bnc#594738

OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=9
2010-05-18 15:52:50 +00:00 · 2010-05-18 15:52:50 +00:00 · 5afda44d49
commit 5afda44d49
parent d726d9c64b
13 changed files with 100 additions and 30 deletions
--- a/0
+++ b/0
--- a/sudo-1.7.1-__P.diff
+++ b/sudo-1.7.1-__P.diff
@ -1,6 +1,8 @@
--- compat.h
+Index: compat.h
+===================================================================
+--- compat.h.orig
 +++ compat.h
-@@ -28,6 +28,7 @@
+@@ -29,6 +29,7 @@
  */
 
 /* Deal with ANSI stuff reasonably.  */
--- a/sudo-1.7.1-defaults.diff
+++ b/sudo-1.7.1-defaults.diff
@ -1,6 +1,8 @@
--- defaults.c
+Index: defaults.c
+===================================================================
+--- defaults.c.orig
 +++ defaults.c
-@@ -430,9 +430,6 @@
+@@ -418,9 +418,6 @@ init_defaults()
 #ifdef FQDN
     def_fqdn = TRUE;
 #endif
--- a/sudo-1.7.1-env.diff
+++ b/sudo-1.7.1-env.diff
@ -1,4 +1,6 @@
--- sudoers2ldif
+Index: sudoers2ldif
+===================================================================
+--- sudoers2ldif.orig
 +++ sudoers2ldif
@@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
--- a/sudo-1.7.1-pam_rhost.diff
+++ b/sudo-1.7.1-pam_rhost.diff
@ -1,12 +1,14 @@
--- auth/pam.c
+Index: auth/pam.c
+===================================================================
+--- auth/pam.c.orig
 +++ auth/pam.c
-@@ -209,7 +209,9 @@
+@@ -111,7 +111,9 @@ pam_init(pw, promptp, auth)
+      * We set PAM_RHOST to avoid a bug in Solaris 7 and below.
      */
-     (void) pam_set_item(pamh, PAM_USER, pw->pw_name);
     (void) pam_set_item(pamh, PAM_RUSER, user_name);
 +#if 0 /* we don't care about Solaris bugs */
     (void) pam_set_item(pamh, PAM_RHOST, user_host);
 +#endif
 
     /*
-      * Set credentials (may include resource limits, device ownership, etc).
+      * Some versions of pam_lastlog have a bug that
--- a/sudo-1.7.1-secure_path.diff
+++ b/sudo-1.7.1-secure_path.diff
@ -1,6 +1,8 @@
--- env.c
+Index: env.c
+===================================================================
+--- env.c.orig
 +++ env.c
-@@ -688,7 +688,7 @@
+@@ -700,7 +700,7 @@ rebuild_env(sudo_mode, noexec)
 	}
     }
     /* Replace the PATH envariable with a secure one? */
@ -9,9 +11,11 @@
 	sudo_setenv("PATH", def_secure_path, TRUE);
 	SET(didvar, DID_PATH);
     }
--- find_path.c
+Index: find_path.c
+===================================================================
+--- find_path.c.orig
 +++ find_path.c
-@@ -87,7 +87,7 @@
+@@ -87,7 +87,7 @@ find_path(infile, outfile, sbp, path)
     }
 
     /* Use PATH passed in unless SECURE_PATH is in effect.  */
@ -20,9 +24,11 @@
 	path = def_secure_path;
     else if (path == NULL)
 	return(NOT_FOUND);
--- logging.c
+Index: logging.c
+===================================================================
+--- logging.c.orig
 +++ logging.c
-@@ -433,7 +433,7 @@
+@@ -434,7 +434,7 @@ send_mail(line)
 #ifndef NO_ROOT_MAILER
     static char *root_envp[] = {
 	"HOME=/",
@ -31,7 +37,9 @@
 	"LOGNAME=root",
 	"USERNAME=root",
 	"USER=root",
--- pathnames.h.in
+Index: pathnames.h.in
+===================================================================
+--- pathnames.h.in.orig
 +++ pathnames.h.in
@@ -41,9 +41,10 @@
 #define _PATH_DEVNULL		"/dev/null"
--- a/sudo-1.7.1-strip.diff
+++ b/sudo-1.7.1-strip.diff
@ -1,6 +1,8 @@
--- Makefile.in
+Index: Makefile.in
+===================================================================
+--- Makefile.in.orig
 +++ Makefile.in
-@@ -415,11 +415,11 @@
+@@ -417,11 +417,11 @@ install-dirs:
 	    $(DESTDIR)$(noexecdir)
 
 install-binaries: install-dirs $(PROGS)
--- a/sudo-1.7.1-sudoers.diff
+++ b/sudo-1.7.1-sudoers.diff
@ -1,6 +1,8 @@
--- sudo.man.in
+Index: sudo.man.in
+===================================================================
+--- sudo.man.in.orig
 +++ sudo.man.in
-@@ -180,8 +180,8 @@
+@@ -190,8 +190,8 @@ is initialized based on the group file (
 specified).  If the invoking user is root or if the target user is
 the same as the invoking user, no password is required.  Otherwise,
 \&\fBsudo\fR requires that users authenticate themselves with a password
@ -11,7 +13,9 @@
 a timestamp is updated and the user may then use sudo without a
 password for a short period of time (\f(CW\*(C`@timeout@\*(C'\fR minutes unless
 overridden in \fIsudoers\fR).
--- sudoers
+Index: sudoers
+===================================================================
+--- sudoers.orig
 +++ sudoers
@@ -15,6 +15,26 @@
 
