[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/files/, app-admin/sudo/

Sam James Mon, 28 Oct 2024 19:46:03 -0700

commit:     13f11b1b10bc995b910fd1538ce1e5c41ac69c7a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 29 02:31:59 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct 29 02:31:59 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13f11b1b


app-admin/sudo: add 1.9.16

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-admin/sudo/Manifest                            |  2 +
 .../sudo-1.9.16-allow-disabling-secure-path.patch  | 54 ++++++++++++++++++++++
 .../sudo/{sudo-9999.ebuild => sudo-1.9.16.ebuild}  | 13 ++++--
 app-admin/sudo/sudo-9999.ebuild                    | 13 ++++--
 4 files changed, 76 insertions(+), 6 deletions(-)

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 90f9f2b10c40..f24674d78d62 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1,2 +1,4 @@
 DIST sudo-1.9.15p5.tar.gz 5306611 BLAKE2B 
73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720
 SHA512 
ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a
 DIST sudo-1.9.15p5.tar.gz.sig 566 BLAKE2B 
ddd8fed1b3721aafdb32b762834168063c3f0f003ef5d83f1883615320da6fe89b08d72c8e893c8b2bf9fd892a40e47cc77d72672e43b5a24db50e7194d9bc4c
 SHA512 
97480a3d27b546a93e997c3a1e8169904a7625ab8fa6198d0b7e1d2d040f55b2d58462cd08e5cc97c2f1c817b12343e35cdd7db207aee42785f2b95b17c600b0
+DIST sudo-1.9.16.tar.gz 5392026 BLAKE2B 
19daa789af3ca2c4832950f0dd6f26a97285fdc155f0d7c18ec1f1accafce9b86f2f5730d3bb0b8e7717c0c55f4079928e03acb3974cb2652c58d4bcb2f74a12
 SHA512 
1b0254eb5b75422bffd31a2ae8c56cb4e8e2ecc08e2fa687eddb638d4f2de2585fa7621c868c03423e9d636bfb5679a3758d504155dbdfd3eebfbdcbd8b58f7c
+DIST sudo-1.9.16.tar.gz.sig 566 BLAKE2B 
9eb9fd2db0de5b9ce965c2109a9722e0b5f0793b7c9003123b1540d7cb5b8178043221296fd51c7f0b24ce1b1cda9f196a6d50083da172ca2afcb8f130d8eae1
 SHA512 
edf066f9ffdf2653468f8b45866a65214f0dff0164318d5f6bd9252f6211e82522161b1b9621798fbc9112253e6940d7137d18e8b42e8c6e5ba52ccac64d99cf

diff --git a/app-admin/sudo/files/sudo-1.9.16-allow-disabling-secure-path.patch 
b/app-admin/sudo/files/sudo-1.9.16-allow-disabling-secure-path.patch
new file mode 100644
index 000000000000..8fda41a2b73f
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.9.16-allow-disabling-secure-path.patch
@@ -0,0 +1,54 @@
+https://github.com/sudo-project/sudo/commit/131e7e2de02ab53cfefefe93978d7fee4cb8142d
+
+From 131e7e2de02ab53cfefefe93978d7fee4cb8142d Mon Sep 17 00:00:00 2001
+From: Andy Fiddaman <[email protected]>
+Date: Tue, 17 Sep 2024 12:49:13 +0000
+Subject: [PATCH] Allow --secure-path-value=no
+
+This adds support for --with-secure-path-value=no to allow packagers
+to ship the sudoers configuration file with the secure path
+line commented out if required.
+--- a/configure.ac
++++ b/configure.ac
+@@ -177,6 +177,7 @@ AC_SUBST([sssd_lib])
+ AC_SUBST([nsswitch_conf])
+ AC_SUBST([netsvc_conf])
+ AC_SUBST([secure_path])
++AC_SUBST([secure_path_config])
+ AC_SUBST([secure_path_status])
+ AC_SUBST([editor])
+ AC_SUBST([pam_session])
+@@ -230,6 +231,7 @@ sesh_file="$libexecdir/sudo/sesh"
+ visudo="$sbindir/visudo"
+ nsswitch_conf=/etc/nsswitch.conf
+ secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
++secure_path_config=
+ secure_path_status="disabled"
+ pam_session=on
+ pam_login_service=sudo
+@@ -1068,9 +1070,11 @@ AC_ARG_WITH(ldap-secret-file, 
[AS_HELP_STRING([--with-ldap-secret-file], [path t
+ test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
+ SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the 
ldap.secret file])
+ 
+-AC_ARG_WITH(secure-path-value, [AS_HELP_STRING([--with-secure-path-value], 
[value of secure_path in the default sudoers file])],
++AC_ARG_WITH(secure-path-value, [AS_HELP_STRING([--with-secure-path-value], 
[value of secure_path in the default sudoers file, or "no" to comment out by 
default])],
+ [case $with_secure_path_value in
+-    yes|no)   AC_MSG_ERROR([must give --secure-path-value an argument.])
++    yes)      AC_MSG_ERROR([must give --with-secure-path-value an argument.])
++              ;;
++    no)               secure_path_config="# "
+               ;;
+     *)                secure_path="$with_secure_path_value"
+               ;;
+--- a/plugins/sudoers/sudoers.in
++++ b/plugins/sudoers/sudoers.in
+@@ -48,7 +48,7 @@ Defaults!@visudo@ env_keep += "SUDO_EDITOR EDITOR VISUAL"
+ ## Use a hard-coded PATH instead of the user's to find commands.
+ ## This also helps prevent poorly written scripts from running
+ ## artbitrary commands under sudo.
+-Defaults secure_path="@secure_path@"
++@secure_path_config@Defaults secure_path="@secure_path@"
+ ##
+ ## You may wish to keep some of the following environment variables
+ ## when running commands via sudo.
+

