This patch will upgrade Sudo version 1.7.10 patchlevel 4 to Sudo version 1.7.10 patchlevel 5. To apply: $ cd sudo-1.7.10p4 $ patch -p1 < sudo-1.7.10p5.patch diff -urNa sudo-1.7.10p4/ChangeLog sudo-1.7.10p5/ChangeLog --- sudo-1.7.10p4/ChangeLog Tue Jan 15 16:54:47 2013 +++ sudo-1.7.10p5/ChangeLog Thu Jan 31 16:13:55 2013 @@ -1,8 +1,34 @@ +2013-01-31 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_7_10p5 for changeset 765958d9ee1e + [36f1598f6c3c] [tip] <1.7> + + * NEWS, configure, configure.in: + Sudo 1.7.10p5 + [765958d9ee1e] [SUDO_1_7_10p5] <1.7> + + * LICENSE: + Update copyright year + [21762d8d1337] <1.7> + + * visudo.c: + Fix potential stack overflow due to infinite recursion in alias + cycle detection. From Daniel Kopecek. + [f1fc761aaf76] <1.7> + + * ttyname.c: + Remove ttyname() fall back code on systems where we can query the + kernel for the tty device via /proc or sysctl(). If there is no + controlling tty, it is better to just treat the tty as unknown + rather than to blindly use what is hooked up to std{in,out,err}. + [bfa23f089bba] <1.7> + 2013-01-15 Todd C. Miller * .hgtags: Added tag SUDO_1_7_10p4 for changeset a5ea48905d46 - [4ba58fd849b6] [tip] <1.7> + [4ba58fd849b6] <1.7> * NEWS, configure, configure.in: Sudo 1.7.10p4 diff -urNa sudo-1.7.10p4/LICENSE sudo-1.7.10p5/LICENSE --- sudo-1.7.10p4/LICENSE Tue Sep 18 10:00:08 2012 +++ sudo-1.7.10p5/LICENSE Thu Jan 31 11:13:02 2013 @@ -1,6 +1,6 @@ Sudo is distributed under the following license: - Copyright (c) 1994-1996, 1998-2012 + Copyright (c) 1994-1996, 1998-2013 Todd C. Miller Permission to use, copy, modify, and distribute this software for any diff -urNa sudo-1.7.10p4/NEWS sudo-1.7.10p5/NEWS --- sudo-1.7.10p4/NEWS Tue Jan 15 15:40:02 2013 +++ sudo-1.7.10p5/NEWS Thu Jan 31 16:07:56 2013 @@ -1,3 +1,12 @@ +What's new in Sudo 1.7.10p5? + + * On systems where the controlling tty can be determined via /proc + or sysctl(), sudo will no longer fall back to using ttyname() + if the process has no controlling tty. This prevents sudo from + using a non-controlling tty for logging and time stamp purposes. + + * Fixed a potential crash in visudo's alias cycle detection. + What's new in Sudo 1.7.10p4? * Avoid building PIE binaries on FreeBSD/ia64 as they don't run diff -urNa sudo-1.7.10p4/configure sudo-1.7.10p5/configure --- sudo-1.7.10p4/configure Tue Jan 15 15:38:33 2013 +++ sudo-1.7.10p5/configure Thu Jan 31 11:39:23 2013 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for sudo 1.7.10p4. +# Generated by GNU Autoconf 2.68 for sudo 1.7.10p5. # # Report bugs to . # @@ -570,8 +570,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.10p4' -PACKAGE_STRING='sudo 1.7.10p4' +PACKAGE_VERSION='1.7.10p5' +PACKAGE_STRING='sudo 1.7.10p5' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' @@ -1447,7 +1447,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.10p4 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.10p5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1512,7 +1512,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.10p4:";; + short | recursive ) echo "Configuration of sudo 1.7.10p5:";; esac cat <<\_ACEOF @@ -1737,7 +1737,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.10p4 +sudo configure 1.7.10p5 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2441,7 +2441,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.10p4, which was +It was created by sudo $as_me 1.7.10p5, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -20835,7 +20835,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.10p4, which was +This file was extended by sudo $as_me 1.7.10p5, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20901,7 +20901,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.7.10p4 +sudo config.status 1.7.10p5 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urNa sudo-1.7.10p4/configure.in sudo-1.7.10p5/configure.in --- sudo-1.7.10p4/configure.in Tue Jan 15 15:38:28 2013 +++ sudo-1.7.10p5/configure.in Thu Jan 31 11:13:08 2013 @@ -3,7 +3,7 @@ dnl dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller dnl -AC_INIT([sudo], [1.7.10p4], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.10p5], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h zlib/zconf.h) dnl dnl Note: this must come after AC_INIT diff -urNa sudo-1.7.10p4/ttyname.c sudo-1.7.10p5/ttyname.c --- sudo-1.7.10p4/ttyname.c Tue Sep 18 10:00:11 2012 +++ sudo-1.7.10p5/ttyname.c Thu Jan 31 11:10:00 2013 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012 Todd C. Miller + * Copyright (c) 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -368,14 +368,6 @@ } efree(ki_proc); - /* If all else fails, fall back on ttyname(). */ - if (tty == NULL) { - if ((tty = ttyname(STDIN_FILENO)) != NULL || - (tty = ttyname(STDOUT_FILENO)) != NULL || - (tty = ttyname(STDERR_FILENO)) != NULL) - tty = estrdup(tty); - } - return tty; } #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) @@ -407,14 +399,6 @@ } } - /* If all else fails, fall back on ttyname(). */ - if (tty == NULL) { - if ((tty = ttyname(STDIN_FILENO)) != NULL || - (tty = ttyname(STDOUT_FILENO)) != NULL || - (tty = ttyname(STDERR_FILENO)) != NULL) - tty = estrdup(tty); - } - return tty; } #elif defined(__linux__) @@ -432,7 +416,7 @@ ssize_t len; int i; - /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */ + /* Try to determine the tty from tty_nr in /proc/pid/stat. */ for (i = 0; tty == NULL && i < 2; i++) { FILE *fp; char path[PATH_MAX]; @@ -459,14 +443,6 @@ } } efree(line); - - /* If all else fails, fall back on ttyname(). */ - if (tty == NULL) { - if ((tty = ttyname(STDIN_FILENO)) != NULL || - (tty = ttyname(STDOUT_FILENO)) != NULL || - (tty = ttyname(STDERR_FILENO)) != NULL) - tty = estrdup(tty); - } return tty; } diff -urNa sudo-1.7.10p4/visudo.c sudo-1.7.10p5/visudo.c --- sudo-1.7.10p4/visudo.c Tue Jan 15 14:55:23 2013 +++ sudo-1.7.10p5/visudo.c Thu Jan 31 11:11:58 2013 @@ -1040,18 +1040,16 @@ struct alias *a; int rval = TRUE; - if ((a = alias_find(name, type)) != NULL) { + if ((a = alias_remove(name, type)) != NULL) { tq_foreach_fwd(&a->members, m) { if (m->type == ALIAS) { if (!alias_remove_recursive(m->name, type)) rval = FALSE; } } + rbinsert(alias_freelist, a); } alias_seqno++; - a = alias_remove(name, type); - if (a) - rbinsert(alias_freelist, a); return rval; }