diff options
Diffstat (limited to 'meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-2.patch')
-rw-r--r-- | meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-2.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-2.patch b/meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-2.patch new file mode 100644 index 0000000000..d021873b70 --- /dev/null +++ b/meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-2.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | Backport of: | ||
2 | |||
3 | From 12648b4e0a8cf486480442efd52f0e0b6cab6e8b Mon Sep 17 00:00:00 2001 | ||
4 | From: "Todd C. Miller" <Todd.Miller@sudo.ws> | ||
5 | Date: Mon, 13 Mar 2023 08:04:32 -0600 | ||
6 | Subject: [PATCH] Add missing " ; " separator between environment variables and | ||
7 | command. This is a regression introduced in sudo 1.9.13. GitHub issue #254. | ||
8 | |||
9 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/sudo/tree/debian/patches/CVE-2023-2848x-2.patch?h=ubuntu/focal-security | ||
10 | Upstream commit https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b] | ||
11 | CVE: CVE-2023-28486 CVE-2023-28487 | ||
12 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
13 | --- | ||
14 | lib/eventlog/eventlog.c | 1 + | ||
15 | 1 file changed, 1 insertion(+) | ||
16 | |||
17 | --- a/plugins/sudoers/logging.c | ||
18 | +++ b/plugins/sudoers/logging.c | ||
19 | @@ -1018,6 +1018,7 @@ new_logline(const char *message, const c | ||
20 | sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL, " %s", | ||
21 | sudo_user.env_vars[i]); | ||
22 | } | ||
23 | + sudo_lbuf_append(&lbuf, " ; "); | ||
24 | } | ||
25 | if (user_cmnd != NULL) { | ||
26 | sudo_lbuf_append_esc(&lbuf, LBUF_ESC_CNTRL|LBUF_ESC_BLANK, | ||