- Update from 1.9.5p2 to 1.9.6p1
- Update not required for rootfile
- Changelog
Major changes between version 1.9.6p1 and 1.9.6:
Fixed a regression introduced in sudo 1.9.6 that resulted in an error message instead of a usage message when sudo is run with no arguments.
Major changes between version 1.9.6 and 1.9.5p2:
Fixed a sudo_sendlog compilation problem with the AIX xlC compiler.
Fixed a regression introduced in sudo 1.9.4 where the --disable-root-mailer configure option had no effect.
Added a --disable-leaks configure option that avoids some memory leaks on exit that would otherwise occur. This is intended to be used with development tools that measure memory leaks. It is not safe to use in production at this time.
Plugged some memory leaks identified by oss-fuzz and ASAN.
Fixed the handling of sudoOptions for an LDAP sudoRole that contains multiple sudoCommands. Previously, some of the options would only be applied to the first sudoCommand.
Fixed a potential out of bounds read in the parsing of NOTBEFORE and NOTAFTER sudoers command options (and their LDAP equivalents).
The parser used for reading I/O log JSON files is now more resilient when processing invalid JSON.
Fixed typos that prevented make uninstall from working. GitHub issue #87.
Fixed a regression introduced in sudo 1.9.4 where the last line in a sudoers file might not have a terminating NUL character added if no newline was present.
Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new --enable-fuzzer configure option can be combined with the --enable-sanitizer option to build sudo with fuzzing support. Multiple fuzz targets are available for fuzzing different parts of sudo. Fuzzers are built and tested via make fuzz or as part of make check (even when sudo is not built with fuzzing support). Fuzzing support currently requires the LLVM clang compiler (not gcc).
Fixed the --enable-static-sudoers configure option. GitHub issue #92.
Fixed a potential out of bounds read sudo when is run by a user with more groups than the value of max_groups in sudo.conf.
Added an admin_flag sudoers option to make the use of the ~/.sudo_as_admin_successful file configurable on systems where sudo is build with the --enable-admin-flag configure option. This mostly affects Ubuntu and its derivatives. GitHub issue #56.
The max_groups setting in sudo.conf is now limited to 1024. This setting is obsolete and should no longer be needed.
Fixed a bug in the tilde expansion of CHROOT=dir and CWD=dir sudoers command options. A path ~/foo was expanded to /home/userfoo instead of /home/user/foo. This also affects the runchroot and runcwd Defaults settings.
Fixed a bug on systems without a native getdelim(3) function where very long lines could cause parsing of the sudoers file to end prematurely. Bug #960.
Fixed a potential integer overflow when converting the timestamp_timeout and passwd_timeout sudoers settings to a timespec struct.
The default for the group_source setting in sudo.conf is now dynamic on macOS. Recent versions of macOS do not reliably return all of a user's non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. Bug #946.
Fixed a potential use-after-free in the PAM conversation function. Bug #967.
Fixed potential redefinition of sys/stat.h macros in sudo_compat.h. Bug #968.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update sudo from 1.9.5p1 to 1.9.5p2
- Major changes between version 1.9.5p2 and 1.9.5p1:
Fixed sudo's setprogname(3) emulation on systems that don't provide it.
Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954.
Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically.
The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache.
When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* IPTables ins Webinterface - Muss der Benne nochmal drüberkucken!
Geändert:
* Blinde Datei oh323 gelöscht.
* Kein sudo-Paket mehr, da bereits in ISO.
* makegraphs gefixt wegen hddtemp
* Menü im Webinterface wieder einmal bearbeitet.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@171 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
