From 8f871543044e55a7929459c4c5189da810007f98 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Wed, 2 Jul 2025 09:16:14 +0800 Subject: [PATCH 1/3] [CVE]update to sudo-1.9.5p2-1.1 to #ICJAKR update to sudo-1.9.5p2-1.1 for CVE-2025-32462 Project: TC2024080204 Signed-off-by: Jacob Wang --- dist | 2 +- sudo-1.8.29-sw.patch | 82 ------------------------------ sudo-1.9.12p1-CVE-2022-43955.patch | 30 ----------- sudo-1.9.17-CVE-2025-32462.patch | 22 ++++++++ sudo.spec | 20 +++----- 5 files changed, 30 insertions(+), 126 deletions(-) delete mode 100644 sudo-1.8.29-sw.patch delete mode 100644 sudo-1.9.12p1-CVE-2022-43955.patch create mode 100644 sudo-1.9.17-CVE-2025-32462.patch diff --git a/dist b/dist index 37a6f9c..1fe92cf 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8_9 +an8_10 diff --git a/sudo-1.8.29-sw.patch b/sudo-1.8.29-sw.patch deleted file mode 100644 index eeda7a7..0000000 --- a/sudo-1.8.29-sw.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 0f3214637df9b301c9614a2004ab4e3a010c88c8 Mon Sep 17 00:00:00 2001 -From: wxiat -Date: Thu, 21 Mar 2024 11:35:46 +0800 -Subject: [PATCH] add sw support. - -Signed-off-by: wxiat -Signed-off-by: Weisson ---- - include/compat/endian.h | 2 +- - plugins/sudoers/auth/secureware.c | 6 +++--- - plugins/sudoers/getspwuid.c | 4 ++-- - 3 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/include/compat/endian.h b/include/compat/endian.h -index d3c5ca9..feecbcf 100644 ---- a/include/compat/endian.h -+++ b/include/compat/endian.h -@@ -45,7 +45,7 @@ - # define BYTE_ORDER LITTLE_ENDIAN - # elif defined(_BIG_ENDIAN) || defined(__BIG_ENDIAN__) - # define BYTE_ORDER BIG_ENDIAN --# elif defined(__alpha__) || defined(__alpha) || defined(__amd64) || \ -+# elif defined(__alpha__) || defined(__alpha) || defined(__sw_64__) || defined(__sw_64) || defined(__amd64) || \ - defined(BIT_ZERO_ON_RIGHT) || defined(i386) || defined(__i386) || \ - defined(MIPSEL) || defined(_MIPSEL) || defined(ns32000) || \ - defined(__ns3200) || defined(sun386) || defined(vax) || \ -diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c -index dd7aa42..a7f6046 100644 ---- a/plugins/sudoers/auth/secureware.c -+++ b/plugins/sudoers/auth/secureware.c -@@ -46,7 +46,7 @@ - #include "sudoers.h" - #include "sudo_auth.h" - --#ifdef __alpha -+#if defined __alpha || defined __sw_64 - extern int crypt_type; - #endif - -@@ -55,7 +55,7 @@ sudo_secureware_init(struct passwd *pw, sudo_auth *auth) - { - debug_decl(sudo_secureware_init, SUDOERS_DEBUG_AUTH); - --#ifdef __alpha -+#ifdef __alpha || defined __sw_64 - if (crypt_type == INT_MAX) - debug_return_int(AUTH_FAILURE); /* no shadow */ - #endif -@@ -77,7 +77,7 @@ sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct su - if (pass[0] == '\0') - debug_return_int(pw_epasswd[0] ? AUTH_FAILURE : AUTH_SUCCESS); - --#if defined(__alpha) -+#if defined(__alpha) || defined(__sw_64) - # ifdef HAVE_DISPCRYPT - epass = dispcrypt(pass, pw_epasswd, crypt_type); - # else -diff --git a/plugins/sudoers/getspwuid.c b/plugins/sudoers/getspwuid.c -index 650b3f3..f31dd5f 100644 ---- a/plugins/sudoers/getspwuid.c -+++ b/plugins/sudoers/getspwuid.c -@@ -51,7 +51,7 @@ - /* - * Exported for auth/secureware.c - */ --#if defined(HAVE_GETPRPWNAM) && defined(__alpha) -+#if defined(HAVE_GETPRPWNAM) && (defined(__alpha) || defined(__sw_64)) - int crypt_type = INT_MAX; - #endif /* HAVE_GETPRPWNAM && __alpha */ - -@@ -87,7 +87,7 @@ sudo_getepw(const struct passwd *pw) - struct pr_passwd *spw; - - if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) { --# ifdef __alpha -+# if defined __alpha || defined __sw_64 - crypt_type = spw->ufld.fd_oldcrypt; - # endif /* __alpha */ - epw = spw->ufld.fd_encrypt; --- -2.31.1 - diff --git a/sudo-1.9.12p1-CVE-2022-43955.patch b/sudo-1.9.12p1-CVE-2022-43955.patch deleted file mode 100644 index c037ed0..0000000 --- a/sudo-1.9.12p1-CVE-2022-43955.