diff options
| author |   Wenzong Fan <wenzong.fan@windriver.com> | 2013-06-17 22:28:50 -0400 |
|---|---|---|
| committer |   Paul Eggleton <paul.eggleton@linux.intel.com> | 2013-07-08 10:30:21 +0100 |
| commit | 247157849f41f2d386b102a4b3d81fd11e8f3ac0 (patch) | |
| tree | 3a161a7a3c8d92eb9eba3bf7f1b5b525c4372fc0 | |
| parent | 1b9b8be17937548135b4c93fc9753c7bd4fc5fbd (diff) | |
| download | openembedded-core-247157849f41f2d386b102a4b3d81fd11e8f3ac0.tar.gz | |
logrotate: fix for CVE-2011-1548
If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.
Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
(From OE-Core master rev: d0e3fc1b28fc16200adbe690aa27124041036ba3)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch | 43 | ||||
| -rw-r--r-- | meta/recipes-extended/logrotate/logrotate_3.8.1.bb | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch new file mode 100644 index 0000000000..ed2750e9c3 --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch @@ -0,0 +1,43 @@ +Upstream-Status: Backport + +logrotate: fix for CVE-2011-1548 + +If a logfile is a symlink, it may be read when being compressed, being +copied (copy, copytruncate) or mailed. Secure data (eg. password files) +may be exposed. + +Portback nofollow.patch from: +http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz + +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> + +--- +--- a/logrotate.c 2012-09-06 13:25:08.000000000 +0800 ++++ b/logrotate.c 2012-09-06 13:35:57.000000000 +0800 +@@ -390,7 +390,7 @@ + compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2); + sprintf(compressedName, "%s%s", name, log->compress_ext); + +- if ((inFile = open(name, O_RDWR)) < 0) { ++ if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) { + message(MESS_ERROR, "unable to open %s for compression\n", name); + return 1; + } +@@ -470,7 +470,7 @@ + char *mailArgv[] = { mailCommand, "-s", subject, address, NULL }; + int rc = 0; + +- if ((mailInput = open(logFile, O_RDONLY)) < 0) { ++ if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) { + message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile, + strerror(errno)); + return 1; +@@ -561,7 +561,7 @@ + message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog); + + if (!debug) { +- if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) { ++ if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) { + message(MESS_ERROR, "error opening %s: %s\n", currLog, + strerror(errno)); + return 1; diff --git a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb index 5a8156be57..2b6dc93284 100644 --- a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb +++ b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb @@ -12,6 +12,7 @@ SRC_URI = "https://fedorahosted.org/releases/l/o/logrotate/logrotate-${PV}.tar.g file://act-as-mv-when-rotate.patch \ file://disable-check-different-filesystems.patch \ file://update-the-manual.patch \ + file://logrotate-CVE-2011-1548.patch \ " SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5" |