diff options
Diffstat (limited to 'meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch')
-rw-r--r-- | meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch b/meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch new file mode 100644 index 0000000000..6c48e4cf14 --- /dev/null +++ b/meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch @@ -0,0 +1,45 @@ + +# HG changeset patch +# User Todd C. Miller <Todd.Miller@courtesan.com> +# Date 1452556552 25200 +# Node ID 0cd3cc8fa19565d3f7eb7d960f6ba5da0dec4889 +# Parent 4d2c1761c75245fb88ce397d68bea10afea9c037 +Silence warning in digest_matches() on systems with no fexecve(2). + +Reference to upstream patch: +https://www.sudo.ws/repos/sudo/raw-rev/0cd3cc8fa195 + +CVE: CVE-2015-8239 +Upstream-Status: Backport +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- +diff -r 4d2c1761c752 -r 0cd3cc8fa195 plugins/sudoers/match.c +--- a/plugins/sudoers/match.c Mon Jan 11 16:52:52 2016 -0700 ++++ b/plugins/sudoers/match.c Mon Jan 11 16:55:52 2016 -0700 +@@ -590,8 +590,10 @@ + unsigned char sudoers_digest[SHA512_DIGEST_LENGTH]; + unsigned char buf[32 * 1024]; + struct digest_function *func = NULL; ++#ifdef HAVE_FEXECVE + bool first = true; + bool is_script = false; ++#endif /* HAVE_FEXECVE */ + size_t nread; + SHA2_CTX ctx; + FILE *fp; +@@ -635,12 +637,14 @@ + + func->init(&ctx); + while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) { ++#ifdef HAVE_FEXECVE + /* Check for #! cookie and set is_script. */ + if (first) { + first = false; + if (nread >= 2 && buf[0] == '#' && buf[1] == '!') + is_script = true; + } ++#endif /* HAVE_FEXECVE */ + func->update(&ctx, buf, nread); + } + if (ferror(fp)) { + |