sudo: update to 1.8.29

License-Update: added SPDX info. (From OE-Core rev: d3660148a64fc6ef18c7f9d2080c26d89c0b3826) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexander Kanavin <alex.kanavin@gmail.com> 2019-12-12 19:14:34 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-12-16 23:25:49 +0000
commit: 4e4352b5a4bce4a26fda8dcdcbf3fc122828e9e4 (patch)
tree: ba73b3a9345697b20d5d7e9c625f0ea55d35a887 /meta/recipes-extended/sudo
parent: aa4848622c5f832bbad10a126bfe7e7de7b6b703 (diff)
download: poky-4e4352b5a4bce4a26fda8dcdcbf3fc122828e9e4.tar.gz
4 files changed, 13 insertions, 305 deletions
diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index 15075bcefd..67815fa858 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -5,17 +5,17 @@ BUGTRACKER = "http://www.sudo.ws/bugs/"
 SECTION = "admin"
 LICENSE = "ISC & BSD & Zlib"
 LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=6c76b73603ac7763ab0516ebfbe67b42 \
-                    file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=4a162fc04b86b03f5632180fe6076cda \
+                    file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
-                    file://lib/util/reallocarray.c;beginline=3;endline=15;md5=b47f1f85a12f05a0744cd8b1b6f41a0d \
+                    file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
-                    file://lib/util/fnmatch.c;beginline=3;endline=27;md5=67f83ee9bd456557397082f8f1be0efd \
+                    file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
-                    file://lib/util/getcwd.c;beginline=2;endline=27;md5=09068a19b4f6b6f0a0958655bfe98b63 \
+                    file://lib/util/getcwd.c;beginline=2;endline=27;md5=50f8d9667750e18dea4e84a935c12009 \
-                    file://lib/util/glob.c;beginline=2;endline=31;md5=1f2f771c35fb0658d567a7824007e56d \
+                    file://lib/util/glob.c;beginline=2;endline=31;md5=2852f68687544e3eb8a0a61665506f0e \
-                    file://lib/util/snprintf.c;beginline=3;endline=33;md5=63e48e1b992bce749a19dd9b2256e9a0 \
+                    file://lib/util/snprintf.c;beginline=3;endline=33;md5=b70df6179969e38fcf68da91b53b8029 \
-                    file://include/sudo_queue.h;beginline=2;endline=27;md5=082b138b72ba3e568a13a25c3bf254dc \
+                    file://include/sudo_queue.h;beginline=2;endline=27;md5=ad578e9664d17a010b63e4bc0576ee8d \
-                    file://lib/util/inet_pton.c;beginline=3;endline=17;md5=3970ab0518ab79cbd0bafb697f10b33a \
+                    file://lib/util/inet_pton.c;beginline=3;endline=17;md5=27785c9f5835093eda42aa0816a2d0b4 \
-                    file://lib/util/arc4random.c;beginline=3;endline=20;md5=15bdc89c1b003fa4d7353e6296ebfd68 \
+                    file://lib/util/arc4random.c;beginline=3;endline=20;md5=ced8636ecefa2ba907cfe390bc3bd964 \
-                    file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=31e630ac814d692fd0ab7a942659b46f \
+                    file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=e30c2b777cdc00cfcaf7c445a10b262f \
-                    file://lib/util/getentropy.c;beginline=1;endline=19;md5=9f1a275ecd44cc264a2a4d5e06a75292 \
+                    file://lib/util/getentropy.c;beginline=1;endline=19;md5=a0f58be3d60b6dcd898ec5fe0866d36f \
                    "
 inherit autotools
diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
deleted file mode 100644
index 2a11e3f7ec..0000000000
--- a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
+++ /dev/null
@@ -1,178 +0,0 @@
-From f752ae5cee163253730ff7cdf293e34a91aa5520 Mon Sep 17 00:00:00 2001
-From: "Todd C. Miller" <Todd.Miller@sudo.ws>
-Date: Thu, 10 Oct 2019 10:04:13 -0600
-Subject: [PATCH] Treat an ID of -1 as invalid since that means "no change".
- Fixes CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
-Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/f752ae5cee163253730ff7cdf293e34a91aa5520]
-CVE: CVE-2019-14287
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
- lib/util/strtoid.c | 100 ++++++++++++++++++++++++++++-------------------------
- 1 files changed, 53 insertions(+), 46 deletions(-)
-diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c
-index 2dfce75..6b3916b 100644
--- a/lib/util/strtoid.c
-+++ b/lib/util/strtoid.c
-@@ -49,6 +49,27 @@
- #include "sudo_util.h"
- 
- /*
-+ * Make sure that the ID ends with a valid separator char.
-+ */
-+static bool
-+valid_separator(const char *p, const char *ep, const char *sep)
-+{
-+    bool valid = false;
-+    debug_decl(valid_separator, SUDO_DEBUG_UTIL)
-+
-+    if (ep != p) {
-+       /* check for valid separator (including '\0') */
-+       if (sep == NULL)
-+           sep = "";
-+       do {
-+           if (*ep == *sep)
-+               valid = true;
-+       } while (*sep++ != '\0');
-+    }
-+    debug_return_bool(valid);
-+}
-+
-+/*
-  * Parse a uid/gid in string form.
-  * If sep is non-NULL, it contains valid separator characters (e.g. comma, space)
-  * If endp is non-NULL it is set to the next char after the ID.
-@@ -62,36 +83,33 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
-     char *ep;
-     id_t ret = 0;
-     long long llval;
-    bool valid = false;
-     debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
- 
-     /* skip leading space so we can pick up the sign, if any */
-     while (isspace((unsigned char)*p))
-        p++;
-    if (sep == NULL)
-       sep = "";
-+
-+    /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */
-     errno = 0;
-     llval = strtoll(p, &ep, 10);
-    if (ep != p) {
-       /* check for valid separator (including '\0') */
-       do {
-           if (*ep == *sep)
-               valid = true;
-       } while (*sep++ != '\0');
-+    if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
-+       errno = ERANGE;
-+       if (errstr != NULL)
-+           *errstr = N_("value too large");
-+       goto done;
-     }
-    if (!valid) {
-+    if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
-+       errno = ERANGE;
-        if (errstr != NULL)
-           *errstr = N_("invalid value");
-       errno = EINVAL;
-+           *errstr = N_("value too small");
-        goto done;
-     }
-    if (errno == ERANGE) {
-       if (errstr != NULL) {
-           if (llval == LLONG_MAX)
-               *errstr = N_("value too large");
-           else
-               *errstr = N_("value too small");
-       }
-+
-+    /* Disallow id -1, which means "no change". */
-+    if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) {
-+       if (errstr != NULL)
-+           *errstr = N_("invalid value");
-+       errno = EINVAL;
-        goto done;
-     }
-     ret = (id_t)llval;
-@@ -108,30 +126,15 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
- {
-     char *ep;
-     id_t ret = 0;
-    bool valid = false;
-     debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
- 
-     /* skip leading space so we can pick up the sign, if any */
-     while (isspace((unsigned char)*p))
-        p++;
-    if (sep == NULL)
-       sep = "";
-+
-     errno = 0;
-     if (*p == '-') {
-        long lval = strtol(p, &ep, 10);
-       if (ep != p) {
-           /* check for valid separator (including '\0') */
-           do {
-               if (*ep == *sep)
-                   valid = true;
-           } while (*sep++ != '\0');
-       }
-       if (!valid) {
