This patch will upgrade Sudo version 1.6.9 patchlevel 22 to Sudo version 1.6.9 patchlevel 23. To apply: $ cd sudo-1.6.9p22 $ patch -p1 < sudo-1.6.9p23.patch diff -urNa sudo-1.6.9p22/CHANGES sudo-1.6.9p23/CHANGES --- sudo-1.6.9p22/CHANGES Fri Apr 9 06:39:48 2010 +++ sudo-1.6.9p23/CHANGES Tue Jun 1 14:09:07 2010 @@ -2185,3 +2185,8 @@ possible pseudo-commands in command matching Sudo 1.6.9p22 released. + +689) Sudo will now check for and remove duplicate environment variables + when it changes the value of an existing variable. + +Sudo 1.6.9p23 released. diff -urNa sudo-1.6.9p22/Makefile.in sudo-1.6.9p23/Makefile.in --- sudo-1.6.9p22/Makefile.in Fri Apr 9 17:18:05 2010 +++ sudo-1.6.9p23/Makefile.in Tue Jun 1 14:09:21 2010 @@ -132,7 +132,7 @@ LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.9p22 +VERSION = 1.6.9p23 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP \ diff -urNa sudo-1.6.9p22/env.c sudo-1.6.9p23/env.c --- sudo-1.6.9p22/env.c Wed Apr 7 06:32:26 2010 +++ sudo-1.6.9p23/env.c Fri May 28 09:54:46 2010 @@ -270,6 +270,7 @@ { char **nep; size_t varlen; + int found = FALSE; /* Make sure there is room for the new entry plus a NULL. */ if (e->env_len + 2 > e->env_size) { @@ -278,20 +279,34 @@ } if (dupcheck) { - varlen = (strchr(str, '=') - str) + 1; + varlen = (strchr(str, '=') - str) + 1; - for (nep = e->envp; *nep; nep++) { + for (nep = e->envp; !found && *nep != NULL; nep++) { + if (strncmp(str, *nep, varlen) == 0) { + *nep = str; + found = TRUE; + } + } + /* Prune out duplicate variables. */ + if (found) { + while (*nep != NULL) { if (strncmp(str, *nep, varlen) == 0) { - *nep = str; - return; + memmove(nep, nep + 1, + (e->env_len - (nep - e->envp)) * sizeof(char *)); + e->env_len--; + } else { + nep++; } } - } else - nep = e->envp + e->env_len; + } + } - e->env_len++; - *nep++ = str; - *nep = NULL; + if (!found) { + nep = e->envp + e->env_len; + e->env_len++; + *nep++ = str; + *nep = NULL; + } } /* diff -urNa sudo-1.6.9p22/find_path.c sudo-1.6.9p23/find_path.c --- sudo-1.6.9p22/find_path.c Fri Apr 9 06:12:55 2010 +++ sudo-1.6.9p23/find_path.c Fri May 28 09:57:09 2010 @@ -131,7 +131,7 @@ if (!result && checkdot) { len = snprintf(command, sizeof(command), "./%s", infile); if (len <= 0 || len >= sizeof(command)) - errorx(1, "%s: File name too long", infile); + errx(1, "%s: File name too long", infile); result = sudo_goodpath(command, sbp); if (result && def_ignore_dot) return(NOT_FOUND_DOT); diff -urNa sudo-1.6.9p22/sudo.cat sudo-1.6.9p23/sudo.cat --- sudo-1.6.9p22/sudo.cat Wed Apr 7 06:17:29 2010 +++ sudo-1.6.9p23/sudo.cat Tue Jun 1 14:12:22 2010 @@ -61,7 +61,7 @@ -1.6.9p21 February 23, 2010 1 +1.6.9p23 June 1, 2010 1 @@ -127,7 +127,7 @@ -1.6.9p21 February 23, 2010 2 +1.6.9p23 June 1, 2010 2 @@ -193,7 +193,7 @@ -1.6.9p21 February 23, 2010 3 +1.6.9p23 June 1, 2010 