pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/sudo sudo: updated to 1.8.22



details:   https://anonhg.NetBSD.org/pkgsrc/rev/82b79ac3b872
branches:  trunk
changeset: 376706:82b79ac3b872
user:      adam <adam%pkgsrc.org@localhost>
date:      Wed Mar 07 09:17:06 2018 +0000

description:
sudo: updated to 1.8.22

What's new in Sudo 1.8.22

* Commands run in the background from a script run via sudo will
  no longer receive SIGHUP when the parent exits and I/O logging
  is enabled.

* A particularly offensive insult is now disabled by default.

* The description of "sudo -i" now correctly documents that
  the "env_keep" and "env_check" sudoers options are applied to
  the environment.

* Fixed a crash when the system's host name is not set.

* The sudoers2ldif script now handles #include and #includedir
  directives.

* Fixed a bug where sudo would silently exit when the command was
  not allowed by sudoers and the "passwd_tries" sudoers option
  was set to a value less than one.

* Fixed a bug with the "listpw" and "verifypw" sudoers options and
  multiple sudoers sources.  If the option is set to "all", a
  password should be required unless none of a user's sudoers
  entries from any source require authentication.

* Fixed a bug with the "listpw" and "verifypw" sudoers options in
  the LDAP and SSSD back-ends.  If the option is set to "any", and
  the entry contained multiple rules, only the first matching rule
  was checked.  If an entry contained more than one matching rule
  and the first rule required authentication but a subsequent rule
  did not, sudo would prompt for a password when it should not have.

* When running a command as the invoking user (not root), sudo
  would execute the command with the same group vector it was
  started with.  Sudo now executes the command with a new group
  vector based on the group database which is consistent with
  how su(1) operates.

* Fixed a double free in the SSSD back-end that could occur when
  ipa_hostname is present in sssd.conf and is set to an unqualified
  host name.

* When I/O logging is enabled, sudo will now write to the terminal
  even when it is a background process.  Previously, sudo would
  only write to the tty when it was the foreground process when
  I/O logging was enabled.  If the TOSTOP terminal flag is set,
  sudo will suspend the command (and then itself) with the SIGTTOU
  signal.

* A new "authfail_message" sudoers option that overrides the
  default "N incorrect password attempt(s)".

* An empty sudoRunAsUser attribute in the LDAP and SSSD backends
  will now match the invoking user.  This is more consistent with
  how an empty runas user in the sudoers file is treated.

* Documented that in check mode, visudo does not check the owner/mode
  on files specified with the -f flag.

* It is now an error to specify the runas user as an empty string
  on the command line.  Previously, an empty runas user was treated
  the same as an unspecified runas user.

* When "timestamp_type" option is set to "tty" and a terminal is
  present, the time stamp record will now include the start time
  of the session leader.  When the "timestamp_type" option is set
  to "ppid" or when no terminal is available, the start time of
  the parent process is used instead.  This significantly reduces
  the likelihood of a time stamp record being re-used when a user
  logs out and back in again.

* The sudoers time stamp file format is now documented in the new
  sudoers_timestamp manual.

* The "timestamp_type" option now takes a "kernel" value on OpenBSD
  systems.  This causes the tty-based time stamp to be stored in
  the kernel instead of on the file system.  If no tty is present,
  the time stamp is considered to be invalid.

* Visudo will now use the SUDO_EDITOR environment variable (if
  present) in addition to VISUAL and EDITOR.

diffstat:

 security/sudo/Makefile                                |   7 ++++---
 security/sudo/PLIST                                   |   3 ++-
 security/sudo/distinfo                                |  15 +++++++--------
 security/sudo/options.mk                              |   4 ++--
 security/sudo/patches/patch-lib_util_gethostname.c    |  16 ----------------
 security/sudo/patches/patch-plugins_sudoers_logging.c |   6 +++---
 security/sudo/patches/patch-src_Makefile.in           |   6 +++---
 7 files changed, 21 insertions(+), 36 deletions(-)

diffs (133 lines):

diff -r 4139d1b0965a -r 82b79ac3b872 security/sudo/Makefile
--- a/security/sudo/Makefile    Wed Mar 07 08:25:22 2018 +0000
+++ b/security/sudo/Makefile    Wed Mar 07 09:17:06 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.158 2018/01/14 15:29:38 maya Exp $
+# $NetBSD: Makefile,v 1.159 2018/03/07 09:17:06 adam Exp $
 
-DISTNAME=      sudo-1.8.21p2
-PKGREVISION=   1
+DISTNAME=      sudo-1.8.22
 CATEGORIES=    security
 MASTER_SITES=  https://www.sudo.ws/dist/
 MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
@@ -46,6 +45,8 @@
 CFLAGS+=       -D_INCOMPLETE_XOPEN_C063=1
 .endif
 
+TEST_TARGET=           check
+
 .include "options.mk"
 
 OWN_DIRS+=             ${VARBASE}/run
diff -r 4139d1b0965a -r 82b79ac3b872 security/sudo/PLIST
--- a/security/sudo/PLIST       Wed Mar 07 08:25:22 2018 +0000
+++ b/security/sudo/PLIST       Wed Mar 07 09:17:06 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.10 2017/11/30 07:39:33 triaxx Exp $
+@comment $NetBSD: PLIST,v 1.11 2018/03/07 09:17:06 adam Exp $
 bin/sudo
 bin/sudoedit
 bin/sudoreplay
@@ -11,6 +11,7 @@
 man/man5/sudo.conf.5
 man/man5/sudoers.5
 ${PLIST.ldap}man/man5/sudoers.ldap.5
+man/man5/sudoers_timestamp.5
 man/man8/sudo.8
 man/man8/sudo_plugin.8
 man/man8/sudoedit.8
diff -r 4139d1b0965a -r 82b79ac3b872 security/sudo/distinfo
--- a/security/sudo/distinfo    Wed Mar 07 08:25:22 2018 +0000
+++ b/security/sudo/distinfo    Wed Mar 07 09:17:06 2018 +0000
@@ -1,16 +1,15 @@
-$NetBSD: distinfo,v 1.94 2018/01/14 15:29:38 maya Exp $
+$NetBSD: distinfo,v 1.95 2018/03/07 09:17:06 adam Exp $
 
-SHA1 (sudo-1.8.21p2.tar.gz) = 1a2410517a5e7b74f422b120adedf508b346df66
-RMD160 (sudo-1.8.21p2.tar.gz) = fbac868cbf7261a4e9bda538ac93792b6512628c
-SHA512 (sudo-1.8.21p2.tar.gz) = f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c
-Size (sudo-1.8.21p2.tar.gz) = 2976081 bytes
+SHA1 (sudo-1.8.22.tar.gz) = 44f0588f17392b62af53cf314239bf37c567a9c4
+RMD160 (sudo-1.8.22.tar.gz) = e9ddbd31a2d9669691f71ce8fd9aec675af9107f
+SHA512 (sudo-1.8.22.tar.gz) = 5ce10a9302d25bb726e347499d26a0b3697446cfcdf0fd9094ee35198db7b023d5250a53fdcb4184d1a09f5fd2a78fc645bc8e80f265666b05a91f62f49b0695
+Size (sudo-1.8.22.tar.gz) = 3029051 bytes
 SHA1 (patch-aa) = 63c89e6d4e530ab92b7452f4025fbbf2a45dad65
 SHA1 (patch-af) = db54ce780c174129e2a25a87f3e3a926596c68b2
 SHA1 (patch-ag) = 460b9575346c263b944535aa8e2408e959840c77
 SHA1 (patch-include_sudo__compat.h) = 4f9b021ebdd507949f13e289deabdb6090ab334c
 SHA1 (patch-include_sudo__event.h) = 4d0787a45c2c7d4a7d3ae3111ccb3a4a4b84d083
-SHA1 (patch-lib_util_gethostname.c) = 5ec89ca91d483277c844a9e8941ece37918864c8
 SHA1 (patch-plugins_sudoers_Makefile.in) = d8612ac7bf2f5a892d9720c4df91810ca807f4ed
-SHA1 (patch-plugins_sudoers_logging.c) = a42e54af2b6057804aecb3b6a48c565e8ac4df82
-SHA1 (patch-src_Makefile.in) = fc2b7ea0835d7fe3192fb12cac8ab2eac61bf132
+SHA1 (patch-plugins_sudoers_logging.c) = 700ac9540a82bea4f3106cea941b785e5bd31203
+SHA1 (patch-src_Makefile.in) = cc6398a810dc394d8e4b50f2b2412cda839c0ca9
 SHA1 (patch-src_sudo__edit.c) = ef411520ccefbd36bb4adf3329e6144e54647372
diff -r 4139d1b0965a -r 82b79ac3b872 security/sudo/options.mk
--- a/security/sudo/options.mk  Wed Mar 07 08:25:22 2018 +0000
+++ b/security/sudo/options.mk  Wed Mar 07 09:17:06 2018 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: options.mk,v 1.20 2016/02/26 09:41:07 jperkin Exp $
+# $NetBSD: options.mk,v 1.21 2018/03/07 09:17:06 adam Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.sudo
 PKG_SUPPORTED_OPTIONS= ldap nls
-PKG_OPTIONS_OPTIONAL_GROUPS= auth
+PKG_OPTIONS_OPTIONAL_GROUPS=auth
 PKG_OPTIONS_GROUP.auth=        kerberos pam skey
 
 .if ${OPSYS} == "NetBSD" && exists(/usr/include/skey.h)
diff -r 4139d1b0965a -r 82b79ac3b872 security/sudo/patches/patch-lib_util_gethostname.c
--- a/security/sudo/patches/patch-lib_util_gethostname.c        Wed Mar 07 08:25:22 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-$NetBSD: patch-lib_util_gethostname.c,v 1.1 2018/01/14 15:29:38 maya Exp $
-
-Avoid segfault if hostname is not set
-(upstream commit)
-
---- lib/util/gethostname.c.orig        2017-01-14 04:30:15.000000000 +0000
-+++ lib/util/gethostname.c
-@@ -42,7 +42,7 @@ sudo_gethostname_v1(void)
- 
-     hname = malloc(host_name_max + 1);
-     if (hname != NULL) {
--      if (gethostname(hname, host_name_max + 1) == 0) {
-+      if (gethostname(hname, host_name_max + 1) == 0 && *hname != '\0') {
-           /* Old gethostname() may not NUL-terminate if there is no room. */
-           hname[host_name_max] = '\0';
-       } else {
diff -r 4139d1b0965a -r 82b79ac3b872 security/sudo/patches/patch-plugins_sudoers_logging.c
--- a/security/sudo/patches/patch-plugins_sudoers_logging.c     Wed Mar 07 08:25:22 2018 +0000
+++ b/security/sudo/patches/patch-plugins_sudoers_logging.c     Wed Mar 07 09:17:06 2018 +0000
@@ -1,10 +1,10 @@
-$NetBSD: patch-plugins_sudoers_logging.c,v 1.1 2016/01/01 17:00:49 spz Exp $
+$NetBSD: patch-plugins_sudoers_logging.c,v 1.2 2018/03/07 09:17:06 adam Exp $
 
 Make sure CODESET is actually defined, for the sake of
 old NetBSD versions
 
---- ./plugins/sudoers/logging.c.orig   2015-10-31 23:35:25.000000000 +0000
-+++ ./plugins/sudoers/logging.c
+--- plugins/sudoers/logging.c.orig     2015-10-31 23:35:25.000000000 +0000
++++ plugins/sudoers/logging.c
 @@ -722,7 +722,7 @@ send_mail(const char *fmt, ...)
            (void) fputc(*p, mail);
      }
diff -r 4139d1b0965a -r 82b79ac3b872 security/sudo/patches/patch-src_Makefile.in
--- a/security/sudo/patches/patch-src_Makefile.in       Wed Mar 07 08:25:22 2018 +0000
+++ b/security/sudo/patches/patch-src_Makefile.in       Wed Mar 07 09:17:06 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: patch-src_Makefile.in,v 1.2 2017/05/30 16:14:56 maya Exp $
+$NetBSD: patch-src_Makefile.in,v 1.3 2018/03/07 09:17:06 adam Exp $
 
 * install the suid sudo without write-bits
 
---- ./src/Makefile.in.orig     2015-10-31 23:35:25.000000000 +0000
-+++ ./src/Makefile.in
+--- src/Makefile.in.orig       2015-10-31 23:35:25.000000000 +0000
++++ src/Makefile.in
 @@ -198,7 +198,7 @@ install-rc: install-dirs
        fi
  



Home | Main Index | Thread Index | Old Index