1 files changed, 0 insertions, 42 deletions
diff --git a/meta/recipes-extended/sudo/files/CVE-2025-32462.patch b/meta/recipes-extended/sudo/files/CVE-2025-32462.patch
deleted file mode 100644
index 04610d40fd..0000000000
--- a/meta/recipes-extended/sudo/files/CVE-2025-32462.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From d530367828e3713d09489872743eb92d31fb11ff Mon Sep 17 00:00:00 2001
-From: "Todd C. Miller" <Todd.Miller@sudo.ws>
-Date: Tue, 1 Apr 2025 09:24:51 -0600
-Subject: [PATCH] Only allow a remote host to be specified when listing
- privileges.
-This fixes a bug where a user with sudoers privileges on a different
-host could execute a command on the local host, even if the sudoers
-file would not otherwise allow this.  CVE-2025-32462
-Reported by Rich Mirch @ Stratascale Cyber Research Unit (CRU).
-Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/d530367828e3713d09489872743eb92d31fb11ff]
-CVE: CVE-2025-32462
-Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
- plugins/sudoers/sudoers.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
-index 70a0c1a528..ad2fa2f61c 100644
--- a/plugins/sudoers/sudoers.c
-+++ b/plugins/sudoers/sudoers.c
-@@ -350,6 +350,18 @@ sudoers_check_common(struct sudoers_context *ctx, int pwflag)
-     time_t now;
-     debug_decl(sudoers_check_common, SUDOERS_DEBUG_PLUGIN);
- 
-+    /* The user may only specify a host for "sudo -l". */
-+    if (!ISSET(ctx->mode, MODE_LIST|MODE_CHECK)) {
-+       if (strcmp(ctx->runas.host, ctx->user.host) != 0) {
-+           log_warningx(ctx, SLOG_NO_STDERR|SLOG_AUDIT,
-+               N_("user not allowed to set remote host for command"));
-+           sudo_warnx("%s",
-+               U_("a remote host may only be specified when listing privileges."));
-+           ret = false;
-+           goto done;
-+       }
-+    }
-+
-     /* If given the -P option, set the "preserve_groups" flag. */
-     if (ISSET(ctx->mode, MODE_PRESERVE_GROUPS))
-        def_preserve_groups = true;

diff --git a/meta/recipes-extended/sudo/files/CVE-2025-32462.patch b/meta/recipes-extended/sudo/files/CVE-2025-32462.patch deleted file mode 100644 index 04610d40fd..0000000000 --- a/meta/recipes-extended/sudo/files/CVE-2025-32462.patch +++ /dev/null
@@ -1,42 +0,0 @@
1	From d530367828e3713d09489872743eb92d31fb11ff Mon Sep 17 00:00:00 2001
2	From: "Todd C. Miller" <Todd.Miller@sudo.ws>
3	Date: Tue, 1 Apr 2025 09:24:51 -0600
4	Subject: [PATCH] Only allow a remote host to be specified when listing
5	privileges.
6
7	This fixes a bug where a user with sudoers privileges on a different
8	host could execute a command on the local host, even if the sudoers
9	file would not otherwise allow this. CVE-2025-32462
10
11	Reported by Rich Mirch @ Stratascale Cyber Research Unit (CRU).
12
13	Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/d530367828e3713d09489872743eb92d31fb11ff]
14	CVE: CVE-2025-32462
15	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
16	---
17	plugins/sudoers/sudoers.c \| 12 ++++++++++++
18	1 file changed, 12 insertions(+)
19
20	diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
21	index 70a0c1a528..ad2fa2f61c 100644
22	--- a/plugins/sudoers/sudoers.c
23	+++ b/plugins/sudoers/sudoers.c
24	@@ -350,6 +350,18 @@ sudoers_check_common(struct sudoers_context *ctx, int pwflag)
25	time_t now;
26	debug_decl(sudoers_check_common, SUDOERS_DEBUG_PLUGIN);
27
28	+ /* The user may only specify a host for "sudo -l". */
29	+ if (!ISSET(ctx->mode, MODE_LIST\|MODE_CHECK)) {
30	+ if (strcmp(ctx->runas.host, ctx->user.host) != 0) {
31	+ log_warningx(ctx, SLOG_NO_STDERR\|SLOG_AUDIT,
32	+ N_("user not allowed to set remote host for command"));
33	+ sudo_warnx("%s",
34	+ U_("a remote host may only be specified when listing privileges."));
35	+ ret = false;
36	+ goto done;
37	+ }
38	+ }
39	+
40	/* If given the -P option, set the "preserve_groups" flag. */
41	if (ISSET(ctx->mode, MODE_PRESERVE_GROUPS))
42	def_preserve_groups = true;