CentOS6 sudo漏洞修复 CVE-2021-3156
sudo又有漏洞啦,CVE-2021-3156。https://s.tencent.com/research/bsafe/1238.html
为了解决centos6无法直接yum update sudo的窘境,撸起袖子干吧
原料一、sudo源码包一份
下载地址:https://www.sudo.ws/dist/sudo-1.9.5p2.tar.gz
原料二、sudo spec一份
打包前不知道用什么编译参数合适,然后参考了一下os原版的内容
最终生成了自己的spec
Name: sudo
Version: 1.9.5p2
Release: 1%{?dist}
Summary: sudo-1.9.5p2 rpmbuild for centos6
License: GPLv2
BuildRequires: gcc,make
Source: %{name}-%{version}.tar.gz
%description
sudo-1.9.5p2 rpmbuild for centos6 to fix CVE-2021-3156. 20210128
%prep
%setup -q
%install
./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --sbindir=/usr/sbin --libdir=/usr/lib64 --docdir=/usr/share/doc/sudo-1.8.6p3 --with-logging=syslog --with-logfac=authpriv --with-pam --with-pam-login --with-editor=/bin/vi --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf --with-selinux --with-passprompt=[sudo] password for %p: --with-linux-audit --with-sssd
make
make install DESTDIR=%{buildroot}
tree %{buildroot} > /tmp/sudo.tree
%files
%defattr(-,root,root)
/
成品出炉,给自己一个赞