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c -index 92cc886..6ec7a3a 100644 ---- a/plugins/sudoers/auth/passwd.c -+++ b/plugins/sudoers/auth/passwd.c -@@ -59,7 +59,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth) - int - sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) - { -- char sav, *epass; -+ char des_pass[9], *epass; - char *pw_epasswd = auth->data; - size_t pw_len; - int ret; -@@ -71,12 +71,12 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c - - /* - * Truncate to 8 chars if standard DES since not all crypt()'s do this. -- * If this turns out not to be safe we will have to use OS #ifdef's (sigh). - */ -- sav = pass[8]; - pw_len = strlen(pw_epasswd); -- if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) -- pass[8] = '\0'; -+ if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) { -+ strlcpy(des_pass, pass, sizeof(des_pass)); -+ pass = des_pass; -+ } - - /* - * Normal UN*X password check. diff --git a/sudo-1.9.17-CVE-2025-32462.patch b/sudo-1.9.17-CVE-2025-32462.patch new file mode 100644 index 0000000..42117c6 --- /dev/null +++ b/sudo-1.9.17-CVE-2025-32462.patch @@ -0,0 +1,22 @@ +diff -up ./plugins/sudoers/sudoers.c.cve-host ./plugins/sudoers/sudoers.c +--- ./plugins/sudoers/sudoers.c.cve-host 2025-06-25 14:10:11.369219892 +0200 ++++ ./plugins/sudoers/sudoers.c 2025-06-25 14:11:48.395137626 +0200 +@@ -393,6 +393,18 @@ sudoers_policy_main(int argc, char * con + } + } + ++ /* The user may only specify a host for "sudo -l". */ ++ if (!ISSET(sudo_mode, MODE_LIST|MODE_CHECK)) { ++ if (strcmp(user_runhost, user_host) != 0) { ++ log_warningx(SLOG_NO_STDERR|SLOG_AUDIT, ++ N_("user not allowed to set remote host for command")); ++ sudo_warnx("%s", ++ U_("a remote host may only be specified when listing privileges.")); ++ ret = false; ++ goto done; ++ } ++ } ++ + /* If given the -P option, set the "preserve_groups" flag. */ + if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS)) + def_preserve_groups = true; diff --git a/sudo.spec b/sudo.spec index 210c769..6ebea47 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,8 +1,7 @@ -%define anolis_release .0.2 Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.5p2 -Release: 1%{anolis_release}%{?dist} +Release: 1%{?dist}.1 License: ISC Group: Applications/System URL: https://www.sudo.ws/ @@ -53,8 +52,7 @@ Patch17: sudo-1.9.13-CVE-2023-28486-7-9.patch Patch18: linker.patch Patch19: sudo-1.9.15-CVE-2023-42465.patch -Patch20: sudo-1.9.12p1-CVE-2022-43955.patch -Patch27: sudo-1.8.29-sw.patch +Patch20: sudo-1.9.17-CVE-2025-32462.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -98,11 +96,8 @@ plugins that use %{name}. %patch -P 17 -p1 -b .cve-escape-9 %patch -P 18 -p1 -b .linker - %patch -P 19 -p1 -b .rowhammer - -%patch -P 20 -p1 -b .CVE-2022-43955 -%patch27 -p1 +%patch -P 20 -p1 -b .cve-host %build # Remove bundled copy of zlib @@ -278,11 +273,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/sudo_plugin.8* %changelog -* Wed Mar 20 2024 wxiat - 1.9.5p2-1.0.2 -- cherry-pick `add sw arch #67f107f94b2ae4b6376e750103f8f5fd1f3e6b31`. - -* Mon Mar 04 2024 guo