From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] sudo: Upgrade to 1.9.5p2 Date: Wed, 27 Jan 2021 21:11:04 +0000 Message-ID: In-Reply-To: <07ce8afd-0c87-2949-0278-0548efc256cf@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3198229776003644472==" List-Id: --===============3198229776003644472== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thank you to both of you for working on this. I have merged this into next :) > On 27 Jan 2021, at 20:48, Peter M=C3=BCller wr= ote: >=20 > Hello Adolf, >=20 > thank you. Looks good to me. >=20 > Reviewed-by: Peter M=C3=BCller >=20 > Thanks, and best regards, > Peter M=C3=BCller >=20 >=20 >> - Update sudo from 1.9.5p1 to 1.9.5p2 >> - Major changes between version 1.9.5p2 and 1.9.5p1: >> Fixed sudo's setprogname(3) emulation on systems that don't provide it. >> Fixed a problem with the sudoers log server client where a partial writ= e to the server could result the sudo process consuming large amounts of CPU = time due to a cycle in the buffer queue. Bug #954. >> Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a= link error when building sudo statically. >> The user's KRB5CCNAME environment variable is now preserved when perfor= ming PAM authentication. This fixes GSSAPI authentication when the user has a= non-default ccache. >> When invoked as sudoedit, the same set of command line options are now = accepted as for sudo -e. The -H and -P options are now rejected for sudoedit = and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for = CVE-2021-3156. >> Fixed a potential buffer overflow when unescaping backslashes in the co= mmand's arguments. Normally, sudo escapes special characters when running a c= ommand via a shell (sudo -s or sudo -i). However, it was also possible to run= sudoedit with the -s or -i flags in which case no escaping had actually been= done, making a buffer overflow possible. This fixes CVE-2021-3156. >> - No change to rootfile >>=20 >> Signed-off-by: Adolf Belka >> --- >> lfs/sudo | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >>=20 >> diff --git a/lfs/sudo b/lfs/sudo >> index feba249cd..bb2279e8f 100644 >> --- a/lfs/sudo >> +++ b/lfs/sudo >> @@ -24,7 +24,7 @@ >>=20 >> include Config >>=20 >> -VER =3D 1.9.5p1 >> +VER =3D 1.9.5p2 >>=20 >> THISAPP =3D sudo-$(VER) >> DL_FILE =3D $(THISAPP).tar.gz >> @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) >>=20 >> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >>=20 >> -$(DL_FILE)_MD5 =3D 145f6e69c116f82cf0377ccf459344eb >> +$(DL_FILE)_MD5 =3D e6bc4c18c06346e6b3431637a2b5f3d5 >>=20 >> install : $(TARGET) >>=20 >>=20 --===============3198229776003644472==--