[arch-commits] Commit in sudo/repos (6 files)

Evangelos Foutras foutrelis at gemini.archlinux.org
Mon Sep 20 19:29:55 UTC 2021 

    Date: Monday, September 20, 2021 @ 19:29:55
  Author: foutrelis
Revision: 424406

archrelease: copy trunk to testing-x86_64

Added:
  sudo/repos/testing-x86_64/
  sudo/repos/testing-x86_64/PKGBUILD
    (from rev 424405, sudo/trunk/PKGBUILD)
  sudo/repos/testing-x86_64/fix-sudo-login-missing-NULL-terminator.patch
    (from rev 424405, sudo/trunk/fix-sudo-login-missing-NULL-terminator.patch)
  sudo/repos/testing-x86_64/sudo.install
    (from rev 424405, sudo/trunk/sudo.install)
  sudo/repos/testing-x86_64/sudo.pam
    (from rev 424405, sudo/trunk/sudo.pam)
  sudo/repos/testing-x86_64/sudo_logsrvd.service
    (from rev 424405, sudo/trunk/sudo_logsrvd.service)

----------------------------------------------+
 PKGBUILD                                     |   83 +++++++++++++++++++++++++
 fix-sudo-login-missing-NULL-terminator.patch |   24 +++++++
 sudo.install                                 |    9 ++
 sudo.pam                                     |    4 +
 sudo_logsrvd.service                         |   13 +++
 5 files changed, 133 insertions(+)

Copied: sudo/repos/testing-x86_64/PKGBUILD (from rev 424405, sudo/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2021-09-20 19:29:55 UTC (rev 424406)
@@ -0,0 +1,83 @@
+# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
+# Contributor: Allan McRae <allan at archlinux.org>
+# Contributor: Tom Newsom <Jeepster at gmx.co.uk>
+
+pkgname=sudo
+_sudover=1.9.8p1
+pkgrel=2
+pkgver=${_sudover/p/.p}
+pkgdesc="Give certain users the ability to run some commands as root"
+arch=('x86_64')
+url="https://www.sudo.ws/sudo/"
+license=('custom')
+groups=('base-devel')
+depends=('glibc' 'openssl' 'pam' 'libldap' 'zlib')
+backup=('etc/pam.d/sudo'
+        'etc/sudo.conf'
+        'etc/sudo_logsrvd.conf'
+        'etc/sudoers')
+install=$pkgname.install
+source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
+        fix-sudo-login-missing-NULL-terminator.patch
+        sudo_logsrvd.service
+        sudo.pam)
+sha256sums=('0939ee24df7095a92e0ca4aa3bd53b2a10965a7b921d51a26ab70cdd24388d69'
+            'SKIP'
+            '9b9a304d6d2b1116a5733128f7258e58243607225d829bfe53c710b7bddcfcae'
+            '8b91733b73171827c360a3e01f4692772b78e62ceca0cf0fd4b770aba35081a1'
+            'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
+validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB')
+
+prepare() {
+  cd "$srcdir/$pkgname-$_sudover"
+
+  # https://bugzilla.sudo.ws/show_bug.cgi?id=998
+  patch -Np1 -i ../fix-sudo-login-missing-NULL-terminator.patch
+}
+
+build() {
+  cd "$srcdir/$pkgname-$_sudover"
+
+  ./configure \
+    --prefix=/usr \
+    --sbindir=/usr/bin \
+    --libexecdir=/usr/lib \
+    --with-rundir=/run/sudo \
+    --with-vardir=/var/db/sudo \
+    --with-logfac=auth \
+    --enable-tmpfiles.d \
+    --with-pam \
+    --with-sssd \
+    --with-ldap \
+    --with-ldap-conf-file=/etc/openldap/ldap.conf \
+    --with-env-editor \
+    --with-passprompt="[sudo] password for %p: " \
+    --with-all-insults
+  make
+}
+
+check() {
+  cd "$srcdir/$pkgname-$_sudover"
+  make check
+}
+
+package() {
+  cd "$srcdir/$pkgname-$_sudover"
+  make DESTDIR="$pkgdir" install
+
+  # sudo_logsrvd service file (taken from sudo-logsrvd-1.9.0-1.el8.x86_64.rpm)
+  install -Dm644 -t "$pkgdir/usr/lib/systemd/system" ../sudo_logsrvd.service
+
+  # Remove sudoers.dist; not needed since pacman manages updates to sudoers
+  rm "$pkgdir/etc/sudoers.dist"
+
+  # Remove /run/sudo directory; we create it using systemd-tmpfiles
+  rmdir "$pkgdir/run/sudo"
+  rmdir "$pkgdir/run"
+
+  install -Dm644 "$srcdir/sudo.pam" "$pkgdir/etc/pam.d/sudo"
+
+  install -Dm644 doc/LICENSE "$pkgdir/usr/share/licenses/sudo/LICENSE"
+}
+
+# vim:set ts=2 sw=2 et:

Copied: sudo/repos/testing-x86_64/fix-sudo-login-missing-NULL-terminator.patch (from rev 424405, sudo/trunk/fix-sudo-login-missing-NULL-terminator.patch)
===================================================================
--- testing-x86_64/fix-sudo-login-missing-NULL-terminator.patch	                        (rev 0)
+++ testing-x86_64/fix-sudo-login-missing-NULL-terminator.patch	2021-09-20 19:29:55 UTC (rev 424406)
@@ -0,0 +1,24 @@
+From 7ab66eb3a8c35a1bef2f0b85bde231c91521d04b Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller at sudo.ws>
+Date: Sun, 19 Sep 2021 13:58:56 -0600
+Subject: [PATCH] sudo -i: missing NULL terminator when moving argv to make
+ room for --login Fixes a potential crash for "sudo -i" when the target user
+ has bash as the shell (which needs the --login option).  Bug #998.
+
+---
+ plugins/sudoers/sudoers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
+index 4fa323975..51376f970 100644
+--- a/plugins/sudoers/sudoers.c
++++ b/plugins/sudoers/sudoers.c
+@@ -725,7 +725,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
+ 	if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0 &&
+ 	    strcmp(NewArgv[1], "-c") == 0) {
+ 	    /* We allocated extra space for the --login above. */
+-	    memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * (NewArgc - 1));
++	    memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * NewArgc);
+ 	    NewArgv[1] = "--login";
+ 	    NewArgc++;
+ 	}

Copied: sudo/repos/testing-x86_64/sudo.install (from rev 424405, sudo/trunk/sudo.install)
===================================================================
--- testing-x86_64/sudo.install	                        (rev 0)
+++ testing-x86_64/sudo.install	2021-09-20 19:29:55 UTC (rev 424406)
@@ -0,0 +1,9 @@
+pre_upgrade() {
+  # Permissions of /var/db/sudo were changed from 0700 to 0711 in sudo 1.8.10
+  # http://www.sudo.ws/repos/sudo/rev/5c38d77a2d0c
+  if (($(vercmp $2 1.8.10-1) < 0)); then
+    chmod 0711 var/db/sudo
+  fi
+}
+
+# vim:set ts=2 sw=2 et:

Copied: sudo/repos/testing-x86_64/sudo.pam (from rev 424405, sudo/trunk/sudo.pam)
===================================================================
--- testing-x86_64/sudo.pam	                        (rev 0)
+++ testing-x86_64/sudo.pam	2021-09-20 19:29:55 UTC (rev 424406)
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		include		system-auth
+account		include		system-auth
+session		include		system-auth

Copied: sudo/repos/testing-x86_64/sudo_logsrvd.service (from rev 424405, sudo/trunk/sudo_logsrvd.service)
===================================================================
--- testing-x86_64/sudo_logsrvd.service	                        (rev 0)
+++ testing-x86_64/sudo_logsrvd.service	2021-09-20 19:29:55 UTC (rev 424406)
@@ -0,0 +1,13 @@
+[Unit]
+Description=Sudo central log server
+Documentation=man:sudo_logsrvd(8) man:sudo_logsrvd.conf(5)
+Documentation=https://www.sudo.ws/man.html
+After=syslog.target network.target auditd.service
+
+[Service]
+ExecStart=/usr/bin/sudo_logsrvd -n
+KillMode=process
+Type=exec
+
+[Install]
+WantedBy=multi-user.target

More information about the arch-commits mailing list