Version in base suite: 1.9.13p3-1+deb12u3

Base version: sudo_1.9.13p3-1+deb12u3
Target version: sudo_1.9.13p3-1+deb12u4
Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/sudo/sudo_1.9.13p3-1+deb12u3.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/s/sudo/sudo_1.9.13p3-1+deb12u4.dsc

 changelog                                                               |    8 
 patches/0006-exec_mailer-Set-group-as-well-as-uid-when-running-th.patch |  132 ++++++++++
 patches/series                                                          |    1 
 3 files changed, 141 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp7hrik7f1/sudo_1.9.13p3-1+deb12u3.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp7hrik7f1/sudo_1.9.13p3-1+deb12u4.dsc: no acceptable signature found
diff -Nru sudo-1.9.13p3/debian/changelog sudo-1.9.13p3/debian/changelog
--- sudo-1.9.13p3/debian/changelog	2025-12-30 20:07:33.000000000 +0000
+++ sudo-1.9.13p3/debian/changelog	2026-04-11 12:01:23.000000000 +0000
@@ -1,3 +1,11 @@
+sudo (1.9.13p3-1+deb12u4) bookworm; urgency=medium
+
+  * cherry-pick upstream exec_mailer-Set-group-as-well-as-uid.
+    This is adapted from upstream and fixes CVE-2026-35535:
+    https://github.com/sudo-project/sudo/commit/3e474c2 (Closes: #1130593)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de>  Sat, 11 Apr 2026 14:01:23 +0200
+
 sudo (1.9.13p3-1+deb12u3) bookworm; urgency=medium
 
