summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorspz <spz>2014-03-08 20:33:47 +0000
committerspz <spz>2014-03-08 20:33:47 +0000
commit6c980203f9907b70d91d49ee19b3d0bda155f88a (patch)
treecbdd53da5d43f3087393c597bdc4102b70494a9a
parenta0386bec81ba6399c680372140207c076c927838 (diff)
downloadpkgsrc-6c980203f9907b70d91d49ee19b3d0bda155f88a.tar.gz
Pullup ticket #4337 - requested by kim
security/sudo: security update Revisions pulled up: - security/sudo/Makefile 1.142 - security/sudo/distinfo 1.81 - security/sudo/patches/patch-af 1.31 - security/sudo/patches/patch-ag 1.22 - security/sudo/patches/patch-logging.c 1.4 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: kim Date: Sat Mar 8 11:51:56 UTC 2014 Modified Files: pkgsrc/security/sudo: Makefile distinfo pkgsrc/security/sudo/patches: patch-af patch-ag patch-logging.c Log Message: Upgrade to address CVE-2014-0106 http://www.sudo.ws/sudo/alerts/env_add.html What's new in Sudo 1.7.10p8? * Sudo's exit code now indicates a failure if the user does not successfully authenticate. * On HP-UX systems, sudo will now use the pstat() function to determine the tty instead of ttyname(). * Fixed compilation when --without-iologdir configure option is specified. * On systems with BSD login classes, if the user specified a group (not a user) to run the command as, it was possible to specify a different login class even when the command was not run as the super user. * The closefrom() emulation on Mac OS X now uses /dev/fd if possible. It also now sets the close on exec flag instead of actually closing the descriptors to avoid a crash in libdispatch. * The sudoers plugin will now ignore invalid domain names when checking netgroup membership. Most Linux systems use the string "(none)" for the NIS-style domain name instead of an empty string. * Fixed the logic when checking environment variables on the command line against the env_check and env_delete blacklists. This is only a problem when env_reset is disabled in sudoers. To generate a diff of this commit: cvs rdiff -u -r1.141 -r1.142 pkgsrc/security/sudo/Makefile cvs rdiff -u -r1.80 -r1.81 pkgsrc/security/sudo/distinfo cvs rdiff -u -r1.30 -r1.31 pkgsrc/security/sudo/patches/patch-af cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/sudo/patches/patch-ag cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/sudo/patches/patch-logging.c
-rw-r--r--security/sudo/Makefile5
-rw-r--r--security/sudo/distinfo14
-rw-r--r--security/sudo/patches/patch-af16
-rw-r--r--security/sudo/patches/patch-ag20
-rw-r--r--security/sudo/patches/patch-logging.c8
5 files changed, 32 insertions, 31 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index 4654bcb2d24..62086dc3ded 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.140 2013/03/01 14:24:57 kim Exp $
+# $NetBSD: Makefile,v 1.140.8.1 2014/03/08 20:33:47 spz Exp $
#
-DISTNAME= sudo-1.7.10p7
+DISTNAME= sudo-1.7.10p8
+#PKGREVISION= 0
CATEGORIES= security
MASTER_SITES= http://www.sudo.ws/dist/ \
ftp://ftp.sudo.ws/pub/sudo/ \
diff --git a/security/sudo/distinfo b/security/sudo/distinfo
index 89286c5b5fd..2c0f9f87500 100644
--- a/security/sudo/distinfo
+++ b/security/sudo/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.80 2013/07/26 10:48:22 ryoon Exp $
+$NetBSD: distinfo,v 1.80.4.1 2014/03/08 20:33:47 spz Exp $
-SHA1 (sudo-1.7.10p7.tar.gz) = b5beb1a470d1f03b3940aff612f5089244dd773a
-RMD160 (sudo-1.7.10p7.tar.gz) = 171e54506c30a85fa642070332db012aba4a6203
-Size (sudo-1.7.10p7.tar.gz) = 1217508 bytes
+SHA1 (sudo-1.7.10p8.tar.gz) = deb83d8ba8f15f70c134c3f3a74e750925aa9f59
+RMD160 (sudo-1.7.10p8.tar.gz) = de3594843c006f7d5d3b21c79dd4115b4823b19d
+Size (sudo-1.7.10p8.tar.gz) = 1220987 bytes
SHA1 (patch-aa) = 0c9c173a26ea72dd06a7d3947a0b3ba6dc00cf40
-SHA1 (patch-af) = 463b1653f3015d08cd4c03b7f29d206d96aa1cc0
-SHA1 (patch-ag) = e0d9efd8afeda339d9cd186ffd6f644b15e8b213
-SHA1 (patch-logging.c) = 26608d7423b77f71f17b37cc87f4b2e75978d7cb
+SHA1 (patch-af) = 3462525bd0863ec5f957173a10839aed2b7cbb69
+SHA1 (patch-ag) = 86f9838045f2bed7eb8e4271553c510be31b7d6b
+SHA1 (patch-logging.c) = a16a9c6020a79cc378c3cfd1c6a1abd2326c8e6d
diff --git a/security/sudo/patches/patch-af b/security/sudo/patches/patch-af
index 6e8221eee3f..cf19fe3693f 100644
--- a/security/sudo/patches/patch-af
+++ b/security/sudo/patches/patch-af
@@ -1,4 +1,4 @@
-$NetBSD: patch-af,v 1.30 2013/07/26 10:48:22 ryoon Exp $
+$NetBSD: patch-af,v 1.30.4.1 2014/03/08 20:33:47 spz Exp $
* Add "--with-nbsdops" option, NetBSD standard options.
* Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,9 @@ $NetBSD: patch-af,v 1.30 2013/07/26 10:48:22 ryoon Exp $
functions (HAVE_KRB5_*).
* Remove setting sysconfdir to "/etc".
---- configure.in.orig 2013-02-21 15:43:17.000000000 +0000
-+++ configure.in
-@@ -330,6 +330,18 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi
+--- configure.in.orig 2014-03-05 08:08:53.000000000 -0500
++++ configure.in 2014-03-08 06:35:19.000000000 -0500
+@@ -330,6 +330,18 @@
;;
esac])
@@ -28,7 +28,7 @@ $NetBSD: patch-af,v 1.30 2013/07/26 10:48:22 ryoon Exp $
AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
-@@ -1725,7 +1737,7 @@ case "$host" in
+@@ -1726,7 +1738,7 @@
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
@@ -37,7 +37,7 @@ $NetBSD: patch-af,v 1.30 2013/07/26 10:48:22 ryoon Exp $
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
-@@ -2015,7 +2027,7 @@ SUDO_MAILDIR
+@@ -2016,7 +2028,7 @@
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
case "$OS" in
@@ -46,7 +46,7 @@ $NetBSD: patch-af,v 1.30 2013/07/26 10:48:22 ryoon Exp $
;;
esac
])
-@@ -2634,6 +2646,8 @@ if test ${with_kerb5-'no'} != "no"; then
+@@ -2635,6 +2647,8 @@
])
AUTH_OBJS="$AUTH_OBJS kerb5.o"
fi
@@ -55,7 +55,7 @@ $NetBSD: patch-af,v 1.30 2013/07/26 10:48:22 ryoon Exp $
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDO_LIBS}"
AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
-@@ -3167,7 +3181,6 @@ test "$datarootdir" = '${prefix}/share'
+@@ -3168,7 +3182,6 @@
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
diff --git a/security/sudo/patches/patch-ag b/security/sudo/patches/patch-ag
index baf72eab0c4..c9aea26b30c 100644
--- a/security/sudo/patches/patch-ag
+++ b/security/sudo/patches/patch-ag
@@ -1,4 +1,4 @@
-$NetBSD: patch-ag,v 1.21 2013/07/26 10:48:22 ryoon Exp $
+$NetBSD: patch-ag,v 1.21.4.1 2014/03/08 20:33:47 spz Exp $
* Add "--with-nbsdops" option, NetBSD standard options.
* Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,9 @@ $NetBSD: patch-ag,v 1.21 2013/07/26 10:48:22 ryoon Exp $
functions (HAVE_KRB5_*).
* Remove setting sysconfdir to "/etc".
---- configure.orig 2013-02-21 15:43:29.000000000 +0000
-+++ configure
-@@ -1484,7 +1484,7 @@ Fine tuning of the installation director
+--- configure.orig 2014-03-05 08:09:14.000000000 -0500
++++ configure 2014-03-08 06:35:19.000000000 -0500
+@@ -1484,7 +1484,7 @@
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
@@ -18,7 +18,7 @@ $NetBSD: patch-ag,v 1.21 2013/07/26 10:48:22 ryoon Exp $
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
-@@ -1569,6 +1569,7 @@ Optional Packages:
+@@ -1569,6 +1569,7 @@
--with-libraries additional libraries to link with
--with-efence link with -lefence for malloc() debugging
--with-csops add CSOps standard options
@@ -26,7 +26,7 @@ $NetBSD: patch-ag,v 1.21 2013/07/26 10:48:22 ryoon Exp $
--without-passwd don't use passwd/shadow file for authentication
--with-skey=DIR enable S/Key support
--with-opie=DIR enable OPIE support
-@@ -3959,6 +3960,22 @@ $as_echo "$as_me: WARNING: Ignoring unkn
+@@ -3959,6 +3960,22 @@
esac
fi
@@ -49,7 +49,7 @@ $NetBSD: patch-ag,v 1.21 2013/07/26 10:48:22 ryoon Exp $
# Check whether --with-passwd was given.
-@@ -14233,7 +14250,7 @@ fi
+@@ -14244,7 +14261,7 @@
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
@@ -58,7 +58,7 @@ $NetBSD: patch-ag,v 1.21 2013/07/26 10:48:22 ryoon Exp $
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
-@@ -15632,7 +15649,7 @@ if test "x$ac_cv_header_login_cap_h" = x
+@@ -15643,7 +15660,7 @@
_ACEOF
LOGINCAP_USAGE='[-c class|-] '; LCMAN=1
case "$OS" in
@@ -67,7 +67,7 @@ $NetBSD: patch-ag,v 1.21 2013/07/26 10:48:22 ryoon Exp $
;;
esac
-@@ -18569,6 +18586,8 @@ fi
+@@ -18580,6 +18597,8 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
AUTH_OBJS="$AUTH_OBJS kerb5.o"
fi
@@ -76,7 +76,7 @@ $NetBSD: patch-ag,v 1.21 2013/07/26 10:48:22 ryoon Exp $
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDO_LIBS}"
for ac_func in krb5_verify_user krb5_init_secure_context
-@@ -20313,7 +20332,6 @@ test "$datarootdir" = '${prefix}/share'
+@@ -20324,7 +20343,6 @@
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
diff --git a/security/sudo/patches/patch-logging.c b/security/sudo/patches/patch-logging.c
index b60bc562f71..186b3359673 100644
--- a/security/sudo/patches/patch-logging.c
+++ b/security/sudo/patches/patch-logging.c
@@ -1,11 +1,11 @@
-$NetBSD: patch-logging.c,v 1.3 2011/09/18 14:18:25 ryoon Exp $
+$NetBSD: patch-logging.c,v 1.3.20.1 2014/03/08 20:33:47 spz Exp $
Make sure CODESET is actually defined, for the sake of
old NetBSD versions
---- logging.c.orig 2011-08-13 17:32:04 +0000
-+++ logging.c
-@@ -573,7 +573,7 @@ send_mail(fmt, va_alist)
+--- logging.c.orig 2013-03-01 11:08:30.000000000 -0500
++++ logging.c 2014-03-08 06:35:19.000000000 -0500
+@@ -691,7 +691,7 @@
(void) fputc(*p, mail);
}