1 |
commit: 3ee41e51ea61830f476902cec874a01cb70d384e |
2 |
Author: David Seifert <soap <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat May 15 22:14:35 2021 +0000 |
4 |
Commit: David Seifert <soap <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat May 15 22:14:35 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ee41e51 |
7 |
|
8 |
app-admin/sudo: drop 1.9.5_p2-r1 |
9 |
|
10 |
Signed-off-by: David Seifert <soap <AT> gentoo.org> |
11 |
|
12 |
app-admin/sudo/Manifest | 1 - |
13 |
.../files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch | 51 ---- |
14 |
app-admin/sudo/sudo-1.9.5_p2-r1.ebuild | 264 --------------------- |
15 |
3 files changed, 316 deletions(-) |
16 |
|
17 |
diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest |
18 |
index ed865c663ca..78817b15d37 100644 |
19 |
--- a/app-admin/sudo/Manifest |
20 |
+++ b/app-admin/sudo/Manifest |
21 |
@@ -1,3 +1,2 @@ |
22 |
-DIST sudo-1.9.5p2.tar.gz 4012277 BLAKE2B 41913887463e4f775564af8d614fb5ed762200aa777dc789ec333842d4f432323474fc952a531fe929b33607cdfbcd18d7fe7470a15d67139deaf855841ed11f SHA512 f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27 |
23 |
DIST sudo-1.9.6p1.tar.gz 4119888 BLAKE2B 02bdb551c46cff11ac56e64937c64e6a29ccd8e0af34ea2f6b33c223bee8f7ad958d0fc3d7ef8ef12bf5bc82565769b923ff112a3f3d6bf6999fa4f6ea55e38e SHA512 632dfe72f04ce9a7a5a7236fcd5c09ce4535e695ced49d24dd848e3a7b1bea7380df44188b9e475af4271069539b5a5816948a98fbb0649ebebaba8b4c4b7745 |
24 |
DIST sudo-1.9.7.tar.gz 4194242 BLAKE2B 5addf9fc0a8fea8ada89f240f827dcec973277f120ad98f7942f8e46e2869c676eaca044b9c46e43dab120efea3413c71e19c30ef5b0d9cc4d9ad8f0413dbffe SHA512 53e9f18f6c0acd4f80c0cd695cd23781310e9edd305d1b3ea19653efa3fd7faba149daef0ba4953615b140a8816bc980c9bd8d28545dd8db98075abf11b63e61 |
25 |
|
26 |
diff --git a/app-admin/sudo/files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch b/app-admin/sudo/files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch |
27 |
deleted file mode 100644 |
28 |
index 7cae441cbcf..00000000000 |
29 |
--- a/app-admin/sudo/files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch |
30 |
+++ /dev/null |
31 |
@@ -1,51 +0,0 @@ |
32 |
- |
33 |
-# HG changeset patch |
34 |
-# User Todd C. Miller <Todd.Miller@××××.ws> |
35 |
-# Date 1611924154 25200 |
36 |
-# Node ID e0d4f196ba027604154f79ddd03a0b90f90c9607 |
37 |
-# Parent cd1c7615e861083e9e9b61d0e0070354e227ea5c |
38 |
-Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4. |
39 |
-init_eventlog_config() is called immediately after initializing the |
40 |
-Defaults settings, which is before struct sudo_user is setup. This |
41 |
-adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined |
42 |
-after the invoking user is determined. Reported by Roman Fiedler. |
43 |
- |
44 |
-diff -r cd1c7615e861 -r e0d4f196ba02 plugins/sudoers/logging.c |
45 |
---- a/plugins/sudoers/logging.c Tue Dec 08 12:35:21 2020 -0700 |
46 |
-+++ b/plugins/sudoers/logging.c Fri Jan 29 05:42:34 2021 -0700 |
47 |
-@@ -786,11 +786,6 @@ |
48 |
- init_eventlog_config(void) |
49 |
- { |
50 |
- int logtype = 0; |
51 |
--#ifdef NO_ROOT_MAILER |
52 |
-- uid_t mailuid = user_uid; |
53 |
--#else |
54 |
-- uid_t mailuid = ROOT_UID; |
55 |
--#endif |
56 |
- debug_decl(init_eventlog_config, SUDOERS_DEBUG_LOGGING); |
57 |
- |
58 |
- if (def_syslog) |
59 |
-@@ -805,7 +800,7 @@ |
60 |
- eventlog_set_syslog_alertpri(def_syslog_badpri); |
61 |
- eventlog_set_syslog_maxlen(def_syslog_maxlen); |
62 |
- eventlog_set_file_maxlen(def_loglinelen); |
63 |
-- eventlog_set_mailuid(mailuid); |
64 |
-+ eventlog_set_mailuid(ROOT_UID); |
65 |
- eventlog_set_omit_hostname(!def_log_host); |
66 |
- eventlog_set_logpath(def_logfile); |
67 |
- eventlog_set_time_fmt(def_log_year ? "%h %e %T %Y" : "%h %e %T"); |
68 |
-diff -r cd1c7615e861 -r e0d4f196ba02 plugins/sudoers/policy.c |
69 |
---- a/plugins/sudoers/policy.c Tue Dec 08 12:35:21 2020 -0700 |
70 |
-+++ b/plugins/sudoers/policy.c Fri Jan 29 05:42:34 2021 -0700 |
71 |
-@@ -518,6 +518,10 @@ |
72 |
- /* Some systems support fexecve() which we use for digest matches. */ |
73 |
- cmnd_fd = -1; |
74 |
- |
75 |
-+#ifdef NO_ROOT_MAILER |
76 |
-+ eventlog_set_mailuid(user_uid); |
77 |
-+#endif |
78 |
-+ |
79 |
- /* Dump settings and user info (XXX - plugin args) */ |
80 |
- for (cur = info->settings; *cur != NULL; cur++) |
81 |
- sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); |
82 |
- |
83 |
|
84 |
diff --git a/app-admin/sudo/sudo-1.9.5_p2-r1.ebuild b/app-admin/sudo/sudo-1.9.5_p2-r1.ebuild |
85 |
deleted file mode 100644 |
86 |
index 8a80098cbc6..00000000000 |
87 |
--- a/app-admin/sudo/sudo-1.9.5_p2-r1.ebuild |
88 |
+++ /dev/null |
89 |
@@ -1,264 +0,0 @@ |
90 |
-# Copyright 1999-2021 Gentoo Authors |
91 |
-# Distributed under the terms of the GNU General Public License v2 |
92 |
- |
93 |
-EAPI=7 |
94 |
- |
95 |
-inherit pam multilib libtool systemd tmpfiles toolchain-funcs |
96 |
- |
97 |
-MY_P="${P/_/}" |
98 |
-MY_P="${MY_P/beta/b}" |
99 |
- |
100 |
-DESCRIPTION="Allows users or groups to run commands as other users" |
101 |
-HOMEPAGE="https://www.sudo.ws/" |
102 |
-if [[ ${PV} == "9999" ]] ; then |
103 |
- inherit mercurial |
104 |
- EHG_REPO_URI="https://www.sudo.ws/repos/sudo" |
105 |
-else |
106 |
- uri_prefix= |
107 |
- case ${P} in |
108 |
- *_beta*|*_rc*) uri_prefix=beta/ ;; |
109 |
- esac |
110 |
- |
111 |
- SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz |
112 |
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" |
113 |
- if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then |
114 |
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~sparc-solaris" |
115 |
- fi |
116 |
-fi |
117 |
- |
118 |
-# Basic license is ISC-style as-is, some files are released under |
119 |
-# 3-clause BSD license |
120 |
-LICENSE="ISC BSD" |
121 |
-SLOT="0" |
122 |
-IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd" |
123 |
- |
124 |
-DEPEND=" |
125 |
- sys-libs/zlib:= |
126 |
- gcrypt? ( dev-libs/libgcrypt:= ) |
127 |
- ldap? ( |
128 |
- >=net-nds/openldap-2.1.30-r1 |
129 |
- sasl? ( |
130 |
- dev-libs/cyrus-sasl |
131 |
- net-nds/openldap[sasl] |
132 |
- ) |
133 |
- ) |
134 |
- pam? ( sys-libs/pam ) |
135 |
- sasl? ( dev-libs/cyrus-sasl ) |
136 |
- skey? ( >=sys-auth/skey-1.1.5-r1 ) |
137 |
- ssl? ( dev-libs/openssl:0= ) |
138 |
- sssd? ( sys-auth/sssd[sudo] ) |
139 |
-" |
140 |
-RDEPEND=" |
141 |
- ${DEPEND} |
142 |
- >=app-misc/editor-wrapper-3 |
143 |
- virtual/editor |
144 |
- ldap? ( dev-lang/perl ) |
145 |
- pam? ( sys-auth/pambase ) |
146 |
- selinux? ( sec-policy/selinux-sudo ) |
147 |
- sendmail? ( virtual/mta ) |
148 |
-" |
149 |
-BDEPEND=" |
150 |
- sys-devel/bison |
151 |
- virtual/pkgconfig |
152 |
-" |
153 |
- |
154 |
-S="${WORKDIR}/${MY_P}" |
155 |
- |
156 |
-REQUIRED_USE=" |
157 |
- ?? ( pam skey ) |
158 |
- ?? ( gcrypt ssl ) |
159 |
-" |
160 |
- |
161 |
