Openembedded Core Discussions
 help / color / mirror / Atom feed
* [PATCH 0/1] logrotate: fix for CVE-2011-1548
@ 2013-06-18  2:28 wenzong.fan
  2013-06-18  2:28 ` [PATCH 1/1] " wenzong.fan
  0 siblings, 1 reply; 2+ messages in thread
From: wenzong.fan @ 2013-06-18  2:28 UTC (permalink / raw)
  To: openembedded-core

From: Wenzong Fan <wenzong.fan@windriver.com>

If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.
    
Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz

The following changes since commit 1dd643b142c69ac9035e29bff11d02201638dc65:

  licences: Add SGI license (2013-06-17 16:45:37 +0100)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib wenzong/logrotate
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/logrotate

Wenzong Fan (1):
  logrotate: fix for CVE-2011-1548

 .../logrotate-3.8.1/logrotate-CVE-2011-1548.patch  |   43 ++++++++++++++++++++
 meta/recipes-extended/logrotate/logrotate_3.8.1.bb |    1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch

-- 
1.7.9.5



^ permalink raw reply	[flat|nested] 2+ messages in thread
* [PATCH 1/1] logrotate: fix for CVE-2011-1548
  2013-06-18  2:28 [PATCH 0/1] logrotate: fix for CVE-2011-1548 wenzong.fan
@ 2013-06-18  2:28 ` wenzong.fan
  0 siblings, 0 replies; 2+ messages in thread
From: wenzong.fan @ 2013-06-18  2:28 UTC (permalink / raw)
  To: openembedded-core

From: Wenzong Fan <wenzong.fan@windriver.com>

If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.

Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../logrotate-3.8.1/logrotate-CVE-2011-1548.patch  |   43 ++++++++++++++++++++
 meta/recipes-extended/logrotate/logrotate_3.8.1.bb |    1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch

diff --git a/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch
new file mode 100644
index 0000000..ed2750e
--- /dev/null
+++ b/meta/recipes-extended/logrotate/logrotate-3.8.1/logrotate-CVE-2011-1548.patch
@@ -0,0 +1,43 @@
+Upstream-Status: Backport
+
+logrotate: fix for CVE-2011-1548
+
+If a logfile is a symlink, it may be read when being compressed, being
+copied (copy, copytruncate) or mailed. Secure data (eg. password files)
+may be exposed.
+
+Portback nofollow.patch from:
+http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+
+---
+--- a/logrotate.c	2012-09-06 13:25:08.000000000 +0800
++++ b/logrotate.c	2012-09-06 13:35:57.000000000 +0800
+@@ -390,7 +390,7 @@
+     compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2);
+     sprintf(compressedName, "%s%s", name, log->compress_ext);
+ 
+-    if ((inFile = open(name, O_RDWR)) < 0) {
++    if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) {
+ 	message(MESS_ERROR, "unable to open %s for compression\n", name);
+ 	return 1;
+     }
+@@ -470,7 +470,7 @@
+     char *mailArgv[] = { mailCommand, "-s", subject, address, NULL };
+     int rc = 0;
+ 
+-    if ((mailInput = open(logFile, O_RDONLY)) < 0) {
++    if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) {
+ 	message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile,
+ 		strerror(errno));
+ 	return 1;
+@@ -561,7 +561,7 @@
+     message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog);
+ 
+     if (!debug) {
+-	if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) {
++	if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) {
+ 	    message(MESS_ERROR, "error opening %s: %s\n", currLog,
+ 		    strerror(errno));
+ 	    return 1;
diff --git a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
index 5a8156b..2b6dc93 100644
--- a/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
+++ b/meta/recipes-extended/logrotate/logrotate_3.8.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://fedorahosted.org/releases/l/o/logrotate/logrotate-${PV}.tar.g
            file://act-as-mv-when-rotate.patch \
            file://disable-check-different-filesystems.patch \
            file://update-the-manual.patch \
+           file://logrotate-CVE-2011-1548.patch \
             "
 
 SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5"
-- 
1.7.9.5



^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-06-18  2:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-18  2:28 [PATCH 0/1] logrotate: fix for CVE-2011-1548 wenzong.fan
2013-06-18  2:28 ` [PATCH 1/1] " wenzong.fan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox