FreeBSD Bugzilla – Attachment 234563 Details for
Bug 264554
security/sudo: Update 1.9.11 --> 1.9.11p1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Update sudo to 1.9.11p1
0001-security-sudo-Update-to-1.9.11p1.patch (text/plain), 4.73 KB, created by
Cy Schubert
on 2022-06-08 19:48:05 UTC
(
hide
)
Description:
Update sudo to 1.9.11p1
Filename:
MIME Type:
Creator:
Cy Schubert
Created:
2022-06-08 19:48:05 UTC
Size:
4.73 KB
patch
obsolete
>From f3025f55330093a8d7c79db9134964f205ad1f3e Mon Sep 17 00:00:00 2001 >From: Cy Schubert <cy@FreeBSD.org> >Date: Wed, 8 Jun 2022 12:45:48 -0700 >Subject: [PATCH] security/sudo: Update to 1.9.11p1 > >Major changes between sudo 1.9.11p1 and 1.9.11: > > * Correctly handle EAGAIN in the I/O read/right events. This fixes > a hang seen on some systems when piping a large amount of data > through sudo, such as via rsync. Bug #963. > > * Changes to avoid implementation or unspecified behavior when > bit shifting signed values in the protobuf library. > > * Fixed a compilation error on Linux/aarch64. > > * Fixed the configure check for seccomp(2) support on Linux. > > * Corrected the EBNF specification for tags in the sudoers manual > page. GitHub issue #153. > >Major changes between sudo 1.9.11 and 1.9.10: > > * Fixed a crash in the Python module with Python 3.9.10 on some > systems. Additionally, "make check" now passes for Python 3.9.10. > > * Error messages sent via email now include more details, including > the file name and the line number and column of the error. > Multiple errors are sent in a single message. Previously, only > the first error was included. > > * Fixed logging of parse errors in JSON format. Previously, > the JSON logger would not write entries unless the command and > runuser were set. These may not be known at the time a parse > error is encountered. > > * Fixed a potential crash parsing sudoers lines larger than twice > the value of LINE_MAX on systems that lack the getdelim() function. > > * The tests run by "make check" now unset the LANGUAGE environment > variable. Otherwise, localization strings will not match if > LANGUAGE is set to a non-English locale. Bug #1025. > > * The "starttime" test now passed when run under Debian faketime. > Bug #1026. > > * The Kerberos authentication module now honors the custom password > prompt if one has been specified. > > * The embedded copy of zlib has been updated to version 1.2.12. > > * Updated the version of libtool used by sudo to version 2.4.7. > > * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE > in the header files (currently only GNU libc). This is required > to allow the use of 64-bit time values on some 32-bit systems. > > * Sudo's "intercept" and "log_subcmds" options no longer force the > command to run in its own pseudo-terminal. It is now also > possible to intercept the system(3) function. > > * Fixed a bug in sudo_logsrvd when run in store-first relay mode > where the commit point messages sent by the server were incorrect > if the command was suspended or received a window size change > event. > > * Fixed a potential crash in sudo_logsrvd when the "tls_dhparams" > configuration setting was used. > > * The "intercept" and "log_subcmds" functionality can now use > ptrace(2) on Linux systems that support seccomp(2) filtering. > This has the advantage of working for both static and dynamic > binaries and can work with sudo's SELinux RBAC mode. The following > architectures are currently supported: i386, x86_64, aarch64, > arm, mips (log_subcmds only), powerpc, riscv, and s390x. The > default is to use ptrace(2) where possible; the new "intercept_type" > sudoers setting can be used to explicitly set the type. > > * New Georgian translation from translationproject.org. > > * Fixed creating packages on CentOS Stream. > > * Fixed a bug in the intercept and log_subcmds support where > the execve(2) wrapper was using the current environment instead > of the passed environment pointer. Bug #1030. > > * Added AppArmor integration for Linux. A sudoers rule can now > specify an APPARMOR_PROFILE option to run a command confined by > the named AppArmor profile. > > * Fixed parsing of the "server_log" setting in sudo_logsrvd.conf. > Non-paths were being treated as paths and an actual path was > treated as an error. > >PR: >Approved by: garga (maintainer) >--- > security/sudo/Makefile | 2 +- > security/sudo/distinfo | 6 +++--- > 2 files changed, 4 insertions(+), 4 deletions(-) > >diff --git a/security/sudo/Makefile b/security/sudo/Makefile >index 32b71421d363..82333a420c6d 100644 >--- a/security/sudo/Makefile >+++ b/security/sudo/Makefile >@@ -1,7 +1,7 @@ > # Created by: erich@rrnet.com > > PORTNAME= sudo >-PORTVERSION= 1.9.11 >+PORTVERSION= 1.9.11p1 > CATEGORIES= security > MASTER_SITES= SUDO > >diff --git a/security/sudo/distinfo b/security/sudo/distinfo >index f53f26673ed0..441a89de2330 100644 >--- a/security/sudo/distinfo >+++ b/security/sudo/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1654573243 >-SHA256 (sudo-1.9.11.tar.gz) = b5476e30d83ca14734da9370f2206beb21c8a33fc85a504fb8a61d18d8b351be >-SIZE (sudo-1.9.11.tar.gz) = 4822882 >+TIMESTAMP = 1654717240 >+SHA256 (sudo-1.9.11p1.tar.gz) = eb8b6c1a69a9adf4b82030b66d99d79214d7cba5031a0be43103a6176b16254b >+SIZE (sudo-1.9.11p1.tar.gz) = 4825102 >-- >2.36.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=234563">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
koobs
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 264554
: 234563