pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2025Q2] pkgsrc/security/sudo
Module Name: pkgsrc
Committed By: maya
Date: Wed Jul 2 20:37:00 UTC 2025
Modified Files:
pkgsrc/security/sudo [pkgsrc-2025Q2]: Makefile distinfo
Log Message:
Pullup ticket #6975 - requested by kim
security/sudo: Security fix
Revisions pulled up:
- security/sudo/Makefile 1.209
- security/sudo/distinfo 1.138
---
Module Name: pkgsrc
Committed By: kim
Date: Tue Jul 1 05:09:11 UTC 2025
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
sudo: Upgrade to 1.9.17p1
What's new in Sudo 1.9.17p1
* Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host.
* Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if
they are not listed in the sudoers file. The chroot support has
been deprecated an will be removed entirely in a future release.
What's new in Sudo 1.9.17
* Sudo now uses the NODEV macro consistently. Bug #1074.
* Fixed a bug where the "ALL" command in a sudoers rule would
override a previous NOSETENV tag. Command tags are inherited
from previous Cmnds in a Cmnd_Spec_List. There is a special
case for the SETENV tag with the "ALL" command, where SETENV is
implied if no explicit SETENV or NOSETENV tag is specified. This
special case did not take into account that a NOSETENV tag that
was inherited should override this behavior.
* If sudo is run via ssh without a terminal and a password is
required, it now suggest using ssh's "-t" option.
* Fixed the display of timeout values in the "sudo -V" output
on systems without a C99-compliant snprintf() function.
* Quieted a number of minor Coverity warnings.
* Fixed a problem running sudo from a serial console on Linux when
the command is run in a pseudo-terminal (the default).
* Fixed a crash in sudo which could occur if there was a fatal
error after the user was validated but before the command was
actually run.
* Fixed a number of man page style warnings. The "lint" make target
in the docs directory will now run groff with warnings enabled
if it is available. Bug #1075.
* The "ignore_dot" sudoers setting is now on by default. There
is now a "--disable-ignore-dot" configure option to disable it.
The "--with-ignore-dot" configure option has been deprecated.
* Fixed a problem with the "pwfeedback" option where an initial
backspace would reduce the maximum length allowed for the password.
GitHub issue #439.
* Fixed minor grammar and spelling problems in the man pages.
* Fixed a bug where a user could avoid entering a password for
"sudo -l command" if they specified their own user or group name
via the "-u" or "-g" options.
* Avoid potential password guessing based on timing attacks on
the strcmp() function on systems without PAM or a crypt() function
where plaintext passwords are stored in the shadow password file.
* Fixed a potential information leak where "sudo -l command" could
be used to determine whether an executable exists in a directory
that they do not have search access to.
* Sudo uses TCSAFLUSH, not TCSADRAIN, when disabling echo once
again. A long time ago sudo changed from using TCSAFLUSH to
TCSADRAIN due to some systems having bugs related to TCSAFLUSH.
That should no longer be a concern. Using TCSAFLUSH ensures
that password input that has been received by the kernel, but
not yet read by sudo, will be discarded and not echoed.
* Added the SUDO_TTY environment variable if the user has a terminal.
This can be used to find the user's original tty device when sudo
runs the command in its own pseudo-terminal. GitHub issue #447.
* New Cantonese translation for sudo.
To generate a diff of this commit:
cvs rdiff -u -r1.208 -r1.208.2.1 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.137 -r1.137.4.1 pkgsrc/security/sudo/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/sudo/Makefile
diff -u pkgsrc/security/sudo/Makefile:1.208 pkgsrc/security/sudo/Makefile:1.208.2.1
--- pkgsrc/security/sudo/Makefile:1.208 Sat Apr 19 07:58:23 2025
+++ pkgsrc/security/sudo/Makefile Wed Jul 2 20:37:00 2025
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.208 2025/04/19 07:58:23 wiz Exp $
+# $NetBSD: Makefile,v 1.208.2.1 2025/07/02 20:37:00 maya Exp $
-DISTNAME= sudo-1.9.16p2
-PKGREVISION= 2
+DISTNAME= sudo-1.9.17p1
CATEGORIES= security
MASTER_SITES= https://www.sudo.ws/dist/
MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
Index: pkgsrc/security/sudo/distinfo
diff -u pkgsrc/security/sudo/distinfo:1.137 pkgsrc/security/sudo/distinfo:1.137.4.1
--- pkgsrc/security/sudo/distinfo:1.137 Mon Mar 3 21:51:40 2025
+++ pkgsrc/security/sudo/distinfo Wed Jul 2 20:37:00 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.137 2025/03/03 21:51:40 nia Exp $
+$NetBSD: distinfo,v 1.137.4.1 2025/07/02 20:37:00 maya Exp $
-BLAKE2s (sudo-1.9.16p2.tar.gz) = 6e772f5372473d112e122f125cdf7da8db636de3c8c973f18232942fd98a51b1
-SHA512 (sudo-1.9.16p2.tar.gz) = 1e2ea762671890a03b0ea4b95b3849f2d3a4c301432db8767433e9d80c517efd8b7a68e0bbce1b178aff5857907600f1f5e0d889779cb27e38c2f602395f6f06
-Size (sudo-1.9.16p2.tar.gz) = 5398419 bytes
+BLAKE2s (sudo-1.9.17p1.tar.gz) = ff973b090b311fc0397a51f261243671594ac3e0ce14a707eca82b8fb07997c9
+SHA512 (sudo-1.9.17p1.tar.gz) = 1a9fb27a117b54adf5c99443b3375f7e0eaaf3a2d5a3d409f7c7b10c43432eb301d721df93fb1a8a2e45bf4a4957288d4f153359fc018af00973be57f62a1ebc
+Size (sudo-1.9.17p1.tar.gz) = 5449076 bytes
SHA1 (patch-Makefile.in) = 1a83c55d27829013e2e23073046c5c39b020fafe
SHA1 (patch-configure) = 1e8eff2a823b0f687ef563a5050f43fb4bb9d72c
SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409
Home |
Main Index |
Thread Index |
Old Index