diff --git a/.gitignore b/.gitignore index 31c82be..f1a631a 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ sudo-1.7.2p2-sudoers /sudo-1.8.11.tar.gz /sudo-1.8.11p2.tar.gz /sudo-1.8.12.tar.gz +/sudo-1.8.15.tar.gz diff --git a/sources b/sources index 4bfc811..a565d42 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 775b863cdff3a2ee2a26c2d53b51aff5 sudo-1.8.8-sudoers -87558f3a55c62bc9244b19594f103ffa sudo-1.8.12.tar.gz +7cf6b9b76d0478a572432bed481dd7b5 sudo-1.8.15.tar.gz diff --git a/sudo-1.8.11b4-ldapconfpatch.patch b/sudo-1.8.14p1-ldapconfpatch.patch similarity index 71% rename from sudo-1.8.11b4-ldapconfpatch.patch rename to sudo-1.8.14p1-ldapconfpatch.patch index c7e9937..f42d487 100644 --- a/sudo-1.8.11b4-ldapconfpatch.patch +++ b/sudo-1.8.14p1-ldapconfpatch.patch @@ -1,7 +1,7 @@ -diff -up sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.11b4/plugins/sudoers/ldap.c ---- sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch 2014-07-22 22:52:34.000000000 +0200 -+++ sudo-1.8.11b4/plugins/sudoers/ldap.c 2014-09-15 11:22:11.122094452 +0200 -@@ -1550,6 +1550,33 @@ sudo_check_krb5_ccname(const char *ccnam +diff -up sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.14b3/plugins/sudoers/ldap.c +--- sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch 2015-07-07 18:51:11.000000000 +0200 ++++ sudo-1.8.14b3/plugins/sudoers/ldap.c 2015-07-09 11:03:25.686645581 +0200 +@@ -1922,6 +1922,33 @@ sudo_check_krb5_ccname(const char *ccnam } #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ @@ -35,7 +35,7 @@ diff -up sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.11b4/plugin static bool sudo_ldap_read_config(void) { -@@ -1575,7 +1602,7 @@ sudo_ldap_read_config(void) +@@ -1955,7 +1982,7 @@ sudo_ldap_read_config(void) if ((fp = fopen(path_ldap_conf, "r")) == NULL) debug_return_bool(false); @@ -44,11 +44,12 @@ diff -up sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.11b4/plugin if (*line == '\0') continue; /* skip empty line */ -@@ -1595,7 +1622,6 @@ sudo_ldap_read_config(void) +@@ -1975,7 +2002,7 @@ sudo_ldap_read_config(void) if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global)) sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn); } - free(line); ++ fclose(fp); - if (!ldap_conf.host) + if (!ldap_conf.host) { diff --git a/sudo.spec b/sudo.spec index 8630d4b..8473afd 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.12 +Version: 1.8.15 Release: 1%{?dist} License: ISC Group: Applications/System @@ -27,7 +27,7 @@ BuildRequires: zlib-devel # don't strip Patch1: sudo-1.6.7p5-strip.patch # Patch to read ldap.conf more closely to nss_ldap -Patch2: sudo-1.8.11b4-ldapconfpatch.patch +Patch2: sudo-1.8.14p1-ldapconfpatch.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -110,6 +110,9 @@ rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE # Remove examples; Examples can be found in man pages too. rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo +#Remove all .la files +find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' + %find_lang sudo %find_lang sudoers @@ -146,9 +149,10 @@ rm -rf $RPM_BUILD_ROOT %attr(0750,root,root) %dir /etc/sudoers.d/ %config(noreplace) /etc/pam.d/sudo %config(noreplace) /etc/pam.d/sudo-i +%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf %dir /var/db/sudo %attr(4111,root,root) %{_bindir}/sudo -%attr(4111,root,root) %{_bindir}/sudoedit +%{_bindir}/sudoedit %attr(0111,root,root) %{_bindir}/sudoreplay %attr(0755,root,root) %{_sbindir}/visudo %dir %{_libexecdir}/sudo @@ -157,7 +161,8 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so -%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.* +%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? +%{_libexecdir}/sudo/libsudo_util.so.? %{_mandir}/man5/sudoers.5* %{_mandir}/man5/sudoers.ldap.5* %{_mandir}/man5/sudo.conf.5* @@ -182,9 +187,12 @@ rm -rf $RPM_BUILD_ROOT %{_includedir}/sudo_plugin.h %{_mandir}/man8/sudo_plugin.8* %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so -%attr(0644,root,root) %{_libexecdir}/sudo/*.la %changelog +* Thu Nov 5 2015 Daniel Kopecek - 1.8.15-1 +- update to 1.8.15 +- fixes CVE-2015-5602 + * Wed Feb 18 2015 Daniel Kopecek - 1.8.12 - update to 1.8.12 - fixes CVE-2014-9680