meta-openembedded/meta-oe/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch - openbmc/openbmc - Gitiles

 From 73fefa0c1ac70043ec84f2d8b8f9f683213f168d Mon Sep 17 00:00:00 2001
 From: Florian Weimer <fweimer@redhat.com>
 Date: Mon, 17 Nov 2014 13:11:32 +0100
 Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771)

 This patch is taken from
 ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz

 Upstream-Status: Inappropriate [upstream is dead]
 CVE: CVE-2004-2771
 ---
  fio.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/fio.c b/fio.c
 index 1529236..774a204 100644
 --- a/fio.c
 +++ b/fio.c
 @@ -497,7 +497,7 @@ globname(char *name)
  	sigemptyset(&nset);
  	sigaddset(&nset, SIGCHLD);
  	sigprocmask(SIG_BLOCK, &nset, NULL);
 -	i = wordexp(name, &we, 0);
 +	i = wordexp(name, &we, WRDE_NOCMD);
  	sigprocmask(SIG_UNBLOCK, &nset, NULL);
  	switch (i) {
  	case 0:
 --
 1.9.3
	From 73fefa0c1ac70043ec84f2d8b8f9f683213f168d Mon Sep 17 00:00:00 2001
	From: Florian Weimer <fweimer@redhat.com>
	Date: Mon, 17 Nov 2014 13:11:32 +0100
	Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771)

	This patch is taken from
	ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz

	Upstream-Status: Inappropriate [upstream is dead]
	CVE: CVE-2004-2771
	---
	fio.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/fio.c b/fio.c
	index 1529236..774a204 100644
	--- a/fio.c
	+++ b/fio.c
	@@ -497,7 +497,7 @@ globname(char *name)
	sigemptyset(&nset);
	sigaddset(&nset, SIGCHLD);
	sigprocmask(SIG_BLOCK, &nset, NULL);
	- i = wordexp(name, &we, 0);
	+ i = wordexp(name, &we, WRDE_NOCMD);
	sigprocmask(SIG_UNBLOCK, &nset, NULL);
	switch (i) {
	case 0:
	--
	1.9.3