7169436 Problem with utility/sudo s11-sru S11SRU9_01
authorApril Chin <april.chin@oracle.com>
Tue, 05 Jun 2012 09:51:55 -0700
branchs11-sru
changeset 2285 cb43727425f0
parent 2284 b4d13f692c04
child 2286 1caf21467dca
7169436 Problem with utility/sudo
components/sudo/Makefile
components/sudo/patches/audit-event.patch
components/sudo/patches/compat-Makefile-in.patch
components/sudo/patches/sudo_debug.patch
components/sudo/sudo.license
components/sudo/sudo.p5m
--- a/components/sudo/Makefile	Tue May 29 15:25:04 2012 -0700
+++ b/components/sudo/Makefile	Tue Jun 05 09:51:55 2012 -0700
@@ -25,12 +25,13 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		sudo
-SRC_VERSION=	1.8.3
-SRC_PATCH_VERSION=	2
+SRC_VERSION=	1.8.4
+SRC_PATCH_VERSION=	5
 COMPONENT_VERSION=	$(SRC_VERSION).$(SRC_PATCH_VERSION)
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(SRC_VERSION)p$(SRC_PATCH_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH=	sha1:37d70b133f809116ce631229fa0e727d9f5125ad
+COMPONENT_ARCHIVE_HASH=	\
+    sha256:cf41ea1ada17c0dfbd8480dd9dc800999e0db9f2972ffa8f7a2944751ad32aba
 COMPONENT_ARCHIVE_URL=	http://www.sudo.ws/sudo/dist/$(COMPONENT_ARCHIVE)
 COMPONENT_PROJECT_URL=  http://www.sudo.ws/
 
