security/sudo: update to 1.9.5p1 Update sudo package to 1.9.5p1. CHanges from 1.8.31p2 are too many to write here. Please refer <https://www.sudo.ws/stable.html>. 1.9.5 fixes these security problems: * Fixed CVE-2021-23239, a potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists. If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it cannot be used to write to an arbitrary location. * Fixed CVE-2021-23240, a flaw in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, a user with sudoedit permissions may be able to set the owner of an arbitrary file to the user-ID of the target user. On Linux kernels that support protected symlinks setting /proc/sys/fs/protected_symlinks to 1 will prevent the bug from being exploited. For more information, see Symbolic link attack in SELinux-enabled sudoedit. Quote from 1.9.0 features: * The maximum length of a conversation reply has been increased from 255 to 1023 characters. This allows for longer user passwords. Bug #860. * Sudo now includes a logging daemon, sudo_logsrvd, which can be used to implement centralized logging of I/O logs. TLS connections are supported when sudo is configured with the --enable-openssl option. For more information, see the sudo_logsrvd, sudo_logsrvd.conf and sudo_logsrv.proto manuals as well as the log_servers setting in the sudoers manual. * The --disable-log-server and --disable-log-client configure options can be used to disable building the I/O log server and/or remote I/O log support in the sudoers plugin. * The new sudo_sendlog utility can be used to test sudo_logsrvd or send existing sudo I/O logs to a centralized server. * It is now possible to write sudo plugins in Python 4 when sudo is configured with the --enable-python option. See the sudo_plugin_python manual for details. Sudo 1.9.0 comes with several Python example plugins that get installed sudo's examples directory. The sudo blog article What's new in sudo 1.9: Python includes a simple tutorial on writing python plugins. * Sudo now supports an audit plugin type. An audit plugin receives accept, reject, exit and error messages and can be used to implement custom logging that is independent of the underlying security policy. Multiple audit plugins may be specified in the sudo.conf file. A sample audit plugin is included that writes logs in JSON format. * Sudo now supports an approval plugin type. An approval plugin is run only after the main security policy (such as sudoers) accepts a command to be run. The approval policy may perform additional checks, potentially interacting with the user. Multiple approval plugins may be specified in the sudo.conf file. Only if all approval plugins succeed will the command be allowed. * Sudo's -S command line option now causes the sudo conversation function to write to the standard output or standard error instead of the terminal device.diff -r1.180 -r1.181 pkgsrc/security/sudo/Makefile
(taca)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.180 2020/09/19 14:04:29 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.181 2021/01/18 14:32:23 taca Exp $ | |
2 | 2 | |||
3 | DISTNAME= sudo-1.8.31p2 | 3 | DISTNAME= sudo-1.9.5p1 | |
4 | CATEGORIES= security | 4 | CATEGORIES= security | |
5 | MASTER_SITES= https://www.sudo.ws/dist/ | 5 | MASTER_SITES= https://www.sudo.ws/dist/ | |
6 | MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ | 6 | MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ | |
7 | MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ | 7 | MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ | |
8 | MASTER_SITES+= http://ftp.twaren.net/Unix/Security/Sudo/ | 8 | MASTER_SITES+= http://ftp.twaren.net/Unix/Security/Sudo/ | |
9 | MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/ | 9 | MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/ | |
