pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/sudo Update sudo package to 1.6.9p14.
details: https://anonhg.NetBSD.org/pkgsrc/rev/483638f209de
branches: trunk
changeset: 539688:483638f209de
user: taca <taca%pkgsrc.org@localhost>
date: Tue Mar 11 15:52:51 2008 +0000
description:
Update sudo package to 1.6.9p14.
pkgsrc changes:
- Explict to depends security/heimdal package when kerberos option is
specified. PR pkg/37999 should be fixed.
Change:
646) Sudo will now set the nproc resource limit to unlimited on Linux
systems to work around Linux's setuid() resource limit semantics.
On PAM systems the resource limits will be reset by pam_limits.so
before the command is executed.
647) SELinux support that can be used to implement role based access
control (RBAC). A role and (optional) type may be specified
in sudoers or on the command line. These are then used in the
security context that the command is run as.
648) Fixed a Kerberos 5 compilation problem with MIT Kerberos.
Sudo 1.6.9p13 released.
649) Fixed an invalid assumption in the PAM conversation function
introduced in version 1.6.9p9. The conversation function may
be called for non-password reading purposes as well.
650) Fixed freeing an uninitialized pointer in -l mode, introduced in
version 1.6.9p13.
651) Check /etc/sudoers after LDAP even if the user was found in LDAP.
This allows Defaults options in /etc/sudoers to take effect.
652) Add missing checks for enforcing mode in SELinux RBAC mode.
Sudo 1.6.9p14 released.
diffstat:
security/sudo/Makefile | 7 +++----
security/sudo/distinfo | 15 ++++++++-------
security/sudo/options.mk | 4 +++-
security/sudo/patches/patch-aa | 13 +++++++------
security/sudo/patches/patch-af | 14 +++++++-------
security/sudo/patches/patch-ag | 18 +++++++++---------
security/sudo/patches/patch-ai | 16 ++++++++++++++++
7 files changed, 53 insertions(+), 34 deletions(-)
diffs (214 lines):
diff -r 7f37577cd2ba -r 483638f209de security/sudo/Makefile
--- a/security/sudo/Makefile Tue Mar 11 15:47:27 2008 +0000
+++ b/security/sudo/Makefile Tue Mar 11 15:52:51 2008 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.108 2008/01/22 12:45:24 taca Exp $
+# $NetBSD: Makefile,v 1.109 2008/03/11 15:52:51 taca Exp $
#
-DISTNAME= sudo-1.6.9p12
-PKGREVISION= 1
+DISTNAME= sudo-1.6.9p14
CATEGORIES= security
MASTER_SITES= http://www.courtesan.com/sudo/dist/ \
ftp://ftp.courtesan.com/pub/sudo/ \
@@ -12,7 +11,7 @@
http://netmirror.org/mirror/ftp.sudo.ws/ \
http://www.courtesan.com/sudo/dist/OLD/ \
http://www.courtesan.com/sudo/dist/beta/
-DIST_SUBDIR= ${DISTNAME}-20080122
+DIST_SUBDIR= ${DISTNAME}-200803090
MAINTAINER= kim%tac.nyc.ny.us@localhost
HOMEPAGE= http://www.courtesan.com/sudo/
diff -r 7f37577cd2ba -r 483638f209de security/sudo/distinfo
--- a/security/sudo/distinfo Tue Mar 11 15:47:27 2008 +0000
+++ b/security/sudo/distinfo Tue Mar 11 15:52:51 2008 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.52 2008/01/22 12:45:24 taca Exp $
+$NetBSD: distinfo,v 1.53 2008/03/11 15:52:51 taca Exp $
-SHA1 (sudo-1.6.9p12-20080122/sudo-1.6.9p12.tar.gz) = c2b07c68d2026fb3e7786b2c9a8fb0c519a830f8
-RMD160 (sudo-1.6.9p12-20080122/sudo-1.6.9p12.tar.gz) = fe07ead5c328b35fc0c84946d71469f4620ddd06
-Size (sudo-1.6.9p12-20080122/sudo-1.6.9p12.tar.gz) = 581936 bytes
