[arch-commits] Commit in sudo/trunk (3 files)
Evangelos Foutras
foutrelis at archlinux.org
Thu Sep 7 12:04:00 UTC 2017
Date: Thursday, September 7, 2017 @ 12:03:59
Author: foutrelis
Revision: 304771
upgpkg: sudo 1.8.21.p2-1
New upstream release.
Modified:
sudo/trunk/PKGBUILD
Deleted:
sudo/trunk/fix-pam-prompt.patch
sudo/trunk/fix-usage-of-signal-pipe.patch
--------------------------------+
PKGBUILD | 16 +--------
fix-pam-prompt.patch | 66 ---------------------------------------
fix-usage-of-signal-pipe.patch | 51 ------------------------------
3 files changed, 3 insertions(+), 130 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-09-07 10:56:12 UTC (rev 304770)
+++ PKGBUILD 2017-09-07 12:03:59 UTC (rev 304771)
@@ -4,9 +4,9 @@
# Contributor: Tom Newsom <Jeepster at gmx.co.uk>
pkgname=sudo
-_sudover=1.8.21p1
+_sudover=1.8.21p2
pkgver=${_sudover/p/.p}
-pkgrel=3
+pkgrel=1
pkgdesc="Give certain users the ability to run some commands as root"
arch=('i686' 'x86_64')
url="https://www.sudo.ws/sudo/"
@@ -16,24 +16,14 @@
backup=('etc/sudoers' 'etc/pam.d/sudo')
install=$pkgname.install
source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
- fix-pam-prompt.patch
- fix-usage-of-signal-pipe.patch
sudo.pam)
-sha256sums=('ee50d3a249a96b1c5c8d3d21380eb96c63c6e61a888b13e3c2b941b23ab7c808'
+sha256sums=('74c5746cd33a814e2431c39faf0d76f7f8a697379bd073862e3b156cf0d76368'
'SKIP'
- 'fc9a37c533664ecfdc7715812e9a93f39891e6fc3d72c23858bee33ac27fcebe'
- '10af762129cf88b3036a30e6c1d19ec69b70911161d4f419fd5b86f160a1a4f1'
'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
validpgpkeys=('CCB24BE9E9481B15D34159535A89DFA27EE470C4')
prepare() {
cd "$srcdir/$pkgname-$_sudover"
-
- # https://bugzilla.sudo.ws/show_bug.cgi?id=799
- patch -Np1 -i ../fix-pam-prompt.patch
-
- # https://bugzilla.sudo.ws/show_bug.cgi?id=800
- patch -Np1 -i ../fix-usage-of-signal-pipe.patch
}
build() {
Deleted: fix-pam-prompt.patch
===================================================================
--- fix-pam-prompt.patch 2017-09-07 10:56:12 UTC (rev 304770)
+++ fix-pam-prompt.patch 2017-09-07 12:03:59 UTC (rev 304771)
@@ -1,66 +0,0 @@
-
-# HG changeset patch
-# User Todd C. Miller <Todd.Miller at courtesan.com>
-# Date 1504625419 21600
-# Node ID 6ee5cc13af69f4248dfa1d89215e7c95fa90d051
-# Parent 7e6bf56cb06cfdc82f5b636ebe2851cfeda50f17
-Fix a logic error in 96651906de42 which prevented sudo from using
-the PAM-supplied prompt. Bug #799
-
-diff -r 7e6bf56cb06c -r 6ee5cc13af69 plugins/sudoers/auth/pam.c
---- a/plugins/sudoers/auth/pam.c Fri Sep 01 14:09:43 2017 -0600
-+++ b/plugins/sudoers/auth/pam.c Tue Sep 05 09:30:19 2017 -0600
-@@ -435,28 +435,32 @@
- size_t user_len;
- debug_decl(use_pam_prompt, SUDOERS_DEBUG_AUTH)
-
-- if (!def_passprompt_override) {
-- /* If sudo prompt matches "^Password: ?$", use PAM prompt. */
-- if (PROMPT_IS_PASSWORD(def_prompt))
-- debug_return_bool(true);
--
-- /* If PAM prompt matches "^Password: ?$", use sudo prompt. */
-- if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
-- debug_return_bool(false);
-+ /* Always use sudo prompt if passprompt_override is set. */
-+ if (def_passprompt_override)
-+ debug_return_bool(false);
-
-- /*
-- * Some PAM modules use "^username's Password: ?$" instead of
-- * "^Password: ?" so check for that too.
