diff options
| author | tron <tron> | 2010-09-11 17:24:15 +0000 |
|---|---|---|
| committer | tron <tron> | 2010-09-11 17:24:15 +0000 |
| commit | 1c720e9601a73bb50b26a6e7ad6b74daa2c8be4c (patch) | |
| tree | 0bb63a29e2a7dbdbe4959a73517d0c1756552986 | |
| parent | 610e3c3b080fdee5aed8c0b8bd47be060944bd6e (diff) | |
| download | pkgsrc-1c720e9601a73bb50b26a6e7ad6b74daa2c8be4c.tar.gz | |
Pullup ticket #3220 - requested by spz
security/sudo: security update
Revisions pulled up:
- security/sudo/Makefile 1.122-1.123
- security/sudo/PLIST 1.5
- security/sudo/distinfo 1.64-1.65
- security/sudo/patches/patch-aa 1.24
- security/sudo/patches/patch-af 1.24-1.25
- security/sudo/patches/patch-ag 1.15-1.16
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 5 03:08:10 UTC 2010
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
pkgsrc/security/sudo/patches: patch-af patch-ag
Log Message:
Update sudo package to 1.7.2p8.
Major changes between sudo 1.7.2p7 and 1.7.2p8:
* Fixed a crash on AIX when LDAP support is in use.
* Fixed problems with the QAS non-Unix group support
---
Module Name: pkgsrc
Committed By: spz
Date: Fri Sep 10 17:11:27 UTC 2010
Modified Files:
pkgsrc/security/sudo: Makefile PLIST distinfo
pkgsrc/security/sudo/patches: patch-aa patch-af patch-ag
Log Message:
updating to the latest and greatest (and less a bunch of security
relevant bugs) version:
Major changes between version 1.7.4p3 and 1.7.4p4:
* A potential security issue has been fixed with respect to the
handling of sudo's -g command line option when -u is also
specified. The flaw may allow an attacker to run commands as a
user that is not authorized by the sudoers file.
* A bug has been fixed where "sudo -l" output was incomplete if
multiple sudoers sources were defined in nsswitch.conf and there
was an error querying one of the sources.
* The log_input, log_output, and use_pty sudoers options now work
correctly on AIX. Previously, sudo would hang if they were
enabled.
* Fixed "make install" when sudo is built in a directory other
than the directory that holds the sources.
* The runas_default sudoers setting now works properly in a
per-command Defaults line.
* Suspending and resuming the bash shell when PAM is in use now
works properly. The SIGCONT signal was not being propagated to
the child process.
Major changes between version 1.7.4p2 and 1.7.4p3:
* A bug has been fixed where duplicate HOME environment variables
could be set when the env_reset setting was disabled and the
always_set_home setting was enabled in sudoers.
* The value of sysconfdir is now substituted into the path to the
sudoers.d directory in the installed sudoers file.
* Fixed compilation problems on Irix and other platforms.
* If multiple PAM "auth" actions are specified and the user enters
^C at the password prompt, sudo will now abort any subsequent
"auth" actions. Previously it was necessary to enter ^C once for
each "auth" action.
Major changes between version 1.7.4p1 and 1.7.4p2:
* Fixed a bug where sudo could spin in a cpu loop waiting for the
child process.
* Packaging fixes for sudo.pp to better handle patchlevels.
Major changes between version 1.7.4 and 1.7.4p1:
* Fix a bug introduced in sudo 1.7.3 that prevented the -k and -K
options from functioning when the tty_tickets sudoers option was
enabled.
* Sudo no longer prints a warning when the -k or -K options are
specified and the ticket file does not exist.
* Changes to the configure script to enable cross-compilation of
Sudo.
Major changes between version 1.7.3 and 1.7.4:
* Sudoedit will now preserve the file extension in the name of the
temporary file being edited. The extension is used by some
editors (such as emacs) to choose the editing mode.
* Time stamp files have moved from /var/run/sudo to either
/var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories
are checked for existence in that order. This prevents users
from receiving the sudo lecture every time the system reboots.
Time stamp files older than the boot time are ignored on systems
where it is possible to determine this.
* Ancillary documentation (README files, LICENSE, etc) is now
installed in a sudo documentation directory.
* Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
in ldap.conf.
