summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/sudo/Makefile4
-rw-r--r--security/sudo/distinfo18
-rw-r--r--security/sudo/patches/patch-af16
-rw-r--r--security/sudo/patches/patch-ag105
-rw-r--r--security/sudo/patches/patch-include_sudo__compat.h20
-rw-r--r--security/sudo/patches/patch-include_sudo__event.h16
-rw-r--r--security/sudo/patches/patch-src_Makefile.in8
7 files changed, 135 insertions, 52 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index 400eff85728..efdce7549a5 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.153 2017/01/19 18:52:24 agc Exp $
+# $NetBSD: Makefile,v 1.153.2.1 2017/05/31 06:22:52 spz Exp $
-DISTNAME= sudo-1.8.17p1
+DISTNAME= sudo-1.8.20p1
CATEGORIES= security
MASTER_SITES= http://www.sudo.ws/dist/
MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
diff --git a/security/sudo/distinfo b/security/sudo/distinfo
index 8d9b2a17212..6a085d693fd 100644
--- a/security/sudo/distinfo
+++ b/security/sudo/distinfo
@@ -1,13 +1,15 @@
-$NetBSD: distinfo,v 1.88 2016/09/16 11:50:37 jperkin Exp $
+$NetBSD: distinfo,v 1.88.6.1 2017/05/31 06:22:52 spz Exp $
-SHA1 (sudo-1.8.17p1.tar.gz) = e9bb729513cd15e99def42019c35917bc9a73536
-RMD160 (sudo-1.8.17p1.tar.gz) = c3af867a6047c21614c4550534fa2566d6540913
-SHA512 (sudo-1.8.17p1.tar.gz) = e9facd2d5578d4effb516931322b5f4f9578baa779cba281d36a3d0995b1fd9d085d6b141544b3dc698569fa294163bbad9f779166a05a0f18f4ad81a630b954
-Size (sudo-1.8.17p1.tar.gz) = 2786618 bytes
+SHA1 (sudo-1.8.20p1.tar.gz) = 2138fca8c91c0504579aaf57fc39cee95486efd1
+RMD160 (sudo-1.8.20p1.tar.gz) = 1dbf71b6d22e9c75f57942c026be40dc02774859
+SHA512 (sudo-1.8.20p1.tar.gz) = b7d4c07a550da917029e31d15e734d9462f3565ee43eb5f6fd19463b54a2fa3f444381f0999d6d1ba643b65832056dd9177dad4452fa9f87f2542c223b13f258
+Size (sudo-1.8.20p1.tar.gz) = 2930394 bytes
SHA1 (patch-aa) = 63c89e6d4e530ab92b7452f4025fbbf2a45dad65
-SHA1 (patch-af) = 19c7cb41432404050c2452c3c53f2e4f588b3ab1
-SHA1 (patch-ag) = cb03a0a7daf4b5ef203f23726ad3a335b712a718
+SHA1 (patch-af) = db54ce780c174129e2a25a87f3e3a926596c68b2
+SHA1 (patch-ag) = 460b9575346c263b944535aa8e2408e959840c77
+SHA1 (patch-include_sudo__compat.h) = 4f9b021ebdd507949f13e289deabdb6090ab334c
+SHA1 (patch-include_sudo__event.h) = 6aaf60cfcac89267c55d8578d2bb8785a3c67e0c
SHA1 (patch-plugins_sudoers_Makefile.in) = d8612ac7bf2f5a892d9720c4df91810ca807f4ed
SHA1 (patch-plugins_sudoers_logging.c) = a42e54af2b6057804aecb3b6a48c565e8ac4df82
-SHA1 (patch-src_Makefile.in) = 43f7266d3d106fca69003ee040342c3b201fd262
+SHA1 (patch-src_Makefile.in) = fc2b7ea0835d7fe3192fb12cac8ab2eac61bf132
SHA1 (patch-src_sudo__edit.c) = ef411520ccefbd36bb4adf3329e6144e54647372
diff --git a/security/sudo/patches/patch-af b/security/sudo/patches/patch-af
index b3652283925..ff83fce5b7f 100644
--- a/security/sudo/patches/patch-af
+++ b/security/sudo/patches/patch-af
@@ -1,4 +1,4 @@
-$NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
+$NetBSD: patch-af,v 1.33.6.1 2017/05/31 06:22:52 spz Exp $
* Add "--with-nbsdops" option, NetBSD standard options.
