Sat May 19 10:42:03 2012 UTC ()
Pullup ticket #3790 - requested by taca
security/sudo: security update

Revisions pulled up:
- security/sudo/Makefile                                        1.136 via patch
- security/sudo/distinfo                                        1.78
- security/sudo/patches/patch-aa                                1.29

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed May 16 14:49:56 UTC 2012

   Modified Files:
   	pkgsrc/security/sudo: Makefile distinfo
   	pkgsrc/security/sudo/patches: patch-aa

   Log Message:
   Update sudo package to 1.7.9p1.

   Fix seuciry problem of CVE-2012-2337.

   What's new in Sudo 1.7.9p1?

    * Fixed a bug when matching against an IP address with an associated
      netmask in the sudoers file.  In certain circumstances, this
      could allow users to run commands on hosts they are not authorized
      for.

   What's new in Sudo 1.7.9?

    * Fixed a false positive in visudo strict mode when aliases are
      in use.

    * The line on which a syntax error is reported in the sudoers file
      is now more accurate.  Previously it was often off by a line.

    * The #include and #includedir directives in sudoers now support
      relative paths.  If the path is not fully qualified it is expected
      to be located in the same directory of the sudoers file that is
      including it.

    * visudo will now fix the mode on the sudoers file even if no changes
      are made unless the -f option is specified.

    * The "use_loginclass" sudoers option works properly again.

    * For LDAP-based sudoers, values in the search expression are now
      escaped as per RFC 4515.

    * Fixed a race condition when I/O logging is not enabled that could
      result in tty-generated signals (e.g. control-C) being received
      by the command twice.

    * If none of the standard input, output or error are connected to
      a tty device, sudo will now check its parent's standard input,
      output or error for the tty name on systems with /proc and BSD
      systems that support the KERN_PROC_PID sysctl.  This allows
      tty-based tickets to work properly even when, e.g. standard
      input, output and error are redirected to /dev/null.

    * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
      the results, which would be incorrectly be interpreted as if the
      sudoers file had specified a directory.

    * "visudo -c" will now list any include files that were checked
      in addition to the main sudoers file when everything parses OK.

    * Users that only have read-only access to the sudoers file may
      now run "visudo -c".  Previously, write permissions were required
      even though no writing is down in check-only mode.

   What's new in Sudo 1.7.8p2?

    * Fixed a crash in the monitor process on Solaris when NOPASSWD
      was specified or when authentication was disabled.


(tron)
diff -r1.134 -r1.134.2.1 pkgsrc/security/sudo/Makefile
diff -r1.75 -r1.75.4.1 pkgsrc/security/sudo/distinfo
diff -r1.28 -r1.28.6.1 pkgsrc/security/sudo/patches/patch-aa
cvs diff -r1.134 -r1.134.2.1 pkgsrc/security/sudo/Makefile (expand / switch to unified diff)

--- pkgsrc/security/sudo/Makefile 2012/03/14 14:20:38 1.134
+++ pkgsrc/security/sudo/Makefile 2012/05/19 10:42:02 1.134.2.1
@@ -1,18 +1,17 @@ @@ -1,18 +1,17 @@
1# $NetBSD: Makefile,v 1.134 2012/03/14 14:20:38 wiz Exp $ 1# $NetBSD: Makefile,v 1.134.2.1 2012/05/19 10:42:02 tron Exp $
2# 2#
3 3
4DISTNAME= sudo-1.7.8p1 4DISTNAME= sudo-1.7.9p1
5PKGREVISION= 1 
6CATEGORIES= security 5CATEGORIES= security
7MASTER_SITES= http://www.sudo.ws/dist/ \ 6MASTER_SITES= http://www.sudo.ws/dist/ \
8 ftp://ftp.sudo.ws/pub/sudo/ \ 7 ftp://ftp.sudo.ws/pub/sudo/ \
9 ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ \ 8 ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ \
10 ftp://ftp.twaren.net/Unix/Security/Sudo/ \ 9 ftp://ftp.twaren.net/Unix/Security/Sudo/ \
11 http://ftp.tux.org/pub/security/sudo/ 10 http://ftp.tux.org/pub/security/sudo/
12 11
13MAINTAINER= kim@tac.nyc.ny.us 12MAINTAINER= kim@tac.nyc.ny.us
14HOMEPAGE= http://www.sudo.ws/ 13HOMEPAGE= http://www.sudo.ws/
15COMMENT= Allow others to run commands as root 14COMMENT= Allow others to run commands as root
16LICENSE= isc AND modified-bsd 15LICENSE= isc AND modified-bsd
17 16
18PKG_INSTALLATION_TYPES= overwrite pkgviews 17PKG_INSTALLATION_TYPES= overwrite pkgviews
cvs diff -r1.75 -r1.75.4.1 pkgsrc/security/sudo/distinfo (expand / switch to unified diff)

--- pkgsrc/security/sudo/distinfo 2011/11/01 15:09:17 1.75
+++ pkgsrc/security/sudo/distinfo 2012/05/19 10:42:02 1.75.4.1
@@ -1,9 +1,9 @@ @@ -1,9 +1,9 @@
1$NetBSD: distinfo,v 1.75 2011/11/01 15:09:17 taca Exp $ 1$NetBSD: distinfo,v 1.75.4.1 2012/05/19 10:42:02 tron Exp $
2 2
3SHA1 (sudo-1.7.8p1.tar.gz) = e5d9016b7d3a4449b724483fe165dc13198ce44c 3SHA1 (sudo-1.7.9p1.tar.gz) = cbca68bae8b85e8518690d78685ca67d0696ce15
4RMD160 (sudo-1.7.8p1.tar.gz) = a89e0c2d709cc8d8cbe4360f3e08d7459bca0a4c 4RMD160 (sudo-1.7.9p1.tar.gz) = 1ec37d34bad3ab3a27ec123da81d33e2ac3deb72
5Size (sudo-1.7.8p1.tar.gz) = 1157350 bytes 5Size (sudo-1.7.9p1.tar.gz) = 1173934 bytes
6SHA1 (patch-aa) = 70aa1a1da2d0cd9c8c8d9cbeab747b85028511f7 6SHA1 (patch-aa) = 014a8a634abb3c61f63e3e127a4ebf20f5a0e4bf
7SHA1 (patch-af) = 0dce4ebbc82ab644565f71e8f472c407ddbaabf5 7SHA1 (patch-af) = 0dce4ebbc82ab644565f71e8f472c407ddbaabf5
8SHA1 (patch-ag) = fe8409164b61bdb229ca81d391de96898436ea0b 8SHA1 (patch-ag) = fe8409164b61bdb229ca81d391de96898436ea0b
9SHA1 (patch-logging.c) = 26608d7423b77f71f17b37cc87f4b2e75978d7cb 9SHA1 (patch-logging.c) = 26608d7423b77f71f17b37cc87f4b2e75978d7cb
cvs diff -r1.28 -r1.28.6.1 pkgsrc/security/sudo/patches/Attic/patch-aa (expand / switch to unified diff)

--- pkgsrc/security/sudo/patches/Attic/patch-aa 2011/09/18 14:18:25 1.28
+++ pkgsrc/security/sudo/patches/Attic/patch-aa 2012/05/19 10:42:03 1.28.6.1
@@ -1,78 +1,80 @@ @@ -1,78 +1,80 @@
1$NetBSD: patch-aa,v 1.28 2011/09/18 14:18:25 ryoon Exp $ 1$NetBSD: patch-aa,v 1.28.6.1 2012/05/19 10:42:03 tron Exp $
2 2
3* Fix libtools's link option. 3* Fix libtools's link option.
4* Prevent to install sudoers files and directory. 4* Prevent to install sudoers files and directory.
5* Use standard instal(8) option instead of shell wrapper. 5* Use standard instal(8) option instead of shell wrapper.
6* Don't setuid here. 6* Don't setuid here.
7 7
8--- Makefile.in.orig 2011-08-13 17:29:18 +0000 8--- Makefile.in.orig 2012-02-10 17:52:13.000000000 +0000
9+++ Makefile.in 9+++ Makefile.in
10@@ -222,7 +222,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c 10@@ -222,7 +222,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c
11 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c 11 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
12  12
13 libsudo_noexec.la: sudo_noexec.lo 13 libsudo_noexec.la: sudo_noexec.lo
14- $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) 14- $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
15+ $(LIBTOOL) --mode=link $(CC) -module $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) 15+ $(LIBTOOL) --mode=link $(CC) -module $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
16  16
17 # Uncomment the following if you want "make distclean" to clean the parser 17 # Uncomment the following if you want "make distclean" to clean the parser
18 @DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate 18 @DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate
19@@ -543,43 +543,43 @@ pre-install: 19@@ -545,44 +545,44 @@ pre-install:
20 ./visudo -c -f $(DESTDIR)$(sudoersdir)/sudoers; \ 20 ./visudo -c -f $(DESTDIR)$(sudoersdir)/sudoers; \
21 fi 21 fi
22  22
23-install: pre-install install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-doc 23-install: pre-install install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-doc
24+install: install-binaries @INSTALL_NOEXEC@ install-doc 24+install: install-binaries @INSTALL_NOEXEC@ install-doc
25  25
26 install-dirs: 26 install-dirs:
27 $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \ 27 $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \
28 $(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir) \ 28 $(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir) \
29- $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \ 29- $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \
30+ $(DESTDIR)$(docdir) \ 30+ $(DESTDIR)$(sudoersdir) \
31 $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) 31 $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \
32 $(SHELL) $(srcdir)/mkinstalldirs -m 0700 $(DESTDIR)$(timedir) 32 `echo $(DESTDIR)$(timedir)|sed 's,/[^/]*$$,,'`
 33- $(INSTALL) -d -O $(install_uid) -G $(install_gid) -m 0700 $(DESTDIR)$(timedir)
 34+ $(INSTALL) -d -m 0700 $(DESTDIR)$(timedir)
33  35
34 install-binaries: install-dirs $(PROGS) 36 install-binaries: install-dirs $(PROGS)
35- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo 37- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo
36+ $(INSTALL) sudo $(DESTDIR)$(sudodir)/sudo 38+ $(INSTALL) sudo $(DESTDIR)$(sudodir)/sudo
37 rm -f $(DESTDIR)$(sudodir)/sudoedit 39 rm -f $(DESTDIR)$(sudodir)/sudoedit
38 ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit 40 ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
39- if [ -f sudoreplay ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi 41- if [ -f sudoreplay ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
40- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo 42- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo
41- if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi 43- if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi
42+ if [ -f sudoreplay ]; then $(INSTALL) sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi 44+ if [ -f sudoreplay ]; then $(INSTALL) sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
43+ $(INSTALL) visudo $(DESTDIR)$(visudodir)/visudo 45+ $(INSTALL) visudo $(DESTDIR)$(visudodir)/visudo
44+ if [ -f sesh ]; then $(INSTALL) sesh $(DESTDIR)$(libexecdir)/sesh; fi 46+ if [ -f sesh ]; then $(INSTALL) sesh $(DESTDIR)$(libexecdir)/sesh; fi
45  47
46 install-noexec: install-dirs libsudo_noexec.la 48 install-noexec: install-dirs libsudo_noexec.la
47- if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi 49- if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
48+ if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi 50+ if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
49  51
50 install-sudoers: install-dirs 52 install-sudoers: install-dirs
51- $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \ 53- $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -m 0750 \
52+ $(INSTALL) -d -o $(sudoers_uid) -g $(sudoers_gid) -m 0750 \ 54+ $(INSTALL) -d -m 0750 \
53 $(DESTDIR)$(sudoersdir)/sudoers.d 55 $(DESTDIR)$(sudoersdir)/sudoers.d
54 test -f $(DESTDIR)$(sudoersdir)/sudoers || \ 56 test -f $(DESTDIR)$(sudoersdir)/sudoers || \
55- $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \ 57- $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -m $(sudoers_mode) \
56+ $(INSTALL) -o $(sudoers_uid) -g $(sudoers_gid) -m $(sudoers_mode) \ 58+ $(INSTALL) -m $(sudoers_mode) \
57 sudoers $(DESTDIR)$(sudoersdir)/sudoers 59 sudoers $(DESTDIR)$(sudoersdir)/sudoers
58  60
59 install-doc: install-dirs ChangeLog 61 install-doc: install-dirs ChangeLog
60- (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) 62- (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done)
61- @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) 63- @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done)
62- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) 64- $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
63+ (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -m 0444 $$f $(DESTDIR)$(docdir); done) 65+ (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -m 0444 $$f $(DESTDIR)$(docdir); done)
64+ @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -m 0444 $$f $(DESTDIR)$(docdir); done) 66+ @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -m 0444 $$f $(DESTDIR)$(docdir); done)
65+ $(INSTALL) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) 67+ $(INSTALL) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
66 @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) 68 @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
67 ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) 69 ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
68- @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) 70- @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
69- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) 71- $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
70- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) 72- $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
71- @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) 73- @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
72+ @REPLAY@$(INSTALL) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) 74+ @REPLAY@$(INSTALL) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
73+ $(INSTALL) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) 75+ $(INSTALL) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
74+ $(INSTALL) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) 76+ $(INSTALL) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
75+ @LDAP@$(INSTALL) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) 77+ @LDAP@$(INSTALL) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
76 @MAN_POSTINSTALL@ 78 @MAN_POSTINSTALL@
77  79
78 check: 80 check: