From 9b190d811bf83abd87d667c49ceb73beabdd8b90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Fri, 15 Jan 2021 20:12:33 -0300 Subject: [PATCH] sudo: update to 1.9.5p1, set permissions during do_install. - fixes a bunch of CVEs. - the chmod 4111 in INSTALL changed sudo from 4755 to 4111. It was always suid, it just stopped being world readable for some reason (with a window of time where it could still be read, since INSTALL isn't run immediately after unpacking). Furthermore, chmod'ing sudoedit doesn't change anything in the final package, since it's a symlink to sudo. - clean up outdated patches. --- srcpkgs/sudo/INSTALL | 1 - ...en-configured-using-without-sendmail.patch | 48 ------------------- srcpkgs/sudo/patches/fix-musl-test.patch | 15 ------ srcpkgs/sudo/patches/musl.patch | 13 ----- srcpkgs/sudo/template | 4 +- 5 files changed, 2 insertions(+), 79 deletions(-) delete mode 100644 srcpkgs/sudo/patches/0001-Fix-build-when-configured-using-without-sendmail.patch delete mode 100644 srcpkgs/sudo/patches/fix-musl-test.patch delete mode 100644 srcpkgs/sudo/patches/musl.patch diff --git a/srcpkgs/sudo/INSTALL b/srcpkgs/sudo/INSTALL index d7162122f5c..6150aed7d14 100644 --- a/srcpkgs/sudo/INSTALL +++ b/srcpkgs/sudo/INSTALL @@ -7,7 +7,6 @@ post) echo "Setting up permissions to /etc/sudoers..." chmod 0440 etc/sudoers fi - chmod 4111 usr/bin/sudo usr/bin/sudoedit [ ! -d etc/sudoers.d ] && install -d etc/sudoers.d [ ! -d var/db/sudo ] && install -dm750 var/db/sudo ;; diff --git a/srcpkgs/sudo/patches/0001-Fix-build-when-configured-using-without-sendmail.patch b/srcpkgs/sudo/patches/0001-Fix-build-when-configured-using-without-sendmail.patch deleted file mode 100644 index bcc80136b31..00000000000 --- a/srcpkgs/sudo/patches/0001-Fix-build-when-configured-using-without-sendmail.patch +++ /dev/null @@ -1,48 +0,0 @@ -From e22817e3abfee6fee779ab0b2d312d48323abb56 Mon Sep 17 00:00:00 2001 -From: "Todd C. Miller" -Date: Mon, 30 Nov 2020 13:18:12 -0700 -Subject: [PATCH] Fix build when configured using --without-sendmail Bug #947 - ---- - lib/eventlog/eventlog.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git lib/eventlog/eventlog.c lib/eventlog/eventlog.c -index 8b190b7ce..ae97fdea9 100644 ---- lib/eventlog/eventlog.c -+++ lib/eventlog/eventlog.c -@@ -78,7 +78,7 @@ - static FILE *eventlog_stub_open_log(int type, const char *logfile); - static void eventlog_stub_close_log(int type, FILE *fp); - --/* Eventlog config settings */ -+/* Eventlog config settings (default values). */ - static struct eventlog_config evl_conf = { - EVLOG_NONE, /* type */ - EVLOG_SUDO, /* format */ -@@ -91,7 +91,11 @@ static struct eventlog_config evl_conf = { - false, /* omit_hostname */ - _PATH_SUDO_LOGFILE, /* logpath */ - "%h %e %T", /* time_fmt */ -+#ifdef _PATH_SUDO_SENDMAIL - _PATH_SUDO_SENDMAIL, /* mailerpath */ -+#else -+ NULL, /* mailerpath (disabled) */ -+#endif - "-t", /* mailerflags */ - NULL, /* mailfrom */ - MAILTO, /* mailto */ -@@ -1436,8 +1440,10 @@ eventlog_setconf(struct eventlog_config *conf) - evl_conf.logpath = _PATH_SUDO_LOGFILE; - if (evl_conf.time_fmt == NULL) - evl_conf.time_fmt = "%h %e %T"; -+#ifdef _PATH_SUDO_SENDMAIL - if (evl_conf.mailerpath == NULL) - evl_conf.mailerpath = _PATH_SUDO_SENDMAIL; -+#endif - if (evl_conf.mailerflags == NULL) - evl_conf.mailerflags = "-t"; - if (evl_conf.mailto == NULL) --- -2.29.2 - diff --git a/srcpkgs/sudo/patches/fix-musl-test.patch b/srcpkgs/sudo/patches/fix-musl-test.patch deleted file mode 100644 index cfd14e21134..00000000000 --- a/srcpkgs/sudo/patches/fix-musl-test.patch +++ /dev/null @@ -1,15 +0,0 @@ -sys/stat.h is required for mode_t - -Fixes -error: unknown type name 'mode_t' - ---- plugins/sudoers/regress/env_match/check_env_pattern.c -+++ plugins/sudoers/regress/env_match/check_env_pattern.c -@@ -17,6 +17,7 @@ - #include - - #include -+#include - #include - #ifdef HAVE_STRING_H - # include diff --git a/srcpkgs/sudo/patches/musl.patch b/srcpkgs/sudo/patches/musl.patch deleted file mode 100644 index c48d84522e6..00000000000 --- a/srcpkgs/sudo/patches/musl.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- include/sudo_util.h.orig 2015-07-17 07:49:35.184634311 +0200 -+++ include/sudo_util.h 2015-07-17 07:50:05.018046508 +0200 -@@ -23,6 +23,10 @@ - # include "compat/stdbool.h" - #endif /* HAVE_STDBOOL_H */ - -+#ifdef HAVE_SYS_TYPES_H -+# include /* id_t */ -+#endif -+ - /* - * Macros for operating on struct timeval. - */ diff --git a/srcpkgs/sudo/template b/srcpkgs/sudo/template index d1286b8727b..54b3a5a2f65 100644 --- a/srcpkgs/sudo/template +++ b/srcpkgs/sudo/template @@ -1,6 +1,6 @@ # Template file for 'sudo' pkgname=sudo -version=1.9.4 +version=1.9.5p1 revision=1 build_style=gnu-configure configure_args="--with-ignore-dot --with-insults=disabled --with-all-insults --with-env-editor @@ -15,7 +15,7 @@ license="ISC" homepage="https://www.sudo.ws/" changelog="https://www.sudo.ws/repos/sudo/raw-file/tip/NEWS" distfiles="https://www.sudo.ws/dist/sudo-${version}.tar.gz" -checksum=8b91bd2cc73af18a06a01406e38d154b837107be759f72e89cefeaa94e1103f0 +checksum=4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882 conf_files="/etc/pam.d/sudo /etc/sudoers" lib32disabled=yes