Navigation:
Browse pkgsrc
(this page) 2020-04-28 07:29:18 by Takahiro Kambe | Files touched by this commit (2) |  |
Log message: security/sudo: update to 1.8.31p1 Update sudo to 1.8.31p1. Major changes between sudo 1.8.31p1 and 1.8.31 * Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit, as it did prior to version 1.8.29. Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY if we set the limit to zero, even for root, which resulted in a warning from sudo. |
| 2020-02-03 08:47:56 by Kimmo Suominen | Files touched by this commit (2) |
Log message: Update to sudo 1.8.31 What's new: * Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback" sudoers option is enabled on systems with uni-directional pipes. * The "sudoedit_checkdir" option now treats a user-owned directory as writable, even if it does not have the write bit set at the time of check. Symbolic links will no longer be followed by sudoedit in any user-owned directory. Bug #912 * Fixed sudoedit on macOS 10.15 and above where the root file system is mounted read-only. Bug #913. * Fixed a crash introduced in sudo 1.8.30 when suspending sudo at the password prompt. Bug #914. * Fixed compilation on systems where the mmap MAP_ANON flag is not available. Bug #915. |
| 2020-01-30 22:08:00 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (1) | |
Log message: sudo: update master site TW Aren FTP server seems down and the fetching step hangs for hours. |
| 2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836) |
Log message: *: Recursive revision bump for openssl 1.1.1. |
| 2020-01-01 02:47:29 by Kimmo Suominen | Files touched by this commit (2) |
Log message: Update to sudo 1.8.30 Notable changes: * The version string no longer has the word "beta" in it. |
2019-12-28 21:43:56 by Kimmo Suominen | Files touched by this commit (14) |  |
Log message: Update to sudo 1.8.30beta3 * Portability fixes from pkgsrc have been merged upstream * Add runas_check_shell flag to require a runas user to have a valid shell. Not enabled by default. * Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs. Previous, sudo would always allow unknown user or group IDs if the sudoers entry permitted it. This included the "ALL" alias. With this change, the admin must explicitly enable support for unknown IDs. * Transparently handle the "sudo sudoedit" problem. Some admin are confused about how to give users sudoedit permission and many users try to run sudoedit via sudo instead of directly. If the user runs "sudo sudoedit" sudo will now treat it as plain "sudoedit" \ after issuing a warning. If the admin has specified a fully-qualified path for sudoedit in sudoers, sudo will treat it as just "sudoedit" and match accordingly. In visudo (but not sudo), a fully-qualified path for sudoedit is now treated as an error. * When restoring old resource limits, try to recover if we receive EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft limit is lower than the current resource usage. This can be a problem when restoring the old stack limit if sudo has raised it. * Restore resource limits before executing the askpass program. Linux with docker seems to have issues executing a program when the stack size is unlimited. Bug #908 * macOS does not allow rlim_cur to be set to RLIM_INFINITY for RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS setrlimit manual. Bug #904 * Use 64-bit resource limits on AIX. |
| 2019-12-19 17:59:44 by Kimmo Suominen | Files touched by this commit (3) |
Log message: Don't touch RLIMIT_STACK for now, see https://gnats.netbsd.org/51158 |
| 2019-12-18 16:56:11 by Kimmo Suominen | Files touched by this commit (4) |
Log message: Fix setrlimit(3): Invalid argument The new code that unlimits many resources appears to have been problematic on a number of fronts. Fetched the current version of src/limits.c from the sudo hg repo. RLIMIT_STACK (i.e. "3") is no longer set to \ RLIM_INFINITY. Added code to output the name of the limit instead of its number. |
| 2019-12-15 19:42:10 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: sudo: updated to 1.8.29 Major changes between version 1.8.29 and 1.8.28p1: The cvtsudoers command will now reject non-LDIF input when converting from LDIF \ format to sudoers or JSON formats. The new log_allowed and log_denied sudoers settings make it possible to disable \ logging and auditing of allowed and/or denied commands. The umask is now handled differently on systems with PAM or login.conf. If the \ umask is explicitly set in sudoers, that value is used regardless of what PAM or \ login.conf may specify. However, if the umask is not explicitly set in sudoers, \ PAM or login.conf may now override the default sudoers umask. For make install, the sudoers file is no longer checked for syntax errors when \ DESTDIR is set. The default sudoers file includes the contents of /etc/sudoers.d \ which may not be readable as non-root. Sudo now sets most resource limits to their maximum value to avoid problems \ caused by insufficient resources, such as an inability to allocate memory or \ open files and pipes. Fixed a regression introduced in sudo 1.8.28 where sudo would refuse to run if \ the parent process was not associated with a session. This was due to sudo \ passing a session ID of -1 to the plugin. |
| 2019-11-04 22:13:04 by Roland Illig | Files touched by this commit (118) |
Log message: security: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections. |
New packages: