pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/sudo Update to sudo 1.8.30beta3
details: https://anonhg.NetBSD.org/pkgsrc/rev/6726d5225265
branches: trunk
changeset: 346090:6726d5225265
user: kim <kim%pkgsrc.org@localhost>
date: Sat Dec 28 20:43:56 2019 +0000
description:
Update to sudo 1.8.30beta3
* Portability fixes from pkgsrc have been merged upstream
* Add runas_check_shell flag to require a runas user to have a valid
shell. Not enabled by default.
* Add a new flag "allow_unknown_runas_id" to control matching of unknown
IDs. Previous, sudo would always allow unknown user or group IDs if
the sudoers entry permitted it. This included the "ALL" alias. With
this change, the admin must explicitly enable support for unknown IDs.
* Transparently handle the "sudo sudoedit" problem. Some admin are
confused about how to give users sudoedit permission and many users
try to run sudoedit via sudo instead of directly. If the user runs
"sudo sudoedit" sudo will now treat it as plain "sudoedit" after
issuing a warning. If the admin has specified a fully-qualified path
for sudoedit in sudoers, sudo will treat it as just "sudoedit" and
match accordingly. In visudo (but not sudo), a fully-qualified path
for sudoedit is now treated as an error.
* When restoring old resource limits, try to recover if we receive
EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft
limit is lower than the current resource usage. This can be a problem
when restoring the old stack limit if sudo has raised it.
* Restore resource limits before executing the askpass program. Linux
with docker seems to have issues executing a program when the stack
size is unlimited. Bug #908
* macOS does not allow rlim_cur to be set to RLIM_INFINITY for
RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS
setrlimit manual. Bug #904
* Use 64-bit resource limits on AIX.
diffstat:
security/sudo/Makefile | 7 +-
security/sudo/distinfo | 26 +--
security/sudo/patches/patch-Makefile.in | 10 +-
security/sudo/patches/patch-configure | 26 +-
security/sudo/patches/patch-include_sudo__compat.h | 20 --
security/sudo/patches/patch-include_sudo__event.h | 16 --
security/sudo/patches/patch-lib_util_sig2str.c | 23 --
security/sudo/patches/patch-lib_util_str2sig.c | 31 ---
security/sudo/patches/patch-plugins_sudoers_Makefile.in | 10 +-
security/sudo/patches/patch-plugins_sudoers_logging.c | 16 --
security/sudo/patches/patch-plugins_sudoers_starttime.c | 15 -
security/sudo/patches/patch-plugins_sudoers_sudoers.c | 37 ----
security/sudo/patches/patch-src_Makefile.in | 8 +-
security/sudo/patches/patch-src_limits.c | 126 ----------------
14 files changed, 40 insertions(+), 331 deletions(-)
diffs (truncated from 532 to 300 lines):
diff -r a3be75d94164 -r 6726d5225265 security/sudo/Makefile
--- a/security/sudo/Makefile Sat Dec 28 20:00:16 2019 +0000
+++ b/security/sudo/Makefile Sat Dec 28 20:43:56 2019 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.173 2019/12/19 16:59:44 kim Exp $
+# $NetBSD: Makefile,v 1.174 2019/12/28 20:43:56 kim Exp $
-DISTNAME= sudo-1.8.29
-PKGREVISION= 2
+DISTNAME= sudo-1.8.30b3
+PKGNAME= ${DISTNAME:S/b/beta/}
CATEGORIES= security
MASTER_SITES= https://www.sudo.ws/dist/
+MASTER_SITES= https://www.sudo.ws/dist/beta/
MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/
MASTER_SITES+= ftp://ftp.twaren.net/Unix/Security/Sudo/
diff -r a3be75d94164 -r 6726d5225265 security/sudo/distinfo
--- a/security/sudo/distinfo Sat Dec 28 20:00:16 2019 +0000
