All: Do we want to slip this into presently supported branches containing 1.6.9p17? It's a quick patch:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&only_with_tag=SUDO_1_6_9 I tested it on -rOPENBSD_4_3. Just be sure to nuke the version string. $ more sudo_p20.patch =================================================================== RCS file: /home/anoncvs/cvs/sudo/parse.c,v retrieving revision 1.160.2.21 retrieving revision 1.160.2.22 diff -u -p -r1.160.2.21 -r1.160.2.22 --- sudo/parse.c 2008/11/02 14:35:53 1.160.2.21 +++ sudo/parse.c 2009/01/28 00:50:01 1.160.2.22 @@ -651,9 +651,11 @@ usergr_matches(group, user, pw) /* * If the user has a supplementary group vector, check it first. */ - for (i = 0; i < user_ngroups; i++) { - if (grp->gr_gid == user_groups[i]) - return(TRUE); + if (strcmp(user, user_name) == 0) { + for (i = 0; i < user_ngroups; i++) { + if (grp->gr_gid == user_groups[i]) + return(TRUE); + } } if (grp->gr_mem != NULL) { for (cur = grp->gr_mem; *cur; cur++) { sekle...@seawing:/usr/src/usr.bin$ sudo patch -p0 < sudo_p20.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |=================================================================== |RCS file: /home/anoncvs/cvs/sudo/parse.c,v |retrieving revision 1.160.2.21 |retrieving revision 1.160.2.22 |diff -u -p -r1.160.2.21 -r1.160.2.22 |--- sudo/parse.c 2008/11/02 14:35:53 1.160.2.21 |+++ sudo/parse.c 2009/01/28 00:50:01 1.160.2.22 -------------------------- Patching file sudo/parse.c using Plan A... Hunk #1 succeeded at 606 (offset -45 lines). done
