Bug#731583: sudo FQDN issue: upstream fixed it
On 2014-12-21 20:49, Michael Gilbert wrote: On Sun, Dec 14, 2014 at 11:02 AM, Christian Kastner wrote: I just noticed that I never uploaded the debdiffs to the BTS, so here they are for 1.8.11p2 in unstable and 1.8.10p3 in testing. I reviewed and sponsored your upload to unstable. Let me know how the unblock negotiation goes with the release team now that they have a package in unstable to review. If they reject that, please let me know, and I will look at sponsoring the tpu. I actually already had asked the RT, although when following up on this, I forgot to CC this bug. You can find my RT plea here: https://bugs.debian.org/773319 I'll report back once I have received an answer. Thanks! Christian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#731583: sudo FQDN issue: upstream fixed it
On Sun, Dec 14, 2014 at 11:02 AM, Christian Kastner wrote: On 2014-11-16 15:07, Christian Kastner wrote: I only now realized that the version of sudo in testing is still at 1.8.10p3-1. The diff to 1.8.11p2-1 is not trivial. However, given that 1.8.11p1-1 was uploaded on Oct 20th, and the 1.8.11p2-1 upload on Oct 30th (which reset the 10-day clock) only contained a single bug fix, the RT might be lenient regarding an unblock. I just noticed that I never uploaded the debdiffs to the BTS, so here they are for 1.8.11p2 in unstable and 1.8.10p3 in testing. Hi, I reviewed and sponsored your upload to unstable. Let me know how the unblock negotiation goes with the release team now that they have a package in unstable to review. If they reject that, please let me know, and I will look at sponsoring the tpu. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#731583: sudo FQDN issue: upstream fixed it
On 2014-11-16 15:07, Christian Kastner wrote:
I only now realized that the version of sudo in testing is still at
1.8.10p3-1. The diff to 1.8.11p2-1 is not trivial. However, given that
1.8.11p1-1 was uploaded on Oct 20th, and the 1.8.11p2-1 upload on Oct
30th (which reset the 10-day clock) only contained a single bug fix, the
RT might be lenient regarding an unblock.
I just noticed that I never uploaded the debdiffs to the BTS, so here
they are for 1.8.11p2 in unstable and 1.8.10p3 in testing.
Bdale, I plan to contact the RT soon regarding the possibility of
allowing 1.8.11p2 to migrate. If you have any objections to my proposal
from Dec 05, please let me know.
Regards,
Christian
diff -Nru sudo-1.8.10p3/debian/changelog sudo-1.8.10p3/debian/changelog
--- sudo-1.8.10p3/debian/changelog 2014-09-14 18:26:06.0 +0200
+++ sudo-1.8.10p3/debian/changelog 2014-12-05 15:12:47.0 +0100
@@ -1,3 +1,11 @@
+sudo (1.8.10p3-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Backports upstream's fix for host specifications using a FQDN. These were
+no longer working since 1.8.8. Closes: #731583
+
+ -- Christian Kastner deb...@kvr.at Fri, 05 Dec 2014 15:10:30 +0100
+
sudo (1.8.10p3-1) unstable; urgency=low
* new upstream release
diff -Nru
sudo-1.8.10p3/debian/patches/Fix-for-broken-FQDN-host-specifications.diff
sudo-1.8.10p3/debian/patches/Fix-for-broken-FQDN-host-specifications.diff
--- sudo-1.8.10p3/debian/patches/Fix-for-broken-FQDN-host-specifications.diff
1970-01-01 01:00:00.0 +0100
+++ sudo-1.8.10p3/debian/patches/Fix-for-broken-FQDN-host-specifications.diff
2014-12-05 15:20:43.0 +0100
@@ -0,0 +1,92 @@
+From: Christian Kastner deb...@kvr.at
+Date: Fri, 05 Dec 2014 14:58:50 +0100
+Subject: Fix for broken FQDN host specifications
+
+A bug was introduced in sudo 1.8.8 which broke host specifications using a
+FQDN, eg Host_Alias = host.example.com. Upstream has fixed this in 1.8.12.
+
+This patch contains the fix backported to 1.8.10p3.
+
+Origin: http://www.sudo.ws/repos/sudo/rev/4f75b01d4884
+Bug: http://www.sudo.ws/bugs/show_bug.cgi?id=678
+Bug-Debian: https://bugs.debian.org/731583
+Last-Update: 2014-05-12
+
+Index: sudo-1.8.10p3/plugins/sudoers/sudoers.c
+===
+--- sudo-1.8.10p3.orig/plugins/sudoers/sudoers.c
sudo-1.8.10p3/plugins/sudoers/sudoers.c
+@@ -799,32 +799,69 @@ set_loginclass(struct passwd *pw)
+ #endif
+
+ /*
+- * Look up the fully qualified domain name and set user_host and user_shost.
++ * Look up the fully qualified domain name of user_host and user_runhost.
++ * Sets user_host, user_shost, user_runhost and user_srunhost.
+ * Use AI_FQDN if available since canonical is not always the same as fqdn.
+ */
+ static void
+ set_fqdn(void)
+ {
+ struct addrinfo *res0, hint;
++bool remote;
+ char *p;
+ debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN)
+
++/* If the -h flag was given we need to resolve both host and runhost. */
++remote = strcmp(user_runhost, user_host) != 0;
++
+ memset(hint, 0, sizeof(hint));
+ hint.ai_family = PF_UNSPEC;
+ hint.ai_flags = AI_FQDN;
++
++/* First resolve user_host, sets user_host and user_shost. */
+ if (getaddrinfo(user_host, NULL, hint, res0) != 0) {
+ log_warning(MSG_ONLY, N_(unable to resolve host %s), user_host);
+ } else {
+ if (user_shost != user_host)
+ efree(user_shost);
+ efree(user_host);
+- user_host = estrdup(res0-ai_canonname);
++ user_host = user_shost = estrdup(res0-ai_canonname);
+ freeaddrinfo(res0);
+ if ((p = strchr(user_host, '.')) != NULL)
+ user_shost = estrndup(user_host, (size_t)(p - user_host));
+- else
+- user_shost = user_host;
+ }
++
++/* Next resolve user_runhost, sets user_runhost and user_srunhost. */
++if (remote) {
++ if (getaddrinfo(user_runhost, NULL, hint, res0) != 0) {
++ log_warning(MSG_ONLY,
++ N_(unable to resolve host %s), user_runhost);
++ } else {
++ if (user_srunhost != user_runhost)
++ efree(user_srunhost);
++ efree(user_runhost);
++ user_runhost = user_srunhost = estrdup(res0-ai_canonname);
++ freeaddrinfo(res0);
++ if ((p = strchr(user_runhost, '.'))) {
++ user_srunhost =
++ estrndup(user_runhost, (size_t)(p - user_runhost));
++ }
++ }
++} else {
++ /* Not remote, just use user_host. */
++ if (user_srunhost != user_runhost)
++ efree(user_srunhost);
++ efree(user_runhost);
++ user_runhost = user_srunhost = estrdup(user_host);
++ if ((p = strchr(user_runhost, '.'))) {
++ user_srunhost =
++ estrndup(user_runhost, (size_t)(p - user_runhost));
++ }
++}
++
++sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
++ host %s, shost %s, runhost %s, srunhost %s,
Bug#731583: sudo FQDN issue: upstream fixed it
Hi, martin f krafft wrote (13 Nov 2014 13:04:01 GMT) : also sprach Christian Kastner deb...@kvr.at [2014-11-13 03:09 +0100]: Now *that's* a cool upstream -- fixed the bug not even 3 hours after I reported it. Please find attached upstream's patch from upstream's Bugzilla, refreshed to apply against 1.8.11p2-1. Fantastic. This should be easy to backport/integrate. I confirm that the attached patch applies cleanly on top of 1.8.11p2-1, and the result builds just fine. If Bdale can't take care of it shortly, does anyone affected (who can actually test that the resulting package fixes the problem for them) want to NMU? I think DELAYED/2 or /5 would be appropriate. Cheers, -- intrigeri -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#731583: sudo FQDN issue: upstream fixed it
also sprach intrigeri intrig...@debian.org [2014-11-16 13:58 +0200]: If Bdale can't take care of it shortly, does anyone affected (who can actually test that the resulting package fixes the problem for them) want to NMU? I think DELAYED/2 or /5 would be appropriate. I am travelling this week without either a usable laptop, internet connection, or time slots. If Christian has time before the weekend… -- .''`. martin f. krafft madduck@d.o @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems prisons are built with stones of law, brothels with bricks of religion. -- william blake digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#731583: sudo FQDN issue: upstream fixed it
On 2014-11-16 14:33, martin f krafft wrote:
also sprach intrigeri intrig...@debian.org [2014-11-16 13:58 +0200]:
If Bdale can't take care of it shortly, does anyone affected (who can
actually test that the resulting package fixes the problem for them)
want to NMU? I think DELAYED/2 or /5 would be appropriate.
I am travelling this week without either a usable laptop, internet
connection, or time slots. If Christian has time before the weekend…
I'm not a DD yet so I can't upload, but I forgot to mention that I
successfully tested the resulting package prior to submitting the patch.
I only now realized that the version of sudo in testing is still at
1.8.10p3-1. The diff to 1.8.11p2-1 is not trivial. However, given that
1.8.11p1-1 was uploaded on Oct 20th, and the 1.8.11p2-1 upload on Oct
30th (which reset the 10-day clock) only contained a single bug fix, the
RT might be lenient regarding an unblock.
If the RT should insist on a fix targeting 1.8.10p2-1, please find
attached the patch, backported to that version. The resulting package
tested successfully on my jessie system.
Regards,
Christian
Index: sudo-1.8.10p3/plugins/sudoers/sudoers.c
===
--- sudo-1.8.10p3.orig/plugins/sudoers/sudoers.c
+++ sudo-1.8.10p3/plugins/sudoers/sudoers.c
@@ -799,32 +799,69 @@ set_loginclass(struct passwd *pw)
#endif
/*
- * Look up the fully qualified domain name and set user_host and user_shost.
+ * Look up the fully qualified domain name of user_host and user_runhost.
+ * Sets user_host, user_shost, user_runhost and user_srunhost.
* Use AI_FQDN if available since canonical is not always the same as fqdn.
*/
static void
set_fqdn(void)
{
struct addrinfo *res0, hint;
+bool remote;
char *p;
debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN)
+/* If the -h flag was given we need to resolve both host and runhost. */
+remote = strcmp(user_runhost, user_host) != 0;
+
memset(hint, 0, sizeof(hint));
hint.ai_family = PF_UNSPEC;
hint.ai_flags = AI_FQDN;
+
+/* First resolve user_host, sets user_host and user_shost. */
if (getaddrinfo(user_host, NULL, hint, res0) != 0) {
log_warning(MSG_ONLY, N_(unable to resolve host %s), user_host);
} else {
if (user_shost != user_host)
efree(user_shost);
efree(user_host);
- user_host = estrdup(res0-ai_canonname);
+ user_host = user_shost = estrdup(res0-ai_canonname);
freeaddrinfo(res0);
if ((p = strchr(user_host, '.')) != NULL)
user_shost = estrndup(user_host, (size_t)(p - user_host));
- else
- user_shost = user_host;
}
+
+/* Next resolve user_runhost, sets user_runhost and user_srunhost. */
+if (remote) {
+ if (getaddrinfo(user_runhost, NULL, hint, res0) != 0) {
+ log_warning(MSG_ONLY,
+ N_(unable to resolve host %s), user_runhost);
+ } else {
+ if (user_srunhost != user_runhost)
+ efree(user_srunhost);
+ efree(user_runhost);
+ user_runhost = user_srunhost = estrdup(res0-ai_canonname);
+ freeaddrinfo(res0);
+ if ((p = strchr(user_runhost, '.'))) {
+ user_srunhost =
+ estrndup(user_runhost, (size_t)(p - user_runhost));
+ }
+ }
+} else {
+ /* Not remote, just use user_host. */
+ if (user_srunhost != user_runhost)
+ efree(user_srunhost);
+ efree(user_runhost);
+ user_runhost = user_srunhost = estrdup(user_host);
+ if ((p = strchr(user_runhost, '.'))) {
+ user_srunhost =
+ estrndup(user_runhost, (size_t)(p - user_runhost));
+ }
+}
+
+sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
+ host %s, shost %s, runhost %s, srunhost %s,
+ user_host, user_shost, user_runhost, user_srunhost);
debug_return;
}
Bug#731583: sudo FQDN issue: upstream fixed it
also sprach Christian Kastner deb...@kvr.at [2014-11-13 03:09 +0100]: Now *that's* a cool upstream -- fixed the bug not even 3 hours after I reported it. Please find attached upstream's patch from upstream's Bugzilla, refreshed to apply against 1.8.11p2-1. Fantastic. This should be easy to backport/integrate. -- .''`. martin f. krafft madduck@d.o @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#731583: sudo FQDN issue: upstream fixed it
Control: tag -1 confirmed fixed-upstream patch
Now *that's* a cool upstream -- fixed the bug not even 3 hours after I
reported it.
