summaryrefslogtreecommitdiffstats
path: root/package/sudo
Commit message (Collapse)AuthorAgeFilesLines
* sudo: bump to version 1.8.23Baruch Siach2018-05-082-3/+5
| | | | | | | | | | Use += for the SUDO_CONF_ENV conditional assignment to avoid override of SUDO_CONF_ENV assignments that might be added in the future. Add license file hash. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* sudo: bump to version 1.8.21p2Baruch Siach2017-09-222-3/+3
| | | | | | | Switch SITE to https. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* sudo: bump version to 1.8.20p2Vicente Olivert Riera2017-06-023-266/+2
| | | | | | | 0001-fix-CVE-2017-1000367.patch already included in this release. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Merge branch 'next'Peter Korsgaard2017-06-012-2/+2
|\ | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
| * sudo: bump version to 1.8.20Vicente Olivert Riera2017-05-112-2/+2
| | | | | | | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | sudo: add upstream security patch for CVE-2017-1000367Peter Korsgaard2017-05-311-0/+264
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2017-1000367 - Potential overwrite of arbitrary files on Linux On Linux systems, sudo parses the /proc/[pid]/stat file to determine the device number of the process's tty (field 7). The fields in the file are space-delimited, but it is possible for the command name (field 2) to include spaces, which sudo does not account for. A user with sudo privileges can cause sudo to use a device number of the user's choosing by creating a symbolic link from the sudo binary to a name that contains a space, followed by a number. If SELinux is enabled on the system and sudo was built with SELinux support, a user with sudo privileges may be able to to overwrite an arbitrary file. This can be escalated to full root access by rewriting a trusted file such as /etc/shadow or even /etc/sudoers. For more details, see: https://www.sudo.ws/alerts/linux_tty.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* | sudo: fix static linking with openldap having openssl supportVicente Olivert Riera2017-05-111-0/+7
|/ | | | | | | | | | | | | | | | | | | If we are building sudo statically and openldap was linked with openssl, then when we link sudo with openldap we need to specify the openssl libs, otherwise it will fail with "undefined reference" errors. Fixes: http://autobuild.buildroot.net/results/ebb/ebbb4c3138b5023a0c8bd938db1932a25ba5b6fb/ http://autobuild.buildroot.net/results/58e/58ee4fddea85f0c79b26582b04a573258e27eb47/ http://autobuild.buildroot.net/results/051/05151c4ef7f0b3702a6cd5e6df4888d826a37431/ http://autobuild.buildroot.net/results/b1d/b1dfae81985daee106700191fcb82387833c2e3f/ http://autobuild.buildroot.net/results/5b4/5b42e8505856156389d480d0da19f6982cf120d8/ http://autobuild.buildroot.net/results/30a/30a76190428f902f03bcf54ba9f1f4f4377c6fc9/ http://autobuild.buildroot.net/results/e8c/e8c6bdc314b9a8d5de303633a3abd7b7e44beb2e/ http://autobuild.buildroot.net/results/483/4830c69cc6a62080e1516f0d9009c2ba619c23c1/ Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* boot, package: use SPDX short identifier for BSD-3cRahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: improve license type listsDanomi Manchego2017-02-201-1/+1
| | | | | | | | | | | | | | | Make license type lists more uniform: * put content license applies to in parenthesis; ex: "GPLv2+ (programs)" * use commas to separate types listed without conjuction; ex: "GPLv2, LGPLv2" No attempt was made to validate the claimed licenses. This is just a tweak to increase uniformity of the _LICENSE variables. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> [Thomas: replace semi-colons by commas in LIBURCU_LICENSE.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: Add ldap support for sudoers rulesChris Frederick2017-02-061-0/+7
| | | | | | | | | | | | Automatically build sudo with ldap support when openldap is enabled. When sudo is built with ldap, /etc/sudoers is only read in for defaults, all rules need to be provided via ldap which is configured by the user in /etc/ldap.conf. Signed-off-by: Chris Frederick <cdf123@cdf123.net> Reviewed-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: bump to version 1.8.19p2Gustavo Zacarias2017-01-162-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* sudo: bump to version 1.8.19p1Gustavo Zacarias2016-12-212-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* sudo: bump to version 1.8.19Gustavo Zacarias2016-12-202-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/sudo: bump version to 1.8.18p1Bernd Kuhls2016-11-052-2/+2