-           if (errstr != NULL)
-               *errstr = N_("invalid value");
-           errno = EINVAL;
-           goto done;
-       }
-        if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
-            errno = ERANGE;
-            if (errstr != NULL)
-@@ -144,28 +147,31 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
-                *errstr = N_("value too small");
-            goto done;
-        }
-       ret = (id_t)lval;
-    } else {
-       unsigned long ulval = strtoul(p, &ep, 10);
-       if (ep != p) {
-           /* check for valid separator (including '\0') */
-           do {
-               if (*ep == *sep)
-                   valid = true;
-           } while (*sep++ != '\0');
-       }
-       if (!valid) {
-+
-+       /* Disallow id -1, which means "no change". */
-+       if (!valid_separator(p, ep, sep) || lval == -1) {
-            if (errstr != NULL)
-                *errstr = N_("invalid value");
-            errno = EINVAL;
-            goto done;
-        }
-+       ret = (id_t)lval;
-+    } else {
-+       unsigned long ulval = strtoul(p, &ep, 10);
-        if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) {
-            errno = ERANGE;
-            if (errstr != NULL)
-                *errstr = N_("value too large");
-            goto done;
-        }
-+
-+       /* Disallow id -1, which means "no change". */
-+       if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) {
-+           if (errstr != NULL)
-+               *errstr = N_("invalid value");
-+           errno = EINVAL;
-+           goto done;
-+       }
-        ret = (id_t)ulval;
-     }
-     if (errstr != NULL)
-- 
-2.7.4
diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
deleted file mode 100644
index 453a8b09a4..0000000000
--- a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From 396bc57feff3e360007634f62448b64e0626390c Mon Sep 17 00:00:00 2001
-From: "Todd C. Miller" <Todd.Miller@sudo.ws>
-Date: Thu, 10 Oct 2019 10:04:13 -0600
-Subject: [PATCH] Add sudo_strtoid() tests for -1 and range errors. Also adjust
- testsudoers/test5 which relied upon gid -1 parsing.
-Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/396bc57]
-CVE: CVE-2019-14287
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
- lib/util/regress/atofoo/atofoo_test.c            | 36 ++++++++++++++++------
- plugins/sudoers/regress/testsudoers/test5.out.ok |  2 +-
- plugins/sudoers/regress/testsudoers/test5.sh     |  2 +-
- 3 files changed, 29 insertions(+), 11 deletions(-)
-diff --git a/lib/util/regress/atofoo/atofoo_test.c b/lib/util/regress/atofoo/atofoo_test.c
-index 031a7ed..fb41c1a 100644
--- a/lib/util/regress/atofoo/atofoo_test.c
-+++ b/lib/util/regress/atofoo/atofoo_test.c
-@@ -26,6 +26,7 @@
- #else
- # include "compat/stdbool.h"
- #endif
-+#include <errno.h>
- 
- #include "sudo_compat.h"
- #include "sudo_util.h"
-@@ -80,15 +81,20 @@ static struct strtoid_data {
-     id_t id;
-     const char *sep;
-     const char *ep;
-+    int errnum;
- } strtoid_data[] = {
-    { "0,1", 0, ",", "," },
-    { "10", 10, NULL, NULL },
-    { "-2", -2, NULL, NULL },
-+    { "0,1", 0, ",", ",", 0 },
-+    { "10", 10, NULL, NULL, 0 },
-+    { "-1", 0, NULL, NULL, EINVAL },
-+    { "4294967295", 0, NULL, NULL, EINVAL },
-+    { "4294967296", 0, NULL, NULL, ERANGE },
-+    { "-2147483649", 0, NULL, NULL, ERANGE },
-+    { "-2", -2, NULL, NULL, 0 },
- #if SIZEOF_ID_T != SIZEOF_LONG_LONG
-    { "-2", (id_t)4294967294U, NULL, NULL },
-+    { "-2", (id_t)4294967294U, NULL, NULL, 0 },
- #endif
-    { "4294967294", (id_t)4294967294U, NULL, NULL },
-    { NULL, 0, NULL, NULL }
-+    { "4294967294", (id_t)4294967294U, NULL, NULL, 0 },
-+    { NULL, 0, NULL, NULL, 0 }
- };
- 
- static int
-@@ -104,11 +110,23 @@ test_strtoid(int *ntests)
-        (*ntests)++;
-        errstr = "some error";
-        value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
-       if (errstr != NULL) {
-           if (d->id != (id_t)-1) {
-               sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
-+       if (d->errnum != 0) {
-+           if (errstr == NULL) {
-+               sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
-+                   d->idstr, d->errnum);
-+               errors++;
-+           } else if (value != 0) {
-+               sudo_warnx_nodebug("FAIL: %s should return 0 on error",
-+                   d->idstr);
-+               errors++;
-+           } else if (errno != d->errnum) {
-+               sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
-+                   d->idstr, errno, d->errnum);
-                errors++;
-            }
-+       } else if (errstr != NULL) {
-+           sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
-+           errors++;
-        } else if (value != d->id) {
-            sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
-            errors++;
-diff --git a/plugins/sudoers/regress/testsudoers/test5.out.ok b/plugins/sudoers/regress/testsudoers/test5.out.ok
-index 5e319c9..cecf700 100644
--- a/plugins/sudoers/regress/testsudoers/test5.out.ok
-+++ b/plugins/sudoers/regress/testsudoers/test5.out.ok
-@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
- Entries for user root:
- 
- Command unmatched
-testsudoers: test5.inc should be owned by gid 4294967295
-+testsudoers: test5.inc should be owned by gid 4294967294
- Parse error in sudoers near line 1.
- 
- Entries for user root:
-diff --git a/plugins/sudoers/regress/testsudoers/test5.sh b/plugins/sudoers/regress/testsudoers/test5.sh
-index 9e690a6..94d585c 100755
--- a/plugins/sudoers/regress/testsudoers/test5.sh
-+++ b/plugins/sudoers/regress/testsudoers/test5.sh
-@@ -24,7 +24,7 @@ EOF
- 
- # Test group writable
- chmod 664 $TESTFILE
-./testsudoers -U $MYUID -G -1 root id <<EOF
-+./testsudoers -U $MYUID -G -2 root id <<EOF
- #include $TESTFILE
- EOF
- 
-- 
-2.7.4
diff --git a/meta/recipes-extended/sudo/sudo_1.8.27.bb b/meta/recipes-extended/sudo/sudo_1.8.29.bb
index 0a11a1b28f..8da2d64631 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.27.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.29.bb
@@ -3,14 +3,12 @@ require sudo.inc
 SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
           file://0001-Include-sys-types.h-for-id_t-definition.patch \
-           file://CVE-2019-14287-1.patch \
-           file://CVE-2019-14287-2.patch \
           "
 PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[md5sum] = "b5c184b13b6b5de32af630af2fd013fd"
+SRC_URI[md5sum] = "b28dabff9c460f115fe74de4d6a6f79d"
-SRC_URI[sha256sum] = "7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd33e2ec0"
+SRC_URI[sha256sum] = "ce53ffac9604e23321334d8ba8ac59ded2bcf624fdb9dbde097ab2049bf29c7c"
 DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
author	Alexander Kanavin <alex.kanavin@gmail.com>	2019-12-12 19:14:34 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-16 23:25:49 +0000
commit	4e4352b5a4bce4a26fda8dcdcbf3fc122828e9e4 (patch)
tree	ba73b3a9345697b20d5d7e9c625f0ea55d35a887 /meta/recipes-extended/sudo
parent	aa4848622c5f832bbad10a126bfe7e7de7b6b703 (diff)
download	poky-4e4352b5a4bce4a26fda8dcdcbf3fc122828e9e4.tar.gz

diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc index 15075bcefd..67815fa858 100644 --- a/meta/recipes-extended/sudo/sudo.inc +++ b/meta/recipes-extended/sudo/sudo.inc
@@ -5,17 +5,17 @@ BUGTRACKER = "http://www.sudo.ws/bugs/"
5	SECTION = "admin"	5	SECTION = "admin"
6	LICENSE = "ISC & BSD & Zlib"	6	LICENSE = "ISC & BSD & Zlib"
7	LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=6c76b73603ac7763ab0516ebfbe67b42 \	7	LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=6c76b73603ac7763ab0516ebfbe67b42 \
8	file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=4a162fc04b86b03f5632180fe6076cda \	8	file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
9	file://lib/util/reallocarray.c;beginline=3;endline=15;md5=b47f1f85a12f05a0744cd8b1b6f41a0d \	9	file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
10	file://lib/util/fnmatch.c;beginline=3;endline=27;md5=67f83ee9bd456557397082f8f1be0efd \	10	file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
11	file://lib/util/getcwd.c;beginline=2;endline=27;md5=09068a19b4f6b6f0a0958655bfe98b63 \	11	file://lib/util/getcwd.c;beginline=2;endline=27;md5=50f8d9667750e18dea4e84a935c12009 \
12	file://lib/util/glob.c;beginline=2;endline=31;md5=1f2f771c35fb0658d567a7824007e56d \	12	file://lib/util/glob.c;beginline=2;endline=31;md5=2852f68687544e3eb8a0a61665506f0e \
13	file://lib/util/snprintf.c;beginline=3;endline=33;md5=63e48e1b992bce749a19dd9b2256e9a0 \	13	file://lib/util/snprintf.c;beginline=3;endline=33;md5=b70df6179969e38fcf68da91b53b8029 \
14	file://include/sudo_queue.h;beginline=2;endline=27;md5=082b138b72ba3e568a13a25c3bf254dc \	14	file://include/sudo_queue.h;beginline=2;endline=27;md5=ad578e9664d17a010b63e4bc0576ee8d \
15	file://lib/util/inet_pton.c;beginline=3;endline=17;md5=3970ab0518ab79cbd0bafb697f10b33a \	15	file://lib/util/inet_pton.c;beginline=3;endline=17;md5=27785c9f5835093eda42aa0816a2d0b4 \
16	file://lib/util/arc4random.c;beginline=3;endline=20;md5=15bdc89c1b003fa4d7353e6296ebfd68 \	16	file://lib/util/arc4random.c;beginline=3;endline=20;md5=ced8636ecefa2ba907cfe390bc3bd964 \
17	file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=31e630ac814d692fd0ab7a942659b46f \	17	file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=e30c2b777cdc00cfcaf7c445a10b262f \
18	file://lib/util/getentropy.c;beginline=1;endline=19;md5=9f1a275ecd44cc264a2a4d5e06a75292 \	18	file://lib/util/getentropy.c;beginline=1;endline=19;md5=a0f58be3d60b6dcd898ec5fe0866d36f \
19	"	19	"
20		20
21	inherit autotools	21	inherit autotools


diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch deleted file mode 100644 index 2a11e3f7ec..0000000000 --- a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch +++ /dev/null
@@ -1,178 +0,0 @@
1	From f752ae5cee163253730ff7cdf293e34a91aa5520 Mon Sep 17 00:00:00 2001
2	From: "Todd C. Miller" <Todd.Miller@sudo.ws>
3	Date: Thu, 10 Oct 2019 10:04:13 -0600
4	Subject: [PATCH] Treat an ID of -1 as invalid since that means "no change".
5	Fixes CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
6
7	Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/f752ae5cee163253730ff7cdf293e34a91aa5520]
8	CVE: CVE-2019-14287
9
10	Signed-off-by: Changqing Li <changqing.li@windriver.com>
11
12	---
13	lib/util/strtoid.c \| 100 ++++++++++++++++++++++++++++-------------------------
14	1 files changed, 53 insertions(+), 46 deletions(-)
15
16	diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c
17	index 2dfce75..6b3916b 100644
18	--- a/lib/util/strtoid.c
19	+++ b/lib/util/strtoid.c
20	@@ -49,6 +49,27 @@
21	#include "sudo_util.h"
22
23	/*
24	+ * Make sure that the ID ends with a valid separator char.
