From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] sudo: Upgrade to 1.9.5p2
Date: Wed, 27 Jan 2021 21:11:04 +0000 [thread overview]
Message-ID: <F33DEDE3-BF0F-47BF-A404-7CB0016A3682@ipfire.org> (raw)
In-Reply-To: <07ce8afd-0c87-2949-0278-0548efc256cf@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2348 bytes --]
Thank you to both of you for working on this. I have merged this into next :)
> On 27 Jan 2021, at 20:48, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> Hello Adolf,
>
> thank you. Looks good to me.
>
> Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
>
> Thanks, and best regards,
> Peter Müller
>
>
>> - Update sudo from 1.9.5p1 to 1.9.5p2
>> - Major changes between version 1.9.5p2 and 1.9.5p1:
>> Fixed sudo's setprogname(3) emulation on systems that don't provide it.
>> Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954.
>> Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically.
>> The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache.
>> When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
>> Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.
>> - No change to rootfile
>>
>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> ---
>> lfs/sudo | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/lfs/sudo b/lfs/sudo
>> index feba249cd..bb2279e8f 100644
>> --- a/lfs/sudo
>> +++ b/lfs/sudo
>> @@ -24,7 +24,7 @@
>>
>> include Config
>>
>> -VER = 1.9.5p1
>> +VER = 1.9.5p2
>>
>> THISAPP = sudo-$(VER)
>> DL_FILE = $(THISAPP).tar.gz
>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_MD5 = 145f6e69c116f82cf0377ccf459344eb
>> +$(DL_FILE)_MD5 = e6bc4c18c06346e6b3431637a2b5f3d5
>>
>> install : $(TARGET)
>>
>>
prev parent reply other threads:[~2021-01-27 21:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-27 20:14 Adolf Belka
2021-01-27 20:48 ` Peter Müller
2021-01-27 21:11 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=F33DEDE3-BF0F-47BF-A404-7CB0016A3682@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox