[oe-commits] Wenzong Fan : logrotate: fix for CVE-2011-1548
git at git.openembedded.org
git at git.openembedded.org
Tue Jul 9 09:45:58 UTC 2013
Module: openembedded-core.git
Branch: dylan
Commit: 247157849f41f2d386b102a4b3d81fd11e8f3ac0
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=247157849f41f2d386b102a4b3d81fd11e8f3ac0
Author: Wenzong Fan <wenzong.fan at windriver.com>
Date: Mon Jun 17 22:28:50 2013 -0400
logrotate: fix for CVE-2011-1548
If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.
Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
(From OE-Core master rev: d0e3fc1b28fc16200adbe690aa27124041036ba3)
Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
Signed-off-by: Saul Wold <sgw at linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
.../logrotate-3.8.1/logrotate-CVE-2011-1548.patch | 43 ++++++++++++++++++++
meta/recipes-extended/logrotate/logrotate_3.8.1.bb | 1 +
2 files changed, 44 insertions(+), 0 deletions(-)
diff --git a/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch
new file mode 100644
index 0000000..ed2750e
--- /dev/null
+++ b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch
@@ -0,0 +1,43 @@
+Upstream-Status: Backport
+
+logrotate: fix for CVE-2011-1548
+
+If a logfile is a symlink, it may be read when being compressed, being
+copied (copy, copytruncate) or mailed. Secure data (eg. password files)
+may be exposed.
+
+Portback nofollow.patch from:
+http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
+
+Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
+
+---
+--- a/logrotate.c 2012-09-06 13:25:08.000000000 +0800
++++ b/logrotate.c 2012-09-06 13:35:57.000000000 +0800
+@@ -390,7 +390,7 @@
+ compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2);
+ sprintf(compressedName, "%s%s", name, log->compress_ext);
+
+- if ((inFile = open(name, O_RDWR)) < 0) {
++ if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) {
+ message(MESS_ERROR, "unable to open %s for compression\n", name);
+ return 1;
+ }
+@@ -470,7 +470,7 @@
+ char *mailArgv[] = { mailCommand, "-s", subject, address, NULL };
+ int rc = 0;
+
+- if ((mailInput = open(logFile, O_RDONLY)) < 0) {
++ if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) {
+ message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile,
+ strerror(errno));
+ return 1;
+@@ -561,7 +561,7 @@
+ message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog);
+
+ if (!debug) {
+- if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) {
++ if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) {
+ message(MESS_ERROR, "error opening %s: %s\n", currLog,
+ strerror(errno));
+ return 1;
diff --git a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
index 5a8156b..2b6dc93 100644
--- a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
+++ b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://fedorahosted.org/releases/l/o/logrotate/logrotate-${PV}.tar.g
file://act-as-mv-when-rotate.patch \
file://disable-check-different-filesystems.patch \
file://update-the-manual.patch \
+ file://logrotate-CVE-2011-1548.patch \
"
SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5"
More information about the Openembedded-commits
mailing list