Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.9.16p2 26 Nov 2024 19:55:59 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.16p2
Major changes between sudo 1.9.16p2 and 1.9.16p1:
* Sudo now passes the terminal device number to the policy plugin
even if it cannot resolve it to a path name. This allows sudo
to run without warnings in a chroot jail when the terminal device
files are not present. GitHub issue #421.
* On Linux systems, sudo will now attempt to use the symbolic links
in /proc/self/fd/{0,1,2} when resolving the terminal device
number. This can allow sudo to map a terminal device to its
path name even when /dev/pts is not mounted in a chroot jail.
* Fixed compilation errors with gcc and clang in C23 mode.
C23 no longer supports functions with unspecified arguments.
GitHub issue #420.
PR: 282976
Approved by: garga (maintainer) |
1.9.16p1 13 Nov 2024 14:52:17 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.16p1
Major changes between sudo 1.9.16p1 and 1.9.16:
* Fixed the test for cross-compiling when checking for C99 snprintf().
The changes made to the test in sudo 1.9.16 resulted in a different
problem. GitHub issue #386.
* Fixed the date used by the exit record in sudo-format log files.
This was a regression introduced in sudo 1.9.16 and only affected
file-based logs, not syslog. GitHub issue #405.
* Fixed the root cause of the "unable to find terminal name for
device" message when running sudo on AIX when no terminal is
present. In sudo 1.9.16 this was turned from a debug message (Only the first 15 lines of the commit message are shown above ) |
1.9.16 27 Sep 2024 17:54:34 |
Dima Panov (fluffy) |
security/sudo: hook up orphaned doc file with LDAP option enabled (+)
Reported-by: poudriere bulk -t failure
Approved-by: portmgr blanket (trivial fix) |
1.9.16 16 Sep 2024 21:25:23 |
Yasuhiro Kimura (yasu) |
security/sudo: Update to 1.9.16
ChangeLog: https://www.sudo.ws/releases/stable/#1.9.16
PR: 281428
Approved by: garga (maintainer) |
1.9.15p5_4 28 Feb 2024 17:11:28 |
Renato Botelho (garga) |
security/sudo: Mark SSSD option as deprecated
security/sssd is marked as deprecated, add a note on option description
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.15p5_4 15 Feb 2024 21:28:22 |
Dan Langille (dvl) |
security/sudo: rename the SSSD_DEVEL option to SSSD2
security/sssd-devel was renamed to security/sssd2
PR: 277077 |
1.9.15p5_3 24 Jan 2024 21:37:01 |
Dan Langille (dvl) |
security/sudo: re-add sssd-devel option
sudo already allows for the use of security/sssd (SSSD)
This patch allows for selecting security/sssd-devel (SSSD_DEVEL)
instead.
Also updates security/sssd-devel, elminating a circular dependency.
PR: 276598 272571 |
1.9.15p5_2 16 Jan 2024 14:02:42 |
Renato Botelho (garga) |
*/*: Restore GNU_CONFIGURE on my ports
I made a mistake and changed these ports to HAS_CONFIGURE when working
on MANPREFIX sanitization. Restore proper macro usage and set
GNU_CONFIGURE_MANPREFIX properly to keep manpages installed under
${PREFIX}/share.
Reported by: danfe
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.15p5_1 15 Jan 2024 21:37:36 |
Renato Botelho (garga) |
security/sudo: Move manpages to ${PREFIX}/share
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.15p5 02 Jan 2024 14:17:41 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.15p5
Major changes between sudo 1.9.15p5 and 1.9.15p4:
* Fixed evaluation of the "lecture", "listpw", "verifypw", and
"fdexec" sudoers Defaults settings when used without an explicit
value. Previously, if specified without a value they were
evaluated as boolean "false", even when the negation operator
('!') was not present.
* Fixed a bug introduced in sudo 1.9.14 that prevented LDAP
netgroup queries using the NETGROUP_BASE setting from being
performed.
* Sudo will now transparently rename a user's lecture file from
the older name-based path to the newer user-ID-based path.
GitHub issue #342.
* Fixed a bug introduced in sudo 1.9.15 that could cause a memory
allocation failure if sysconf(_SC_LOGIN_NAME_MAX) fails. Bug #1066.
