summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorwiz <wiz@pkgsrc.org>2003-04-01 16:07:21 +0000
committerwiz <wiz@pkgsrc.org>2003-04-01 16:07:21 +0000
commit5319633bb2fd67f826ccd7c520910db1d8720252 (patch)
tree3c4b0fb7c2bd7ca12c0090135d39e0eb9082460f /security
parent2188dab307853997b5880af43f8293c2d60939bf (diff)
downloadpkgsrc-5319633bb2fd67f826ccd7c520910db1d8720252.tar.gz
Update to 1.6.7p1 (1.6.7.1):
478) Wildcards now work correctly in the env_keep Defaults directive. 479) Added support for non-root timestamp dirs. This allows the timestamp dir to be shared via NFS (though this is not recommended). 480) Removed double printing of bad environment variable table in -V mode. 481) configure script has been regenerated with autoconf 2.5.7. This required some changes to configure.in. 482) Fixed a compilation problem on SunOS; thanks to Alek O. Komarnitsky. 483) SecurID 5.0 API support from Michael Stroucken. 484) Restore state of signal handlers to what we had upon startup. Fixes a problem when using sudo with nohup; thanks to Paul Markham. 485) Revamp set_perms() to use setresuid() or setreuid() when available in preference to POSIX stuff since they allow us to properly implement "stay_setuid" whereas POSIX does not really. 486) In strict mode sudo did not throw an error for undefined User_Aliases. 487) Fixed a Makefile bug on IRIX. 488) Write the prompt *after* turning off echo to avoid some password characters being echoed on heavily-loaded machines with fast typists. 489) Added %U and %H escapes in the prompt and fixed treatment of %%. 490) Visudo will now add a final newline to sudoers if the user's editor not add one before EOF. 491) The lexer state is now reset to its initial value on EOF. Previously, the state was not reset between parser invocations which could cause problems for visudo in rare cases. 492) Added support for Defaults that apply based on the RunasUser. 493) Sudo now includes copies of strlc{at,py} and uses them throughout. 494) Sudo is now careful to avoid interger overflow when allocating memory. This is one of those "should not happen" situations. 495) Added a configure option (--with-stow) to make sudo compatible with GNU stow. 496) auth/kerb5.c now compiles under Heimdal. 497) The volatile prefix is used in the hopes of preventing compilers from optimizing away memory zeroing. Unfortunately, this results in some warnings from gcc. 498) Better Kerberos IV/V support in the configure script. 499) Fixed a logic thinko in the SIGCHLD handler that caused problems with rlogin on HP-UX. 500) configure now adds -R to LDFLAGS when it adds -L for Solaris and SVR4. There is a configure option, --with-rpath, to control this. 501) On AIX, configure will pass extra directory paths to the linker via the -blibpath ld option. This is only active when additional library paths are used. It may be disabled via the --without-blibpath configure option. 502) The --with-skey and --with-opie configure options now take an optional directory argument that should have an include and lib dir for the skey/opie include file and library respectively. 503) Fixed false positives in the overflow detection of expand_prompt().