3 @@ -259,7 +259,7 @@ -1.6.9p21 February 23, 2010 4 +1.6.9p23 June 1, 2010 4 @@ -325,7 +325,7 @@ -1.6.9p21 February 23, 2010 5 +1.6.9p23 June 1, 2010 5 @@ -391,7 +391,7 @@ -1.6.9p21 February 23, 2010 6 +1.6.9p23 June 1, 2010 6 @@ -457,7 +457,7 @@ -1.6.9p21 February 23, 2010 7 +1.6.9p23 June 1, 2010 7 @@ -523,7 +523,7 @@ -1.6.9p21 February 23, 2010 8 +1.6.9p23 June 1, 2010 8 @@ -589,6 +589,6 @@ -1.6.9p21 February 23, 2010 9 +1.6.9p23 June 1, 2010 9 diff -urNa sudo-1.6.9p22/sudo.man.in sudo-1.6.9p23/sudo.man.in --- sudo-1.6.9p22/sudo.man.in Wed Apr 7 06:34:30 2010 +++ sudo-1.6.9p23/sudo.man.in Tue Jun 1 14:10:25 2010 @@ -152,7 +152,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "February 23, 2010" "1.6.9p21" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "June 1, 2010" "1.6.9p23" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urNa sudo-1.6.9p22/sudoers.cat sudo-1.6.9p23/sudoers.cat --- sudo-1.6.9p22/sudoers.cat Wed Apr 7 09:45:30 2010 +++ sudo-1.6.9p23/sudoers.cat Tue Jun 1 14:12:51 2010 @@ -61,7 +61,7 @@ -1.6.9p21 April 7, 2010 1 +1.6.9p23 June 1, 2010 1 @@ -127,7 +127,7 @@ -1.6.9p21 April 7, 2010 2 +1.6.9p23 June 1, 2010 2 @@ -193,7 +193,7 @@ -1.6.9p21 April 7, 2010 3 +1.6.9p23 June 1, 2010 3 @@ -259,7 +259,7 @@ -1.6.9p21 April 7, 2010 4 +1.6.9p23 June 1, 2010 4 @@ -325,7 +325,7 @@ -1.6.9p21 April 7, 2010 5 +1.6.9p23 June 1, 2010 5 @@ -391,7 +391,7 @@ -1.6.9p21 April 7, 2010 6 +1.6.9p23 June 1, 2010 6 @@ -457,7 +457,7 @@ -1.6.9p21 April 7, 2010 7 +1.6.9p23 June 1, 2010 7 @@ -523,7 +523,7 @@ -1.6.9p21 April 7, 2010 8 +1.6.9p23 June 1, 2010 8 @@ -589,7 +589,7 @@ -1.6.9p21 April 7, 2010 9 +1.6.9p23 June 1, 2010 9 @@ -655,7 +655,7 @@ -1.6.9p21 April 7, 2010 10 +1.6.9p23 June 1, 2010 10 @@ -677,7 +677,7 @@ passprompt_override The password prompt specified by _p_a_s_s_p_r_o_m_p_t will normally only be used if - the passwod prompt provided by systems + the password prompt provided by systems such as PAM matches the string "Password:". If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always be used. This @@ -721,7 +721,7 @@ -1.6.9p21 April 7, 2010 11 +1.6.9p23 June 1, 2010 11 @@ -787,7 +787,7 @@ -1.6.9p21 April 7, 2010 12 +1.6.9p23 June 1, 2010 12 @@ -853,7 +853,7 @@ -1.6.9p21 April 7, 2010 13 +1.6.9p23 June 1, 2010 13 @@ -919,7 +919,7 @@ -1.6.9p21 April 7, 2010 14 +1.6.9p23 June 1, 2010 14 @@ -985,7 +985,7 @@ -1.6.9p21 April 7, 2010 15 +1.6.9p23 June 1, 2010 15 @@ -1051,7 +1051,7 @@ -1.6.9p21 April 7, 2010 16 +1.6.9p23 June 1, 2010 16 @@ -1117,7 +1117,7 @@ -1.6.9p21 April 7, 2010 17 +1.6.9p23 June 1, 2010 17 @@ -1183,7 +1183,7 @@ -1.6.9p21 April 7, 2010 18 +1.6.9p23 June 1, 2010 18 @@ -1249,7 +1249,7 @@ -1.6.9p21 April 7, 2010 19 +1.6.9p23 June 1, 2010 19 @@ -1315,7 +1315,7 @@ -1.6.9p21 April 7, 2010 20 +1.6.9p23 June 1, 2010 20 @@ -1381,7 +1381,7 @@ -1.6.9p21 