PR: 276032
Approved by: garga (maintainer)
MFH: 2024Q1 |
1.9.15p4 19 Dec 2023 00:25:52 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.15p4
Major changes between sudo 1.9.15p4 and 1.9.15p3:
* Fixed a bug introduced in sudo 1.9.15 that could prevent a user's
privileges from being listed by "sudo -l" if the sudoers entry
in /etc/nsswitch.conf contains "[SUCCESS=return]". This did not
affect the ability to run commands via sudo. Bug #1063.
PR: 275788
Approved by: garga (maintainer)
MFH: 2023Q4 |
1.9.15p3 14 Dec 2023 13:53:26 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.15p3
Major changes between sudo 1.9.15p3 and 1.9.15p2:
* Always disable core dumps when sudo sends itself a fatal signal.
Fixes a problem where sudo could potentially dump core dump when
it re-sends the fatal signal to itself. This is only an issue
if the command received a signal that would normally result in
a core dump but the command did not actually dump core.
* Fixed a bug matching a command with a relative path name when
the sudoers rule uses shell globbing rules for the path name.
Bug #1062.
* Permit visudo to be run even if the local host name is not set. (Only the first 15 lines of the commit message are shown above ) |
1.9.15p2 09 Nov 2023 18:00:28 |
Renato Botelho (garga) |
security/sudo: Update to 1.9.15p2
* Fixed a bug on BSD systems where sudo would not restore the
terminal settings on exit if the terminal had parity enabled.
GitHub issue #326.
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.15p1 08 Nov 2023 11:19:05 |
Renato Botelho (garga) |
security/sudo: Update to 1.9.15p1
* Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
sudoers from being able to read the ldap.conf file.
GitHub issue #325.
PR: 274960
Reported by: Daniel Porsch <[email protected]>
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.15 06 Nov 2023 18:13:29 |
Renato Botelho (garga) |
security/sudo: Update to 1.9.15
While here:
- Prevent combination of SSSD and GSSAPI_HEIMDAL because sssd port
requires MIT kerberos and it will conflict with heimdal
- Removed SSSD_DEVEL option because sssd-devel port requires sudo and it
creates a circular dependency
- Fix OPIE on FreeBSD versions after it was removed from base
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.14p3_1 01 Nov 2023 12:00:24 |
Renato Botelho (garga) |
security/sudo: Fix build with openssl from ports
Since SSL support is being changed and sudo can be built without it, add
a new SSL option, on by default.
When option is enabled, use --enable-openssl=${OPENSSLBASE} to make sure
it consumes desired OpenSSL implementation. Also add pkgconfig
dependency because configure script rely on it to detect openssl
details.
PR: 274753
Reported by: [email protected]
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.14p3 25 Jul 2023 13:44:22 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.14p3
Major changes between sudo 1.9.14p3 and 1.9.14p2:
* Fixed a crash with Python 3.12 when the sudo Python python is
unloaded. This only affects "make check" for the Python plugin.
* Adapted the sudo Python plugin test output to match Python 3.12.
PR: 272707
Approved by: garga (maintainer)
MFH: 2023Q3 |
1.9.14p2 17 Jul 2023 14:20:56 |
Renato Botelho (garga) |
security/sudo: Update to 1.9.14p2
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.14p1_1 14 Jul 2023 13:06:49 |
Dan Langille (dvl) |
security/sudo: add sssd-devel option
security/sudo already allows for the use of security/sssd (SSSD)
This patch allows for selecting security/sssd-devel (SSSD_DEVEL)
instead.
PR: 272488 |
1.9.14p1 12 Jul 2023 12:46:27 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.14p1
Major changes between sudo 1.9.14p1 and 1.9.14:
* Fixed an "invalid free" bug in sudo_logsrvd that was introduced
in version 1.9.14 which could cause sudo_logsrvd to crash.
* The sudoers plugin no longer tries to send the terminal name
to the log server when no terminal is present. This bug was
introduced in version 1.9.14.
PR: 272456
Approved by: garga (maintainer)
MFH: 2023Q3 |
1.9.14 12 Jul 2023 12:44:52 |
Cy Schubert (cy) |
Revert "security/sudo: Update to 1.9.14p1"
I forgot to put the PR number in its placeholder.
This reverts commit af3f8976df6f16a1a2554537e9c35188db653d0f. |
1.9.14p1 12 Jul 2023 12:42:28 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.14p1
Major changes between sudo 1.9.14p1 and 1.9.14:
* Fixed an "invalid free" bug in sudo_logsrvd that was introduced
in version 1.9.14 which could cause sudo_logsrvd to crash.
* The sudoers plugin no longer tries to send the terminal name
to the log server when no terminal is present. This bug was
introduced in version 1.9.14.
PR: NNNNNN
Approved by: garga (maintainer)
MFH: 2023Q3 |
1.9.14 29 Jun 2023 13:28:55 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.14
PR: 272255
Approved by: garga (maintainer)
MFH" 2023Q2 |
1.9.13p3 20 Jun 2023 11:28:46 |
Renato Botelho (garga) |
security/sudo: Ignore portscout
It doesn't understand sudo versioning scheme and keep giving false
alerts.
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.13p3 20 Jun 2023 11:27:53 |
Renato Botelho (garga) |
security/sudo: Pacify portclippy
No functional changes intended
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.13p3 09 Mar 2023 03:48:38 |
Cy Schubert (cy) Author: Yasuhiro Kimura |
security/sudo: Update to 1.9.13p3
PR 270002
Approved by: garga (maintainer - private email to myself, implicit)
message-id: [email protected]
MFH: 2023Q1
ChangeLog: https://www.sudo.ws/releases/stable/#1.9.13p3 |
1.9.13p2 01 Mar 2023 23:58:27 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.13p2
Major changes between sudo 1.9.13p2 and 1.9.13p1:
* Fixed the --enable-static-sudoers option, broken in sudo 1.9.13.
GitHub issue #245.
* Fixed a potential double-free bug when matching a sudoers rule
that contains a per-command chroot directive (CHROOT=dir). This
bug was introduced in sudo 1.9.8.
PR: 269854
Approved by: garga
MFH: 2023Q1 |
1.9.13p1 20 Feb 2023 14:23:21 |
Renato Botelho (garga) |
security/sudo: Upgrade to 1.9.13p1
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.13 15 Feb 2023 19:29:13 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.13
Major changes between sudo 1.9.13 and 1.9.12p2:
* Fixed a bug running relative commands via sudo when "log_subcmds"
is enabled. GitHub issue #194.
* Fixed a signal handling bug when running sudo commands in a shell
script. Signals were not being forwarded to the command when
the sudo process was not run in its own process group.
* Fixed a bug in cvtsudoers' LDIF parsing when the file ends without
a newline and a backslash is the last character of the file.
* Fixed a potential use-after-free bug with cvtsudoers filtering. (Only the first 15 lines of the commit message are shown above ) |
1.9.12p2 08 Feb 2023 10:53:56 |
Muhammad Moinur Rahman (bofh) |
Mk/**ldap.mk: Convert USE_LDAP to USES=ldap
Convert the USE_LDAP=yes to USES=ldap and adds the following features:
- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features
Reviewed by: delphij
Approved by: portmgr
Differential Revision: https://reviews.freebsd.org/D38233 |
1.9.12p2 18 Jan 2023 17:08:35 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.12p2
Major changes between sudo 1.9.12p2 and 1.9.12p1:
* Fixed a compilation error on Linux/aarch64. GitHub issue #197.
* Fixed a potential crash introduced in the fix for GitHub issue #134.
If a user's sudoers entry did not have any RunAs user's set,
running "sudo -U otheruser -l" would dereference a NULL pointer.
* Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
from creating a I/O files when the "iolog_file" sudoers setting
contains six or more Xs.
* Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit)
that coud allow a malicious user with sudoedit privileges to
edit arbitrary files.
PR: 269030
Submitted by: cy
Reported by: cy
Approved by: garga
MFH: 2023Q1
Security: CVE-2023-22809 |
1.9.12p1 07 Nov 2022 15:33:45 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.12p1
This release includes fixes to minor bugs, including a fix for
CVE-2022-43995, a non-exploitable potential out-of-bounds write on
systems that do not use PAM, AIX authentication or BSD authentication.
