Thu May 27 05:40:45 2021 UTC ()
sudo: updated to 1.9.7

What's new in Sudo 1.9.7

 * The "fuzz" Makefile target now runs all the fuzzers for 8192
   passes (can be overridden via the FUZZ_RUNS variable).  This makes
   it easier to run the fuzzers in-tree.  To run a fuzzer indefinitely,
   set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".

 * Fixed fuzzing on FreeBSD where the ld.lld linker returns an
   error by default when a symbol is multiply-defined.

 * Added support for determining local IPv6 addresses on systems
   that lack the getifaddrs() function.  This now works on AIX,
   HP-UX and Solaris (at least).

 * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
   report a usage error.  Also, when invoked as sudoedit, sudo now
   allows a more restricted set of options that matches the usage
   statement and documentation.

 * Fixed a crash in sudo_sendlog when the specified certificate
   or key does not exist or is invalid.

 * Fixed a compilation error when sudo is configured with the
   --disable-log-client option.

 * Sudo's limited support for SUCCESS=return entries in nsswitch.conf
   is now documented.

 * Sudo now requires autoconf 2.70 or higher to regenerate the
   configure script.

 * sudo_logsrvd now has a relay mode which can be used to create
   a hierarchy of log servers.  By default, when a relay server is
   defined, messages from the client are forwarded immediately to
   the relay.  However, if the "store_first" setting is enabled,
   the log will be stored locally until the command completes and
   then relayed.

 * Sudo now links with OpenSSL by default if it is available unless
   the --disable-openssl configure option is used or both the
   --disable-log-client and --disable-log-server configure options
   are specified.

 * Fixed configure's Python version detection when the version minor
   number is more than a single digit, for example Python 3.10.

 * The sudo Python module tests now pass for Python 3.10.

 * Sudo will now avoid changing the datasize resource limit
   as long as the existing value is at least 1GB.  This works around
   a problem on 64-bit HP-UX where it is not possible to exactly
   restore the original datasize limit.

 * Fixed a race condition that could result in a hang when sudo is
   executed by a process where the SIGCHLD handler is set to SIG_IGN.

 * Fixed an out-of-bounds read in sudoedit and visudo when the
   EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
   unescaped backslash.  Also fixed the handling of quote characters
   that are escaped by a backslash.

 * Fixed a bug that prevented the "log_server_verify" sudoers option
   from taking effect.

 * The sudo_sendlog utility has a new -s option to cause it to stop
   sending I/O records after a user-specified elapsed time.  This
   can be used to test the I/O log restart functionality of sudo_logsrvd.

 * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
   attempting to restart an interrupted I/O log transfer.

 * The TLS connection timeout in the sudoers log client was previously
   hard-coded to 10 seconds.  It now uses the value of log_server_timeout.

 * The configure script now outputs a summary of the user-configurable
   options at the end, separate from output of configure script tests.

 * Corrected the description of which groups may be specified via the
   -g option in the Runas_Spec section.


(adam)
diff -r1.184 -r1.185 pkgsrc/security/sudo/Makefile
diff -r1.115 -r1.116 pkgsrc/security/sudo/distinfo
diff -r1.2 -r1.3 pkgsrc/security/sudo/patches/patch-Makefile.in
diff -r1.6 -r1.7 pkgsrc/security/sudo/patches/patch-configure
cvs diff -r1.184 -r1.185 pkgsrc/security/sudo/Makefile (expand / switch to unified diff)

--- pkgsrc/security/sudo/Makefile 2021/03/18 08:57:48 1.184
+++ pkgsrc/security/sudo/Makefile 2021/05/27 05:40:44 1.185
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.184 2021/03/18 08:57:48 adam Exp $ 1# $NetBSD: Makefile,v 1.185 2021/05/27 05:40:44 adam Exp $
2 2
3DISTNAME= sudo-1.9.6p1 3DISTNAME= sudo-1.9.7
4CATEGORIES= security 4CATEGORIES= security
5MASTER_SITES= https://www.sudo.ws/dist/ 5MASTER_SITES= https://www.sudo.ws/dist/
6MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ 6MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
7MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ 7MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/
8MASTER_SITES+= http://ftp.twaren.net/Unix/Security/Sudo/ 8MASTER_SITES+= http://ftp.twaren.net/Unix/Security/Sudo/
9MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/ 9MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/
10 10
11MAINTAINER= pkgsrc-users@NetBSD.org 11MAINTAINER= pkgsrc-users@NetBSD.org
12HOMEPAGE= https://www.sudo.ws/ 12HOMEPAGE= https://www.sudo.ws/
13COMMENT= Allow others to run commands as root 13COMMENT= Allow others to run commands as root
14LICENSE= isc AND modified-bsd 14LICENSE= isc AND modified-bsd
15 15
16USE_LIBTOOL= yes 16USE_LIBTOOL= yes
cvs diff -r1.115 -r1.116 pkgsrc/security/sudo/distinfo (expand / switch to unified diff)