April 7, 2010 21 +1.6.9p23 June 1, 2010 21 @@ -1447,7 +1447,7 @@ -1.6.9p21 April 7, 2010 22 +1.6.9p23 June 1, 2010 22 @@ -1513,7 +1513,7 @@ -1.6.9p21 April 7, 2010 23 +1.6.9p23 June 1, 2010 23 @@ -1579,7 +1579,7 @@ -1.6.9p21 April 7, 2010 24 +1.6.9p23 June 1, 2010 24 @@ -1645,6 +1645,6 @@ -1.6.9p21 April 7, 2010 25 +1.6.9p23 June 1, 2010 25 diff -urNa sudo-1.6.9p22/sudoers.man.in sudo-1.6.9p23/sudoers.man.in --- sudo-1.6.9p22/sudoers.man.in Wed Apr 7 09:45:27 2010 +++ sudo-1.6.9p23/sudoers.man.in Tue Jun 1 14:10:19 2010 @@ -144,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "April 7, 2010" "1.6.9p21" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "June 1, 2010" "1.6.9p23" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -702,7 +702,7 @@ .IP "passprompt_override" 16 .IX Item "passprompt_override" The password prompt specified by \fIpassprompt\fR will normally only -be used if the passwod prompt provided by systems such as \s-1PAM\s0 matches +be used if the password prompt provided by systems such as \s-1PAM\s0 matches the string \*(L"Password:\*(R". If \fIpassprompt_override\fR is set, \fIpassprompt\fR will always be used. This flag is \fIoff\fR by default. .IP "preserve_groups" 16 diff -urNa sudo-1.6.9p22/sudoers.pod sudo-1.6.9p23/sudoers.pod --- sudo-1.6.9p22/sudoers.pod Wed Apr 7 09:44:03 2010 +++ sudo-1.6.9p23/sudoers.pod Mon Apr 12 11:51:15 2010 @@ -581,7 +581,7 @@ =item passprompt_override The password prompt specified by I will normally only -be used if the passwod prompt provided by systems such as PAM matches +be used if the password prompt provided by systems such as PAM matches the string "Password:". If I is set, I will always be used. This flag is I by default. diff -urNa sudo-1.6.9p22/version.h sudo-1.6.9p23/version.h --- sudo-1.6.9p22/version.h Fri Apr 9 06:36:45 2010 +++ sudo-1.6.9p23/version.h Tue Jun 1 14:09:16 2010 @@ -21,6 +21,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.9p22"; +static const char version[] = "1.6.9p23"; #endif /* _SUDO_VERSION_H */ diff -urNa sudo-1.6.9p22/visudo.cat sudo-1.6.9p23/visudo.cat --- sudo-1.6.9p22/visudo.cat Wed Apr 7 06:17:29 2010 +++ sudo-1.6.9p23/visudo.cat Tue Jun 1 14:13:24 2010 @@ -61,7 +61,7 @@ -1.6.9p21 February 23, 2010 1 +1.6.9p23 June 1, 2010 1 @@ -127,7 +127,7 @@ -1.6.9p21 February 23, 2010 2 +1.6.9p23 June 1, 2010 2 @@ -193,6 +193,6 @@ -1.6.9p21 February 23, 2010 3 +1.6.9p23 June 1, 2010 3 diff -urNa sudo-1.6.9p22/visudo.man.in sudo-1.6.9p23/visudo.man.in --- sudo-1.6.9p22/visudo.man.in Wed Apr 7 06:33:44 2010 +++ sudo-1.6.9p23/visudo.man.in Tue Jun 1 14:10:37 2010 @@ -151,7 +151,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "February 23, 2010" "1.6.9p21" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "June 1, 2010" "1.6.9p23" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l