diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2008-05-11 17:19:55 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2008-05-11 17:19:55 +0000 |
| commit | 1332e4d602cbf343766a903aa9fbd5c1e348ffe7 (patch) | |
| tree | 83cd4f34bfef1e14f398560c786c890ad4416d88 | |
| parent | Update sudo masking to the new version. (diff) | |
| download | historical-1332e4d602cbf343766a903aa9fbd5c1e348ffe7.tar.gz historical-1332e4d602cbf343766a903aa9fbd5c1e348ffe7.tar.bz2 historical-1332e4d602cbf343766a903aa9fbd5c1e348ffe7.zip | |
Version bump for both stable and beta series. Remove old versions. Restore keywords as these ebuilds don't use pambase anymore.
Package-Manager: portage-2.1.5_rc10
| -rw-r--r-- | app-admin/sudo/ChangeLog | 12 | ||||
| -rw-r--r-- | app-admin/sudo/Manifest | 26 | ||||
| -rw-r--r-- | app-admin/sudo/sudo-1.6.9_p12.ebuild | 187 | ||||
| -rw-r--r-- | app-admin/sudo/sudo-1.6.9_p14.ebuild | 188 | ||||
| -rw-r--r-- | app-admin/sudo/sudo-1.6.9_p16.ebuild (renamed from app-admin/sudo/sudo-1.6.9_p15.ebuild) | 4 | ||||
| -rw-r--r-- | app-admin/sudo/sudo-1.7.0_rc1.ebuild (renamed from app-admin/sudo/sudo-1.7_beta2.ebuild) | 12 | ||||
| -rw-r--r-- | app-admin/sudo/sudo-1.7_beta3.ebuild | 201 | ||||
| -rw-r--r-- | app-admin/sudo/sudo-1.7_beta4.ebuild | 201 |
8 files changed, 32 insertions, 799 deletions
diff --git a/app-admin/sudo/ChangeLog b/app-admin/sudo/ChangeLog index cf5873808bfc..406e7339bb6b 100644 --- a/app-admin/sudo/ChangeLog +++ b/app-admin/sudo/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for app-admin/sudo # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.123 2008/05/11 13:13:11 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.124 2008/05/11 17:19:55 flameeyes Exp $ + +*sudo-1.7.0_rc1 (11 May 2008) +*sudo-1.6.9_p16 (11 May 2008) + + 11 May 2008; Diego Pettenò <flameeyes@gentoo.org> -sudo-1.6.9_p12.ebuild, + -sudo-1.6.9_p14.ebuild, -sudo-1.6.9_p15.ebuild, +sudo-1.6.9_p16.ebuild, + -sudo-1.7_beta2.ebuild, -sudo-1.7_beta3.ebuild, -sudo-1.7_beta4.ebuild, + +sudo-1.7.0_rc1.ebuild: + Version bump for both stable and beta series. Remove old versions. Restore + keywords as these ebuilds don't use pambase anymore. 11 May 2008; Ulrich Mueller <ulm@gentoo.org> sudo-1.6.8_p12-r1.ebuild, sudo-1.6.9_p12.ebuild, sudo-1.6.9_p13.ebuild, sudo-1.6.9_p14.ebuild, diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest index a593515cc83c..e96c0d44151a 100644 --- a/app-admin/sudo/Manifest +++ b/app-admin/sudo/Manifest @@ -7,27 +7,19 @@ AUX sudo-ldap_timelimit.diff 2550 RMD160 b34a41e3fc4016ff182ed1800e0f1b0f82d3bfd AUX sudo-skeychallengeargs.diff 567 RMD160 906ee43a7c2f21d1cf5130eac5c98ef0833154fd SHA1 b0efbedc72a1ed85c74ba10e343a68368e76c3e9 SHA256 dd2f4fdba26be6c3b4af15f3b6e18efa19375e1f9c579cdc2c76ee1adcce5e1d AUX sudoers 1612 RMD160 f61c372791112feecae7e0a762a9aa9f30285099 SHA1 b27d644dcd9d7d3727db9355a81cebf7deaa6a7a SHA256 4ff5355e2d1dcac48bdd8420982a5b437546cd40b3dc445f9fbfb9464a4af1a0 DIST sudo-1.6.8p12.tar.gz 585643 RMD160 d7ff9f18ca0973615258c2e975300b94567451d5 SHA1 a79631e9e1c0d0d3f2aa88ae685628e5fde61982 SHA256 56f7d86032538a4a98d90af3742903a09ba16d6db82b593e4a47605f87fa581a -DIST sudo-1.6.9p12.tar.gz 581936 RMD160 fe07ead5c328b35fc0c84946d71469f4620ddd06 SHA1 c2b07c68d2026fb3e7786b2c9a8fb0c519a830f8 SHA256 d25c7a04f0db65c4a4e587df337fb6c4bd5165155d7ab64e8b00a89f745dd4aa DIST sudo-1.6.9p13.tar.gz 589079 RMD160 eb2a4d835553061f9a15d71abee83a5574215c28 SHA1 0e84a265bb18772bc99d0f37c65dd6564962a6c4 SHA256 c54b8f10eca330cb3181e4a16bd743b145d4fcf9d1d85df6127d7e9979d4a805 -DIST sudo-1.6.9p14.tar.gz 589298 RMD160 8516c9f0a6468e07174ffda310f55013841e3fba SHA1 71ac10f51c1b3d6338ac936fe39be3009ea4dbb4 SHA256 cffccc9090df1daf3aba129f94bf5e01724e723e3264124b9d57d4a1437f097a -DIST sudo-1.6.9p15.tar.gz 593065 RMD160 af7278bddef79962ea086a5120cd815d13b2909c SHA1 23beafa1d7c9c85c4535648923323cab34ff7810 SHA256 654376e31ac76028e02a603c67ced319304a1aa6bdfae72431574cef5c59a382 -DIST sudo-1.7b2.tar.gz 711994 RMD160 aaec1acc7274ce6c2564768321947eab42c10a42 SHA1 83422e1be04498052a456c88abbaa5e64d9703b7 SHA256 ca5872d45f70d4890f7ba15fd506580043fcb4f528856a1f76a44057cbd263bf -DIST sudo-1.7b3.tar.gz 734143 RMD160 753eb5dcc0dc4e71ff4f8a074583bec9784a696c SHA1 f76af7f9ef8eb098c98b3b549ea49691a0cf9b16 SHA256 6141ae32d639a4d0c883b3d4f6f5876c2f36d495fedfea20b539dd9c89c48c00 -DIST sudo-1.7b4.tar.gz 734580 RMD160 f6171dec47afbd483cc24c4c0d77c3feb3b3005f SHA1 7b4d6d2a2aa619a5baa6ede9e14e67d75a14c963 SHA256 c42eb4022a1426e15703a5674a07276a37e32d952196d70b78dea566b610a517 +DIST sudo-1.6.9p16.tar.gz 593175 RMD160 b36b1ecc4383a6e411a8f0c2e90f9bfb6df4a220 SHA1 6c9248441eb6f5d56a9ba3545b83fceb875bd4ee SHA256 634e2b596bc6fc6a9143e00387ae79941980f548c9a20ea651ce755cc4e35f6a +DIST sudo-1.7.0rc1.tar.gz 736445 RMD160 1d226161876a3e290f30eba067ee8fbecef6cd66 SHA1 4a83cadd37aab864cbf21efd9e39996a73cbb210 SHA256 b1cb268376f9c8ce0e69567b3e53bfa09618d825df8e4ad1273ff196eba36952 EBUILD sudo-1.6.8_p12-r1.ebuild 6592 RMD160 70d093d445760f96b437136a23870a3a14e4a4c6 SHA1 4ccc75130bf26e7a27733723253888a08a8b9477 SHA256 169ff4e7b1f2370f87e70cba6e6a9ced645e8254231a1db9b34680acdc369d2e -EBUILD sudo-1.6.9_p12.ebuild 5833 RMD160 6f11c9cd39b4d633b3d7b805e751d2da6ebaca87 SHA1 907ea8609e22263d9fb02800557fac70c3150063 SHA256 10defb069943d78bc5ce02c6ac05e043d673f9b4da04850108f65fcbb3fe6ed6 EBUILD sudo-1.6.9_p13.ebuild 5882 RMD160 cea073f8e19dae57c9cda329c06c43dcea72a082 SHA1 c65e392d1f5b1f550016f4da0ea415d1dd9f34d2 SHA256 6a6a759e54dd57630b578e0804532df396295331224c13accf7e641b8feaee89 -EBUILD sudo-1.6.9_p14.ebuild 5856 RMD160 1522171d29a1bede2a4fe0a59cf06da7ad28fb27 SHA1 c8f9ee0f2e28308c6e4ac3336d2fe85ec4b7c8aa SHA256 d4af49f0ebdcd489410c50612fbf4a58859d80cd9a4754acb13d1fd5c062334f -EBUILD sudo-1.6.9_p15.ebuild 5855 RMD160 572954a3ee6f29f841cc2356ef307523c652eec1 SHA1 20dc209b62c3df8d89fbf28568bba974e1f0e0cc SHA256 52906c5c06f40f714ad85eac99c88d4061a1b7a101cfb904114e9fcfd3931f97 -EBUILD sudo-1.7_beta2.ebuild 6308 RMD160 2833be3f8b5664ca2ace6c65b11ea2f93b58f9cf SHA1 03e8131862be275905e3944e8df1f174578276bb SHA256 0356247f637edca3999af16d78935d4fe626eddbdbfbea07335554058f667dac -EBUILD sudo-1.7_beta3.ebuild 6282 RMD160 e6640f491da84c3cac438ca64c2a4ecdd810c22e SHA1 8c1f536c77a829c844693e81e4cd3ea4f12bfbf2 SHA256 5e0f97a3504d05e34cdc9e1373ea539db73230104c1bf0a470baa76200a331e9 -EBUILD sudo-1.7_beta4.ebuild 6281 RMD160 41889bc95e8045e0e020e70f7e92d0234c3d3278 SHA1 0900470ee6257c9cca20177de6a20624c9f05f5b SHA256 289f8be20ae3442e97ccafe9658ec5ff19a51a5a8f3c86bb6cfad6e01cabc437 -MISC ChangeLog 17128 RMD160 d05f425b1496e204306a073595203eb14fdd1a1c SHA1 dc3727100163949a39c9800c1e4cc76d02709354 SHA256 13efea01017fdd904c1cfa4dc313da09c7abe8a39c22cfd3dc841b68b8ae3565 +EBUILD sudo-1.6.9_p16.ebuild 5915 RMD160 b0ce895965bba3d06ba0f1823f7ce74501a72ae9 SHA1 e9a16128496ff4abba40097045352aca1b7d73d4 SHA256 09d31f267cb353ed9efe40b2d6f08be38f21af774bf40080e1bf7d6156d9ce2c +EBUILD sudo-1.7.0_rc1.ebuild 6369 RMD160 6b0e40b8fad60668309e71af2ae221cb4c013173 SHA1 4bf103c4f431f0c16dfd2a7588043b651e605982 SHA256 d36048ed9f7fe48109f37fa09f9c0329df16a8acbf80025246be36e3c4b864cb +MISC ChangeLog 17579 RMD160 