summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
authorWenzong Fan <wenzong.fan@windriver.com>2013-06-17 22:28:50 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-06-25 17:44:55 +0100
commitbac191afc6c67a95f7dff842f3fcf9b34c293371 (patch)
tree8c7e896e1622119c9e9f126989220ea719166804 /meta/recipes-extended
parentb8043be91573f85d89c4b62caa308c0efba8addd (diff)
downloadpoky-bac191afc6c67a95f7dff842f3fcf9b34c293371.tar.gz
logrotate: fix for CVE-2011-1548
If a logfile is a symlink, it may be read when being compressed, being copied (copy, copytruncate) or mailed. Secure data (eg. password files) may be exposed. Portback nofollow.patch from: http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz (From OE-Core rev: d0e3fc1b28fc16200adbe690aa27124041036ba3) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch43
-rw-r--r--meta/recipes-extended/logrotate/logrotate_3.8.1.bb1
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch
new file mode 100644
index 0000000000..ed2750e9c3
--- /dev/null
+++ b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch
@@ -0,0 +1,43 @@
1Upstream-Status: Backport
2
3logrotate: fix for CVE-2011-1548
4
5If a logfile is a symlink, it may be read when being compressed, being
6copied (copy, copytruncate) or mailed. Secure data (eg. password files)
7may be exposed.
8
9Portback nofollow.patch from:
10http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
11
12Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
13
14---
15--- a/logrotate.c 2012-09-06 13:25:08.000000000 +0800
16+++ b/logrotate.c 2012-09-06 13:35:57.000000000 +0800
17@@ -390,7 +390,7 @@
18 compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2);
19 sprintf(compressedName, "%s%s", name, log->compress_ext);
20
21- if ((inFile = open(name, O_RDWR)) < 0) {
22+ if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) {
23 message(MESS_ERROR, "unable to open %s for compression\n", name);
24 return 1;
25 }
26@@ -470,7 +470,7 @@
27 char *mailArgv[] = { mailCommand, "-s", subject, address, NULL };
28 int rc = 0;
29
30- if ((mailInput = open(logFile, O_RDONLY)) < 0) {
31+ if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) {
32 message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile,
33 strerror(errno));
34 return 1;
35@@ -561,7 +561,7 @@
36 message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog);
37
38 if (!debug) {
39- if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) {
40+ if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) {
41 message(MESS_ERROR, "error opening %s: %s\n", currLog,
42 strerror(errno));
43 return 1;
diff --git a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
index 5a8156be57..2b6dc93284 100644
--- a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
+++ b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://fedorahosted.org/releases/l/o/logrotate/logrotate-${PV}.tar.g
12 file://act-as-mv-when-rotate.patch \ 12 file://act-as-mv-when-rotate.patch \
13 file://disable-check-different-filesystems.patch \ 13 file://disable-check-different-filesystems.patch \
14 file://update-the-manual.patch \ 14 file://update-the-manual.patch \
15 file://logrotate-CVE-2011-1548.patch \
15 " 16 "
16 17
17SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5" 18SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5"