* [#388680] p11 EPERM sudo.git=1.9.16p2-alt3
@ 2025-07-01 19:26 Girar awaiter (sin)
2025-07-02 14:48 ` [#388680] p11 DONE (try 2) sudo.git=1.9.16p2-alt3 Girar pender (amakeenk)
0 siblings, 1 reply; 2+ messages in thread
From: Girar awaiter (sin) @ 2025-07-01 19:26 UTC (permalink / raw)
To: Evgeny Sinelnikov
Cc: sisyphus-incominger, girar-builder-p11, girar-builder-p11
https://git.altlinux.org/tasks/388680/logs/events.1.1.log
https://packages.altlinux.org/tasks/388680
subtask name aarch64 i586 x86_64
#100 sudo 2:11 1:28 1:22
2025-Jul-01 19:18:10 :: task #388680 for p11 started by sin:
2025-Jul-01 19:18:10 :: message: security_release
#100 build 1.9.16p2-alt3 from /gears/s/sudo.git fetched at 2025-Jul-01 18:24:56 from sisyphus
2025-Jul-01 19:18:12 :: [i586] #100 sudo.git 1.9.16p2-alt3: build start
2025-Jul-01 19:18:12 :: [x86_64] #100 sudo.git 1.9.16p2-alt3: build start
2025-Jul-01 19:18:12 :: [aarch64] #100 sudo.git 1.9.16p2-alt3: build start
2025-Jul-01 19:19:34 :: [x86_64] #100 sudo.git 1.9.16p2-alt3: build OK
2025-Jul-01 19:19:40 :: [i586] #100 sudo.git 1.9.16p2-alt3: build OK
2025-Jul-01 19:20:23 :: [aarch64] #100 sudo.git 1.9.16p2-alt3: build OK
2025-Jul-01 19:20:44 :: #100: sudo.git 1.9.16p2-alt3: build check OK
2025-Jul-01 19:20:46 :: build check OK
2025-Jul-01 19:20:52 :: noarch check OK
2025-Jul-01 19:20:54 :: plan: src +1 -1 =19695, aarch64 +6 -6 =34708, i586 +6 -6 =33805, noarch +1 -1 =20810, x86_64 +6 -6 =35474
#100 sudo 1.9.16p2-alt2 -> 1:1.9.16p2-alt3
Tue Jul 01 2025 Evgeny Sinelnikov <sin@altlinux> 1:1.9.16p2-alt3
- Security release (fixes: CVE-2025-32462, CVE-2025-32463) (closes: 55007):
+ Sudo's -h (--host) option could be specified when running a command or
editing a file. This could enable a local privilege escalation attack if the
sudoers file allows the user to run commands on a different host.
For more information, see Local Privilege Escalation via host option:
https://www.sudo.ws/security/advisories/host_any/
+ An attacker can leverage sudo's -R (--chroot) option to run arbitrary
commands as root, even if they are not listed in the sudoers file. The chroot
support has been deprecated an will be removed entirely in a future release.
[...]
2025-Jul-01 19:20:54 :: sudo: closes bugs: 55007
2025-Jul-01 19:20:54 :: sudo: fixes vulnerabilities: CVE-2025-32462 CVE-2025-32463
2025-Jul-01 19:21:35 :: patched apt indices
2025-Jul-01 19:21:44 :: created next repo
2025-Jul-01 19:21:54 :: duplicate provides check OK
2025-Jul-01 19:22:32 :: dependencies check OK
2025-Jul-01 19:23:02 :: [x86_64 i586 aarch64] ELF symbols check OK
2025-Jul-01 19:23:16 :: [i586] #100 sudo: install check OK
2025-Jul-01 19:23:16 :: [x86_64] #100 sudo: install check OK
2025-Jul-01 19:23:23 :: [i586] #100 sudo-debuginfo: install check OK
2025-Jul-01 19:23:24 :: [x86_64] #100 sudo-debuginfo: install check OK
2025-Jul-01 19:23:26 :: [aarch64] #100 sudo: install check OK
2025-Jul-01 19:23:30 :: [i586] #100 sudo-devel: install check OK
2025-Jul-01 19:23:30 :: [x86_64] #100 sudo-devel: install check OK
2025-Jul-01 19:23:36 :: [i586] #100 sudo-logsrvd: install check OK
2025-Jul-01 19:23:37 :: [x86_64] #100 sudo-logsrvd: install check OK
2025-Jul-01 19:23:38 :: [aarch64] #100 sudo-debuginfo: install check OK
2025-Jul-01 19:23:44 :: [i586] #100 sudo-logsrvd-debuginfo: install check OK
2025-Jul-01 19:23:44 :: [x86_64] #100 sudo-logsrvd-debuginfo: install check OK
2025-Jul-01 19:23:49 :: [aarch64] #100 sudo-devel: install check OK
2025-Jul-01 19:23:52 :: [i586] #100 sudo-python: install check OK
2025-Jul-01 19:23:52 :: [x86_64] #100 sudo-python: install check OK
