On 2015-01-17 07:57, martin f krafft wrote: > Christian, I suppose it'll have to be 1.8.10p3-1.1 via t-p-u. > Doable?
Sure. Updated debdiff attached. (Did I get the revision right? Note that I dropped the nmu-ish .1 as I felt the +deb8u1 qualifier "consumes" it) Ivo had concerns with regards to a t-p-u upload, and said he'd prefer instead a path via unstable. To summarize my verbose reply: this fix has been in unstable for 3 weeks now, albeit in the newer sudo version. The attached debdiff just backports this fix to the older sudo. So if everyone is OK with the above, I guess all that remains is for someone to sponsor the upload. Regards, Christian
diff -Nru sudo-1.8.10p3/debian/changelog sudo-1.8.10p3/debian/changelog --- sudo-1.8.10p3/debian/changelog 2014-09-14 18:26:06.000000000 +0200 +++ sudo-1.8.10p3/debian/changelog 2015-01-17 15:44:24.000000000 +0100 @@ -1,3 +1,11 @@ +sudo (1.8.10p3-1+deb8u1) jessie; urgency=medium + + * Non-maintainer upload. + * Backport upstream's fix for host specifications using a FQDN. These were + no longer working since 1.8.8. Closes: #731583 + + -- Christian Kastner <deb...@kvr.at> Sat, 17 Jan 2015 15:39:31 +0100 + sudo (1.8.10p3-1) unstable; urgency=low * new upstream release diff -Nru sudo-1.8.10p3/debian/patches/Fix-for-broken-FQDN-host-specifications.diff sudo-1.8.10p3/debian/patches/Fix-for-broken-FQDN-host-specifications.diff --- sudo-1.8.10p3/debian/patches/Fix-for-broken-FQDN-host-specifications.diff 1970-01-01 01:00:00.000000000 +0100 +++ sudo-1.8.10p3/debian/patches/Fix-for-broken-FQDN-host-specifications.diff 2015-01-17 15:29:14.000000000 +0100 @@ -0,0 +1,92 @@ +From: Christian Kastner <deb...@kvr.at> +Date: Fri, 05 Dec 2014 14:58:50 +0100 +Subject: Fix for broken FQDN host specifications + +A bug was introduced in sudo 1.8.8 which broke host specifications using a +FQDN, eg Host_Alias = host.example.com. Upstream has fixed this in 1.8.12. + +This patch contains the fix backported to 1.8.10p3. + +Origin: http://www.sudo.ws/repos/sudo/rev/4f75b01d4884 +Bug: http://www.sudo.ws/bugs/show_bug.cgi?id=678 +Bug-Debian: https://bugs.debian.org/731583 +Last-Update: 2014-05-12 + +Index: sudo-1.8.10p3/plugins/sudoers/sudoers.c +=================================================================== +--- sudo-1.8.10p3.orig/plugins/sudoers/sudoers.c ++++ sudo-1.8.10p3/plugins/sudoers/sudoers.c +@@ -799,32 +799,69 @@ set_loginclass(struct passwd *pw) + #endif + + /* +- * Look up the fully qualified domain name and set user_host and user_shost. ++ * Look up the fully qualified domain name of user_host and user_runhost. ++ * Sets user_host, user_shost, user_runhost and user_srunhost. + * Use AI_FQDN if available since "canonical" is not always the same as fqdn. + */ + static void + set_fqdn(void) + { + struct addrinfo *res0, hint; ++ bool remote; + char *p; + debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN) + ++ /* If the -h flag was given we need to resolve both host and runhost. */ ++ remote = strcmp(user_runhost, user_host) != 0; ++ + memset(&hint, 0, sizeof(hint)); + hint.ai_family = PF_UNSPEC; + hint.ai_flags = AI_FQDN; ++ ++ /* First resolve user_host, sets user_host and user_shost. */ + if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) { + log_warning(MSG_ONLY, N_("unable to resolve host %s"), user_host); + } else { + if (user_shost != user_host) + efree(user_shost); + efree(user_host); +- user_host = estrdup(res0->ai_canonname); ++ user_host = user_shost = estrdup(res0->ai_canonname); + freeaddrinfo(res0); + if ((p = strchr(user_host, '.')) != NULL) + user_shost = estrndup(user_host, (size_t)(p - user_host)); +- else +- user_shost = user_host; + } ++ ++ /* Next resolve user_runhost, sets user_runhost and user_srunhost. */ ++ if (remote) { ++ if (getaddrinfo(user_runhost, NULL, &hint, &res0) != 0) { ++ log_warning(MSG_ONLY, ++ N_("unable to resolve host %s"), user_runhost); ++ } else { ++ if (user_srunhost != user_runhost) ++ efree(user_srunhost); ++ efree(user_runhost); ++ user_runhost = user_srunhost = estrdup(res0->ai_canonname); ++ freeaddrinfo(res0); ++ if ((p = strchr(user_runhost, '.'))) { ++ user_srunhost = ++ estrndup(user_runhost, (size_t)(p - user_runhost)); ++ } ++ } ++ } else { ++ /* Not remote, just use user_host. */ ++ if (user_srunhost != user_runhost) ++ efree(user_srunhost); ++ efree(user_runhost); ++ user_runhost = user_srunhost = estrdup(user_host); ++ if ((p = strchr(user_runhost, '.'))) { ++ user_srunhost = ++ estrndup(user_runhost, (size_t)(p - user_runhost)); ++ } ++ } ++ ++ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, ++ "host %s, shost %s, runhost %s, srunhost %s", ++ user_host, user_shost, user_runhost, user_srunhost); + debug_return; + } + diff -Nru sudo-1.8.10p3/debian/patches/series sudo-1.8.10p3/debian/patches/series --- sudo-1.8.10p3/debian/patches/series 2014-09-14 18:26:06.000000000 +0200 +++ sudo-1.8.10p3/debian/patches/series 2015-01-17 15:29:14.000000000 +0100 @@ -1,2 +1,3 @@ typo-in-classic-insults.diff paths-in-samples.diff +Fix-for-broken-FQDN-host-specifications.diff