./security/sudo, Allow others to run commands as root

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.8.30nb1, Package name: sudo-1.8.30nb1, Maintainer: pkgsrc-users

Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done.


Required to build:
[pkgtools/cwrappers]

Package options: skey

Master sites: (Expand)

SHA1: 5b30363d4b23ea7edfb882e7224e1fd1111dd106
RMD160: 853e704b1c60dff84e1b13bbdeca9c8ca4bed988
Filesize: 3270.952 KB

Version history: (Expand)


CVS history: (Expand)


   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2020-01-01 02:47:29 by Kimmo Suominen | Files touched by this commit (2) | Package updated
Log message:
Update to sudo 1.8.30

Notable changes:

* The version string no longer has the word "beta" in it.
   2019-12-28 21:43:56 by Kimmo Suominen | Files touched by this commit (14) | Package removed
Log message:
Update to sudo 1.8.30beta3

* Portability fixes from pkgsrc have been merged upstream

* Add runas_check_shell flag to require a runas user to have a valid
  shell. Not enabled by default.

* Add a new flag "allow_unknown_runas_id" to control matching of unknown
  IDs. Previous, sudo would always allow unknown user or group IDs if
  the sudoers entry permitted it. This included the "ALL" alias. With
  this change, the admin must explicitly enable support for unknown IDs.

* Transparently handle the "sudo sudoedit" problem. Some admin are
  confused about how to give users sudoedit permission and many users
  try to run sudoedit via sudo instead of directly. If the user runs
  "sudo sudoedit" sudo will now treat it as plain "sudoedit" \ 
after
  issuing a warning. If the admin has specified a fully-qualified path
  for sudoedit in sudoers, sudo will treat it as just "sudoedit" and
  match accordingly. In visudo (but not sudo), a fully-qualified path
  for sudoedit is now treated as an error.

* When restoring old resource limits, try to recover if we receive
  EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft
  limit is lower than the current resource usage. This can be a problem
  when restoring the old stack limit if sudo has raised it.

* Restore resource limits before executing the askpass program. Linux
  with docker seems to have issues executing a program when the stack
  size is unlimited. Bug #908

* macOS does not allow rlim_cur to be set to RLIM_INFINITY for
  RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS
  setrlimit manual. Bug #904

* Use 64-bit resource limits on AIX.
   2019-12-19 17:59:44 by Kimmo Suominen | Files touched by this commit (3)
Log message:
Don't touch RLIMIT_STACK for now, see https://gnats.netbsd.org/51158
   2019-12-18 16:56:11 by Kimmo Suominen | Files touched by this commit (4)
Log message:
Fix setrlimit(3): Invalid argument

The new code that unlimits many resources appears to have been problematic
on a number of fronts. Fetched the current version of src/limits.c from
the sudo hg repo. RLIMIT_STACK (i.e. "3") is no longer set to \ 
RLIM_INFINITY.

Added code to output the name of the limit instead of its number.
   2019-12-15 19:42:10 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
sudo: updated to 1.8.29

Major changes between version 1.8.29 and 1.8.28p1:

The cvtsudoers command will now reject non-LDIF input when converting from LDIF \ 
format to sudoers or JSON formats.
The new log_allowed and log_denied sudoers settings make it possible to disable \ 
logging and auditing of allowed and/or denied commands.
The umask is now handled differently on systems with PAM or login.conf. If the \ 
umask is explicitly set in sudoers, that value is used regardless of what PAM or \ 
login.conf may specify. However, if the umask is not explicitly set in sudoers, \ 
PAM or login.conf may now override the default sudoers umask.
For make install, the sudoers file is no longer checked for syntax errors when \ 
DESTDIR is set. The default sudoers file includes the contents of /etc/sudoers.d \ 
which may not be readable as non-root.
Sudo now sets most resource limits to their maximum value to avoid problems \ 
caused by insufficient resources, such as an inability to allocate memory or \ 
open files and pipes.
Fixed a regression introduced in sudo 1.8.28 where sudo would refuse to run if \ 
the parent process was not associated with a session. This was due to sudo \ 
passing a session ID of -1 to the plugin.
   2019-11-04 22:13:04 by Roland Illig | Files touched by this commit (118)
Log message:
security: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-10-31 15:43:13 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (2)
Log message:
sudo: add missing files in PLIST

pkgsrc changes:
---------------
* Add missing locale files in PLIST.
* Bump revision.