CVS commit: [pkgsrc-2008Q4] pkgsrc/security/sudo

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2008Q4] pkgsrc/security/sudo
From: Matthias Scheler <tron%netbsd.org@localhost>
Date: Thu, 5 Feb 2009 17:00:25 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   tron
Date:           Thu Feb  5 17:00:25 UTC 2009

Modified Files:
        pkgsrc/security/sudo [pkgsrc-2008Q4]: Makefile PLIST distinfo
            options.mk
        pkgsrc/security/sudo/patches [pkgsrc-2008Q4]: patch-aa patch-af
            patch-ag
Removed Files:
        pkgsrc/security/sudo/patches [pkgsrc-2008Q4]: patch-ai

Log Message:
Pullup ticket #2688 - requested by taca
sudo: security update

Revisions pulled up:
- security/sudo/Makefile                        1.114
- security/sudo/PLIST                           1.3
- security/sudo/distinfo                        1.57
- security/sudo/options.mk                      1.16
- security/sudo/patches/patch-aa                1.20
- security/sudo/patches/patch-af                1.21
- security/sudo/patches/patch-ag                1.13
- security/sudo/patches/patch-ai                delete
---
Module Name:    pkgsrc
Committed By:   taca
Date:           Thu Feb  5 13:48:12 UTC 2009

Modified Files:
        pkgsrc/security/sudo: Makefile PLIST distinfo options.mk
        pkgsrc/security/sudo/patches: patch-aa patch-af patch-ag
Removed Files:
        pkgsrc/security/sudo/patches: patch-ai

Log Message:
Update security/sudo package to 1.7.0.

* pkgsrc change: relax restriction to kerberos package.

What's new in Sudo 1.7.0?

 * Rewritten parser that converts sudoers into a set of data structures.
   This eliminates a number of ordering issues and makes it possible to
   apply sudoers Defaults entries before searching for the command.
   It also adds support for per-command Defaults specifications.

 * Sudoers now supports a #include facility to allow the inclusion of other
   sudoers-format files.

 * Sudo's -l (list) flag has been enhanced:
    o applicable Defaults options are now listed
    o a command argument can be specified for testing whether a user
      may run a specific command.
    o a new -U flag can be used in conjunction with "sudo -l" to allow
      root (or a user with "sudo ALL") list another user's privileges.

 * A new -g flag has been added to allow the user to specify a
   primary group to run the command as.  The sudoers syntax has been
   extended to include a group section in the Runas specification.

 * A uid may now be used anywhere a username is valid.

 * The "secure_path" run-time Defaults option has been restored.

 * Password and group data is now cached for fast lookups.

 * The file descriptor at which sudo starts closing all open files is now
   configurable via sudoers and, optionally, the command line.

 * Visudo will now warn about aliases that are defined but not used.

 * The -i and -s command line flags now take an optional command
   to be run via the shell.  Previously, the argument was passed
   to the shell as a script to run.

 * Improved LDAP support.  SASL authentication may now be used in
   conjunction when connecting to an LDAP server.  The krb5_ccname
   parameter in ldap.conf may be used to enable Kerberos.

 * Support for /etc/nsswitch.conf.  LDAP users may now use nsswitch.conf
   to specify the sudoers order.  E.g.:
        sudoers: ldap files
   to check LDAP, then /etc/sudoers.  The default is "files", even
   when LDAP support is compiled in.  This differs from sudo 1.6
   where LDAP was always consulted first.

 * Support for /etc/environment on AIX and Linux.  If sudo is run
   with the -i flag, the contents of /etc/environment are used to
   populate the new environment that is passed to the command being
   run.

 * If no terminal is available or if the new -A flag is specified,
   sudo will use a helper program to read the password if one is
   configured.  Typically, this is a graphical password prompter
   such as ssh-askpass.

 * A new Defaults option, "mailfrom" that sets the value of the
   "From:" field in the warning/error mail.  If unspecified, the
   login name of the invoking user is used.

 * A new Defaults option, "env_file" that refers to a file containing
   environment variables to be set in the command being run.

 * A new flag, -n, may be used to indicate that sudo should not
   prompt the user for a password and, instead, exit with an error
   if authentication is required.

 * If sudo needs to prompt for a password and it is unable to disable
   echo (and no askpass program is defined), it will refuse to run
   unless the "visiblepw" Defaults option has been specified.

 * Prior to version 1.7.0, hitting enter/return at the Password: prompt
   would exit sudo.  In sudo 1.7.0 and beyond, this is treated as
   an empty password.  To exit sudo, the user must press ^C or ^D
   at the prompt.

 * visudo will now check the sudoers file owner and mode in -c (check)
   mode when the -s (strict) flag is specified.


To generate a diff of this commit:
cvs rdiff -r1.113 -r1.113.10.1 pkgsrc/security/sudo/Makefile
cvs rdiff -r1.2 -r1.2.12.1 pkgsrc/security/sudo/PLIST
cvs rdiff -r1.56 -r1.56.10.1 pkgsrc/security/sudo/distinfo
cvs rdiff -r1.15 -r1.15.12.1 pkgsrc/security/sudo/options.mk
cvs rdiff -r1.19 -r1.19.12.1 pkgsrc/security/sudo/patches/patch-aa
cvs rdiff -r1.20 -r1.20.12.1 pkgsrc/security/sudo/patches/patch-af
cvs rdiff -r1.12 -r1.12.12.1 pkgsrc/security/sudo/patches/patch-ag
cvs rdiff -r1.4 -r0 pkgsrc/security/sudo/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/net/libfetch
Next by Date: CVS commit: [pkgsrc-2008Q4] pkgsrc/www/squid27
Previous by Thread: CVS commit: pkgsrc/net/libfetch
Next by Thread: CVS commit: [pkgsrc-2008Q4] pkgsrc/www/squid27
Indexes:

Home | Main Index | Thread Index | Old Index