[pkgsrc/trunk]: pkgsrc Update security/sudo to 1.6.8 and convert to use bsd.o...

[xtraeme <xtraeme%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9b225b432bc5
branches:  trunk
changeset: 479844:9b225b432bc5
user:      xtraeme <xtraeme%pkgsrc.org@localhost>
date:      Mon Aug 23 21:15:17 2004 +0000

description:
Update security/sudo to 1.6.8 and convert to use bsd.options.mk, which
adds two new options, ldap and pam.

Changes:

 * Sudo now supports storing sudoers info in LDAP (optionally using TLS).
 * There is a new -e option to edit files the with uid of the invoking
   user. This makes it possible to give users to ability to safely edit
   files without the possibility of editing other files or running commands
   as the target user. If sudo is run as "sudoedit" the -e flag is implied.
 * A new tag, NOEXEC, will prevent a dynamically-linked program being run
   by sudo from executing another program (think shell escapes). Because
   this uses LD_PRELOAD it has no effect on static binaries.
 * A uid specified in sudoers now matches the user specified by the -u flag
   even if the -u flag specified a name, not a uid.
 * Added a -i option to simulate an initial login similar to "su -".
 * If sudo is used to run as root shell, further sudo commands will be logged
   as run by the user specified by the SUDO_USER environment variable. In -e
   mode (sudoedit), SUDO_USER is used to determine what user to run the editor
   when the real uid is 0.
 * The sudoers file is now parsed as the runas user in all cases instead of
   root. This fixes some issues with running NFS-mounted commands.
 * If the target user == invoking user a password is no longer required.
 * Sudo now produces a sensible error message when the targetpw Defaults option
   is set and a non-existent uid is specified via the -u option.
 * A negated user/uid in a runas list is now treated the same as a negated
   command and overrides a previously allowed entry.
 * PAM support now uses Use pam_acct_mgmt() to check for disabled accounts.
 * Added a check in visudo for runas_default being used before it was set.
 * Fixed several issues when closing all open descriptors. Sudo now uses
   closefrom() if it exists, otherwise it uses /proc/$$/fd if that exists
   with a fallback of closing all possible descriptors.
 * Quoting globbing characters with a backslash now works as documented.
 * Fixed a problem on FreeBSD (and perhaps others) when the user is only
   listed in NIS (not master.passwd) and netgroups are used in the
   master.passwd file.
 * The username in a log entry is no longer truncated at 8 characters.
 * Added a "sudo_lecture" option that can point to a file containing a
   custom lecture.
 * The timeout for password reading is now done via alarm(), not select().
 * /tmp/.odus is no longer used for timestamps by default.
 * Sudo now works on the nsr-tandem-nsk platform.
 * Fixed the --with-stow configure option.
 * TIS fwtk authentication now supports fwtk 2.0 and higher.
 * Added Stan Lee / Uncle Ben quote to the lecture from RedHat.
 * Added the --with-pc-insults configure to replace politically incorrect
   insults with other ones.

diffstat:

 doc/CHANGES                    |   3 ++-
 security/sudo/Makefile         |  20 +++++---------------
 security/sudo/PLIST.common     |   5 +++--
 security/sudo/distinfo         |   9 ++++-----
 security/sudo/options.mk       |  24 ++++++++++++++++++++++++
 security/sudo/patches/patch-aa |  16 ++++++++--------
 security/sudo/patches/patch-ab |  13 -------------
 7 files changed, 46 insertions(+), 44 deletions(-)

diffs (169 lines):

diff -r ef0d15c76f2d -r 9b225b432bc5 doc/CHANGES
--- a/doc/CHANGES       Mon Aug 23 21:14:32 2004 +0000
+++ b/doc/CHANGES       Mon Aug 23 21:15:17 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.6982 2004/08/23 15:18:20 tv Exp $
+$NetBSD: CHANGES,v 1.6983 2004/08/23 21:15:17 xtraeme Exp $
 
 Changes to the packages collection and infrastructure in 2004:
 
@@ -4030,3 +4030,4 @@
        Added kkbswitch-1.4.1 [markd 2004-08-23]
        Removed guavac [tv 2004-08-23]
        Updated fidogate to 4.4.9nb1 [tv 2004-08-23]
+       Updated sudo to 1.6.8 [xtraeme 2004-08-23]
diff -r ef0d15c76f2d -r 9b225b432bc5 security/sudo/Makefile
--- a/security/sudo/Makefile    Mon Aug 23 21:14:32 2004 +0000
+++ b/security/sudo/Makefile    Mon Aug 23 21:15:17 2004 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.65 2004/08/22 19:32:52 jlam Exp $
+# $NetBSD: Makefile,v 1.66 2004/08/23 21:15:17 xtraeme Exp $
 #
 
-DISTNAME=              sudo-1.6.7p5
-PKGNAME=               ${DISTNAME:S/p/./}
+DISTNAME=              sudo-1.6.8
 CATEGORIES=            security
 MASTER_SITES=          http://www.courtesan.com/sudo/dist/ \
                        ftp://ftp.courtesan.com/pub/sudo/ \
@@ -18,6 +17,7 @@
 PKG_INSTALLATION_TYPES=        overwrite pkgviews
 
 USE_BUILDLINK3=                yes
+USE_LIBTOOL=           yes
 USE_PKGINSTALL=                yes
 GNU_CONFIGURE=         yes
 
@@ -32,17 +32,7 @@
 CONFIGURE_ARGS+=       --without-skey
 .endif
 
-PKG_OPTIONS_VAR=       PKG_OPTIONS.sudo
-PKG_SUPPORTED_OPTIONS= kerberos
-.include "../../mk/bsd.options.mk"
-
-.if !empty(PKG_OPTIONS:Mkerberos)
-.  include "../../mk/krb5.buildlink3.mk"
-CONFIGURE_ARGS+=       --without-kerb4
-CONFIGURE_ARGS+=       --with-kerb5
-.else
-CONFIGURE_ARGS+=       --without-kerb5
-.endif
+.include "options.mk"
 
 CONFIGURE_ARGS+=       --with-nbsdops --disable-path-info
 
@@ -55,6 +45,6 @@
        ${INSTALL_DATA} ${WRKSRC}/UPGRADE ${DOCDIR}
        ${INSTALL_DATA_DIR} ${EGDIR}
        ${INSTALL_DATA} ${WRKSRC}/sudoers ${EGDIR}/sudoers
-       ${INSTALL_DATA} ${WRKSRC}/sample.sudoers ${EGDIR}/sudoers.sample
+       ${INSTALL_DATA} ${WRKSRC}/README* ${DOCDIR}
 
 .include "../../mk/bsd.pkg.mk"
diff -r ef0d15c76f2d -r 9b225b432bc5 security/sudo/PLIST.common
--- a/security/sudo/PLIST.common        Mon Aug 23 21:14:32 2004 +0000
+++ b/security/sudo/PLIST.common        Mon Aug 23 21:15:17 2004 +0000
@@ -1,8 +1,9 @@
-@comment $NetBSD: PLIST.common,v 1.1 2001/11/01 01:23:01 zuntum Exp $
+@comment $NetBSD: PLIST.common,v 1.2 2004/08/23 21:15:17 xtraeme Exp $
 bin/sudo
 sbin/visudo
+share/doc/sudo/README
+share/doc/sudo/README.LDAP
 share/doc/sudo/UPGRADE
 share/examples/sudo/sudoers
-share/examples/sudo/sudoers.sample
 @dirrm share/examples/sudo
 @dirrm share/doc/sudo
diff -r ef0d15c76f2d -r 9b225b432bc5 security/sudo/distinfo
--- a/security/sudo/distinfo    Mon Aug 23 21:14:32 2004 +0000
+++ b/security/sudo/distinfo    Mon Aug 23 21:15:17 2004 +0000
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.20 2004/05/19 19:26:38 kim Exp $
+$NetBSD: distinfo,v 1.21 2004/08/23 21:15:17 xtraeme Exp $
 
