From patchwork Thu Sep 5 13:28:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8081 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4X00Z33sqQz3wdh for ; Thu, 5 Sep 2024 13:28:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4X00Z050Wqzr2; Thu, 5 Sep 2024 13:28:56 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4X00Z036T5z33nf; Thu, 5 Sep 2024 13:28:56 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4X00Yy16Zwz2ybk for ; Thu, 5 Sep 2024 13:28:54 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4X00Yx36WyzJH; Thu, 5 Sep 2024 13:28:53 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1725542933; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=P8Z2sojozaXdA7hHkY2gj5zEwKPqgmK7WgpDn0I7GmY=; b=6Atm6QxWdLioHbihu/RE+n+TycntTGeJlSAVuyk06ybYBOAkjplsWUWcCl7K0b7+5kzPxp Urh/5iU1FGmChgCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1725542933; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=P8Z2sojozaXdA7hHkY2gj5zEwKPqgmK7WgpDn0I7GmY=; b=fBinOj9+AnsOr1xhBtPzwc+Z3OSt/R87GWIXpddMoy/JAhW2ozVVpGhWHaToA6b7wk0rRY 0s3/2QMLP3Nowq7hKXe0nqS6iDdagd0PHs6KlabvGqxXtCJKy+dYO4w+a50fy68sS5a5lw sCExetrJSyMUQ/NsM0TWeGZbkQsos1ubv8/EI5u9xjZHpK8gmhiCMC+IY9DyODfqZBRir4 iuQlMVv7GI71lOAfvUNkGstqXQMQM/3EJ9ZHL6Guk1ZHkKIS2y73YQvDnGdepbfHIHcV94 I2UEe4DfN370l5cl1MjWmOY3X31GDn3xT0aogKAidHZzasce6dOH2wN2hzdmZw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] sudo: Update to version 1.9.16 Date: Thu, 5 Sep 2024 15:28:50 +0200 Message-ID: <20240905132850.3430651-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: O3UGV4NY7LIZS3BXOA6ZEXOJDUJZBHHS X-Message-ID-Hash: O3UGV4NY7LIZS3BXOA6ZEXOJDUJZBHHS X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 1.9.15p5 to 1.9.16 - Update of rootfile - Changelog 1.9.16 * Added the "cmddenial_message" sudoers option to provide additional information to the user when a command is denied by the sudoers policy. The default message is still displayed. * The time stamp used for file-based logs is now more consistent with the time stamp produced by syslog. GitHub issues #327. * Sudo will now warn the user if it can detect the user's terminal but cannot determine the path to the terminal device. The sudoers time stamp file will now use the terminal device number directly. GitHub issue #329. * The embedded copy of zlib has been updated to version 1.3.1. * Improved error handling if generating the list of signals and signal names fails at build time. * Fixed a compilation issue on Linux systems without process_vm_readv(). * Fixed cross-compilation with WolfSSL. * Added a "json_compact" value for the sudoers "log_format" option which can be used when logging to a file. The existing "json" value has been aliased to "json_pretty". In a future release, "json" will be an alias for "json_compact". GitHub issue #357. * A new "pam_silent" sudoers option has been added which may be negated to avoid suppressing output from PAM authentication modules. GitHub issue #216. * Fixed several cvtsudoers JSON output problems. GitHub issues #369, #370, #371, #373, #381. * When sudo runs a command in a pseudo-terminal and the user's terminal is revoked, the pseudo-terminal's foreground process group will now receive SIGHUP before the terminal is revoked. This emulates the behavior of the session leader exiting and is consistent with what happens when, for example, an ssh session is closed. GitHub issue #367. * Fixed "make test" with Python 3.12. GitHub issue #374. * In schema.ActiveDirectory, fixed the quoting in the example command. GitHub issue #376. * Paths specified via a Chdir_Spec or Chroot_Spec in sudoers may now be double-quoted. * Sudo insults are now included by default, but disabled unless the --with-insults configure option is specified or the "insults" sudoers option is enabled. * The default sudoers file now enables the "secure_path" option by default and preserves the EDITOR, VISUAL, and SUDO_EDITOR environment variables when running visudo. The new --with-secure-path-value configure option can be used to set the value of "secure_path" in the default sudoers file. GitHub issue #387. * A sudoers schema for IBM Directory Server (aka IBM Tivoli Directory Server, IBM Security Directory Server, and IBM Security Verify Directory) is now included. * When cross-compiling sudo, the configure script now assumes that the snprintf() function is C99-compliant if the C compiler supports the C99 standard. Previously, configure would use sudo's own snprintf() when cross-compiling. GitHub issue #386. Signed-off-by: Adolf Belka --- config/rootfiles/common/sudo | 1 + lfs/sudo | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo index a09f06b38..651a284e3 100644 --- a/config/rootfiles/common/sudo +++ b/config/rootfiles/common/sudo @@ -75,6 +75,7 @@ usr/sbin/visudo #usr/share/locale/hu/LC_MESSAGES/sudo.mo #usr/share/locale/hu/LC_MESSAGES/sudoers.mo #usr/share/locale/id/LC_MESSAGES/sudo.mo +#usr/share/locale/id/LC_MESSAGES/sudoers.mo #usr/share/locale/it/LC_MESSAGES/sudo.mo #usr/share/locale/it/LC_MESSAGES/sudoers.mo #usr/share/locale/ja/LC_MESSAGES/sudo.mo diff --git a/lfs/sudo b/lfs/sudo index 129e41e9f..cac540be0 100644 --- a/lfs/sudo +++ b/lfs/sudo @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.9.15p5 +VER = 1.9.16 THISAPP = sudo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720 +$(DL_FILE)_BLAKE2 = 19daa789af3ca2c4832950f0dd6f26a97285fdc155f0d7c18ec1f1accafce9b86f2f5730d3bb0b8e7717c0c55f4079928e03acb3974cb2652c58d4bcb2f74a12 install : $(TARGET)