[sudo/f15] added patch for CVE-2012-2337

Daniel Kopeček mildew at fedoraproject.org
Thu May 17 13:04:33 UTC 2012 

commit 616f66b6ebb0c243c44231012c63af305a772821
Author: Daniel Kopecek <dkopecek at redhat.com>
Date:   Thu May 17 15:03:57 2012 +0200

    added patch for CVE-2012-2337

 sudo-1.7.4p5-CVE-2012-2337.patch |   27 +++++++++++++++++++++++++++
 sudo.spec                        |    8 +++++++-
 2 files changed, 34 insertions(+), 1 deletions(-)
---
diff --git a/sudo-1.7.4p5-CVE-2012-2337.patch b/sudo-1.7.4p5-CVE-2012-2337.patch
new file mode 100644
index 0000000..cc0c7e1
--- /dev/null
+++ b/sudo-1.7.4p5-CVE-2012-2337.patch
@@ -0,0 +1,27 @@
+diff -up sudo-1.7.4p5/match.c.CVE-2012-2337 sudo-1.7.4p5/match.c
+--- sudo-1.7.4p5/match.c.CVE-2012-2337	2012-05-17 14:48:49.570465186 +0200
++++ sudo-1.7.4p5/match.c	2012-05-17 14:53:12.812736038 +0200
+@@ -646,6 +646,7 @@ addr_matches_if(n)
+ 		}
+ 		if (j == sizeof(addr.ip6.s6_addr))
+ 		    return(TRUE);
++		break;
+ #endif
+ 	}
+     }
+@@ -711,6 +712,7 @@ addr_matches_if_netmask(n, m)
+ 	    case AF_INET:
+ 		if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr)
+ 		    return(TRUE);
++		break;
+ #ifdef HAVE_IN6_ADDR
+ 	    case AF_INET6:
+ 		for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
+@@ -719,6 +721,7 @@ addr_matches_if_netmask(n, m)
+ 		}
+ 		if (j == sizeof(addr.ip6.s6_addr))
+ 		    return(TRUE);
++		break;
+ #endif /* HAVE_IN6_ADDR */
+ 	}
+     }
diff --git a/sudo.spec b/sudo.spec
index cca9415..6a5f0fc 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.7.4p5
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: ISC
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@@ -31,6 +31,8 @@ Patch3: sudo-1.7.4p3-m4path.patch
 Patch4: sudo-1.7.4p4-getgrouplist-fixed.patch
 # reset HOME when using the `-i' option (#635250)
 Patch5: sudo-1.7.4p4-sudoi.patch
+# CVE-2012-2337
+Patch6: sudo-1.7.4p5-CVE-2012-2337.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -51,6 +53,7 @@ on many different machines.
 %patch3 -p1 -b .m4path
 %patch4 -p1 -b .getgrouplist-fixed
 %patch5 -p0 -b .sudoi
+%patch6 -p1 -b .CVE-2012-2337
 
 %build
 # handle newer autoconf
@@ -147,6 +150,9 @@ rm -rf $RPM_BUILD_ROOT
 /bin/chmod 0440 /etc/sudoers || :
 
 %changelog
+* Thu May 17 2012 Daniel Kopecek <dkopecek at redhat.com> - 1.7.4p5-5
+- added patch for CVE-2012-2337
+
 * Fri Jun  3 2011 Daniel Kopecek <dkopecek at redhat.com> - 1.7.4p5-4
 - build with RELPRO

More information about the scm-commits mailing list