Changelog for sudo: 1.9.17p1 -> 1.9.17p2
============================================================
Merge sudo 1.9.17p2 from branch 'main' into sudo-1.9
[d1b48c651]
* configure, configure.ac:
Fix check for which man page type to use with nroff
Fixes a bug where configure would use *.man instead of *.mdoc on
systems without mandoc. Bug #1077.
[aa2498e46]
* plugins/sudoers/log_client.c:
client_msg_cb: make warning match the function that failed
[f73162df3]
2025-07-23 Todd C. Miller <Todd.Miller@sudo.ws>
* NEWS, configure, configure.ac:
Sudo 1.9.17p2
[f0e1a5ca3]
* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c:
digest_matches: plug fd leak on snprinf() failure
[26a1a7529]
2025-07-21 Todd C. Miller <Todd.Miller@sudo.ws>
* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp,
scripts/mkpkg:
Add a way to override pp_rpm_arch when building rpms
This will be used to build x86_64_v2 packages for Alma Linux.
[55d3c99c4]
* configure, configure.ac:
Fix check for which man page type to use with nroff
Fixes a bug where configure would use *.man instead of *.mdoc on
systems without mandoc.
[2dc10cfbd]
* plugins/sudoers/timestamp.c:
ts_write: call lseek after fruncate on short write
We need to make sure the file position is reset to the old EOF on
error.
[8e7e0e23f]
2025-07-20 Todd C. Miller <Todd.Miller@sudo.ws>
* src/exec_ptrace.c:
ptrace_readv_string: quiet sign-compare warning
[fac2a49e7]
* src/exec_ptrace.c:
ptrace_readv_string: properly handle reads of more than one page
When the intercept and intercept_verify options are enabled and
either argv[] or envp[] contains a string larger than the page size
(usually 4096), ptrace_readv_string() would fill the buffer with
mutiple copies of the same string. Fixes GitHub issue #453.
[2e93eabed]
2025-07-14 Todd C. Miller <Todd.Miller@sudo.ws>
* src/exec_pty.c:
revoke_pty: use killpg() not kill() to send HUP to the process group
Also make sure we never call killpg(-1, SIGHUP), which would send
SIGHUP to process 1 (init). It is possible for cmnd_pid to be -1 in
certain error conditions where sudo killed the command itself. This
may explain GitHub issue #458.
[fb208d383]
2025-07-08 Todd C. Miller <Todd.Miller@sudo.ws>
* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp, scripts/pp:
Don't assume RHEL major version is only a single digit
Fixes handling of RHEL 10 and higher.
[e5d953f33]
* plugins/sudoers/visudo.c:
visudo: create temporary file as mod 0600 not 0700
This was due to a typo in the mode field when the temporary file was
created. Noticed by Bjorn Baron of the sudo-rs project.
[1c254b330]
2025-06-30 Todd C. Miller <Todd.Miller@sudo.ws>
* Makefile.in:
We now build sudo releases from git, not mercurial
[cb4e26734]
2025-06-28 Todd C. Miller <Todd.Miller@sudo.ws>
* NEWS, configure, configure.ac:
(From OE-Core rev: 76b98657e3dc9da01a746deb7b9d08cb84ba44b6)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
(cherry picked from commit 12e9ba655153a9cb7c2b79cf52a2300e19634dcf)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Changelog:
===========
* Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host.
* Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if
they are not listed in the sudoers file. The chroot support has
been deprecated an will be removed entirely in a future release.
License-Update: Copyright updated to 2025
0001-sudo.conf.in-fix-conflict-with-multilib.patch refreshed for 1.9.17
(From OE-Core rev: b04af6db102c97f3d4338dbcfdcab927b5194a69)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE is fixed in the following version bump
This reverts commit d01f888a5ec43fdc8e7bd496ae9317c0fa28da9b.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
mips-fix.patch
removed since it's included in 1.9.12p1
Changelog:
=========
*Sudo's configure script now does a better job of detecting when the
-fstack-clash-protection compiler option does not work. GitHub issue #191.
