notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
Port details
doas Simple sudo alternative to run commands as another user
6.3p12 security on this many watch lists=13 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 6.3p12Version of this port present on the latest quarterly branch.
Maintainer: jsmith@resonatingmedia.com search for ports maintained by this maintainer
Port Added: 2016-06-24 00:07:23
Last Update: 2024-06-09 21:55:42
Commit Hash: 1acc62c
People watching this port, also watch:: pkg, tmux, htop, git, curl
License: BSD2CLAUSE ISCL
WWW:
https://github.com/slicer69/doas/
Description:
This is the FreeBSD port of the OpenBSD "doas" command. The doas program allows a regular user to run commands as another user (usually root). The doas command is a simplified (hopefully more secure) version of the "sudo" command and offers an easier to read/modify configuration.
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
Expand this list (12 items)
Collapse this list.
  1. bin/doas
  2. bin/doasedit
  3. bin/vidoas
  4. etc/doas.conf.sample
  5. share/man/man1/doas.1.gz
  6. share/man/man5/doas.conf.5.gz
  7. share/man/man8/doasedit.8.gz
  8. share/man/man8/vidoas.8.gz
  9. /usr/local/share/licenses/doas-6.3p12/catalog.mk
  10. /usr/local/share/licenses/doas-6.3p12/LICENSE
  11. /usr/local/share/licenses/doas-6.3p12/BSD2CLAUSE
  12. /usr/local/share/licenses/doas-6.3p12/ISCL
Collapse this list.
Dependency lines:
  • doas>0:security/doas
Conflicts:
CONFLICTS:
  • opendoas
To install the port:
cd /usr/ports/security/doas/ && make install clean
To add the package, run one of these commands:
  • pkg install security/doas
  • pkg install doas
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: doas
Flavors: there is no flavor information for this port.
distinfo:
TIMESTAMP = 1715361640 SHA256 (slicer69-doas-6.3p12_GH0.tar.gz) = e4f37745345c12d4e0c8c03c8237791729cf047dbd7b2455f8de60e2f82ac1b0 SIZE (slicer69-doas-6.3p12_GH0.tar.gz) = 34396

Packages (timestamps in pop-ups are UTC):
doas
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest6.3p126.3p126.3p26.3p126.3p12-6.3p2-
FreeBSD:13:quarterly6.3p126.3p126.3p96.3p126.3p126.3p96.3p96.3p9
FreeBSD:14:latest6.3p126.3p126.3p96.3p126.3p126.3p9-6.3p9
FreeBSD:14:quarterly6.3p126.3p12-6.3p126.3p126.3p96.3p96.3p9
FreeBSD:15:latest6.3p126.3p12n/a6.3p12n/a6.3p9_16.3p9_16.3p9_1
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. gmake>=4.4.1 : devel/gmake
There are no ports dependent upon this port

Configuration Options:
No options to configure
Options name:
security_doas
USES:
cpe gmake
pkg-message:
For install:
To use doas, /usr/local/etc/doas.conf must be created. Refer to doas.conf(5) for further details and/or follow /usr/local/etc/doas.conf.sample as an example. Note: In order to be able to run most desktop (GUI) applications, the user needs to have the keepenv keyword specified. If keepenv is not specified then key elements, like the user's $HOME variable, will be reset and cause the GUI application to crash. Users who only need to run command line applications can usually get away without keepenv. When in doubt, try to avoid using keepenv as it is less secure to have environment variables passed to privileged users.
If upgrading from < 6.1:
With the 6.1 release the transfer of most environment variables (e.g. USER, HOME and PATH) from the original user to the target user has changed. Please refer to doas.conf(5) for further details.
Master Sites:
Expand this list (1 items)
Collapse this list.
  1. https://codeload.github.com/slicer69/doas/tar.gz/6.3p12?dummy=/
Collapse this list.