10 | 10 | |||
11 | MAINTAINER= pkgsrc-users@NetBSD.org | 11 | MAINTAINER= pkgsrc-users@NetBSD.org | |
12 | HOMEPAGE= https://www.sudo.ws/ | 12 | HOMEPAGE= https://www.sudo.ws/ | |
13 | COMMENT= Allow others to run commands as root | 13 | COMMENT= Allow others to run commands as root | |
14 | LICENSE= isc AND modified-bsd | 14 | LICENSE= isc AND modified-bsd | |
15 | 15 | |||
16 | USE_LIBTOOL= yes | 16 | USE_LIBTOOL= yes | |
@@ -44,27 +44,32 @@ PLIST.noexec= yes | @@ -44,27 +44,32 @@ PLIST.noexec= yes | |||
44 | CFLAGS+= -D_OPENBSD_SOURCE=1 | 44 | CFLAGS+= -D_OPENBSD_SOURCE=1 | |
45 | .endif | 45 | .endif | |
46 | .if !empty(MACHINE_PLATFORM:MNetBSD-[5-6].*-*) | 46 | .if !empty(MACHINE_PLATFORM:MNetBSD-[5-6].*-*) | |
47 | CFLAGS+= -D_INCOMPLETE_XOPEN_C063=1 | 47 | CFLAGS+= -D_INCOMPLETE_XOPEN_C063=1 | |
48 | .endif | 48 | .endif | |
49 | 49 | |||
50 | .include "options.mk" | 50 | .include "options.mk" | |
51 | 51 | |||
52 | OWN_DIRS+= ${VARBASE}/run | 52 | OWN_DIRS+= ${VARBASE}/run | |
53 | BUILD_DEFS+= VARBASE | 53 | BUILD_DEFS+= VARBASE | |
54 | 54 | |||
55 | DOCDIR= share/doc/${PKGBASE} | 55 | DOCDIR= share/doc/${PKGBASE} | |
56 | EGDIR= share/examples/${PKGBASE} | 56 | EGDIR= share/examples/${PKGBASE} | |
57 | CONF_FILES_PERMS= ${EGDIR}/sudoers ${PKG_SYSCONFDIR}/sudoers \ | 57 | CONF_FILES_PERMS= ${EGDIR}/sudo.conf ${PKG_SYSCONFDIR}/sudo.conf \ | |
58 | ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440 | |||
59 | CONF_FILES_PERMS+= ${EGDIR}/sudo_logsrvd.conf \ | |||
60 | ${PKG_SYSCONFDIR}/sudo_logsrvd.conf \ | |||
61 | ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440 | |||
62 | CONF_FILES_PERMS+= ${EGDIR}/sudoers ${PKG_SYSCONFDIR}/sudoers \ | |||
58 | ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440 | 63 | ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440 | |
59 | OWN_DIRS+= ${PKG_SYSCONFDIR}/sudoers.d | 64 | OWN_DIRS+= ${PKG_SYSCONFDIR}/sudoers.d | |
60 | SPECIAL_PERMS+= bin/sudo ${SETUID_ROOT_PERMS} | 65 | SPECIAL_PERMS+= bin/sudo ${SETUID_ROOT_PERMS} | |
61 | SPECIAL_PERMS+= bin/sudoreplay ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 511 | 66 | SPECIAL_PERMS+= bin/sudoreplay ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 511 | |
62 | 67 | |||
63 | INSTALLATION_DIRS+= ${DOCDIR} ${EGDIR} | 68 | INSTALLATION_DIRS+= ${DOCDIR} ${EGDIR} | |
64 | NOT_FOR_UNPRIVILEGED= yes | 69 | NOT_FOR_UNPRIVILEGED= yes | |
65 | 70 | |||
66 | post-install: | 71 | post-install: | |
67 | ${INSTALL_DATA} ${WRKSRC}/doc/UPGRADE ${DESTDIR}${PREFIX}/${DOCDIR} | 72 | ${INSTALL_DATA} ${WRKSRC}/doc/UPGRADE ${DESTDIR}${PREFIX}/${DOCDIR} | |
68 | ${INSTALL_DATA} ${WRKSRC}/plugins/sudoers/sudoers ${DESTDIR}${PREFIX}/${EGDIR}/sudoers | 73 | ${INSTALL_DATA} ${WRKSRC}/plugins/sudoers/sudoers ${DESTDIR}${PREFIX}/${EGDIR}/sudoers | |
69 | ${INSTALL_DATA} ${WRKSRC}/README ${DESTDIR}${PREFIX}/${DOCDIR} | 74 | ${INSTALL_DATA} ${WRKSRC}/README ${DESTDIR}${PREFIX}/${DOCDIR} | |
70 | 75 |
@@ -1,50 +1,59 @@ | @@ -1,50 +1,59 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.18 2019/10/31 14:43:13 triaxx Exp $ | 1 | @comment $NetBSD: PLIST,v 1.19 2021/01/18 14:32:23 taca Exp $ | |
2 | bin/cvtsudoers | 2 | bin/cvtsudoers | |
3 | bin/sudo | 3 | bin/sudo | |
4 | bin/sudoedit | 4 | bin/sudoedit | |
5 | bin/sudoreplay | 5 | bin/sudoreplay | |
6 | include/sudo_plugin.h | 6 | include/sudo_plugin.h | |
7 | lib/sudo/audit_json.la | |||
7 | lib/sudo/group_file.la | 8 | lib/sudo/group_file.la | |
8 | lib/sudo/libsudo_util.la | 9 | lib/sudo/libsudo_util.la | |
10 | lib/sudo/sample_approval.la | |||
9 | ${PLIST.noexec}lib/sudo/sudo_noexec.la | 11 | ${PLIST.noexec}lib/sudo/sudo_noexec.la | |
10 | lib/sudo/sudoers.la | 12 | lib/sudo/sudoers.la | |
11 | lib/sudo/system_group.la | 13 | lib/sudo/system_group.la | |
12 | man/man1/cvtsudoers.1 | 14 | man/man1/cvtsudoers.1 | |
13 | man/man5/sudo.conf.5 | 15 | man/man5/sudo.conf.5 | |
16 | man/man5/sudo_logsrv.proto.5 | |||
17 | man/man5/sudo_logsrvd.conf.5 | |||
14 | man/man5/sudoers.5 | 18 | man/man5/sudoers.5 | |
15 | ${PLIST.ldap}man/man5/sudoers.ldap.5 | 19 | ${PLIST.ldap}man/man5/sudoers.ldap.5 | |
16 | man/man5/sudoers_timestamp.5 | 20 | man/man5/sudoers_timestamp.5 | |
17 | man/man8/sudo.8 | 21 | man/man8/sudo.8 | |
22 | man/man8/sudo_logsrvd.8 | |||
18 | man/man8/sudo_plugin.8 | 23 | man/man8/sudo_plugin.8 | |
24 | man/man8/sudo_sendlog.8 | |||
19 | man/man8/sudoedit.8 | 25 | man/man8/sudoedit.8 | |
20 | man/man8/sudoreplay.8 | 26 | man/man8/sudoreplay.8 | |
21 | man/man8/visudo.8 | 27 | man/man8/visudo.8 | |
28 | sbin/sudo_logsrvd | |||
29 | sbin/sudo_sendlog | |||
22 | sbin/visudo | 30 | sbin/visudo | |
23 | share/doc/sudo/CONTRIBUTORS | 31 | share/doc/sudo/CONTRIBUTORS | |
24 | share/doc/sudo/ChangeLog | 32 | share/doc/sudo/ChangeLog | |
25 | share/doc/sudo/HISTORY | 33 | share/doc/sudo/HISTORY | |
26 | share/doc/sudo/LICENSE | 34 | share/doc/sudo/LICENSE | |
27 | share/doc/sudo/NEWS | 35 | share/doc/sudo/NEWS | |
28 | share/doc/sudo/README | 36 | share/doc/sudo/README | |
29 | ${PLIST.ldap}share/doc/sudo/README.LDAP | 37 | ${PLIST.ldap}share/doc/sudo/README.LDAP | |
30 | share/doc/sudo/TROUBLESHOOTING | 38 | share/doc/sudo/TROUBLESHOOTING | |
31 | share/doc/sudo/UPGRADE | 39 | share/doc/sudo/UPGRADE | |
32 | ${PLIST.ldap}share/doc/sudo/schema.ActiveDirectory | 40 | ${PLIST.ldap}share/doc/sudo/schema.ActiveDirectory | |
33 | ${PLIST.ldap}share/doc/sudo/schema.OpenLDAP | 41 | ${PLIST.ldap}share/doc/sudo/schema.OpenLDAP | |
34 | ${PLIST.ldap}share/doc/sudo/schema.iPlanet | 42 | ${PLIST.ldap}share/doc/sudo/schema.iPlanet | |
35 | ${PLIST.ldap}share/doc/sudo/schema.olcSudo | 43 | ${PLIST.ldap}share/doc/sudo/schema.olcSudo | |
36 | share/examples/sudo/pam.conf | 44 | share/examples/sudo/pam.conf | |
37 | share/examples/sudo/sudo.conf | 45 | share/examples/sudo/sudo.conf | |
46 | share/examples/sudo/sudo_logsrvd.conf | |||
38 | share/examples/sudo/sudoers | 47 | share/examples/sudo/sudoers | |
39 | share/examples/sudo/syslog.conf | 48 | share/examples/sudo/syslog.conf | |
40 | ${PLIST.nls}share/locale/ast/LC_MESSAGES/sudo.mo | 49 | ${PLIST.nls}share/locale/ast/LC_MESSAGES/sudo.mo | |
41 | ${PLIST.nls}share/locale/ast/LC_MESSAGES/sudoers.mo | 50 | ${PLIST.nls}share/locale/ast/LC_MESSAGES/sudoers.mo | |
42 | ${PLIST.nls}share/locale/ca/LC_MESSAGES/sudo.mo | 51 | ${PLIST.nls}share/locale/ca/LC_MESSAGES/sudo.mo | |
43 | ${PLIST.nls}share/locale/ca/LC_MESSAGES/sudoers.mo | 52 | ${PLIST.nls}share/locale/ca/LC_MESSAGES/sudoers.mo | |
44 | ${PLIST.nls}share/locale/cs/LC_MESSAGES/sudo.mo | 53 | ${PLIST.nls}share/locale/cs/LC_MESSAGES/sudo.mo | |
45 | ${PLIST.nls}share/locale/cs/LC_MESSAGES/sudoers.mo | 54 | ${PLIST.nls}share/locale/cs/LC_MESSAGES/sudoers.mo | |
46 | ${PLIST.nls}share/locale/da/LC_MESSAGES/sudo.mo | 55 | ${PLIST.nls}share/locale/da/LC_MESSAGES/sudo.mo | |
47 | ${PLIST.nls}share/locale/da/LC_MESSAGES/sudoers.mo | 56 | ${PLIST.nls}share/locale/da/LC_MESSAGES/sudoers.mo | |
48 | ${PLIST.nls}share/locale/de/LC_MESSAGES/sudo.mo | 57 | ${PLIST.nls}share/locale/de/LC_MESSAGES/sudo.mo | |
49 | ${PLIST.nls}share/locale/de/LC_MESSAGES/sudoers.mo | 58 | ${PLIST.nls}share/locale/de/LC_MESSAGES/sudoers.mo | |
50 | ${PLIST.nls}share/locale/el/LC_MESSAGES/sudoers.mo | 59 | ${PLIST.nls}share/locale/el/LC_MESSAGES/sudoers.mo | |
@@ -72,26 +81,28 @@ ${PLIST.nls}share/locale/ko/LC_MESSAGES/ | @@ -72,26 +81,28 @@ ${PLIST.nls}share/locale/ko/LC_MESSAGES/ | |||
72 | ${PLIST.nls}share/locale/ko/LC_MESSAGES/sudoers.mo | 81 | ${PLIST.nls}share/locale/ko/LC_MESSAGES/sudoers.mo | |