--- a/components/sudo/patches/audit-event.patch	Tue May 29 15:25:04 2012 -0700
+++ b/components/sudo/patches/audit-event.patch	Tue Jun 05 09:51:55 2012 -0700
@@ -1,72 +1,63 @@
---- sudo-1.8.3p2/plugins/sudoers/bsm_audit.c	Fri Oct 21 14:01:25 2011
-+++ /tmp/bsm_audit.c	Mon Jan 30 17:06:00 2012
[email protected]@ -30,8 +30,10 @@
- #include <errno.h>
- #include <unistd.h>
- 
-+#include "gettext.h"
- #include "bsm_audit.h"
- 
-+
- /*
-  * Solaris auditon() returns EINVAL if BSM audit not configured.
-  * OpenBSM returns ENOSYS for unimplemented options.
[email protected]@ -100,7 +102,7 @@
+diff -rupN sudo-1.8.4p5.orig/plugins/sudoers/bsm_audit.c sudo-1.8.4p5/plugins/sudoers/bsm_audit.c
+--- sudo-1.8.4p5.orig/plugins/sudoers/bsm_audit.c	2012-03-29 10:37:01.000000000 -0700
++++ sudo-1.8.4p5/plugins/sudoers/bsm_audit.c	2012-05-18 14:20:39.003982000 -0700
[email protected]@ -104,7 +104,7 @@ bsm_audit_success(char **exec_args)
  		log_error(0, _("au_open: failed"));
  	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
  		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
 -		    getuid(), pid, pid, &ainfo_addr.ai_termid);
-+		    getuid(), pid, &ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
++		    getuid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
  	} else if (errno == ENOSYS) {
  		/*
  		 * NB: We should probably watch out for ERANGE here.
[email protected]@ -108,7 +110,7 @@
[email protected]@ -112,7 +112,7 @@ bsm_audit_success(char **exec_args)
  		if (getaudit(&ainfo) < 0)
  			log_error(0, _("getaudit: failed"));
  		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
 -		    getuid(), pid, pid, &ainfo.ai_termid);
-+		    getuid(), pid, &ainfo.ai_asid, &ainfo.ai_termid);
++		    getuid(), pid, ainfo.ai_asid, &ainfo.ai_termid);
  	} else
  		log_error(0, _("getaudit: failed"));
  	if (tok == NULL)
[email protected]@ -122,7 +124,7 @@
[email protected]@ -126,7 +126,7 @@ bsm_audit_success(char **exec_args)
  	if (tok == NULL)
  		log_error(0, _("au_to_return32: failed"));
  	au_write(aufd, tok);
 -	if (au_close(aufd, 1, AUE_sudo) == -1)
 +	if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
  		log_error(0, _("unable to commit audit record"));
+ 	debug_return;
  }
- 
[email protected]@ -142,7 +144,7 @@
[email protected]@ -148,7 +148,7 @@ bsm_audit_failure(char **exec_args, char
  	/*
  	 * If we are not auditing, don't cut an audit record; just return.
  	 */
 -	if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
 +	if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
  		if (errno == AUDIT_NOT_CONFIGURED)
- 			return;
+ 			debug_return;
  		log_error(0, _("Could not determine audit condition"));
[email protected]@ -157,12 +159,12 @@
[email protected]@ -163,12 +163,12 @@ bsm_audit_failure(char **exec_args, char
  		log_error(0, _("au_open: failed"));
  	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { 
  		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
 -		    getuid(), pid, pid, &ainfo_addr.ai_termid);
-+		    getuid(), pid, &ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
++		    getuid(), pid, ainfo_addr.ai_asid, &ainfo_addr.ai_termid);
  	} else if (errno == ENOSYS) {
  		if (getaudit(&ainfo) < 0) 
  			log_error(0, _("getaudit: failed"));
  		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
 -		    getuid(), pid, pid, &ainfo.ai_termid);
-+		    getuid(), pid, &ainfo.ai_asid, &ainfo.ai_termid);
++		    getuid(), pid, ainfo.ai_asid, &ainfo.ai_termid);
  	} else
  		log_error(0, _("getaudit: failed"));
  	if (tok == NULL)
[email protected]@ -181,6 +183,6 @@
[email protected]@ -187,7 +187,7 @@ bsm_audit_failure(char **exec_args, char
  	if (tok == NULL)
  		log_error(0, _("au_to_return32: failed"));
  	au_write(aufd, tok);
 -	if (au_close(aufd, 1, AUE_sudo) == -1)
 +	if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
  		log_error(0, _("unable to commit audit record"));
+ 	debug_return;
  }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/sudo/patches/compat-Makefile-in.patch	Tue Jun 05 09:51:55 2012 -0700
@@ -0,0 +1,12 @@
+diff -rupN sudo-1.8.4p5.orig/compat/Makefile.in sudo-1.8.4p5/compat/Makefile.in
+--- sudo-1.8.4p5.orig/compat/Makefile.in	2012-03-29 10:37:00.000000000 -0700
++++ sudo-1.8.4p5/compat/Makefile.in	2012-05-17 11:19:30.429987000 -0700
[email protected]@ -181,6 +181,8 @@ mktemp.lo: $(srcdir)/mktemp.c $(top_buil
+ nanosleep.lo: $(srcdir)/nanosleep.c $(top_builddir)/config.h \
+               $(top_srcdir)/compat/timespec.h $(incdir)/missing.h
+ 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/nanosleep.c
++pw_dup.lo: $(srcdir)/pw_dup.c $(top_builddir)/config.h
++	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/pw_dup.c
+ setenv.lo: $(srcdir)/setenv.c $(top_builddir)/config.h $(incdir)/missing.h
+ 	$(LIBTOOL) --mode=compile $(CC) -c -o [email protected] $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/setenv.c
+ siglist.lo: siglist.c $(top_builddir)/config.h $(incdir)/missing.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/sudo/patches/sudo_debug.patch	Tue Jun 05 09:51:55 2012 -0700
@@ -0,0 +1,11 @@
+diff -rupN sudo-1.8.4p5.orig/include/sudo_debug.h sudo-1.8.4p5/include/sudo_debug.h
+--- sudo-1.8.4p5.orig/include/sudo_debug.h	2012-03-29 10:37:01.000000000 -0700
++++ sudo-1.8.4p5/include/sudo_debug.h	2012-05-18 11:18:27.886010000 -0700
[email protected]@ -17,6 +17,7 @@
+ #ifndef _SUDO_DEBUG_H
+ #define _SUDO_DEBUG_H
+ 
++#include "missing.h"
+ #include <stdarg.h>
+ 
+ /*
--- a/components/sudo/sudo.license	Tue May 29 15:25:04 2012 -0700
+++ b/components/sudo/sudo.license	Tue Jun 05 09:51:55 2012 -0700
@@ -1,6 +1,15 @@
-Sudo is distributed under the following ISC-style license:
+----------------
+- sudo 1.8.4p5 -
+----------------
+
+Oracle Internal Tracking Number: 5104
 