97b4a3ae92e3dbac454f3e7935ed65e555b1ca6c SHA1 30b484509b2d386597f50666913875ae706d337c SHA256 248499dcc4c8d593e47a5a8226fbaecd7857d5fb35527fb9199584a5bd1db58c MISC metadata.xml 501 RMD160 74dd36daa51d7ad5ce1659f0279e1245cd1ef4bc SHA1 e447d21dc61ee4a6de8cc0f66aa28aa422d9990a SHA256 5f399b83a90977486ff92847caa884d16f8b71705fd0d2203acb35f56c9a6db6 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (GNU/Linux) +Version: GnuPG v2.0.9 (GNU/Linux) -iEYEARECAAYFAkgm8Q4ACgkQOeoy/oIi7uzQ+QCgz0meej2EjyQt5Ytbg/A0aWPg -tG0An0r/cwhI3wk4zuNHgcVeHdV+UtQ/ -=f78a +iEYEARECAAYFAkgnKsIACgkQAiZjviIA2XgaQwCgn2OeJJxvVWpEz+d9stX+xTvF +61QAoJQKIln8pgpN6r91Bm6h6n77MjqH +=sjvu -----END PGP SIGNATURE----- diff --git a/app-admin/sudo/sudo-1.6.9_p12.ebuild b/app-admin/sudo/sudo-1.6.9_p12.ebuild deleted file mode 100644 index f187be13b685..000000000000 --- a/app-admin/sudo/sudo-1.6.9_p12.ebuild +++ /dev/null @@ -1,187 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.6.9_p12.ebuild,v 1.6 2008/05/11 13:13:11 ulm Exp $ - -inherit eutils pam confutils - -DESCRIPTION="Allows users or groups to run commands as other users" -HOMEPAGE="http://www.sudo.ws/" -SRC_URI="ftp://ftp.sudo.ws/pub/sudo/${P/_/}.tar.gz" -LICENSE="Sudo" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" -IUSE="pam skey offensive ldap selinux" - -DEPEND="pam? ( virtual/pam ) - ldap? ( >=net-nds/openldap-2.1.30-r1 ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - virtual/editor - virtual/mta" -RDEPEND="selinux? ( sec-policy/selinux-sudo ) - ldap? ( dev-lang/perl ) - ${DEPEND}" -DEPEND="${RDEPEND} sys-devel/bison" - -S=${WORKDIR}/${P/_/} - -pkg_setup() { - confutils_use_conflict skey pam -} - -src_unpack() { - unpack ${A}; cd "${S}" - - # compatability fix. - epatch "${FILESDIR}"/${PN}-skeychallengeargs.diff - - # additional variables to disallow, should user disable env_reset. - - # NOTE: this is not a supported mode of operation, these variables - # are added to the blacklist as a convenience to administrators - # who fail to heed the warnings of allowing untrusted users - # to access sudo. - # - # there is *no possible way* to foresee all attack vectors in - # all possible applications that could potentially be used via - # sudo, these settings will just delay the inevitable. - # - # that said, I will accept suggestions for variables that can - # be misused in _common_ interpreters or libraries, such as - # perl, bash, python, ruby, etc., in the hope of dissuading - # a casual attacker. - - # XXX: perl should be using suid_perl. - # XXX: users can remove/add more via env_delete and env_check. - # XXX: <?> = probably safe enough for most circumstances. - - einfo "Blacklisting common variables (env_delete)..." - sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. - sudo_bad_var 'FPATH' # ksh, search path for functions. - sudo_bad_var 'NULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. <?> - sudo_bad_var 'PYTHONHOME' # python, module search path. - sudo_bad_var 'PYTHONPATH' # python, search path. - sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. - sudo_bad_var 'RUBYLIB' # ruby, lib load path. - sudo_bad_var 'RUBYOPT' # ruby, cl options. - sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. - einfo "...done." - - # prevent binaries from being stripped. - sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in - - # remove useless c++ checks - epunt_cxx -} - -src_compile() { - local line ROOTPATH - - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path..." - - # why not use grep? variable might be expanded from other variables - # declared in that file. cannot just