--- pkgsrc/security/sudo/distinfo 2021/03/18 08:57:48 1.115
+++ pkgsrc/security/sudo/distinfo 2021/05/27 05:40:44 1.116
@@ -1,12 +1,12 @@ @@ -1,12 +1,12 @@
1$NetBSD: distinfo,v 1.115 2021/03/18 08:57:48 adam Exp $ 1$NetBSD: distinfo,v 1.116 2021/05/27 05:40:44 adam Exp $
2 2
3SHA1 (sudo-1.9.6p1.tar.gz) = c83e90c50f79004922a6fc5229601fe121d52f50 3SHA1 (sudo-1.9.7.tar.gz) = e439530f86550c495a8d066a140a0230cbba1874
4RMD160 (sudo-1.9.6p1.tar.gz) = 638da407f15c36debf6bce797f7a6f10caf6c0df 4RMD160 (sudo-1.9.7.tar.gz) = 3ef3c559c5f90d52406e92c5ce71f09c12c4a82c
5SHA512 (sudo-1.9.6p1.tar.gz) = 632dfe72f04ce9a7a5a7236fcd5c09ce4535e695ced49d24dd848e3a7b1bea7380df44188b9e475af4271069539b5a5816948a98fbb0649ebebaba8b4c4b7745 5SHA512 (sudo-1.9.7.tar.gz) = 53e9f18f6c0acd4f80c0cd695cd23781310e9edd305d1b3ea19653efa3fd7faba149daef0ba4953615b140a8816bc980c9bd8d28545dd8db98075abf11b63e61
6Size (sudo-1.9.6p1.tar.gz) = 4119888 bytes 6Size (sudo-1.9.7.tar.gz) = 4194242 bytes
7SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560 7SHA1 (patch-Makefile.in) = 1a83c55d27829013e2e23073046c5c39b020fafe
8SHA1 (patch-configure) = 162f6f3ac244f2ea0c3cc06884079fbceff276ca 8SHA1 (patch-configure) = 375f43b8555f4e8fe2c4c1529c20abc1f550fa5c
9SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409 9SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409
10SHA1 (patch-logsrvd_Makefile.in) = b3672406368384dfbfe7ef3e6fcd141d43cbc026 10SHA1 (patch-logsrvd_Makefile.in) = b3672406368384dfbfe7ef3e6fcd141d43cbc026
11SHA1 (patch-plugins_sudoers_Makefile.in) = d2981bb9841f6bb4b1c80f5c2f2727fbf9579501 11SHA1 (patch-plugins_sudoers_Makefile.in) = d2981bb9841f6bb4b1c80f5c2f2727fbf9579501
12SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39 12SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39
cvs diff -r1.2 -r1.3 pkgsrc/security/sudo/patches/patch-Makefile.in (expand / switch to unified diff)

