From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <girar-builder@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=unavailable autolearn_force=no version=3.4.1
Date: Tue, 1 Jul 2025 19:26:11 +0000
From: "Girar awaiter (sin)" <girar-builder@altlinux.org>
To: Evgeny Sinelnikov <sin@altlinux.org>
Subject: [#388680] p11 EPERM sudo.git=1.9.16p2-alt3
Message-ID: <girar.task.388680.1.1@gyle.mskdc.altlinux.org>
Mail-Followup-To: Girar awaiter robot <girar-builder@altlinux.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-girar-task-id: 388680
X-girar-task-owner: sin
X-girar-task-repo: p11
X-girar-task-try: 1
X-girar-task-iter: 1
X-girar-task-status: EPERM
X-girar-task-URL: https://git.altlinux.org/tasks/388680/
X-girar-task-log: logs/events.1.1.log
X-girar-task-summary: [#388680] p11 EPERM sudo.git=1.9.16p2-alt3
User-Agent: Mutt/1.10.1 (2018-07-13)
Cc: sisyphus-incominger@lists.altlinux.org, girar-builder-p11@altlinux.org,
 girar-builder-p11@lists.altlinux.org
X-BeenThere: sisyphus-incominger@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Devel discussion list <devel@lists.altlinux.org>
List-Id: ALT Linux Girar Builder robot reports
 <sisyphus-incominger.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus-incominger>, 
 <mailto:sisyphus-incominger-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus-incominger>
List-Post: <mailto:sisyphus-incominger@lists.altlinux.org>
List-Help: <mailto:sisyphus-incominger-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-incominger>, 
 <mailto:sisyphus-incominger-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2025 19:26:15 -0000
Archived-At: <http://lore.altlinux.org/sisyphus-incominger/girar.task.388680.1.1@gyle.mskdc.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus-incominger/>

https://git.altlinux.org/tasks/388680/logs/events.1.1.log
https://packages.altlinux.org/tasks/388680

subtask  name  aarch64  i586  x86_64
   #100  sudo     2:11  1:28    1:22

2025-Jul-01 19:18:10 :: task #388680 for p11 started by sin:
2025-Jul-01 19:18:10 :: message: security_release
#100 build 1.9.16p2-alt3 from /gears/s/sudo.git fetched at 2025-Jul-01 18:24:56 from sisyphus
2025-Jul-01 19:18:12 :: [i586] #100 sudo.git 1.9.16p2-alt3: build start
2025-Jul-01 19:18:12 :: [x86_64] #100 sudo.git 1.9.16p2-alt3: build start
2025-Jul-01 19:18:12 :: [aarch64] #100 sudo.git 1.9.16p2-alt3: build start
2025-Jul-01 19:19:34 :: [x86_64] #100 sudo.git 1.9.16p2-alt3: build OK
2025-Jul-01 19:19:40 :: [i586] #100 sudo.git 1.9.16p2-alt3: build OK
2025-Jul-01 19:20:23 :: [aarch64] #100 sudo.git 1.9.16p2-alt3: build OK
2025-Jul-01 19:20:44 :: #100: sudo.git 1.9.16p2-alt3: build check OK
2025-Jul-01 19:20:46 :: build check OK
2025-Jul-01 19:20:52 :: noarch check OK
2025-Jul-01 19:20:54 :: plan: src +1 -1 =19695, aarch64 +6 -6 =34708, i586 +6 -6 =33805, noarch +1 -1 =20810, x86_64 +6 -6 =35474
#100 sudo 1.9.16p2-alt2 -> 1:1.9.16p2-alt3
 Tue Jul 01 2025 Evgeny Sinelnikov <sin@altlinux> 1:1.9.16p2-alt3
 - Security release (fixes: CVE-2025-32462, CVE-2025-32463) (closes: 55007):
  + Sudo's -h (--host) option could be specified when running a command or
    editing a file. This could enable a local privilege escalation attack if the
    sudoers file allows the user to run commands on a different host.
    For more information, see Local Privilege Escalation via host option:
    https://www.sudo.ws/security/advisories/host_any/
  + An attacker can leverage sudo's -R (--chroot) option to run arbitrary
    commands as root, even if they are not listed in the sudoers file. The chroot
    support has been deprecated an will be removed entirely in a future release.
 [...]
2025-Jul-01 19:20:54 :: sudo: closes bugs: 55007
2025-Jul-01 19:20:54 :: sudo: fixes vulnerabilities: CVE-2025-32462 CVE-2025-32463
2025-Jul-01 19:21:35 :: patched apt indices
2025-Jul-01 19:21:44 :: created next repo
2025-Jul-01 19:21:54 :: duplicate provides check OK
2025-Jul-01 19:22:32 :: dependencies check OK
2025-Jul-01 19:23:02 :: [x86_64 i586 aarch64] ELF symbols check OK
2025-Jul-01 19:23:16 :: [i586] #100 sudo: install check OK
2025-Jul-01 19:23:16 :: [x86_64] #100 sudo: install check OK
2025-Jul-01 19:23:23 :: [i586] #100 sudo-debuginfo: install check OK
2025-Jul-01 19:23:24 :: [x86_64] #100 sudo-debuginfo: install check OK
2025-Jul-01 19:23:26 :: [aarch64] #100 sudo: install check OK
2025-Jul-01 19:23:30 :: [i586] #100 sudo-devel: install check OK
2025-Jul-01 19:23:30 :: [x86_64] #100 sudo-devel: install check OK
2025-Jul-01 19:23:36 :: [i586] #100 sudo-logsrvd: install check OK
2025-Jul-01 19:23:37 :: [x86_64] #100 sudo-logsrvd: install check OK
2025-Jul-01 19:23:38 :: [aarch64] #100 sudo-debuginfo: install check OK
2025-Jul-01 19:23:44 :: [i586] #100 sudo-logsrvd-debuginfo: install check OK
2025-Jul-01 19:23:44 :: [x86_64] #100 sudo-logsrvd-debuginfo: install check OK
2025-Jul-01 19:23:49 :: [aarch64] #100 sudo-devel: install check OK
2025-Jul-01 19:23:52 :: [i586] #100 sudo-python: install check OK
2025-Jul-01 19:23:52 :: [x86_64] #100 sudo-python: install check OK
2025-Jul-01 19:24:00 :: [aarch64] #100 sudo-logsrvd: install check OK
2025-Jul-01 19:24:02 :: [i586] #100 sudo-python-debuginfo: install check OK
2025-Jul-01 19:24:02 :: [x86_64] #100 sudo-python-debuginfo: install check OK
2025-Jul-01 19:24:12 :: [aarch64] #100 sudo-logsrvd-debuginfo: install check OK
2025-Jul-01 19:24:25 :: [aarch64] #100 sudo-python: install check OK
2025-Jul-01 19:24:40 :: [aarch64] #100 sudo-python-debuginfo: install check OK
2025-Jul-01 19:24:42 :: [x86_64-i586] plan: #2 +2 -2 =11690
2025-Jul-01 19:25:02 :: [x86_64-i586] arepo build OK
2025-Jul-01 19:25:21 :: [x86_64-i586] generated apt indices
2025-Jul-01 19:25:23 :: [x86_64-i586] created next repo
2025-Jul-01 19:25:36 :: [x86_64-i586] dependencies check OK
2025-Jul-01 19:25:38 :: gears inheritance check OK
2025-Jul-01 19:25:38 :: srpm inheritance check OK
girar-check-perms: access to sudo DENIED for sin: project `sudo' is not listed in the acl file for repository `p11', and the policy for such projects in `p11' is to deny
check-subtask-perms: #100: sudo: needs approvals from members of @maint and @tester groups
2025-Jul-01 19:25:41 :: acl check FAILED
2025-Jul-01 19:26:01 :: created contents_index files
2025-Jul-01 19:26:08 :: created hash files: aarch64 i586 noarch src x86_64-i586 x86_64
2025-Jul-01 19:26:11 :: task #388680 for p11 EPERM