diff options
| author | taca <taca> | 2011-03-22 14:52:08 +0000 |
|---|---|---|
| committer | taca <taca> | 2011-03-22 14:52:08 +0000 |
| commit | 567a972dfff5dcc35ce35a44e51686b8b29a06b9 (patch) | |
| tree | ea7770bf81dcadbb488bb793a89541aeb8858e97 /security/sudo | |
| parent | 0f2ef35b21888878b8f004bff15af723b4f29a7e (diff) | |
| download | pkgsrc-567a972dfff5dcc35ce35a44e51686b8b29a06b9.tar.gz | |
Update sudo pacakge to 1.7.5.
* pkgsrc change: trying to use user-destdir.
What's new in Sudo 1.7.5?
* When using visudo in check mode, a file named "-" may be used to
check sudoers data on the standard input.
* Sudo now only fetches shadow password entries when using the
password database directly for authentication.
* Password and group entries are now cached using the same key
that was used to look them up. This fixes a problem when looking
up entries by name if the name in the retrieved entry does not
match the name used to look it up. This may happen on some systems
that do case insensitive lookups or that truncate long names.
* GCC will no longer display warnings on glibc systems that use
the warn_unused_result attribute for write(2) and other system calls.
* If a PAM account management module denies access, sudo now prints
a more useful error message and stops trying to validate the user.
* Fixed a potential hang on idle systems when the sudo-run process
exits immediately.
* Sudo now includes a copy of zlib that will be used on systems
that do not have zlib installed.
* The --with-umask-override configure flag has been added to enable
the "umask_override" sudoers Defaults option at build time.
* Sudo now unblocks all signals on startup to avoid problems caused
by the parent process changing the default signal mask.
* LDAP Sudoers entries may now specify a time period for which
the entry is valid. This requires an updated sudoers schema
that includes the sudoNotBefore and sudoNotAfter attributes.
Support for timed entries must be explicitly enabled in the
ldap.conf file. Based on changes from Andreas Mueller.
* LDAP Sudoers entries may now specify a sudoOrder attribute that
determines the order in which matching entries are applied. The
last matching entry is used, just like file-based sudoers. This
requires an updated sudoers schema that includes the sudOrder
attribute. Based on changes from Andreas Mueller.
* When run as sudoedit, or when given the -e flag, sudo now treats
command line arguments as pathnames. This means that slashes
in the sudoers file entry must explicitly match slashes in
the command line arguments. As a result, and entry such as:
user ALL = sudoedit /etc/*
will allow editing of /etc/motd but not /etc/security/default.
* NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for
compatibility with OpenLDAP configuration files.
* The LDAP API TIMEOUT parameter is now honored in ldap.conf.
* The I/O log directory may now be specified in the sudoers file.
* Sudo will no longer refuse to run if the sudoers file is writable
by root.
* Sudo now performs command line escaping for "sudo -s" and "sudo -i"
after validating the command so the sudoers entries do not need
to include the backslashes.
* Logging and email sending are now done in the locale specified
by the "sudoers_locale" setting ("C" by default). Email send by
sudo now includes MIME headers when "sudoers_locale" is not "C".
* The configure script has a new option, --disable-env-reset, to
allow one to change the default for the sudoers Default setting
"env_reset" at compile time.
* When logging "sudo -l command", sudo will now prepend "list "
to the command in the log line to distinguish between an
actual command invocation in the logs.
* Double-quoted group and user names may now include escaped double
quotes as part of the name. Previously this was a parse error.
* Sudo once again restores the state of the signal handlers it
modifies before executing the command. This allows sudo to be
used with the nohup command.
* Resuming a suspended shell now works properly when I/O logging
is not enabled (the I/O logging case was already correct).
