pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/sudo
Module Name: pkgsrc
Committed By: adam
Date: Tue Aug 14 13:18:38 UTC 2018
Modified Files:
pkgsrc/security/sudo: Makefile PLIST distinfo options.mk
Added Files:
pkgsrc/security/sudo/patches: patch-Makefile.in patch-configure
patch-plugins_sudoers_starttime.c
Removed Files:
pkgsrc/security/sudo/patches: patch-aa patch-af patch-ag
Log Message:
sudo: updated to 1.8.23
Sudo 1.8.23
* PAM account management modules and BSD auto approval modules are
now run even when no password is required.
* For kernel-based time stamps, if no terminal is present, fall
back to parent-pid style time stamps.
* The new cvtsudoers utility replaces both the "sudoers2ldif" script
and the "visudo -x" functionality. It can read a file in either
sudoers or LDIF format and produce JSON, LDIF or sudoers output.
It is also possible to filter the generated output file by user,
group or host name.
* The file, ldap and sss sudoers backends now share a common set
of formatting functions for "sudo -l" output, which is also used
by the cvtsudoers utility.
* The /run directory is now used in preference to /var/run if it
exists.
* More accurate descriptions of the --with-rundir and --with-vardir
configure options.
* The setpassent() and setgroupent() functions are now used on systems
that support them to keep the passwd and group database open.
Sudo performs a lot of passwd and group lookups so it can be
beneficial to avoid opening and closing the files each time.
* The new case_insensitive_user and case_insensitive_group sudoers
options can be used to control whether sudo does case-sensitive
matching of users and groups in sudoers. Case insensitive
matching is now the default.
* Fixed a bug on some systems where sudo could hang on command
exit when I/O logging was enabled.
* Fixed the build-time process start time test on Linux when the
test is run from within a container.
* When determining which temporary directory to use, sudoedit now
checks the directory for writability before using it. Previously,
sudoedit only performed an existence check.
* Sudo now includes an optional set of Monty Python-inspired insults.
* Fixed the execution of scripts with an associated digest (checksum)
in sudoers on FreeBSD systems. FreeBSD does not have a proper
/dev/fd directory mounted by default and its fexecve(2) is not
fully POSIX compliant when executing scripts.
* Chinese (Taiwan) translation for sudo from translationproject.org.
To generate a diff of this commit:
cvs rdiff -u -r1.160 -r1.161 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/sudo/PLIST
cvs rdiff -u -r1.95 -r1.96 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/sudo/options.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/security/sudo/patches/patch-Makefile.in \
pkgsrc/security/sudo/patches/patch-configure \
pkgsrc/security/sudo/patches/patch-plugins_sudoers_starttime.c
cvs rdiff -u -r1.32 -r0 pkgsrc/security/sudo/patches/patch-aa
cvs rdiff -u -r1.34 -r0 pkgsrc/security/sudo/patches/patch-af
cvs rdiff -u -r1.26 -r0 pkgsrc/security/sudo/patches/patch-ag
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/sudo/Makefile
diff -u pkgsrc/security/sudo/Makefile:1.160 pkgsrc/security/sudo/Makefile:1.161
--- pkgsrc/security/sudo/Makefile:1.160 Wed May 2 21:21:10 2018
+++ pkgsrc/security/sudo/Makefile Tue Aug 14 13:18:37 2018
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.160 2018/05/02 21:21:10 wiz Exp $
