etc/sudoers.d. If you have an sudoers with the includedir directive the
install will fail. Fix this by creating the directory in a pre-install
target.
This should fix "The Great sudo Debacle of 2011" once and for all.
Tested by: dougb@
"This release fixes a bug in the I/O logging support that could cause visual
artifacts in full-screen programs such as text editors. This bug was listed as
fixed in sudo 1.7.4p5 but the fix was merged incorrectly."
Feature safe: yes
Special thanks to rea@ for commiting the appropriate VuXML for me. :)
PR: ports/153939
Submitted by: rea@
Security: 908f4cf2-1e8b-11e0-a587-001b77d09812
Feature safe: yes
- Mark jobs safe
- Cleanup whitespace in OPTIONS
- [1] Add ability to specify syslog facility at build time (defaults to local2,
no functional change)
- [2] Add ability to specify ldap configuration file (defaults to
${PREFIX}/etc/ldap.conf, no functional change)
PR: [2]: ports/127822
Submitted by: [1]: skreuzer@ (private mail)
[2]: Sergey Skvortsov <skv@freebsd.org>
Changes:
- Only use the cached supplementory group vector when matching groups
for the invoking user. (security)
- When setting the umask, use the union of the user's umask and the
default value set in sudoers so that we never lower the user's umask
when running a command.
- Sudo now operates in the C locale again when doing a match against
sudoers.
PR: 131446
Submitted by: Eygene Ryabinkin
Security: vid:13d6d997-f455-11dd-8516-001b77d09812
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.
To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.
To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.
Changes to Mk/*:
- Add runtime detection magic in bsd.port.mk
- Remove CONFIGURE_TARGET hack in various bsd.*.mk
- USE_GNOME=gnometarget is now an no-op
Changes to individual ports, other than removing the CONFIGURE_TARGET hack:
= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
- comms/gnuradio
- science/abinit
- science/elmer-fem
- science/elmer-matc
- science/elmer-meshgen2d
- science/elmerfront
- science/elmerpost
= use x86_64 as ARCH
- devel/g-wrap
= other changes
- print/magicfilter
GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf
Total # of ports modified: 1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)
PR: 126524 (obsoletes 52917)
Submitted by: rafan
Tested on: two pointyhat 7-amd64 exp runs (by pav)
Approved by: portmgr (pav)
* The HOME environment variable is once again preserved by default, as per
the documentation.
- Finally remember to fix the $FreeBSD$ line in pam file.
* Check sudoers even if user is found in LDAP so Defaults can take
effect.
* Fix crash when pam_lastlog is (incorrectly) usesd in session section
of PAM file.
Changes:
- The ALL command in sudoers now implies SETENV permissions.
- The command search is now performed using the target user's auxiliary
group vector too.
- Various LDAP code improvements.
- Added passprompt_override flag to sudoers to cause sudo's prompt to be
used in all cases. Also set when the -p flag is used.
- New %p prompt escape that expands to the user whose password is being
prompted, as specified by the rootpw, targetpw and runaspw sudoers
flags.