PR: 267617
Approved by: garga (Maintainer)
MFH: 2022Q4
Security: CVE-2022-43995 |
1.9.12 24 Oct 2022 15:30:05 |
Renato Botelho (garga) |
security/sudo: Update to 1.9.12
Sponsored by: Rubicon Communications, LLC ("Netgate") |
07 Sep 2022 21:58:51 |
Stefan Eßer (se) |
Remove WWW entries moved into port Makefiles
Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner) |
1.9.11p3 07 Sep 2022 21:10:59 |
Stefan Eßer (se) |
Add WWW entries to port Makefiles
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
(Only the first 15 lines of the commit message are shown above ) |
1.9.11p3 20 Jul 2022 14:22:56 |
Tobias C. Berner (tcberner) |
security: remove 'Created by' lines
A big Thank You to the original contributors of these ports:
* <[email protected]>
* Aaron Dalton <[email protected]>
* Adam Weinberger <[email protected]>
* Ade Lovett <[email protected]>
* Aldis Berjoza <[email protected]>
* Alex Dupre <[email protected]>
* Alex Kapranoff <[email protected]>
* Alex Samorukov <[email protected]>
* Alexander Botero-Lowry <[email protected]>
* Alexander Kriventsov <[email protected]>
* Alexander Leidinger <[email protected]> (Only the first 15 lines of the commit message are shown above ) |
1.9.11p3 21 Jun 2022 17:56:59 |
Renato Botelho (garga) |
security/sudo: Update to 1.9.11p3
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.11p2 13 Jun 2022 14:05:57 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.11p2 -- Fix regressions
Major changes between sudo 1.9.11p2 and 1.9.11p1:
* Fixed a compilation error on Linux/x86_64 with the x32 ABI.
* Fixed a regression introduced in 1.9.11p1 that caused a warning
when logging to sudo_logsrvd if the command returned no output.
PR: 264643
Approved by: garga (maintainer) |
1.9.11p1 09 Jun 2022 20:41:24 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.11p1
Major changes between sudo 1.9.11p1 and 1.9.11:
* Correctly handle EAGAIN in the I/O read/right events. This fixes
a hang seen on some systems when piping a large amount of data
through sudo, such as via rsync. Bug #963.
* Changes to avoid implementation or unspecified behavior when
bit shifting signed values in the protobuf library.
* Fixed a compilation error on Linux/aarch64.
* Fixed the configure check for seccomp(2) support on Linux.
(Only the first 15 lines of the commit message are shown above ) |
1.9.11 08 Jun 2022 19:30:42 |
Dima Panov (fluffy) |
security/sudo: fix packaging with PYTHON option enabled (+)
This a followup to commit 3ee710e0b22309a7e87c71b87bf5510aa8678ed8
sudo-1.9.11 have moved plugins manpages from section 8 to section 5
Pointy hat to: cy
Approved by: portmgr blanket |
1.9.11 08 Jun 2022 13:51:10 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.11
Major changes between sudo 1.9.11 and 1.9.10:
* Fixed a crash in the Python module with Python 3.9.10 on some
systems. Additionally, "make check" now passes for Python 3.9.10.
* Error messages sent via email now include more details, including
the file name and the line number and column of the error.
Multiple errors are sent in a single message. Previously, only
the first error was included.
* Fixed logging of parse errors in JSON format. Previously,
the JSON logger would not write entries unless the command and
runuser were set. These may not be known at the time a parse (Only the first 15 lines of the commit message are shown above ) |
1.9.10 04 Mar 2022 15:04:25 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.10
PR: 262331
Approved by: garga (maintainer) |
1.9.9 02 Feb 2022 11:04:53 |
Renato Botelho (garga) Author: Yasuhiro Kimura |
security/sudo: Update to 1.9.9
PR: 261529
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.8p2 30 Sep 2021 13:51:29 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.8p2
Major changes between sudo 1.9.8p2 and 1.9.8p1:
* Fixed a potential out-of-bounds read with "sudo -i" when the
target user's shell is bash. This is a regression introduced
in sudo 1.9.8. Bug #998.
