sudo: updated to 1.9.7 What's new in Sudo 1.9.7 * The "fuzz" Makefile target now runs all the fuzzers for 8192 passes (can be overridden via the FUZZ_RUNS variable). This makes it easier to run the fuzzers in-tree. To run a fuzzer indefinitely, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz". * Fixed fuzzing on FreeBSD where the ld.lld linker returns an error by default when a symbol is multiply-defined. * Added support for determining local IPv6 addresses on systems that lack the getifaddrs() function. This now works on AIX, HP-UX and Solaris (at least). * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to report a usage error. Also, when invoked as sudoedit, sudo now allows a more restricted set of options that matches the usage statement and documentation. * Fixed a crash in sudo_sendlog when the specified certificate or key does not exist or is invalid. * Fixed a compilation error when sudo is configured with the --disable-log-client option. * Sudo's limited support for SUCCESS=return entries in nsswitch.conf is now documented. * Sudo now requires autoconf 2.70 or higher to regenerate the configure script. * sudo_logsrvd now has a relay mode which can be used to create a hierarchy of log servers. By default, when a relay server is defined, messages from the client are forwarded immediately to the relay. However, if the "store_first" setting is enabled, the log will be stored locally until the command completes and then relayed. * Sudo now links with OpenSSL by default if it is available unless the --disable-openssl configure option is used or both the --disable-log-client and --disable-log-server configure options are specified. * Fixed configure's Python version detection when the version minor number is more than a single digit, for example Python 3.10. * The sudo Python module tests now pass for Python 3.10. * Sudo will now avoid changing the datasize resource limit as long as the existing value is at least 1GB. This works around a problem on 64-bit HP-UX where it is not possible to exactly restore the original datasize limit. * Fixed a race condition that could result in a hang when sudo is executed by a process where the SIGCHLD handler is set to SIG_IGN. * Fixed an out-of-bounds read in sudoedit and visudo when the EDITOR, VISUAL or SUDO_EDITOR environment variables end in an unescaped backslash. Also fixed the handling of quote characters that are escaped by a backslash. * Fixed a bug that prevented the "log_server_verify" sudoers option from taking effect. * The sudo_sendlog utility has a new -s option to cause it to stop sending I/O records after a user-specified elapsed time. This can be used to test the I/O log restart functionality of sudo_logsrvd. * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when attempting to restart an interrupted I/O log transfer. * The TLS connection timeout in the sudoers log client was previously hard-coded to 10 seconds. It now uses the value of log_server_timeout. * The configure script now outputs a summary of the user-configurable options at the end, separate from output of configure script tests. * Corrected the description of which groups may be specified via the -g option in the Runas_Spec section.diff -r1.184 -r1.185 pkgsrc/security/sudo/Makefile
(adam)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.184 2021/03/18 08:57:48 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.185 2021/05/27 05:40:44 adam Exp $ | |
2 | 2 | |||
3 | DISTNAME= sudo-1.9.6p1 | 3 | DISTNAME= sudo-1.9.7 | |
4 | CATEGORIES= security | 4 | CATEGORIES= security | |
5 | MASTER_SITES= https://www.sudo.ws/dist/ | 5 | MASTER_SITES= https://www.sudo.ws/dist/ | |
6 | MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ | 6 | MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ | |
7 | MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ | 7 | MASTER_SITES+= ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ | |
8 | MASTER_SITES+= http://ftp.twaren.net/Unix/Security/Sudo/ | 8 | MASTER_SITES+= http://ftp.twaren.net/Unix/Security/Sudo/ | |
9 | MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/ | 9 | MASTER_SITES+= http://ftp.tux.org/pub/security/sudo/ | |
10 | 10 | |||
11 | MAINTAINER= pkgsrc-users@NetBSD.org | 11 | MAINTAINER= pkgsrc-users@NetBSD.org | |
12 | HOMEPAGE= https://www.sudo.ws/ | 12 | HOMEPAGE= https://www.sudo.ws/ | |
13 | COMMENT= Allow others to run commands as root | 13 | COMMENT= Allow others to run commands as root | |
14 | LICENSE= isc AND modified-bsd | 14 | LICENSE= isc AND modified-bsd | |
15 | 15 | |||
16 | USE_LIBTOOL= yes | 16 | USE_LIBTOOL= yes |
@@ -1,12 +1,12 @@ | @@ -1,12 +1,12 @@ | |||
1 | $NetBSD: distinfo,v 1.115 2021/03/18 08:57:48 adam Exp $ | 1 | $NetBSD: distinfo,v 1.116 2021/05/27 05:40:44 adam Exp $ | |
2 | 2 | |||
3 | SHA1 (sudo-1.9.6p1.tar.gz) = c83e90c50f79004922a6fc5229601fe121d52f50 | 3 | SHA1 (sudo-1.9.7.tar.gz) = e439530f86550c495a8d066a140a0230cbba1874 | |
4 | RMD160 (sudo-1.9.6p1.tar.gz) = 638da407f15c36debf6bce797f7a6f10caf6c0df | 4 | RMD160 (sudo-1.9.7.tar.gz) = 3ef3c559c5f90d52406e92c5ce71f09c12c4a82c | |
5 | SHA512 (sudo-1.9.6p1.tar.gz) = 632dfe72f04ce9a7a5a7236fcd5c09ce4535e695ced49d24dd848e3a7b1bea7380df44188b9e475af4271069539b5a5816948a98fbb0649ebebaba8b4c4b7745 | 5 | SHA512 (sudo-1.9.7.tar.gz) = 53e9f18f6c0acd4f80c0cd695cd23781310e9edd305d1b3ea19653efa3fd7faba149daef0ba4953615b140a8816bc980c9bd8d28545dd8db98075abf11b63e61 | |
6 | Size (sudo-1.9.6p1.tar.gz) = 4119888 bytes | 6 | Size (sudo-1.9.7.tar.gz) = 4194242 bytes | |
7 | SHA1 (patch-Makefile.in) = e8813e1aa208d9ef6304038328504a5402341560 | 7 | SHA1 (patch-Makefile.in) = 1a83c55d27829013e2e23073046c5c39b020fafe | |
8 | SHA1 (patch-configure) = 162f6f3ac244f2ea0c3cc06884079fbceff276ca | 8 | SHA1 (patch-configure) = 375f43b8555f4e8fe2c4c1529c20abc1f550fa5c | |
9 | SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409 | 9 | SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409 | |
10 | SHA1 (patch-logsrvd_Makefile.in) = b3672406368384dfbfe7ef3e6fcd141d43cbc026 | 10 | SHA1 (patch-logsrvd_Makefile.in) = b3672406368384dfbfe7ef3e6fcd141d43cbc026 | |
11 | SHA1 (patch-plugins_sudoers_Makefile.in) = d2981bb9841f6bb4b1c80f5c2f2727fbf9579501 | 11 | SHA1 (patch-plugins_sudoers_Makefile.in) = d2981bb9841f6bb4b1c80f5c2f2727fbf9579501 | |
12 | SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39 | 12 | SHA1 (patch-src_Makefile.in) = 8959049bc428f592f84de1cad1a898c07c6e6b39 |
@@ -1,25 +1,24 @@ | @@ -1,25 +1,24 @@ | |||
1 | $NetBSD: patch-Makefile.in,v 1.2 2019/12/28 20:43:56 kim Exp $ | 1 | $NetBSD: patch-Makefile.in,v 1.3 2021/05/27 05:40:45 adam Exp $ | |
2 | 2 | |||
3 | Don't setuid here. | 3 | Don't setuid here. | |
4 | 4 | |||
5 | --- Makefile.in.orig 2019-10-28 15:51:30.000000000 +0200 | 5 | --- Makefile.in.orig 2021-05-11 20:54:52.000000000 +0000 | |
6 | +++ Makefile.in 2019-12-28 21:41:28.028886752 +0200 | 6 | +++ Makefile.in | |
7 | @@ -64,7 +64,8 @@ | 7 | @@ -73,7 +73,7 @@ SHELL = @SHELL@ | |
8 | SED = @SED@ | 8 | SED = @SED@ | |
9 | 9 | |||
10 | INSTALL = $(SHELL) $(top_srcdir)/install-sh -c | 10 | INSTALL = $(SHELL) $(scriptdir)/install-sh -c | |
11 | -INSTALL_OWNER = -o $(install_uid) -g $(install_gid) | 11 | -INSTALL_OWNER = -o $(install_uid) -g $(install_gid) | |
12 | +#INSTALL_OWNER = -o $(install_uid) -g $(install_gid) | |||
13 | +INSTALL_OWNER = | 12 | +INSTALL_OWNER = | |
14 | 13 | |||
15 | ECHO_N = @ECHO_N@ | 14 | ECHO_N = @ECHO_N@ | |
16 | ECHO_C = @ECHO_C@ | 15 | ECHO_C = @ECHO_C@ | |
17 | @@ -165,7 +166,7 @@ | 16 | @@ -186,7 +186,7 @@ install-doc: config.status ChangeLog | |
18 | exit $$?; \ | 17 | exit $$?; \ | |
19 | done | 18 | done | |
20 | 19 | |||
21 | -install: config.status ChangeLog pre-install install-nls | 20 | -install: config.status ChangeLog pre-install install-nls | |
22 | +install: config.status ChangeLog install-nls | 21 | +install: config.status ChangeLog install-nls | |
23 | for d in $(SUBDIRS); do \ | 22 | for d in $(SUBDIRS); do \ | |
