1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-12 03:00:28 +00:00
Commit Graph

121 Commits

Author SHA1 Message Date
Wesley Shields
709352e71b - Update to 1.7.2p5. Security fix (1.7.2p4) and general bug fixes beyond that.
Security:	018a84d0-2548-11df-b4a3-00e0815b8da8
Feature safe:	yes
2010-03-01 17:48:13 +00:00
Wesley Shields
e113e4d1e0 - Fix options screen to have a shorter description.
Noticed by:	garga@
2010-01-05 14:57:17 +00:00
Wesley Shields
832bd25271 - Update to 1.7.2.2
- Mark jobs safe
- Cleanup whitespace in OPTIONS
- [1] Add ability to specify syslog facility at build time (defaults to local2,
  no functional change)
- [2] Add ability to specify ldap configuration file (defaults to
  ${PREFIX}/etc/ldap.conf, no functional change)

PR:		[2]: ports/127822
Submitted by:	[1]: skreuzer@ (private mail)
		[2]: Sergey Skvortsov <skv@freebsd.org>
2010-01-04 21:28:22 +00:00
Wesley Shields
43292fa6ae - Take maintainer. Thanks Tom for all your hard work on this.
Approved by:	tmclaugh
2009-10-12 17:55:26 +00:00
Tom McLaughlin
32058bb987 Add OPTIONS for WITH_DISABLE_ROOT_SUDO, WITH_DISABLE_AUTH, and
WITH_NOARGS_SHELL

Submitted by:	Scott Fultz
2009-06-12 00:46:49 +00:00
Tom McLaughlin
a2745142d5 Security update for sudo to 1.6.9p20 for CVE 2009-0034
Changes:
- Only use the cached supplementory group vector when matching groups
  for the invoking user. (security)
- When setting the umask, use the union of the user's umask and the
  default value set in sudoers so that we never lower the user's umask
  when running a command.
- Sudo now operates in the C locale again when doing a match against
  sudoers.

PR:		131446
Submitted by:	Eygene Ryabinkin
Security:	vid:13d6d997-f455-11dd-8516-001b77d09812
2009-02-06 19:35:46 +00:00
Tom McLaughlin
fe81eb3aa4 - Add FTP_PASSIVE_MODE to example env_keep line for pkg utilities and fetch.
Suggested by:	koitsu
2008-10-11 20:39:03 +00:00
Rong-En Fan
741aa71483 Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk
 - Remove CONFIGURE_TARGET hack in various bsd.*.mk
 - USE_GNOME=gnometarget is now an no-op

Changes to individual ports, other than removing the CONFIGURE_TARGET hack:

= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
  - comms/gnuradio
  - science/abinit
  - science/elmer-fem
  - science/elmer-matc
  - science/elmer-meshgen2d
  - science/elmerfront
  - science/elmerpost

= use x86_64 as ARCH
  - devel/g-wrap

= other changes
  - print/magicfilter
    GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf

Total # of ports modified:  1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)

PR:		126524 (obsoletes 52917)
Submitted by:	rafan
Tested on:	two pointyhat 7-amd64 exp runs (by pav)
Approved by:	portmgr (pav)
2008-08-21 06:18:49 +00:00
Tom McLaughlin
1693e5d070 - Update to 1.6.9p17
* the -i flag implies resetting the environment as it did prior to
  1.6.9.  The -i and -E flags are now mutually-exclusive.
2008-07-06 23:20:05 +00:00
Tom McLaughlin
4428c726c5 - Fix pkg-plist, libtool archive is no longer installed.
Prompted by:	pavmail
2008-04-10 14:00:22 +00:00
Tom McLaughlin
e19088e1c6 - Update to 1.6.9p15
* The HOME environment variable is once again preserved by default, as per
  the documentation.

- Finally remember to fix the $FreeBSD$ line in pam file.
2008-04-09 16:44:28 +00:00
Tom McLaughlin
cbaf0981e1 - Update to 1.6.9p14
* Check sudoers even if user is found in LDAP so Defaults can take
  effect.
* Fix crash when pam_lastlog is (incorrectly) usesd in session section
  of PAM file.
2008-03-09 20:51:31 +00:00
Tom McLaughlin
2b5f91b8a7 Update to 1.6.9p12
Changes:
- The ALL command in sudoers now implies SETENV permissions.
- The command search is now performed using the target user's auxiliary
  group vector too.
- Various LDAP code improvements.
- Added passprompt_override flag to sudoers to cause sudo's prompt to be
  used in all cases.  Also set when the -p flag is used.
- New %p prompt escape that expands to the user whose password is being
  prompted, as specified by the rootpw, targetpw and runaspw sudoers
  flags.
2008-01-28 06:29:03 +00:00
Tom McLaughlin
f280695adb - Make fetchable again. Add my MASTER_SITE_LOCAL to the mix and replace
a number of outdated sites.

Notified by:	Ferenc Gartner
Approved by:	portmgr (linimon, erwin)
2007-11-12 01:21:19 +00:00
Tom McLaughlin
6bd9501dcd Update to 1.6.9p6
- Sudo now only prints the password prompt if the process is in the
  foreground.
2007-10-23 00:46:44 +00:00
Tom McLaughlin
9d5bfc0d23 Update to 1.6.9p5:
- Fixed a bug in the IP address matching introduced by the IPV6 merge.
- Fixed sudoedit when used on a non-existent file.
- Groups and netgroups are now valid in an LDAP sudoRunas statement.
2007-09-17 14:55:13 +00:00
Tom McLaughlin
3c005206b9 Install schema.OpenLDAP into DOCSDIR.
Prompted by:	flz
2007-09-03 17:13:29 +00:00
Tom McLaughlin
f384e1030f Update to 1.6.9p4
- IPv6 support added.
- Added notes to default sudoers for handling environmental variables
  related to our pkg_* tools and portupgrade.
2007-08-27 19:40:48 +00:00
Tom McLaughlin
70b0d9b221 - Work around broken configure script and explicitly set location of
sudo_noexec.so to unbreak NOEXEC option. [1]
- Build using --with-secure-path if SUDO_SECURE_PATH is set when
  building the port.  SUDO_SECURE_PATH should be set to a PATH string.
  [2]
- Don't bother deleting sudo_noexec.la.  Deleting the file after it's
  installed is ugly and since it's not harmful it's not worth patching
  the install.
- Set CONFIGURE_TARGET.

PR:		115442 [1], 115381 [2]
Submitted by:	vd [1], Janos Mohacsi [2]
2007-08-13 00:14:15 +00:00
Tom McLaughlin
dcf4228f5c Fix session stack in default pam file. 2007-08-03 00:56:00 +00:00
Tom McLaughlin
fe44fea768 Update to 1.6.9p3
- Fixes bug related to supplemental group matching
2007-08-02 17:25:18 +00:00
Tom McLaughlin
a66bfc3e1b Update to 1.6.9p2
- Environment handling fix.
2007-07-30 15:01:47 +00:00
Tom McLaughlin
d2fa7c9224 Fix PORTVERSION
Noticed by:	ume
2007-07-27 01:00:55 +00:00
Tom McLaughlin
59a1468866 - Update to 1.6.9p1
* Worked around a bug in some PAM implementations that caused a crash
    when no tty was present.
  * Fixed a crash on some platforms in the error logging function.
- Change default pam session stack to pam_permit like su does [1]
- Grab maintainership

Sugested by:	des [1]
2007-07-26 15:53:40 +00:00
Tom McLaughlin
bc14907a9c - Fix segfault when there is no TTY when executing. [1]
- Temporarilly disable session entry in default pam file because
  pam_lastlog causes users to appear as though they have logged out in
  system logs. [2]

Reported by:	yarodin@gmail.com [1], Paul Fraser <pfraser@gmail.com> [2]
Submitted by:	Todd Miller [1]
2007-07-23 03:54:05 +00:00
Tom McLaughlin
ff833c5c46 Update to 1.6.9
Application changes:
- PAM, since present, is used by default.
- Environment variable handling has changed significantly.
- Sudo checks the user's supplemental group vector so nsswitch order is
  no longer important for group based rules.
(See UPGRADE and CHANGING under share/doc/sudo/ for more.)

Port changes:
- PAM file is no longer clobered on reinstall.
- OPIE option has been removed due to PAM being used by default.
- Selected documentation is now installed.
2007-07-21 03:15:13 +00:00
Andrew Pantyukhin
94dc59ba04 - Add an option to enable insults
Submitted by:	Dan Casey <dcasey@debtresolve.com>
2007-05-02 18:47:16 +00:00
Dag-Erling Smørgrav
8e649aef1d Install a PAM policy, rather than just suggesting that the admin do so. 2007-04-10 12:47:09 +00:00
Mark Linimon
81e4371710 Reset mharo due to maintainer-timeouts and no response to PRs.
Hat:		portmgr
2007-03-23 09:47:31 +00:00
Michael Haro
79a697ea8a fix option text
Reported by: Nick Fishman <kwlogical@bellsouth.net>
2006-07-28 06:54:29 +00:00
Sergey Matveychuk
efe8790d70 - Add LDAP support (off by default)
- OPTIONS'fy
- Remove obsoleted USE_REINPLACE

PR:		ports/95598
Submitted by:	Dmitriy Kirhlarov <dkirhlarov@localhost.oilspace.com>
Approved by:	maintainer timeout (2 weeks)
2006-04-28 19:34:09 +00:00
Edwin Groothuis
32487a10ad SHA256ify
Approved by: krion@
2006-01-24 01:06:45 +00:00
Pav Lucistnik
e5eaf1bdf0 - Remove etc/sudoers on deinstall if user haven't modified it
PR:		ports/69288 (based on)
Approved by:	maintainer timeout (mharo; year and a half)
2005-12-17 22:12:41 +00:00
Michael Haro
5dd2875645 Upgrade to 1.6.8.12
PR:		88865
Submitted by:	Phil Oleson <oz@nixil.net>
2005-11-14 04:20:02 +00:00
Sergey A. Osokin
0e8964abd3 Security update to latest release: 1.6.8p9.
<Security Alert>
Summary:
A race condition in Sudo's command pathname handling prior
to Sudo version 1.6.8p9 that could allow a user with Sudo
privileges to run arbitrary commands.
Sudo versions affected:
Sudo versions 1.3.1 up to and including 1.6.8p8.
</Security Alert>

More information about this incident available at:
http://www.sudo.ws/sudo/alerts/path_race.html
2005-06-21 12:52:00 +00:00
Michael Haro
c667bf7bce Upgrade to 1.6.8p8 2005-04-15 15:06:08 +00:00
Michael Haro
9fed4385e1 update to 1.6.8p7 2005-02-07 18:46:42 +00:00
Michael Haro
25db4f48c1 Upgrade to 1.6.8p6 2005-01-08 19:56:10 +00:00
Michael Haro
318f8b4ac7 Update to 1.6.8p5 2004-11-30 01:22:23 +00:00
Michael Haro
e9bbcd1c30 Update to latest release of sudo 2004-11-18 02:17:47 +00:00
Peter Pentchev
79036c17e5 Update to sudo-1.6.3p8, which *really* includes the CDPATH fix, and
another one that does not directly affect FreeBSD (our _PATH_VARTMP
was fine before, too).

Approved by:	mharo (maintainer)
2004-11-17 11:50:07 +00:00
Michael Haro
86accaee7b strip out CDPATH
Submitted by:	Peter Pentchev <roam@ringlet.net>
2004-11-16 08:38:38 +00:00
Michael Haro
1c35bd9a4b Update to 1.6.8p2
o Bash exported functions and the CDPATH variable are now stripped from
   the environment passed to the program to be executed.
2004-11-12 21:19:00 +00:00
Michael Haro
100f75dcb3 Update to 1.6.8p1
Submitted by:	many people
Approved by:	portsmgr (marcus)
2004-09-19 05:31:33 +00:00
Michael Haro
41fc6dd01d Update to 1.6.8 2004-08-20 06:49:35 +00:00
Edwin Groothuis
12015b11c6 Undo yesterdays change after sysutils/porttools suddenly failed.
Kris (bento (noh! pointyhat)) reported it

PR:		ports/58387
2004-07-20 08:30:14 +00:00
Edwin Groothuis
708a7296c5 [PATCH] security/sudo: Utilize EXAMPLESDIR
Utilize EXAMPLESDIR to improves layout; i.e.,

	  configuration file        -> ${PREFIX}/etc
	  sample configuration file -> ${PREFIX}/share/examples/${PORTNAME}

	This change helps if many configuration files and sample ones exist.

PR:		ports/58387
Submitted by:	Hideyuki KURASHINA <rushani@FreeBSD.org>
2004-07-19 08:15:33 +00:00
Michael Haro
d8a2750f4a Add SIZE 2004-01-30 03:33:21 +00:00
Michael Haro
8833731add Add more MASTER_SITES and remove dead one 2003-12-17 03:43:37 +00:00
Michael Haro
3073850758 Add another MASTER_SITE
Submitted by:	"Michael Sharp" <ms@probsd.org>
2003-12-16 23:30:41 +00:00