Evangelos Foutras pushed to branch main at Arch Linux / Packaging / Packages / sudo
Commits: aa29ddf7 by Evangelos Foutras at 2024-07-29T08:21:23+03:00 Use --with-secure-path-value instead of patching Upstream has implemented this new ./configure option for overriding the default value of secure_path in sudoers, so we no longer need to patch. - - - - - 2 changed files: - PKGBUILD - − change-default-secure-path.patch Changes: ===================================== PKGBUILD ===================================== @@ -19,14 +19,14 @@ install=$pkgname.install source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig} $pkgname-preserve-editor-for-visudo.patch::https://github.com/sudo-project/sudo/commit/1db1453556e1.patch $pkgname-enable-secure_path-by-default.patch::https://github.com/sudo-project/sudo/commit/e0e24456bc3f.patch - change-default-secure-path.patch + $pkgname-add-with-secure-path-value-option.patch::https://github.com/sudo-project/sudo/commit/e24737eac90f.patch sudo_logsrvd.service sudo.pam) sha256sums=('558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558' 'SKIP' '321aa5f1b482ffd5728c07477a51ce3de1e48b9db13f4578e662c227c705826c' 'baacece8e854bed47276925715ae8f3c2771ad72821006b3a26796fe154e1130' - 'd062bab92a9fcd2fac0a4a9dca155c58efc0f942dd1ed7e37e7055455a4980d9' + '78cc8346d79b359d89e8b2e27485eab8b076fab72e0c74832fa994407c3c6147' 'bd4bc2f5d85cbe14d7e7acc5008cb4fe62c38de7d42dc6876c87bfaa273c0a6e' 'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2') validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB') @@ -35,10 +35,7 @@ prepare() { cd $pkgname-$_sudover patch -Np1 -i ../$pkgname-preserve-editor-for-visudo.patch patch -Np1 -F3 -i ../$pkgname-enable-secure_path-by-default.patch - - # we cannot use --with-secure_path as it will enable it internally as well - # keeping it disabled in the sudo binary allows the user to comment it out - patch -Np1 -i ../change-default-secure-path.patch + patch -Np1 -i ../$pkgname-add-with-secure-path-value-option.patch } build() { @@ -58,6 +55,7 @@ build() { --with-ldap-conf-file=/etc/openldap/ldap.conf \ --with-env-editor \ --with-passprompt="[sudo] password for %p: " \ + --with-secure-path-value=/usr/local/sbin:/usr/local/bin:/usr/bin \ --with-all-insults make } ===================================== change-default-secure-path.patch deleted ===================================== @@ -1,26 +0,0 @@ -diff --git a/configure b/configure -index 9ac46b6..de561f1 100755 ---- a/configure -+++ b/configure -@@ -3729,7 +3729,7 @@ noexec_file="$libexecdir/sudo/sudo_noexec.so" - sesh_file="$libexecdir/sudo/sesh" - visudo="$sbindir/visudo" - nsswitch_conf=/etc/nsswitch.conf --secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -+secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin" - secure_path_set="disabled" - pam_session=on - pam_login_service=sudo -diff --git a/configure.ac b/configure.ac -index 2f07e7c..d59c04e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -229,7 +229,7 @@ noexec_file="$libexecdir/sudo/sudo_noexec.so" - sesh_file="$libexecdir/sudo/sesh" - visudo="$sbindir/visudo" - nsswitch_conf=/etc/nsswitch.conf --secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -+secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin" - secure_path_set="disabled" - pam_session=on - pam_login_service=sudo View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/sudo/-/commit/aa29ddf7fd0cffc58c6b8d4b467701a78b76e51c -- View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/sudo/-/commit/aa29ddf7fd0cffc58c6b8d4b467701a78b76e51c You're receiving this email because of your account on gitlab.archlinux.org.