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/sudo: add optional support for zlibBernd Kuhls2016-11-051-0/+7
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: bump to version 1.8.15Vicente Olivert Riera2015-11-026-707/+3
| | | | | | | | | | | | | | Unneeded patches removed. Highlights from ChangeLog: * Fixed a build problem on systems that don't implicitly include sys/types.h from other header files. Bug #711. * Fixed the compiler stack protector test in configure for compilers that support -fstack-protector but don't actually have the ssp library available. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: fix -fstack-protector detectionVicente Olivert Riera2015-10-313-0/+685
| | | | | | | | | | | | Backport a patch series from upstream to fix the configure check for -fstack-protector. Fixes: http://autobuild.buildroot.net/results/bdd3e5352aa283b96717202a794f9762d15cc736/ Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/sudo: bump to version 1.8.14p3Jörg Krause2015-08-013-3/+22
| | | | | | | | | | | Also add a patch to fix missing header include with the musl C library: ../include/sudo_util.h:220:14: error: unknown type name 'id_t' Reported upstream: http://bugzilla.sudo.ws/show_bug.cgi?id=711 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: add optional pam supportJames Knight2015-06-232-1/+24
| | | | | | | | Configure the sudo utility to support PAM if the framework is enabled. [Peter: use install -D, reword commit message] Signed-off-by: James Knight <james.knight@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: kill pointless text justificationGustavo Zacarias2015-04-231-1/+1
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: bump to version 1.8.13Gustavo Zacarias2015-03-253-23/+3
| | | | | | | Patch now upstream so remove. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: security bump to version 1.8.12Gustavo Zacarias2015-02-175-59/+27
| | | | | | | | | | | | Fixes CVE-2014-9680 - A user with sudo access may be able to exploit parsing bugs in the time zone parsing functions of the system's C library functions. The user may also be able to read arbitrary files, potentially causing changes in system behavior when reading certain device special files or simply causing the program run via sudo to block. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/*: rename patches according to the new policyPeter Korsgaard2015-02-032-0/+0
| | | | | | | Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345) Signed-off-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: indentation cleanupJerzy Grzegorek2014-12-221-7/+7
| | | | | Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: adjust libtool commentGustavo Zacarias2014-12-211-1/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/*/*.mk: Fix indentMaxime Hadjinlian2014-11-191-1/+1
| | | | | | | | | | | Change LIBFOO_PERMISSIONS everywhere to be a space-separated list. As nothing was specified in the manual but all our lists are space separated, there is no reason that this one should be made an exception. Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/*/*.mk: Fix indentMaxime Hadjinlian2014-11-081-1/+1
| | | | | | | | Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS as per the manual example. Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* packages: rename FOO_CONF_OPT into FOO_CONF_OPTSThomas De Schampheleire2014-10-041-1/+1
| | | | | | | | | | | | To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: don't use hardening flags on host toolsGustavo Zacarias2014-09-211-0/+21
| | | | | | | | | | | Don't use hardening (SSP_CFLAGS & PIE_CFLAGS) flags on host tools since the host compiler may differ wildly from the tests run on the cross compiler and they might not work. Fixes: http://autobuild.buildroot.net/results/b10/b1091bd04ab988744548b74fb48c64bf291fed2f/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: bump to version 1.8.10p3Gustavo Zacarias2014-09-193-4/+39
| | | | | | | | | | | | | Also add hashes, kill some whitespace and correct the license type (ICS->ISC). Enable $EDITOR to point to the right editor for visudo since it normally expects /usr/bin/vi which in busybox-world is /bin/vi (and some people might want to use other editors like the operating system sized one). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* sudo: bump to version 1.8.8Axel Lin2013-10-071-1/+1
| | | | | Signed-off-by: Axel Lin <axel.lin@ingics.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Normalize separator size to 80Alexandre Belloni2013-06-061-2/+2
| | | | | Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: security bump to version 1.8.6p7Gustavo Zacarias2013-03-191-1/+1
