Pullup ticket #6133 - requested by taca security/sudo: security fix Revisions pulled up: - security/sudo/Makefile 1.174-1.178 - security/sudo/distinfo 1.107-1.109 - security/sudo/patches/patch-Makefile.in 1.2 - security/sudo/patches/patch-configure 1.2 - security/sudo/patches/patch-include_sudo__compat.h deleted - security/sudo/patches/patch-include_sudo__event.h deleted - security/sudo/patches/patch-lib_util_sig2str.c deleted - security/sudo/patches/patch-lib_util_str2sig.c deleted - security/sudo/patches/patch-plugins_sudoers_Makefile.in 1.3 - security/sudo/patches/patch-plugins_sudoers_logging.c deleted - security/sudo/patches/patch-plugins_sudoers_starttime.c deleted - security/sudo/patches/patch-plugins_sudoers_sudoers.c deleted - security/sudo/patches/patch-src_Makefile.in 1.4 - security/sudo/patches/patch-src_limits.c deleted --- Module Name: pkgsrc Committed By: kim Date: Sat Dec 28 20:43:56 UTC 2019 Modified Files: pkgsrc/security/sudo: Makefile distinfo pkgsrc/security/sudo/patches: patch-Makefile.in patch-configure patch-plugins_sudoers_Makefile.in patch-src_Makefile.in Removed Files: pkgsrc/security/sudo/patches: patch-include_sudo__compat.h patch-include_sudo__event.h patch-lib_util_sig2str.c patch-lib_util_str2sig.c patch-plugins_sudoers_logging.c patch-plugins_sudoers_starttime.c patch-plugins_sudoers_sudoers.c patch-src_limits.c Log Message: Update to sudo 1.8.30beta3 * Portability fixes from pkgsrc have been merged upstream * Add runas_check_shell flag to require a runas user to have a valid shell. Not enabled by default. * Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs. Previous, sudo would always allow unknown user or group IDs if the sudoers entry permitted it. This included the "ALL" alias. With this change, the admin must explicitly enable support for unknown IDs. * Transparently handle the "sudo sudoedit" problem. Some admin are confused about how to give users sudoedit permission and many users try to run sudoedit via sudo instead of directly. If the user runs "sudo sudoedit" sudo will now treat it as plain "sudoedit" after issuing a warning. If the admin has specified a fully-qualified path for sudoedit in sudoers, sudo will treat it as just "sudoedit" and match accordingly. In visudo (but not sudo), a fully-qualified path for sudoedit is now treated as an error. * When restoring old resource limits, try to recover if we receive EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft limit is lower than the current resource usage. This can be a problem when restoring the old stack limit if sudo has raised it. * Restore resource limits before executing the askpass program. Linux with docker seems to have issues executing a program when the stack size is unlimited. Bug #908 * macOS does not allow rlim_cur to be set to RLIM_INFINITY for RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS setrlimit manual. Bug #904 * Use 64-bit resource limits on AIX. --- Module Name: pkgsrc Committed By: kim Date: Wed Jan 1 01:47:29 UTC 2020 Modified Files: pkgsrc/security/sudo: Makefile distinfo Log Message: Update to sudo 1.8.30 Notable changes: * The version string no longer has the word "beta" in it. --- Module Name: pkgsrc Committed By: jperkin Date: Sat Jan 18 21:51:16 UTC 2020 Modified Files: pkgsrc/security/sudo: Makefile Log Message: *: Recursive revision bump for openssl 1.1.1. --- Module