Bug 256561

Summary: security/sudo: Update to 1.9.7p1
Product: Ports & Packages Reporter: Cy Schubert <cy>
Component: Individual Port(s)Assignee: Cy Schubert <cy>
Status: Closed FIXED    
Severity: Affects Only Me CC: diizzy, garga
Priority: --- Keywords: needs-qa
Version: LatestFlags: garga: maintainer-feedback+
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://www.sudo.ws/changes.html
Attachments:
Description Flags
Update sudo to 1.9.7p1 none

Description Cy Schubert freebsd_committer 2021-06-11 22:15:40 UTC
Created attachment 225749 [details]
Update sudo to 1.9.7p1

Sudo version 1.9.7 patchelevel 1 is now available which fixes a few
minor bugs in sudo 1.9.7.

Source:
    https://www.sudo.ws/dist/sudo-1.9.7p1.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.7p1.tar.gz

SHA256 checksum:
    391431f454e55121b60c6ded0fcf30ddb80d623d7d16a6d1907cfa6a0b91d8cf
MD5 checksum:
    0ea3649ef66df80e6ecd04d45ea0f762

Binary packages:
    https://www.sudo.ws/download.html#binary
    https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_7p1

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.9.7p1 and 1.9.7

 * Fixed an SELinux sudoedit bug when the edited temporary file
   could not be opened.  The sesh helper would still be run even
   when there are no temporary files available to install.

 * Fixed a compilation problem on FreeBSD.

 * The sudo_noexec.so file is now built as a module on all systems
   other than macOS.  This makes it possible to use other libtool
   implementations such as slibtool.  On macOS shared libraries and
   modules are not interchangeable and the version of libtool shipped
   with sudo must be used.

 * Fixed a few bugs in the getgrouplist() emulation on Solaris when
   reading from the local group file.

 * Fixed a bug in sudo_logsrvd that prevented periodic relay server
   connection retries from occurring in "store_first" mode.

 * Disabled the nss_search()-based getgrouplist() emulation on HP-UX
   due to a crash when the group source is set to "compat" in
   /etc/nsswitch.conf.  This is probably due to a mismatch between
   include/compat/nss_dbdefs.h and what HP-UX uses internally.  On
   HP-UX we now just cycle through groups the slow way using
   getgrent().  Bug #978.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-06-11 22:25:40 UTC
^Triage: Bugfix release MFH
Comment 2 Renato Botelho freebsd_committer 2021-06-14 11:26:40 UTC
I'm facing some problems with system I used to test all my ports related work and cannot test it.  Cy, please go ahead and get it committed, please.
Comment 3 Cy Schubert freebsd_committer 2021-06-14 13:09:33 UTC
Thank you garga@.

Assigning to myself for implementation.
Comment 4 Cy Schubert freebsd_committer 2021-06-14 14:15:14 UTC
Committed to my local branch. It will be pushed with a number of other commits later today.
Comment 5 commit-hook freebsd_committer 2021-06-14 16:04:52 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f34318c566935213a6e7c4e2ac53a6b921a6e9f9

commit f34318c566935213a6e7c4e2ac53a6b921a6e9f9
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-06-14 14:11:40 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-06-14 16:04:01 +0000

    securty/sudo: Update to 1.9.7p1

    Major changes between sudo 1.9.7p1 and 1.9.7

     * Fixed an SELinux sudoedit bug when the edited temporary file
       could not be opened.  The sesh helper would still be run even
       when there are no temporary files available to install.

     * Fixed a compilation problem on FreeBSD.

     * The sudo_noexec.so file is now built as a module on all systems
       other than macOS.  This makes it possible to use other libtool
       implementations such as slibtool.  On macOS shared libraries and
       modules are not interchangeable and the version of libtool shipped
       with sudo must be used.

     * Fixed a few bugs in the getgrouplist() emulation on Solaris when
       reading from the local group file.

     * Fixed a bug in sudo_logsrvd that prevented periodic relay server
       connection retries from occurring in "store_first" mode.

     * Disabled the nss_search()-based getgrouplist() emulation on HP-UX
       due to a crash when the group source is set to "compat" in
       /etc/nsswitch.conf.  This is probably due to a mismatch between
       include/compat/nss_dbdefs.h and what HP-UX uses internally.  On
       HP-UX we now just cycle through groups the slow way using
       getgrent().  Bug #978.

    PR:             256561
    Submitted by:   cy
    Reported by:    cy
    Approved by:    garga (maintainer)
    MFH:            2020Q2

 security/sudo/Makefile                             |  2 +-
 security/sudo/distinfo                             |  6 +++---
 .../sudo/files/patch-lib_iolog_hostcheck.c (gone)  | 25 ----------------------
 3 files changed, 4 insertions(+), 29 deletions(-)
Comment 6 commit-hook freebsd_committer 2021-06-14 21:01:05 UTC
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6ff6811ef166603c135ad6eca6b6562ffab7b6f1

commit 6ff6811ef166603c135ad6eca6b6562ffab7b6f1
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-06-14 14:11:40 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-06-14 21:00:12 +0000

    securty/sudo: Update to 1.9.7p1

    Major changes between sudo 1.9.7p1 and 1.9.7

     * Fixed an SELinux sudoedit bug when the edited temporary file
       could not be opened.  The sesh helper would still be run even
       when there are no temporary files available to install.

     * Fixed a compilation problem on FreeBSD.

     * The sudo_noexec.so file is now built as a module on all systems
       other than macOS.  This makes it possible to use other libtool
       implementations such as slibtool.  On macOS shared libraries and
       modules are not interchangeable and the version of libtool shipped
       with sudo must be used.

     * Fixed a few bugs in the getgrouplist() emulation on Solaris when
       reading from the local group file.

     * Fixed a bug in sudo_logsrvd that prevented periodic relay server
       connection retries from occurring in "store_first" mode.

     * Disabled the nss_search()-based getgrouplist() emulation on HP-UX
       due to a crash when the group source is set to "compat" in
       /etc/nsswitch.conf.  This is probably due to a mismatch between
       include/compat/nss_dbdefs.h and what HP-UX uses internally.  On
       HP-UX we now just cycle through groups the slow way using
       getgrent().  Bug #978.

    PR:             256561
    Submitted by:   cy
    Reported by:    cy
    Approved by:    garga (maintainer)
    MFH:            2020Q2

    (cherry picked from commit f34318c566935213a6e7c4e2ac53a6b921a6e9f9)

 security/sudo/Makefile                             |  2 +-
 security/sudo/distinfo                             |  6 +++---
 .../sudo/files/patch-lib_iolog_hostcheck.c (gone)  | 25 ----------------------
 3 files changed, 4 insertions(+), 29 deletions(-)
Comment 7 Daniel Engberg freebsd_committer 2021-06-15 07:18:10 UTC
Cy, I guess you can close this now?
Comment 8 Cy Schubert freebsd_committer 2021-06-15 13:35:50 UTC
Yes, this ticket can be closed now.