pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/sudo sudo: updated to 1.9.7



details:   https://anonhg.NetBSD.org/pkgsrc/rev/e0a2d596f5bb
branches:  trunk
changeset: 453288:e0a2d596f5bb
user:      adam <adam%pkgsrc.org@localhost>
date:      Thu May 27 05:40:44 2021 +0000

description:
sudo: updated to 1.9.7

What's new in Sudo 1.9.7

 * The "fuzz" Makefile target now runs all the fuzzers for 8192
   passes (can be overridden via the FUZZ_RUNS variable).  This makes
   it easier to run the fuzzers in-tree.  To run a fuzzer indefinitely,
   set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".

 * Fixed fuzzing on FreeBSD where the ld.lld linker returns an
   error by default when a symbol is multiply-defined.

 * Added support for determining local IPv6 addresses on systems
   that lack the getifaddrs() function.  This now works on AIX,
   HP-UX and Solaris (at least).

 * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
   report a usage error.  Also, when invoked as sudoedit, sudo now
   allows a more restricted set of options that matches the usage
   statement and documentation.

 * Fixed a crash in sudo_sendlog when the specified certificate
   or key does not exist or is invalid.

 * Fixed a compilation error when sudo is configured with the
   --disable-log-client option.

 * Sudo's limited support for SUCCESS=return entries in nsswitch.conf
   is now documented.

 * Sudo now requires autoconf 2.70 or higher to regenerate the
   configure script.

 * sudo_logsrvd now has a relay mode which can be used to create
   a hierarchy of log servers.  By default, when a relay server is
   defined, messages from the client are forwarded immediately to
   the relay.  However, if the "store_first" setting is enabled,
   the log will be stored locally until the command completes and
   then relayed.

 * Sudo now links with OpenSSL by default if it is available unless
   the --disable-openssl configure option is used or both the
   --disable-log-client and --disable-log-server configure options
   are specified.

 * Fixed configure's Python version detection when the version minor
   number is more than a single digit, for example Python 3.10.

 * The sudo Python module tests now pass for Python 3.10.

 * Sudo will now avoid changing the datasize resource limit
   as long as the existing value is at least 1GB.  This works around
   a problem on 64-bit HP-UX where it is not possible to exactly
   restore the original datasize limit.

 * Fixed a race condition that could result in a hang when sudo is
   executed by a process where the SIGCHLD handler is set to SIG_IGN.

 * Fixed an out-of-bounds read in sudoedit and visudo when the
   EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
   unescaped backslash.  Also fixed the handling of quote characters
   that are escaped by a backslash.

 * Fixed a bug that prevented the "log_server_verify" sudoers option
   from taking effect.

 * The sudo_sendlog utility has a new -s option to cause it to stop
   sending I/O records after a user-specified elapsed time.  This
   can be used to test the I/O log restart functionality of sudo_logsrvd.

 * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
   attempting to restart an interrupted I/O log transfer.

 * The TLS connection timeout in the sudoers log client was previously
   hard-coded to 10 seconds.  It now uses the value of log_server_timeout.

 * The configure script now outputs a summary of the user-configurable
   options at the end, separate from output of configure script tests.

 * Corrected the description of which groups may be specified via the
   -g option in the Runas_Spec section.

diffstat:

 security/sudo/Makefile                  |   4 ++--
 security/sudo/distinfo                  |  14 +++++++-------
 security/sudo/patches/patch-Makefile.in |  13 ++++++-------
 security/sudo/patches/patch-configure   |  24 ++++++++++++------------
 4 files changed, 27 insertions(+), 28 deletions(-)

diffs (150 lines):

diff -r ae118a8e9431 -r e0a2d596f5bb security/sudo/Makefile
--- a/security/sudo/Makefile    Thu May 27 05:39:17 2021 +0000
+++ b/security/sudo/Makefile    Thu May 27 05:40:44 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.184 2021/03/18 08:57:48 adam Exp $
+# $NetBSD: Makefile,v 1.185 2021/05/27 05:40:44 adam Exp $
 
-DISTNAME=      sudo-1.9.6p1
+DISTNAME=      sudo-1.9.7
 CATEGORIES=    security
 MASTER_SITES=  https://www.sudo.ws/dist/
 MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
diff -r ae118a8e9431 -r e0a2d596f5bb security/sudo/distinfo
--- a/security/sudo/distinfo    Thu May 27 05:39:17 2021 +0000
+++ b/security/sudo/distinfo    Thu May 27 05:40:44 2021 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.115 2021/03/18 08:57:48 adam Exp $
+$NetBSD: distinfo,v 1.116 2021/05/27 05:40:44 adam Exp $
 
-SHA1 (sudo-1.9.6p1.tar.gz) = c83e90c50f79004922a6fc5229601fe121d52f50
-RMD160 (sudo-1.9.6p1.tar.gz) = 638da407f15c36debf6bce797f7a6f10caf6c0df
-SHA512 (sudo-1.9.6p1.tar.gz) = 632dfe72f04ce9a7a5a7236fcd5c09ce4535e695ced49d24dd848e3a7b1bea7380df44188b9e475af4271069539b5a5816948a98fbb0649ebebaba8b4c4b7745
-Size (sudo-1.9.6p1.tar.gz) = 4119888 bytes
-SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560
-SHA1 (patch-configure) = 162f6f3ac244f2ea0c3cc06884079fbceff276ca
+SHA1 (sudo-1.9.7.tar.gz) = e439530f86550c495a8d066a140a0230cbba1874
+RMD160 (sudo-1.9.7.tar.gz) = 3ef3c559c5f90d52406e92c5ce71f09c12c4a82c
+SHA512 (sudo-1.9.7.tar.gz) = 53e9f18f6c0acd4f80c0cd695cd23781310e9edd305d1b3ea19653efa3fd7faba149daef0ba4953615b140a8816bc980c9bd8d28545dd8db98075abf11b63e61
+Size (sudo-1.9.7.tar.gz) = 4194242 bytes
+SHA1 (patch-Makefile.in) = 1a83c55d27829013e2e23073046c5c39b020fafe
+SHA1 (patch-configure) = 375f43b8555f4e8fe2c4c1529c20abc1f550fa5c
 SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409
 SHA1 (patch-logsrvd_Makefile.in) = b3672406368384dfbfe7ef3e6fcd141d43cbc026
 SHA1 (patch-plugins_sudoers_Makefile.in) = d2981bb9841f6bb4b1c80f5c2f2727fbf9579501
diff -r ae118a8e9431 -r e0a2d596f5bb security/sudo/patches/patch-Makefile.in
--- a/security/sudo/patches/patch-Makefile.in   Thu May 27 05:39:17 2021 +0000
+++ b/security/sudo/patches/patch-Makefile.in   Thu May 27 05:40:44 2021 +0000
@@ -1,20 +1,19 @@
-$NetBSD: patch-Makefile.in,v 1.2 2019/12/28 20:43:56 kim Exp $
+$NetBSD: patch-Makefile.in,v 1.3 2021/05/27 05:40:45 adam Exp $
 
 Don't setuid here.
 
---- Makefile.in.orig   2019-10-28 15:51:30.000000000 +0200
-+++ Makefile.in        2019-12-28 21:41:28.028886752 +0200
-@@ -64,7 +64,8 @@
+--- Makefile.in.orig   2021-05-11 20:54:52.000000000 +0000
++++ Makefile.in
+@@ -73,7 +73,7 @@ SHELL = @SHELL@
  SED = @SED@
  
- INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
+ INSTALL = $(SHELL) $(scriptdir)/install-sh -c
 -INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
-+#INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
 +INSTALL_OWNER =
  
  ECHO_N = @ECHO_N@
  ECHO_C = @ECHO_C@
-@@ -165,7 +166,7 @@
+@@ -186,7 +186,7 @@ install-doc: config.status ChangeLog
            exit $$?; \
        done
  
diff -r ae118a8e9431 -r e0a2d596f5bb security/sudo/patches/patch-configure
--- a/security/sudo/patches/patch-configure     Thu May 27 05:39:17 2021 +0000
+++ b/security/sudo/patches/patch-configure     Thu May 27 05:40:44 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-configure,v 1.6 2021/03/18 08:57:48 adam Exp $
+$NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
 
 * Add "--with-nbsdops" option, NetBSD standard options.
 * Link with util(3) in the case of DragonFly, too.
@@ -7,17 +7,17 @@
   functions (HAVE_KRB5_*).
 * Remove setting sysconfdir to "/etc".
 
---- configure.orig     2021-03-15 16:50:00.000000000 +0000
+--- configure.orig     2021-05-11 20:54:52.000000000 +0000
 +++ configure
-@@ -920,6 +920,7 @@ with_libpath
+@@ -920,6 +920,7 @@ with_incpath
+ with_libpath
  with_libraries
- with_efence
  with_csops
 +with_nbsdops
  with_passwd
  with_skey
  with_opie
-@@ -1652,7 +1653,7 @@ Fine tuning of the installation director
+@@ -1653,7 +1654,7 @@ Fine tuning of the installation director
    --bindir=DIR            user executables [EPREFIX/bin]
    --sbindir=DIR           system admin executables [EPREFIX/sbin]
    --libexecdir=DIR        program executables [EPREFIX/libexec]
@@ -27,14 +27,14 @@
    --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
    --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
 @@ -1776,6 +1777,7 @@ Optional Packages:
+   --with-libpath          additional places to look for libraries
    --with-libraries        additional libraries to link with
-   --with-efence           link with -lefence for malloc() debugging
    --with-csops            add CSOps standard options
 +  --with-nbsdops          add NetBSD standard options
    --without-passwd        don't use passwd/shadow file for authentication
    --with-skey[=DIR]       enable S/Key support
    --with-opie[=DIR]       enable OPIE support
-@@ -5203,6 +5205,23 @@ fi
+@@ -5184,6 +5186,23 @@ fi
  
  
  
@@ -58,7 +58,7 @@
  # Check whether --with-passwd was given.
  if test ${with_passwd+y}
  then :
-@@ -16699,7 +16718,7 @@ fi
+@@ -16373,7 +16392,7 @@ fi
                : ${mansectsu='1m'}
                : ${mansectform='4'}
                ;;
@@ -67,16 +67,16 @@
                shadow_funcs="getspnam"
                test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
                # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
-@@ -18732,7 +18751,7 @@ then :
-   printf "%s\n" "#define HAVE_LOGIN_CAP_H 1" >>confdefs.h
+@@ -18253,7 +18272,7 @@ then :
   LOGINCAP_USAGE='[-c class] '; LCMAN=1
+       with_logincap=yes
        case "$OS" in
 -          freebsd*|netbsd*)
 +          dragonfly*|freebsd*|netbsd*)
                SUDO_LIBS="${SUDO_LIBS} -lutil"
                SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
                ;;
-@@ -25528,6 +25547,8 @@ fi
+@@ -25171,6 +25190,8 @@ fi
  rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
        AUTH_OBJS="$AUTH_OBJS kerb5.lo"
      fi
@@ -85,7 +85,7 @@
      _LIBS="$LIBS"
      LIBS="${LIBS} ${SUDOERS_LIBS}"
      ac_fn_c_check_func "$LINENO" "krb5_verify_user" "ac_cv_func_krb5_verify_user"
-@@ -29695,7 +29716,6 @@ test "$docdir" = '${datarootdir}/doc/${P
+@@ -29359,7 +29380,6 @@ test "$docdir" = '${datarootdir}/doc/${P
  test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
  test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
  test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run'



Home | Main Index | Thread Index | Old Index