From 88dd997d9941b63ae9eead6690ecf2b785c0740c Mon Sep 17 00:00:00 2001 From: Amarnath Valluri Date: Fri, 17 Jul 2015 11:53:24 +0300 Subject: libpam: Upgrade v1.1.6 -> v1.2.1 Dropped upstreamed patches(commit-id): - add-checks-for-crypt-returning-NULL.patch(8dc056c) - destdirfix.patch(d7e6b92) - libpam-fix-for-CVE-2010-4708.patch(4c430f6) Dropped backported patches(commit-id): - pam_timestamp-fix-potential-directory-traversal-issu.patch(9dcead8) - reflect-the-enforce_for_root-semantics-change-in-pam.patch(bd07ad3) Forward ported patches: - pam-unix-nullok-secure.patch - crypt_configure.patch (From OE-Core rev: 8683206f7ba85f693751415f896a0cc62931e3c4) Signed-off-by: Amarnath Valluri Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- ...mp-fix-potential-directory-traversal-issu.patch | 63 ---------------------- 1 file changed, 63 deletions(-) delete mode 100644 meta/recipes-extended/pam/libpam/pam_timestamp-fix-potential-directory-traversal-issu.patch (limited to 'meta/recipes-extended/pam/libpam/pam_timestamp-fix-potential-directory-traversal-issu.patch') diff --git a/meta/recipes-extended/pam/libpam/pam_timestamp-fix-potential-directory-traversal-issu.patch b/meta/recipes-extended/pam/libpam/pam_timestamp-fix-potential-directory-traversal-issu.patch deleted file mode 100644 index 06cca13abe..0000000000 --- a/meta/recipes-extended/pam/libpam/pam_timestamp-fix-potential-directory-traversal-issu.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" -Date: Wed, 26 Mar 2014 22:17:23 +0000 -Subject: [PATCH] pam_timestamp: fix potential directory traversal issue - (ticket #27) - -commit 9dcead87e6d7f66d34e7a56d11a30daca367dffb upstream - -pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of -the timestamp pathname it creates, so extra care should be taken to -avoid potential directory traversal issues. - -* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat -"." and ".." tty values as invalid. -(get_ruser): Treat "." and ".." ruser values, as well as any ruser -value containing '/', as invalid. - -Fixes CVE-2014-2583. - -Reported-by: Sebastian Krahmer - -Upstream-Status: Backport - -Signed-off-by: Yue Tao -Signed-off-by: Wenzong Fan ---- - modules/pam_timestamp/pam_timestamp.c | 13 ++++++++++++- - 1 files changed, 12 insertions(+), 1 deletions(-) - -diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c -index 5193733..b3f08b1 100644 ---- a/modules/pam_timestamp/pam_timestamp.c -+++ b/modules/pam_timestamp/pam_timestamp.c -@@ -158,7 +158,7 @@ check_tty(const char *tty) - tty = strrchr(tty, '/') + 1; - } - /* Make sure the tty wasn't actually a directory (no basename). */ -- if (strlen(tty) == 0) { -+ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { - return NULL; - } - return tty; -@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen) - if (pwd != NULL) { - ruser = pwd->pw_name; - } -+ } else { -+ /* -+ * This ruser is used by format_timestamp_name as a component -+ * of constructed timestamp pathname, so ".", "..", and '/' -+ * are disallowed to avoid potential path traversal issues. -+ */ -+ if (!strcmp(ruser, ".") || -+ !strcmp(ruser, "..") || -+ strchr(ruser, '/')) { -+ ruser = NULL; -+ } - } - if (ruser == NULL || strlen(ruser) >= ruserbuflen) { - *ruserbuf = '\0'; --- -1.7.5.4 - -- cgit v1.2.3-54-g00ecf