scrypt estimates the amount of available RAM, and ignores RLIMIT_DATA on
systems which have mmap. From tedu@ (http://mail.tarsnap.com/scrypt/msg00263.html):
"...this is the wrong thing to do for OpenBSD. On OpenBSD, rlimit_data
is applied to anonymous mmap (since that's now the heap) for
consistency. RLIMIT_RSS is a vestigal do nothing define."
Issue is fixed by reverting 2b478e7ce5
While here set COMPILER and COMPILER_LANGS to fix building on sparc64
and powerpc (from kmos@, and tested by kmos@ and cwen@).
OK cwen@, "patch looks good to me" tedu@
* Fixed a warning on macOS introduced in sudo 1.8.29 when sudo
attempts to set the open file limit to unlimited. Bug #904.
* Sudo now closes file descriptors before changing uids. This
prevents a non-root process from interfering with sudo's ability
to close file descriptors on systems that support the prlimit(2)
system call.
* Sudo now treats an attempt to run "sudo sudoedit" as simply
"sudoedit". If the sudoers file contains a fully-qualified path
to sudoedit, sudo will now treat it simply as "sudoedit" (with
no path). Visudo will will now treat a fully-qualified path
to sudoedit as an error. Bug #871.
* Fixed a bug introduced in sudo 1.8.28 where sudo would warn about
a missing /etc/environment file on AIX and Linux when PAM is not
enabled. Bug #907
* Fixed a bug on Linux introduced in sudo 1.8.29 that prevented
the askpass program from running due to an unlimited stack size
resource limit. Bug #908.
* If a group provider plugin has optional arguments, the argument list
passed to the plugin is now NULL terminated as per the documentation.
* The user's time stamp file is now only updated if both authentication
and approval phases succeed. This is consistent with the behavior
of sudo prior to version 1.8.23. Bug #910
* The new allow_unknown_runas_id sudoers setting can be used to
enable or disable the use of unknown user or group IDs. Previously,
sudo would always allow unknown user or group IDs if the sudoers
entry permitted it, including via the "ALL" alias. As of sudo
1.8.30, the admin must explicitly enable support for unknown IDs.
* The new runas_check_shell sudoers setting can be used to require
that the runas user have a shell listed in the /etc/shells file.
On many systems, users such as "bin", do not have a valid shell
and this flag can be used to prevent commands from being run as
those users.
* Fixed a problem restoring the SELinux tty context during reboot
if mctransd is killed before sudo finishes. GitHub Issue #17.
* Fixed an intermittent warning on NetBSD when sudo restores the
initial stack size limit.
Significant change since 1.2.1 is that in addition to the scrypt
command-line utility, a library "libscrypt-kdf" is build and installed.
While here:
- Change HOMEPAGE/MASTER_SITES to https
- Enable tests
- Set DEBUG_PACKAGES
OK sthen@
"You wrote a cool network client or server. It encrypts connections
using TLS. Your test suite needs to make TLS connections to itself.
Uh oh. Your test suite probably doesn't have a valid TLS certificate.
Now what?
trustme is a tiny Python package that does one thing: it gives you
a fake certificate authority (CA) that you can use to generate fake
TLS certs to use in your tests. Well, technically they're real
certs, they're just signed by your CA, which nobody trusts. But you
can trust it. Trust me."
Provides a temporary CA for doing TLS tests.
Needed for (at least) the py-aiohttp tests.
Version 0.5.3
OK kn@
- Only new exports added so bump minor.
- Cleanup WANTLIB
- Fix MASTER_SITE URL
- Cleanup plugin configuration
LibreSSL patches from Gentoo developer Stefan Strogin from here:
3e69b18db7
hitch-1.5.2 (2019-11-27)
- Fix a problem introduced in the previous release that prevented us from
running as a non-privileged user (Issue: 322).
hitch-1.5.1 (2019-11-26)
- Support for TCP Fast Open. Is is disabled by default (Issue: 185)
- Various code cleanups and minor bug fixes.
Upstream reworked their privdrop code and I have neither time nor further
interest in maintaining pledge patches, so drop support for it.
- Only new exports added so bump minor.
- Cleanup WANTLIB
- Fix MASTER_SITE URL
- Cleanup plugin configuration
LibreSSL patches from Gentoo developer Stefan Strogin from here:
3e69b18db7
Tested by landry@ with qgis