73 | ${PLIST.nls}share/locale/lt/LC_MESSAGES/sudoers.mo | 82 | ${PLIST.nls}share/locale/lt/LC_MESSAGES/sudoers.mo | |
74 | ${PLIST.nls}share/locale/nb/LC_MESSAGES/sudo.mo | 83 | ${PLIST.nls}share/locale/nb/LC_MESSAGES/sudo.mo | |
75 | ${PLIST.nls}share/locale/nb/LC_MESSAGES/sudoers.mo | 84 | ${PLIST.nls}share/locale/nb/LC_MESSAGES/sudoers.mo | |
76 | ${PLIST.nls}share/locale/nl/LC_MESSAGES/sudo.mo | 85 | ${PLIST.nls}share/locale/nl/LC_MESSAGES/sudo.mo | |
77 | ${PLIST.nls}share/locale/nl/LC_MESSAGES/sudoers.mo | 86 | ${PLIST.nls}share/locale/nl/LC_MESSAGES/sudoers.mo | |
78 | ${PLIST.nls}share/locale/nn/LC_MESSAGES/sudo.mo | 87 | ${PLIST.nls}share/locale/nn/LC_MESSAGES/sudo.mo | |
79 | ${PLIST.nls}share/locale/pl/LC_MESSAGES/sudo.mo | 88 | ${PLIST.nls}share/locale/pl/LC_MESSAGES/sudo.mo | |
80 | ${PLIST.nls}share/locale/pl/LC_MESSAGES/sudoers.mo | 89 | ${PLIST.nls}share/locale/pl/LC_MESSAGES/sudoers.mo | |
81 | ${PLIST.nls}share/locale/pt/LC_MESSAGES/sudo.mo | 90 | ${PLIST.nls}share/locale/pt/LC_MESSAGES/sudo.mo | |
82 | ${PLIST.nls}share/locale/pt/LC_MESSAGES/sudoers.mo | 91 | ${PLIST.nls}share/locale/pt/LC_MESSAGES/sudoers.mo | |
83 | ${PLIST.nls}share/locale/pt_BR/LC_MESSAGES/sudo.mo | 92 | ${PLIST.nls}share/locale/pt_BR/LC_MESSAGES/sudo.mo | |
84 | ${PLIST.nls}share/locale/pt_BR/LC_MESSAGES/sudoers.mo | 93 | ${PLIST.nls}share/locale/pt_BR/LC_MESSAGES/sudoers.mo | |
94 | ${PLIST.nls}share/locale/ro/LC_MESSAGES/sudo.mo | |||
95 | ${PLIST.nls}share/locale/ro/LC_MESSAGES/sudoers.mo | |||
85 | ${PLIST.nls}share/locale/ru/LC_MESSAGES/sudo.mo | 96 | ${PLIST.nls}share/locale/ru/LC_MESSAGES/sudo.mo | |
86 | ${PLIST.nls}share/locale/ru/LC_MESSAGES/sudoers.mo | 97 | ${PLIST.nls}share/locale/ru/LC_MESSAGES/sudoers.mo | |
87 | ${PLIST.nls}share/locale/sk/LC_MESSAGES/sudo.mo | 98 | ${PLIST.nls}share/locale/sk/LC_MESSAGES/sudo.mo | |
88 | ${PLIST.nls}share/locale/sk/LC_MESSAGES/sudoers.mo | 99 | ${PLIST.nls}share/locale/sk/LC_MESSAGES/sudoers.mo | |
89 | ${PLIST.nls}share/locale/sl/LC_MESSAGES/sudo.mo | 100 | ${PLIST.nls}share/locale/sl/LC_MESSAGES/sudo.mo | |
90 | ${PLIST.nls}share/locale/sl/LC_MESSAGES/sudoers.mo | 101 | ${PLIST.nls}share/locale/sl/LC_MESSAGES/sudoers.mo | |
91 | ${PLIST.nls}share/locale/sr/LC_MESSAGES/sudo.mo | 102 | ${PLIST.nls}share/locale/sr/LC_MESSAGES/sudo.mo | |
92 | ${PLIST.nls}share/locale/sr/LC_MESSAGES/sudoers.mo | 103 | ${PLIST.nls}share/locale/sr/LC_MESSAGES/sudoers.mo | |
93 | ${PLIST.nls}share/locale/sv/LC_MESSAGES/sudo.mo | 104 | ${PLIST.nls}share/locale/sv/LC_MESSAGES/sudo.mo | |
94 | ${PLIST.nls}share/locale/sv/LC_MESSAGES/sudoers.mo | 105 | ${PLIST.nls}share/locale/sv/LC_MESSAGES/sudoers.mo | |
95 | ${PLIST.nls}share/locale/tr/LC_MESSAGES/sudo.mo | 106 | ${PLIST.nls}share/locale/tr/LC_MESSAGES/sudo.mo | |
96 | ${PLIST.nls}share/locale/tr/LC_MESSAGES/sudoers.mo | 107 | ${PLIST.nls}share/locale/tr/LC_MESSAGES/sudoers.mo | |
97 | ${PLIST.nls}share/locale/uk/LC_MESSAGES/sudo.mo | 108 | ${PLIST.nls}share/locale/uk/LC_MESSAGES/sudo.mo |
@@ -1,10 +1,12 @@ | @@ -1,10 +1,12 @@ | |||
1 | $NetBSD: distinfo,v 1.111 2020/09/19 14:04:29 taca Exp $ | 1 | $NetBSD: distinfo,v 1.112 2021/01/18 14:32:23 taca Exp $ | |
2 | 2 | |||
3 | SHA1 (sudo-1.8.31p2.tar.gz) = 53a6dfa90f78bc10615b83b7026bf3ba206c69e9 | 3 | SHA1 (sudo-1.9.5p1.tar.gz) = 0a6b9b18518c8f7c37bd09573b9b711174cdf3b9 | |
4 | RMD160 (sudo-1.8.31p2.tar.gz) = 5ffd8e785095c19c26ad8e3b3d5768669951f777 | 4 | RMD160 (sudo-1.9.5p1.tar.gz) = 4fdcb72761b7d3a7de6c98c11c5efc976a6b11e5 | |
5 | SHA512 (sudo-1.8.31p2.tar.gz) = ad1bbbde74d3ab6e947071c6f21e436ebabcf5af11ecc75cde8f0c01ca0b8c6ae1cce2ff42f21612816c636e96722a2a14daa57757644ceab6577091f82242be | 5 | SHA512 (sudo-1.9.5p1.tar.gz) = 0168f0b61a6c2d2f60a92b5b4d3c3254aed4116decabac3821d9ac2fd7f74bb7b019e35bb8955335315b3b00ddf4e4acd82540df0addc1d9bf4f44b60447a878 | |
