]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 70d2d56) | patch
libpam: Update fix for CVE-2024-10041
authorShubham Kulkarni <skulkarni@mvista.com>
Wed, 23 Apr 2025 08:43:43 +0000 (14:13 +0530)
committerSteve Sakoman <steve@sakoman.com>
Wed, 23 Apr 2025 15:50:38 +0000 (08:50 -0700)
commit71035c8c5907f7103ce40b92490a10bd3dde7226
treeb43be0c3b8458a148c12e949136f3a9aca769fcetree | snapshot
parent70d2d56f89d6f4589d65a0b4f0cbda20d2172167commit | diff
libpam: Update fix for CVE-2024-10041

Initially, PAM community fixed CVE-2024-10041 in the version v1.6.0 via commit b3020da.
But not all cases were covered with this fix and issues were reported after the release.
In the v1.6.1 release, PAM community fixed these issues via commit b7b9636.
Backport this commit b7b9636, which
Fixes: b3020da ("pam_unix/passverify: always run the helper to obtain shadow password file entries")
Backport from https://github.com/linux-pam/linux-pam/commit/b7b96362087414e52524d3d9d9b3faa21e1db620

Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/pam/libpam/CVE-2024-10041-1.patch [moved from meta/recipes-extended/pam/libpam/CVE-2024-10041.patch with 100% similarity] blob | blame | history
meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch [new file with mode: 0644] blob
meta/recipes-extended/pam/libpam_1.5.2.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib