[sudo/f15] added patch for CVE-2012-2337
Daniel Kopeček
mildew at fedoraproject.org
Thu May 17 13:04:33 UTC 2012
commit 616f66b6ebb0c243c44231012c63af305a772821
Author: Daniel Kopecek <dkopecek at redhat.com>
Date: Thu May 17 15:03:57 2012 +0200
added patch for CVE-2012-2337
sudo-1.7.4p5-CVE-2012-2337.patch | 27 +++++++++++++++++++++++++++
sudo.spec | 8 +++++++-
2 files changed, 34 insertions(+), 1 deletions(-)
---
diff --git a/sudo-1.7.4p5-CVE-2012-2337.patch b/sudo-1.7.4p5-CVE-2012-2337.patch
new file mode 100644
index 0000000..cc0c7e1
--- /dev/null
+++ b/sudo-1.7.4p5-CVE-2012-2337.patch
@@ -0,0 +1,27 @@
+diff -up sudo-1.7.4p5/match.c.CVE-2012-2337 sudo-1.7.4p5/match.c
+--- sudo-1.7.4p5/match.c.CVE-2012-2337 2012-05-17 14:48:49.570465186 +0200
++++ sudo-1.7.4p5/match.c 2012-05-17 14:53:12.812736038 +0200
+@@ -646,6 +646,7 @@ addr_matches_if(n)
+ }
+ if (j == sizeof(addr.ip6.s6_addr))
+ return(TRUE);
++ break;
+ #endif
+ }
+ }
+@@ -711,6 +712,7 @@ addr_matches_if_netmask(n, m)
+ case AF_INET:
+ if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr)
+ return(TRUE);
++ break;
+ #ifdef HAVE_IN6_ADDR
+ case AF_INET6:
+ for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
+@@ -719,6 +721,7 @@ addr_matches_if_netmask(n, m)
+ }
+ if (j == sizeof(addr.ip6.s6_addr))
+ return(TRUE);
++ break;
+ #endif /* HAVE_IN6_ADDR */
+ }
+ }
diff --git a/sudo.spec b/sudo.spec
index cca9415..6a5f0fc 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.7.4p5
-Release: 4%{?dist}
+Release: 5%{?dist}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@@ -31,6 +31,8 @@ Patch3: sudo-1.7.4p3-m4path.patch
Patch4: sudo-1.7.4p4-getgrouplist-fixed.patch
# reset HOME when using the `-i' option (#635250)
Patch5: sudo-1.7.4p4-sudoi.patch
+# CVE-2012-2337
+Patch6: sudo-1.7.4p5-CVE-2012-2337.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -51,6 +53,7 @@ on many different machines.
%patch3 -p1 -b .m4path
%patch4 -p1 -b .getgrouplist-fixed
%patch5 -p0 -b .sudoi
+%patch6 -p1 -b .CVE-2012-2337
%build
# handle newer autoconf
@@ -147,6 +150,9 @@ rm -rf $RPM_BUILD_ROOT
/bin/chmod 0440 /etc/sudoers || :
%changelog
+* Thu May 17 2012 Daniel Kopecek <dkopecek at redhat.com> - 1.7.4p5-5
+- added patch for CVE-2012-2337
+
* Fri Jun 3 2011 Daniel Kopecek <dkopecek at redhat.com> - 1.7.4p5-4
- build with RELPRO
More information about the scm-commits
mailing list