rpms/sudo
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f43
rpms:main
rpms:f41
rpms:f42
rpms:f40
rpms:f38
rpms:f39
rpms:f36
rpms:f37
rpms:f35
rpms:f32
rpms:f33
rpms:f34
rpms:f31
rpms:f30
rpms:f29
rpms:f27
rpms:f28
rpms:f25
rpms:f26
rpms:f24
rpms:f23
rpms:f22
rpms:f21
rpms:f20
rpms:f19
rpms:f17
rpms:f18
rpms:f15
rpms:f16
rpms:f13
rpms:f14
rpms:f12
rpms:f11
rpms:f9
rpms:f10
rpms:f7
rpms:f8
rpms:sudo-1_7_2p6-2_fc11
rpms:sudo-1_7_2p6-2_fc12
rpms:sudo-1_7_2p6-2_fc13
rpms:sudo-1_7_2p6-2_fc14
rpms:sudo-1_7_2p6-1_fc11
rpms:sudo-1_7_2p6-1_fc12
rpms:sudo-1_7_2p6-1_fc13
rpms:sudo-1_7_2p6-1_fc14
rpms:sudo-1_7_2p5-1_fc13
rpms:sudo-1_7_2p5-1_fc11
rpms:sudo-1_7_2p5-1_fc12
rpms:sudo-1_7_2p5-2_fc14
rpms:sudo-1_7_2p5-1_fc14
rpms:sudo-1_7_2p2-4_fc12
rpms:sudo-1_7_2p2-5_fc13
rpms:F-13-start
rpms:F-13-split
rpms:sudo-1_7_2p2-4_fc13
rpms:sudo-1_7_2p2-3_fc13
rpms:sudo-1_7_2p2-3_fc12
rpms:sudo-1_7_2p2-2_fc13
rpms:sudo-1_7_2p2-2_fc12
rpms:sudo-1_7_2p2-1_fc12
rpms:sudo-1_7_2p2-1_fc13
rpms:sudo-1_7_1-7_fc12
rpms:F-12-start
rpms:F-12-split
rpms:sudo-1_7_1-6_fc12
rpms:sudo-1_7_1-5_fc12
rpms:sudo-1_7_1-4_fc12
rpms:sudo-1_7_1-4_fc11
rpms:sudo-1_7_1-4_fc10
rpms:sudo-1_7_1-3_fc11
rpms:sudo-1_7_1-3_fc10
rpms:sudo-1_7_1-2_fc11
rpms:sudo-1_7_1-1_fc12
rpms:sudo-1_7_1-2_fc10
rpms:sudo-1_7_1-1_fc10
rpms:sudo-1_7_1-1_fc11
rpms:sudo-1_6_9p17-6_fc11
rpms:F-11-start
rpms:F-11-split
rpms:sudo-1_6_9p17-4_fc11
rpms:sudo-1_6_9p17-5_fc10
rpms:sudo-1_6_9p17-3_fc11
rpms:sudo-1_6_9p17-4_fc10
rpms:sudo-1_6_9p13-8_fc9
rpms:sudo-1_6_9p17-3_fc10
rpms:sudo-1_6_9p13-7_fc9
rpms:sudo-1_6_9p17-2_fc10
rpms:F-10-start
rpms:F-10-split
rpms:sudo-1_6_9p17-1_fc10
rpms:sudo-1_6_9p13-7_fc10
rpms:sudo-1_6_9p13-5_fc9_1
rpms:sudo-1_6_9p13-6_fc9
