aboutsummaryrefslogtreecommitdiff
path: root/package/libpam-tacplus/libpam-tacplus.mk
diff options
context:
space:
mode:
authorGravatar Fabrice Fontaine <fontaine.fabrice@gmail.com>2020-10-28 09:26:58 +0100
committerGravatar Thomas Petazzoni <thomas.petazzoni@bootlin.com>2020-10-29 23:38:48 +0100
commit70499767e510cf02e6b6771c51c8720defe99c54 (patch)
tree0900aef7f5119254dfa7d857f84b488e0c3f6e72 /package/libpam-tacplus/libpam-tacplus.mk
parentef4f72aef7bf87ed0c31fbabedca3904053c39d8 (diff)
downloadbuildroot-70499767e510cf02e6b6771c51c8720defe99c54.tar.gz
buildroot-70499767e510cf02e6b6771c51c8720defe99c54.tar.bz2
package/libpam-tacplus: fix CVE-2020-27743
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/libpam-tacplus/libpam-tacplus.mk')
-rw-r--r--package/libpam-tacplus/libpam-tacplus.mk3
1 files changed, 3 insertions, 0 deletions
diff --git a/package/libpam-tacplus/libpam-tacplus.mk b/package/libpam-tacplus/libpam-tacplus.mk
index fd2b4f9a30..86a5b1c461 100644
--- a/package/libpam-tacplus/libpam-tacplus.mk
+++ b/package/libpam-tacplus/libpam-tacplus.mk
@@ -17,4 +17,7 @@ LIBPAM_TACPLUS_INSTALL_STAGING = YES
LIBPAM_TACPLUS_CONF_ENV = \
ax_cv_check_cflags___fstack_protector_all=$(if $(BR2_TOOLCHAIN_HAS_SSP),yes,no)
+# 0005-Check-for-failure-of-OpenSSL-RAND_pseudo_bytes.patch
+LIBPAM_TACPLUS_IGNORE_CVES += CVE-2020-27743
+
$(eval $(autotools-package))