+# $NetBSD: Makefile,v 1.161 2018/08/14 13:18:37 adam Exp $
-DISTNAME= sudo-1.8.22
-PKGREVISION= 1
+DISTNAME= sudo-1.8.23
CATEGORIES= security
MASTER_SITES= https://www.sudo.ws/dist/
MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
@@ -29,9 +28,11 @@ CONFIGURE_ARGS+= --with-logpath=${VARBAS
CONFIGURE_ENV+= NROFFPROG=${CAT:Q}
CONFIGURE_ENV+= mansectsu=8
CONFIGURE_ENV+= mansectform=5
+TEST_TARGET= check
.include "../../mk/bsd.prefs.mk"
+PLIST_VARS+= noexec
.if ${OPSYS} == "Darwin"
CONFIGURE_ARGS+= --with-noexec=no
CONFIGURE_ENV+= ax_cv_check_cflags___static_libgcc=no
@@ -46,13 +47,10 @@ CFLAGS+= -D_OPENBSD_SOURCE=1
CFLAGS+= -D_INCOMPLETE_XOPEN_C063=1
.endif
-TEST_TARGET= check
-
.include "options.mk"
OWN_DIRS+= ${VARBASE}/run
BUILD_DEFS+= VARBASE
-PLIST_VARS+= ldap nls noexec
DOCDIR= share/doc/${PKGBASE}
EGDIR= share/examples/${PKGBASE}
Index: pkgsrc/security/sudo/PLIST
diff -u pkgsrc/security/sudo/PLIST:1.12 pkgsrc/security/sudo/PLIST:1.13
--- pkgsrc/security/sudo/PLIST:1.12 Wed May 2 07:33:13 2018
+++ pkgsrc/security/sudo/PLIST Tue Aug 14 13:18:37 2018
@@ -1,4 +1,5 @@
-@comment $NetBSD: PLIST,v 1.12 2018/05/02 07:33:13 triaxx Exp $
+@comment $NetBSD: PLIST,v 1.13 2018/08/14 13:18:37 adam Exp $
+bin/cvtsudoers
bin/sudo
bin/sudoedit
bin/sudoreplay
@@ -8,6 +9,7 @@ lib/sudo/libsudo_util.la
${PLIST.noexec}lib/sudo/sudo_noexec.la
lib/sudo/sudoers.la
lib/sudo/system_group.la
+man/man1/cvtsudoers.1
man/man5/sudo.conf.5
man/man5/sudoers.5
${PLIST.ldap}man/man5/sudoers.ldap.5
@@ -30,7 +32,6 @@ share/doc/sudo/UPGRADE
${PLIST.ldap}share/doc/sudo/schema.ActiveDirectory
${PLIST.ldap}share/doc/sudo/schema.OpenLDAP
${PLIST.ldap}share/doc/sudo/schema.iPlanet
-${PLIST.ldap}share/doc/sudo/sudoers2ldif
share/examples/sudo/pam.conf
share/examples/sudo/sudo.conf
share/examples/sudo/sudoers
Index: pkgsrc/security/sudo/distinfo
diff -u pkgsrc/security/sudo/distinfo:1.95 pkgsrc/security/sudo/distinfo:1.96
--- pkgsrc/security/sudo/distinfo:1.95 Wed Mar 7 09:17:06 2018
+++ pkgsrc/security/sudo/distinfo Tue Aug 14 13:18:37 2018
@@ -1,15 +1,15 @@
-$NetBSD: distinfo,v 1.95 2018/03/07 09:17:06 adam Exp $
+$NetBSD: distinfo,v 1.96 2018/08/14 13:18:37 adam Exp $
-SHA1 (sudo-1.8.22.tar.gz) = 44f0588f17392b62af53cf314239bf37c567a9c4
-RMD160 (sudo-1.8.22.tar.gz) = e9ddbd31a2d9669691f71ce8fd9aec675af9107f
-SHA512 (sudo-1.8.22.tar.gz) = 5ce10a9302d25bb726e347499d26a0b3697446cfcdf0fd9094ee35198db7b023d5250a53fdcb4184d1a09f5fd2a78fc645bc8e80f265666b05a91f62f49b0695
-Size (sudo-1.8.22.tar.gz) = 3029051 bytes
-SHA1 (patch-aa) = 63c89e6d4e530ab92b7452f4025fbbf2a45dad65
-SHA1 (patch-af) = db54ce780c174129e2a25a87f3e3a926596c68b2
-SHA1 (patch-ag) = 460b9575346c263b944535aa8e2408e959840c77
+SHA1 (sudo-1.8.23.tar.gz) = 8db5a01eda3a14e8b40af7ee1ed6d38660463430
+RMD160 (sudo-1.8.23.tar.gz) = f24c9115cc6601cc94d78842e8d7c15d2039f19a
+SHA512 (sudo-1.8.23.tar.gz) = a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342
+Size (sudo-1.8.23.tar.gz) = 3150674 bytes
+SHA1 (patch-Makefile.in) = 279c7ad0f7f85ea7bc2d4beb5aa21abdf6237a7c
+SHA1 (patch-configure) = 460b9575346c263b944535aa8e2408e959840c77
SHA1 (patch-include_sudo__compat.h) = 4f9b021ebdd507949f13e289deabdb6090ab334c
SHA1 (patch-include_sudo__event.h) = 4d0787a45c2c7d4a7d3ae3111ccb3a4a4b84d083
SHA1 (patch-plugins_sudoers_Makefile.in) = d8612ac7bf2f5a892d9720c4df91810ca807f4ed
SHA1 (patch-plugins_sudoers_logging.c) = 700ac9540a82bea4f3106cea941b785e5bd31203
+SHA1 (patch-plugins_sudoers_starttime.c) = ab051d327a2b01736ab9ceefe7e6f03e0e2f1ee6
SHA1 (patch-src_Makefile.in) = cc6398a810dc394d8e4b50f2b2412cda839c0ca9
SHA1 (patch-src_sudo__edit.c) = ef411520ccefbd36bb4adf3329e6144e54647372
Index: pkgsrc/security/sudo/options.mk
diff -u pkgsrc/security/sudo/options.mk:1.21 pkgsrc/security/sudo/options.mk:1.22
--- pkgsrc/security/sudo/options.mk:1.21 Wed Mar 7 09:17:06 2018
+++ pkgsrc/security/sudo/options.mk Tue Aug 14 13:18:37 2018
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.21 2018/03/07 09:17:06 adam Exp $
+# $NetBSD: options.mk,v 1.22 2018/08/14 13:18:37 adam Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.sudo
PKG_SUPPORTED_OPTIONS= ldap nls
@@ -13,6 +13,8 @@ PKG_SUGGESTED_OPTIONS.Darwin= pam
.include "../../mk/bsd.options.mk"
+PLIST_VARS+= ldap nls
+
.if !empty(PKG_OPTIONS:Mnls)
. include "../../devel/gettext-lib/buildlink3.mk"
CONFIGURE_ARGS+= --enable-nls
Added files:
Index: pkgsrc/security/sudo/patches/patch-Makefile.in
diff -u /dev/null pkgsrc/security/sudo/patches/patch-Makefile.in:1.1
--- /dev/null Tue Aug 14 13:18:38 2018
+++ pkgsrc/security/sudo/patches/patch-Makefile.in Tue Aug 14 13:18:38 2018
@@ -0,0 +1,25 @@
+$NetBSD: patch-Makefile.in,v 1.1 2018/08/14 13:18:38 adam Exp $
+
+Don't setuid here.
+
+--- Makefile.in.orig 2015-10-31 23:35:07.000000000 +0000
++++ Makefile.in
+@@ -63,7 +63,8 @@ SHELL = @SHELL@
+ SED = @SED@
+
+ INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
+-INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
++#INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
++INSTALL_OWNER =
+
+ ECHO_N = @ECHO_N@
+ ECHO_C = @ECHO_C@
+@@ -129,7 +130,7 @@ install-doc: config.status ChangeLog
+ exit $$?; \
+ done
+
+-install: config.status ChangeLog pre-install install-nls
++install: config.status ChangeLog install-nls
+ for d in $(SUBDIRS); do \
+ (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \
+ exit $$?; \
Index: pkgsrc/security/sudo/patches/patch-configure
diff -u /dev/null pkgsrc/security/sudo/patches/patch-configure:1.1
--- /dev/null Tue Aug 14 13:18:38 2018
+++ pkgsrc/security/sudo/patches/patch-configure Tue Aug 14 13:18:38 2018
@@ -0,0 +1,132 @@
+$NetBSD: patch-configure,v 1.1 2018/08/14 13:18:38 adam Exp $
+
+* Add "--with-nbsdops" option, NetBSD standard options.
+* Link with util(3) in the case of DragonFly, too.
+* When specified "--with-kerb5" option, test existence of several functions
+ even if there is krb5-config. krb5-config dosen't give all definitions for
+ functions (HAVE_KRB5_*).
+* Remove setting sysconfdir to "/etc".
+
+--- configure.orig 2017-05-29 20:33:06.000000000 +0000
++++ configure
+@@ -865,6 +865,7 @@ with_libpath
+ with_libraries
+ with_efence
+ with_csops
++with_nbsdops
+ with_passwd
+ with_skey
+ with_opie
+@@ -1571,7 +1572,7 @@ Fine tuning of the installation director
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+- --sysconfdir=DIR read-only single-machine data [/etc]
++ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+@@ -1674,6 +1675,7 @@ Optional Packages:
+ --with-libraries additional libraries to link with
+ --with-efence link with -lefence for malloc() debugging
+ --with-csops add CSOps standard options
++ --with-nbsdops add NetBSD standard opt ions
+ --without-passwd don't use passwd/shadow file for authentication
+ --with-skey[=DIR] enable S/Key support
+ --with-opie[=DIR] enable OPIE support
+@@ -4746,6 +4748,23 @@ fi
+
+
+
++# Check whether --with-nbsdops was given.