rpms:sudo-1_6_9p13-6_fc10
rpms:sudo-1_6_9p4-6_fc8
rpms:sudo-1_6_9p13-5_fc9
rpms:sudo-1_6_9p13-4_fc9
rpms:F-9-start
rpms:F-9-split
rpms:sudo-1_6_9p13-3_fc9
rpms:sudo-1_6_9p4-4_fc8
rpms:sudo-1_6_9p13-1_fc9
rpms:sudo-1_6_9p12-1_fc9
rpms:sudo-1_6_9p4-6_fc9
rpms:sudo-1_6_9p4-3_fc8
rpms:sudo-1_6_9p4-5_fc9
rpms:sudo-1_6_9p4-4_fc9
rpms:sudo-1_6_9p4-3_fc9
rpms:F-8-start
rpms:F-8-split
rpms:sudo-1_6_9p4-2_fc8
rpms:sudo-1_6_9p4-1_fc8
rpms:sudo-1_6_8p12-14_fc7
rpms:F-7-start
rpms:F-7-split
rpms:sudo-1_6_8p12-13_fc7
rpms:sudo-1_6_8p12-12_fc7
rpms:sudo-1_6_8p12-11_fc7
rpms:sudo-1_6_8p12-10
rpms:FC-6-split
rpms:sudo-1_6_8p12-9
rpms:sudo-1_6_8p12-8
rpms:sudo-1_6_8p12-7
rpms:sudo-1_6_8p12-6_1
rpms:sudo-1_6_8p12-6
rpms:sudo-1_6_8p12-5
rpms:sudo-1_6_8p12-4_1
rpms:FC-5-split
rpms:sudo-1_6_8p12-4
rpms:sudo-1_6_8p12-3_1
rpms:sudo-1_6_8p12-3
rpms:sudo-1_6_8p12-1_1
rpms:sudo-1_6_8p12-1
rpms:sudo-1_6_8p11-1
rpms:sudo-1_6_8p9-6
rpms:sudo-1_6_8p9-5
rpms:sudo-1_6_8p9-4
rpms:sudo-1_6_8p9-3
rpms:sudo-1_6_8p9-2
rpms:sudo-1_6_8p9-1
rpms:sudo-1_6_8p8-2
rpms:FC-4-split
rpms:sudo-1_6_8p8-1
rpms:sudo-1_6_7p5-31
rpms:sudo-1_6_7p5-30_1
rpms:RHEL-4-split
rpms:FC-3-split
rpms:sudo-1_6_7p5-30
rpms:sudo-1_6_7p5-29
rpms:sudo-1_6_7p5-28
rpms:present-on-devel
rpms:sudo-1_6_7p5-27
rpms:sudo-1_6_7p5-26
rpms:sudo-1_6_7p5-23
rpms:sudo-1_6_7p5-16
rpms:FC-2-split
rpms:sudo-1_6_7p5-2
rpms:FC-1-split
rpms:sudo-1_6_6-3
rpms:RHL-9-split
rpms:RHL-8-split
rpms:RHEL-3-split
rpms:sudo-1_6_6-1
rpms:sudo-1_6_5p2-4
rpms:sudo-1_6_5p2-2
rpms:RHL-7_3-split
rpms:sudo-1_6_5p2-1
rpms:sudo-1_6_4-0_7x_2
rpms:RHL-7_2-split
rpms:sudo-1_6_3p7-2
rpms:RHEL-2_1-split
rpms:sudo-1_6_3p7-1
rpms:sudo-1_6_3p6-2
rpms:RHL-7_1-split
rpms:sudo-1_6_3p6-1
rpms:RHL-7_0-split
rpms:sudo-1_6_3-4
