From ca5654c8f2cb6ea6bf282bbb06330a612c26ae33 Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Thu, 26 Aug 2021 16:32:58 +0200
Subject: [PATCH] RHEL9 BETA

- utmp resource leak in sudo
Resolves: rhbz#1986579
- sudo does not list /etc/dnf/protected.d/sudo.conf in the rpm config files listing
Resolves: rhbz#1997030
- sudo uses Recommends for sudo-python-plugin(x86-64) = 1.9.5p2-2.el9 and vim-minimal
Resolves: rhbz#1947908
- review of important potential issues detected by static analyzers in sudo-1.9.5p2-2.el9
Resolves: rhbz#1938879

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
---
 covscan.patch              | 35 +++++++++++++++++++++++++++++++++++
 sudo-1.9.5-utmp-leak.patch | 22 ++++++++++++++++++++++
 sudo.spec                  | 20 ++++++++++++++++----
 3 files changed, 73 insertions(+), 4 deletions(-)
 create mode 100644 covscan.patch
 create mode 100644 sudo-1.9.5-utmp-leak.patch

diff --git a/covscan.patch b/covscan.patch
new file mode 100644
index 0000000..a67e556
--- /dev/null
+++ b/covscan.patch
@@ -0,0 +1,35 @@
+diff -up ./lib/eventlog/eventlog.c.covscan ./lib/eventlog/eventlog.c
+--- ./lib/eventlog/eventlog.c.covscan	2021-08-26 11:06:35.068915415 +0200
++++ ./lib/eventlog/eventlog.c	2021-08-26 11:13:32.432472325 +0200
+@@ -1075,10 +1075,13 @@ do_logfile_sudo(const char *logline, con
+     if (ferror(fp)) {
+ 	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
+ 	    "unable to write log file %s", logfile);
+-	goto done;
++	goto ddone;
+     }
+     ret = true;
+ 
++ddone:
++    (void)free(full_line);
++
+ done:
+     (void)sudo_lock_file(fileno(fp), SUDO_UNLOCK);
+     evl_conf.close_log(EVLOG_FILE, fp);
+diff -up ./logsrvd/logsrvd.c.covscan ./logsrvd/logsrvd.c
+diff -up ./plugins/audit_json/audit_json.c.covscan ./plugins/audit_json/audit_json.c
+diff -up ./plugins/sudoers/ldap.c.covscan ./plugins/sudoers/ldap.c
+--- ./plugins/sudoers/ldap.c.covscan	2021-08-26 15:46:11.614179451 +0200
++++ ./plugins/sudoers/ldap.c	2021-08-26 15:51:40.871812534 +0200
+@@ -443,6 +443,8 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMe
+ 	goto done;
+     }
+ 
++    free(cp);
++
+     /* Walk through options, appending to defs. */
+     for (p = bv; *p != NULL; p++) {
+ 	char *var, *val;
+diff -up ./plugins/sudoers/logging.c.covscan ./plugins/sudoers/logging.c
+diff -up ./plugins/sudoers/rcstr.c.covscan ./plugins/sudoers/rcstr.c
+diff -up ./src/utmp.c.covscan ./src/utmp.c
diff --git a/sudo-1.9.5-utmp-leak.patch b/sudo-1.9.5-utmp-leak.patch
new file mode 100644
index 0000000..5c45ae6
--- /dev/null
+++ b/sudo-1.9.5-utmp-leak.patch
@@ -0,0 +1,22 @@
+From 3fc3a07a03ef74fde99db40ce9ef43ccab336205 Mon Sep 17 00:00:00 2001
+From: MertsA <andrewmerts@gmail.com>
+Date: Fri, 23 Jul 2021 03:36:05 -0700
+Subject: [PATCH] Rewind utmp file pointer after searching for entry
+
+getutline() advances the file pointer until it matches or reaches EOF. pututline() starts from the current position in utmp. This rewinds the file pointer to the beginning to avoid allocating additional spurious utmp entries.
+---
+ src/utmp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/utmp.c b/src/utmp.c
+index 544a37519..952bf3043 100644
+--- a/src/utmp.c
++++ b/src/utmp.c
+@@ -210,6 +210,7 @@ utmp_login(const char *from_line, const char *to_line, int ttyfd,
+ 	memset(&utbuf, 0, sizeof(utbuf));
+ 	strncpy(utbuf.ut_line, from_line, sizeof(utbuf.ut_line));
+ 	ut_old = sudo_getutline(&utbuf);
++	sudo_setutent();
+     }
+     utmp_fill(to_line, user, ut_old, &utbuf);
+     if (sudo_pututline(&utbuf) != NULL)
diff --git a/sudo.spec b/sudo.spec
index dad19b8..658e064 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.9.5p2
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: ISC
 URL: https://www.sudo.ws
 
@@ -10,8 +10,6 @@ Source1: sudoers
 Source2: sudo-ldap.conf
 
 Requires: pam
-Recommends: vim-minimal
-Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release}
 Requires(post): coreutils
 
 BuildRequires: make
@@ -31,6 +29,8 @@ Patch1: sudo-conf.patch
 Patch2: sudo-1.9.5-undefined-symbol.patch
 Patch3: sudo-1.9.5-selinux-t.patch
 Patch4: sudo-1.9.5-sesh-bad-condition.patch
+Patch5: sudo-1.9.5-utmp-leak.patch
+Patch6: covscan.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -67,6 +67,8 @@ BuildRequires:  python3-devel
 %patch2 -p1 -b .undefined
 %patch3 -p1 -b .selinux-t
 %patch4 -p1 -b .bad-cond
+%patch5 -p1 -b .utmp-leak
+%patch6 -p1 -b .covscan
 
 %build
 # Remove bundled copy of zlib
@@ -191,7 +193,7 @@ EOF
 %config(noreplace) /etc/pam.d/sudo
 %config(noreplace) /etc/pam.d/sudo-i
 %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
-%attr(0644,root,root) /etc/dnf/protected.d/sudo.conf
+%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
 %dir /var/db/sudo
 %dir /var/db/sudo/lectured
 %attr(4111,root,root) %{_bindir}/sudo
@@ -241,6 +243,16 @@ EOF
 %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so
 
 %changelog
+* Fri Aug 20 2021 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-7
+- utmp resource leak in sudo
+Resolves: rhbz#1986579
+- sudo does not list /etc/dnf/protected.d/sudo.conf in the rpm config files listing
+Resolves: rhbz#1997030
+- sudo uses Recommends for sudo-python-plugin(x86-64) = 1.9.5p2-2.el9 and vim-minimal
+Resolves: rhbz#1947908
+- review of important potential issues detected by static analyzers in sudo-1.9.5p2-2.el9
+Resolves: rhbz#1938879
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.5p2-6
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688