24 | (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \ | 23 | (cd $$d && exec $(MAKE) "INSTALL_OWNER=$(INSTALL_OWNER)" $@) && continue; \ | |
25 | exit $$?; \ | 24 | exit $$?; \ |
@@ -1,95 +1,95 @@ | @@ -1,95 +1,95 @@ | |||
1 | $NetBSD: patch-configure,v 1.6 2021/03/18 08:57:48 adam Exp $ | 1 | $NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $ | |
2 | 2 | |||
3 | * Add "--with-nbsdops" option, NetBSD standard options. | 3 | * Add "--with-nbsdops" option, NetBSD standard options. | |
4 | * Link with util(3) in the case of DragonFly, too. | 4 | * Link with util(3) in the case of DragonFly, too. | |
5 | * When specified "--with-kerb5" option, test existence of several functions | 5 | * When specified "--with-kerb5" option, test existence of several functions | |
6 | even if there is krb5-config. krb5-config dosen't give all definitions for | 6 | even if there is krb5-config. krb5-config dosen't give all definitions for | |
7 | functions (HAVE_KRB5_*). | 7 | functions (HAVE_KRB5_*). | |
8 | * Remove setting sysconfdir to "/etc". | 8 | * Remove setting sysconfdir to "/etc". | |
9 | 9 | |||
10 | --- configure.orig 2021-03-15 16:50:00.000000000 +0000 | 10 | --- configure.orig 2021-05-11 20:54:52.000000000 +0000 | |
11 | +++ configure | 11 | +++ configure | |
12 | @@ -920,6 +920,7 @@ with_libpath | 12 | @@ -920,6 +920,7 @@ with_incpath | |
13 | with_libpath | |||
13 | with_libraries | 14 | with_libraries | |
14 | with_efence | |||
15 | with_csops | 15 | with_csops | |
16 | +with_nbsdops | 16 | +with_nbsdops | |
17 | with_passwd | 17 | with_passwd | |
18 | with_skey | 18 | with_skey | |
19 | with_opie | 19 | with_opie | |
20 | @@ -1652,7 +1653,7 @@ Fine tuning of the installation director | 20 | @@ -1653,7 +1654,7 @@ Fine tuning of the installation director | |
21 | --bindir=DIR user executables [EPREFIX/bin] | 21 | --bindir=DIR user executables [EPREFIX/bin] | |
22 | --sbindir=DIR system admin executables [EPREFIX/sbin] | 22 | --sbindir=DIR system admin executables [EPREFIX/sbin] | |
23 | --libexecdir=DIR program executables [EPREFIX/libexec] | 23 | --libexecdir=DIR program executables [EPREFIX/libexec] | |
24 | - --sysconfdir=DIR read-only single-machine data [/etc] | 24 | - --sysconfdir=DIR read-only single-machine data [/etc] | |
25 | + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | 25 | + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | |
26 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | 26 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | |
27 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | 27 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | |
28 | --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] | 28 | --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] | |
29 | @@ -1776,6 +1777,7 @@ Optional Packages: | 29 | @@ -1776,6 +1777,7 @@ Optional Packages: | |
30 | --with-libpath additional places to look for libraries | |||
30 | --with-libraries additional libraries to link with | 31 | --with-libraries additional libraries to link with | |
31 | --with-efence link with -lefence for malloc() debugging | |||
32 | --with-csops add CSOps standard options | 32 | --with-csops add CSOps standard options | |
33 | + --with-nbsdops add NetBSD standard options | 33 | + --with-nbsdops add NetBSD standard options | |
34 | --without-passwd don't use passwd/shadow file for authentication | 34 | --without-passwd don't use passwd/shadow file for authentication | |
35 | --with-skey[=DIR] enable S/Key support | 35 | --with-skey[=DIR] enable S/Key support | |
36 | --with-opie[=DIR] enable OPIE support | 36 | --with-opie[=DIR] enable OPIE support | |
37 | @@ -5203,6 +5205,23 @@ fi | 37 | @@ -5184,6 +5186,23 @@ fi | |
38 | 38 | |||
39 | 39 | |||
40 | 40 | |||
41 | +# Check whether --with-nbsdops was given. | 41 | +# Check whether --with-nbsdops was given. | |
42 | +if test "${with_nbsdops+set}" = set; then : | 42 | +if test "${with_nbsdops+set}" = set; then : | |
