shadow: fix CVE-2017-12424

Backport a patch to fix CVE-2017-12424. In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Reference link: https://nvd.nist.gov/vuln/detail/CVE-2017-12424 CVE: CVE-2017-12424 Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Chen Qi <Qi.Chen@windriver.com> 2017-08-16 18:28:10 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-08-17 10:04:30 +0100
commit: 896495d4d2a9751e6e013a3498293b2443d7d809 (patch)
tree: 10b8bcbad37497cc31f620991b6ab12a67dd46ed /meta/recipes-extended/shadow/shadow.inc
parent: 86838f1c06002a62ded12a9a66d1eb82093c85a9 (diff)
download: openembedded-core-contrib-896495d4d2a9751e6e013a3498293b2443d7d809.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 5e6b0bd970..cc189649b2 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -16,6 +16,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
            file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
            file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
            file://0001-useradd-copy-extended-attributes-of-home.patch \
+           file://0001-shadow-CVE-2017-12424 \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
            "
author	Chen Qi <Qi.Chen@windriver.com>	2017-08-16 18:28:10 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-08-17 10:04:30 +0100
commit	896495d4d2a9751e6e013a3498293b2443d7d809 (patch)
tree	10b8bcbad37497cc31f620991b6ab12a67dd46ed /meta/recipes-extended/shadow/shadow.inc
parent	86838f1c06002a62ded12a9a66d1eb82093c85a9 (diff)
download	openembedded-core-contrib-896495d4d2a9751e6e013a3498293b2443d7d809.tar.gz