-   Copyright (c) 1994-1996, 1998-2011
+Copyright (c) 2009 Christian S.J. Peron
+Copyright (c) 2008 Dan Walsh <[email protected]>
+
+Sudo is distributed under the following license:
+
+   Copyright (c) 1994-1996, 1998-2012
         Todd C. Miller <[email protected]>
 
    Permission to use, copy, modify, and distribute this software for any
@@ -19,10 +28,31 @@
    Agency (DARPA) and Air Force Research Laboratory, Air Force
    Materiel Command, USAF, under agreement number F39502-99-1-0512.
 
-The files fnmatch.c, fnmatch.h, getcwd.c, glob.c, glob.h and snprintf.c
-bear the following UCB license:
+The file redblack.c bears the following license:
 
-   Copyright (c) 1987, 1989, 1990, 1991, 1992, 1993, 1994
+   Copyright (c) 2001 Emin Martinian
+  
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that neither the name of Emin
+   Martinian nor the names of any contributors are be used to endorse or
+   promote products derived from this software without specific prior
+   written permission.
+  
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+The files getcwd.c, glob.c, glob.h and snprintf.c bear the following license:
+
+   Copyright (c) 1989, 1990, 1991, 1993
         The Regents of the University of California.  All rights reserved.
 
    Redistribution and use in source and binary forms, with or without
@@ -49,6 +79,33 @@
    OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    SUCH DAMAGE.
 
+The file fnmatch.c bears the following license:
+
+   Copyright (c) 2011, VMware, Inc.
+   All rights reserved.
+   
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions are met:
+       * Redistributions of source code must retain the above copyright
+         notice, this list of conditions and the following disclaimer.
+       * Redistributions in binary form must reproduce the above copyright
+         notice, this list of conditions and the following disclaimer in the
+         documentation and/or other materials provided with the distribution.
+       * Neither the name of the VMware, Inc. nor the names of its contributors
+         may be used to endorse or promote products derived from this software
+         without specific prior written permission.
+   
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+   ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR
+   ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+   THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 The embedded copy of zlib bears the following license:
 
   Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler
--- a/components/sudo/sudo.p5m	Tue May 29 15:25:04 2012 -0700
+++ b/components/sudo/sudo.p5m	Tue Jun 05 09:51:55 2012 -0700
@@ -44,14 +44,12 @@
 dir path=usr/share
 dir path=usr/share/doc
 dir path=usr/share/doc/sudo
-dir path=usr/share/lib
-dir path=usr/share/lib/ldif group=sys
 dir path=usr/share/man
 dir path=usr/share/man/man1m
 dir path=usr/share/man/man4
 
-file path=etc/sudoers original_name=SUNWsudo:etc/sudoers preserve=true \
-	mode=0440 group=root
+file path=etc/sudoers original_name=SUNWsudo:etc/sudoers overlay=allow \
+	preserve=true mode=0440 group=root
 file path=usr/bin/sudo mode=4511
 file path=usr/bin/sudoreplay mode=0511
 file path=usr/sbin/visudo mode=0511
@@ -85,7 +83,3 @@
 hardlink path=usr/bin/sudoedit target=sudo
 
 license sudo.license license="ISC-like, BSD, zlib license" 
-
-legacy pkg=SUNWsudo \
-    desc="sudo - Tool to allow certain tasks to be run as root by ordinary users." \
-    name="sudo - Tool to allow certain tasks to be run as root by ordinary users."