Name: pkgsrc Committed By: triaxx Date: Thu Jan 30 21:08:00 UTC 2020 Modified Files: pkgsrc/security/sudo: Makefile Log Message: sudo: update master site TW Aren FTP server seems down and the fetching step hangs for hours. --- Module Name: pkgsrc Committed By: kim Date: Mon Feb 3 07:47:56 UTC 2020 Modified Files: pkgsrc/security/sudo: Makefile distinfo Log Message: Update to sudo 1.8.31 What's new: * Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback" sudoers option is enabled on systems with uni-directional pipes. * The "sudoedit_checkdir" option now treats a user-owned directory as writable, even if it does not have the write bit set at the time of check. Symbolic links will no longer be followed by sudoedit in any user-owned directory. Bug #912 * Fixed sudoedit on macOS 10.15 and above where the root file system is mounted read-only. Bug #913. * Fixed a crash introduced in sudo 1.8.30 when suspending sudo at the password prompt. Bug #914. * Fixed compilation on systems where the mmap MAP_ANON flag is not available. Bug #915.diff -r1.173 -r1.173.4.1 pkgsrc/security/sudo/Makefile
(bsiegert)
@@ -1,22 +1,21 @@ | @@ -1,22 +1,21 @@ | |||
1 | # $NetBSD: Makefile,v 1.173 2019/12/19 16:59:44 kim Exp $ | 1 | # $NetBSD: Makefile,v 1.173.4.1 2020/02/09 19:21:38 bsiegert Exp $ | |
2 | 2 | |||
3 | DISTNAME= sudo-1.8.29 | 3 | DISTNAME= sudo-1.8.31 | |
4 | PKGREVISION= 2 | |||
5 | CATEGORIES= security | 4 | CATEGORIES= security | |
6 | MASTER_SITES= https://www.sudo.ws/dist/ | 5 | MASTER_SITES= https://www.sudo.ws/dist/ | |
7 | MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ | 6 | MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ | |
8 | MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ | 7 | MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ | |
9 | MASTER_SITES+= ftp://ftp.twaren.net/Unix/Security/Sudo/ | 8 | MASTER_SITES+= http://ftp.twaren.net/Unix/Security/Sudo/ | |
10 | MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/ | 9 | MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/ | |
11 | 10 | |||
12 | MAINTAINER= pkgsrc-users@NetBSD.org | 11 | MAINTAINER= pkgsrc-users@NetBSD.org | |
13 | HOMEPAGE= https://www.sudo.ws/ | 12 | HOMEPAGE= https://www.sudo.ws/ | |
14 | COMMENT= Allow others to run commands as root | 13 | COMMENT= Allow others to run commands as root | |
15 | LICENSE= isc AND modified-bsd | 14 | LICENSE= isc AND modified-bsd | |
16 | 15 | |||
17 | USE_LIBTOOL= yes | 16 | USE_LIBTOOL= yes | |
18 | GNU_CONFIGURE= yes | 17 | GNU_CONFIGURE= yes | |
19 | CONFIGURE_ARGS+= --disable-path-info | 18 | CONFIGURE_ARGS+= --disable-path-info | |
20 | CONFIGURE_ARGS+= --disable-root-mailer | 19 | CONFIGURE_ARGS+= --disable-root-mailer | |
21 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | 20 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | |
22 | CONFIGURE_ARGS+= --with-exampledir=${PREFIX}/${EGDIR} | 21 | CONFIGURE_ARGS+= --with-exampledir=${PREFIX}/${EGDIR} |
@@ -1,18 +1,10 @@ | @@ -1,18 +1,10 @@ | |||
1 | $NetBSD: distinfo,v 1.106 2019/12/19 16:59:44 kim Exp $ | 1 | $NetBSD: distinfo,v 1.106.4.1 2020/02/09 19:21:38 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (sudo-1.8.29.tar.gz) = fdce342856f1803478eb549479190370001dca95 | 3 | SHA1 (sudo-1.8.31.tar.gz) = 24222b6fb644354c944bc024a0f77548b289410d | |
4 | RMD160 (sudo-1.8.29.tar.gz) = 706c7c8ec2a90b2e464e138384335b7de91d1c25 | 4 | RMD160 (sudo-1.8.31.tar.gz) = 8f67e551df2f528983f675cda6c9c908f9f1950b | |
5 | SHA512 (sudo-1.8.29.tar.gz) = ea780922b2afb47df4df4b533fb355fd916cb18a6bfd13c7ca36a25b03ef585d805648c6fa85692bea363b1f83664ac3bc622f99bcd149b3a86f70522eb4d340 | 5 | SHA512 (sudo-1.8.31.tar.gz) = b9e408a322938c7a712458e9012d8a5f648fba5b23a5057cf5d8372c7f931262595f1575c32c32b9cb1a04af670ff4611e7df48d197e5c4cc038d6b65439a28a | |
6 | Size (sudo-1.8.29.tar.gz) = 3338260 bytes | 6 | Size (sudo-1.8.31.tar.gz) = 3350674 bytes | |
7 | SHA1 (patch-Makefile.in) = 279c7ad0f7f85ea7bc2d4beb5aa21abdf6237a7c | 7 | SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560 | |
8 | SHA1 (patch-configure) = 460b9575346c263b944535aa8e2408e959840c77 | 8 | SHA1 (patch-configure) = 906a90a8e8f5397693d9f410b7715439cf029508 | |
9 | SHA1 (patch-include_sudo__compat.h) = 4f9b021ebdd507949f13e289deabdb6090ab334c | 9 | SHA1 (patch-plugins_sudoers_Makefile.in) = 730193c6437197a7114dd31886050cecdcba6772 | |
10 | SHA1 (patch-include_sudo__event.h) = 4d0787a45c2c7d4a7d3ae3111ccb3a4a4b84d083 | 10 | SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39 | |
11 | SHA1 (patch-lib_util_sig2str.c) = e5636d9e414fc9354cd238751fa4a00026320dd3 | |||
12 | SHA1 (patch-lib_util_str2sig.c) = e04aa67cab901e1be10d59bd1b0ee740aa1295b8 | |||
13 | SHA1 (patch-plugins_sudoers_Makefile.in) = 46bbee9c51664357099dc6d6871341de3e3fcc6f | |||
14 | SHA1 (patch-plugins_sudoers_logging.c) = 700ac9540a82bea4f3106cea941b785e5bd31203 | |||
15 | SHA1 (patch-plugins_sudoers_starttime.c) = acec2f8a96041381582acff4928233568411f2c6 | |||
16 | SHA1 (patch-plugins_sudoers_sudoers.c) = b5aa8a91da50d4b12ea47cd92e29d25ea325b52c | |||
17 | SHA1 (patch-src_Makefile.in) = cc6398a810dc394d8e4b50f2b2412cda839c0ca9 | |||
18 | SHA1 (patch-src_limits.c) = 790c64fed4a4f406ce07b3d0e806866095c0a5ca |
@@ -1,25 +1,25 @@ | @@ -1,25 +1,25 @@ | |||
1 | $NetBSD: patch-Makefile.in,v 1.1 2018/08/14 13:18:38 adam Exp $ | 1 | $NetBSD: patch-Makefile.in,v 1.1.14.1 2020/02/09 19:21:38 bsiegert Exp $ | |
2 | 2 | |||
3 | Don't setuid here. | 3 | Don't setuid here. | |
4 | 4 | |||
5 | --- Makefile.in.orig 2015-10-31 23:35:07.000000000 +0000 | 5 | --- Makefile.in.orig 2019-10-28 15:51:30.000000000 +0200 | |
6 | +++ Makefile.in | 6 | +++ Makefile.in 2019-12-28 21:41:28.028886752 +0200 | |
7 | @@ -63,7 +63,8 @@ SHELL = @SHELL@ | 7 | @@ -64,7 +64,8 @@ | |
8 | SED = @SED@ | 8 | SED = @SED@ | |
9 | 9 | |||
10 | INSTALL = $(SHELL) $(top_srcdir)/install-sh -c | 10 | INSTALL = $(SHELL) $(top_srcdir)/install-sh -c | |
11 | -INSTALL_OWNER = -o $(install_uid) -g $(install_gid) | 11 | -INSTALL_OWNER = -o $(install_uid) -g $(install_gid) | |
12 | +#INSTALL_OWNER = -o $(install_uid) -g $(install_gid) | 12 | +#INSTALL_OWNER = -o $(install_uid) -g $(install_gid) | |
13 | +INSTALL_OWNER = | 13 | +INSTALL_OWNER = | |
14 | 14 | |||
15 | ECHO_N = @ECHO_N@ | 15 | ECHO_N = @ECHO_N@ | |
16 | ECHO_C = @ECHO_C@ | 16 | ECHO_C = @ECHO_C@ | |
17 | @@ -129,7 +130,7 @@ install-doc: config.status ChangeLog | 17 | @@ -165,7 +166,7 @@ | |
18 | exit $$?; \ | 18 | exit $$?; \ | |
19 | done | 19 | done | |
20 | 20 | |||
21 | -install: config.status ChangeLog pre-install install-nls | 21 | -install: config.status ChangeLog pre-install install-nls | |
22 | +install: config.status ChangeLog install-nls | 22 | +install: config.status ChangeLog install-nls | |
