aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2020-02-05 11:15:33 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2020-02-05 12:14:27 +0100
commit76c7cb0ae293d4800b471c9d7793a59609e304b1 (patch)
tree38ee1a22d89d8af2dad2290073f7300ac187b10b
parent30e3c4050eab7ba081ee405000e068876318f15e (diff)
downloadaports-76c7cb0ae293d4800b471c9d7793a59609e304b1.tar.gz
aports-76c7cb0ae293d4800b471c9d7793a59609e304b1.tar.bz2
aports-76c7cb0ae293d4800b471c9d7793a59609e304b1.tar.xz
main/sudo: fix CVE-2019-18634
-rw-r--r--main/sudo/APKBUILD8
-rw-r--r--main/sudo/CVE-2019-18634.patch98
2 files changed, 104 insertions, 2 deletions
diff --git a/main/sudo/APKBUILD b/main/sudo/APKBUILD
index 48aa12c833..e5f671526c 100644
--- a/main/sudo/APKBUILD
+++ b/main/sudo/APKBUILD
@@ -8,7 +8,7 @@ if [ "${pkgver%_*}" != "$pkgver" ]; then
else
_realver=$pkgver
fi
-pkgrel=3
+pkgrel=4
pkgdesc="Give certain users the ability to run some commands as root"
url="https://www.sudo.ws/sudo/"
arch="all"
@@ -22,10 +22,13 @@ source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz
libcrypt.patch
musl-fix-headers.patch
CVE-2019-14287.patch
+ CVE-2019-18634.patch
"
options="suid"
# secfixes:
+# 1.8.23-r4:
+# - CVE-2019-18634
# 1.8.23-r3:
# - CVE-2019-14287
# 1.8.20_p2-r0:
@@ -73,4 +76,5 @@ f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c
b2d7816d334826545420c578114e5af361ced65c00e5bfc2e0b16f3c9325aa9d2b902defeebb181da3cf7bc6aba3a59a496293d2f11d83c9793f11138ba50343 fix-tests.patch
5ad20254aa587ef615f794081ecd55344eada5cf8c1a1d7956cc3f73375554716c483eeb74081da9a8501afce92cfbaf2abe59d1067aac67ce6e4874eb5a23e1 libcrypt.patch
113416fed7532c6092687c8bdd9913d04888d2f0a32e4333dd27a6b3d39145717ad5c3b3f05ba11bd6462612a9a013d446d254d50b2b651c33eeebe670f41ab5 musl-fix-headers.patch
-347431718717ff00f11375df4c039e778be3f873014f68586054915bca9f818f8fd000ea256ac97739026bc36f32dd771afc69c290ee9f6ae7aa29752b2328e1 CVE-2019-14287.patch"
+347431718717ff00f11375df4c039e778be3f873014f68586054915bca9f818f8fd000ea256ac97739026bc36f32dd771afc69c290ee9f6ae7aa29752b2328e1 CVE-2019-14287.patch
+171cdd24833da4fa819003dbe38b247537d27fa7306f3e78eb4b2e28ccf66e06f02a2104d051d75a42197959489bedfb6633f5efbd436903746e667b79d59ee6 CVE-2019-18634.patch"
diff --git a/main/sudo/CVE-2019-18634.patch b/main/sudo/CVE-2019-18634.patch
new file mode 100644
index 0000000000..4d0fdd41d5
--- /dev/null
+++ b/main/sudo/CVE-2019-18634.patch
@@ -0,0 +1,98 @@
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 29 Jan 2020 20:15:21 -0700
+Subject: Fix a buffer overflow when pwfeedback is enabled and input is a not a
+ tty. In getln() if the user enters ^U (erase line) and the write(2) fails,
+ the remaining buffer size is reset but the current pointer is not. While
+ here, fix an incorrect break for erase when write(2) fails. Also disable
+ pwfeedback when input is not a tty as it cannot work. CVE-2019-18634 Credit:
+ Joe Vennix from Apple Information Security.
+Origin: https://github.com/sudo-project/sudo/commit/b5d2010b6514ff45693509273bb07df3abb0bf0a
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-18634
+Bug-Debian: https://bugs.debian.org/950371
+
+--HG--
+branch : 1.8
+[Salvatore Bonaccorso: Backport to 1.8.19p1. Changes from ab2cba0f5d8b ("Print
+a warning for password read issues. Issues include: timeout at the password
+prompt, read error while reading the password, and EOF reading the password.")
+upstream in 1.8.26 changes signature of getln function.]
+---
+ src/tgetpass.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+--- a/src/tgetpass.c
++++ b/src/tgetpass.c
+@@ -48,7 +48,7 @@ static volatile sig_atomic_t signo[NSIG]
+
+ static bool tty_present(void);
+ static void tgetpass_handler(int);
+-static char *getln(int, char *, size_t, int);
++static char *getln(int, char *, size_t, bool);
+ static char *sudo_askpass(const char *, const char *);
+
+ static int
+@@ -90,6 +90,7 @@ tgetpass(const char *prompt, int timeout
+ static const char *askpass;
+ static char buf[SUDO_CONV_REPL_MAX + 1];
+ int i, input, output, save_errno, neednl = 0, need_restart;
++ bool feedback = ISSET(flags, TGP_MASK);
+ debug_decl(tgetpass, SUDO_DEBUG_CONV)
+
+ (void) fflush(stdout);
+@@ -136,7 +137,7 @@ restart:
+ */
+ if (!ISSET(flags, TGP_ECHO)) {
+ for (;;) {
+- if (ISSET(flags, TGP_MASK))
++ if (feedback)
+ neednl = sudo_term_cbreak(input);
+ else
+ neednl = sudo_term_noecho(input);
+@@ -150,6 +151,9 @@ restart:
+ }
+ }
+ }
++ /* Only use feedback mode when we can disable echo. */
++ if (!neednl)
++ feedback = false;
+
+ /*
+ * Catch signals that would otherwise cause the user to end
+@@ -175,7 +179,7 @@ restart:
+
+ if (timeout > 0)
+ alarm(timeout);
+- pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_MASK));
++ pass = getln(input, buf, sizeof(buf), feedback);
+ alarm(0);
+ save_errno = errno;
+
+@@ -294,7 +298,7 @@ sudo_askpass(const char *askpass, const
+ extern int sudo_term_erase, sudo_term_kill;
+
+ static char *
+-getln(int fd, char *buf, size_t bufsiz, int feedback)
++getln(int fd, char *buf, size_t bufsiz, bool feedback)
+ {
+ size_t left = bufsiz;
+ ssize_t nr = -1;
+@@ -316,15 +320,15 @@ getln(int fd, char *buf, size_t bufsiz,
+ while (cp > buf) {
+ if (write(fd, "\b \b", 3) == -1)
+ break;
+- --cp;
++ cp--;
+ }
++ cp = buf;
+ left = bufsiz;
+ continue;
+ } else if (c == sudo_term_erase) {
+ if (cp > buf) {
+- if (write(fd, "\b \b", 3) == -1)
+- break;
+- --cp;
++ ignore_result(write(fd, "\b \b", 3));
++ cp--;
+ left++;
+ }
+ continue;