package/libpam-tacplus: fix CVE-2020-27743

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
author: Fabrice Fontaine <fontaine.fabrice@gmail.com> 2020-10-28 09:26:58 +0100
committer: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2020-10-29 23:38:48 +0100
commit: 70499767e510cf02e6b6771c51c8720defe99c54 (patch)
tree: 0900aef7f5119254dfa7d857f84b488e0c3f6e72 /package/libpam-tacplus/libpam-tacplus.mk
parent: ef4f72aef7bf87ed0c31fbabedca3904053c39d8 (diff)
download: buildroot-70499767e510cf02e6b6771c51c8720defe99c54.tar.gz
buildroot-70499767e510cf02e6b6771c51c8720defe99c54.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/package/libpam-tacplus/libpam-tacplus.mk b/package/libpam-tacplus/libpam-tacplus.mk
index fd2b4f9a30..86a5b1c461 100644
--- a/package/libpam-tacplus/libpam-tacplus.mk
+++ b/package/libpam-tacplus/libpam-tacplus.mk
@@ -17,4 +17,7 @@ LIBPAM_TACPLUS_INSTALL_STAGING = YES
 LIBPAM_TACPLUS_CONF_ENV = \
 	ax_cv_check_cflags___fstack_protector_all=$(if $(BR2_TOOLCHAIN_HAS_SSP),yes,no)
 
+# 0005-Check-for-failure-of-OpenSSL-RAND_pseudo_bytes.patch
+LIBPAM_TACPLUS_IGNORE_CVES += CVE-2020-27743
+
 $(eval $(autotools-package))
author	Fabrice Fontaine <fontaine.fabrice@gmail.com>	2020-10-28 09:26:58 +0100
committer	Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2020-10-29 23:38:48 +0100
commit	70499767e510cf02e6b6771c51c8720defe99c54 (patch)
tree	0900aef7f5119254dfa7d857f84b488e0c3f6e72 /package/libpam-tacplus/libpam-tacplus.mk
parent	ef4f72aef7bf87ed0c31fbabedca3904053c39d8 (diff)
download	buildroot-70499767e510cf02e6b6771c51c8720defe99c54.tar.gz buildroot-70499767e510cf02e6b6771c51c8720defe99c54.tar.bz2