Number of commits found: 36

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
6.3p12
09 Jun 2024 21:55:42
commit hash: 1acc62c56236fee8b9d5c10350a78f3c36489933commit hash: 1acc62c56236fee8b9d5c10350a78f3c36489933commit hash: 1acc62c56236fee8b9d5c10350a78f3c36489933commit hash: 1acc62c56236fee8b9d5c10350a78f3c36489933 files touched by this commit
Vladimir Druzenko (vvd) search for other commits by this committer
security/{open,}doas: add CONFLICTS to each other

They install files with the same names.

PR:		279598
Reported by:	fluffy (via email)
Fixes:		2820df617d13 (new port: portable version of OpenBSD's doas)
6.3p12
10 May 2024 17:43:51
commit hash: e05da69d0d3fc274c73a0fbc4f312da3b9265b90commit hash: e05da69d0d3fc274c73a0fbc4f312da3b9265b90commit hash: e05da69d0d3fc274c73a0fbc4f312da3b9265b90commit hash: e05da69d0d3fc274c73a0fbc4f312da3b9265b90 files touched by this commit
Vladimir Druzenko (vvd) search for other commits by this committer
Author: Jesse Smith
security/doas: update to 6.3p12

6.3p11:
* Cleaned up error checking for temporary files, removed redundant check.
* Fixed status check for copy and editor launch.

6.3p12:
* Make sure doasedit can work when target file to edit has a leading slash
character. ie A full path name is used.
* Update doas.1 manual page to indicate problems with piping input
on Linux when processes are launched by doas.

Upstream release announcement:
https://github.com/slicer69/doas/releases/tag/6.3p11
https://github.com/slicer69/doas/releases/tag/6.3p12

PR:	278897
MFH:	2024Q2
6.3p10
01 May 2024 18:01:59
commit hash: fca92006e50a6935269a4d2a7bc430c884d7d735commit hash: fca92006e50a6935269a4d2a7bc430c884d7d735commit hash: fca92006e50a6935269a4d2a7bc430c884d7d735commit hash: fca92006e50a6935269a4d2a7bc430c884d7d735 files touched by this commit
Vladimir Druzenko (vvd) search for other commits by this committer
Author: Jesse Smith
security/doas: update to 6.3p10

This is a minor upgrade which includes two fixes for the doasedit utility,
allowing it to work with files containing special characters and including
more error checking.

Upstream release announcement:
https://github.com/slicer69/doas/releases/tag/6.3p10

PR:	278683
MFH:	2024Q2
6.3p9_1
10 Jan 2024 15:29:49
commit hash: e4610fcb8b73442ad40b744bb87c1bc428ef7c1ccommit hash: e4610fcb8b73442ad40b744bb87c1bc428ef7c1ccommit hash: e4610fcb8b73442ad40b744bb87c1bc428ef7c1ccommit hash: e4610fcb8b73442ad40b744bb87c1bc428ef7c1c files touched by this commit
Baptiste Daroussin (bapt) search for other commits by this committer
MAN?PREFIX: eleminate its usage  and move man to share/man
6.3p9
20 Sep 2022 15:31:27
commit hash: d3198d9a7bd53ea8a087740f58bf3f0a9ada6417commit hash: d3198d9a7bd53ea8a087740f58bf3f0a9ada6417commit hash: d3198d9a7bd53ea8a087740f58bf3f0a9ada6417commit hash: d3198d9a7bd53ea8a087740f58bf3f0a9ada6417 files touched by this commit
Fernando Apesteguía (fernape) search for other commits by this committer
Author: Jesse Smith
security/doas: Update to 6.3p9

ChangeLog: https://github.com/slicer69/doas/releases/tag/6.3p9

PR:		266413
Reported by:	jsmith@resonatingmedia.com (maintainer)
6.3p7
13 Sep 2022 16:14:35
commit hash: 155822900e58dc3a1a830ac2d56bbe06b051f544commit hash: 155822900e58dc3a1a830ac2d56bbe06b051f544commit hash: 155822900e58dc3a1a830ac2d56bbe06b051f544commit hash: 155822900e58dc3a1a830ac2d56bbe06b051f544 files touched by this commit
Fernando Apesteguía (fernape) search for other commits by this committer
Author: Jesse Smith
security/doas: update to 6.3p7