--- pkgsrc/security/sudo/patches/patch-Makefile.in 2019/12/28 20:43:56 1.2
+++ pkgsrc/security/sudo/patches/patch-Makefile.in 2021/05/27 05:40:45 1.3
@@ -1,25 +1,24 @@ @@ -1,25 +1,24 @@
1$NetBSD: patch-Makefile.in,v 1.2 2019/12/28 20:43:56 kim Exp $ 1$NetBSD: patch-Makefile.in,v 1.3 2021/05/27 05:40:45 adam Exp $
2 2
3Don't setuid here. 3Don't setuid here.
4 4
5--- Makefile.in.orig 2019-10-28 15:51:30.000000000 +0200 5--- Makefile.in.orig 2021-05-11 20:54:52.000000000 +0000
6+++ Makefile.in 2019-12-28 21:41:28.028886752 +0200 6+++ Makefile.in
7@@ -64,7 +64,8 @@ 7@@ -73,7 +73,7 @@ SHELL = @SHELL@
8 SED = @SED@ 8 SED = @SED@
9  9
10 INSTALL = $(SHELL) $(top_srcdir)/install-sh -c 10 INSTALL = $(SHELL) $(scriptdir)/install-sh -c
11-INSTALL_OWNER = -o $(install_uid) -g $(install_gid) 11-INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
12+#INSTALL_OWNER = -o $(install_uid) -g $(install_gid) 
13+INSTALL_OWNER = 12+INSTALL_OWNER =
14  13
15 ECHO_N = @ECHO_N@ 14 ECHO_N = @ECHO_N@
16 ECHO_C = @ECHO_C@ 15 ECHO_C = @ECHO_C@
17@@ -165,7 +166,7 @@ 16@@ -186,7 +186,7 @@ install-doc: config.status ChangeLog
18 exit $$?; \ 17 exit $$?; \
19 done 18 done
20  19
21-install: config.status ChangeLog pre-install install-nls 20-install: config.status ChangeLog pre-install install-nls
22+install: config.status ChangeLog install-nls 21+install: config.status ChangeLog install-nls
23 for d in $(SUBDIRS); do \ 22 for d in $(SUBDIRS); do \
24 (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \ 23 (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \
25 exit $$?; \ 24 exit $$?; \
cvs diff -r1.6 -r1.7 pkgsrc/security/sudo/patches/patch-configure (expand / switch to unified diff)

--- pkgsrc/security/sudo/patches/patch-configure 2021/03/18 08:57:48 1.6
+++ pkgsrc/security/sudo/patches/patch-configure 2021/05/27 05:40:45 1.7
@@ -1,95 +1,95 @@ @@ -1,95 +1,95 @@
1$NetBSD: patch-configure,v 1.6 2021/03/18 08:57:48 adam Exp $ 1$NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
2 2
3* Add "--with-nbsdops" option, NetBSD standard options. 3* Add "--with-nbsdops" option, NetBSD standard options.
4* Link with util(3) in the case of DragonFly, too. 4* Link with util(3) in the case of DragonFly, too.
5* When specified "--with-kerb5" option, test existence of several functions 5* When specified "--with-kerb5" option, test existence of several functions
6 even if there is krb5-config. krb5-config dosen't give all definitions for 6 even if there is krb5-config. krb5-config dosen't give all definitions for
7 functions (HAVE_KRB5_*). 7 functions (HAVE_KRB5_*).
8* Remove setting sysconfdir to "/etc". 8* Remove setting sysconfdir to "/etc".
9 9
10--- configure.orig 2021-03-15 16:50:00.000000000 +0000 10--- configure.orig 2021-05-11 20:54:52.000000000 +0000
11+++ configure 11+++ configure
12@@ -920,6 +920,7 @@ with_libpath 12@@ -920,6 +920,7 @@ with_incpath
 13 with_libpath
13 with_libraries 14 with_libraries
14 with_efence 
15 with_csops 15 with_csops
16+with_nbsdops 16+with_nbsdops
17 with_passwd 17 with_passwd
18 with_skey 18 with_skey
19 with_opie 19 with_opie
20@@ -1652,7 +1653,7 @@ Fine tuning of the installation director 20@@ -1653,7 +1654,7 @@ Fine tuning of the installation director
21 --bindir=DIR user executables [EPREFIX/bin] 21 --bindir=DIR user executables [EPREFIX/bin]
22 --sbindir=DIR system admin executables [EPREFIX/sbin] 22 --sbindir=DIR system admin executables [EPREFIX/sbin]
23 --libexecdir=DIR program executables [EPREFIX/libexec] 23 --libexecdir=DIR program executables [EPREFIX/libexec]
24- --sysconfdir=DIR read-only single-machine data [/etc] 24- --sysconfdir=DIR read-only single-machine data [/etc]
25+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] 25+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
26 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] 26 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
27 --localstatedir=DIR modifiable single-machine data [PREFIX/var] 27 --localstatedir=DIR modifiable single-machine data [PREFIX/var]
28 --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] 28 --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
29@@ -1776,6 +1777,7 @@ Optional Packages: 29@@ -1776,6 +1777,7 @@ Optional Packages:
 30 --with-libpath additional places to look for libraries
30 --with-libraries additional libraries to link with 31 --with-libraries additional libraries to link with
31 --with-efence link with -lefence for malloc() debugging 
32 --with-csops add CSOps standard options 32 --with-csops add CSOps standard options
33+ --with-nbsdops add NetBSD standard options 33+ --with-nbsdops add NetBSD standard options
34 --without-passwd don't use passwd/shadow file for authentication 34 --without-passwd don't use passwd/shadow file for authentication
35 --with-skey[=DIR] enable S/Key support 35 --with-skey[=DIR] enable S/Key support
36 --with-opie[=DIR] enable OPIE support 36 --with-opie[=DIR] enable OPIE support
37@@ -5203,6 +5205,23 @@ fi 37@@ -5184,6 +5186,23 @@ fi
38  38
39  39
40  40
41+# Check whether --with-nbsdops was given. 41+# Check whether --with-nbsdops was given.
42+if test "${with_nbsdops+set}" = set; then : 42+if test "${with_nbsdops+set}" = set; then :
43+ withval=$with_nbsdops; case $with_nbsdops in 43+ withval=$with_nbsdops; case $with_nbsdops in
44+ yes) echo 'Adding NetBSD standard options' 44+ yes) echo 'Adding NetBSD standard options'
45+ CHECKSIA=false 45+ CHECKSIA=false
46+ with_ignore_dot=yes 46+ with_ignore_dot=yes
47+ with_env_editor=yes 47+ with_env_editor=yes
48+ with_tty_tickets=yes 48+ with_tty_tickets=yes
49+ ;; 49+ ;;
50+ no) ;; 50+ no) ;;
51+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" 51+ *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops"
52+ ;; 52+ ;;
53+esac 53+esac
54+fi 54+fi
55+ 55+
56+ 56+
57+ 57+
58 # Check whether --with-passwd was given. 58 # Check whether --with-passwd was given.
59 if test ${with_passwd+y} 59 if test ${with_passwd+y}
60 then : 60 then :
61@@ -16699,7 +16718,7 @@ fi 61@@ -16373,7 +16392,7 @@ fi
62 : ${mansectsu='1m'} 62 : ${mansectsu='1m'}
63 : ${mansectform='4'} 63 : ${mansectform='4'}
64 ;; 64 ;;
65- *-*-linux*|*-*-k*bsd*-gnu) 65- *-*-linux*|*-*-k*bsd*-gnu)
66+ *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd) 66+ *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
67 shadow_funcs="getspnam" 67 shadow_funcs="getspnam"
68 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 68 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
69 # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h 69 # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
70@@ -18732,7 +18751,7 @@ then : 70@@ -18253,7 +18272,7 @@ then :
71 printf "%s\n" "#define HAVE_LOGIN_CAP_H 1" >>confdefs.h 
72 LOGINCAP_USAGE='[-c class] '; LCMAN=1 71 LOGINCAP_USAGE='[-c class] '; LCMAN=1
 72 with_logincap=yes
73 case "$OS" in 73 case "$OS" in
74- freebsd*|netbsd*) 74- freebsd*|netbsd*)
75+ dragonfly*|freebsd*|netbsd*) 75+ dragonfly*|freebsd*|netbsd*)
76 SUDO_LIBS="${SUDO_LIBS} -lutil" 76 SUDO_LIBS="${SUDO_LIBS} -lutil"
77 SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" 77 SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
78 ;; 78 ;;
79@@ -25528,6 +25547,8 @@ fi 79@@ -25171,6 +25190,8 @@ fi
80 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext 80 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
81 AUTH_OBJS="$AUTH_OBJS kerb5.lo" 81 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
82 fi 82 fi
83+fi 83+fi
84+if test ${with_kerb5-'no'} != "no"; then 84+if test ${with_kerb5-'no'} != "no"; then
85 _LIBS="$LIBS" 85 _LIBS="$LIBS"
86 LIBS="${LIBS} ${SUDOERS_LIBS}" 86 LIBS="${LIBS} ${SUDOERS_LIBS}"
87 ac_fn_c_check_func "$LINENO" "krb5_verify_user" "ac_cv_func_krb5_verify_user" 87 ac_fn_c_check_func "$LINENO" "krb5_verify_user" "ac_cv_func_krb5_verify_user"
88@@ -29695,7 +29716,6 @@ test "$docdir" = '${datarootdir}/doc/${P 88@@ -29359,7 +29380,6 @@ test "$docdir" = '${datarootdir}/doc/${P
89 test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' 89 test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
90 test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' 90 test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
91 test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run' 91 test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run'
92-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' 92-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
93  93
94 if test X"$INIT_SCRIPT" != X""; then 94 if test X"$INIT_SCRIPT" != X""; then
95 ac_config_files="$ac_config_files etc/init.d/$INIT_SCRIPT" 95 ac_config_files="$ac_config_files etc/init.d/$INIT_SCRIPT"