This patch will upgrade Sudo version 1.8.6 patchlevel 7 to Sudo version 1.8.6 patchlevel 8. To apply: $ cd sudo-1.8.6p7 $ patch -p1 < sudo-1.8.6p8.patch diff -urNa sudo-1.8.6p7/ChangeLog sudo-1.8.6p8/ChangeLog --- sudo-1.8.6p7/ChangeLog Mon Feb 25 15:09:12 2013 +++ sudo-1.8.6p8/ChangeLog Thu Apr 11 13:19:34 2013 @@ -1,3 +1,27 @@ +2013-04-11 Todd C. Miller + + * NEWS, configure, configure.in: + Update for sudo 1.8.6p8 + [1d2d78415eed] + + * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: + Check for crypt() returning NULL. Traditionally, crypt() never + returned NULL but newer versions of eglibc have a crypt() that does. + Bug #598 + [887b9df243df] + +2013-04-10 Todd C. Miller + + * src/ttyname.c: + AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit + before we try to match it against st_rdev. + [5dab449fb962] + + * src/ttyname.c: + Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes + a problem finding the tty name when it is not in /dev/pts. + [6c205d087fa0] + 2013-02-25 Todd C. Miller * plugins/sudoers/check.c: diff -urNa sudo-1.8.6p7/NEWS sudo-1.8.6p8/NEWS --- sudo-1.8.6p7/NEWS Mon Feb 25 14:47:17 2013 +++ sudo-1.8.6p8/NEWS Thu Apr 11 13:16:28 2013 @@ -1,3 +1,13 @@ +What's new in Sudo 1.8.6p8? + + * Terminal dection now works properly on 64-bit AIX kernels. + This was broken by the removal of the ttyname() fallback in Sudo + 1.8.6p6. Sudo is now able to map an AIX 64-bit device number + to the corresponding device file in /dev. + + * Sudo now checks for crypt() returning NULL when performing + passwd-based authentication. + What's new in Sudo 1.8.6p7? * A time stamp file with the date set to the epoch by "sudo -k" diff -urNa sudo-1.8.6p7/configure sudo-1.8.6p8/configure --- sudo-1.8.6p7/configure Mon Feb 25 14:48:02 2013 +++ sudo-1.8.6p8/configure Thu Apr 11 13:16:39 2013 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for sudo 1.8.6p7. +# Generated by GNU Autoconf 2.68 for sudo 1.8.6p8. # # Report bugs to . # @@ -570,8 +570,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.8.6p7' -PACKAGE_STRING='sudo 1.8.6p7' +PACKAGE_VERSION='1.8.6p8' +PACKAGE_STRING='sudo 1.8.6p8' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' @@ -1470,7 +1470,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.8.6p7 to adapt to many kinds of systems. +\`configure' configures sudo 1.8.6p8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1535,7 +1535,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.8.6p7:";; + short | recursive ) echo "Configuration of sudo 1.8.6p8:";; esac cat <<\_ACEOF @@ -1761,7 +1761,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.8.6p7 +sudo configure 1.8.6p8 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2465,7 +2465,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.8.6p7, which was +It was created by sudo $as_me 1.8.6p8, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -21596,7 +21596,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.8.6p7, which was +This file was extended by sudo $as_me 1.8.6p8, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21662,7 +21662,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.8.6p7 +sudo config.status 1.8.6p8 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urNa sudo-1.8.6p7/configure.in sudo-1.8.6p8/configure.in --- sudo-1.8.6p7/configure.in Mon Feb 25 14:47:48 2013 +++ sudo-1.8.6p8/configure.in Thu Apr 11 13:16:32 2013 @@ -3,7 +3,7 @@ dnl dnl Copyright (c) 1994-1996,1998-2013 Todd C. Miller dnl -AC_INIT([sudo], [1.8.6p7], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.8.6p8], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) dnl dnl Note: this must come after AC_INIT diff -urNa sudo-1.8.6p7/mkpkg sudo-1.8.6p8/mkpkg --- sudo-1.8.6p7/mkpkg Mon Feb 25 14:42:44 2013 +++ sudo-1.8.6p8/mkpkg Thu Apr 11 13:15:57 2013 @@ -247,7 +247,7 @@ # For Solaris, add project support and use let configure choose zlib. # For all others, use the builtin zlib and disable NLS support. case "$osversion" in - sol*) configure_opts="${configure_opts}${configure_opts+$tab}--with-project";; + sol*) configure_opts="${configure_opts}${configure_opts+$tab}--with-project${tab}--disable-pie";; *) configure_opts="${configure_opts}${configure_opts+$tab}--enable-zlib=builtin${tab}--disable-nls";; esac if test "$flavor" = "ldap"; then diff -urNa sudo-1.8.6p7/plugins/sudoers/auth/passwd.c sudo-1.8.6p8/plugins/sudoers/auth/passwd.c --- sudo-1.8.6p7/plugins/sudoers/auth/passwd.c Mon Feb 25 14:42:44 2013 +++ sudo-1.8.6p8/plugins/sudoers/auth/passwd.c Thu Apr 11 13:16:14 2013 @@ -69,15 +69,15 @@ char sav, *epass; char *pw_epasswd = auth->data; size_t pw_len; - int error; + int matched = 0; debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH) pw_len = strlen(pw_epasswd); #ifdef HAVE_GETAUTHUID /* Ultrix shadow passwords may use crypt16() */ - error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd)); - if (!error) + epass = (char *) crypt16(pass, pw_epasswd); + if (epass != NULL && strcmp(pw_epasswd, epass) == 0) debug_return_int(AUTH_SUCCESS); #endif /* HAVE_GETAUTHUID */ @@ -96,12 +96,14 @@ */ epass = (char *) crypt(pass, pw_epasswd); pass[8] = sav; - if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) - error = strncmp(pw_epasswd, epass, DESLEN); - else - error = strcmp(pw_epasswd, epass); + if (epass != NULL) { + if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) + matched = !strncmp(pw_epasswd, epass, DESLEN); + else + matched = !strcmp(pw_epasswd, epass); + } - debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); + debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE); } int diff -urNa sudo-1.8.6p7/plugins/sudoers/auth/secureware.c sudo-1.8.6p8/plugins/sudoers/auth/secureware.c --- sudo-1.8.6p7/plugins/sudoers/auth/secureware.c Mon Feb 25 14:42:44 2013 +++ sudo-1.8.6p8/plugins/sudoers/auth/secureware.c Thu Apr 11 13:16:14 2013 @@ -74,30 +74,28 @@ sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth) { char *pw_epasswd = auth->data; + char *epass = NULL; debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH) #ifdef __alpha { extern int crypt_type; -# ifdef HAVE_DISPCRYPT - if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0) - debug_return_int(AUTH_SUCCESS); -# else - if (crypt_type == AUTH_CRYPT_BIGCRYPT) { - if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) - debug_return_int(AUTH_SUCCESS); - } else if (crypt_type == AUTH_CRYPT_CRYPT16) { - if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0) - debug_return_int(AUTH_SUCCESS); - } +# ifdef HAVE_DISPCRYPT + epass = dispcrypt(pass, pw_epasswd, crypt_type); +# else + if (crypt_type == AUTH_CRYPT_BIGCRYPT) + epass = bigcrypt(pass, pw_epasswd); + else if (crypt_type == AUTH_CRYPT_CRYPT16) + epass = crypt(pass, pw_epasswd); } -# endif /* HAVE_DISPCRYPT */ +# endif /* HAVE_DISPCRYPT */ #elif defined(HAVE_BIGCRYPT) - if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) - debug_return_int(AUTH_SUCCESS); + epass = bigcrypt(pass, pw_epasswd); #endif /* __alpha */ - debug_return_int(AUTH_FAILURE); + if (epass != NULL && strcmp(pw_epasswd, epass) == 0) + debug_return_int(AUTH_SUCCESS); + debug_return_int(AUTH_FAILURE); } int diff -urNa sudo-1.8.6p7/src/ttyname.c sudo-1.8.6p8/src/ttyname.c --- sudo-1.8.6p7/src/ttyname.c Mon Feb 25 14:46:09 2013 +++ sudo-1.8.6p8/src/ttyname.c Thu Apr 11 13:15:48 2013 @@ -180,10 +180,10 @@ /* * Do a breadth-first scan of dir looking for the specified device. */ -static -char *sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin) +static char * +sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin) { - DIR *d; + DIR *d = NULL; char pathbuf[PATH_MAX], **subdirs = NULL, *devname = NULL; size_t sdlen, d_len, len, num_subdirs = 0, max_subdirs = 0; struct dirent *dp; @@ -260,16 +260,17 @@ } if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) { devname = estrdup(pathbuf); - break; + goto done; } } - closedir(d); /* Search subdirs if we didn't find it in the root level. */ for (i = 0; devname == NULL && i < num_subdirs; i++) devname = sudo_ttyname_scan(subdirs[i], rdev, false); done: + if (d != NULL) + closedir(d); for (i = 0; i < num_subdirs; i++) efree(subdirs[i]); efree(subdirs); @@ -290,31 +291,27 @@ debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) /* - * First check search_devs. + * First check search_devs for common tty devices. */ - for (sd = search_devs; (devname = *sd) != NULL; sd++) { + for (sd = search_devs; tty == NULL && (devname = *sd) != NULL; sd++) { len = strlen(devname); if (devname[len - 1] == '/') { - /* Special case /dev/pts */ if (strcmp(devname, "/dev/pts/") == 0) { + /* Special case /dev/pts */ (void)snprintf(buf, sizeof(buf), "%spts/%u", _PATH_DEV, (unsigned int)minor(rdev)); if (stat(buf, &sb) == 0) { - if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) { + if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) tty = estrdup(buf); - break; - } } - continue; + } else { + /* Traverse directory */ + tty = sudo_ttyname_scan(devname, rdev, true); } - /* Traverse directory */ - tty = sudo_ttyname_scan(devname, rdev, true); } else { if (stat(devname, &sb) == 0) { - if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) { + if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) tty = estrdup(devname); - break; - } } } } @@ -403,8 +400,14 @@ continue; nread = read(fd, &psinfo, sizeof(psinfo)); close(fd); - if (nread == (ssize_t)sizeof(psinfo) && psinfo.pr_ttydev != (dev_t)-1) { - tty = sudo_ttyname_dev(psinfo.pr_ttydev); + if (nread == (ssize_t)sizeof(psinfo)) { + dev_t rdev = (dev_t)psinfo.pr_ttydev; +#ifdef DEVNO64 + if (psinfo.pr_ttydev & DEVNO64) + rdev = makedev(major64(psinfo.pr_ttydev), minor64(psinfo.pr_ttydev)); +#endif + if (rdev != (dev_t)-1) + tty = sudo_ttyname_dev(rdev); } }