Mon Jan 18 14:32:24 2021 UTC ()
security/sudo: update to 1.9.5p1

Update sudo package to 1.9.5p1.  CHanges from 1.8.31p2 are too many to
write here.  Please refer <https://www.sudo.ws/stable.html>.

1.9.5 fixes these security problems:

* Fixed CVE-2021-23239, a potential information leak in sudoedit that
  could be used to test for the existence of directories not normally
  accessible to the user in certain circumstances.  When creating a new
  file, sudoedit checks to make sure the parent directory of the new file
  exists before running the editor.  However, a race condition exists if
  the invoking user can replace (or create) the parent directory. If a
  symbolic link is created in place of the parent directory, sudoedit will
  run the editor as long as the target of the link exists.  If the target
  of the link does not exist, an error message will be displayed.  The
  race condition can be used to test for the existence of an arbitrary
  directory.  However, it cannot be used to write to an arbitrary
  location.

* Fixed CVE-2021-23240, a flaw in the temporary file handling of
  sudoedit's SELinux RBAC support.  On systems where SELinux is enabled, a
  user with sudoedit permissions may be able to set the owner of an
  arbitrary file to the user-ID of the target user.  On Linux kernels that
  support protected symlinks setting /proc/sys/fs/protected_symlinks to 1
  will prevent the bug from being exploited.  For more information, see
  Symbolic link attack in SELinux-enabled sudoedit.

Quote from 1.9.0 features:

* The maximum length of a conversation reply has been increased from 255
  to 1023 characters.  This allows for longer user passwords. Bug #860.

* Sudo now includes a logging daemon, sudo_logsrvd, which can be used to
  implement centralized logging of I/O logs.  TLS connections are
  supported when sudo is configured with the --enable-openssl option.  For
  more information, see the sudo_logsrvd, sudo_logsrvd.conf and
  sudo_logsrv.proto manuals as well as the log_servers setting in the
  sudoers manual.

* The --disable-log-server and --disable-log-client configure options can
  be used to disable building the I/O log server and/or remote I/O log
  support in the sudoers plugin.

* The new sudo_sendlog utility can be used to test sudo_logsrvd or send
  existing sudo I/O logs to a centralized server.

* It is now possible to write sudo plugins in Python 4 when sudo is
  configured with the --enable-python option.  See the sudo_plugin_python
  manual for details.

  Sudo 1.9.0 comes with several Python example plugins that get installed
  sudo's examples directory.

  The sudo blog article What's new in sudo 1.9: Python includes a simple
  tutorial on writing python plugins.

* Sudo now supports an audit plugin type.  An audit plugin receives
  accept, reject, exit and error messages and can be used to implement
  custom logging that is independent of the underlying security policy.
  Multiple audit plugins may be specified in the sudo.conf file.  A sample
  audit plugin is included that writes logs in JSON format.

* Sudo now supports an approval plugin type.  An approval plugin is run
  only after the main security policy (such as sudoers) accepts a command
  to be run.  The approval policy may perform additional checks,
  potentially interacting with the user.  Multiple approval plugins may be
  specified in the sudo.conf file.  Only if all approval plugins succeed
  will the command be allowed.

* Sudo's -S command line option now causes the sudo conversation function
  to write to the standard output or standard error instead of the
  terminal device.


(taca)
diff -r1.180 -r1.181 pkgsrc/security/sudo/Makefile
diff -r1.18 -r1.19 pkgsrc/security/sudo/PLIST
diff -r1.111 -r1.112 pkgsrc/security/sudo/distinfo
diff -r1.3 -r1.4 pkgsrc/security/sudo/patches/patch-configure
diff -r1.3 -r1.4 pkgsrc/security/sudo/patches/patch-plugins_sudoers_Makefile.in
diff -r0 -r1.1 pkgsrc/security/sudo/patches/patch-examples_Makefile.in
diff -r0 -r1.1 pkgsrc/security/sudo/patches/patch-logsrvd_Makefile.in
cvs diff -r1.180 -r1.181 pkgsrc/security/sudo/Makefile (expand / switch to unified diff)