6 | Size (sudo-1.8.31p2.tar.gz) = 3353538 bytes | 6 | Size (sudo-1.9.5p1.tar.gz) = 4008926 bytes | |
7 | SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560 | 7 | SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560 | |
8 | SHA1 (patch-configure) = 498b1040fceb317c239d050b59b3d1a180598441 | 8 | SHA1 (patch-configure) = 4db043c7384cdeb4701ccd2f455dfad2dc17c663 | |
9 | SHA1 (patch-plugins_sudoers_Makefile.in) = 730193c6437197a7114dd31886050cecdcba6772 | 9 | SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409 | |
10 | SHA1 (patch-logsrvd_Makefile.in) = c460b868e09560a80f632d1332fc7d7c3d1822cf | |||
11 | SHA1 (patch-plugins_sudoers_Makefile.in) = efc0fb726c23dcb2d6a006524fd561800d6d7924 | |||
10 | SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39 | 12 | SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39 |
@@ -1,132 +1,132 @@ | @@ -1,132 +1,132 @@ | |||
1 | $NetBSD: patch-configure,v 1.3 2020/09/19 14:04:29 taca Exp $ | 1 | $NetBSD: patch-configure,v 1.4 2021/01/18 14:32:24 taca Exp $ | |
2 | 2 | |||
3 | * Add "--with-nbsdops" option, NetBSD standard options. | 3 | * Add "--with-nbsdops" option, NetBSD standard options. | |
4 | * Link with util(3) in the case of DragonFly, too. | 4 | * Link with util(3) in the case of DragonFly, too. | |
5 | * When specified "--with-kerb5" option, test existence of several functions | 5 | * When specified "--with-kerb5" option, test existence of several functions | |
6 | even if there is krb5-config. krb5-config dosen't give all definitions for | 6 | even if there is krb5-config. krb5-config dosen't give all definitions for | |
7 | functions (HAVE_KRB5_*). | 7 | functions (HAVE_KRB5_*). | |
8 | * Remove setting sysconfdir to "/etc". | 8 | * Remove setting sysconfdir to "/etc". | |
9 | 9 | |||
10 | --- configure.orig 2020-06-12 13:15:11.000000000 +0000 | 10 | --- configure.orig 2021-01-09 20:12:16.000000000 +0000 | |
11 | +++ configure | 11 | +++ configure | |
12 | @@ -870,6 +870,7 @@ with_libpath | 12 | @@ -892,6 +892,7 @@ with_libpath | |
13 | with_libraries | 13 | with_libraries | |
14 | with_efence | 14 | with_efence | |
15 | with_csops | 15 | with_csops | |
16 | +with_nbsdops | 16 | +with_nbsdops | |
17 | with_passwd | 17 | with_passwd | |
18 | with_skey | 18 | with_skey | |
19 | with_opie | 19 | with_opie | |
20 | @@ -1592,7 +1593,7 @@ Fine tuning of the installation director | 20 | @@ -1621,7 +1622,7 @@ Fine tuning of the installation director | |
21 | --bindir=DIR user executables [EPREFIX/bin] | 21 | --bindir=DIR user executables [EPREFIX/bin] | |
22 | --sbindir=DIR system admin executables [EPREFIX/sbin] | 22 | --sbindir=DIR system admin executables [EPREFIX/sbin] | |
23 | --libexecdir=DIR program executables [EPREFIX/libexec] | 23 | --libexecdir=DIR program executables [EPREFIX/libexec] | |
24 | - --sysconfdir=DIR read-only single-machine data [/etc] | 24 | - --sysconfdir=DIR read-only single-machine data [/etc] | |
25 | + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | 25 | + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | |
26 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | 26 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | |
27 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | 27 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | |
28 | --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] | 28 | --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] | |
29 | @@ -1706,6 +1707,7 @@ Optional Packages: | 29 | @@ -1737,6 +1738,7 @@ Optional Packages: | |
30 | --with-libraries additional libraries to link with | 30 | --with-libraries additional libraries to link with | |
31 | --with-efence link with -lefence for malloc() debugging | 31 | --with-efence link with -lefence for malloc() debugging | |
32 | --with-csops add CSOps standard options | 32 | --with-csops add CSOps standard options | |
33 | + --with-nbsdops add NetBSD standard opt ions | 33 | + --with-nbsdops add NetBSD standard opt ions | |
34 | --without-passwd don't use passwd/shadow file for authentication | 34 | --without-passwd don't use passwd/shadow file for authentication | |
35 | --with-skey[=DIR] enable S/Key support | 35 | --with-skey[=DIR] enable S/Key support | |
36 | --with-opie[=DIR] enable OPIE support | 36 | --with-opie[=DIR] enable OPIE support | |
37 | @@ -4809,6 +4811,23 @@ fi | 37 | @@ -4863,6 +4865,23 @@ fi | |
38 | 38 | |||
39 | 39 | |||
40 | 40 | |||
41 | +# Check whether --with-nbsdops was given. | 41 | +# Check whether --with-nbsdops was given. | |
42 | +if test "${with_nbsdops+set}" = set; then : | 42 | +if test "${with_nbsdops+set}" = set; then : | |
43 | + withval=$with_nbsdops; case $with_nbsdops in | 43 | + withval=$with_nbsdops; case $with_nbsdops in | |
44 | + yes) echo 'Adding NetBSD standard options' | 44 | + yes) echo 'Adding NetBSD standard options' | |
45 | + CHECKSIA=false | 45 | + CHECKSIA=false | |
46 | + with_ignore_dot=yes | 46 | + with_ignore_dot=yes | |
47 | + with_env_editor=yes | 47 | + with_env_editor=yes | |
48 | + with_tty_tickets=yes | 48 | + with_tty_tickets=yes | |
49 | + ;; | 49 | + ;; | |
50 | + no) ;; | 50 | + no) ;; | |
51 | + *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" | 51 | + *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" | |
52 | + ;; | 52 | + ;; | |
53 | +esac | 53 | +esac | |
54 | +fi | 54 | +fi | |
55 | + | 55 | + | |
56 | + | 56 | + | |
57 | + | 57 | + | |
58 | # Check whether --with-passwd was given. | 58 | # Check whether --with-passwd was given. | |
59 | if test "${with_passwd+set}" = set; then : | 59 | if test "${with_passwd+set}" = set; then : | |
60 | withval=$with_passwd; case $with_passwd in | 60 | withval=$with_passwd; case $with_passwd in | |
61 | @@ -15937,7 +15956,7 @@ fi | 61 | @@ -15765,7 +15784,7 @@ fi | |
62 | : ${mansectsu='1m'} | 62 | : ${mansectsu='1m'} | |
63 | : ${mansectform='4'} | 63 | : ${mansectform='4'} | |
64 | ;; | 64 | ;; | |
65 | - *-*-linux*|*-*-k*bsd*-gnu) | 65 | - *-*-linux*|*-*-k*bsd*-gnu) | |
66 | + *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd) | 66 | + *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd) | |
67 | shadow_funcs="getspnam" | 67 | shadow_funcs="getspnam" | |
68 | test -z "$with_pam" && AUTH_EXCL_DEF="PAM" | 68 | test -z "$with_pam" && AUTH_EXCL_DEF="PAM" | |
69 | # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h | 69 | # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h | |
70 | @@ -18175,7 +18194,7 @@ if test "x$ac_cv_header_login_cap_h" = x | 70 | @@ -18026,7 +18045,7 @@ if test "x$ac_cv_header_login_cap_h" = x | |
71 | _ACEOF | 71 | _ACEOF | |
72 | LOGINCAP_USAGE='[-c class] '; LCMAN=1 | 72 | LOGINCAP_USAGE='[-c class] '; LCMAN=1 | |
73 | case "$OS" in | 73 | case "$OS" in | |
74 | - freebsd|netbsd) | 74 | - freebsd|netbsd) | |
75 | + dragonfly*|freebsd|netbsd) | 75 | + dragonfly*|freebsd|netbsd) | |
76 | SUDO_LIBS="${SUDO_LIBS} -lutil" | 76 | SUDO_LIBS="${SUDO_LIBS} -lutil" | |
77 | SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" | 77 | SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" | |
78 | ;; | 78 | ;; | |
79 | @@ -23018,10 +23037,9 @@ if test ${with_pam-"no"} != "no"; then | 79 | @@ -23965,10 +23984,9 @@ if test ${with_pam-"no"} != "no"; then | |
80 | # Check for pam_start() in libpam first, then for pam_appl.h. | 80 | # Check for pam_start() in libpam first, then for pam_appl.h. | |
81 | # | 81 | # | |
82 | found_pam_lib=no | 82 | found_pam_lib=no | |
83 | - as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh` | 83 | - as_ac_Lib=`$as_echo "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | $as_tr_sh` | |
84 | -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 | 84 | -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 | |
85 | + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 | 85 | + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 | |
86 | $as_echo_n "checking for pam_start in -lpam... " >&6; } | 86 | $as_echo_n "checking for pam_start in -lpam... " >&6; } | |
87 | -if eval \${$as_ac_Lib+:} false; then : | 87 | -if eval \${$as_ac_Lib+:} false; then : | |
88 | +if ${ac_cv_lib_pam_pam_start+:} false; then : | 88 | +if ${ac_cv_lib_pam_pam_start+:} false; then : | |
89 | $as_echo_n "(cached) " >&6 | 89 | $as_echo_n "(cached) " >&6 | |
90 | else | 90 | else | |
91 | ac_check_lib_save_LIBS=$LIBS | 91 | ac_check_lib_save_LIBS=$LIBS | |
92 | @@ -23045,18 +23063,17 @@ return pam_start (); | 92 | @@ -23992,18 +24010,17 @@ return pam_start (); | |
93 | } | 93 | } | |
94 | _ACEOF | 94 | _ACEOF | |
95 | if ac_fn_c_try_link "$LINENO"; then : | 95 | if ac_fn_c_try_link "$LINENO"; then : | |
96 | - eval "$as_ac_Lib=yes" | 96 | - eval "$as_ac_Lib=yes" | |
97 | + ac_cv_lib_pam_pam_start=yes | 97 | + ac_cv_lib_pam_pam_start=yes | |
98 | else | 98 | else | |
99 | - eval "$as_ac_Lib=no" | 99 | - eval "$as_ac_Lib=no" | |
100 | + ac_cv_lib_pam_pam_start=no | 100 | + ac_cv_lib_pam_pam_start=no | |
101 | fi | 101 | fi | |
102 | rm -f core conftest.err conftest.$ac_objext \ | 102 | rm -f core conftest.err conftest.$ac_objext \ | |
103 | conftest$ac_exeext conftest.$ac_ext | 103 | conftest$ac_exeext conftest.$ac_ext | |
104 | LIBS=$ac_check_lib_save_LIBS | 104 | LIBS=$ac_check_lib_save_LIBS | |
105 | fi | 105 | fi | |
106 | -eval ac_res=\$$as_ac_Lib | 106 | -eval ac_res=\$$as_ac_Lib | |
107 | - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | 107 | - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | |
108 | -$as_echo "$ac_res" >&6; } | 108 | -$as_echo "$ac_res" >&6; } | |
109 | -if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : | 109 | -if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : | |
110 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 | 110 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 | |
111 | +$as_echo "$ac_cv_lib_pam_pam_start" >&6; } | 111 | +$as_echo "$ac_cv_lib_pam_pam_start" >&6; } | |
112 | +if test "x$ac_cv_lib_pam_pam_start" = xyes; then : | 112 | +if test "x$ac_cv_lib_pam_pam_start" = xyes; then : | |
113 | found_pam_lib=yes | 113 | found_pam_lib=yes | |
114 | fi | 114 | fi | |
115 | 115 | |||
116 | @@ -23791,6 +23808,8 @@ fi | 116 | @@ -24738,6 +24755,8 @@ fi | |
117 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | 117 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | |
118 | AUTH_OBJS="$AUTH_OBJS kerb5.lo" | 118 | AUTH_OBJS="$AUTH_OBJS kerb5.lo" | |
119 | fi | 119 | fi | |
120 | +fi | 120 | +fi | |
121 | +if test ${with_kerb5-'no'} != "no"; then | 121 | +if test ${with_kerb5-'no'} != "no"; then | |
122 | _LIBS="$LIBS" | 122 | _LIBS="$LIBS" | |
123 | LIBS="${LIBS} ${SUDOERS_LIBS}" | 123 | LIBS="${LIBS} ${SUDOERS_LIBS}" | |
124 | for ac_func in krb5_verify_user krb5_init_secure_context | 124 | for ac_func in krb5_verify_user krb5_init_secure_context | |
125 | @@ -27051,7 +27070,6 @@ test "$datarootdir" = '${prefix}/share' | 125 | @@ -28297,7 +28316,6 @@ test "$docdir" = '${datarootdir}/doc/${P | |
126 | test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' | |||
127 | test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' | 126 | test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' | |
