[arch-commits] Commit in sudo/trunk (PKGBUILD disable-non-interative-auth.patch)

Evangelos Foutras foutrelis at gemini.archlinux.org
Fri Mar 4 06:25:50 UTC 2022


    Date: Friday, March 4, 2022 @ 06:25:49
  Author: foutrelis
Revision: 438832

upgpkg: sudo 1.9.10-1: new upstream release

Modified:
  sudo/trunk/PKGBUILD
Deleted:
  sudo/trunk/disable-non-interative-auth.patch

-----------------------------------+
 PKGBUILD                          |    9 --
 disable-non-interative-auth.patch |  142 ------------------------------------
 2 files changed, 3 insertions(+), 148 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2022-03-04 01:43:55 UTC (rev 438831)
+++ PKGBUILD	2022-03-04 06:25:49 UTC (rev 438832)
@@ -3,8 +3,8 @@
 # Contributor: Tom Newsom <Jeepster at gmx.co.uk>
 
 pkgname=sudo
-_sudover=1.9.9
-pkgrel=2
+_sudover=1.9.10
+pkgrel=1
 pkgver=${_sudover/p/.p}
 pkgdesc="Give certain users the ability to run some commands as root"
 arch=('x86_64')
@@ -19,18 +19,15 @@
 install=$pkgname.install
 source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
         sudo_logsrvd.service
-        disable-non-interative-auth.patch
         sudo.pam)
-sha256sums=('6d6ee863a3bc26c87661093a74ec63e10fd031ceba714642d21636dfe25e3e00'
+sha256sums=('44a1461098e7c7b8e6ac597499c24fb2e43748c0c139a8b4944e57d1349a64f4'
             'SKIP'
             '8b91733b73171827c360a3e01f4692772b78e62ceca0cf0fd4b770aba35081a1'
-            '094387d71f6866ff85ab1cccbdf685f97c02a803eb01b41c80c52918785db85c'
             'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
 validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB')
 
 prepare() {
   cd "$srcdir/$pkgname-$_sudover"
-  patch -Np1 -i ../disable-non-interative-auth.patch
 }
 
