Bug 258666 - security/sudo: Update to 1.9.8p2
Summary: security/sudo: Update to 1.9.8p2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Renato Botelho
URL: https://github.com/sudo-project/sudo/...
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2021-09-21 17:08 UTC by Cy Schubert
Modified: 2021-09-30 17:25 UTC (History)
1 user (show)

See Also:
garga: maintainer-feedback+
cy: merge-quarterly?


Attachments
Update sudo to 1.9.8p2 (805 bytes, patch)
2021-09-21 17:08 UTC, Cy Schubert
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Cy Schubert freebsd_committer 2021-09-21 17:08:18 UTC
Created attachment 228100 [details]
Update sudo to 1.9.8p2

Sudo version 1.9.8 patchelevel 2 is now available which fixes a few
regressions introduced in sudo 1.9.8.

Source:
    https://www.sudo.ws/dist/sudo-1.9.8p2.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.8p2.tar.gz

SHA256 checksum:
    9e3b8b8da7def43b6e60c257abe80467205670fd0f7c081de1423c414b680f2d
MD5 checksum:
    f831c1d62835cde89c261465d9c781e4

Binary packages:
    https://www.sudo.ws/download.html#binary
    https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_8p2

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.9.8p2 and 1.9.8p1:

 * Fixed a potential out-of-bounds read with "sudo -i" when the
   target user's shell is bash.  This is a regression introduced
   in sudo 1.9.8.  Bug #998.

 * sudo_logsrvd now only sends a log ID for first command of a session.
   There is no need to send the log ID for each sub-command.

 * Fixed a few minor memory leaks in intercept mode.

 * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
   was enabled when handling sub-commands.  A new zero-length journal
   file was created for each sub-command instead of simply using
   the existing journal file.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-09-22 00:28:04 UTC
Is the new "Add --enable-openssl-pkgconfig" potentially useful or needed for the port?
Comment 2 Cy Schubert freebsd_committer 2021-09-22 04:11:55 UTC
(In reply to Kubilay Kocak from comment #1)

Do you mean this?


  --enable-openssl-pkgconfig-template=template
        A printf-style template used to construct the name of the
        openssl and libcrypto pkg-config files.  For example, a
        template of "e%s30" would cause "eopenssl30" and "libecrypto30"
        to be used instead.  This makes it possible to link with
        the OpenSSL 3.0 package on OpenBSD.  Defaults to "%s".

For there is no --enable-openssl-pkgconfig without the -template.

Mind you, any kind of change outside of "update to 1.9.8p2" would be outside of the scope of this PR. Something like this should be a phabricator review instead.
Comment 3 Cy Schubert freebsd_committer 2021-09-28 18:16:16 UTC
With the out-of-bounds read being fixed we should probably expedite this.
Comment 4 Renato Botelho freebsd_committer 2021-09-30 12:19:28 UTC
Approved.  Thanks!
Comment 5 commit-hook freebsd_committer 2021-09-30 13:52:23 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3c5b4dac33fa23d0cb8464556adfcf8a5d097c5b

commit 3c5b4dac33fa23d0cb8464556adfcf8a5d097c5b
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-09-21 17:16:29 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-09-30 13:51:29 +0000

    security/sudo: Update to 1.9.8p2

    Major changes between sudo 1.9.8p2 and 1.9.8p1:

     * Fixed a potential out-of-bounds read with "sudo -i" when the
       target user's shell is bash.  This is a regression introduced
       in sudo 1.9.8.  Bug #998.

     * sudo_logsrvd now only sends a log ID for first command of a session.
       There is no need to send the log ID for each sub-command.

     * Fixed a few minor memory leaks in intercept mode.

     * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
       was enabled when handling sub-commands.  A new zero-length journal
       file was created for each sub-command instead of simply using
       the existing journal file.

    PR:             258666
    Submitted by:   cy
    Reported by:    cy
    Approved by:    garga (maintainer)
    MFH:            2021Q3

 security/sudo/Makefile | 2 +-
 security/sudo/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 6 commit-hook freebsd_committer 2021-09-30 14:00:25 UTC
A commit in branch 2021Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1188e2186717b6b121913969e5fdbbeb9d0fc092

commit 1188e2186717b6b121913969e5fdbbeb9d0fc092
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-09-21 17:16:29 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-09-30 14:00:00 +0000

    security/sudo: Update to 1.9.8p2

    Major changes between sudo 1.9.8p2 and 1.9.8p1:

     * Fixed a potential out-of-bounds read with "sudo -i" when the
       target user's shell is bash.  This is a regression introduced
       in sudo 1.9.8.  Bug #998.

     * sudo_logsrvd now only sends a log ID for first command of a session.
       There is no need to send the log ID for each sub-command.

     * Fixed a few minor memory leaks in intercept mode.

     * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
       was enabled when handling sub-commands.  A new zero-length journal
       file was created for each sub-command instead of simply using
       the existing journal file.

    PR:             258666
    Submitted by:   cy
    Reported by:    cy
    Approved by:    garga (maintainer)

    (cherry picked from commit 3c5b4dac33fa23d0cb8464556adfcf8a5d097c5b)

 security/sudo/Makefile | 2 +-
 security/sudo/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)