[arch-commits] Commit in sudo/repos (10 files)
Evangelos Foutras
foutrelis at archlinux.org
Tue Sep 5 20:03:33 UTC 2017
Date: Tuesday, September 5, 2017 @ 20:03:32
Author: foutrelis
Revision: 304714
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
sudo/repos/testing-i686/
sudo/repos/testing-i686/PKGBUILD
(from rev 304713, sudo/trunk/PKGBUILD)
sudo/repos/testing-i686/fix-pam-prompt.patch
(from rev 304713, sudo/trunk/fix-pam-prompt.patch)
sudo/repos/testing-i686/sudo.install
(from rev 304713, sudo/trunk/sudo.install)
sudo/repos/testing-i686/sudo.pam
(from rev 304713, sudo/trunk/sudo.pam)
sudo/repos/testing-x86_64/
sudo/repos/testing-x86_64/PKGBUILD
(from rev 304713, sudo/trunk/PKGBUILD)
sudo/repos/testing-x86_64/fix-pam-prompt.patch
(from rev 304713, sudo/trunk/fix-pam-prompt.patch)
sudo/repos/testing-x86_64/sudo.install
(from rev 304713, sudo/trunk/sudo.install)
sudo/repos/testing-x86_64/sudo.pam
(from rev 304713, sudo/trunk/sudo.pam)
-------------------------------------+
testing-i686/PKGBUILD | 77 ++++++++++++++++++++++++++++++++++
testing-i686/fix-pam-prompt.patch | 66 +++++++++++++++++++++++++++++
testing-i686/sudo.install | 9 +++
testing-i686/sudo.pam | 4 +
testing-x86_64/PKGBUILD | 77 ++++++++++++++++++++++++++++++++++
testing-x86_64/fix-pam-prompt.patch | 66 +++++++++++++++++++++++++++++
testing-x86_64/sudo.install | 9 +++
testing-x86_64/sudo.pam | 4 +
8 files changed, 312 insertions(+)
Copied: sudo/repos/testing-i686/PKGBUILD (from rev 304713, sudo/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2017-09-05 20:03:32 UTC (rev 304714)
@@ -0,0 +1,77 @@
+# $Id$
+# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
+# Contributor: Allan McRae <allan at archlinux.org>
+# Contributor: Tom Newsom <Jeepster at gmx.co.uk>
+
+pkgname=sudo
+_sudover=1.8.21p1
+pkgver=${_sudover/p/.p}
+pkgrel=2
+pkgdesc="Give certain users the ability to run some commands as root"
+arch=('i686' 'x86_64')
+url="https://www.sudo.ws/sudo/"
+license=('custom')
+groups=('base-devel')
+depends=('glibc' 'libgcrypt' 'pam' 'libldap')
+backup=('etc/sudoers' 'etc/pam.d/sudo')
+install=$pkgname.install
+source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
+ fix-pam-prompt.patch
+ sudo.pam)
+sha256sums=('ee50d3a249a96b1c5c8d3d21380eb96c63c6e61a888b13e3c2b941b23ab7c808'
+ 'SKIP'
+ 'fc9a37c533664ecfdc7715812e9a93f39891e6fc3d72c23858bee33ac27fcebe'
+ 'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
+validpgpkeys=('CCB24BE9E9481B15D34159535A89DFA27EE470C4')
+
+prepare() {
+ cd "$srcdir/$pkgname-$_sudover"
+
+ # https://bugzilla.sudo.ws/show_bug.cgi?id=799
+ patch -Np1 -i ../fix-pam-prompt.patch
+}
+
+build() {
+ cd "$srcdir/$pkgname-$_sudover"
+
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --libexecdir=/usr/lib \
+ --with-rundir=/run/sudo \
+ --with-vardir=/var/db/sudo \
+ --with-logfac=auth \
+ --enable-gcrypt \
+ --enable-tmpfiles.d \
