diff --git a/sudo-1.8.29-sw.patch b/sudo-1.8.29-sw.patch new file mode 100644 index 0000000000000000000000000000000000000000..c7e99fc95481439446202aa2be5f8587ea796ec9 --- /dev/null +++ b/sudo-1.8.29-sw.patch @@ -0,0 +1,63 @@ +diff -Naur sudo-1.8.29.org/include/compat/endian.h sudo-1.8.29.sw/include/compat/endian.h +--- sudo-1.8.29.org/include/compat/endian.h 2023-07-28 11:14:34.861114899 +0800 ++++ sudo-1.8.29.sw/include/compat/endian.h 2023-07-28 11:19:17.057020742 +0800 +@@ -45,7 +45,7 @@ + # define BYTE_ORDER LITTLE_ENDIAN + # elif defined(_BIG_ENDIAN) || defined(__BIG_ENDIAN__) + # define BYTE_ORDER BIG_ENDIAN +-# elif defined(__alpha__) || defined(__alpha) || defined(__amd64) || \ ++# elif defined(__alpha__) || defined(__alpha) || defined(__sw_64__) || defined(__sw_64) || defined(__amd64) || \ + defined(BIT_ZERO_ON_RIGHT) || defined(i386) || defined(__i386) || \ + defined(MIPSEL) || defined(_MIPSEL) || defined(ns32000) || \ + defined(__ns3200) || defined(sun386) || defined(vax) || \ +diff -Naur sudo-1.8.29.org/plugins/sudoers/auth/secureware.c sudo-1.8.29.sw/plugins/sudoers/auth/secureware.c +--- sudo-1.8.29.org/plugins/sudoers/auth/secureware.c 2023-07-28 11:14:34.872115285 +0800 ++++ sudo-1.8.29.sw/plugins/sudoers/auth/secureware.c 2023-07-28 11:25:49.411832155 +0800 +@@ -51,7 +51,7 @@ + #include "sudoers.h" + #include "sudo_auth.h" + +-#ifdef __alpha ++#if defined __alpha || defined __sw_64 + extern int crypt_type; + #endif + +@@ -60,7 +60,7 @@ + { + debug_decl(sudo_secureware_init, SUDOERS_DEBUG_AUTH) + +-#ifdef __alpha ++#if defined __alpha || defined __sw_64 + if (crypt_type == INT_MAX) + debug_return_int(AUTH_FAILURE); /* no shadow */ + #endif +@@ -82,7 +82,7 @@ + if (pass[0] == '\0') + debug_return_int(pw_epasswd[0] ? AUTH_FAILURE : AUTH_SUCCESS); + +-#if defined(__alpha) ++#if defined(__alpha) || defined(__sw_64) + # ifdef HAVE_DISPCRYPT + epass = dispcrypt(pass, pw_epasswd, crypt_type); + # else +diff -Naur sudo-1.8.29.org/plugins/sudoers/getspwuid.c sudo-1.8.29.sw/plugins/sudoers/getspwuid.c +--- sudo-1.8.29.org/plugins/sudoers/getspwuid.c 2023-07-28 11:14:34.868115145 +0800 ++++ sudo-1.8.29.sw/plugins/sudoers/getspwuid.c 2023-07-28 11:29:29.851591928 +0800 +@@ -59,7 +59,7 @@ + /* + * Exported for auth/secureware.c + */ +-#if defined(HAVE_GETPRPWNAM) && defined(__alpha) ++#if defined(HAVE_GETPRPWNAM) && (defined(__alpha) || defined(__sw_64)) + int crypt_type = INT_MAX; + #endif /* HAVE_GETPRPWNAM && __alpha */ + +@@ -92,7 +92,7 @@ + struct pr_passwd *spw; + + if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) { +-# ifdef __alpha ++# if defined __alpha || defined __sw_64 + crypt_type = spw->ufld.fd_oldcrypt; + # endif /* __alpha */ + epw = spw->ufld.fd_encrypt; diff --git a/sudo.spec b/sudo.spec index 678ac5f37bb2bd67cb854e2c26efe3df2e4b1d9c..e42b3611bd3580691f56c8a2333deaa9a7c8de82 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,8 @@ +%define anolis_release .0.1 Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.29 -Release: 10%{?dist} +Release: 10%{anolis_release}%{?dist} License: ISC Group: Applications/System URL: https://www.sudo.ws/ @@ -82,6 +83,7 @@ Patch23: sha-digest-calc.patch Patch24: sudo-1.9.12-CVE-2023-22809-whitelist.patch Patch25: sudo-1.9.12-CVE-2023-22809-backports.patch Patch26: sudo-1.9.12-CVE-2023-22809.patch +Patch27: sudo-1.8.29-sw.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -139,6 +141,7 @@ plugins that use %{name}. %patch24 -p1 -b .whitelist %patch25 -p1 -b .backports %patch26 -p1 -b .cve +%patch27 -p1 %build # Remove bundled copy of zlib @@ -298,6 +301,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/sudo_plugin.8* %changelog +* Fri Jul 28 2023 wxiat - 1.8.29-10 +- add sw arch + + * Wed Jan 11 2023 Radovan Sroka - 1.8.29.9 RHEL 8.8.0 ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user