Sat Sep 11 17:24:16 2010 UTC ()
Pullup ticket #3220 - requested by spz
security/sudo: security update

Revisions pulled up:
- security/sudo/Makefile			1.122-1.123
- security/sudo/PLIST				1.5
- security/sudo/distinfo			1.64-1.65
- security/sudo/patches/patch-aa		1.24
- security/sudo/patches/patch-af		1.24-1.25
- security/sudo/patches/patch-ag		1.15-1.16
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Jul	 5 03:08:10 UTC 2010

Modified Files:
	pkgsrc/security/sudo: Makefile distinfo
	pkgsrc/security/sudo/patches: patch-af patch-ag

Log Message:
Update sudo package to 1.7.2p8.

Major changes between sudo 1.7.2p7 and 1.7.2p8:

 * Fixed a crash on AIX when LDAP support is in use.

 * Fixed problems with the QAS non-Unix group support
---
Module Name:	pkgsrc
Committed By:	spz
Date:		Fri Sep 10 17:11:27 UTC 2010

Modified Files:
	pkgsrc/security/sudo: Makefile PLIST distinfo
	pkgsrc/security/sudo/patches: patch-aa patch-af patch-ag

Log Message:
updating to the latest and greatest (and less a bunch of security
relevant bugs) version:

Major changes between version 1.7.4p3 and 1.7.4p4:

    * A potential security issue has been fixed with respect to the
      handling of sudo's -g command line option when -u is also
      specified. The flaw may allow an attacker to run commands as a
      user that is not authorized by the sudoers file.
    * A bug has been fixed where "sudo -l" output was incomplete if
      multiple sudoers sources were defined in nsswitch.conf and there
      was an error querying one of the sources.
    * The log_input, log_output, and use_pty sudoers options now work
      correctly on AIX. Previously, sudo would hang if they were
      enabled.
    * Fixed "make install" when sudo is built in a directory other
      than the directory that holds the sources.
    * The runas_default sudoers setting now works properly in a
      per-command Defaults line.
    * Suspending and resuming the bash shell when PAM is in use now
      works properly. The SIGCONT signal was not being propagated to
      the child process.

Major changes between version 1.7.4p2 and 1.7.4p3:

    * A bug has been fixed where duplicate HOME environment variables
      could be set when the env_reset setting was disabled and the
      always_set_home setting was enabled in sudoers.
    * The value of sysconfdir is now substituted into the path to the
      sudoers.d directory in the installed sudoers file.
    * Fixed compilation problems on Irix and other platforms.
    * If multiple PAM "auth" actions are specified and the user enters
      ^C at the password prompt, sudo will now abort any subsequent
      "auth" actions. Previously it was necessary to enter ^C once for
      each "auth" action.

Major changes between version 1.7.4p1 and 1.7.4p2:

    * Fixed a bug where sudo could spin in a cpu loop waiting for the
      child process.
    * Packaging fixes for sudo.pp to better handle patchlevels.

Major changes between version 1.7.4 and 1.7.4p1:

    * Fix a bug introduced in sudo 1.7.3 that prevented the -k and -K
      options from functioning when the tty_tickets sudoers option was
      enabled.
    * Sudo no longer prints a warning when the -k or -K options are
      specified and the ticket file does not exist.
    * Changes to the configure script to enable cross-compilation of
      Sudo.

Major changes between version 1.7.3 and 1.7.4:

