[gentoo-commits] gentoo-x86 commit in app-admin/sudo: ChangeLog sudo-1.8.12.ebuild sudo-1.8.6_p7.ebuild - gentoo-commits

From:	"Lars Wendler (polynomial-c)" <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in app-admin/sudo: ChangeLog sudo-1.8.12.ebuild sudo-1.8.6_p7.ebuild
Date:	Tue, 10 Feb 2015 08:48:41
Message-Id:	`20150210084837.F09081171A@oystercatcher.gentoo.org`

1

polynomial-c    15/02/10 08:48:37

2

3

  Modified:             ChangeLog

4

  Added:                sudo-1.8.12.ebuild

5

  Removed:              sudo-1.8.6_p7.ebuild

6

  Log:

7

  Security bump (bug #539532). Removed old

8

9

  (Portage version: 2.2.16/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)

10

11

Revision  Changes    Path

12

1.378                app-admin/sudo/ChangeLog

13

14

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.378&view=markup

15

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.378&content-type=text/plain

16

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?r1=1.377&r2=1.378

17

18

Index: ChangeLog

19

===================================================================

20

RCS file: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v

21

retrieving revision 1.377

22

retrieving revision 1.378

23

diff -u -r1.377 -r1.378

24

--- ChangeLog	2 Nov 2014 08:54:56 -0000	1.377

25

+++ ChangeLog	10 Feb 2015 08:48:37 -0000	1.378

26

@@ -1,6 +1,12 @@

27

 # ChangeLog for app-admin/sudo

28

-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2

29

-# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.377 2014/11/02 08:54:56 ago Exp $

30

+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2

31

+# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.378 2015/02/10 08:48:37 polynomial-c Exp $

32

+

33

+*sudo-1.8.12 (10 Feb 2015)

34

+

35

+  10 Feb 2015; Lars Wendler <polynomial-c@g.o> -sudo-1.8.6_p7.ebuild,

36

+  +sudo-1.8.12.ebuild:

37

+  Security bump (bug #539532). Removed old.

38

39

   02 Nov 2014; Agostino Sarubbo <ago@g.o> sudo-1.8.11_p1.ebuild:

40

   Stable for alpha, wrt bug #524752

1.1                  app-admin/sudo/sudo-1.8.12.ebuild

45

46

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.8.12.ebuild?rev=1.1&view=markup

47

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.8.12.ebuild?rev=1.1&content-type=text/plain

48

49

Index: sudo-1.8.12.ebuild

50

===================================================================

51

# Copyright 1999-2015 Gentoo Foundation

52

# Distributed under the terms of the GNU General Public License v2

53

# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.8.12.ebuild,v 1.1 2015/02/10 08:48:37 polynomial-c Exp $

54

55

EAPI=5

56

57

inherit eutils pam multilib libtool

58

59

MY_P=${P/_/}

60

MY_P=${MY_P/beta/b}

61

62

uri_prefix=

63

case ${P} in

64

*_beta*|*_rc*) uri_prefix=beta/ ;;

65

esac

66

67

DESCRIPTION="Allows users or groups to run commands as other users"

68

HOMEPAGE="http://www.sudo.ws/"

69

SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz

70

	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"

71

72

# Basic license is ISC-style as-is, some files are released under

73

# 3-clause BSD license

74

LICENSE="ISC BSD"

75

SLOT="0"

76

KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris"

77

IUSE="ldap nls pam offensive selinux skey +sendmail"

78

79

DEPEND="pam? ( virtual/pam )

80

	skey? ( >=sys-auth/skey-1.1.5-r1 )

81

	ldap? (

82

		>=net-nds/openldap-2.1.30-r1

83

		dev-libs/cyrus-sasl

84

)

85

	sys-libs/zlib"

86

RDEPEND="${DEPEND}

87

	selinux? ( sec-policy/selinux-sudo )

88

	ldap? ( dev-lang/perl )

89

	pam? ( sys-auth/pambase )

90

	>=app-misc/editor-wrapper-3

91

	virtual/editor

92

	sendmail? ( virtual/mta )"

93

DEPEND="${DEPEND}

94

	sys-devel/bison"

95

96

S=${WORKDIR}/${MY_P}

97

98

REQUIRED_USE="pam? ( !skey ) skey? ( !pam )"

99

100

MAKEOPTS+=" SAMPLES="

101

102

src_prepare() {

103

	elibtoolize

104

}

105

106

set_rootpath() {

107

	# FIXME: secure_path is a compile time setting. using ROOTPATH

108

	# is not perfect, env-update may invalidate this, but until it

109

	# is available as a sudoers setting this will have to do.

110

	einfo "Setting secure_path ..."

