diff options
| author | adam <adam@pkgsrc.org> | 2021-05-27 05:40:44 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2021-05-27 05:40:44 +0000 |
| commit | 73596f3ce3ba46b2e8ac3ee1544e74d721dcbe6b (patch) | |
| tree | 8ba7e87ea3a9c8a7fca10ca87e0772c7ef6148dc /security/sudo/patches/patch-configure | |
| parent | 160afc7ae996c4dd730aa80b2446892237be59a8 (diff) | |
| download | pkgsrc-73596f3ce3ba46b2e8ac3ee1544e74d721dcbe6b.tar.gz | |
sudo: updated to 1.9.7
What's new in Sudo 1.9.7
* The "fuzz" Makefile target now runs all the fuzzers for 8192
passes (can be overridden via the FUZZ_RUNS variable). This makes
it easier to run the fuzzers in-tree. To run a fuzzer indefinitely,
set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
* Fixed fuzzing on FreeBSD where the ld.lld linker returns an
error by default when a symbol is multiply-defined.
* Added support for determining local IPv6 addresses on systems
that lack the getifaddrs() function. This now works on AIX,
HP-UX and Solaris (at least).
* Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
report a usage error. Also, when invoked as sudoedit, sudo now
allows a more restricted set of options that matches the usage
statement and documentation.
* Fixed a crash in sudo_sendlog when the specified certificate
or key does not exist or is invalid.
* Fixed a compilation error when sudo is configured with the
--disable-log-client option.
* Sudo's limited support for SUCCESS=return entries in nsswitch.conf
is now documented.
* Sudo now requires autoconf 2.70 or higher to regenerate the
configure script.
* sudo_logsrvd now has a relay mode which can be used to create
a hierarchy of log servers. By default, when a relay server is
defined, messages from the client are forwarded immediately to
the relay. However, if the "store_first" setting is enabled,
the log will be stored locally until the command completes and
then relayed.
* Sudo now links with OpenSSL by default if it is available unless
the --disable-openssl configure option is used or both the
--disable-log-client and --disable-log-server configure options
are specified.
* Fixed configure's Python version detection when the version minor
number is more than a single digit, for example Python 3.10.
* The sudo Python module tests now pass for Python 3.10.
* Sudo will now avoid changing the datasize resource limit
as long as the existing value is at least 1GB. This works around
a problem on 64-bit HP-UX where it is not possible to exactly
restore the original datasize limit.
* Fixed a race condition that could result in a hang when sudo is
executed by a process where the SIGCHLD handler is set to SIG_IGN.
* Fixed an out-of-bounds read in sudoedit and visudo when the
EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
unescaped backslash. Also fixed the handling of quote characters
that are escaped by a backslash.
* Fixed a bug that prevented the "log_server_verify" sudoers option
from taking effect.
* The sudo_sendlog utility has a new -s option to cause it to stop
sending I/O records after a user-specified elapsed time. This
can be used to test the I/O log restart functionality of sudo_logsrvd.
* Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
attempting to restart an interrupted I/O log transfer.
* The TLS connection timeout in the sudoers log client was previously
hard-coded to 10 seconds. It now uses the value of log_server_timeout.
* The configure script now outputs a summary of the user-configurable
options at the end, separate from output of configure script tests.
* Corrected the description of which groups may be specified via the
-g option in the Runas_Spec section.
Diffstat (limited to 'security/sudo/patches/patch-configure')
| -rw-r--r-- | security/sudo/patches/patch-configure | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/security/sudo/patches/patch-configure b/security/sudo/patches/patch-configure index 3a4c4cd93ff..57444466594 100644 --- a/security/sudo/patches/patch-configure +++ b/security/sudo/patches/patch-configure @@ -1,4 +1,4 @@ -$NetBSD: patch-configure,v 1.6 2021/03/18 08:57:48 adam Exp $ +$NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $ * Add "--with-nbsdops" option, NetBSD standard options. * Link with util(3) in the case of DragonFly, too. @@ -7,17 +7,17 @@ $NetBSD: patch-configure,v 1.6 2021/03/18 08:57:48 adam Exp $ functions (HAVE_KRB5_*). * Remove setting sysconfdir to "/etc". ---- configure.orig 2021-03-15 16:50:00.000000000 +0000 +--- configure.orig 2021-05-11 20:54:52.000000000 +0000 +++ configure -@@ -920,6 +920,7 @@ with_libpath +@@ -920,6 +920,7 @@ with_incpath + with_libpath with_libraries - with_efence with_csops +with_nbsdops with_passwd with_skey with_opie -@@ -1652,7 +1653,7 @@ Fine tuning of the installation director +@@ -1653,7 +1654,7 @@ Fine tuning of the installation director --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] @@ -27,14 +27,14 @@ $NetBSD: patch-configure,v 1.6 2021/03/18 08:57:48 adam Exp $ --localstatedir=DIR modifiable single-machine data [PREFIX/var] --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] @@ -1776,6 +1777,7 @@ Optional Packages: + --with-libpath additional places to look for libraries --with-libraries additional libraries to link with - --with-efence link with -lefence for malloc() debugging --with-csops add CSOps standard options + --with-nbsdops add NetBSD standard options --without-passwd don't use passwd/shadow file for authentication --with-skey[=DIR] enable S/Key support --with-opie[=DIR] enable OPIE support -@@ -5203,6 +5205,23 @@ fi +@@ -5184,6 +5186,23 @@ fi @@ -58,7 +58,7 @@ $NetBSD: patch-configure,v 1.6 2021/03/18 08:57:48 adam Exp $ # Check whether --with-passwd was given. if test ${with_passwd+y} then : -@@ -16699,7 +16718,7 @@ fi +@@ -16373,7 +16392,7 @@ fi : ${mansectsu='1m'} : ${mansectform='4'} ;; @@ -67,16 +67,16 @@ $NetBSD: patch-configure,v 1.6 2021/03/18 08:57:48 adam Exp $ shadow_funcs="getspnam" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h -@@ -18732,7 +18751,7 @@ then : - printf "%s\n" "#define HAVE_LOGIN_CAP_H 1" >>confdefs.h +@@ -18253,7 +18272,7 @@ then : LOGINCAP_USAGE='[-c class] '; LCMAN=1 + with_logincap=yes case "$OS" in - freebsd*|netbsd*) + dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" ;; -@@ -25528,6 +25547,8 @@ fi +@@ -25171,6 +25190,8 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext AUTH_OBJS="$AUTH_OBJS kerb5.lo" fi @@ -85,7 +85,7 @@ $NetBSD: patch-configure,v 1.6 2021/03/18 08:57:48 adam Exp $ _LIBS="$LIBS" LIBS="${LIBS} ${SUDOERS_LIBS}" ac_fn_c_check_func "$LINENO" "krb5_verify_user" "ac_cv_func_krb5_verify_user" -@@ -29695,7 +29716,6 @@ test "$docdir" = '${datarootdir}/doc/${P +@@ -29359,7 +29380,6 @@ test "$docdir" = '${datarootdir}/doc/${P test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run' |