    * Sudoedit will now preserve the file extension in the name of the
      temporary file being edited. The extension is used by some
      editors (such as emacs) to choose the editing mode.
    * Time stamp files have moved from /var/run/sudo to either
      /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories
      are checked for existence in that order. This prevents users
      from receiving the sudo lecture every time the system reboots.
      Time stamp files older than the boot time are ignored on systems
      where it is possible to determine this.
    * Ancillary documentation (README files, LICENSE, etc) is now
      installed in a sudo documentation directory.
    * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
      in ldap.conf.
    * Defaults settings that are tied to a user, host or command may
      now include the negation operator. For example:
	  Defaults:!millert lecture
      will match any user but millert.
    * The default PATH environment variable, used when no PATH variable
      exists, now includes /usr/sbin and /sbin.
    * Sudo now uses polypkg for cross-platform packing.
    * On Linux, sudo will now restore the nproc resource limit before
      executing a command, unless the limit appears to have been
      modified by pam_limits. This avoids a problem with bash scripts
      that open more than 32 descriptors on SuSE Linux, where
      sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set
      to RLIMIT_UNLIMITED (-1).
    * Visudo will now treat an unrecognized Defaults entry as a parse
      error (sudo will warn but still run).
    * The HOME and MAIL environment variables are now reset based on
      the target user's password database entry when the env_reset
      sudoers option is enabled (which is the case in the default
      configuration). Users wishing to preserve the original values
      should use a sudoers entry like:
	  Defaults env_keep += HOME
      to preserve the old value of HOME and
	  Defaults env_keep += MAIL
      to preserve the old value of MAIL.
    * The tty_tickets option is now on by default.
    * Fixed a problem in the restoration of the AIX authdb registry
      setting.
    * If PAM is in use, wait until the process has finished before
      closing the PAM session.
    * Fixed "sudo -i -u user" where user has no shell listed in the
      password database.
    * When logging I/O, sudo now handles pty read/write returning ENXIO,
      as seen on FreeBSD when the login session has been killed.
    * Sudo now performs I/O logging in the C locale. This avoids
      locale-related issues when parsing floating point numbers in the
      timing file.
    * Added support for Ubuntu-style admin flag dot files.

Major changes between version 1.7.2p8 and 1.7.3:

    * Support for logging a command's input and output as well as the
      ability to replay sessions. For more information, see the
      documentation for the log_input and log_output Defaults options
      in the sudoers manual. Also see the sudoreplay manual for
      information on replaying I/O log sessions.
    * The use_pty sudoers option can be used to force a command to be
      run in a pseudo-pty, even when I/O logging is not enabled.
    * On some systems, sudo can now detect when a user has logged out
      and back in again when tty-based time stamps are in use.
      Supported systems include Solaris systems with the devices file
      system, Mac OS X, and Linux systems with the devpts filesystem
      (pseudo-ttys only).
    * On AIX systems, the registry setting in /etc/security/user is
      now taken into account when looking up users and groups.
      Sudo now applies the correct the user and group ids when running
      a command as a user whose account details come from a different
      source (e.g. LDAP or DCE vs. local files).
    * Support for multiple sudoers_base and uri entries in ldap.conf.
      When multiple entries are listed, sudo will try each one in the
      order in which they are specified.
    * Sudo's SELinux support should now function correctly when running
      commands as a non-root user and when one of stdin, stdout or stderr
      is not a terminal.
    * Sudo will now use the Linux audit system with configure with the
      --with-linux-audit flag.
    * Sudo now uses mbr_check_membership() on systems that support it
      to determine group membership. Currently, only Darwin (Mac OS X)
      supports this.
    * When the tty_tickets sudoers option is enabled but there is no
      terminal device, sudo will no longer use or create a tty-based
      ticket file. Previously, sudo would use a tty name of "unknown".
      As a consequence, if a user has no terminal device, sudo will now
      always prompt for a password.
    * The passwd_timeout and timestamp_timeout options may now be
      specified as floating point numbers for more granular timeout
      values.
    * Negating the fqdn option in sudoers now works correctly when sudo
      is configured with the --with-fqdn option. In previous versions
      of sudo the fqdn was set before sudoers was parsed.


(tron)
diff -r1.121 -r1.121.2.1 pkgsrc/security/sudo/Makefile
diff -r1.4 -r1.4.10.1 pkgsrc/security/sudo/PLIST
diff -r1.63 -r1.63.2.1 pkgsrc/security/sudo/distinfo
diff -r1.23 -r1.23.2.1 pkgsrc/security/sudo/patches/patch-aa
diff -r1.23 -r1.23.6.1 pkgsrc/security/sudo/patches/patch-af
diff -r1.14 -r1.14.6.1 pkgsrc/security/sudo/patches/patch-ag
cvs diff -r1.121 -r1.121.2.1 pkgsrc/security/sudo/Makefile (expand / switch to unified diff)