+++ b/security/sudo/distinfo Sat Dec 28 20:43:56 2019 +0000
@@ -1,18 +1,10 @@
-$NetBSD: distinfo,v 1.106 2019/12/19 16:59:44 kim Exp $
+$NetBSD: distinfo,v 1.107 2019/12/28 20:43:56 kim Exp $
-SHA1 (sudo-1.8.29.tar.gz) = fdce342856f1803478eb549479190370001dca95
-RMD160 (sudo-1.8.29.tar.gz) = 706c7c8ec2a90b2e464e138384335b7de91d1c25
-SHA512 (sudo-1.8.29.tar.gz) = ea780922b2afb47df4df4b533fb355fd916cb18a6bfd13c7ca36a25b03ef585d805648c6fa85692bea363b1f83664ac3bc622f99bcd149b3a86f70522eb4d340
-Size (sudo-1.8.29.tar.gz) = 3338260 bytes
-SHA1 (patch-Makefile.in) = 279c7ad0f7f85ea7bc2d4beb5aa21abdf6237a7c
-SHA1 (patch-configure) = 460b9575346c263b944535aa8e2408e959840c77
-SHA1 (patch-include_sudo__compat.h) = 4f9b021ebdd507949f13e289deabdb6090ab334c
-SHA1 (patch-include_sudo__event.h) = 4d0787a45c2c7d4a7d3ae3111ccb3a4a4b84d083
-SHA1 (patch-lib_util_sig2str.c) = e5636d9e414fc9354cd238751fa4a00026320dd3
-SHA1 (patch-lib_util_str2sig.c) = e04aa67cab901e1be10d59bd1b0ee740aa1295b8
-SHA1 (patch-plugins_sudoers_Makefile.in) = 46bbee9c51664357099dc6d6871341de3e3fcc6f
-SHA1 (patch-plugins_sudoers_logging.c) = 700ac9540a82bea4f3106cea941b785e5bd31203
-SHA1 (patch-plugins_sudoers_starttime.c) = acec2f8a96041381582acff4928233568411f2c6
-SHA1 (patch-plugins_sudoers_sudoers.c) = b5aa8a91da50d4b12ea47cd92e29d25ea325b52c
-SHA1 (patch-src_Makefile.in) = cc6398a810dc394d8e4b50f2b2412cda839c0ca9
-SHA1 (patch-src_limits.c) = 790c64fed4a4f406ce07b3d0e806866095c0a5ca
+SHA1 (sudo-1.8.30b3.tar.gz) = 9e674a93413e1e7733b577ea5773a8aba758ae35
+RMD160 (sudo-1.8.30b3.tar.gz) = b9651a87d23fa64eebab9508ab876517ea24b615
+SHA512 (sudo-1.8.30b3.tar.gz) = c765f69d80207d70d0fd64382b33b08a08c59306e8930cd76eeaf907f22d55f6531e6bdf156514d07692bd700cbda6f1fe670c0dd0fa8b844e094f7561632547
+Size (sudo-1.8.30b3.tar.gz) = 3349576 bytes
+SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560
+SHA1 (patch-configure) = 906a90a8e8f5397693d9f410b7715439cf029508
+SHA1 (patch-plugins_sudoers_Makefile.in) = 730193c6437197a7114dd31886050cecdcba6772
+SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39
diff -r a3be75d94164 -r 6726d5225265 security/sudo/patches/patch-Makefile.in
--- a/security/sudo/patches/patch-Makefile.in Sat Dec 28 20:00:16 2019 +0000
+++ b/security/sudo/patches/patch-Makefile.in Sat Dec 28 20:43:56 2019 +0000
@@ -1,10 +1,10 @@
-$NetBSD: patch-Makefile.in,v 1.1 2018/08/14 13:18:38 adam Exp $
+$NetBSD: patch-Makefile.in,v 1.2 2019/12/28 20:43:56 kim Exp $
Don't setuid here.
---- Makefile.in.orig 2015-10-31 23:35:07.000000000 +0000
-+++ Makefile.in
-@@ -63,7 +63,8 @@ SHELL = @SHELL@
+--- Makefile.in.orig 2019-10-28 15:51:30.000000000 +0200
++++ Makefile.in 2019-12-28 21:41:28.028886752 +0200
+@@ -64,7 +64,8 @@
SED = @SED@
INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
@@ -14,7 +14,7 @@
ECHO_N = @ECHO_N@
ECHO_C = @ECHO_C@
-@@ -129,7 +130,7 @@ install-doc: config.status ChangeLog
+@@ -165,7 +166,7 @@
exit $$?; \
done
diff -r a3be75d94164 -r 6726d5225265 security/sudo/patches/patch-configure
--- a/security/sudo/patches/patch-configure Sat Dec 28 20:00:16 2019 +0000
+++ b/security/sudo/patches/patch-configure Sat Dec 28 20:43:56 2019 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-configure,v 1.1 2018/08/14 13:18:38 adam Exp $
+$NetBSD: patch-configure,v 1.2 2019/12/28 20:43:56 kim Exp $
* Add "--with-nbsdops" option, NetBSD standard options.
* Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,9 @@
functions (HAVE_KRB5_*).
* Remove setting sysconfdir to "/etc".
---- configure.orig 2017-05-29 20:33:06.000000000 +0000
-+++ configure
-@@ -865,6 +865,7 @@ with_libpath
+--- configure.orig 2019-12-26 06:24:43.000000000 +0200
++++ configure 2019-12-28 21:41:28.049372280 +0200
+@@ -869,6 +869,7 @@
with_libraries
with_efence
with_csops
@@ -17,7 +17,7 @@
with_passwd
with_skey
with_opie
-@@ -1571,7 +1572,7 @@ Fine tuning of the installation director
+@@ -1581,7 +1582,7 @@
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
@@ -26,7 +26,7 @@
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
-@@ -1674,6 +1675,7 @@ Optional Packages:
+@@ -1694,6 +1695,7 @@
--with-libraries additional libraries to link with
--with-efence link with -lefence for malloc() debugging
--with-csops add CSOps standard options
@@ -34,7 +34,7 @@
--without-passwd don't use passwd/shadow file for authentication
--with-skey[=DIR] enable S/Key support
--with-opie[=DIR] enable OPIE support
-@@ -4746,6 +4748,23 @@ fi
+@@ -4797,6 +4799,23 @@
@@ -58,7 +58,7 @@
# Check whether --with-passwd was given.
if test "${with_passwd+set}" = set; then :
withval=$with_passwd; case $with_passwd in
-@@ -15770,7 +15789,7 @@ fi
+@@ -15925,7 +15944,7 @@
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
@@ -67,7 +67,7 @@
shadow_funcs="getspnam"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
# Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
-@@ -17995,7 +18014,7 @@ if test "x$ac_cv_header_login_cap_h" = x
+@@ -18163,7 +18182,7 @@
_ACEOF
LOGINCAP_USAGE='[-c class] '; LCMAN=1
case "$OS" in
@@ -76,7 +76,7 @@
SUDO_LIBS="${SUDO_LIBS} -lutil"
SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
;;
-@@ -22483,10 +22502,9 @@ if test ${with_pam-"no"} != "no"; then
+@@ -22993,10 +23012,9 @@
# Check for pam_start() in libpam first, then for pam_appl.h.
#
found_pam_lib=no
@@ -89,7 +89,7 @@
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-@@ -22510,18 +22528,17 @@ return pam_start ();
+@@ -23020,18 +23038,17 @@
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
@@ -113,7 +113,7 @@
found_pam_lib=yes
fi
-@@ -23256,6 +23273,8 @@ fi
+@@ -23766,6 +23783,8 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
AUTH_OBJS="$AUTH_OBJS kerb5.lo"
fi
@@ -122,7 +122,7 @@
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDOERS_LIBS}"
for ac_func in krb5_verify_user krb5_init_secure_context
-@@ -26426,7 +26445,6 @@ test "$datarootdir" = '${prefix}/share'
+@@ -27026,7 +27045,6 @@
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
diff -r a3be75d94164 -r 6726d5225265 security/sudo/patches/patch-include_sudo__compat.h
--- a/security/sudo/patches/patch-include_sudo__compat.h Sat Dec 28 20:00:16 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-$NetBSD: patch-include_sudo__compat.h,v 1.1 2017/05/31 02:22:02 maya Exp $
-
-Work around missing WCONTINUED/WIFCONTINUED support in
-NetBSD<8
-
---- include/sudo_compat.h.orig 2017-05-10 15:38:43.000000000 +0000
-+++ include/sudo_compat.h
-@@ -304,6 +304,12 @@ extern int errno;
- # define SIG2STR_MAX 32
- #endif
-
-+/* Deficiencies in NetBSD<8 */
-+#ifndef WCONTINUED
-+# define WCONTINUED 0
-+# define WIFCONTINUED(a) 0
-+#endif
-+
- /* WCOREDUMP is not POSIX, this usually works (verified on AIX). */
- #ifndef WCOREDUMP
- # define WCOREDUMP(x) ((x) & 0x80)
diff -r a3be75d94164 -r 6726d5225265 security/sudo/patches/patch-include_sudo__event.h
--- a/security/sudo/patches/patch-include_sudo__event.h Sat Dec 28 20:00:16 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-$NetBSD: patch-include_sudo__event.h,v 1.2 2017/09/12 06:34:22 adam Exp $
-
-Missing include, fixes build error:
-error: field 'timeout' has incomplete type
-struct timeval timeout; /* for SUDO_EV_TIMEOUT */
-
---- include/sudo_event.h.orig 2017-08-23 18:07:28.000000000 +0000
-+++ include/sudo_event.h
-@@ -19,6 +19,7 @@
-
- #include <signal.h> /* for sigatomic_t and NSIG */
- #include "sudo_queue.h"
-+#include <sys/time.h> /* timeval */
-
- /* Event types */
- #define SUDO_EV_TIMEOUT 0x01 /* fire after timeout */
diff -r a3be75d94164 -r 6726d5225265 security/sudo/patches/patch-lib_util_sig2str.c
--- a/security/sudo/patches/patch-lib_util_sig2str.c Sat Dec 28 20:00:16 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
-$NetBSD: patch-lib_util_sig2str.c,v 1.1 2019/10/14 20:05:58 maya Exp $
-
-Handle sysconf(_SC_RTSIG_MAX) not existing (netbsd):
-just assume the static limits is good enough.
