pool/sudo
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 453650 from home:kstreitova:branches:Base:System

Browse Source 
- add sudo-1.8.19p2-decrement_env_len.patch - In 
  sudo_unsetenv_nodebug(), decrement envp.env_len after removing
  the variable [bsc#981124]
- add sudo-1.8.19p2-dont_overwrite_ret_val.patch - don't overwrite
  the return value of ldap_sasl_interactive_bind_s() by the
  subsequent call to sudo_set_krb5_ccache_name() [bsc#981124]

OBS-URL: https://build.opensuse.org/request/show/453650
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=114
This commit is contained in:
Marcus Meissner 2017-02-01 06:48:54 +00:00 committed by Git OBS Bridge
parent c3b3e5cc11
commit 0b246503a9
4 changed files with 92 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
sudo-1.8.19p2-decrement_env_len.patch Normal file
View File

@ -0,0 +1,21 @@
# HG changeset patch
# User Todd C. Miller <Todd.Miller@courtesan.com>
# Date 1484590376 25200
# Node ID 3d87a008671c73ff8c058ce8576cc791d50086cc
# Parent 5323dfcfb009a2436bf7bd867e4d308e0935356b
In sudo_unsetenv_nodebug(), decrement envp.env_len after removing
the variable. From Paul Zirnik of SUSE.
diff -r 5323dfcfb009 -r 3d87a008671c plugins/sudoers/env.c
--- a/plugins/sudoers/env.c Sun Jan 15 19:13:26 2017 -0700
+++ b/plugins/sudoers/env.c Mon Jan 16 11:12:56 2017 -0700
@@ -497,6 +497,7 @@
char **cur = ep;
while ((*cur = *(cur + 1)) != NULL)
cur++;
+ env.env_len--;
/* Keep going, could be multiple instances of the var. */
} else {
ep++;

57
sudo-1.8.19p2-dont_overwrite_ret_val.patch Normal file
View File

@ -0,0 +1,57 @@
# HG changeset patch
# User Todd C. Miller <Todd.Miller@courtesan.com>
# Date 1484590826 25200
# Node ID 448baff2b586d8b777d9e5c01ce8e58d61d62b9a
# Parent 3d87a008671c73ff8c058ce8576cc791d50086cc
Don't overwrite the return value of ldap_sasl_interactive_bind_s()
by the subsequent call to sudo_set_krb5_ccache_name(). From Paul
Zirnik of SUSE.
diff -r 3d87a008671c -r 448baff2b586 plugins/sudoers/ldap.c
--- a/plugins/sudoers/ldap.c Mon Jan 16 11:12:56 2017 -0700
+++ b/plugins/sudoers/ldap.c Mon Jan 16 11:20:26 2017 -0700
@@ -3002,7 +3002,7 @@
static int
sudo_ldap_bind_s(LDAP *ld)
{
- int ret;
+ int rc, ret;
debug_decl(sudo_ldap_bind_s, SUDOERS_DEBUG_LDAP)
#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
@@ -3025,27 +3025,27 @@
}
if (new_ccname != NULL) {
- ret = sudo_set_krb5_ccache_name(new_ccname, &old_ccname);
- if (ret == 0) {
+ rc = sudo_set_krb5_ccache_name(new_ccname, &old_ccname);
+ if (rc == 0) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"set ccache name %s -> %s",
old_ccname ? old_ccname : "(none)", new_ccname);
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
- "sudo_set_krb5_ccache_name() failed: %d", ret);
+ "sudo_set_krb5_ccache_name() failed: %d", rc);
}
}
ret = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI",
NULL, NULL, LDAP_SASL_QUIET, sudo_ldap_sasl_interact, auth_id);
if (new_ccname != NULL) {
- ret = sudo_set_krb5_ccache_name(old_ccname ? old_ccname : "", NULL);
- if (ret == 0) {
+ rc = sudo_set_krb5_ccache_name(old_ccname ? old_ccname : "", NULL);
+ if (rc == 0) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"restore ccache name %s -> %s", new_ccname,
old_ccname ? old_ccname : "(none)");
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
- "sudo_set_krb5_ccache_name() failed: %d", ret);
+ "sudo_set_krb5_ccache_name() failed: %d", rc);
}
/* Remove temporary copy of user's credential cache. */
if (tmp_ccname != NULL)

10
sudo.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Tue Jan 31 16:11:17 UTC 2017 - kstreitova@suse.com
- add sudo-1.8.19p2-decrement_env_len.patch - In
sudo_unsetenv_nodebug(), decrement envp.env_len after removing
the variable [bsc#981124]
- add sudo-1.8.19p2-dont_overwrite_ret_val.patch - don't overwrite
the return value of ldap_sasl_interactive_bind_s() by the
subsequent call to sudo_set_krb5_ccache_name() [bsc#981124]
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Jan 14 14:25:39 UTC 2017 - michael@stroeder.com Sat Jan 14 14:25:39 UTC 2017 - michael@stroeder.com

4
sudo.spec
View File

@ -33,6 +33,8 @@ Source6: %{name}.keyring
Patch0: sudoers2ldif-env.patch Patch0: sudoers2ldif-env.patch
# PATCH-OPENSUSE: the "SUSE" branding of the default sudo config # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
Patch1: sudo-sudoers.patch Patch1: sudo-sudoers.patch
Patch2: sudo-1.8.19p2-decrement_env_len.patch
Patch3: sudo-1.8.19p2-dont_overwrite_ret_val.patch
BuildRequires: audit-devel BuildRequires: audit-devel
BuildRequires: cyrus-sasl-devel BuildRequires: cyrus-sasl-devel
BuildRequires: groff BuildRequires: groff
@ -74,6 +76,8 @@ Tests for fate#313276
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
%patch3 -p1
%build %build
%ifarch s390 s390x %sparc %ifarch s390 s390x %sparc