diff --git a/app-admin/sudo/sudo-9999.ebuild b/app-admin/sudo/sudo-1.9.16.ebuild
similarity index 95%
copy from app-admin/sudo/sudo-9999.ebuild
copy to app-admin/sudo/sudo-1.9.16.ebuild
index d020a1a1f339..868cb8e860d0 100644
--- a/app-admin/sudo/sudo-9999.ebuild
+++ b/app-admin/sudo/sudo-1.9.16.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=8
 
-inherit pam libtool tmpfiles toolchain-funcs
+inherit autotools pam libtool tmpfiles toolchain-funcs
 
 MY_P="${P/_/}"
 MY_P="${MY_P/beta/b}"
@@ -86,10 +86,16 @@ REQUIRED_USE="
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+       "${FILESDIR}"/${PN}-1.9.16-allow-disabling-secure-path.patch
+)
+
 src_prepare() {
        default
 
-       elibtoolize
+       # eautoreconf temporarily for allow-disabling-secure-path patch
+       # in 1.9.16; revert to elibtoolize once that is gone.
+       eautoreconf
 }
 
 set_secure_path() {
@@ -178,7 +184,8 @@ src_configure() {
                $(use_with offensive all-insults)
                $(use_with pam)
                $(use_with pam pam-login)
-               $(use_with secure-path secure-path "${SECURE_PATH}")
+               $(use_with secure-path)
+               --with-secure-path-value="${SECURE_PATH}"
                $(use_with selinux)
                $(use_with sendmail)
                $(use_with skey)

diff --git a/app-admin/sudo/sudo-9999.ebuild b/app-admin/sudo/sudo-9999.ebuild
index d020a1a1f339..868cb8e860d0 100644
--- a/app-admin/sudo/sudo-9999.ebuild
+++ b/app-admin/sudo/sudo-9999.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=8
 
-inherit pam libtool tmpfiles toolchain-funcs
+inherit autotools pam libtool tmpfiles toolchain-funcs
 
 MY_P="${P/_/}"
 MY_P="${MY_P/beta/b}"
@@ -86,10 +86,16 @@ REQUIRED_USE="
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+       "${FILESDIR}"/${PN}-1.9.16-allow-disabling-secure-path.patch
+)
+
 src_prepare() {
        default
 
-       elibtoolize
+       # eautoreconf temporarily for allow-disabling-secure-path patch
+       # in 1.9.16; revert to elibtoolize once that is gone.
+       eautoreconf
 }
 
 set_secure_path() {
@@ -178,7 +184,8 @@ src_configure() {
                $(use_with offensive all-insults)
                $(use_with pam)
                $(use_with pam pam-login)
-               $(use_with secure-path secure-path "${SECURE_PATH}")
+               $(use_with secure-path)
+               --with-secure-path-value="${SECURE_PATH}"
                $(use_with selinux)
                $(use_with sendmail)
                $(use_with skey)

[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/files/, app-admin/sudo/

Reply via email to