diff options
| author | taca <taca> | 2009-02-05 13:48:12 +0000 |
|---|---|---|
| committer | taca <taca> | 2009-02-05 13:48:12 +0000 |
| commit | 9e7ee950d9b5947587de81866a79a62bf60b8e45 (patch) | |
| tree | 4a7994f253a5df2234fb4ac42e6525c729e220e1 /security/sudo/Makefile | |
| parent | 461eaa04d1a41eb03fdfe627171d89780b641d88 (diff) | |
| download | pkgsrc-9e7ee950d9b5947587de81866a79a62bf60b8e45.tar.gz | |
Update security/sudo package to 1.7.0.
* pkgsrc change: relax restriction to kerberos package.
What's new in Sudo 1.7.0?
* Rewritten parser that converts sudoers into a set of data structures.
This eliminates a number of ordering issues and makes it possible to
apply sudoers Defaults entries before searching for the command.
It also adds support for per-command Defaults specifications.
* Sudoers now supports a #include facility to allow the inclusion of other
sudoers-format files.
* Sudo's -l (list) flag has been enhanced:
o applicable Defaults options are now listed
o a command argument can be specified for testing whether a user
may run a specific command.
o a new -U flag can be used in conjunction with "sudo -l" to allow
root (or a user with "sudo ALL") list another user's privileges.
* A new -g flag has been added to allow the user to specify a
primary group to run the command as. The sudoers syntax has been
extended to include a group section in the Runas specification.
* A uid may now be used anywhere a username is valid.
* The "secure_path" run-time Defaults option has been restored.
* Password and group data is now cached for fast lookups.
* The file descriptor at which sudo starts closing all open files is now
configurable via sudoers and, optionally, the command line.
* Visudo will now warn about aliases that are defined but not used.
* The -i and -s command line flags now take an optional command
to be run via the shell. Previously, the argument was passed
to the shell as a script to run.
* Improved LDAP support. SASL authentication may now be used in
conjunction when connecting to an LDAP server. The krb5_ccname
parameter in ldap.conf may be used to enable Kerberos.
* Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
to specify the sudoers order. E.g.:
sudoers: ldap files
to check LDAP, then /etc/sudoers. The default is "files", even
when LDAP support is compiled in. This differs from sudo 1.6
where LDAP was always consulted first.
* Support for /etc/environment on AIX and Linux. If sudo is run
with the -i flag, the contents of /etc/environment are used to
populate the new environment that is passed to the command being
run.
* If no terminal is available or if the new -A flag is specified,
sudo will use a helper program to read the password if one is
configured. Typically, this is a graphical password prompter
such as ssh-askpass.
* A new Defaults option, "mailfrom" that sets the value of the
"From:" field in the warning/error mail. If unspecified, the
login name of the invoking user is used.
* A new Defaults option, "env_file" that refers to a file containing
environment variables to be set in the command being run.
* A new flag, -n, may be used to indicate that sudo should not
prompt the user for a password and, instead, exit with an error
if authentication is required.
* If sudo needs to prompt for a password and it is unable to disable
echo (and no askpass program is defined), it will refuse to run
unless the "visiblepw" Defaults option has been specified.
* Prior to version 1.7.0, hitting enter/return at the Password: prompt
would exit sudo. In sudo 1.7.0 and beyond, this is treated as
an empty password. To exit sudo, the user must press ^C or ^D
at the prompt.
* visudo will now check the sudoers file owner and mode in -c (check)
mode when the -s (strict) flag is specified.
Diffstat (limited to 'security/sudo/Makefile')
| -rw-r--r-- | security/sudo/Makefile | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 22ba17e8ebe..ebf21be54af 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.113 2008/06/30 15:53:41 taca Exp $ +# $NetBSD: Makefile,v 1.114 2009/02/05 13:48:12 taca Exp $ # -DISTNAME= sudo-1.6.9p17 +DISTNAME= sudo-1.7.0 CATEGORIES= security MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.courtesan.com/pub/sudo/ \ @@ -24,6 +24,7 @@ OWN_DIRS+= ${VARBASE}/run GNU_CONFIGURE= yes BUILD_DEFS+= VARBASE PKG_DESTDIR_SUPPORT= destdir +PLIST_VARS+= ldap .include "../../mk/bsd.prefs.mk" @@ -31,7 +32,7 @@ PKG_DESTDIR_SUPPORT= destdir CONFIGURE_ENV+= NROFFPROG=${CAT:Q} CONFIGURE_ENV+= mansectsu=8 CONFIGURE_ENV+= mansectform=5 -CONFIGURE_ARGS+= --disable-root-mailer +CONFIGURE_ARGS+= --disable-root-mailer --with-ignore-dot CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} CONFIGURE_ARGS+= --with-timedir=${VARBASE:Q}/run/sudo CONFIGURE_ARGS+= --with-logpath=${VARBASE:Q}/log/sudo.log |