From: Praveen Kumar Date: Wed, 9 Jul 2025 06:08:46 +0000 (+0530) Subject: sudo: upgrade 1.9.17 -> 1.9.17p1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3065d9be88bd66c979926649b442559c611d88a9;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git sudo: upgrade 1.9.17 -> 1.9.17p1 Changelog: =========== * Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the user to run commands on a different host. * Fixed CVE-2025-32463. An attacker can leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. The chroot support has been deprecated an will be removed entirely in a future release. Signed-off-by: Praveen Kumar Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-extended/sudo/sudo_1.9.17.bb b/meta/recipes-extended/sudo/sudo_1.9.17p1.bb similarity index 96% rename from meta/recipes-extended/sudo/sudo_1.9.17.bb rename to meta/recipes-extended/sudo/sudo_1.9.17p1.bb index 71d48f448d..83bfc0621c 100644 --- a/meta/recipes-extended/sudo/sudo_1.9.17.bb +++ b/meta/recipes-extended/sudo/sudo_1.9.17p1.bb @@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ PAM_SRC_URI = "file://sudo.pam" -SRC_URI[sha256sum] = "3f212c69d534d5822b492d099abb02a593f91ca99f5afde5cb9bd3e1dcdad069" +SRC_URI[sha256sum] = "ff607ea717072197738a78f778692cd6df9a7e3e404565f51de063ca27455d32" DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"