[oe-commits] Joshua Lock : sudo: backport patch to address CVE 2012-0809

git at git.openembedded.org git at git.openembedded.org
Thu Mar 1 16:01:47 UTC 2012 

Module: openembedded-core.git
Branch: 2011-1
Commit: 286cdd5db60b4f668e75cd9e05efb97acb08b7a6
URL:    http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=286cdd5db60b4f668e75cd9e05efb97acb08b7a6

Author: Joshua Lock <josh at linux.intel.com>
Date:   Wed Feb 29 16:34:27 2012 -0800

sudo: backport patch to address CVE 2012-0809

This is a format string vulnerability "that can be used to crash
sudo or potentially allow an unauthorized user to elevate privileges."

Signed-off-by: Joshua Lock <josh at linux.intel.com>

---

 .../sudo/files/format-string.patch                 |   33 ++++++++++++++++++++
 meta/recipes-extended/sudo/sudo_1.8.1p2.bb         |    5 ++-
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-extended/sudo/files/format-string.patch b/meta/recipes-extended/sudo/files/format-string.patch
new file mode 100644
index 0000000..15056fd
--- /dev/null
+++ b/meta/recipes-extended/sudo/files/format-string.patch
@@ -0,0 +1,33 @@
+This patch, extracted from upstreams sudo-1.8.3p2.patch.gz addresses the
+recent Sudo format string vulnerability CVE 2012-0809.
+
+http://www.sudo.ws/sudo/alerts/sudo_debug.html
+
+Signed-off-by: Joshua Lock <josh at linux.intel.com>
+
+Upstream-Status: Backport
+
+diff -urNa sudo-1.8.3p1/src/sudo.c sudo-1.8.3p2/src/sudo.c
+--- sudo-1.8.3p1/src/sudo.c	Fri Oct 21 09:01:26 2011
++++ sudo-1.8.3p2/src/sudo.c	Tue Jan 24 15:59:03 2012
+@@ -1208,15 +1208,15 @@
+ sudo_debug(int level, const char *fmt, ...)
+ {
+     va_list ap;
+-    char *fmt2;
++    char *buf;
+ 
+     if (level > debug_level)
+ 	return;
+ 
+-    /* Backet fmt with program name and a newline to make it a single write */
+-    easprintf(&fmt2, "%s: %s\n", getprogname(), fmt);
++    /* Bracket fmt with program name and a newline to make it a single write */
+     va_start(ap, fmt);
+-    vfprintf(stderr, fmt2, ap);
++    evasprintf(&buf, fmt, ap);
+     va_end(ap);
+-    efree(fmt2);
++    fprintf(stderr, "%s: %s\n", getprogname(), buf);
++    efree(buf);
+ }
diff --git a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
index b065447..3694c89 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
@@ -1,10 +1,11 @@
 require sudo.inc
 
-PR = "r3"
+PR = "r4"
 
 SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
            file://libtool.patch \
-	   file://sudo-parallel-build.patch \ 
+	   file://sudo-parallel-build.patch \
+	   file://format-string.patch \
            ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
 
 PAM_SRC_URI = "file://sudo.pam"

More information about the Openembedded-commits mailing list