rpms/sudo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

update to 1.8.15

Browse Source 
- fixes CVE-2015-5602
This commit is contained in:
Daniel Kopecek 2015-11-05 09:50:31 +01:00
parent 2c03b0a9fd
commit 2306938c7f
5 changed files with 8 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -18,3 +18,4 @@ sudo-1.7.2p2-sudoers
/sudo-1.8.14b4.tar.gz /sudo-1.8.14b4.tar.gz
/sudo-1.8.14p1.tar.gz /sudo-1.8.14p1.tar.gz
/sudo-1.8.14p3.tar.gz /sudo-1.8.14p3.tar.gz
/sudo-1.8.15.tar.gz

2
sources
View File

@ -1,2 +1,2 @@
775b863cdff3a2ee2a26c2d53b51aff5 sudo-1.8.8-sudoers 775b863cdff3a2ee2a26c2d53b51aff5 sudo-1.8.8-sudoers
93dbd1e47c136179ff1b01494c1c0e75 sudo-1.8.14p3.tar.gz 7cf6b9b76d0478a572432bed481dd7b5 sudo-1.8.15.tar.gz

40
sudo-1.8.14p3-deadcode_visudo_c.patch
View File

@ -1,40 +0,0 @@
diff -up ./plugins/sudoers/visudo.c.deadcode ./plugins/sudoers/visudo.c
--- ./plugins/sudoers/visudo.c.deadcode 2015-08-24 09:54:59.216956064 +0200
+++ ./plugins/sudoers/visudo.c 2015-08-24 09:59:50.831547773 +0200
@@ -415,12 +415,10 @@ edit_sudoers(struct sudoersfile *sp, cha
int tfd; /* sudoers temp file descriptor */
bool modified; /* was the file modified? */
int ac; /* argument count */
- char buf[4096]; /* buffer used for copying files */
char linestr[64]; /* string version of lineno */
struct timespec ts, times[2]; /* time before and after edit */
struct timespec orig_mtim; /* starting mtime of sudoers file */
off_t orig_size; /* starting size of sudoers file */
- ssize_t nread; /* number of bytes read */
struct stat sb; /* stat buffer */
bool rval = false; /* return value */
debug_decl(edit_sudoers, SUDOERS_DEBUG_UTIL)
@@ -440,15 +438,19 @@ edit_sudoers(struct sudoersfile *sp, cha
/* Copy sp->path -> sp->tpath and reset the mtime. */
if (orig_size != 0) {
+ char buf[4096], lastch = '\0';
+ ssize_t nread;
(void) lseek(sp->fd, (off_t)0, SEEK_SET);
- while ((nread = read(sp->fd, buf, sizeof(buf))) > 0)
+ while ((nread = read(sp->fd, buf, sizeof(buf))) > 0){
if (write(tfd, buf, nread) != nread)
sudo_fatal(U_("write error"));
+ lastch = buf[nread - 1];
+ }
/* Add missing newline at EOF if needed. */
- if (nread > 0 && buf[nread - 1] != '\n') {
- buf[0] = '\n';
- if (write(tfd, buf, 1) != 1)
+ if (lastch != '\n') {
+ lastch = '\n';
+ if (write(tfd, &lastch, 1) != 1)
sudo_fatal(U_("write error"));
}
}

24
sudo-1.8.14p3-extra_while.patch
View File

@ -1,24 +0,0 @@
diff -up ./plugins/sudoers/sudoers.c.extra_while ./plugins/sudoers/sudoers.c
--- ./plugins/sudoers/sudoers.c.extra_while 2015-08-24 10:06:01.262987605 +0200
+++ ./plugins/sudoers/sudoers.c 2015-08-24 10:07:16.557919240 +0200
@@ -1214,7 +1214,7 @@ find_editor(int nfiles, char **files, in
files, argc_out, argv_out, NULL);
if (editor_path == NULL && errno != ENOENT)
debug_return_str(NULL);
- } while (ep != NULL && editor_path == NULL);
+ }
}
if (!editor_path) {
audit_failure(NewArgc, NewArgv, N_("%s: command not found"),
diff -up ./plugins/sudoers/visudo.c.extra_while ./plugins/sudoers/visudo.c
--- ./plugins/sudoers/visudo.c.extra_while 2015-08-24 10:07:34.602902856 +0200
+++ ./plugins/sudoers/visudo.c 2015-08-24 10:08:27.750854600 +0200
@@ -332,7 +332,7 @@ get_editor(int *editor_argc, char ***edi
editor_argc, editor_argv, whitelist);
if (editor_path == NULL && errno != ENOENT)
debug_return_str(NULL);
- } while (ep != NULL && editor_path == NULL);
+ }
}
if (editor_path == NULL)
sudo_fatalx(U_("no editor found (editor path = %s)"), def_editor);

13
sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.8.14p3 Version: 1.8.15
Release: 3%{?dist} Release: 1%{?dist}
License: ISC License: ISC
Group: Applications/System Group: Applications/System
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
@ -32,9 +32,6 @@ Patch2: sudo-1.8.14p1-ldapconfpatch.patch
Patch3: sudo-1.8.14p1-docpassexpire.patch Patch3: sudo-1.8.14p1-docpassexpire.patch
# Patch initialize variable before executing sudo_strsplit # Patch initialize variable before executing sudo_strsplit
Patch4: sudo-1.8.14p3-initialization.patch Patch4: sudo-1.8.14p3-initialization.patch
# Patch resolves deadcode in visudo.c from coverity scan.
Patch5: sudo-1.8.14p3-deadcode_visudo_c.patch
Patch6: sudo-1.8.14p3-extra_while.patch
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
@ -63,8 +60,6 @@ plugins that use %{name}.
%patch2 -p1 -b .ldapconfpatch %patch2 -p1 -b .ldapconfpatch
%patch3 -p1 -b .docpassexpire %patch3 -p1 -b .docpassexpire
%patch4 -p1 -b .initialization %patch4 -p1 -b .initialization
%patch5 -p1 -b .deadcode
%patch6 -p1 -b .extra_while
%build %build
# Remove bundled copy of zlib # Remove bundled copy of zlib
@ -203,6 +198,10 @@ rm -rf $RPM_BUILD_ROOT
%{_libexecdir}/sudo/libsudo_util.so %{_libexecdir}/sudo/libsudo_util.so
%changelog %changelog
* Thu Nov 5 2015 Daniel Kopecek <dkopecek@redhat.com> 1.8.15-1
- update to 1.8.15
- fixes CVE-2015-5602
* Mon Aug 24 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-3 * Mon Aug 24 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-3
- enable upstream test suite - enable upstream test suite