From nobody Tue Aug 17 06:19:52 2021
X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4028D1775D21
	for <ports-bugs@mlmmj.nyi.freebsd.org>; Tue, 17 Aug 2021 06:19:52 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4GpgqX1GCYz3nWw
	for <ports-bugs@FreeBSD.org>; Tue, 17 Aug 2021 06:19:52 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0E7A1186D8
	for <ports-bugs@FreeBSD.org>; Tue, 17 Aug 2021 06:19:52 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 17H6Jqoc066554
	for <ports-bugs@FreeBSD.org>; Tue, 17 Aug 2021 06:19:52 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 17H6JpgO066553
	for ports-bugs@FreeBSD.org; Tue, 17 Aug 2021 06:19:52 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 257906] security/sudo: add openssl support
Date: Tue, 17 Aug 2021 06:19:52 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: peter@czanik.hu
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: garga@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 flagtypes.name
Message-ID: <bug-257906-7788@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs
List-Help: <mailto:ports-bugs+help@freebsd.org>
List-Post: <mailto:ports-bugs@freebsd.org>
List-Subscribe: <mailto:ports-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports-bugs@freebsd.org
X-BeenThere: freebsd-ports-bugs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D257906

            Bug ID: 257906
           Summary: security/sudo: add openssl support
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: garga@FreeBSD.org
          Reporter: peter@czanik.hu
          Assignee: garga@FreeBSD.org
             Flags: maintainer-feedback?(garga@FreeBSD.org)

I'm writing technical blogs about sudo, and while doing so, I discovered th=
at
openssl support is not enabled in the security/sudo port and it's not even
available as an option. When it is enabled, one can encrypt the connection
between sudo and sudo_logsrvd.

The simple patch below adds optional openssl support. I think, it should be
enabled by default, but for now I kept it optional.=20

root@fb130:~ # diff -u /usr/ports/security/sudo/Makefile  sudo/Makefile
--- /usr/ports/security/sudo/Makefile 2021-08-13 15:10:44.000000000 +0200
+++ sudo/Makefile 2021-08-11 11:20:21.962615000 +0200
@@ -28,7 +28,7 @@
  --with-rundir=3D/var/run/sudo

 OPTIONS_DEFINE=3D LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL=
 \
- AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES
+ AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES SSL
 OPTIONS_RADIO=3D KERBEROS
 OPTIONS_DEFAULT=3D AUDIT PAM
 OPTIONS_SUB=3D yes
@@ -42,6 +42,7 @@
 OPIE_DESC=3D Enable one-time passwords (no PAM support)
 PYTHON_DESC=3D Enable python plugin support
 SSSD_DESC=3D Enable SSSD backend support.
+SSL_DESC=3D Allow encryption between sudo and sudo_logsrvd

 PAM_PREVENTS=3D OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
 PAM_PREVENTS_MSG=3D PAM cannot be combined with any other authentication p=
lugin
@@ -93,6 +94,9 @@
 .if defined(SUDO_KERB5_INSTANCE)
 CONFIGURE_ARGS+=3D --enable-kerb5-instance=3D"${SUDO_KERB5_INSTANCE}"
 .endif
+
+SSL_USES=3D ssl
+SSL_CONFIGURE_ON=3D --enable-openssl

 .include <bsd.port.options.mk>

--=20
You are receiving this mail because:
You are the assignee for the bug.=