mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-17 00:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

logrotate: remove logrotate-CVE-2011-1548.patch

Browse Source 
It is a backport patch, and verified that the patch is in the source.

(From OE-Core rev: 370dc496c2d6f8fa97a18af49747d15a41fc7bcf)

(From OE-Core rev: 3cf413bd3f7b022488473aaee15e28cf343c6b12)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Robert Yang
2015-04-27 20:43:25 -07:00
committed by Richard Purdie
parent 2f1a4d0f73
commit c97d806d2f
1 changed files with 0 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch
View File

@@ -1,43 +0,0 @@
Upstream-Status: Backport
logrotate: fix for CVE-2011-1548
If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.
Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
--- a/logrotate.c 2012-09-06 13:25:08.000000000 +0800
+++ b/logrotate.c 2012-09-06 13:35:57.000000000 +0800
@@ -390,7 +390,7 @@
compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2);
sprintf(compressedName, "%s%s", name, log->compress_ext);
- if ((inFile = open(name, O_RDWR)) < 0) {
+ if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) {
message(MESS_ERROR, "unable to open %s for compression\n", name);
return 1;
}
@@ -470,7 +470,7 @@
char *mailArgv[] = { mailCommand, "-s", subject, address, NULL };
int rc = 0;
- if ((mailInput = open(logFile, O_RDONLY)) < 0) {
+ if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) {
message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile,
strerror(errno));
return 1;
@@ -561,7 +561,7 @@
message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog);
if (!debug) {
- if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) {
+ if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) {
message(MESS_ERROR, "error opening %s: %s\n", currLog,
strerror(errno));
return 1;