 build() {

Deleted: disable-non-interative-auth.patch
===================================================================
--- disable-non-interative-auth.patch	2022-03-04 01:43:55 UTC (rev 438831)
+++ disable-non-interative-auth.patch	2022-03-04 06:25:49 UTC (rev 438832)
@@ -1,142 +0,0 @@
-From df5f61eb240b9ae1b67faad8f143a488c5c8f206 Mon Sep 17 00:00:00 2001
-From: "Todd C. Miller" <Todd.Miller at sudo.ws>
-Date: Tue, 1 Feb 2022 20:08:26 -0700
-Subject: [PATCH] Add sudoers option to perform authentication even in
- non-interative mode. If noninteractive_auth is set, authentication methods
- that do not require input from the user's terminal may proceed.  It is off by
- default, which restores the pre-1.9.9 behavior of "sudo -n".
-
-(cherry picked from commit 85fef8b50f0847f4fce39a7fead9aae767be1dca)
----
- docs/sudoers.man.in         | 17 +++++++++++++++++
- docs/sudoers.mdoc.in        | 16 ++++++++++++++++
- plugins/sudoers/check.c     |  6 ++++++
- plugins/sudoers/def_data.c  |  4 ++++
- plugins/sudoers/def_data.h  |  2 ++
- plugins/sudoers/def_data.in |  3 +++
- plugins/sudoers/defaults.c  |  1 +
- 7 files changed, 49 insertions(+)
-
-diff --git a/docs/sudoers.man.in b/docs/sudoers.man.in
-index 67ca7cec6..f7e53cfe7 100644
---- a/docs/sudoers.man.in
-+++ b/docs/sudoers.man.in
-@@ -3214,6 +3214,23 @@ This flag is
- \fIoff\fR
- by default.
- .TP 18n
-+noninteractive_auth
-+If set, authentication will be attempted even in non-interactive mode
-+(when
-+\fBsudo\fR's
-+\fB\-n\fR
-+option is specified).
-+This allows authentication methods that don't require user interaction
-+to succeed.
-+Authentication methods that require input from the user's terminal
-+will still fail.
-+If disabled, authentication will not be attempted in non-interactive mode.
-+This flag is
-+\fIoff\fR
-+by default.
-+.sp
-+This setting is only supported by version 1.9.10 or higher.
-+.TP 18n
- pam_acct_mgmt
- On systems that use PAM for authentication,
- \fBsudo\fR
-diff --git a/docs/sudoers.mdoc.in b/docs/sudoers.mdoc.in
-index 1b9ea07cf..38b83b9af 100644
---- a/docs/sudoers.mdoc.in
-+++ b/docs/sudoers.mdoc.in
-@@ -3027,6 +3027,22 @@ section at the end of this manual.
- This flag is
- .Em off
- by default.
-+.It noninteractive_auth
-+If set, authentication will be attempted even in non-interactive mode
-+(when
-+.Nm sudo Ns 's
-+.Fl n
-+option is specified).
-+This allows authentication methods that don't require user interaction
-+to succeed.
-+Authentication methods that require input from the user's terminal
-+will still fail.
-+If disabled, authentication will not be attempted in non-interactive mode.
-+This flag is
-+.Em off
-+by default.
-+.Pp
-+This setting is only supported by version 1.9.10 or higher.
- .It pam_acct_mgmt
- On systems that use PAM for authentication,
- .Nm sudo
-diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c
-index 2ba18d27e..25a2087b0 100644
---- a/plugins/sudoers/check.c
-+++ b/plugins/sudoers/check.c
-@@ -125,6 +125,12 @@ check_user_interactive(int validated, int mode, struct getpass_closure *closure)
- 	FALLTHROUGH;
- 
-     default:
-+	if (ISSET(mode, MODE_NONINTERACTIVE) && !def_noninteractive_auth) {
-+	    validated |= FLAG_NO_USER_INPUT;
-+	    log_auth_failure(validated, 0);
-+	    goto done;
-+	}
-+
- 	/* XXX - should not lecture if askpass helper is being used. */
- 	lectured = display_lecture(closure->tstat);
- 
-diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
-index 0afddace8..2398f3c28 100644
---- a/plugins/sudoers/def_data.c
-+++ b/plugins/sudoers/def_data.c
-@@ -645,6 +645,10 @@ struct sudo_defs_types sudo_defs_table[] = {
- 	"rlimit_stack", T_RLIMIT|T_BOOL,
- 	N_("The maximum size to which the process's stack may grow (in bytes): %s"),
- 	NULL,
-+    }, {
-+	"noninteractive_auth", T_FLAG,
-+	N_("Attempt authentication even when in non-interactive mode"),
-+	NULL,
-     }, {
- 	NULL, 0, NULL
-     }
-diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
-index 25bf3a71d..ae9182921 100644
---- a/plugins/sudoers/def_data.h
-+++ b/plugins/sudoers/def_data.h
-@@ -300,6 +300,8 @@
- #define def_rlimit_rss          (sudo_defs_table[I_RLIMIT_RSS].sd_un.str)
- #define I_RLIMIT_STACK          149
- #define def_rlimit_stack        (sudo_defs_table[I_RLIMIT_STACK].sd_un.str)
-+#define I_NONINTERACTIVE_AUTH   150
-+#define def_noninteractive_auth (sudo_defs_table[I_NONINTERACTIVE_AUTH].sd_un.flag)
- 
- enum def_tuple {
-     never,
-diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
-index 8309779f7..03ed95607 100644
---- a/plugins/sudoers/def_data.in
-+++ b/plugins/sudoers/def_data.in
-@@ -466,3 +466,6 @@ rlimit_rss
- rlimit_stack
- 	T_RLIMIT|T_BOOL
- 	"The maximum size to which the process's stack may grow (in bytes): %s"
-+noninteractive_auth
-+	T_FLAG
-+	"Attempt authentication even when in non-interactive mode"
-diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c
-index b7979f37e..53c2dc2a9 100644
---- a/plugins/sudoers/defaults.c
-+++ b/plugins/sudoers/defaults.c
-@@ -571,6 +571,7 @@ init_defaults(void)
-     def_log_denied = true;
-     def_log_format = sudo;
-     def_runas_allow_unknown_id = false;
-+    def_noninteractive_auth = false;
- 
-     /* Syslog options need special care since they both strings and ints */
- #if (LOGGING & SLOG_SYSLOG)



More information about the arch-commits mailing list