--- pkgsrc/security/sudo/Makefile 2020/09/19 14:04:29 1.180
+++ pkgsrc/security/sudo/Makefile 2021/01/18 14:32:23 1.181
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.180 2020/09/19 14:04:29 taca Exp $ 1# $NetBSD: Makefile,v 1.181 2021/01/18 14:32:23 taca Exp $
2 2
3DISTNAME= sudo-1.8.31p2 3DISTNAME= sudo-1.9.5p1
4CATEGORIES= security 4CATEGORIES= security
5MASTER_SITES= https://www.sudo.ws/dist/ 5MASTER_SITES= https://www.sudo.ws/dist/
6MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ 6MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
7MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ 7MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/
8MASTER_SITES+= http://ftp.twaren.net/Unix/Security/Sudo/ 8MASTER_SITES+= http://ftp.twaren.net/Unix/Security/Sudo/
9MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/ 9MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/
10 10
11MAINTAINER= pkgsrc-users@NetBSD.org 11MAINTAINER= pkgsrc-users@NetBSD.org
12HOMEPAGE= https://www.sudo.ws/ 12HOMEPAGE= https://www.sudo.ws/
13COMMENT= Allow others to run commands as root 13COMMENT= Allow others to run commands as root
14LICENSE= isc AND modified-bsd 14LICENSE= isc AND modified-bsd
15 15
16USE_LIBTOOL= yes 16USE_LIBTOOL= yes
@@ -44,27 +44,32 @@ PLIST.noexec= yes @@ -44,27 +44,32 @@ PLIST.noexec= yes
44CFLAGS+= -D_OPENBSD_SOURCE=1 44CFLAGS+= -D_OPENBSD_SOURCE=1
45.endif 45.endif
46.if !empty(MACHINE_PLATFORM:MNetBSD-[5-6].*-*) 46.if !empty(MACHINE_PLATFORM:MNetBSD-[5-6].*-*)
47CFLAGS+= -D_INCOMPLETE_XOPEN_C063=1 47CFLAGS+= -D_INCOMPLETE_XOPEN_C063=1
48.endif 48.endif
49 49
50.include "options.mk" 50.include "options.mk"
51 51
52OWN_DIRS+= ${VARBASE}/run 52OWN_DIRS+= ${VARBASE}/run
53BUILD_DEFS+= VARBASE 53BUILD_DEFS+= VARBASE
54 54
55DOCDIR= share/doc/${PKGBASE} 55DOCDIR= share/doc/${PKGBASE}
56EGDIR= share/examples/${PKGBASE} 56EGDIR= share/examples/${PKGBASE}
57CONF_FILES_PERMS= ${EGDIR}/sudoers ${PKG_SYSCONFDIR}/sudoers \ 57CONF_FILES_PERMS= ${EGDIR}/sudo.conf ${PKG_SYSCONFDIR}/sudo.conf \
 58 ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440
 59CONF_FILES_PERMS+= ${EGDIR}/sudo_logsrvd.conf \
 60 ${PKG_SYSCONFDIR}/sudo_logsrvd.conf \
 61 ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440
 62CONF_FILES_PERMS+= ${EGDIR}/sudoers ${PKG_SYSCONFDIR}/sudoers \
58 ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440 63 ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440
59OWN_DIRS+= ${PKG_SYSCONFDIR}/sudoers.d 64OWN_DIRS+= ${PKG_SYSCONFDIR}/sudoers.d
60SPECIAL_PERMS+= bin/sudo ${SETUID_ROOT_PERMS} 65SPECIAL_PERMS+= bin/sudo ${SETUID_ROOT_PERMS}
61SPECIAL_PERMS+= bin/sudoreplay ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 511 66SPECIAL_PERMS+= bin/sudoreplay ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 511
62 67
63INSTALLATION_DIRS+= ${DOCDIR} ${EGDIR} 68INSTALLATION_DIRS+= ${DOCDIR} ${EGDIR}
64NOT_FOR_UNPRIVILEGED= yes 69NOT_FOR_UNPRIVILEGED= yes
65 70
66post-install: 71post-install:
67 ${INSTALL_DATA} ${WRKSRC}/doc/UPGRADE ${DESTDIR}${PREFIX}/${DOCDIR} 72 ${INSTALL_DATA} ${WRKSRC}/doc/UPGRADE ${DESTDIR}${PREFIX}/${DOCDIR}
68 ${INSTALL_DATA} ${WRKSRC}/plugins/sudoers/sudoers ${DESTDIR}${PREFIX}/${EGDIR}/sudoers 73 ${INSTALL_DATA} ${WRKSRC}/plugins/sudoers/sudoers ${DESTDIR}${PREFIX}/${EGDIR}/sudoers
69 ${INSTALL_DATA} ${WRKSRC}/README ${DESTDIR}${PREFIX}/${DOCDIR} 74 ${INSTALL_DATA} ${WRKSRC}/README ${DESTDIR}${PREFIX}/${DOCDIR}
70 75
cvs diff -r1.18 -r1.19 pkgsrc/security/sudo/PLIST (expand / switch to unified diff)

--- pkgsrc/security/sudo/PLIST 2019/10/31 14:43:13 1.18
+++ pkgsrc/security/sudo/PLIST 2021/01/18 14:32:23 1.19
@@ -1,50 +1,59 @@ @@ -1,50 +1,59 @@
1@comment $NetBSD: PLIST,v 1.18 2019/10/31 14:43:13 triaxx Exp $ 1@comment $NetBSD: PLIST,v 1.19 2021/01/18 14:32:23 taca Exp $
2bin/cvtsudoers 2bin/cvtsudoers
3bin/sudo 3bin/sudo
4bin/sudoedit 4bin/sudoedit
5bin/sudoreplay 5bin/sudoreplay
6include/sudo_plugin.h 6include/sudo_plugin.h
 7lib/sudo/audit_json.la
7lib/sudo/group_file.la 8lib/sudo/group_file.la
8lib/sudo/libsudo_util.la 9lib/sudo/libsudo_util.la
 10lib/sudo/sample_approval.la
9${PLIST.noexec}lib/sudo/sudo_noexec.la 11${PLIST.noexec}lib/sudo/sudo_noexec.la
10lib/sudo/sudoers.la 12lib/sudo/sudoers.la
11lib/sudo/system_group.la 13lib/sudo/system_group.la
12man/man1/cvtsudoers.1 14man/man1/cvtsudoers.1
13man/man5/sudo.conf.5 15man/man5/sudo.conf.5
 16man/man5/sudo_logsrv.proto.5
 17man/man5/sudo_logsrvd.conf.5
14man/man5/sudoers.5 18man/man5/sudoers.5
15${PLIST.ldap}man/man5/sudoers.ldap.5 19${PLIST.ldap}man/man5/sudoers.ldap.5
16man/man5/sudoers_timestamp.5 20man/man5/sudoers_timestamp.5
17man/man8/sudo.8 21man/man8/sudo.8
 22man/man8/sudo_logsrvd.8
18man/man8/sudo_plugin.8 23man/man8/sudo_plugin.8
 24man/man8/sudo_sendlog.8
19man/man8/sudoedit.8 25man/man8/sudoedit.8
20man/man8/sudoreplay.8 26man/man8/sudoreplay.8
21man/man8/visudo.8 27man/man8/visudo.8
 28sbin/sudo_logsrvd
 29sbin/sudo_sendlog
22sbin/visudo 30sbin/visudo
23share/doc/sudo/CONTRIBUTORS 31share/doc/sudo/CONTRIBUTORS
24share/doc/sudo/ChangeLog 32share/doc/sudo/ChangeLog
25share/doc/sudo/HISTORY 33share/doc/sudo/HISTORY
26share/doc/sudo/LICENSE 34share/doc/sudo/LICENSE
27share/doc/sudo/NEWS 35share/doc/sudo/NEWS
28share/doc/sudo/README 36share/doc/sudo/README
29${PLIST.ldap}share/doc/sudo/README.LDAP 37${PLIST.ldap}share/doc/sudo/README.LDAP
30share/doc/sudo/TROUBLESHOOTING 38share/doc/sudo/TROUBLESHOOTING
31share/doc/sudo/UPGRADE 39share/doc/sudo/UPGRADE
32${PLIST.ldap}share/doc/sudo/schema.ActiveDirectory 40${PLIST.ldap}share/doc/sudo/schema.ActiveDirectory
33${PLIST.ldap}share/doc/sudo/schema.OpenLDAP 41${PLIST.ldap}share/doc/sudo/schema.OpenLDAP
34${PLIST.ldap}share/doc/sudo/schema.iPlanet 42${PLIST.ldap}share/doc/sudo/schema.iPlanet
35${PLIST.ldap}share/doc/sudo/schema.olcSudo 43${PLIST.ldap}share/doc/sudo/schema.olcSudo
36share/examples/sudo/pam.conf 44share/examples/sudo/pam.conf
37share/examples/sudo/sudo.conf 45share/examples/sudo/sudo.conf
 46share/examples/sudo/sudo_logsrvd.conf
38share/examples/sudo/sudoers 47share/examples/sudo/sudoers
39share/examples/sudo/syslog.conf 48share/examples/sudo/syslog.conf
40${PLIST.nls}share/locale/ast/LC_MESSAGES/sudo.mo 49${PLIST.nls}share/locale/ast/LC_MESSAGES/sudo.mo
41${PLIST.nls}share/locale/ast/LC_MESSAGES/sudoers.mo 50${PLIST.nls}share/locale/ast/LC_MESSAGES/sudoers.mo
42${PLIST.nls}share/locale/ca/LC_MESSAGES/sudo.mo 51${PLIST.nls}share/locale/ca/LC_MESSAGES/sudo.mo
43${PLIST.nls}share/locale/ca/LC_MESSAGES/sudoers.mo 52${PLIST.nls}share/locale/ca/LC_MESSAGES/sudoers.mo
44${PLIST.nls}share/locale/cs/LC_MESSAGES/sudo.mo 53${PLIST.nls}share/locale/cs/LC_MESSAGES/sudo.mo
45${PLIST.nls}share/locale/cs/LC_MESSAGES/sudoers.mo 54${PLIST.nls}share/locale/cs/LC_MESSAGES/sudoers.mo
46${PLIST.nls}share/locale/da/LC_MESSAGES/sudo.mo 55${PLIST.nls}share/locale/da/LC_MESSAGES/sudo.mo
