packages/sudo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Backport patch from upstream community

Browse Source
This commit is contained in:
gengqihu 2024-06-27 15:54:51 +08:00
parent d5effb837b
commit 23211dd09b
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-role_to_sudoers-only-try-to-reuse-a-privilege-if-one.patch Normal file
View File

@ -0,0 +1,29 @@
From 2ffcda8e15afe312550be4017d8c40dbb438b786 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Thu, 2 Nov 2023 14:42:42 -0600
Subject: [PATCH] role_to_sudoers: only try to reuse a privilege if one is
present
Reference:https://github.com/sudo-project/sudo/commit/2ffcda8e15afe312550be4017d8c40dbb438b786
Conflict:NA
---
plugins/sudoers/parse_ldif.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/sudoers/parse_ldif.c b/plugins/sudoers/parse_ldif.c
index 87c94125c..180e7da6c 100644
--- a/plugins/sudoers/parse_ldif.c
+++ b/plugins/sudoers/parse_ldif.c
@@ -427,7 +427,7 @@ role_to_sudoers(struct sudoers_parse_tree *parse_tree, struct sudo_role *role,
U_("unable to allocate memory"));
}
- if (reuse_privilege) {
+ if (reuse_privilege && !TAILQ_EMPTY(&us->privileges)) {
/* Hostspec unchanged, append cmndlist to previous privilege. */
struct privilege *prev_priv = TAILQ_LAST(&us->privileges, privilege_list);
if (reuse_runas) {
--
2.33.0

6
sudo.spec
View File

@ -1,6 +1,6 @@
Name: sudo Name: sudo
Version: 1.9.2 Version: 1.9.2
Release: 15 Release: 16
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
License: ISC License: ISC
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
@ -40,6 +40,7 @@ Patch26: backport-don-t-report-a-usage-error-for-sudo-V.patch
Patch27: backport-Do-not-rely-on-the-definition-of-ALLOW-DENY-being-tr.patch Patch27: backport-Do-not-rely-on-the-definition-of-ALLOW-DENY-being-tr.patch
Patch28: backport-CVE-2023-42465.patch Patch28: backport-CVE-2023-42465.patch
Patch29: backport-Make-all-match-functions-return-ALLOW-DENY-not-true-.patch Patch29: backport-Make-all-match-functions-return-ALLOW-DENY-not-true-.patch
Patch30: backport-role_to_sudoers-only-try-to-reuse-a-privilege-if-one.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: pam Requires: pam
@ -180,6 +181,9 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
%exclude %{_pkgdocdir}/ChangeLog %exclude %{_pkgdocdir}/ChangeLog
%changelog %changelog
* Thu Jun 27 2024 gengqihu <gengqihu2@h-partners.com> - 1.9.2-16
- Backport patch from upstream community
* Mon Jan 8 2024 wangqingsan <wangqingsan@huawei.com> - 1.9.2-15 * Mon Jan 8 2024 wangqingsan <wangqingsan@huawei.com> - 1.9.2-15
- fix CVE-2023-42465. - fix CVE-2023-42465.