25	+ */
26	+static bool
27	+valid_separator(const char p, const char ep, const char *sep)
28	+{
29	+ bool valid = false;
30	+ debug_decl(valid_separator, SUDO_DEBUG_UTIL)
31	+
32	+ if (ep != p) {
33	+ /* check for valid separator (including '\0') */
34	+ if (sep == NULL)
35	+ sep = "";
36	+ do {
37	+ if (ep == sep)
38	+ valid = true;
39	+ } while (*sep++ != '\0');
40	+ }
41	+ debug_return_bool(valid);
42	+}
43	+
44	+/*
45	* Parse a uid/gid in string form.
46	* If sep is non-NULL, it contains valid separator characters (e.g. comma, space)
47	* If endp is non-NULL it is set to the next char after the ID.
48	@@ -62,36 +83,33 @@ sudo_strtoid_v1(const char p, const char sep, char endp, const char errstr
49	char *ep;
50	id_t ret = 0;
51	long long llval;
52	- bool valid = false;
53	debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
54
55	/* skip leading space so we can pick up the sign, if any */
56	while (isspace((unsigned char)*p))
57	p++;
58	- if (sep == NULL)
59	- sep = "";
60	+
61	+ /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */
62	errno = 0;
63	llval = strtoll(p, &ep, 10);
64	- if (ep != p) {
65	- /* check for valid separator (including '\0') */
66	- do {
67	- if (ep == sep)
68	- valid = true;
69	- } while (*sep++ != '\0');
70	+ if ((errno == ERANGE && llval == LLONG_MAX) \|\| llval > (id_t)UINT_MAX) {
71	+ errno = ERANGE;
72	+ if (errstr != NULL)
73	+ *errstr = N_("value too large");
74	+ goto done;
75	}
76	- if (!valid) {
77	+ if ((errno == ERANGE && llval == LLONG_MIN) \|\| llval < INT_MIN) {
78	+ errno = ERANGE;
79	if (errstr != NULL)
80	- *errstr = N_("invalid value");
81	- errno = EINVAL;
82	+ *errstr = N_("value too small");
83	goto done;
84	}
85	- if (errno == ERANGE) {
86	- if (errstr != NULL) {
87	- if (llval == LLONG_MAX)
88	- *errstr = N_("value too large");
89	- else
90	- *errstr = N_("value too small");
91	- }
92	+
93	+ /* Disallow id -1, which means "no change". */
94	+ if (!valid_separator(p, ep, sep) \|\| llval == -1 \|\| llval == (id_t)UINT_MAX) {
95	+ if (errstr != NULL)
96	+ *errstr = N_("invalid value");
97	+ errno = EINVAL;
98	goto done;
99	}
100	ret = (id_t)llval;
101	@@ -108,30 +126,15 @@ sudo_strtoid_v1(const char p, const char sep, char endp, const char errstr
102	{
103	char *ep;
104	id_t ret = 0;
105	- bool valid = false;
106	debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
107
108	/* skip leading space so we can pick up the sign, if any */
109	while (isspace((unsigned char)*p))
110	p++;
111	- if (sep == NULL)
112	- sep = "";
113	+
114	errno = 0;
115	if (*p == '-') {
116	long lval = strtol(p, &ep, 10);
117	- if (ep != p) {
118	- /* check for valid separator (including '\0') */
119	- do {
120	- if (ep == sep)
121	- valid = true;
122	- } while (*sep++ != '\0');
123	- }
124	- if (!valid) {
125	- if (errstr != NULL)
126	- *errstr = N_("invalid value");
127	- errno = EINVAL;
128	- goto done;
129	- }
130	if ((errno == ERANGE && lval == LONG_MAX) \|\| lval > INT_MAX) {
131	errno = ERANGE;
132	if (errstr != NULL)
133	@@ -144,28 +147,31 @@ sudo_strtoid_v1(const char p, const char sep, char endp, const char errstr
134	*errstr = N_("value too small");
135	goto done;
136	}
137	- ret = (id_t)lval;
138	- } else {