+ --with-pam \
+ --with-sssd \
+ --with-ldap \
+ --with-ldap-conf-file=/etc/openldap/ldap.conf \
+ --with-env-editor \
+ --with-passprompt="[sudo] password for %p: " \
+ --with-all-insults
+ make
+}
+
+check() {
+ cd "$srcdir/$pkgname-$_sudover"
+ make check
+}
+
+package() {
+ cd "$srcdir/$pkgname-$_sudover"
+ make DESTDIR="$pkgdir" install
+
+ # Remove sudoers.dist; not needed since pacman manages updates to sudoers
+ rm "$pkgdir/etc/sudoers.dist"
+
+ # Remove /run/sudo directory; we create it using systemd-tmpfiles
+ rmdir "$pkgdir/run/sudo"
+ rmdir "$pkgdir/run"
+
+ install -Dm644 "$srcdir/sudo.pam" "$pkgdir/etc/pam.d/sudo"
+
+ install -Dm644 doc/LICENSE "$pkgdir/usr/share/licenses/sudo/LICENSE"
+}
+
+# vim:set ts=2 sw=2 et:
Copied: sudo/repos/testing-i686/fix-pam-prompt.patch (from rev 304713, sudo/trunk/fix-pam-prompt.patch)
===================================================================
--- testing-i686/fix-pam-prompt.patch (rev 0)
+++ testing-i686/fix-pam-prompt.patch 2017-09-05 20:03:32 UTC (rev 304714)
@@ -0,0 +1,66 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller at courtesan.com>
+# Date 1504625419 21600
+# Node ID 6ee5cc13af69f4248dfa1d89215e7c95fa90d051
+# Parent 7e6bf56cb06cfdc82f5b636ebe2851cfeda50f17
+Fix a logic error in 96651906de42 which prevented sudo from using
+the PAM-supplied prompt. Bug #799
+
+diff -r 7e6bf56cb06c -r 6ee5cc13af69 plugins/sudoers/auth/pam.c
+--- a/plugins/sudoers/auth/pam.c Fri Sep 01 14:09:43 2017 -0600
++++ b/plugins/sudoers/auth/pam.c Tue Sep 05 09:30:19 2017 -0600
+@@ -435,28 +435,32 @@
+ size_t user_len;
+ debug_decl(use_pam_prompt, SUDOERS_DEBUG_AUTH)
+
+- if (!def_passprompt_override) {
+- /* If sudo prompt matches "^Password: ?$", use PAM prompt. */
+- if (PROMPT_IS_PASSWORD(def_prompt))
+- debug_return_bool(true);
+-
+- /* If PAM prompt matches "^Password: ?$", use sudo prompt. */
+- if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
+- debug_return_bool(false);
++ /* Always use sudo prompt if passprompt_override is set. */
++ if (def_passprompt_override)
++ debug_return_bool(false);
+
+- /*
+- * Some PAM modules use "^username's Password: ?$" instead of
+- * "^Password: ?" so check for that too.
+- */
+- user_len = strlen(user_name);
+- if (strncmp(pam_prompt, user_name, user_len) == 0) {
+- const char *cp = pam_prompt + user_len;
+- if (strncmp(cp, "'s Password:", 12) == 0 &&
+- (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
+- debug_return_bool(false);
+- }
++ /* If sudo prompt matches "^Password: ?$", use PAM prompt. */
++ if (PROMPT_IS_PASSWORD(def_prompt))
++ debug_return_bool(true);
++
++ /* If PAM prompt matches "^Password: ?$", use sudo prompt. */
++ if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
++ debug_return_bool(false);
++
++ /*
++ * Some PAM modules use "^username's Password: ?$" instead of
++ * "^Password: ?" so check for that too.
