Fixes for:
o CVE-2019-10218: Client code can return filenames containing path separators.
o CVE-2019-14833: Samba AD DC check password script does not receive the
full password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC
LDAP server via dirsync.
Release notes for 4.9.14 and 4.9.15:
https://www.samba.org/samba/history/samba-4.9.14.htmlhttps://www.samba.org/samba/history/samba-4.9.15.html
Tested by and ok gonzalo@
- enable pre-RFC AES192/256 support ("--enable-blumenthal-aes"),
diff from martijn@ (adds symbols so I added a library minor bump for
this).
- disable hidden dep on lpstat from cups; if present this resulted in
adding a function to libnetsnmpmibs so a major bump is needed for this.
- recognize openbsd 7.x
jcs@ noted that sandbox should be only enabled with --enable-sandbox (what
thunderbird doesn't use).
sets the promises for now to permit quick fix, to permit users to figure what
pledge promises are needed without rebuilding the whole package.
ok landry@ sthen@
- Build with -O1 optimisation on this arch only, to avoid OOM errors
during the build, as advised by sthen@ (thanks!)
- Use ports-gcc instead of ports-clang
OK espie@ (maintainer)
* The cvtsudoers command will now reject non-LDIF input when converting
from LDIF format to sudoers or JSON formats.
* The new log_allowed and log_denied sudoers settings make it possible
to disable logging and auditing of allowed and/or denied commands.
* The umask is now handled differently on systems with PAM or login.conf.
If the umask is explicitly set in sudoers, that value is used regardless
of what PAM or login.conf may specify. However, if the umask is not
explicitly set in sudoers, PAM or login.conf may now override the default
sudoers umask. Bug #900.
* For "make install", the sudoers file is no longer checked for syntax
errors when DESTDIR is set. The default sudoers file includes the
contents of /etc/sudoers.d which may not be readable as non-root.
Bug #902.
* Sudo now sets most resource limits to their maximum value to avoid
problems caused by insufficient resources, such as an inability to
allocate memory or open files and pipes.
* Fixed a regression introduced in sudo 1.8.28 where sudo would refuse
to run if the parent process was not associated with a session.
This was due to sudo passing a session ID of -1 to the plugin.
add first try at the "summary" command.
note that it doesn't simulate the engine completion (yet) so it WILL show
everything that's not built right now
