From 61dacac7f9af6e92bb128db8df856009cbd4c5be Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Jan 19 2023 13:19:32 +0000
Subject: Rebase to sudo 1.9.12p2


- sudo-1.9.12p2 is available
Resolves: rhbz#2137775
- sudo: arbitrary file write with privileges of the RunAs user
Resolves: CVE-2023-22809

Signed-off-by: Radovan Sroka <rsroka@redhat.com>

---

diff --git a/.gitignore b/.gitignore
index fe1779d..3d050b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,3 +29,4 @@
 /sudo-1.9.5p2.tar.gz
 /sudo-1.9.8p2.tar.gz
 /sudo-1.9.11p3.tar.gz
+/sudo-1.9.12p2.tar.gz
diff --git a/sources b/sources
index 88162bb..f68ca42 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (sudo-1.9.11p3.tar.gz) = ad5c3d623547d1e3016e1a721676fee6d6b7348e77b2c234041e0af40c7220e8934c8c27beef0d12fa6df11708d37de711dacfefc135d26de46abca7f91c55d1
+SHA512 (sudo-1.9.12p2.tar.gz) = 5e035246137d5820691f7ddfc13faec3886e3cf1563ed56633667d86ab4f1306f34cc0e27808f56790b6c6a4614826e54c5b7e47b31eb009b96dde3e52170c45
diff --git a/sudo.spec b/sudo.spec
index 703e52c..f0f1e53 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,15 +1,14 @@
-
 # comment out if no extra version
-%global extraver p3
+%global extraver p2
 
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.9.11
+Version: 1.9.12
 # remove -b 3 after rebase !!!
 # use "-p -e % {?extraver}" when beta
 # use "-e % {?extraver}"" when patch version
 # use nothing special when normal version
-Release: %autorelease -e %{?extraver} -b 3
+Release: %autorelease -e %{?extraver}
 License: ISC
 URL: https://www.sudo.ws
 Source0: %{url}/dist/%{name}-%{version}%{?extraver}.tar.gz
@@ -90,7 +89,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
         --sbindir=%{_sbindir} \
         --libdir=%{_libdir} \
         --docdir=%{_pkgdocdir} \
-	--enable-openssl \
+        --enable-openssl \
         --disable-root-mailer \
         --disable-intercept \
         --with-logging=syslog \
@@ -104,8 +103,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
         --with-ldap \
         --with-selinux \
         --with-passprompt="[sudo] password for %p: " \
-	--enable-python \
-	--enable-zlib=system \
+        --enable-python \
+        --enable-zlib=system \
         --with-linux-audit \
         --with-sssd
 #       --without-kerb5 \
@@ -194,7 +193,6 @@ EOF
 %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
 %attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so
 %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
-%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so
 %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
 %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
 %{_libexecdir}/sudo/libsudo_util.so.?