Bug 252598 - [PATCH] security/sudo - update to 1.9.5p1 - suid regression fix
Summary: [PATCH] security/sudo - update to 1.9.5p1 - suid regression fix
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Renato Botelho
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-12 03:50 UTC by Cy Schubert
Modified: 2021-01-12 12:43 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (garga)
cy: maintainer-feedback? (garga)
cy: merge-quarterly?


Attachments
sudo 1.9.5p1 fixes a setuid security vulnerbility introduced in 1.9.5 (781 bytes, patch)
2021-01-12 03:50 UTC, Cy Schubert
cy: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Cy Schubert freebsd_committer 2021-01-12 03:50:30 UTC
Created attachment 221481 [details]
sudo 1.9.5p1 fixes a setuid security vulnerbility introduced in 1.9.5

The priority is set to P1 due to the security exposure.

Sudo version 1.9.5p1 is now available which fixes a bug introduced
in sudo 1.9.5.  Sudo 1.9.5 fixed several bugs, including CVE-2021-23239
and CVE-2021-23240 which have security implications.  See below for
details.

Source:
    https://www.sudo.ws/dist/sudo-1.9.5p1.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p1.tar.gz

SHA256 checksum:
    4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882
MD5 checksum:
    145f6e69c116f82cf0377ccf459344eb

Binary packages:
    https://www.sudo.ws/download.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.9.5p1 and 1.9.5

 * Fixed a regression introduced in sudo 1.9.5 where the editor run
   by sudoedit was set-user-ID root unless SELinux RBAC was in use.
   The editor is now run with the user's real and effective user-IDs.
Comment 1 commit-hook freebsd_committer 2021-01-12 12:40:54 UTC
A commit references this bug:

Author: garga
Date: Tue Jan 12 12:40:24 UTC 2021
New revision: 561323
URL: https://svnweb.freebsd.org/changeset/ports/561323

Log:
  security/sudo: Update to 1.9.5p1

  This version fixes a regression introduced by 1.9.5

  Changelog: https://www.sudo.ws/stable.html#1.9.5p1

  PR:		252598
  Submitted by:	cy
  MFH:		2021Q1
  Sponsored by:	Rubicon Communications, LLC (Netgate)

Changes:
  head/security/sudo/Makefile
  head/security/sudo/distinfo
Comment 2 commit-hook freebsd_committer 2021-01-12 12:43:57 UTC
A commit references this bug:

Author: garga
Date: Tue Jan 12 12:43:27 UTC 2021
New revision: 561325
URL: https://svnweb.freebsd.org/changeset/ports/561325

Log:
  MFH: r561259 r561323

  Update 1.9.4p2 --> 1.9.5

  PR:		252583
  Submitted by:	cy
  Reported by:	cy
  Approved by:	garga (maintainer)
  Security:	CVE-2021-23239

  security/sudo: Update to 1.9.5p1

  This version fixes a regression introduced by 1.9.5

  Changelog: https://www.sudo.ws/stable.html#1.9.5p1

  PR:		252598
  Submitted by:	cy
  Sponsored by:	Rubicon Communications, LLC (Netgate)

Changes:
_U  branches/2021Q1/
  branches/2021Q1/security/sudo/Makefile
  branches/2021Q1/security/sudo/distinfo