From eb94fe94a53d082549ef0ab742e95f3c5ec2be00 Mon Sep 17 00:00:00 2001 From: Síle Ekaterin Liszka Date: Mon, 21 Feb 2022 04:08:26 -0800 Subject: system/sudo: upgrade to 1.9.9 --- system/sudo/APKBUILD | 26 ++---- system/sudo/CVE-2021-3156.patch | 165 ------------------------------------ system/sudo/SIGUNUSED.patch | 16 ---- system/sudo/fix-cross-compile.patch | 15 ---- system/sudo/musl-fix-headers.patch | 10 --- 5 files changed, 8 insertions(+), 224 deletions(-) delete mode 100644 system/sudo/CVE-2021-3156.patch delete mode 100644 system/sudo/SIGUNUSED.patch delete mode 100644 system/sudo/fix-cross-compile.patch delete mode 100644 system/sudo/musl-fix-headers.patch diff --git a/system/sudo/APKBUILD b/system/sudo/APKBUILD index 1305a61f3..6aa3c4bf3 100644 --- a/system/sudo/APKBUILD +++ b/system/sudo/APKBUILD @@ -3,13 +3,13 @@ # Contributor: Natanael Copa # Maintainer: Horst Burkhardt pkgname=sudo -pkgver=1.9.2 +pkgver=1.9.9 if [ "${pkgver%_*}" != "$pkgver" ]; then _realver=${pkgver%_*}${pkgver#*_} else _realver=$pkgver fi -pkgrel=2 +pkgrel=0 pkgdesc="Give certain users the ability to run some commands as root" url="https://www.sudo.ws/sudo/" arch="all" @@ -20,12 +20,7 @@ makedepends_host="linux-pam-dev zlib-dev utmps-dev" makedepends_build="bash" makedepends="$makedepends_host $makedepends_build" subpackages="$pkgname-doc $pkgname-dev $pkgname-lang" -source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz - fix-cross-compile.patch - musl-fix-headers.patch - SIGUNUSED.patch - CVE-2021-3156.patch - " +source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz" builddir="$srcdir"/$pkgname-$_realver somask="audit_json.so group_file.so @@ -37,6 +32,10 @@ somask="audit_json.so " # secfixes: +# 1.9.9-r0: +# - CVE-2021-3156 +# - CVE-2021-23239 +# - CVE-2021-23240 # 1.8.20_p2-r0: # - CVE-2017-1000368 # 1.8.28-r0: @@ -64,11 +63,6 @@ build() { --disable-log-server \ --disable-log-client \ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - - # Workaround until SIGUNUSED.patch is not needed anymore - rm lib/util/mksiglist.h lib/util/mksigname.h - make -C lib/util DEVEL=1 mksiglist.h mksigname.h - make } @@ -84,8 +78,4 @@ package() { rm -rf "$pkgdir"/var/run } -sha512sums="20afdf2604b1c93395157382b24f225cd1ff88d3a892362e2d69fecd240c4e7171f05032c08be1778cd1dea6e460025e4241f57272fac0ea3550e220b6d73d21 sudo-1.9.2.tar.gz -f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c2407cf60de9327bdab01de51b878c5d4de49b0d62645f53c fix-cross-compile.patch -dcc03abdd672c934f90dfd3683b3f81a8d39cfff91307d2dbd20a31a852022ab605d034c4fe11860ba99b78d391a9812fca1d6e052620b8ff2c42e4f0c7a1a62 musl-fix-headers.patch -2733c220ccbdaf61a32d8c72a5bc0209673733014f0d71b568f1523b71416e9d1754dd8c95bc6cd99aa7f935ed6e93c5f19b1a1dbb7dfc2daf9917fd37f96e78 SIGUNUSED.patch -7ef329edccbbd26ac55ff58d4c6c470bf2d829ff8ad1388d67b6ea8c2c8284fd362209cf11458787efaa4e301106bd3b49b8b7310c9d222ac3a3483a17b3ec0e CVE-2021-3156.patch" +sha512sums="53064240431ae3d9409dc5cb7d72ab55d9ab5f802af4de99fadd987855461b3cca53f261d6256e3b6f35e30c7e162f4dfa3978ef6976415cf5be874fb2026614 sudo-1.9.9.tar.gz" diff --git a/system/sudo/CVE-2021-3156.patch b/system/sudo/CVE-2021-3156.patch deleted file mode 100644 index 7cb492d61..000000000 --- a/system/sudo/CVE-2021-3156.patch +++ /dev/null @@ -1,165 +0,0 @@ - -# HG changeset patch -# User Todd C. Miller -# Date 1611416639 25200 -# Node ID 049ad90590be1e5dfb7df2675d2eb3e37c96ab86 -# Parent a97dc92eae6b60ae285055441341d493c17262ff -Fix potential buffer overflow when unescaping backslashes in user_args. -Also, do not try to unescaping backslashes unless in run mode *and* -we are running the command via a shell. -Found by Qualys, this fixes CVE-2021-3156. - -diff -r a97dc92eae6b -r 049ad90590be plugins/sudoers/sudoers.c ---- a/plugins/sudoers/sudoers.c Sat Jan 23 08:43:59 2021 -0700 -+++ b/plugins/sudoers/sudoers.c Sat Jan 23 08:43:59 2021 -0700 -@@ -547,7 +547,7 @@ - - /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ - /* XXX - causes confusion when root is not listed in sudoers */ -- if (sudo_mode & (MODE_RUN | MODE_EDIT) && prev_user != NULL) { -+ if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT) && prev_user != NULL) { - if (user_uid == 0 && strcmp(prev_user, "root") != 0) { - struct passwd *pw; - -@@ -932,8 +932,8 @@ - if (user_cmnd == NULL) - user_cmnd = NewArgv[0]; - -- if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) { -- if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) { -+ if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT|MODE_CHECK)) { -+ if (!ISSET(sudo_mode, MODE_EDIT)) { - if (def_secure_path && !user_is_exempt()) - path = def_secure_path; - if (!set_perms(PERM_RUNAS)) -@@ -961,7 +961,8 @@ - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - debug_return_int(NOT_FOUND_ERROR); - } -- if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL)) { -+ if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL) && -+ ISSET(sudo_mode, MODE_RUN)) { - /* - * When running a command via a shell, the sudo front-end - * escapes potential meta chars. We unescape non-spaces -@@ -969,10 +970,22 @@ - */ - for (to = user_args, av = NewArgv + 1; (from = *av); av++) { - while (*from) { -- if (from[0] == '\\' && !isspace((unsigned char)from[1])) -+ if (from[0] == '\\' && from[1] != '\0' && -+ !isspace((unsigned char)from[1])) { - from++; -+ } -+ if (size - (to - user_args) < 1) { -+ sudo_warnx(U_("internal error, %s overflow"), -+ __func__); -+ debug_return_int(NOT_FOUND_ERROR); -+ } - *to++ = *from++; - } -+ if (size - (to - user_args) < 1) { -+ sudo_warnx(U_("internal error, %s overflow"), -+ __func__); -+ debug_return_int(NOT_FOUND_ERROR); -+ } - *to++ = ' '; - } - *--to = '\0'; - - -# HG changeset patch -# User Todd C. Miller -# Date 1611416639 25200 -# Node ID 9b97f1787804aedccaec63c379053b1a91a0e409 -# Parent 90aba6ba6e03f3bc33b4eabf16358396ed83642d -Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. -This is consistent with how the -e option is handled. -Also reject -H and -P flags for sudoedit as was done in sudo 1.7. -Found by Qualys, this is part of the fix for CVE-2021-3156. - -diff -r 90aba6ba6e03 -r 9b97f1787804 src/parse_args.c ---- a/src/parse_args.c Mon Jan 18 12:30:52 2021 +0100 -+++ b/src/parse_args.c Sat Jan 23 08:43:59 2021 -0700 -@@ -117,7 +117,10 @@ - /* - * Default flags allowed when running a command. - */ --#define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_SHELL) -+#define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_PRESERVE_GROUPS|MODE_SHELL) -+#define EDIT_VALID_FLAGS MODE_NONINTERACTIVE -+#define LIST_VALID_FLAGS (MODE_NONINTERACTIVE|MODE_LONG_LIST) -+#define VALIDATE_VALID_FLAGS MODE_NONINTERACTIVE - - /* Option number for the --host long option due to ambiguity of the -h flag. */ - #define OPT_HOSTNAME 256 -@@ -262,6 +265,7 @@ - progname = "sudoedit"; - mode = MODE_EDIT; - sudo_settings[ARG_SUDOEDIT].value = "true"; -+ valid_flags = EDIT_VALID_FLAGS; - } - - /* Load local IP addresses and masks. */ -@@ -365,7 +369,7 @@ - usage_excl(); - mode = MODE_EDIT; - sudo_settings[ARG_SUDOEDIT].value = "true"; -- valid_flags = MODE_NONINTERACTIVE; -+ valid_flags = EDIT_VALID_FLAGS; - break; - case 