From: Adolf Belka Date: Wed, 27 Jan 2021 20:14:44 +0000 (+0100) Subject: sudo: Upgrade to 1.9.5p2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=273708295b5553f174b27101a33c7d1402e4eb78;p=people%2Fpmueller%2Fipfire-2.x.git sudo: Upgrade to 1.9.5p2 - Update sudo from 1.9.5p1 to 1.9.5p2 - Major changes between version 1.9.5p2 and 1.9.5p1: Fixed sudo's setprogname(3) emulation on systems that don't provide it. Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache. When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. - No change to rootfile Signed-off-by: Adolf Belka Reviewed-by: Peter Müller Signed-off-by: Michael Tremer --- diff --git a/lfs/sudo b/lfs/sudo index feba249cd7..bb2279e8f4 100644 --- a/lfs/sudo +++ b/lfs/sudo @@ -24,7 +24,7 @@ include Config -VER = 1.9.5p1 +VER = 1.9.5p2 THISAPP = sudo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 145f6e69c116f82cf0377ccf459344eb +$(DL_FILE)_MD5 = e6bc4c18c06346e6b3431637a2b5f3d5 install : $(TARGET)