import sudo-1.8.29-7.el8_4.1
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
d13292b8f6
commit
bc5d849802
35
SOURCES/sudo-1.9.7-sigchild.patch
Normal file
35
SOURCES/sudo-1.9.7-sigchild.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 727056e0c9519d8eecde801e950b35f2f69c72e2 Mon Sep 17 00:00:00 2001
|
||||
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
||||
Date: Fri, 23 Apr 2021 07:41:27 -0600
|
||||
Subject: [PATCH] Make sure SIGCHLD is not ignored when sudo is executed. If
|
||||
SIGCHLD is ignored there is a race condition between when the process is
|
||||
executed and when the SIGCHLD handler is installed. This fixes the bug
|
||||
described by GitHub PR #98
|
||||
|
||||
---
|
||||
src/signal.c | 12 ++++++++++++
|
||||
1 file changed, 12 insertions(+)
|
||||
|
||||
diff --git a/src/signal.c b/src/signal.c
|
||||
index 7f90d707b..866b64790 100644
|
||||
--- a/src/signal.c
|
||||
+++ b/src/signal.c
|
||||
@@ -133,6 +133,18 @@ init_signals(void)
|
||||
case SIGTTOU:
|
||||
/* Don't install these until exec time. */
|
||||
break;
|
||||
+ case SIGCHLD:
|
||||
+ /* Sudo needs to be able to catch SIGCHLD. */
|
||||
+ if (ss->sa.sa_handler == SIG_IGN) {
|
||||
+ sudo_debug_printf(SUDO_DEBUG_INFO,
|
||||
+ "will restore signal %d on exec", SIGCHLD);
|
||||
+ ss->restore = true;
|
||||
+ }
|
||||
+ if (sigaction(SIGCHLD, &sa, NULL) != 0) {
|
||||
+ sudo_warn(U_("unable to set handler for signal %d"),
|
||||
+ SIGCHLD);
|
||||
+ }
|
||||
+ break;
|
||||
default:
|
||||
if (ss->sa.sa_handler != SIG_IGN) {
|
||||
if (sigaction(ss->signo, &sa, NULL) != 0) {
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Allows restricted root access for specified users
|
||||
Name: sudo
|
||||
Version: 1.8.29
|
||||
Release: 7%{?dist}
|
||||
Release: 7%{?dist}.1
|
||||
License: ISC
|
||||
Group: Applications/System
|
||||
URL: https://www.sudo.ws/
|
||||
@ -67,6 +67,9 @@ Patch16: sudo-1.9.5-CVE-2021-23240-3.patch
|
||||
Patch17: sudo-1.9.5-CVE-2021-23240-4.patch
|
||||
Patch18: sudo-1.9.5-CVE-2021-23240-5.patch
|
||||
|
||||
# 2015136 - Request to backport https://www.sudo.ws/repos/sudo/rev/b4c91a0f72e7 to RHEL 8 [rhel-8.4.0.z]
|
||||
Patch19: sudo-1.9.7-sigchild.patch
|
||||
|
||||
%description
|
||||
Sudo (superuser do) allows a system administrator to give certain
|
||||
users (or groups of users) the ability to run some (or all) commands
|
||||
@ -113,6 +116,9 @@ plugins that use %{name}.
|
||||
%patch17 -p1 -b .symbolic-link-attack-4
|
||||
%patch18 -p1 -b .symbolic-link-attack-5
|
||||
|
||||
%patch19 -p1 -b .sigchild
|
||||
|
||||
|
||||
%build
|
||||
# Remove bundled copy of zlib
|
||||
rm -rf zlib/
|
||||
@ -271,6 +277,11 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man8/sudo_plugin.8*
|
||||
|
||||
%changelog
|
||||
* Tue Oct 19 2021 RAdovan Sroka <rsroka@redhat.com> - 1.8.29-7.1
|
||||
RHEL 8.4.0 ZSTREAM ERRATUM
|
||||
- Make sure SIGCHLD is not ignored when sudo is executed
|
||||
Resolves: rhbz#2015136
|
||||
|
||||
* Tue Feb 02 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-7
|
||||
- RHEL 8.4 ERRATUM
|
||||
- CVE-2021-3156
|
||||
|
||||
Loading…
Reference in New Issue
Block a user