From f9207a7cdd07c683992f6978bd05d3f79daa6c382339a62d68ba52248147b00a Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 2 Jun 2010 16:12:03 +0000 Subject: [PATCH] Accepting request 40990 from Base:System checked in (request 40990) OBS-URL: https://build.opensuse.org/request/show/40990 OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=12 --- sudo-CVE-2010-1646.patch | 87 ---------------------------------------- sudo.changes | 5 --- sudo.spec | 2 - 3 files changed, 94 deletions(-) delete mode 100644 sudo-CVE-2010-1646.patch diff --git a/sudo-CVE-2010-1646.patch b/sudo-CVE-2010-1646.patch deleted file mode 100644 index dd33e88..0000000 --- a/sudo-CVE-2010-1646.patch +++ /dev/null @@ -1,87 +0,0 @@ - -# HG changeset patch -# User Todd C. Miller -# Date 1275055525 14400 -# Node ID a09c6812eaecd6a18f424e66419e6acaf80befc9 -# Parent c17c54dc03b35472377a73544ad91384a81303f8 -Handle duplicate variables in the environment. For unsetenv(), -keep looking even after remove the first instance. For sudo_putenv(), -check for and remove dupes after we replace an existing value. - -Index: sudo-1.7.2p4/env.c -=================================================================== ---- sudo-1.7.2p4.orig/env.c 2010-06-02 12:20:58.000000000 +0200 -+++ sudo-1.7.2p4/env.c 2010-06-02 12:23:42.000000000 +0200 -@@ -321,7 +321,7 @@ int - unsetenv(var) - const char *var; - { -- char **ep; -+ char **ep = env.envp; - size_t len; - - if (strchr(var, '=') != NULL) { -@@ -359,13 +359,15 @@ unsetenv(var) - } - - len = strlen(var); -- for (ep = env.envp; *ep; ep++) { -+ while (*ep != NULL) { - if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { - /* Found it; shift remainder + NULL over by one and update len. */ - memmove(ep, ep + 1, - (env.env_len - (ep - env.envp)) * sizeof(char *)); - env.env_len--; -- break; -+ /* Keep going, could be multiple instances of the var. */ -+ } else { -+ ep++; - } - } - #ifndef UNSETENV_VOID -@@ -433,6 +435,7 @@ sudo_putenv(str, dupcheck, overwrite) - { - char **ep; - size_t len; -+ int found = FALSE; - - /* Make sure there is room for the new entry plus a NULL. */ - if (env.env_len + 2 > env.env_size) { -@@ -452,19 +455,33 @@ sudo_putenv(str, dupcheck, overwrite) - - if (dupcheck) { - len = (strchr(str, '=') - str) + 1; -- for (ep = env.envp; *ep; ep++) { -+ for (ep = env.envp; !found && *ep != NULL; ep++) { - if (strncmp(str, *ep, len) == 0) { - if (overwrite) - *ep = str; -- return; -+ found = TRUE; -+ } -+ } -+ /* Prune out duplicate variables. */ -+ if (found && overwrite) { -+ while (*ep != NULL) { -+ if (strncmp(str, *ep, len) == 0) { -+ memmove(ep, ep + 1, -+ (env.env_len - (ep - env.envp)) * sizeof(char *)); -+ env.env_len--; -+ } else { -+ ep++; -+ } -+ } - } - } -- } else -- ep = env.envp + env.env_len; - -+ if (!found) { -+ ep = env.envp + env.env_len; - env.env_len++; - *ep++ = str; - *ep = NULL; -+ } - } - - /* diff --git a/sudo.changes b/sudo.changes index e4195eb..019a98f 100644 --- a/sudo.changes +++ b/sudo.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Wed Jun 2 10:32:42 UTC 2010 - puzel@novell.com - -- add sudo-CVE-2010-1646.patch (bnc#594738) - ------------------------------------------------------------------- Tue May 18 15:52:10 UTC 2010 - puzel@novell.com diff --git a/sudo.spec b/sudo.spec index 455ada1..68e1fb0 100644 --- a/sudo.spec +++ b/sudo.spec @@ -39,7 +39,6 @@ Patch5: %{name}-1.7.1-secure_path.diff Patch6: %{name}-1.7.1-env.diff Patch7: %{name}-1.7.1-pam_rhost.diff Patch8: sudo-CVE-2010-1163.patch -Patch9: sudo-CVE-2010-1646.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -69,7 +68,6 @@ Authors: %patch6 %patch7 %patch8 -p1 -%patch9 -p1 cp %{SOURCE2} . %build