--- pkgsrc/security/sudo/Makefile 2010/06/03 14:53:14 1.121
+++ pkgsrc/security/sudo/Makefile 2010/09/11 17:24:15 1.121.2.1
@@ -1,26 +1,24 @@ @@ -1,26 +1,24 @@
1# $NetBSD: Makefile,v 1.121 2010/06/03 14:53:14 taca Exp $ 1# $NetBSD: Makefile,v 1.121.2.1 2010/09/11 17:24:15 tron Exp $
2# 2#
3 3
4DISTNAME= sudo-1.7.2p7 4DISTNAME= sudo-1.7.4p4
5CATEGORIES= security 5CATEGORIES= security
6MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ 6MASTER_SITES= http://www.courtesan.com/sudo/dist/ \
7 ftp://ftp.courtesan.com/pub/sudo/ \ 7 ftp://ftp.courtesan.com/pub/sudo/ \
8 ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ \ 8 ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ \
9 ftp://ftp.twaren.net/Unix/Security/Sudo/ \ 9 ftp://ftp.twaren.net/Unix/Security/Sudo/ \
10 http://ftp.tux.org/pub/security/sudo/ 10 http://ftp.tux.org/pub/security/sudo/
11 11
12DIST_SUBDIR= ${DISTNAME}-200805130 
13 
14MAINTAINER= kim@tac.nyc.ny.us 12MAINTAINER= kim@tac.nyc.ny.us
15HOMEPAGE= http://www.courtesan.com/sudo/ 13HOMEPAGE= http://www.courtesan.com/sudo/
16COMMENT= Allow others to run commands as root 14COMMENT= Allow others to run commands as root
17LICENSE= modified-bsd 15LICENSE= modified-bsd
18 16
19PKG_INSTALLATION_TYPES= overwrite pkgviews 17PKG_INSTALLATION_TYPES= overwrite pkgviews
20 18
21USE_LIBTOOL= yes 19USE_LIBTOOL= yes
22OWN_DIRS+= ${VARBASE}/run 20OWN_DIRS+= ${VARBASE}/run
23GNU_CONFIGURE= yes 21GNU_CONFIGURE= yes
24BUILD_DEFS+= VARBASE 22BUILD_DEFS+= VARBASE
25PKG_DESTDIR_SUPPORT= destdir 23PKG_DESTDIR_SUPPORT= destdir
26PLIST_VARS+= ldap 24PLIST_VARS+= ldap
cvs diff -r1.4 -r1.4.10.1 pkgsrc/security/sudo/PLIST (expand / switch to unified diff)

--- pkgsrc/security/sudo/PLIST 2009/06/14 18:13:40 1.4
+++ pkgsrc/security/sudo/PLIST 2010/09/11 17:24:16 1.4.10.1
@@ -1,14 +1,24 @@ @@ -1,14 +1,24 @@
1@comment $NetBSD: PLIST,v 1.4 2009/06/14 18:13:40 joerg Exp $ 1@comment $NetBSD: PLIST,v 1.4.10.1 2010/09/11 17:24:16 tron Exp $
2bin/sudo 2bin/sudo
3bin/sudoedit 3bin/sudoedit
 4bin/sudoreplay
4libexec/sudo_noexec.so 5libexec/sudo_noexec.so
5man/man5/sudoers.5 6man/man5/sudoers.5
6${PLIST.ldap}man/man5/sudoers.ldap.5 7${PLIST.ldap}man/man5/sudoers.ldap.5
7man/man8/sudo.8 8man/man8/sudo.8
8man/man8/sudoedit.8 9man/man8/sudoedit.8
 10man/man8/sudoreplay.8
9man/man8/visudo.8 11man/man8/visudo.8
10sbin/visudo 12sbin/visudo
 13share/doc/sudo/ChangeLog
 14share/doc/sudo/HISTORY
 15share/doc/sudo/LICENSE
 16share/doc/sudo/NEWS
11share/doc/sudo/README 17share/doc/sudo/README
12share/doc/sudo/README.LDAP 18share/doc/sudo/README.LDAP
 19share/doc/sudo/TROUBLESHOOTING
13share/doc/sudo/UPGRADE 20share/doc/sudo/UPGRADE
 21share/doc/sudo/sample.pam
 22share/doc/sudo/sample.sudoers
 23share/doc/sudo/sample.syslog.conf
14share/examples/sudo/sudoers 24share/examples/sudo/sudoers
cvs diff -r1.63 -r1.63.2.1 pkgsrc/security/sudo/distinfo (expand / switch to unified diff)