Please find attached upstream's patch from upstream's Bugzilla,
refreshed to apply against 1.8.11p2-1.
Christian
Index: sudo-1.8.11p2/plugins/sudoers/sudoers.c
===
--- sudo-1.8.11p2.orig/plugins/sudoers/sudoers.c
+++ sudo-1.8.11p2/plugins/sudoers/sudoers.c
@@ -864,19 +864,26 @@ set_loginclass(struct passwd *pw)
#endif
/*
- * Look up the fully qualified domain name and set user_host and user_shost.
+ * Look up the fully qualified domain name of user_host and user_runhost.
+ * Sets user_host, user_shost, user_runhost and user_srunhost.
* Use AI_FQDN if available since canonical is not always the same as fqdn.
*/
static void
set_fqdn(void)
{
struct addrinfo *res0, hint;
+bool remote;
char *p;
debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN)
+/* If the -h flag was given we need to resolve both host and runhost. */
+remote = strcmp(user_runhost, user_host) != 0;
+
memset(hint, 0, sizeof(hint));
hint.ai_family = PF_UNSPEC;
hint.ai_flags = AI_FQDN;
+
+/* First resolve user_host, sets user_host and user_shost. */
if (getaddrinfo(user_host, NULL, hint, res0) != 0) {
log_warningx(SLOG_SEND_MAIL|SLOG_RAW_MSG,
N_(unable to resolve host %s), user_host);
@@ -884,13 +891,43 @@ set_fqdn(void)
if (user_shost != user_host)
sudo_efree(user_shost);
sudo_efree(user_host);
- user_host = sudo_estrdup(res0-ai_canonname);
+ user_host = user_shost = sudo_estrdup(res0-ai_canonname);
freeaddrinfo(res0);
if ((p = strchr(user_host, '.')) != NULL)
user_shost = sudo_estrndup(user_host, (size_t)(p - user_host));
- else
- user_shost = user_host;
}
+
+/* Next resolve user_runhost, sets user_runhost and user_srunhost. */
+if (remote) {
+ if (getaddrinfo(user_runhost, NULL, hint, res0) != 0) {
+ log_warningx(SLOG_SEND_MAIL|SLOG_RAW_MSG,
+ N_(unable to resolve host %s), user_runhost);
+ } else {
+ if (user_srunhost != user_runhost)
+ sudo_efree(user_srunhost);
+ sudo_efree(user_runhost);
+ user_runhost = user_srunhost = sudo_estrdup(res0-ai_canonname);
+ freeaddrinfo(res0);
+ if ((p = strchr(user_runhost, '.'))) {
+ user_srunhost =
+ sudo_estrndup(user_runhost, (size_t)(p - user_runhost));
+ }
+ }
+} else {
+ /* Not remote, just use user_host. */
+ if (user_srunhost != user_runhost)
+ sudo_efree(user_srunhost);
+ sudo_efree(user_runhost);
+ user_runhost = user_srunhost = sudo_estrdup(user_host);
+ if ((p = strchr(user_runhost, '.'))) {
+ user_srunhost =
+ sudo_estrndup(user_runhost, (size_t)(p - user_runhost));
+ }
+}
+
+sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
+ host %s, shost %s, runhost %s, srunhost %s,
+ user_host, user_shost, user_runhost, user_srunhost);
debug_return;
}
