-
Notifications
You must be signed in to change notification settings - Fork 549
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix sudo CVE-2021-3156 and sudoer config. (#573)
* Fix CVE-2021-3156. Modify prompt. * Update cgmanifest
- Loading branch information
1 parent
cfaf5da
commit 35988b4
Showing
3 changed files
with
12 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| { | ||
| "Signatures": { | ||
| "sudo-1.9.5p1.tar.gz": "4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882" | ||
| "sudo-1.9.5p2.tar.gz": "539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| Summary: Sudo | ||
| Name: sudo | ||
| Version: 1.9.5p1 | ||
| Version: 1.9.5p2 | ||
| Release: 1%{?dist} | ||
| License: ISC | ||
| URL: https://www.sudo.ws/ | ||
|
|
@@ -30,7 +30,7 @@ the ability to run some (or all) commands as root or another user while logging | |
| --with-all-insults \ | ||
| --with-env-editor \ | ||
| --with-pam \ | ||
| --with-passprompt="[sudo] password for %p" | ||
| --with-passprompt="[sudo] password for %p: " | ||
|
|
||
| make %{?_smp_mflags} | ||
|
|
||
|
|
@@ -40,9 +40,9 @@ make install DESTDIR=%{buildroot} | |
| install -v -dm755 %{buildroot}/%{_docdir}/%{name}-%{version} | ||
| find %{buildroot}/%{_libdir} -name '*.la' -delete | ||
| find %{buildroot}/%{_libdir} -name '*.so~' -delete | ||
| sed -i '/#includedir.*/i \ | ||
| %wheel ALL=(ALL) ALL \ | ||
| %sudo ALL=(ALL) ALL' %{buildroot}/etc/sudoers | ||
| # Add default user to sudoers group | ||
| echo '%wheel ALL=(ALL) ALL' >> %{buildroot}/etc/sudoers | ||
| echo '%sudo ALL=(ALL) ALL' >> %{buildroot}/etc/sudoers | ||
| install -vdm755 %{buildroot}/etc/pam.d | ||
| cat > %{buildroot}/etc/pam.d/sudo << EOF | ||
| #%%PAM-1.0 | ||
|
|
@@ -93,6 +93,10 @@ rm -rf %{buildroot}/* | |
| %exclude /etc/sudoers.dist | ||
|
|
||
| %changelog | ||
| * Tue Jan 26 2021 Mateusz Malisz <[email protected]> 1.9.5p2-1 | ||
| - Update to version 1.9.5.p2 to fix CVE-2021-3156. | ||
| - Change the password prompt to include ": " at the end. | ||
| - Unconditionally add wheel/sudo groups. | ||
| * Fri Jan 15 2021 Mateusz Malisz <[email protected]> 1.9.5p1-1 | ||
| - Update to version 1.9.5.p1 to fix CVE-2021-23240. | ||
| * Sat May 09 2020 Nick Samson <[email protected]> 1.8.31p1-4 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters