diff options
| author | jperkin <jperkin@pkgsrc.org> | 2021-01-26 20:18:43 +0000 |
|---|---|---|
| committer | jperkin <jperkin@pkgsrc.org> | 2021-01-26 20:18:43 +0000 |
| commit | 498011276462e0dc491fb3189767f1085e12da03 (patch) | |
| tree | 84e7119af4bdff5e3303801160e7e43bc32091ee | |
| parent | e028a5b835026c8890c0747116b4604ac18a8767 (diff) | |
| download | pkgsrc-498011276462e0dc491fb3189767f1085e12da03.tar.gz | |
sudo: Update to 1.9.5p2 for CVE-2021-3156.
What's new in Sudo 1.9.5p2
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a partial
write to the server could result the sudo process consuming large
amounts of CPU time due to a cycle in the buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved when
performing PAM authentication. This fixes GSSAPI authentication
when the user has a non-default ccache.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
| -rw-r--r-- | security/sudo/Makefile | 4 | ||||
| -rw-r--r-- | security/sudo/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 8ea021fec29..ea6b227f159 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.181 2021/01/18 14:32:23 taca Exp $ +# $NetBSD: Makefile,v 1.182 2021/01/26 20:18:43 jperkin Exp $ -DISTNAME= sudo-1.9.5p1 +DISTNAME= sudo-1.9.5p2 CATEGORIES= security MASTER_SITES= https://www.sudo.ws/dist/ MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ diff --git a/security/sudo/distinfo b/security/sudo/distinfo index a2cab269e37..b6c5aabc107 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.112 2021/01/18 14:32:23 taca Exp $ +$NetBSD: distinfo,v 1.113 2021/01/26 20:18:43 jperkin Exp $ -SHA1 (sudo-1.9.5p1.tar.gz) = 0a6b9b18518c8f7c37bd09573b9b711174cdf3b9 -RMD160 (sudo-1.9.5p1.tar.gz) = 4fdcb72761b7d3a7de6c98c11c5efc976a6b11e5 -SHA512 (sudo-1.9.5p1.tar.gz) = 0168f0b61a6c2d2f60a92b5b4d3c3254aed4116decabac3821d9ac2fd7f74bb7b019e35bb8955335315b3b00ddf4e4acd82540df0addc1d9bf4f44b60447a878 -Size (sudo-1.9.5p1.tar.gz) = 4008926 bytes +SHA1 (sudo-1.9.5p2.tar.gz) = 08bde247a1e08bc881eec43e09733f7ca06408f5 +RMD160 (sudo-1.9.5p2.tar.gz) = 5952aafd4e777196eb8af81c4cdc420e3d688684 +SHA512 (sudo-1.9.5p2.tar.gz) = f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27 +Size (sudo-1.9.5p2.tar.gz) = 4012277 bytes SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560 SHA1 (patch-configure) = 4db043c7384cdeb4701ccd2f455dfad2dc17c663 SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409 |