Bug 258666
| Summary: | security/sudo: Update to 1.9.8p2 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Cy Schubert <cy> | ||||
| Component: | Individual Port(s) | Assignee: | Renato Botelho <garga> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Many People | CC: | cy | ||||
| Priority: | --- | Keywords: | needs-qa | ||||
| Version: | Latest | Flags: | garga:
maintainer-feedback+
cy: merge-quarterly? |
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| URL: | https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_8p2 | ||||||
| Attachments: |
|
||||||
|
Description
Cy Schubert
2021-09-21 17:08:18 UTC
Is the new "Add --enable-openssl-pkgconfig" potentially useful or needed for the port? (In reply to Kubilay Kocak from comment #1) Do you mean this? --enable-openssl-pkgconfig-template=template A printf-style template used to construct the name of the openssl and libcrypto pkg-config files. For example, a template of "e%s30" would cause "eopenssl30" and "libecrypto30" to be used instead. This makes it possible to link with the OpenSSL 3.0 package on OpenBSD. Defaults to "%s". For there is no --enable-openssl-pkgconfig without the -template. Mind you, any kind of change outside of "update to 1.9.8p2" would be outside of the scope of this PR. Something like this should be a phabricator review instead. With the out-of-bounds read being fixed we should probably expedite this. Approved. Thanks! A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3c5b4dac33fa23d0cb8464556adfcf8a5d097c5b commit 3c5b4dac33fa23d0cb8464556adfcf8a5d097c5b Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-09-21 17:16:29 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-09-30 13:51:29 +0000 security/sudo: Update to 1.9.8p2 Major changes between sudo 1.9.8p2 and 1.9.8p1: * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file. PR: 258666 Submitted by: cy Reported by: cy Approved by: garga (maintainer) MFH: 2021Q3 security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) A commit in branch 2021Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1188e2186717b6b121913969e5fdbbeb9d0fc092 commit 1188e2186717b6b121913969e5fdbbeb9d0fc092 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-09-21 17:16:29 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-09-30 14:00:00 +0000 security/sudo: Update to 1.9.8p2 Major changes between sudo 1.9.8p2 and 1.9.8p1: * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file. PR: 258666 Submitted by: cy Reported by: cy Approved by: garga (maintainer) (cherry picked from commit 3c5b4dac33fa23d0cb8464556adfcf8a5d097c5b) security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) |