23 | for d in $(SUBDIRS); do \ | 23 | for d in $(SUBDIRS); do \ | |
24 | (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \ | 24 | (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \ | |
25 | exit $$?; \ | 25 | exit $$?; \ |
@@ -1,132 +1,132 @@ | @@ -1,132 +1,132 @@ | |||
1 | $NetBSD: patch-configure,v 1.1 2018/08/14 13:18:38 adam Exp $ | 1 | $NetBSD: patch-configure,v 1.1.14.1 2020/02/09 19:21:38 bsiegert Exp $ | |
2 | 2 | |||
3 | * Add "--with-nbsdops" option, NetBSD standard options. | 3 | * Add "--with-nbsdops" option, NetBSD standard options. | |
4 | * Link with util(3) in the case of DragonFly, too. | 4 | * Link with util(3) in the case of DragonFly, too. | |
5 | * When specified "--with-kerb5" option, test existence of several functions | 5 | * When specified "--with-kerb5" option, test existence of several functions | |
6 | even if there is krb5-config. krb5-config dosen't give all definitions for | 6 | even if there is krb5-config. krb5-config dosen't give all definitions for | |
7 | functions (HAVE_KRB5_*). | 7 | functions (HAVE_KRB5_*). | |
8 | * Remove setting sysconfdir to "/etc". | 8 | * Remove setting sysconfdir to "/etc". | |
9 | 9 | |||
10 | --- configure.orig 2017-05-29 20:33:06.000000000 +0000 | 10 | --- configure.orig 2019-12-26 06:24:43.000000000 +0200 | |
11 | +++ configure | 11 | +++ configure 2019-12-28 21:41:28.049372280 +0200 | |
12 | @@ -865,6 +865,7 @@ with_libpath | 12 | @@ -869,6 +869,7 @@ | |
13 | with_libraries | 13 | with_libraries | |
14 | with_efence | 14 | with_efence | |
15 | with_csops | 15 | with_csops | |
16 | +with_nbsdops | 16 | +with_nbsdops | |
17 | with_passwd | 17 | with_passwd | |
18 | with_skey | 18 | with_skey | |
19 | with_opie | 19 | with_opie | |
20 | @@ -1571,7 +1572,7 @@ Fine tuning of the installation director | 20 | @@ -1581,7 +1582,7 @@ | |
21 | --bindir=DIR user executables [EPREFIX/bin] | 21 | --bindir=DIR user executables [EPREFIX/bin] | |
22 | --sbindir=DIR system admin executables [EPREFIX/sbin] | 22 | --sbindir=DIR system admin executables [EPREFIX/sbin] | |
23 | --libexecdir=DIR program executables [EPREFIX/libexec] | 23 | --libexecdir=DIR program executables [EPREFIX/libexec] | |
24 | - --sysconfdir=DIR read-only single-machine data [/etc] | 24 | - --sysconfdir=DIR read-only single-machine data [/etc] | |
25 | + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | 25 | + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | |
26 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | 26 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | |
27 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | 27 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | |
28 | --libdir=DIR object code libraries [EPREFIX/lib] | 28 | --libdir=DIR object code libraries [EPREFIX/lib] | |
29 | @@ -1674,6 +1675,7 @@ Optional Packages: | 29 | @@ -1694,6 +1695,7 @@ | |
30 | --with-libraries additional libraries to link with | 30 | --with-libraries additional libraries to link with | |
31 | --with-efence link with -lefence for malloc() debugging | 31 | --with-efence link with -lefence for malloc() debugging | |
32 | --with-csops add CSOps standard options | 32 | --with-csops add CSOps standard options | |
33 | + --with-nbsdops add NetBSD standard opt ions | 33 | + --with-nbsdops add NetBSD standard opt ions | |
34 | --without-passwd don't use passwd/shadow file for authentication | 34 | --without-passwd don't use passwd/shadow file for authentication | |
35 | --with-skey[=DIR] enable S/Key support | 35 | --with-skey[=DIR] enable S/Key support | |
36 | --with-opie[=DIR] enable OPIE support | 36 | --with-opie[=DIR] enable OPIE support | |
37 | @@ -4746,6 +4748,23 @@ fi | 37 | @@ -4797,6 +4799,23 @@ | |
38 | 38 | |||
39 | 39 | |||
40 | 40 | |||
41 | +# Check whether --with-nbsdops was given. | 41 | +# Check whether --with-nbsdops was given. | |
42 | +if test "${with_nbsdops+set}" = set; then : | 42 | +if test "${with_nbsdops+set}" = set; then : | |
43 | + withval=$with_nbsdops; case $with_nbsdops in | 43 | + withval=$with_nbsdops; case $with_nbsdops in | |
44 | + yes) echo 'Adding NetBSD standard options' | 44 | + yes) echo 'Adding NetBSD standard options' | |
45 | + CHECKSIA=false | 45 | + CHECKSIA=false | |
46 | + with_ignore_dot=yes | 46 | + with_ignore_dot=yes | |
47 | + with_env_editor=yes | 47 | + with_env_editor=yes | |
48 | + with_tty_tickets=yes | 48 | + with_tty_tickets=yes | |
49 | + ;; | 49 | + ;; | |
50 | + no) ;; | 50 | + no) ;; | |
51 | + *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" | 51 | + *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" | |
52 | + ;; | 52 | + ;; | |
53 | +esac | 53 | +esac | |
54 | +fi | 54 | +fi | |
55 | + | 55 | + | |
56 | + | 56 | + | |
57 | + | 57 | + | |
58 | # Check whether --with-passwd was given. | 58 | # Check whether --with-passwd was given. | |
59 | if test "${with_passwd+set}" = set; then : | 59 | if test "${with_passwd+set}" = set; then : | |
60 | withval=$with_passwd; case $with_passwd in | 60 | withval=$with_passwd; case $with_passwd in | |
61 | @@ -15770,7 +15789,7 @@ fi | 61 | @@ -15925,7 +15944,7 @@ | |
62 | : ${mansectsu='1m'} | 62 | : ${mansectsu='1m'} | |
63 | : ${mansectform='4'} | 63 | : ${mansectform='4'} | |
64 | ;; | 64 | ;; | |
65 | - *-*-linux*|*-*-k*bsd*-gnu) | 65 | - *-*-linux*|*-*-k*bsd*-gnu) | |
66 | + *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd) | 66 | + *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd) | |
67 | shadow_funcs="getspnam" | 67 | shadow_funcs="getspnam" | |
68 | test -z "$with_pam" && AUTH_EXCL_DEF="PAM" | 68 | test -z "$with_pam" && AUTH_EXCL_DEF="PAM" | |
69 | # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h | 69 | # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h | |
70 | @@ -17995,7 +18014,7 @@ if test "x$ac_cv_header_login_cap_h" = x | 70 | @@ -18163,7 +18182,7 @@ | |
71 | _ACEOF | 71 | _ACEOF | |
72 | LOGINCAP_USAGE='[-c class] '; LCMAN=1 | 72 | LOGINCAP_USAGE='[-c class] '; LCMAN=1 | |
73 | case "$OS" in | 73 | case "$OS" in | |
74 | - freebsd|netbsd) | 74 | - freebsd|netbsd) | |
75 | + dragonfly*|freebsd|netbsd) | 75 | + dragonfly*|freebsd|netbsd) | |
76 | SUDO_LIBS="${SUDO_LIBS} -lutil" | 76 | SUDO_LIBS="${SUDO_LIBS} -lutil" | |
77 | SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" | 77 | SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" | |
78 | ;; | 78 | ;; | |
79 | @@ -22483,10 +22502,9 @@ if test ${with_pam-"no"} != "no"; then | 79 | @@ -22993,10 +23012,9 @@ | |
80 | # Check for pam_start() in libpam first, then for pam_appl.h. | 80 | # Check for pam_start() in libpam first, then for pam_appl.h. | |
81 | # | 81 | # | |
82 | found_pam_lib=no | 82 | found_pam_lib=no | |
83 | - as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh` | 83 | - as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh` | |
84 | -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 | 84 | -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 | |
85 | + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 | 85 | + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 | |
86 | $as_echo_n "checking for pam_start in -lpam... " >&6; } | 86 | $as_echo_n "checking for pam_start in -lpam... " >&6; } | |
87 | -if eval \${$as_ac_Lib+:} false; then : | 87 | -if eval \${$as_ac_Lib+:} false; then : | |
88 | +if ${ac_cv_lib_pam_pam_start+:} false; then : | 88 | +if ${ac_cv_lib_pam_pam_start+:} false; then : | |
89 | $as_echo_n "(cached) " >&6 | 89 | $as_echo_n "(cached) " >&6 | |
90 | else | 90 | else | |
91 | ac_check_lib_save_LIBS=$LIBS | 91 | ac_check_lib_save_LIBS=$LIBS | |
92 | @@ -22510,18 +22528,17 @@ return pam_start (); | 92 | @@ -23020,18 +23038,17 @@ | |
93 | } | 93 | } | |
94 | _ACEOF | 94 | _ACEOF | |
95 | if ac_fn_c_try_link "$LINENO"; then : | 95 | if ac_fn_c_try_link "$LINENO"; then : | |
96 | - eval "$as_ac_Lib=yes" | 96 | - eval "$as_ac_Lib=yes" | |
97 | + ac_cv_lib_pam_pam_start=yes | 97 | + ac_cv_lib_pam_pam_start=yes | |
98 | else | 98 | else | |
99 | - eval "$as_ac_Lib=no" | 99 | - eval "$as_ac_Lib=no" | |
100 | + ac_cv_lib_pam_pam_start=no | 100 | + ac_cv_lib_pam_pam_start=no | |
101 | fi | 101 | fi | |
102 | rm -f core conftest.err conftest.$ac_objext \ | 102 | rm -f core conftest.err conftest.$ac_objext \ | |
103 | conftest$ac_exeext conftest.$ac_ext | 103 | conftest$ac_exeext conftest.$ac_ext | |
104 | LIBS=$ac_check_lib_save_LIBS | 104 | LIBS=$ac_check_lib_save_LIBS | |
105 | fi | 105 | fi | |
106 | -eval ac_res=\$$as_ac_Lib | 106 | -eval ac_res=\$$as_ac_Lib | |
107 | - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | 107 | - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | |
108 | -$as_echo "$ac_res" >&6; } | 108 | -$as_echo "$ac_res" >&6; } | |
109 | -if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : | 109 | -if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : | |
110 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 | 110 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 | |
111 | +$as_echo "$ac_cv_lib_pam_pam_start" >&6; } | 111 | +$as_echo "$ac_cv_lib_pam_pam_start" >&6; } | |
112 | +if test "x$ac_cv_lib_pam_pam_start" = xyes; then : | 112 | +if test "x$ac_cv_lib_pam_pam_start" = xyes; then : | |
113 | found_pam_lib=yes | 113 | found_pam_lib=yes | |
114 | fi | 114 | fi | |
115 | 115 | |||
116 | @@ -23256,6 +23273,8 @@ fi | 116 | @@ -23766,6 +23783,8 @@ | |
117 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | 117 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | |
118 | AUTH_OBJS="$AUTH_OBJS kerb5.lo" | 118 | AUTH_OBJS="$AUTH_OBJS kerb5.lo" | |
119 | fi | 119 | fi | |
120 | +fi | 120 | +fi | |
121 | +if test ${with_kerb5-'no'} != "no"; then | 121 | +if test ${with_kerb5-'no'} != "no"; then | |
122 | _LIBS="$LIBS" | 122 | _LIBS="$LIBS" | |
123 | LIBS="${LIBS} ${SUDOERS_LIBS}" | 123 | LIBS="${LIBS} ${SUDOERS_LIBS}" | |
124 | for ac_func in krb5_verify_user krb5_init_secure_context | 124 | for ac_func in krb5_verify_user krb5_init_secure_context | |
125 | @@ -26426,7 +26445,6 @@ test "$datarootdir" = '${prefix}/share' | 125 | @@ -27026,7 +27045,6 @@ | |
126 | test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' | 126 | test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' | |
127 | test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' | 127 | test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' | |
128 | test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' | 128 | test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' | |
129 | -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' | 129 | -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' | |
130 | 130 | |||
131 | if test X"$INIT_SCRIPT" != X""; then | 131 | if test X"$INIT_SCRIPT" != X""; then | |
132 | ac_config_files="$ac_config_files init.d/$INIT_SCRIPT" | 132 | ac_config_files="$ac_config_files init.d/$INIT_SCRIPT" |
@@ -1,15 +1,15 @@ | @@ -1,15 +1,15 @@ | |||
1 | $NetBSD: patch-plugins_sudoers_Makefile.in,v 1.2 2019/12/15 18:42:10 adam Exp $ | 1 | $NetBSD: patch-plugins_sudoers_Makefile.in,v 1.2.4.1 2020/02/09 19:21:38 bsiegert Exp $ | |
2 | 2 | |||
3 | Do not install the sudoers file to etc. | 3 | Do not install the sudoers file to etc. | |
4 | 4 | |||
5 | --- plugins/sudoers/Makefile.in.orig 2019-10-28 12:28:53.000000000 +0000 | 5 | --- plugins/sudoers/Makefile.in.orig 2019-12-25 21:21:05.000000000 +0200 | |
6 | +++ plugins/sudoers/Makefile.in | 6 | +++ plugins/sudoers/Makefile.in 2019-12-28 22:01:00.540953438 +0200 | |
7 | @@ -394,7 +394,7 @@ pre-install: | 7 | @@ -396,7 +396,7 @@ | |
8 | ./visudo -c -f $(sudoersdir)/sudoers; \ | 8 | fi; \ | |
9 | fi | 9 | fi | |
10 | 10 | |||
11 | -install: install-plugin install-binaries install-sudoers install-doc | 11 | -install: install-plugin install-binaries install-sudoers install-doc | |
12 | +install: install-plugin install-binaries install-doc | 12 | +install: install-plugin install-binaries install-doc | |
13 | 13 | |||
14 | install-dirs: | 14 | install-dirs: | |
15 | $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ | 15 | $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ |
@@ -1,15 +1,15 @@ | @@ -1,15 +1,15 @@ | |||
1 | $NetBSD: patch-src_Makefile.in,v 1.3 2018/03/07 09:17:06 adam Exp $ | 1 | $NetBSD: patch-src_Makefile.in,v 1.3.18.1 2020/02/09 19:21:38 bsiegert Exp $ | |
2 | 2 | |||
3 | * install the suid sudo without write-bits | 3 | * install the suid sudo without write-bits | |
4 | 4 | |||
5 | --- src/Makefile.in.orig 2015-10-31 23:35:25.000000000 +0000 | 5 | --- src/Makefile.in.orig 2019-12-10 15:11:46.000000000 +0200 | |
6 | +++ src/Makefile.in | 6 | +++ src/Makefile.in 2019-12-28 21:51:27.794734242 +0200 | |
7 | @@ -198,7 +198,7 @@ install-rc: install-dirs | 7 | @@ -219,7 +219,7 @@ | |
8 | fi | 8 | fi | |
9 | 9 | |||
10 | install-binaries: install-dirs $(PROGS) | 10 | install-binaries: install-dirs $(PROGS) | |
11 | - INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04755 sudo $(DESTDIR)$(bindir)/sudo | 11 | - INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04755 sudo $(DESTDIR)$(bindir)/sudo | |
12 | + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04555 sudo $(DESTDIR)$(bindir)/sudo | 12 | + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 04555 sudo $(DESTDIR)$(bindir)/sudo | |
13 | rm -f $(DESTDIR)$(bindir)/sudoedit | 13 | rm -f $(DESTDIR)$(bindir)/sudoedit | |
14 | ln -s sudo $(DESTDIR)$(bindir)/sudoedit | 14 | ln -s sudo $(DESTDIR)$(bindir)/sudoedit | |
15 | if [ -f sesh ]; then \ | 15 | if [ -f sesh ]; then \ |