139	- unsigned long ulval = strtoul(p, &ep, 10);
140	- if (ep != p) {
141	- /* check for valid separator (including '\0') */
142	- do {
143	- if (ep == sep)
144	- valid = true;
145	- } while (*sep++ != '\0');
146	- }
147	- if (!valid) {
148	+
149	+ /* Disallow id -1, which means "no change". */
150	+ if (!valid_separator(p, ep, sep) \|\| lval == -1) {
151	if (errstr != NULL)
152	*errstr = N_("invalid value");
153	errno = EINVAL;
154	goto done;
155	}
156	+ ret = (id_t)lval;
157	+ } else {
158	+ unsigned long ulval = strtoul(p, &ep, 10);
159	if ((errno == ERANGE && ulval == ULONG_MAX) \|\| ulval > UINT_MAX) {
160	errno = ERANGE;
161	if (errstr != NULL)
162	*errstr = N_("value too large");
163	goto done;
164	}
165	+
166	+ /* Disallow id -1, which means "no change". */
167	+ if (!valid_separator(p, ep, sep) \|\| ulval == UINT_MAX) {
168	+ if (errstr != NULL)
169	+ *errstr = N_("invalid value");
170	+ errno = EINVAL;
171	+ goto done;
172	+ }
173	ret = (id_t)ulval;
174	}
175	if (errstr != NULL)
176	--
177	2.7.4
178


diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch deleted file mode 100644 index 453a8b09a4..0000000000 --- a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch +++ /dev/null
@@ -1,112 +0,0 @@
1	From 396bc57feff3e360007634f62448b64e0626390c Mon Sep 17 00:00:00 2001
2	From: "Todd C. Miller" <Todd.Miller@sudo.ws>
3	Date: Thu, 10 Oct 2019 10:04:13 -0600
4	Subject: [PATCH] Add sudo_strtoid() tests for -1 and range errors. Also adjust
5	testsudoers/test5 which relied upon gid -1 parsing.
6
7	Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/396bc57]
8	CVE: CVE-2019-14287
9
10	Signed-off-by: Changqing Li <changqing.li@windriver.com>
11
12	---
13	lib/util/regress/atofoo/atofoo_test.c \| 36 ++++++++++++++++------
14	plugins/sudoers/regress/testsudoers/test5.out.ok \| 2 +-
15	plugins/sudoers/regress/testsudoers/test5.sh \| 2 +-
16	3 files changed, 29 insertions(+), 11 deletions(-)
17
18	diff --git a/lib/util/regress/atofoo/atofoo_test.c b/lib/util/regress/atofoo/atofoo_test.c
19	index 031a7ed..fb41c1a 100644
20	--- a/lib/util/regress/atofoo/atofoo_test.c
21	+++ b/lib/util/regress/atofoo/atofoo_test.c
22	@@ -26,6 +26,7 @@
23	#else
24	# include "compat/stdbool.h"
25	#endif
26	+#include <errno.h>
27
28	#include "sudo_compat.h"
29	#include "sudo_util.h"
30	@@ -80,15 +81,20 @@ static struct strtoid_data {
31	id_t id;
32	const char *sep;
33	const char *ep;
34	+ int errnum;
35	} strtoid_data[] = {
36	- { "0,1", 0, ",", "," },
37	- { "10", 10, NULL, NULL },
38	- { "-2", -2, NULL, NULL },
39	+ { "0,1", 0, ",", ",", 0 },
40	+ { "10", 10, NULL, NULL, 0 },
41	+ { "-1", 0, NULL, NULL, EINVAL },
42	+ { "4294967295", 0, NULL, NULL, EINVAL },
43	+ { "4294967296", 0, NULL, NULL, ERANGE },
44	+ { "-2147483649", 0, NULL, NULL, ERANGE },
45	+ { "-2", -2, NULL, NULL, 0 },
46	#if SIZEOF_ID_T != SIZEOF_LONG_LONG
47	- { "-2", (id_t)4294967294U, NULL, NULL },
48	+ { "-2", (id_t)4294967294U, NULL, NULL, 0 },
49	#endif
50	- { "4294967294", (id_t)4294967294U, NULL, NULL },
51	- { NULL, 0, NULL, NULL }
52	+ { "4294967294", (id_t)4294967294U, NULL, NULL, 0 },
53	+ { NULL, 0, NULL, NULL, 0 }
54	};
55
56	static int
57	@@ -104,11 +110,23 @@ test_strtoid(int *ntests)
58	(*ntests)++;