chuang - 1.9.5p2-1.0.1 -- add patch for CVE-2022-43955 +* Wed Jun 25 2025 Radovan Sroka - 1.9.5p2-10.1 +RHEL 8.10.0.Z ERRATUM +- CVE-2025-32462 sudo: LPE via host option +Resolves: RHEL-100014 * Mon Jan 22 2024 Radovan Sroka - 1.9.5p2-1 RHEL 8.9.0.Z ERRATUM -- Gitee From 98f21b0315e50a08dd82d346633c655f41c151a2 Mon Sep 17 00:00:00 2001 From: gcc-two Date: Fri, 17 Mar 2023 16:42:00 +0800 Subject: [PATCH 2/3] add patch for CVE-2022-43955 --- sudo-1.9.12p1-CVE-2022-43955.patch | 30 ++++++++++++++++++++++++++++++ sudo.spec | 11 +++++++++-- 2 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 sudo-1.9.12p1-CVE-2022-43955.patch diff --git a/sudo-1.9.12p1-CVE-2022-43955.patch b/sudo-1.9.12p1-CVE-2022-43955.patch new file mode 100644 index 0000000..c037ed0 --- /dev/null +++ b/sudo-1.9.12p1-CVE-2022-43955.patch @@ -0,0 +1,30 @@ +diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c +index 92cc886..6ec7a3a 100644 +--- a/plugins/sudoers/auth/passwd.c ++++ b/plugins/sudoers/auth/passwd.c +@@ -59,7 +59,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth) + int + sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) + { +- char sav, *epass; ++ char des_pass[9], *epass; + char *pw_epasswd = auth->data; + size_t pw_len; + int ret; +@@ -71,12 +71,12 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c + + /* + * Truncate to 8 chars if standard DES since not all crypt()'s do this. +- * If this turns out not to be safe we will have to use OS #ifdef's (sigh). + */ +- sav = pass[8]; + pw_len = strlen(pw_epasswd); +- if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) +- pass[8] = '\0'; ++ if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) { ++ strlcpy(des_pass, pass, sizeof(des_pass)); ++ pass = des_pass; ++ } + + /* + * Normal UN*X password check. diff --git a/sudo.spec b/sudo.spec index 6ebea47..81a35b6 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,8 @@ +%define anolis_release .0.1 Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.5p2 -Release: 1%{?dist}.1 +Release: 1%{anolis_release}%{?dist}.1 License: ISC Group: Applications/System URL: https://www.sudo.ws/ @@ -53,6 +54,7 @@ Patch18: linker.patch Patch19: sudo-1.9.15-CVE-2023-42465.patch Patch20: sudo-1.9.17-CVE-2025-32462.patch +Patch21: sudo-1.9.12p1-CVE-2022-43955.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -99,6 +101,8 @@ plugins that use %{name}. %patch -P 19 -p1 -b .rowhammer %patch -P 20 -p1 -b .cve-host +%patch -P 21 -p1 -b .CVE-2022-43955 + %build # Remove bundled copy of zlib rm -rf zlib/ @@ -273,7 +277,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/sudo_plugin.8* %changelog -* Wed Jun 25 2025 Radovan Sroka - 1.9.5p2-10.1 +* Wed Jul 02 2025 guo chuang - 1.9.5p2-1.0.1.1 +- add patch for CVE-2022-43955 + +* Wed Jun 25 2025 Radovan Sroka - 1.9.5p2-1.1 RHEL 8.10.0.Z ERRATUM - CVE-2025-32462 sudo: LPE via host option Resolves: RHEL-100014 -- Gitee From 525260d16bbbc14026b1013c95cbb57590656ab6 Mon Sep 17 00:00:00 2001 From: wxiat Date: Fri, 28 Jul 2023 13:58:27 +0800 Subject: [PATCH 3/3] cherry-pick `add sw arch #67f107f94b2ae4b6376e750103f8f5fd1f3e6b31`. Signed-off-by: wxiat Signed-off-by: Weisson --- sudo-1.8.29-sw.patch | 82 ++++++++++++++++++++++++++++++++++++++++++++ sudo.spec | 3 ++ 2 files changed, 85 insertions(+) create mode 100644 sudo-1.8.29-sw.patch diff --git a/sudo-1.8.29-sw.patch b/sudo-1.8.29-sw.patch new file mode 100644 index 0000000..eeda7a7 --- /dev/null +++ b/sudo-1.8.29-sw.patch @@ -0,0 +1,82 @@ +From 