Compare commits
3 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
a6dc111e7f | ||
|
|
e7d5924ea2 | ||
|
|
3282c380f6 |
6 changed files with 112 additions and 8 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -5,3 +5,4 @@ sudo-1.7.2p2-sudoers
|
|||
/sudo-1.7.4p4-sudoers
|
||||
/sudo-1.7.4p5.tar.gz
|
||||
/sudo-1.8.1p2.tar.gz
|
||||
/sudo-1.8.3p1.tar.gz
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1,2 +1,2 @@
|
|||
e8330f0e63b0ecb2e12b5c76922818cc sudo-1.8.1p2.tar.gz
|
||||
7becc572fa97f94cf721a2ee8299c45b sudo-1.8.3p1.tar.gz
|
||||
56f74aed3a7b32f2b01a34d65ac86f85 sudo-1.7.4p4-sudoers
|
||||
|
|
|
|||
28
sudo-1.8.3-pipelist.patch
Normal file
28
sudo-1.8.3-pipelist.patch
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
diff -up sudo-1.8.3/src/ttysize.c.pipelist sudo-1.8.3/src/ttysize.c
|
||||
--- sudo-1.8.3/src/ttysize.c.pipelist 2011-10-21 15:01:26.000000000 +0200
|
||||
+++ sudo-1.8.3/src/ttysize.c 2011-10-26 02:09:39.582790562 +0200
|
||||
@@ -20,6 +20,7 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
+#include <sys/stat.h>
|
||||
#include <stdio.h>
|
||||
#ifdef STDC_HEADERS
|
||||
# include <stdlib.h>
|
||||
@@ -48,6 +49,16 @@ void
|
||||
get_ttysize(int *rowp, int *colp)
|
||||
{
|
||||
char *p;
|
||||
+ struct stat st;
|
||||
+
|
||||
+ if (fstat(STDOUT_FILENO, &st) == 0) {
|
||||
+ if (S_ISFIFO(st.st_mode)) {
|
||||
+ *rowp = 0;
|
||||
+ *colp = 0;
|
||||
+ return;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
#ifdef TIOCGWINSZ
|
||||
struct winsize wsize;
|
||||
|
||||
23
sudo-1.8.3p1-CVE-2012-0809.patch
Normal file
23
sudo-1.8.3p1-CVE-2012-0809.patch
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
--- sudo-1.8.3p1/src/sudo.c Fri Oct 21 09:01:26 2011
|
||||
+++ sudo-1.8.3p1/src/sudo.c Tue Jan 24 15:59:03 2012
|
||||
@@ -1208,15 +1208,15 @@
|
||||
sudo_debug(int level, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
- char *fmt2;
|
||||
+ char *buf;
|
||||
|
||||
if (level > debug_level)
|
||||
return;
|
||||
|
||||
- /* Backet fmt with program name and a newline to make it a single write */
|
||||
- easprintf(&fmt2, "%s: %s\n", getprogname(), fmt);
|
||||
+ /* Bracket fmt with program name and a newline to make it a single write */
|
||||
va_start(ap, fmt);
|
||||
- vfprintf(stderr, fmt2, ap);
|
||||
+ evasprintf(&buf, fmt, ap);
|
||||
va_end(ap);
|
||||
- efree(fmt2);
|
||||
+ fprintf(stderr, "%s: %s\n", getprogname(), buf);
|
||||
+ efree(buf);
|
||||
}
|
||||
27
sudo-1.8.3p1-CVE-2012-2337.patch
Normal file
27
sudo-1.8.3p1-CVE-2012-2337.patch
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
diff -up sudo-1.8.3p1/plugins/sudoers/match_addr.c.CVE-2012-2337 sudo-1.8.3p1/plugins/sudoers/match_addr.c
|
||||
--- sudo-1.8.3p1/plugins/sudoers/match_addr.c.CVE-2012-2337 2012-05-17 09:58:05.760242173 +0200
|
||||
+++ sudo-1.8.3p1/plugins/sudoers/match_addr.c 2012-05-17 10:13:37.045581333 +0200
|
||||
@@ -91,6 +91,7 @@ addr_matches_if(char *n)
|
||||
}
|
||||
if (j == sizeof(addr.ip6.s6_addr))
|
||||
return TRUE;
|
||||
+ break;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
@@ -158,6 +159,7 @@ addr_matches_if_netmask(char *n, char *m
|
||||
case AF_INET:
|
||||
if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr)
|
||||
return TRUE;
|
||||
+ break;
|
||||
#ifdef HAVE_IN6_ADDR
|
||||
case AF_INET6:
|
||||
for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
|
||||
@@ -166,6 +168,7 @@ addr_matches_if_netmask(char *n, char *m
|
||||
}
|
||||
if (j == sizeof(addr.ip6.s6_addr))
|
||||
return TRUE;
|
||||
+ break;
|
||||
#endif /* HAVE_IN6_ADDR */
|
||||
}
|
||||
}
|
||||
39
sudo.spec
