[sudo] added patch for CVE-2012-0809

Thu Jan 26 14:43:01 UTC 2012

commit 2c51203bb4651f7af42f5d2b30efc7c14ecc8a43
Author: Daniel Kopecek <dkopecek at redhat.com>
Date:   Thu Jan 26 15:36:37 2012 +0100

    added patch for CVE-2012-0809

 sudo-1.8.3p1-CVE-2012-0809.patch |   23 +++++++++++++++++++++++
 sudo.spec                        |    8 +++++++-
 2 files changed, 30 insertions(+), 1 deletions(-)
---

diff --git a/sudo-1.8.3p1-CVE-2012-0809.patch b/sudo-1.8.3p1-CVE-2012-0809.patch
new file mode 100644
index 0000000..8010808
--- /dev/null
+++ b/sudo-1.8.3p1-CVE-2012-0809.patch
@@ -0,0 +1,23 @@
+--- sudo-1.8.3p1/src/sudo.c	Fri Oct 21 09:01:26 2011
++++ sudo-1.8.3p1/src/sudo.c	Tue Jan 24 15:59:03 2012
+@@ -1208,15 +1208,15 @@ 
+ sudo_debug(int level, const char *fmt, ...)
+ {
+     va_list ap;
+-    char *fmt2;
++    char *buf;
+ 
+     if (level > debug_level)
+ 	return;
+ 
+-    /* Backet fmt with program name and a newline to make it a single write */
+-    easprintf(&fmt2, "%s: %s\n", getprogname(), fmt);
++    /* Bracket fmt with program name and a newline to make it a single write */
+     va_start(ap, fmt);
+-    vfprintf(stderr, fmt2, ap);
++    evasprintf(&buf, fmt, ap);
+     va_end(ap);
+-    efree(fmt2);
++    fprintf(stderr, "%s: %s\n", getprogname(), buf);
++    efree(buf);
+ }
diff --git a/sudo.spec b/sudo.spec
index 215f4e3..9724ad1 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.8.3p1
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: ISC
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@@ -29,6 +29,8 @@ Patch2: sudo-1.7.2p1-envdebug.patch
 Patch3: sudo-1.7.4p3-m4path.patch
 # disable word wrapping if the ouput is piped
 Patch4: sudo-1.8.3-pipelist.patch
+# CVE-2012-0809
+Patch5: sudo-1.8.3p1-CVE-2012-0809.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -57,6 +59,7 @@ plugins that use %{name}.
 %patch2 -p1 -b .envdebug
 %patch3 -p1 -b .m4path
 %patch4 -p1 -b .pipelist
+%patch5 -p1 -b .CVE-2012-0809
 
 # Remove execute permission on this script so we don't pull in perl deps
 chmod -x plugins/sudoers/sudoers2ldif
@@ -167,6 +170,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/sudo_plugin.8*
 
 %changelog
+* Thu Jan 26 2012 Daniel Kopecek <dkopecek at redhat.com> - 1.8.3p1-3
+- added patch for CVE-2012-0809
+
 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.3p1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 
