OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 23-Jun-2005 15:32:25 Branch: OPENPKG_2_3_SOLID Handle: 2005062314322300 Added files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/sudo sudo.patch Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/sudo sudo.spec Log: Apply security fix: OpenPKG-SA-2005.012-sudo (CAN-2005-1993) Summary: Revision Changes Path 1.1.6.1 +70 -0 openpkg-src/sudo/sudo.patch 1.74.2.2 +3 -1 openpkg-src/sudo/sudo.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/sudo/sudo.patch ============================================================================ $ cvs diff -u -r0 -r1.1.6.1 sudo.patch --- /dev/null 2005-06-23 15:32:23 +0200 +++ sudo.patch 2005-06-23 15:32:24 +0200 @@ -0,0 +1,70 @@ +OpenPKG-SA-2005.012-sudo (CAN-2005-1993) +http://www.sudo.ws/sudo/alerts/path_race.html + +Index: ldap.c +--- ldap.c.orig 2004-12-01 04:28:46 +0100 ++++ ldap.c 2005-06-23 14:06:03 +0200 +@@ -278,8 +278,6 @@ + /* Match against ALL ? */ + if (!strcasecmp(*p,"ALL")) { + ret=1; +- if (safe_cmnd) free (safe_cmnd); +- safe_cmnd=estrdup(user_cmnd); + if (ldap_conf.debug>1) printf(" MATCH!\n"); + continue; + } +Index: parse.yacc +--- parse.yacc.orig 2004-08-11 20:29:10 +0200 ++++ parse.yacc 2005-06-23 14:06:03 +0200 +@@ -676,10 +676,6 @@ + } + + $$ = TRUE; +- +- if (safe_cmnd) +- free(safe_cmnd); +- safe_cmnd = estrdup(user_cmnd); + } + | ALIAS { + aliasinfo *aip; +Index: sudo.c +--- sudo.c.orig 2005-03-25 02:56:41 +0100 ++++ sudo.c 2005-06-23 14:06:03 +0200 +@@ -275,6 +275,8 @@ + /* Validate the user but don't search for pseudo-commands. */ + validated = sudoers_lookup(pwflag); + } ++ if (safe_cmnd == NULL) ++ safe_cmnd = user_cmnd; + + /* + * If we are using set_perms_posix() and the stay_setuid flag was not set, +@@ -391,14 +393,6 @@ + exit(0); + } + +- /* This *must* have been set if we got a match but... */ +- if (safe_cmnd == NULL) { +- log_error(MSG_ONLY, +- "internal error, safe_cmnd never got set for %s; %s", +- user_cmnd, +- "please report this error at http://courtesan.com/sudo/bugs/"); +- } +- + /* Override user's umask if configured to do so. */ + if (def_umask != 0777) + (void) umask(def_umask); +Index: sudo.tab.c +--- sudo.tab.c.orig 2004-08-11 20:29:36 +0200 ++++ sudo.tab.c 2005-06-23 14:06:03 +0200 +@@ -1740,10 +1740,6 @@ + } + + yyval.BOOLEAN = TRUE; +- +- if (safe_cmnd) +- free(safe_cmnd); +- safe_cmnd = estrdup(user_cmnd); + } + break; + case 61: @@ . patch -p0 <<'@@ .' Index: openpkg-src/sudo/sudo.spec ============================================================================ $ cvs diff -u -r1.74.2.1 -r1.74.2.2 sudo.spec --- openpkg-src/sudo/sudo.spec 21 Feb 2005 17:08:41 -0000 1.74.2.1 +++ openpkg-src/sudo/sudo.spec 23 Jun 2005 13:32:23 -0000 1.74.2.2 @@ -34,7 +34,7 @@ Group: System License: BSD Version: 1.6.8p7 -Release: 2.3.0 +Release: 2.3.1 # package options %option with_fsl yes @@ -44,6 +44,7 @@ Source0: ftp://ftp.courtesan.com/pub/sudo/sudo-%{version}.tar.gz Source1: rc.sudo Source2: fsl.sudo +Patch0: sudo.patch # build information Prefix: %{l_prefix} @@ -75,6 +76,7 @@ %prep %setup -q + %patch -p0 %{l_shtool} subst \ -e '/LINENO: error: C[+]* preprocessor/{N;N;N;N;s/.*/:/;}' \ configure @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org