[arch-commits] Commit in sudo/repos (6 files)

Evangelos Foutras foutrelis at gemini.archlinux.org
Thu Sep 16 04:09:37 UTC 2021 

    Date: Thursday, September 16, 2021 @ 04:09:37
  Author: foutrelis
Revision: 424078

archrelease: copy trunk to testing-x86_64

Added:
  sudo/repos/testing-x86_64/
  sudo/repos/testing-x86_64/PKGBUILD
    (from rev 424077, sudo/trunk/PKGBUILD)
  sudo/repos/testing-x86_64/append_defaults-boolean-flags.patch
    (from rev 424077, sudo/trunk/append_defaults-boolean-flags.patch)
  sudo/repos/testing-x86_64/sudo.install
    (from rev 424077, sudo/trunk/sudo.install)
  sudo/repos/testing-x86_64/sudo.pam
    (from rev 424077, sudo/trunk/sudo.pam)
  sudo/repos/testing-x86_64/sudo_logsrvd.service
    (from rev 424077, sudo/trunk/sudo_logsrvd.service)

-------------------------------------+
 PKGBUILD                            |   82 ++++++++++++++++++++++++++++++++++
 append_defaults-boolean-flags.patch |   48 +++++++++++++++++++
 sudo.install                        |    9 +++
 sudo.pam                            |    4 +
 sudo_logsrvd.service                |   13 +++++
 5 files changed, 156 insertions(+)

Copied: sudo/repos/testing-x86_64/PKGBUILD (from rev 424077, sudo/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2021-09-16 04:09:37 UTC (rev 424078)
@@ -0,0 +1,82 @@
+# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
+# Contributor: Allan McRae <allan at archlinux.org>
+# Contributor: Tom Newsom <Jeepster at gmx.co.uk>
+
+pkgname=sudo
+_sudover=1.9.8
+pkgrel=2
+pkgver=${_sudover/p/.p}
+pkgdesc="Give certain users the ability to run some commands as root"
+arch=('x86_64')
+url="https://www.sudo.ws/sudo/"
+license=('custom')
+groups=('base-devel')
+depends=('glibc' 'openssl' 'pam' 'libldap' 'zlib')
+backup=('etc/pam.d/sudo'
+        'etc/sudo.conf'
+        'etc/sudo_logsrvd.conf'
+        'etc/sudoers')
+install=$pkgname.install
+source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
+        append_defaults-boolean-flags.patch
+        sudo_logsrvd.service
+        sudo.pam)
+sha256sums=('f1735de999804ea1af068fba6a82cb6674ea64c789813b29266fd3b16cb294e6'
+            'SKIP'
+            '36648e052a834275636bef75a00197e43cd1baaa07006cd3b426e99cc109b4b9'
+            '8b91733b73171827c360a3e01f4692772b78e62ceca0cf0fd4b770aba35081a1'
+            'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
+validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB')
+
+prepare() {
+  cd "$srcdir/$pkgname-$_sudover"
+  # https://bugs.archlinux.org/task/72146
+  patch -Np1 -i ../append_defaults-boolean-flags.patch
+}
+
+build() {
+  cd "$srcdir/$pkgname-$_sudover"
+
+  ./configure \
+    --prefix=/usr \
+    --sbindir=/usr/bin \
+    --libexecdir=/usr/lib \
+    --with-rundir=/run/sudo \
+    --with-vardir=/var/db/sudo \
+    --with-logfac=auth \
+    --enable-tmpfiles.d \
+    --with-pam \
+    --with-sssd \
+    --with-ldap \
+    --with-ldap-conf-file=/etc/openldap/ldap.conf \
+    --with-env-editor \
+    --with-passprompt="[sudo] password for %p: " \
+    --with-all-insults
+  make
+}
+
+check() {
+  cd "$srcdir/$pkgname-$_sudover"
+  make check
+}
+
+package() {
+  cd "$srcdir/$pkgname-$_sudover"
+  make DESTDIR="$pkgdir" install
+
+  # sudo_logsrvd service file (taken from sudo-logsrvd-1.9.0-1.el8.x86_64.rpm)
+  install -Dm644 -t "$pkgdir/usr/lib/systemd/system" ../sudo_logsrvd.service
+
+  # Remove sudoers.dist; not needed since pacman manages updates to sudoers
+  rm "$pkgdir/etc/sudoers.dist"
+
+  # Remove /run/sudo directory; we create it using systemd-tmpfiles
+  rmdir "$pkgdir/run/sudo"
+  rmdir "$pkgdir/run"
+
+  install -Dm644 "$srcdir/sudo.pam" "$pkgdir/etc/pam.d/sudo"
+
+  install -Dm644 doc/LICENSE "$pkgdir/usr/share/licenses/sudo/LICENSE"
+}
+
+# vim:set ts=2 sw=2 et:

