Created attachment 228100 [details] Update sudo to 1.9.8p2 Sudo version 1.9.8 patchelevel 2 is now available which fixes a few regressions introduced in sudo 1.9.8. Source: https://www.sudo.ws/dist/sudo-1.9.8p2.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.8p2.tar.gz SHA256 checksum: 9e3b8b8da7def43b6e60c257abe80467205670fd0f7c081de1423c414b680f2d MD5 checksum: f831c1d62835cde89c261465d9c781e4 Binary packages: https://www.sudo.ws/download.html#binary https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_8p2 For a list of download mirror sites, see: https://www.sudo.ws/download_mirrors.html Sudo web site: https://www.sudo.ws/ Sudo web site mirrors: https://www.sudo.ws/mirrors.html Major changes between sudo 1.9.8p2 and 1.9.8p1: * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file.
Is the new "Add --enable-openssl-pkgconfig" potentially useful or needed for the port?
(In reply to Kubilay Kocak from comment #1) Do you mean this? --enable-openssl-pkgconfig-template=template A printf-style template used to construct the name of the openssl and libcrypto pkg-config files. For example, a template of "e%s30" would cause "eopenssl30" and "libecrypto30" to be used instead. This makes it possible to link with the OpenSSL 3.0 package on OpenBSD. Defaults to "%s". For there is no --enable-openssl-pkgconfig without the -template. Mind you, any kind of change outside of "update to 1.9.8p2" would be outside of the scope of this PR. Something like this should be a phabricator review instead.
With the out-of-bounds read being fixed we should probably expedite this.
Approved. Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3c5b4dac33fa23d0cb8464556adfcf8a5d097c5b commit 3c5b4dac33fa23d0cb8464556adfcf8a5d097c5b Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-09-21 17:16:29 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-09-30 13:51:29 +0000 security/sudo: Update to 1.9.8p2 Major changes between sudo 1.9.8p2 and 1.9.8p1: * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file. PR: 258666 Submitted by: cy Reported by: cy Approved by: garga (maintainer) MFH: 2021Q3 security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
A commit in branch 2021Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1188e2186717b6b121913969e5fdbbeb9d0fc092 commit 1188e2186717b6b121913969e5fdbbeb9d0fc092 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-09-21 17:16:29 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-09-30 14:00:00 +0000 security/sudo: Update to 1.9.8p2 Major changes between sudo 1.9.8p2 and 1.9.8p1: * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file. PR: 258666 Submitted by: cy Reported by: cy Approved by: garga (maintainer) (cherry picked from commit 3c5b4dac33fa23d0cb8464556adfcf8a5d097c5b) security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)