[pkgsrc/trunk]: pkgsrc/security/sudo security/sudo: update to 1.8.31p2

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d8630422798a
branches:  trunk
changeset: 439402:d8630422798a
user:      taca <taca%pkgsrc.org@localhost>
date:      Sat Sep 19 14:04:29 2020 +0000

description:
security/sudo: update to 1.8.31p2

Update sudo package to 1.8.31p2.


What's new in Sudo 1.8.31p2

 * Sudo command line options that take a value may only be specified
   once.  This is to help guard against problems caused by poorly
   written scripts that invoke sudo with user-controlled input.
   Bug #924.

 * When running a command in a pty, sudo will no longer try to
   suspend itself if the user's tty has been revoked (for instance
   when the parent ssh daemon is killed).  This fixes a bug where
   sudo would continuously suspend the command (which would succeed),
   then suspend itself (which would fail due to the missing tty)
   and then resume the command.

 * If sudo's event loop fails due to the tty being revoked, remove
   the user's tty events and restart the event loop (once).  This
   fixes a problem when running "sudo reboot" in a pty on some
   systems.  When the event loop exited unexpectedly, sudo would
   kill the command running in the pty, which in the case of "reboot",
   could lead to the system being in a half-rebooted state.

 * Fixed a regression introduced in sudo 1.8.23 in the LDAP and
   SSSD back-ends where a missing sudoHost attribute was treated
   as an "ALL" wildcard value.  A sudoRole with no sudoHost attribute
   is now ignored as it was prior to version 1.8.23.

diffstat:

 security/sudo/Makefile                |   4 ++--
 security/sudo/distinfo                |  12 ++++++------
 security/sudo/patches/patch-configure |  28 ++++++++++++++--------------
 3 files changed, 22 insertions(+), 22 deletions(-)

diffs (137 lines):

diff -r 9f42f4c52d73 -r d8630422798a security/sudo/Makefile
--- a/security/sudo/Makefile    Sat Sep 19 14:02:31 2020 +0000
+++ b/security/sudo/Makefile    Sat Sep 19 14:04:29 2020 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.179 2020/04/28 05:29:18 taca Exp $
+# $NetBSD: Makefile,v 1.180 2020/09/19 14:04:29 taca Exp $
 
-DISTNAME=      sudo-1.8.31p1
+DISTNAME=      sudo-1.8.31p2
 CATEGORIES=    security
 MASTER_SITES=  https://www.sudo.ws/dist/
 MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
diff -r 9f42f4c52d73 -r d8630422798a security/sudo/distinfo
--- a/security/sudo/distinfo    Sat Sep 19 14:02:31 2020 +0000
+++ b/security/sudo/distinfo    Sat Sep 19 14:04:29 2020 +0000
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.110 2020/04/28 05:29:18 taca Exp $
+$NetBSD: distinfo,v 1.111 2020/09/19 14:04:29 taca Exp $
 
-SHA1 (sudo-1.8.31p1.tar.gz) = b959be78c815e37d893c5c481975b9793f9ed227
-RMD160 (sudo-1.8.31p1.tar.gz) = ace03e181e4240fde407f5353b363f28a72900c1
-SHA512 (sudo-1.8.31p1.tar.gz) = 9344fd1d8a8445e8afb9c5628cdc832fe32ea29199f071f35fb6ec694371801556df560f4382afec199f468b1f3264ad5e3a89e964612e571b8d911f823724cc
-Size (sudo-1.8.31p1.tar.gz) = 3351312 bytes
+SHA1 (sudo-1.8.31p2.tar.gz) = 53a6dfa90f78bc10615b83b7026bf3ba206c69e9
+RMD160 (sudo-1.8.31p2.tar.gz) = 5ffd8e785095c19c26ad8e3b3d5768669951f777
+SHA512 (sudo-1.8.31p2.tar.gz) = ad1bbbde74d3ab6e947071c6f21e436ebabcf5af11ecc75cde8f0c01ca0b8c6ae1cce2ff42f21612816c636e96722a2a14daa57757644ceab6577091f82242be
+Size (sudo-1.8.31p2.tar.gz) = 3353538 bytes
 SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560
-SHA1 (patch-configure) = 906a90a8e8f5397693d9f410b7715439cf029508
+SHA1 (patch-configure) = 498b1040fceb317c239d050b59b3d1a180598441
 SHA1 (patch-plugins_sudoers_Makefile.in) = 730193c6437197a7114dd31886050cecdcba6772
 SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39
diff -r 9f42f4c52d73 -r d8630422798a security/sudo/patches/patch-configure
--- a/security/sudo/patches/patch-configure     Sat Sep 19 14:02:31 2020 +0000
+++ b/security/sudo/patches/patch-configure     Sat Sep 19 14:04:29 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-configure,v 1.2 2019/12/28 20:43:56 kim Exp $
+$NetBSD: patch-configure,v 1.3 2020/09/19 14:04:29 taca Exp $
 