*Fixed CVE-2022-43995, a potential out-of-bounds write for passwords smaller
than 8 characters when passwd authentication is enabled. This does not affect
configurations that use other authentication methods such as PAM, AIX
authentication or BSD authentication.
*Fixed a build error with some configurations compiling host_port.c.
(From OE-Core rev: 292acd9db1d7204f1435f31f2c37fd272b74eb97)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update multilib patch for sudo.conf that there is one more replacement
of @plugindir@ to avoid installation conflict.
(From OE-Core rev: e1afed1569bc076a1823e997137884172acc7123)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It fails to install sudo and lib32-sudo at same time:
| Error: Transaction test error:
| file /usr/libexec/sudo/audit_json.so conflicts between attempted
installs of lib32-sudo-1.9.3p1-r0.core2_32 and sudo-1.9.3p1-r0.core2_64
| file /usr/libexec/sudo/group_file.so conflicts between attempted
installs of lib32-sudo-1.9.3p1-r0.core2_32 and sudo-1.9.3p1-r0.core2_64
Pass ${libdir} to configure option --libexecdir of sudo that it installs
plugin libraries to /usr/lib{,64} rather than /usr/libexec/. Then add a
patch to fix multilib conflict of sudo.conf.
[RP: Add missing Upstream-Status]
(From OE-Core rev: c9b6974cfcac370c6848d28400e0546ac85512e9)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pam_keyinit revoke causes issues on systemd systems. Make its use
optional. This brings it in line with Fedora 23 and Centos 7.
(From OE-Core rev: 36825c7b14b92434705a58aa4c22b8c1710a9760)
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The new version of sudo has fixed the problem and will create the
directory if it doesn't exist. So the configuration file is no longer
needed.
(From OE-Core rev: 7c962ca5d01ae4b9f511bb2b3b7700f970051727)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade sudo from 1.8.9p5 to the newest stable release 1.8.10p2.
The license checksums are modified as required, because the doc/LICENSE
file now declares that compat/inet_pton.c bears the ISC license.
As /var/run/sudo is the default directory for sudo's time stamp
files, this patch adds a configuration file to manage this directory.
(From OE-Core rev: af625d2f78a24dac96d11f159569f6465a534dfd)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removed a patch because the changes were merged upstream.
Also, the license had some modifications in two files.
(From OE-Core rev: 13ba4490f6422109f934ed36809bd52d44577574)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream closed my bug and rewrote the patch, so update our patch with a
backport from upstream.
(From OE-Core rev: 31327bac1e5438a0041638332698a1e1e91640ba)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Staring from glibc 2.17 the crypt() function will error out and return NULL if
the seed or "correct" is invalid. The failure case for this is the sudo user
having a locked account in /etc/shadow, so their password is "!", which is an
invalid hash. crypt() never returned NULL previously so this is crashing in
strcmp().
[ YOCTO #4241 ]
(From OE-Core rev: 06d7078f7631b92e8b789f8e94a3a346d8181ce6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
According to DISTRO_FEATURES to add pam support for sudo, and import
configure file from Fedora.
(From OE-Core rev: 1f7e088f2d570d33c2344e32a05193b37a75ea76)
Signed-off-by: Kang Kai <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add Upstream-Status tag to patches for the following recipes:
apmd
insserv
linuxdoc-tools
openjade
sgmlspl
at
sudo
(From OE-Core rev: 89ff546de3ce6b1c441f04d7a153c4f8d514a749)
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add Upstream-Status tag to patches for the following recipes:
openssh
dbus-glib
expat
opensp
sgml-common
at
cpio (GPLv3 version)
libpam
icu
(From OE-Core rev: 0702602332ad63c2cfaa207516497bb0b75bfdf3)
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Upgraded sudo to v1.7.4p4
* Removed obsolete patches
* Makefile.in no longer strips binaries, removed do_configure_prepend()
section which used to remove the -s
* Updated HOMEPAGE to canonical URL for project
* Added SUMMARY field
* Added checksums for source tarball
* Added patch for correcting paths to libtool scripts in m4/
* Corrected typos in LIC_FILES_CHKSUM (use of startline was invalid)
and included updated checksums - no license text has actually changed
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