..
compare: rpms:f37
Branches Tags
rpms:f43
rpms:main
rpms:rawhide
rpms:f41
rpms:f42
rpms:f40
rpms:f38
rpms:f39
rpms:f36
rpms:f37
rpms:f35
rpms:f32
rpms:f33
rpms:f34
rpms:f31
rpms:f30
rpms:f29
rpms:f27
rpms:f28
rpms:f25
rpms:f26
rpms:f24
rpms:f23
rpms:f22
rpms:f21
rpms:f20
rpms:f19
rpms:f17
rpms:f18
rpms:f15
rpms:f16
rpms:f13
rpms:f14
rpms:f12
rpms:f11
rpms:f9
rpms:f10
rpms:f7
rpms:f8
rpms:sudo-1_7_2p6-2_fc11
rpms:sudo-1_7_2p6-2_fc12
rpms:sudo-1_7_2p6-2_fc13
rpms:sudo-1_7_2p6-2_fc14
rpms:sudo-1_7_2p6-1_fc11
rpms:sudo-1_7_2p6-1_fc12
rpms:sudo-1_7_2p6-1_fc13
rpms:sudo-1_7_2p6-1_fc14
rpms:sudo-1_7_2p5-1_fc13
rpms:sudo-1_7_2p5-1_fc11
rpms:sudo-1_7_2p5-1_fc12
rpms:sudo-1_7_2p5-2_fc14
rpms:sudo-1_7_2p5-1_fc14
rpms:sudo-1_7_2p2-4_fc12
rpms:sudo-1_7_2p2-5_fc13
rpms:F-13-start
rpms:F-13-split
rpms:sudo-1_7_2p2-4_fc13
rpms:sudo-1_7_2p2-3_fc13
rpms:sudo-1_7_2p2-3_fc12
rpms:sudo-1_7_2p2-2_fc13
rpms:sudo-1_7_2p2-2_fc12
rpms:sudo-1_7_2p2-1_fc12
rpms:sudo-1_7_2p2-1_fc13
rpms:sudo-1_7_1-7_fc12
rpms:F-12-start
rpms:F-12-split
rpms:sudo-1_7_1-6_fc12
rpms:sudo-1_7_1-5_fc12
rpms:sudo-1_7_1-4_fc12
rpms:sudo-1_7_1-4_fc11
rpms:sudo-1_7_1-4_fc10
rpms:sudo-1_7_1-3_fc11
rpms:sudo-1_7_1-3_fc10
rpms:sudo-1_7_1-2_fc11
rpms:sudo-1_7_1-1_fc12
rpms:sudo-1_7_1-2_fc10
rpms:sudo-1_7_1-1_fc10
rpms:sudo-1_7_1-1_fc11
rpms:sudo-1_6_9p17-6_fc11
rpms:F-11-start
rpms:F-11-split
rpms:sudo-1_6_9p17-4_fc11
rpms:sudo-1_6_9p17-5_fc10
rpms:sudo-1_6_9p17-3_fc11
rpms:sudo-1_6_9p17-4_fc10
rpms:sudo-1_6_9p13-8_fc9
rpms:sudo-1_6_9p17-3_fc10
rpms:sudo-1_6_9p13-7_fc9
rpms:sudo-1_6_9p17-2_fc10
rpms:F-10-start
rpms:F-10-split
rpms:sudo-1_6_9p17-1_fc10
rpms:sudo-1_6_9p13-7_fc10
rpms:sudo-1_6_9p13-5_fc9_1
rpms:sudo-1_6_9p13-6_fc9
rpms:sudo-1_6_9p13-6_fc10
rpms:sudo-1_6_9p4-6_fc8
rpms:sudo-1_6_9p13-5_fc9
rpms:sudo-1_6_9p13-4_fc9
rpms:F-9-start
rpms:F-9-split
rpms:sudo-1_6_9p13-3_fc9
rpms:sudo-1_6_9p4-4_fc8
rpms:sudo-1_6_9p13-1_fc9
rpms:sudo-1_6_9p12-1_fc9
rpms:sudo-1_6_9p4-6_fc9
rpms:sudo-1_6_9p4-3_fc8
rpms:sudo-1_6_9p4-5_fc9
rpms:sudo-1_6_9p4-4_fc9
rpms:sudo-1_6_9p4-3_fc9
rpms:F-8-start
rpms:F-8-split
rpms:sudo-1_6_9p4-2_fc8
rpms:sudo-1_6_9p4-1_fc8
rpms:sudo-1_6_8p12-14_fc7
rpms:F-7-start
rpms:F-7-split
rpms:sudo-1_6_8p12-13_fc7
rpms:sudo-1_6_8p12-12_fc7
rpms:sudo-1_6_8p12-11_fc7
rpms:sudo-1_6_8p12-10
rpms:FC-6-split
rpms:sudo-1_6_8p12-9
rpms:sudo-1_6_8p12-8
rpms:sudo-1_6_8p12-7
rpms:sudo-1_6_8p12-6_1
rpms:sudo-1_6_8p12-6
rpms:sudo-1_6_8p12-5
rpms:sudo-1_6_8p12-4_1
rpms:FC-5-split
rpms:sudo-1_6_8p12-4
rpms:sudo-1_6_8p12-3_1
rpms:sudo-1_6_8p12-3
rpms:sudo-1_6_8p12-1_1
rpms:sudo-1_6_8p12-1
rpms:sudo-1_6_8p11-1
rpms:sudo-1_6_8p9-6
rpms:sudo-1_6_8p9-5
rpms:sudo-1_6_8p9-4
rpms:sudo-1_6_8p9-3
rpms:sudo-1_6_8p9-2
rpms:sudo-1_6_8p9-1
rpms:sudo-1_6_8p8-2
rpms:FC-4-split
rpms:sudo-1_6_8p8-1
rpms:sudo-1_6_7p5-31
rpms:sudo-1_6_7p5-30_1
rpms:RHEL-4-split
rpms:FC-3-split
rpms:sudo-1_6_7p5-30
rpms:sudo-1_6_7p5-29
rpms:sudo-1_6_7p5-28
rpms:present-on-devel
rpms:sudo-1_6_7p5-27
rpms:sudo-1_6_7p5-26
rpms:sudo-1_6_7p5-23
rpms:sudo-1_6_7p5-16
rpms:FC-2-split
rpms:sudo-1_6_7p5-2
rpms:FC-1-split
rpms:sudo-1_6_6-3
rpms:RHL-9-split
rpms:RHL-8-split
rpms:RHEL-3-split
rpms:sudo-1_6_6-1
rpms:sudo-1_6_5p2-4
rpms:sudo-1_6_5p2-2
rpms:RHL-7_3-split
rpms:sudo-1_6_5p2-1
rpms:sudo-1_6_4-0_7x_2
rpms:RHL-7_2-split
rpms:sudo-1_6_3p7-2
rpms:RHEL-2_1-split
rpms:sudo-1_6_3p7-1
rpms:sudo-1_6_3p6-2
rpms:RHL-7_1-split
rpms:sudo-1_6_3p6-1
rpms:RHL-7_0-split
rpms:sudo-1_6_3-4