--- pkgsrc/security/sudo/distinfo 2010/06/03 14:53:14 1.63
+++ pkgsrc/security/sudo/distinfo 2010/09/11 17:24:16 1.63.2.1
@@ -1,8 +1,8 @@ @@ -1,8 +1,8 @@
1$NetBSD: distinfo,v 1.63 2010/06/03 14:53:14 taca Exp $ 1$NetBSD: distinfo,v 1.63.2.1 2010/09/11 17:24:16 tron Exp $
2 2
3SHA1 (sudo-1.7.2p7-200805130/sudo-1.7.2p7.tar.gz) = 0504e0d7b1d3c987e48325ec4caa6ebfe5237ff5 3SHA1 (sudo-1.7.4p4.tar.gz) = c873f509f80d5722989a912a42a61ad27b71453f
4RMD160 (sudo-1.7.2p7-200805130/sudo-1.7.2p7.tar.gz) = 7ed1976bbce6d66939b85ce08a97c089dbeb1ec4 4RMD160 (sudo-1.7.4p4.tar.gz) = 3b5eb69b4317c72def0e811c58a24df8c9c1c892
5Size (sudo-1.7.2p7-200805130/sudo-1.7.2p7.tar.gz) = 772356 bytes 5Size (sudo-1.7.4p4.tar.gz) = 963663 bytes
6SHA1 (patch-aa) = bd35d9a9168a70c53b8908570cd86483b117a084 6SHA1 (patch-aa) = 05f2f71bf7393cfd878c0a6c14d2d5a79177daac
7SHA1 (patch-af) = 50e6ecf889c460669a4b632c0fd3b15fc45b1214 7SHA1 (patch-af) = 86b9bd17dbfe1951c48055cd191d3071766385c6
8SHA1 (patch-ag) = b6153d89cfe634c79f1c5b44d4f0df0089353528 8SHA1 (patch-ag) = 7a64eed90eb88f10280e876a5a6beaab2e12e7c6
cvs diff -r1.23 -r1.23.2.1 pkgsrc/security/sudo/patches/Attic/patch-aa (expand / switch to unified diff)

