Your message dated Sat, 10 Jan 2026 11:59:46 +0000
with message-id <[email protected]>
and subject line Released with 12.13
has caused the Debian Bug report #1124342,
regarding bookworm-pu: package sudo/1.9.13p3-1+deb12u3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1124342: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124342
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:sudo
User: [email protected]
Usertags: pu
(Please provide enough information to help the release team
to judge the request efficiently. E.g. by filling in the
sections below.)
[ Reason ]
sudo on i386 on a not-quite-i686 CPU like the AMD Geode terminates with
an illegal opcode error.
[ Impact ]
Sudo is unuseable on those machines.
[ Tests ]
This has been discussed with the TC (#1113774). sudo has a testsuite.
[ Risks ]
bookworm is the last full release for i386. It is therefore likely to be
used for a long time.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Enable intel CET on amd64 only
diff -Nru sudo-1.9.13p3/debian/changelog sudo-1.9.13p3/debian/changelog
--- sudo-1.9.13p3/debian/changelog 2025-06-24 09:29:50.000000000 +0200
+++ sudo-1.9.13p3/debian/changelog 2025-12-30 21:07:33.000000000 +0100
@@ -1,3 +1,12 @@
+sudo (1.9.13p3-1+deb12u3) bookworm; urgency=medium
+
+ * Apply a patch fro Marcos Del Sol Vives to Enable Intel CET on amd64 only.
+ This has been discussed with the TC in #1113774. After following their
+ advice to apply the patch, I verified that this change produces an
+ identical deb on amd64 (Closes: #1124339)
+
+ -- Marc Haber <[email protected]> Tue, 30 Dec 2025 21:07:33
+0100
+
sudo (1.9.13p3-1+deb12u2) bookworm-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru sudo-1.9.13p3/debian/patches/amd64-ibt.diff
sudo-1.9.13p3/debian/patches/amd64-ibt.diff
--- sudo-1.9.13p3/debian/patches/amd64-ibt.diff 1970-01-01 01:00:00.000000000
+0100
+++ sudo-1.9.13p3/debian/patches/amd64-ibt.diff 2025-12-30 21:07:33.000000000
+0100
@@ -0,0 +1,28 @@
+From: Marcos Del Sol Vives <[email protected]>
+Date: Tue, 2 Sep 2025 00:00:35 +0200
+Subject: Enable Intel CET on amd64 only
+
+---
+ m4/hardening.m4 | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/m4/hardening.m4 b/m4/hardening.m4
+index f7d2a8c..cc7ee01 100644
+--- a/m4/hardening.m4
++++ b/m4/hardening.m4
+@@ -105,6 +105,7 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [
+ ])
+ fi
+
++ if test "$host_cpu" = "x86_64"; then
+ # Check for control-flow transfer instrumentation (Intel CET).
+ AX_CHECK_COMPILE_FLAG([-fcf-protection], [
+ AX_CHECK_LINK_FLAG([-fcf-protection], [
+@@ -112,6 +113,7 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [
+ AX_APPEND_FLAG([-Wc,-fcf-protection], [HARDENING_LDFLAGS])
+ ])
+ ])
++ fi
+ fi
+
+ # Linker-specific hardening flags.
diff -Nru sudo-1.9.13p3/debian/patches/series
sudo-1.9.13p3/debian/patches/series
--- sudo-1.9.13p3/debian/patches/series 2025-06-24 09:24:11.000000000 +0200
+++ sudo-1.9.13p3/debian/patches/series 2025-12-30 21:07:33.000000000 +0100
@@ -1,8 +1,6 @@
-# 1004909-ftbfs-kfreebsd
-# debian-bugs-1019428
-# dont-create-ChangeLog
debian-bug-1039557
paths-in-samples.diff
Whitelist-DPKG_COLORS-environment-variable.diff
sudo-ldap-docs
sudo_host_vuln.diff
+amd64-ibt.diff
--- End Message ---
--- Begin Message ---
Package: release.debian.org\nVersion: 12.13\n\nThis update has been released as
part of Debian 12.13.
--- End Message ---
