From 8dbd15d094dfa9d607443d0950e1b6a8634e1fde Mon Sep 17 00:00:00 2001 From: frueauf Date: Wed, 1 Jul 1998 19:09:42 +0000 Subject: Update to sudo-1.5.4p1. --- security/sudo/Makefile | 14 +++--- security/sudo/files/md5 | 2 +- security/sudo/patches/patch-ac | 102 +++-------------------------------------- security/sudo/patches/patch-ad | 48 ++++++------------- security/sudo/patches/patch-ae | 74 ++++++++++++++++++++++++++++++ security/sudo/pkg/DESCR | 11 ++--- 6 files changed, 107 insertions(+), 144 deletions(-) create mode 100644 security/sudo/patches/patch-ae (limited to 'security/sudo') diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 38ac6673f02..d47f7683d90 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,18 +1,20 @@ -# $NetBSD: Makefile,v 1.6 1998/06/22 13:06:18 agc Exp $ +# $NetBSD: Makefile,v 1.7 1998/07/01 19:09:42 frueauf Exp $ # FreeBSD Id: Makefile,v 1.9 1997/11/12 03:24:41 obrien Exp # -DISTNAME= cu-sudo.v1.5.3 -PKGNAME= sudo-1.5.3 +DISTNAME= cu-sudo.v1.5.4p1 +PKGNAME= sudo-1.5.4p1 CATEGORIES= security MASTER_SITES= ftp://freestuff.cs.colorado.edu/pub/sysadmin/sudo/ EXTRACT_SUFX= .tar.Z -MAINTAINER= erich@rrnet.com +MAINTAINER= packages@netbsd.org + +CONFLICTS= sudo-1.5.3 GNU_CONFIGURE= yes -CONFIGURE_ARGS+= --with-C2 --with-skey --with-fbsdops -WRKSRC= ${WRKDIR}/sudo.v1.5.3 +CONFIGURE_ARGS+=--with-C2 --with-skey --with-fbsdops +WRKSRC= ${WRKDIR}/sudo.v1.5.4p1 post-install: cd ${WRKSRC} ; ${CP} sample.sudoers ${PREFIX}/etc/sudoers.example diff --git a/security/sudo/files/md5 b/security/sudo/files/md5 index 9dcc1e7c1d2..87533542cd8 100644 --- a/security/sudo/files/md5 +++ b/security/sudo/files/md5 @@ -1 +1 @@ -MD5 (cu-sudo.v1.5.3.tar.Z) = 40bee550133a62e4886052236b406e0e +MD5 (cu-sudo.v1.5.4p1.tar.Z) = 0fb358e92f33201acc2e10430a77e765 diff --git a/security/sudo/patches/patch-ac b/security/sudo/patches/patch-ac index 056fb254bd7..1754d05e846 100644 --- a/security/sudo/patches/patch-ac +++ b/security/sudo/patches/patch-ac @@ -1,8 +1,8 @@ ---- ./sudo.man.org Wed Nov 13 17:58:50 1996 -+++ ./sudo.man Mon Dec 9 20:44:48 1996 -@@ -180,10 +180,11 @@ - .IX Header "DESCRIPTION" - \fBsudo\fR allows a permitted user to execute a \fIcommand\fR +--- sudo.man.orig Tue Jan 13 06:00:17 1998 ++++ sudo.man Wed Jul 1 20:11:51 1998 +@@ -195,10 +195,11 @@ + .SH "DESCRIPTION" + \fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the superuser (real and effective uid and gid are set -to \f(CW0\fR and root's group as set in the passwd file respectively). +to \f(CW0\fR and root's group as set in the passwd file respectively) @@ -15,101 +15,11 @@ The password prompt itself will also time out if the password is not entered with N minutes (again, this is defined at installation @@ -321,7 +322,7 @@ - .IX Header "FILES" + .SH "FILES" .PP .Vb 1 -\& /etc/sudoers file of authorized users. +\& /usr/pkg/etc/sudoers file of authorized users. .Ve .SH "ENVIRONMENT VARIABLES" - .IX Header "ENVIRONMENT VARIABLES" ---- ./sudoers.man.org Wed Nov 13 17:58:50 1996 -+++ ./sudoers.man Mon Dec 9 20:38:43 1996 -@@ -296,7 +296,7 @@ - \fB\s-1DO\s0 \s-1NOT\s0\fR define an alias of \fI\s-1ALL\s0\fR, it will \fB\s-1NOT\s0\fR be used. - Note that \fI\s-1ALL\s0\fR implies the entire universe of hosts/users/commands. - You can subtract elements from the universe by using the syntax: -- user host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/etc/halt... -+ user host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/sbin/halt... - Note that the \*(L"!\*(R" notation only works in a user's command list. You - may not use it to subtract elements in a User_Alias, Host_Alias, - Cmnd_Alias or user list. -@@ -334,7 +334,7 @@ - \& Cmnd_Alias SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh - \& Cmnd_Alias SU=/bin/su - \& Cmnd_Alias MISC=/bin/rm,/bin/cat:\e --\& SHUTDOWN=/etc/halt,/etc/shutdown -+\& SHUTDOWN=/sbin/halt,/sbin/shutdown - .Ve - .Vb 14 - \& # User specification -@@ -344,11 +344,11 @@ - \& +interns +openlabs=ALL,!SHELLS,!SU - \& britt REMOTE=SHUTDOWN:ALL=LPCS - \& jimbo CUNETS=/bin/su ?*,!/bin/su root --\& nieusma SERVERS=SHUTDOWN,/etc/reboot:\e -+\& nieusma SERVERS=SHUTDOWN,/sbin/reboot:\e - \& HUB=ALL,!SHELLS --\& jill houdini=/etc/shutdown -[hr] now,MISC --\& markm HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt --\& davehieb merlin=(OP) ALL:SERVERS=/etc/halt:\e -+\& jill houdini=/sbin/shutdown -[hr] now,MISC -+\& markm HUB=ALL,!MISC,!/sbin/shutdown,!/sbin/halt -+\& davehieb merlin=(OP) ALL:SERVERS=/sbin/halt:\e - \& kodiakthorn=NOPASSWD: ALL - \& steve CSNETS=(operator) /usr/op_commands/ - .Ve -@@ -405,24 +405,24 @@ - .Ip "nieusma" 16 - .IX Item "nieusma" - The user \f(CWnieusma\fR may run commands in the \f(CWSHUTDOWN\fR alias --as well as \fI/etc/reboot\fR on the \f(CWSERVER\fR machines and -+as well as \fI/sbin/reboot\fR on the \f(CWSERVER\fR machines and - any command except those in the \f(CWSHELLS\fR alias on the \f(CWHUB\fR - machines. - .Ip "jill" 16 - .IX Item "jill" --The user \f(CWjill\fR may run \f(CW/etc/shutdown -h now\fR or --\f(CW/etc/shutdown -r now\fR as well as the commands in the -+The user \f(CWjill\fR may run \f(CW/sbin/shutdown -h now\fR or -+\f(CW/sbin/shutdown -r now\fR as well as the commands in the - \f(CWMISC\fR alias on houdini. - .Ip "markm" 16 - .IX Item "markm" - The user \f(CWmarkm\fR may run any command on the \f(CWHUB\fR machines --except \fI/etc/shutdown\fR, \fI/etc/halt\fR, and commands listed -+except \fI/sbin/shutdown\fR, \fI/sbin/halt\fR, and commands listed - in the \f(CWMISC\fR alias. - .Ip "davehieb" 16 - .IX Item "davehieb" - The user \f(CWdavehieb\fR may run any command on \f(CWmerlin\fR as any - user in the Runas_Alias \s-1OP\s0 (ie: root or operator). He may --also run \fI/etc/halt\fR on the \f(CWSERVERS\fR and any command -+also run \fI/sbin/halt\fR on the \f(CWSERVERS\fR and any command - on \f(CWkodiakthorn\fR (no password required on \f(CWkodiakthorn\fR). - .Ip "steve" 16 - .IX Item "steve" -@@ -438,8 +438,8 @@ - .IX Header "FILES" - .PP - .Vb 2 --\& /etc/sudoers file of authorized users. --\& /etc/netgroup list of network groups. -+\& /usr/pkg/etc/sudoers file of authorized users. -+\& /etc/netgroup list of network groups. - .Ve - .SH "SEE ALSO" - .IX Header "SEE ALSO" ---- ./visudo.man.org Wed Nov 13 17:58:51 1996 -+++ ./visudo.man Mon Dec 9 20:39:01 1996 -@@ -211,8 +211,8 @@ - .IX Header "FILES" .PP - .Vb 2 --\& /etc/sudoers file of authorized users. --\& /etc/stmp lock file for visudo. -+\& /usr/pkg/etc/sudoers file of authorized users. -+\& /usr/pkg/etc/stmp lock file for visudo. - .Ve - .SH "ENVIRONMENT VARIABLES" - .IX Header "ENVIRONMENT VARIABLES" diff --git a/security/sudo/patches/patch-ad b/security/sudo/patches/patch-ad index 30e3d2c3026..16613751dc4 100644 --- a/security/sudo/patches/patch-ad +++ b/security/sudo/patches/patch-ad @@ -1,35 +1,13 @@ -*** tgetpass.c.dist Wed Feb 19 00:09:13 1997 ---- tgetpass.c Wed Feb 19 00:09:21 1997 -*************** -*** 206,223 **** - tv.tv_sec = timeout; - tv.tv_usec = 0; - -- /* how many file descriptors may we have? */ -- #ifdef HAVE_SYSCONF -- n = sysconf(_SC_OPEN_MAX); -- #else -- n = getdtablesize(); -- #endif /* HAVE_SYSCONF */ -- - /* - * get password or return empty string if nothing to read by timeout - */ - buf[0] = '\0'; -! if (select(n, &readfds, 0, 0, &tv) > 0 && fgets(buf, sizeof(buf), input)) { - n = strlen(buf); - if (buf[n - 1] == '\n') - buf[n - 1] = '\0'; ---- 206,216 ---- - tv.tv_sec = timeout; - tv.tv_usec = 0; - - /* - * get password or return empty string if nothing to read by timeout - */ - buf[0] = '\0'; -! if (select(fileno(input)+1, &readfds, 0, 0, &tv) > 0 && fgets(buf, sizeof(buf), input)) { - n = strlen(buf); - if (buf[n - 1] == '\n') - buf[n - 1] = '\0'; - +--- visudo.man.orig Tue Jan 13 05:55:43 1998 ++++ visudo.man Wed Jul 1 20:11:52 1998 +@@ -223,8 +223,8 @@ + .SH "FILES" + .PP + .Vb 2 +-\& /etc/sudoers file of authorized users. +-\& /etc/stmp lock file for visudo. ++\& /usr/pkg/etc/sudoers file of authorized users. ++\& /usr/pkg/etc/stmp lock file for visudo. + .Ve + .SH "ENVIRONMENT VARIABLES" + The following are used only if \fBvisudo\fR was compiled with the diff --git a/security/sudo/patches/patch-ae b/security/sudo/patches/patch-ae new file mode 100644 index 00000000000..6f780d7c0ec --- /dev/null +++ b/security/sudo/patches/patch-ae @@ -0,0 +1,74 @@ +--- sudoers.man.orig Tue Jan 13 05:55:42 1998 ++++ sudoers.man Wed Jul 1 20:19:04 1998 +@@ -297,7 +297,7 @@ + \fB\s-1DO\s0 \s-1NOT\s0\fR define an alias of \fI\s-1ALL\s0\fR, it will \fB\s-1NOT\s0\fR be used. + Note that \fI\s-1ALL\s0\fR implies the entire universe of hosts/users/commands. + You can subtract elements from the universe by using the syntax: +- user host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/etc/halt... ++ user host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/sbin/halt... + Note that the \*(L"!\*(R" notation only works in a user's command list. You + may not use it to subtract elements in a User_Alias, Host_Alias, + Cmnd_Alias or user list. +@@ -334,7 +334,7 @@ + \& Cmnd_Alias SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh + \& Cmnd_Alias SU=/bin/su + \& Cmnd_Alias MISC=/bin/rm,/bin/cat:\e +-\& SHUTDOWN=/etc/halt,/etc/shutdown ++\& SHUTDOWN=/sbin/halt,/sbin/shutdown + .Ve + .Vb 14 + \& # User specification +@@ -344,11 +344,11 @@ + \& +interns +openlabs=ALL,!SHELLS,!SU + \& britt REMOTE=SHUTDOWN:ALL=LPCS + \& jimbo CUNETS=/bin/su ?*,!/bin/su root +-\& nieusma SERVERS=SHUTDOWN,/etc/reboot:\e ++\& nieusma SERVERS=SHUTDOWN,/sbin/reboot:\e + \& HUB=ALL,!SHELLS +-\& jill houdini=/etc/shutdown -[hr] now,MISC +-\& markm HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt +-\& davehieb merlin=(OP) ALL:SERVERS=/etc/halt:\e ++\& jill houdini=/sbin/shutdown -[hr] now,MISC ++\& markm HUB=ALL,!MISC,!/sbin/shutdown,!/sbin/halt ++\& davehieb merlin=(OP) ALL:SERVERS=/sbin/halt:\e + \& kodiakthorn=NOPASSWD: ALL + \& steve CSNETS=(operator) /usr/op_commands/ + .Ve +@@ -394,21 +394,21 @@ + B network). + .Ip "nieusma" 16 + The user \f(CWnieusma\fR may run commands in the \f(CWSHUTDOWN\fR alias +-as well as \fI/etc/reboot\fR on the \f(CWSERVER\fR machines and ++as well as \fI/sbin/reboot\fR on the \f(CWSERVER\fR machines and + any command except those in the \f(CWSHELLS\fR alias on the \f(CWHUB\fR + machines. + .Ip "jill" 16 +-The user \f(CWjill\fR may run \f(CW/etc/shutdown -h now\fR or +-\f(CW/etc/shutdown -r now\fR as well as the commands in the ++The user \f(CWjill\fR may run \f(CW/sbin/shutdown -h now\fR or ++\f(CW/sbin/shutdown -r now\fR as well as the commands in the + \f(CWMISC\fR alias on houdini. + .Ip "markm" 16 + The user \f(CWmarkm\fR may run any command on the \f(CWHUB\fR machines +-except \fI/etc/shutdown\fR, \fI/etc/halt\fR, and commands listed ++except \fI/sbin/shutdown\fR, \fI/sbin/halt\fR, and commands listed + in the \f(CWMISC\fR alias. + .Ip "davehieb" 16 + The user \f(CWdavehieb\fR may run any command on \f(CWmerlin\fR as any + user in the Runas_Alias \s-1OP\s0 (ie: root or operator). He may +-also run \fI/etc/halt\fR on the \f(CWSERVERS\fR and any command ++also run \fI/sbin/halt\fR on the \f(CWSERVERS\fR and any command + on \f(CWkodiakthorn\fR (no password required on \f(CWkodiakthorn\fR). + .Ip "steve" 16 + The user \f(CWsteve\fR may run any command in the \fI/usr/op_commands/\fR +@@ -421,8 +421,8 @@ + .SH "FILES" + .PP + .Vb 2 +-\& /etc/sudoers file of authorized users. +-\& /etc/netgroup list of network groups. ++\& /usr/pkg/etc/sudoers file of authorized users. ++\& /etc/netgroup list of network groups. + .Ve + .SH "SEE ALSO" + \fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3). diff --git a/security/sudo/pkg/DESCR b/security/sudo/pkg/DESCR index 08611e6e817..40be9304a4c 100644 --- a/security/sudo/pkg/DESCR +++ b/security/sudo/pkg/DESCR @@ -1,12 +1,11 @@ -This is the CU version of sudo, release 1.4. - -Sudo is a program designed to allow a sysadmin to give limited root privileges -to users and log root activity. The basic philosophy is to give as few -privileges as possible but still allow people to get their work done. +Sudo is a program designed to allow a sysadmin to give limited root +privileges to users and log root activity. The basic philosophy is to +give as few privileges as possible but still allow people to get their +work done. MAILING LISTS: -Please send bugs, problems, comments, etc to sudo-bugs@cs.colorado.edu +Please send bugs, problems, comments, etc to sudo-bugs@cs.colorado.edu. There is a mailing list that receives announcements whenever a new version of sudo is released. You can subscribe to it by sending a message to "majordomo@cs.colorado.edu" that includes the line -- cgit v1.2.3