./security/sudo, Allow others to run commands as root

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2019Q4, Version: 1.8.31, Package name: sudo-1.8.31, Maintainer: pkgsrc-users

Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done.


Required to build:
[pkgtools/cwrappers]

Package options: skey

Master sites: (Expand)

SHA1: 24222b6fb644354c944bc024a0f77548b289410d
RMD160: 8f67e551df2f528983f675cda6c9c908f9f1950b
Filesize: 3272.143 KB

Version history: (Expand)

CVS history: (Expand)


   2020-02-09 20:21:38 by Benny Siegert | Files touched by this commit (14) | Package removed
Log message:
Pullup ticket #6133 - requested by taca
security/sudo: security fix

Revisions pulled up:
- security/sudo/Makefile                                        1.174-1.178
- security/sudo/distinfo                                        1.107-1.109
- security/sudo/patches/patch-Makefile.in                       1.2
- security/sudo/patches/patch-configure                         1.2
- security/sudo/patches/patch-include_sudo__compat.h            deleted
- security/sudo/patches/patch-include_sudo__event.h             deleted
- security/sudo/patches/patch-lib_util_sig2str.c                deleted
- security/sudo/patches/patch-lib_util_str2sig.c                deleted
- security/sudo/patches/patch-plugins_sudoers_Makefile.in       1.3
- security/sudo/patches/patch-plugins_sudoers_logging.c         deleted
- security/sudo/patches/patch-plugins_sudoers_starttime.c       deleted
- security/sudo/patches/patch-plugins_sudoers_sudoers.c         deleted
- security/sudo/patches/patch-src_Makefile.in                   1.4
- security/sudo/patches/patch-src_limits.c                      deleted

---
   Module Name:	pkgsrc
   Committed By:	kim
   Date:		Sat Dec 28 20:43:56 UTC 2019

   Modified Files:
   	pkgsrc/security/sudo: Makefile distinfo
   	pkgsrc/security/sudo/patches: patch-Makefile.in patch-configure
   	    patch-plugins_sudoers_Makefile.in patch-src_Makefile.in
   Removed Files:
   	pkgsrc/security/sudo/patches: patch-include_sudo__compat.h
   	    patch-include_sudo__event.h patch-lib_util_sig2str.c
   	    patch-lib_util_str2sig.c patch-plugins_sudoers_logging.c
   	    patch-plugins_sudoers_starttime.c patch-plugins_sudoers_sudoers.c
   	    patch-src_limits.c

   Log message:
   Update to sudo 1.8.30beta3

   * Portability fixes from pkgsrc have been merged upstream

   * Add runas_check_shell flag to require a runas user to have a valid
     shell. Not enabled by default.

   * Add a new flag "allow_unknown_runas_id" to control matching of unknown
     IDs. Previous, sudo would always allow unknown user or group IDs if
     the sudoers entry permitted it. This included the "ALL" alias. With
     this change, the admin must explicitly enable support for unknown IDs.

   * Transparently handle the "sudo sudoedit" problem. Some admin are
     confused about how to give users sudoedit permission and many users
     try to run sudoedit via sudo instead of directly. If the user runs
     "sudo sudoedit" sudo will now treat it as plain \ 
"sudoedit" after
     issuing a warning. If the admin has specified a fully-qualified path
     for sudoedit in sudoers, sudo will treat it as just "sudoedit" and
     match accordingly. In visudo (but not sudo), a fully-qualified path
     for sudoedit is now treated as an error.

   * When restoring old resource limits, try to recover if we receive
     EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft
     limit is lower than the current resource usage. This can be a problem
     when restoring the old stack limit if sudo has raised it.

   * Restore resource limits before executing the askpass program. Linux
     with docker seems to have issues executing a program when the stack
     size is unlimited. Bug #908

   * macOS does not allow rlim_cur to be set to RLIM_INFINITY for
     RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS
     setrlimit manual. Bug #904

   * Use 64-bit resource limits on AIX.

---
   Module Name:	pkgsrc
   Committed By:	kim
   Date:		Wed Jan  1 01:47:29 UTC 2020

   Modified Files:
   	pkgsrc/security/sudo: Makefile distinfo

   Log message:
   Update to sudo 1.8.30

   Notable changes:

   * The version string no longer has the word "beta" in it.

---
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Sat Jan 18 21:51:16 UTC 2020

   Modified Files:
   	pkgsrc/security/sudo: Makefile

   Log message:
   *: Recursive revision bump for openssl 1.1.1.

---
   Module Name:	pkgsrc
   Committed By:	triaxx
   Date:		Thu Jan 30 21:08:00 UTC 2020

   Modified Files:
   	pkgsrc/security/sudo: Makefile

   Log message:
   sudo: update master site

   TW Aren FTP server seems down and the fetching step hangs for hours.

---
   Module Name:	pkgsrc
   Committed By:	kim
   Date:		Mon Feb  3 07:47:56 UTC 2020

   Modified Files:
   	pkgsrc/security/sudo: Makefile distinfo

   Log message:
   Update to sudo 1.8.31

   What's new:

   * Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback"
     sudoers option is enabled on systems with uni-directional pipes.

   * The "sudoedit_checkdir" option now treats a user-owned directory
     as writable, even if it does not have the write bit set at the
     time of check.  Symbolic links will no longer be followed by
     sudoedit in any user-owned directory.  Bug #912

   * Fixed sudoedit on macOS 10.15 and above where the root file system
     is mounted read-only.  Bug #913.

   * Fixed a crash introduced in sudo 1.8.30 when suspending sudo
     at the password prompt.  Bug #914.

   * Fixed compilation on systems where the mmap MAP_ANON flag
     is not available.  Bug #915.