aboutsummaryrefslogtreecommitdiffstats
path: root/security/sudo
Commit message (Collapse)AuthorAgeFilesLines
* - Take maintainer. Thanks Tom for all your hard work on this.wxs2009-10-131-1/+1
| | | | Approved by: tmclaugh
* Add OPTIONS for WITH_DISABLE_ROOT_SUDO, WITH_DISABLE_AUTH, andtmclaugh2009-06-121-1/+16
| | | | | | WITH_NOARGS_SHELL Submitted by: Scott Fultz
* Security update for sudo to 1.6.9p20 for CVE 2009-0034tmclaugh2009-02-072-5/+5
| | | | | | | | | | | | | | | Changes: - Only use the cached supplementory group vector when matching groups for the invoking user. (security) - When setting the umask, use the union of the user's umask and the default value set in sudoers so that we never lower the user's umask when running a command. - Sudo now operates in the C locale again when doing a match against sudoers. PR: 131446 Submitted by: Eygene Ryabinkin Security: vid:13d6d997-f455-11dd-8516-001b77d09812
* - Add FTP_PASSIVE_MODE to example env_keep line for pkg utilities and fetch.tmclaugh2008-10-121-8/+7
| | | | Suggested by: koitsu
* Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.rafan2008-08-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifically, newer autoconf (> 2.13) has different semantic of the configure target. In short, one should use --build=CONFIGURE_TARGET instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning and the old semantic may be removed in later autoconf releases. To workaround this issue, many ports hack the CONFIGURE_TARGET variable so that it contains the ``--build='' prefix. To solve this issue, under the fact that some ports still have configure script generated by the old autoconf, we use runtime detection in the do-configure target so that the proper argument can be used. Changes to Mk/*: - Add runtime detection magic in bsd.port.mk - Remove CONFIGURE_TARGET hack in various bsd.*.mk - USE_GNOME=gnometarget is now an no-op Changes to individual ports, other than removing the CONFIGURE_TARGET hack: = pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables) - comms/gnuradio - science/abinit - science/elmer-fem - science/elmer-matc - science/elmer-meshgen2d - science/elmerfront - science/elmerpost = use x86_64 as ARCH - devel/g-wrap = other changes - print/magicfilter GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf Total # of ports modified: 1,027 Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes) PR: 126524 (obsoletes 52917) Submitted by: rafan Tested on: two pointyhat 7-amd64 exp runs (by pav) Approved by: portmgr (pav)
* - Update to 1.6.9p17tmclaugh2008-07-072-6/+5
| | | | | * the -i flag implies resetting the environment as it did prior to 1.6.9. The -i and -E flags are now mutually-exclusive.
* - Fix pkg-plist, libtool archive is no longer installed.tmclaugh2008-04-102-1/+1
| | | | Prompted by: pavmail
* - Update to 1.6.9p15tmclaugh2008-04-103-6/+6
| | | | | | | * The HOME environment variable is once again preserved by default, as per the documentation. - Finally remember to fix the $FreeBSD$ line in pam file.
* - Update to 1.6.9p14tmclaugh2008-03-102-5/+5
| | | | | | | * Check sudoers even if user is found in LDAP so Defaults can take effect. * Fix crash when pam_lastlog is (incorrectly) usesd in session section of PAM file.
* Update to 1.6.9p12tmclaugh2008-01-282-5/+5
| | | | | | | | | | | | | Changes: - The ALL command in sudoers now implies SETENV permissions. - The command search is now performed using the target user's auxiliary group vector too. - Various LDAP code improvements. - Added passprompt_override flag to sudoers to cause sudo's prompt to be used in all cases. Also set when the -p flag is used. - New %p prompt escape that expands to the user whose password is being prompted, as specified by the rootpw, targetpw and runaspw sudoers flags.
* - Make fetchable again. Add my MASTER_SITE_LOCAL to the mix and replacetmclaugh2007-11-121-9/+7
| | | | | | | a number of outdated sites. Notified by: Ferenc Gartner Approved by: portmgr (linimon, erwin)
* Update to 1.6.9p6tmclaugh2007-10-232-5/+5
| | | | | - Sudo now only prints the password prompt if the process is in the foreground.
* Update to 1.6.9p5:tmclaugh2007-09-172-5/+5
| | | | | | - Fixed a bug in the IP address matching introduced by the IPV6 merge. - Fixed sudoedit when used on a non-existent file. - Groups and netgroups are now valid in an LDAP sudoRunas statement.
* Install schema.OpenLDAP into DOCSDIR.tmclaugh2007-09-042-0/+2
| | | | Prompted by: flz
* Update to 1.6.9p4tmclaugh2007-08-283-8/+23
| | | | | | - IPv6 support added. - Added notes to default sudoers for handling environmental variables related to our pkg_* tools and portupgrade.
* - Work around broken configure script and explicitly set location oftmclaugh2007-08-132-4/+12
| | | | | | | | | | | | | | sudo_noexec.so to unbreak NOEXEC option. [1] - Build using --with-secure-path if SUDO_SECURE_PATH is set when building the port. SUDO_SECURE_PATH should be set to a PATH string. [2] - Don't bother deleting sudo_noexec.la. Deleting the file after it's installed is ugly and since it's not harmful it's not worth patching the install. - Set CONFIGURE_TARGET. PR: 115442 [1], 115381 [2] Submitted by: vd [1], Janos Mohacsi [2]
* Fix session stack in default pam file.tmclaugh2007-08-032-1/+2
|
* Update to 1.6.9p3tmclaugh2007-08-032-5/+5
| | | | - Fixes bug related to supplemental group matching
* Update to 1.6.9p2tmclaugh2007-07-302-5/+5
| | | | - Environment handling fix.
* Fix PORTVERSIONtmclaugh2007-07-271-1/+1
| | | | Noticed by: ume
* - Update to 1.6.9p1tmclaugh2007-07-264-22/+9
| | | | | | | | | | * Worked around a bug in some PAM implementations that caused a crash when no tty was present. * Fixed a crash on some platforms in the error logging function. - Change default pam session stack to pam_permit like su does [1] - Grab maintainership Sugested by: des [1]
* - Fix segfault when there is no TTY when executing. [1]tmclaugh2007-07-233-1/+17
| | | | | | | | | - Temporarilly disable session entry in default pam file because pam_lastlog causes users to appear as though they have logged out in system logs. [2] Reported by: yarodin@gmail.com [1], Paul Fraser <pfraser@gmail.com> [2] Submitted by: Todd Miller [1]
* Update to 1.6.9tmclaugh2007-07-215-23/+47
| | | | | | | | | | | | | | Application changes: - PAM, since present, is used by default. - Environment variable handling has changed significantly. - Sudo checks the user's supplemental group vector so nsswitch order is no longer important for group based rules. (See UPGRADE and CHANGING under share/doc/sudo/ for more.) Port changes: - PAM file is no longer clobered on reinstall. - OPIE option has been removed due to PAM being used by default. - Selected documentation is now installed.
