Comments

12 Comments
karma

Sudo works as expected, CVEs are fixed.

BZ#1773148 sudo: setrlimit(RLIMIT_CORE): Operation not permitted
BZ#1786705 CVE-2019-19232 sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user [fedora-all]
BZ#1786709 CVE-2019-19234 sudo: by using ! character in the shadow file instead of a password hash can access to a run as all sudoer account [fedora-all]
BZ#1796945 CVE-2019-18634 sudo: Stack based buffer overflow in when pwfeedback is enabled [fedora-all]

GUI is obsolete, I should remove it from the test cases.

Is your problem caused really because of unresolved realpath for /sys ? Does regen of your rules.conf help? There are a few new attributes in rules language and that can affect how the computed hash looks like. If you are not using any hash or parent hash in your rules.conf you should be safe but you should try to regen your rules anyway.

I have provided a new build. The update should work.

This update has been unpushed.

This update has been unpushed.

I know it will be pushed simultaneously with rsyslog.

It should be OK now. Both rsyslog and libfastjson are pushed.

This update has been unpushed.

karma

Works for me!

BZ#1499052 usbguard-daemon fails with kernel 4.13
Test Case usbguard setup
Test Case usbguard GUI

Hi rathan,

Sorry, I did it automatically.

The change from json-c to libfastjson was inevitable because json-c is absolutely not threadsafe and rsyslog could have thousands of threads so you can imagine what was happening with rsyslog. Libfastjson is a fork of json-c refactored by rsyslog upstream and now it works better. It was upstream decision and I as fedora maintainer have to accept it. Yes it is possible to compile rsyslog with json-c but do we want to? Do we want buggy rsyslog that is segfaulting all the time?

I understand that this was a big jump but F24 deserves it. This jump was caused by former maintainer that didn't care about fedora updates and rsyslog wasn't updated a year.