Subject: CVS commit: [pkgsrc-2020Q4] pkgsrc/security/sudo
From: Benny Siegert
Date: 2021-01-28 09:09:41
Message id: 20210128080941.9E8ECFA90@cvs.NetBSD.org

Log Message:
Pullup ticket #6415 - requested by spz
security/sudo: security fix

Revisions pulled up:
- security/sudo/Makefile                                        1.181-1.182
- security/sudo/PLIST                                           1.19
- security/sudo/distinfo                                        1.112-1.113
- security/sudo/patches/patch-configure                         1.4
- security/sudo/patches/patch-examples_Makefile.in              1.1
- security/sudo/patches/patch-logsrvd_Makefile.in               1.1
- security/sudo/patches/patch-plugins_sudoers_Makefile.in       1.4

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jan 18 14:32:24 UTC 2021

   Modified Files:
   	pkgsrc/security/sudo: Makefile PLIST distinfo
   	pkgsrc/security/sudo/patches: patch-configure
   	    patch-plugins_sudoers_Makefile.in
   Added Files:
   	pkgsrc/security/sudo/patches: patch-examples_Makefile.in
   	    patch-logsrvd_Makefile.in

   Log Message:
   security/sudo: update to 1.9.5p1

   Update sudo package to 1.9.5p1.  CHanges from 1.8.31p2 are too many to
   write here.  Please refer <https://www.sudo.ws/stable.html>.

   1.9.5 fixes these security problems:

   * Fixed CVE-2021-23239, a potential information leak in sudoedit that
     could be used to test for the existence of directories not normally
     accessible to the user in certain circumstances.  When creating a new
     file, sudoedit checks to make sure the parent directory of the new file
     exists before running the editor.  However, a race condition exists if
     the invoking user can replace (or create) the parent directory. If a
     symbolic link is created in place of the parent directory, sudoedit will
     run the editor as long as the target of the link exists.  If the target
     of the link does not exist, an error message will be displayed.  The
     race condition can be used to test for the existence of an arbitrary
     directory.  However, it cannot be used to write to an arbitrary
     location.

   * Fixed CVE-2021-23240, a flaw in the temporary file handling of
     sudoedit's SELinux RBAC support.  On systems where SELinux is enabled, a
     user with sudoedit permissions may be able to set the owner of an
     arbitrary file to the user-ID of the target user.  On Linux kernels that
     support protected symlinks setting /proc/sys/fs/protected_symlinks to 1
     will prevent the bug from being exploited.  For more information, see
     Symbolic link attack in SELinux-enabled sudoedit.

   Quote from 1.9.0 features:

   * The maximum length of a conversation reply has been increased from 255
     to 1023 characters.  This allows for longer user passwords. Bug #860.

   * Sudo now includes a logging daemon, sudo_logsrvd, which can be used to
     implement centralized logging of I/O logs.  TLS connections are
     supported when sudo is configured with the --enable-openssl option.  For
     more information, see the sudo_logsrvd, sudo_logsrvd.conf and
     sudo_logsrv.proto manuals as well as the log_servers setting in the
     sudoers manual.

   * The --disable-log-server and --disable-log-client configure options can
     be used to disable building the I/O log server and/or remote I/O log
     support in the sudoers plugin.

   * The new sudo_sendlog utility can be used to test sudo_logsrvd or send
     existing sudo I/O logs to a centralized server.

   * It is now possible to write sudo plugins in Python 4 when sudo is
     configured with the --enable-python option.  See the sudo_plugin_python
     manual for details.

     Sudo 1.9.0 comes with several Python example plugins that get installed
     sudo's examples directory.

     The sudo blog article What's new in sudo 1.9: Python includes a simple
     tutorial on writing python plugins.

   * Sudo now supports an audit plugin type.  An audit plugin receives
     accept, reject, exit and error messages and can be used to implement
     custom logging that is independent of the underlying security policy.
     Multiple audit plugins may be specified in the sudo.conf file.  A sample
     audit plugin is included that writes logs in JSON format.

   * Sudo now supports an approval plugin type.  An approval plugin is run
     only after the main security policy (such as sudoers) accepts a command
     to be run.  The approval policy may perform additional checks,
     potentially interacting with the user.  Multiple approval plugins may be
     specified in the sudo.conf file.  Only if all approval plugins succeed
     will the command be allowed.

   * Sudo's -S command line option now causes the sudo conversation function
     to write to the standard output or standard error instead of the
     terminal device.

---
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Tue Jan 26 20:18:43 UTC 2021

   Modified Files:
   	pkgsrc/security/sudo: Makefile distinfo

   Log Message:
   sudo: Update to 1.9.5p2 for CVE-2021-3156.

   What's new in Sudo 1.9.5p2

    * Fixed sudo's setprogname(3) emulation on systems that don't
      provide it.

    * Fixed a problem with the sudoers log server client where a partial
      write to the server could result the sudo process consuming large
      amounts of CPU time due to a cycle in the buffer queue. Bug #954.

    * Added a missing dependency on libsudo_util in libsudo_eventlog.
      Fixes a link error when building sudo statically.

    * The user's KRB5CCNAME environment variable is now preserved when
      performing PAM authentication.  This fixes GSSAPI authentication
      when the user has a non-default ccache.

    * When invoked as sudoedit, the same set of command line options
      are now accepted as for "sudo -e".  The -H and -P options are
      now rejected for sudoedit and "sudo -e" which matches the sudo
      1.7 behavior.  This is part of the fix for CVE-2021-3156.

    * Fixed a potential buffer overflow when unescaping backslashes
      in the command's arguments.  Normally, sudo escapes special
      characters when running a command via a shell (sudo -s or sudo
      -i).  However, it was also possible to run sudoedit with the -s
      or -i flags in which case no escaping had actually been done,
      making a buffer overflow possible.  This fixes CVE-2021-3156.

Files:
RevisionActionfile
1.180.4.1modifypkgsrc/security/sudo/Makefile
1.18.10.1modifypkgsrc/security/sudo/PLIST
1.111.4.1modifypkgsrc/security/sudo/distinfo
1.3.4.1modifypkgsrc/security/sudo/patches/patch-configure
1.3.8.1modifypkgsrc/security/sudo/patches/patch-plugins_sudoers_Makefile.in
1.1.2.2addpkgsrc/security/sudo/patches/patch-examples_Makefile.in
1.1.2.2addpkgsrc/security/sudo/patches/patch-logsrvd_Makefile.in