diff --git a/backport-Add-missing-check-for-reallocarray-failure.patch b/backport-Add-missing-check-for-reallocarray-failure.patch new file mode 100644 index 0000000000000000000000000000000000000000..f26d63df421114ed4c38a103488b30034e284853 --- /dev/null +++ b/backport-Add-missing-check-for-reallocarray-failure.patch @@ -0,0 +1,26 @@ +From aa50aaf8dae9c3c5e6c27ee743cedec1b0524fba Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 27 Jan 2021 09:00:49 -0700 +Subject: [PATCH] Add missing check for reallocarray() failure. Found by + OSS-Fuzz. + +--- + plugins/sudoers/parse_ldif.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/plugins/sudoers/parse_ldif.c b/plugins/sudoers/parse_ldif.c +index ce07c1967..53b14a281 100644 +--- a/plugins/sudoers/parse_ldif.c ++++ b/plugins/sudoers/parse_ldif.c +@@ -479,6 +479,8 @@ ldif_to_sudoers(struct sudoers_parse_tree *parse_tree, + + /* Convert from list of roles to array and sort by order. */ + role_array = reallocarray(NULL, numroles + 1, sizeof(*role_array)); ++ if (role_array == NULL) ++ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + for (n = 0; n < numroles; n++) { + if ((role = STAILQ_FIRST(roles)) == NULL) + break; /* cannot happen */ +-- +2.27.0 + diff --git a/backport-Check-arrays-that-are-passed-in-for-NULL-before-usin.patch b/backport-Check-arrays-that-are-passed-in-for-NULL-before-usin.patch new file mode 100644 index 0000000000000000000000000000000000000000..5594ff741278043b37a171fe413ee508e6490df2 --- /dev/null +++ b/backport-Check-arrays-that-are-passed-in-for-NULL-before-usin.patch @@ -0,0 +1,75 @@ +From 8f7cae69cc96f03af76ced855e6dc072ad09c5fc Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 9 Jun 2021 16:07:49 -0600 +Subject: [PATCH] Check arrays that are passed in for NULL before using them. + +--- + plugins/audit_json/audit_json.c | 38 +++++++++++++++++++++++++-------- + 1 file changed, 29 insertions(+), 9 deletions(-) + +diff --git a/plugins/audit_json/audit_json.c b/plugins/audit_json/audit_json.c +index acc4360c6..d792ff929 100644 +--- a/plugins/audit_json/audit_json.c ++++ b/plugins/audit_json/audit_json.c +@@ -1,7 +1,7 @@ + /* + * SPDX-License-Identifier: ISC + * +- * Copyright (c) 2020 Todd C. Miller ++ * Copyright (c) 2020-2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above +@@ -553,10 +553,20 @@ audit_write_record(const char *audit_str, const char *plugin_name, + goto oom; + + /* Write key=value objects. */ +- if (!add_key_value_object(&json, "options", state.settings, settings_filter)) +- goto oom; +- if (!add_key_value_object(&json, "user_info", state.user_info, NULL)) +- goto oom; ++ if (state.settings != NULL) { ++ if (!add_key_value_object(&json, "options", state.settings, settings_filter)) ++ goto oom; ++ } else { ++ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, ++ "missing settings list"); ++ } ++ if (state.user_info != NULL) { ++ if (!add_key_value_object(&json, "user_info", state.user_info, NULL)) ++ goto oom; ++ } else { ++ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, ++ "missing user_info list"); ++ } + if (command_info != NULL) { + if (!add_key_value_object(&json, "command_info", command_info, NULL)) + goto oom; +@@ -568,10 +578,20 @@ audit_write_record(const char *audit_str, const char *plugin_name, + if (!sudo_json_add_value(&json, "submit_optind", &json_value)) + goto oom; + +- if (!add_array(&json, "submit_argv", state.submit_argv)) +- goto oom; +- if (!add_array(&json, "submit_envp", state.submit_envp)) +- goto oom; ++ if (state.submit_argv != NULL) { ++ if (!add_array(&json, "submit_argv", state.submit_argv)) ++ goto oom; ++ } else { ++ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, ++ "missing submit_argv array"); ++ } ++ if (state.submit_envp != NULL) { ++ if (!add_array(&json, "submit_envp", state.submit_envp)) ++ goto oom; ++ } else { ++ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, ++ "missing submit_envp array"); ++ } + if (run_argv != NULL) { + if (!add_array(&json, "run_argv", run_argv)) + goto oom; +-- +2.27.0 + diff --git a/backport-Check-the-return-value-of-fcntl-when-setting-FD_CLOE.patch b/backport-Check-the-return-value-of-fcntl-when-setting-FD_CLOE.patch new file mode 100644 index 0000000000000000000000000000000000000000..7803b7210ac3ccc7f4c638e041ecdfc6f8709617 --- /dev/null +++ b/backport-Check-the-return-value-of-fcntl-when-setting-FD_CLOE.patch @@ -0,0 +1,200 @@ +From 71339c574fdc5f641e91d4a2acba2c89367e9087 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 6 Jan 2021 10:16:00 -0700 +Subject: [PATCH] Check the return value of fcntl() when setting FD_CLOEXEC. + This should never fail unless the fd is invalid. Problem reported by Matthias + Gerstner of SUSE. + +--- + lib/iolog/iolog_fileio.c | 11 ++++++----- + lib/util/sudo_debug.c | 5 ++++- + plugins/group_file/getgrent.c | 18 ++++++++++++++---- + plugins/sudoers/linux_audit.c | 6 ++++-- + plugins/sudoers/tsgetgrpw.c | 36 +++++++++++++++++++++++++++-------- + 5 files changed, 56 insertions(+), 20 deletions(-) + +diff --git a/lib/iolog/iolog_fileio.c b/lib/iolog/iolog_fileio.c +index 34600cb8f..84aeaa85b 100644 +--- a/lib/iolog/iolog_fileio.c ++++ b/lib/iolog/iolog_fileio.c +@@ -596,13 +596,14 @@ iolog_open(struct iolog_file *iol, int dfd, int iofd, const char *mode) + } + (void)lseek(fd, 0, SEEK_SET); + } +- (void)fcntl(fd, F_SETFD, FD_CLOEXEC); ++ if (fcntl(fd, F_SETFD, FD_CLOEXEC) != -1) { + #ifdef HAVE_ZLIB_H +- if (iol->compressed) +- iol->fd.g = gzdopen(fd, mode); +- else ++ if (iol->compressed) ++ iol->fd.g = gzdopen(fd, mode); ++ else + #endif +- iol->fd.f = fdopen(fd, mode); ++ iol->fd.f = fdopen(fd, mode); ++ } + if (iol->fd.v != NULL) { + switch ((flags & O_ACCMODE)) { + case O_WRONLY: +diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c +index 6822b0006..b98e05c56 100644 +--- a/lib/util/sudo_debug.c ++++ b/lib/util/sudo_debug.c +@@ -180,7 +180,10 @@ sudo_debug_new_output(struct sudo_debug_instance *instance, + } + ignore_result(fchown(output->fd, (uid_t)-1, 0)); + } +- (void)fcntl(output->fd, F_SETFD, FD_CLOEXEC); ++ if (fcntl(output->fd, F_SETFD, FD_CLOEXEC) == -1) { ++ sudo_warn_nodebug("%s", output->filename); ++ goto bad; ++ } + if (sudo_debug_fds_size < output->fd) { + /* Bump fds size to the next multiple of 4 * NBBY. */ + const int old_size = sudo_debug_fds_size / NBBY; +diff --git a/plugins/group_file/getgrent.c b/plugins/group_file/getgrent.c +index c8f513834..142fd39e1 100644 +--- a/plugins/group_file/getgrent.c ++++ b/plugins/group_file/getgrent.c +@@ -64,8 +64,12 @@ mysetgrent(void) + { + if (grf == NULL) { + grf = fopen(grfile, "r"); +- if (grf != NULL) +- (void)fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); ++ if (grf != NULL) { ++ if (fcntl(fileno(grf), F_SETFD, FD_CLOEXEC) == -1) { ++ fclose(grf); ++ grf = NULL; ++ } ++ } + } else { + rewind(grf); + } +@@ -139,7 +143,10 @@ mygetgrnam(const char *name) + if (grf == NULL) { + if ((grf = fopen(grfile, "r")) == NULL) + return NULL; +- (void)fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); ++ if (fcntl(fileno(grf), F_SETFD, FD_CLOEXEC) == -1) { ++ fclose(grf); ++ return NULL; ++ } + } else { + rewind(grf); + } +@@ -162,7 +169,10 @@ mygetgrgid(gid_t gid) + if (grf == NULL) { + if ((grf = fopen(grfile, "r")) == NULL) + return NULL; +- (void)fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); ++ if (fcntl(fileno(grf), F_SETFD, FD_CLOEXEC) == -1) { ++ fclose(grf); ++ return NULL; ++ } + } else { + rewind(grf); + } +diff --git a/plugins/sudoers/linux_audit.c b/plugins/sudoers/linux_audit.c +index 4f57f4561..e5eb2c2cc 100644 +--- a/plugins/sudoers/linux_audit.c ++++ b/plugins/sudoers/linux_audit.c +@@ -56,8 +56,10 @@ linux_audit_open(void) + au_fd = AUDIT_NOT_CONFIGURED; + else + sudo_warn("%s", U_("unable to open audit system")); +- } else { +- (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC); ++ } else if (fcntl(au_fd, F_SETFD, FD_CLOEXEC) == -1) { ++ sudo_warn("%s", U_("unable to open audit system")); ++ audit_close(au_fd); ++ au_fd = -1; + } + debug_return_int(au_fd); + } +diff --git a/plugins/sudoers/tsgetgrpw.c b/plugins/sudoers/tsgetgrpw.c +index dcb1c3fea..3e5d616bb 100644 +--- a/plugins/sudoers/tsgetgrpw.c ++++ b/plugins/sudoers/tsgetgrpw.c +@@ -86,8 +86,12 @@ setpwent(void) + { + if (pwf == NULL) { + pwf = fopen(pwfile, "r"); +- if (pwf != NULL) +- (void)fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC); ++ if (pwf != NULL) { ++ if (fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC) == -1) { ++ fclose(pwf); ++ pwf = NULL; ++ } ++ } + } else { + rewind(pwf); + } +@@ -164,7 +168,10 @@ getpwnam(const char *name) + if (pwf == NULL) { + if ((pwf = fopen(pwfile, "r")) == NULL) + return NULL; +- (void)fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC); ++ if (fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC) == -1) { ++ fclose(pwf); ++ return NULL; ++ } + } else { + rewind(pwf); + } +@@ -187,7 +194,10 @@ getpwuid(uid_t uid) + if (pwf == NULL) { + if ((pwf = fopen(pwfile, "r")) == NULL) + return NULL; +- (void)fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC); ++ if (fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC) == -1) { ++ fclose(pwf); ++ return NULL; ++ } + } else { + rewind(pwf); + } +@@ -215,8 +225,12 @@ setgrent(void) + { + if (grf == NULL) { + grf = fopen(grfile, "r"); +- if (grf != NULL) +- (void)fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); ++ if (grf != NULL) { ++ if (fcntl(fileno(grf), F_SETFD, FD_CLOEXEC) == -1) { ++ fclose(grf); ++ grf = NULL; ++ } ++ } + } else { + rewind(grf); + } +@@ -290,7 +304,10 @@ getgrnam(const char *name) + if (grf == NULL) { + if ((grf = fopen(grfile, "r")) == NULL) + return NULL; +- (void)fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); ++ if (fcntl(fileno(grf), F_SETFD, FD_CLOEXEC) == -1) { ++ fclose(grf); ++ grf = NULL; ++ } + } else { + rewind(grf); + } +@@ -313,7 +330,10 @@ getgrgid(gid_t gid) + if (grf == NULL) { + if ((grf = fopen(grfile, "r")) == NULL) + return NULL; +- (void)fcntl(fileno(grf), F_SETFD, FD_CLOEXEC); ++ if (fcntl(fileno(grf), F_SETFD, FD_CLOEXEC) == -1) { ++ fclose(grf); ++ grf = NULL; ++ } + } else { + rewind(grf); + } +-- +2.27.0 + diff --git a/backport-Copy-command-options-when-converting-a-sudoRole-with.patch b/backport-Copy-command-options-when-converting-a-sudoRole-with.patch new file mode 100644 index 0000000000000000000000000000000000000000..c5f1775e04b9bba802bed24c6fb41fbc4249c156 --- /dev/null +++ b/backport-Copy-command-options-when-converting-a-sudoRole-with.patch @@ -0,0 +1,35 @@ +From 4eb591c6f3e0374c5259e56c4f8c26257d20fbdf Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Sat, 30 Jan 2021 08:26:58 -0700 +Subject: [PATCH] Copy command options when converting a sudoRole with multiple + sudoCommands. A sudoRole with multiple sudoCommands is converted to a + privilege with multiple cmndspecs. However, we were not copying some of the + command options to subsequent cmndspecs in the list. + +--- + plugins/sudoers/ldap_util.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c +index 080c77e7b..fd308674d 100644 +--- a/plugins/sudoers/ldap_util.c ++++ b/plugins/sudoers/ldap_util.c +@@ -470,6 +470,15 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers, + cmndspec->runasgrouplist = prev_cmndspec->runasgrouplist; + cmndspec->notbefore = prev_cmndspec->notbefore; + cmndspec->notafter = prev_cmndspec->notafter; ++ cmndspec->timeout = prev_cmndspec->timeout; ++#ifdef HAVE_SELINUX ++ cmndspec->role = prev_cmndspec->role; ++ cmndspec->type = prev_cmndspec->type; ++#endif /* HAVE_SELINUX */ ++#ifdef HAVE_PRIV_SET ++ cmndspec->privs = prev_cmndspec->privs; ++ cmndspec->limitprivs = prev_cmndspec->limitprivs; ++#endif /* HAVE_PRIV_SET */ + cmndspec->tags = prev_cmndspec->tags; + if (cmndspec->tags.setenv == IMPLIED) + cmndspec->tags.setenv = UNSPEC; +-- +2.27.0 + diff --git a/backport-Correct-the-integer-overflow-check-in-store_timespec.patch b/backport-Correct-the-integer-overflow-check-in-store_timespec.patch new file mode 100644 index 0000000000000000000000000000000000000000..88ad54267b618650c7865211b931a4804366b621 --- /dev/null +++ b/backport-Correct-the-integer-overflow-check-in-store_timespec.patch @@ -0,0 +1,33 @@ +From d1cc1c59e8d1ac0dee8e99c5f2f1d7b254bf05a7 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Fri, 26 Feb 2021 16:43:48 -0700 +Subject: [PATCH] Correct the integer overflow check in store_timespec(). Fixes + oss-fuzz issue #31463 + +--- + plugins/sudoers/defaults.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c +index 4c37f77c9..fd25579f0 100644 +--- a/plugins/sudoers/defaults.c ++++ b/plugins/sudoers/defaults.c +@@ -855,10 +855,13 @@ store_timespec(const char *str, union sudo_defs_val *sd_un) + while (*str != '\0' && *str != '.') { + if (!isdigit((unsigned char)*str)) + debug_return_bool(false); /* invalid number */ +- if (ts.tv_sec > TIME_T_MAX / 10) ++ ++ /* Verify (ts.tv_sec * 10) + digit <= TIME_T_MAX. */ ++ i = *str++ - '0'; ++ if (ts.tv_sec > (TIME_T_MAX - i) / 10) + debug_return_bool(false); /* overflow */ + ts.tv_sec *= 10; +- ts.tv_sec += *str++ - '0'; ++ ts.tv_sec += i; + } + if (*str++ == '.') { + /* Convert optional fractional component to nanosecs. */ +-- +2.27.0 + diff --git a/backport-Don-t-close-fp-in-sudoers_parse_ldif.patch b/backport-Don-t-close-fp-in-sudoers_parse_ldif.patch new file mode 100644 index 0000000000000000000000000000000000000000..d35ad9b7900599b8a5a536ce99ec7f0bc9ccee10 --- /dev/null +++ b/backport-Don-t-close-fp-in-sudoers_parse_ldif.patch @@ -0,0 +1,57 @@ +From aaa2e8ddecf85903d71146532e40a14ea952ca2e Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Tue, 2 Feb 2021 15:06:38 -0700 +Subject: [PATCH] Don't close fp in sudoers_parse_ldif() The caller should be + the one to handle this. + +--- + plugins/sudoers/cvtsudoers.c | 13 +++++++++---- + plugins/sudoers/parse_ldif.c | 3 --- + 2 files changed, 9 insertions(+), 7 deletions(-) + +diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c +index 5d1ccdd0c..cebe5652e 100644 +--- a/plugins/sudoers/cvtsudoers.c ++++ b/plugins/sudoers/cvtsudoers.c +@@ -609,16 +609,21 @@ parse_ldif(struct sudoers_parse_tree *parse_tree, const char *input_file, + struct cvtsudoers_config *conf) + { + FILE *fp = stdin; ++ bool ret = false; + debug_decl(parse_ldif, SUDOERS_DEBUG_UTIL); + + /* Open LDIF file and parse it. */ + if (strcmp(input_file, "-") != 0) { + if ((fp = fopen(input_file, "r")) == NULL) +- sudo_fatal(U_("unable to open %s"), input_file); ++ sudo_warn(U_("unable to open %s"), input_file); + } +- +- debug_return_bool(sudoers_parse_ldif(parse_tree, fp, conf->sudoers_base, +- conf->store_options)); ++ if (fp != NULL) { ++ ret = sudoers_parse_ldif(parse_tree, fp, conf->sudoers_base, ++ conf->store_options); ++ if (fp != stdin) ++ fclose(fp); ++ } ++ debug_return_bool(ret); + } + + static bool +diff --git a/plugins/sudoers/parse_ldif.c b/plugins/sudoers/parse_ldif.c +index 059478f31..40d10cdfc 100644 +--- a/plugins/sudoers/parse_ldif.c ++++ b/plugins/sudoers/parse_ldif.c +@@ -775,8 +775,5 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree, + rbdestroy(groupcache, str_list_free); + rbdestroy(hostcache, str_list_free); + +- if (fp != stdin) +- fclose(fp); +- + debug_return_bool(errors == 0); + } +-- +2.27.0 + diff --git a/backport-Don-t-leak-memory-for-duplicate-command-options.patch b/backport-Don-t-leak-memory-for-duplicate-command-options.patch new file mode 100644 index 0000000000000000000000000000000000000000..dca56dddcabe99cbd0dd6213897605f2db898acc --- /dev/null +++ b/backport-Don-t-leak-memory-for-duplicate-command-options.patch @@ -0,0 +1,63 @@ +From 9f81e8a10941168b88b4855a2bc753c6f5919f9d Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Sat, 30 Jan 2021 08:53:55 -0700 +Subject: [PATCH] Don't leak memory for duplicate command options. The last + option wins but we also now warn about the duplicate. Found locally using + libfuzzer/oss-fuzz. + +--- + plugins/sudoers/ldap_util.c | 34 ++++++++++++++++++++++++++++++++++ + 1 file changed, 34 insertions(+) + +diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c +index fd308674d..4629c818f 100644 +--- a/plugins/sudoers/ldap_util.c ++++ b/plugins/sudoers/ldap_util.c +@@ -525,20 +525,44 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers, + + op = sudo_ldap_parse_option(opt, &var, &val); + if (strcmp(var, "command_timeout") == 0 && val != NULL) { ++ if (cmndspec->timeout != UNSPEC) { ++ sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, ++ op == '+' ? "+=" : op == '-' ? "-=" : "=", val); ++ } + cmndspec->timeout = parse_timeout(val); + #ifdef HAVE_SELINUX + } else if (strcmp(var, "role") == 0 && val != NULL) { ++ if (cmndspec->role != NULL) { ++ free(cmndspec->role); ++ sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, ++ op == '+' ? "+=" : op == '-' ? "-=" : "=", val); ++ } + if ((cmndspec->role = strdup(val)) == NULL) + break; + } else if (strcmp(var, "type") == 0 && val != NULL) { ++ if (cmndspec->type != NULL) { ++ free(cmndspec->type); ++ sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, ++ op == '+' ? "+=" : op == '-' ? "-=" : "=", val); ++ } + if ((cmndspec->type = strdup(val)) == NULL) + break; + #endif /* HAVE_SELINUX */ + #ifdef HAVE_PRIV_SET + } else if (strcmp(var, "privs") == 0 && val != NULL) { ++ if (cmndspec->privs != NULL) { ++ free(cmndspec->privs); ++ sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, ++ op == '+' ? "+=" : op == '-' ? "-=" : "=", val); ++ } + if ((cmndspec->privs = strdup(val)) == NULL) + break; + } else if (strcmp(var, "limitprivs") == 0 && val != NULL) { ++ if (cmndspec->limitprivs != NULL) { ++ free(cmndspec->limitprivs); ++ sudo_warnx(U_("duplicate sudoOption: %s%s%s"), var, ++ op == '+' ? "+=" : op == '-' ? "-=" : "=", val); ++ } + if ((cmndspec->limitprivs = strdup(val)) == NULL) + break; + #endif /* HAVE_PRIV_SET */ +-- +2.27.0 + diff --git a/backport-Don-t-set-the-command-status-in-the-closure-when-the.patch b/backport-Don-t-set-the-command-status-in-the-closure-when-the.patch new file mode 100644 index 0000000000000000000000000000000000000000..ed2d9b62b4a8c02c4a240d7ecff3ded6e1bb38a7 --- /dev/null +++ b/backport-Don-t-set-the-command-status-in-the-closure-when-the.patch @@ -0,0 +1,29 @@ +From 3147bbeb24320a9d3a8a0aac47dd1fab115fb8de Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Mon, 10 May 2021 13:42:06 -0600 +Subject: [PATCH] Don't set the command status in the closure when the command + is suspended. This should only be set for signals that terminate the process. + Fixes a bug where the sudo front-end could call the plugin close function + with a non-terminal signal argument. + +--- + src/exec_pty.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/exec_pty.c b/src/exec_pty.c +index cfe4929dd..12fbb54ca 100644 +--- a/src/exec_pty.c ++++ b/src/exec_pty.c +@@ -1002,8 +1002,8 @@ backchannel_cb(int fd, int what, void *v) + /* Command exited or was killed, either way we are done. */ + sudo_debug_printf(SUDO_DEBUG_INFO, "command exited or was killed"); + sudo_ev_loopexit(ec->evbase); ++ *ec->cstat = cstat; + } +- *ec->cstat = cstat; + break; + case CMD_ERRNO: + /* Monitor was unable to execute command or broken pipe. */ +-- +2.27.0 + diff --git a/backport-Fix-a-potential-use-after-free-in-conversation-funct.patch b/backport-Fix-a-potential-use-after-free-in-conversation-funct.patch new file mode 100644 index 0000000000000000000000000000000000000000..8b3c74ec446926a5e2fb09836efeaf65bbb102bb --- /dev/null +++ b/backport-Fix-a-potential-use-after-free-in-conversation-funct.patch @@ -0,0 +1,30 @@ +From 08b0b626f1cc7c0da39195b1a36d7f9a8d90275d Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 3 Mar 2021 08:19:44 -0700 +Subject: [PATCH] Fix a potential use-after-free in conversation function. The + prompt passed in to sudo_pam_verify() will be freed later by + check_user_interactive() so we need to reset the stashed value. From Pavel + Heimlich. Bug #967. + +--- + plugins/sudoers/auth/pam.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c +index 6310364b7..e917a3cc1 100644 +--- a/plugins/sudoers/auth/pam.c ++++ b/plugins/sudoers/auth/pam.c +@@ -298,6 +298,10 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co + + /* PAM_SILENT prevents the authentication service from generating output. */ + *pam_status = pam_authenticate(pamh, PAM_SILENT); ++ ++ /* Restore def_prompt, the passed-in prompt may be freed later. */ ++ def_prompt = PASSPROMPT; ++ + if (getpass_error) { + /* error or ^C from tgetpass() */ + debug_return_int(AUTH_INTR); +-- +2.27.0 + diff --git a/backport-Fix-cut-pasto-that-prevented-the-verify_server-optio.patch b/backport-Fix-cut-pasto-that-prevented-the-verify_server-optio.patch new file mode 100644 index 0000000000000000000000000000000000000000..05a074a8751fef76f0e73c81e21a3e116c1438cc --- /dev/null +++ b/backport-Fix-cut-pasto-that-prevented-the-verify_server-optio.patch @@ -0,0 +1,28 @@ +From af0345e2387831936cb7c59e90fb254d97e17cfb Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Fri, 30 Apr 2021 11:03:23 -0600 +Subject: [PATCH] Fix cut & pasto that prevented the verify_server option from + being set. The "log_server_verify" setting passed from the policy plugin was + applied to the "keepalive" option instead of "verify_server". From Krisztian + Kovacs. + +--- + plugins/sudoers/iolog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c +index 8e5a37527..252317717 100644 +--- a/plugins/sudoers/iolog.c ++++ b/plugins/sudoers/iolog.c +@@ -489,7 +489,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[], + if (strncmp(*cur, "log_server_verify=", sizeof("log_server_verify=") - 1) == 0) { + int val = sudo_strtobool(*cur + sizeof("log_server_verify=") - 1); + if (val != -1) { +- details->keepalive = val; ++ details->verify_server = val; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN, + "%s: unable to parse %s", __func__, *cur); +-- +2.27.0 + diff --git a/backport-Fix-debug-message-when-prctl-PR_SET_DUMPABLE-0-0-0-0.patch b/backport-Fix-debug-message-when-prctl-PR_SET_DUMPABLE-0-0-0-0.patch new file mode 100644 index 0000000000000000000000000000000000000000..a02ff8e0b4e082a46959145bf83e2e5c2f8c7da6 --- /dev/null +++ b/backport-Fix-debug-message-when-prctl-PR_SET_DUMPABLE-0-0-0-0.patch @@ -0,0 +1,26 @@ +From 51cbc626f8f54ff21d66df41dde143c520a1a81f Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Mon, 3 May 2021 12:40:23 -0600 +Subject: [PATCH] Fix debug message when prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) + fails. GitHub issue #101 + +--- + src/limits.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/limits.c b/src/limits.c +index ba5517542..f5c5cc5f9 100644 +--- a/src/limits.c ++++ b/src/limits.c +@@ -210,7 +210,7 @@ disable_coredump(void) + } + if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, +- "prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag); ++ "prctl(PR_SET_DUMPABLE, 0, 0, 0, 0)"); + } + #endif /* __linux__ */ + coredump_disabled = true; +-- +2.27.0 + diff --git a/backport-Fix-group-list-ref-leak-in-sudoers_policy_store_resu.patch b/backport-Fix-group-list-ref-leak-in-sudoers_policy_store_resu.patch new file mode 100644 index 0000000000000000000000000000000000000000..2c2c57067e29df7b22141e3741dddaa75ecc25b8 --- /dev/null +++ b/backport-Fix-group-list-ref-leak-in-sudoers_policy_store_resu.patch @@ -0,0 +1,54 @@ +From cc647c32e1140a44496dbd593cf45d5740fefa90 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 26 May 2021 07:31:19 -0600 +Subject: [PATCH] Fix group list ref leak in sudoers_policy_store_result() on + error path. + +--- + plugins/sudoers/policy.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c +index 0a133a02f..e42fb932d 100644 +--- a/plugins/sudoers/policy.c ++++ b/plugins/sudoers/policy.c +@@ -638,7 +638,7 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, + goto oom; + } + if (def_maxseq != NULL) { +- if (asprintf(&command_info[info_len++], "maxseq=%s", def_maxseq) == -1) ++ if ((command_info[info_len++] = sudo_new_key_val("maxseq", def_maxseq)) == NULL) + goto oom; + } + } +@@ -715,8 +715,10 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, + glsize = sizeof("runas_groups=") - 1 + + ((gidlist->ngids + 1) * (MAX_UID_T_LEN + 1)); + gid_list = malloc(glsize); +- if (gid_list == NULL) ++ if (gid_list == NULL) { ++ sudo_gidlist_delref(gidlist); + goto oom; ++ } + memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1); + cp = gid_list + sizeof("runas_groups=") - 1; + +@@ -727,6 +729,7 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, + if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + free(gid_list); ++ sudo_gidlist_delref(gidlist); + goto bad; + } + cp += len; +@@ -737,6 +740,7 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, + if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + free(gid_list); ++ sudo_gidlist_delref(gidlist); + goto bad; + } + cp += len; +-- +2.27.0 + diff --git a/backport-Fix-memory-leak-if-the-last-line-is-folded.patch b/backport-Fix-memory-leak-if-the-last-line-is-folded.patch new file mode 100644 index 0000000000000000000000000000000000000000..2cb0d08e3948995cf155d66b23f8a344e74dde85 --- /dev/null +++ b/backport-Fix-memory-leak-if-the-last-line-is-folded.patch @@ -0,0 +1,25 @@ +From 75f76eba819b9b8b19924f1427220db1532c1181 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Sat, 30 Jan 2021 06:15:21 -0700 +Subject: [PATCH] Fix memory leak if the last line is folded. Fixes issue 30080 + by ClusterFuzz-External + +--- + plugins/sudoers/parse_ldif.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/plugins/sudoers/parse_ldif.c b/plugins/sudoers/parse_ldif.c +index 71820fa3a..059478f31 100644 +--- a/plugins/sudoers/parse_ldif.c ++++ b/plugins/sudoers/parse_ldif.c +@@ -764,6 +764,7 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree, + } + sudo_role_free(role); + free(line); ++ free(savedline); + + /* Convert from roles to sudoers data structures. */ + ldif_to_sudoers(parse_tree, &roles, numroles, store_options); +-- +2.27.0 + diff --git a/backport-Fix-memory-leak-on-error-found-by-the-clang-10.01-an.patch b/backport-Fix-memory-leak-on-error-found-by-the-clang-10.01-an.patch new file mode 100644 index 0000000000000000000000000000000000000000..d31463f9547c74aae6a938c3da6162322e394e62 --- /dev/null +++ b/backport-Fix-memory-leak-on-error-found-by-the-clang-10.01-an.patch @@ -0,0 +1,109 @@ +From 24d5ee5893965632600a496e3cddd840b7bd0a9c Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Thu, 3 Sep 2020 13:07:38 -0600 +Subject: [PATCH] Fix memory leak on error found by the clang 10.01 analyzer. + +--- + plugins/sudoers/visudo.c | 69 ++++++++++++++++++++++++---------------- + 1 file changed, 42 insertions(+), 27 deletions(-) + +diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c +index 84c93300e..f8e7c96c1 100644 +--- a/plugins/sudoers/visudo.c ++++ b/plugins/sudoers/visudo.c +@@ -987,50 +987,65 @@ lock_sudoers(struct sudoersfile *entry) + } + + /* +- * Used to open (and lock) the initial sudoers file and to also open +- * any subsequent files #included via a callback from the parser. ++ * Open (and lock) a new sudoers file. ++ * Returns a new struct sudoersfile on success or NULL on failure. + */ +-FILE * +-open_sudoers(const char *path, bool doedit, bool *keepopen) ++static struct sudoersfile * ++new_sudoers(const char *path, bool doedit) + { + struct sudoersfile *entry; + struct stat sb; +- FILE *fp; + int open_flags; +- debug_decl(open_sudoers, SUDOERS_DEBUG_UTIL); ++ debug_decl(new_sudoersfile, SUDOERS_DEBUG_UTIL); + + if (checkonly) + open_flags = O_RDONLY; + else + open_flags = O_RDWR | O_CREAT; + ++ entry = calloc(1, sizeof(*entry)); ++ if (entry == NULL || (entry->path = strdup(path)) == NULL) ++ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); ++ /* entry->tpath = NULL; */ ++ /* entry->modified = false; */ ++ entry->doedit = doedit; ++ entry->fd = open(entry->path, open_flags, sudoers_mode); ++ if (entry->fd == -1 || fstat(entry->fd, &sb) == -1) { ++ sudo_warn("%s", entry->path); ++ goto bad; ++ } ++ if (!S_ISREG(sb.st_mode)) { ++ sudo_warnx(U_("%s is not a regular file"), entry->path); ++ goto bad; ++ } ++ if (!checkonly && !lock_sudoers(entry)) ++ goto bad; ++ debug_return_ptr(entry); ++bad: ++ if (entry->fd != -1) ++ close(entry->fd); ++ free(entry); ++ debug_return_ptr(NULL); ++} ++ ++/* ++ * Used to open (and lock) the initial sudoers file and to also open ++ * any subsequent files #included via a callback from the parser. ++ */ ++FILE * ++open_sudoers(const char *path, bool doedit, bool *keepopen) ++{ ++ struct sudoersfile *entry; ++ FILE *fp; ++ debug_decl(open_sudoers, SUDOERS_DEBUG_UTIL); ++ + /* Check for existing entry */ + TAILQ_FOREACH(entry, &sudoerslist, entries) { + if (strcmp(path, entry->path) == 0) + break; + } + if (entry == NULL) { +- entry = calloc(1, sizeof(*entry)); +- if (entry == NULL || (entry->path = strdup(path)) == NULL) +- sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); +- /* entry->tpath = NULL; */ +- /* entry->modified = false; */ +- entry->doedit = doedit; +- entry->fd = open(entry->path, open_flags, sudoers_mode); +- if (entry->fd == -1 || fstat(entry->fd, &sb) == -1) { +- sudo_warn("%s", entry->path); +- if (entry->fd != -1) +- close(entry->fd); +- free(entry); +- debug_return_ptr(NULL); +- } +- if (!S_ISREG(sb.st_mode)) { +- sudo_warnx(U_("%s is not a regular file"), entry->path); +- close(entry->fd); +- free(entry); +- debug_return_ptr(NULL); +- } +- if (!checkonly && !lock_sudoers(entry)) ++ if ((entry = new_sudoers(path, doedit)) == NULL) + debug_return_ptr(NULL); + if ((fp = fdopen(entry->fd, "r")) == NULL) + sudo_fatal("%s", entry->path); +-- +2.27.0 + diff --git a/backport-Fix-sudo_getgrgid-reference-count-bug-when-gid-doesn.patch b/backport-Fix-sudo_getgrgid-reference-count-bug-when-gid-doesn.patch new file mode 100644 index 0000000000000000000000000000000000000000..e0ce0144282c0c08d37b2a9b844aa5a0bede79be --- /dev/null +++ b/backport-Fix-sudo_getgrgid-reference-count-bug-when-gid-doesn.patch @@ -0,0 +1,27 @@ +From 520db741b543d7b5f4d8e8925ec14e2ca7c17b6c Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Fri, 12 Feb 2021 19:27:47 -0700 +Subject: [PATCH] Fix sudo_getgrgid reference count bug when gid doesn't exist. + This one was missed when the other user/group lookup functions were fixed. + +--- + plugins/sudoers/pwutil.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c +index ea0159fa8..a7b5bff8b 100644 +--- a/plugins/sudoers/pwutil.c ++++ b/plugins/sudoers/pwutil.c +@@ -561,7 +561,8 @@ done: + item->d.gr ? item->d.gr->gr_name : "unknown", + item->registry, node ? "cache hit" : "cached"); + } +- item->refcnt++; ++ if (item->d.gr != NULL) ++ item->refcnt++; + debug_return_ptr(item->d.gr); + } + +-- +2.27.0 + diff --git a/backport-Fix-the-buffer-size-parameter-when-serializing-the-i.patch b/backport-Fix-the-buffer-size-parameter-when-serializing-the-i.patch new file mode 100644 index 0000000000000000000000000000000000000000..a9aeaf061c11a27080de6b749f524691ce9d932b --- /dev/null +++ b/backport-Fix-the-buffer-size-parameter-when-serializing-the-i.patch @@ -0,0 +1,92 @@ +From a29cac8bd6567d403fd15f15f41679bf5cf0ac62 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Mon, 21 Dec 2020 10:44:22 -0700 +Subject: [PATCH] Fix the buffer size parameter when serializing the interface + list. Problem reported by Matthias Gerstner of SUSE. + +--- + src/net_ifs.c | 28 ++++++++++++++++------------ + 1 file changed, 16 insertions(+), 12 deletions(-) + +diff --git a/src/net_ifs.c b/src/net_ifs.c +index 0bdeace64..273ca9a42 100644 +--- a/src/net_ifs.c ++++ b/src/net_ifs.c +@@ -119,7 +119,8 @@ get_net_ifs(char **addrinfo) + #else + char addrstr[INET_ADDRSTRLEN], maskstr[INET_ADDRSTRLEN]; + #endif +- int ailen, len, num_interfaces = 0; ++ int len, num_interfaces = 0; ++ size_t ailen; + char *cp; + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF); + +@@ -172,13 +173,14 @@ get_net_ifs(char **addrinfo) + if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) + continue; + +- len = snprintf(cp, ailen - (*addrinfo - cp), +- "%s%s/%s", cp == *addrinfo ? "" : " ", addrstr, maskstr); +- if (len < 0 || len >= ailen - (*addrinfo - cp)) { ++ len = snprintf(cp, ailen, "%s%s/%s", ++ cp == *addrinfo ? "" : " ", addrstr, maskstr); ++ if (len < 0 || (size_t)len >= ailen) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + goto done; + } + cp += len; ++ ailen -= len; + break; + #ifdef HAVE_STRUCT_IN6_ADDR + case AF_INET6: +@@ -189,13 +191,14 @@ get_net_ifs(char **addrinfo) + if (inet_ntop(AF_INET6, &sin6->sin6_addr, maskstr, sizeof(maskstr)) == NULL) + continue; + +- len = snprintf(cp, ailen - (*addrinfo - cp), +- "%s%s/%s", cp == *addrinfo ? "" : " ", addrstr, maskstr); +- if (len < 0 || len >= ailen - (*addrinfo - cp)) { ++ len = snprintf(cp, ailen, "%s%s/%s", ++ cp == *addrinfo ? "" : " ", addrstr, maskstr); ++ if (len < 0 || (size_t)len >= ailen) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + goto done; + } + cp += len; ++ ailen -= len; + break; + #endif /* HAVE_STRUCT_IN6_ADDR */ + } +@@ -223,8 +226,8 @@ get_net_ifs(char **addrinfo) + struct ifreq *ifr, *ifr_tmp = (struct ifreq *)ifr_tmpbuf; + struct ifconf *ifconf; + struct sockaddr_in *sin; +- int ailen, i, len, n, sock, num_interfaces = 0; +- size_t buflen = sizeof(struct ifconf) + BUFSIZ; ++ int i, len, n, sock, num_interfaces = 0; ++ size_t ailen, buflen = sizeof(struct ifconf) + BUFSIZ; + char *cp, *previfname = "", *ifconf_buf = NULL; + char addrstr[INET_ADDRSTRLEN], maskstr[INET_ADDRSTRLEN]; + #ifdef _ISC +@@ -334,13 +337,14 @@ get_net_ifs(char **addrinfo) + if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) + continue; + +- len = snprintf(cp, ailen - (*addrinfo - cp), +- "%s%s/%s", cp == *addrinfo ? "" : " ", addrstr, maskstr); +- if (len < 0 || len >= ailen - (*addrinfo - cp)) { ++ len = snprintf(cp, ailen, "%s%s/%s", ++ cp == *addrinfo ? "" : " ", addrstr, maskstr); ++ if (len < 0 || (size_t)len >= ailen) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + goto done; + } + cp += len; ++ ailen -= len; + + /* Stash the name of the interface we saved. */ + previfname = ifr->ifr_name; +-- +2.27.0 + diff --git a/backport-Fix-uninstall-target-there-were-missing-line-continu.patch b/backport-Fix-uninstall-target-there-were-missing-line-continu.patch new file mode 100644 index 0000000000000000000000000000000000000000..50dd7d8002700c97e0cdc9f3e0c29c6f2b6bdc51 --- /dev/null +++ b/backport-Fix-uninstall-target-there-were-missing-line-continu.patch @@ -0,0 +1,40 @@ +From 29f5f3c53ecf92c53151dde2b607bc7d2f4b31ea Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 3 Feb 2021 07:35:33 -0700 +Subject: [PATCH] Fix uninstall target; there were missing line continuation + chars. GitHub issue #87 + +--- + doc/Makefile.in | 2 +- + plugins/sudoers/Makefile.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/doc/Makefile.in b/doc/Makefile.in +index e5e89de36..bc1541f1f 100644 +--- a/doc/Makefile.in ++++ b/doc/Makefile.in +@@ -393,7 +393,7 @@ uninstall: + $(DESTDIR)$(mandirform)/sudo_logsrv.proto.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudo_logsrvd.conf.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudoers.$(mansectform) \ +- $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) ++ $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) + + splint: +diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in +index 887c1ca99..77d54553b 100644 +--- a/plugins/sudoers/Makefile.in ++++ b/plugins/sudoers/Makefile.in +@@ -434,7 +434,7 @@ install-sudoers: install-dirs + uninstall: + -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/sudoers.la + -rm -f $(DESTDIR)$(bindir)/cvtsudoers \ +- $(DESTDIR)$(bindir)/sudoreplay ++ $(DESTDIR)$(bindir)/sudoreplay \ + $(DESTDIR)$(sbindir)/visudo + -test -z "$(INSTALL_BACKUP)" || \ + $(DESTDIR)$(bindir)/cvtsudoers$(INSTALL_BACKUP) \ +-- +2.27.0 + diff --git a/backport-Ignore-sudoNotBefore-and-sudoNotAfter-unless-ldap.co.patch b/backport-Ignore-sudoNotBefore-and-sudoNotAfter-unless-ldap.co.patch new file mode 100644 index 0000000000000000000000000000000000000000..725361f44bb392d844743d727175f228defc7029 --- /dev/null +++ b/backport-Ignore-sudoNotBefore-and-sudoNotAfter-unless-ldap.co.patch @@ -0,0 +1,39 @@ +From 6439b4cc0185bf55ea98c347b257d0303de62661 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 11 Nov 2020 09:34:50 -0700 +Subject: [PATCH] Ignore sudoNotBefore and sudoNotAfter unless ldap.conf + contains SUDOERS_TIMED This is consistent with the pre-1.8.24 behavior. Bug + #945 + +--- + plugins/sudoers/ldap.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c +index 0c9e4b3f4..a13da73e8 100644 +--- a/plugins/sudoers/ldap.c ++++ b/plugins/sudoers/ldap.c +@@ -1194,12 +1194,14 @@ ldap_entry_to_priv(LDAP *ld, LDAPMessage *entry, int *rc_out) + goto cleanup; + + /* Get sudoNotBefore / sudoNotAfter */ +- notbefore = sudo_ldap_get_values_len(ld, entry, "sudoNotBefore", &rc); +- if (rc == LDAP_NO_MEMORY) +- goto cleanup; +- notafter = sudo_ldap_get_values_len(ld, entry, "sudoNotAfter", &rc); +- if (rc == LDAP_NO_MEMORY) +- goto cleanup; ++ if (ldap_conf.timed) { ++ notbefore = sudo_ldap_get_values_len(ld, entry, "sudoNotBefore", &rc); ++ if (rc == LDAP_NO_MEMORY) ++ goto cleanup; ++ notafter = sudo_ldap_get_values_len(ld, entry, "sudoNotAfter", &rc); ++ if (rc == LDAP_NO_MEMORY) ++ goto cleanup; ++ } + + /* Parse sudoOptions. */ + opts = sudo_ldap_get_values_len(ld, entry, "sudoOption", &rc); +-- +2.27.0 + diff --git a/backport-In-sudo_lbuf_destroy-reset-error-len-and-size.patch b/backport-In-sudo_lbuf_destroy-reset-error-len-and-size.patch new file mode 100644 index 0000000000000000000000000000000000000000..f3a83bbfb126a4b41e935a8e9f72bf118d520272 --- /dev/null +++ b/backport-In-sudo_lbuf_destroy-reset-error-len-and-size.patch @@ -0,0 +1,26 @@ +From 7f27b04616a41676b5c1d28b1c34961cbec567f2 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Mon, 1 Mar 2021 16:05:51 -0700 +Subject: [PATCH] In sudo_lbuf_destroy(), reset error, len and size. + +--- + lib/util/lbuf.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/util/lbuf.c b/lib/util/lbuf.c +index 5ff069eb4..f17ae0ca5 100644 +--- a/lib/util/lbuf.c ++++ b/lib/util/lbuf.c +@@ -55,6 +55,9 @@ sudo_lbuf_destroy_v1(struct sudo_lbuf *lbuf) + debug_decl(sudo_lbuf_destroy, SUDO_DEBUG_UTIL); + + free(lbuf->buf); ++ lbuf->error = 0; ++ lbuf->len = 0; ++ lbuf->size = 0; + lbuf->buf = NULL; + + debug_return; +-- +2.27.0 + diff --git a/backport-Make-sure-SIGCHLD-is-not-ignored-when-sudo-is-execut.patch b/backport-Make-sure-SIGCHLD-is-not-ignored-when-sudo-is-execut.patch new file mode 100644 index 0000000000000000000000000000000000000000..574bcbf5ccc58a026a672df8b97018456cfea5d4 --- /dev/null +++ b/backport-Make-sure-SIGCHLD-is-not-ignored-when-sudo-is-execut.patch @@ -0,0 +1,38 @@ +From 727056e0c9519d8eecde801e950b35f2f69c72e2 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Fri, 23 Apr 2021 07:41:27 -0600 +Subject: [PATCH] Make sure SIGCHLD is not ignored when sudo is executed. If + SIGCHLD is ignored there is a race condition between when the process is + executed and when the SIGCHLD handler is installed. This fixes the bug + described by GitHub PR #98 + +--- + src/signal.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/signal.c b/src/signal.c +index 7f90d707b..866b64790 100644 +--- a/src/signal.c ++++ b/src/signal.c +@@ -133,6 +133,18 @@ init_signals(void) + case SIGTTOU: + /* Don't install these until exec time. */ + break; ++ case SIGCHLD: ++ /* Sudo needs to be able to catch SIGCHLD. */ ++ if (ss->sa.sa_handler == SIG_IGN) { ++ sudo_debug_printf(SUDO_DEBUG_INFO, ++ "will restore signal %d on exec", SIGCHLD); ++ ss->restore = true; ++ } ++ if (sigaction(SIGCHLD, &sa, NULL) != 0) { ++ sudo_warn(U_("unable to set handler for signal %d"), ++ SIGCHLD); ++ } ++ break; + default: + if (ss->sa.sa_handler != SIG_IGN) { + if (sigaction(ss->signo, &sa, NULL) != 0) { +-- +2.27.0 + diff --git a/backport-Make-sure-we-don-t-read-or-write-past-the-end-of-the.patch b/backport-Make-sure-we-don-t-read-or-write-past-the-end-of-the.patch new file mode 100644 index 0000000000000000000000000000000000000000..f34a96900bd70bb9f1c4acf270b22d44db6d358d --- /dev/null +++ b/backport-Make-sure-we-don-t-read-or-write-past-the-end-of-the.patch @@ -0,0 +1,48 @@ +From 3104d8ba0badc1c2e3aa2da522aed8a006ccd334 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Mon, 7 Jun 2021 13:08:10 -0600 +Subject: [PATCH] Make sure we don't read or write past the end of the group + buffer. We need to leave room for the terminating NULL in gr_mem. It is + possible for gbm->numgids > gbm->maxgids if we ran out of room. + +--- + lib/util/getgrouplist.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/lib/util/getgrouplist.c b/lib/util/getgrouplist.c +index 296fd9a79..b0a953e77 100644 +--- a/lib/util/getgrouplist.c ++++ b/lib/util/getgrouplist.c +@@ -270,9 +270,9 @@ str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen) + grp->gr_mem = NULL; + if (*fieldsep != '\0') { + grp->gr_mem = gr_mem = (char **)ALIGN(buf + inlen + 1); +- gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES); ++ gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES) - 1; + for (;;) { +- if (gr_mem == gr_end) ++ if (gr_mem >= gr_end) + return NSS_STR_PARSE_ERANGE; /* out of space! */ + *gr_mem++ = cp; + if (fieldsep == NULL) +@@ -311,13 +311,15 @@ process_cstr(const char *instr, int inlen, struct nss_groupsbymem *gbm, + /* Parse groups file string -> struct group. */ + grp = buf->result; + error = (*gbm->str2ent)(instr, inlen, grp, buf->buffer, buf->buflen); +- if (error || grp->gr_mem == NULL) ++ if (error != NSS_STR_PARSE_SUCCESS || grp->gr_mem == NULL) + goto done; + + for (gr_mem = grp->gr_mem; *gr_mem != NULL; gr_mem++) { + if (strcmp(*gr_mem, user) == 0) { ++ const int numgids = MIN(gbm->numgids, gbm->maxgids); ++ + /* Append to gid_array unless gr_gid is a dupe. */ +- for (i = 0; i < gbm->numgids; i++) { ++ for (i = 0; i < numgids; i++) { + if (gbm->gid_array[i] == grp->gr_gid) + goto done; /* already present */ + } +-- +2.27.0 + diff --git a/backport-Plug-memory-leak-if-there-are-duplicate-user_info-en.patch b/backport-Plug-memory-leak-if-there-are-duplicate-user_info-en.patch new file mode 100644 index 0000000000000000000000000000000000000000..d070aab6db971375d4c5a075001f98386f7a5914 --- /dev/null +++ b/backport-Plug-memory-leak-if-there-are-duplicate-user_info-en.patch @@ -0,0 +1,59 @@ +From ed796276993ee77abff54b6f78bd17220de45a1d Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Fri, 12 Feb 2021 19:04:37 -0700 +Subject: [PATCH] Plug memory leak if there are duplicate user_info entries. + +--- + plugins/sudoers/policy.