| | | | | | | Fixes CVE-2013-1775 and CVE-2013-1776. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: bump to version 1.8.6p4Gustavo Zacarias2013-01-251-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: ensure proper CPPFLAGS are used for host/compat buildPeter Korsgaard2012-10-111-1/+3
| | | | | | | | | Fixes http://autobuild.buildroot.net/results/ea326401a6711aaac10696629655e6d5ac4e0a90 sudo internally uses CPPFLAGS, so host/compat build now breaks after CPPFLAGS got added to HOST_CONFIGURE_OPTS. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: bump versionPeter Korsgaard2012-09-102-264/+10
| | | | Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Merge branch 'next'Peter Korsgaard2012-09-032-1/+1
|\ | | | | | | | | | | | | | | | | | | Conflicts: package/e2fsprogs/e2fsprogs.mk package/libfuse/libfuse.mk package/multimedia/mpd/mpd.mk package/smartmontools/smartmontools.mk Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
| * sudo: bump version to 1.8.5p2Simon Dawson2012-08-042-1/+1
| | | | | | | | | | Signed-off-by: Simon Dawson <spdawson@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | sudo: fix main executable permissionsSimon Dawson2012-08-041-0/+4
|/ | | | | | | | | | | The sudo executable is installed without the setuid bit set, which prevents sudo from working. This patch adds a post-install hook to fix the permissions of the sudo executable. Signed-off-by: Simon Dawson <spdawson@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: needs MMU supportThomas Petazzoni2012-08-021-0/+2
| | | | | | | Fixes http://autobuild.buildroot.org/results/46bcd9601233ca14d6747d9219669e4f52f147e6/build-end.log Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* all packages: rename XXXTARGETS to xxx-packageArnout Vandecappelle (Essensium/Mind)2012-07-171-1/+1
| | | | | | | | | | | | | Also remove the redundant $(call ...). This is a purely mechanical change, performed with find package linux toolchain boot -name \*.mk | \ xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \ -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \ -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* sudo: fix installSimon Dawson2012-06-232-8/+263
| | | | | | | | | | | | | | | | | | | | Running sudo on the target fails with the following errors. sudo: /usr/libexec/sudoers.so: No such file or directory sudo: fatal error, unable to load plugins The problem is that the installation of the sudo package is broken. This patch replaces the hand-crafted install rule with the default AUTOTARGETS install. Unfortunately, the default install fails because it includes a step that invokes the cross-compiled visudo binary. A patch is provided here to disable this visudo invocation, which is for sanity checking only. This local patch is a backport of upstream commit 8209:0c4e3f68b2f5; the real fix will be in the 1.8.6 release of sudo. Signed-off-by: Simon Dawson <spdawson@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: bump to version 1.8.5p1Gustavo Zacarias2012-05-202-20/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: add fix for non-utmpx toolchainsGustavo Zacarias2012-03-301-0/+19
| | | | | | | | | | | The utmpx defines for when the target systems lacks utmpx is incomplete, resulting in a build failure, so fix it. This can be triggered by a uClibc toolchain that lacks UTMPX in the configuration, or an older (<= 0.9.31) uClibc which lacks the functionality. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: bump to version 1.8.4p4Gustavo Zacarias2012-03-291-5/+6
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: bump to version 1.7.8p1Gustavo Zacarias2012-01-241-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: bump to version 1.7.7Gustavo Zacarias2011-10-151-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* package: remove useless arguments from AUTOTARGETSThomas Petazzoni2011-09-291-1/+1
| | | | | | | | | | Thanks to the pkgparentdir and pkgname functions, we can rewrite the AUTOTARGETS macro in a way that avoids the need for each package to repeat its name and the directory in which it is present. [Peter: pkgdir->pkgparentdir] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: bump version, use official upstream, don't disable authPeter Korsgaard2011-06-072-4/+4
| | | | | | | sudo without authentication doesn't make much sense, and it has very limited impact on binary size. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* sudo: bump and convert to AUTOTARGETSThomas Petazzoni2011-05-184-14320/+11
| | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
OpenPOWER on IntegriCloud