package/sudo: security bump to version 1.9.5p2
Major changes between sudo 1.9.5p2 and 1.9.5p1
* Buildroot: dropped a patch that was included in the release.
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a partial
write to the server could result the sudo process consuming large
amounts of CPU time due to a cycle in the buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved when
performing PAM authentication. This fixes GSSAPI authentication
when the user has a non-default ccache.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
https://www.sudo.ws/stable.html#1.9.5p2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
projects / buildroot.git / commit