--- pkgsrc/security/sudo/patches/Attic/patch-aa 2010/04/16 15:33:52 1.23
+++ pkgsrc/security/sudo/patches/Attic/patch-aa 2010/09/11 17:24:16 1.23.2.1
@@ -1,61 +1,73 @@ @@ -1,61 +1,73 @@
1$NetBSD: patch-aa,v 1.23 2010/04/16 15:33:52 taca Exp $ 1$NetBSD: patch-aa,v 1.23.2.1 2010/09/11 17:24:16 tron Exp $
2 2
3--- Makefile.in.orig 2010-04-09 21:13:21.000000000 +0000 3--- Makefile.in.orig 2010-09-03 21:43:57.000000000 +0000
4+++ Makefile.in 4+++ Makefile.in
5@@ -196,7 +196,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c 5@@ -205,7 +205,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c
6 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c 6 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
7  7
8 sudo_noexec.la: sudo_noexec.lo 8 libsudo_noexec.la: sudo_noexec.lo
9- $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) 9- $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
10+ $(LIBTOOL) --mode=link $(CC) -module $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) 10+ $(LIBTOOL) --mode=link $(CC) -module $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
11  11
12 # Uncomment the following if you want "make distclean" to clean the parser 12 # Uncomment the following if you want "make distclean" to clean the parser
13 @DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h 13 @DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate
14@@ -403,36 +403,36 @@ sudoers.ldap.cat: sudoers.ldap.man 14@@ -475,43 +475,43 @@ ChangeLog:
15 @DEV@LICENSE: license.pod 15 hg log --style=changelog -b default --date '<2010-01-18 00:00:00' >> $@; \
16 @DEV@ pod2text -l -i0 $> | sed '1,2d' > $@ 16 fi
17  17
18-install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man 18-install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-doc
19+install: install-dirs install-binaries @INSTALL_NOEXEC@ install-man 19+install: install-dirs install-binaries @INSTALL_NOEXEC@ install-doc
20  20
21 install-dirs: 21 install-dirs:
22 $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \ 22 $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \
23- $(DESTDIR)$(visudodir) $(DESTDIR)$(sudoersdir) \ 23 $(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir) \
24+ $(DESTDIR)$(visudodir) \ 24- $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \
25 $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \ 25+ $(DESTDIR)$(docdir) \
26 $(DESTDIR)$(noexecdir) 26 $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform)
 27 $(SHELL) $(srcdir)/mkinstalldirs -m 0700 $(DESTDIR)$(timedir)
27  28
28 install-binaries: install-dirs $(PROGS) 29 install-binaries: install-dirs $(PROGS)
29- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)$(sudodir)/sudo 30- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo
30+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 4111 -s sudo $(DESTDIR)$(sudodir)/sudo 31+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 04111 sudo $(DESTDIR)$(sudodir)/sudo
31 rm -f $(DESTDIR)$(sudodir)/sudoedit 32 rm -f $(DESTDIR)$(sudodir)/sudoedit
32 ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit 33 ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
33- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo 34- if [ -f sudoreplay ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
34-@SELINUX@ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh 35- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo
35+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 -s visudo $(DESTDIR)$(visudodir)/visudo 36- if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi
36+@SELINUX@ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh 37+ if [ -f sudoreplay ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
37  38+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 visudo $(DESTDIR)$(visudodir)/visudo
38 install-noexec: install-dirs sudo_noexec.la 39+ if [ -f sesh ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi
39- test -f .libs/$(noexecfile) && $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir) 40
40+ test -f .libs/$(noexecfile) && $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir) 41 install-noexec: install-dirs libsudo_noexec.la
 42- if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
 43+ if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
41  44
42 install-sudoers: install-dirs 45 install-sudoers: install-dirs
 46- $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \
 47+ $(INSTALL) -d -o $(sudoers_uid) -g $(sudoers_gid) -m 0750 \
 48 $(DESTDIR)$(sudoersdir)/sudoers.d
43 test -f $(DESTDIR)$(sudoersdir)/sudoers || \ 49 test -f $(DESTDIR)$(sudoersdir)/sudoers || \
44- $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \ 50- $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
45+ $(INSTALL) -o $(sudoers_uid) -g $(sudoers_gid) -m $(sudoers_mode) \ 51+ $(INSTALL) -o $(sudoers_uid) -g $(sudoers_gid) -m $(sudoers_mode) \
46 $(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers 52 sudoers $(DESTDIR)$(sudoersdir)/sudoers
47  53
48 install-man: install-dirs 54 install-doc: install-dirs ChangeLog
 55- (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
 56- @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
49- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) 57- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
 58+ (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done)
 59+ @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done)
50+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) 60+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
51 @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) 61 @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
52 ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) 62 ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
 63- @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
53- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) 64- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
54- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) 65- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
55- @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) 66- @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
 67+ @REPLAY@$(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
56+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) 68+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
57+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) 69+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
58+ @LDAP@$(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) 70+ @LDAP@$(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
59 @MAN_POSTINSTALL@ 71 @MAN_POSTINSTALL@
60  72
61 check: 73 check:
cvs diff -r1.23 -r1.23.6.1 pkgsrc/security/sudo/patches/Attic/patch-af (expand / switch to unified diff)

