# HG changeset patch # User April Chin # Date 1363275647 25200 # Node ID 5fd82ed384aa6637fb6f96d54cbfd930b6090cfa # Parent 8071b28200359c994c2b54719091c379c07f551b 16424604 Upgrade sudo to 1.8.6p7 16424574 problem in UTILITY/SUDO diff -r 8071b2820035 -r 5fd82ed384aa components/sudo/Makefile --- a/components/sudo/Makefile Tue Mar 12 15:26:18 2013 -0700 +++ b/components/sudo/Makefile Thu Mar 14 08:40:47 2013 -0700 @@ -25,13 +25,13 @@ include ../../make-rules/shared-macros.mk COMPONENT_NAME= sudo -SRC_VERSION= 1.8.4 -SRC_PATCH_VERSION= 5 +SRC_VERSION= 1.8.6 +SRC_PATCH_VERSION= 7 COMPONENT_VERSION= $(SRC_VERSION).$(SRC_PATCH_VERSION) COMPONENT_SRC= $(COMPONENT_NAME)-$(SRC_VERSION)p$(SRC_PATCH_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:cf41ea1ada17c0dfbd8480dd9dc800999e0db9f2972ffa8f7a2944751ad32aba + sha256:301089edb22356f59d097f6abbe1303f03927a38691b02959d618546c2125036 COMPONENT_ARCHIVE_URL= http://www.sudo.ws/sudo/dist/$(COMPONENT_ARCHIVE) COMPONENT_PROJECT_URL= http://www.sudo.ws/ COMPONENT_BUGDB= utility/sudo @@ -41,7 +41,7 @@ include $(WS_TOP)/make-rules/ips.mk CONFIGURE_ENV += "CC=$(CC)" -CONFIGURE_ENV += "CFLAGS=$(CFLAGS) -DHAVE__GETGRPSBYMEMBER" +CONFIGURE_ENV += "CFLAGS=$(CFLAGS)" CONFIGURE_ENV += "CXX=$(CXX)" CONFIGURE_ENV += "MAKE=$(GMAKE)" @@ -62,6 +62,9 @@ COMPONENT_INSTALL_TARGETS = install +# Enable aslr for this component +ASLR_MODE = $(ASLR_ENABLE) + # common targets build: $(BUILD_32) diff -r 8071b2820035 -r 5fd82ed384aa components/sudo/patches/audit-event.patch --- a/components/sudo/patches/audit-event.patch Tue Mar 12 15:26:18 2013 -0700 +++ b/components/sudo/patches/audit-event.patch Thu Mar 14 08:40:47 2013 -0700 @@ -1,34 +1,48 @@ -diff -rupN sudo-1.8.4p5.orig/plugins/sudoers/bsm_audit.c sudo-1.8.4p5/plugins/sudoers/bsm_audit.c ---- sudo-1.8.4p5.orig/plugins/sudoers/bsm_audit.c 2012-03-29 10:37:01.000000000 -0700 -+++ sudo-1.8.4p5/plugins/sudoers/bsm_audit.c 2012-05-18 14:20:39.003982000 -0700 -@@ -104,7 +104,7 @@ bsm_audit_success(char **exec_args) - log_error(0, _("au_open: failed")); +au_* calls need correct parameters. +This legacy auditing will later be replaced by Solaris adt_* calls, +so in the future, use of bsm_audit.c and configuring --with-bsm-audit will +be removed. + +--- sudo-1.8.6p7.orig/plugins/sudoers/bsm_audit.c 2012-09-18 06:56:29.000000000 -0700 ++++ sudo-1.8.6p7/plugins/sudoers/bsm_audit.c 2013-03-07 10:18:20.309947000 -0800 +@@ -31,8 +31,8 @@ + #include + + #include "gettext.h" +-#include "error.h" + #include "sudo_debug.h" ++#include "error.h" + #include "bsm_audit.h" + + /* +@@ -103,7 +103,7 @@ bsm_audit_success(char **exec_args) + error(1, _("au_open: failed")); if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), - getuid(), pid, pid, &ainfo_addr.ai_termid); -+ getuid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid); ++ getgid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid); } else if (errno == ENOSYS) { /* * NB: We should probably watch out for ERANGE here. -@@ -112,7 +112,7 @@ bsm_audit_success(char **exec_args) +@@ -111,7 +111,7 @@ bsm_audit_success(char **exec_args) if (getaudit(&ainfo) < 0) - log_error(0, _("getaudit: failed")); + error(1, _("getaudit: failed")); tok = au_to_subject(auid, geteuid(), getegid(), getuid(), - getuid(), pid, pid, &ainfo.ai_termid); -+ getuid(), pid, ainfo.ai_asid, &ainfo.ai_termid); ++ getgid(), pid, ainfo.ai_asid, &ainfo.ai_termid); } else - log_error(0, _("getaudit: failed")); + error(1, _("getaudit: failed")); if (tok == NULL) -@@ -126,7 +126,7 @@ bsm_audit_success(char **exec_args) +@@ -125,7 +125,7 @@ bsm_audit_success(char **exec_args) if (tok == NULL) - log_error(0, _("au_to_return32: failed")); + error(1, _("au_to_return32: failed")); au_write(aufd, tok); - if (au_close(aufd, 1, AUE_sudo) == -1) + if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1) - log_error(0, _("unable to commit audit record")); + error(1, _("unable to commit audit record")); debug_return; } -@@ -148,7 +148,7 @@ bsm_audit_failure(char **exec_args, char +@@ -147,7 +147,7 @@ bsm_audit_failure(char **exec_args, char /* * If we are not auditing, don't cut an audit record; just return. */ @@ -36,28 +50,28 @@ + if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { if (errno == AUDIT_NOT_CONFIGURED) debug_return; - log_error(0, _("Could not determine audit condition")); -@@ -163,12 +163,12 @@ bsm_audit_failure(char **exec_args, char - log_error(0, _("au_open: failed")); + error(1, _("Could not determine audit condition")); +@@ -162,12 +162,12 @@ bsm_audit_failure(char **exec_args, char + error(1, _("au_open: failed")); if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), - getuid(), pid, pid, &ainfo_addr.ai_termid); -+ getuid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid); ++ getgid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid); } else if (errno == ENOSYS) { if (getaudit(&ainfo) < 0) - log_error(0, _("getaudit: failed")); + error(1, _("getaudit: failed")); tok = au_to_subject(auid, geteuid(), getegid(), getuid(), - getuid(), pid, pid, &ainfo.ai_termid); -+ getuid(), pid, ainfo.ai_asid, &ainfo.ai_termid); ++ getgid(), pid, ainfo.ai_asid, &ainfo.ai_termid); } else - log_error(0, _("getaudit: failed")); + error(1, _("getaudit: failed")); if (tok == NULL) -@@ -187,7 +187,7 @@ bsm_audit_failure(char **exec_args, char +@@ -186,7 +186,7 @@ bsm_audit_failure(char **exec_args, char if (tok == NULL) - log_error(0, _("au_to_return32: failed")); + error(1, _("au_to_return32: failed")); au_write(aufd, tok); - if (au_close(aufd, 1, AUE_sudo) == -1) + if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1) - log_error(0, _("unable to commit audit record")); + error(1, _("unable to commit audit record")); debug_return; } diff -r 8071b2820035 -r 5fd82ed384aa components/sudo/patches/compat-Makefile-in.patch --- a/components/sudo/patches/compat-Makefile-in.patch Tue Mar 12 15:26:18 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -diff -rupN sudo-1.8.4p5.orig/compat/Makefile.in sudo-1.8.4p5/compat/Makefile.in ---- sudo-1.8.4p5.orig/compat/Makefile.in 2012-03-29 10:37:00.000000000 -0700 -+++ sudo-1.8.4p5/compat/Makefile.in 2012-05-17 11:19:30.429987000 -0700 -@@ -181,6 +181,8 @@ mktemp.lo: $(srcdir)/mktemp.c $(top_buil - nanosleep.lo: $(srcdir)/nanosleep.c $(top_builddir)/config.h \ - $(top_srcdir)/compat/timespec.h $(incdir)/missing.h - $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/nanosleep.c -+pw_dup.lo: $(srcdir)/pw_dup.c $(top_builddir)/config.h -+ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/pw_dup.c - setenv.lo: $(srcdir)/setenv.c $(top_builddir)/config.h $(incdir)/missing.h - $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/setenv.c - siglist.lo: siglist.c $(top_builddir)/config.h $(incdir)/missing.h diff -r 8071b2820035 -r 5fd82ed384aa components/sudo/patches/getgrset.patch --- a/components/sudo/patches/getgrset.patch Tue Mar 12 15:26:18 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,55 +0,0 @@ -This patch is using solaris private interface _getgroupsbymember(). We should -switch to similar public interface once Solaris has one. - ---- sudo-1.8.4p5/compat/getgrouplist.c Sat Jan 19 22:45:01 2013 -+++ sudo-1.8.4p5/compat/getgrouplist.c Sat Jan 19 22:44:59 2013 -@@ -36,6 +36,15 @@ - - #include "missing.h" - -+#ifdef HAVE__GETGRPSBYMEMBER -+extern int _getgroupsbymember -+( -+ const char* username, gid_t gid_array[], -+ int maxgids, int numgids -+); -+#endif /* HAVE__GETGRPSBYMEMBER */ -+ -+ - #ifdef HAVE_GETGRSET - /* - * BSD-compatible getgrouplist(3) using getgrset(3) -@@ -81,6 +90,25 @@ - - #else /* HAVE_GETGRSET */ - -+#ifdef HAVE__GETGRPSBYMEMBER -+int -+getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp) -+{ -+ int grpsize = *ngroupsp; -+ -+ if (grpsize <= 0) -+ return -1; -+ groups[0] = basegid; -+ -+ if ((grpsize = _getgroupsbymember(name, groups, grpsize, 1)) == -1) -+ return -1; -+ -+ *ngroupsp = grpsize; -+ return 0; -+} -+ -+#else /* ! HAVE__GETGRPSBYMEMBER */ -+ - /* - * BSD-compatible getgrouplist(3) using getgrent(3) - */ -@@ -128,4 +156,7 @@ - - return rval; - } -+ -+#endif /* ! HAVE__GETGRPSBYMEMBER */ -+ - #endif /* HAVE_GETGRSET */ diff -r 8071b2820035 -r 5fd82ed384aa components/sudo/patches/sudo_debug.patch --- a/components/sudo/patches/sudo_debug.patch Tue Mar 12 15:26:18 2013 -0700 +++ b/components/sudo/patches/sudo_debug.patch Thu Mar 14 08:40:47 2013 -0700 @@ -1,4 +1,5 @@ -diff -rupN sudo-1.8.4p5.orig/include/sudo_debug.h sudo-1.8.4p5/include/sudo_debug.h +Solaris needs missing definition for __printflike + --- sudo-1.8.4p5.orig/include/sudo_debug.h 2012-03-29 10:37:01.000000000 -0700 +++ sudo-1.8.4p5/include/sudo_debug.h 2012-05-18 11:18:27.886010000 -0700 @@ -17,6 +17,7 @@ diff -r 8071b2820035 -r 5fd82ed384aa components/sudo/sudo.license --- a/components/sudo/sudo.license Tue Mar 12 15:26:18 2013 -0700 +++ b/components/sudo/sudo.license Thu Mar 14 08:40:47 2013 -0700 @@ -1,5 +1,6 @@ + +Copyright (c) 2012-2013 Todd C. Miller Copyright (c) 2009 Christian S.J. Peron -Copyright (c) 2008 Dan Walsh Sudo is distributed under the following license: @@ -102,7 +103,7 @@ The embedded copy of zlib bears the following license: - Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler + Copyright (C) 1995-2012 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages diff -r 8071b2820035 -r 5fd82ed384aa components/sudo/sudo.p5m --- a/components/sudo/sudo.p5m Tue Mar 12 15:26:18 2013 -0700 +++ b/components/sudo/sudo.p5m Thu Mar 14 08:40:47 2013 -0700 @@ -26,14 +26,14 @@ set name=pkg.fmri value=pkg:/security/sudo@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) set name=pkg.summary value="sudo - tool to allow certain tasks to be run as root by ordinary users" set name=com.oracle.info.description value="the sudo utility" -set name=com.oracle.info.tpno value=5104 +set name=com.oracle.info.tpno value=12745 set name=info.classification \ value="org.opensolaris.category.2008:Applications/System Utilities" set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) set name=info.source-url value=$(COMPONENT_ARCHIVE_URL) set name=org.opensolaris.consolidation value=$(CONSOLIDATION) set name=org.opensolaris.arc-caseid \ - value=PSARC/2009/205 + value=PSARC/2011/252 dir path=etc dir path=etc/sudoers.d mode=0750 group=root @@ -46,6 +46,45 @@ dir path=usr/share dir path=usr/share/doc dir path=usr/share/doc/sudo +dir path=usr/share/locale +dir path=usr/share/locale/da +dir path=usr/share/locale/da/LC_MESSAGES +dir path=usr/share/locale/de +dir path=usr/share/locale/de/LC_MESSAGES +dir path=usr/share/locale/eo +dir path=usr/share/locale/eo/LC_MESSAGES +dir path=usr/share/locale/es +dir path=usr/share/locale/es/LC_MESSAGES +dir path=usr/share/locale/eu +dir path=usr/share/locale/eu/LC_MESSAGES +dir path=usr/share/locale/fi +dir path=usr/share/locale/fi/LC_MESSAGES +dir path=usr/share/locale/gl +dir path=usr/share/locale/gl/LC_MESSAGES +dir path=usr/share/locale/hr +dir path=usr/share/locale/hr/LC_MESSAGES +dir path=usr/share/locale/it +dir path=usr/share/locale/it/LC_MESSAGES +dir path=usr/share/locale/ja +dir path=usr/share/locale/ja/LC_MESSAGES +dir path=usr/share/locale/lt +dir path=usr/share/locale/lt/LC_MESSAGES +dir path=usr/share/locale/pl +dir path=usr/share/locale/pl/LC_MESSAGES +dir path=usr/share/locale/ru +dir path=usr/share/locale/ru/LC_MESSAGES +dir path=usr/share/locale/sl +dir path=usr/share/locale/sl/LC_MESSAGES +dir path=usr/share/locale/sr +dir path=usr/share/locale/sr/LC_MESSAGES +dir path=usr/share/locale/sv +dir path=usr/share/locale/sv/LC_MESSAGES +dir path=usr/share/locale/uk +dir path=usr/share/locale/uk/LC_MESSAGES +dir path=usr/share/locale/vi +dir path=usr/share/locale/vi/LC_MESSAGES +dir path=usr/share/locale/zh_CN +dir path=usr/share/locale/zh_CN/LC_MESSAGES dir path=usr/share/man dir path=usr/share/man/man1m dir path=usr/share/man/man4 @@ -54,11 +93,9 @@ preserve=true mode=0440 group=root file path=usr/bin/sudo mode=4511 file path=usr/bin/sudoreplay mode=0511 -file path=usr/sbin/visudo mode=0511 +file path=usr/include/sudo_plugin.h file path=usr/lib/sudo/sudoers.so - -file path=usr/include/sudo_plugin.h - +file path=usr/sbin/visudo mode=0511 file path=usr/share/doc/sudo/ChangeLog file path=usr/share/doc/sudo/HISTORY file path=usr/share/doc/sudo/LICENSE @@ -74,14 +111,46 @@ file path=usr/share/doc/sudo/schema.OpenLDAP file path=usr/share/doc/sudo/schema.iPlanet file path=usr/share/doc/sudo/sudoers2ldif - +file path=usr/share/locale/da/LC_MESSAGES/sudo.mo +file path=usr/share/locale/da/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/de/LC_MESSAGES/sudo.mo +file path=usr/share/locale/eo/LC_MESSAGES/sudo.mo +file path=usr/share/locale/eo/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/es/LC_MESSAGES/sudo.mo +file path=usr/share/locale/eu/LC_MESSAGES/sudo.mo +file path=usr/share/locale/eu/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/fi/LC_MESSAGES/sudo.mo +file path=usr/share/locale/fi/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/gl/LC_MESSAGES/sudo.mo +file path=usr/share/locale/hr/LC_MESSAGES/sudo.mo +file path=usr/share/locale/hr/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/it/LC_MESSAGES/sudo.mo +file path=usr/share/locale/it/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/ja/LC_MESSAGES/sudo.mo +file path=usr/share/locale/ja/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/lt/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/pl/LC_MESSAGES/sudo.mo +file path=usr/share/locale/pl/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/ru/LC_MESSAGES/sudo.mo +file path=usr/share/locale/sl/LC_MESSAGES/sudo.mo +file path=usr/share/locale/sl/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/sr/LC_MESSAGES/sudo.mo +file path=usr/share/locale/sv/LC_MESSAGES/sudo.mo +file path=usr/share/locale/sv/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/uk/LC_MESSAGES/sudo.mo +file path=usr/share/locale/uk/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/vi/LC_MESSAGES/sudo.mo +file path=usr/share/locale/vi/LC_MESSAGES/sudoers.mo +file path=usr/share/locale/zh_CN/LC_MESSAGES/sudo.mo +file path=usr/share/locale/zh_CN/LC_MESSAGES/sudoers.mo file path=usr/share/man/man1m/sudo.1m +file path=usr/share/man/man1m/sudo_plugin.1m file path=usr/share/man/man1m/sudoreplay.1m -file path=usr/share/man/man1m/sudo_plugin.1m file path=usr/share/man/man1m/visudo.1m file path=usr/share/man/man4/sudoers.4 +file path=usr/share/man/man4/sudoers.ldap.4 -hardlink path=usr/share/man/man1m/sudoedit.1m target=sudo.1m -hardlink path=usr/bin/sudoedit target=sudo +link path=usr/bin/sudoedit target=sudo +link path=usr/share/man/man1m/sudoedit.1m target=sudo.1m license sudo.license license="ISC-like, BSD, zlib license"