From 38e7f1e2fa75de1f43090ab7ed81014864bdb229 Mon Sep 17 00:00:00 2001
From: fly_fzc <2385803914@qq.com>
Date: Wed, 31 Jan 2024 15:18:48 +0800
Subject: [PATCH] Backport patch from upstream community

(cherry picked from commit 89fd0141a7df693303e23a95009b7760643d009b)
---
 ...only-try-to-reuse-a-privilege-if-one.patch | 29 +++++++++++++++++++
 sudo.spec                                     |  6 +++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 backport-role_to_sudoers-only-try-to-reuse-a-privilege-if-one.patch

diff --git a/backport-role_to_sudoers-only-try-to-reuse-a-privilege-if-one.patch b/backport-role_to_sudoers-only-try-to-reuse-a-privilege-if-one.patch
new file mode 100644
index 0000000..18cf68f
--- /dev/null
+++ b/backport-role_to_sudoers-only-try-to-reuse-a-privilege-if-one.patch
@@ -0,0 +1,29 @@
+From 2ffcda8e15afe312550be4017d8c40dbb438b786 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Thu, 2 Nov 2023 14:42:42 -0600
+Subject: [PATCH] role_to_sudoers: only try to reuse a privilege if one is
+ present
+
+Reference:https://github.com/sudo-project/sudo/commit/2ffcda8e15afe312550be4017d8c40dbb438b786
+Conflict:NA
+
+---
+ plugins/sudoers/parse_ldif.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/sudoers/parse_ldif.c b/plugins/sudoers/parse_ldif.c
+index 87c94125c..180e7da6c 100644
+--- a/plugins/sudoers/parse_ldif.c
++++ b/plugins/sudoers/parse_ldif.c
+@@ -427,7 +427,7 @@ role_to_sudoers(struct sudoers_parse_tree *parse_tree, struct sudo_role *role,
+ 	    U_("unable to allocate memory"));
+     }
+ 
+-    if (reuse_privilege) {
++    if (reuse_privilege && !TAILQ_EMPTY(&us->privileges)) {
+ 	/* Hostspec unchanged, append cmndlist to previous privilege. */
+ 	struct privilege *prev_priv = TAILQ_LAST(&us->privileges, privilege_list);
+ 	if (reuse_runas) {
+-- 
+2.33.0
+
diff --git a/sudo.spec b/sudo.spec
index bf04b79..80bfd97 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,6 +1,6 @@
 Name: sudo
 Version: 1.9.8p2
-Release: 16
+Release: 17
 Summary: Allows restricted root access for specified users
 License: ISC
 URL: http://www.courtesan.com/sudo/
@@ -42,6 +42,7 @@ Patch28: backport-sudoers_parse_ldif-do-not-free-parse_tree-before-usi.patch
 Patch29: backport-Do-not-rely-on-the-definition-of-ALLOW-DENY-being-tr.patch
 Patch30: backport-CVE-2023-42465.patch
 Patch31: backport-Make-all-match-functions-return-ALLOW-DENY-.patch
+Patch32: backport-role_to_sudoers-only-try-to-reuse-a-privilege-if-one.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: pam
@@ -192,6 +193,9 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
 %exclude %{_pkgdocdir}/ChangeLog
 
 %changelog
+* Wed Jan 31 2024 fuanan <fuanan3@h-partners.com> - 1.9.8p2-17
+- Backport patch from upstream community
+
 * Wed Jan 10 2024 wangqingsan <wangqingsan@huawei.com> - 1.9.8p2-16
 - fix CVE-2023-42465
 
-- 
Gitee