Update sudo srpm patch for CVE bug

To fix below CVE, we will use sudo-1.8.23-4.el7_7.1.src.rpm And we have to update some patches according to new srpm. https://lists.centos.org/pipermail/centos-announce/2019-October/023499.html CVE bug: CVE-2019-14287: sudo: can bypass certain policy blacklists Closes-Bug: 1852825 Depends-On: https://review.opendev.org/#/c/695637/ Change-Id: Ifc0a3423464fafce06cd504d9b427fc3433fb756 Signed-off-by: Robin Lu <bin1.lu@intel.com>
2019-11-22 11:01:27 +08:00 · 2019-11-22 11:01:27 +08:00 · f30cb74fef
parent dcacc409f4
commit f30cb74fef
5 changed files with 8 additions and 8 deletions
--- a/base/sudo/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
+++ b/base/sudo/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
@ -15,8 +15,8 @@ index c8d2f64..b6402bb 100644
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.8.23
-Release: 3%{?dist}
-+Release: 3.el7%{?_tis_dist}.%{tis_patch_ver}
+-Release: 4%{?dist}.1
+Release: 4.el7_7.1%{?_tis_dist}.%{tis_patch_ver}
 License: ISC
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
--- a/base/sudo/centos/meta_patches/0002-spec-include-TiS-changes.patch
+++ b/base/sudo/centos/meta_patches/0002-spec-include-TiS-changes.patch
@ -11,7 +11,7 @@ diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
 index b6402bb..acbcb26 100644
 --- a/SPECS/sudo.spec
 +++ b/SPECS/sudo.spec
-@@ -111,7 +111,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
+@@ -126,7 +126,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
         --with-ignore-dot \
         --with-tty-tickets \
         --with-ldap \
@ -20,7 +20,7 @@ index b6402bb..acbcb26 100644
         --with-selinux \
         --with-passprompt="[sudo] password for %p: " \
         --with-linux-audit \
-@@ -138,6 +138,9 @@ install -p -c -m 0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers
+@@ -153,6 +153,9 @@ install -p -c -m 0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers
 install -p -c -m 0640 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudo.conf
 install -p -c -m 0640 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudo-ldap.conf
 
@ -30,7 +30,7 @@ index b6402bb..acbcb26 100644
 # Remove upstream sudoers file
 rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
 
-@@ -210,6 +213,7 @@ rm -rf %{buildroot}
+@@ -225,6 +228,7 @@ rm -rf %{buildroot}
 %{_mandir}/man5/sudoers_timestamp.5.gz
 %dir %{_docdir}/sudo-%{version}
 %{_docdir}/sudo-%{version}/*
--- a/base/sudo/centos/meta_patches/0003-remove-make-check.patch
+++ b/base/sudo/centos/meta_patches/0003-remove-make-check.patch
@ -2,7 +2,7 @@ diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
 index 8c3f395..17531f7 100644
 --- a/SPECS/sudo.spec
 +++ b/SPECS/sudo.spec
-@@ -120,7 +120,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
+@@ -135,7 +135,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
 make
 
 %check
--- a/base/sudo/centos/srpm_path
+++ b/base/sudo/centos/srpm_path
@ -1 +1 @@
-mirror:Source/sudo-1.8.23-3.el7.src.rpm
+mirror:Source/sudo-1.8.23-4.el7_7.1.src.rpm
--- a/centos_srpms_centos.lst
+++ b/centos_srpms_centos.lst
@ -40,7 +40,7 @@ resource-agents-4.1.1-12.el7_6.7.src.rpm
 setup-2.8.71-10.el7.src.rpm
 shim-15-1.el7.centos.src.rpm
 shim-signed-15-1.el7.centos.src.rpm
-sudo-1.8.23-3.el7.src.rpm
+sudo-1.8.23-4.el7_7.1.src.rpm
 systemd-219-62.el7_6.5.src.rpm
 tboot-1.9.6-3.el7.src.rpm
 tpm2-tools-3.0.4-2.el7.src.rpm