PR:		266387
Reported by:	jsmith@resonatingmedia.com (maintainer)
07 Sep 2022 21:58:51
commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4 files touched by this commit
Stefan Eßer (se) search for other commits by this committer
Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)
6.3p6
07 Sep 2022 21:10:59
commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 files touched by this commit
Stefan Eßer (se) search for other commits by this committer
Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
6.3p6
13 Oct 2021 13:12:46
commit hash: 66441579089a0cccb30817178b0475e2990e0b60commit hash: 66441579089a0cccb30817178b0475e2990e0b60commit hash: 66441579089a0cccb30817178b0475e2990e0b60commit hash: 66441579089a0cccb30817178b0475e2990e0b60 files touched by this commit
Stefan Eßer (se) search for other commits by this committer
security/doas: Add CPE information

Approved by:	portmgr (blanket)
6.3p6
15 Sep 2021 08:02:21
commit hash: cef711955c6e7e4bb8c943b38a8a8bfecb420141commit hash: cef711955c6e7e4bb8c943b38a8a8bfecb420141commit hash: cef711955c6e7e4bb8c943b38a8a8bfecb420141commit hash: cef711955c6e7e4bb8c943b38a8a8bfecb420141 files touched by this commit
Nuno Teixeira (eduardo) search for other commits by this committer
Author: Jesse Smith
security/doas: Update to 6.3p6

ChangeLog: https://github.com/slicer69/doas/releases/tag/6.3p6

PR:		258483
6.3p5
08 Jun 2021 11:59:43
commit hash: 42a72a581b866d5e8fc28843c2686cf664cca136commit hash: 42a72a581b866d5e8fc28843c2686cf664cca136commit hash: 42a72a581b866d5e8fc28843c2686cf664cca136commit hash: 42a72a581b866d5e8fc28843c2686cf664cca136 files touched by this commit
Nuno Teixeira (eduardo) search for other commits by this committer
Author: J Smith
security/doas: port update to 6.3p5

ChangeLog: https://github.com/slicer69/doas/releases

PR:		256447
Approved by:	dbaio, garga (mentors, implicit)
6.3p4
07 Apr 2021 08:09:01
commit hash: cf118ccf875508b9a1c570044c93cfcc82bd455ccommit hash: cf118ccf875508b9a1c570044c93cfcc82bd455ccommit hash: cf118ccf875508b9a1c570044c93cfcc82bd455ccommit hash: cf118ccf875508b9a1c570044c93cfcc82bd455c files touched by this commit
Mathieu Arnold (mat) search for other commits by this committer
One more small cleanup, forgotten yesterday.
Reported by:	lwhsu
6.3p4
06 Apr 2021 14:31:07
commit hash: 305f148f482daf30dcf728039d03d019f88344ebcommit hash: 305f148f482daf30dcf728039d03d019f88344ebcommit hash: 305f148f482daf30dcf728039d03d019f88344ebcommit hash: 305f148f482daf30dcf728039d03d019f88344eb files touched by this commit
Mathieu Arnold (mat) search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
6.3p4
12 Feb 2021 17:59:02
Revision:565039Original commit files touched by this commit
amdmi3 search for other commits by this committer
- Update to 6.3p4

PR:		253010
Submitted by:	jsmith@resonatingmedia.com (maintainer)
6.3p2
24 Oct 2020 22:04:08
Revision:553230Original commit files touched by this commit
jbeich search for other commits by this committer
security/doas: update to 6.3p2

Changes:	https://github.com/slicer69/doas/releases/tag/6.3p1
Changes:	https://github.com/slicer69/doas/releases/tag/6.3p2
PR:		248524
Submitted by:	jsmith@resonatingmedia.com (maintainer)
6.3_1
03 Jul 2020 09:58:44
Revision:541094Original commit files touched by this commit
fernape search for other commits by this committer
security/doas: Add upstream doas.conf.sample

PR:	247496
Submitted by:	ed.arrakis@gmail.com
Approved by:	jsmith@resonatingmedia.com (maintainer)
6.3
23 Jun 2020 00:35:36
Revision:539953Original commit files touched by this commit
delphij search for other commits by this committer
security/doas: update to 6.3.