-- */
-- user_len = strlen(user_name);
-- if (strncmp(pam_prompt, user_name, user_len) == 0) {
-- const char *cp = pam_prompt + user_len;
-- if (strncmp(cp, "'s Password:", 12) == 0 &&
-- (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
-- debug_return_bool(false);
-- }
-+ /* If sudo prompt matches "^Password: ?$", use PAM prompt. */
-+ if (PROMPT_IS_PASSWORD(def_prompt))
-+ debug_return_bool(true);
-+
-+ /* If PAM prompt matches "^Password: ?$", use sudo prompt. */
-+ if (PAM_PROMPT_IS_PASSWORD(pam_prompt))
-+ debug_return_bool(false);
-+
-+ /*
-+ * Some PAM modules use "^username's Password: ?$" instead of
-+ * "^Password: ?" so check for that too.
-+ */
-+ user_len = strlen(user_name);
-+ if (strncmp(pam_prompt, user_name, user_len) == 0) {
-+ const char *cp = pam_prompt + user_len;
-+ if (strncmp(cp, "'s Password:", 12) == 0 &&
-+ (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0')))
-+ debug_return_bool(false);
- }
-- debug_return_bool(false);
-+
-+ /* Otherwise, use the PAM prompt. */
-+ debug_return_bool(true);
- }
-
- /*
-
Deleted: fix-usage-of-signal-pipe.patch
===================================================================
--- fix-usage-of-signal-pipe.patch 2017-09-07 10:56:12 UTC (rev 304770)
+++ fix-usage-of-signal-pipe.patch 2017-09-07 12:03:59 UTC (rev 304771)
@@ -1,51 +0,0 @@
-
-# HG changeset patch
-# User Todd C. Miller <Todd.Miller at courtesan.com>
-# Date 1504722576 21600
-# Node ID 7668f93e6544c762e6753590426ca882c0a373a5
-# Parent 6ee5cc13af69f4248dfa1d89215e7c95fa90d051
-The read and write sides of signal_pipe[] were swapped, resulting
-in EBADF reading from and writing to the signal pipe on Linux and
-probably others. On systems with bidirectional pipes this was not
-an issue.
-
-diff -r 6ee5cc13af69 -r 7668f93e6544 lib/util/event.c
---- a/lib/util/event.c Tue Sep 05 09:30:19 2017 -0600
-+++ b/lib/util/event.c Wed Sep 06 12:29:36 2017 -0600
-@@ -153,7 +153,7 @@
- }
- if (nread == -1 && errno != EAGAIN) {
- sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
-- "%s: error reading from signal pipe", __func__);
-+ "%s: error reading from signal pipe fd %d", __func__, fd);
- }
-
- /* Activate signal events. */
-@@ -182,7 +182,7 @@
- "%s: unable to create signal pipe", __func__);
- goto bad;
- }
-- sudo_ev_init(&base->signal_event, base->signal_pipe[1],
-+ sudo_ev_init(&base->signal_event, base->signal_pipe[0],
- SUDO_EV_READ|SUDO_EV_PERSIST, signal_pipe_cb, base);
-
- debug_return_int(0);
-@@ -341,7 +341,7 @@
- signal_base->signal_caught = 1;
-
- /* Wake up the other end of the pipe. */
-- ignore_result(write(signal_base->signal_pipe[0], &ch, 1));
-+ ignore_result(write(signal_base->signal_pipe[1], &ch, 1));
- }
- }
-
-@@ -622,7 +622,7 @@
- if (errno == EINTR) {
- /* Interrupted by signal, check for sigevents. */
- if (base->signal_caught) {
-- signal_pipe_cb(base->signal_pipe[1], SUDO_EV_READ, base);
-+ signal_pipe_cb(base->signal_pipe[0], SUDO_EV_READ, base);
- break;
- }
- continue;
-
More information about the arch-commits
mailing list