* Defaults settings that are tied to a user, host or command may
now include the negation operator. For example:
Defaults:!millert lecture
will match any user but millert.
* The default PATH environment variable, used when no PATH variable
exists, now includes /usr/sbin and /sbin.
* Sudo now uses polypkg for cross-platform packing.
* On Linux, sudo will now restore the nproc resource limit before
executing a command, unless the limit appears to have been
modified by pam_limits. This avoids a problem with bash scripts
that open more than 32 descriptors on SuSE Linux, where
sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set
to RLIMIT_UNLIMITED (-1).
* Visudo will now treat an unrecognized Defaults entry as a parse
error (sudo will warn but still run).
* The HOME and MAIL environment variables are now reset based on
the target user's password database entry when the env_reset
sudoers option is enabled (which is the case in the default
configuration). Users wishing to preserve the original values
should use a sudoers entry like:
Defaults env_keep += HOME
to preserve the old value of HOME and
Defaults env_keep += MAIL
to preserve the old value of MAIL.
* The tty_tickets option is now on by default.
* Fixed a problem in the restoration of the AIX authdb registry
setting.
* If PAM is in use, wait until the process has finished before
closing the PAM session.
* Fixed "sudo -i -u user" where user has no shell listed in the
password database.
* When logging I/O, sudo now handles pty read/write returning ENXIO,
as seen on FreeBSD when the login session has been killed.
* Sudo now performs I/O logging in the C locale. This avoids
locale-related issues when parsing floating point numbers in the
timing file.
* Added support for Ubuntu-style admin flag dot files.
Major changes between version 1.7.2p8 and 1.7.3:
* Support for logging a command's input and output as well as the
ability to replay sessions. For more information, see the
documentation for the log_input and log_output Defaults options
in the sudoers manual. Also see the sudoreplay manual for
information on replaying I/O log sessions.
* The use_pty sudoers option can be used to force a command to be
run in a pseudo-pty, even when I/O logging is not enabled.
* On some systems, sudo can now detect when a user has logged out
and back in again when tty-based time stamps are in use.
Supported systems include Solaris systems with the devices file
system, Mac OS X, and Linux systems with the devpts filesystem
(pseudo-ttys only).
* On AIX systems, the registry setting in /etc/security/user is
now taken into account when looking up users and groups.
Sudo now applies the correct the user and group ids when running
a command as a user whose account details come from a different
source (e.g. LDAP or DCE vs. local files).
* Support for multiple sudoers_base and uri entries in ldap.conf.
When multiple entries are listed, sudo will try each one in the
order in which they are specified.
* Sudo's SELinux support should now function correctly when running
commands as a non-root user and when one of stdin, stdout or stderr
is not a terminal.
* Sudo will now use the Linux audit system with configure with the
--with-linux-audit flag.
* Sudo now uses mbr_check_membership() on systems that support it
to determine group membership. Currently, only Darwin (Mac OS X)
supports this.
* When the tty_tickets sudoers option is enabled but there is no
terminal device, sudo will no longer use or create a tty-based
ticket file. Previously, sudo would use a tty name of "unknown".
As a consequence, if a user has no terminal device, sudo will now
always prompt for a password.
* The passwd_timeout and timestamp_timeout options may now be
specified as floating point numbers for more granular timeout
values.
* Negating the fqdn option in sudoers now works correctly when sudo
is configured with the --with-fqdn option. In previous versions
of sudo the fqdn was set before sudoers was parsed.
| -rw-r--r-- | security/sudo/Makefile | 6 | ||||
| -rw-r--r-- | security/sudo/PLIST | 12 | ||||
| -rw-r--r-- | security/sudo/distinfo | 14 | ||||
| -rw-r--r-- | security/sudo/patches/patch-aa | 62 | ||||
| -rw-r--r-- | security/sudo/patches/patch-af | 45 | ||||
| -rw-r--r-- | security/sudo/patches/patch-ag | 60 |
6 files changed, 104 insertions, 95 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 4e1d02827fd..171f640bf19 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.121 2010/06/03 14:53:14 taca Exp $ +# $NetBSD: Makefile,v 1.121.2.1 2010/09/11 17:24:15 tron Exp $ # -DISTNAME= sudo-1.7.2p7 +DISTNAME= sudo-1.7.4p4 CATEGORIES= security MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.courtesan.com/pub/sudo/ \ @@ -9,8 +9,6 @@ MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.twaren.net/Unix/Security/Sudo/ \ http://ftp.tux.org/pub/security/sudo/ -DIST_SUBDIR= ${DISTNAME}-200805130 - MAINTAINER= kim@tac.nyc.ny.us HOMEPAGE= http://www.courtesan.com/sudo/ COMMENT= Allow others to run commands as root diff --git a/security/sudo/PLIST b/security/sudo/PLIST index ab98ae6041a..f76ecc2454f 100644 --- a/security/sudo/PLIST +++ b/security/sudo/PLIST @@ -1,14 +1,24 @@ -@comment $NetBSD: PLIST,v 1.4 2009/06/14 18:13:40 joerg Exp $ +@comment $NetBSD: PLIST,v 1.4.10.1 2010/09/11 17:24:16 tron Exp $ bin/sudo bin/sudoedit +bin/sudoreplay libexec/sudo_noexec.so man/man5/sudoers.5 ${PLIST.ldap}man/man5/sudoers.ldap.5 man/man8/sudo.8 man/man8/sudoedit.8 +man/man8/sudoreplay.8 man/man8/visudo.8 sbin/visudo +share/doc/sudo/ChangeLog +share/doc/sudo/HISTORY +share/doc/sudo/LICENSE +share/doc/sudo/NEWS share/doc/sudo/README share/doc/sudo/README.LDAP +share/doc/sudo/TROUBLESHOOTING share/doc/sudo/UPGRADE +share/doc/sudo/sample.pam +share/doc/sudo/sample.sudoers +share/doc/sudo/sample.syslog.conf share/examples/sudo/sudoers diff --git a/security/sudo/distinfo b/security/sudo/distinfo index 4e8c7e19698..13b115afb49 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.63 2010/06/03 14:53:14 taca Exp $ +$NetBSD: distinfo,v 1.63.2.1 2010/09/11 17:24:16 tron Exp $ -SHA1 (sudo-1.7.2p7-200805130/sudo-1.7.2p7.tar.gz) = 0504e0d7b1d3c987e48325ec4caa6ebfe5237ff5 -RMD160 (sudo-1.7.2p7-200805130/sudo-1.7.2p7.tar.gz) = 7ed1976bbce6d66939b85ce08a97c089dbeb1ec4 -Size (sudo-1.7.2p7-200805130/sudo-1.7.2p7.tar.gz) = 772356 bytes -SHA1 (patch-aa) = bd35d9a9168a70c53b8908570cd86483b117a084 -SHA1 (patch-af) = 50e6ecf889c460669a4b632c0fd3b15fc45b1214 -SHA1 (patch-ag) = b6153d89cfe634c79f1c5b44d4f0df0089353528 +SHA1 (sudo-1.7.4p4.tar.gz) = c873f509f80d5722989a912a42a61ad27b71453f +RMD160 (sudo-1.7.4p4.tar.gz) = 3b5eb69b4317c72def0e811c58a24df8c9c1c892 +Size (sudo-1.7.4p4.tar.gz) = 963663 bytes +SHA1 (patch-aa) = 05f2f71bf7393cfd878c0a6c14d2d5a79177daac +SHA1 (patch-af) = 86b9bd17dbfe1951c48055cd191d3071766385c6 +SHA1 (patch-ag) = 7a64eed90eb88f10280e876a5a6beaab2e12e7c6 diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa index 2dad72d425e..0e437bdf51d 100644 --- a/security/sudo/patches/patch-aa +++ b/security/sudo/patches/patch-aa @@ -1,58 +1,70 @@ -$NetBSD: patch-aa,v 1.23 2010/04/16 15:33:52 taca Exp $ +$NetBSD: patch-aa,v 1.23.2.1 2010/09/11 17:24:16 tron Exp $ ---- Makefile.in.orig 2010-04-09 21:13:21.000000000 +0000 +--- Makefile.in.orig 2010-09-03 21:43:57.000000000 +0000 +++ Makefile.in -@@ -196,7 +196,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c +@@ -205,7 +205,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c - sudo_noexec.la: sudo_noexec.lo + libsudo_noexec.la: sudo_noexec.lo - $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) + $(LIBTOOL) --mode=link $(CC) -module $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) # Uncomment the following if you want "make distclean" to clean the parser - @DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h -@@ -403,36 +403,36 @@ sudoers.ldap.cat: sudoers.ldap.man - @DEV@LICENSE: license.pod - @DEV@ pod2text -l -i0 $> | sed '1,2d' > $@ + @DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate +@@ -475,43 +475,43 @@ ChangeLog: + hg log --style=changelog -b default --date '<2010-01-18 00:00:00' >> $@; \ + fi --install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man -+install: install-dirs install-binaries @INSTALL_NOEXEC@ install-man +-install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-doc ++install: install-dirs install-binaries @INSTALL_NOEXEC@ install-doc install-dirs: $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \ -- $(DESTDIR)$(visudodir) $(DESTDIR)$(sudoersdir) \ -+ $(DESTDIR)$(visudodir) \ - $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \ - $(DESTDIR)$(noexecdir) + $(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir) \ +- $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \ ++ $(DESTDIR)$(docdir) \ + $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) + $(SHELL) $(srcdir)/mkinstalldirs -m 0700 $(DESTDIR)$(timedir) install-binaries: install-dirs $(PROGS) -- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)$(sudodir)/sudo -+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 4111 -s sudo $(DESTDIR)$(sudodir)/sudo +- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo ++ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 04111 sudo $(DESTDIR)$(sudodir)/sudo rm -f $(DESTDIR)$(sudodir)/sudoedit ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit -- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo --@SELINUX@ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh -+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 -s visudo $(DESTDIR)$(visudodir)/visudo -+@SELINUX@ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh +- if [ -f sudoreplay ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi +- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo +- if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi ++ if [ -f sudoreplay ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi ++ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 visudo $(DESTDIR)$(visudodir)/visudo ++ if [ -f sesh ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi - install-noexec: install-dirs sudo_noexec.la -- test -f .libs/$(noexecfile) && $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir) -+ test -f .libs/$(noexecfile) && $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir) + install-noexec: install-dirs libsudo_noexec.la +- if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi ++ if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi install-sudoers: install-dirs +- $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \ ++ $(INSTALL) -d -o $(sudoers_uid) -g $(sudoers_gid) -m 0750 \ + $(DESTDIR)$(sudoersdir)/sudoers.d test -f $(DESTDIR)$(sudoersdir)/sudoers || \ - $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \ + $(INSTALL) -o $(sudoers_uid) -g $(sudoers_gid) -m $(sudoers_mode) \ - $(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers + sudoers $(DESTDIR)$(sudoersdir)/sudoers - install-man: install-dirs + install-doc: install-dirs ChangeLog +- (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) +- @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) ++ (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done) ++ @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done) + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) +- @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) - @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) ++ @REPLAY@$(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) + @LDAP@$(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) diff --git a/security/sudo/patches/patch-af b/security/sudo/patches/patch-af index ee24ca6b4c5..2e06edf4bbb 100644 --- a/security/sudo/patches/patch-af +++ b/security/sudo/patches/patch-af @@ -1,16 +1,8 @@ -$NetBSD: patch-af,v 1.23 2009/12/20 07:46:32 taca Exp $ +$NetBSD: patch-af,v 1.23.6.1 2010/09/11 17:24:16 tron Exp $ ---- configure.in.orig 2009-11-25 01:55:34.000000000 +0000 +--- configure.in.orig 2010-09-06 12:03:33.000000000 +0000 +++ configure.in -@@ -158,7 +158,6 @@ else - fi - test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' - test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' --test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' - - dnl - dnl Deprecated --with options (these all warn or generate an error) -@@ -296,6 +295,19 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi +@@ -322,6 +322,18 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi ;; esac]) @@ -26,25 +18,32 @@ $NetBSD: patch-af,v 1.23 2009/12/20 07:46:32 taca Exp $ + *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" + ;; +esac]) -+ AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], [case $with_passwd in yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) -@@ -1795,7 +1807,7 @@ fi +@@ -1865,7 +1877,7 @@ SUDO_MAILDIR if test ${with_logincap-'no'} != "no"; then - AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN="" + AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1 case "$OS" in - freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" + dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" ;; esac ]) -@@ -2242,6 +2254,8 @@ if test ${with_kerb5-'no'} != "no" -a -z - AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support"]) - ]) - AUTH_OBJS="$AUTH_OBJS kerb5.o" -+fi -+if test ${with_kerb5-'no'} != "no"; then - _LIBS="$LIBS" - LIBS="${LIBS} ${SUDO_LIBS}" - AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) +@@ -2317,6 +2329,8 @@ if test ${with_kerb5-'no'} != "no"; then + if test -n "$KRB5CONFIG"; then + AC_DEFINE(HAVE_KERB5) + AUTH_OBJS="$AUTH_OBJS kerb5.o" ++ fi ++ if test ${with_kerb5-'no'} != "no"; then + CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" + SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" + dnl +@@ -2798,7 +2812,6 @@ test "$libexecdir" = '${exec_prefix}/lib + test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' + test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' + test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' +-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' + + dnl + dnl Substitute into the Makefile and man pages diff --git a/security/sudo/patches/patch-ag b/security/sudo/patches/patch-ag index d0d5c62cfbd..e9076ca9ca3 100644 --- a/security/sudo/patches/patch-ag +++ b/security/sudo/patches/patch-ag @@ -1,35 +1,27 @@ -$NetBSD: patch-ag,v 1.14 2009/12/20 07:46:32 taca Exp $ +$NetBSD: patch-ag,v 1.14.6.1 2010/09/11 17:24:16 tron Exp $ ---- configure.orig 2009-11-25 01:57:27.000000000 +0000 +--- configure.orig 2010-09-06 12:03:39.000000000 +0000 +++ configure -@@ -1454,7 +1454,7 @@ Fine tuning of the installation director - --bindir=DIR user executables [EPREFIX/bin] - --sbindir=DIR system admin executables [EPREFIX/sbin] - --libexecdir=DIR program executables [EPREFIX/libexec] -- --sysconfdir=DIR read-only single-machine data [etc] -+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] - --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --libdir=DIR object code libraries [EPREFIX/lib] -@@ -1527,6 +1527,7 @@ Optional Packages: - --with-devel add development options +@@ -1589,7 +1589,7 @@ Fine tuning of the installation director + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] +- --sysconfdir=DIR read-only single-machine data [/etc] ++ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] +@@ -1667,6 +1667,7 @@ Optional Packages: + --with-libraries additional libraries to link with --with-efence link with -lefence for malloc() debugging --with-csops add CSOps standard options + --with-nbsdops add NetBSD standard options --without-passwd don't use passwd/shadow file for authentication --with-skey=DIR enable S/Key support --with-opie=DIR enable OPIE support -@@ -2183,7 +2184,6 @@ else +@@ -4038,6 +4039,22 @@ $as_echo "$as_me: WARNING: Ignoring unkn + esac fi - test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' - test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' --test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' - - - -@@ -2396,6 +2396,23 @@ fi - - +# Check whether --with-nbsdops or --without-nbsdops was given. +if test "${with_nbsdops+set}" = set; then @@ -47,25 +39,23 @@ $NetBSD: patch-ag,v 1.14 2009/12/20 07:46:32 taca Exp $ +esac +fi; + -+ + + # Check whether --with-passwd was given. - if test "${with_passwd+set}" = set; then - withval=$with_passwd; case $with_passwd in -@@ -14287,7 +14304,7 @@ if test `eval echo '${'$as_ac_Header'}'` +@@ -14153,7 +14170,7 @@ if test "x$ac_cv_header_login_cap_h" = x _ACEOF - LOGINCAP_USAGE='[-c class|-] '; LCMAN="" + LOGINCAP_USAGE='[-c class|-] '; LCMAN=1 case "$OS" in - freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" + dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" ;; esac -@@ -21537,6 +21554,8 @@ fi +@@ -18468,7 +18485,6 @@ test "$libexecdir" = '${exec_prefix}/lib + test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' + test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' + test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' +-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - AUTH_OBJS="$AUTH_OBJS kerb5.o" -+fi -+if test ${with_kerb5-'no'} != "no"; then - _LIBS="$LIBS" - LIBS="${LIBS} ${SUDO_LIBS}" + ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers" |