* sudo_logsrvd now only sends a log ID for first command of a session.
There is no need to send the log ID for each sub-command.
* Fixed a few minor memory leaks in intercept mode.
* Fixed a problem with sudo_logsrvd in relay mode if "store_first"
was enabled when handling sub-commands. A new zero-length journal
file was created for each sub-command instead of simply using
the existing journal file.
PR: 258666
Submitted by: cy
Reported by: cy
Approved by: garga (maintainer)
MFH: 2021Q3 |
1.9.8p1 17 Sep 2021 15:33:01 |
Cy Schubert (cy) |
security/sudo: Update to 1.9.8p1 to fix LDAP SEGFAULT
Sudo version 1.9.8 patchelevel 1 is now available which fixes a few
regressions introduced in sudo 1.9.8.
Source:
https://www.sudo.ws/dist/sudo-1.9.8p1.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.8p1.tar.gz
SHA256 checksum:
0939ee24df7095a92e0ca4aa3bd53b2a10965a7b921d51a26ab70cdd24388d69
MD5 checksum:
ae9c8b32268f27d05bcdcb8f0c04d461
Binary packages: (Only the first 15 lines of the commit message are shown above ) |
1.9.8 14 Sep 2021 16:50:22 |
Cy Schubert (cy) |
securty/sudo: Update to 1.9.8
Major changes between sudo 1.9.8 and 1.9.7p2:
* It is now possible to transparently intercepting sub-commands
executed by the original command run via sudo. Intercept support
is implemented using LD_PRELOAD (or the equivalent supported by
the system) and so has some limitations. The two main limitations
are that only dynamic executables are supported and only the
execl, execle, execlp, execv, execve, execvp, and execvpe library
functions are currently intercepted. Its main use case is to
support restricting privileged shells run via sudo.
To support this, there is a new "intercept" Defaults setting and
an INTERCEPT command tag that can be used in sudoers. For example: (Only the first 15 lines of the commit message are shown above ) |
1.9.7p2 13 Aug 2021 13:10:44 |
Renato Botelho (garga) Author: Yasuhiro Kimura |
security/sudo: Update to 1.9.7p2
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.7p1 14 Jun 2021 16:04:01 |
Cy Schubert (cy) |
securty/sudo: Update to 1.9.7p1
Major changes between sudo 1.9.7p1 and 1.9.7
* Fixed an SELinux sudoedit bug when the edited temporary file
could not be opened. The sesh helper would still be run even
when there are no temporary files available to install.
* Fixed a compilation problem on FreeBSD.
* The sudo_noexec.so file is now built as a module on all systems
other than macOS. This makes it possible to use other libtool
implementations such as slibtool. On macOS shared libraries and
modules are not interchangeable and the version of libtool shipped
with sudo must be used. (Only the first 15 lines of the commit message are shown above ) |
1.9.7 18 May 2021 20:07:09 |
Cy Schubert (cy) |
security/sudo: update to 1.9.7
Among other changes this release fixes -fcommon errors. A complete list
of changes can be found at https://www.sudo.ws/stable.html/
PR: 255812
Submitted by: Yasuhiro Kimura <[email protected]> (mostly)
Reported by: Yasuhiro Kimura <[email protected]>
Tested by: cy
Approved by: garga (maintainer)
MFH: 2021Q2 |
1.9.6p1 06 Apr 2021 14:31:13 |
Mathieu Arnold (mat) |
all: Remove all other $FreeBSD keywords. |
1.9.6p1 06 Apr 2021 14:31:07 |
Mathieu Arnold (mat) |
Remove # $FreeBSD$ from Makefiles. |