--- pkgsrc/security/sudo/patches/Attic/patch-af 2009/12/20 07:46:32 1.23
+++ pkgsrc/security/sudo/patches/Attic/patch-af 2010/09/11 17:24:16 1.23.6.1
@@ -1,50 +1,49 @@ @@ -1,50 +1,49 @@
1$NetBSD: patch-af,v 1.23 2009/12/20 07:46:32 taca Exp $ 1$NetBSD: patch-af,v 1.23.6.1 2010/09/11 17:24:16 tron Exp $
2 2
3--- configure.in.orig 2009-11-25 01:55:34.000000000 +0000 3--- configure.in.orig 2010-09-06 12:03:33.000000000 +0000
4+++ configure.in 4+++ configure.in
5@@ -158,7 +158,6 @@ else 5@@ -322,6 +322,18 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi
6 fi 
7 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' 
8 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' 
9-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' 
10  
11 dnl 
12 dnl Deprecated --with options (these all warn or generate an error) 
13@@ -296,6 +295,19 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi 
14 ;; 6 ;;
15 esac]) 7 esac])
16  8
17+AC_ARG_WITH(nbsdops, [AS_HELP_STRING([--with-nbsdops], [add NetBSD standard options])], 9+AC_ARG_WITH(nbsdops, [AS_HELP_STRING([--with-nbsdops], [add NetBSD standard options])],
18+[case $with_nbsdops in 10+[case $with_nbsdops in
19+ yes) echo 'Adding NetBSD standard options' 11+ yes) echo 'Adding NetBSD standard options'
20+ CHECKSIA=false 12+ CHECKSIA=false
21+ with_ignore_dot=yes 13+ with_ignore_dot=yes
22+ with_env_editor=yes 14+ with_env_editor=yes
23+ with_tty_tickets=yes 15+ with_tty_tickets=yes
24+ ;; 16+ ;;
25+ no) ;; 17+ no) ;;
26+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" 18+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
27+ ;; 19+ ;;
28+esac]) 20+esac])
29+ 
30 AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], 21 AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
31 [case $with_passwd in 22 [case $with_passwd in
32 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) 23 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
33@@ -1795,7 +1807,7 @@ fi 24@@ -1865,7 +1877,7 @@ SUDO_MAILDIR
34 if test ${with_logincap-'no'} != "no"; then 25 if test ${with_logincap-'no'} != "no"; then
35 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN="" 26 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
36 case "$OS" in 27 case "$OS" in
37- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" 28- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
38+ dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" 29+ dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil"
39 ;; 30 ;;
40 esac 31 esac
41 ]) 32 ])
42@@ -2242,6 +2254,8 @@ if test ${with_kerb5-'no'} != "no" -a -z 33@@ -2317,6 +2329,8 @@ if test ${with_kerb5-'no'} != "no"; then
43 AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support"]) 34 if test -n "$KRB5CONFIG"; then
44 ]) 35 AC_DEFINE(HAVE_KERB5)
45 AUTH_OBJS="$AUTH_OBJS kerb5.o" 36 AUTH_OBJS="$AUTH_OBJS kerb5.o"
46+fi 37+ fi
47+if test ${with_kerb5-'no'} != "no"; then 38+ if test ${with_kerb5-'no'} != "no"; then
48 _LIBS="$LIBS" 39 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
49 LIBS="${LIBS} ${SUDO_LIBS}" 40 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
50 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) 41 dnl
 42@@ -2798,7 +2812,6 @@ test "$libexecdir" = '${exec_prefix}/lib
 43 test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
 44 test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
 45 test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
 46-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
 47
 48 dnl
 49 dnl Substitute into the Makefile and man pages
cvs diff -r1.14 -r1.14.6.1 pkgsrc/security/sudo/patches/Attic/patch-ag (expand / switch to unified diff)

--- pkgsrc/security/sudo/patches/Attic/patch-ag 2009/12/20 07:46:32 1.14
+++ pkgsrc/security/sudo/patches/Attic/patch-ag 2010/09/11 17:24:16 1.14.6.1
@@ -1,71 +1,61 @@ @@ -1,71 +1,61 @@
1$NetBSD: patch-ag,v 1.14 2009/12/20 07:46:32 taca Exp $ 1$NetBSD: patch-ag,v 1.14.6.1 2010/09/11 17:24:16 tron Exp $
2 2
3--- configure.orig 2009-11-25 01:57:27.000000000 +0000 3--- configure.orig 2010-09-06 12:03:39.000000000 +0000
4+++ configure 4+++ configure
5@@ -1454,7 +1454,7 @@ Fine tuning of the installation director 5@@ -1589,7 +1589,7 @@ Fine tuning of the installation director
6 --bindir=DIR user executables [EPREFIX/bin] 6 --bindir=DIR user executables [EPREFIX/bin]
7 --sbindir=DIR system admin executables [EPREFIX/sbin] 7 --sbindir=DIR system admin executables [EPREFIX/sbin]
8 --libexecdir=DIR program executables [EPREFIX/libexec] 8 --libexecdir=DIR program executables [EPREFIX/libexec]
9- --sysconfdir=DIR read-only single-machine data [etc] 9- --sysconfdir=DIR read-only single-machine data [/etc]
10+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] 10+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
11 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] 11 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
12 --localstatedir=DIR modifiable single-machine data [PREFIX/var] 12 --localstatedir=DIR modifiable single-machine data [PREFIX/var]
13 --libdir=DIR object code libraries [EPREFIX/lib] 13 --libdir=DIR object code libraries [EPREFIX/lib]
14@@ -1527,6 +1527,7 @@ Optional Packages: 14@@ -1667,6 +1667,7 @@ Optional Packages:
15 --with-devel add development options 15 --with-libraries additional libraries to link with
16 --with-efence link with -lefence for malloc() debugging 16 --with-efence link with -lefence for malloc() debugging
17 --with-csops add CSOps standard options 17 --with-csops add CSOps standard options
18+ --with-nbsdops add NetBSD standard options 18+ --with-nbsdops add NetBSD standard options
19 --without-passwd don't use passwd/shadow file for authentication 19 --without-passwd don't use passwd/shadow file for authentication
20 --with-skey=DIR enable S/Key support 20 --with-skey=DIR enable S/Key support
21 --with-opie=DIR enable OPIE support 21 --with-opie=DIR enable OPIE support
22@@ -2183,7 +2184,6 @@ else 22@@ -4038,6 +4039,22 @@ $as_echo "$as_me: WARNING: Ignoring unkn
 23 esac
23 fi 24 fi
24 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' 
25 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' 
26-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' 
27  
28  
29  
30@@ -2396,6 +2396,23 @@ fi 
31  
32  
33  25
34+# Check whether --with-nbsdops or --without-nbsdops was given. 26+# Check whether --with-nbsdops or --without-nbsdops was given.
35+if test "${with_nbsdops+set}" = set; then 27+if test "${with_nbsdops+set}" = set; then
36+ withval="$with_nbsdops" 28+ withval="$with_nbsdops"
37+ case $with_nbsdops in 29+ case $with_nbsdops in
38+ yes) echo 'Adding NetBSD standard options' 30+ yes) echo 'Adding NetBSD standard options'
39+ CHECKSIA=false 31+ CHECKSIA=false
40+ with_ignore_dot=yes 32+ with_ignore_dot=yes
41+ with_env_editor=yes 33+ with_env_editor=yes
42+ with_tty_tickets=yes 34+ with_tty_tickets=yes
43+ ;; 35+ ;;
44+ no) ;; 36+ no) ;;
45+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" 37+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
46+ ;; 38+ ;;
47+esac 39+esac
48+fi; 40+fi;
49+ 41+
50+ 42
 43
51 # Check whether --with-passwd was given. 44 # Check whether --with-passwd was given.
52 if test "${with_passwd+set}" = set; then 45@@ -14153,7 +14170,7 @@ if test "x$ac_cv_header_login_cap_h" = x
53 withval=$with_passwd; case $with_passwd in 
54@@ -14287,7 +14304,7 @@ if test `eval echo '${'$as_ac_Header'}'` 
55 _ACEOF 46 _ACEOF
56 LOGINCAP_USAGE='[-c class|-] '; LCMAN="" 47 LOGINCAP_USAGE='[-c class|-] '; LCMAN=1
57 case "$OS" in 48 case "$OS" in
58- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" 49- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
59+ dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" 50+ dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil"
60 ;; 51 ;;
61 esac 52 esac
62  53
63@@ -21537,6 +21554,8 @@ fi 54@@ -18468,7 +18485,6 @@ test "$libexecdir" = '${exec_prefix}/lib
 55 test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
 56 test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
 57 test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
 58-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
64  59
65 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext 60 ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers"
66 AUTH_OBJS="$AUTH_OBJS kerb5.o" 
67+fi 
68+if test ${with_kerb5-'no'} != "no"; then 
69 _LIBS="$LIBS" 
70 LIBS="${LIBS} ${SUDO_LIBS}" 
71  61