43 | + withval=$with_nbsdops; case $with_nbsdops in | 43 | + withval=$with_nbsdops; case $with_nbsdops in | |
44 | + yes) echo 'Adding NetBSD standard options' | 44 | + yes) echo 'Adding NetBSD standard options' | |
45 | + CHECKSIA=false | 45 | + CHECKSIA=false | |
46 | + with_ignore_dot=yes | 46 | + with_ignore_dot=yes | |
47 | + with_env_editor=yes | 47 | + with_env_editor=yes | |
48 | + with_tty_tickets=yes | 48 | + with_tty_tickets=yes | |
49 | + ;; | 49 | + ;; | |
50 | + no) ;; | 50 | + no) ;; | |
51 | + *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" | 51 | + *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" | |
52 | + ;; | 52 | + ;; | |
53 | +esac | 53 | +esac | |
54 | +fi | 54 | +fi | |
55 | + | 55 | + | |
56 | + | 56 | + | |
57 | + | 57 | + | |
58 | # Check whether --with-passwd was given. | 58 | # Check whether --with-passwd was given. | |
59 | if test ${with_passwd+y} | 59 | if test ${with_passwd+y} | |
60 | then : | 60 | then : | |
61 | @@ -16699,7 +16718,7 @@ fi | 61 | @@ -16373,7 +16392,7 @@ fi | |
62 | : ${mansectsu='1m'} | 62 | : ${mansectsu='1m'} | |
63 | : ${mansectform='4'} | 63 | : ${mansectform='4'} | |
64 | ;; | 64 | ;; | |
65 | - *-*-linux*|*-*-k*bsd*-gnu) | 65 | - *-*-linux*|*-*-k*bsd*-gnu) | |
66 | + *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd) | 66 | + *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd) | |
67 | shadow_funcs="getspnam" | 67 | shadow_funcs="getspnam" | |
68 | test -z "$with_pam" && AUTH_EXCL_DEF="PAM" | 68 | test -z "$with_pam" && AUTH_EXCL_DEF="PAM" | |
69 | # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h | 69 | # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h | |
70 | @@ -18732,7 +18751,7 @@ then : | 70 | @@ -18253,7 +18272,7 @@ then : | |
71 | printf "%s\n" "#define HAVE_LOGIN_CAP_H 1" >>confdefs.h | |||
72 | LOGINCAP_USAGE='[-c class] '; LCMAN=1 | 71 | LOGINCAP_USAGE='[-c class] '; LCMAN=1 | |
72 | with_logincap=yes | |||
73 | case "$OS" in | 73 | case "$OS" in | |
74 | - freebsd*|netbsd*) | 74 | - freebsd*|netbsd*) | |
75 | + dragonfly*|freebsd*|netbsd*) | 75 | + dragonfly*|freebsd*|netbsd*) | |
76 | SUDO_LIBS="${SUDO_LIBS} -lutil" | 76 | SUDO_LIBS="${SUDO_LIBS} -lutil" | |
77 | SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" | 77 | SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" | |
78 | ;; | 78 | ;; | |
79 | @@ -25528,6 +25547,8 @@ fi | 79 | @@ -25171,6 +25190,8 @@ fi | |
80 | rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext | 80 | rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext | |
81 | AUTH_OBJS="$AUTH_OBJS kerb5.lo" | 81 | AUTH_OBJS="$AUTH_OBJS kerb5.lo" | |
82 | fi | 82 | fi | |
83 | +fi | 83 | +fi | |
84 | +if test ${with_kerb5-'no'} != "no"; then | 84 | +if test ${with_kerb5-'no'} != "no"; then | |
85 | _LIBS="$LIBS" | 85 | _LIBS="$LIBS" | |
86 | LIBS="${LIBS} ${SUDOERS_LIBS}" | 86 | LIBS="${LIBS} ${SUDOERS_LIBS}" | |
87 | ac_fn_c_check_func "$LINENO" "krb5_verify_user" "ac_cv_func_krb5_verify_user" | 87 | ac_fn_c_check_func "$LINENO" "krb5_verify_user" "ac_cv_func_krb5_verify_user" | |
88 | @@ -29695,7 +29716,6 @@ test "$docdir" = '${datarootdir}/doc/${P | 88 | @@ -29359,7 +29380,6 @@ test "$docdir" = '${datarootdir}/doc/${P | |
89 | test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' | 89 | test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' | |
90 | test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' | 90 | test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' | |
91 | test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run' | 91 | test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run' | |
92 | -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' | 92 | -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' | |
93 | 93 | |||
94 | if test X"$INIT_SCRIPT" != X""; then | 94 | if test X"$INIT_SCRIPT" != X""; then | |
95 | ac_config_files="$ac_config_files etc/init.d/$INIT_SCRIPT" | 95 | ac_config_files="$ac_config_files etc/init.d/$INIT_SCRIPT" |