47${PLIST.nls}share/locale/da/LC_MESSAGES/sudoers.mo 56${PLIST.nls}share/locale/da/LC_MESSAGES/sudoers.mo
48${PLIST.nls}share/locale/de/LC_MESSAGES/sudo.mo 57${PLIST.nls}share/locale/de/LC_MESSAGES/sudo.mo
49${PLIST.nls}share/locale/de/LC_MESSAGES/sudoers.mo 58${PLIST.nls}share/locale/de/LC_MESSAGES/sudoers.mo
50${PLIST.nls}share/locale/el/LC_MESSAGES/sudoers.mo 59${PLIST.nls}share/locale/el/LC_MESSAGES/sudoers.mo
@@ -72,26 +81,28 @@ ${PLIST.nls}share/locale/ko/LC_MESSAGES/ @@ -72,26 +81,28 @@ ${PLIST.nls}share/locale/ko/LC_MESSAGES/
72${PLIST.nls}share/locale/ko/LC_MESSAGES/sudoers.mo 81${PLIST.nls}share/locale/ko/LC_MESSAGES/sudoers.mo
73${PLIST.nls}share/locale/lt/LC_MESSAGES/sudoers.mo 82${PLIST.nls}share/locale/lt/LC_MESSAGES/sudoers.mo
74${PLIST.nls}share/locale/nb/LC_MESSAGES/sudo.mo 83${PLIST.nls}share/locale/nb/LC_MESSAGES/sudo.mo
75${PLIST.nls}share/locale/nb/LC_MESSAGES/sudoers.mo 84${PLIST.nls}share/locale/nb/LC_MESSAGES/sudoers.mo
76${PLIST.nls}share/locale/nl/LC_MESSAGES/sudo.mo 85${PLIST.nls}share/locale/nl/LC_MESSAGES/sudo.mo
77${PLIST.nls}share/locale/nl/LC_MESSAGES/sudoers.mo 86${PLIST.nls}share/locale/nl/LC_MESSAGES/sudoers.mo
78${PLIST.nls}share/locale/nn/LC_MESSAGES/sudo.mo 87${PLIST.nls}share/locale/nn/LC_MESSAGES/sudo.mo
79${PLIST.nls}share/locale/pl/LC_MESSAGES/sudo.mo 88${PLIST.nls}share/locale/pl/LC_MESSAGES/sudo.mo
80${PLIST.nls}share/locale/pl/LC_MESSAGES/sudoers.mo 89${PLIST.nls}share/locale/pl/LC_MESSAGES/sudoers.mo
81${PLIST.nls}share/locale/pt/LC_MESSAGES/sudo.mo 90${PLIST.nls}share/locale/pt/LC_MESSAGES/sudo.mo
82${PLIST.nls}share/locale/pt/LC_MESSAGES/sudoers.mo 91${PLIST.nls}share/locale/pt/LC_MESSAGES/sudoers.mo
83${PLIST.nls}share/locale/pt_BR/LC_MESSAGES/sudo.mo 92${PLIST.nls}share/locale/pt_BR/LC_MESSAGES/sudo.mo
84${PLIST.nls}share/locale/pt_BR/LC_MESSAGES/sudoers.mo 93${PLIST.nls}share/locale/pt_BR/LC_MESSAGES/sudoers.mo
 94${PLIST.nls}share/locale/ro/LC_MESSAGES/sudo.mo
 95${PLIST.nls}share/locale/ro/LC_MESSAGES/sudoers.mo
85${PLIST.nls}share/locale/ru/LC_MESSAGES/sudo.mo 96${PLIST.nls}share/locale/ru/LC_MESSAGES/sudo.mo
86${PLIST.nls}share/locale/ru/LC_MESSAGES/sudoers.mo 97${PLIST.nls}share/locale/ru/LC_MESSAGES/sudoers.mo
87${PLIST.nls}share/locale/sk/LC_MESSAGES/sudo.mo 98${PLIST.nls}share/locale/sk/LC_MESSAGES/sudo.mo
88${PLIST.nls}share/locale/sk/LC_MESSAGES/sudoers.mo 99${PLIST.nls}share/locale/sk/LC_MESSAGES/sudoers.mo
89${PLIST.nls}share/locale/sl/LC_MESSAGES/sudo.mo 100${PLIST.nls}share/locale/sl/LC_MESSAGES/sudo.mo
90${PLIST.nls}share/locale/sl/LC_MESSAGES/sudoers.mo 101${PLIST.nls}share/locale/sl/LC_MESSAGES/sudoers.mo
91${PLIST.nls}share/locale/sr/LC_MESSAGES/sudo.mo 102${PLIST.nls}share/locale/sr/LC_MESSAGES/sudo.mo
92${PLIST.nls}share/locale/sr/LC_MESSAGES/sudoers.mo 103${PLIST.nls}share/locale/sr/LC_MESSAGES/sudoers.mo
93${PLIST.nls}share/locale/sv/LC_MESSAGES/sudo.mo 104${PLIST.nls}share/locale/sv/LC_MESSAGES/sudo.mo
94${PLIST.nls}share/locale/sv/LC_MESSAGES/sudoers.mo 105${PLIST.nls}share/locale/sv/LC_MESSAGES/sudoers.mo
95${PLIST.nls}share/locale/tr/LC_MESSAGES/sudo.mo 106${PLIST.nls}share/locale/tr/LC_MESSAGES/sudo.mo
96${PLIST.nls}share/locale/tr/LC_MESSAGES/sudoers.mo 107${PLIST.nls}share/locale/tr/LC_MESSAGES/sudoers.mo
97${PLIST.nls}share/locale/uk/LC_MESSAGES/sudo.mo 108${PLIST.nls}share/locale/uk/LC_MESSAGES/sudo.mo
cvs diff -r1.111 -r1.112 pkgsrc/security/sudo/distinfo (expand / switch to unified diff)