'g': - assert(optarg != NULL); -@@ -377,6 +381,7 @@ - break; - case 'H': - sudo_settings[ARG_SET_HOME].value = "true"; -+ SET(flags, MODE_RESET_HOME); - break; - case 'h': - if (optarg == NULL) { -@@ -431,7 +436,7 @@ - usage_excl(); - } - mode = MODE_LIST; -- valid_flags = MODE_NONINTERACTIVE|MODE_LONG_LIST; -+ valid_flags = LIST_VALID_FLAGS; - break; - case 'n': - SET(flags, MODE_NONINTERACTIVE); -@@ -439,6 +444,7 @@ - break; - case 'P': - sudo_settings[ARG_PRESERVE_GROUPS].value = "true"; -+ SET(flags, MODE_PRESERVE_GROUPS); - break; - case 'p': - /* An empty prompt is allowed. */ -@@ -505,7 +511,7 @@ - if (mode && mode != MODE_VALIDATE) - usage_excl(); - mode = MODE_VALIDATE; -- valid_flags = MODE_NONINTERACTIVE; -+ valid_flags = VALIDATE_VALID_FLAGS; - break; - case 'V': - if (mode && mode != MODE_VERSION) -@@ -533,7 +539,7 @@ - if (!mode) { - /* Defer -k mode setting until we know whether it is a flag or not */ - if (sudo_settings[ARG_IGNORE_TICKET].value != NULL) { -- if (argc == 0 && !(flags & (MODE_SHELL|MODE_LOGIN_SHELL))) { -+ if (argc == 0 && !ISSET(flags, MODE_SHELL|MODE_LOGIN_SHELL)) { - mode = MODE_INVALIDATE; /* -k by itself */ - sudo_settings[ARG_IGNORE_TICKET].value = NULL; - valid_flags = 0; -@@ -601,7 +607,7 @@ - /* - * For shell mode we need to rewrite argv - */ -- if (ISSET(mode, MODE_RUN) && ISSET(flags, MODE_SHELL)) { -+ if (ISSET(flags, MODE_SHELL|MODE_LOGIN_SHELL) && ISSET(mode, MODE_RUN)) { - char **av, *cmnd = NULL; - int ac = 1; - - diff --git a/system/sudo/SIGUNUSED.patch b/system/sudo/SIGUNUSED.patch deleted file mode 100644 index 969c3e82d..000000000 --- a/system/sudo/SIGUNUSED.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- sudo-1.8.28/lib/util/siglist.in 2019-10-10 11:32:54.000000000 -0500 -+++ sudo-1.8.28/lib/util/siglist.in 2019-10-14 16:42:46.259938722 -0500 -@@ -17,11 +17,12 @@ - EMT EMT trap - FPE Floating point exception - KILL Killed -+# before UNUSED (musl defines them as the same number) -+ SYS Bad system call - # before BUS (Older Linux doesn't really have a BUS, but defines it to UNUSED) - UNUSED Unused - BUS Bus error - SEGV Memory fault -- SYS Bad system call - PIPE Broken pipe - ALRM Alarm clock - TERM Terminated diff --git a/system/sudo/fix-cross-compile.patch b/system/sudo/fix-cross-compile.patch deleted file mode 100644 index d2fc97cca..000000000 --- a/system/sudo/fix-cross-compile.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- ./lib/util/Makefile.in.orig -+++ ./lib/util/Makefile.in -@@ -160,10 +160,10 @@ - ./mksigname > $@ - - mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/sudo_compat.h $(top_builddir)/config.h -- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@ -+ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@ - - mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/sudo_compat.h $(top_builddir)/config.h -- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@ -+ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@ - - $(srcdir)/mksiglist.h: $(srcdir)/siglist.in - @if [ -n "$(DEVEL)" ]; then \ diff --git a/system/sudo/musl-fix-headers.patch b/system/sudo/musl-fix-headers.patch deleted file mode 100644 index d57a9ff4b..000000000 --- a/system/sudo/musl-fix-headers.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- ./include/sudo_compat.h.orig -+++ ./include/sudo_compat.h -@@ -25,6 +25,7 @@ - #endif - #if !defined(HAVE_MEMSET_S) && !defined(rsize_t) - # include /* for rsize_t */ -+#include /* for id_t */ - # ifdef HAVE_STRING_H - # include /* for rsize_t on AIX */ - # endif /* HAVE_STRING_H */ -- cgit v1.2.3-70-g09d2