diff options
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r-- | meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch | 43 | ||||
-rw-r--r-- | meta/recipes-extended/logrotate/logrotate_3.8.1.bb | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch new file mode 100644 index 0000000000..ed2750e9c3 --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | logrotate: fix for CVE-2011-1548 | ||
4 | |||
5 | If a logfile is a symlink, it may be read when being compressed, being | ||
6 | copied (copy, copytruncate) or mailed. Secure data (eg. password files) | ||
7 | may be exposed. | ||
8 | |||
9 | Portback nofollow.patch from: | ||
10 | http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz | ||
11 | |||
12 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
13 | |||
14 | --- | ||
15 | --- a/logrotate.c 2012-09-06 13:25:08.000000000 +0800 | ||
16 | +++ b/logrotate.c 2012-09-06 13:35:57.000000000 +0800 | ||
17 | @@ -390,7 +390,7 @@ | ||
18 | compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2); | ||
19 | sprintf(compressedName, "%s%s", name, log->compress_ext); | ||
20 | |||
21 | - if ((inFile = open(name, O_RDWR)) < 0) { | ||
22 | + if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) { | ||
23 | message(MESS_ERROR, "unable to open %s for compression\n", name); | ||
24 | return 1; | ||
25 | } | ||
26 | @@ -470,7 +470,7 @@ | ||
27 | char *mailArgv[] = { mailCommand, "-s", subject, address, NULL }; | ||
28 | int rc = 0; | ||
29 | |||
30 | - if ((mailInput = open(logFile, O_RDONLY)) < 0) { | ||
31 | + if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) { | ||
32 | message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile, | ||
33 | strerror(errno)); | ||
34 | return 1; | ||
35 | @@ -561,7 +561,7 @@ | ||
36 | message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog); | ||
37 | |||
38 | if (!debug) { | ||
39 | - if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) { | ||
40 | + if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) { | ||
41 | message(MESS_ERROR, "error opening %s: %s\n", currLog, | ||
42 | strerror(errno)); | ||
43 | return 1; | ||
diff --git a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb index 5a8156be57..2b6dc93284 100644 --- a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb +++ b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb | |||
@@ -12,6 +12,7 @@ SRC_URI = "https://fedorahosted.org/releases/l/o/logrotate/logrotate-${PV}.tar.g | |||
12 | file://act-as-mv-when-rotate.patch \ | 12 | file://act-as-mv-when-rotate.patch \ |
13 | file://disable-check-different-filesystems.patch \ | 13 | file://disable-check-different-filesystems.patch \ |
14 | file://update-the-manual.patch \ | 14 | file://update-the-manual.patch \ |
15 | file://logrotate-CVE-2011-1548.patch \ | ||
15 | " | 16 | " |
16 | 17 | ||
17 | SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5" | 18 | SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5" |