Bug 249513 - [PATCH] security/sudo update to 1.9.3
Summary: [PATCH] security/sudo update to 1.9.3
Status: Closed DUPLICATE of bug 249511
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Renato Botelho
Depends on:
Reported: 2020-09-21 17:59 UTC by Cy Schubert
Modified: 2020-09-21 18:16 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (garga)

Update sudo to 1.9.3 (1.15 KB, patch)
2020-09-21 17:59 UTC, Cy Schubert
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Cy Schubert freebsd_committer 2020-09-21 17:59:58 UTC
Created attachment 218152 [details]
Update sudo to 1.9.3

Sudo version 1.9.3 is now available.  In addition to bug fixes,
Sudo 1.9.3 adds support for per-command chroot and working directory
settings and command line options.  Sudo 1.9.3 also features more
detailed messages when there is a syntax error in the sudoers file,
as well as better recovery from syntax errors.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.9.2 and 1.9.3

 * sudoedit will now prompt the user before overwriting an existing
   file with one that is zero-length after editing.  Bug #922.

 * Fixed building the Python plugin on systems with a compiler that
   doesn't support symbol hiding.

 * Sudo now uses a linker script to hide symbols even when the
   compiler has native symbol hiding support.  This should make it
   easier to detect omissions in the symbol exports file, regardless
   of the platform.

 * Fixed the libssl dependency in Debian packages for older releases
   that use libssl1.0.0.

 * Sudo and visudo now provide more detailed messages when a syntax
   error is detected in sudoers.  The offending line and token are
   now displayed.  If the parser was generated by GNU bison,
   additional information about what token was expected is also
   displayed.  Bug #841.

 * Sudoers rules must now end in either a newline or the end-of-file.
   Previously, it was possible to have multiple rules on a single
   line, separated by white space.  The use of an end-of-line
   terminator makes it possible to display accurate error messages.

 * Sudo no longer refuses to run if a syntax error in the sudoers
   file is encountered.  The entry with the syntax error will be
   discarded and sudo will continue to parse the file.  This makes
   recovery from a syntax error less painful on systems where sudo
   is the primary method of superuser access.  The historic behavior
   can be restored by add "error_recovery=false" to the sudoers
   plugin's optional arguments in sudo.conf.  Bug #618.

 * Fixed the sample_approval plugin's symbol exports file for systems
   where the compiler doesn't support symbol hiding.

 * Fixed a regression introduced in sudo 1.9.1 where arguments to
   the "sudoers_policy" plugin in sudo.conf were not being applied.
   The sudoers file is now parsed by the "sudoers_audit" plugin,
   which is loaded implicitly when "sudoers_policy" is listed in
   sudo.conf.  Starting with sudo 1.9.3, if there are plugin arguments
   for "sudoers_policy" but "sudoers_audit" is not listed, those
   arguments will be applied to "sudoers_audit" instead.

 * The user's resource limits are now passed to sudo plugins in
   the user_info[] list.  A plugin cannot determine the limits
   itself because sudo changes the limits while it runs to prevent
   resource starvation.

 * It is now possible to set the working directory or change the
   root directory on a per-command basis using the CWD and CHROOT
   options.  There are also new Defaults settings, runchroot and
   runcwd, that can be used to set the working directory or root
   directory on a more global basis.

 * New -D (--chdir) and -R (--chroot) command line options can be
   used to set the working directory or root directory if the sudoers
   file allows it.  This functionality is not enabled by default
   and must be explicitly enabled in the sudoers file.

2.		(text/plain)
sudo-announce mailing list <sudo-announce@sudo.ws>
For list information, options, or to unsubscribe, visit:
Comment 1 Cy Schubert freebsd_committer 2020-09-21 18:16:31 UTC
DUP of 249511.

*** This bug has been marked as a duplicate of bug 249511 ***