source the file, would override - # any variables already set. - eval `PS4= bash -x /etc/profile.env 2>&1 | \ - while read line; do - case $line in - ROOTPATH=*) echo $line; break;; - *) continue;; - esac - done` && einfo " Found ROOTPATH..." || \ - ewarn " Failed to find ROOTPATH, please report this." - - # remove any duplicate entries - ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) - - # strip gcc path (bug #136027) - rmpath ROOTPATH '*/gcc-bin/*' - - einfo "...done." - - # XXX: --disable-path-info closes an info leak, but may be confusing. - # XXX: /bin/vi may not be available, make nano visudo's default. - econf --with-secure-path="${ROOTPATH}" \ - --with-editor=/bin/nano \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) || die - - emake || die -} - -src_install() { - einstall || die - dodoc BUGS CHANGES HISTORY PORTING README \ - TROUBLESHOOTING UPGRADE sample.* - - if use ldap; then - dodoc README.LDAP schema.OpenLDAP - dosbin sudoers2ldif - - cat - > "${T}"/ldap.conf.sudo <<EOF -# See ldap.conf(5) and README.LDAP for details\n" -# This file should only be readable by root\n\n" -# supported directives: host, port, ssl, ldap_version\n" -# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" -# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key -EOF - - insinto /etc - doins "${T}"/ldap.conf.sudo - fperms 0440 /etc/ldap.conf.sudo - fi - - pamd_mimic system-auth sudo auth account password session - - insinto /etc - doins "${FILESDIR}"/sudoers - fperms 0440 /etc/sudoers -} - -# remove duplicate path entries from $1 -cleanpath() { - local i=1 x n IFS=: - local -a paths; paths=($1) - - for ((n=${#paths[*]}-1;i<=n;i++)); do - for ((x=0;x<i;x++)); do - test "${paths[i]}" == "${paths[x]}" && { - einfo " Duplicate entry ${paths[i]} removed..." 1>&2 - unset paths[i]; continue 2; } - done; # einfo " Adding ${paths[i]}..." 1>&2 - done; echo "${paths[*]}" -} - -# add $1 to default env_delete list. -sudo_bad_var() { - local target='env.c' marker='\*initial_badenv_table\[\]' - - ebegin " $1" - sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} - eend $? -} - -rmpath() { - declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: - shift - for thisp in $oldpath; do - for e; do [[ $thisp == $e ]] && continue 2; done - newpath=$newpath:$thisp - done - eval $PATHvar='${newpath#:}' -} - -pkg_postinst() { - use ldap && { - ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." - } -} diff --git a/app-admin/sudo/sudo-1.6.9_p14.ebuild b/app-admin/sudo/sudo-1.6.9_p14.ebuild deleted file mode 100644 index 145cc8a15a0a..000000000000 --- a/app-admin/sudo/sudo-1.6.9_p14.ebuild +++ /dev/null @@ -1,188 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.6.9_p14.ebuild,v 1.5 2008/05/11 13:13:11 ulm Exp $ - -inherit eutils pam confutils - -DESCRIPTION="Allows users or groups to run commands as other users" -HOMEPAGE="http://www.sudo.ws/" -SRC_URI="ftp://ftp.sudo.ws/pub/sudo/${P/_/}.tar.gz" -LICENSE="Sudo" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc64 ~sparc ~x86" -IUSE="pam skey offensive ldap selinux" - -DEPEND="pam? ( virtual/pam ) - ldap? ( >=net-nds/openldap-2.1.30-r1 ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - virtual/editor - virtual/mta" -RDEPEND="selinux? ( sec-policy/selinux-sudo ) - ldap? ( dev-lang/perl ) - pam? ( sys-auth/pambase ) - ${DEPEND}" -DEPEND="${RDEPEND} sys-devel/bison" - -S=${WORKDIR}/${P/_/} - -pkg_setup() { - confutils_use_conflict skey pam -} - -src_unpack() { - unpack ${A}; cd "${S}" - - # compatability fix. - epatch "${FILESDIR}"/${PN}-skeychallengeargs.diff - - # additional