Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: gosa-plugins-s...@packages.debian.org Control: affects -1 + src:gosa-plugins-sudo
Please accept updated package gosa-plugins-sudo to bookworm. [ Reason ] Fix processing sudoUser regexp when processing LDAP sudo rules. [ Impact ] GOsa²'s sudo plugin will behave buggy. This will be noticed by sysadmins of Debian Edu 12. [ Tests ] Manual tests. [ Risks ] Merely none, only for users of GOsa² and its sudo plugin. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] + * debian/patches: + + Add 1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch. + Assign variable before using it. [ Other info ] none
diff -Nru gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/changelog gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/changelog --- gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/changelog 2023-01-23 13:03:23.000000000 +0100 +++ gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/changelog 2023-12-01 23:27:03.000000000 +0100 @@ -1,3 +1,11 @@ +gosa-plugins-sudo (2.8~git20211022.7ff3ed2-2+deb12u1) bookworm; urgency=medium + + * debian/patches: + + Add 1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch. + Assign variable before using it. + + -- Mike Gabriel <sunwea...@debian.org> Fri, 01 Dec 2023 23:27:03 +0100 + gosa-plugins-sudo (2.8~git20211022.7ff3ed2-2) unstable; urgency=medium * Source-only upload to unstable. diff -Nru gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch --- gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch 1970-01-01 01:00:00.000000000 +0100 +++ gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch 2023-12-01 23:26:43.000000000 +0100 @@ -0,0 +1,33 @@ +From a82b03aa40ee147ddc2a2a440dad18da8be5b5e1 Mon Sep 17 00:00:00 2001 +From: root <root@postoffice.intern> +Date: Thu, 17 Aug 2023 22:16:03 +0200 +Subject: [PATCH 06/13] plugins/admin/sudo/class_sudoGeneric.inc: Assign + variable before using it. + +--- + admin/sudo/class_sudoGeneric.inc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/admin/sudo/class_sudoGeneric.inc b/admin/sudo/class_sudoGeneric.inc +index f1b1f31..d55679f 100644 +--- a/admin/sudo/class_sudoGeneric.inc ++++ b/admin/sudo/class_sudoGeneric.inc +@@ -297,6 +297,7 @@ class sudo extends plugin + /* Acceptable characters for various fields */ + $ipv4_regex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"; + $fqdn_regex = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$"; ++ $c = preg_quote(' *+-?_|!\'"()','/'); + $attr_regex = array( + "sudoUser" => "/^[a-z0-9{$c}]*$/i", + "sudoHost" => "/$ipv4_regex|$fqdn_regex/i", +@@ -310,7 +311,6 @@ class sudo extends plugin + isset($_POST['new_'.$attr]) && + !empty($_POST['new_'.$attr])){ + +- $c = preg_quote(' *+-?_|!\'"()','/'); + if(preg_match($attr_regex[$attr],get_post('new_'.$attr))){ + $attrs = $this->$attr; + $attrs[] = trim(get_post('new_'.$attr)); +-- +2.39.2 + diff -Nru gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/README gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/README --- gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/README 1970-01-01 01:00:00.000000000 +0100 +++ gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/README 2023-12-01 23:26:43.000000000 +0100 @@ -0,0 +1,3 @@ +0xxx: Grabbed from upstream development. +1xxx: Possibly relevant for upstream adoption. +2xxx: Only relevant for official Debian release. diff -Nru gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/series gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/series --- gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/series 2023-12-01 23:26:43.000000000 +0100 @@ -0,0 +1 @@ +1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch