| Message ID | 20220622071059.290113-1-adolf.belka@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 2296698ec46d297520584f67936be3d81c20feb4 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4LSZL62lFsz40TL for <patchwork@web04.haj.ipfire.org>; Wed, 22 Jun 2022 07:11:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4LSZL405WqzqV; Wed, 22 Jun 2022 07:11:07 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4LSZL35cB7z2ymS; Wed, 22 Jun 2022 07:11:07 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4LSZL16WsYz2xGV for <development@lists.ipfire.org>; Wed, 22 Jun 2022 07:11:05 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4LSZL06x5pzdB; Wed, 22 Jun 2022 07:11:04 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1655881865; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=WxUVkKWh4ktExV7uInnv98BdtXy2PzXCCR66QOl/9rw=; b=QiaTMwfiZdWwTo6Z82zeGs8Oqj3VjulL5QuskJ0nXyDWZncM5vMpGZs7qzlmi2JGtKnvh3 WYPpc74qXv0MUNCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1655881865; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=WxUVkKWh4ktExV7uInnv98BdtXy2PzXCCR66QOl/9rw=; b=OSCHbn0Prt2ZP2JVE8CRdeZsBTwJjXPzZ4dyKD6t+AxDEPtfNQ9vLWGvGp6UNZ9Dt4Oerb fLZ7AbNj0kGZYyLDdRqK69fWwA82rBRqG6jivF8Di3NP2BXut2LoZpWarhnbSJkVRTWYYI vXTMCG/3sMcjYhSf8u0Ai8xuQQ8YTusxXXdAk/Zq7etN81roOELap+qHtQEVg9XETk/fVf meV59lv/Cc/gnwXbkOTtx6JN1Sh3gAw+8g/As77DOFn3P6ULN/dfcpl4lQlUQ6oBP5Asuk 5Jv/Is5elg223+QvhELq+fnSGWLBPaWGreYF9Z+SgULVG2AkPh4M07Ww1sowUA== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] sudo: Update to version 1.9.11p3 Date: Wed, 22 Jun 2022 09:10:59 +0200 Message-Id: <20220622071059.290113-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
sudo: Update to version 1.9.11p3
|
|
Commit Message
Adolf Belka
June 22, 2022, 7:10 a.m. UTC
- Update from version 1.9.10 to 1.9.11p3
- Update of rootfile required
- Changelog
What's new in Sudo 1.9.11p3
* Fixed "connection reset" errors on AIX when running shell scripts
with the "intercept" or "log_subcmds" sudoers options enabled.
Bug #1034.
* Fixed very slow execution of shell scripts when the "intercept"
or "log_subcmds" sudoers options are set on systems that enable
Nagle's algorithm on the loopback device, such as AIX.
Bug #1034.
What's new in Sudo 1.9.11p2
* Fixed a compilation error on Linux/x86_64 with the x32 ABI.
* Fixed a regression introduced in 1.9.11p1 that caused a warning
when logging to sudo_logsrvd if the command returned no output.
What's new in Sudo 1.9.11p1
* Correctly handle EAGAIN in the I/O read/right events. This fixes
a hang seen on some systems when piping a large amount of data
through sudo, such as via rsync. Bug #963.
* Changes to avoid implementation or unspecified behavior when
bit shifting signed values in the protobuf library.
* Fixed a compilation error on Linux/aarch64.
* Fixed the configure check for seccomp(2) support on Linux.
* Corrected the EBNF specification for tags in the sudoers manual
page. GitHub issue #153.
What's new in Sudo 1.9.11
* Fixed a crash in the Python module with Python 3.9.10 on some
systems. Additionally, "make check" now passes for Python 3.9.10.
* Error messages sent via email now include more details, including
the file name and the line number and column of the error.
Multiple errors are sent in a single message. Previously, only
the first error was included.
* Fixed logging of parse errors in JSON format. Previously,
the JSON logger would not write entries unless the command and
runuser were set. These may not be known at the time a parse
error is encountered.
* Fixed a potential crash parsing sudoers lines larger than twice
the value of LINE_MAX on systems that lack the getdelim() function.
* The tests run by "make check" now unset the LANGUAGE environment
variable. Otherwise, localization strings will not match if
LANGUAGE is set to a non-English locale. Bug #1025.
* The "starttime" test now passed when run under Debian faketime.
Bug #1026.
* The Kerberos authentication module now honors the custom password
prompt if one has been specified.
* The embedded copy of zlib has been updated to version 1.2.12.
* Updated the version of libtool used by sudo to version 2.4.7.
* Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE
in the header files (currently only GNU libc). This is required
to allow the use of 64-bit time values on some 32-bit systems.
* Sudo's "intercept" and "log_subcmds" options no longer force the
command to run in its own pseudo-terminal. It is now also
possible to intercept the system(3) function.
* Fixed a bug in sudo_logsrvd when run in store-first relay mode
where the commit point messages sent by the server were incorrect
if the command was suspended or received a window size change
event.
* Fixed a potential crash in sudo_logsrvd when the "tls_dhparams"
configuration setting was used.
* The "intercept" and "log_subcmds" functionality can now use
ptrace(2) on Linux systems that support seccomp(2) filtering.
This has the advantage of working for both static and dynamic
binaries and can work with sudo's SELinux RBAC mode. The following
architectures are currently supported: i386, x86_64, aarch64,
arm, mips (log_subcmds only), powerpc, riscv, and s390x. The
default is to use ptrace(2) where possible; the new "intercept_type"
sudoers setting can be used to explicitly set the type.
* New Georgian translation from translationproject.org.
* Fixed creating packages on CentOS Stream.
* Fixed a bug in the intercept and log_subcmds support where
the execve(2) wrapper was using the current environment instead
of the passed environment pointer. Bug #1030.
* Added AppArmor integration for Linux. A sudoers rule can now
specify an APPARMOR_PROFILE option to run a command confined by
the named AppArmor profile.
* Fixed parsing of the "server_log" setting in sudo_logsrvd.conf.
Non-paths were being treated as paths and an actual path was
treated as an error.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/sudo | 3 ++-
lfs/sudo | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > - Update from version 1.9.10 to 1.9.11p3 > - Update of rootfile required > - Changelog > What's new in Sudo 1.9.11p3 > * Fixed "connection reset" errors on AIX when running shell scripts > with the "intercept" or "log_subcmds" sudoers options enabled. > Bug #1034. > * Fixed very slow execution of shell scripts when the "intercept" > or "log_subcmds" sudoers options are set on systems that enable > Nagle's algorithm on the loopback device, such as AIX. > Bug #1034. > What's new in Sudo 1.9.11p2 > * Fixed a compilation error on Linux/x86_64 with the x32 ABI. > * Fixed a regression introduced in 1.9.11p1 that caused a warning > when logging to sudo_logsrvd if the command returned no output. > What's new in Sudo 1.9.11p1 > * Correctly handle EAGAIN in the I/O read/right events. This fixes > a hang seen on some systems when piping a large amount of data > through sudo, such as via rsync. Bug #963. > * Changes to avoid implementation or unspecified behavior when > bit shifting signed values in the protobuf library. > * Fixed a compilation error on Linux/aarch64. > * Fixed the configure check for seccomp(2) support on Linux. > * Corrected the EBNF specification for tags in the sudoers manual > page. GitHub issue #153. > What's new in Sudo 1.9.11 > * Fixed a crash in the Python module with Python 3.9.10 on some > systems. Additionally, "make check" now passes for Python 3.9.10. > * Error messages sent via email now include more details, including > the file name and the line number and column of the error. > Multiple errors are sent in a single message. Previously, only > the first error was included. > * Fixed logging of parse errors in JSON format. Previously, > the JSON logger would not write entries unless the command and > runuser were set. These may not be known at the time a parse > error is encountered. > * Fixed a potential crash parsing sudoers lines larger than twice > the value of LINE_MAX on systems that lack the getdelim() function. > * The tests run by "make check" now unset the LANGUAGE environment > variable. Otherwise, localization strings will not match if > LANGUAGE is set to a non-English locale. Bug #1025. > * The "starttime" test now passed when run under Debian faketime. > Bug #1026. > * The Kerberos authentication module now honors the custom password > prompt if one has been specified. > * The embedded copy of zlib has been updated to version 1.2.12. > * Updated the version of libtool used by sudo to version 2.4.7. > * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE > in the header files (currently only GNU libc). This is required > to allow the use of 64-bit time values on some 32-bit systems. > * Sudo's "intercept" and "log_subcmds" options no longer force the > command to run in its own pseudo-terminal. It is now also > possible to intercept the system(3) function. > * Fixed a bug in sudo_logsrvd when run in store-first relay mode > where the commit point messages sent by the server were incorrect > if the command was suspended or received a window size change > event. > * Fixed a potential crash in sudo_logsrvd when the "tls_dhparams" > configuration setting was used. > * The "intercept" and "log_subcmds" functionality can now use > ptrace(2) on Linux systems that support seccomp(2) filtering. > This has the advantage of working for both static and dynamic > binaries and can work with sudo's SELinux RBAC mode. The following > architectures are currently supported: i386, x86_64, aarch64, > arm, mips (log_subcmds only), powerpc, riscv, and s390x. The > default is to use ptrace(2) where possible; the new "intercept_type" > sudoers setting can be used to explicitly set the type. > * New Georgian translation from translationproject.org. > * Fixed creating packages on CentOS Stream. > * Fixed a bug in the intercept and log_subcmds support where > the execve(2) wrapper was using the current environment instead > of the passed environment pointer. Bug #1030. > * Added AppArmor integration for Linux. A sudoers rule can now > specify an APPARMOR_PROFILE option to run a command confined by > the named AppArmor profile. > * Fixed parsing of the "server_log" setting in sudo_logsrvd.conf. > Non-paths were being treated as paths and an actual path was > treated as an error. > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > config/rootfiles/common/sudo | 3 ++- > lfs/sudo | 4 ++-- > 2 files changed, 4 insertions(+), 3 deletions(-) > > diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo > index 1cb0d2bf7..93d9cbce2 100644 > --- a/config/rootfiles/common/sudo > +++ b/config/rootfiles/common/sudo > @@ -80,6 +80,7 @@ usr/sbin/visudo > #usr/share/locale/it/LC_MESSAGES/sudoers.mo > #usr/share/locale/ja/LC_MESSAGES/sudo.mo > #usr/share/locale/ja/LC_MESSAGES/sudoers.mo > +#usr/share/locale/ka/LC_MESSAGES/sudo.mo > #usr/share/locale/ko/LC_MESSAGES/sudo.mo > #usr/share/locale/ko/LC_MESSAGES/sudoers.mo > #usr/share/locale/lt/LC_MESSAGES/sudoers.mo > @@ -120,11 +121,11 @@ usr/sbin/visudo > #usr/share/man/man5/sudo.conf.5 > #usr/share/man/man5/sudo_logsrv.proto.5 > #usr/share/man/man5/sudo_logsrvd.conf.5 > +#usr/share/man/man5/sudo_plugin.5 > #usr/share/man/man5/sudoers.5 > #usr/share/man/man5/sudoers_timestamp.5 > #usr/share/man/man8/sudo.8 > #usr/share/man/man8/sudo_logsrvd.8 > -#usr/share/man/man8/sudo_plugin.8 > #usr/share/man/man8/sudo_sendlog.8 > #usr/share/man/man8/sudoedit.8 > #usr/share/man/man8/sudoreplay.8 > diff --git a/lfs/sudo b/lfs/sudo > index 4d73db639..ce9649d79 100644 > --- a/lfs/sudo > +++ b/lfs/sudo > @@ -24,7 +24,7 @@ > > include Config > > -VER = 1.9.10 > +VER = 1.9.11p3 > > THISAPP = sudo-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 94d97379e31b41917616a829cbece3d3fce7dd6ab9d04791b928981c14249c306508298655c19dc59a054ccf7deed4e69e65367cbfe9f6d8b5aba8895cfa6064 > +$(DL_FILE)_BLAKE2 = f8508f65b514abd9979a11628d8bc0e085b2625993281e7d1f8794a576e88970bda6939d2f2f50d9485f00276970aba3489b19c102eca5625e389c9610f338dd > > install : $(TARGET) >
diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo index 1cb0d2bf7..93d9cbce2 100644 --- a/config/rootfiles/common/sudo +++ b/config/rootfiles/common/sudo @@ -80,6 +80,7 @@ usr/sbin/visudo #usr/share/locale/it/LC_MESSAGES/sudoers.mo #usr/share/locale/ja/LC_MESSAGES/sudo.mo #usr/share/locale/ja/LC_MESSAGES/sudoers.mo +#usr/share/locale/ka/LC_MESSAGES/sudo.mo #usr/share/locale/ko/LC_MESSAGES/sudo.mo #usr/share/locale/ko/LC_MESSAGES/sudoers.mo #usr/share/locale/lt/LC_MESSAGES/sudoers.mo @@ -120,11 +121,11 @@ usr/sbin/visudo #usr/share/man/man5/sudo.conf.5 #usr/share/man/man5/sudo_logsrv.proto.5 #usr/share/man/man5/sudo_logsrvd.conf.5 +#usr/share/man/man5/sudo_plugin.5 #usr/share/man/man5/sudoers.5 #usr/share/man/man5/sudoers_timestamp.5 #usr/share/man/man8/sudo.8 #usr/share/man/man8/sudo_logsrvd.8 -#usr/share/man/man8/sudo_plugin.8 #usr/share/man/man8/sudo_sendlog.8 #usr/share/man/man8/sudoedit.8 #usr/share/man/man8/sudoreplay.8 diff --git a/lfs/sudo b/lfs/sudo index 4d73db639..ce9649d79 100644 --- a/lfs/sudo +++ b/lfs/sudo @@ -24,7 +24,7 @@ include Config -VER = 1.9.10 +VER = 1.9.11p3 THISAPP = sudo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 94d97379e31b41917616a829cbece3d3fce7dd6ab9d04791b928981c14249c306508298655c19dc59a054ccf7deed4e69e65367cbfe9f6d8b5aba8895cfa6064 +$(DL_FILE)_BLAKE2 = f8508f65b514abd9979a11628d8bc0e085b2625993281e7d1f8794a576e88970bda6939d2f2f50d9485f00276970aba3489b19c102eca5625e389c9610f338dd install : $(TARGET)