   * Apply a patch fro Marcos Del Sol Vives to Enable Intel CET on amd64 only.
diff -Nru sudo-1.9.13p3/debian/patches/0006-exec_mailer-Set-group-as-well-as-uid-when-running-th.patch sudo-1.9.13p3/debian/patches/0006-exec_mailer-Set-group-as-well-as-uid-when-running-th.patch
--- sudo-1.9.13p3/debian/patches/0006-exec_mailer-Set-group-as-well-as-uid-when-running-th.patch	1970-01-01 00:00:00.000000000 +0000
+++ sudo-1.9.13p3/debian/patches/0006-exec_mailer-Set-group-as-well-as-uid-when-running-th.patch	2026-04-11 12:01:18.000000000 +0000
@@ -0,0 +1,132 @@
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Sat, 8 Nov 2025 15:34:02 -0700
+Subject: exec_mailer: Set group as well as uid when running the mailer
+
+Also make a setuid(), setgid() or setgroups() failure fatal.
+
+Found by the ZeroPath AI Security Engineer <https://zeropath.com>
+---
+ include/sudo_eventlog.h      |  3 ++-
+ lib/eventlog/eventlog.c      | 21 +++++++++++++++++----
+ lib/eventlog/eventlog_conf.c |  4 +++-
+ plugins/sudoers/logging.c    |  2 +-
+ plugins/sudoers/policy.c     |  2 +-
+ 5 files changed, 24 insertions(+), 8 deletions(-)
+
+--- a/include/sudo_eventlog.h
++++ b/include/sudo_eventlog.h
+@@ -79,6 +79,7 @@ struct eventlog_config {
+     int syslog_maxlen;
+     int file_maxlen;
+     uid_t mailuid;
++    gid_t mailgid;
+     bool omit_hostname;
+     const char *logpath;
+     const char *time_fmt;
+@@ -146,7 +147,7 @@ void eventlog_set_syslog_rejectpri(int p
+ void eventlog_set_syslog_alertpri(int pri);
+ void eventlog_set_syslog_maxlen(int len);
+ void eventlog_set_file_maxlen(int len);
+-void eventlog_set_mailuid(uid_t uid);
++void eventlog_set_mailuser(uid_t uid, gid_t gid);
+ void eventlog_set_omit_hostname(bool omit_hostname);
+ void eventlog_set_logpath(const char *path);
+ void eventlog_set_time_fmt(const char *fmt);
+--- a/lib/eventlog/eventlog.c
++++ b/lib/eventlog/eventlog.c
+@@ -304,15 +304,13 @@ exec_mailer(int pipein)
+ 	syslog(LOG_ERR, _("unable to dup stdin: %m")); // -V618
+ 	sudo_debug_printf(SUDO_DEBUG_ERROR,
+ 	    "unable to dup stdin: %s", strerror(errno));
+-	sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys);
+-	_exit(127);
++	goto bad;
+     }
+ 
+     /* Build up an argv based on the mailer path and flags */
+     if ((mflags = strdup(evl_conf->mailerflags)) == NULL) {
+ 	syslog(LOG_ERR, _("unable to allocate memory")); // -V618
+-	sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys);
+-	_exit(127);
++	goto bad;
+     }
+     argv[0] = sudo_basename(mpath);
+ 
+@@ -331,11 +329,23 @@ exec_mailer(int pipein)
+     if (setuid(ROOT_UID) != 0) {
+ 	sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to change uid to %u",
+ 	    ROOT_UID);
++	goto bad;
++    }
++    if (setgid(evl_conf->mailgid) != 0) {
++	sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to change gid to %u",
++	    (unsigned int)evl_conf->mailgid);
++	goto bad;
++    }
++    if (setgroups(1, &evl_conf->mailgid) != 0) {
++	sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to set groups to %u",
++	    (unsigned int)evl_conf->mailgid);
++	goto bad;
+     }
+     if (evl_conf->mailuid != ROOT_UID) {
+ 	if (setuid(evl_conf->mailuid) != 0) {
+ 	    sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to change uid to %u",
+ 		(unsigned int)evl_conf->mailuid);
++	    goto bad;
+ 	}
+     }
+     sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys);
+@@ -347,6 +357,9 @@ exec_mailer(int pipein)
+     sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to execute %s: %s",
+ 	mpath, strerror(errno));
+     _exit(127);
++bad:
++    sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys);
++    _exit(127);
+ }
+ 
+ /* Send a message to the mailto user */
+--- a/lib/eventlog/eventlog_conf.c
++++ b/lib/eventlog/eventlog_conf.c
+@@ -70,6 +70,7 @@ static struct eventlog_config evl_conf =
+     MAXSYSLOGLEN,		/* syslog_maxlen */
+     0,				/* file_maxlen */
+     ROOT_UID,			/* mailuid */
++    ROOT_GID,			/* mailgid */
+     false,			/* omit_hostname */
+     _PATH_SUDO_LOGFILE,		/* logpath */
+     "%h %e %T",			/* time_fmt */
+@@ -151,9 +152,10 @@ eventlog_set_file_maxlen(int len)
+ }
+ 
+ void
+-eventlog_set_mailuid(uid_t uid)
++eventlog_set_mailuser(uid_t uid, gid_t gid)
+ {
+     evl_conf.mailuid = uid;
++    evl_conf.mailgid = gid;
+ }
+ 
+ void
+--- a/plugins/sudoers/logging.c
++++ b/plugins/sudoers/logging.c
+@@ -1076,7 +1076,7 @@ init_eventlog_config(void)
+     eventlog_set_syslog_alertpri(def_syslog_badpri);
+     eventlog_set_syslog_maxlen(def_syslog_maxlen);
+     eventlog_set_file_maxlen(def_loglinelen);
+-    eventlog_set_mailuid(ROOT_UID);
++    eventlog_set_mailuser(ROOT_UID, ROOT_GID);
+     eventlog_set_omit_hostname(!def_log_host);
+     eventlog_set_logpath(def_logfile);
+     eventlog_set_time_fmt(def_log_year ? "%h %e %T %Y" : "%h %e %T");
+--- a/plugins/sudoers/policy.c
++++ b/plugins/sudoers/policy.c
+@@ -607,7 +607,7 @@ sudoers_policy_deserialize_info(void *v,
+     }
+ 
+ #ifdef NO_ROOT_MAILER
+-    eventlog_set_mailuid(user_uid);
++    eventlog_set_mailuser(user_uid, user_gid);
+ #endif
+ 
+     /* Dump settings and user info (XXX - plugin args) */
diff -Nru sudo-1.9.13p3/debian/patches/series sudo-1.9.13p3/debian/patches/series
--- sudo-1.9.13p3/debian/patches/series	2025-12-30 20:07:33.000000000 +0000
+++ sudo-1.9.13p3/debian/patches/series	2026-04-11 12:01:18.000000000 +0000
@@ -4,3 +4,4 @@
 sudo-ldap-docs
 sudo_host_vuln.diff
 amd64-ibt.diff
+0006-exec_mailer-Set-group-as-well-as-uid-when-running-th.patch