128 | test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' | 127 | test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' | |
128 | test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run' | |||
129 | -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' | 129 | -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' | |
130 | 130 | |||
131 | if test X"$INIT_SCRIPT" != X""; then | 131 | if test X"$INIT_SCRIPT" != X""; then | |
132 | ac_config_files="$ac_config_files init.d/$INIT_SCRIPT" | 132 | ac_config_files="$ac_config_files etc/init.d/$INIT_SCRIPT" |
@@ -1,15 +1,31 @@ | @@ -1,15 +1,31 @@ | |||
1 | $NetBSD: patch-plugins_sudoers_Makefile.in,v 1.3 2019/12/28 20:43:56 kim Exp $ | 1 | $NetBSD: patch-plugins_sudoers_Makefile.in,v 1.4 2021/01/18 14:32:24 taca Exp $ | |
2 | 2 | |||
3 | Do not install the sudoers file to etc. | 3 | * Do not install the sudoers file. | |
4 | * link with @LIBS@ for PKG_OPTIONS nls enabled case. | |||
4 | 5 | |||
5 | --- plugins/sudoers/Makefile.in.orig 2019-12-25 21:21:05.000000000 +0200 | 6 | --- plugins/sudoers/Makefile.in.orig 2021-01-09 20:12:16.000000000 +0000 | |
6 | +++ plugins/sudoers/Makefile.in 2019-12-28 22:01:00.540953438 +0200 | 7 | +++ plugins/sudoers/Makefile.in | |
7 | @@ -396,7 +396,7 @@ | 8 | @@ -62,10 +62,10 @@ LIBUTIL = $(top_builddir)/lib/util/libsu | |
9 | LIBS = $(LIBUTIL) | |||
10 | NET_LIBS = @NET_LIBS@ | |||
11 | SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ @LIBTLS@ $(NET_LIBS) $(LIBIOLOG) $(LIBEVENTLOG) $(LIBLOGSRV) | |||
12 | -REPLAY_LIBS = @REPLAY_LIBS@ $(LIBEVENTLOG) $(LIBIOLOG) | |||
13 | -VISUDO_LIBS = $(NET_LIBS) | |||
14 | -CVTSUDOERS_LIBS = $(NET_LIBS) | |||
15 | -TESTSUDOERS_LIBS = $(NET_LIBS) | |||
16 | +REPLAY_LIBS = @REPLAY_LIBS@ $(LIBEVENTLOG) $(LIBIOLOG) @LIBS@ | |||
17 | +VISUDO_LIBS = $(NET_LIBS) @LIBS@ | |||
18 | +CVTSUDOERS_LIBS = $(NET_LIBS) @LIBS@ | |||
19 | +TESTSUDOERS_LIBS = $(NET_LIBS) @LIBS@ | |||
20 | ||||
21 | # C preprocessor defines | |||
22 | CPPDEFS = -DLIBDIR=\"$(libdir)\" -DLOCALEDIR=\"$(localedir)\" \ | |||
23 | @@ -390,7 +390,7 @@ pre-install: | |||
8 | fi; \ | 24 | fi; \ | |
9 | fi | 25 | fi | |
10 | 26 | |||
11 | -install: install-plugin install-binaries install-sudoers install-doc | 27 | -install: install-plugin install-binaries install-sudoers install-doc | |
12 | +install: install-plugin install-binaries install-doc | 28 | +install: install-plugin install-binaries install-doc | |
13 | 29 | |||
14 | install-dirs: | 30 | install-dirs: | |
15 | $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ | 31 | $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ |
$NetBSD: patch-examples_Makefile.in,v 1.1 2021/01/18 14:32:24 taca Exp $
Do not install the configuration files.
--- examples/Makefile.in.orig 2020-12-17 01:33:43.000000000 +0000
+++ examples/Makefile.in
@@ -83,11 +83,6 @@ install-includes:
install-doc: install-dirs
for f in $(EXAMPLES); do $(INSTALL) $(INSTALL_OWNER) -m 0644 $$f $(DESTDIR)$(exampledir); done
- test -r $(DESTDIR)$(sysconfdir)/sudo.conf || \
- $(INSTALL) $(INSTALL_OWNER) -m 0644 sudo.conf $(DESTDIR)$(sysconfdir)
- if test -n "$(LOGSRVD_CONF)" -a ! -r $(DESTDIR)$(sysconfdir)/sudo_logsrvd.conf; then \
- $(INSTALL) $(INSTALL_OWNER) -m 0644 $(LOGSRVD_CONF) $(DESTDIR)$(sysconfdir); \
- fi
install-plugin:
$NetBSD: patch-logsrvd_Makefile.in,v 1.1 2021/01/18 14:32:24 taca Exp $
Fix build error.
--- logsrvd/Makefile.in.orig 2021-01-09 20:12:16.000000000 +0000
+++ logsrvd/Makefile.in
@@ -46,7 +46,7 @@ INSTALL_BACKUP = @INSTALL_BACKUP@
LT_LIBS = $(top_builddir)/lib/iolog/libsudo_iolog.la \
$(top_builddir)/lib/eventlog/libsudo_eventlog.la \
$(top_builddir)/lib/logsrv/liblogsrv.la
-LIBS = $(LT_LIBS) @LIBTLS@
+LIBS = $(LT_LIBS) @LIBTLS@ @LIBS@
# C preprocessor defines
CPPDEFS = -D_PATH_SUDO_LOGSRVD_CONF=\"$(sysconfdir)/sudo_logsrvd.conf\" \