head 1.10; access; symbols pkgsrc-2026Q1:1.9.0.36 pkgsrc-2026Q1-base:1.9 pkgsrc-2025Q4:1.9.0.34 pkgsrc-2025Q4-base:1.9 pkgsrc-2025Q3:1.9.0.32 pkgsrc-2025Q3-base:1.9 pkgsrc-2025Q2:1.9.0.30 pkgsrc-2025Q2-base:1.9 pkgsrc-2025Q1:1.9.0.28 pkgsrc-2025Q1-base:1.9 pkgsrc-2024Q4:1.9.0.26 pkgsrc-2024Q4-base:1.9 pkgsrc-2024Q3:1.9.0.24 pkgsrc-2024Q3-base:1.9 pkgsrc-2024Q2:1.9.0.22 pkgsrc-2024Q2-base:1.9 pkgsrc-2024Q1:1.9.0.20 pkgsrc-2024Q1-base:1.9 pkgsrc-2023Q4:1.9.0.18 pkgsrc-2023Q4-base:1.9 pkgsrc-2023Q3:1.9.0.16 pkgsrc-2023Q3-base:1.9 pkgsrc-2023Q2:1.9.0.14 pkgsrc-2023Q2-base:1.9 pkgsrc-2023Q1:1.9.0.12 pkgsrc-2023Q1-base:1.9 pkgsrc-2022Q4:1.9.0.10 pkgsrc-2022Q4-base:1.9 pkgsrc-2022Q3:1.9.0.8 pkgsrc-2022Q3-base:1.9 pkgsrc-2022Q2:1.9.0.6 pkgsrc-2022Q2-base:1.9 pkgsrc-2022Q1:1.9.0.4 pkgsrc-2022Q1-base:1.9 pkgsrc-2021Q4:1.9.0.2 pkgsrc-2021Q4-base:1.9 pkgsrc-2021Q3:1.7.0.8 pkgsrc-2021Q3-base:1.7 pkgsrc-2021Q2:1.7.0.6 pkgsrc-2021Q2-base:1.7 pkgsrc-2021Q1:1.7.0.4 pkgsrc-2021Q1-base:1.7 pkgsrc-2020Q4:1.7.0.2 pkgsrc-2020Q4-base:1.7 pkgsrc-2020Q3:1.5.0.6 pkgsrc-2020Q3-base:1.5 pkgsrc-2020Q2:1.5.0.4 pkgsrc-2020Q2-base:1.5 pkgsrc-2020Q1:1.5.0.2 pkgsrc-2020Q1-base:1.5 pkgsrc-2019Q4:1.4.0.4 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.2.0.2 pkgsrc-2019Q3-base:1.2; locks; strict; comment @# @; 1.10 date 2026.05.07.00.24.51; author gutteridge; state Exp; branches; next 1.9; commitid ylZB1QHTF1AqCOEG; 1.9 date 2021.10.26.11.17.03; author nia; state Exp; branches; next 1.8; commitid PNswNV9GDLZeojeD; 1.8 date 2021.10.07.14.53.47; author nia; state Exp; branches; next 1.7; commitid nfjKlj1wTplMcTbD; 1.7 date 2020.10.21.19.32.39; author pin; state Exp; branches; next 1.6; commitid eF8em2cTGwqX1OsC; 1.6 date 2020.10.21.17.34.09; author kim; state Exp; branches; next 1.5; commitid HXgwBhgfQhfgnNsC; 1.5 date 2020.01.01.01.30.19; author ng0; state Exp; branches; next 1.4; commitid GecxPers0hnztVQB; 1.4 date 2019.12.14.11.19.54; author ng0; state Exp; branches; next 1.3; commitid ygNqZMQNcdGqkFOB; 1.3 date 2019.10.15.12.24.01; author ng0; state Exp; branches; next 1.2; commitid ky8c71x7JqlxBXGB; 1.2 date 2019.09.14.14.45.45; author ng0; state Exp; branches; next 1.1; commitid 2yrdcZsvyRwtoZCB; 1.1 date 2019.08.23.23.00.51; author ng0; state Exp; branches; next ; commitid L5ezlgGB4DucQcAB; desc @@ 1.10 log @doas: add pkgsrc-specific paths to GLOBAL_PATH and SAFE_PATH Issue noted by Takashi Shimizu on pkgsrc-users@@. This follows how these paths are defined ordering-wise based on doas.h. The existing SunOS override approach in Makefile varies here, as added that way upstream. The SunOS setting was left as-is, to keep with the POLA. (Someone may be surprised by the change on other OSes, regardless; so it goes.) @ text @$NetBSD: distinfo,v 1.9 2021/10/26 11:17:03 nia Exp $ BLAKE2s (doas-6.3p2.tar.gz) = 2e8277d8a3af530e136e47e3bd0c9d05673a75edf789b28bc7723a285969b179 SHA512 (doas-6.3p2.tar.gz) = 34b15856912145831d682857df4281e38d1e39017d188f79c70e5e601b605a41aec29e0412252212d646fb439032ed25b2ddedab1073d702a67c6b1e827f53aa Size (doas-6.3p2.tar.gz) = 27521 bytes SHA1 (patch-Makefile) = 7042f7b354f0cf368b136d9ddb7da0b92b46b536 SHA1 (patch-compat_compat.h) = b49d6a64f5ee6308446184891b8ece32c919b95a @ 1.9 log @security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2021/10/07 14:53:47 nia Exp $ d6 1 a6 1 SHA1 (patch-Makefile) = 710303b7c858f0d94f0f8bdd873a87e2600f72d0 @ 1.8 log @security: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2020/10/21 19:32:39 pin Exp $ d3 1 a3 1 RMD160 (doas-6.3p2.tar.gz) = 68efea9b81855b7d7614626f91695436839de4a3 @ 1.7 log @security/doas: update to 6.3p2 6.3p2 This release introduces a new utility called vidoas (vi doas). This tool is a shell script which creates a copy of the doas.conf file, allows the admin to edit the file, and then checks its syntax for errors. If a problem is found, vidoas reports which line the error was on and asks us to try editing the file again. Once the new doas.conf file contains the proper syntax, it is installed and overwrites the old doas.conf file. This tool is designed to assist admins and avoid introducing errors to doas.conf which might accidentally revoke admin access to the machine. 6.3p1 In this release, we work around a quirk of the GNU parameter parser which required us to use double-dashes (--) after doas's parameters and before a target command's parameters. In the past we used "doas -- pacman -Syu" and now we can use simply "doas pacman -Syu". This change affects only GNU/Linux systems, other platforms like FreeBSD, NetBSD, etc already had this behaviour. 6.3 This release introduces a few minor changes: -Added command line parameter (-S) which launches an interactive shell. This is equivalent to "su -l" or "sudo -i". -Updated documentation to include the new -S flag. -Updated documentation to assist users in installing doas on some Linux distributions, such as CentOS, that prevent PAM authentication from working by default. 6.2p5 This release simply adds a new sample PAM configuration file for FreeBSD (and compatible systems). The new sample configuration file is named campat/pam.conf.freebsd. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2020/10/21 17:34:09 kim Exp $ a2 1 SHA1 (doas-6.3p2.tar.gz) = 0dd0c76b9ccfe2d5edaa9dbb51e67e7a0e409c13 @ 1.6 log @doas: Use setusercontext(3) Calling setusercontext(3) makes per-user temporary storage work (see per_user_tmp in security(7) and rc.conf(5)). May as well use our reallocarray(3) instead of the bundled compat code. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2020/01/01 01:30:19 ng0 Exp $ d3 4 a6 4 SHA1 (doas-6.2p4.tar.gz) = dd90972c3a120ae2b96432bae2c7a78c4c729166 RMD160 (doas-6.2p4.tar.gz) = a8ed8677fbffd48bf87b4fa5c6b0dd98f0c5e428 SHA512 (doas-6.2p4.tar.gz) = 951686a58300ab6ffcdd7b98502df832b35c43787234c52c71c42eaca9e4dbeb1c2e33e7535a9b8babdb2f38840f6cff1045f6a90fa609029590e7c1384b8a75 Size (doas-6.2p4.tar.gz) = 26098 bytes @ 1.5 log @security/doas: update to version 6.2p4 Changelog picked from https://github.com/slicer69/doas/releases: 6.2p4: * Keeping environment variables with keepenv On some platforms (seemingly Linux and macOS) it is possible for repeated calls to getpwuid() can over-write the original struct passwd structure. (This behaviour may vary depending on which C library is used. This can lead to the original user's environment data being overwritten by the target user's, even when "keepenv" is specified in the doas.conf file. We now do a deep copy of the original and target users' struct passwd information to avoid over-writing the original on platforms where libc uses a static area for all calls. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2019/12/14 11:19:54 ng0 Exp $ d7 2 @ 1.4 log @security/doas: resolve PR pkg/54717. patch in the correct installed location of the config file in the manpages. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2019/10/15 12:24:01 ng0 Exp $ d3 4 a6 5 SHA1 (doas-6.2p2.tar.gz) = 417cb9de4d1815b342f1bb3fb96f31e2c8b25479 RMD160 (doas-6.2p2.tar.gz) = d80538763cb0a0367eb2a6e50369743ea66aa1a5 SHA512 (doas-6.2p2.tar.gz) = 5020559461bc423852c2d30c07df671b8cbf93cec2171ac755eac04f2bf56fca37fda8d72718fbf4150bf70e7855d29d3027cb54d81062d28d2271a290c297a5 Size (doas-6.2p2.tar.gz) = 25634 bytes SHA1 (patch-a) = 4ed8fba651e1c5fcb707b84e6480ae4c8b457d42 @ 1.3 log @security/doas: Update to 6.2p2 Significant items from https://github.com/slicer69/doas/releases: doas 6.2p2 * Introducing macOS support Due to the dedicated work by Gordon Bergling, the doas command now builds and runs on macOS. This release contains no functionality changes, just the ability to build and run on macOS. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2019/09/14 14:45:45 ng0 Exp $ d7 1 @ 1.2 log @security/doas: Update to 6.2p1 Significant items from https://github.com/slicer69/doas/releases: doas 6.2p1 * Fixes a crash on Linux systems when a specified user on the command line did not match a valid entry in the doas.conf file. In the past, doas would first try to find an exact username match when the "-u" flag was used and, if one could not be found, it would try to find a matching numeric UID. Now doas requires that an exact username be specified when "-u" is used. This avoids confusion (and, on Linux, fuzzy matches when a username begins with a number). This means "doas -u 0" can no longer be used to run a command as root, and "duas -u 1000" is not ambigious if there is a user with the name "1000" on the system. doas 6.2 * Group permissions of the original user are now dropped on Linux. This prevents the original user's group access from interfering with the target user's owned files. Group permissions were already dropped on FreeBSD (and I believe) NetBSD, and this brings doas's Linux behaviour into line with the other systems. * Fixed a couple of compiler warnings that get rid of either unneeded variables or introduce sanity checks on return functions. This should make doas more secure, across platforms/compilers. doas 6.1p1 * ported to illumos, added support for SmartOS and OpenIndiana. * Better pkgsrc integration. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2019/08/23 23:00:51 ng0 Exp $ d3 4 a6 4 SHA1 (doas-6.2p1.tar.gz) = cd1d7728b9b0491a2a453017359f4185bdcf3e90 RMD160 (doas-6.2p1.tar.gz) = 5db2e6deed45192ea4a4f2434e829d2b50201911 SHA512 (doas-6.2p1.tar.gz) = 0b4e14c87cf5ff441a5262ca4a7316c3fb162ff9ee27b1231ef3f5ec5619245c1e18bf6b8df611718c3c7c81e05f1f32d577b1b3455d95aefd6a77cb2ab0570c Size (doas-6.2p1.tar.gz) = 24523 bytes @ 1.1 log @security/doas: Add version 6.1 (from wip) doas is a port of OpenBSD's doas which runs on FreeBSD, Linux and NetBSD. The doas utility is a program originally written for OpenBSD which allows a user to run a command as though they were another user. Typically doas is used to allow non-privleged users to run commands as though they were the root user. The doas program acts as an alternative to sudo, which is a popular method in the Linux community for granting admin access to specific users. The doas program offers two benefits over sudo: its configuration file has a simple syntax and it is smaller, requiring less effort to audit the code. This makes it harder for both admins and coders to make mistakes that potentially open security holes in the system. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (doas-6.1.tar.gz) = d9363d1102a92f8a6276684e98c736f49d3d2bfd RMD160 (doas-6.1.tar.gz) = 62d5258e3e6beeb3afbe1b19eda6423106adcd6d SHA512 (doas-6.1.tar.gz) = 1397767416ec122170c0a07d0273473e019917c2555446865a5da45168fd81522c1d347ca5cd534ffbe74c5eb21b9f5817847260d8d37c91ffaf4b35ee992c2d Size (doas-6.1.tar.gz) = 19965 bytes @