 * Add "--with-nbsdops" option, NetBSD standard options.
 * Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,9 @@
   functions (HAVE_KRB5_*).
 * Remove setting sysconfdir to "/etc".
 
---- configure.orig     2019-12-26 06:24:43.000000000 +0200
-+++ configure  2019-12-28 21:41:28.049372280 +0200
-@@ -869,6 +869,7 @@
+--- configure.orig     2020-06-12 13:15:11.000000000 +0000
++++ configure
+@@ -870,6 +870,7 @@ with_libpath
  with_libraries
  with_efence
  with_csops
@@ -17,7 +17,7 @@
  with_passwd
  with_skey
  with_opie
-@@ -1581,7 +1582,7 @@
+@@ -1592,7 +1593,7 @@ Fine tuning of the installation director
    --bindir=DIR            user executables [EPREFIX/bin]
    --sbindir=DIR           system admin executables [EPREFIX/sbin]
    --libexecdir=DIR        program executables [EPREFIX/libexec]
@@ -25,8 +25,8 @@
 +  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
    --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
    --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
-   --libdir=DIR            object code libraries [EPREFIX/lib]
-@@ -1694,6 +1695,7 @@
+   --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
+@@ -1706,6 +1707,7 @@ Optional Packages:
    --with-libraries        additional libraries to link with
    --with-efence           link with -lefence for malloc() debugging
    --with-csops            add CSOps standard options
@@ -34,7 +34,7 @@
    --without-passwd        don't use passwd/shadow file for authentication
    --with-skey[=DIR]       enable S/Key support
    --with-opie[=DIR]       enable OPIE support
-@@ -4797,6 +4799,23 @@
+@@ -4809,6 +4811,23 @@ fi
  
  
  
@@ -58,7 +58,7 @@
  # Check whether --with-passwd was given.
  if test "${with_passwd+set}" = set; then :
    withval=$with_passwd; case $with_passwd in
-@@ -15925,7 +15944,7 @@
+@@ -15937,7 +15956,7 @@ fi
                : ${mansectsu='1m'}
                : ${mansectform='4'}
                ;;
@@ -67,7 +67,7 @@
                shadow_funcs="getspnam"
                test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
                # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
-@@ -18163,7 +18182,7 @@
+@@ -18175,7 +18194,7 @@ if test "x$ac_cv_header_login_cap_h" = x
  _ACEOF
   LOGINCAP_USAGE='[-c class] '; LCMAN=1
        case "$OS" in
@@ -76,7 +76,7 @@
                SUDO_LIBS="${SUDO_LIBS} -lutil"
                SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
                ;;
-@@ -22993,10 +23012,9 @@
+@@ -23018,10 +23037,9 @@ if test ${with_pam-"no"} != "no"; then
      # Check for pam_start() in libpam first, then for pam_appl.h.
      #
      found_pam_lib=no
@@ -89,7 +89,7 @@
    $as_echo_n "(cached) " >&6
  else
    ac_check_lib_save_LIBS=$LIBS
-@@ -23020,18 +23038,17 @@
+@@ -23045,18 +23063,17 @@ return pam_start ();
  }
  _ACEOF
  if ac_fn_c_try_link "$LINENO"; then :
@@ -113,7 +113,7 @@
    found_pam_lib=yes
  fi
  
-@@ -23766,6 +23783,8 @@
+@@ -23791,6 +23808,8 @@ fi
  rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
        AUTH_OBJS="$AUTH_OBJS kerb5.lo"
      fi
@@ -122,7 +122,7 @@
      _LIBS="$LIBS"
      LIBS="${LIBS} ${SUDOERS_LIBS}"
      for ac_func in krb5_verify_user krb5_init_secure_context
-@@ -27026,7 +27045,6 @@
+@@ -27051,7 +27070,6 @@ test "$datarootdir" = '${prefix}/share' 
  test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
  test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
  test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'