Date: Thursday, September 7, 2017 @ 12:03:59 Author: foutrelis Revision: 304771
upgpkg: sudo 1.8.21.p2-1 New upstream release. Modified: sudo/trunk/PKGBUILD Deleted: sudo/trunk/fix-pam-prompt.patch sudo/trunk/fix-usage-of-signal-pipe.patch --------------------------------+ PKGBUILD | 16 +-------- fix-pam-prompt.patch | 66 --------------------------------------- fix-usage-of-signal-pipe.patch | 51 ------------------------------ 3 files changed, 3 insertions(+), 130 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-09-07 10:56:12 UTC (rev 304770) +++ PKGBUILD 2017-09-07 12:03:59 UTC (rev 304771) @@ -4,9 +4,9 @@ # Contributor: Tom Newsom <[email protected]> pkgname=sudo -_sudover=1.8.21p1 +_sudover=1.8.21p2 pkgver=${_sudover/p/.p} -pkgrel=3 +pkgrel=1 pkgdesc="Give certain users the ability to run some commands as root" arch=('i686' 'x86_64') url="https://www.sudo.ws/sudo/"; @@ -16,24 +16,14 @@ backup=('etc/sudoers' 'etc/pam.d/sudo') install=$pkgname.install source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig} - fix-pam-prompt.patch - fix-usage-of-signal-pipe.patch sudo.pam) -sha256sums=('ee50d3a249a96b1c5c8d3d21380eb96c63c6e61a888b13e3c2b941b23ab7c808' +sha256sums=('74c5746cd33a814e2431c39faf0d76f7f8a697379bd073862e3b156cf0d76368' 'SKIP' - 'fc9a37c533664ecfdc7715812e9a93f39891e6fc3d72c23858bee33ac27fcebe' - '10af762129cf88b3036a30e6c1d19ec69b70911161d4f419fd5b86f160a1a4f1' 'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2') validpgpkeys=('CCB24BE9E9481B15D34159535A89DFA27EE470C4') prepare() { cd "$srcdir/$pkgname-$_sudover" - - # https://bugzilla.sudo.ws/show_bug.cgi?id=799 - patch -Np1 -i ../fix-pam-prompt.patch - - # https://bugzilla.sudo.ws/show_bug.cgi?id=800 - patch -Np1 -i ../fix-usage-of-signal-pipe.patch } build() { Deleted: fix-pam-prompt.patch =================================================================== --- fix-pam-prompt.patch 2017-09-07 10:56:12 UTC (rev 304770) +++ fix-pam-prompt.patch 2017-09-07 12:03:59 UTC (rev 304771) @@ -1,66 +0,0 @@ - -# HG changeset patch -# User Todd C. Miller <[email protected]> -# Date 1504625419 21600 -# Node ID 6ee5cc13af69f4248dfa1d89215e7c95fa90d051 -# Parent 7e6bf56cb06cfdc82f5b636ebe2851cfeda50f17 -Fix a logic error in 96651906de42 which prevented sudo from using -the PAM-supplied prompt. Bug #799 - -diff -r 7e6bf56cb06c -r 6ee5cc13af69 plugins/sudoers/auth/pam.c ---- a/plugins/sudoers/auth/pam.c Fri Sep 01 14:09:43 2017 -0600 -+++ b/plugins/sudoers/auth/pam.c Tue Sep 05 09:30:19 2017 -0600 -@@ -435,28 +435,32 @@ - size_t user_len; - debug_decl(use_pam_prompt, SUDOERS_DEBUG_AUTH) - -- if (!def_passprompt_override) { -- /* If sudo prompt matches "^Password: ?$", use PAM prompt. */ -- if (PROMPT_IS_PASSWORD(def_prompt)) -- debug_return_bool(true); -- -- /* If PAM prompt matches "^Password: ?$", use sudo prompt. */ -- if (PAM_PROMPT_IS_PASSWORD(pam_prompt)) -- debug_return_bool(false); -+ /* Always use sudo prompt if passprompt_override is set. */ -+ if (def_passprompt_override) -+ debug_return_bool(false); - -- /* -- * Some PAM modules use "^username's Password: ?$" instead of -- * "^Password: ?" so check for that too. -- */ -- user_len = strlen(user_name); -- if (strncmp(pam_prompt, user_name, user_len) == 0) { -- const char *cp = pam_prompt + user_len; -- if (strncmp(cp, "'s Password:", 12) == 0 && -- (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0'))) -- debug_return_bool(false); -- } -+ /* If sudo prompt matches "^Password: ?$", use PAM prompt. */ -+ if (PROMPT_IS_PASSWORD(def_prompt)) -+ debug_return_bool(true); -+ -+ /* If PAM prompt matches "^Password: ?$", use sudo prompt. */ -+ if (PAM_PROMPT_IS_PASSWORD(pam_prompt)) -+ debug_return_bool(false); -+ -+ /* -+ * Some PAM modules use "^username's Password: ?$" instead of -+ * "^Password: ?" so check for that too. -+ */ -+ user_len = strlen(user_name); -+ if (strncmp(pam_prompt, user_name, user_len) == 0) { -+ const char *cp = pam_prompt + user_len; -+ if (strncmp(cp, "'s Password:", 12) == 0 && -+ (cp[12] == '\0' || (cp[12] == ' ' && cp[13] == '\0'))) -+ debug_return_bool(false); - } -- debug_return_bool(false); -+ -+ /* Otherwise, use the PAM prompt. */ -+ debug_return_bool(true); - } - - /* - Deleted: fix-usage-of-signal-pipe.patch =================================================================== --- fix-usage-of-signal-pipe.patch 2017-09-07 10:56:12 UTC (rev 304770) +++ fix-usage-of-signal-pipe.patch 2017-09-07 12:03:59 UTC (rev 304771) @@ -1,51 +0,0 @@ - -# HG changeset patch -# User Todd C. Miller <[email protected]> -# Date 1504722576 21600 -# Node ID 7668f93e6544c762e6753590426ca882c0a373a5 -# Parent 6ee5cc13af69f4248dfa1d89215e7c95fa90d051 -The read and write sides of signal_pipe[] were swapped, resulting -in EBADF reading from and writing to the signal pipe on Linux and -probably others. On systems with bidirectional pipes this was not -an issue. - -diff -r 6ee5cc13af69 -r 7668f93e6544 lib/util/event.c ---- a/lib/util/event.c Tue Sep 05 09:30:19 2017 -0600 -+++ b/lib/util/event.c Wed Sep 06 12:29:36 2017 -0600 -@@ -153,7 +153,7 @@ - } - if (nread == -1 && errno != EAGAIN) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, -- "%s: error reading from signal pipe", __func__); -+ "%s: error reading from signal pipe fd %d", __func__, fd); - } - - /* Activate signal events. */ -@@ -182,7 +182,7 @@ - "%s: unable to create signal pipe", __func__); - goto bad; - } -- sudo_ev_init(&base->signal_event, base->signal_pipe[1], -+ sudo_ev_init(&base->signal_event, base->signal_pipe[0], - SUDO_EV_READ|SUDO_EV_PERSIST, signal_pipe_cb, base); - - debug_return_int(0); -@@ -341,7 +341,7 @@ - signal_base->signal_caught = 1; - - /* Wake up the other end of the pipe. */ -- ignore_result(write(signal_base->signal_pipe[0], &ch, 1)); -+ ignore_result(write(signal_base->signal_pipe[1], &ch, 1)); - } - } - -@@ -622,7 +622,7 @@ - if (errno == EINTR) { - /* Interrupted by signal, check for sigevents. */ - if (base->signal_caught) { -- signal_pipe_cb(base->signal_pipe[1], SUDO_EV_READ, base); -+ signal_pipe_cb(base->signal_pipe[0], SUDO_EV_READ, base); - break; - } - continue; -
