From 1f9c9a288494dab303785414b75077b91301d293 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Wed, 16 Aug 2017 18:28:10 +0800
Subject: shadow: fix CVE-2017-12424

Backport a patch to fix CVE-2017-12424.

In shadow before 4.5, the newusers tool could be made to manipulate
internal data structures in ways unintended by the authors.

Reference link: https://nvd.nist.gov/vuln/detail/CVE-2017-12424

CVE: CVE-2017-12424

(From OE-Core rev: 896495d4d2a9751e6e013a3498293b2443d7d809)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/shadow/shadow.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-extended/shadow/shadow.inc')

diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 5e6b0bd970..cc189649b2 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -16,6 +16,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
            file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
            file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
            file://0001-useradd-copy-extended-attributes-of-home.patch \
+           file://0001-shadow-CVE-2017-12424 \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
            "
 
-- 
cgit v1.2.3-54-g00ecf