From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 02 Jul 2025 15:20:19 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uWxNr-00DJJQ-0E for lore@lore.pengutronix.de; Wed, 02 Jul 2025 15:20:19 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1uWxNq-0006vs-QO; Wed, 02 Jul 2025 15:20:18 +0200 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1uWxNb-0006Vt-GV for ptxdist@pengutronix.de; Wed, 02 Jul 2025 15:20:03 +0200 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-ae0dad3a179so1083759566b.1 for ; Wed, 02 Jul 2025 06:20:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751462403; x=1752067203; darn=pengutronix.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=usUcAHZ0pEP9j2+40f3Uafi4GKLRKWhieiKhWwn64k8=; b=LG2Xj4Q3nbjJOAxqXcsenQln+KbeG1vjlvtnpEwSqVwP4np4JpajHCUxTzQ+4L/XJe 5HVRs61Zv0ONmvrFOpA+p/ubmoS1IcLnbAvTPJRNcO5AFRcpuT2vjHDrAGwWbxfW4KRz nHCFEplmwPxECwy51yd/Wu36w1GqyLLCqC/eyQ874Qz3RLTM6oUJ77bzKfn3kbdp9eAe 6ZbPuwasXBdwppVtKQpvvKkhvNHDNXzKkydhf51yAUVdz2bpZFh27DY13qeysS8cxqEn veMILubqtpMEqG13S36PP4RylmgjZsclaGCFaxGvhu/jCQ1XzfQFhgAJUe8Do3+mlacb qtlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751462403; x=1752067203; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=usUcAHZ0pEP9j2+40f3Uafi4GKLRKWhieiKhWwn64k8=; b=oIBJaAv4NPvwGS0DMGDGvfzo4uXhreL5KCn3INL8MgIVyCt3SqKx/edWL/f/o8S6Ei mOwQIX3yhyQnDi+J6LETKH/M4l+sLeWtKH9lMHNPyydjUVOy5fnQVU8KWMyD5fk/2Vu0 8mRfLc4CHorqBsxWMAGanklE67aJPBUSF/swS0X0k8OaFu+hw4WjrHjmmcTSWvzKvBwb h/vRokG3iUdQhjUq4pi8WnBro/zJGD6y+OziVVlaEKJLya6Cy1kxIGNUhK6lBjRVsbV9 HowdLcQpC57NrG9xXIjta+iKRCN/yznthrgs/HMMS0p3jonrmNaouAhT58ypzaJZcJW5 KZ/w== X-Gm-Message-State: AOJu0Yyw3uCyjIqZOZU3wlxudfBTIOF4BXEXrKIY72Z244NQA8+fio5r 2XZFsWxIZOk+0yE1ARkKLjBohp3U/fwsl3WZ7x6rcDOWRfqSuIXD2GjF4PBUGQ== X-Gm-Gg: ASbGncuiPAvl6OhdghDqJu9W2TOtBBRNuEhl675LDp4tNv873nYfr2dcE8KZk58jogK D/MnLepLKNTBEgMtfX5lrcyx5D8q4wcs2KbMF1qqpCXgSibbQbarNR8S7Y2S5FQxHooABVtEIip LBa4wjKIh9MfKKGEoQP4w/72Isv2cb+cyIImjdhhyj+h0nSWgjHsE5TTSBk4nhqwtWEp7bt1Efl uQo71hHdcBkfKAm14p1jKXanT64afDNeTIL/frPQyiQFWpblvTZSMq7t4ZBlbfpWZ2AwHKq3G5z b95eWhFRhez5emHELzRbyD2/0JQ2t2FFZEeli6HWSWqWwkp1Y6AR7h4SJ/KYFRRaqEZv2ofQr17 uVotCa6YeignF3TAZAgBeeyUFwhq4OL52Zk0l3YPqtC0= X-Google-Smtp-Source: AGHT+IFfizbrgplvTTs99/B825TlnmrrMHp47NZCIqudyCpkoTqwCukb1sE+Is5NMhQTIJnTbxX8qA== X-Received: by 2002:a17:907:3e06:b0:ae3:8c9b:bd61 with SMTP id a640c23a62f3a-ae3c2a81bb7mr295920466b.12.1751462402265; Wed, 02 Jul 2025 06:20:02 -0700 (PDT) Received: from fedora.tux.internal (85.191.78.244.dynamic.dhcp.aura-net.dk. [85.191.78.244]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ae35363b1b9sm1089611366b.12.2025.07.02.06.20.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Jul 2025 06:20:01 -0700 (PDT) From: Bruno Thomsen To: ptxdist@pengutronix.de Date: Wed, 2 Jul 2025 15:19:43 +0200 Message-ID: <20250702131943.4880-2-bruno.thomsen@gmail.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250702131943.4880-1-bruno.thomsen@gmail.com> References: <20250702131943.4880-1-bruno.thomsen@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH 2/2] sudo: version bump 1.9.15p5 -> 1.9.17p1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: bruno.thomsen@gmail.com Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Sudo insults are now included by default, but disabled unless the --with-insults configure option is specified or the insults sudoers option is enabled. Fixes CVE-2025-32462 and CVE-2025-32463. Changelog: https://www.sudo.ws/releases/stable/#1.9.17p1 Signed-off-by: Bruno Thomsen --- rules/sudo.make | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rules/sudo.make b/rules/sudo.make index 83c3e7f8e..0b4bcc81c 100644 --- a/rules/sudo.make +++ b/rules/sudo.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_SUDO) += sudo # # Paths and names # -SUDO_VERSION := 1.9.15p5 -SUDO_MD5 := 4166279cb188ecb6641c7a2ba5f68270 +SUDO_VERSION := 1.9.17p1 +SUDO_MD5 := 231106344ffe541fa8e0bd4caf322497 SUDO := sudo-$(SUDO_VERSION) SUDO_SUFFIX := tar.gz SUDO_URL := \ @@ -73,7 +73,6 @@ SUDO_CONF_OPT := \ --disable-tmpfiles.d \ --disable-devsearch \ --disable-sasl \ - --disable-offensive-insults \ --disable-package-build \ --disable-gss-krb5-ccache-name \ --disable-pvs-studio \ -- 2.50.0