Diffstat (limited to 'security/sudo')
| -rw-r--r-- | security/sudo/Makefile | 7 | ||||
| -rw-r--r-- | security/sudo/distinfo | 14 | ||||
| -rw-r--r-- | security/sudo/patches/patch-aa | 37 |
3 files changed, 30 insertions, 28 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 61ac0b03e93..cfeb5b8e0e6 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.128 2011/01/22 09:18:21 taca Exp $ +# $NetBSD: Makefile,v 1.129 2011/03/22 14:52:08 taca Exp $ # -DISTNAME= sudo-1.7.4p6 +DISTNAME= sudo-1.7.5 CATEGORIES= security MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.courtesan.com/pub/sudo/ \ @@ -20,7 +20,7 @@ USE_LIBTOOL= yes OWN_DIRS+= ${VARBASE}/run GNU_CONFIGURE= yes BUILD_DEFS+= VARBASE -PKG_DESTDIR_SUPPORT= destdir +PKG_DESTDIR_SUPPORT= user-destdir PLIST_VARS+= ldap .include "../../mk/bsd.prefs.mk" @@ -44,6 +44,7 @@ CONF_FILES_PERMS= ${EGDIR}/sudoers ${PKG_SYSCONFDIR}/sudoers \ ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440 OWN_DIRS+= ${PKG_SYSCONFDIR}/sudoers.d SPECIAL_PERMS+= bin/sudo ${SETUID_ROOT_PERMS} +SPECIAL_PERMS+= bin/sudoreplay ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 511 INSTALLATION_DIRS+= ${DOCDIR} ${EGDIR} diff --git a/security/sudo/distinfo b/security/sudo/distinfo index 241aa239f5d..abbaffb9000 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.68 2011/01/22 09:18:21 taca Exp $ +$NetBSD: distinfo,v 1.69 2011/03/22 14:52:08 taca Exp $ -SHA1 (sudo-1.7.4p6.tar.gz) = a306863b8bde9bfe2430ac1daaa6f45ccb842ed4 -RMD160 (sudo-1.7.4p6.tar.gz) = a6680042cf1836a96552953f546483c238e4ce9c -Size (sudo-1.7.4p6.tar.gz) = 966234 bytes -SHA1 (patch-aa) = 5435f1ebf6faa0381d193a9a560a3752af5c9c4a -SHA1 (patch-af) = 389af9aca76d7286c2e981573c56358846f8d0ca -SHA1 (patch-ag) = 853232cc5fde6808562cc7dd6f5770069bdeae3f +SHA1 (sudo-1.7.5.tar.gz) = 5d12121aaf65b9fcd1012582c6d3a89f403c25d1 +RMD160 (sudo-1.7.5.tar.gz) = b325d664b6597662568949e50bb781bbfc8c6abb +Size (sudo-1.7.5.tar.gz) = 1117718 bytes +SHA1 (patch-aa) = 3575604df11d1e296f6159573f47563ae66a8f3d +SHA1 (patch-af) = f89403647e76fd98d9e7d3eceb28ffff95d8f4a9 +SHA1 (patch-ag) = e9e9c0933ac1faa00f444ae09141c08cf87754be diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa index 887433ced6f..6dd3d519257 100644 --- a/security/sudo/patches/patch-aa +++ b/security/sudo/patches/patch-aa @@ -1,12 +1,13 @@ -$NetBSD: patch-aa,v 1.25 2010/09/21 03:05:27 taca Exp $ +$NetBSD: patch-aa,v 1.26 2011/03/22 14:52:08 taca Exp $ * Fix libtools's link option. * Prevent to install sudoers files and directory. * Use standard instal(8) option instead of shell wrapper. +* Don't setuid here. ---- Makefile.in.orig 2010-09-03 21:43:57.000000000 +0000 +--- Makefile.in.orig 2011-02-19 13:25:51.000000000 +0000 +++ Makefile.in -@@ -205,7 +205,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c +@@ -222,7 +222,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c libsudo_noexec.la: sudo_noexec.lo @@ -15,12 +16,12 @@ $NetBSD: patch-aa,v 1.25 2010/09/21 03:05:27 taca Exp $ # Uncomment the following if you want "make distclean" to clean the parser @DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate -@@ -475,43 +475,43 @@ ChangeLog: - hg log --style=changelog -b default --date '<2010-01-18 00:00:00' >> $@; \ +@@ -535,43 +535,43 @@ ChangeLog: + fi; \ fi -install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-doc -+install: install-dirs install-binaries @INSTALL_NOEXEC@ install-doc ++install: install-binaries @INSTALL_NOEXEC@ install-doc install-dirs: $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \ @@ -32,19 +33,19 @@ $NetBSD: patch-aa,v 1.25 2010/09/21 03:05:27 taca Exp $ install-binaries: install-dirs $(PROGS) - $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo -+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 04111 sudo $(DESTDIR)$(sudodir)/sudo ++ $(INSTALL) sudo $(DESTDIR)$(sudodir)/sudo rm -f $(DESTDIR)$(sudodir)/sudoedit ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit - if [ -f sudoreplay ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi - $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo - if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi -+ if [ -f sudoreplay ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi -+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 visudo $(DESTDIR)$(visudodir)/visudo -+ if [ -f sesh ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi ++ if [ -f sudoreplay ]; then $(INSTALL) sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi ++ $(INSTALL) visudo $(DESTDIR)$(visudodir)/visudo ++ if [ -f sesh ]; then $(INSTALL) sesh $(DESTDIR)$(libexecdir)/sesh; fi install-noexec: install-dirs libsudo_noexec.la - if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi -+ if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi ++ if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi install-sudoers: install-dirs - $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \ @@ -59,19 +60,19 @@ $NetBSD: patch-aa,v 1.25 2010/09/21 03:05:27 taca Exp $ - (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) - @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) -+ (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done) -+ @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done) -+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) ++ (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -m 0444 $$f $(DESTDIR)$(docdir); done) ++ @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -m 0444 $$f $(DESTDIR)$(docdir); done) ++ $(INSTALL) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) - @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) - @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) -+ @REPLAY@$(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) -+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) -+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) -+ @LDAP@$(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) ++ @REPLAY@$(INSTALL) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) ++ $(INSTALL) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) ++ $(INSTALL) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) ++ @LDAP@$(INSTALL) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) @MAN_POSTINSTALL@ check: |