pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/sudo Upgrade to address CVE-2014-0106
details: https://anonhg.NetBSD.org/pkgsrc/rev/45780edbe404
branches: trunk
changeset: 631503:45780edbe404
user: kim <kim%pkgsrc.org@localhost>
date: Sat Mar 08 11:51:56 2014 +0000
description:
Upgrade to address CVE-2014-0106
http://www.sudo.ws/sudo/alerts/env_add.html
What's new in Sudo 1.7.10p8?
* Sudo's exit code now indicates a failure if the user does not
successfully authenticate.
* On HP-UX systems, sudo will now use the pstat() function to
determine the tty instead of ttyname().
* Fixed compilation when --without-iologdir configure option is
specified.
* On systems with BSD login classes, if the user specified a group
(not a user) to run the command as, it was possible to specify
a different login class even when the command was not run as the
super user.
* The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
It also now sets the close on exec flag instead of actually
closing the descriptors to avoid a crash in libdispatch.
* The sudoers plugin will now ignore invalid domain names when
checking netgroup membership. Most Linux systems use the string
"(none)" for the NIS-style domain name instead of an empty string.
* Fixed the logic when checking environment variables on the
command line against the env_check and env_delete blacklists.
This is only a problem when env_reset is disabled in sudoers.
diffstat:
security/sudo/Makefile | 6 +++---
security/sudo/distinfo | 14 +++++++-------
security/sudo/patches/patch-af | 16 ++++++++--------
security/sudo/patches/patch-ag | 20 ++++++++++----------
security/sudo/patches/patch-logging.c | 8 ++++----
5 files changed, 32 insertions(+), 32 deletions(-)
diffs (188 lines):
diff -r 99defd7408dd -r 45780edbe404 security/sudo/Makefile
--- a/security/sudo/Makefile Sat Mar 08 11:46:14 2014 +0000
+++ b/security/sudo/Makefile Sat Mar 08 11:51:56 2014 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.141 2014/02/12 23:18:37 tron Exp $
+# $NetBSD: Makefile,v 1.142 2014/03/08 11:51:56 kim Exp $
#
-DISTNAME= sudo-1.7.10p7
-PKGREVISION= 1
+DISTNAME= sudo-1.7.10p8
+#PKGREVISION= 0
CATEGORIES= security
MASTER_SITES= http://www.sudo.ws/dist/ \
ftp://ftp.sudo.ws/pub/sudo/ \
diff -r 99defd7408dd -r 45780edbe404 security/sudo/distinfo
--- a/security/sudo/distinfo Sat Mar 08 11:46:14 2014 +0000
+++ b/security/sudo/distinfo Sat Mar 08 11:51:56 2014 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.80 2013/07/26 10:48:22 ryoon Exp $
+$NetBSD: distinfo,v 1.81 2014/03/08 11:51:56 kim Exp $
-SHA1 (sudo-1.7.10p7.tar.gz) = b5beb1a470d1f03b3940aff612f5089244dd773a
-RMD160 (sudo-1.7.10p7.tar.gz) = 171e54506c30a85fa642070332db012aba4a6203
-Size (sudo-1.7.10p7.tar.gz) = 1217508 bytes
+SHA1 (sudo-1.7.10p8.tar.gz) = deb83d8ba8f15f70c134c3f3a74e750925aa9f59
+RMD160 (sudo-1.7.10p8.tar.gz) = de3594843c006f7d5d3b21c79dd4115b4823b19d
+Size (sudo-1.7.10p8.tar.gz) = 1220987 bytes
SHA1 (patch-aa) = 0c9c173a26ea72dd06a7d3947a0b3ba6dc00cf40
-SHA1 (patch-af) = 463b1653f3015d08cd4c03b7f29d206d96aa1cc0
-SHA1 (patch-ag) = e0d9efd8afeda339d9cd186ffd6f644b15e8b213
-SHA1 (patch-logging.c) = 26608d7423b77f71f17b37cc87f4b2e75978d7cb
+SHA1 (patch-af) = 3462525bd0863ec5f957173a10839aed2b7cbb69
+SHA1 (patch-ag) = 86f9838045f2bed7eb8e4271553c510be31b7d6b
+SHA1 (patch-logging.c) = a16a9c6020a79cc378c3cfd1c6a1abd2326c8e6d
diff -r 99defd7408dd -r 45780edbe404 security/sudo/patches/patch-af
--- a/security/sudo/patches/patch-af Sat Mar 08 11:46:14 2014 +0000
+++ b/security/sudo/patches/patch-af Sat Mar 08 11:51:56 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-af,v 1.30 2013/07/26 10:48:22 ryoon Exp $
+$NetBSD: patch-af,v 1.31 2014/03/08 11:51:56 kim Exp $
* Add "--with-nbsdops" option, NetBSD standard options.
* Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,9 @@
functions (HAVE_KRB5_*).
* Remove setting sysconfdir to "/etc".
---- configure.in.orig 2013-02-21 15:43:17.000000000 +0000
-+++ configure.in
-@@ -330,6 +330,18 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi
+--- configure.in.orig 2014-03-05 08:08:53.000000000 -0500
++++ configure.in 2014-03-08 06:35:19.000000000 -0500
+@@ -330,6 +330,18 @@
;;
esac])
@@ -28,7 +28,7 @@
AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
-@@ -1725,7 +1737,7 @@ case "$host" in
+@@ -1726,7 +1738,7 @@
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
@@ -37,7 +37,7 @@
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
-@@ -2015,7 +2027,7 @@ SUDO_MAILDIR
+@@ -2016,7 +2028,7 @@
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
case "$OS" in
@@ -46,7 +46,7 @@
;;
esac
])
-@@ -2634,6 +2646,8 @@ if test ${with_kerb5-'no'} != "no"; then
+@@ -2635,6 +2647,8 @@
])
AUTH_OBJS="$AUTH_OBJS kerb5.o"
fi
@@ -55,7 +55,7 @@
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDO_LIBS}"
AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
-@@ -3167,7 +3181,6 @@ test "$datarootdir" = '${prefix}/share'
+@@ -3168,7 +3182,6 @@
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
diff -r 99defd7408dd -r 45780edbe404 security/sudo/patches/patch-ag
--- a/security/sudo/patches/patch-ag Sat Mar 08 11:46:14 2014 +0000
+++ b/security/sudo/patches/patch-ag Sat Mar 08 11:51:56 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-ag,v 1.21 2013/07/26 10:48:22 ryoon Exp $
+$NetBSD: patch-ag,v 1.22 2014/03/08 11:51:56 kim Exp $
* Add "--with-nbsdops" option, NetBSD standard options.
* Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,9 @@
functions (HAVE_KRB5_*).
* Remove setting sysconfdir to "/etc".
---- configure.orig 2013-02-21 15:43:29.000000000 +0000
-+++ configure
-@@ -1484,7 +1484,7 @@ Fine tuning of the installation director
+--- configure.orig 2014-03-05 08:09:14.000000000 -0500
++++ configure 2014-03-08 06:35:19.000000000 -0500
+@@ -1484,7 +1484,7 @@
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
@@ -18,7 +18,7 @@
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
-@@ -1569,6 +1569,7 @@ Optional Packages:
+@@ -1569,6 +1569,7 @@
--with-libraries additional libraries to link with
--with-efence link with -lefence for malloc() debugging
--with-csops add CSOps standard options
@@ -26,7 +26,7 @@
--without-passwd don't use passwd/shadow file for authentication
--with-skey=DIR enable S/Key support
--with-opie=DIR enable OPIE support
-@@ -3959,6 +3960,22 @@ $as_echo "$as_me: WARNING: Ignoring unkn
+@@ -3959,6 +3960,22 @@
esac
fi
@@ -49,7 +49,7 @@
# Check whether --with-passwd was given.
-@@ -14233,7 +14250,7 @@ fi
+@@ -14244,7 +14261,7 @@
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
@@ -58,7 +58,7 @@
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
-@@ -15632,7 +15649,7 @@ if test "x$ac_cv_header_login_cap_h" = x
+@@ -15643,7 +15660,7 @@
_ACEOF
LOGINCAP_USAGE='[-c class|-] '; LCMAN=1
case "$OS" in
@@ -67,7 +67,7 @@
;;
esac
-@@ -18569,6 +18586,8 @@ fi
+@@ -18580,6 +18597,8 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
AUTH_OBJS="$AUTH_OBJS kerb5.o"
fi
@@ -76,7 +76,7 @@
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDO_LIBS}"
for ac_func in krb5_verify_user krb5_init_secure_context
-@@ -20313,7 +20332,6 @@ test "$datarootdir" = '${prefix}/share'
+@@ -20324,7 +20343,6 @@
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
diff -r 99defd7408dd -r 45780edbe404 security/sudo/patches/patch-logging.c
--- a/security/sudo/patches/patch-logging.c Sat Mar 08 11:46:14 2014 +0000
+++ b/security/sudo/patches/patch-logging.c Sat Mar 08 11:51:56 2014 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-logging.c,v 1.3 2011/09/18 14:18:25 ryoon Exp $
+$NetBSD: patch-logging.c,v 1.4 2014/03/08 11:51:56 kim Exp $
Make sure CODESET is actually defined, for the sake of
old NetBSD versions
---- logging.c.orig 2011-08-13 17:32:04 +0000
-+++ logging.c
-@@ -573,7 +573,7 @@ send_mail(fmt, va_alist)
+--- logging.c.orig 2013-03-01 11:08:30.000000000 -0500
++++ logging.c 2014-03-08 06:35:19.000000000 -0500
+@@ -691,7 +691,7 @@
(void) fputc(*p, mail);
}
Home |
Main Index |
Thread Index |
Old Index