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c +index 074c3f0e8..2c58b00d8 100644 +--- a/plugins/sudoers/policy.c ++++ b/plugins/sudoers/policy.c +@@ -362,6 +362,7 @@ sudoers_policy_deserialize_info(void *v) + for (cur = info->user_info; *cur != NULL; cur++) { + if (MATCHES(*cur, "user=")) { + CHECK(*cur, "user="); ++ free(user_name); + if ((user_name = strdup(*cur + sizeof("user=") - 1)) == NULL) + goto oom; + continue; +@@ -391,12 +392,14 @@ sudoers_policy_deserialize_info(void *v) + } + if (MATCHES(*cur, "cwd=")) { + CHECK(*cur, "cwd="); ++ free(user_cwd); + if ((user_cwd = strdup(*cur + sizeof("cwd=") - 1)) == NULL) + goto oom; + continue; + } + if (MATCHES(*cur, "tty=")) { + CHECK(*cur, "tty="); ++ free(user_ttypath); + if ((user_ttypath = strdup(*cur + sizeof("tty=") - 1)) == NULL) + goto oom; + user_tty = user_ttypath; +@@ -406,6 +409,9 @@ sudoers_policy_deserialize_info(void *v) + } + if (MATCHES(*cur, "host=")) { + CHECK(*cur, "host="); ++ if (user_shost != user_host) ++ free(user_shost); ++ free(user_host); + if ((user_host = strdup(*cur + sizeof("host=") - 1)) == NULL) + goto oom; + if ((p = strchr(user_host, '.')) != NULL) { +@@ -475,6 +481,9 @@ sudoers_policy_deserialize_info(void *v) + goto bad; + } + ++ if (user_srunhost != user_runhost) ++ free(user_srunhost); ++ free(user_runhost); + if ((user_runhost = strdup(remhost ? remhost : user_host)) == NULL) + goto oom; + if ((p = strchr(user_runhost, '.')) != NULL) { +-- +2.27.0 + diff --git a/backport-Prompt-user-before-truncating-a-file-to-zero-bytes.-.patch b/backport-Prompt-user-before-truncating-a-file-to-zero-bytes.-.patch new file mode 100644 index 0000000000000000000000000000000000000000..85e92d0a6b429455b23862f53329a1392b542f7e --- /dev/null +++ b/backport-Prompt-user-before-truncating-a-file-to-zero-bytes.-.patch @@ -0,0 +1,81 @@ +From 6ee98cf453772e13a037ee4d8f812fe6f28460e6 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 22 Jul 2020 07:42:40 -0600 +Subject: [PATCH] Prompt user before truncating a file to zero bytes. Bug + #922. + +--- + doc/sudo.man.in | 4 +++- + doc/sudo.mdoc.in | 4 +++- + src/copy_file.c | 11 +++++++++++ + 3 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/doc/sudo.man.in b/doc/sudo.man.in +index fcefabdd4..bcc1a7f70 100644 +--- a/doc/sudo.man.in ++++ b/doc/sudo.man.in +@@ -25,7 +25,7 @@ + .nr BA @BAMAN@ + .nr LC @LCMAN@ + .nr PS @PSMAN@ +-.TH "SUDO" "@mansectsu@" "May 7, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" ++.TH "SUDO" "@mansectsu@" "July 22, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" + .nh + .if n .ad l + .SH "NAME" +@@ -354,6 +354,8 @@ If the specified file does not exist, it will be created. + Note that unlike most commands run by + \fIsudo\fR, + the editor is run with the invoking user's environment unmodified. ++If the temporary file becomes empty after editing, the user will ++be prompted before it is installed. + If, for some reason, + \fBsudo\fR + is unable to update a file with its edited version, the user will +diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in +index 57295bb27..0f452420a 100644 +--- a/doc/sudo.mdoc.in ++++ b/doc/sudo.mdoc.in +@@ -24,7 +24,7 @@ + .nr BA @BAMAN@ + .nr LC @LCMAN@ + .nr PS @PSMAN@ +-.Dd May 7, 2020 ++.Dd July 22, 2020 + .Dt SUDO @mansectsu@ + .Os Sudo @PACKAGE_VERSION@ + .Sh NAME +@@ -336,6 +336,8 @@ If the specified file does not exist, it will be created. + Note that unlike most commands run by + .Em sudo , + the editor is run with the invoking user's environment unmodified. ++If the temporary file becomes empty after editing, the user will ++be prompted before it is installed. + If, for some reason, + .Nm + is unable to update a file with its edited version, the user will +diff --git a/src/copy_file.c b/src/copy_file.c +index 0db52630f..9aeb1f92a 100644 +--- a/src/copy_file.c ++++ b/src/copy_file.c +@@ -86,6 +86,17 @@ sudo_copy_file(const char *src, int src_fd, off_t src_len, const char *dst, + ssize_t nwritten, nread; + debug_decl(sudo_copy_file, SUDO_DEBUG_UTIL); + ++ /* Prompt the user before zeroing out an existing file. */ ++ if (dst_len > 0 && src_len == 0) { ++ fprintf(stderr, U_("%s: truncate %s to zero bytes? (y/n) [n] "), ++ getprogname(), dst); ++ if (fgets(buf, sizeof(buf), stdin) == NULL || ++ (buf[0] != 'y' && buf[0] != 'Y')) { ++ sudo_warnx(U_("not overwriting %s"), dst); ++ debug_return_int(0); ++ } ++ } ++ + /* Extend the file to the new size if larger before copying. */ + if (dst_len > 0 && src_len > dst_len) { + if (sudo_extend_file(dst_fd, dst, src_len) == -1) +-- +2.27.0 + diff --git a/backport-Remove-compatibility-defines-for-POSIX-sys-stat.h-ma.patch b/backport-Remove-compatibility-defines-for-POSIX-sys-stat.h-ma.patch new file mode 100644 index 0000000000000000000000000000000000000000..3c75fad574fc2b843550660e4bf77bdbea2cdddc --- /dev/null +++ b/backport-Remove-compatibility-defines-for-POSIX-sys-stat.h-ma.patch @@ -0,0 +1,101 @@ +From d9d450292d6167a167ff420b64e57f2a46a61cf6 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Wed, 10 Mar 2021 12:26:11 -0700 +Subject: [PATCH] Remove compatibility defines for POSIX sys/stat.h macros. + Modern systems have them and we no longer support pre-POSIX systems. This + fixes potential redefinition of the macros if sys/stat.h is included after + sudo_compat.h. Bug #968. + +--- + include/sudo_compat.h | 42 +++--------------------------------------- + lib/util/secure_path.c | 6 +++--- + 2 files changed, 6 insertions(+), 42 deletions(-) + +diff --git a/include/sudo_compat.h b/include/sudo_compat.h +index 29fdc8578..4ee5b6818 100644 +--- a/include/sudo_compat.h ++++ b/include/sudo_compat.h +@@ -146,48 +146,12 @@ + # endif + #endif + +-/* +- * POSIX versions for those without... +- */ +-#ifndef _S_IFMT +-# define _S_IFMT S_IFMT +-#endif /* _S_IFMT */ +-#ifndef _S_IFREG +-# define _S_IFREG S_IFREG +-#endif /* _S_IFREG */ +-#ifndef _S_IFDIR +-# define _S_IFDIR S_IFDIR +-#endif /* _S_IFDIR */ +-#ifndef _S_IFLNK +-# define _S_IFLNK S_IFLNK +-#endif /* _S_IFLNK */ +-#ifndef _S_IFIFO +-# define _S_IFIFO S_IFIFO +-#endif /* _S_IFIFO */ +-#ifndef S_ISREG +-# define S_ISREG(m) (((m) & _S_IFMT) == _S_IFREG) +-#endif /* S_ISREG */ +-#ifndef S_ISDIR +-# define S_ISDIR(m) (((m) & _S_IFMT) == _S_IFDIR) +-#endif /* S_ISDIR */ +-#ifndef S_ISLNK +-# define S_ISLNK(m) (((m) & _S_IFMT) == _S_IFLNK) +-#endif /* S_ISLNK */ +-#ifndef S_ISFIFO +-# define S_ISFIFO(m) (((m) & _S_IFMT) == _S_IFIFO) +-#endif /* S_ISLNK */ +-#ifndef S_ISTXT +-# define S_ISTXT 0001000 +-#endif /* S_ISTXT */ +- +-/* +- * ACCESSPERMS (00777) and ALLPERMS (07777) are handy BSDisms +- */ ++/* ACCESSPERMS and ALLPERMS are handy BSDisms. */ + #ifndef ACCESSPERMS +-# define ACCESSPERMS (S_IRWXU|S_IRWXG|S_IRWXO) ++# define ACCESSPERMS 00777 + #endif /* ACCESSPERMS */ + #ifndef ALLPERMS +-# define ALLPERMS (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO) ++# define ALLPERMS 07777 + #endif /* ALLPERMS */ + + /* For futimens() and utimensat() emulation. */ +diff --git a/lib/util/secure_path.c b/lib/util/secure_path.c +index 1d2c97d17..639425fbe 100644 +--- a/lib/util/secure_path.c ++++ b/lib/util/secure_path.c +@@ -41,7 +41,7 @@ sudo_secure_path(const char *path, unsigned int type, uid_t uid, gid_t gid, stru + debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL); + + if (path != NULL && stat(path, &sb) == 0) { +- if ((sb.st_mode & _S_IFMT) != type) { ++ if ((sb.st_mode & S_IFMT) != type) { + ret = SUDO_PATH_BAD_TYPE; + } else if (uid != (uid_t)-1 && sb.st_uid != uid) { + ret = SUDO_PATH_WRONG_OWNER; +@@ -66,7 +66,7 @@ sudo_secure_path(const char *path, unsigned int type, uid_t uid, gid_t gid, stru + int + sudo_secure_file_v1(const char *path, uid_t uid, gid_t gid, struct stat *sbp) + { +- return sudo_secure_path(path, _S_IFREG, uid, gid, sbp); ++ return sudo_secure_path(path, S_IFREG, uid, gid, sbp); + } + + /* +@@ -75,5 +75,5 @@ sudo_secure_file_v1(const char *path, uid_t uid, gid_t gid, struct stat *sbp) + int + sudo_secure_dir_v1(const char *path, uid_t uid, gid_t gid, struct stat *sbp) + { +- return sudo_secure_path(path, _S_IFDIR, uid, gid, sbp); ++ return sudo_secure_path(path, S_IFDIR, uid, gid, sbp); + } +-- +2.27.0 + diff --git a/backport-Reset-sudoers-path-owner-and-mode-before-parsing-plu.patch b/backport-Reset-sudoers-path-owner-and-mode-before-parsing-plu.patch new file mode 100644 index 0000000000000000000000000000000000000000..54e2a44f41ed5873cd9b18bce0f02a735f5d9bf7 --- /dev/null +++ b/backport-Reset-sudoers-path-owner-and-mode-before-parsing-plu.patch @@ -0,0 +1,29 @@ +From e89a8133ace9ed10d2c327c3b27d9c4198ad28d5 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Fri, 12 Feb 2021 21:15:36 -0700 +Subject: [PATCH] Reset sudoers path, owner and mode before parsing plugin + arguments. This is only needed when calling sudoers_policy_deserialize_info() + more than once, which is true for the policy fuzzer. + +--- + plugins/sudoers/policy.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c +index 2c58b00d8..a6a3e4159 100644 +--- a/plugins/sudoers/policy.c ++++ b/plugins/sudoers/policy.c +@@ -117,6 +117,10 @@ sudoers_policy_deserialize_info(void *v) + } while (0) + + /* Parse sudo.conf plugin args. */ ++ sudoers_file = _PATH_SUDOERS; ++ sudoers_mode = SUDOERS_MODE; ++ sudoers_uid = SUDOERS_UID; ++ sudoers_gid = SUDOERS_GID; + if (info->plugin_args != NULL) { + for (cur = info->plugin_args; *cur != NULL; cur++) { + if (MATCHES(*cur, "sudoers_file=")) { +-- +2.27.0 + diff --git a/backport-Set-a-restrictive-umask-so-new-files-are-only-read-w.patch b/backport-Set-a-restrictive-umask-so-new-files-are-only-read-w.patch new file mode 100644 index 0000000000000000000000000000000000000000..250d279348fa901bb58647bf9a01d07f95de1b70 --- /dev/null +++ b/backport-Set-a-restrictive-umask-so-new-files-are-only-read-w.patch @@ -0,0 +1,27 @@ +From d9f0eba1faf11d108dccded942059cba09bc8cc5 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Fri, 23 Apr 2021 18:58:55 -0600 +Subject: [PATCH] Set a restrictive umask so new files are only read/write by + owner. Coverity CID 221402 + +--- + logsrvd/logsrvd.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/logsrvd/logsrvd.c b/logsrvd/logsrvd.c +index 55373d925..12ec8a8e5 100644 +--- a/logsrvd/logsrvd.c ++++ b/logsrvd/logsrvd.c +@@ -2049,6 +2049,9 @@ main(int argc, char *argv[]) + bindtextdomain("sudo", LOCALEDIR); /* XXX - add logsrvd domain */ + textdomain("sudo"); + ++ /* Create files readable/writable only by owner. */ ++ umask(S_IRWXG|S_IRWXO); ++ + /* Register fatal/fatalx callback. */ + sudo_fatal_callback_register(logsrvd_cleanup); + +-- +2.27.0 + diff --git a/sudo.spec b/sudo.spec index 7522828153819467fd3a61d30a398c9950af7d7e..30f4f1f572f9c12e6536c928d413df50551aff24 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Name: sudo Version: 1.9.2 -Release: 14 +Release: 15 Summary: Allows restricted root access for specified users License: ISC URL: http://www.courtesan.com/sudo/ @@ -37,6 +37,32 @@ Patch23: backport-CVE-2023-22809.patch Patch24: backport-CVE-2023-28486_CVE-2023-28487.patch Patch25: Fix-compilation-error-on-sw64-arch.patch Patch26: backport-don-t-report-a-usage-error-for-sudo-V.patch +Patch27: backport-Prompt-user-before-truncating-a-file-to-zero-bytes.-.patch +Patch28: backport-Fix-memory-leak-on-error-found-by-the-clang-10.01-an.patch +Patch29: backport-Ignore-sudoNotBefore-and-sudoNotAfter-unless-ldap.co.patch +Patch30: backport-Fix-the-buffer-size-parameter-when-serializing-the-i.patch +Patch31: backport-Check-the-return-value-of-fcntl-when-setting-FD_CLOE.patch +Patch32: backport-Add-missing-check-for-reallocarray-failure.patch +Patch33: backport-Fix-memory-leak-if-the-last-line-is-folded.patch +Patch34: backport-Copy-command-options-when-converting-a-sudoRole-with.patch +Patch35: backport-Don-t-leak-memory-for-duplicate-command-options.patch +Patch36: backport-Don-t-close-fp-in-sudoers_parse_ldif.patch +Patch37: backport-Fix-uninstall-target-there-were-missing-line-continu.patch +Patch38: backport-Plug-memory-leak-if-there-are-duplicate-user_info-en.patch +Patch39: backport-Fix-sudo_getgrgid-reference-count-bug-when-gid-doesn.patch +Patch40: backport-Reset-sudoers-path-owner-and-mode-before-parsing-plu.patch +Patch41: backport-Correct-the-integer-overflow-check-in-store_timespec.patch +Patch42: backport-In-sudo_lbuf_destroy-reset-error-len-and-size.patch +Patch43: backport-Fix-a-potential-use-after-free-in-conversation-funct.patch +Patch44: backport-Remove-compatibility-defines-for-POSIX-sys-stat.h-ma.patch +Patch45: backport-Make-sure-SIGCHLD-is-not-ignored-when-sudo-is-execut.patch +Patch46: backport-Set-a-restrictive-umask-so-new-files-are-only-read-w.patch +Patch47: backport-Fix-cut-pasto-that-prevented-the-verify_server-optio.patch +Patch48: backport-Fix-debug-message-when-prctl-PR_SET_DUMPABLE-0-0-0-0.patch +Patch49: backport-Don-t-set-the-command-status-in-the-closure-when-the.patch +Patch50: backport-Fix-group-list-ref-leak-in-sudoers_policy_store_resu.patch +Patch51: backport-Make-sure-we-don-t-read-or-write-past-the-end-of-the.patch +Patch52: backport-Check-arrays-that-are-passed-in-for-NULL-before-usin.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: pam @@ -177,6 +203,9 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i %exclude %{_pkgdocdir}/ChangeLog %changelog +* Tue Dec 19 2023 fuanan - 1.9.2-15 +- Backport patches from upstream + * Mon Nov 27 2023 zhangruifang - 1.9.2-14 - Don't report a usage error for "sudo -V".