From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] sudo: Update to version 1.9.11p3
Date: Thu, 23 Jun 2022 06:58:33 +0000
Message-ID: <b0bdb347-83c8-adc6-d73f-3a4a6aa94d33@ipfire.org>
In-Reply-To: <20220622071059.290113-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3321465621408411908=="
List-Id: <development.lists.ipfire.org>

--===============3321465621408411908==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

> - Update from version 1.9.10 to 1.9.11p3
> - Update of rootfile required
> - Changelog
>     What's new in Sudo 1.9.11p3
> 	 * Fixed "connection reset" errors on AIX when running shell scripts
> 	   with the "intercept" or "log_subcmds" sudoers options enabled.
> 	   Bug #1034.
> 	 * Fixed very slow execution of shell scripts when the "intercept"
> 	   or "log_subcmds" sudoers options are set on systems that enable
> 	   Nagle's algorithm on the loopback device, such as AIX.
> 	   Bug #1034.
>     What's new in Sudo 1.9.11p2
> 	 * Fixed a compilation error on Linux/x86_64 with the x32 ABI.
> 	 * Fixed a regression introduced in 1.9.11p1 that caused a warning
> 	   when logging to sudo_logsrvd if the command returned no output.
>     What's new in Sudo 1.9.11p1
> 	 * Correctly handle EAGAIN in the I/O read/right events.  This fixes
> 	   a hang seen on some systems when piping a large amount of data
> 	   through sudo, such as via rsync.  Bug #963.
> 	 * Changes to avoid implementation or unspecified behavior when
> 	   bit shifting signed values in the protobuf library.
> 	 * Fixed a compilation error on Linux/aarch64.
> 	 * Fixed the configure check for seccomp(2) support on Linux.
> 	 * Corrected the EBNF specification for tags in the sudoers manual
> 	   page.  GitHub issue #153.
>     What's new in Sudo 1.9.11
> 	 * Fixed a crash in the Python module with Python 3.9.10 on some
> 	   systems.  Additionally, "make check" now passes for Python 3.9.10.
> 	 * Error messages sent via email now include more details, including
> 	   the file name and the line number and column of the error.
> 	   Multiple errors are sent in a single message.  Previously, only
> 	   the first error was included.
> 	 * Fixed logging of parse errors in JSON format.  Previously,
> 	   the JSON logger would not write entries unless the command and
> 	   runuser were set.  These may not be known at the time a parse
> 	   error is encountered.
> 	 * Fixed a potential crash parsing sudoers lines larger than twice
> 	   the value of LINE_MAX on systems that lack the getdelim() function.
> 	 * The tests run by "make check" now unset the LANGUAGE environment
> 	   variable.  Otherwise, localization strings will not match if
> 	   LANGUAGE is set to a non-English locale.  Bug #1025.
> 	 * The "starttime" test now passed when run under Debian faketime.
> 	   Bug #1026.
> 	 * The Kerberos authentication module now honors the custom password
> 	   prompt if one has been specified.
> 	 * The embedded copy of zlib has been updated to version 1.2.12.
> 	 * Updated the version of libtool used by sudo to version 2.4.7.
> 	 * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE
> 	   in the header files (currently only GNU libc).  This is required
> 	   to allow the use of 64-bit time values on some 32-bit systems.
> 	 * Sudo's "intercept" and "log_subcmds" options no longer force the
> 	   command to run in its own pseudo-terminal.  It is now also
> 	   possible to intercept the system(3) function.
> 	 * Fixed a bug in sudo_logsrvd when run in store-first relay mode
> 	   where the commit point messages sent by the server were incorrect
> 	   if the command was suspended or received a window size change
> 	   event.
> 	 * Fixed a potential crash in sudo_logsrvd when the "tls_dhparams"
> 	   configuration setting was used.
> 	 * The "intercept" and "log_subcmds" functionality can now use
> 	   ptrace(2) on Linux systems that support seccomp(2) filtering.
> 	   This has the advantage of working for both static and dynamic
> 	   binaries and can work with sudo's SELinux RBAC mode.  The following
> 	   architectures are currently supported: i386, x86_64, aarch64,
> 	   arm, mips (log_subcmds only), powerpc, riscv, and s390x.  The
> 	   default is to use ptrace(2) where possible; the new "intercept_type"
> 	   sudoers setting can be used to explicitly set the type.
> 	 * New Georgian translation from translationproject.org.
> 	 * Fixed creating packages on CentOS Stream.
> 	 * Fixed a bug in the intercept and log_subcmds support where
> 	   the execve(2) wrapper was using the current environment instead
> 	   of the passed environment pointer.  Bug #1030.
> 	 * Added AppArmor integration for Linux.  A sudoers rule can now
> 	   specify an APPARMOR_PROFILE option to run a command confined by
> 	   the named AppArmor profile.
> 	 * Fixed parsing of the "server_log" setting in sudo_logsrvd.conf.
> 	   Non-paths were being treated as paths and an actual path was
> 	   treated as an error.
>=20
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>  config/rootfiles/common/sudo | 3 ++-
>  lfs/sudo                     | 4 ++--
>  2 files changed, 4 insertions(+), 3 deletions(-)
>=20
> diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo
> index 1cb0d2bf7..93d9cbce2 100644
> --- a/config/rootfiles/common/sudo
> +++ b/config/rootfiles/common/sudo
> @@ -80,6 +80,7 @@ usr/sbin/visudo
>  #usr/share/locale/it/LC_MESSAGES/sudoers.mo
>  #usr/share/locale/ja/LC_MESSAGES/sudo.mo
>  #usr/share/locale/ja/LC_MESSAGES/sudoers.mo
> +#usr/share/locale/ka/LC_MESSAGES/sudo.mo
>  #usr/share/locale/ko/LC_MESSAGES/sudo.mo
>  #usr/share/locale/ko/LC_MESSAGES/sudoers.mo
>  #usr/share/locale/lt/LC_MESSAGES/sudoers.mo
> @@ -120,11 +121,11 @@ usr/sbin/visudo
>  #usr/share/man/man5/sudo.conf.5
>  #usr/share/man/man5/sudo_logsrv.proto.5
>  #usr/share/man/man5/sudo_logsrvd.conf.5
> +#usr/share/man/man5/sudo_plugin.5
>  #usr/share/man/man5/sudoers.5
>  #usr/share/man/man5/sudoers_timestamp.5
>  #usr/share/man/man8/sudo.8
>  #usr/share/man/man8/sudo_logsrvd.8
> -#usr/share/man/man8/sudo_plugin.8
>  #usr/share/man/man8/sudo_sendlog.8
>  #usr/share/man/man8/sudoedit.8
>  #usr/share/man/man8/sudoreplay.8
> diff --git a/lfs/sudo b/lfs/sudo
> index 4d73db639..ce9649d79 100644
> --- a/lfs/sudo
> +++ b/lfs/sudo
> @@ -24,7 +24,7 @@
> =20
>  include Config
> =20
> -VER        =3D 1.9.10
> +VER        =3D 1.9.11p3
> =20
>  THISAPP    =3D sudo-$(VER)
>  DL_FILE    =3D $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
> =20
>  $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
> =20
> -$(DL_FILE)_BLAKE2 =3D 94d97379e31b41917616a829cbece3d3fce7dd6ab9d04791b928=
981c14249c306508298655c19dc59a054ccf7deed4e69e65367cbfe9f6d8b5aba8895cfa6064
> +$(DL_FILE)_BLAKE2 =3D f8508f65b514abd9979a11628d8bc0e085b2625993281e7d1f87=
94a576e88970bda6939d2f2f50d9485f00276970aba3489b19c102eca5625e389c9610f338dd
> =20
>  install : $(TARGET)
> =20

--===============3321465621408411908==--