diff options
Diffstat (limited to 'meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch')
-rw-r--r-- | meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch new file mode 100644 index 0000000000..6f162ea680 --- /dev/null +++ b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From 73fefa0c1ac70043ec84f2d8b8f9f683213f168d Mon Sep 17 00:00:00 2001 | ||
2 | From: Florian Weimer <fweimer@redhat.com> | ||
3 | Date: Mon, 17 Nov 2014 13:11:32 +0100 | ||
4 | Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771) | ||
5 | |||
6 | This patch is taken from | ||
7 | ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz | ||
8 | |||
9 | Upstream-status: Inappropriate [upstream is dead] | ||
10 | --- | ||
11 | fio.c | 2 +- | ||
12 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
13 | |||
14 | diff --git a/fio.c b/fio.c | ||
15 | index 1529236..774a204 100644 | ||
16 | --- a/fio.c | ||
17 | +++ b/fio.c | ||
18 | @@ -497,7 +497,7 @@ globname(char *name) | ||
19 | sigemptyset(&nset); | ||
20 | sigaddset(&nset, SIGCHLD); | ||
21 | sigprocmask(SIG_BLOCK, &nset, NULL); | ||
22 | - i = wordexp(name, &we, 0); | ||
23 | + i = wordexp(name, &we, WRDE_NOCMD); | ||
24 | sigprocmask(SIG_UNBLOCK, &nset, NULL); | ||
25 | switch (i) { | ||
26 | case 0: | ||
27 | -- | ||
28 | 1.9.3 | ||
29 | |||
30 | |||