Inicio Explorar Axuda
Iniciar sesión
PUBLIC_REPOS
/
buildroot
réplica de git://git.buildroot.net/buildroot
2
1
Fork 0
Ficheiros
Explorar o código

package/sudo: bump to version 1.9.12p1

remove merged patch

diff LICENSE.md
-    Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler
+    Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
-    Copyright (c) 2008-2018, Dave Benson and the protobuf-c authors.
+    Copyright (c) 2008-2022, Dave Benson and the protobuf-c authors.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Francois Perrad %!s(int64=2) %!d(string=hai) anos
pai
380341b249
achega
f095f5a8be
Modificáronse 4 ficheiros con 6 adicións e 62 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 0 53
      package/sudo/0001-Fix-CVE-2022-43995.patch
  2. 1 1
      package/sudo/Config.in
  3. 3 3
      package/sudo/sudo.hash
  4. 2 5
      package/sudo/sudo.mk

+ 0 - 53
package/sudo/0001-Fix-CVE-2022-43995.patch
Ver ficheiro 

@@ -1,53 +0,0 @@
 
-From bd209b9f16fcd1270c13db27ae3329c677d48050 Mon Sep 17 00:00:00 2001
 
-From: "Todd C. Miller" <Todd.Miller@sudo.ws>
 
-Date: Fri, 28 Oct 2022 07:29:55 -0600
 
-Subject: [PATCH] Fix CVE-2022-43995, potential heap overflow for passwords < 8
 
- characters. Starting with sudo 1.8.0 the plaintext password buffer is
 
- dynamically sized so it is not safe to assume that it is at least 9 bytes in
 
- size. Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.
 
-
 
-[Retrieved from:
 
-https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050]
 
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
----
 
- plugins/sudoers/auth/passwd.c | 11 +++++------
 
- 1 file changed, 5 insertions(+), 6 deletions(-)
 
-
 
-diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c
 
-index b2046eca2..0416861e9 100644
 
---- a/plugins/sudoers/auth/passwd.c
 
-+++ b/plugins/sudoers/auth/passwd.c
 
-@@ -63,7 +63,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth)
 
- int
 
- sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
 
- {
 
--    char sav, *epass;
 
-+    char des_pass[9], *epass;
 
-     char *pw_epasswd = auth->data;
 
-     size_t pw_len;
 
-     int matched = 0;
 
-@@ -75,12 +75,12 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
 
- 
-     /*
 
-      * Truncate to 8 chars if standard DES since not all crypt()'s do this.
 
--     * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
 
-      */
 
--    sav = pass[8];
 
-     pw_len = strlen(pw_epasswd);
 
--    if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len))
 
--	pass[8] = '\0';
 
-+    if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) {
 
-+	strlcpy(des_pass, pass, sizeof(des_pass));
 
-+	pass = des_pass;
 
-+    }
 
- 
-     /*
 
-      * Normal UN*X password check.
 
-@@ -88,7 +88,6 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
 
-      * only compare the first DESLEN characters in that case.
 
-      */
 
-     epass = (char *) crypt(pass, pw_epasswd);
 
--    pass[8] = sav;
 
-     if (epass != NULL) {
 
- 	if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
 
- 	    matched = !strncmp(pw_epasswd, epass, DESLEN);

+ 1 - 1
package/sudo/Config.in
Ver ficheiro 

@@ -8,4 +8,4 @@ config BR2_PACKAGE_SUDO
 
 	  basic philosophy is to give as few privileges as possible
 
 	  basic philosophy is to give as few privileges as possible
 
 	  but still allow people to get their work done.
 
 	  but still allow people to get their work done.
 
 
 
-	  http://www.sudo.ws/sudo/
 
+	  https://www.sudo.ws/sudo/

+ 3 - 3
package/sudo/sudo.hash
Ver ficheiro 

@@ -1,4 +1,4 @@
 
-# From: http://www.sudo.ws/download.html
 
-sha256  a21918eb9fc0063794f6887464fa2d924ab6d192e19063191a429605c22791d2  sudo-1.9.11p2.tar.gz
 
+# From: https://www.sudo.ws/getting/download/
 
+sha256  475a18a8eb3da8b2917ceab063a6baf51ea09128c3c47e3e0e33ab7497bab7d8  sudo-1.9.12p1.tar.gz
 
 # Locally calculated
 
 # Locally calculated
 
-sha256  cf3a83366f9aabfd76d693ce03843106fcaaf6c76dfa97610f7c0b719a06e6bb  LICENSE.md
 
+sha256  d2f93a3b17ed5586fddd07be33ad767146c1a81a22682baa68bb4360a31d020a  LICENSE.md

+ 2 - 5
package/sudo/sudo.mk
Ver ficheiro 

@@ -4,8 +4,8 @@
 
 #
 
 #
 
 ################################################################################
 
 ################################################################################
 
 
 
-SUDO_VERSION_MAJOR = 1.9.11
 
-SUDO_VERSION_MINOR = p2
 
+SUDO_VERSION_MAJOR = 1.9.12
 
+SUDO_VERSION_MINOR = p1
 
 SUDO_VERSION = $(SUDO_VERSION_MAJOR)$(SUDO_VERSION_MINOR)
 
 SUDO_VERSION = $(SUDO_VERSION_MAJOR)$(SUDO_VERSION_MINOR)
 
 SUDO_SITE = https://www.sudo.ws/sudo/dist
 
 SUDO_SITE = https://www.sudo.ws/sudo/dist
 
 SUDO_LICENSE = ISC, BSD-3-Clause
 
 SUDO_LICENSE = ISC, BSD-3-Clause
 
@@ -25,9 +25,6 @@ SUDO_CONF_OPTS = \
 
 	--without-interfaces \
 
 	--without-interfaces \
 
 	--with-env-editor
 
 	--with-env-editor
 
 
 
-# 0001-Fix-CVE-2022-43995.patch
 
-SUDO_IGNORE_CVES += CVE-2022-43995
 
-
 
 ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
 
 ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
 
 define SUDO_INSTALL_PAM_CONF
 
 define SUDO_INSTALL_PAM_CONF
 
 	$(INSTALL) -D -m 0644 package/sudo/sudo.pam $(TARGET_DIR)/etc/pam.d/sudo
 
 	$(INSTALL) -D -m 0644 package/sudo/sudo.pam $(TARGET_DIR)/etc/pam.d/sudo