Hello community, here is the log from the commit of package sudo for openSUSE:12.1:Update:Test checked in at 2012-01-30 20:46:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/sudo (Old) and /work/SRC/openSUSE:12.1:Update:Test/.sudo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/sudo/sudo.changes 2012-01-05 17:57:34.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.sudo.new/sudo.changes 2012-01-30 20:46:13.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Jan 30 11:43:47 UTC 2012 - [email protected] + +- fix for CVE-2012-0809 (bnc#743300) + +------------------------------------------------------------------- New: ---- sudo-1.8.2-CVE-2012-0809.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ --- /var/tmp/diff_new_pack.TCzaiZ/_old 2012-01-30 20:46:13.000000000 +0100 +++ /var/tmp/diff_new_pack.TCzaiZ/_new 2012-01-30 20:46:13.000000000 +0100 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: sudo Version: 1.8.2 Release: 0 @@ -29,6 +30,7 @@ Patch1: sudo-sudoers.patch Patch2: sudo-grp-include.patch Patch3: sudo-1.8.2-ldap_search_escape.patch +Patch4: sudo-1.8.2-CVE-2012-0809.patch BuildRequires: audit-devel BuildRequires: libselinux-devel BuildRequires: openldap2-devel @@ -59,6 +61,7 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build %ifarch s390 s390x %sparc ++++++ sudo-1.8.2-CVE-2012-0809.patch ++++++ Index: sudo-1.8.2/src/sudo.c =================================================================== --- sudo-1.8.2.orig/src/sudo.c 2011-07-29 16:50:45.000000000 +0200 +++ sudo-1.8.2/src/sudo.c 2012-01-25 12:07:07.609611322 +0100 @@ -1206,15 +1206,15 @@ sudo_debug(int level, const char *fmt, ...) { va_list ap; - char *fmt2; + char *buf; if (level > debug_level) return; - /* Backet fmt with program name and a newline to make it a single write */ - easprintf(&fmt2, "%s: %s\n", getprogname(), fmt); + /* Bracket fmt with program name and a newline to make it a single write */ va_start(ap, fmt); - vfprintf(stderr, fmt2, ap); + evasprintf(&buf, fmt, ap); va_end(ap); - efree(fmt2); + fprintf(stderr, "%s: %s\n", getprogname(), buf); + efree(buf); } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