0f3214637df9b301c9614a2004ab4e3a010c88c8 Mon Sep 17 00:00:00 2001 +From: wxiat +Date: Thu, 21 Mar 2024 11:35:46 +0800 +Subject: [PATCH] add sw support. + +Signed-off-by: wxiat +Signed-off-by: Weisson +--- + include/compat/endian.h | 2 +- + plugins/sudoers/auth/secureware.c | 6 +++--- + plugins/sudoers/getspwuid.c | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/include/compat/endian.h b/include/compat/endian.h +index d3c5ca9..feecbcf 100644 +--- a/include/compat/endian.h ++++ b/include/compat/endian.h +@@ -45,7 +45,7 @@ + # define BYTE_ORDER LITTLE_ENDIAN + # elif defined(_BIG_ENDIAN) || defined(__BIG_ENDIAN__) + # define BYTE_ORDER BIG_ENDIAN +-# elif defined(__alpha__) || defined(__alpha) || defined(__amd64) || \ ++# elif defined(__alpha__) || defined(__alpha) || defined(__sw_64__) || defined(__sw_64) || defined(__amd64) || \ + defined(BIT_ZERO_ON_RIGHT) || defined(i386) || defined(__i386) || \ + defined(MIPSEL) || defined(_MIPSEL) || defined(ns32000) || \ + defined(__ns3200) || defined(sun386) || defined(vax) || \ +diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c +index dd7aa42..a7f6046 100644 +--- a/plugins/sudoers/auth/secureware.c ++++ b/plugins/sudoers/auth/secureware.c +@@ -46,7 +46,7 @@ + #include "sudoers.h" + #include "sudo_auth.h" + +-#ifdef __alpha ++#if defined __alpha || defined __sw_64 + extern int crypt_type; + #endif + +@@ -55,7 +55,7 @@ sudo_secureware_init(struct passwd *pw, sudo_auth *auth) + { + debug_decl(sudo_secureware_init, SUDOERS_DEBUG_AUTH); + +-#ifdef __alpha ++#ifdef __alpha || defined __sw_64 + if (crypt_type == INT_MAX) + debug_return_int(AUTH_FAILURE); /* no shadow */ + #endif +@@ -77,7 +77,7 @@ sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct su + if (pass[0] == '\0') + debug_return_int(pw_epasswd[0] ? AUTH_FAILURE : AUTH_SUCCESS); + +-#if defined(__alpha) ++#if defined(__alpha) || defined(__sw_64) + # ifdef HAVE_DISPCRYPT + epass = dispcrypt(pass, pw_epasswd, crypt_type); + # else +diff --git a/plugins/sudoers/getspwuid.c b/plugins/sudoers/getspwuid.c +index 650b3f3..f31dd5f 100644 +--- a/plugins/sudoers/getspwuid.c ++++ b/plugins/sudoers/getspwuid.c +@@ -51,7 +51,7 @@ + /* + * Exported for auth/secureware.c + */ +-#if defined(HAVE_GETPRPWNAM) && defined(__alpha) ++#if defined(HAVE_GETPRPWNAM) && (defined(__alpha) || defined(__sw_64)) + int crypt_type = INT_MAX; + #endif /* HAVE_GETPRPWNAM && __alpha */ + +@@ -87,7 +87,7 @@ sudo_getepw(const struct passwd *pw) + struct pr_passwd *spw; + + if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) { +-# ifdef __alpha ++# if defined __alpha || defined __sw_64 + crypt_type = spw->ufld.fd_oldcrypt; + # endif /* __alpha */ + epw = spw->ufld.fd_encrypt; +-- +2.31.1 + diff --git a/sudo.spec b/sudo.spec index 81a35b6..77c8c5d 100644 --- a/sudo.spec +++ b/sudo.spec @@ -55,6 +55,7 @@ Patch18: linker.patch Patch19: sudo-1.9.15-CVE-2023-42465.patch Patch20: sudo-1.9.17-CVE-2025-32462.patch Patch21: sudo-1.9.12p1-CVE-2022-43955.patch +Patch22: sudo-1.8.29-sw.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -102,6 +103,7 @@ plugins that use %{name}. %patch -P 20 -p1 -b .cve-host %patch -P 21 -p1 -b .CVE-2022-43955 +%patch22 -p1 %build # Remove bundled copy of zlib @@ -279,6 +281,7 @@ rm -rf $RPM_BUILD_ROOT %changelog * Wed Jul 02 2025 guo chuang - 1.9.5p2-1.0.1.1 - add patch for CVE-2022-43955 +- cherry-pick `add sw arch #67f107f94b2ae4b6376e750103f8f5fd1f3e6b31`. * Wed Jun 25 2025 Radovan Sroka - 1.9.5p2-1.1 RHEL 8.10.0.Z ERRATUM -- Gitee