++ */
++ user_len = strlen(user_name);
++ if (strncmp(pam_prompt, user_name, user_len) == 0) {
++ const char *cp = pam_prompt + user_len;
++ if (strncmp(cp, "'s Password:", 12) == 0 &&
++ (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
++ debug_return_bool(false);
+ }
+- debug_return_bool(false);
++
++ /* Otherwise, use the PAM prompt. */
++ debug_return_bool(true);
+ }
+
+ /*
+
Copied: sudo/repos/testing-i686/sudo.install (from rev 304713, sudo/trunk/sudo.install)
===================================================================
--- testing-i686/sudo.install (rev 0)
+++ testing-i686/sudo.install 2017-09-05 20:03:32 UTC (rev 304714)
@@ -0,0 +1,9 @@
+pre_upgrade() {
+ # Permissions of /var/db/sudo were changed from 0700 to 0711 in sudo 1.8.10
+ # http://www.sudo.ws/repos/sudo/rev/5c38d77a2d0c
+ if (($(vercmp $2 1.8.10-1) < 0)); then
+ chmod 0711 var/db/sudo
+ fi
+}
+
+# vim:set ts=2 sw=2 et:
Copied: sudo/repos/testing-i686/sudo.pam (from rev 304713, sudo/trunk/sudo.pam)
===================================================================
--- testing-i686/sudo.pam (rev 0)
+++ testing-i686/sudo.pam 2017-09-05 20:03:32 UTC (rev 304714)
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth include system-auth
+account include system-auth
+session include system-auth
Copied: sudo/repos/testing-x86_64/PKGBUILD (from rev 304713, sudo/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2017-09-05 20:03:32 UTC (rev 304714)
@@ -0,0 +1,77 @@
+# $Id$
+# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
+# Contributor: Allan McRae <allan at archlinux.org>
+# Contributor: Tom Newsom <Jeepster at gmx.co.uk>
+
+pkgname=sudo
+_sudover=1.8.21p1
+pkgver=${_sudover/p/.p}
+pkgrel=2
+pkgdesc="Give certain users the ability to run some commands as root"
+arch=('i686' 'x86_64')
+url="https://www.sudo.ws/sudo/"
+license=('custom')
+groups=('base-devel')
+depends=('glibc' 'libgcrypt' 'pam' 'libldap')
+backup=('etc/sudoers' 'etc/pam.d/sudo')
+install=$pkgname.install
+source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
+ fix-pam-prompt.patch
+ sudo.pam)
+sha256sums=('ee50d3a249a96b1c5c8d3d21380eb96c63c6e61a888b13e3c2b941b23ab7c808'
+ 'SKIP'
+ 'fc9a37c533664ecfdc7715812e9a93f39891e6fc3d72c23858bee33ac27fcebe'
+ 'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
+validpgpkeys=('CCB24BE9E9481B15D34159535A89DFA27EE470C4')
+
+prepare() {
+ cd "$srcdir/$pkgname-$_sudover"
+
+ # https://bugzilla.sudo.ws/show_bug.cgi?id=799
+ patch -Np1 -i ../fix-pam-prompt.patch
+}
+
+build() {
+ cd "$srcdir/$pkgname-$_sudover"
+
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --libexecdir=/usr/lib \
+ --with-rundir=/run/sudo \
+ --with-vardir=/var/db/sudo \
+ --with-logfac=auth \
+ --enable-gcrypt \
+ --enable-tmpfiles.d \
+ --with-pam \
+ --with-sssd \
+ --with-ldap \
+ --with-ldap-conf-file=/etc/openldap/ldap.conf \
+ --with-env-editor \
+ --with-passprompt="[sudo] password for %p: " \
+ --with-all-insults
+ make
+}
+
+check() {
+ cd "$srcdir/$pkgname-$_sudover"
+ make check
+}
+
+package() {
+ cd "$srcdir/$pkgname-$_sudover"
+ make DESTDIR="$pkgdir" install
+
+ # Remove sudoers.dist; not needed since pacman manages updates to sudoers
+ rm "$pkgdir/etc/sudoers.dist"
+
+ # Remove /run/sudo directory; we create it using systemd-tmpfiles
+ rmdir "$pkgdir/run/sudo"
+ rmdir "$pkgdir/run"
+
+ install -Dm644 "$srcdir/sudo.pam" "$pkgdir/etc/pam.d/sudo"
+
+ install -Dm644 doc/LICENSE "$pkgdir/usr/share/licenses/sudo/LICENSE"
+}
+
+# vim:set ts=2 sw=2 et:
