pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/sudo sudo: updated to 1.8.23
details: https://anonhg.NetBSD.org/pkgsrc/rev/b823f1e8863a
branches: trunk
changeset: 383938:b823f1e8863a
user: adam <adam%pkgsrc.org@localhost>
date: Tue Aug 14 13:18:37 2018 +0000
description:
sudo: updated to 1.8.23
Sudo 1.8.23
* PAM account management modules and BSD auto approval modules are
now run even when no password is required.
* For kernel-based time stamps, if no terminal is present, fall
back to parent-pid style time stamps.
* The new cvtsudoers utility replaces both the "sudoers2ldif" script
and the "visudo -x" functionality. It can read a file in either
sudoers or LDIF format and produce JSON, LDIF or sudoers output.
It is also possible to filter the generated output file by user,
group or host name.
* The file, ldap and sss sudoers backends now share a common set
of formatting functions for "sudo -l" output, which is also used
by the cvtsudoers utility.
* The /run directory is now used in preference to /var/run if it
exists.
* More accurate descriptions of the --with-rundir and --with-vardir
configure options.
* The setpassent() and setgroupent() functions are now used on systems
that support them to keep the passwd and group database open.
Sudo performs a lot of passwd and group lookups so it can be
beneficial to avoid opening and closing the files each time.
* The new case_insensitive_user and case_insensitive_group sudoers
options can be used to control whether sudo does case-sensitive
matching of users and groups in sudoers. Case insensitive
matching is now the default.
* Fixed a bug on some systems where sudo could hang on command
exit when I/O logging was enabled.
* Fixed the build-time process start time test on Linux when the
test is run from within a container.
* When determining which temporary directory to use, sudoedit now
checks the directory for writability before using it. Previously,
sudoedit only performed an existence check.
* Sudo now includes an optional set of Monty Python-inspired insults.
* Fixed the execution of scripts with an associated digest (checksum)
in sudoers on FreeBSD systems. FreeBSD does not have a proper
/dev/fd directory mounted by default and its fexecve(2) is not
fully POSIX compliant when executing scripts.
* Chinese (Taiwan) translation for sudo from translationproject.org.
diffstat:
security/sudo/Makefile | 10 +-
security/sudo/PLIST | 5 +-
security/sudo/distinfo | 16 +-
security/sudo/options.mk | 4 +-
security/sudo/patches/patch-Makefile.in | 25 +++
security/sudo/patches/patch-aa | 25 ---
security/sudo/patches/patch-af | 68 --------
security/sudo/patches/patch-ag | 132 ----------------
security/sudo/patches/patch-configure | 132 ++++++++++++++++
security/sudo/patches/patch-plugins_sudoers_starttime.c | 15 +
10 files changed, 190 insertions(+), 242 deletions(-)
diffs (truncated from 531 to 300 lines):
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/Makefile
--- a/security/sudo/Makefile Tue Aug 14 13:08:57 2018 +0000
+++ b/security/sudo/Makefile Tue Aug 14 13:18:37 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.160 2018/05/02 21:21:10 wiz Exp $
+# $NetBSD: Makefile,v 1.161 2018/08/14 13:18:37 adam Exp $
-DISTNAME= sudo-1.8.22
-PKGREVISION= 1
+DISTNAME= sudo-1.8.23
CATEGORIES= security
MASTER_SITES= https://www.sudo.ws/dist/
MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
@@ -29,9 +28,11 @@
CONFIGURE_ENV+= NROFFPROG=${CAT:Q}
CONFIGURE_ENV+= mansectsu=8
CONFIGURE_ENV+= mansectform=5
+TEST_TARGET= check
.include "../../mk/bsd.prefs.mk"
+PLIST_VARS+= noexec
.if ${OPSYS} == "Darwin"
CONFIGURE_ARGS+= --with-noexec=no
CONFIGURE_ENV+= ax_cv_check_cflags___static_libgcc=no
@@ -46,13 +47,10 @@
CFLAGS+= -D_INCOMPLETE_XOPEN_C063=1
.endif
-TEST_TARGET= check
-
.include "options.mk"
OWN_DIRS+= ${VARBASE}/run
BUILD_DEFS+= VARBASE
-PLIST_VARS+= ldap nls noexec
DOCDIR= share/doc/${PKGBASE}
EGDIR= share/examples/${PKGBASE}
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/PLIST
--- a/security/sudo/PLIST Tue Aug 14 13:08:57 2018 +0000
+++ b/security/sudo/PLIST Tue Aug 14 13:18:37 2018 +0000
@@ -1,4 +1,5 @@
-@comment $NetBSD: PLIST,v 1.12 2018/05/02 07:33:13 triaxx Exp $
+@comment $NetBSD: PLIST,v 1.13 2018/08/14 13:18:37 adam Exp $
+bin/cvtsudoers
bin/sudo
bin/sudoedit
bin/sudoreplay
@@ -8,6 +9,7 @@
${PLIST.noexec}lib/sudo/sudo_noexec.la
lib/sudo/sudoers.la
lib/sudo/system_group.la
+man/man1/cvtsudoers.1
man/man5/sudo.conf.5
man/man5/sudoers.5
${PLIST.ldap}man/man5/sudoers.ldap.5
@@ -30,7 +32,6 @@
${PLIST.ldap}share/doc/sudo/schema.ActiveDirectory
${PLIST.ldap}share/doc/sudo/schema.OpenLDAP
${PLIST.ldap}share/doc/sudo/schema.iPlanet
-${PLIST.ldap}share/doc/sudo/sudoers2ldif
share/examples/sudo/pam.conf
share/examples/sudo/sudo.conf
share/examples/sudo/sudoers
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/distinfo
--- a/security/sudo/distinfo Tue Aug 14 13:08:57 2018 +0000
+++ b/security/sudo/distinfo Tue Aug 14 13:18:37 2018 +0000
@@ -1,15 +1,15 @@
-$NetBSD: distinfo,v 1.95 2018/03/07 09:17:06 adam Exp $
+$NetBSD: distinfo,v 1.96 2018/08/14 13:18:37 adam Exp $
-SHA1 (sudo-1.8.22.tar.gz) = 44f0588f17392b62af53cf314239bf37c567a9c4
-RMD160 (sudo-1.8.22.tar.gz) = e9ddbd31a2d9669691f71ce8fd9aec675af9107f
-SHA512 (sudo-1.8.22.tar.gz) = 5ce10a9302d25bb726e347499d26a0b3697446cfcdf0fd9094ee35198db7b023d5250a53fdcb4184d1a09f5fd2a78fc645bc8e80f265666b05a91f62f49b0695
-Size (sudo-1.8.22.tar.gz) = 3029051 bytes
-SHA1 (patch-aa) = 63c89e6d4e530ab92b7452f4025fbbf2a45dad65
-SHA1 (patch-af) = db54ce780c174129e2a25a87f3e3a926596c68b2
-SHA1 (patch-ag) = 460b9575346c263b944535aa8e2408e959840c77
+SHA1 (sudo-1.8.23.tar.gz) = 8db5a01eda3a14e8b40af7ee1ed6d38660463430
+RMD160 (sudo-1.8.23.tar.gz) = f24c9115cc6601cc94d78842e8d7c15d2039f19a
+SHA512 (sudo-1.8.23.tar.gz) = a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342
+Size (sudo-1.8.23.tar.gz) = 3150674 bytes
+SHA1 (patch-Makefile.in) = 279c7ad0f7f85ea7bc2d4beb5aa21abdf6237a7c
+SHA1 (patch-configure) = 460b9575346c263b944535aa8e2408e959840c77
SHA1 (patch-include_sudo__compat.h) = 4f9b021ebdd507949f13e289deabdb6090ab334c
SHA1 (patch-include_sudo__event.h) = 4d0787a45c2c7d4a7d3ae3111ccb3a4a4b84d083
SHA1 (patch-plugins_sudoers_Makefile.in) = d8612ac7bf2f5a892d9720c4df91810ca807f4ed
SHA1 (patch-plugins_sudoers_logging.c) = 700ac9540a82bea4f3106cea941b785e5bd31203
+SHA1 (patch-plugins_sudoers_starttime.c) = ab051d327a2b01736ab9ceefe7e6f03e0e2f1ee6
SHA1 (patch-src_Makefile.in) = cc6398a810dc394d8e4b50f2b2412cda839c0ca9
SHA1 (patch-src_sudo__edit.c) = ef411520ccefbd36bb4adf3329e6144e54647372
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/options.mk
--- a/security/sudo/options.mk Tue Aug 14 13:08:57 2018 +0000
+++ b/security/sudo/options.mk Tue Aug 14 13:18:37 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.21 2018/03/07 09:17:06 adam Exp $
+# $NetBSD: options.mk,v 1.22 2018/08/14 13:18:37 adam Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.sudo
PKG_SUPPORTED_OPTIONS= ldap nls
@@ -13,6 +13,8 @@
.include "../../mk/bsd.options.mk"
+PLIST_VARS+= ldap nls
+
.if !empty(PKG_OPTIONS:Mnls)
. include "../../devel/gettext-lib/buildlink3.mk"
CONFIGURE_ARGS+= --enable-nls
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/patches/patch-Makefile.in
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sudo/patches/patch-Makefile.in Tue Aug 14 13:18:37 2018 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-Makefile.in,v 1.1 2018/08/14 13:18:38 adam Exp $
+
+Don't setuid here.
+
+--- Makefile.in.orig 2015-10-31 23:35:07.000000000 +0000
++++ Makefile.in
+@@ -63,7 +63,8 @@ SHELL = @SHELL@
+ SED = @SED@
+
+ INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
+-INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
++#INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
++INSTALL_OWNER =
+
+ ECHO_N = @ECHO_N@
+ ECHO_C = @ECHO_C@
+@@ -129,7 +130,7 @@ install-doc: config.status ChangeLog
+ exit $$?; \
+ done
+
+-install: config.status ChangeLog pre-install install-nls
++install: config.status ChangeLog install-nls
+ for d in $(SUBDIRS); do \
+ (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \
+ exit $$?; \
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/patches/patch-aa
--- a/security/sudo/patches/patch-aa Tue Aug 14 13:08:57 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-$NetBSD: patch-aa,v 1.32 2016/01/09 11:22:12 adam Exp $
-
-* Don't setuid here.
-
---- Makefile.in.orig 2015-10-31 23:35:07.000000000 +0000
-+++ Makefile.in
-@@ -63,7 +63,8 @@ SHELL = @SHELL@
- SED = @SED@
-
- INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
--INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
-+#INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
-+INSTALL_OWNER =
-
- ECHO_N = @ECHO_N@
- ECHO_C = @ECHO_C@
-@@ -129,7 +130,7 @@ install-doc: config.status ChangeLog
- exit $$?; \
- done
-
--install: config.status ChangeLog pre-install install-nls
-+install: config.status ChangeLog install-nls
- for d in $(SUBDIRS); do \
- (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \
- exit $$?; \
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/patches/patch-af
--- a/security/sudo/patches/patch-af Tue Aug 14 13:08:57 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-$NetBSD: patch-af,v 1.34 2017/05/30 16:14:56 maya Exp $
-
-* Add "--with-nbsdops" option, NetBSD standard options.
-* Link with util(3) in the case of DragonFly, too.
-* When specified "--with-kerb5" option, test existence of several functions
- even if there is krb5-config. krb5-config dosen't give all definitions for
- functions (HAVE_KRB5_*).
-* Remove setting sysconfdir to "/etc".
-
---- configure.ac.orig 2016-06-22 16:36:23.000000000 +0000
-+++ configure.ac
-@@ -447,6 +447,20 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi
- ;;
- esac])
-
-+AC_ARG_WITH(nbsdops, [AS_HELP_STRING([--with-nbsdops], [add NetBSD standard opt
-+ions])],
-+[case $with_nbsdops in
-+ yes) echo 'Adding NetBSD standard options'
-+ CHECKSIA=false
-+ with_ignore_dot=yes
-+ with_env_editor=yes
-+ with_tty_tickets=yes
-+ ;;
-+ no) ;;
-+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
-+ ;;
-+esac])
-+
- AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
- [case $with_passwd in
- yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
-@@ -1971,7 +1985,7 @@ case "$host" in
- : ${mansectsu='1m'}
- : ${mansectform='4'}
- ;;
-- *-*-linux*|*-*-k*bsd*-gnu)
-+ *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
- shadow_funcs="getspnam"
- test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
-@@ -2329,7 +2343,7 @@ SUDO_MAILDIR
- if test ${with_logincap-'no'} != "no"; then
- AC_CHECK_HEADERS([login_cap.h], [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1
- case "$OS" in
-- freebsd|netbsd)
-+ dragonfly*|freebsd|netbsd)
- SUDO_LIBS="${SUDO_LIBS} -lutil"
- SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
- ;;
-@@ -3441,6 +3455,8 @@ if test ${with_kerb5-'no'} != "no"; then
- ])
- AUTH_OBJS="$AUTH_OBJS kerb5.lo"
- fi
-+fi
-+if test ${with_kerb5-'no'} != "no"; then
- _LIBS="$LIBS"
- LIBS="${LIBS} ${SUDOERS_LIBS}"
- AC_CHECK_FUNCS([krb5_verify_user krb5_init_secure_context])
-@@ -4292,7 +4308,7 @@ test "$datarootdir" = '${prefix}/share'
- test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
- test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
- test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
--test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-+dnl test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-
- dnl
- dnl Substitute into the Makefile and man pages
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/patches/patch-ag
--- a/security/sudo/patches/patch-ag Tue Aug 14 13:08:57 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,132 +0,0 @@
-$NetBSD: patch-ag,v 1.26 2017/05/31 02:33:12 maya Exp $
-
-* Add "--with-nbsdops" option, NetBSD standard options.
-* Link with util(3) in the case of DragonFly, too.
-* When specified "--with-kerb5" option, test existence of several functions
- even if there is krb5-config. krb5-config dosen't give all definitions for
- functions (HAVE_KRB5_*).
-* Remove setting sysconfdir to "/etc".
-
---- configure.orig 2017-05-29 20:33:06.000000000 +0000
-+++ configure
-@@ -865,6 +865,7 @@ with_libpath
- with_libraries
- with_efence
- with_csops
-+with_nbsdops
- with_passwd
- with_skey
- with_opie
-@@ -1571,7 +1572,7 @@ Fine tuning of the installation director
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
-- --sysconfdir=DIR read-only single-machine data [/etc]
-+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
-@@ -1674,6 +1675,7 @@ Optional Packages:
- --with-libraries additional libraries to link with
- --with-efence link with -lefence for malloc() debugging
- --with-csops add CSOps standard options
-+ --with-nbsdops add NetBSD standard opt ions
- --without-passwd don't use passwd/shadow file for authentication
- --with-skey[=DIR] enable S/Key support
- --with-opie[=DIR] enable OPIE support
-@@ -4746,6 +4748,23 @@ fi
-
-
-
-+# Check whether --with-nbsdops was given.
-+if test "${with_nbsdops+set}" = set; then :
-+ withval=$with_nbsdops; case $with_nbsdops in
-+ yes) echo 'Adding NetBSD standard options'
-+ CHECKSIA=false
-+ with_ignore_dot=yes
-+ with_env_editor=yes
-+ with_tty_tickets=yes
-+ ;;
-+ no) ;;
-+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
-+ ;;
-+esac
-+fi
-+
-+
Home |
Main Index |
Thread Index |
Old Index