-MAKEOPTS+=" SAMPLES=" |
162 |
- |
163 |
-PATCHES=( |
164 |
- "${FILESDIR}/${P}-NO_ROOT_MAILER_fix.patch" #767946 |
165 |
-) |
166 |
- |
167 |
-src_prepare() { |
168 |
- default |
169 |
- elibtoolize |
170 |
-} |
171 |
- |
172 |
-set_secure_path() { |
173 |
- # FIXME: secure_path is a compile time setting. using PATH or |
174 |
- # ROOTPATH is not perfect, env-update may invalidate this, but until it |
175 |
- # is available as a sudoers setting this will have to do. |
176 |
- einfo "Setting secure_path ..." |
177 |
- |
178 |
- # first extract the default ROOTPATH from build env |
179 |
- SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; |
180 |
- echo "${ROOTPATH}") |
181 |
- case "${SECURE_PATH}" in |
182 |
- */usr/sbin*) ;; |
183 |
- *) SECURE_PATH=$(unset PATH; |
184 |
- . "${EPREFIX}"/etc/profile.env; echo "${PATH}") |
185 |
- ;; |
186 |
- esac |
187 |
- if [[ -z ${SECURE_PATH} ]] ; then |
188 |
- ewarn " Failed to detect SECURE_PATH, please report this" |
189 |
- fi |
190 |
- |
191 |
- # then remove duplicate path entries |
192 |
- cleanpath() { |
193 |
- local newpath thisp IFS=: |
194 |
- for thisp in $1 ; do |
195 |
- if [[ :${newpath}: != *:${thisp}:* ]] ; then |
196 |
- newpath+=:${thisp} |
197 |
- else |
198 |
- einfo " Duplicate entry ${thisp} removed..." |
199 |
- fi |
200 |
- done |
201 |
- SECURE_PATH=${newpath#:} |
202 |
- } |
203 |
- cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}} |
204 |
- |
205 |
- # finally, strip gcc paths #136027 |
206 |
- rmpath() { |
207 |
- local e newpath thisp IFS=: |
208 |
- for thisp in ${SECURE_PATH} ; do |
209 |
- for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done |
210 |
- newpath+=:${thisp} |
211 |
- done |
212 |
- SECURE_PATH=${newpath#:} |
213 |
- } |
214 |
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' |
215 |
- |
216 |
- einfo "... done" |
217 |
-} |
218 |
- |
219 |
-src_configure() { |
220 |
- local SECURE_PATH |
221 |
- set_secure_path |
222 |
- tc-export PKG_CONFIG #767712 |
223 |
- |
224 |
- # audit: somebody got to explain me how I can test this before I |
225 |
- # enable it.. - Diego |
226 |
- # plugindir: autoconf code is crappy and does not delay evaluation |
227 |
- # until `make` time, so we have to use a full path here rather than |
228 |
- # basing off other values. |
229 |
- myeconfargs=( |
230 |
- # requires some python eclass |
231 |
- --disable-python |
232 |
- --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d |
233 |
- --enable-zlib=system |
234 |
- --with-editor="${EPREFIX}"/usr/libexec/editor |
235 |
- --with-env-editor |
236 |
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo |
237 |
- --with-rundir="${EPREFIX}"/run/sudo |
238 |
- --with-vardir="${EPREFIX}"/var/db/sudo |
239 |
- --without-linux-audit |
240 |
- --without-opie |
241 |
- $(use_enable gcrypt) |
242 |
- $(use_enable nls) |
243 |
- $(use_enable sasl) |
244 |
- $(use_enable ssl openssl) |
245 |
- $(use_with ldap) |
246 |
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) |
247 |
- $(use_with offensive insults) |
248 |
- $(use_with offensive all-insults) |
249 |
- $(use_with pam) |
250 |
- $(use_with pam pam-login) |
251 |
- $(use_with secure-path secure-path "${SECURE_PATH}") |
252 |
- $(use_with selinux) |
253 |
- $(use_with sendmail) |
254 |
- $(use_with skey) |
255 |
- $(use_with sssd) |
256 |
- ) |
257 |
- |
258 |
- econf "${myeconfargs[@]}" |
259 |
-} |
260 |
- |
261 |
-src_install() { |
262 |
- default |
263 |
- |
264 |
- if use ldap ; then |
265 |
- dodoc README.LDAP |
266 |
- |
267 |
- cat <<-EOF > "${T}"/ldap.conf.sudo |
268 |
- # See ldap.conf(5) and README.LDAP for details |
269 |
- # This file should only be readable by root |
270 |
- |
271 |
- # supported directives: host, port, ssl, ldap_version |
272 |
- # uri, binddn, bindpw, sudoers_base, sudoers_debug |
273 |
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key} |
274 |
- EOF |
275 |
- |
276 |
- if use sasl ; then |
277 |
- cat <<-EOF >> "${T}"/ldap.conf.sudo |
278 |
- |
279 |
- # SASL directives: use_sasl, sasl_mech, sasl_auth_id |
280 |
- # sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname |
281 |
- EOF |
282 |
- fi |
283 |
- |
284 |
- insinto /etc |
285 |
- doins "${T}"/ldap.conf.sudo |
286 |
- fperms 0440 /etc/ldap.conf.sudo |
287 |
- |
288 |
- insinto /etc/openldap/schema |
289 |
- newins doc/schema.OpenLDAP sudo.schema |
290 |
- fi |
291 |
- if use pam; then |
292 |
- pamd_mimic system-auth sudo auth account session |
293 |
- pamd_mimic system-auth sudo-i auth account session |
294 |
- fi |
295 |
- |
296 |
- keepdir /var/db/sudo/lectured |
297 |
- fperms 0700 /var/db/sudo/lectured |
298 |
- fperms 0711 /var/db/sudo #652958 |
299 |
- |
300 |
- # Don't install into /run as that is a tmpfs most of the time |
301 |
- # (bug #504854) |
302 |
- rm -rf "${ED}"/run || die |
303 |
- |
304 |
- find "${ED}" -type f -name "*.la" -delete || die #697812 |
305 |
-} |
306 |
- |
307 |
-pkg_postinst() { |
308 |
- tmpfiles_process sudo.conf |
309 |
- |
310 |
- #652958 |
311 |
- local sudo_db="${EROOT}/var/db/sudo" |
312 |
- if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then |
313 |
- chmod 711 "${sudo_db}" || die |
314 |
- fi |
315 |
- |
316 |
- if use ldap ; then |
317 |
- ewarn |
318 |
- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." |
319 |
- ewarn |
320 |
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then |
321 |
- ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" |
322 |
- ewarn "configured in /etc/nsswitch.conf." |
323 |
- ewarn |
324 |
- ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" |
325 |
- ewarn " sudoers: ldap files" |
326 |
- ewarn |
327 |
- fi |
328 |
- fi |
329 |
- if use prefix ; then |
330 |
- ewarn |
331 |
- ewarn "To use sudo, you need to change file ownership and permissions" |
332 |
- ewarn "with root privileges, as follows:" |
333 |
- ewarn |
334 |
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" |
335 |
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" |
336 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers" |
337 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" |
338 |
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo" |
339 |
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" |
340 |
- ewarn |
341 |
- fi |
342 |
- |
343 |
- elog "To use the -A (askpass) option, you need to install a compatible" |
344 |
- elog "password program from the following list. Starred packages will" |
345 |
- elog "automatically register for the use with sudo (but will not force" |
346 |
- elog "the -A option):" |
347 |
- elog "" |
348 |
- elog " [*] net-misc/ssh-askpass-fullscreen" |
349 |
- elog " net-misc/x11-ssh-askpass" |
350 |
- elog "" |
351 |
- elog "You can override the choice by setting the SUDO_ASKPASS environmnent" |
352 |
- elog "variable to the program you want to use." |
353 |
-} |