variables to disallow, should user disable env_reset. - - # NOTE: this is not a supported mode of operation, these variables - # are added to the blacklist as a convenience to administrators - # who fail to heed the warnings of allowing untrusted users - # to access sudo. - # - # there is *no possible way* to foresee all attack vectors in - # all possible applications that could potentially be used via - # sudo, these settings will just delay the inevitable. - # - # that said, I will accept suggestions for variables that can - # be misused in _common_ interpreters or libraries, such as - # perl, bash, python, ruby, etc., in the hope of dissuading - # a casual attacker. - - # XXX: perl should be using suid_perl. - # XXX: users can remove/add more via env_delete and env_check. - # XXX: <?> = probably safe enough for most circumstances. - - einfo "Blacklisting common variables (env_delete)..." - sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. - sudo_bad_var 'FPATH' # ksh, search path for functions. - sudo_bad_var 'NULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. <?> - sudo_bad_var 'PYTHONHOME' # python, module search path. - sudo_bad_var 'PYTHONPATH' # python, search path. - sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. - sudo_bad_var 'RUBYLIB' # ruby, lib load path. - sudo_bad_var 'RUBYOPT' # ruby, cl options. - sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. - einfo "...done." - - # prevent binaries from being stripped. - sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in - - # remove useless c++ checks - epunt_cxx -} - -src_compile() { - local line ROOTPATH - - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path..." - - # why not use grep? variable might be expanded from other variables - # declared in that file. cannot just source the file, would override - # any variables already set. - eval `PS4= bash -x /etc/profile.env 2>&1 | \ - while read line; do - case $line in - ROOTPATH=*) echo $line; break;; - *) continue;; - esac - done` && einfo " Found ROOTPATH..." || \ - ewarn " Failed to find ROOTPATH, please report this." - - # remove any duplicate entries - ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) - - # strip gcc path (bug #136027) - rmpath ROOTPATH '*/gcc-bin/*' - - einfo "...done." - - # XXX: --disable-path-info closes an info leak, but may be confusing. - # XXX: /bin/vi may not be available, make nano visudo's default. - econf --with-secure-path="${ROOTPATH}" \ - --with-editor=/bin/nano \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) || die - - emake || die -} - -src_install() { - emake -j1 DESTDIR="${D}" install || die - dodoc BUGS CHANGES HISTORY PORTING README TROUBLESHOOTING \ - UPGRADE sample.sudoers sample.syslog.conf - - if use ldap; then - dodoc README.LDAP schema.OpenLDAP - dosbin sudoers2ldif - - cat - > "${T}"/ldap.conf.sudo <<EOF -# See ldap.conf(5) and README.LDAP for details\n" -# This file should only be readable by root\n\n" -# supported directives: host, port, ssl, ldap_version\n" -# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" -# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key -EOF - - insinto /etc - doins "${T}"/ldap.conf.sudo - fperms 0440 /etc/ldap.conf.sudo - fi - - pamd_mimic system-login sudo auth account password session - - insinto /etc - doins "${FILESDIR}"/sudoers - fperms 0440 /etc/sudoers -} - -# remove duplicate path entries from $1 -cleanpath() { - local i=1 x n IFS=: - local -a paths; paths=($1) - - for ((n=${#paths[*]}-1;i<=n;i++)); do - for ((x=0;x<i;x++)); do - test "${paths[i]}" == "${paths[x]}" && { - einfo " Duplicate entry ${paths[i]} removed..." 