Bug#863757: unblock: sudo/1.8.19p1-1

2017-05-31 Thread Emilio Pozuelo Monfort 
Control: tags -1 confirmed

On 31/05/17 06:58, Bdale Garbee wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package sudo to allow a fix for CVE-2017-1000367, #863731,
> to be included in stretch.  Source debdiff included below is upstream's 
> isolated patch for this issue, de-fuzzed to apply cleanly to our sources.
> This is essentially the same change as between 1.8.20-1 and 1.8.20p1-1 now
> in unstable.

Please go ahead.

Thanks,
Emilio

Bug#863757: unblock: sudo/1.8.19p1-1

2017-05-30 Thread Bdale Garbee 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package sudo to allow a fix for CVE-2017-1000367, #863731,
to be included in stretch.  Source debdiff included below is upstream's 
isolated patch for this issue, de-fuzzed to apply cleanly to our sources.
This is essentially the same change as between 1.8.20-1 and 1.8.20p1-1 now
in unstable.

Bdale

unblock sudo/1.8.19p1-1

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.12+ (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru sudo-1.8.19p1/debian/changelog sudo-1.8.19p1/debian/changelog
--- sudo-1.8.19p1/debian/changelog  2017-01-13 11:12:49.0 -0700
+++ sudo-1.8.19p1/debian/changelog  2017-05-30 22:35:01.0 -0600
@@ -1,3 +1,9 @@
+sudo (1.8.19p1-2) stretch; urgency=high
+
+  * patch from upstream to fix CVE-2017-1000367, closes: #863731
+
+ -- Bdale Garbee   Tue, 30 May 2017 22:35:01 -0600
+
 sudo (1.8.19p1-1) unstable; urgency=medium
 
   * new upstream version
diff -Nru sudo-1.8.19p1/debian/patches/CVE-2017-1000367.patch 
sudo-1.8.19p1/debian/patches/CVE-2017-1000367.patch
--- sudo-1.8.19p1/debian/patches/CVE-2017-1000367.patch 1969-12-31 
17:00:00.0 -0700
+++ sudo-1.8.19p1/debian/patches/CVE-2017-1000367.patch 2017-05-30 
22:35:01.0 -0600
@@ -0,0 +1,246 @@
+diff --git a/src/ttyname.c b/src/ttyname.c
+index 9b94ba8..ab0f2d3 100644
+--- a/src/ttyname.c
 b/src/ttyname.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2012-2016 Todd C. Miller 
++ * Copyright (c) 2012-2017 Todd C. Miller 
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+@@ -145,20 +145,22 @@ sudo_ttyname_dev(dev_t tdev, char *name, size_t namelen)
+ }
+ #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || 
defined(__linux__)
+ /*
+- * Devices to search before doing a breadth-first scan.
++ * Device nodes and directories to search before searching all of /dev
+  */
+ static char *search_devs[] = {
+ "/dev/console",
+-"/dev/wscons",
+-"/dev/pts/",
+-"/dev/vt/",
+-"/dev/term/",
+-"/dev/zcons/",
++"/dev/pts/",  /* POSIX pty */
++"/dev/vt/",   /* Solaris virtual console */
++"/dev/term/", /* Solaris serial ports */
++"/dev/zcons/",/* Solaris zone console */
++"/dev/pty/",  /* HP-UX old-style pty */
+ NULL
+ };
+ 
++/*
++ * Device nodes to ignore when searching all of /dev
++ */
+ static char *ignore_devs[] = {
+-"/dev/fd/",
+ "/dev/stdin",
+ "/dev/stdout",
+ "/dev/stderr",
+@@ -166,16 +168,18 @@ static char *ignore_devs[] = {
+ };
+ 
+ /*
+- * Do a breadth-first scan of dir looking for the specified device.
++ * Do a scan of a directory looking for the specified device.
++ * Does not descend into subdirectories.
+  * Returns name on success and NULL on failure, setting errno.
+  */
+ static char *
+-sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin, char *name, 
size_t namelen)
++sudo_ttyname_scan(const char *dir, dev_t rdev, char *name, size_t namelen)
+ {
+-size_t sdlen, num_subdirs = 0, max_subdirs = 0;
+-char pathbuf[PATH_MAX], **subdirs = NULL;
++size_t sdlen;
++char pathbuf[PATH_MAX];
+ char *ret = NULL;
+ struct dirent *dp;
++struct stat sb;
+ unsigned int i;
+ DIR *d = NULL;
+ debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL)
+@@ -183,6 +187,18 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool 
builtin, char *name, size_t
+ if (dir[0] == '\0' || (d = opendir(dir)) == NULL)
+   goto done;
+ 
++if (fstat(dirfd(d), ) == -1) {
++  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
++  "unable to fstat %s", dir);
++  goto done;
++}
++if ((sb.st_mode & S_IWOTH) != 0) {
++  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
++  "ignoring world-writable directory %s", dir);
++  errno = ENOENT;
++  goto done;
++}
++
+ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
+   "scanning for dev %u in %s", (unsigned int)rdev, dir);
+ 
+@@ -220,18 +236,6 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool 
builtin, char *name, size_t
+   }
+   if (ignore_devs[i] != NULL)
+   continue;
+-  if (!builtin) {
+-  /* Skip entries in search_devs; we already checked them. */
+-  for (i = 0; search_devs[i] != NULL; i++) {
+-  len = strlen(search_devs[i]);
+-  if (search_devs[i][len - 1] == '/')
+-  len--;
+-