Copied: sudo/repos/testing-x86_64/append_defaults-boolean-flags.patch (from rev 424077, sudo/trunk/append_defaults-boolean-flags.patch)
===================================================================
--- testing-x86_64/append_defaults-boolean-flags.patch	                        (rev 0)
+++ testing-x86_64/append_defaults-boolean-flags.patch	2021-09-16 04:09:37 UTC (rev 424078)
@@ -0,0 +1,48 @@
+From d7cdf1e47c596c3fa6cffedd4904c67919389668 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller at sudo.ws>
+Date: Tue, 14 Sep 2021 08:02:37 -0600
+Subject: [PATCH] append_defaults() should not be passed a value for boolean
+ flags. The operation should simply be set to true/false. Also treat a NULL
+ file as coming from the front-end. Bug #993.
+
+---
+ plugins/sudoers/defaults.c | 3 +++
+ plugins/sudoers/policy.c   | 4 ++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c
+index 5739b40e2..95e6fbd30 100644
+--- a/plugins/sudoers/defaults.c
++++ b/plugins/sudoers/defaults.c
+@@ -206,6 +206,9 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
+     int rc;
+     debug_decl(parse_default_entry, SUDOERS_DEBUG_DEFAULTS);
+ 
++    if (file == NULL)
++	file = "front-end";
++
+     sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s:%d:%d: %s=%s op=%d",
+ 	__func__, file, line, column, def->name, val ? val : "", op);
+ 
+diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c
+index eb1ce43b7..c8c20735d 100644
+--- a/plugins/sudoers/policy.c
++++ b/plugins/sudoers/policy.c
+@@ -224,7 +224,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
+ 	if (MATCHES(*cur, "prompt=")) {
+ 	    /* Allow epmpty prompt. */
+ 	    user_prompt = *cur + sizeof("prompt=") - 1;
+-	    if (!append_default("passprompt_override", "true", true, NULL, defaults))
++	    if (!append_default("passprompt_override", NULL, true, NULL, defaults))
+ 		goto oom;
+ 	    continue;
+ 	}
+@@ -285,7 +285,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
+ 	if (MATCHES(*cur, "login_class=")) {
+ 	    CHECK(*cur, "login_class=");
+ 	    login_class = *cur + sizeof("login_class=") - 1;
+-	    if (!append_default("use_loginclass", "true", true, NULL, defaults))
++	    if (!append_default("use_loginclass", NULL, true, NULL, defaults))
+ 		goto oom;
+ 	    continue;
+ 	}

Copied: sudo/repos/testing-x86_64/sudo.install (from rev 424077, sudo/trunk/sudo.install)
===================================================================
--- testing-x86_64/sudo.install	                        (rev 0)
+++ testing-x86_64/sudo.install	2021-09-16 04:09:37 UTC (rev 424078)
@@ -0,0 +1,9 @@
+pre_upgrade() {
+  # Permissions of /var/db/sudo were changed from 0700 to 0711 in sudo 1.8.10
+  # http://www.sudo.ws/repos/sudo/rev/5c38d77a2d0c
+  if (($(vercmp $2 1.8.10-1) < 0)); then
+    chmod 0711 var/db/sudo
+  fi
+}
+
+# vim:set ts=2 sw=2 et:

Copied: sudo/repos/testing-x86_64/sudo.pam (from rev 424077, sudo/trunk/sudo.pam)
===================================================================
--- testing-x86_64/sudo.pam	                        (rev 0)
+++ testing-x86_64/sudo.pam	2021-09-16 04:09:37 UTC (rev 424078)
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		include		system-auth
+account		include		system-auth
+session		include		system-auth

Copied: sudo/repos/testing-x86_64/sudo_logsrvd.service (from rev 424077, sudo/trunk/sudo_logsrvd.service)
===================================================================
--- testing-x86_64/sudo_logsrvd.service	                        (rev 0)
+++ testing-x86_64/sudo_logsrvd.service	2021-09-16 04:09:37 UTC (rev 424078)
@@ -0,0 +1,13 @@
+[Unit]
+Description=Sudo central log server
+Documentation=man:sudo_logsrvd(8) man:sudo_logsrvd.conf(5)
+Documentation=https://www.sudo.ws/man.html
+After=syslog.target network.target auditd.service
+
+[Service]
+ExecStart=/usr/bin/sudo_logsrvd -n
+KillMode=process
+Type=exec
+
+[Install]
+WantedBy=multi-user.target

More information about the arch-commits mailing list