Copied: sudo/repos/testing-x86_64/fix-pam-prompt.patch (from rev 304713, sudo/trunk/fix-pam-prompt.patch)
===================================================================
--- testing-x86_64/fix-pam-prompt.patch (rev 0)
+++ testing-x86_64/fix-pam-prompt.patch 2017-09-05 20:03:32 UTC (rev 304714)
@@ -0,0 +1,66 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller at courtesan.com>
+# Date 1504625419 21600
+# Node ID 6ee5cc13af69f4248dfa1d89215e7c95fa90d051
+# Parent 7e6bf56cb06cfdc82f5b636ebe2851cfeda50f17
+Fix a logic error in 96651906de42 which prevented sudo from using
+the PAM-supplied prompt. Bug #799
+
+diff -r 7e6bf56cb06c -r 6ee5cc13af69 plugins/sudoers/auth/pam.c
+--- a/plugins/sudoers/auth/pam.c Fri Sep 01 14:09:43 2017 -0600
++++ b/plugins/sudoers/auth/pam.c Tue Sep 05 09:30:19 2017 -0600
+@@ -435,28 +435,32 @@
+ size_t user_len;
+ debug_decl(use_pam_prompt, SUDOERS_DEBUG_AUTH)
+
+- if (!def_passprompt_override) {
+- /* If sudo prompt matches "^Password: ?$", use PAM prompt. */
+- if (PROMPT_IS_PASSWORD(def_prompt))
+- debug_return_bool(true);
+-
+- /* If PAM prompt matches "^Password: ?$", use sudo prompt. */
+- if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
+- debug_return_bool(false);
++ /* Always use sudo prompt if passprompt_override is set. */
++ if (def_passprompt_override)
++ debug_return_bool(false);
+
+- /*
+- * Some PAM modules use "^username's Password: ?$" instead of
+- * "^Password: ?" so check for that too.
+- */
+- user_len = strlen(user_name);
+- if (strncmp(pam_prompt, user_name, user_len) == 0) {
+- const char *cp = pam_prompt + user_len;
+- if (strncmp(cp, "'s Password:", 12) == 0 &&
+- (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
+- debug_return_bool(false);
+- }
++ /* If sudo prompt matches "^Password: ?$", use PAM prompt. */
++ if (PROMPT_IS_PASSWORD(def_prompt))
++ debug_return_bool(true);
++
++ /* If PAM prompt matches "^Password: ?$", use sudo prompt. */
++ if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
++ debug_return_bool(false);
++
++ /*
++ * Some PAM modules use "^username's Password: ?$" instead of
++ * "^Password: ?" so check for that too.
++ */
++ user_len = strlen(user_name);
++ if (strncmp(pam_prompt, user_name, user_len) == 0) {
++ const char *cp = pam_prompt + user_len;
++ if (strncmp(cp, "'s Password:", 12) == 0 &&
++ (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
++ debug_return_bool(false);
+ }
+- debug_return_bool(false);
++
++ /* Otherwise, use the PAM prompt. */
++ debug_return_bool(true);
+ }
+
+ /*
+
Copied: sudo/repos/testing-x86_64/sudo.install (from rev 304713, sudo/trunk/sudo.install)
===================================================================
--- testing-x86_64/sudo.install (rev 0)
+++ testing-x86_64/sudo.install 2017-09-05 20:03:32 UTC (rev 304714)
@@ -0,0 +1,9 @@
+pre_upgrade() {
+ # Permissions of /var/db/sudo were changed from 0700 to 0711 in sudo 1.8.10
+ # http://www.sudo.ws/repos/sudo/rev/5c38d77a2d0c
+ if (($(vercmp $2 1.8.10-1) < 0)); then
+ chmod 0711 var/db/sudo
+ fi
+}
+
+# vim:set ts=2 sw=2 et:
Copied: sudo/repos/testing-x86_64/sudo.pam (from rev 304713, sudo/trunk/sudo.pam)
===================================================================
--- testing-x86_64/sudo.pam (rev 0)
+++ testing-x86_64/sudo.pam 2017-09-05 20:03:32 UTC (rev 304714)
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth include system-auth
+account include system-auth
+session include system-auth
More information about the arch-commits
mailing list