59	errstr = "some error";
60	value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
61	- if (errstr != NULL) {
62	- if (d->id != (id_t)-1) {
63	- sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
64	+ if (d->errnum != 0) {
65	+ if (errstr == NULL) {
66	+ sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
67	+ d->idstr, d->errnum);
68	+ errors++;
69	+ } else if (value != 0) {
70	+ sudo_warnx_nodebug("FAIL: %s should return 0 on error",
71	+ d->idstr);
72	+ errors++;
73	+ } else if (errno != d->errnum) {
74	+ sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
75	+ d->idstr, errno, d->errnum);
76	errors++;
77	}
78	+ } else if (errstr != NULL) {
79	+ sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
80	+ errors++;
81	} else if (value != d->id) {
82	sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
83	errors++;
84	diff --git a/plugins/sudoers/regress/testsudoers/test5.out.ok b/plugins/sudoers/regress/testsudoers/test5.out.ok
85	index 5e319c9..cecf700 100644
86	--- a/plugins/sudoers/regress/testsudoers/test5.out.ok
87	+++ b/plugins/sudoers/regress/testsudoers/test5.out.ok
88	@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
89	Entries for user root:
90
91	Command unmatched
92	-testsudoers: test5.inc should be owned by gid 4294967295
93	+testsudoers: test5.inc should be owned by gid 4294967294
94	Parse error in sudoers near line 1.
95
96	Entries for user root:
97	diff --git a/plugins/sudoers/regress/testsudoers/test5.sh b/plugins/sudoers/regress/testsudoers/test5.sh
98	index 9e690a6..94d585c 100755
99	--- a/plugins/sudoers/regress/testsudoers/test5.sh
100	+++ b/plugins/sudoers/regress/testsudoers/test5.sh
101	@@ -24,7 +24,7 @@ EOF
102
103	# Test group writable
104	chmod 664 $TESTFILE
105	-./testsudoers -U $MYUID -G -1 root id <<EOF
106	+./testsudoers -U $MYUID -G -2 root id <<EOF
107	#include $TESTFILE
108	EOF
109
110	--
111	2.7.4
112


diff --git a/meta/recipes-extended/sudo/sudo_1.8.27.bb b/meta/recipes-extended/sudo/sudo_1.8.29.bb index 0a11a1b28f..8da2d64631 100644 --- a/meta/recipes-extended/sudo/sudo_1.8.27.bb +++ b/meta/recipes-extended/sudo/sudo_1.8.29.bb
@@ -3,14 +3,12 @@ require sudo.inc
3	SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \	3	SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
4	${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \	4	${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
5	file://0001-Include-sys-types.h-for-id_t-definition.patch \	5	file://0001-Include-sys-types.h-for-id_t-definition.patch \
6	file://CVE-2019-14287-1.patch \
7	file://CVE-2019-14287-2.patch \
8	"	6	"
9		7
10	PAM_SRC_URI = "file://sudo.pam"	8	PAM_SRC_URI = "file://sudo.pam"
11		9
12	SRC_URI[md5sum] = "b5c184b13b6b5de32af630af2fd013fd"	10	SRC_URI[md5sum] = "b28dabff9c460f115fe74de4d6a6f79d"
13	SRC_URI[sha256sum] = "7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd33e2ec0"	11	SRC_URI[sha256sum] = "ce53ffac9604e23321334d8ba8ac59ded2bcf624fdb9dbde097ab2049bf29c7c"
14		12
15	DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"	13	DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
16	RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"	14	RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"