--- a/sudo-1.7.2.tar.bz2
+++ b/sudo-1.7.2.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:df8e24807b0abd3f407d71aa2b46bdc859a0144bea318c6d1ea21edd476431fe
-size 582651
--- a/sudo-1.7.2p4.tar.gz
+++ b/sudo-1.7.2p4.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:57d9adbdffa881e32894231079da7d68ffe99f46942818b63baadf6c795b7bdd
+size 772821
--- a/sudo-CVE-2010-1163.patch
+++ b/sudo-CVE-2010-1163.patch
@ -0,0 +1,16 @@
+Index: sudo-1.7.2p4/find_path.c
+===================================================================
+--- sudo-1.7.2p4.orig/find_path.c	2010-05-18 17:40:20.000000000 +0200
+++ sudo-1.7.2p4/find_path.c	2010-05-18 17:46:44.000000000 +0200
+@@ -126,7 +126,10 @@ find_path(infile, outfile, sbp, path)
+      * Check current dir if dot was in the PATH
+      */
+     if (!result && checkdot) {
+-	result = sudo_goodpath(infile, sbp);
+        len = snprintf(command, sizeof(command), "./%s", infile);
+        if (len <= 0 || len >= sizeof(command))
+            errorx(1, "%s: File name too long", infile);
+        result = sudo_goodpath(command, sbp);
+ 	if (result && def_ignore_dot)
+ 	    return(NOT_FOUND_DOT);
+     }
--- a/sudo.changes
+++ b/sudo.changes
@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue May 18 15:52:10 UTC 2010 - puzel@novell.com
+
+- add sudo-CVE-2010-1163.patch (bnc#594738)
+
+-------------------------------------------------------------------
+Wed Feb 24 16:19:35 UTC 2010 - prusnak@suse.cz
+
+- updated to 1.7.2p4
+  * Fixed the expansion of the %h escape in #include file names
+    introduced in sudo 1.7.1.
+  * Fixed a a bug where the negation operator in a Cmnd_List
+    was not being honored.
+  * No longer produce a parse error when #includedir references
+    a directory that contains no valid filenames.
+  * The sudo.man.pl and sudoers.man.pl files are now included
+    in the distribution for people who wish to regenerate the man pages.
+  * Fixed the emulation of krb5_get_init_creds_opt_alloc() for MIT kerberos.
+  * When authenticating via PAM, set PAM_RUSER and PAM_RHOST early
+    so they can be used during authentication.
+  * Fix printing of entries with multiple host entries on
+    a single line.
+  * Fix use after free when sending error messages via email.
+  * Use setrlimit64(), if available, instead of setrlimit()
+    when setting AIX resource limits since rlim_t is 32bits.
+  * Fix size arg when realloc()ing include stack.
+  * Avoid a duplicate fclose() of the sudoers file.
+  * Fix a bug that could allow users with permission to run sudoedit
+    to run arbitrary commands.
+
 -------------------------------------------------------------------
 Tue Jan 26 22:48:31 CET 2010 - jengelh@medozas.de

--- a/sudo.spec
+++ b/sudo.spec
@ -1,5 +1,5 @@
 #
-# spec file for package sudo (Version 1.7.2)
+# spec file for package sudo (Version 1.7.2p4)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@ -22,13 +22,13 @@ Name:           sudo
 BuildRequires:  openldap2-devel pam-devel postfix
 BuildRequires:  libselinux-devel
 PreReq:         coreutils
-Version:        1.7.2
-Release:        2
+Version:        1.7.2p4
+Release:        1
 Group:          System/Base
 License:        BSD3c(or similar)
 Url:            http://www.sudo.ws/
 Summary:        Execute some commands as root
-Source0:        %{name}-%{version}.tar.bz2
+Source0:        http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
 Source1:        %{name}.pamd
 Source2:        README.SUSE
 Patch1:         %{name}-1.7.1-defaults.diff
@ -38,6 +38,7 @@ Patch4:         %{name}-1.7.1-strip.diff
 Patch5:         %{name}-1.7.1-secure_path.diff
 Patch6:         %{name}-1.7.1-env.diff
 Patch7:         %{name}-1.7.1-pam_rhost.diff
+Patch8:         sudo-CVE-2010-1163.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -66,6 +67,7 @@ Authors:
 %patch5
 %patch6
 %patch7
+%patch8 -p1
 cp %{SOURCE2} .

 %build
@ -96,7 +98,7 @@ make %{?jobs:-j%jobs}

 %install
 make DESTDIR=$RPM_BUILD_ROOT install
-install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo
+install -d -m 700 $RPM_BUILD_ROOT%{_localstatedir}/run/sudo
 install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
 install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo
 install -m 755 sudoers2ldif $RPM_BUILD_ROOT%{_sbindir}/sudoers2ldif
@ -119,6 +121,6 @@ rm -rf $RPM_BUILD_ROOT
 %{_bindir}/sudoedit
 %{_sbindir}/*
 %{_libexecdir}/sudo
-/var/run/sudo
+%{_localstatedir}/run/sudo

 %changelog