commit 14fddefae2cdb1255279465f2f9fcff5f3da222e
author Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> Fri Jul 13 23:55:56 2018 +0530
committer Brad Bishop <bradleyb@fuzziesquirrel.com> Fri Jul 27 03:12:32 2018 +0000
tree c741979d99c5cd5e7477483611a0003f44790b49
parent c6ed65665d5392d677c63b836ce6ac358a9db7f7

Squashed 'import-layers/meta-security/' content from commit 4d139b9

Subtree from git://git.yoctoproject.org/meta-security

Change-Id: I14bb13faa3f2b2dc1f5d81b339dd48ffedf8562f
git-subtree-dir: import-layers/meta-security
git-subtree-split: 4d139b95c4f152d132592f515c5151f4dd6269c1
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

import-layers/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch

diff --git a/import-layers/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch b/import-layers/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
new file mode 100644
index 0000000..6aa1a65
--- /dev/null
+++ b/import-layers/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
@@ -0,0 +1,43 @@
+Use secure_getenv instead of getenv for setuid programs
+
+(bnc#694598 CVE-2011-2709 bnc#831805)
+
+import from:
+https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+
+diff --git a/src/g_initialize.c b/src/g_initialize.c
+index 200f173..935a9fa 100644
+--- a/src/g_initialize.c
++++ b/src/g_initialize.c
+@@ -26,6 +26,7 @@
+  * This function will initialize the gssapi mechglue library
+  */
+ 
++#define _GNU_SOURCE
+ #include "mglueP.h"
+ #include <stdlib.h>
+ 
+@@ -197,8 +198,7 @@ static void solaris_initialize ()
+     void *dl;
+     gss_mechanism (*sym)(void), mech;
+ 
+-    if ((getuid() != geteuid()) ||
+-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
++    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
+ 	filename = MECH_CONF;
+ 
+     if ((conffile = fopen(filename, "r")) == NULL) {
+@@ -274,8 +274,7 @@ static void linux_initialize ()
+     void *dl;
+     gss_mechanism (*sym)(void), mech;
+ 
+-    if ((getuid() != geteuid()) ||
+-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
++    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
+ 	filename = MECH_CONF;
+ 
+     if ((conffile = fopen(filename, "r")) == NULL) {