %{_smp_mflags}
 %{__rm} -rf %{buildroot}
 make DESTDIR=%{buildroot} install

-%{__install} -d -m 755 %{buildroot}%{_sysconfdir}/%{name}
+#%{__install} -d -m 755 %{buildroot}%{_sysconfdir}/%{name}
 %{__install} -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/syslog-ng.conf

 # install the service script
-%{__install} -p -D -m 644 %{SOURCE2} %{buildroot}/%{system_service}/%{name}.service
+%{__install} -d -m 755 %{buildroot}%{_unitdir}
+%{__install} -p -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service

 %{__install} -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
 %{__install} -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
@ -114,28 +121,32 @@ make DESTDIR=%{buildroot} install
 %{__install} -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
 %{__install} -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/syslog

-# make local state dir
-%{__install} -d -m 755 %{buildroot}/%{_localstatedir}
-
-# fix authors file
-/usr/bin/iconv -f iso8859-1 -t utf-8 AUTHORS > AUTHORS.conv && \
-	%{__mv} -f AUTHORS.conv AUTHORS
-
+# create the local state dir
+%{__install} -d -m 755 %{buildroot}/%{_sharedstatedir}/%{name}

+# install the main library header files
+%{__install} -d -m 755 %{buildroot}%{_includedir}/%{name}
+%{__install} -p -m 644 config.h %{buildroot}%{_includedir}/%{name}
+%{__install} -p -m 644 lib/*.h %{buildroot}%{_includedir}/%{name}

 # install vim files
 %{__install} -d -m 755 %{buildroot}%{_datadir}/%{name}
 %{__install} -p -m 644 contrib/syslog-ng.vim %{buildroot}%{_datadir}/%{name}
-for vimver in 70 71 72 73 ; do
-	%{__install} -d -m 755 %{buildroot}%{_datadir}/vim/vim$vimver/syntax
-	cd %{buildroot}%{_datadir}/vim/vim$vimver/syntax
-	ln -s ../../../%{name}/syslog-ng.vim .
-	cd -
+for vimver in 72 73 ; do
+    %{__install} -d -m 755 %{buildroot}%{_datadir}/vim/vim$vimver/syntax
+    cd %{buildroot}%{_datadir}/vim/vim$vimver/syntax
+    ln -s ../../../%{name}/syslog-ng.vim .
+    cd -
 done

 ldconfig -N -n %{buildroot}/%{_lib}

-find %{buildroot} -name *.la -exec rm -f '{}' \;
+find %{buildroot} -name "*.la" -exec rm -f {} \;
+
+
+%check
+LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}/%{_lib}/%{name} make check
+

 %clean
 rm -rf %{buildroot}
@ -143,31 +154,37 @@ rm -rf %{buildroot}

 %post
 /sbin/ldconfig
-/bin/systemctl daemon-reload || :
-
-%preun
-if [ "$1" = 0 ]; then
-/bin/systemctl stop %{name}.service >/dev/null 2>&1 || :
-/bin/systemctl disable %{name}.service >/dev/null 2>&1 || :
+if [ $1 -eq 1 ] ; then
+    # Initial installation
+    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 fi

+%preun
+if [ $1 -eq 0 ] ; then
+    # Package removal, not upgrade
+    /bin/systemctl --no-reload disable %{name}.service >/dev/null 2>&1 || :
+    /bin/systemctl stop %{name}.service >/dev/null 2>&1 || :
+fi

 %postun
 /sbin/ldconfig
-if [ "$1" -ge 1 ]; then
-/bin/systemctl condrestart %{name}.service >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+    # Package upgrade, not uninstall
+    /bin/systemctl condrestart %{name}.service >/dev/null 2>&1 || :
 fi

+
 %triggerun -- syslog-ng < 3.2.3
 if /sbin/chkconfig --level 3 %{name} ; then
-	/bin/systemctl enable %{name}.service >/dev/null 2>&1 || :
+    /bin/systemctl enable %{name}.service >/dev/null 2>&1 || :
 fi

+
 %triggerin -- vim-common
 VIMVERNEW=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | tail -n 1 | sed -e 's/[0-9]*://' | sed -e 's/\.[0-9]*$//' | sed -e 's/\.//'`
 [ -d %{_datadir}/vim/vim${VIMVERNEW}/syntax ] && \
-	cd %{_datadir}/vim/vim${VIMVERNEW}/syntax && \
-	ln -sf ../../../%{name}/syslog-ng.vim . || :
+    cd %{_datadir}/vim/vim${VIMVERNEW}/syntax && \
+    ln -sf ../../../%{name}/syslog-ng.vim . || :

 %triggerun -- vim-common
 VIMVEROLD=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | head -n 1 | sed -e 's/[0-9]*://' | sed -e 's/\.[0-9]*$//' | sed -e 's/\.//'`
@ -177,10 +194,10 @@ VIMVEROLD=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | head -n 1 |
 VIMVEROLD=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | head -n 1 | sed -e 's/[0-9]*://' | sed -e 's/\.[0-9]*$//' | sed -e 's/\.//'`
 VIMVERNEW=`rpm -q --qf='%%{epoch}:%%{version}\n' vim-common | sort | tail -n 1 | sed -e 's/[0-9]*://' | sed -e 's/\.[0-9]*$//' | sed -e 's/\.//'`
 if [ $1 = 1 ]; then
-	rm -f %{_datadir}/vim/vim${VIMVEROLD}/syntax/syslog-ng.vim || :
-	[ -d %{_datadir}/vim/vim${VIMVERNEW}/syntax ] && \
-		cd %{_datadir}/vim/vim${VIMVERNEW}/syntax && \
-		ln -sf ../../../%{name}/syslog-ng.vim . || :
+    rm -f %{_datadir}/vim/vim${VIMVEROLD}/syntax/syslog-ng.vim || :
+    [ -d %{_datadir}/vim/vim${VIMVERNEW}/syntax ] && \
+        cd %{_datadir}/vim/vim${VIMVERNEW}/syntax && \
+        ln -sf ../../../%{name}/syslog-ng.vim . || :
 fi