111

112

	# first extract the default ROOTPATH from build env

113

	ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")

114

	if [[ -z ${ROOTPATH} ]] ; then

115

		ewarn "	Failed to find ROOTPATH, please report this"

116

fi

117

118

	# then remove duplicate path entries

119

	cleanpath() {

120

		local newpath thisp IFS=:

121

		for thisp in $1 ; do

122

			if [[ :${newpath}: != *:${thisp}:* ]] ; then

123

				newpath+=:$thisp

124

			else

125

				einfo "   Duplicate entry ${thisp} removed..."

126

fi

127

		done

128

		ROOTPATH=${newpath#:}

129

}

130

	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}

131

132

	# finally, strip gcc paths #136027

133

	rmpath() {

134

		local e newpath thisp IFS=:

135

		for thisp in ${ROOTPATH} ; do

136

			for e ; do [[ $thisp == $e ]] && continue 2 ; done

137

			newpath+=:$thisp

138

		done

139

		ROOTPATH=${newpath#:}

140

}

141

	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'

142

143

	einfo "... done"

144

}

145

146

src_configure() {

147

	local ROOTPATH

148

	set_rootpath

149

150

	# audit: somebody got to explain me how I can test this before I

151

	# enable it.. - Diego

152

	# plugindir: autoconf code is crappy and does not delay evaluation

153

	# until `make` time, so we have to use a full path here rather than

154

	# basing off other values.

155

	econf \

156

		--enable-zlib=system \

157

		--with-secure-path="${ROOTPATH}" \

158

		--with-editor="${EPREFIX}"/usr/libexec/editor \

159

		--with-env-editor \

160

		$(use_with offensive insults) \

161

		$(use_with offensive all-insults) \

162

		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \

163

		$(use_with ldap) \

164

		$(use_enable nls) \

165

		$(use_with pam) \

166

		$(use_with skey) \

167

		$(use_with selinux) \

168

		$(use_with sendmail) \

169

		--without-opie \

170

		--without-linux-audit \

171

		--with-rundir="${EPREFIX}"/var/run/sudo \

172

		--with-vardir="${EPREFIX}"/var/db/sudo \

173

		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \

174

		--docdir="${EPREFIX}"/usr/share/doc/${PF}

175

}

176

177

src_install() {

178

	default

179

180

	if use ldap ; then

181

		dodoc README.LDAP doc/schema.OpenLDAP

182

		dosbin plugins/sudoers/sudoers2ldif

183

184

		cat <<-EOF > "${T}"/ldap.conf.sudo

185

		# See ldap.conf(5) and README.LDAP for details

186

		# This file should only be readable by root

187

188

		# supported directives: host, port, ssl, ldap_version

189

		# uri, binddn, bindpw, sudoers_base, sudoers_debug

190

		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key

191

EOF

192

193

		insinto /etc

194

		doins "${T}"/ldap.conf.sudo

195

		fperms 0440 /etc/ldap.conf.sudo

196

fi

197

198

	pamd_mimic system-auth sudo auth account session

199

200

	keepdir /var/db/sudo

201

	fperms 0700 /var/db/sudo

202

203

	# Don't install into /var/run as that is a tmpfs most of the time

204

	# (bug #504854)

205

	rm -rf "${D}"/var/run

206

}

207

208

pkg_postinst() {

209

	if use ldap ; then

210

		ewarn

211

		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."

212

		ewarn

213

		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then

214

			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"

215

			ewarn "configured in /etc/nsswitch.conf."

216

			ewarn

217

			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"

218

			ewarn "  sudoers: ldap files"

219

			ewarn

220

fi

221

fi

222

	if use prefix ; then

223

		ewarn

224

		ewarn "To use sudo, you need to change file ownership and permissions"

225

		ewarn "with root privileges, as follows:"

226

		ewarn

227

		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"

228

		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"

229

		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"

230

		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"

231

		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"

232

		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"

233

		ewarn

234

fi

235

236

	elog "To use the -A (askpass) option, you need to install a compatible"

237

	elog "password program from the following list. Starred packages will"

238

	elog "automatically register for the use with sudo (but will not force"

239

	elog "the -A option):"

240

	elog ""

241

	elog " [*] net-misc/ssh-askpass-fullscreen"

242

	elog "     net-misc/x11-ssh-askpass"

243

	elog ""

244

	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"

245

	elog "variable to the program you want to use."