39
sudo.spec
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Allows restricted root access for specified users
|
||||
Name: sudo
|
||||
Version: 1.8.1p2
|
||||
Release: 2%{?dist}
|
||||
Version: 1.8.3p1
|
||||
Release: 3%{?dist}
|
||||
License: ISC
|
||||
Group: Applications/System
|
||||
URL: http://www.courtesan.com/sudo/
|
||||
|
|
@ -19,6 +19,7 @@ BuildRequires: automake autoconf libtool
|
|||
BuildRequires: audit-libs-devel libcap-devel
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: sendmail
|
||||
BuildRequires: gettext
|
||||
|
||||
# don't strip
|
||||
Patch1: sudo-1.6.7p5-strip.patch
|
||||
|
|
@ -26,9 +27,13 @@ Patch1: sudo-1.6.7p5-strip.patch
|
|||
Patch2: sudo-1.7.2p1-envdebug.patch
|
||||
# add m4/ to paths in aclocal.m4
|
||||
Patch3: sudo-1.7.4p3-m4path.patch
|
||||
# getgrouplist() to determine group membership (#235915)
|
||||
# - version with CVE-2009-0034 fixed
|
||||
Patch4: sudo-1.8.1p2-getgrouplist.patch
|
||||
# disable word wrapping if the ouput is piped
|
||||
Patch4: sudo-1.8.3-pipelist.patch
|
||||
# CVE-2012-0809
|
||||
Patch5: sudo-1.8.3p1-CVE-2012-0809.patch
|
||||
# CVE-2012-2337
|
||||
Patch6: sudo-1.8.3p1-CVE-2012-2337.patch
|
||||
|
||||
|
||||
%description
|
||||
Sudo (superuser do) allows a system administrator to give certain
|
||||
|
|
@ -56,7 +61,9 @@ plugins that use %{name}.
|
|||
%patch1 -p1 -b .strip
|
||||
%patch2 -p1 -b .envdebug
|
||||
%patch3 -p1 -b .m4path
|
||||
%patch4 -p1 -b .getgrouplist
|
||||
%patch4 -p1 -b .pipelist
|
||||
%patch5 -p1 -b .CVE-2012-0809
|
||||
%patch6 -p1 -b .CVE-2012-2337
|
||||
|
||||
# Remove execute permission on this script so we don't pull in perl deps
|
||||
chmod -x plugins/sudoers/sudoers2ldif
|
||||
|
|
@ -96,11 +103,18 @@ make
|
|||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
|
||||
|
||||
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
|
||||
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
|
||||
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
|
||||
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
|
||||
|
||||
%find_lang sudo
|
||||
%find_lang sudoers
|
||||
|
||||
cat sudo.lang sudoers.lang > sudo_all.lang
|
||||
rm sudo.lang sudoers.lang
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
|
||||
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
|
||||
#%PAM-1.0
|
||||
|
|
@ -124,7 +138,7 @@ EOF
|
|||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files
|
||||
%files -f sudo_all.lang
|
||||
%defattr(-,root,root)
|
||||
%doc ChangeLog NEWS README* MANIFEST
|
||||
%doc doc/HISTORY doc/LICENSE doc/TROUBLESHOOTING doc/UPGRADE
|
||||
|
|
@ -148,6 +162,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man8/sudoreplay.8*
|
||||
%{_mandir}/man8/visudo.8*
|
||||
|
||||
|
||||
# Make sure permissions are ok even if we're updating
|
||||
%post
|
||||
/bin/chmod 0440 /etc/sudoers || :
|
||||
|
|
@ -159,6 +174,16 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man8/sudo_plugin.8*
|
||||
|
||||
%changelog
|
||||
* Thu May 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-3
|
||||
- added patch for CVE-2012-2337
|
||||
|
||||
* Thu Jan 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-2
|
||||
- added patch for CVE-2012-0809
|
||||
|
||||
* Tue Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
|
||||
- update to 1.8.3p1
|
||||
- disable output word wrapping if the output is piped
|
||||
|
||||
* Wed Sep 7 2011 Peter Robinson <pbrobinson@fedoraproject.org> - 1.8.1p2-2
|
||||
- Remove execute bit from sample script in docs so we don't pull in perl
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue