diff options
| author | xtraeme <xtraeme@pkgsrc.org> | 2004-08-23 21:15:17 +0000 |
|---|---|---|
| committer | xtraeme <xtraeme@pkgsrc.org> | 2004-08-23 21:15:17 +0000 |
| commit | bb6feecffc32628890ad8a23093df147a8b0d36f (patch) | |
| tree | 591a86a05c6aa03a8d3896cd93f7a2a28befe543 /security/sudo | |
| parent | 34bf92efba7d5229987943d76fbf3a25e1a0ddb4 (diff) | |
| download | pkgsrc-bb6feecffc32628890ad8a23093df147a8b0d36f.tar.gz | |
Update security/sudo to 1.6.8 and convert to use bsd.options.mk, which
adds two new options, ldap and pam.
Changes:
* Sudo now supports storing sudoers info in LDAP (optionally using TLS).
* There is a new -e option to edit files the with uid of the invoking
user. This makes it possible to give users to ability to safely edit
files without the possibility of editing other files or running commands
as the target user. If sudo is run as "sudoedit" the -e flag is implied.
* A new tag, NOEXEC, will prevent a dynamically-linked program being run
by sudo from executing another program (think shell escapes). Because
this uses LD_PRELOAD it has no effect on static binaries.
* A uid specified in sudoers now matches the user specified by the -u flag
even if the -u flag specified a name, not a uid.
* Added a -i option to simulate an initial login similar to "su -".
* If sudo is used to run as root shell, further sudo commands will be logged
as run by the user specified by the SUDO_USER environment variable. In -e
mode (sudoedit), SUDO_USER is used to determine what user to run the editor
when the real uid is 0.
* The sudoers file is now parsed as the runas user in all cases instead of
root. This fixes some issues with running NFS-mounted commands.
* If the target user == invoking user a password is no longer required.
* Sudo now produces a sensible error message when the targetpw Defaults option
is set and a non-existent uid is specified via the -u option.
* A negated user/uid in a runas list is now treated the same as a negated
command and overrides a previously allowed entry.
* PAM support now uses Use pam_acct_mgmt() to check for disabled accounts.
* Added a check in visudo for runas_default being used before it was set.
* Fixed several issues when closing all open descriptors. Sudo now uses
closefrom() if it exists, otherwise it uses /proc/$$/fd if that exists
with a fallback of closing all possible descriptors.
* Quoting globbing characters with a backslash now works as documented.
* Fixed a problem on FreeBSD (and perhaps others) when the user is only
listed in NIS (not master.passwd) and netgroups are used in the
master.passwd file.
* The username in a log entry is no longer truncated at 8 characters.
* Added a "sudo_lecture" option that can point to a file containing a
custom lecture.
* The timeout for password reading is now done via alarm(), not select().
* /tmp/.odus is no longer used for timestamps by default.
* Sudo now works on the nsr-tandem-nsk platform.
* Fixed the --with-stow configure option.
* TIS fwtk authentication now supports fwtk 2.0 and higher.
* Added Stan Lee / Uncle Ben quote to the lecture from RedHat.
* Added the --with-pc-insults configure to replace politically incorrect
insults with other ones.
Diffstat (limited to 'security/sudo')
| -rw-r--r-- | security/sudo/Makefile | 20 | ||||
| -rw-r--r-- | security/sudo/PLIST.common | 5 | ||||
| -rw-r--r-- | security/sudo/distinfo | 9 | ||||
| -rw-r--r-- | security/sudo/options.mk | 24 | ||||
| -rw-r--r-- | security/sudo/patches/patch-aa | 16 | ||||
| -rw-r--r-- | security/sudo/patches/patch-ab | 13 |
6 files changed, 44 insertions, 43 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 2e0638ec933..304c2af79eb 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.65 2004/08/22 19:32:52 jlam Exp $ +# $NetBSD: Makefile,v 1.66 2004/08/23 21:15:17 xtraeme Exp $ # -DISTNAME= sudo-1.6.7p5 -PKGNAME= ${DISTNAME:S/p/./} +DISTNAME= sudo-1.6.8 CATEGORIES= security MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.courtesan.com/pub/sudo/ \ @@ -18,6 +17,7 @@ COMMENT= Allow others to run commands as root PKG_INSTALLATION_TYPES= overwrite pkgviews USE_BUILDLINK3= yes +USE_LIBTOOL= yes USE_PKGINSTALL= yes GNU_CONFIGURE= yes @@ -32,17 +32,7 @@ CONFIGURE_ARGS+= --with-skey CONFIGURE_ARGS+= --without-skey .endif -PKG_OPTIONS_VAR= PKG_OPTIONS.sudo -PKG_SUPPORTED_OPTIONS= kerberos -.include "../../mk/bsd.options.mk" - -.if !empty(PKG_OPTIONS:Mkerberos) -. include "../../mk/krb5.buildlink3.mk" -CONFIGURE_ARGS+= --without-kerb4 -CONFIGURE_ARGS+= --with-kerb5 -.else -CONFIGURE_ARGS+= --without-kerb5 -.endif +.include "options.mk" CONFIGURE_ARGS+= --with-nbsdops --disable-path-info @@ -55,6 +45,6 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/UPGRADE ${DOCDIR} ${INSTALL_DATA_DIR} ${EGDIR} ${INSTALL_DATA} ${WRKSRC}/sudoers ${EGDIR}/sudoers - ${INSTALL_DATA} ${WRKSRC}/sample.sudoers ${EGDIR}/sudoers.sample + ${INSTALL_DATA} ${WRKSRC}/README* ${DOCDIR} .include "../../mk/bsd.pkg.mk" diff --git a/security/sudo/PLIST.common b/security/sudo/PLIST.common index cd66f57a712..ec42aa4a07d 100644 --- a/security/sudo/PLIST.common +++ b/security/sudo/PLIST.common @@ -1,8 +1,9 @@ -@comment $NetBSD: PLIST.common,v 1.1 2001/11/01 01:23:01 zuntum Exp $ +@comment $NetBSD: PLIST.common,v 1.2 2004/08/23 21:15:17 xtraeme Exp $ bin/sudo sbin/visudo +share/doc/sudo/README +share/doc/sudo/README.LDAP share/doc/sudo/UPGRADE share/examples/sudo/sudoers -share/examples/sudo/sudoers.sample @dirrm share/examples/sudo @dirrm share/doc/sudo diff --git a/security/sudo/distinfo b/security/sudo/distinfo index 59c4e944d66..7b77a2fbbb9 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,8 +1,7 @@ -$NetBSD: distinfo,v 1.20 2004/05/19 19:26:38 kim Exp $ +$NetBSD: distinfo,v 1.21 2004/08/23 21:15:17 xtraeme Exp $ -SHA1 (sudo-1.6.7p5.tar.gz) = 6814bd874c5d42781757b5cbab1961c05cc26c8f -Size (sudo-1.6.7p5.tar.gz) = 349785 bytes -SHA1 (patch-aa) = 23c35edd2aad78cc94881a8b03e2ade66dc7c993 -SHA1 (patch-ab) = f2c3a6a10568a6bd394504360a1f53f2fcfc5123 +SHA1 (sudo-1.6.8.tar.gz) = 3f761fd7457ad0efb3f8efa68495ac95c825ca81 +Size (sudo-1.6.8.tar.gz) = 577564 bytes +SHA1 (patch-aa) = 464d92a06528fd7af2bc6a1b768b8a097900204a SHA1 (patch-af) = a28c974dc854ca21cf2da8addbe98eac13c612a2 SHA1 (patch-ag) = 3703932e134ae90281179d0a4ae4760fa420264b diff --git a/security/sudo/options.mk b/security/sudo/options.mk new file mode 100644 index 00000000000..7a4d1e31a0d --- /dev/null +++ b/security/sudo/options.mk @@ -0,0 +1,24 @@ +# $NetBSD: options.mk,v 1.1 2004/08/23 21:15:17 xtraeme Exp $ +# + +PKG_OPTIONS_VAR= PKG_OPTIONS.sudo +PKG_SUPPORTED_OPTIONS= kerberos ldap pam +.include "../../mk/bsd.options.mk" + +.if !empty(PKG_OPTIONS:Mkerberos) +. include "../../mk/krb5.buildlink3.mk" +CONFIGURE_ARGS+= --without-kerb4 +CONFIGURE_ARGS+= --with-kerb5 +.else +CONFIGURE_ARGS+= --without-kerb5 +.endif + +.if !empty(PKG_OPTIONS:Mldap) +. include "../../databases/openldap/buildlink3.mk" +CONFIGURE_ARGS+= --with-ldap=${BUILDLINK_PREFIX.openldap} +.endif + +.if !empty(PKG_OPTIONS:Mpam) +. include "../../security/PAM/buildlink3.mk" +CONFIGURE_ARGS+= --with-pam +.endif diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa index d0c9a2991ee..7529ef7ee3e 100644 --- a/security/sudo/patches/patch-aa +++ b/security/sudo/patches/patch-aa @@ -1,18 +1,18 @@ -$NetBSD: patch-aa,v 1.10 2003/05/03 18:27:46 jmmv Exp $ +$NetBSD: patch-aa,v 1.11 2004/08/23 21:15:17 xtraeme Exp $ ---- Makefile.in.orig 2003-04-16 02:39:10.000000000 +0200 -+++ Makefile.in -@@ -294,11 +294,11 @@ sudoers.man:: sudoers.man.in +--- Makefile.in.orig 2004-08-23 22:47:51.000000000 +0200 ++++ Makefile.in 2004-08-23 22:48:20.000000000 +0200 +@@ -292,11 +292,11 @@ sudoers.cat: sudoers.man --install: install-dirs install-binaries install-sudoers install-man -+install: install-dirs install-binaries install-man +-install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man ++install: install-dirs install-binaries @INSTALL_NOEXEC@ install-man install-dirs: $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \ - $(DESTDIR)$(visudodir) $(DESTDIR)$(sudoersdir) \ + $(DESTDIR)$(visudodir) \ - $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) + $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \ + $(DESTDIR)$(noexecdir) - install-binaries: $(PROGS) diff --git a/security/sudo/patches/patch-ab b/security/sudo/patches/patch-ab deleted file mode 100644 index bfa6dab66db..00000000000 --- a/security/sudo/patches/patch-ab +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ab,v 1.9 2004/03/22 08:45:56 jlam Exp $ - ---- auth/kerb5.c.orig Mon Apr 21 17:19:15 2003 -+++ auth/kerb5.c Mon Mar 22 03:34:44 2004 -@@ -88,7 +88,7 @@ - } sudo_krb5_data = { NULL, NULL, NULL }; - typedef struct _sudo_krb5_data *sudo_krb5_datap; - --extern krb5_cc_ops krb5_mcc_ops; -+extern const krb5_cc_ops krb5_mcc_ops; - - int - kerb5_init(pw, promptp, auth) |