rsyslog: fix CVE-2017-12588

Backport a patch to fix CVE-2017-12588.

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted
description fields as format strings, possibly allowing a format string
attack with unspecified impact.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12588

CVE: CVE-2017-12588

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

2 files changed, 41 insertions, 0 deletions

diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/CVE-2017-12588.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/CVE-2017-12588.patch
new file mode 100644
index 0000000000..73c33109f6
--- /dev/null
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog/CVE-2017-12588.patch
@@ -0,0 +1,40 @@
+From 6bc4aa975a83abed43d734299ce76cd9e1a14aec Mon Sep 17 00:00:00 2001
+From: Thomas Deutschmann <whissi@whissi.de>
+Date: Wed, 17 May 2017 23:05:24 +0200
+Subject: [PATCH] imzmq3: Fix building with -Werror=format-security
+
+Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12588
+
+CVE: 2017-12588
+
+Upstream-Status: Backport
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ contrib/imzmq3/imzmq3.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/contrib/imzmq3/imzmq3.c b/contrib/imzmq3/imzmq3.c
+index 9ca17871..d32dcbc2 100644
+--- a/contrib/imzmq3/imzmq3.c
++++ b/contrib/imzmq3/imzmq3.c
+@@ -403,7 +403,7 @@ static rsRetVal createSocket(instanceConf_t* info, void** sock) {
+ 
+     /* Do the bind/connect... */
+     if (info->action==ACTION_CONNECT) {
+-        rv = zsocket_connect(*sock, info->description);
++        rv = zsocket_connect(*sock, "%s", info->description);
+         if (rv == -1) {
+             errmsg.LogError(0,
+                             RS_RET_INVALID_PARAMS,
+@@ -413,7 +413,7 @@ static rsRetVal createSocket(instanceConf_t* info, void** sock) {
+         }
+         DBGPRINTF("imzmq3: connect for %s successful\n",info->description);
+     } else {
+-        rv = zsocket_bind(*sock, info->description);
++        rv = zsocket_bind(*sock, "%s", info->description);
+         if (rv == -1) {
+             errmsg.LogError(0,
+                             RS_RET_INVALID_PARAMS,
+-- 
+2.13.0
+
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.22.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.22.0.bb
index d1d391bd25..6e3a75c284 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.22.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.22.0.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t
            file://use-pkgconfig-to-check-libgcrypt.patch \
            file://run-ptest \
            file://rsyslog-fix-ptest-not-finish.patch \
+           file://CVE-2017-12588.patch \
 "
 
 SRC_URI_append_libc-musl = " \