-SHA1 (sudo-1.6.7p5.tar.gz) = 6814bd874c5d42781757b5cbab1961c05cc26c8f
-Size (sudo-1.6.7p5.tar.gz) = 349785 bytes
-SHA1 (patch-aa) = 23c35edd2aad78cc94881a8b03e2ade66dc7c993
-SHA1 (patch-ab) = f2c3a6a10568a6bd394504360a1f53f2fcfc5123
+SHA1 (sudo-1.6.8.tar.gz) = 3f761fd7457ad0efb3f8efa68495ac95c825ca81
+Size (sudo-1.6.8.tar.gz) = 577564 bytes
+SHA1 (patch-aa) = 464d92a06528fd7af2bc6a1b768b8a097900204a
 SHA1 (patch-af) = a28c974dc854ca21cf2da8addbe98eac13c612a2
 SHA1 (patch-ag) = 3703932e134ae90281179d0a4ae4760fa420264b
diff -r ef0d15c76f2d -r 9b225b432bc5 security/sudo/options.mk
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sudo/options.mk  Mon Aug 23 21:15:17 2004 +0000
@@ -0,0 +1,24 @@
+# $NetBSD: options.mk,v 1.1 2004/08/23 21:15:17 xtraeme Exp $
+#
+
+PKG_OPTIONS_VAR=       PKG_OPTIONS.sudo
+PKG_SUPPORTED_OPTIONS= kerberos ldap pam
+.include "../../mk/bsd.options.mk"
+
+.if !empty(PKG_OPTIONS:Mkerberos)
+.  include "../../mk/krb5.buildlink3.mk"
+CONFIGURE_ARGS+=       --without-kerb4
+CONFIGURE_ARGS+=       --with-kerb5
+.else
+CONFIGURE_ARGS+=       --without-kerb5
+.endif
+
+.if !empty(PKG_OPTIONS:Mldap)
+.  include "../../databases/openldap/buildlink3.mk"
+CONFIGURE_ARGS+=       --with-ldap=${BUILDLINK_PREFIX.openldap}
+.endif
+
+.if !empty(PKG_OPTIONS:Mpam)
+.  include "../../security/PAM/buildlink3.mk"
+CONFIGURE_ARGS+=       --with-pam
+.endif
diff -r ef0d15c76f2d -r 9b225b432bc5 security/sudo/patches/patch-aa
--- a/security/sudo/patches/patch-aa    Mon Aug 23 21:14:32 2004 +0000
+++ b/security/sudo/patches/patch-aa    Mon Aug 23 21:15:17 2004 +0000
@@ -1,18 +1,18 @@
-$NetBSD: patch-aa,v 1.10 2003/05/03 18:27:46 jmmv Exp $
+$NetBSD: patch-aa,v 1.11 2004/08/23 21:15:17 xtraeme Exp $
 
---- Makefile.in.orig   2003-04-16 02:39:10.000000000 +0200
-+++ Makefile.in
-@@ -294,11 +294,11 @@ sudoers.man:: sudoers.man.in
+--- Makefile.in.orig   2004-08-23 22:47:51.000000000 +0200
++++ Makefile.in        2004-08-23 22:48:20.000000000 +0200
+@@ -292,11 +292,11 @@
  
  sudoers.cat: sudoers.man
  
--install: install-dirs install-binaries install-sudoers install-man
-+install: install-dirs install-binaries install-man
+-install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man
++install: install-dirs install-binaries @INSTALL_NOEXEC@ install-man
  
  install-dirs:
        $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \
 -          $(DESTDIR)$(visudodir) $(DESTDIR)$(sudoersdir) \
 +          $(DESTDIR)$(visudodir) \
-           $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform)
+           $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \
+           $(DESTDIR)$(noexecdir)
  
- install-binaries: $(PROGS)
diff -r ef0d15c76f2d -r 9b225b432bc5 security/sudo/patches/patch-ab
--- a/security/sudo/patches/patch-ab    Mon Aug 23 21:14:32 2004 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ab,v 1.9 2004/03/22 08:45:56 jlam Exp $
-
---- auth/kerb5.c.orig  Mon Apr 21 17:19:15 2003
-+++ auth/kerb5.c       Mon Mar 22 03:34:44 2004
-@@ -88,7 +88,7 @@
- } sudo_krb5_data = { NULL, NULL, NULL };
- typedef struct _sudo_krb5_data *sudo_krb5_datap;
- 
--extern krb5_cc_ops krb5_mcc_ops;
-+extern const krb5_cc_ops krb5_mcc_ops;
- 
- int
- kerb5_init(pw, promptp, auth)