Bug#1057236: bookworm-pu: package gosa-plugins-sudo/2.8~git20211022.7ff3ed2-2+deb12u1

Mike Gabriel Fri, 01 Dec 2023 14:36:18 -0800

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: gosa-plugins-s...@packages.debian.org
Control: affects -1 + src:gosa-plugins-sudo


Please accept updated package gosa-plugins-sudo to bookworm.

[ Reason ]
Fix processing sudoUser regexp when processing LDAP sudo rules.

[ Impact ]
GOsa²'s sudo plugin will behave buggy. This will be noticed by sysadmins
of Debian Edu 12.

[ Tests ]
Manual tests.

[ Risks ]
Merely none, only for users of GOsa² and its sudo plugin.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  * debian/patches:
+    + Add 1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch.
+      Assign variable before using it.

[ Other info ]
none

diff -Nru gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/changelog 
gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/changelog
--- gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/changelog  2023-01-23 
13:03:23.000000000 +0100
+++ gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/changelog  2023-12-01 
23:27:03.000000000 +0100
@@ -1,3 +1,11 @@
+gosa-plugins-sudo (2.8~git20211022.7ff3ed2-2+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
+    + Add 1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch.
+      Assign variable before using it.
+
+ -- Mike Gabriel <sunwea...@debian.org>  Fri, 01 Dec 2023 23:27:03 +0100
+
 gosa-plugins-sudo (2.8~git20211022.7ff3ed2-2) unstable; urgency=medium
 
   * Source-only upload to unstable.
diff -Nru 
gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch
 
gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch
--- 
gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch
    1970-01-01 01:00:00.000000000 +0100
+++ 
gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch
    2023-12-01 23:26:43.000000000 +0100
@@ -0,0 +1,33 @@
+From a82b03aa40ee147ddc2a2a440dad18da8be5b5e1 Mon Sep 17 00:00:00 2001
+From: root <root@postoffice.intern>
+Date: Thu, 17 Aug 2023 22:16:03 +0200
+Subject: [PATCH 06/13] plugins/admin/sudo/class_sudoGeneric.inc: Assign
+ variable before using it.
+
+---
+ admin/sudo/class_sudoGeneric.inc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/admin/sudo/class_sudoGeneric.inc 
b/admin/sudo/class_sudoGeneric.inc
+index f1b1f31..d55679f 100644
+--- a/admin/sudo/class_sudoGeneric.inc
++++ b/admin/sudo/class_sudoGeneric.inc
+@@ -297,6 +297,7 @@ class sudo extends plugin
+         /* Acceptable characters for various fields */
+         $ipv4_regex = 
"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$";
+         $fqdn_regex = 
"^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$";
++        $c = preg_quote(' *+-?_|!\'"()','/');
+         $attr_regex = array(
+             "sudoUser" => "/^[a-z0-9{$c}]*$/i",
+             "sudoHost" => "/$ipv4_regex|$fqdn_regex/i",
+@@ -310,7 +311,6 @@ class sudo extends plugin
+                     isset($_POST['new_'.$attr]) && 
+                     !empty($_POST['new_'.$attr])){
+ 
+-                $c = preg_quote(' *+-?_|!\'"()','/');
+                 if(preg_match($attr_regex[$attr],get_post('new_'.$attr))){
+                     $attrs = $this->$attr;
+                     $attrs[] =  trim(get_post('new_'.$attr)); 
+-- 
+2.39.2
+
diff -Nru gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/README 
gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/README
--- gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/README     
1970-01-01 01:00:00.000000000 +0100
+++ gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/README     
2023-12-01 23:26:43.000000000 +0100
@@ -0,0 +1,3 @@
+0xxx: Grabbed from upstream development.
+1xxx: Possibly relevant for upstream adoption.
+2xxx: Only relevant for official Debian release.
diff -Nru gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/series 
gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/series
--- gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/series     
1970-01-01 01:00:00.000000000 +0100
+++ gosa-plugins-sudo-2.8~git20211022.7ff3ed2/debian/patches/series     
2023-12-01 23:26:43.000000000 +0100
@@ -0,0 +1 @@
+1001_plugins-admin-sudo-class_sudoGeneric.inc-Assign-vari.patch

Bug#1057236: bookworm-pu: package gosa-plugins-sudo/2.8~git20211022.7ff3ed2-2+deb12u1

Reply via email to