From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] sudo: Update to version 1.9.13
Date: Thu, 16 Feb 2023 13:50:35 +0100 [thread overview]
Message-ID: <20230216125035.3435417-4-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20230216125035.3435417-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 6771 bytes --]
- Update from version 1.9.12p2 to 1.9.13
- Update of rootfile
- Changelog
What's new in Sudo 1.9.13
* Fixed a bug running relative commands via sudo when "log_subcmds"
is enabled. GitHub issue #194.
* Fixed a signal handling bug when running sudo commands in a shell
script. Signals were not being forwarded to the command when
the sudo process was not run in its own process group.
* Fixed a bug in cvtsudoers' LDIF parsing when the file ends without
a newline and a backslash is the last character of the file.
* Fixed a potential use-after-free bug with cvtsudoers filtering.
GitHub issue #198.
* Added a reminder to the default lecture that the password will
not echo. This line is only displayed when the pwfeedback option
is disabled. GitHub issue #195.
* Fixed potential memory leaks in error paths. GitHub issues #199,
#202.
* Fixed potential NULL dereferences on memory allocation failure.
GitHub issues #204, #211.
* Sudo now uses C23-style attributes in function prototypes instead
of gcc-style attributes if supported.
* Added a new "list" pseudo-command in sudoers to allow a user to
list another user's privileges. Previously, only root or a user
with the ability to run any command as either root or the target
user on the current host could use the -U option. This also
includes a fix to the log entry when a user lacks permission to
run "sudo -U otheruser -l command". Previously, the logs would
indicate that the user tried to run the actual command, now the
log entry includes the list operation.
* JSON logging now escapes control characters if they happen to
appear in the command or environment.
* New Albanian translation from translationproject.org.
* Regular expressions in sudoers or logsrvd.conf may no longer
contain consecutive repetition operators. This is implementation-
specific behavior according to POSIX, but some implementations
will allocate excessive amounts of memory. This mainly affects
the fuzzers.
* Sudo now builds AIX-style shared libraries and dynamic shared
objects by default instead of svr4-style. This means that the
default sudo plugins are now .a (archive) files that contain a
.so shared object file instead of bare .so files. This was done
to improve compatibility with the AIX Freeware ecosystem,
specifically, the AIX Freeware build of OpenSSL. Sudo will still
load svr4-style .so plugins and if a .so file is requested,
either via sudo.conf or the sudoers file, and only the .a file
is present, sudo will convert the path from plugin.so to
plugin.a(plugin.so) when loading it. This ensures compatibility
with existing configurations. To restore the old, pre-1.9.13
behavior, run configure using the --with-aix-soname=svr4 option.
* Sudo no longer checks the ownership and mode of the plugins that
it loads. Plugins are configured via either the sudo.conf or
sudoers file which are trusted configuration files. These checks
suffered from time-of-check vs. time-of-use race conditions and
complicate loading plugins that are not simple paths. Ownership
and mode checks are still performed when loading the sudo.conf
and sudoers files, which do not suffer from race conditions.
The sudo.conf "developer_mode" setting is no longer used.
* Control characters in sudo log messages and "sudoreplay -l"
output are now escaped in octal format. Space characters in the
command path are also escaped. Command line arguments that
contain spaces are surrounded by single quotes and any literal
single quote or backslash characters are escaped with a backslash.
This makes it possible to distinguish multiple command line
arguments from a single argument that contains spaces.
* Improved support for DragonFly BSD which uses a different struct
procinfo than either FreeBSD or 4.4BSD.
* Fixed a compilation error on Linux arm systems running older
kernels that may not define EM_ARM in linux/elf-em.h.
GitHub issue #232.
* Fixed a compilation error when LDFLAGS contains -Wl,--no-undefined.
Sudo will now link using -Wl,--no-undefined by default if possible.
GitHub issue #234.
* Fixed a bug executing a command with a very long argument vector
when "log_subcmds" or "intercept" is enabled on a system where
"intercept_type" is set to "trace". GitHub issue #194.
* When sudo is configured to run a command in a pseudo-terminal
but the standard input is not connected to a terminal, the command
will now be run as a background process. This works around a
problem running sudo commands in the background from a shell
script where changing the terminal to raw mode could interfere
with the interactive shell that ran the script.
GitHub issue #237.
* A missing include file in sudoers is no longer a fatal error
unless the error_recovery plugin argument has been set to false.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/rootfiles/common/sudo | 2 ++
lfs/sudo | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo
index 43b8f7127..9c8be9974 100644
--- a/config/rootfiles/common/sudo
+++ b/config/rootfiles/common/sudo
@@ -79,6 +79,7 @@ usr/sbin/visudo
#usr/share/locale/ja/LC_MESSAGES/sudo.mo
#usr/share/locale/ja/LC_MESSAGES/sudoers.mo
#usr/share/locale/ka/LC_MESSAGES/sudo.mo
+#usr/share/locale/ka/LC_MESSAGES/sudoers.mo
#usr/share/locale/ko/LC_MESSAGES/sudo.mo
#usr/share/locale/ko/LC_MESSAGES/sudoers.mo
#usr/share/locale/lt/LC_MESSAGES/sudoers.mo
@@ -101,6 +102,7 @@ usr/sbin/visudo
#usr/share/locale/sk/LC_MESSAGES/sudoers.mo
#usr/share/locale/sl/LC_MESSAGES/sudo.mo
#usr/share/locale/sl/LC_MESSAGES/sudoers.mo
+#usr/share/locale/sq/LC_MESSAGES/sudo.mo
#usr/share/locale/sr/LC_MESSAGES/sudo.mo
#usr/share/locale/sr/LC_MESSAGES/sudoers.mo
#usr/share/locale/sv/LC_MESSAGES/sudo.mo
diff --git a/lfs/sudo b/lfs/sudo
index ddcddf225..c94796f6a 100644
--- a/lfs/sudo
+++ b/lfs/sudo
@@ -24,7 +24,7 @@
include Config
-VER = 1.9.12p2
+VER = 1.9.13
THISAPP = sudo-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 79eac710b757acae7aa98e6e6f495a475e5236be456e4687fb1441345ee296672ff80a5a60902cffcd257aa81a01fbc3857f3c52e51bb46f56c060fd299e0c05
+$(DL_FILE)_BLAKE2 = a923879920ac5a3c71e6e898ecc9c1194f26ea5e0ac109a6163fbbdea02724bb0bc126cdd7ea0be2470febc4f978b00519adb2fbc2952706cd47bebcd48447aa
install : $(TARGET)
--
2.39.1
prev parent reply other threads:[~2023-02-16 12:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-16 12:50 [PATCH] dbus: Update to version 1.14.6 Adolf Belka
2023-02-16 12:50 ` [PATCH] freetype: Update to version 2.13.0 Adolf Belka
2023-02-16 12:50 ` [PATCH] intel-microcode: Update to version 20230214 Adolf Belka
2023-02-16 12:50 ` Adolf Belka [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230216125035.3435417-4-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox