pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/sudo sudo: updated to 1.8.23



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b823f1e8863a
branches:  trunk
changeset: 383938:b823f1e8863a
user:      adam <adam%pkgsrc.org@localhost>
date:      Tue Aug 14 13:18:37 2018 +0000

description:
sudo: updated to 1.8.23

Sudo 1.8.23

 * PAM account management modules and BSD auto approval modules are
   now run even when no password is required.

 * For kernel-based time stamps, if no terminal is present, fall
   back to parent-pid style time stamps.

 * The new cvtsudoers utility replaces both the "sudoers2ldif" script
   and the "visudo -x" functionality.  It can read a file in either
   sudoers or LDIF format and produce JSON, LDIF or sudoers output.
   It is also possible to filter the generated output file by user,
   group or host name.

 * The file, ldap and sss sudoers backends now share a common set
   of formatting functions for "sudo -l" output, which is also used
   by the cvtsudoers utility.

 * The /run directory is now used in preference to /var/run if it
   exists.

 * More accurate descriptions of the --with-rundir and --with-vardir
   configure options.

 * The setpassent() and setgroupent() functions are now used on systems
   that support them to keep the passwd and group database open.
   Sudo performs a lot of passwd and group lookups so it can be
   beneficial to avoid opening and closing the files each time.

 * The new case_insensitive_user and case_insensitive_group sudoers
   options can be used to control whether sudo does case-sensitive
   matching of users and groups in sudoers.  Case insensitive
   matching is now the default.

 * Fixed a bug on some systems where sudo could hang on command
   exit when I/O logging was enabled.

 * Fixed the build-time process start time test on Linux when the
   test is run from within a container.

 * When determining which temporary directory to use, sudoedit now
   checks the directory for writability before using it.  Previously,
   sudoedit only performed an existence check.

 * Sudo now includes an optional set of Monty Python-inspired insults.

 * Fixed the execution of scripts with an associated digest (checksum)
   in sudoers on FreeBSD systems.  FreeBSD does not have a proper
   /dev/fd directory mounted by default and its fexecve(2) is not
   fully POSIX compliant when executing scripts.

 * Chinese (Taiwan) translation for sudo from translationproject.org.

diffstat:

 security/sudo/Makefile                                  |   10 +-
 security/sudo/PLIST                                     |    5 +-
 security/sudo/distinfo                                  |   16 +-
 security/sudo/options.mk                                |    4 +-
 security/sudo/patches/patch-Makefile.in                 |   25 +++
 security/sudo/patches/patch-aa                          |   25 ---
 security/sudo/patches/patch-af                          |   68 --------
 security/sudo/patches/patch-ag                          |  132 ----------------
 security/sudo/patches/patch-configure                   |  132 ++++++++++++++++
 security/sudo/patches/patch-plugins_sudoers_starttime.c |   15 +
 10 files changed, 190 insertions(+), 242 deletions(-)

diffs (truncated from 531 to 300 lines):

diff -r d9bd78da0900 -r b823f1e8863a security/sudo/Makefile
--- a/security/sudo/Makefile    Tue Aug 14 13:08:57 2018 +0000
+++ b/security/sudo/Makefile    Tue Aug 14 13:18:37 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.160 2018/05/02 21:21:10 wiz Exp $
+# $NetBSD: Makefile,v 1.161 2018/08/14 13:18:37 adam Exp $
 
-DISTNAME=      sudo-1.8.22
-PKGREVISION=   1
+DISTNAME=      sudo-1.8.23
 CATEGORIES=    security
 MASTER_SITES=  https://www.sudo.ws/dist/
 MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
@@ -29,9 +28,11 @@
 CONFIGURE_ENV+=                NROFFPROG=${CAT:Q}
 CONFIGURE_ENV+=                mansectsu=8
 CONFIGURE_ENV+=                mansectform=5
+TEST_TARGET=           check
 
 .include "../../mk/bsd.prefs.mk"
 
+PLIST_VARS+=           noexec
 .if ${OPSYS} == "Darwin"
 CONFIGURE_ARGS+=       --with-noexec=no
 CONFIGURE_ENV+=                ax_cv_check_cflags___static_libgcc=no
@@ -46,13 +47,10 @@
 CFLAGS+=       -D_INCOMPLETE_XOPEN_C063=1
 .endif
 
-TEST_TARGET=           check
-
 .include "options.mk"
 
 OWN_DIRS+=             ${VARBASE}/run
 BUILD_DEFS+=           VARBASE
-PLIST_VARS+=           ldap nls noexec
 
 DOCDIR=                        share/doc/${PKGBASE}
 EGDIR=                 share/examples/${PKGBASE}
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/PLIST
--- a/security/sudo/PLIST       Tue Aug 14 13:08:57 2018 +0000
+++ b/security/sudo/PLIST       Tue Aug 14 13:18:37 2018 +0000
@@ -1,4 +1,5 @@
-@comment $NetBSD: PLIST,v 1.12 2018/05/02 07:33:13 triaxx Exp $
+@comment $NetBSD: PLIST,v 1.13 2018/08/14 13:18:37 adam Exp $
+bin/cvtsudoers
 bin/sudo
 bin/sudoedit
 bin/sudoreplay
@@ -8,6 +9,7 @@
 ${PLIST.noexec}lib/sudo/sudo_noexec.la
 lib/sudo/sudoers.la
 lib/sudo/system_group.la
+man/man1/cvtsudoers.1
 man/man5/sudo.conf.5
 man/man5/sudoers.5
 ${PLIST.ldap}man/man5/sudoers.ldap.5
@@ -30,7 +32,6 @@
 ${PLIST.ldap}share/doc/sudo/schema.ActiveDirectory
 ${PLIST.ldap}share/doc/sudo/schema.OpenLDAP
 ${PLIST.ldap}share/doc/sudo/schema.iPlanet
-${PLIST.ldap}share/doc/sudo/sudoers2ldif
 share/examples/sudo/pam.conf
 share/examples/sudo/sudo.conf
 share/examples/sudo/sudoers
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/distinfo
--- a/security/sudo/distinfo    Tue Aug 14 13:08:57 2018 +0000
+++ b/security/sudo/distinfo    Tue Aug 14 13:18:37 2018 +0000
@@ -1,15 +1,15 @@
-$NetBSD: distinfo,v 1.95 2018/03/07 09:17:06 adam Exp $
+$NetBSD: distinfo,v 1.96 2018/08/14 13:18:37 adam Exp $
 
-SHA1 (sudo-1.8.22.tar.gz) = 44f0588f17392b62af53cf314239bf37c567a9c4
-RMD160 (sudo-1.8.22.tar.gz) = e9ddbd31a2d9669691f71ce8fd9aec675af9107f
-SHA512 (sudo-1.8.22.tar.gz) = 5ce10a9302d25bb726e347499d26a0b3697446cfcdf0fd9094ee35198db7b023d5250a53fdcb4184d1a09f5fd2a78fc645bc8e80f265666b05a91f62f49b0695
-Size (sudo-1.8.22.tar.gz) = 3029051 bytes
-SHA1 (patch-aa) = 63c89e6d4e530ab92b7452f4025fbbf2a45dad65
-SHA1 (patch-af) = db54ce780c174129e2a25a87f3e3a926596c68b2
-SHA1 (patch-ag) = 460b9575346c263b944535aa8e2408e959840c77
+SHA1 (sudo-1.8.23.tar.gz) = 8db5a01eda3a14e8b40af7ee1ed6d38660463430
+RMD160 (sudo-1.8.23.tar.gz) = f24c9115cc6601cc94d78842e8d7c15d2039f19a
+SHA512 (sudo-1.8.23.tar.gz) = a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342
+Size (sudo-1.8.23.tar.gz) = 3150674 bytes
+SHA1 (patch-Makefile.in) = 279c7ad0f7f85ea7bc2d4beb5aa21abdf6237a7c
+SHA1 (patch-configure) = 460b9575346c263b944535aa8e2408e959840c77
 SHA1 (patch-include_sudo__compat.h) = 4f9b021ebdd507949f13e289deabdb6090ab334c
 SHA1 (patch-include_sudo__event.h) = 4d0787a45c2c7d4a7d3ae3111ccb3a4a4b84d083
 SHA1 (patch-plugins_sudoers_Makefile.in) = d8612ac7bf2f5a892d9720c4df91810ca807f4ed
 SHA1 (patch-plugins_sudoers_logging.c) = 700ac9540a82bea4f3106cea941b785e5bd31203
+SHA1 (patch-plugins_sudoers_starttime.c) = ab051d327a2b01736ab9ceefe7e6f03e0e2f1ee6
 SHA1 (patch-src_Makefile.in) = cc6398a810dc394d8e4b50f2b2412cda839c0ca9
 SHA1 (patch-src_sudo__edit.c) = ef411520ccefbd36bb4adf3329e6144e54647372
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/options.mk
--- a/security/sudo/options.mk  Tue Aug 14 13:08:57 2018 +0000
+++ b/security/sudo/options.mk  Tue Aug 14 13:18:37 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.21 2018/03/07 09:17:06 adam Exp $
+# $NetBSD: options.mk,v 1.22 2018/08/14 13:18:37 adam Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.sudo
 PKG_SUPPORTED_OPTIONS= ldap nls
@@ -13,6 +13,8 @@
 
 .include "../../mk/bsd.options.mk"
 
+PLIST_VARS+=           ldap nls
+
 .if !empty(PKG_OPTIONS:Mnls)
 .  include "../../devel/gettext-lib/buildlink3.mk"
 CONFIGURE_ARGS+=       --enable-nls
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/patches/patch-Makefile.in
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sudo/patches/patch-Makefile.in   Tue Aug 14 13:18:37 2018 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-Makefile.in,v 1.1 2018/08/14 13:18:38 adam Exp $
+
+Don't setuid here.
+
+--- Makefile.in.orig   2015-10-31 23:35:07.000000000 +0000
++++ Makefile.in
+@@ -63,7 +63,8 @@ SHELL = @SHELL@
+ SED = @SED@
+ 
+ INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
+-INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
++#INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
++INSTALL_OWNER =
+ 
+ ECHO_N = @ECHO_N@
+ ECHO_C = @ECHO_C@
+@@ -129,7 +130,7 @@ install-doc: config.status ChangeLog
+           exit $$?; \
+       done
+ 
+-install: config.status ChangeLog pre-install install-nls
++install: config.status ChangeLog install-nls
+       for d in $(SUBDIRS); do \
+           (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \
+           exit $$?; \
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/patches/patch-aa
--- a/security/sudo/patches/patch-aa    Tue Aug 14 13:08:57 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-$NetBSD: patch-aa,v 1.32 2016/01/09 11:22:12 adam Exp $
-
-* Don't setuid here.
-
---- Makefile.in.orig   2015-10-31 23:35:07.000000000 +0000
-+++ Makefile.in
-@@ -63,7 +63,8 @@ SHELL = @SHELL@
- SED = @SED@
- 
- INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
--INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
-+#INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
-+INSTALL_OWNER =
- 
- ECHO_N = @ECHO_N@
- ECHO_C = @ECHO_C@
-@@ -129,7 +130,7 @@ install-doc: config.status ChangeLog
-           exit $$?; \
-       done
- 
--install: config.status ChangeLog pre-install install-nls
-+install: config.status ChangeLog install-nls
-       for d in $(SUBDIRS); do \
-           (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \
-           exit $$?; \
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/patches/patch-af
--- a/security/sudo/patches/patch-af    Tue Aug 14 13:08:57 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-$NetBSD: patch-af,v 1.34 2017/05/30 16:14:56 maya Exp $
-
-* Add "--with-nbsdops" option, NetBSD standard options.
-* Link with util(3) in the case of DragonFly, too.
-* When specified "--with-kerb5" option, test existence of several functions
-  even if there is krb5-config.  krb5-config dosen't give all definitions for
-  functions (HAVE_KRB5_*).
-* Remove setting sysconfdir to "/etc".
-
---- configure.ac.orig  2016-06-22 16:36:23.000000000 +0000
-+++ configure.ac
-@@ -447,6 +447,20 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi
-               ;;
- esac])
- 
-+AC_ARG_WITH(nbsdops, [AS_HELP_STRING([--with-nbsdops], [add NetBSD standard opt
-+ions])],
-+[case $with_nbsdops in
-+    yes)       echo 'Adding NetBSD standard options'
-+               CHECKSIA=false
-+               with_ignore_dot=yes
-+               with_env_editor=yes
-+               with_tty_tickets=yes
-+               ;;
-+    no)                ;;
-+    *)         echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
-+               ;;
-+esac])
-+
- AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
- [case $with_passwd in
-     yes|no)   AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
-@@ -1971,7 +1985,7 @@ case "$host" in
-               : ${mansectsu='1m'}
-               : ${mansectform='4'}
-               ;;
--    *-*-linux*|*-*-k*bsd*-gnu)
-+    *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
-               shadow_funcs="getspnam"
-               test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
-               # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
-@@ -2329,7 +2343,7 @@ SUDO_MAILDIR
- if test ${with_logincap-'no'} != "no"; then
-     AC_CHECK_HEADERS([login_cap.h], [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1
-       case "$OS" in
--          freebsd|netbsd)
-+          dragonfly*|freebsd|netbsd)
-               SUDO_LIBS="${SUDO_LIBS} -lutil"
-               SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
-               ;;
-@@ -3441,6 +3455,8 @@ if test ${with_kerb5-'no'} != "no"; then
-       ])
-       AUTH_OBJS="$AUTH_OBJS kerb5.lo"
-     fi
-+fi
-+if test ${with_kerb5-'no'} != "no"; then
-     _LIBS="$LIBS"
-     LIBS="${LIBS} ${SUDOERS_LIBS}"
-     AC_CHECK_FUNCS([krb5_verify_user krb5_init_secure_context])
-@@ -4292,7 +4308,7 @@ test "$datarootdir" = '${prefix}/share' 
- test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
- test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
- test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
--test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-+dnl test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
- 
- dnl
- dnl Substitute into the Makefile and man pages
diff -r d9bd78da0900 -r b823f1e8863a security/sudo/patches/patch-ag
--- a/security/sudo/patches/patch-ag    Tue Aug 14 13:08:57 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,132 +0,0 @@
-$NetBSD: patch-ag,v 1.26 2017/05/31 02:33:12 maya Exp $
-
-* Add "--with-nbsdops" option, NetBSD standard options.
-* Link with util(3) in the case of DragonFly, too.
-* When specified "--with-kerb5" option, test existence of several functions
-  even if there is krb5-config.  krb5-config dosen't give all definitions for
-  functions (HAVE_KRB5_*).
-* Remove setting sysconfdir to "/etc".
-
---- configure.orig     2017-05-29 20:33:06.000000000 +0000
-+++ configure
-@@ -865,6 +865,7 @@ with_libpath
- with_libraries
- with_efence
- with_csops
-+with_nbsdops
- with_passwd
- with_skey
- with_opie
-@@ -1571,7 +1572,7 @@ Fine tuning of the installation director
-   --bindir=DIR            user executables [EPREFIX/bin]
-   --sbindir=DIR           system admin executables [EPREFIX/sbin]
-   --libexecdir=DIR        program executables [EPREFIX/libexec]
--  --sysconfdir=DIR        read-only single-machine data [/etc]
-+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
-   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
-   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
-   --libdir=DIR            object code libraries [EPREFIX/lib]
-@@ -1674,6 +1675,7 @@ Optional Packages:
-   --with-libraries        additional libraries to link with
-   --with-efence           link with -lefence for malloc() debugging
-   --with-csops            add CSOps standard options
-+  --with-nbsdops          add NetBSD standard opt ions
-   --without-passwd        don't use passwd/shadow file for authentication
-   --with-skey[=DIR]       enable S/Key support
-   --with-opie[=DIR]       enable OPIE support
-@@ -4746,6 +4748,23 @@ fi
- 
- 
- 
-+# Check whether --with-nbsdops was given.
-+if test "${with_nbsdops+set}" = set; then :
-+  withval=$with_nbsdops; case $with_nbsdops in
-+    yes)       echo 'Adding NetBSD standard options'
-+               CHECKSIA=false
-+               with_ignore_dot=yes
-+               with_env_editor=yes
-+               with_tty_tickets=yes
-+               ;;
-+    no)                ;;
-+    *)         echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
-+               ;;
-+esac
-+fi
-+
-+



Home | Main Index | Thread Index | Old Index