* - Add an option to enable insultssat2007-05-031-0/+6
| | | | Submitted by: Dan Casey <dcasey@debtresolve.com>
* Install a PAM policy, rather than just suggesting that the admin do so.des2007-04-104-21/+20
|
* Reset mharo due to maintainer-timeouts and no response to PRs.linimon2007-03-231-1/+1
| | | | Hat: portmgr
* fix option textmharo2006-07-281-1/+1
| | | | Reported by: Nick Fishman <kwlogical@bellsouth.net>
* - Add LDAP support (off by default)sem2006-04-292-1/+30
| | | | | | | | | - OPTIONS'fy - Remove obsoleted USE_REINPLACE PR: ports/95598 Submitted by: Dmitriy Kirhlarov <dkirhlarov@localhost.oilspace.com> Approved by: maintainer timeout (2 weeks)
* SHA256ifyedwin2006-01-241-0/+1
| | | | Approved by: krion@
* - Remove etc/sudoers on deinstall if user haven't modified itpav2005-12-183-2/+5
| | | | | PR: ports/69288 (based on) Approved by: maintainer timeout (mharo; year and a half)
* Upgrade to 1.6.8.12mharo2005-11-142-5/+4
| | | | | PR: 88865 Submitted by: Phil Oleson <oz@nixil.net>
* Security update to latest release: 1.6.8p9.osa2005-06-212-4/+4
| | | | | | | | | | | | | | <Security Alert> Summary: A race condition in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands. Sudo versions affected: Sudo versions 1.3.1 up to and including 1.6.8p8. </Security Alert> More information about this incident available at: http://www.sudo.ws/sudo/alerts/path_race.html
* Upgrade to 1.6.8p8mharo2005-04-152-4/+4
|
* update to 1.6.8p7mharo2005-02-082-4/+4
|
* Upgrade to 1.6.8p6mharo2005-01-092-4/+4
|
* Update to 1.6.8p5mharo2004-11-302-4/+4
|
* Update to latest release of sudomharo2004-11-182-4/+4
|
* Update to sudo-1.6.3p8, which *really* includes the CDPATH fix, androam2004-11-173-15/+5
| | | | | | | another one that does not directly affect FreeBSD (our _PATH_VARTMP was fine before, too). Approved by: mharo (maintainer)
* strip out CDPATHmharo2004-11-162-1/+11
| | | | Submitted by: Peter Pentchev <roam@ringlet.net>
* Update to 1.6.8p2mharo2004-11-132-4/+4
| | | | | o Bash exported functions and the CDPATH variable are now stripped from the environment passed to the program to be executed.
* Update to 1.6.8p1mharo2004-09-192-4/+4
| | | | | Submitted by: many people Approved by: portsmgr (marcus)
* Update to 1.6.8mharo2004-08-204-21/+9
|
* Undo yesterdays change after sysutils/porttools suddenly failed.edwin2004-07-203-7/+5
| | | | | | Kris (bento (noh! pointyhat)) reported it PR: ports/58387
* [PATCH] security/sudo: Utilize EXAMPLESDIRedwin2004-07-193-5/+7
| | | | | | | | | | | | Utilize EXAMPLESDIR to improves layout; i.e., configuration file -> ${PREFIX}/etc sample configuration file -> ${PREFIX}/share/examples/${PORTNAME} This change helps if many configuration files and sample ones exist. PR: ports/58387 Submitted by: Hideyuki KURASHINA <rushani@FreeBSD.org>
* Add SIZEmharo2004-01-302-1/+2
|
* Add more MASTER_SITES and remove dead onemharo2003-12-171-2/+7
|
* Add another MASTER_SITEmharo2003-12-171-0/+1
| | | | Submitted by: "Michael Sharp" <ms@probsd.org>
* Add WITH_SHELL_SETS_HOME knob to security/sudomharo2003-07-171-0/+4
| | | | | PR: 47087 Submitted by: Stefan Farfeleder <stefan@fafoe.dyndns.org>
* upgrade from 1.6.7.4 to 1.6.7.5mharo2003-07-172-3/+3
| | | | | PR: 52237 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru>
* update from 1.6.6 to 1.6.7p4mharo2003-04-204-58/+16
| | | | | PR: 51084 Submitted by: Sergey A. Osokin <osa@freebsd.org.ru>
* Clear moonlight beckons.ade2003-03-072-1/+1
| | | | | | | Requiem mors pacem pkg-comment, And be calm ports tree. E Nomini Patri, E Fili, E Spiritu Sancti.
