From f6df47c49110a9914c6634c35915fbd97ca0d0df Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 1 Mar 2023 17:42:19 +0100 Subject: [PATCH 1/3] Rebase to sudo 1.9.13p2 - sudo-1.9.13p2 is available Resolves: rhbz#2169840 - sudo: double free with per-command chroot sudoers rules Resolves: CVE-2023-27320 Signed-off-by: Radovan Sroka --- .gitignore | 1 + sources | 2 +- sudo.spec | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 3d050b5..224d9ce 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,4 @@ /sudo-1.9.8p2.tar.gz /sudo-1.9.11p3.tar.gz /sudo-1.9.12p2.tar.gz +/sudo-1.9.13p2.tar.gz diff --git a/sources b/sources index f68ca42..d221fe6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.12p2.tar.gz) = 5e035246137d5820691f7ddfc13faec3886e3cf1563ed56633667d86ab4f1306f34cc0e27808f56790b6c6a4614826e54c5b7e47b31eb009b96dde3e52170c45 +SHA512 (sudo-1.9.13p2.tar.gz) = b3015a114fd518afd644c9934f2461046f1116506723217603af1a952bdb436689761b4d009dfe32b725bad2e0ebcaf19db72febfaa63895ba004256fea12bef diff --git a/sudo.spec b/sudo.spec index f0f1e53..7a10271 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,7 +3,7 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.12 +Version: 1.9.13 # remove -b 3 after rebase !!! # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version From 600bc7e78a1f08fb1bf76e8129460fc2c5fdfa9d Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Tue, 20 Jun 2023 14:59:34 +0200 Subject: [PATCH 2/3] - migrated to SPDX license Signed-off-by: Radovan Sroka From 50afd6420a0213fd084b4d7890df02bb1b2daa82 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 24 Jan 2024 10:59:51 +0100 Subject: [PATCH 3/3] Rabase to 1.9.15p5 - sudo-1_9_15p5 is available Resolves: rhbz#2248505 - TRIAGE CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: rhbz#2255569 Signed-off-by: Radovan Sroka --- .gitignore | 3 +++ sources | 2 +- sudo-1.6.7p5-strip.patch | 11 ----------- sudo.spec | 4 ++-- 4 files changed, 6 insertions(+), 14 deletions(-) delete mode 100644 sudo-1.6.7p5-strip.patch diff --git a/.gitignore b/.gitignore index 224d9ce..842ab45 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,6 @@ /sudo-1.9.11p3.tar.gz /sudo-1.9.12p2.tar.gz /sudo-1.9.13p2.tar.gz +/sudo-1.9.14p3.tar.gz +/sudo-1.9.15p4.tar.gz +/sudo-1.9.15p5.tar.gz diff --git a/sources b/sources index d221fe6..a9b6cfd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.13p2.tar.gz) = b3015a114fd518afd644c9934f2461046f1116506723217603af1a952bdb436689761b4d009dfe32b725bad2e0ebcaf19db72febfaa63895ba004256fea12bef +SHA512 (sudo-1.9.15p5.tar.gz) = ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a diff --git a/sudo-1.6.7p5-strip.patch b/sudo-1.6.7p5-strip.patch deleted file mode 100644 index f690659..0000000 --- a/sudo-1.6.7p5-strip.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- sudo-1.6.7p5/scripts/install-sh.strip 2005-07-21 14:28:25.000000000 +0200 -+++ sudo-1.6.7p5/scripts/install-sh 2005-07-21 14:29:18.000000000 +0200 -@@ -138,7 +138,7 @@ - fi - ;; - X-s) -- STRIPIT=true -+ #STRIPIT=true - ;; - X--) - shift diff --git a/sudo.spec b/sudo.spec index 7a10271..d363eb9 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,9 +1,9 @@ # comment out if no extra version -%global extraver p2 +%global extraver p5 Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.13 +Version: 1.9.15 # remove -b 3 after rebase !!! # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version