pkgsrc-changes: CVS commit: pkgsrc

Subject: CVS commit: pkgsrc
To: None <pkgsrc-changes@NetBSD.org>
From: Juan Romero Pardines <xtraeme@netbsd.org>
List: pkgsrc-changes
Date: 08/23/2004 21:15:17
Module Name:	pkgsrc
Committed By:	xtraeme
Date:		Mon Aug 23 21:15:17 UTC 2004

Modified Files:
	pkgsrc/doc: CHANGES
	pkgsrc/security/sudo: Makefile PLIST.common distinfo
	pkgsrc/security/sudo/patches: patch-aa
Added Files:
	pkgsrc/security/sudo: options.mk
Removed Files:
	pkgsrc/security/sudo/patches: patch-ab

Log Message:
Update security/sudo to 1.6.8 and convert to use bsd.options.mk, which
adds two new options, ldap and pam.

Changes:

 * Sudo now supports storing sudoers info in LDAP (optionally using TLS).
 * There is a new -e option to edit files the with uid of the invoking
   user. This makes it possible to give users to ability to safely edit
   files without the possibility of editing other files or running commands
   as the target user. If sudo is run as "sudoedit" the -e flag is implied.
 * A new tag, NOEXEC, will prevent a dynamically-linked program being run
   by sudo from executing another program (think shell escapes). Because
   this uses LD_PRELOAD it has no effect on static binaries.
 * A uid specified in sudoers now matches the user specified by the -u flag
   even if the -u flag specified a name, not a uid.
 * Added a -i option to simulate an initial login similar to "su -".
 * If sudo is used to run as root shell, further sudo commands will be logged
   as run by the user specified by the SUDO_USER environment variable. In -e
   mode (sudoedit), SUDO_USER is used to determine what user to run the editor
   when the real uid is 0.
 * The sudoers file is now parsed as the runas user in all cases instead of
   root. This fixes some issues with running NFS-mounted commands.
 * If the target user == invoking user a password is no longer required.
 * Sudo now produces a sensible error message when the targetpw Defaults option
   is set and a non-existent uid is specified via the -u option.
 * A negated user/uid in a runas list is now treated the same as a negated
   command and overrides a previously allowed entry.
 * PAM support now uses Use pam_acct_mgmt() to check for disabled accounts.
 * Added a check in visudo for runas_default being used before it was set.
 * Fixed several issues when closing all open descriptors. Sudo now uses
   closefrom() if it exists, otherwise it uses /proc/$$/fd if that exists
   with a fallback of closing all possible descriptors.
 * Quoting globbing characters with a backslash now works as documented.
 * Fixed a problem on FreeBSD (and perhaps others) when the user is only
   listed in NIS (not master.passwd) and netgroups are used in the
   master.passwd file.
 * The username in a log entry is no longer truncated at 8 characters.
 * Added a "sudo_lecture" option that can point to a file containing a
   custom lecture.
 * The timeout for password reading is now done via alarm(), not select().
 * /tmp/.odus is no longer used for timestamps by default.
 * Sudo now works on the nsr-tandem-nsk platform.
 * Fixed the --with-stow configure option.
 * TIS fwtk authentication now supports fwtk 2.0 and higher.
 * Added Stan Lee / Uncle Ben quote to the lecture from RedHat.
 * Added the --with-pc-insults configure to replace politically incorrect
   insults with other ones.


To generate a diff of this commit:
cvs rdiff -r1.6982 -r1.6983 pkgsrc/doc/CHANGES
cvs rdiff -r1.65 -r1.66 pkgsrc/security/sudo/Makefile
cvs rdiff -r1.1 -r1.2 pkgsrc/security/sudo/PLIST.common
cvs rdiff -r1.20 -r1.21 pkgsrc/security/sudo/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/security/sudo/options.mk
cvs rdiff -r1.10 -r1.11 pkgsrc/security/sudo/patches/patch-aa
cvs rdiff -r1.9 -r0 pkgsrc/security/sudo/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.