--- pkgsrc/security/sudo/distinfo 2020/09/19 14:04:29 1.111
+++ pkgsrc/security/sudo/distinfo 2021/01/18 14:32:23 1.112
@@ -1,10 +1,12 @@ @@ -1,10 +1,12 @@
1$NetBSD: distinfo,v 1.111 2020/09/19 14:04:29 taca Exp $ 1$NetBSD: distinfo,v 1.112 2021/01/18 14:32:23 taca Exp $
2 2
3SHA1 (sudo-1.8.31p2.tar.gz) = 53a6dfa90f78bc10615b83b7026bf3ba206c69e9 3SHA1 (sudo-1.9.5p1.tar.gz) = 0a6b9b18518c8f7c37bd09573b9b711174cdf3b9
4RMD160 (sudo-1.8.31p2.tar.gz) = 5ffd8e785095c19c26ad8e3b3d5768669951f777 4RMD160 (sudo-1.9.5p1.tar.gz) = 4fdcb72761b7d3a7de6c98c11c5efc976a6b11e5
5SHA512 (sudo-1.8.31p2.tar.gz) = ad1bbbde74d3ab6e947071c6f21e436ebabcf5af11ecc75cde8f0c01ca0b8c6ae1cce2ff42f21612816c636e96722a2a14daa57757644ceab6577091f82242be 5SHA512 (sudo-1.9.5p1.tar.gz) = 0168f0b61a6c2d2f60a92b5b4d3c3254aed4116decabac3821d9ac2fd7f74bb7b019e35bb8955335315b3b00ddf4e4acd82540df0addc1d9bf4f44b60447a878
6Size (sudo-1.8.31p2.tar.gz) = 3353538 bytes 6Size (sudo-1.9.5p1.tar.gz) = 4008926 bytes
7SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560 7SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560
8SHA1 (patch-configure) = 498b1040fceb317c239d050b59b3d1a180598441 8SHA1 (patch-configure) = 4db043c7384cdeb4701ccd2f455dfad2dc17c663
9SHA1 (patch-plugins_sudoers_Makefile.in) = 730193c6437197a7114dd31886050cecdcba6772 9SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409
 10SHA1 (patch-logsrvd_Makefile.in) = c460b868e09560a80f632d1332fc7d7c3d1822cf
 11SHA1 (patch-plugins_sudoers_Makefile.in) = efc0fb726c23dcb2d6a006524fd561800d6d7924
10SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39 12SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39
cvs diff -r1.3 -r1.4 pkgsrc/security/sudo/patches/patch-configure (expand / switch to unified diff)

--- pkgsrc/security/sudo/patches/patch-configure 2020/09/19 14:04:29 1.3
+++ pkgsrc/security/sudo/patches/patch-configure 2021/01/18 14:32:24 1.4
@@ -1,132 +1,132 @@ @@ -1,132 +1,132 @@
1$NetBSD: patch-configure,v 1.3 2020/09/19 14:04:29 taca Exp $ 1$NetBSD: patch-configure,v 1.4 2021/01/18 14:32:24 taca Exp $
2 2
3* Add "--with-nbsdops" option, NetBSD standard options. 3* Add "--with-nbsdops" option, NetBSD standard options.
4* Link with util(3) in the case of DragonFly, too. 4* Link with util(3) in the case of DragonFly, too.
5* When specified "--with-kerb5" option, test existence of several functions 5* When specified "--with-kerb5" option, test existence of several functions
6 even if there is krb5-config. krb5-config dosen't give all definitions for 6 even if there is krb5-config. krb5-config dosen't give all definitions for
7 functions (HAVE_KRB5_*). 7 functions (HAVE_KRB5_*).
8* Remove setting sysconfdir to "/etc". 8* Remove setting sysconfdir to "/etc".
9 9
10--- configure.orig 2020-06-12 13:15:11.000000000 +0000 10--- configure.orig 2021-01-09 20:12:16.000000000 +0000
11+++ configure 11+++ configure
12@@ -870,6 +870,7 @@ with_libpath 12@@ -892,6 +892,7 @@ with_libpath
13 with_libraries 13 with_libraries
14 with_efence 14 with_efence
15 with_csops 15 with_csops
16+with_nbsdops 16+with_nbsdops
17 with_passwd 17 with_passwd
18 with_skey 18 with_skey
19 with_opie 19 with_opie
20@@ -1592,7 +1593,7 @@ Fine tuning of the installation director 20@@ -1621,7 +1622,7 @@ Fine tuning of the installation director
21 --bindir=DIR user executables [EPREFIX/bin] 21 --bindir=DIR user executables [EPREFIX/bin]
22 --sbindir=DIR system admin executables [EPREFIX/sbin] 22 --sbindir=DIR system admin executables [EPREFIX/sbin]
23 --libexecdir=DIR program executables [EPREFIX/libexec] 23 --libexecdir=DIR program executables [EPREFIX/libexec]
24- --sysconfdir=DIR read-only single-machine data [/etc] 24- --sysconfdir=DIR read-only single-machine data [/etc]
25+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] 25+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
26 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] 26 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
27 --localstatedir=DIR modifiable single-machine data [PREFIX/var] 27 --localstatedir=DIR modifiable single-machine data [PREFIX/var]
28 --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] 28 --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
29@@ -1706,6 +1707,7 @@ Optional Packages: 29@@ -1737,6 +1738,7 @@ Optional Packages:
30 --with-libraries additional libraries to link with 30 --with-libraries additional libraries to link with
31 --with-efence link with -lefence for malloc() debugging 31 --with-efence link with -lefence for malloc() debugging
32 --with-csops add CSOps standard options 32 --with-csops add CSOps standard options
33+ --with-nbsdops add NetBSD standard opt ions 33+ --with-nbsdops add NetBSD standard opt ions
34 --without-passwd don't use passwd/shadow file for authentication 34 --without-passwd don't use passwd/shadow file for authentication
35 --with-skey[=DIR] enable S/Key support 35 --with-skey[=DIR] enable S/Key support
36 --with-opie[=DIR] enable OPIE support 36 --with-opie[=DIR] enable OPIE support
37@@ -4809,6 +4811,23 @@ fi 37@@ -4863,6 +4865,23 @@ fi
38  38
39  39
40  40
41+# Check whether --with-nbsdops was given. 41+# Check whether --with-nbsdops was given.
42+if test "${with_nbsdops+set}" = set; then : 42+if test "${with_nbsdops+set}" = set; then :
43+ withval=$with_nbsdops; case $with_nbsdops in 43+ withval=$with_nbsdops; case $with_nbsdops in
44+ yes) echo 'Adding NetBSD standard options' 44+ yes) echo 'Adding NetBSD standard options'
45+ CHECKSIA=false 45+ CHECKSIA=false
46+ with_ignore_dot=yes 46+ with_ignore_dot=yes
47+ with_env_editor=yes 47+ with_env_editor=yes
48+ with_tty_tickets=yes 48+ with_tty_tickets=yes
49+ ;; 49+ ;;
50+ no) ;; 50+ no) ;;
51+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" 51+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
52+ ;; 52+ ;;
53+esac 53+esac
54+fi 54+fi
55+ 55+
56+ 56+
57+ 57+
58 # Check whether --with-passwd was given. 58 # Check whether --with-passwd was given.
59 if test "${with_passwd+set}" = set; then : 59 if test "${with_passwd+set}" = set; then :
60 withval=$with_passwd; case $with_passwd in 60 withval=$with_passwd; case $with_passwd in
61@@ -15937,7 +15956,7 @@ fi 61@@ -15765,7 +15784,7 @@ fi
62 : ${mansectsu='1m'} 62 : ${mansectsu='1m'}
63 : ${mansectform='4'} 63 : ${mansectform='4'}
64 ;; 64 ;;
65- *-*-linux*|*-*-k*bsd*-gnu) 65- *-*-linux*|*-*-k*bsd*-gnu)
66+ *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd) 66+ *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
67 shadow_funcs="getspnam" 67 shadow_funcs="getspnam"
68 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 68 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
69 # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h 69 # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
70@@ -18175,7 +18194,7 @@ if test "x$ac_cv_header_login_cap_h" = x 70@@ -18026,7 +18045,7 @@ if test "x$ac_cv_header_login_cap_h" = x
71 _ACEOF 71 _ACEOF
72 LOGINCAP_USAGE='[-c class] '; LCMAN=1 72 LOGINCAP_USAGE='[-c class] '; LCMAN=1
73 case "$OS" in 73 case "$OS" in
74- freebsd|netbsd) 74- freebsd|netbsd)
75+ dragonfly*|freebsd|netbsd) 75+ dragonfly*|freebsd|netbsd)
76 SUDO_LIBS="${SUDO_LIBS} -lutil" 76 SUDO_LIBS="${SUDO_LIBS} -lutil"
77 SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" 77 SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
78 ;; 78 ;;
79@@ -23018,10 +23037,9 @@ if test ${with_pam-"no"} != "no"; then 79@@ -23965,10 +23984,9 @@ if test ${with_pam-"no"} != "no"; then
80 # Check for pam_start() in libpam first, then for pam_appl.h. 80 # Check for pam_start() in libpam first, then for pam_appl.h.
81 # 81 #
82 found_pam_lib=no 82 found_pam_lib=no
83- as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh` 83- as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh`
84-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 84-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
85+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 85+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
86 $as_echo_n "checking for pam_start in -lpam... " >&6; } 86 $as_echo_n "checking for pam_start in -lpam... " >&6; }
87-if eval \${$as_ac_Lib+:} false; then : 87-if eval \${$as_ac_Lib+:} false; then :
88+if ${ac_cv_lib_pam_pam_start+:} false; then : 88+if ${ac_cv_lib_pam_pam_start+:} false; then :
89 $as_echo_n "(cached) " >&6 89 $as_echo_n "(cached) " >&6
90 else 90 else
91 ac_check_lib_save_LIBS=$LIBS 91 ac_check_lib_save_LIBS=$LIBS
92@@ -23045,18 +23063,17 @@ return pam_start (); 92@@ -23992,18 +24010,17 @@ return pam_start ();
93 } 93 }
94 _ACEOF 94 _ACEOF
95 if ac_fn_c_try_link "$LINENO"; then : 95 if ac_fn_c_try_link "$LINENO"; then :
96- eval "$as_ac_Lib=yes" 96- eval "$as_ac_Lib=yes"
97+ ac_cv_lib_pam_pam_start=yes 97+ ac_cv_lib_pam_pam_start=yes
98 else 98 else
99- eval "$as_ac_Lib=no" 99- eval "$as_ac_Lib=no"
100+ ac_cv_lib_pam_pam_start=no 100+ ac_cv_lib_pam_pam_start=no
101 fi 101 fi
102 rm -f core conftest.err conftest.$ac_objext \ 102 rm -f core conftest.err conftest.$ac_objext \
103 conftest$ac_exeext conftest.$ac_ext 103 conftest$ac_exeext conftest.$ac_ext
104 LIBS=$ac_check_lib_save_LIBS 104 LIBS=$ac_check_lib_save_LIBS
105 fi 105 fi
106-eval ac_res=\$$as_ac_Lib 106-eval ac_res=\$$as_ac_Lib
107- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 107- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
108-$as_echo "$ac_res" >&6; } 108-$as_echo "$ac_res" >&6; }
109-if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : 109-if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
110+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 110+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5
111+$as_echo "$ac_cv_lib_pam_pam_start" >&6; } 111+$as_echo "$ac_cv_lib_pam_pam_start" >&6; }
112+if test "x$ac_cv_lib_pam_pam_start" = xyes; then : 112+if test "x$ac_cv_lib_pam_pam_start" = xyes; then :
113 found_pam_lib=yes 113 found_pam_lib=yes
114 fi 114 fi
115  115
116@@ -23791,6 +23808,8 @@ fi 116@@ -24738,6 +24755,8 @@ fi
117 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext 117 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
118 AUTH_OBJS="$AUTH_OBJS kerb5.lo" 118 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
119 fi 119 fi
120+fi 120+fi
121+if test ${with_kerb5-'no'} != "no"; then 121+if test ${with_kerb5-'no'} != "no"; then
122 _LIBS="$LIBS" 122 _LIBS="$LIBS"
123 LIBS="${LIBS} ${SUDOERS_LIBS}" 123 LIBS="${LIBS} ${SUDOERS_LIBS}"
124 for ac_func in krb5_verify_user krb5_init_secure_context 124 for ac_func in krb5_verify_user krb5_init_secure_context
125@@ -27051,7 +27070,6 @@ test "$datarootdir" = '${prefix}/share'  125@@ -28297,7 +28316,6 @@ test "$docdir" = '${datarootdir}/doc/${P
126 test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' 
127 test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' 126 test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
128 test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' 127 test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
 128 test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run'
129-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' 129-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
130  130
131 if test X"$INIT_SCRIPT" != X""; then 131 if test X"$INIT_SCRIPT" != X""; then
132 ac_config_files="$ac_config_files init.d/$INIT_SCRIPT" 132 ac_config_files="$ac_config_files etc/init.d/$INIT_SCRIPT"
cvs diff -r1.3 -r1.4 pkgsrc/security/sudo/patches/patch-plugins_sudoers_Makefile.in (expand / switch to unified diff)

--- pkgsrc/security/sudo/patches/patch-plugins_sudoers_Makefile.in 2019/12/28 20:43:56 1.3
+++ pkgsrc/security/sudo/patches/patch-plugins_sudoers_Makefile.in 2021/01/18 14:32:24 1.4
@@ -1,15 +1,31 @@ @@ -1,15 +1,31 @@
1$NetBSD: patch-plugins_sudoers_Makefile.in,v 1.3 2019/12/28 20:43:56 kim Exp $ 1$NetBSD: patch-plugins_sudoers_Makefile.in,v 1.4 2021/01/18 14:32:24 taca Exp $
2 2
3Do not install the sudoers file to etc. 3* Do not install the sudoers file.
 4* link with @LIBS@ for PKG_OPTIONS nls enabled case.
4 5
5--- plugins/sudoers/Makefile.in.orig 2019-12-25 21:21:05.000000000 +0200 6--- plugins/sudoers/Makefile.in.orig 2021-01-09 20:12:16.000000000 +0000
6+++ plugins/sudoers/Makefile.in 2019-12-28 22:01:00.540953438 +0200 7+++ plugins/sudoers/Makefile.in
7@@ -396,7 +396,7 @@ 8@@ -62,10 +62,10 @@ LIBUTIL = $(top_builddir)/lib/util/libsu
 9 LIBS = $(LIBUTIL)
 10 NET_LIBS = @NET_LIBS@
 11 SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ @LIBTLS@ $(NET_LIBS) $(LIBIOLOG) $(LIBEVENTLOG) $(LIBLOGSRV)
 12-REPLAY_LIBS = @REPLAY_LIBS@ $(LIBEVENTLOG) $(LIBIOLOG)
 13-VISUDO_LIBS = $(NET_LIBS)
 14-CVTSUDOERS_LIBS = $(NET_LIBS)
 15-TESTSUDOERS_LIBS = $(NET_LIBS)
 16+REPLAY_LIBS = @REPLAY_LIBS@ $(LIBEVENTLOG) $(LIBIOLOG) @LIBS@
 17+VISUDO_LIBS = $(NET_LIBS) @LIBS@
 18+CVTSUDOERS_LIBS = $(NET_LIBS) @LIBS@
 19+TESTSUDOERS_LIBS = $(NET_LIBS) @LIBS@
 20
 21 # C preprocessor defines
 22 CPPDEFS = -DLIBDIR=\"$(libdir)\" -DLOCALEDIR=\"$(localedir)\" \
 23@@ -390,7 +390,7 @@ pre-install:
8 fi; \ 24 fi; \
9 fi 25 fi
10  26
11-install: install-plugin install-binaries install-sudoers install-doc 27-install: install-plugin install-binaries install-sudoers install-doc
12+install: install-plugin install-binaries install-doc 28+install: install-plugin install-binaries install-doc
13  29
14 install-dirs: 30 install-dirs:
15 $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ 31 $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) \
File Added: pkgsrc/security/sudo/patches/patch-examples_Makefile.in
$NetBSD: patch-examples_Makefile.in,v 1.1 2021/01/18 14:32:24 taca Exp $