@ -190,15 +207,17 @@ fi
 %doc doc/security/*.txt
 %doc doc/examples/syslog-ng.conf.sample
 %doc contrib/{relogger.pl,syslog2ng,syslog-ng.conf.doc}
+
 %dir %{_sysconfdir}/%{name}
+%dir %{_sysconfdir}/%{name}/patterndb.d
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/%{name}/modules.conf
 %config(noreplace) %{_sysconfdir}/%{name}/scl.conf
 %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
 %config(noreplace) %{_sysconfdir}/logrotate.d/syslog
-%{system_service}/%{name}.service
+%{_unitdir}/%{name}.service

-%dir %{_localstatedir}
+%dir %{_sharedstatedir}/%{name}
 %{_sbindir}/%{name}
 %{_sbindir}/syslog-ng-ctl
 %{_bindir}/loggen
@ -206,25 +225,61 @@ fi
 %{_bindir}/update-patterndb
 %{_libdir}/lib%{name}.so.*
 %{_libdir}/%{name}/*.so
-%{_datadir}/%{name}
+
+%dir %{_datadir}/%{name}
+%{_datadir}/%{name}/syslog-ng.vim
+%ghost %{_datadir}/vim/

 # uhm, some better places for those?
-%{_datadir}/xsd
+%{_datadir}/%{name}/xsd/

 %{_mandir}/man1/loggen.1*
 %{_mandir}/man1/pdbtool.1*
 %{_mandir}/man1/syslog-ng-ctl.1*
 %{_mandir}/man5/syslog-ng.conf.5*
 %{_mandir}/man8/syslog-ng.8*
-%ghost %{_datadir}/vim/

 %files devel
 %defattr(-,root,root,-)
 %{_libdir}/libsyslog-ng.so
-%{_datadir}/include/scl
+%{_includedir}/%{name}/
+# scl files
+%{_datadir}/%{name}/include/


 %changelog
+* Mon May 16 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.4-3
+- Updated the homepage URL
+- Syslog-ng data directory in %%{_datadir}/%%{name}
+- Include the main library header files in the devel subpackage
+
+* Thu May 12 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.4-2
+- No need to create the directory /etc/syslog-ng in the install section
+- Enable the test suite (but excluding the SQL and SSL tests)
+
+* Wed May 11 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.4-1
+- Update to 3.2.4
+
+* Mon May  9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-5
+- Overrided the default _localstatedir value (configure --localstatedir)
+  (value hardcoded in update-patterndb)
+- Manually created the patterndb.d configuration directory (update-patterndb)
+  (see also https://bugzilla.balabit.com/show_bug.cgi?id=119 comments >= 4)
+- Dropped support for Vim 7.0 and 7.1
+
+* Mon May  9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-4
+- Dropped the bison and flex build requirements
+- Corrected a couple of macro references in changelog entries (rpmlint)
+
+* Mon May  9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-3
+- Added the build requirement systemd-units (macro %%_unitdir)
+  https://fedoraproject.org/wiki/Packaging:Guidelines:Systemd
+- Dropped the redefinition of the %%_localstatedir macro
+- Use %%global instead of %%define
+- Minor modifications of the %%post, %%preun and %%postun scripts
+  https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd
+- Expanded tabs to spaces (also added a vim modeline)
+
 * Fri May  6 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.2.3-2
 - Fix systemd-related scriptlets (Bill Nottingham)
 - Explicitly add --enable-systemd to configure's command line
@ -518,7 +573,7 @@ fi

 * Wed Apr 21 2004 Jose Pedro Oliveira <jpo at di.uminho.pt> 0:1.6.2-0.fdr.3
 - removed Conflits:
- changed the %post and %preun scripts
+- changed the %%post and %%preun scripts
 - splitted Requires( ... , ... ) into Requires( ... )

 * Fri Mar  5 2004 Jose Pedro Oliveira <jpo at di.uminho.pt> 0:1.6.2-0.fdr.2
@ -559,7 +614,7 @@ fi

 * Sat Apr 12 2003 Jose Pedro Oliveira <jpo at di.uminho.pt> 1.6.0rc2 snapshot
 - Reorganized specfile
- Corrected the scripts (%post, %postun, and %preun)
+- Corrected the scripts (%%post, %%postun, and %%preun)
 - Commented the mysql related lines; create an option for future inclusion

 * Thu Feb 27 2003 Richard E. Perlotto II <richard@perlotto.com> 1.6.0rc1-1
@ -578,3 +633,4 @@ fi
 * Sun Dec 08 2002 Richard E. Perlotto II <richard@perlotto.com> 1.5.23-1
 - Updated file with notes and PGP signatures

+# vim:set ai ts=4 sw=4 sts=4 et: