Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sudo for openSUSE:Factory checked in at 2023-01-24 19:41:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sudo (Old) and /work/SRC/openSUSE:Factory/.sudo.new.32243 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo" Tue Jan 24 19:41:58 2023 rev:140 rq:1060308 version:1.9.12p2 Changes: -------- --- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2022-11-23 09:47:32.902866767 +0100 +++ /work/SRC/openSUSE:Factory/.sudo.new.32243/sudo.changes 2023-01-24 20:35:32.805380732 +0100 @@ -1,0 +2,24 @@ +Thu Jan 19 03:39:52 UTC 2023 - Jason Sikes <jsi...@suse.com> + +- Update to 1.9.12p2: + * Fixes bsc#1207082 + * Changes in 1.9.12p2: + Fixed a compilation error on Linux/aarch64. GitHub issue #197. + + Fixed a potential crash introduced in the fix GitHub issue #134. + If a userâs sudoers entry did not have any RunAs userâs set, + running sudo -U otheruser -l would dereference a NULL pointer. + + Fixed a bug introduced in sudo 1.9.12 that could prevent sudo + from creating a I/O files when the iolog_file sudoers setting + contains six or more Xs. + + Fixed a compilation issue on AIX with the native compiler. + GitHub issue #231. + + Fixed CVE-2023-22809, a flaw in sudoâs -e option (aka sudoedit) + that could allow a malicious user with sudoedit privileges to + edit arbitrary files. For more information, see Sudoedit can + edit arbitrary files. + +------------------------------------------------------------------- Old: ---- sudo-1.9.12p1.tar.gz sudo-1.9.12p1.tar.gz.sig New: ---- sudo-1.9.12p2.tar.gz sudo-1.9.12p2.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ --- /var/tmp/diff_new_pack.2utnP9/_old 2023-01-24 20:35:33.661385165 +0100 +++ /var/tmp/diff_new_pack.2utnP9/_new 2023-01-24 20:35:33.669385206 +0100 @@ -1,7 +1,7 @@ # # spec file for package sudo # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: sudo -Version: 1.9.12p1 +Version: 1.9.12p2 Release: 0 Summary: Execute some commands as root License: ISC ++++++ sudo-1.9.12p1.tar.gz -> sudo-1.9.12p2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/ChangeLog new/sudo-1.9.12p2/ChangeLog --- old/sudo-1.9.12p1/ChangeLog 2022-11-04 21:32:10.000000000 +0100 +++ new/sudo-1.9.12p2/ChangeLog 2023-01-18 15:20:22.000000000 +0100 @@ -1,8 +1,67 @@ +2023-01-18 Todd C. Miller <todd.mil...@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_12p2 for changeset 05149e3ee7db + [8763a9e70ddd] [tip] <1.9> + +2023-01-17 Todd C. Miller <todd.mil...@sudo.ws> + + * configure, configure.ac: + Add back the linker check for -fstack-clash-protection. This is + expected to fix GitHub issue #231. + [40bda374ae08] <1.9> + +2023-01-12 Todd C. Miller <todd.mil...@sudo.ws> + + * lib/iolog/iolog_mkdtemp.c: + iolog_mkdtemp: fix pasto in last commit Set mode to iolog_dirmode, + not iolog_filemode + [9926f1c92729] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.2p2 + [05149e3ee7db] [SUDO_1_9_12p2] <1.9> + + * plugins/sudoers/editor.c, plugins/sudoers/sudoers.c, + plugins/sudoers/visudo.c: + sudoedit: do not permit editor arguments to include "--" + (CVE-2023-22809) We use "--" to separate the editor and arguments + from the files to edit. If the editor arguments include "--", sudo + can be tricked into allowing the user to edit a file not permitted + by the security policy. Thanks to Matthieu Barjole and Victor + Cutillas of Synacktiv (https://synacktiv.com) for finding this bug. + [eb7f573a4a92] <1.9> + +2023-01-03 Todd C. Miller <todd.mil...@sudo.ws> + + * lib/iolog/iolog_mkdtemp.c: + iolog_mkdtemp: fix failure when the specified path contains + subdirectories. This fixes a bug introduced in sudo 1.9.12. + [ac86f3b0d94b] <1.9> + +2022-12-07 Todd C. Miller <todd.mil...@sudo.ws> + + * plugins/sudoers/parse.c: + Fix potential crash introduced in the fix for GitHub issue #134. If + a user's sudoers entry did not have any RunAs user's set, running + "sudo -U otheruser -l" would dereference a NULL pointer. We need to + compare the default RunAs user if the sudoers entry does not specify + one explicitly. Problem reported by Andreas Mueller who also + suggested a different solution in PR #219. + [360e04f13024] <1.9> + +2022-11-10 Todd C. Miller <todd.mil...@sudo.ws> + + * src/exec_ptrace.h: + Include linux/elf.h, not elf.h to make sure we get + NT_ARM_SYSTEM_CALL. The NT_PRSTATUS define is present in both files. + [161f41f644ca] <1.9> + 2022-11-04 Todd C. Miller <todd.mil...@sudo.ws> * .hgtags: Added tag SUDO_1_9_12p1 for changeset 39cf4d8052ff - [28ed2d994f40] [tip] <1.9> + [28ed2d994f40] <1.9> * NEWS, configure, configure.ac: Merge sudo 1.9.12p1 from tip. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/NEWS new/sudo-1.9.12p2/NEWS --- old/sudo-1.9.12p1/NEWS 2022-11-04 21:26:40.000000000 +0100 +++ new/sudo-1.9.12p2/NEWS 2023-01-18 15:19:49.000000000 +0100 @@ -1,3 +1,22 @@ +What's new in Sudo 1.9.12p2 + + * Fixed a compilation error on Linux/aarch64. GitHub issue #197. + + * Fixed a potential crash introduced in the fix for GitHub issue #134. + If a user's sudoers entry did not have any RunAs user's set, + running "sudo -U otheruser -l" would dereference a NULL pointer. + + * Fixed a bug introduced in sudo 1.9.12 that could prevent sudo + from creating a I/O files when the "iolog_file" sudoers setting + contains six or more Xs. + + * Fixed a compilation issue on AIX with the native compiler. + GitHub issue #231. + + * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit) + that could allow a malicious user with sudoedit privileges to + edit arbitrary files. + What's new in Sudo 1.9.12p1 * Sudo's configure script now does a better job of detecting when diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/configure new/sudo-1.9.12p2/configure --- old/sudo-1.9.12p1/configure 2022-11-04 21:26:40.000000000 +0100 +++ new/sudo-1.9.12p2/configure 2023-01-18 14:56:03.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for sudo 1.9.12p1. +# Generated by GNU Autoconf 2.71 for sudo 1.9.12p2. # # Report bugs to <https://bugzilla.sudo.ws/>. # @@ -621,8 +621,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.12p1' -PACKAGE_STRING='sudo 1.9.12p1' +PACKAGE_VERSION='1.9.12p2' +PACKAGE_STRING='sudo 1.9.12p2' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1640,7 +1640,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.9.12p1 to adapt to many kinds of systems. +\`configure' configures sudo 1.9.12p2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1706,7 +1706,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.12p1:";; + short | recursive ) echo "Configuration of sudo 1.9.12p2:";; esac cat <<\_ACEOF @@ -1996,7 +1996,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.12p1 +sudo configure 1.9.12p2 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2653,7 +2653,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.12p1, which was +It was created by sudo $as_me 1.9.12p2, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -31915,7 +31915,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - int main(int argc, char *argv[]) { char buf[16384], *src = argv[0], *dst = buf; while ((*dst++ = *src++) != '\0'); return buf[argc]; } + int main(int argc, char *argv[]) { char buf[16384], *src = argv[0], *dst = buf; while ((*dst++ = *src++) != '\0') { continue; } return buf[argc]; } _ACEOF if ac_fn_c_try_compile "$LINENO" @@ -31932,6 +31932,41 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_check_cflags___fstack_clash_protection" >&5 printf "%s\n" "$sudo_cv_check_cflags___fstack_clash_protection" >&6; } if test X"$sudo_cv_check_cflags___fstack_clash_protection" = X"yes"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -fstack-clash-protection" >&5 +printf %s "checking whether the linker accepts -fstack-clash-protection... " >&6; } +if test ${ax_cv_check_ldflags___fstack_clash_protection+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -fstack-clash-protection" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ax_cv_check_ldflags___fstack_clash_protection=yes +else $as_nop + ax_cv_check_ldflags___fstack_clash_protection=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___fstack_clash_protection" >&5 +printf "%s\n" "$ax_cv_check_ldflags___fstack_clash_protection" >&6; } +if test x"$ax_cv_check_ldflags___fstack_clash_protection" = xyes +then : + if test ${HARDENING_CFLAGS+y} then : @@ -31998,6 +32033,11 @@ fi + +else $as_nop + : +fi + fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fcf-protection" >&5 @@ -33148,7 +33188,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.12p1, which was +This file was extended by sudo $as_me 1.9.12p2, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -33216,7 +33256,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.12p1 +sudo config.status 1.9.12p2 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" @@ -35009,7 +35049,6 @@ - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/configure.ac new/sudo-1.9.12p2/configure.ac --- old/sudo-1.9.12p1/configure.ac 2022-11-04 21:26:40.000000000 +0100 +++ new/sudo-1.9.12p2/configure.ac 2023-01-18 14:56:03.000000000 +0100 @@ -18,7 +18,7 @@ dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.70]) -AC_INIT([sudo], [1.9.12p1], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.12p2], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts]) @@ -4966,14 +4966,16 @@ _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fstack-clash-protection" AC_COMPILE_IFELSE([ - AC_LANG_SOURCE([[int main(int argc, char *argv[]) { char buf[16384], *src = argv[0], *dst = buf; while ((*dst++ = *src++) != '\0'); return buf[argc]; }]]) + AC_LANG_SOURCE([[int main(int argc, char *argv[]) { char buf[16384], *src = argv[0], *dst = buf; while ((*dst++ = *src++) != '\0') { continue; } return buf[argc]; }]]) ], [sudo_cv_check_cflags___fstack_clash_protection=yes], [sudo_cv_check_cflags___fstack_clash_protection=no]) CFLAGS="$_CFLAGS" ] ) if test X"$sudo_cv_check_cflags___fstack_clash_protection" = X"yes"; then - AX_APPEND_FLAG([-fstack-clash-protection], [HARDENING_CFLAGS]) - AX_APPEND_FLAG([-Wc,-fstack-clash-protection], [HARDENING_LDFLAGS]) + AX_CHECK_LINK_FLAG([-fstack-clash-protection], [ + AX_APPEND_FLAG([-fstack-clash-protection], [HARDENING_CFLAGS]) + AX_APPEND_FLAG([-Wc,-fstack-clash-protection], [HARDENING_LDFLAGS]) + ]) fi AX_CHECK_COMPILE_FLAG([-fcf-protection], [ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/lib/iolog/iolog_mkdtemp.c new/sudo-1.9.12p2/lib/iolog/iolog_mkdtemp.c --- old/sudo-1.9.12p1/lib/iolog/iolog_mkdtemp.c 2022-10-22 01:04:06.000000000 +0200 +++ new/sudo-1.9.12p2/lib/iolog/iolog_mkdtemp.c 2023-01-13 03:16:48.000000000 +0100 @@ -53,6 +53,7 @@ const uid_t iolog_uid = iolog_get_uid(); const gid_t iolog_gid = iolog_get_gid(); bool ok = false, uid_changed = false; + char *dir = sudo_basename(path); mode_t omask; int dfd; debug_decl(iolog_mkdtemp, SUDO_DEBUG_UTIL); @@ -74,11 +75,11 @@ /* We cannot retry mkdtemp() so always open as iolog user */ if (!uid_changed) uid_changed = iolog_swapids(false); - if (mkdtempat(dfd, path) == NULL) { + if (mkdtempat(dfd, dir) == NULL) { sudo_warn(U_("unable to mkdir %s"), path); ok = false; } else { - if (chmod(path, iolog_dirmode) != 0) { + if (fchmodat(dfd, dir, iolog_dirmode, 0) != 0) { /* Not a fatal error, pre-existing mode is 0700. */ sudo_warn(U_("unable to change mode of %s to 0%o"), path, (unsigned int)iolog_dirmode); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/plugins/sudoers/editor.c new/sudo-1.9.12p2/plugins/sudoers/editor.c --- old/sudo-1.9.12p1/plugins/sudoers/editor.c 2022-10-22 01:04:06.000000000 +0200 +++ new/sudo-1.9.12p2/plugins/sudoers/editor.c 2023-01-13 03:16:52.000000000 +0100 @@ -131,7 +131,7 @@ const char *tmp, *cp, *ep = NULL; const char *edend = ed + edlen; struct stat user_editor_sb; - int nargc; + int nargc = 0; debug_decl(resolve_editor, SUDOERS_DEBUG_UTIL); /* @@ -149,10 +149,7 @@ /* If we can't find the editor in the user's PATH, give up. */ if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), NULL, 0, allowlist) != FOUND) { - sudoers_gc_remove(GC_PTR, editor); - free(editor); - errno = ENOENT; - debug_return_str(NULL); + goto bad; } /* Count rest of arguments and allocate editor argv. */ @@ -173,6 +170,17 @@ nargv[nargc] = copy_arg(cp, ep - cp); if (nargv[nargc] == NULL) goto oom; + + /* + * We use "--" to separate the editor and arguments from the files + * to edit. The editor arguments themselves may not contain "--". + */ + if (strcmp(nargv[nargc], "--") == 0) { + sudo_warnx(U_("ignoring editor: %.*s"), (int)edlen, ed); + sudo_warnx("%s", U_("editor arguments may not contain \"--\"")); + errno = EINVAL; + goto bad; + } } if (nfiles != 0) { nargv[nargc++] = (char *)"--"; @@ -186,6 +194,7 @@ debug_return_str(editor_path); oom: sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); +bad: sudoers_gc_remove(GC_PTR, editor); free(editor); free(editor_path); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/plugins/sudoers/parse.c new/sudo-1.9.12p2/plugins/sudoers/parse.c --- old/sudo-1.9.12p1/plugins/sudoers/parse.c 2022-10-22 01:04:06.000000000 +0200 +++ new/sudo-1.9.12p2/plugins/sudoers/parse.c 2023-01-12 23:52:49.000000000 +0100 @@ -35,6 +35,23 @@ #include "sudo_lbuf.h" #include <gram.h> +static int +runas_matches_pw(struct sudoers_parse_tree *parse_tree, + const struct cmndspec *cs, const struct passwd *pw) +{ + debug_decl(runas_matches_pw, SUDOERS_DEBUG_PARSER); + + if (cs->runasuserlist != NULL) + debug_return_int(userlist_matches(parse_tree, pw, cs->runasuserlist)); + + if (cs->runasgrouplist == NULL) { + /* No explicit runas user or group, use default. */ + if (userpw_matches(def_runas_default, pw->pw_name, pw)) + debug_return_int(ALLOW); + } + debug_return_int(UNSPEC); +} + /* * Look up the user in the sudoers parse tree for pseudo-commands like * list, verify and kill. @@ -101,12 +118,10 @@ continue; } /* Runas user must match list user or root. */ - if (userlist_matches(nss->parse_tree, list_pw, - cs->runasuserlist) == DENY) { + if (runas_matches_pw(nss->parse_tree, cs, list_pw) == DENY) continue; - } - if (root_pw == NULL || userlist_matches(nss->parse_tree, - root_pw, cs->runasuserlist) != ALLOW) { + if (root_pw == NULL || runas_matches_pw(nss->parse_tree, + cs, root_pw) != ALLOW) { continue; } if (cmnd_matches(nss->parse_tree, cs->cmnd, cs->runchroot, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/plugins/sudoers/sudoers.c new/sudo-1.9.12p2/plugins/sudoers/sudoers.c --- old/sudo-1.9.12p1/plugins/sudoers/sudoers.c 2022-10-22 01:04:06.000000000 +0200 +++ new/sudo-1.9.12p2/plugins/sudoers/sudoers.c 2023-01-13 03:16:52.000000000 +0100 @@ -792,21 +792,32 @@ /* Note: must call audit before uid change. */ if (ISSET(sudo_mode, MODE_EDIT)) { + const char *env_editor = NULL; char **edit_argv; int edit_argc; - const char *env_editor; free(safe_cmnd); safe_cmnd = find_editor(NewArgc - 1, NewArgv + 1, &edit_argc, &edit_argv, NULL, &env_editor); if (safe_cmnd == NULL) { - if (errno != ENOENT) + switch (errno) { + case ENOENT: + audit_failure(NewArgv, N_("%s: command not found"), + env_editor ? env_editor : def_editor); + sudo_warnx(U_("%s: command not found"), + env_editor ? env_editor : def_editor); + goto bad; + case EINVAL: + if (def_env_editor && env_editor != NULL) { + /* User tried to do something funny with the editor. */ + log_warningx(SLOG_NO_STDERR|SLOG_AUDIT|SLOG_SEND_MAIL, + "invalid user-specified editor: %s", env_editor); + goto bad; + } + FALLTHROUGH; + default: goto done; - audit_failure(NewArgv, N_("%s: command not found"), - env_editor ? env_editor : def_editor); - sudo_warnx(U_("%s: command not found"), - env_editor ? env_editor : def_editor); - goto bad; + } } /* find_editor() already g/c'd edit_argv[] */ if (NewArgv != saved_argv) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/plugins/sudoers/visudo.c new/sudo-1.9.12p2/plugins/sudoers/visudo.c --- old/sudo-1.9.12p1/plugins/sudoers/visudo.c 2022-10-22 01:04:06.000000000 +0200 +++ new/sudo-1.9.12p2/plugins/sudoers/visudo.c 2023-01-13 03:16:52.000000000 +0100 @@ -365,7 +365,7 @@ get_editor(int *editor_argc, char ***editor_argv) { char *editor_path = NULL, **allowlist = NULL; - const char *env_editor; + const char *env_editor = NULL; static const char *files[] = { "+1", "sudoers" }; unsigned int allowlist_len = 0; debug_decl(get_editor, SUDOERS_DEBUG_UTIL); @@ -399,7 +399,11 @@ if (editor_path == NULL) { if (def_env_editor && env_editor != NULL) { /* We are honoring $EDITOR so this is a fatal error. */ - sudo_fatalx(U_("specified editor (%s) doesn't exist"), env_editor); + if (errno == ENOENT) { + sudo_warnx(U_("specified editor (%s) doesn't exist"), + env_editor); + } + exit(EXIT_FAILURE); } sudo_fatalx(U_("no editor found (editor path = %s)"), def_editor); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.9.12p1/src/exec_ptrace.h new/sudo-1.9.12p2/src/exec_ptrace.h --- old/sudo-1.9.12p1/src/exec_ptrace.h 2022-10-22 01:04:06.000000000 +0200 +++ new/sudo-1.9.12p2/src/exec_ptrace.h 2023-01-18 14:53:40.000000000 +0100 @@ -17,12 +17,12 @@ #ifndef SUDO_EXEC_PTRACE_H #define SUDO_EXEC_PTRACE_H -#include <elf.h> #include <sys/prctl.h> #include <sys/ptrace.h> #include <sys/user.h> #include <asm/unistd.h> #include <linux/audit.h> +#include <linux/elf.h> #include <linux/ptrace.h> #include <linux/seccomp.h> #include <linux/filter.h>