* Link with util(3) in the case of DragonFly, too.
@@ -9,11 +9,11 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
--- configure.ac.orig 2016-06-22 16:36:23.000000000 +0000
+++ configure.ac
-@@ -439,6 +439,20 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi
+@@ -447,6 +447,20 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi
;;
esac])
-++AC_ARG_WITH(nbsdops, [AS_HELP_STRING([--with-nbsdops], [add NetBSD standard opt
++AC_ARG_WITH(nbsdops, [AS_HELP_STRING([--with-nbsdops], [add NetBSD standard opt
+ions])],
+[case $with_nbsdops in
+ yes) echo 'Adding NetBSD standard options'
@@ -30,7 +30,7 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
-@@ -1951,7 +1965,7 @@ case "$host" in
+@@ -1971,7 +1985,7 @@ case "$host" in
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
@@ -38,8 +38,8 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
+ *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
shadow_funcs="getspnam"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- ;;
-@@ -2299,7 +2313,7 @@ SUDO_MAILDIR
+ # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
+@@ -2329,7 +2343,7 @@ SUDO_MAILDIR
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS([login_cap.h], [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1
case "$OS" in
@@ -48,7 +48,7 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
SUDO_LIBS="${SUDO_LIBS} -lutil"
SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
;;
-@@ -3381,6 +3395,8 @@ if test ${with_kerb5-'no'} != "no"; then
+@@ -3441,6 +3455,8 @@ if test ${with_kerb5-'no'} != "no"; then
])
AUTH_OBJS="$AUTH_OBJS kerb5.lo"
fi
@@ -57,7 +57,7 @@ $NetBSD: patch-af,v 1.33 2016/09/12 17:12:24 taca Exp $
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDOERS_LIBS}"
AC_CHECK_FUNCS([krb5_verify_user krb5_init_secure_context])
-@@ -4220,7 +4236,7 @@ test "$datarootdir" = '${prefix}/share'
+@@ -4292,7 +4308,7 @@ test "$datarootdir" = '${prefix}/share'
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
diff --git a/security/sudo/patches/patch-ag b/security/sudo/patches/patch-ag
index 7cbdebdc964..cc57f8ae2b6 100644
--- a/security/sudo/patches/patch-ag
+++ b/security/sudo/patches/patch-ag
@@ -1,4 +1,4 @@
-$NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
+$NetBSD: patch-ag,v 1.24.6.1 2017/05/31 06:22:52 spz Exp $
* Add "--with-nbsdops" option, NetBSD standard options.
* Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,17 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
functions (HAVE_KRB5_*).
* Remove setting sysconfdir to "/etc".
---- configure.orig 2016-06-22 16:36:22.000000000 +0000
+--- configure.orig 2017-05-29 20:33:06.000000000 +0000
+++ configure
-@@ -1562,7 +1562,7 @@ Fine tuning of the installation director
+@@ -865,6 +865,7 @@ with_libpath
+ with_libraries
+ with_efence
+ with_csops
++with_nbsdops
+ with_passwd
+ with_skey
+ with_opie
+@@ -1571,7 +1572,7 @@ Fine tuning of the installation director
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
@@ -18,38 +26,39 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
-@@ -1661,6 +1661,7 @@ Optional Packages:
+@@ -1674,6 +1675,7 @@ Optional Packages:
--with-libraries additional libraries to link with
--with-efence link with -lefence for malloc() debugging
--with-csops add CSOps standard options
-+ --with-nbsdops add NetBSD standard options
++ --with-nbsdops add NetBSD standard opt ions
--without-passwd don't use passwd/shadow file for authentication
--with-skey[=DIR] enable S/Key support
--with-opie[=DIR] enable OPIE support
-@@ -4499,6 +4500,22 @@ $as_echo "$as_me: WARNING: Ignoring unkn
- esac
- fi
+@@ -4746,6 +4748,23 @@ fi
-+# Check whether --with-nbsdops or --without-nbsdops was given.
