Created attachment 243345 [details] Update sudo to 1.9.14p1 Subject: [sudo-announce] sudo 1.9.14p1 released From: "Todd C. Miller via sudo-announce" <sudo-announce@sudo.ws> Date: Tue, 11 Jul 2023 16:50:59 -0600 (15:50 PDT) To: sudo-announce@sudo.ws (multipart/mixed) 1. (multipart/signed) GnuPG signed message - the signature hasn't been checked Check the signature with GnuPG (text/plain) Sudo version 1.9.14p1 is now available, which fixes two bugs introduced in the 1.9.14 release. Source: https://www.sudo.ws/dist/sudo-1.9.14p1.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.14p1.tar.gz SHA256 checksum: e91bf5ef2e09d857ee901c3465cf7ddb37e43c763b65d19fa0862d1dec128faf MD5 checksum: 25b059d132f163d5d3acdc1672f36b05 Binary packages: https://www.sudo.ws/getting/packages/ https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_14p1 For a list of download mirror sites, see: https://www.sudo.ws/getting/download_mirrors/ Sudo web site: https://www.sudo.ws/ Major changes between sudo 1.9.14p1 and 1.9.14: * Fixed an "invalid free" bug in sudo_logsrvd that was introduced in version 1.9.14 which could cause sudo_logsrvd to crash. * The sudoers plugin no longer tries to send the terminal name to the log server when no terminal is present. This bug was introduced in version 1.9.14.
Approved. Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=7bc586ab264043f17bef7d49222be0602f3b44f8 commit 7bc586ab264043f17bef7d49222be0602f3b44f8 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2023-07-11 23:04:28 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2023-07-12 12:46:27 +0000 security/sudo: Update to 1.9.14p1 Major changes between sudo 1.9.14p1 and 1.9.14: * Fixed an "invalid free" bug in sudo_logsrvd that was introduced in version 1.9.14 which could cause sudo_logsrvd to crash. * The sudoers plugin no longer tries to send the terminal name to the log server when no terminal is present. This bug was introduced in version 1.9.14. PR: 272456 Approved by: garga (maintainer) MFH: 2023Q3 security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
A commit in branch 2023Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f95a782377c04ab2b9707e02f2f5b1689e58a370 commit f95a782377c04ab2b9707e02f2f5b1689e58a370 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2023-07-11 23:04:28 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2023-07-26 01:57:15 +0000 security/sudo: Update to 1.9.14p1 Major changes between sudo 1.9.14p1 and 1.9.14: * Fixed an "invalid free" bug in sudo_logsrvd that was introduced in version 1.9.14 which could cause sudo_logsrvd to crash. * The sudoers plugin no longer tries to send the terminal name to the log server when no terminal is present. This bug was introduced in version 1.9.14. PR: 272456 Approved by: garga (maintainer) (cherry picked from commit 7bc586ab264043f17bef7d49222be0602f3b44f8) security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)