diff options
author | Yue Tao <Yue.Tao@windriver.com> | 2014-04-14 13:01:16 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-05-29 13:43:28 +0100 |
commit | 295dd76931dc4a72dc362403bfe8e07f96d55743 (patch) | |
tree | c100e417406826bc5700bf190bb740f0ce3d0c2d /meta/recipes-extended/screen | |
parent | cd7e7addd7a7b94257d834e705a7ff810932e16b (diff) | |
download | poky-295dd76931dc4a72dc362403bfe8e07f96d55743.tar.gz |
screen: fix for Security Advisory CVE-2009-1215
Race condition in GNU screen 4.0.3 allows local users to create or
overwrite arbitrary files via a symlink attack on the
/tmp/screen-exchange temporary file.
(From OE-Core rev: be8693bf151987f59c9622b8fd8b659ee203cefc)
(From OE-Core rev: 6874667333d83960d03f1b30030fe42b747b5972)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-extended/screen/screen_4.0.3.bb
Diffstat (limited to 'meta/recipes-extended/screen')
-rw-r--r-- | meta/recipes-extended/screen/screen-4.0.3/screen-4.0.2-CVE-2009-1215.patch | 27 | ||||
-rw-r--r-- | meta/recipes-extended/screen/screen_4.0.3.bb | 1 |
2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-extended/screen/screen-4.0.3/screen-4.0.2-CVE-2009-1215.patch b/meta/recipes-extended/screen/screen-4.0.3/screen-4.0.2-CVE-2009-1215.patch new file mode 100644 index 0000000000..538a8fa3b2 --- /dev/null +++ b/meta/recipes-extended/screen/screen-4.0.3/screen-4.0.2-CVE-2009-1215.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | This patch is a backport from screen_4.0.3-11+lenny1.diff | ||
4 | to fix CVE-2009-1215. | ||
5 | |||
6 | Signed-off-by: Shenbo Huang<shenbo.huang@windriver.com) | ||
7 | --- | ||
8 | properly by keeping the umask instead of dropping | ||
9 | the 'public exchange file' concept. Modify dpatch 22. | ||
10 | <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123> | ||
11 | --- | ||
12 | fileio.c | 5 ----- | ||
13 | 1 file changed, 5 deletions(-) | ||
14 | --- a/fileio.c | ||
15 | +++ b/fileio.c | ||
16 | @@ -365,11 +365,6 @@ int dump; | ||
17 | char *mode = "w"; | ||
18 | #ifdef COPY_PASTE | ||
19 | int public = 0; | ||
20 | -# ifdef _MODE_T | ||
21 | - mode_t old_umask; | ||
22 | -# else | ||
23 | - int old_umask; | ||
24 | -# endif | ||
25 | # ifdef HAVE_LSTAT | ||
26 | struct stat stb, stb2; | ||
27 | int fd, exists = 0; | ||
diff --git a/meta/recipes-extended/screen/screen_4.0.3.bb b/meta/recipes-extended/screen/screen_4.0.3.bb index 81790987fa..b7a3e37798 100644 --- a/meta/recipes-extended/screen/screen_4.0.3.bb +++ b/meta/recipes-extended/screen/screen_4.0.3.bb | |||
@@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz;name=tarball \ | |||
21 | file://configure.patch \ | 21 | file://configure.patch \ |
22 | file://fix-parallel-make.patch \ | 22 | file://fix-parallel-make.patch \ |
23 | file://screen-4.0.3-CVE-2009-1214.patch \ | 23 | file://screen-4.0.3-CVE-2009-1214.patch \ |
24 | file://screen-4.0.2-CVE-2009-1215.patch \ | ||
24 | ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}" | 25 | ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}" |
25 | 26 | ||
26 | PAM_SRC_URI = "file://screen.pam" | 27 | PAM_SRC_URI = "file://screen.pam" |