Compare commits
No commits in common. "c8" and "c8s" have entirely different histories.
1
.do-not-sync-with-fedora
Normal file
1
.do-not-sync-with-fedora
Normal file
@ -0,0 +1 @@
|
||||
dkopecek: imported RHEL 7 packaging state which is different from Fedora
|
21
.gitignore
vendored
21
.gitignore
vendored
@ -1 +1,20 @@
|
||||
SOURCES/sudo-1.9.5p2.tar.gz
|
||||
/sudo-1.8.16.tar.gz
|
||||
/sudo-1.8.17p1.tar.gz
|
||||
/sudo-1.8.18b2.tar.gz
|
||||
/sudo-1.8.18rc2.tar.gz
|
||||
/sudo-1.8.18rc4.tar.gz
|
||||
/sudo-1.8.18.tar.gz
|
||||
/sudo-90e4538c001fbe1b791a11d6a2c37607472fafe5.tar.gz
|
||||
/sudo-738c3cbf3e8400bf4a5aeab8966427ff6d630cd2.tar.gz
|
||||
/sudo-1.8.19p2.tar.gz
|
||||
/sudo-1.8.20b1.tar.gz
|
||||
/sudo-1.8.20p1.tar.gz
|
||||
/sudo-1.8.20p2.tar.gz
|
||||
/sudo-1.8.21p2.tar.gz
|
||||
/sudo-1.8.22b1.tar.gz
|
||||
/sudo-1.8.23.tar.gz
|
||||
/sudo-1.8.25p1.tar.gz
|
||||
/sudo-1.8.28.tar.gz
|
||||
/sudo-1.8.28p1.tar.gz
|
||||
/sudo-1.8.29.tar.gz
|
||||
/sudo-1.9.5p2.tar.gz
|
||||
|
@ -1 +0,0 @@
|
||||
08bde247a1e08bc881eec43e09733f7ca06408f5 SOURCES/sudo-1.9.5p2.tar.gz
|
@ -1,22 +0,0 @@
|
||||
diff -up ./plugins/sudoers/sudoers.c.cve-host ./plugins/sudoers/sudoers.c
|
||||
--- ./plugins/sudoers/sudoers.c.cve-host 2025-06-25 14:10:11.369219892 +0200
|
||||
+++ ./plugins/sudoers/sudoers.c 2025-06-25 14:11:48.395137626 +0200
|
||||
@@ -393,6 +393,18 @@ sudoers_policy_main(int argc, char * con
|
||||
}
|
||||
}
|
||||
|
||||
+ /* The user may only specify a host for "sudo -l". */
|
||||
+ if (!ISSET(sudo_mode, MODE_LIST|MODE_CHECK)) {
|
||||
+ if (strcmp(user_runhost, user_host) != 0) {
|
||||
+ log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
|
||||
+ N_("user not allowed to set remote host for command"));
|
||||
+ sudo_warnx("%s",
|
||||
+ U_("a remote host may only be specified when listing privileges."));
|
||||
+ ret = false;
|
||||
+ goto done;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
/* If given the -P option, set the "preserve_groups" flag. */
|
||||
if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
|
||||
def_preserve_groups = true;
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
||||
SHA512 (sudo-1.9.5p2.tar.gz) = f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27
|
@ -1,7 +1,7 @@
|
||||
Summary: Allows restricted root access for specified users
|
||||
Name: sudo
|
||||
Version: 1.9.5p2
|
||||
Release: 1%{?dist}.1
|
||||
Release: 1%{?dist}
|
||||
License: ISC
|
||||
Group: Applications/System
|
||||
URL: https://www.sudo.ws/
|
||||
@ -52,7 +52,6 @@ Patch17: sudo-1.9.13-CVE-2023-28486-7-9.patch
|
||||
Patch18: linker.patch
|
||||
|
||||
Patch19: sudo-1.9.15-CVE-2023-42465.patch
|
||||
Patch20: sudo-1.9.17-CVE-2025-32462.patch
|
||||
|
||||
%description
|
||||
Sudo (superuser do) allows a system administrator to give certain
|
||||
@ -96,8 +95,8 @@ plugins that use %{name}.
|
||||
%patch -P 17 -p1 -b .cve-escape-9
|
||||
|
||||
%patch -P 18 -p1 -b .linker
|
||||
|
||||
%patch -P 19 -p1 -b .rowhammer
|
||||
%patch -P 20 -p1 -b .cve-host
|
||||
|
||||
%build
|
||||
# Remove bundled copy of zlib
|
||||
@ -273,11 +272,6 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man8/sudo_plugin.8*
|
||||
|
||||
%changelog
|
||||
* Wed Jun 25 2025 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-10.1
|
||||
RHEL 8.10.0.Z ERRATUM
|
||||
- CVE-2025-32462 sudo: LPE via host option
|
||||
Resolves: RHEL-100014
|
||||
|
||||
* Mon Jan 22 2024 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-1
|
||||
RHEL 8.9.0.Z ERRATUM
|
||||
- Rebase to 1.9.5p2
|
Loading…
Reference in New Issue
Block a user