Do not install the configuration files.

--- examples/Makefile.in.orig	2020-12-17 01:33:43.000000000 +0000
+++ examples/Makefile.in
@@ -83,11 +83,6 @@ install-includes:
 
 install-doc: install-dirs
 	for f in $(EXAMPLES); do $(INSTALL) $(INSTALL_OWNER) -m 0644 $$f $(DESTDIR)$(exampledir); done
-	test -r $(DESTDIR)$(sysconfdir)/sudo.conf || \
-	    $(INSTALL) $(INSTALL_OWNER) -m 0644 sudo.conf $(DESTDIR)$(sysconfdir)
-	if test -n "$(LOGSRVD_CONF)" -a ! -r $(DESTDIR)$(sysconfdir)/sudo_logsrvd.conf; then \
-	    $(INSTALL) $(INSTALL_OWNER) -m 0644 $(LOGSRVD_CONF) $(DESTDIR)$(sysconfdir); \
-	fi
 
 install-plugin:
File Added: pkgsrc/security/sudo/patches/Attic/patch-logsrvd_Makefile.in
$NetBSD: patch-logsrvd_Makefile.in,v 1.1 2021/01/18 14:32:24 taca Exp $

Fix build error.

--- logsrvd/Makefile.in.orig	2021-01-09 20:12:16.000000000 +0000
+++ logsrvd/Makefile.in
@@ -46,7 +46,7 @@ INSTALL_BACKUP = @INSTALL_BACKUP@
 LT_LIBS = $(top_builddir)/lib/iolog/libsudo_iolog.la \
 	  $(top_builddir)/lib/eventlog/libsudo_eventlog.la \
 	  $(top_builddir)/lib/logsrv/liblogsrv.la
-LIBS = $(LT_LIBS) @LIBTLS@
+LIBS = $(LT_LIBS) @LIBTLS@ @LIBS@
 
 # C preprocessor defines
 CPPDEFS = -D_PATH_SUDO_LOGSRVD_CONF=\"$(sysconfdir)/sudo_logsrvd.conf\" \