Diffstat (limited to 'security')
-rw-r--r--security/sudo/Makefile7
-rw-r--r--security/sudo/distinfo13
-rw-r--r--security/sudo/patches/patch-aa43
-rw-r--r--security/sudo/patches/patch-ab13
-rw-r--r--security/sudo/patches/patch-ac22
-rw-r--r--security/sudo/patches/patch-af55
-rw-r--r--security/sudo/patches/patch-ag55
7 files changed, 34 insertions, 174 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index 44b3cc357aa..6530b8bbf75 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -1,14 +1,15 @@
-# $NetBSD: Makefile,v 1.53 2003/01/28 22:04:08 jlam Exp $
+# $NetBSD: Makefile,v 1.54 2003/04/01 16:07:21 wiz Exp $
#
-DISTNAME= sudo-1.6.6
+DISTNAME= sudo-1.6.7p1
PKGNAME= ${DISTNAME:S/p/./}
CATEGORIES= security
MASTER_SITES= http://www.courtesan.com/sudo/dist/ \
ftp://ftp.courtesan.com/pub/sudo/ \
ftp://ftp.cs.colorado.edu/pub/sudo/ \
ftp://ftp.uu.net/pub/security/sudo/ \
- ftp://ftp.tux.org/pub/security/sudo/
+ ftp://ftp.tux.org/pub/security/sudo/ \
+ http://www.courtesan.com/sudo/dist/beta/
MAINTAINER= packages@netbsd.org
HOMEPAGE= http://www.courtesan.com/sudo/
diff --git a/security/sudo/distinfo b/security/sudo/distinfo
index 799a154f935..ad4b1fbd5c8 100644
--- a/security/sudo/distinfo
+++ b/security/sudo/distinfo
@@ -1,9 +1,6 @@
-$NetBSD: distinfo,v 1.11 2002/08/25 21:50:48 jlam Exp $
+$NetBSD: distinfo,v 1.12 2003/04/01 16:07:21 wiz Exp $
-SHA1 (sudo-1.6.6.tar.gz) = 6768cca950fc840857b01b0bd94dbd0ca756d324
-Size (sudo-1.6.6.tar.gz) = 333074 bytes
-SHA1 (patch-aa) = 3298ebd31c6348848c02b98e493a6772369ca840
-SHA1 (patch-ab) = 9ee5fd292495a97ba8acfdddfd60c54955070eac
-SHA1 (patch-ac) = 2bb81b45e91c47f7d30dfc1f4c1f7f945becf715
-SHA1 (patch-af) = 7aaf790e8512e4371d87d367dd2d6e6b020d0ab2
-SHA1 (patch-ag) = f05e3731b23407faa5f64b0f374419ae7a4327a9
+SHA1 (sudo-1.6.7p1.tar.gz) = cf99a85b1728c818270cb1bf5ab72c4a17d60705
+Size (sudo-1.6.7p1.tar.gz) = 347796 bytes
+SHA1 (patch-af) = 33ed24f6c812f3a2fc5fead32352d0dbf199b248
+SHA1 (patch-ag) = 40b6a5a97f6bed16248cb2c1d94ce7f42aba9b2a
diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa
deleted file mode 100644
index 3bded1a7245..00000000000
--- a/security/sudo/patches/patch-aa
+++ /dev/null
@@ -1,43 +0,0 @@
-$NetBSD: patch-aa,v 1.8 2000/08/10 16:57:33 thorpej Exp $
-
---- auth/kerb5.c.orig Tue Oct 12 19:34:55 1999
-+++ auth/kerb5.c Thu Aug 10 09:48:06 2000
-@@ -88,9 +88,6 @@
- auth->data = (VOID *) &sudo_krb5_data; /* Stash all our data here */
-
- if (error = krb5_init_context(&(sudo_krb5_data.sudo_context))) {
-- log_error(NO_EXIT|NO_MAIL,
-- "%s: unable to initialize context: %s", auth->name,
-- error_message(error));
- return(AUTH_FAILURE);
- }
- sudo_context = sudo_krb5_data.sudo_context;
-@@ -266,8 +263,8 @@
- }
-
- /* Extract the name directly. Yow. */
-- strncpy(phost, krb5_princ_component(sudo_context, princ, 1)->data,
-- sizeof(phost) - 1);
-+ /* XXX XXX XXX */
-+ strncpy(phost, princ->name.name_string.val[0], sizeof(phost) - 1);
- phost[sizeof(phost) - 1] = '\0';
-
- /*
-@@ -276,7 +273,7 @@
- * and enctype is currently ignored anyhow.)
- */
- if (error = krb5_kt_read_service_key(sudo_context, NULL, princ, 0,
-- ENCTYPE_DES_CBC_MD5, &keyblock)) {
-+ ETYPE_DES_CBC_MD5, &keyblock)) {
- /* Keytab or service key does not exist. */
- log_error(NO_EXIT,
- "%s: host service key not found: %s", auth_name,
-@@ -301,7 +298,7 @@
- NULL, NULL, NULL);
- cleanup:
- if (packet.data)
-- krb5_free_data_contents(sudo_context, &packet);
-+ krb5_data_free(&packet);
- krb5_free_principal(sudo_context, princ);
-
- if (error)
diff --git a/security/sudo/patches/patch-ab b/security/sudo/patches/patch-ab
deleted file mode 100644
index 85aa06f4d0a..00000000000
--- a/security/sudo/patches/patch-ab
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ab,v 1.5 1999/12/30 22:51:29 jlam Exp $
-
---- auth/rfc1938.c.orig Thu Oct 7 17:21:07 1999
-+++ auth/rfc1938.c Thu Dec 30 17:23:44 1999
-@@ -109,7 +109,7 @@
- * If the user is not in the OTP db, only post a fatal error if
- * we are running alone (since they may just use a normal passwd).
- */
-- if (rfc1938challenge(&rfc1938, pw->pw_name, challenge) != 0) {
-+ if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge)) != 0) {
- if (IS_ONEANDONLY(auth)) {
- (void) fprintf(stderr,
- "%s: You do not exist in the %s database.\n",
diff --git a/security/sudo/patches/patch-ac b/security/sudo/patches/patch-ac
deleted file mode 100644
index 7840088fc3e..00000000000
--- a/security/sudo/patches/patch-ac
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-ac,v 1.9 2002/08/25 21:50:48 jlam Exp $
-
---- config.sub.old Mon Dec 31 14:02:47 2001
-+++ config.sub Sun Jun 16 12:48:45 2002
-@@ -235,7 +235,7 @@
- | we32k | ns16k | clipper | i370 | sh | sh[34] \
- | powerpc | powerpcle \
- | 1750a | dsp16xx | pdp10 | pdp11 \
-- | mips16 | mips64 | mipsel | mips64el \
-+ | mips16 | mips64 | mipseb | mipsel | mips64el \
- | mips64orion | mips64orionel | mipstx39 | mipstx39el \
- | mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \
- | mips64vr5000 | mips64vr5000el | mcore | s390 | s390x \
-@@ -281,7 +281,7 @@
- | clipper-* | orion-* \
- | sparclite-* | pdp10-* | pdp11-* | sh-* | sh[34]-* | sh[34]eb-* \
- | powerpc-* | powerpcle-* | sparc64-* | sparcv9-* | sparcv9b-* | sparc86x-* \
-- | mips16-* | mips64-* | mipsel-* \
-+ | mips16-* | mips64-* | mipsel-* | mipseb-* \
- | mips64el-* | mips64orion-* | mips64orionel-* \
- | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \
- | mipstx39-* | mipstx39el-* | mcore-* \
diff --git a/security/sudo/patches/patch-af b/security/sudo/patches/patch-af
index 9e4dadd0a85..f571a40c0c3 100644
--- a/security/sudo/patches/patch-af
+++ b/security/sudo/patches/patch-af
@@ -1,19 +1,22 @@
-$NetBSD: patch-af,v 1.10 2002/01/17 16:32:05 taca Exp $
+$NetBSD: patch-af,v 1.11 2003/04/01 16:07:22 wiz Exp $
---- configure.in.orig Thu Jan 17 08:37:34 2002
+--- configure.in.orig Mon Mar 24 17:05:59 2003
+++ configure.in
-@@ -111,7 +111,6 @@
+@@ -110,7 +110,6 @@ dnl
test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
--test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
dnl
dnl Deprecated --with options (these all warn or generate an error)
-@@ -231,6 +230,19 @@
+@@ -233,6 +232,19 @@ AC_ARG_WITH(csops, [ --with-csops
;;
- esac])
-
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
++ ;;
++esac])
++
+AC_ARG_WITH(nbsdops, [ --with-nbsdops add NetBSD standard options],
+[case $with_nbsdops in
+ yes) echo 'Adding NetBSD standard options'
@@ -24,40 +27,6 @@ $NetBSD: patch-af,v 1.10 2002/01/17 16:32:05 taca Exp $
+ ;;
+ no) ;;
+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
-+ ;;
-+esac])
-+
- AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
- [case $with_passwd in
- yes) ;;
-@@ -1621,7 +1633,9 @@
- dnl
- if test "$with_kerb5" = "yes"; then
- AC_DEFINE(HAVE_KERB5, 1, [Define if you use Kerberos V.])
