Notable changes:
* Fixes and clarifications to the sudo plugin documentation.
* The sudo manuals no longer require extensive post-processing to
hide system-specific features. Conditionals in the roff source
are now used instead. This fixes corruption of the sudo manual
on systems without BSD login classes. Bug #861.
* If an I/O logging plugin is configured but the plugin does not
actually log any I/O, sudo will no longer force the command to
be run in a pseudo-tty.
* The fix for bug #843 in sudo 1.8.24 was incomplete. If the
user's password was expired or needed to be updated, but no sudo
password was required, the PAM handle was freed too early,
resulting in a failure when processing PAM session modules.
* In visudo, it is now possible to specify the path to sudoers
without using the -f option. Bug #864.
* Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx)
file would not be updated when a command was run in a pseudo-tty.
Bug #865.
* Sudo now sets the silent flag when opening the PAM session except
when running a shell via "sudo -s" or "sudo -i". This prevents
the pam_lastlog module from printing the last login information
for each sudo command. Bug #867.
PR: 234904
Submitted by: cy@
Approved by: garga@
MFH: 2019Q1
/var/run/sudo. Without it, on a system that has /run directory, configure
will by default define rundir to /run/sudo
Reported by: Walter Schwarzenfeld <w.schwarzenfeld@utanet.at>
Sponsored by: Rubicon Communications, LLC (Netgate)
scripts and other interpreted files. Error happens because fexecve() requires
/dev/fd to be mounted. This patch detects if /dev/fd/N exists before attempt
to use fexecve and workaround the issue.
PR: 223587
Submitted by: Todd C. Miller <Todd.Miller@sudo.ws>
Reported by: vas@mpeks.tomsk.su
Obtained from: https://bugzilla.sudo.ws/show_bug.cgi?id=831
MFH: 2018Q2
Sponsored by: Rubicon Communications, LLC (Netgate)
scripts and other interpreted files. Error happens because fexecve() requires
/dev/fd to be mounted. This patch detects if /dev/fd/N exists before attempt
to use fexecve and workaround the issue.
PR: 223587
Submitted by: Todd C. Miller <Todd.Miller@sudo.ws>
Reported by: vas@mpeks.tomsk.su
Obtained from: https://www.sudo.ws/repos/sudo/rev/30f7c5d64104
MFH: 2018Q2
Sponsored by: Rubicon Communications, LLC (Netgate)
It's useful when targetpw option is set to avoid confusion. PORTREVISION was
not bumped because a new commit is going to happen soon with one more change
and it will bump it.
PR: 221264
Submitted by: Rebecca Cran <rebecca@bluestop.org>
Sponsored by: Rubicon Communications, LLC (Netgate)
handled by the kernel sending it to the entire controlling terminal's
process group.
- This fixes ^T with 'sudo poudriere ...' showing a status log twice.
- This is intended to be upstreamed.
Approved by: garga (maintainer)
Tested by: swills, bdrewery
Reviewed/Discussed with: kib
Reported by: kwm, swills, bapt, dim, kib, many others
MFH: 2017Q3
once as sudoers.sample and once as sudoers.dist. Remove one of them.
PR: 219708
Submitted by: mat
Approved by: maintainer timeout
Sponsored by: Absolight
This release fixes a potential security issue that may allow a user to
bypass the "tty_ticket" constraints or overwrite an arbitrary file.
The issue is reported to only be present on Linux systems but I don't
think it hurts to update the FreeBSD port at this time.
Approved by: garga@ (maintainer)
MFH: 2017Q2
Differential Revision: D10997
Major changes between sudo 1.8.19p2 and 1.8.19p1:
* Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address
or network is used in a host-based Defaults entry. Bug #766
* Added a missing check for the ignore_iolog_errors flag when
the sudoers plugin generates the I/O log file path name.
* Fixed a typo in sudo's vsyslog() replacement that resulted in
garbage being logged to syslog.
Approved by: garga (maintainer)
MFH: 2917Q1
Differential Revision: D9181
As per sudo announcement:
* Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong
syslog priority and facility being used.
PR: 215447
Submitted by: myself (in pr 215447)
Approved by: garga (maintainer)
From the sudo announcment:
Depending on your sudoers file configuration, the bug fixed in
1.8.18p1 may have a security impact. For more information, see
https://www.sudo.ws/alerts/noexec_wordexp.html
Approved by: garga@ (maintainer)
MFH: 2016Q4
Differential Revision: D8363
a NULL pointer when it looks up a negative cached entry which is stored
as a NULL passwd or group struct pointer
PR: 208198
Submitted by: Fredrik Eriksson <fredrik.eriksson@loopia.se>
Obtained from: https://www.sudo.ws/repos/sudo/rev/1d13341d53ec
Sponsored by: Rubicon Communications (Netgate)
It should fix build when world is built with WITHOUT_SSP
- Bump PORTREVISION
PR: 203380
Submitted by: Kenneth Salerno <kennethsalerno@yahoo.com>
Sponsored by: Rubicon Communications (Netgate)
- Remove patch-plugins__sudoers__Makefile.in, unnecessary on stagedir days
- Remove patch-plugins__sudoers__audit.c, sudo_gettext.h is already included
by sudoers.h
- Rework patch-plugins__sudoers__sudoers.in to replace pkg_* utilities by
pkg on message