1>&2 - unset paths[i]; continue 2; } - done; # einfo " Adding ${paths[i]}..." 1>&2 - done; echo "${paths[*]}" -} - -# add $1 to default env_delete list. -sudo_bad_var() { - local target='env.c' marker='\*initial_badenv_table\[\]' - - ebegin " $1" - sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} - eend $? -} - -rmpath() { - declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: - shift - for thisp in $oldpath; do - for e; do [[ $thisp == $e ]] && continue 2; done - newpath=$newpath:$thisp - done - eval $PATHvar='${newpath#:}' -} - -pkg_postinst() { - use ldap && { - ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." - } -} diff --git a/app-admin/sudo/sudo-1.6.9_p15.ebuild b/app-admin/sudo/sudo-1.6.9_p16.ebuild index 182d258a640a..fad4f2cf4209 100644 --- a/app-admin/sudo/sudo-1.6.9_p15.ebuild +++ b/app-admin/sudo/sudo-1.6.9_p16.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.6.9_p15.ebuild,v 1.2 2008/05/11 13:13:11 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.6.9_p16.ebuild,v 1.1 2008/05/11 17:19:55 flameeyes Exp $ inherit eutils pam confutils @@ -9,7 +9,7 @@ HOMEPAGE="http://www.sudo.ws/" SRC_URI="ftp://ftp.sudo.ws/pub/sudo/${P/_/}.tar.gz" LICENSE="Sudo" SLOT="0" -KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc64 ~sparc ~x86" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" IUSE="pam skey offensive ldap selinux" DEPEND="pam? ( virtual/pam ) diff --git a/app-admin/sudo/sudo-1.7_beta2.ebuild b/app-admin/sudo/sudo-1.7.0_rc1.ebuild index ce99776b43d5..28f5e0b921ed 100644 --- a/app-admin/sudo/sudo-1.7_beta2.ebuild +++ b/app-admin/sudo/sudo-1.7.0_rc1.ebuild @@ -1,13 +1,20 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.7_beta2.ebuild,v 1.3 2008/05/11 13:13:11 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.7.0_rc1.ebuild,v 1.1 2008/05/11 17:19:55 flameeyes Exp $ inherit eutils pam confutils MY_P=${P/_/} MY_P=${MY_P/beta/b} -[[ ${P} == *_beta* ]] && uri_prefix=beta/ || uri_prefix="" +case "${P}" in + *_beta* | *_rc*) + uri_prefix=beta/ + ;; + *) + uri_prefix="" + ;; +esac DESCRIPTION="Allows users or groups to run commands as other users" HOMEPAGE="http://www.sudo.ws/" @@ -24,6 +31,7 @@ DEPEND="pam? ( virtual/pam ) virtual/mta" RDEPEND="selinux? ( sec-policy/selinux-sudo ) ldap? ( dev-lang/perl ) + pam? ( sys-auth/pambase ) ${DEPEND}" DEPEND="${RDEPEND} sys-devel/bison" diff --git a/app-admin/sudo/sudo-1.7_beta3.ebuild b/app-admin/sudo/sudo-1.7_beta3.ebuild deleted file mode 100644 index 732b45db0c63..000000000000 --- a/app-admin/sudo/sudo-1.7_beta3.ebuild +++ /dev/null @@ -1,201 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.7_beta3.ebuild,v 1.4 2008/05/11 13:13:11 ulm Exp $ - -inherit eutils pam confutils - -MY_P=${P/_/} -MY_P=${MY_P/beta/b} - -[[ ${P} == *_beta* ]] && uri_prefix=beta/ || uri_prefix="" - -DESCRIPTION="Allows users or groups to run commands as other users" -HOMEPAGE="http://www.sudo.ws/" -SRC_URI="ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" -LICENSE="Sudo" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc64 ~sparc ~x86" -IUSE="pam skey offensive ldap selinux" - -DEPEND="pam? ( virtual/pam ) - ldap? ( >=net-nds/openldap-2.1.30-r1 ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - virtual/editor - virtual/mta" -RDEPEND="selinux? ( sec-policy/selinux-sudo ) - ldap? ( dev-lang/perl ) - pam? ( sys-auth/pambase ) - ${DEPEND}" -DEPEND="${RDEPEND} sys-devel/bison" - -S=${WORKDIR}/${MY_P} - -pkg_setup() { - confutils_use_conflict skey pam -} - -src_unpack() { - unpack ${A}; cd "${S}" - - # compatability