Update sudo srpm patch for CVE bug

To fix below CVE, we will use sudo-1.8.23-4.el7_7.1.src.rpm
And we have to update some patches according to new srpm.
https://lists.centos.org/pipermail/centos-announce/2019-October/023499.html

CVE bug: CVE-2019-14287: sudo: can bypass certain policy blacklists

Closes-Bug: 1852825
Depends-On: https://review.opendev.org/#/c/695637/
Change-Id: Ifc0a3423464fafce06cd504d9b427fc3433fb756
Signed-off-by: Robin Lu <bin1.lu@intel.com>
This commit is contained in:
Robin Lu 2019-11-22 11:01:27 +08:00
parent dcacc409f4
commit f30cb74fef
5 changed files with 8 additions and 8 deletions

View File

@ -15,8 +15,8 @@ index c8d2f64..b6402bb 100644
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.8.23 Version: 1.8.23
-Release: 3%{?dist} -Release: 4%{?dist}.1
+Release: 3.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 4.el7_7.1%{?_tis_dist}.%{tis_patch_ver}
License: ISC License: ISC
Group: Applications/System Group: Applications/System
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/

View File

@ -11,7 +11,7 @@ diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index b6402bb..acbcb26 100644 index b6402bb..acbcb26 100644
--- a/SPECS/sudo.spec --- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec +++ b/SPECS/sudo.spec
@@ -111,7 +111,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL @@ -126,7 +126,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
--with-ignore-dot \ --with-ignore-dot \
--with-tty-tickets \ --with-tty-tickets \
--with-ldap \ --with-ldap \
@ -20,7 +20,7 @@ index b6402bb..acbcb26 100644
--with-selinux \ --with-selinux \
--with-passprompt="[sudo] password for %p: " \ --with-passprompt="[sudo] password for %p: " \
--with-linux-audit \ --with-linux-audit \
@@ -138,6 +138,9 @@ install -p -c -m 0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers @@ -153,6 +153,9 @@ install -p -c -m 0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers
install -p -c -m 0640 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudo.conf install -p -c -m 0640 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudo.conf
install -p -c -m 0640 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudo-ldap.conf install -p -c -m 0640 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudo-ldap.conf
@ -30,7 +30,7 @@ index b6402bb..acbcb26 100644
# Remove upstream sudoers file # Remove upstream sudoers file
rm -f %{buildroot}%{_sysconfdir}/sudoers.dist rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
@@ -210,6 +213,7 @@ rm -rf %{buildroot} @@ -225,6 +228,7 @@ rm -rf %{buildroot}
%{_mandir}/man5/sudoers_timestamp.5.gz %{_mandir}/man5/sudoers_timestamp.5.gz
%dir %{_docdir}/sudo-%{version} %dir %{_docdir}/sudo-%{version}
%{_docdir}/sudo-%{version}/* %{_docdir}/sudo-%{version}/*

View File

@ -2,7 +2,7 @@ diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index 8c3f395..17531f7 100644 index 8c3f395..17531f7 100644
--- a/SPECS/sudo.spec --- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec +++ b/SPECS/sudo.spec
@@ -120,7 +120,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL @@ -135,7 +135,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
make make
%check %check

View File

@ -1 +1 @@
mirror:Source/sudo-1.8.23-3.el7.src.rpm mirror:Source/sudo-1.8.23-4.el7_7.1.src.rpm

View File

@ -40,7 +40,7 @@ resource-agents-4.1.1-12.el7_6.7.src.rpm
setup-2.8.71-10.el7.src.rpm setup-2.8.71-10.el7.src.rpm
shim-15-1.el7.centos.src.rpm shim-15-1.el7.centos.src.rpm
shim-signed-15-1.el7.centos.src.rpm shim-signed-15-1.el7.centos.src.rpm
sudo-1.8.23-3.el7.src.rpm sudo-1.8.23-4.el7_7.1.src.rpm
systemd-219-62.el7_6.5.src.rpm systemd-219-62.el7_6.5.src.rpm
tboot-1.9.6-3.el7.src.rpm tboot-1.9.6-3.el7.src.rpm
tpm2-tools-3.0.4-2.el7.src.rpm tpm2-tools-3.0.4-2.el7.src.rpm