From eaec7e962433fa09ec5723afc9bada22ba4d6a45 Mon Sep 17 00:00:00 2001 From: Joshua Lock Date: Wed, 29 Feb 2012 16:34:27 -0800 Subject: sudo: backport patch to address CVE 2012-0809 This is a format string vulnerability "that can be used to crash sudo or potentially allow an unauthorized user to elevate privileges." (From OE-Core rev: 286cdd5db60b4f668e75cd9e05efb97acb08b7a6) Signed-off-by: Joshua Lock Signed-off-by: Richard Purdie --- meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'meta/recipes-extended/sudo/sudo_1.8.1p2.bb') diff --git a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb index b065447ed4..3694c89a42 100644 --- a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb +++ b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb @@ -1,10 +1,11 @@ require sudo.inc -PR = "r3" +PR = "r4" SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \ file://libtool.patch \ - file://sudo-parallel-build.patch \ + file://sudo-parallel-build.patch \ + file://format-string.patch \ ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}" PAM_SRC_URI = "file://sudo.pam" -- cgit v1.2.3-54-g00ecf