-SHA1 (patch-aa) = 90e5a64fc621efc5f4bcb4bc3dc0dce44704391f
-SHA1 (patch-af) = c0a594c8b3a665dc0a84f40754a46bcd7e17ea49
-SHA1 (patch-ag) = c3442810139581c003e2c5d911df1bcbdcfc0008
+SHA1 (sudo-1.6.9p14-200803090/sudo-1.6.9p14.tar.gz) = 71ac10f51c1b3d6338ac936fe39be3009ea4dbb4
+RMD160 (sudo-1.6.9p14-200803090/sudo-1.6.9p14.tar.gz) = 8516c9f0a6468e07174ffda310f55013841e3fba
+Size (sudo-1.6.9p14-200803090/sudo-1.6.9p14.tar.gz) = 589298 bytes
+SHA1 (patch-aa) = a843d22064eb6008146443d9e9b7f0a3196705b3
+SHA1 (patch-af) = cd9eac03f4d78a5b9d2702bc7e1952a26ea8ca92
+SHA1 (patch-ag) = a2eb0b1b0aef7325e14cbd5fed8d517b5b4eba2d
+SHA1 (patch-ai) = d28c1288955a443a726928723400b4d32d546b71
diff -r 7f37577cd2ba -r 483638f209de security/sudo/options.mk
--- a/security/sudo/options.mk Tue Mar 11 15:47:27 2008 +0000
+++ b/security/sudo/options.mk Tue Mar 11 15:52:51 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.14 2007/09/26 05:47:46 bjs Exp $
+# $NetBSD: options.mk,v 1.15 2008/03/11 15:52:51 taca Exp $
#
PKG_OPTIONS_VAR= PKG_OPTIONS.sudo
@@ -21,6 +21,8 @@
.endif
.if !empty(PKG_OPTIONS:Mkerberos)
+KRB5_ACCEPTED= heimdal
+IS_BUILTIN.heimdal= no
. include "../../mk/krb5.buildlink3.mk"
CONFIGURE_ARGS+= --without-kerb4
CONFIGURE_ARGS+= --with-kerb5
diff -r 7f37577cd2ba -r 483638f209de security/sudo/patches/patch-aa
--- a/security/sudo/patches/patch-aa Tue Mar 11 15:47:27 2008 +0000
+++ b/security/sudo/patches/patch-aa Tue Mar 11 15:52:51 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.17 2008/01/03 23:17:48 rillig Exp $
+$NetBSD: patch-aa,v 1.18 2008/03/11 15:52:51 taca Exp $
---- Makefile.in.orig 2007-10-26 00:52:02.000000000 +0900
+--- Makefile.in.orig 2008-03-05 21:41:08.000000000 +0900
+++ Makefile.in
-@@ -186,7 +186,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c
+@@ -187,7 +187,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
sudo_noexec.la: sudo_noexec.lo
@@ -11,7 +11,7 @@
# Uncomment the following if you want "make distclean" to clean the parser
@DEV@PARSESRCS = sudo.tab.h sudo.tab.c lex.yy.c def_data.c def_data.h
-@@ -301,20 +301,20 @@ sudoers.man:: sudoers.man.in
+@@ -303,20 +303,20 @@ sudoers.man:: sudoers.man.in
sudoers.cat: sudoers.man
@@ -30,13 +30,14 @@
+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 4511 -s sudo $(DESTDIR)$(sudodir)/sudo
rm -f $(DESTDIR)$(sudodir)/sudoedit
ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
-
- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
+-@SELINUX@ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh
+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0511 -s visudo $(DESTDIR)$(visudodir)/visudo
++@SELINUX@ $(INSTALL) -o $(install_uid) -g $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh
install-noexec: sudo_noexec.la
$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)
-@@ -324,15 +324,15 @@ bininst-noexec: sudo_noexec.la
+@@ -326,15 +326,15 @@ bininst-noexec: sudo_noexec.la
install-sudoers:
test -f $(DESTDIR)$(sudoersdir)/sudoers || \
diff -r 7f37577cd2ba -r 483638f209de security/sudo/patches/patch-af
--- a/security/sudo/patches/patch-af Tue Mar 11 15:47:27 2008 +0000
+++ b/security/sudo/patches/patch-af Tue Mar 11 15:52:51 2008 +0000
@@ -1,16 +1,16 @@
-$NetBSD: patch-af,v 1.19 2007/11/12 11:12:16 taca Exp $
+$NetBSD: patch-af,v 1.20 2008/03/11 15:52:51 taca Exp $
---- configure.in.orig 2007-10-25 01:43:25.000000000 +0900
+--- configure.in.orig 2008-02-20 03:27:32.000000000 +0900
+++ configure.in
-@@ -129,7 +129,6 @@ dnl
- test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
+@@ -142,7 +142,6 @@ else
+ fi
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
dnl
dnl Deprecated --with options (these all warn or generate an error)
-@@ -252,6 +251,19 @@ AC_ARG_WITH(csops, [ --with-csops
+@@ -265,6 +264,19 @@ AC_ARG_WITH(csops, [ --with-csops
;;
esac])
@@ -30,9 +30,9 @@
AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
-@@ -1634,7 +1646,7 @@ fi
+@@ -1661,7 +1673,7 @@ fi
if test ${with_logincap-'no'} != "no"; then
- AC_CHECK_HEADERS(login_cap.h, [
+ AC_CHECK_HEADERS(login_cap.h, [LCMAN=""
case "$OS" in
- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
+ dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil"
diff -r 7f37577cd2ba -r 483638f209de security/sudo/patches/patch-ag
--- a/security/sudo/patches/patch-ag Tue Mar 11 15:47:27 2008 +0000
+++ b/security/sudo/patches/patch-ag Tue Mar 11 15:52:51 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ag,v 1.11 2007/11/12 11:12:16 taca Exp $
+$NetBSD: patch-ag,v 1.12 2008/03/11 15:52:51 taca Exp $
---- configure.orig 2007-10-24 02:19:18.000000000 +0900
+--- configure.orig 2008-02-20 03:27:07.000000000 +0900
+++ configure
-@@ -1436,7 +1436,7 @@ Fine tuning of the installation director
+@@ -1441,7 +1441,7 @@ Fine tuning of the installation director
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
@@ -11,7 +11,7 @@
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
-@@ -1506,6 +1506,7 @@ Optional Packages:
+@@ -1511,6 +1511,7 @@ Optional Packages:
--with-devel add development options
--with-efence link with -lefence for malloc() debugging
--with-csops add CSOps standard options
@@ -19,15 +19,15 @@
--without-passwd don't use passwd/shadow file for authentication
--with-skey=DIR enable S/Key support
--with-opie=DIR enable OPIE support
-@@ -2119,7 +2120,6 @@ shadow_libs_optional=
- test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
+@@ -2138,7 +2139,6 @@ else
+ fi
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
-@@ -2311,6 +2311,23 @@ fi
+@@ -2330,6 +2330,23 @@ fi
@@ -51,9 +51,9 @@
# Check whether --with-passwd was given.
if test "${with_passwd+set}" = set; then
withval=$with_passwd; case $with_passwd in
-@@ -13675,7 +13692,7 @@ if test `eval echo '${'$as_ac_Header'}'`
+@@ -13717,7 +13734,7 @@ if test `eval echo '${'$as_ac_Header'}'`
_ACEOF
-
+ LCMAN=""
case "$OS" in
- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
+ dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil"
diff -r 7f37577cd2ba -r 483638f209de security/sudo/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sudo/patches/patch-ai Tue Mar 11 15:52:51 2008 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ai,v 1.4 2008/03/11 15:52:51 taca Exp $
+
+--- auth/kerb5.c.orig 2008-02-14 07:17:41.000000000 +0900
++++ auth/kerb5.c
+@@ -220,11 +220,7 @@ kerb5_verify(pw, pass, auth)
+
+ done:
+ if (opts) {
+-#ifdef HAVE_HEIMDAL
+- krb5_get_init_creds_opt_free(opts);
+-#else
+ krb5_get_init_creds_opt_free(sudo_context, opts);
+-#endif
+ }
+ if (creds)
+ krb5_free_cred_contents(sudo_context, creds);
Home |
Main Index |
Thread Index |
Old Index