diff --git a/changelog/security/2025-07-01-sudo.md b/changelog/security/2025-07-01-sudo.md new file mode 100644 index 0000000000..ca7ef802a8 --- /dev/null +++ b/changelog/security/2025-07-01-sudo.md @@ -0,0 +1 @@ +- sudo ([CVE-2025-32462](https://www.cve.org/CVERecord?id=CVE-2025-32462), [CVE-2025-32463](https://www.cve.org/CVERecord?id=CVE-2025-32463)) diff --git a/changelog/updates/2025-07-01-sudo.md b/changelog/updates/2025-07-01-sudo.md new file mode 100644 index 0000000000..daaeea7f29 --- /dev/null +++ b/changelog/updates/2025-07-01-sudo.md @@ -0,0 +1 @@ +- sudo ([1.9.17p1](https://www.sudo.ws/releases/stable/#1.9.17p1)) diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest index 90f9f2b10c..67dd2c6a6c 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest @@ -1,2 +1,2 @@ -DIST sudo-1.9.15p5.tar.gz 5306611 BLAKE2B 73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720 SHA512 ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a -DIST sudo-1.9.15p5.tar.gz.sig 566 BLAKE2B ddd8fed1b3721aafdb32b762834168063c3f0f003ef5d83f1883615320da6fe89b08d72c8e893c8b2bf9fd892a40e47cc77d72672e43b5a24db50e7194d9bc4c SHA512 97480a3d27b546a93e997c3a1e8169904a7625ab8fa6198d0b7e1d2d040f55b2d58462cd08e5cc97c2f1c817b12343e35cdd7db207aee42785f2b95b17c600b0 +DIST sudo-1.9.17p1.tar.gz 5449076 BLAKE2B 21771348a8de392767c366bb938951327dcc64a4cedee716a802435899e5135c218468271833a9e3ab9d90bda29e36c0870e27dd333d3a5c64fb8e3a5ebbff58 SHA512 1a9fb27a117b54adf5c99443b3375f7e0eaaf3a2d5a3d409f7c7b10c43432eb301d721df93fb1a8a2e45bf4a4957288d4f153359fc018af00973be57f62a1ebc +DIST sudo-1.9.17p1.tar.gz.sig 566 BLAKE2B b6380c84b82740455a28388925d27bdf9296ddef943653c1883af3c7684ab53571053ef333ac9747ee11330b06fd23adf477856f70bd5fcaa6dbda1c9e432675 SHA512 714ce7c613683689e9d166171b04c03220e21d06f2e66d800f2d075927830014447611933d7293d9c763beeea66fc02255d8175c9ac8cba6d62166750aab50a6 diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.17_p1.ebuild similarity index 94% rename from sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.17_p1.ebuild index 376fb5ea52..42d0796ff6 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.15_p5.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.17_p1.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 -inherit pam libtool tmpfiles toolchain-funcs +inherit pam tmpfiles toolchain-funcs MY_P="${P/_/}" MY_P="${MY_P/beta/b}" @@ -12,11 +12,11 @@ DESCRIPTION="Allows users or groups to run commands as other users" HOMEPAGE="https://www.sudo.ws/" if [[ ${PV} == 9999 ]] ; then - inherit mercurial + inherit autotools mercurial EHG_REPO_URI="https://www.sudo.ws/repos/sudo" else VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sudo.ws.asc - inherit verify-sig + inherit libtool verify-sig uri_prefix= case ${P} in @@ -25,15 +25,13 @@ else SRC_URI=" https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz - ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz verify-sig? ( https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig - ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig ) " if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" fi BDEPEND="verify-sig? ( sec-keys/openpgp-keys-sudo )" @@ -63,7 +61,7 @@ DEPEND=" selinux? ( sys-libs/libselinux ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ssl? ( dev-libs/openssl:= ) - sssd? ( sys-auth/sssd[sudo] ) + sssd? ( sys-auth/sssd[sudo(+)] ) " #Flatcar: Remove Perl runtime dependency # ldap? ( dev-lang/perl ) @@ -90,7 +88,11 @@ MAKEOPTS+=" SAMPLES=" src_prepare() { default - elibtoolize + if [[ ${PV} == 9999 ]] ; then + eautoreconf + else + elibtoolize + fi } set_secure_path() { @@ -179,7 +181,8 @@ src_configure() { $(use_with offensive all-insults) $(use_with pam) $(use_with pam pam-login) - $(use_with secure-path secure-path "${SECURE_PATH}") + $(use_with secure-path) + "$(use_with secure-path secure-path-value "${SECURE_PATH}")" $(use_with selinux) $(use_with sendmail) $(use_with skey)