rpms
/
sudo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import sudo-1.8.29-7.el8_4.1

This commit is contained in:
CentOS Sources 2021-11-02 03:51:09 -04:00 committed by Stepan Oksanichenko
parent d13292b8f6
commit bc5d849802
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
SOURCES/sudo-1.9.7-sigchild.patch Normal file
View File

@ -0,0 +1,35 @@
From 727056e0c9519d8eecde801e950b35f2f69c72e2 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 23 Apr 2021 07:41:27 -0600
Subject: [PATCH] Make sure SIGCHLD is not ignored when sudo is executed. If
SIGCHLD is ignored there is a race condition between when the process is
executed and when the SIGCHLD handler is installed. This fixes the bug
described by GitHub PR #98
---
src/signal.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/signal.c b/src/signal.c
index 7f90d707b..866b64790 100644
--- a/src/signal.c
+++ b/src/signal.c
@@ -133,6 +133,18 @@ init_signals(void)
case SIGTTOU:
/* Don't install these until exec time. */
break;
+ case SIGCHLD:
+ /* Sudo needs to be able to catch SIGCHLD. */
+ if (ss->sa.sa_handler == SIG_IGN) {
+ sudo_debug_printf(SUDO_DEBUG_INFO,
+ "will restore signal %d on exec", SIGCHLD);
+ ss->restore = true;
+ }
+ if (sigaction(SIGCHLD, &sa, NULL) != 0) {
+ sudo_warn(U_("unable to set handler for signal %d"),
+ SIGCHLD);
+ }
+ break;
default:
if (ss->sa.sa_handler != SIG_IGN) {
if (sigaction(ss->signo, &sa, NULL) != 0) {

13
SPECS/sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.8.29 Version: 1.8.29
Release: 7%{?dist} Release: 7%{?dist}.1
License: ISC License: ISC
Group: Applications/System Group: Applications/System
URL: https://www.sudo.ws/ URL: https://www.sudo.ws/
@ -67,6 +67,9 @@ Patch16: sudo-1.9.5-CVE-2021-23240-3.patch
Patch17: sudo-1.9.5-CVE-2021-23240-4.patch Patch17: sudo-1.9.5-CVE-2021-23240-4.patch
Patch18: sudo-1.9.5-CVE-2021-23240-5.patch Patch18: sudo-1.9.5-CVE-2021-23240-5.patch
# 2015136 - Request to backport https://www.sudo.ws/repos/sudo/rev/b4c91a0f72e7 to RHEL 8 [rhel-8.4.0.z]
Patch19: sudo-1.9.7-sigchild.patch
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands users (or groups of users) the ability to run some (or all) commands
@ -113,6 +116,9 @@ plugins that use %{name}.
%patch17 -p1 -b .symbolic-link-attack-4 %patch17 -p1 -b .symbolic-link-attack-4
%patch18 -p1 -b .symbolic-link-attack-5 %patch18 -p1 -b .symbolic-link-attack-5
%patch19 -p1 -b .sigchild
%build %build
# Remove bundled copy of zlib # Remove bundled copy of zlib
rm -rf zlib/ rm -rf zlib/
@ -271,6 +277,11 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8* %{_mandir}/man8/sudo_plugin.8*
%changelog %changelog
* Tue Oct 19 2021 RAdovan Sroka <rsroka@redhat.com> - 1.8.29-7.1
RHEL 8.4.0 ZSTREAM ERRATUM
- Make sure SIGCHLD is not ignored when sudo is executed
Resolves: rhbz#2015136
* Tue Feb 02 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-7 * Tue Feb 02 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-7
- RHEL 8.4 ERRATUM - RHEL 8.4 ERRATUM
- CVE-2021-3156 - CVE-2021-3156