1.9.6p1 17 Mar 2021 11:56:41 |
garga |
security/sudo: Update to 1.9.6p1
PR: 254260
Submitted by: Yasuhiro Kimura <[email protected]>
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.9.5p2 26 Jan 2021 20:15:31 |
cy |
security/sudo - update 1.9.5p1 to 1.9.5p2
(text/plain)
Sudo version 1.9.5p2 is now available which fixes CVE-2021-3156
(aka Baron Samedit), a severe security vulnerability in sudo versions
1.8.2 through 1.9.5p1. For more details, see:
https://www.sudo.ws/alerts/unescape_overflow.html
https://www.openwall.com/lists/oss-security/2021/01/26/3
Source:
https://www.sudo.ws/dist/sudo-1.9.5p2.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p2.tar.gz
SHA256 539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978
MD5 e6bc4c18c06346e6b3431637a2b5f3d5
(Only the first 15 lines of the commit message are shown above ) |
1.9.5p1 12 Jan 2021 12:40:23 |
garga |
security/sudo: Update to 1.9.5p1
This version fixes a regression introduced by 1.9.5
Changelog: https://www.sudo.ws/stable.html#1.9.5p1
PR: 252598
Submitted by: cy
MFH: 2021Q1
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.9.5 11 Jan 2021 20:06:29 |
cy |
Update 1.9.4p2 --> 1.9.5
PR: 252583
Submitted by: cy
Reported by: cy
Approved by: garga (maintainer)
MFH: 2021Q1
Security: CVE-2021-23239 |
1.9.4p2 21 Dec 2020 16:54:42 |
garga |
security/sudo: Fix version
Use PORTVERSION here to end up with 1.9.4p2, which is considered newer than
previous one (1.9.4_1)
Reported by: ohauer <[email protected]> |
1.9.4.p2 21 Dec 2020 12:44:16 |
garga |
security/sudo: Update to 1.9.4p2
PR: 251930
Submitted by: Yasuhiro Kimura <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.9.4_1 07 Dec 2020 12:43:25 |
garga |
security/sudo: Fix build without sendmail
PR: 251582
Reported by: Alexander Kuznetsov <[email protected]>
Obtained from: https://www.sudo.ws/repos/sudo/raw-rev/41db1aad85bb
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.9.4 04 Dec 2020 12:32:14 |
garga |
security/sudo: Update to 1.9.4
PR: 251488
Submitted by: Yasuhiro KIMURA <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.9.3p1 18 Nov 2020 12:22:20 |
rene |
security/sudo: readd option for SSSD, reverting r553505 |
1.9.3p1 27 Oct 2020 22:17:10 |
rene |
security/sudo: remove optional expired dependency on security/sssd |
1.9.3p1 24 Sep 2020 18:53:54 |
garga |
security/sudo: Update to 1.9.3p1
PR: 249566
Submitted by: Yasuhiro KIMURA <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.9.3 22 Sep 2020 13:25:17 |
garga |
security/sudo: Update to 1.9.3
PR: 249511
Submitted by: Yasuhiro KIMURA <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.9.2 22 Jul 2020 17:17:21 |
cy |
Update 1.9.1 --> 1.9.2
Major changes between sudo 1.9.2 and 1.9.1
* The configure script now uses pkg-config to find the openssl
cflags and libs where possible.
* The contents of the log.json I/O log file is now documented in
the sudoers manual.
* The sudoers plugin now properly exports the sudoers_audit symbol
on systems where the compiler lacks symbol visibility controls.
This caused a regression in 1.9.1 where a successful sudo command
was not logged due to the missing audit plugin. Bug #931.
* Fixed a regression introduced in 1.9.1 that can result in crash
when there is a syntax error in the sudoers file. Bug #934.
