Bug 251490 - [PATCH] Update security/sudo to 1.9.4
Summary: [PATCH] Update security/sudo to 1.9.4
Status: Closed DUPLICATE of bug 251488
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Renato Botelho
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-30 17:58 UTC by Cy Schubert
Modified: 2020-11-30 18:43 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (garga)


Attachments
Update sudo to 1.9.4 (781 bytes, patch)
2020-11-30 17:58 UTC, Cy Schubert
cy: maintainer-approval? (garga)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Cy Schubert freebsd_committer 2020-11-30 17:58:56 UTC
Created attachment 220109 [details]
Update sudo to 1.9.4

Sudo version 1.9.4 available.  In addition to bug fixes, Sudo 1.9.4
adds support for JSON-formatted logs as well as sending log messages
to sudo_logsrvd even when I/O logging is not in use.

Source:
    https://www.sudo.ws/dist/sudo-1.9.4.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.4.tar.gz

SHA256 checksum:
    8b91bd2cc73af18a06a01406e38d154b837107be759f72e89cefeaa94e1103f0
MD5 checksum:
    b654699baebedd095fa525108ea12cbe

Binary packages:
    https://www.sudo.ws/download.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.9.4 and 1.9.3p1

 * The sudoers parser will now detect when an upper-case reserved
   word is used when declaring an alias.  Now instead of "syntax
   error, unexpected CHROOT, expecting ALIAS" the message will be
   "syntax error, reserved word CHROOT used as an alias name".
   Bug #941.

 * Better handling of sudoers files without a final newline.
   The parser now adds a newline at end-of-file automatically which
   removes the need for special cases in the parser.

 * Fixed a regression introduced in sudo 1.9.1 in the sssd back-end
   where an uninitialized pointer could be freed on an error path.
   GitHub issue #67.

 * The core logging code is now shared between sudo_logsrvd and
   the sudoers plugin.

 * JSON log entries sent to syslog now use "minimal" JSON which
   skips all non-essential whitespace.

 * The sudoers plugin can now produce JSON-formatted logs.  The
   "log_format" sudoers option can be used to select sudo or json
   format logs.  The default is sudo format logs.

 * The sudoers plugin and visudo now display the column number in
   syntax error messages in addition to the line number.  Bug #841.

 * If I/O logging is not enabled but "log_servers" is set, the
   sudoers plugin will now log accept events to sudo_logsrvd.
   Previously, the accept event was only sent when I/O logging was
   enabled.  The sudoers plugin now sends reject and alert events too.

 * The sudo logsrv protocol has been extended to allow an AlertMessage
   to contain an optional array of InfoMessage, as AcceptMessage
   and RejectMessage already do.

 * Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result
   in duplicate entries in the debug log when debugging was enabled.

 * The visudo utility now supports EDITOR environment variables
   that use single or double quotes in the command arguments.
   Bug #942.

 * The PAM session modules now run when sudo is set-user-ID root,
   which allows a module to determine the original user-ID.
   Bug #944.

 * Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end
   where sudoNotBefore and sudoNotAfter were applied even when the
   SUDOERS_TIMED setting was not present in ldap.conf.  Bug #945.

 * Sudo packages for macOS 11 now contain universal binaries that
   support both Intel and Apple Silicon CPUs.

 * For sudo_logsrvd, an empty value for the "pid_file" setting in
   sudo_logsrvd.conf will now disable the process ID file.
Comment 2 Cy Schubert freebsd_committer 2020-11-30 18:43:18 UTC

*** This bug has been marked as a duplicate of bug 251488 ***