2 commits
rawhide ... f37

Author SHA1 Message Date
Radovan Sroka
559f4b66be
 		Rebase to sudo 1.9.13p2 
- sudo-1.9.13p2 is available
Resolves: rhbz#2169840
- sudo: double free with per-command chroot sudoers rules
Resolves: CVE-2023-27320

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-03-01 17:57:01 +01:00
Radovan Sroka
7a333e0b72 Rebase to sudo 1.9.12p2 
- sudo-1.9.12p2 is available
Resolves: rhbz#2137775
- sudo: arbitrary file write with privileges of the RunAs user CVE-2023-22809
Resolves: rhbz#2162042

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-01-19 14:23:41 +01:00
4 changed files with 34 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.gitignore vendored
View file

@ -31,8 +31,3 @@
/sudo-1.9.11p3.tar.gz
/sudo-1.9.12p2.tar.gz
/sudo-1.9.13p2.tar.gz
/sudo-1.9.14p3.tar.gz
/sudo-1.9.15p4.tar.gz
/sudo-1.9.15p5.tar.gz
/sudo-1.9.17p1.tar.gz
/sudo-1.9.17p2.tar.gz

2
sources
View file

@ -1 +1 @@
SHA512 (sudo-1.9.17p2.tar.gz) = c8abd6ca56e54a081c9ef1e9f6579d1db5b93ff857e60d1f58d1f425d7dc23c31c58d40b7819780688f66dfdf87a1f3bbe0a78387b007e2beb1b0e546203ea93
SHA512 (sudo-1.9.13p2.tar.gz) = b3015a114fd518afd644c9934f2461046f1116506723217603af1a952bdb436689761b4d009dfe32b725bad2e0ebcaf19db72febfaa63895ba004256fea12bef

11
sudo-1.6.7p5-strip.patch Normal file
View file

@ -0,0 +1,11 @@
--- sudo-1.6.7p5/scripts/install-sh.strip 2005-07-21 14:28:25.000000000 +0200
+++ sudo-1.6.7p5/scripts/install-sh 2005-07-21 14:29:18.000000000 +0200
@@ -138,7 +138,7 @@
fi
;;
X-s)
- STRIPIT=true
+ #STRIPIT=true
;;
X--)
shift

42
sudo.spec
View file

@ -3,7 +3,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.9.17
Version: 1.9.13
# remove -b 3 after rebase !!!
# use "-p -e % {?extraver}" when beta
# use "-e % {?extraver}"" when patch version
@ -26,7 +26,7 @@ BuildRequires: bison
BuildRequires: libtool
BuildRequires: audit-libs-devel libcap-devel
BuildRequires: libselinux-devel
BuildRequires: systemd-rpm-macros
BuildRequires: sendmail
BuildRequires: gettext
BuildRequires: zlib-devel
@ -70,18 +70,25 @@ BuildRequires: python3-devel
%{name}-python-plugin allows using sudo plugins written in Python.
%prep
%autosetup -p1 -n %{name}-%{version}%{?extraver}
%setup -q -n %{name}-%{version}%{?extraver}
%build
# Remove bundled copy of zlib
rm -rf zlib/
%ifarch s390 s390x sparc64
F_PIE=-fPIE
%else
F_PIE=-fpie
%endif
export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
%configure \
--prefix=%{_prefix} \
--sbindir=%{_sbindir} \
--libdir=%{_libdir} \
--docdir=%{_pkgdocdir} \
--enable-tmpfiles.d=%{_tmpfilesdir} \
--enable-openssl \
--disable-root-mailer \
--disable-intercept \
@ -95,7 +102,6 @@ rm -rf zlib/
--with-tty-tickets \
--with-ldap \
--with-selinux \
--with-sendmail=/usr/sbin/sendmail \
--with-passprompt="[sudo] password for %p: " \
--enable-python \
--enable-zlib=system \
@ -103,28 +109,26 @@ rm -rf zlib/
--with-sssd
# --without-kerb5 \
# --without-kerb4
%make_build
make
%check
%make_build check
make check
%install
%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
rm -rf $RPM_BUILD_ROOT
make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
# Add sudo to protected packages. Old location for yum/dnf.
mkdir -p $RPM_BUILD_ROOT/etc/dnf/protected.d/
echo "sudo" >$RPM_BUILD_ROOT/etc/dnf/protected.d/sudo.conf
# Add sudo to protected packages. New location for dnf5.
mkdir -p $RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/
cat >$RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf <<EOF
[main]
protected_packages = sudo
EOF
#add sudo to protected packages
install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
touch sudo.conf
echo sudo > sudo.conf
install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
rm -f sudo.conf
chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
@ -168,6 +172,7 @@ EOF
%files -f sudo_all.lang
%defattr(-,root,root)
%attr(0440,root,root) %config(noreplace) /etc/sudoers
%attr(0750,root,root) %dir /etc/sudoers.d/
%config(noreplace) /etc/pam.d/sudo
@ -175,9 +180,6 @@ EOF
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
%dir /usr/share/dnf5
%dir /usr/share/dnf5/libdnf.conf.d
/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf
%dir /var/db/sudo
%dir /var/db/sudo/lectured
%attr(4111,root,root) %{_bindir}/sudo