Hello community,
here is the log from the commit of package sudo for openSUSE:Factory checked in at 2017-02-05 15:44:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sudo (Old)
and /work/SRC/openSUSE:Factory/.sudo.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo"
Changes:
--------
--- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2017-01-19 10:34:15.602244556 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes 2017-02-05 16:28:06.886293163 +0100
@@ -1,0 +2,10 @@
+Tue Jan 31 16:11:17 UTC 2017 - kstreitova@suse.com
+
+- add sudo-1.8.19p2-decrement_env_len.patch - In
+ sudo_unsetenv_nodebug(), decrement envp.env_len after removing
+ the variable [bsc#981124]
+- add sudo-1.8.19p2-dont_overwrite_ret_val.patch - don't overwrite
+ the return value of ldap_sasl_interactive_bind_s() by the
+ subsequent call to sudo_set_krb5_ccache_name() [bsc#981124]
+
+-------------------------------------------------------------------
New:
----
sudo-1.8.19p2-decrement_env_len.patch
sudo-1.8.19p2-dont_overwrite_ret_val.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sudo.spec ++++++
--- /var/tmp/diff_new_pack.5Mgovd/_old 2017-02-05 16:28:07.650185447 +0100
+++ /var/tmp/diff_new_pack.5Mgovd/_new 2017-02-05 16:28:07.650185447 +0100
@@ -33,6 +33,8 @@
Patch0: sudoers2ldif-env.patch
# PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
Patch1: sudo-sudoers.patch
+Patch2: sudo-1.8.19p2-decrement_env_len.patch
+Patch3: sudo-1.8.19p2-dont_overwrite_ret_val.patch
BuildRequires: audit-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: groff
@@ -74,6 +76,8 @@
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
%build
%ifarch s390 s390x %sparc
++++++ sudo-1.8.19p2-decrement_env_len.patch ++++++
# HG changeset patch
# User Todd C. Miller
# Date 1484590376 25200
# Node ID 3d87a008671c73ff8c058ce8576cc791d50086cc
# Parent 5323dfcfb009a2436bf7bd867e4d308e0935356b
In sudo_unsetenv_nodebug(), decrement envp.env_len after removing
the variable. From Paul Zirnik of SUSE.
diff -r 5323dfcfb009 -r 3d87a008671c plugins/sudoers/env.c
--- a/plugins/sudoers/env.c Sun Jan 15 19:13:26 2017 -0700
+++ b/plugins/sudoers/env.c Mon Jan 16 11:12:56 2017 -0700
@@ -497,6 +497,7 @@
char **cur = ep;
while ((*cur = *(cur + 1)) != NULL)
cur++;
+ env.env_len--;
/* Keep going, could be multiple instances of the var. */
} else {
ep++;
++++++ sudo-1.8.19p2-dont_overwrite_ret_val.patch ++++++
# HG changeset patch
# User Todd C. Miller
# Date 1484590826 25200
# Node ID 448baff2b586d8b777d9e5c01ce8e58d61d62b9a
# Parent 3d87a008671c73ff8c058ce8576cc791d50086cc
Don't overwrite the return value of ldap_sasl_interactive_bind_s()
by the subsequent call to sudo_set_krb5_ccache_name(). From Paul
Zirnik of SUSE.
diff -r 3d87a008671c -r 448baff2b586 plugins/sudoers/ldap.c
--- a/plugins/sudoers/ldap.c Mon Jan 16 11:12:56 2017 -0700
+++ b/plugins/sudoers/ldap.c Mon Jan 16 11:20:26 2017 -0700
@@ -3002,7 +3002,7 @@
static int
sudo_ldap_bind_s(LDAP *ld)
{
- int ret;
+ int rc, ret;
debug_decl(sudo_ldap_bind_s, SUDOERS_DEBUG_LDAP)
#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
@@ -3025,27 +3025,27 @@
}
if (new_ccname != NULL) {
- ret = sudo_set_krb5_ccache_name(new_ccname, &old_ccname);
- if (ret == 0) {
+ rc = sudo_set_krb5_ccache_name(new_ccname, &old_ccname);
+ if (rc == 0) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"set ccache name %s -> %s",
old_ccname ? old_ccname : "(none)", new_ccname);
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
- "sudo_set_krb5_ccache_name() failed: %d", ret);
+ "sudo_set_krb5_ccache_name() failed: %d", rc);
}
}
ret = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI",
NULL, NULL, LDAP_SASL_QUIET, sudo_ldap_sasl_interact, auth_id);
if (new_ccname != NULL) {
- ret = sudo_set_krb5_ccache_name(old_ccname ? old_ccname : "", NULL);
- if (ret == 0) {
+ rc = sudo_set_krb5_ccache_name(old_ccname ? old_ccname : "", NULL);
+ if (rc == 0) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"restore ccache name %s -> %s", new_ccname,
old_ccname ? old_ccname : "(none)");
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
- "sudo_set_krb5_ccache_name() failed: %d", ret);
+ "sudo_set_krb5_ccache_name() failed: %d", rc);
}
/* Remove temporary copy of user's credential cache. */
if (tmp_ccname != NULL)