PR: 248179
Submitted by: cy
Reported by: cy
Approved by: garga
Obtained from: sudo-announce mailing list
MFH: 2020Q3 (because of regression fix) |
1.9.1 19 Jun 2020 14:22:34 |
garga |
security/sudo: Update to 1.9.1
* Add new option PYTHON that enables python plugin support
PR: 246472
Submitted by: Yasuhiro KIMURA <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.31p1 28 Mar 2020 09:32:15 |
amdmi3 |
- Update WWW
Approved by: portmgr blanket |
1.8.31p1 18 Mar 2020 14:01:53 |
garga |
security/sudo: Update to 1.8.31p1
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.31 31 Jan 2020 13:59:20 |
cy |
security/sudo update 1.8.30 --> 1.8.31
PR: 243745
Submitted by: cy@
Reported by: cy@
Approved by: garga@
MFH: 2020Q1
Security: CVE-2019-18634 |
1.8.30 02 Jan 2020 18:18:39 |
cy |
Update 1.8.29 --> 1.8.30
PR: 243009
Submitted by: cy
Approved by: garga (maintainer)
MFH: 2020Q1 |
1.8.29 29 Oct 2019 18:42:28 |
garga |
security/sudo: Update to 1.8.29
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.28p1 16 Oct 2019 18:52:21 |
garga |
security/sudo: Fix wrong version added in r514607 using PORTVERSION
Reported by: Herbert J. Skuhra <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.28.p1 16 Oct 2019 18:37:52 |
garga |
security/sudo: Update to 1.8.28p1
MFH: 2019Q4
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.28 14 Oct 2019 16:46:28 |
garga |
security/sudo: Update to 1.8.28
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.27_1 22 Jan 2019 13:51:16 |
garga |
security/sudo: Fix listpw=never
When listpw=never is set, 'sudo -l' is expected to run without asking for a
password.
PR: 234756
Reported by: [email protected]
Obtained from: https://bugzilla.sudo.ws/show_bug.cgi?id=869
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.27 14 Jan 2019 12:52:00 |
cy |
Update 1.8.26 --> 1.8.27
Notable changes:
* Fixes and clarifications to the sudo plugin documentation.
* The sudo manuals no longer require extensive post-processing to
hide system-specific features. Conditionals in the roff source
are now used instead. This fixes corruption of the sudo manual
on systems without BSD login classes. Bug #861.
* If an I/O logging plugin is configured but the plugin does not
actually log any I/O, sudo will no longer force the command to
be run in a pseudo-tty.
(Only the first 15 lines of the commit message are shown above ) |
1.8.26 14 Nov 2018 15:33:04 |
garga |
security/sudo: Update to 1.8.26
PR: 233206 (based on)
Submitted by: Yasuhiro KIMURA <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.25p1 13 Sep 2018 16:49:51 |
garga |
Update security/sudo to 1.8.25p1
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.25 04 Sep 2018 11:42:58 |
garga |
security/sudo: Update to 1.8.25
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.24 20 Aug 2018 14:23:53 |
garga |
security/sudo: Update to 1.8.24
PR: 230739
Submitted by: Yasuhiro KIMURA <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.23_2 03 May 2018 18:57:15 |
garga |
Add --rundir definition to CONFIGURE_ARGS to make sure configure script uses
/var/run/sudo. Without it, on a system that has /run directory, configure
will by default define rundir to /run/sudo
Reported by: Walter Schwarzenfeld <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.23_1 03 May 2018 12:36:26 |
garga |
Fix PLIST without LDAP
PR: 227926
Reported by: O. Hartmann
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.23 02 May 2018 13:09:38 |
garga |
Update security/sudo to 1.8.23
PR: 227900
Submitted by: Yasuhiro KIMURA <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.22_5 24 Apr 2018 16:52:49 |
garga |
Add a new version of the patch committed in r468197 that fixes a regression
introduced by that version.
PR: 223587
Submitted by: Todd C. Miller <[email protected]>
Reported by: [email protected]
Obtained from: https://bugzilla.sudo.ws/show_bug.cgi?id=831
MFH: 2018Q2
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.22_4 24 Apr 2018 11:07:12 |
garga |
Add a patch to fix cryptographic digest in command specification for shell
scripts and other interpreted files. Error happens because fexecve() requires
/dev/fd to be mounted. This patch detects if /dev/fd/N exists before attempt
to use fexecve and workaround the issue.
PR: 223587
Submitted by: Todd C. Miller <[email protected]>
Reported by: [email protected]
Obtained from: https://bugzilla.sudo.ws/show_bug.cgi?id=831
MFH: 2018Q2
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.22_3 23 Apr 2018 18:43:45 |
garga |
Last commit was supposed to be a local change for testing. Patch was not yet
ready for production. Reverting it for now. |
1.8.22_2 23 Apr 2018 18:40:50 |
garga |
Add a patch to fix cryptographic digest in command specification for shell
scripts and other interpreted files. Error happens because fexecve() requires
/dev/fd to be mounted. This patch detects if /dev/fd/N exists before attempt
to use fexecve and workaround the issue.
