pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/sudo Update sudo package to 1.7.9p1.
details: https://anonhg.NetBSD.org/pkgsrc/rev/421bbf292fa1
branches: trunk
changeset: 603900:421bbf292fa1
user: taca <taca%pkgsrc.org@localhost>
date: Wed May 16 14:49:55 2012 +0000
description:
Update sudo package to 1.7.9p1.
Fix seuciry problem of CVE-2012-2337.
What's new in Sudo 1.7.9p1?
* Fixed a bug when matching against an IP address with an associated
netmask in the sudoers file. In certain circumstances, this
could allow users to run commands on hosts they are not authorized
for.
What's new in Sudo 1.7.9?
* Fixed a false positive in visudo strict mode when aliases are
in use.
* The line on which a syntax error is reported in the sudoers file
is now more accurate. Previously it was often off by a line.
* The #include and #includedir directives in sudoers now support
relative paths. If the path is not fully qualified it is expected
to be located in the same directory of the sudoers file that is
including it.
* visudo will now fix the mode on the sudoers file even if no changes
are made unless the -f option is specified.
* The "use_loginclass" sudoers option works properly again.
* For LDAP-based sudoers, values in the search expression are now
escaped as per RFC 4515.
* Fixed a race condition when I/O logging is not enabled that could
result in tty-generated signals (e.g. control-C) being received
by the command twice.
* If none of the standard input, output or error are connected to
a tty device, sudo will now check its parent's standard input,
output or error for the tty name on systems with /proc and BSD
systems that support the KERN_PROC_PID sysctl. This allows
tty-based tickets to work properly even when, e.g. standard
input, output and error are redirected to /dev/null.
* Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
the results, which would be incorrectly be interpreted as if the
sudoers file had specified a directory.
* "visudo -c" will now list any include files that were checked
in addition to the main sudoers file when everything parses OK.
* Users that only have read-only access to the sudoers file may
now run "visudo -c". Previously, write permissions were required
even though no writing is down in check-only mode.
What's new in Sudo 1.7.8p2?
* Fixed a crash in the monitor process on Solaris when NOPASSWD
was specified or when authentication was disabled.
diffstat:
security/sudo/Makefile | 5 ++---
security/sudo/distinfo | 10 +++++-----
security/sudo/patches/patch-aa | 38 ++++++++++++++++++++------------------
3 files changed, 27 insertions(+), 26 deletions(-)
diffs (117 lines):
diff -r 84960b536aa5 -r 421bbf292fa1 security/sudo/Makefile
--- a/security/sudo/Makefile Wed May 16 14:38:05 2012 +0000
+++ b/security/sudo/Makefile Wed May 16 14:49:55 2012 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.135 2012/05/03 08:31:05 martin Exp $
+# $NetBSD: Makefile,v 1.136 2012/05/16 14:49:55 taca Exp $
#
-DISTNAME= sudo-1.7.8p1
-PKGREVISION= 2
+DISTNAME= sudo-1.7.9p1
CATEGORIES= security
MASTER_SITES= http://www.sudo.ws/dist/ \
ftp://ftp.sudo.ws/pub/sudo/ \
diff -r 84960b536aa5 -r 421bbf292fa1 security/sudo/distinfo
--- a/security/sudo/distinfo Wed May 16 14:38:05 2012 +0000
+++ b/security/sudo/distinfo Wed May 16 14:49:55 2012 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.77 2012/05/10 09:44:58 martin Exp $
+$NetBSD: distinfo,v 1.78 2012/05/16 14:49:55 taca Exp $
-SHA1 (sudo-1.7.8p1.tar.gz) = e5d9016b7d3a4449b724483fe165dc13198ce44c
-RMD160 (sudo-1.7.8p1.tar.gz) = a89e0c2d709cc8d8cbe4360f3e08d7459bca0a4c
-Size (sudo-1.7.8p1.tar.gz) = 1157350 bytes
-SHA1 (patch-aa) = 70aa1a1da2d0cd9c8c8d9cbeab747b85028511f7
+SHA1 (sudo-1.7.9p1.tar.gz) = cbca68bae8b85e8518690d78685ca67d0696ce15
+RMD160 (sudo-1.7.9p1.tar.gz) = 1ec37d34bad3ab3a27ec123da81d33e2ac3deb72
+Size (sudo-1.7.9p1.tar.gz) = 1173934 bytes
+SHA1 (patch-aa) = 014a8a634abb3c61f63e3e127a4ebf20f5a0e4bf
SHA1 (patch-af) = 0dce4ebbc82ab644565f71e8f472c407ddbaabf5
SHA1 (patch-ag) = fe8409164b61bdb229ca81d391de96898436ea0b
SHA1 (patch-logging.c) = 26608d7423b77f71f17b37cc87f4b2e75978d7cb
diff -r 84960b536aa5 -r 421bbf292fa1 security/sudo/patches/patch-aa
--- a/security/sudo/patches/patch-aa Wed May 16 14:38:05 2012 +0000
+++ b/security/sudo/patches/patch-aa Wed May 16 14:49:55 2012 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-aa,v 1.28 2011/09/18 14:18:25 ryoon Exp $
+$NetBSD: patch-aa,v 1.29 2012/05/16 14:49:56 taca Exp $
* Fix libtools's link option.
* Prevent to install sudoers files and directory.
* Use standard instal(8) option instead of shell wrapper.
* Don't setuid here.
---- Makefile.in.orig 2011-08-13 17:29:18 +0000
+--- Makefile.in.orig 2012-02-10 17:52:13.000000000 +0000
+++ Makefile.in
@@ -222,7 +222,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
@@ -16,7 +16,7 @@
# Uncomment the following if you want "make distclean" to clean the parser
@DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate
-@@ -543,43 +543,43 @@ pre-install:
+@@ -545,44 +545,44 @@ pre-install:
./visudo -c -f $(DESTDIR)$(sudoersdir)/sudoers; \
fi
@@ -27,9 +27,11 @@
$(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \
$(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir) \
- $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \
-+ $(DESTDIR)$(docdir) \
- $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform)
- $(SHELL) $(srcdir)/mkinstalldirs -m 0700 $(DESTDIR)$(timedir)
++ $(DESTDIR)$(sudoersdir) \
+ $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \
+ `echo $(DESTDIR)$(timedir)|sed 's,/[^/]*$$,,'`
+- $(INSTALL) -d -O $(install_uid) -G $(install_gid) -m 0700 $(DESTDIR)$(timedir)
++ $(INSTALL) -d -m 0700 $(DESTDIR)$(timedir)
install-binaries: install-dirs $(PROGS)
- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo
@@ -44,31 +46,31 @@
+ if [ -f sesh ]; then $(INSTALL) sesh $(DESTDIR)$(libexecdir)/sesh; fi
install-noexec: install-dirs libsudo_noexec.la
-- if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
+- if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
+ if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
install-sudoers: install-dirs
-- $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \
-+ $(INSTALL) -d -o $(sudoers_uid) -g $(sudoers_gid) -m 0750 \
+- $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -m 0750 \
++ $(INSTALL) -d -m 0750 \
$(DESTDIR)$(sudoersdir)/sudoers.d
test -f $(DESTDIR)$(sudoersdir)/sudoers || \
-- $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
-+ $(INSTALL) -o $(sudoers_uid) -g $(sudoers_gid) -m $(sudoers_mode) \
+- $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -m $(sudoers_mode) \
++ $(INSTALL) -m $(sudoers_mode) \
sudoers $(DESTDIR)$(sudoersdir)/sudoers
install-doc: install-dirs ChangeLog
-- (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
-- @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
-- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
+- (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done)
+- @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done)
+- $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
+ (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -m 0444 $$f $(DESTDIR)$(docdir); done)
+ @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -m 0444 $$f $(DESTDIR)$(docdir); done)
+ $(INSTALL) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
@rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
-- @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
-- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
-- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
-- @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
+- @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
+- $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
+- $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
+- @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
+ @REPLAY@$(INSTALL) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
+ $(INSTALL) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
+ $(INSTALL) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
Home |
Main Index |
Thread Index |
Old Index