-- if test -f "/usr/local/include/krb5.h"; then
-+ if test -f "/usr/include/krb5/krb5.h"; then
-+ CPPFLAGS="$CPPFLAGS -I/usr/include/krb5";
-+ elif test -f "/usr/local/include/krb5.h"; then
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- elif test -f "/usr/local/kerberos/include/krb5.h"; then
- CPPFLAGS="$CPPFLAGS -I/usr/local/kerberos/include"
-@@ -1633,7 +1647,9 @@
- echo 'Unable to locate kerberos 5 include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS'
- fi
-
-- if test -f "/usr/local/lib/libkrb5.a"; then
-+ if test -f "/usr/lib/libkrb5.a"; then
-+ SUDO_LDFLAGS="${SUDO_LDFLAGS}";
-+ elif test -f "/usr/local/lib/libkrb5.a"; then
- SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib"
- elif test -f "/usr/local/kerberos/lib/libkrb5.a"; then
- SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/kerberos/lib"
-@@ -1645,7 +1661,7 @@
- echo 'Unable to locate kerberos 5 libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS'
- fi
-
-- SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
-+ SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lasn1 -lcrypto -lroken -lcom_err"
- AUTH_OBJS="${AUTH_OBJS} kerb5.o"
- fi
+ ;;
+ esac])
diff --git a/security/sudo/patches/patch-ag b/security/sudo/patches/patch-ag
index 9e73803d0f0..f463960d45e 100644
--- a/security/sudo/patches/patch-ag
+++ b/security/sudo/patches/patch-ag
@@ -1,36 +1,28 @@
-$NetBSD: patch-ag,v 1.3 2002/01/17 16:32:05 taca Exp $
+$NetBSD: patch-ag,v 1.4 2003/04/01 16:07:22 wiz Exp $
---- configure.orig Thu Jan 17 08:37:39 2002
+--- configure.orig Mon Mar 24 17:06:06 2003
+++ configure
-@@ -641,7 +641,7 @@
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --datadir=DIR read-only architecture-independent data [PREFIX/share]
-- --sysconfdir=DIR read-only single-machine data [/etc]
-+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
-@@ -693,6 +693,7 @@
- --with-devel add developement options
+@@ -873,6 +873,7 @@ Optional Packages:
+ --with-devel add development options
--with-efence link with -lefence for malloc() debugging
--with-csops add CSOps standard options
+ --with-nbsdops add NetBSD standard options
--without-passwd don't use passwd/shadow file for authentication
- --with-skey enable S/Key support
- --with-opie enable OPIE support
-@@ -1086,7 +1087,6 @@
+ --with-skey=DIR enable S/Key support
+ --with-opie=DIR enable OPIE support
+@@ -1423,7 +1424,6 @@ CHECKSIA=true
test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
--test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
- # Check whether --with-otp-only or --without-otp-only was given.
- if test "${with_otp_only+set}" = set; then
-@@ -1247,6 +1247,22 @@
+
+
+@@ -1621,6 +1621,22 @@ echo "$as_me: WARNING: Ignoring unknown
esac
fi;
++
+# Check whether --with-nbsdops or --without-nbsdops was given.
+if test "${with_nbsdops+set}" = set; then
+ withval="$with_nbsdops"
@@ -46,27 +38,6 @@ $NetBSD: patch-ag,v 1.3 2002/01/17 16:32:05 taca Exp $
+ ;;
+esac
+fi;
-+
+
# Check whether --with-passwd or --without-passwd was given.
if test "${with_passwd+set}" = set; then
- withval="$with_passwd"
-@@ -10273,7 +10289,9 @@
- echo 'Unable to locate kerberos 5 include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS'
- fi
-
-- if test -f "/usr/local/lib/libkrb5.a"; then
-+ if test -f "/usr/lib/libkrb5.a"; then
-+ SUDO_LDFLAGS="${SUDO_LDFLAGS}";
-+ elif test -f "/usr/local/lib/libkrb5.a"; then
- SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib"
- elif test -f "/usr/local/kerberos/lib/libkrb5.a"; then
- SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/kerberos/lib"
-@@ -10285,7 +10303,7 @@
- echo 'Unable to locate kerberos 5 libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS'
- fi
-
-- SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
-+ SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lasn1 -lcrypto -lroken -lcom_err"
- AUTH_OBJS="${AUTH_OBJS} kerb5.o"
- fi
-