-
---- lib/util/sig2str.c.orig 2019-10-10 16:33:03.000000000 +0000
-+++ lib/util/sig2str.c
-@@ -65,6 +65,7 @@ sudo_sig2str(int signo, char *signame)
- #if defined(SIGRTMIN) && defined(SIGRTMAX)
- /* Realtime signal support. */
- if (signo >= SIGRTMIN && signo <= SIGRTMAX) {
-+#ifdef _SC_RTSIG_MAX
- const long rtmax = sysconf(_SC_RTSIG_MAX);
- if (rtmax > 0) {
- if (signo == SIGRTMIN) {
-@@ -79,6 +80,7 @@ sudo_sig2str(int signo, char *signame)
- (SIGRTMAX - signo));
- }
- }
-+#endif
- return 0;
- }
- #endif
diff -r a3be75d94164 -r 6726d5225265 security/sudo/patches/patch-lib_util_str2sig.c
--- a/security/sudo/patches/patch-lib_util_str2sig.c Sat Dec 28 20:00:16 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,31 +0,0 @@
-$NetBSD: patch-lib_util_str2sig.c,v 1.2 2019/10/16 20:25:21 maya Exp $
-
-Handle sysconf(_SC_RTSIG_MAX) not existing (netbsd):
-just assume the static limits is good enough.
-
---- lib/util/str2sig.c.orig 2019-10-10 16:33:03.000000000 +0000
-+++ lib/util/str2sig.c
-@@ -112,7 +112,11 @@ sudo_str2sig(const char *signame, int *r
- }
- if (signame[5] == '+') {
- if (isdigit((unsigned char)signame[6])) {
-+#ifdef _SC_RTSIG_MAX
- const long rtmax = sysconf(_SC_RTSIG_MAX);
-+#else
-+ const long rtmax = SIGRTMAX - SIGRTMIN;
-+#endif
- const int off = signame[6] - '0';
-
- if (rtmax > 0 && off < rtmax / 2) {
-@@ -131,7 +135,11 @@ sudo_str2sig(const char *signame, int *r
- }
- if (signame[5] == '-') {
- if (isdigit((unsigned char)signame[6])) {
-+#ifdef _SC_RTSIG_MAX
- const long rtmax = sysconf(_SC_RTSIG_MAX);
-+#else
-+ const long rtmax = SIGRTMAX - SIGRTMIN;
-+#endif
- const int off = signame[6] - '0';
-
- if (rtmax > 0 && off < rtmax / 2) {
diff -r a3be75d94164 -r 6726d5225265 security/sudo/patches/patch-plugins_sudoers_Makefile.in
--- a/security/sudo/patches/patch-plugins_sudoers_Makefile.in Sat Dec 28 20:00:16 2019 +0000
+++ b/security/sudo/patches/patch-plugins_sudoers_Makefile.in Sat Dec 28 20:43:56 2019 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-plugins_sudoers_Makefile.in,v 1.2 2019/12/15 18:42:10 adam Exp $
+$NetBSD: patch-plugins_sudoers_Makefile.in,v 1.3 2019/12/28 20:43:56 kim Exp $
Do not install the sudoers file to etc.
---- plugins/sudoers/Makefile.in.orig 2019-10-28 12:28:53.000000000 +0000
-+++ plugins/sudoers/Makefile.in
-@@ -394,7 +394,7 @@ pre-install:
- ./visudo -c -f $(sudoersdir)/sudoers; \
+--- plugins/sudoers/Makefile.in.orig 2019-12-25 21:21:05.000000000 +0200
++++ plugins/sudoers/Makefile.in 2019-12-28 22:01:00.540953438 +0200
+@@ -396,7 +396,7 @@
Home |
Main Index |
Thread Index |
Old Index