OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 23-Jun-2005 15:32:25
Branch: OPENPKG_2_3_SOLID Handle: 2005062314322300
Added files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/sudo sudo.patch
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/sudo sudo.spec
Log:
Apply security fix: OpenPKG-SA-2005.012-sudo (CAN-2005-1993)
Summary:
Revision Changes Path
1.1.6.1 +70 -0 openpkg-src/sudo/sudo.patch
1.74.2.2 +3 -1 openpkg-src/sudo/sudo.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/sudo/sudo.patch
============================================================================
$ cvs diff -u -r0 -r1.1.6.1 sudo.patch
--- /dev/null 2005-06-23 15:32:23 +0200
+++ sudo.patch 2005-06-23 15:32:24 +0200
@@ -0,0 +1,70 @@
+OpenPKG-SA-2005.012-sudo (CAN-2005-1993)
+http://www.sudo.ws/sudo/alerts/path_race.html
+
+Index: ldap.c
+--- ldap.c.orig 2004-12-01 04:28:46 +0100
++++ ldap.c 2005-06-23 14:06:03 +0200
+@@ -278,8 +278,6 @@
+ /* Match against ALL ? */
+ if (!strcasecmp(*p,"ALL")) {
+ ret=1;
+- if (safe_cmnd) free (safe_cmnd);
+- safe_cmnd=estrdup(user_cmnd);
+ if (ldap_conf.debug>1) printf(" MATCH!\n");
+ continue;
+ }
+Index: parse.yacc
+--- parse.yacc.orig 2004-08-11 20:29:10 +0200
++++ parse.yacc 2005-06-23 14:06:03 +0200
+@@ -676,10 +676,6 @@
+ }
+
+ $$ = TRUE;
+-
+- if (safe_cmnd)
+- free(safe_cmnd);
+- safe_cmnd = estrdup(user_cmnd);
+ }
+ | ALIAS {
+ aliasinfo *aip;
+Index: sudo.c
+--- sudo.c.orig 2005-03-25 02:56:41 +0100
++++ sudo.c 2005-06-23 14:06:03 +0200
+@@ -275,6 +275,8 @@
+ /* Validate the user but don't search for pseudo-commands. */
+ validated = sudoers_lookup(pwflag);
+ }
++ if (safe_cmnd == NULL)
++ safe_cmnd = user_cmnd;
+
+ /*
+ * If we are using set_perms_posix() and the stay_setuid flag was not
set,
+@@ -391,14 +393,6 @@
+ exit(0);
+ }
+
+- /* This *must* have been set if we got a match but... */
+- if (safe_cmnd == NULL) {
+- log_error(MSG_ONLY,
+- "internal error, safe_cmnd never got set for %s; %s",
+- user_cmnd,
+- "please report this error at http://courtesan.com/sudo/bugs/";);
+- }
+-
+ /* Override user's umask if configured to do so. */
+ if (def_umask != 0777)
+ (void) umask(def_umask);
+Index: sudo.tab.c
+--- sudo.tab.c.orig 2004-08-11 20:29:36 +0200
++++ sudo.tab.c 2005-06-23 14:06:03 +0200
+@@ -1740,10 +1740,6 @@
+ }
+
+ yyval.BOOLEAN = TRUE;
+-
+- if (safe_cmnd)
+- free(safe_cmnd);
+- safe_cmnd = estrdup(user_cmnd);
+ }
+ break;
+ case 61:
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/sudo/sudo.spec
============================================================================
$ cvs diff -u -r1.74.2.1 -r1.74.2.2 sudo.spec
--- openpkg-src/sudo/sudo.spec 21 Feb 2005 17:08:41 -0000 1.74.2.1
+++ openpkg-src/sudo/sudo.spec 23 Jun 2005 13:32:23 -0000 1.74.2.2
@@ -34,7 +34,7 @@
Group: System
License: BSD
Version: 1.6.8p7
-Release: 2.3.0
+Release: 2.3.1
# package options
%option with_fsl yes
@@ -44,6 +44,7 @@
Source0: ftp://ftp.courtesan.com/pub/sudo/sudo-%{version}.tar.gz
Source1: rc.sudo
Source2: fsl.sudo
+Patch0: sudo.patch
# build information
Prefix: %{l_prefix}
@@ -75,6 +76,7 @@
%prep
%setup -q
+ %patch -p0
%{l_shtool} subst \
-e '/LINENO: error: C[+]* preprocessor/{N;N;N;N;s/.*/:/;}' \
configure
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
