CVS commit: pkgsrc/security/sudo

["Jonathan Perkin" <jperkin%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   jperkin
Date:           Tue Jan 26 20:18:43 UTC 2021

Modified Files:
        pkgsrc/security/sudo: Makefile distinfo

Log Message:
sudo: Update to 1.9.5p2 for CVE-2021-3156.

What's new in Sudo 1.9.5p2

 * Fixed sudo's setprogname(3) emulation on systems that don't
   provide it.

 * Fixed a problem with the sudoers log server client where a partial
   write to the server could result the sudo process consuming large
   amounts of CPU time due to a cycle in the buffer queue. Bug #954.

 * Added a missing dependency on libsudo_util in libsudo_eventlog.
   Fixes a link error when building sudo statically.

 * The user's KRB5CCNAME environment variable is now preserved when
   performing PAM authentication.  This fixes GSSAPI authentication
   when the user has a non-default ccache.

 * When invoked as sudoedit, the same set of command line options
   are now accepted as for "sudo -e".  The -H and -P options are
   now rejected for sudoedit and "sudo -e" which matches the sudo
   1.7 behavior.  This is part of the fix for CVE-2021-3156.

 * Fixed a potential buffer overflow when unescaping backslashes
   in the command's arguments.  Normally, sudo escapes special
   characters when running a command via a shell (sudo -s or sudo
   -i).  However, it was also possible to run sudoedit with the -s
   or -i flags in which case no escaping had actually been done,
   making a buffer overflow possible.  This fixes CVE-2021-3156.


To generate a diff of this commit:
cvs rdiff -u -r1.181 -r1.182 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.112 -r1.113 pkgsrc/security/sudo/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/sudo/Makefile
diff -u pkgsrc/security/sudo/Makefile:1.181 pkgsrc/security/sudo/Makefile:1.182
--- pkgsrc/security/sudo/Makefile:1.181 Mon Jan 18 14:32:23 2021
+++ pkgsrc/security/sudo/Makefile       Tue Jan 26 20:18:43 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.181 2021/01/18 14:32:23 taca Exp $
+# $NetBSD: Makefile,v 1.182 2021/01/26 20:18:43 jperkin Exp $
 
-DISTNAME=      sudo-1.9.5p1
+DISTNAME=      sudo-1.9.5p2
 CATEGORIES=    security
 MASTER_SITES=  https://www.sudo.ws/dist/
 MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/

Index: pkgsrc/security/sudo/distinfo
diff -u pkgsrc/security/sudo/distinfo:1.112 pkgsrc/security/sudo/distinfo:1.113
--- pkgsrc/security/sudo/distinfo:1.112 Mon Jan 18 14:32:23 2021
+++ pkgsrc/security/sudo/distinfo       Tue Jan 26 20:18:43 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.112 2021/01/18 14:32:23 taca Exp $
+$NetBSD: distinfo,v 1.113 2021/01/26 20:18:43 jperkin Exp $
 
-SHA1 (sudo-1.9.5p1.tar.gz) = 0a6b9b18518c8f7c37bd09573b9b711174cdf3b9
-RMD160 (sudo-1.9.5p1.tar.gz) = 4fdcb72761b7d3a7de6c98c11c5efc976a6b11e5
-SHA512 (sudo-1.9.5p1.tar.gz) = 0168f0b61a6c2d2f60a92b5b4d3c3254aed4116decabac3821d9ac2fd7f74bb7b019e35bb8955335315b3b00ddf4e4acd82540df0addc1d9bf4f44b60447a878
-Size (sudo-1.9.5p1.tar.gz) = 4008926 bytes
+SHA1 (sudo-1.9.5p2.tar.gz) = 08bde247a1e08bc881eec43e09733f7ca06408f5
+RMD160 (sudo-1.9.5p2.tar.gz) = 5952aafd4e777196eb8af81c4cdc420e3d688684
+SHA512 (sudo-1.9.5p2.tar.gz) = f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27
+Size (sudo-1.9.5p2.tar.gz) = 4012277 bytes
 SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560
 SHA1 (patch-configure) = 4db043c7384cdeb4701ccd2f455dfad2dc17c663
 SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409