Description of problem: sudo 1.6.8p7 was released on February 5th, 2005 - and Fedora Core Development only has 1.6.7p5. Vendor also says: "Please note: versions of Sudo prior to 1.6.8p2 are affected by a potential security flaw that could allow a malicious user to subvert Bash shell scripts." Version-Release number of selected component (if applicable): sudo-1.6.7p5-31 Actual results: Some patch merging is necessary and sudoedit (copy of sudo) should be removed including the duplicate of the man page: @@ -75,6 +66,8 @@ chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo +rm -f $RPM_BUILD_ROOT{%{_bindir}/sudoedit,%{_mandir}/man8/sudoedit*} + mkdir -p $RPM_BUILD_ROOT/etc/pam.d cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF #%PAM-1.0 Expected results: Upgrade to 1.6.8p7 ;-) Additional info: This upgrade would solve bug #151632.
Created attachment 112251 [details] sudo-1.6.8p7-selinux.patch Hopefully, I didn't do any mistakes at patch merging...
Fixed in rawhide in rpm sudo-1.6.8p8-1 or newer. I had to rebuild the selinux patch, the result is similar to your patch, Thanks.