update to 1.8.15

- fixes CVE-2015-5602
2015-11-05 10:37:26 +01:00 · 2015-11-05 10:37:26 +01:00 · ab230f309f
parent f439d30a98
commit ab230f309f
4 changed files with 23 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,3 +15,4 @@ sudo-1.7.2p2-sudoers
 /sudo-1.8.11.tar.gz
 /sudo-1.8.11p2.tar.gz
 /sudo-1.8.12.tar.gz
+/sudo-1.8.15.tar.gz
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 775b863cdff3a2ee2a26c2d53b51aff5  sudo-1.8.8-sudoers
-87558f3a55c62bc9244b19594f103ffa  sudo-1.8.12.tar.gz
+7cf6b9b76d0478a572432bed481dd7b5  sudo-1.8.15.tar.gz
--- a/sudo-1.8.14p1-ldapconfpatch.patch
+++ b/sudo-1.8.14p1-ldapconfpatch.patch
@ -1,7 +1,7 @@
-diff -up sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.11b4/plugins/sudoers/ldap.c
--- sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch	2014-07-22 22:52:34.000000000 +0200
-+++ sudo-1.8.11b4/plugins/sudoers/ldap.c	2014-09-15 11:22:11.122094452 +0200
-@@ -1550,6 +1550,33 @@ sudo_check_krb5_ccname(const char *ccnam
+diff -up sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.14b3/plugins/sudoers/ldap.c
+--- sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch	2015-07-07 18:51:11.000000000 +0200
+++ sudo-1.8.14b3/plugins/sudoers/ldap.c	2015-07-09 11:03:25.686645581 +0200
+@@ -1922,6 +1922,33 @@ sudo_check_krb5_ccname(const char *ccnam
 }
 #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
 
@ -35,7 +35,7 @@ diff -up sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.11b4/plugin
 static bool
 sudo_ldap_read_config(void)
 {
-@@ -1575,7 +1602,7 @@ sudo_ldap_read_config(void)
+@@ -1955,7 +1982,7 @@ sudo_ldap_read_config(void)
     if ((fp = fopen(path_ldap_conf, "r")) == NULL)
 	debug_return_bool(false);
 
@ -44,11 +44,12 @@ diff -up sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.11b4/plugin
 	if (*line == '\0')
 	    continue;		/* skip empty line */
 
-@@ -1595,7 +1622,6 @@ sudo_ldap_read_config(void)
+@@ -1975,7 +2002,7 @@ sudo_ldap_read_config(void)
 	if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global))
 	    sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn);
     }
 -    free(line);
+
     fclose(fp);
 
-     if (!ldap_conf.host)
+     if (!ldap_conf.host) {
--- a/sudo.spec
+++ b/sudo.spec
@ -1,6 +1,6 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.8.12
+Version: 1.8.15
 Release: 1%{?dist}
 License: ISC
 Group: Applications/System
@ -27,7 +27,7 @@ BuildRequires: zlib-devel
 # don't strip
 Patch1: sudo-1.6.7p5-strip.patch
 # Patch to read ldap.conf more closely to nss_ldap
-Patch2: sudo-1.8.11b4-ldapconfpatch.patch
+Patch2: sudo-1.8.14p1-ldapconfpatch.patch

 %description
 Sudo (superuser do) allows a system administrator to give certain
@ -110,6 +110,9 @@ rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
 # Remove examples; Examples can be found in man pages too.
 rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo

+#Remove all .la files
+find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
+
 %find_lang sudo
 %find_lang sudoers

@ -146,9 +149,10 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0750,root,root) %dir /etc/sudoers.d/
 %config(noreplace) /etc/pam.d/sudo
 %config(noreplace) /etc/pam.d/sudo-i
+%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
 %dir /var/db/sudo
 %attr(4111,root,root) %{_bindir}/sudo
-%attr(4111,root,root) %{_bindir}/sudoedit
+%{_bindir}/sudoedit
 %attr(0111,root,root) %{_bindir}/sudoreplay
 %attr(0755,root,root) %{_sbindir}/visudo
 %dir %{_libexecdir}/sudo
@ -157,7 +161,8 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
 %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
 %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
-%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.*
+%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
+%{_libexecdir}/sudo/libsudo_util.so.?
 %{_mandir}/man5/sudoers.5*
 %{_mandir}/man5/sudoers.ldap.5*
 %{_mandir}/man5/sudo.conf.5*
@ -182,9 +187,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_includedir}/sudo_plugin.h
 %{_mandir}/man8/sudo_plugin.8*
 %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so
-%attr(0644,root,root) %{_libexecdir}/sudo/*.la

 %changelog
+* Thu Nov  5 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.15-1
+- update to 1.8.15
+- fixes CVE-2015-5602
+
 * Wed Feb 18 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.12
 - update to 1.8.12
 - fixes CVE-2014-9680