From bf71201ec3ccc157e996f65695689c1c28bb7e83 Mon Sep 17 00:00:00 2001 From: alakatos Date: Mon, 6 Mar 2023 09:38:22 +0100 Subject: [PATCH] Add CAP_NET_RAW for initializing the libnet library for udpspoof resolves: rhbz#2176387 Do not allow having selinux-policy < 38.1.3-1 resolves: rhbz#2176386 --- rsyslog-8.2102.0-capabilities-capnetraw.patch | 11 +++++++++++ rsyslog.spec | 14 +++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 rsyslog-8.2102.0-capabilities-capnetraw.patch diff --git a/rsyslog-8.2102.0-capabilities-capnetraw.patch b/rsyslog-8.2102.0-capabilities-capnetraw.patch new file mode 100644 index 0000000..0857463 --- /dev/null +++ b/rsyslog-8.2102.0-capabilities-capnetraw.patch @@ -0,0 +1,11 @@ +diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c +--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-03-06 09:33:13.969300666 +0100 ++++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-03-06 09:33:35.089326502 +0100 +@@ -2164,6 +2164,7 @@ main(int argc, char **argv) + CAP_SETGID, + CAP_SETUID, + CAP_DAC_OVERRIDE, ++ CAP_NET_RAW, + CAP_SYS_ADMIN, + CAP_SYS_CHROOT, + CAP_SYS_RESOURCE, diff --git a/rsyslog.spec b/rsyslog.spec index e987d27..f0da4e9 100644 --- a/rsyslog.spec +++ b/rsyslog.spec @@ -5,7 +5,7 @@ Summary: Enhanced system logging and kernel message trapping daemon Name: rsyslog Version: 8.2102.0 -Release: 111%{?dist} +Release: 113%{?dist} License: (GPLv3+ and ASL 2.0) URL: http://www.rsyslog.com/ Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz @@ -37,6 +37,7 @@ Patch15: rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch Patch16: rsyslog-8.2102.0-rhbz2127404-libcap-ng.patch Patch17: rsyslog-8.2102.0-rhbz2157658-imklog.patch Patch18: rsyslog-8.2102.0-capabilities-drop-credential.patch +Patch19: rsyslog-8.2102.0-capabilities-capnetraw.patch BuildRequires: make BuildRequires: gcc @@ -57,6 +58,8 @@ BuildRequires: systemd-devel >= 204-8 BuildRequires: zlib-devel BuildRequires: libcap-ng-devel +Conflicts: selinux-policy < 38.1.3-1 + Recommends: %{name}-logrotate = %version-%release Requires: bash >= 2.0 %{?systemd_ordering} @@ -289,6 +292,7 @@ mv build doc %patch16 -p1 -b .libcap-ng %patch17 -p1 -b .imklog-leak %patch18 -p1 -b .capabilities-drop-credential +%patch19 -p1 -b .capabilities-capnetraw pushd .. %patch9 -p1 -b .openssl-compatibility @@ -554,6 +558,14 @@ done %changelog +* Tue Mar 07 2023 Attila Lakatos - 8.2102.0-113 +- Do not allow having selinux-policy < 38.1.3-1 + resolves: rhbz#2176386 + +* Mon Mar 06 2023 Attila Lakatos - 8.2102.0-112 +- Add CAP_NET_RAW for initializing the libnet library for udpspoof + resolves: rhbz#2176387 + * Wed Feb 22 2023 Attila Lakatos - 8.2102.0-111 - Rebuild resolves: rhbz#2169748