diff options
author | taca <taca@pkgsrc.org> | 2008-03-11 15:52:51 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2008-03-11 15:52:51 +0000 |
commit | 8755b076197e9b1941843b1d4f68778a6289ccce (patch) | |
tree | ab9fba9caab4171c05ef3d3c76b70ecc0630c516 | |
parent | 0ca093afb9961e6611de21eea6b1c8ee27aa417a (diff) | |
download | pkgsrc-8755b076197e9b1941843b1d4f68778a6289ccce.tar.gz |
Update sudo package to 1.6.9p14.
pkgsrc changes:
- Explict to depends security/heimdal package when kerberos option is
specified. PR pkg/37999 should be fixed.
Change:
646) Sudo will now set the nproc resource limit to unlimited on Linux
systems to work around Linux's setuid() resource limit semantics.
On PAM systems the resource limits will be reset by pam_limits.so
before the command is executed.
647) SELinux support that can be used to implement role based access
control (RBAC). A role and (optional) type may be specified
in sudoers or on the command line. These are then used in the
security context that the command is run as.
648) Fixed a Kerberos 5 compilation problem with MIT Kerberos.
Sudo 1.6.9p13 released.
649) Fixed an invalid assumption in the PAM conversation function
introduced in version 1.6.9p9. The conversation function may
be called for non-password reading purposes as well.
650) Fixed freeing an uninitialized pointer in -l mode, introduced in
version 1.6.9p13.
651) Check /etc/sudoers after LDAP even if the user was found in LDAP.
This allows Defaults options in /etc/sudoers to take effect.
652) Add missing checks for enforcing mode in SELinux RBAC mode.
Sudo 1.6.9p14 released.
-rw-r--r-- | security/sudo/Makefile | 7 | ||||
-rw-r--r-- | security/sudo/distinfo | 15 | ||||
-rw-r--r-- | security/sudo/options.mk | 4 | ||||
-rw-r--r-- | security/sudo/patches/patch-aa | 13 | ||||
-rw-r--r-- | security/sudo/patches/patch-af | 14 | ||||
-rw-r--r-- | security/sudo/patches/patch-ag | 18 | ||||
-rw-r--r-- | security/sudo/patches/patch-ai | 16 |
7 files changed, 53 insertions, 34 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile index ed787881217..75367c86037 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.108 2008/01/22 12:45:24 taca Exp $ +# $NetBSD: Makefile,v 1.109 2008/03/11 15:52:51 taca Exp $ # -DISTNAME= sudo-1.6.9p12 -PKGREVISION= 1 +DISTNAME= sudo-1.6.9p14 CATEGORIES= security MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.courtesan.com/pub/sudo/ \ @@ -12,7 +11,7 @@ MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ http://netmirror.org/mirror/ftp.sudo.ws/ \ http://www.courtesan.com/sudo/dist/OLD/ \ http://www.courtesan.com/sudo/dist/beta/ -DIST_SUBDIR= ${DISTNAME}-20080122 +DIST_SUBDIR= ${DISTNAME}-200803090 MAINTAINER= kim@tac.nyc.ny.us HOMEPAGE= http://www.courtesan.com/sudo/ diff --git a/security/sudo/distinfo b/security/sudo/distinfo index 422a89b8899..09c9da2a0cf 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.52 2008/01/22 12:45:24 taca Exp $ +$NetBSD: distinfo,v 1.53 2008/03/11 15:52:51 taca Exp $ -SHA1 (sudo-1.6.9p12-20080122/sudo-1.6.9p12.tar.gz) = c2b07c68d2026fb3e7786b2c9a8fb0c519a830f8 -RMD160 (sudo-1.6.9p12-20080122/sudo-1.6.9p12.tar.gz) = fe07ead5c328b35fc0c84946d71469f4620ddd06 -Size (sudo-1.6.9p12-20080122/sudo-1.6.9p12.tar.gz) = 581936 bytes -SHA1 (patch-aa) = 90e5a64fc621efc5f4bcb4bc3dc0dce44704391f -SHA1 (patch-af) = c0a594c8b3a665dc0a84f40754a46bcd7e17ea49 -SHA1 (patch-ag) = c3442810139581c003e2c5d911df1bcbdcfc0008 +SHA1 (sudo-1.6.9p14-200803090/sudo-1.6.9p14.tar.gz) = 71ac10f51c1b3d6338ac936fe39be3009ea4dbb4 +RMD160 (sudo-1.6.9p14-200803090/sudo-1.6.9p14.tar.gz) = 8516c9f0a6468e07174ffda310f55013841e3fba +Size (sudo-1.6.9p14-200803090/sudo-1.6.9p14.tar.gz) = 589298 bytes +SHA1 (patch-aa) = a843d22064eb6008146443d9e9b7f0a3196705b3 +SHA1 (patch-af) = cd9eac03f4d78a5b9d2702bc7e1952a26ea8ca92 +SHA1 (patch-ag) = a2eb0b1b0aef7325e14cbd5fed8d517b5b4eba2d +SHA1 (patch-ai) = d28c1288955a443a726928723400b4d32d546b71 diff --git a/security/sudo/options.mk b/security/sudo/options.mk index 9aa39b459f2..2a3223bd894 100644 --- a/security/sudo/options.mk +++ b/security/sudo/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.14 2007/09/26 05:47:46 bjs Exp $ +# $NetBSD: options.mk,v 1.15 2008/03/11 15:52:51 taca Exp $ # PKG_OPTIONS_VAR= PKG_OPTIONS.sudo @@ -21,6 +21,8 @@ CONFIGURE_ARGS+= --without-pam .endif .if !empty(PKG_OPTIONS:Mkerberos) +KRB5_ACCEPTED= heimdal +IS_BUILTIN.heimdal= no . include "../../mk/krb5.buildlink3.mk" CONFIGURE_ARGS+= --without-kerb4 CONFIGURE_ARGS+= --with-kerb5 diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa index 4af6c46bb53..56f3863eb08 100644 --- a/security/sudo/patches/patch-aa +++ b/security/sudo/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.17 2008/01/03 23:17:48 rillig Exp $ +$NetBSD: patch-aa,v 1.18 2008/03/11 15:52:51 taca Exp $ ---- Makefile.in.orig 2007-10-26 00:52:02.000000000 +0900 +--- Makefile.in.orig 2008-03-05 21:41:08.000000000 +0900 +++ Makefile.in -@@ -186,7 +186,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c +@@ -187,7 +187,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c sudo_noexec.la: sudo_noexec.lo @@ -11,7 +11,7 @@ $NetBSD: patch-aa,v 1.17 2008/01/03 23:17:48 rillig Exp $ # Uncomment the following if you want "make distclean" to clean the parser @DEV@PARSESRCS = sudo.tab.h sudo.tab.c lex.yy.c def_data.c def_data.h -@@ -301,20 +301,20 @@ sudoers.man:: sudoers.man.in +@@ -303,20 +303,20 @@ sudoers.man:: sudoers.man.in sudoers.cat: sudoers.man @@ -30,13 +30,14 @@ $NetBSD: patch-aa,v 1.17 2008/01/03 23:17:48 rillig Exp $ + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 4511 -s sudo $(DESTDIR)$(sudodir)/sudo rm -f $(DESTDIR)$(sudodir)/sudoedit ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit - - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo +-@SELINUX@ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0511 -s visudo $(DESTDIR)$(visudodir)/visudo ++@SELINUX@ $(INSTALL) -o $(install_uid) -g $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh install-noexec: sudo_noexec.la $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir) -@@ -324,15 +324,15 @@ bininst-noexec: sudo_noexec.la +@@ -326,15 +326,15 @@ bininst-noexec: sudo_noexec.la install-sudoers: test -f $(DESTDIR)$(sudoersdir)/sudoers || \ diff --git a/security/sudo/patches/patch-af b/security/sudo/patches/patch-af index e4152b639da..13ff0e6e969 100644 --- a/security/sudo/patches/patch-af +++ b/security/sudo/patches/patch-af @@ -1,16 +1,16 @@ -$NetBSD: patch-af,v 1.19 2007/11/12 11:12:16 taca Exp $ +$NetBSD: patch-af,v 1.20 2008/03/11 15:52:51 taca Exp $ ---- configure.in.orig 2007-10-25 01:43:25.000000000 +0900 +--- configure.in.orig 2008-02-20 03:27:32.000000000 +0900 +++ configure.in -@@ -129,7 +129,6 @@ dnl - test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man' +@@ -142,7 +142,6 @@ else + fi test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' -test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' dnl dnl Deprecated --with options (these all warn or generate an error) -@@ -252,6 +251,19 @@ AC_ARG_WITH(csops, [ --with-csops +@@ -265,6 +264,19 @@ AC_ARG_WITH(csops, [ --with-csops ;; esac]) @@ -30,9 +30,9 @@ $NetBSD: patch-af,v 1.19 2007/11/12 11:12:16 taca Exp $ AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication], [case $with_passwd in yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) -@@ -1634,7 +1646,7 @@ fi +@@ -1661,7 +1673,7 @@ fi if test ${with_logincap-'no'} != "no"; then - AC_CHECK_HEADERS(login_cap.h, [ + AC_CHECK_HEADERS(login_cap.h, [LCMAN="" case "$OS" in - freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" + dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" diff --git a/security/sudo/patches/patch-ag b/security/sudo/patches/patch-ag index b84c4ff384b..8b2c5abd65e 100644 --- a/security/sudo/patches/patch-ag +++ b/security/sudo/patches/patch-ag @@ -1,8 +1,8 @@ -$NetBSD: patch-ag,v 1.11 2007/11/12 11:12:16 taca Exp $ +$NetBSD: patch-ag,v 1.12 2008/03/11 15:52:51 taca Exp $ ---- configure.orig 2007-10-24 02:19:18.000000000 +0900 +--- configure.orig 2008-02-20 03:27:07.000000000 +0900 +++ configure -@@ -1436,7 +1436,7 @@ Fine tuning of the installation director +@@ -1441,7 +1441,7 @@ Fine tuning of the installation director --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] @@ -11,7 +11,7 @@ $NetBSD: patch-ag,v 1.11 2007/11/12 11:12:16 taca Exp $ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] -@@ -1506,6 +1506,7 @@ Optional Packages: +@@ -1511,6 +1511,7 @@ Optional Packages: --with-devel add development options --with-efence link with -lefence for malloc() debugging --with-csops add CSOps standard options @@ -19,15 +19,15 @@ $NetBSD: patch-ag,v 1.11 2007/11/12 11:12:16 taca Exp $ --without-passwd don't use passwd/shadow file for authentication --with-skey=DIR enable S/Key support --with-opie=DIR enable OPIE support -@@ -2119,7 +2120,6 @@ shadow_libs_optional= - test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man' +@@ -2138,7 +2139,6 @@ else + fi test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' -test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' -@@ -2311,6 +2311,23 @@ fi +@@ -2330,6 +2330,23 @@ fi @@ -51,9 +51,9 @@ $NetBSD: patch-ag,v 1.11 2007/11/12 11:12:16 taca Exp $ # Check whether --with-passwd was given. if test "${with_passwd+set}" = set; then withval=$with_passwd; case $with_passwd in -@@ -13675,7 +13692,7 @@ if test `eval echo '${'$as_ac_Header'}'` +@@ -13717,7 +13734,7 @@ if test `eval echo '${'$as_ac_Header'}'` _ACEOF - + LCMAN="" case "$OS" in - freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" + dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" diff --git a/security/sudo/patches/patch-ai b/security/sudo/patches/patch-ai new file mode 100644 index 00000000000..84e6770b5a3 --- /dev/null +++ b/security/sudo/patches/patch-ai @@ -0,0 +1,16 @@ +$NetBSD: patch-ai,v 1.4 2008/03/11 15:52:51 taca Exp $ + +--- auth/kerb5.c.orig 2008-02-14 07:17:41.000000000 +0900 ++++ auth/kerb5.c +@@ -220,11 +220,7 @@ kerb5_verify(pw, pass, auth) + + done: + if (opts) { +-#ifdef HAVE_HEIMDAL +- krb5_get_init_creds_opt_free(opts); +-#else + krb5_get_init_creds_opt_free(sudo_context, opts); +-#endif + } + if (creds) + krb5_free_cred_contents(sudo_context, creds); |