++if test "${with_nbsdops+set}" = set; then :
++ withval=$with_nbsdops; case $with_nbsdops in
++ yes) echo 'Adding NetBSD standard options'
++ CHECKSIA=false
++ with_ignore_dot=yes
++ with_env_editor=yes
++ with_tty_tickets=yes
++ ;;
++ no) ;;
++ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
++ ;;
++esac
++fi
++
++
++
+ # Check whether --with-passwd was given.
+ if test "${with_passwd+set}" = set; then :
+ withval=$with_passwd; case $with_passwd in
+@@ -15770,7 +15789,7 @@ fi
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+- *-*-linux*|*-*-k*bsd*-gnu)
++ *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
+ shadow_funcs="getspnam"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
+@@ -17995,7 +18014,7 @@ if test "x$ac_cv_header_login_cap_h" = x
+ _ACEOF
+ LOGINCAP_USAGE='[-c class] '; LCMAN=1
+ case "$OS" in
+- freebsd|netbsd)
++ dragonfly*|freebsd|netbsd)
+ SUDO_LIBS="${SUDO_LIBS} -lutil"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
+ ;;
+@@ -22483,10 +22502,9 @@ if test ${with_pam-"no"} != "no"; then
+ # Check for pam_start() in libpam first, then for pam_appl.h.
+ #
+ found_pam_lib=no
+- as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh`
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
+ $as_echo_n "checking for pam_start in -lpam... " >&6; }
+-if eval \${$as_ac_Lib+:} false; then :
++if ${ac_cv_lib_pam_pam_start+:} false; then :
+ $as_echo_n "(cached) " >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -22510,18 +22528,17 @@ return pam_start ();
+ }
+ _ACEOF
+ if ac_fn_c_try_link "$LINENO"; then :
+- eval "$as_ac_Lib=yes"
++ ac_cv_lib_pam_pam_start=yes
+ else
+- eval "$as_ac_Lib=no"
++ ac_cv_lib_pam_pam_start=no
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-eval ac_res=\$$as_ac_Lib
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+-$as_echo "$ac_res" >&6; }
+-if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5
++$as_echo "$ac_cv_lib_pam_pam_start" >&6; }
++if test "x$ac_cv_lib_pam_pam_start" = xyes; then :
+ found_pam_lib=yes
+ fi
+
+@@ -23256,6 +23273,8 @@ fi
+ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ AUTH_OBJS="$AUTH_OBJS kerb5.lo"
+ fi
++fi
++if test ${with_kerb5-'no'} != "no"; then
+ _LIBS="$LIBS"
+ LIBS="${LIBS} ${SUDOERS_LIBS}"
+ for ac_func in krb5_verify_user krb5_init_secure_context
+@@ -26426,7 +26445,6 @@ test "$datarootdir" = '${prefix}/share'
+ test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
+ test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
+ test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
+-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+
+ if test X"$INIT_SCRIPT" != X""; then
+ ac_config_files="$ac_config_files init.d/$INIT_SCRIPT"
Index: pkgsrc/security/sudo/patches/patch-plugins_sudoers_starttime.c
diff -u /dev/null pkgsrc/security/sudo/patches/patch-plugins_sudoers_starttime.c:1.1
--- /dev/null Tue Aug 14 13:18:38 2018
+++ pkgsrc/security/sudo/patches/patch-plugins_sudoers_starttime.c Tue Aug 14 13:18:38 2018
@@ -0,0 +1,15 @@
+$NetBSD: patch-plugins_sudoers_starttime.c,v 1.1 2018/08/14 13:18:38 adam Exp $
+
+Fix typo.
+
+--- plugins/sudoers/starttime.c.orig 2018-08-14 13:09:35.389271668 +0000
++++ plugins/sudoers/starttime.c
+@@ -24,7 +24,7 @@
+
+ #include <sys/types.h>
+ #include <sys/stat.h>
+-#if defined(HAVE_KINFO_PROC_44BSD) || defined (HAVE_KINFO_PROC_OPENBSD) || defined(HAVE_KINFO_PROC2_NETBSD2)
++#if defined(HAVE_KINFO_PROC_44BSD) || defined (HAVE_KINFO_PROC_OPENBSD) || defined(HAVE_KINFO_PROC2_NETBSD)
+ # include <sys/sysctl.h>
+ #elif defined(HAVE_KINFO_PROC_FREEBSD)
+ # include <sys/sysctl.h>
Home |
Main Index |
Thread Index |
Old Index