* Add a patch from the Sudo CVS repository for proper handling ofroam2003-02-132-1/+48
| | | | | | | the PAM transition from echoed to non-echoed input. PR: 46026 Approved by: mharo (maintainer)
* don't depend on perlmharo2002-09-151-1/+2
| | | | Submitted by: David Yeske <dyeske@yahoo.com>
* remove insults and allow root to use sudomharo2002-08-241-3/+0
|
* update to 1.6.6mharo2002-04-263-6/+6
|
* revert change from this morningmharo2002-04-232-4/+1
|
* Patch sudo 1.6.5.2 with GlobalInterSec's sudo patch.mharo2002-04-222-1/+4
|
* update to 1.6.5p2mharo2002-01-242-3/+3
|
* update the distfile namemharo2002-01-181-1/+1
|
* update to 1.6.5p1mharo2002-01-181-1/+2
|
* correct checksumijliao2002-01-172-3/+2
| | | | | | | ps. sorry mharo PR: 33976, 33981 Submitted by: many people (including me :)
* update to 1.6.5mharo2002-01-172-3/+3
|
* update to 1.6.4p2mharo2002-01-172-3/+3
|
* Update to 1.6.4.1, which fixes a security hole when sending emailmharo2002-01-152-5/+6
| | | | notifications
* Bump port revision to reflect change in November to pkg-installmharo2002-01-101-1/+1
| | | | which sets the file permissions on the sudoers file.
* Fix permissions on the sudoers file when installed from packagepetef2001-11-211-0/+1
| | | | | | PR: 30450 Submitted by: Dimitry Andric <dim@xs4all.nl> Approved by: maintainer timeout
* Support latest -current which has no libskey.2.kuriyama2001-09-291-2/+4
| | | | No response from: maintainer
* if the sudoers file is unchanged from the sample one, remove it toomharo2001-09-191-0/+1
|
* Use PAM and bump PORTREVISION as a resultmharo2001-06-241-3/+5
| | | | Submitted by: Blaz Zupan <blaz@amis.net>
* Add WITH_OPIE, which will compile with OPIE instead of S/Keymharo2001-06-221-2/+8
|
* update to 1.6.3p7mharo2001-03-072-3/+3
| | | | | | From the CHANGES file: 416) Fix negation of path-type Defaults entries in a boolean context.
* Update to 1.6.3p5mharo2001-02-212-4/+6
|
* typo clean up police: \s -> \tlioux2001-02-151-2/+2
|
* update to p5mharo2000-08-282-3/+3
|
* update to 1.6.3p4mharo2000-06-102-2/+3
|
* update to 1.6.3mharo2000-04-182-3/+3
|
* Update with the new PORTNAME/PORTVERSION variablescpiazza2000-04-101-2/+2
|
* install sample file with everything commented out so that randommharo2000-04-071-0/+1
| | | | | | system users don't accidently get configured to do stuff as root. Submitted by: Adam Steffes
* upgrade to 1.6.2p3mharo2000-03-212-2/+4
|
* update to 1.6.2p1mharo2000-02-052-3/+3
|
* fix corrupted patchmharo1999-12-241-0/+3
| | | | Submitted by: FUJISHIMA Satsuki <k5@cheerful.com>
* update to 1.6.1mharo1999-12-231-1/+3
|
* Update to 1.6.1mharo1999-12-233-19/+8
|
* Install sudoers in correct place.asami1999-12-171-6/+6
| | | | Submitted by: jhb via cpiazza
* For some reason etc/sudoers.sample isn't installed by the distfiles'sobrien1999-12-111-0/+3
| | | | Makefile any more. So install it manually.
* Unbreak for 3.4-R by changing the MASTER_SITE path in case mharocpiazza1999-12-111-1/+1
| | | | doesn't get to PR 15403 in time.
* update to 1.6.mharo1999-12-102-7/+4
| | | | | had to remove manpage path corrections patch (patch-ac) because I don't have time till after Friday to work on this port more.
* FreeBSD.ORG -> FreeBSD.orgmharo1999-08-311-1/+1
| | | | | Prompted by PR: 13476, 13477 Submitted by: KATO Tsuguru
* $Id$ -> $FreeBSD$peter1999-08-311-1/+1
|
* upgdate to sudo.v1.5.9p4mharo1999-08-282-6/+6
|
* Update to version 1.5.9p3mharo1999-08-082-6/+6
|
* #4/4 enforcing Caps, no periodhoek1999-06-271-1/+1
| | | | | | | | | | | | [Has anyone figured-out what makes the number 393 so interesting to PW, now?] I wonder what was going through Jordan's head during his infamous $Id$-smashing commit. Before I forget.... Thanks to naddy@mips.rhein-neckar.de (Christian Weisgerber) for prompting this commit. See msg-id: 7geokh$tje$1@mips.rhein-neckar.de
* update to 1.5.9.2mharo1999-06-082-6/+6
|
* Upgrade from 1.5.8.2 to 1.5.89.1 and change MAINTAINER to me.mharo1999-04-222-6/+6
| | | | | PR: 11079 Submitted by: Hans Huebner hans@huebner.org
* Upgrade to v1.5.8p2billf1999-03-293-10/+8
| | | | | PR: ports/10817(not used), ports/10499 Submitted by: foxfair, Ying-Chieh Liao <ijliao@Terry.Dorm10.NCTU.edu.tw>
* 1.5.8p1 is gone, 1.5.8p2 is in its place.obrien1999-03-091-1/+3
|
* upgrade to 1.5.8.1erich1999-03-093-37/+15
| | | | Submitted by: Igor Vinokurov <igor@rtsnet.ru>
* Update to version 1.5.7.4.steve1999-01-113-18/+17
| | | | | PR: 9346 Submitted by: Palle Girgensohn <girgen@partitur.se>
* Version changed again, this time to 1.5.6.5.asami1998-10-272-6/+6
|
* Upgrade to latest version, remove BROKEN tag.vanilla1998-10-262-8/+6
|
* The distfile doesn't exist on master site anymore....asami1998-10-261-1/+3
|
* Upgrade to 1.5.6p3, and change erich's email address.vanilla1998-10-234-31/+32
|
* Secure the freedom of the manpages! Free the manpages!hoek1998-08-201-3/+0
| | | | PR: ports/7651
* this is betterobrien1998-05-291-1/+1
|
* make S/Key support actually workobrien1998-05-291-18/+27
|
* 1.5.4 was updated w/o a name change :-(. Fix checksum.imp1998-01-151-1/+1
|
* upgrade to 1.5.4erich1998-01-133-9/+9
| | | | Submitted by: Warner Losh
* Since we have S/Key in the base system, might as well suport it.obrien1997-11-121-2/+2
| | | | (someone that uses OPIE should test out that link option)
* Sudo's config is in fact the autoconf type.. lets say so.obrien1997-10-221-2/+2
| | | | Now sudo will obey ${PREFIX}
* upgrade to 1.5.3erich1996-11-262-6/+6
| | | | Submitted by: Masafumi NAKANE (max@wide.ad.jp)
* Compress a bunch of manpages. Remove unnecessary @ directives fromasami1996-11-182-4/+6
| | | | | | | | PLISTs. Note: I know that this is going to break some symlinks and/or .so includes, I will back some of these out as I run into these during package building.
* Moved sudo from ports/sysutils -> ports/security.obrien1996-11-121-3/+3
| | | | Reviewed by: Satoshi
* upgrade to v1.5erich1996-09-063-11/+42
|
* Put "sudoers.sample" in the package and copy it to "sudoers" if theasami1996-07-202-1/+10
| | | | | latter doesn't already exist. Closes PR ports/1405 ("why can Satoshi sudo on my machine?").
* Fix ordering of variables.asami1996-02-161-3/+3
|
* upgrade to version 1.4erich1996-02-065-83/+23
|
* shortened COMMENTSerich1995-10-291-1/+1
|
* added sudo to ports/sysutilserich1995-09-226-0/+115
Reviewed by: satoshi
generated by cgit (git 2.34.1) at 2025-01-19 01:17:43 +0800