2025-Jul-01 19:24:00 :: [aarch64] #100 sudo-logsrvd: install check OK
2025-Jul-01 19:24:02 :: [i586] #100 sudo-python-debuginfo: install check OK
2025-Jul-01 19:24:02 :: [x86_64] #100 sudo-python-debuginfo: install check OK
2025-Jul-01 19:24:12 :: [aarch64] #100 sudo-logsrvd-debuginfo: install check OK
2025-Jul-01 19:24:25 :: [aarch64] #100 sudo-python: install check OK
2025-Jul-01 19:24:40 :: [aarch64] #100 sudo-python-debuginfo: install check OK
2025-Jul-01 19:24:42 :: [x86_64-i586] plan: #2 +2 -2 =11690
2025-Jul-01 19:25:02 :: [x86_64-i586] arepo build OK
2025-Jul-01 19:25:21 :: [x86_64-i586] generated apt indices
2025-Jul-01 19:25:23 :: [x86_64-i586] created next repo
2025-Jul-01 19:25:36 :: [x86_64-i586] dependencies check OK
2025-Jul-01 19:25:38 :: gears inheritance check OK
2025-Jul-01 19:25:38 :: srpm inheritance check OK
girar-check-perms: access to sudo DENIED for sin: project `sudo' is not listed in the acl file for repository `p11', and the policy for such projects in `p11' is to deny
check-subtask-perms: #100: sudo: needs approvals from members of @maint and @tester groups
2025-Jul-01 19:25:41 :: acl check FAILED
2025-Jul-01 19:26:01 :: created contents_index files
2025-Jul-01 19:26:08 :: created hash files: aarch64 i586 noarch src x86_64-i586 x86_64
2025-Jul-01 19:26:11 :: task #388680 for p11 EPERM
^ permalink raw reply [flat|nested] 2+ messages in thread
* [#388680] p11 DONE (try 2) sudo.git=1.9.16p2-alt3
2025-07-01 19:26 [#388680] p11 EPERM sudo.git=1.9.16p2-alt3 Girar awaiter (sin)
@ 2025-07-02 14:48 ` Girar pender (amakeenk)
0 siblings, 0 replies; 2+ messages in thread
From: Girar pender (amakeenk) @ 2025-07-02 14:48 UTC (permalink / raw)
To: Evgeny Sinelnikov
Cc: sisyphus-incominger, girar-builder-p11, girar-builder-p11
https://git.altlinux.org/tasks/archive/done/_379/388680/logs/events.2.1.log
https://packages.altlinux.org/tasks/388680
2025-Jul-02 14:42:31 :: task #388680 for p11 resumed by amakeenk:
2025-Jul-02 14:42:31 :: message: security_release
#100 build 1.9.16p2-alt3 from /gears/s/sudo.git fetched at 2025-Jul-01 18:24:56 from sisyphus
2025-Jul-02 14:42:33 :: [aarch64] #100 sudo.git 1.9.16p2-alt3: build start
2025-Jul-02 14:42:33 :: [x86_64] #100 sudo.git 1.9.16p2-alt3: build start
2025-Jul-02 14:42:33 :: [i586] #100 sudo.git 1.9.16p2-alt3: build start
2025-Jul-02 14:42:43 :: [i586] #100 sudo.git 1.9.16p2-alt3: build OK (cached)
2025-Jul-02 14:42:44 :: [x86_64] #100 sudo.git 1.9.16p2-alt3: build OK (cached)
2025-Jul-02 14:42:51 :: [aarch64] #100 sudo.git 1.9.16p2-alt3: build OK (cached)
2025-Jul-02 14:43:13 :: #100: sudo.git 1.9.16p2-alt3: build check OK
2025-Jul-02 14:43:15 :: build check OK
2025-Jul-02 14:43:21 :: noarch check OK
2025-Jul-02 14:43:23 :: plan: src +1 -1 =19694, aarch64 +6 -6 =34697, i586 +6 -6 =33794, noarch +1 -1 =20810, x86_64 +6 -6 =35463
#100 sudo 1.9.16p2-alt2 -> 1:1.9.16p2-alt3
Tue Jul 01 2025 Evgeny Sinelnikov <sin@altlinux> 1:1.9.16p2-alt3
- Security release (fixes: CVE-2025-32462, CVE-2025-32463) (closes: 55007):
+ Sudo's -h (--host) option could be specified when running a command or
editing a file. This could enable a local privilege escalation attack if the
sudoers file allows the user to run commands on a different host.
For more information, see Local Privilege Escalation via host option:
https://www.sudo.ws/security/advisories/host_any/
+ An attacker can leverage sudo's -R (--chroot) option to run arbitrary
commands as root, even if they are not listed in the sudoers file. The chroot
support has been deprecated an will be removed entirely in a future release.
[...]
2025-Jul-02 14:43:23 :: sudo: closes bugs: 55007
2025-Jul-02 14:43:23 :: sudo: fixes vulnerabilities: CVE-2025-32462 CVE-2025-32463
2025-Jul-02 14:44:05 :: patched apt indices
2025-Jul-02 14:44:13 :: created next repo
2025-Jul-02 14:44:24 :: duplicate provides check OK
2025-Jul-02 14:45:02 :: dependencies check OK
2025-Jul-02 14:45:31 :: [x86_64 i586 aarch64] ELF symbols check OK
2025-Jul-02 14:45:43 :: [i586] #100 sudo: install check OK (cached)
2025-Jul-02 14:45:43 :: [x86_64] #100 sudo: install check OK (cached)
2025-Jul-02 14:45:47 :: [i586] #100 sudo-debuginfo: install check OK (cached)
2025-Jul-02 14:45:48 :: [x86_64] #100 sudo-debuginfo: install check OK (cached)
2025-Jul-02 14:45:51 :: [i586] #100 sudo-devel: install check OK (cached)
2025-Jul-02 14:45:52 :: [aarch64] #100 sudo: install check OK (cached)
2025-Jul-02 14:45:52 :: [x86_64] #100 sudo-devel: install check OK (cached)
2025-Jul-02 14:45:55 :: [i586] #100 sudo-logsrvd: install check OK (cached)
2025-Jul-02 14:45:56 :: [x86_64] #100 sudo-logsrvd: install check OK (cached)
2025-Jul-02 14:45:59 :: [i586] #100 sudo-logsrvd-debuginfo: install check OK (cached)
2025-Jul-02 14:46:00 :: [aarch64] #100 sudo-debuginfo: install check OK (cached)
2025-Jul-02 14:46:00 :: [x86_64] #100 sudo-logsrvd-debuginfo: install check OK (cached)
2025-Jul-02 14:46:03 :: [i586] #100 sudo-python: install check OK (cached)
2025-Jul-02 14:46:05 :: [x86_64] #100 sudo-python: install check OK (cached)
2025-Jul-02 14:46:07 :: [aarch64] #100 sudo-devel: install check OK (cached)
2025-Jul-02 14:46:08 :: [i586] #100 sudo-python-debuginfo: install check OK (cached)
2025-Jul-02 14:46:09 :: [x86_64] #100 sudo-python-debuginfo: install check OK (cached)
2025-Jul-02 14:46:15 :: [aarch64] #100 sudo-logsrvd: install check OK (cached)
2025-Jul-02 14:46:23 :: [aarch64] #100 sudo-logsrvd-debuginfo: install check OK (cached)
2025-Jul-02 14:46:30 :: [aarch64] #100 sudo-python: install check OK (cached)
2025-Jul-02 14:46:38 :: [aarch64] #100 sudo-python-debuginfo: install check OK (cached)
2025-Jul-02 14:46:40 :: [x86_64-i586] plan: #2 +2 -2 =11684
2025-Jul-02 14:46:59 :: [x86_64-i586] arepo build OK
2025-Jul-02 14:47:18 :: [x86_64-i586] generated apt indices
2025-Jul-02 14:47:19 :: [x86_64-i586] created next repo
2025-Jul-02 14:47:30 :: [x86_64-i586] dependencies check OK
2025-Jul-02 14:47:32 :: gears inheritance check OK
2025-Jul-02 14:47:32 :: srpm inheritance check OK
girar-check-perms: access to @maint ALLOWED for bircoph: member of approved group
girar-check-perms: access to @tester ALLOWED for amakeenk: member of approved group
check-subtask-perms: #100: sudo: approved by bircoph, approved by amakeenk
2025-Jul-02 14:47:35 :: acl check OK
2025-Jul-02 14:47:55 :: created contents_index files
2025-Jul-02 14:48:02 :: created hash files: aarch64 i586 noarch src x86_64-i586 x86_64
2025-Jul-02 14:48:05 :: task #388680 for p11 TESTED
2025-Jul-02 14:48:06 :: task is ready for commit
2025-Jul-02 14:48:10 :: repo clone OK
2025-Jul-02 14:48:10 :: packages update OK
2025-Jul-02 14:48:20 :: [x86_64 i586 aarch64 noarch] update OK
2025-Jul-02 14:48:20 :: [x86_64-i586] update OK
2025-Jul-02 14:48:20 :: repo update OK
2025-Jul-02 14:48:32 :: repo save OK
2025-Jul-02 14:48:32 :: src index update OK
2025-Jul-02 14:48:32 :: updated /gears/s/sudo.git branch `p11'
2025-Jul-02 14:48:36 :: gears update OK
2025-Jul-02 14:48:36 :: task #388680 for p11 DONE
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-07-02 14:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-07-01 19:26 [#388680] p11 EPERM sudo.git=1.9.16p2-alt3 Girar awaiter (sin)
2025-07-02 14:48 ` [#388680] p11 DONE (try 2) sudo.git=1.9.16p2-alt3 Girar pender (amakeenk)
ALT Linux Girar Builder robot reports
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-incominger/0 sisyphus-incominger/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-incominger sisyphus-incominger/ http://lore.altlinux.org/sisyphus-incominger \
sisyphus-incominger@lists.altlinux.org sisyphus-incominger@lists.altlinux.ru sisyphus-incominger@lists.altlinux.com
public-inbox-index sisyphus-incominger
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-incominger
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git