PR: 223587
Submitted by: Todd C. Miller <[email protected]>
Reported by: [email protected]
Obtained from: https://www.sudo.ws/repos/sudo/rev/30f7c5d64104
MFH: 2018Q2
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.22_1 19 Apr 2018 13:11:34 |
garga |
- Add new options to security/sudo to make it possible to build it with
kerberos support.
- Bump PORTREVISION
PR: 225498
Submitted by: Cullum Smith <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.22 19 Apr 2018 13:09:58 |
garga |
Add an example of prompt that shows which user password is being expected.
It's useful when targetpw option is set to avoid confusion. PORTREVISION was
not bumped because a new commit is going to happen soon with one more change
and it will bump it.
PR: 221264
Submitted by: Rebecca Cran <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.22 17 Jan 2018 15:07:51 |
garga |
Update security/sudo to 1.8.22
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.21p2_1 13 Nov 2017 16:58:14 |
brd |
Pull in an upstream patch for security/sudo to not coredump if the hostname is
not set.
PR: 222510
Approved by: garga |
1.8.21p2 18 Sep 2017 16:47:41 |
garga |
Update security/sudo to 1.8.21p2
PR: 222194
Submitted by: Yasuhiro KIMURA <[email protected]>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.21p1 05 Sep 2017 17:15:29 |
garga |
Update security/sudo to 1.8.21p1 |
1.8.21 29 Aug 2017 10:30:33 |
garga |
- Update security/sudo to 1.8.21
PR: 221874
Submitted by: Yasuhiro KIMURA <[email protected]>
bdrewery (SIGINFO fix)
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.8.20p2_3 11 Aug 2017 18:32:58 |
bdrewery |
- Fix sudo sending a 2nd SIGINFO on ^T to processes, which is already
handled by the kernel sending it to the entire controlling terminal's
process group.
- This fixes ^T with 'sudo poudriere ...' showing a status log twice.
- This is intended to be upstreamed.
Approved by: garga (maintainer)
Tested by: swills, bdrewery
Reviewed/Discussed with: kib
Reported by: kwm, swills, bapt, dim, kib, many others
MFH: 2017Q3 |
1.8.20p2_2 27 Jun 2017 13:49:53 |
garga |
Fix the way ${PREFIX}/etc/sudoers.d is handled removing the workaround added in
r260609 and using @dir
PR: 220234
Submitted by: Jose Luis Duran <[email protected]>
Sponsored by: Rubicon Communications (Netgate) |
1.8.20p2_1 15 Jun 2017 11:01:34 |
mat |
Starting in 1.8.20, the sample sudoers file has been installed twice,
once as sudoers.sample and once as sudoers.dist. Remove one of them.
PR: 219708
Submitted by: mat
Approved by: maintainer timeout
Sponsored by: Absolight |
1.8.20p2 10 Jun 2017 14:10:26 |
garga |
Update security/sudo to 1.8.20p2
Sponsored by: Rubicon Communications (Netgate) |
1.8.20p1 31 May 2017 12:42:02 |
cy |
Update 1.8.20 --> 1.8.20p1
This release fixes a potential security issue that may allow a user to
bypass the "tty_ticket" constraints or overwrite an arbitrary file.
The issue is reported to only be present on Linux systems but I don't
think it hurts to update the FreeBSD port at this time.
Approved by: garga@ (maintainer)
MFH: 2017Q2
Differential Revision: D10997 |
1.8.20 11 May 2017 17:03:08 |
garga |
Update security/sudo to 1.8.20
Sponsored by: Rubicon Communications (Netgate) |
1.8.19p2 16 Jan 2017 13:38:38 |
cy |
Update 1.8.19p1 --> 1.8.19p2.
Major changes between sudo 1.8.19p2 and 1.8.19p1:
* Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address
or network is used in a host-based Defaults entry. Bug #766
* Added a missing check for the ignore_iolog_errors flag when
the sudoers plugin generates the I/O log file path name.
* Fixed a typo in sudo's vsyslog() replacement that resulted in
garbage being logged to syslog.
Approved by: garga (maintainer)
MFH: 2917Q1
Differential Revision: D9181 |