[arch-commits] Commit in sudo/trunk (3 files)

Thu Sep 7 12:04:00 UTC 2017

Date: Thursday, September 7, 2017 @ 12:03:59
  Author: foutrelis
Revision: 304771

upgpkg: sudo 1.8.21.p2-1

New upstream release.

Modified:
  sudo/trunk/PKGBUILD
Deleted:
  sudo/trunk/fix-pam-prompt.patch
  sudo/trunk/fix-usage-of-signal-pipe.patch

--------------------------------+
 PKGBUILD                       |   16 +--------
 fix-pam-prompt.patch           |   66 ---------------------------------------
 fix-usage-of-signal-pipe.patch |   51 ------------------------------
 3 files changed, 3 insertions(+), 130 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2017-09-07 10:56:12 UTC (rev 304770)
+++ PKGBUILD	2017-09-07 12:03:59 UTC (rev 304771)
@@ -4,9 +4,9 @@
 # Contributor: Tom Newsom <Jeepster at gmx.co.uk>
 
 pkgname=sudo
-_sudover=1.8.21p1
+_sudover=1.8.21p2
 pkgver=${_sudover/p/.p}
-pkgrel=3
+pkgrel=1
 pkgdesc="Give certain users the ability to run some commands as root"
 arch=('i686' 'x86_64')
 url="https://www.sudo.ws/sudo/"
@@ -16,24 +16,14 @@
 backup=('etc/sudoers' 'etc/pam.d/sudo')
 install=$pkgname.install
 source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
-        fix-pam-prompt.patch
-        fix-usage-of-signal-pipe.patch
         sudo.pam)
-sha256sums=('ee50d3a249a96b1c5c8d3d21380eb96c63c6e61a888b13e3c2b941b23ab7c808'
+sha256sums=('74c5746cd33a814e2431c39faf0d76f7f8a697379bd073862e3b156cf0d76368'
             'SKIP'
-            'fc9a37c533664ecfdc7715812e9a93f39891e6fc3d72c23858bee33ac27fcebe'
-            '10af762129cf88b3036a30e6c1d19ec69b70911161d4f419fd5b86f160a1a4f1'
             'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
 validpgpkeys=('CCB24BE9E9481B15D34159535A89DFA27EE470C4')
 
 prepare() {
   cd "$srcdir/$pkgname-$_sudover"
-
-  # https://bugzilla.sudo.ws/show_bug.cgi?id=799
-  patch -Np1 -i ../fix-pam-prompt.patch
-
-  # https://bugzilla.sudo.ws/show_bug.cgi?id=800
-  patch -Np1 -i ../fix-usage-of-signal-pipe.patch
 }
 
 build() {

Deleted: fix-pam-prompt.patch
===================================================================
--- fix-pam-prompt.patch	2017-09-07 10:56:12 UTC (rev 304770)
+++ fix-pam-prompt.patch	2017-09-07 12:03:59 UTC (rev 304771)
@@ -1,66 +0,0 @@
-
-# HG changeset patch
-# User Todd C. Miller <Todd.Miller at courtesan.com>
-# Date 1504625419 21600
-# Node ID 6ee5cc13af69f4248dfa1d89215e7c95fa90d051
-# Parent  7e6bf56cb06cfdc82f5b636ebe2851cfeda50f17
-Fix a logic error in 96651906de42 which prevented sudo from using
-the PAM-supplied prompt.  Bug #799
-
-diff -r 7e6bf56cb06c -r 6ee5cc13af69 plugins/sudoers/auth/pam.c
---- a/plugins/sudoers/auth/pam.c	Fri Sep 01 14:09:43 2017 -0600
-+++ b/plugins/sudoers/auth/pam.c	Tue Sep 05 09:30:19 2017 -0600
-@@ -435,28 +435,32 @@
-     size_t user_len;
-     debug_decl(use_pam_prompt, SUDOERS_DEBUG_AUTH)
- 
--    if (!def_passprompt_override) {
--	/* If sudo prompt matches "^Password: ?$", use PAM prompt. */
--	if (PROMPT_IS_PASSWORD(def_prompt))
--	    debug_return_bool(true);
--
--	/* If PAM prompt matches "^Password: ?$", use sudo prompt. */
--	if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
--	    debug_return_bool(false);
-+    /* Always use sudo prompt if passprompt_override is set. */
-+    if (def_passprompt_override)
-+	debug_return_bool(false);
- 
--	/*
--	 * Some PAM modules use "^username's Password: ?$" instead of
--	 * "^Password: ?" so check for that too.
--	 */
--	user_len = strlen(user_name);
--	if (strncmp(pam_prompt, user_name, user_len) == 0) {
--	    const char *cp = pam_prompt + user_len;
--	    if (strncmp(cp, "'s Password:", 12) == 0 &&
--		(cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
--		debug_return_bool(false);
--	}
-+    /* If sudo prompt matches "^Password: ?$", use PAM prompt. */
-+    if (PROMPT_IS_PASSWORD(def_prompt))
-+	debug_return_bool(true);
-+
-+    /* If PAM prompt matches "^Password: ?$", use sudo prompt. */
-+    if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
-+	debug_return_bool(false);
-+
-+    /*
-+     * Some PAM modules use "^username's Password: ?$" instead of
-+     * "^Password: ?" so check for that too.
-+     */
-+    user_len = strlen(user_name);
-+    if (strncmp(pam_prompt, user_name, user_len) == 0) {
-+	const char *cp = pam_prompt + user_len;
-+	if (strncmp(cp, "'s Password:", 12) == 0 &&
-+	    (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
-+	    debug_return_bool(false);
-     }
--    debug_return_bool(false);
-+
-+    /* Otherwise, use the PAM prompt. */
-+    debug_return_bool(true);
- }
- 
- /*
-

Deleted: fix-usage-of-signal-pipe.patch
===================================================================
--- fix-usage-of-signal-pipe.patch	2017-09-07 10:56:12 UTC (rev 304770)
+++ fix-usage-of-signal-pipe.patch	2017-09-07 12:03:59 UTC (rev 304771)
@@ -1,51 +0,0 @@
-
-# HG changeset patch
-# User Todd C. Miller <Todd.Miller at courtesan.com>
-# Date 1504722576 21600
-# Node ID 7668f93e6544c762e6753590426ca882c0a373a5
-# Parent  6ee5cc13af69f4248dfa1d89215e7c95fa90d051
-The read and write sides of signal_pipe[] were swapped, resulting
-in EBADF reading from and writing to the signal pipe on Linux and
-probably others.  On systems with bidirectional pipes this was not
-an issue.
-
-diff -r 6ee5cc13af69 -r 7668f93e6544 lib/util/event.c
---- a/lib/util/event.c	Tue Sep 05 09:30:19 2017 -0600
-+++ b/lib/util/event.c	Wed Sep 06 12:29:36 2017 -0600
-@@ -153,7 +153,7 @@
-     }
-     if (nread == -1 && errno != EAGAIN) {
- 	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
--	    "%s: error reading from signal pipe", __func__);
-+	    "%s: error reading from signal pipe fd %d", __func__, fd);
-     }
- 
-     /* Activate signal events. */
-@@ -182,7 +182,7 @@
- 	    "%s: unable to create signal pipe", __func__);
- 	goto bad;
-     }
--    sudo_ev_init(&base->signal_event, base->signal_pipe[1],
-+    sudo_ev_init(&base->signal_event, base->signal_pipe[0],
- 	SUDO_EV_READ|SUDO_EV_PERSIST, signal_pipe_cb, base);
- 
-     debug_return_int(0);
-@@ -341,7 +341,7 @@
- 	signal_base->signal_caught = 1;
- 
- 	/* Wake up the other end of the pipe. */
--	ignore_result(write(signal_base->signal_pipe[0], &ch, 1));
-+	ignore_result(write(signal_base->signal_pipe[1], &ch, 1));
-     }
- }
- 
-@@ -622,7 +622,7 @@
- 	    if (errno == EINTR) {
- 		/* Interrupted by signal, check for sigevents. */
- 		if (base->signal_caught) {
--		    signal_pipe_cb(base->signal_pipe[1], SUDO_EV_READ, base);
-+		    signal_pipe_cb(base->signal_pipe[0], SUDO_EV_READ, base);
- 		    break;
- 		}
- 		continue;
-

