[PR PATCH] sudo: update to 1.9.5p1, set permissions during do_install.

[PR PATCH] sudo: update to 1.9.5p1, set permissions during do_install.

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 752 bytes --]

There is a new pull request by ericonr against master on the void-packages repository

https://github.com/ericonr/void-packages sudo
https://github.com/void-linux/void-packages/pull/27959

sudo: update to 1.9.5p1, set permissions during do_install.
- fixes a bunch of CVEs.

- the chmod 4111 in INSTALL changed sudo from 4755 to 4111. It was
always suid, it just stopped being world readable for some reason (with
a window of time where it could still be read, since INSTALL isn't run
immediately after unpacking). Furthermore, chmod'ing sudoedit doesn't
change anything in the final package, since it's a symlink to sudo.

- clean up outdated patches.

A patch file from https://github.com/void-linux/void-packages/pull/27959.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sudo-27959.patch --]
[-- Type: text/x-diff, Size: 5545 bytes --]

From 9b190d811bf83abd87d667c49ceb73beabdd8b90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Fri, 15 Jan 2021 20:12:33 -0300
Subject: [PATCH] sudo: update to 1.9.5p1, set permissions during do_install.

- fixes a bunch of CVEs.

- the chmod 4111 in INSTALL changed sudo from 4755 to 4111. It was
always suid, it just stopped being world readable for some reason (with
a window of time where it could still be read, since INSTALL isn't run
immediately after unpacking). Furthermore, chmod'ing sudoedit doesn't
change anything in the final package, since it's a symlink to sudo.

- clean up outdated patches.
---
 srcpkgs/sudo/INSTALL                          |  1 -
 ...en-configured-using-without-sendmail.patch | 48 -------------------
 srcpkgs/sudo/patches/fix-musl-test.patch      | 15 ------
 srcpkgs/sudo/patches/musl.patch               | 13 -----
 srcpkgs/sudo/template                         |  4 +-
 5 files changed, 2 insertions(+), 79 deletions(-)
 delete mode 100644 srcpkgs/sudo/patches/0001-Fix-build-when-configured-using-without-sendmail.patch
 delete mode 100644 srcpkgs/sudo/patches/fix-musl-test.patch
 delete mode 100644 srcpkgs/sudo/patches/musl.patch

diff --git a/srcpkgs/sudo/INSTALL b/srcpkgs/sudo/INSTALL
index d7162122f5c..6150aed7d14 100644
--- a/srcpkgs/sudo/INSTALL
+++ b/srcpkgs/sudo/INSTALL
@@ -7,7 +7,6 @@ post)
 		echo "Setting up permissions to /etc/sudoers..."
 		chmod 0440 etc/sudoers
 	fi
-	chmod 4111 usr/bin/sudo usr/bin/sudoedit
 	[ ! -d etc/sudoers.d ] && install -d etc/sudoers.d
 	[ ! -d var/db/sudo ] && install -dm750 var/db/sudo
 	;;
diff --git a/srcpkgs/sudo/patches/0001-Fix-build-when-configured-using-without-sendmail.patch b/srcpkgs/sudo/patches/0001-Fix-build-when-configured-using-without-sendmail.patch
deleted file mode 100644
index bcc80136b31..00000000000
--- a/srcpkgs/sudo/patches/0001-Fix-build-when-configured-using-without-sendmail.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From e22817e3abfee6fee779ab0b2d312d48323abb56 Mon Sep 17 00:00:00 2001
-From: "Todd C. Miller" <Todd.Miller@sudo.ws>
-Date: Mon, 30 Nov 2020 13:18:12 -0700
-Subject: [PATCH] Fix build when configured using --without-sendmail Bug #947
-
----
- lib/eventlog/eventlog.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git lib/eventlog/eventlog.c lib/eventlog/eventlog.c
-index 8b190b7ce..ae97fdea9 100644
---- lib/eventlog/eventlog.c
-+++ lib/eventlog/eventlog.c
-@@ -78,7 +78,7 @@
- static FILE *eventlog_stub_open_log(int type, const char *logfile);
- static void eventlog_stub_close_log(int type, FILE *fp);
- 
--/* Eventlog config settings */
-+/* Eventlog config settings (default values). */
- static struct eventlog_config evl_conf = {
-     EVLOG_NONE,			/* type */
-     EVLOG_SUDO,			/* format */
-@@ -91,7 +91,11 @@ static struct eventlog_config evl_conf = {
-     false,			/* omit_hostname */
-     _PATH_SUDO_LOGFILE,		/* logpath */
-     "%h %e %T",			/* time_fmt */
-+#ifdef _PATH_SUDO_SENDMAIL
-     _PATH_SUDO_SENDMAIL,	/* mailerpath */
-+#else
-+    NULL,			/* mailerpath (disabled) */
-+#endif
-     "-t",			/* mailerflags */
-     NULL,			/* mailfrom */
-     MAILTO,			/* mailto */
-@@ -1436,8 +1440,10 @@ eventlog_setconf(struct eventlog_config *conf)
- 	evl_conf.logpath = _PATH_SUDO_LOGFILE;
-     if (evl_conf.time_fmt == NULL)
- 	evl_conf.time_fmt = "%h %e %T";
-+#ifdef _PATH_SUDO_SENDMAIL
-     if (evl_conf.mailerpath == NULL)
- 	evl_conf.mailerpath = _PATH_SUDO_SENDMAIL;
-+#endif
-     if (evl_conf.mailerflags == NULL)
- 	evl_conf.mailerflags = "-t";
-     if (evl_conf.mailto == NULL)
--- 
-2.29.2
-
diff --git a/srcpkgs/sudo/patches/fix-musl-test.patch b/srcpkgs/sudo/patches/fix-musl-test.patch
deleted file mode 100644
index cfd14e21134..00000000000
--- a/srcpkgs/sudo/patches/fix-musl-test.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-sys/stat.h is required for mode_t
-
-Fixes
-error: unknown type name 'mode_t'
-
---- plugins/sudoers/regress/env_match/check_env_pattern.c
-+++ plugins/sudoers/regress/env_match/check_env_pattern.c
-@@ -17,6 +17,7 @@
- #include <config.h>
- 
- #include <stdio.h>
-+#include <sys/stat.h>
- #include <stdlib.h>
- #ifdef HAVE_STRING_H
- # include <string.h>
diff --git a/srcpkgs/sudo/patches/musl.patch b/srcpkgs/sudo/patches/musl.patch
deleted file mode 100644
index c48d84522e6..00000000000
--- a/srcpkgs/sudo/patches/musl.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- include/sudo_util.h.orig	2015-07-17 07:49:35.184634311 +0200
-+++ include/sudo_util.h	2015-07-17 07:50:05.018046508 +0200
-@@ -23,6 +23,10 @@
- # include "compat/stdbool.h"
- #endif /* HAVE_STDBOOL_H */
- 
-+#ifdef HAVE_SYS_TYPES_H
-+# include <sys/types.h>	/* id_t */
-+#endif
-+
- /*
-  * Macros for operating on struct timeval.
-  */
diff --git a/srcpkgs/sudo/template b/srcpkgs/sudo/template
index d1286b8727b..54b3a5a2f65 100644
--- a/srcpkgs/sudo/template
+++ b/srcpkgs/sudo/template
@@ -1,6 +1,6 @@
 # Template file for 'sudo'
 pkgname=sudo
-version=1.9.4
+version=1.9.5p1
 revision=1
 build_style=gnu-configure
 configure_args="--with-ignore-dot --with-insults=disabled --with-all-insults --with-env-editor
@@ -15,7 +15,7 @@ license="ISC"
 homepage="https://www.sudo.ws/"
 changelog="https://www.sudo.ws/repos/sudo/raw-file/tip/NEWS"
 distfiles="https://www.sudo.ws/dist/sudo-${version}.tar.gz"
-checksum=8b91bd2cc73af18a06a01406e38d154b837107be759f72e89cefeaa94e1103f0
+checksum=4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882
 conf_files="/etc/pam.d/sudo /etc/sudoers"
 lib32disabled=yes
 

Re: [PR PATCH] [Merged]: sudo: update to 1.9.5p1, set permissions during do_install.

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 604 bytes --]

There's a merged pull request on the void-packages repository

sudo: update to 1.9.5p1, set permissions during do_install.
https://github.com/void-linux/void-packages/pull/27959

Description:
- fixes a bunch of CVEs.

- the chmod 4111 in INSTALL changed sudo from 4755 to 4111. It was
always suid, it just stopped being world readable for some reason (with
a window of time where it could still be read, since INSTALL isn't run
immediately after unpacking). Furthermore, chmod'ing sudoedit doesn't
change anything in the final package, since it's a symlink to sudo.

- clean up outdated patches.