PR:		247467
Submitted by:	maintainer (jsmith resonatingmedia com)
6.2p4_1
22 Apr 2020 19:02:20
Revision:532505Original commit files touched by this commit
tcberner search for other commits by this committer
security/doas: Manual page cleanup

PR:		245238
Submitted by:	jsmith@resonatingmedia.com (maintainer)
MFH:		2020Q2
6.2p4
30 Dec 2019 18:10:31
Revision:521559Original commit files touched by this commit
pi search for other commits by this committer
security/doas: upgrade 6.2 -> 6.2p4

PR:		242931
Submitted by:	jsmith@resonatingmedia.com (maintainer)
Relnotes:	https://github.com/slicer69/doas/releases/tag/6.2p4
6.2
24 Sep 2019 18:05:01
Revision:512740Original commit files touched by this commit
swills search for other commits by this committer
security/doas: Update to 6.2

PR:		240305
Submitted by:	jsmith@resonatingmedia.com (maintainer)
6.1
04 Aug 2019 15:43:27
Revision:508097Original commit files touched by this commit
kai search for other commits by this committer
security/doas: Update to 6.1

* Update the pkg-message to give users that install/upgrade the port some
  info about the changed behavior regarding the environment variables. [1]

* Make the configuration of target user's sanitized $PATH that is set at
  compile time more flexible by enabling users to configure it via
  _GLOBAL_PATH. [2]

* Also pet portlint/portclippy by placing USES to the top of the USES block
  and remove the superfluous occurence of GH_PROJECT while I'm here.

Changelog:

* Most environment variables are no longer copied to the target user's
(Only the first 15 lines of the commit message are shown above View all of this commit message)
6.0p3
19 Jul 2019 05:15:07
Revision:506905Original commit files touched by this commit This port version is marked as vulnerable.
tobik search for other commits by this committer
security/doas: Convert pkg-message to UCL
6.0p3
18 Mar 2019 21:02:01
Revision:496207Original commit files touched by this commit This port version is marked as vulnerable.
swills search for other commits by this committer
security/doas: Port update to 6.0p3

PR:		236465
Submitted by:	jsmith@resonatingmedia.com (maintainer)
6.0p2
12 Oct 2017 14:22:57
Revision:451880Original commit files touched by this commit This port version is marked as vulnerable.
vanilla search for other commits by this committer
Update to 6.0p2.

PR:		222936
Submitted by:	maintainer
6.0p1
06 Sep 2017 10:03:52
Revision:449334Original commit files touched by this commit This port version is marked as vulnerable.
tobik search for other commits by this committer
security/doas: Update to 6.0p1

This update brings the security/doas port up to date with upstream.
This gives us the added benefit of restricted path searching.  Which
means if the admin puts a relative path in the doas.conf file, doas
will limit the number of places where the executable can be found.
This prevents users from putting malicious executables with the same
name in their custom path.

PR:		222092
Submitted by:	jsmith@resonatingmedia.com (maintainer)
MFH:		2017Q3
6.0p0
22 Feb 2017 14:52:56
Revision:434585Original commit files touched by this commit This port version is marked as vulnerable.
jrm search for other commits by this committer
security/doas: Update to version 6.0p.

- Pull tarball from a GitHub release rather than a commit.
- Update license information.  There is code under BSD2CLAUSE and code
  under ISCL.

PR:		217176
Submitted by:	jsmith@resonatingmedia.com (maintainer)
Approved by:	mat, swills (mentor, implicit)
Differential Revision:	https://reviews.freebsd.org/D9664
5.9p7
07 Dec 2016 07:04:19
Revision:428036Original commit files touched by this commit This port version is marked as vulnerable.
wen search for other commits by this committer
- Update to 5.9p7

PR:		214414
Submitted by:	jsmith@resonatingmedia.com(maintainer)
5.9p6
01 Oct 2016 15:10:15
Revision:423070Original commit files touched by this commit This port version is marked as vulnerable.
pawel search for other commits by this committer
Update to version 5.9p6

PR:		212975
Submitted by:	maintainer
5.9p5
24 Aug 2016 15:31:58
Revision:420802Original commit files touched by this commit This port version is marked as vulnerable.
woodsb02 search for other commits by this committer
security/doas: Update to 5.9p5

This update enforces the correct uid and gid when -u switch is used.

PR:		211622
Reported by:	telnetuserid@sdf.org
Submitted by:	jsmith@resonatingmedia.com (maintainer)
Approved by:	koobs, adamw (mentors)
Relnotes:	https://github.com/slicer69/doas/releases/tag/v5.9-5
Differential Revision:	https://reviews.freebsd.org/D7630
5.9p4
05 Jul 2016 21:13:30
Revision:418113Original commit files touched by this commit This port version is marked as vulnerable.
naddy search for other commits by this committer
Update to 5.9p4, which fixes a bug where command output is not displayed
properly when the user authenticates with "nopass" specified in the
doas.conf configuration file.

PR:		210851
Submitted by:	jsmith@resonatingmedia.com (maintainer)
5.9p2
27 Jun 2016 18:58:52
Revision:417675Original commit files touched by this commit This port version is marked as vulnerable.
pi search for other commits by this committer
security/doas: 5.9p1 -> 5.9p2

- fixed a bug where, when the user authenticates successfully as root,
  only the user's effective user id (euid) becomes zero (0).
  This leads to file permission errors when performing upgrades or
  other file-oriented operations.
- introduced gmake as a dependency as it is needed to process upstream's
  makefile.

PR:		210596
Submitted by:	jsmith@resonatingmedia.com (maintainer)
5.9p1
25 Jun 2016 11:41:18
Revision:417463Original commit files touched by this commit This port version is marked as vulnerable.
roberto search for other commits by this committer
Fix filename in distinfo.

PR:		210553
Submitted by:	t@tobik.me
5.9p1
24 Jun 2016 23:17:39
Revision:417452Original commit files touched by this commit This port version is marked as vulnerable.
roberto search for other commits by this committer
Change PORTREVISION to something sensible as upstream did not change.

Reported by:	mat
5.9
24 Jun 2016 21:00:07
Revision:417446Original commit files touched by this commit This port version is marked as vulnerable.
roberto search for other commits by this committer
Missed the fact that ${ETCDIR} includes the port's name.

Submitted by:	@mordin_ on Twitter.
5.9
24 Jun 2016 20:34:30
Revision:417445Original commit files touched by this commit This port version is marked as vulnerable.
roberto search for other commits by this committer
Update to commit 720db72 to fix a security issue.

Reported by:	Bryan Steele (@canadianbryan on Twitter)
5.9
24 Jun 2016 00:07:14
Revision:417407Original commit files touched by this commit This port version is marked as vulnerable.
roberto search for other commits by this committer
New port: security/doas

The doas program allows users to run commands as another user (usually
root). The doas program was written by the OpenBSD team to provide a
lightweight, simplified (and more secure) alternative to the sudo command.

Original upstream (OpenBSD) source:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/

FreeBSD version: https://github.com/slicer69/doas

NOTE: I added the two patch files to workaround issues mentioned in the PR
about hardcoding of /usr/local.

PR:		210473
Submitted by:	jsmith@resonatingmedia.com
Modified by:	jrm@ftfl.ca (see PR) and me (roberto)

Number of commits found: 36