1 files changed, 45 insertions, 0 deletions

diff --git a/meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch b/meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch
new file mode 100644
index 0000000000..6c48e4cf14
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch
@@ -0,0 +1,45 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller@courtesan.com>
+# Date 1452556552 25200
+# Node ID 0cd3cc8fa19565d3f7eb7d960f6ba5da0dec4889
+# Parent  4d2c1761c75245fb88ce397d68bea10afea9c037
+Silence warning in digest_matches() on systems with no fexecve(2).
+
+Reference to upstream patch:
+https://www.sudo.ws/repos/sudo/raw-rev/0cd3cc8fa195
+
+CVE: CVE-2015-8239
+Upstream-Status: Backport
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff -r 4d2c1761c752 -r 0cd3cc8fa195 plugins/sudoers/match.c
+--- a/plugins/sudoers/match.c   Mon Jan 11 16:52:52 2016 -0700
++++ b/plugins/sudoers/match.c   Mon Jan 11 16:55:52 2016 -0700
+@@ -590,8 +590,10 @@
+     unsigned char sudoers_digest[SHA512_DIGEST_LENGTH];
+     unsigned char buf[32 * 1024];
+     struct digest_function *func = NULL;
++#ifdef HAVE_FEXECVE
+     bool first = true;
+     bool is_script = false;
++#endif /* HAVE_FEXECVE */
+     size_t nread;
+     SHA2_CTX ctx;
+     FILE *fp;
+@@ -635,12 +637,14 @@
+ 
+     func->init(&ctx);
+     while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) {
++#ifdef HAVE_FEXECVE
+        /* Check for #! cookie and set is_script. */
+        if (first) {
+            first = false;
+            if (nread >= 2 && buf[0] == '#' && buf[1] == '!')
+                is_script = true;
+        }
++#endif /* HAVE_FEXECVE */
+        func->update(&ctx, buf, nread);
+     }
+     if (ferror(fp)) {
+