pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/sudo sudo: updated to 1.9.11p3
details: https://anonhg.NetBSD.org/pkgsrc/rev/5aa5b0b439cb
branches: trunk
changeset: 381367:5aa5b0b439cb
user: adam <adam%pkgsrc.org@localhost>
date: Tue Jul 05 11:01:38 2022 +0000
description:
sudo: updated to 1.9.11p3
What's new in Sudo 1.9.11p3
* Fixed "connection reset" errors on AIX when running shell scripts
with the "intercept" or "log_subcmds" sudoers options enabled.
* Fixed very slow execution of shell scripts when the "intercept"
or "log_subcmds" sudoers options are set on systems that enable
Nagle's algorithm on the loopback device, such as AIX.
What's new in Sudo 1.9.11p2
* Fixed a compilation error on Linux/x86_64 with the x32 ABI.
* Fixed a regression introduced in 1.9.11p1 that caused a warning
when logging to sudo_logsrvd if the command returned no output.
What's new in Sudo 1.9.11p1
* Correctly handle EAGAIN in the I/O read/right events. This fixes
a hang seen on some systems when piping a large amount of data
through sudo, such as via rsync.
* Changes to avoid implementation or unspecified behavior when
bit shifting signed values in the protobuf library.
* Fixed a compilation error on Linux/aarch64.
* Fixed the configure check for seccomp(2) support on Linux.
* Corrected the EBNF specification for tags in the sudoers manual
page.
What's new in Sudo 1.9.11
* Fixed a crash in the Python module with Python 3.9.10 on some
systems. Additionally, "make check" now passes for Python 3.9.10.
* Error messages sent via email now include more details, including
the file name and the line number and column of the error.
Multiple errors are sent in a single message. Previously, only
the first error was included.
* Fixed logging of parse errors in JSON format. Previously,
the JSON logger would not write entries unless the command and
runuser were set. These may not be known at the time a parse
error is encountered.
* Fixed a potential crash parsing sudoers lines larger than twice
the value of LINE_MAX on systems that lack the getdelim() function.
* The tests run by "make check" now unset the LANGUAGE environment
variable. Otherwise, localization strings will not match if
LANGUAGE is set to a non-English locale.
* The "starttime" test now passed when run under Debian faketime.
* The Kerberos authentication module now honors the custom password
prompt if one has been specified.
* The embedded copy of zlib has been updated to version 1.2.12.
* Updated the version of libtool used by sudo to version 2.4.7.
* Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE
in the header files (currently only GNU libc). This is required
to allow the use of 64-bit time values on some 32-bit systems.
* Sudo's "intercept" and "log_subcmds" options no longer force the
command to run in its own pseudo-terminal. It is now also
possible to intercept the system(3) function.
* Fixed a bug in sudo_logsrvd when run in store-first relay mode
where the commit point messages sent by the server were incorrect
if the command was suspended or received a window size change
event.
* Fixed a potential crash in sudo_logsrvd when the "tls_dhparams"
configuration setting was used.
* The "intercept" and "log_subcmds" functionality can now use
ptrace(2) on Linux systems that support seccomp(2) filtering.
This has the advantage of working for both static and dynamic
binaries and can work with sudo's SELinux RBAC mode. The following
architectures are currently supported: i386, x86_64, aarch64,
arm, mips (log_subcmds only), powerpc, riscv, and s390x. The
default is to use ptrace(2) where possible; the new "intercept_type"
sudoers setting can be used to explicitly set the type.
* New Georgian translation from translationproject.org.
* Fixed creating packages on CentOS Stream.
* Fixed a bug in the intercept and log_subcmds support where
the execve(2) wrapper was using the current environment instead
of the passed environment pointer.
* Added AppArmor integration for Linux. A sudoers rule can now
specify an APPARMOR_PROFILE option to run a command confined by
the named AppArmor profile.
* Fixed parsing of the "server_log" setting in sudo_logsrvd.conf.
Non-paths were being treated as paths and an actual path was
treated as an error.
diffstat:
security/sudo/Makefile | 4 ++--
security/sudo/PLIST | 5 +++--
security/sudo/distinfo | 11 +++++------
security/sudo/patches/patch-configure | 22 +++++++++++-----------
security/sudo/patches/patch-logsrvd_Makefile.in | 15 ---------------
5 files changed, 21 insertions(+), 36 deletions(-)
diffs (170 lines):
diff -r 4b9f647f2911 -r 5aa5b0b439cb security/sudo/Makefile
--- a/security/sudo/Makefile Tue Jul 05 11:00:16 2022 +0000
+++ b/security/sudo/Makefile Tue Jul 05 11:01:38 2022 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.189 2022/05/24 09:47:54 nia Exp $
+# $NetBSD: Makefile,v 1.190 2022/07/05 11:01:38 adam Exp $
-DISTNAME= sudo-1.9.10
+DISTNAME= sudo-1.9.11p3
CATEGORIES= security
MASTER_SITES= https://www.sudo.ws/dist/
MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
diff -r 4b9f647f2911 -r 5aa5b0b439cb security/sudo/PLIST
--- a/security/sudo/PLIST Tue Jul 05 11:00:16 2022 +0000
+++ b/security/sudo/PLIST Tue Jul 05 11:01:38 2022 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.21 2022/05/14 06:48:11 adam Exp $
+@comment $NetBSD: PLIST,v 1.22 2022/07/05 11:01:38 adam Exp $
bin/cvtsudoers
bin/sudo
bin/sudoedit
@@ -15,12 +15,12 @@
man/man5/sudo.conf.5
man/man5/sudo_logsrv.proto.5
man/man5/sudo_logsrvd.conf.5
+man/man5/sudo_plugin.5
man/man5/sudoers.5
${PLIST.ldap}man/man5/sudoers.ldap.5
man/man5/sudoers_timestamp.5
man/man8/sudo.8
man/man8/sudo_logsrvd.8
-man/man8/sudo_plugin.8
man/man8/sudo_sendlog.8
man/man8/sudoedit.8
man/man8/sudoreplay.8
@@ -82,6 +82,7 @@
${PLIST.nls}share/locale/it/LC_MESSAGES/sudoers.mo
${PLIST.nls}share/locale/ja/LC_MESSAGES/sudo.mo
${PLIST.nls}share/locale/ja/LC_MESSAGES/sudoers.mo
+${PLIST.nls}share/locale/ka/LC_MESSAGES/sudo.mo
${PLIST.nls}share/locale/ko/LC_MESSAGES/sudo.mo
${PLIST.nls}share/locale/ko/LC_MESSAGES/sudoers.mo
${PLIST.nls}share/locale/lt/LC_MESSAGES/sudoers.mo
diff -r 4b9f647f2911 -r 5aa5b0b439cb security/sudo/distinfo
--- a/security/sudo/distinfo Tue Jul 05 11:00:16 2022 +0000
+++ b/security/sudo/distinfo Tue Jul 05 11:01:38 2022 +0000
@@ -1,13 +1,12 @@
-$NetBSD: distinfo,v 1.121 2022/06/03 07:58:34 wiz Exp $
+$NetBSD: distinfo,v 1.122 2022/07/05 11:01:38 adam Exp $
-BLAKE2s (sudo-1.9.10.tar.gz) = ebb57832c11e2ebc608ba5f293c1df59228e0bca2ddc2b79ffdb46ae19dc5426
-SHA512 (sudo-1.9.10.tar.gz) = 65cf92b67b64413cb807da8b9602fc90b75e5b30dd1402d682ca36f276a3d6209a8a59c14e463898abc9856bc56263e5ba4bb6d44774f56a2885a9eea4a35375
-Size (sudo-1.9.10.tar.gz) = 4516568 bytes
+BLAKE2s (sudo-1.9.11p3.tar.gz) = 12883ca22e2ee8a3a6351ac6118bf30844d9341b25512dbf26b24c80d12e0bb3
+SHA512 (sudo-1.9.11p3.tar.gz) = ad5c3d623547d1e3016e1a721676fee6d6b7348e77b2c234041e0af40c7220e8934c8c27beef0d12fa6df11708d37de711dacfefc135d26de46abca7f91c55d1
+Size (sudo-1.9.11p3.tar.gz) = 4826520 bytes
SHA1 (patch-Makefile.in) = 1a83c55d27829013e2e23073046c5c39b020fafe
-SHA1 (patch-configure) = f8ca2d1902ff5878a219ec754cf5e608e00c5ef3
+SHA1 (patch-configure) = da1f0d89f7dc5d56734fc69f190189ccdfc8b043
SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409
SHA1 (patch-lib_logsrv_Makefile.in) = 301c317c806edeee8ce7b44a5431cd38defb3a54
SHA1 (patch-lib_protobuf-c_Makefile.in) = 122e432fb0da36b998778a1b71130f0c3785f575
-SHA1 (patch-logsrvd_Makefile.in) = b3672406368384dfbfe7ef3e6fcd141d43cbc026
SHA1 (patch-plugins_sudoers_Makefile.in) = d2981bb9841f6bb4b1c80f5c2f2727fbf9579501
SHA1 (patch-src_Makefile.in) = 0642684c2d4b3a89259f7d27908f5ec8070969ec
diff -r 4b9f647f2911 -r 5aa5b0b439cb security/sudo/patches/patch-configure
--- a/security/sudo/patches/patch-configure Tue Jul 05 11:00:16 2022 +0000
+++ b/security/sudo/patches/patch-configure Tue Jul 05 11:01:38 2022 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-configure,v 1.8 2022/05/14 05:41:00 adam Exp $
+$NetBSD: patch-configure,v 1.9 2022/07/05 11:01:38 adam Exp $
* Add "--with-nbsdops" option, NetBSD standard options.
* Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,9 @@
functions (HAVE_KRB5_*).
* Remove setting sysconfdir to "/etc".
---- configure.orig 2022-03-03 18:29:40.000000000 +0000
+--- configure.orig 2022-06-20 22:58:38.000000000 +0000
+++ configure
-@@ -937,6 +937,7 @@ with_incpath
+@@ -940,6 +940,7 @@ with_incpath
with_libpath
with_libraries
with_csops
@@ -17,7 +17,7 @@
with_passwd
with_skey
with_opie
-@@ -1673,7 +1674,7 @@ Fine tuning of the installation director
+@@ -1677,7 +1678,7 @@ Fine tuning of the installation director
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
@@ -26,7 +26,7 @@
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
-@@ -1801,6 +1802,7 @@ Optional Packages:
+@@ -1805,6 +1806,7 @@ Optional Packages:
--with-libpath additional places to look for libraries
--with-libraries additional libraries to link with
--with-csops add CSOps standard options
@@ -34,7 +34,7 @@
--without-passwd don't use passwd/shadow file for authentication
--with-skey[=DIR] enable S/Key support
--with-opie[=DIR] enable OPIE support
-@@ -5222,6 +5224,23 @@ fi
+@@ -5230,6 +5232,23 @@ fi
@@ -58,7 +58,7 @@
# Check whether --with-passwd was given.
if test ${with_passwd+y}
then :
-@@ -17655,7 +17674,7 @@ fi
+@@ -17818,7 +17837,7 @@ fi
: ${mansectform='4'}
: ${mansectmisc='5'}
;;
@@ -66,8 +66,8 @@
+ *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
shadow_funcs="getspnam"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
-@@ -19579,7 +19598,7 @@ then :
+ # Check for SECCOMP_MODE_FILTER in linux/seccomp.h
+@@ -19760,7 +19779,7 @@ then :
LOGINCAP_USAGE='[-c class] '; LCMAN=1
with_logincap=yes
case "$OS" in
@@ -76,7 +76,7 @@
SUDO_LIBS="${SUDO_LIBS} -lutil"
SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
;;
-@@ -27725,6 +27744,8 @@ fi
+@@ -27964,6 +27983,8 @@ fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
AUTH_OBJS="$AUTH_OBJS kerb5.lo"
fi
@@ -85,7 +85,7 @@
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDOERS_LIBS}"
ac_fn_c_check_func "$LINENO" "krb5_verify_user" "ac_cv_func_krb5_verify_user"
-@@ -32277,7 +32298,6 @@ test "$docdir" = '${datarootdir}/doc/${P
+@@ -32536,7 +32557,6 @@ test "$docdir" = '${datarootdir}/doc/${P
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run'
diff -r 4b9f647f2911 -r 5aa5b0b439cb security/sudo/patches/patch-logsrvd_Makefile.in
--- a/security/sudo/patches/patch-logsrvd_Makefile.in Tue Jul 05 11:00:16 2022 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-logsrvd_Makefile.in,v 1.2 2021/03/18 08:57:48 adam Exp $
-
-Fix build error.
-
---- logsrvd/Makefile.in.orig 2021-03-13 15:47:23.000000000 +0000
-+++ logsrvd/Makefile.in
-@@ -45,7 +45,7 @@ INSTALL_BACKUP = @INSTALL_BACKUP@
- # Libraries
- LT_LIBS = $(top_builddir)/lib/iolog/libsudo_iolog.la \
- $(top_builddir)/lib/logsrv/liblogsrv.la
--LIBS = $(LT_LIBS) @LIBTLS@
-+LIBS = $(LT_LIBS) @LIBTLS@ @LIBS@
-
- # C preprocessor defines
- CPPDEFS = -D_PATH_SUDO_LOGSRVD_CONF=\"$(sysconfdir)/sudo_logsrvd.conf\" \
Home |
Main Index |
Thread Index |
Old Index