-+if test "${with_nbsdops+set}" = set; then
-+ withval="$with_nbsdops"
-+ case $with_nbsdops in
-+ yes) echo 'Adding NetBSD standard options'
-+ CHECKSIA=false
-+ with_ignore_dot=yes
-+ with_env_editor=yes
-+ with_tty_tickets=yes
-+ ;;
-+ no) ;;
-+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
-+ ;;
-+esac
-+fi;
-+
++# Check whether --with-nbsdops was given.
++if test "${with_nbsdops+set}" = set; then :
++ withval=$with_nbsdops; case $with_nbsdops in
++ yes) echo 'Adding NetBSD standard options'
++ CHECKSIA=false
++ with_ignore_dot=yes
++ with_env_editor=yes
++ with_tty_tickets=yes
++ ;;
++ no) ;;
++ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
++ ;;
++esac
++fi
++
++
++
# Check whether --with-passwd was given.
-@@ -15209,7 +15226,7 @@ fi
+ if test "${with_passwd+set}" = set; then :
+ withval=$with_passwd; case $with_passwd in
+@@ -15770,7 +15789,7 @@ fi
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
@@ -57,8 +66,8 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
+ *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
shadow_funcs="getspnam"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- ;;
-@@ -17228,7 +17245,7 @@ if test "x$ac_cv_header_login_cap_h" = x
+ # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
+@@ -17995,7 +18014,7 @@ if test "x$ac_cv_header_login_cap_h" = x
_ACEOF
LOGINCAP_USAGE='[-c class] '; LCMAN=1
case "$OS" in
@@ -67,7 +76,44 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
SUDO_LIBS="${SUDO_LIBS} -lutil"
SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
;;
-@@ -21839,6 +21856,8 @@ fi
+@@ -22483,10 +22502,9 @@ if test ${with_pam-"no"} != "no"; then
+ # Check for pam_start() in libpam first, then for pam_appl.h.
+ #
+ found_pam_lib=no
+- as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh`
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
+ $as_echo_n "checking for pam_start in -lpam... " >&6; }
+-if eval \${$as_ac_Lib+:} false; then :
++if ${ac_cv_lib_pam_pam_start+:} false; then :
+ $as_echo_n "(cached) " >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -22510,18 +22528,17 @@ return pam_start ();
+ }
+ _ACEOF
+ if ac_fn_c_try_link "$LINENO"; then :
+- eval "$as_ac_Lib=yes"
++ ac_cv_lib_pam_pam_start=yes
+ else
+- eval "$as_ac_Lib=no"
++ ac_cv_lib_pam_pam_start=no
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-eval ac_res=\$$as_ac_Lib
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+-$as_echo "$ac_res" >&6; }
+-if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5
++$as_echo "$ac_cv_lib_pam_pam_start" >&6; }
++if test "x$ac_cv_lib_pam_pam_start" = xyes; then :
+ found_pam_lib=yes
+ fi
+
+@@ -23256,6 +23273,8 @@ fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
AUTH_OBJS="$AUTH_OBJS kerb5.lo"
fi
@@ -76,12 +122,11 @@ $NetBSD: patch-ag,v 1.24 2016/09/12 17:12:24 taca Exp $
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDOERS_LIBS}"
for ac_func in krb5_verify_user krb5_init_secure_context
-@@ -24341,7 +24360,7 @@ test "$datarootdir" = '${prefix}/share'
