This patch will upgrade Sudo version 1.8.9 patchlevel 4 to Sudo version 1.8.9 patchlevel 5. To apply: $ cd sudo-1.8.9p4 $ patch -p1 < sudo-1.8.9p5.patch diff -urNa sudo-1.8.9p4/ChangeLog sudo-1.8.9p5/ChangeLog --- sudo-1.8.9p4/ChangeLog Wed Jan 15 06:21:07 2014 +++ sudo-1.8.9p5/ChangeLog Tue Feb 4 06:47:35 2014 @@ -1,3 +1,38 @@ +2014-02-04 Todd C. Miller + + * NEWS, configure, configure.ac: + Update for sudo 1.8.9p5 + [3ee678307ef4] <1.8> + + * src/preserve_fds.c: + When the closefrom limit is greater than any of the preserved fds, + the pfds list will be non-empty but lastfd will be -1 triggering an + ecalloc(0) assertion. Instead, test for lastfd being -1 and make + sure we always update it, even if dup() fails. Also restore initial + value of lowfd after we are done relocating. Fixes bug #633 + [a11206a31f28] + +2014-01-30 Todd C. Miller + + * common/atomode.c: + Zero out errstr when there is no error; fixes bug #632 + [74950ef1a0dc] + +2014-01-24 Todd C. Miller + + * include/missing.h: + Fix typo, ULONG_MAX vs. ULLONG_MAX + [5d274daa9fb1] + + * plugins/sudoers/sudo_nss.c: + Fix typo in the AIX case. + [ee531c950fce] + + * plugins/sudoers/sudo_nss.c: + Size pointer for sudo_parseln() should be size_t not ssize_t. This + was already correct for the nsswitch.conf case. + [cfaf895c1db4] + 2014-01-15 Todd C. Miller * NEWS, configure, configure.ac: diff -urNa sudo-1.8.9p4/NEWS sudo-1.8.9p5/NEWS --- sudo-1.8.9p4/NEWS Wed Jan 15 06:02:28 2014 +++ sudo-1.8.9p5/NEWS Tue Feb 4 06:37:48 2014 @@ -1,3 +1,12 @@ +What's new in Sudo 1.8.9p5? + + * Fixed a compilation error on AIX when LDAP support is enabled. + + * Fixed parsing of the "umask" defaults setting in sudoers. Bug #632. + + * Fixed a failed assertion when the "closefrom_override" defaults + setting is enabled in sudoers and sudo's -C flag is used. Bug #633. + What's new in Sudo 1.8.9p4? * Fixed a bug where sudo could consume large amounts of CPU while diff -urNa sudo-1.8.9p4/common/atomode.c sudo-1.8.9p5/common/atomode.c --- sudo-1.8.9p4/common/atomode.c Tue Jan 7 11:08:50 2014 +++ sudo-1.8.9p5/common/atomode.c Thu Jan 30 13:41:00 2014 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013 Todd C. Miller + * Copyright (c) 2013-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -62,5 +62,7 @@ errno = ERANGE; debug_return_int(0); } + if (errstr != NULL) + *errstr = NULL; debug_return_int((int)lval); } diff -urNa sudo-1.8.9p4/configure sudo-1.8.9p5/configure --- sudo-1.8.9p4/configure Wed Jan 15 06:02:29 2014 +++ sudo-1.8.9p5/configure Tue Feb 4 06:38:35 2014 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for sudo 1.8.9p4. +# Generated by GNU Autoconf 2.69 for sudo 1.8.9p5. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.8.9p4' -PACKAGE_STRING='sudo 1.8.9p4' +PACKAGE_VERSION='1.8.9p5' +PACKAGE_STRING='sudo 1.8.9p5' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' @@ -1498,7 +1498,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.8.9p4 to adapt to many kinds of systems. +\`configure' configures sudo 1.8.9p5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1563,7 +1563,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.8.9p4:";; + short | recursive ) echo "Configuration of sudo 1.8.9p5:";; esac cat <<\_ACEOF @@ -1793,7 +1793,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.8.9p4 +sudo configure 1.8.9p5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2502,7 +2502,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.8.9p4, which was +It was created by sudo $as_me 1.8.9p5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -22766,7 +22766,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.8.9p4, which was +This file was extended by sudo $as_me 1.8.9p5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22832,7 +22832,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.8.9p4 +sudo config.status 1.8.9p5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urNa sudo-1.8.9p4/configure.ac sudo-1.8.9p5/configure.ac --- sudo-1.8.9p4/configure.ac Wed Jan 15 06:02:29 2014 +++ sudo-1.8.9p5/configure.ac Tue Feb 4 06:38:14 2014 @@ -4,7 +4,7 @@ dnl Copyright (c) 1994-1996,1998-2014 Todd C. Miller dnl AC_PREREQ([2.59]) -AC_INIT([sudo], [1.8.9p4], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.8.9p5], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) dnl diff -urNa sudo-1.8.9p4/include/missing.h sudo-1.8.9p5/include/missing.h --- sudo-1.8.9p4/include/missing.h Tue Jan 7 11:08:51 2014 +++ sudo-1.8.9p5/include/missing.h Thu Jan 30 13:40:53 2014 @@ -140,7 +140,7 @@ # endif #endif -#ifndef ULONG_MAX +#ifndef ULLONG_MAX # if defined(UQUAD_MAX) # define ULLONG_MAX UQUAD_MAX # else diff -urNa sudo-1.8.9p4/plugins/sudoers/sudo_nss.c sudo-1.8.9p5/plugins/sudoers/sudo_nss.c --- sudo-1.8.9p4/plugins/sudoers/sudo_nss.c Tue Jan 7 11:08:54 2014 +++ sudo-1.8.9p5/plugins/sudoers/sudo_nss.c Thu Jan 30 13:40:47 2014 @@ -137,7 +137,7 @@ { FILE *fp; char *cp, *ep, *line = NULL; - ssize_t linesize = 0; + size_t linesize = 0; #ifdef HAVE_SSSD bool saw_sss = false; #endif @@ -212,7 +212,7 @@ nomatch: /* Default to files only if no matches */ if (TAILQ_EMPTY(&snl)) - TAILQ_INSERT_TAIL(&snl, &sudo_nss_files, entries); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); debug_return_ptr(&snl); } diff -urNa sudo-1.8.9p4/src/preserve_fds.c sudo-1.8.9p5/src/preserve_fds.c --- sudo-1.8.9p4/src/preserve_fds.c Wed Jan 15 06:02:18 2014 +++ sudo-1.8.9p5/src/preserve_fds.c Tue Feb 4 06:27:56 2014 @@ -111,12 +111,15 @@ if (pfd->highfd < startfd) continue; fd = dup(pfd->highfd); - if (fd < pfd->highfd) { - if (fd == -1) { - if (errno == EBADF) - TAILQ_REMOVE(pfds, pfd, entries); + if (fd == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "dup %d", pfd->highfd); + if (errno == EBADF) { + TAILQ_REMOVE(pfds, pfd, entries); continue; } + /* NOTE: still need to adjust lastfd below with unchanged lowfd. */ + } else if (fd < pfd->highfd) { pfd->lowfd = fd; fd = pfd->highfd; if (fd == debug_fd) @@ -124,13 +127,14 @@ sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "dup %d -> %d", pfd->highfd, pfd->lowfd); } - (void) close(fd); + if (fd != -1) + (void) close(fd); if (pfd->lowfd > lastfd) lastfd = pfd->lowfd; /* highest (relocated) preserved fd */ } - if (TAILQ_EMPTY(pfds)) { + if (lastfd == -1) { /* No fds to preserve. */ sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "closefrom(%d)", startfd); @@ -146,7 +150,6 @@ /* * Close any unpreserved fds [startfd,lastfd] - * NOTE: this could relocate the debug fd, breaking the debug subsystem. */ for (fd = startfd; fd <= lastfd; fd++) { if (!FD_ISSET(fd, fdsp)) { @@ -189,6 +192,7 @@ if (pfd->lowfd == debug_fd) debug_fd = sudo_debug_fd_set(pfd->highfd); (void) close(pfd->lowfd); + pfd->lowfd = pfd->highfd; } } debug_return;