From 4982d5f4b80e65f2a02ad2b9fc263688706a55f7 Mon Sep 17 00:00:00 2001 From: "mykola.salomatin" Date: Tue, 9 Feb 2021 22:51:21 +0200 Subject: [MTX-3814] mPower R. Apr 2021: sudo shall be patched - GP-1010 Update sudo version to the latest --- ...1-sudo.conf.in-fix-conflict-with-multilib.patch | 52 +++++++++++++++++++ recipes-extended/sudo/files/privacy | 1 + recipes-extended/sudo/files/sudoers.patch | 21 ++++++++ recipes-extended/sudo/sudo.inc | 27 +++++----- ...1-Include-sys-types.h-for-id_t-definition.patch | 34 ------------- recipes-extended/sudo/sudo/privacy | 1 - recipes-extended/sudo/sudo/sudoers.patch | 21 -------- recipes-extended/sudo/sudo_1.8.27.bb | 45 ----------------- recipes-extended/sudo/sudo_1.9.5p2.bb | 59 ++++++++++++++++++++++ 9 files changed, 146 insertions(+), 115 deletions(-) create mode 100644 recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch create mode 100644 recipes-extended/sudo/files/privacy create mode 100644 recipes-extended/sudo/files/sudoers.patch delete mode 100644 recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch delete mode 100644 recipes-extended/sudo/sudo/privacy delete mode 100644 recipes-extended/sudo/sudo/sudoers.patch delete mode 100644 recipes-extended/sudo/sudo_1.8.27.bb create mode 100644 recipes-extended/sudo/sudo_1.9.5p2.bb (limited to 'recipes-extended') diff --git a/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch new file mode 100644 index 0000000..f7ccfdd --- /dev/null +++ b/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch @@ -0,0 +1,52 @@ +sudo.conf.in: fix conflict with multilib + +When pass ${libdir} to --libexecdir of sudo, it fails to install sudo +and lib32-sudo at same time: + +| Error: Transaction test error: +| file /etc/sudo.conf conflicts between attempted installs of + sudo-1.9.3p1-r0.core2_64 and lib32-sudo-1.9.3p1-r0.core2_32 + +Update the comments in sudo.conf.in to avoid the conflict. + +Signed-off-by: Kai Kang + +Upstream-Status: Inappropriate [OE configuration specific] +--- + examples/sudo.conf.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in +index 19e33ff..af78235 100644 +--- a/examples/sudo.conf.in ++++ b/examples/sudo.conf.in +@@ -4,7 +4,7 @@ + # Sudo plugins: + # Plugin plugin_name plugin_path plugin_options ... + # +-# The plugin_path is relative to @plugindir@ unless ++# The plugin_path is relative to $plugindir such as /usr/lib/sudo unless + # fully qualified. + # The plugin_name corresponds to a global symbol in the plugin + # that contains the plugin interface structure. +@@ -50,7 +50,7 @@ Plugin sudoers_audit sudoers.so + # The compiled-in value is usually sufficient and should only be changed + # if you rename or move the sudo_noexec.so file. + # +-#Path noexec @plugindir@/sudo_noexec.so ++#Path noexec $plugindir/sudo_noexec.so + + # + # Sudo plugin directory: +@@ -59,7 +59,7 @@ Plugin sudoers_audit sudoers.so + # The default directory to use when searching for plugins that are + # specified without a fully qualified path name. + # +-#Path plugin_dir @plugindir@ ++#Path plugin_dir $plugindir + + # + # Sudo developer mode: +-- +2.17.1 + diff --git a/recipes-extended/sudo/files/privacy b/recipes-extended/sudo/files/privacy new file mode 100644 index 0000000..7c03615 --- /dev/null +++ b/recipes-extended/sudo/files/privacy @@ -0,0 +1 @@ +Defaults lecture = never diff --git a/recipes-extended/sudo/files/sudoers.patch b/recipes-extended/sudo/files/sudoers.patch new file mode 100644 index 0000000..aed0f10 --- /dev/null +++ b/recipes-extended/sudo/files/sudoers.patch @@ -0,0 +1,21 @@ +diff -uprN old/plugins/sudoers/sudoers.in new/plugins/sudoers/sudoers.in +--- old/plugins/sudoers/sudoers.in 2015-10-31 18:34:59.000000000 -0500 ++++ new/plugins/sudoers/sudoers.in 2017-04-20 10:32:19.530931283 -0500 +@@ -57,7 +57,7 @@ + # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" + ## + ## Uncomment to use a hard-coded PATH instead of the user's to find commands +-# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ++Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ## + ## Uncomment to send mail if the user does not enter the correct password. + # Defaults mail_badpass +@@ -85,7 +85,7 @@ root ALL=(ALL) ALL + # %wheel ALL=(ALL) NOPASSWD: ALL + + ## Uncomment to allow members of group sudo to execute any command +-# %sudo ALL=(ALL) ALL ++%sudo ALL=(ALL) ALL + + ## Uncomment to allow any user to run sudo if they know the password + ## of the user they are running the command as (root by default). diff --git a/recipes-extended/sudo/sudo.inc b/recipes-extended/sudo/sudo.inc index 51748b1..97ecabe 100644 --- a/recipes-extended/sudo/sudo.inc +++ b/recipes-extended/sudo/sudo.inc @@ -4,18 +4,18 @@ HOMEPAGE = "http://www.sudo.ws" BUGTRACKER = "http://www.sudo.ws/bugs/" SECTION = "admin" LICENSE = "ISC & BSD & Zlib" -LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=6c76b73603ac7763ab0516ebfbe67b42 \ - file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=4a162fc04b86b03f5632180fe6076cda \ - file://lib/util/reallocarray.c;beginline=3;endline=16;md5=85b0905b795d4d58bf2e00635649eec6 \ - file://lib/util/fnmatch.c;beginline=3;endline=27;md5=67f83ee9bd456557397082f8f1be0efd \ - file://lib/util/getcwd.c;beginline=5;endline=27;md5=449af4cc57fc7d46f42090608ba3e681 \ - file://lib/util/glob.c;beginline=6;endline=31;md5=5872733146b9eb0deb79e1f664815b85 \ - file://lib/util/snprintf.c;beginline=6;endline=34;md5=c82c1b3a5c32e08545c9ec5d71e41e50 \ - file://include/sudo_queue.h;beginline=5;endline=27;md5=449af4cc57fc7d46f42090608ba3e681 \ - file://lib/util/inet_pton.c;beginline=3;endline=17;md5=3970ab0518ab79cbd0bafb697f10b33a \ - file://lib/util/arc4random.c;beginline=3;endline=20;md5=15bdc89c1b003fa4d7353e6296ebfd68 \ - file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=31e630ac814d692fd0ab7a942659b46f \ - file://lib/util/getentropy.c;beginline=1;endline=19;md5=9f1a275ecd44cc264a2a4d5e06a75292 \ +LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=fdff64d4fd19126330aa81b94d167173 \ + file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \ + file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \ + file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \ + file://lib/util/getcwd.c;beginline=2;endline=27;md5=50f8d9667750e18dea4e84a935c12009 \ + file://lib/util/glob.c;beginline=2;endline=31;md5=2852f68687544e3eb8a0a61665506f0e \ + file://lib/util/snprintf.c;beginline=3;endline=33;md5=b70df6179969e38fcf68da91b53b8029 \ + file://include/sudo_queue.h;beginline=2;endline=27;md5=ad578e9664d17a010b63e4bc0576ee8d \ + file://lib/util/inet_pton.c;beginline=3;endline=17;md5=27785c9f5835093eda42aa0816a2d0b4 \ + file://lib/util/arc4random.c;beginline=3;endline=20;md5=ced8636ecefa2ba907cfe390bc3bd964 \ + file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=e30c2b777cdc00cfcaf7c445a10b262f \ + file://lib/util/getentropy.c;beginline=1;endline=19;md5=a0f58be3d60b6dcd898ec5fe0866d36f \ " inherit autotools @@ -26,13 +26,12 @@ PACKAGECONFIG[pam-wheel] = ",,,pam-plugin-wheel" CONFFILES_${PN} = "${sysconfdir}/sudoers" -EXTRA_OECONF = "--with-editor=/bin/vi --with-env-editor" +EXTRA_OECONF = "--with-editor=${base_bindir}/vi --with-env-editor" EXTRA_OECONF_append_libc-musl = " --disable-hardening " # mksigname/mksiglist are used on build host to generate source files do_compile_prepend () { - echo "JAK: Correct sudo.inc" # Remove build host references from sudo_usage.h sed -i \ -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ diff --git a/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch b/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch deleted file mode 100644 index eb36cd4..0000000 --- a/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 386e2c2fa2ab2e02ef71c268a57205139be329ab Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 31 Aug 2015 07:07:49 +0000 -Subject: [PATCH] Include sys/types.h for id_t definition - -/sudo_util.h:219:14: error: unknown type name 'id_t' - __dso_public id_t sudo_strtoid_v1(const char *str, const char *sep, - char **endp, const char **errstr); - ^ - make[1]: *** [preserve_fds.o] Error 1 - -Signed-off-by: Khem Raj ---- -Upstream-Status: Pending - - include/sudo_util.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/include/sudo_util.h b/include/sudo_util.h -index 89c9f89..ac0855a 100644 ---- a/include/sudo_util.h -+++ b/include/sudo_util.h -@@ -17,6 +17,8 @@ - #ifndef SUDO_UTIL_H - #define SUDO_UTIL_H - -+#include -+ - #ifdef HAVE_STDBOOL_H - # include - #else --- -2.5.1 - diff --git a/recipes-extended/sudo/sudo/privacy b/recipes-extended/sudo/sudo/privacy deleted file mode 100644 index 7c03615..0000000 --- a/recipes-extended/sudo/sudo/privacy +++ /dev/null @@ -1 +0,0 @@ -Defaults lecture = never diff --git a/recipes-extended/sudo/sudo/sudoers.patch b/recipes-extended/sudo/sudo/sudoers.patch deleted file mode 100644 index aed0f10..0000000 --- a/recipes-extended/sudo/sudo/sudoers.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -uprN old/plugins/sudoers/sudoers.in new/plugins/sudoers/sudoers.in ---- old/plugins/sudoers/sudoers.in 2015-10-31 18:34:59.000000000 -0500 -+++ new/plugins/sudoers/sudoers.in 2017-04-20 10:32:19.530931283 -0500 -@@ -57,7 +57,7 @@ - # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" - ## - ## Uncomment to use a hard-coded PATH instead of the user's to find commands --# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -+Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - ## - ## Uncomment to send mail if the user does not enter the correct password. - # Defaults mail_badpass -@@ -85,7 +85,7 @@ root ALL=(ALL) ALL - # %wheel ALL=(ALL) NOPASSWD: ALL - - ## Uncomment to allow members of group sudo to execute any command --# %sudo ALL=(ALL) ALL -+%sudo ALL=(ALL) ALL - - ## Uncomment to allow any user to run sudo if they know the password - ## of the user they are running the command as (root by default). diff --git a/recipes-extended/sudo/sudo_1.8.27.bb b/recipes-extended/sudo/sudo_1.8.27.bb deleted file mode 100644 index 8f0a144..0000000 --- a/recipes-extended/sudo/sudo_1.8.27.bb +++ /dev/null @@ -1,45 +0,0 @@ -require sudo.inc - -SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://0001-Include-sys-types.h-for-id_t-definition.patch \ - " - -PAM_SRC_URI = "file://sudo.pam" - -SRC_URI[md5sum] = "b5c184b13b6b5de32af630af2fd013fd" -SRC_URI[sha256sum] = "7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd33e2ec0" - -DEPENDS += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" - -EXTRA_OECONF += " \ - ac_cv_type_rsize_t=no \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ - " - -do_install_append () { - if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then - install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo - fi - if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then - echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo - sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers - fi - - chmod 4111 ${D}${bindir}/sudo - chmod 0440 ${D}${sysconfdir}/sudoers - - # Explicitly remove the /run directory to avoid QA error - rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo -} - -FILES_${PN} += "${libdir}/tmpfiles.d" -FILES_${PN}-dev += "${libexecdir}/${BPN}/lib*${SOLIBSDEV} ${libexecdir}/${BPN}/*.la \ - ${libexecdir}/lib*${SOLIBSDEV} ${libexecdir}/*.la" - - - - - diff --git a/recipes-extended/sudo/sudo_1.9.5p2.bb b/recipes-extended/sudo/sudo_1.9.5p2.bb new file mode 100644 index 0000000..a1164e9 --- /dev/null +++ b/recipes-extended/sudo/sudo_1.9.5p2.bb @@ -0,0 +1,59 @@ +require sudo.inc + +SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \ + " + +PAM_SRC_URI = "file://sudo.pam" + +SRC_URI[sha256sum] = "539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978" + +DEPENDS += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" + +CACHED_CONFIGUREVARS = " \ + ac_cv_type_rsize_t=no \ + ac_cv_path_MVPROG=${base_bindir}/mv \ + ac_cv_path_BSHELLPROG=${base_bindir}/sh \ + ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \ + ac_cv_path_VIPROG=${base_bindir}/vi \ + " + +EXTRA_OECONF += " \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ + --with-rundir=/run/sudo \ + --with-vardir=/var/lib/sudo \ + --libexecdir=${libdir} \ + " + +do_install_append () { + if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then + install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo + fi + if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then + echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo + sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers + fi + + chmod 4111 ${D}${bindir}/sudo + chmod 0440 ${D}${sysconfdir}/sudoers + + # Explicitly remove the /sudo directory to avoid QA error + rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo +} + +FILES_${PN}-dev += "${libdir}/${BPN}/lib*${SOLIBSDEV} ${libdir}/${BPN}/*.la \ + ${libdir}/lib*${SOLIBSDEV} ${libdir}/*.la" + +SUDO_PACKAGES = "${PN}-sudo\ + ${PN}-lib" + +PACKAGE_BEFORE_PN = "${SUDO_PACKAGES}" + +RDEPENDS_${PN}-sudo = "${PN}-lib" +RDEPENDS_${PN} += "${SUDO_PACKAGES}" + +FILES_${PN}-sudo = "${bindir}/sudo ${bindir}/sudoedit" +FILES_${PN}-lib = "${localstatedir} ${libexecdir} ${sysconfdir} ${libdir} ${nonarch_libdir}" -- cgit v1.2.3