+@@ -26426,7 +26445,6 @@ test "$datarootdir" = '${prefix}/share'
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-+# test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
if test X"$INIT_SCRIPT" != X""; then
ac_config_files="$ac_config_files init.d/$INIT_SCRIPT"
diff --git a/security/sudo/patches/patch-include_sudo__compat.h b/security/sudo/patches/patch-include_sudo__compat.h
new file mode 100644
index 00000000000..e40b3b55199
--- /dev/null
+++ b/security/sudo/patches/patch-include_sudo__compat.h
@@ -0,0 +1,20 @@
+$NetBSD: patch-include_sudo__compat.h,v 1.1.2.2 2017/05/31 06:22:52 spz Exp $
+
+Work around missing WCONTINUED/WIFCONTINUED support in
+NetBSD<8
+
+--- include/sudo_compat.h.orig 2017-05-10 15:38:43.000000000 +0000
++++ include/sudo_compat.h
+@@ -304,6 +304,12 @@ extern int errno;
+ # define SIG2STR_MAX 32
+ #endif
+
++/* Deficiencies in NetBSD<8 */
++#ifndef WCONTINUED
++# define WCONTINUED 0
++# define WIFCONTINUED(a) 0
++#endif
++
+ /* WCOREDUMP is not POSIX, this usually works (verified on AIX). */
+ #ifndef WCOREDUMP
+ # define WCOREDUMP(x) ((x) & 0x80)
diff --git a/security/sudo/patches/patch-include_sudo__event.h b/security/sudo/patches/patch-include_sudo__event.h
new file mode 100644
index 00000000000..6719dfa5cb2
--- /dev/null
+++ b/security/sudo/patches/patch-include_sudo__event.h
@@ -0,0 +1,16 @@
+$NetBSD: patch-include_sudo__event.h,v 1.1.2.2 2017/05/31 06:22:52 spz Exp $
+
+Missing include, fixes build error:
+error: field 'timeout' has incomplete type
+struct timeval timeout; /* for SUDO_EV_TIMEOUT */
+
+--- include/sudo_event.h.orig 2017-01-14 04:30:15.000000000 +0000
++++ include/sudo_event.h
+@@ -18,6 +18,7 @@
+ #define SUDO_EVENT_H
+
+ #include "sudo_queue.h"
++#include <sys/time.h> /* timeval */
+
+ /* Event types */
+ #define SUDO_EV_TIMEOUT 0x01 /* fire after timeout */
diff --git a/security/sudo/patches/patch-src_Makefile.in b/security/sudo/patches/patch-src_Makefile.in
index 84cd2af0904..07f87007731 100644
--- a/security/sudo/patches/patch-src_Makefile.in
+++ b/security/sudo/patches/patch-src_Makefile.in
@@ -1,15 +1,15 @@
-$NetBSD: patch-src_Makefile.in,v 1.1 2016/01/01 17:00:49 spz Exp $
+$NetBSD: patch-src_Makefile.in,v 1.1.12.1 2017/05/31 06:22:52 spz Exp $
* install the suid sudo without write-bits
--- ./src/Makefile.in.orig 2015-10-31 23:35:25.000000000 +0000
+++ ./src/Makefile.in
-@@ -173,7 +174,7 @@ install-rc: install-dirs
+@@ -198,7 +198,7 @@ install-rc: install-dirs
fi
install-binaries: install-dirs $(PROGS)
-- INSTALL_BACKUP='~' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04755 sudo $(DESTDIR)$(bindir)/sudo
-+ INSTALL_BACKUP='~' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04555 sudo $(DESTDIR)$(bindir)/sudo
+- INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04755 sudo $(DESTDIR)$(bindir)/sudo
++ INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04555 sudo $(DESTDIR)$(bindir)/sudo
rm -f $(DESTDIR)$(bindir)/sudoedit
ln -s sudo $(DESTDIR)$(bindir)/sudoedit
if [ -f sesh ]; then \