logrotate: fix for CVE-2011-1548

If a logfile is a symlink, it may be read when being compressed, being copied (copy, copytruncate) or mailed. Secure data (eg. password files) may be exposed. Portback nofollow.patch from: http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2013-06-17 22:28:50 -0400
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2013-06-25 17:30:32 +0100
commit: d0e3fc1b28fc16200adbe690aa27124041036ba3 (patch)
tree: 6f94ec91728e77765538bdb3fd3a96a574d28b3f /meta/recipes-extended/logrotate/logrotate_3.8.1.bb
parent: 7538a9cd0c6f0216ef95956ad86e2f88ebd4c8ea (diff)
download: openembedded-core-d0e3fc1b28fc16200adbe690aa27124041036ba3.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
index 5a8156be57..2b6dc93284 100644
--- a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
+++ b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://fedorahosted.org/releases/l/o/logrotate/logrotate-${PV}.tar.g
            file://act-as-mv-when-rotate.patch \
            file://disable-check-different-filesystems.patch \
            file://update-the-manual.patch \
+           file://logrotate-CVE-2011-1548.patch \
             "
 
 SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5"
author	Wenzong Fan <wenzong.fan@windriver.com>	2013-06-17 22:28:50 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2013-06-25 17:30:32 +0100
commit	d0e3fc1b28fc16200adbe690aa27124041036ba3 (patch)
tree	6f94ec91728e77765538bdb3fd3a96a574d28b3f /meta/recipes-extended/logrotate/logrotate_3.8.1.bb
parent	7538a9cd0c6f0216ef95956ad86e2f88ebd4c8ea (diff)
download	openembedded-core-d0e3fc1b28fc16200adbe690aa27124041036ba3.tar.gz