8F7CF4A62D9561249564F76E734322A6 aixtools.sudo.188.8.131.52.I A9DC4055719BF5D3EE23E27D193DB4A8 aixtools.sudo.184.108.40.206.I 42967B824E040568B11397D3799C93D4 aixtools.sudo.220.127.116.11.I
Version: 1.8.20 Released: May 10, 2017 Sources from: https://www.sudo.ws/stable.html Depends on: AIX 5.3 TL7
RELEASE: May 30, 2017
Did not repackage this as it is reported to only be an issue on LINUX (and SELINUX?)
Sudo version 1.8.20p1 is now available. This release fixes a potential security issue that may allow a user to bypass the "tty_ticket" constraints or overwrite an arbitrary file. The issue is only present on Linux systems. ... Major changes between sudo 1.8.20p1 and 1.8.20: * Fixed "make check" when using OpenSSL or GNU crypt. Bug #787. * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux when the process name contains spaces. Since the user has control over the command name, this could potentially be used by a user with sudo access to overwrite an arbitrary file on systems with SELinux enabled. Also stop performing a breadth-first traversal of /dev when looking for the device; only a hard-coded list of directories are checked,
--Michael Felt (talk) 16:11, 11 May 2017 (UTC) working hard to improve sudo for AIX (in the background in contact with Todd Miller about getting sudo RBAC aware). Maybe this will show up in version 1.8.21, maybe 1.8.22 - time (available) shall tell.
For this release I have changed the "configure" settings a bit. My goal is to have all AIX host based (AIX packaging terms "root") sudo related files somewhere in /var/sudo rather than in /etc. The "usr" files are somewhere in /opt. FYI: this is not special for sudo - I try and package everything with key config files in /var/APPL/etc (rather than /etc), and further.
For sudo this does become a longish "configure" statement. You can verify the settings with sudo -V.
Sudo version 1.8.20 Configure options: --prefix=/opt --sysconfdir=/var/sudo/etc --sharedstatedir=/var/sudo/com\ --localstatedir=/var/sudo --mandir=/usr/share/man --infodir=/opt/share/info/sudo --with-man\ --disable-rpath --with-pam-login --disable-root-mailer --disable-shadow --enable-log-host\ --disable-noargs-shell --enable-shell-sets-home --disable-path-info --enable-env-reset --disable-nls\ --with-aixauth --with-pam --with-logging=both --with-logpath=/var/sudo/log --with-ignore-dot\ --with-mail-if-no-host --with-mail-if-noperms --with-rundir=/var/sudo/run --with-vardir=/var/sudo/var\ --with-umask=027 --with-editor=/usr/bin/vi --with-env-editor
Sudoers policy plugin version 1.8.20 Sudoers file grammar version 46
--Michael Felt (talk) 14:41, 27 January 2017 (UTC) Added lots of 'specifications' -- because they look nice. If you need something different contact me via the forums and/or try twitter. The .20 is to give p2 a value AIX packaging can work with.
$ ../src/sudo-18.104.22.168/configure --prefix=/opt --sysconfdir=/var/sudo/etc --sharedstatedir=/var/sudo/com --localstatedir=/var/sudo --mandir=/usr/share/man --infodir=/opt/share/info/sudo --with-pc-insults --with-man --with-pam-login --disable-root-mailer --disable-shadow --disable-root-sudo --enable-log-host --disable-noargs-shell --enable-shell-sets-home --disable-path-info --enable-env-reset --disable-nls --with-aixauth --with-pam --with-logging=both --with-logpath=/var/log/sudo --with-ignore-dot --with-mail-if-no-host --with-mail-if-noperms --with-rundir=/var/sudo/run --with-vardir=/var/sudo --with-umask=027
$ ../src/sudo-1.8.16/configure --prefix=/opt --sysconfdir=/var/sudo/etc --sharedstatedir=/var/sudo/com --localstatedir=/var/sudo --mandir=/usr/share/man --infodir=/opt/share/info/sudo
Note: the fileset (internal-name) for both sudo and sudo-ldap versions is the same - so you can force install one over the other. Do not have both versions in one directory - I have no idea which one installp will choose to install
Note: in the near-future I will change the fileset name of sudo-ldap from aixtools.sudo to aixtools.sudo-ldap