246

}

1	polynomial-c 15/02/10 08:48:37
2
3	Modified: ChangeLog
4	Added: sudo-1.8.12.ebuild
5	Removed: sudo-1.8.6_p7.ebuild
6	Log:
7	Security bump (bug #539532). Removed old
8
9	(Portage version: 2.2.16/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)
10
11	Revision Changes Path
12	1.378 app-admin/sudo/ChangeLog
13
14	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.378&view=markup
15	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.378&content-type=text/plain
16	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?r1=1.377&r2=1.378
17
18	Index: ChangeLog
19	===================================================================
20	RCS file: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v
21	retrieving revision 1.377
22	retrieving revision 1.378
23	diff -u -r1.377 -r1.378
24	--- ChangeLog 2 Nov 2014 08:54:56 -0000 1.377
25	+++ ChangeLog 10 Feb 2015 08:48:37 -0000 1.378
26	@@ -1,6 +1,12 @@
27	# ChangeLog for app-admin/sudo
28	-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
29	-# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.377 2014/11/02 08:54:56 ago Exp $
30	+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
31	+# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.378 2015/02/10 08:48:37 polynomial-c Exp $
32	+
33	+*sudo-1.8.12 (10 Feb 2015)
34	+
35	+ 10 Feb 2015; Lars Wendler <polynomial-c@g.o> -sudo-1.8.6_p7.ebuild,
36	+ +sudo-1.8.12.ebuild:
37	+ Security bump (bug #539532). Removed old.
38
39	02 Nov 2014; Agostino Sarubbo <ago@g.o> sudo-1.8.11_p1.ebuild:
40	Stable for alpha, wrt bug #524752
41
42
43
44	1.1 app-admin/sudo/sudo-1.8.12.ebuild
45
46	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.8.12.ebuild?rev=1.1&view=markup
47	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.8.12.ebuild?rev=1.1&content-type=text/plain
48
49	Index: sudo-1.8.12.ebuild
50	===================================================================
51	# Copyright 1999-2015 Gentoo Foundation
52	# Distributed under the terms of the GNU General Public License v2
53	# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.8.12.ebuild,v 1.1 2015/02/10 08:48:37 polynomial-c Exp $
54
55	EAPI=5
56
57	inherit eutils pam multilib libtool
58
59	MY_P=${P/_/}
60	MY_P=${MY_P/beta/b}
61
62	uri_prefix=
63	case ${P} in
64	_beta\|_rc) uri_prefix=beta/ ;;
65	esac
66
67	DESCRIPTION="Allows users or groups to run commands as other users"
68	HOMEPAGE="http://www.sudo.ws/"
69	SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
70	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
71
72	# Basic license is ISC-style as-is, some files are released under
73	# 3-clause BSD license
74	LICENSE="ISC BSD"
75	SLOT="0"
76	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris"
77	IUSE="ldap nls pam offensive selinux skey +sendmail"
78
79	DEPEND="pam? ( virtual/pam )
80	skey? ( >=sys-auth/skey-1.1.5-r1 )
81	ldap? (
82	>=net-nds/openldap-2.1.30-r1
83	dev-libs/cyrus-sasl
84	)
85	sys-libs/zlib"
86	RDEPEND="${DEPEND}
87	selinux? ( sec-policy/selinux-sudo )
88	ldap? ( dev-lang/perl )
89	pam? ( sys-auth/pambase )
90	>=app-misc/editor-wrapper-3
91	virtual/editor
92	sendmail? ( virtual/mta )"
93	DEPEND="${DEPEND}
94	sys-devel/bison"
95
96	S=${WORKDIR}/${MY_P}
97
98	REQUIRED_USE="pam? ( !skey ) skey? ( !pam )"
99
100	MAKEOPTS+=" SAMPLES="
101
102	src_prepare() {
103	elibtoolize
104	}
105
106	set_rootpath() {
107	# FIXME: secure_path is a compile time setting. using ROOTPATH
108	# is not perfect, env-update may invalidate this, but until it
109	# is available as a sudoers setting this will have to do.
110	einfo "Setting secure_path ..."
111
112	# first extract the default ROOTPATH from build env
113	ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
114	if [[ -z ${ROOTPATH} ]] ; then
115	ewarn " Failed to find ROOTPATH, please report this"
116	fi
117
118	# then remove duplicate path entries
119	cleanpath() {
120	local newpath thisp IFS=:
121	for thisp in $1 ; do
122	if [[ :${newpath}: != :${thisp}: ]] ; then
123	newpath+=:$thisp
124	else
125	einfo " Duplicate entry ${thisp} removed..."
126	fi
127	done
128	ROOTPATH=${newpath#:}
129	}
130	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
131
132	# finally, strip gcc paths #136027
133	rmpath() {
134	local e newpath thisp IFS=:
135	for thisp in ${ROOTPATH} ; do
136	for e ; do [[ $thisp == $e ]] && continue 2 ; done
137	newpath+=:$thisp
138	done
139	ROOTPATH=${newpath#:}
140	}
141	rmpath '/gcc-bin/' '/gnat-gcc-bin/' '/gnat-gcc/'
142
143	einfo "... done"
144	}
145
146	src_configure() {
147	local ROOTPATH
148	set_rootpath
149
150	# audit: somebody got to explain me how I can test this before I
151	# enable it.. - Diego
152	# plugindir: autoconf code is crappy and does not delay evaluation
153	# until `make` time, so we have to use a full path here rather than
154	# basing off other values.
155	econf \
156	--enable-zlib=system \
157	--with-secure-path="${ROOTPATH}" \
158	--with-editor="${EPREFIX}"/usr/libexec/editor \
159	--with-env-editor \
160	$(use_with offensive insults) \
161	$(use_with offensive all-insults) \
162	$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
163	$(use_with ldap) \
164	$(use_enable nls) \
165	$(use_with pam) \
166	$(use_with skey) \
167	$(use_with selinux) \
168	$(use_with sendmail) \
169	--without-opie \
170	--without-linux-audit \
171	--with-rundir="${EPREFIX}"/var/run/sudo \
172	--with-vardir="${EPREFIX}"/var/db/sudo \
173	--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \
174	--docdir="${EPREFIX}"/usr/share/doc/${PF}
175	}
176
177	src_install() {
178	default
179
180	if use ldap ; then
181	dodoc README.LDAP doc/schema.OpenLDAP
182	dosbin plugins/sudoers/sudoers2ldif
183
184	cat <<-EOF > "${T}"/ldap.conf.sudo
185	# See ldap.conf(5) and README.LDAP for details
186	# This file should only be readable by root
187
188	# supported directives: host, port, ssl, ldap_version
189	# uri, binddn, bindpw, sudoers_base, sudoers_debug
190	# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key
191	EOF
192
193	insinto /etc
194	doins "${T}"/ldap.conf.sudo
195	fperms 0440 /etc/ldap.conf.sudo
196	fi
197
198	pamd_mimic system-auth sudo auth account session
199
200	keepdir /var/db/sudo
201	fperms 0700 /var/db/sudo
202
203	# Don't install into /var/run as that is a tmpfs most of the time
204	# (bug #504854)
205	rm -rf "${D}"/var/run
206	}
207
208	pkg_postinst() {
209	if use ldap ; then
210	ewarn
211	ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
212	ewarn
213	if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
214	ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
215	ewarn "configured in /etc/nsswitch.conf."
216	ewarn
217	ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
218	ewarn " sudoers: ldap files"
219	ewarn
220	fi
221	fi
222	if use prefix ; then
223	ewarn
224	ewarn "To use sudo, you need to change file ownership and permissions"
225	ewarn "with root privileges, as follows:"
226	ewarn
227	ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
228	ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
229	ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
230	ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
231	ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
232	ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
233	ewarn
234	fi
235
236	elog "To use the -A (askpass) option, you need to install a compatible"
237	elog "password program from the following list. Starred packages will"
238	elog "automatically register for the use with sudo (but will not force"
239	elog "the -A option):"
240	elog ""
241	elog " [*] net-misc/ssh-askpass-fullscreen"
242	elog " net-misc/x11-ssh-askpass"
243	elog ""
244	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
245	elog "variable to the program you want to use."
246	}

Gentoo Archives: gentoo-commits