[Bug 251490] [PATCH] Update security/sudo to 1.9.4
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Nov 30 17:58:57 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251490
Bug ID: 251490
Summary: [PATCH] Update security/sudo to 1.9.4
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: garga at FreeBSD.org
Reporter: cy at FreeBSD.org
CC: garga at FreeBSD.org, ports-bugs at FreeBSD.org
Flags: maintainer-feedback?(garga at FreeBSD.org)
Attachment #220109 maintainer-approval?(garga at FreeBSD.org)
Flags:
CC: garga at FreeBSD.org
Created attachment 220109
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=220109&action=edit
Update sudo to 1.9.4
Sudo version 1.9.4 available. In addition to bug fixes, Sudo 1.9.4
adds support for JSON-formatted logs as well as sending log messages
to sudo_logsrvd even when I/O logging is not in use.
Source:
https://www.sudo.ws/dist/sudo-1.9.4.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.4.tar.gz
SHA256 checksum:
8b91bd2cc73af18a06a01406e38d154b837107be759f72e89cefeaa94e1103f0
MD5 checksum:
b654699baebedd095fa525108ea12cbe
Binary packages:
https://www.sudo.ws/download.html#binary
For a list of download mirror sites, see:
https://www.sudo.ws/download_mirrors.html
Sudo web site:
https://www.sudo.ws/
Sudo web site mirrors:
https://www.sudo.ws/mirrors.html
Major changes between sudo 1.9.4 and 1.9.3p1
* The sudoers parser will now detect when an upper-case reserved
word is used when declaring an alias. Now instead of "syntax
error, unexpected CHROOT, expecting ALIAS" the message will be
"syntax error, reserved word CHROOT used as an alias name".
Bug #941.
* Better handling of sudoers files without a final newline.
The parser now adds a newline at end-of-file automatically which
removes the need for special cases in the parser.
* Fixed a regression introduced in sudo 1.9.1 in the sssd back-end
where an uninitialized pointer could be freed on an error path.
GitHub issue #67.
* The core logging code is now shared between sudo_logsrvd and
the sudoers plugin.
* JSON log entries sent to syslog now use "minimal" JSON which
skips all non-essential whitespace.
* The sudoers plugin can now produce JSON-formatted logs. The
"log_format" sudoers option can be used to select sudo or json
format logs. The default is sudo format logs.
* The sudoers plugin and visudo now display the column number in
syntax error messages in addition to the line number. Bug #841.
* If I/O logging is not enabled but "log_servers" is set, the
sudoers plugin will now log accept events to sudo_logsrvd.
Previously, the accept event was only sent when I/O logging was
enabled. The sudoers plugin now sends reject and alert events too.
* The sudo logsrv protocol has been extended to allow an AlertMessage
to contain an optional array of InfoMessage, as AcceptMessage
and RejectMessage already do.
* Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result
in duplicate entries in the debug log when debugging was enabled.
* The visudo utility now supports EDITOR environment variables
that use single or double quotes in the command arguments.
Bug #942.
* The PAM session modules now run when sudo is set-user-ID root,
which allows a module to determine the original user-ID.
Bug #944.
* Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end
where sudoNotBefore and sudoNotAfter were applied even when the
SUDOERS_TIMED setting was not present in ldap.conf. Bug #945.
* Sudo packages for macOS 11 now contain universal binaries that
support both Intel and Apple Silicon CPUs.
* For sudo_logsrvd, an empty value for the "pid_file" setting in
sudo_logsrvd.conf will now disable the process ID file.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-ports-bugs
mailing list