fix. - epatch "${FILESDIR}"/${PN}-skeychallengeargs.diff - - # additional variables to disallow, should user disable env_reset. - - # NOTE: this is not a supported mode of operation, these variables - # are added to the blacklist as a convenience to administrators - # who fail to heed the warnings of allowing untrusted users - # to access sudo. - # - # there is *no possible way* to foresee all attack vectors in - # all possible applications that could potentially be used via - # sudo, these settings will just delay the inevitable. - # - # that said, I will accept suggestions for variables that can - # be misused in _common_ interpreters or libraries, such as - # perl, bash, python, ruby, etc., in the hope of dissuading - # a casual attacker. - - # XXX: perl should be using suid_perl. - # XXX: users can remove/add more via env_delete and env_check. - # XXX: <?> = probably safe enough for most circumstances. - - einfo "Blacklisting common variables (env_delete)..." - sudo_bad_var() { - local target='env.c' marker='\*initial_badenv_table\[\]' - - ebegin " $1" - sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} - eend $? - } - - sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. - sudo_bad_var 'FPATH' # ksh, search path for functions. - sudo_bad_var 'NULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. <?> - sudo_bad_var 'PYTHONHOME' # python, module search path. - sudo_bad_var 'PYTHONPATH' # python, search path. - sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. - sudo_bad_var 'RUBYLIB' # ruby, lib load path. - sudo_bad_var 'RUBYOPT' # ruby, cl options. - sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. - einfo "...done." - - # prevent binaries from being stripped. - sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in - - # remove useless c++ checks - epunt_cxx -} - -src_compile() { - local line ROOTPATH - - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path..." - - # why not use grep? variable might be expanded from other variables - # declared in that file. cannot just source the file, would override - # any variables already set. - eval `PS4= bash -x /etc/profile.env 2>&1 | \ - while read line; do - case $line in - ROOTPATH=*) echo $line; break;; - *) continue;; - esac - done` && einfo " Found ROOTPATH..." || \ - ewarn " Failed to find ROOTPATH, please report this." - - # remove duplicate path entries from $1 - cleanpath() { - local i=1 x n IFS=: - local -a paths; paths=($1) - - for ((n=${#paths[*]}-1;i<=n;i++)); do - for ((x=0;x<i;x++)); do - test "${paths[i]}" == "${paths[x]}" && { - einfo " Duplicate entry ${paths[i]} removed..." 1>&2 - unset paths[i]; continue 2; } - done; # einfo " Adding ${paths[i]}..." 1>&2 - done; echo "${paths[*]}" - } - - ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) - - # strip gcc path (bug #136027) - rmpath() { - declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: - shift - for thisp in $oldpath; do - for e; do [[ $thisp == $e ]] && continue 2; done - newpath=$newpath:$thisp - done - eval $PATHvar='${newpath#:}' - } - - rmpath ROOTPATH '*/gcc-bin/*' - - einfo "...done." - - # XXX: --disable-path-info closes an info leak, but may be confusing. - # XXX: /bin/vi may not be available, make nano visudo's default. - econf --with-secure-path="${ROOTPATH}" \ - --with-editor=/bin/nano \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) || die - - emake || die -} - -src_install() { - emake -j1 DESTDIR="${D}" install || die - dodoc ChangeLog HISTORY PORTING README TROUBLESHOOTING \ - UPGRADE sample.sudoers sample.syslog.conf - - if use ldap; then - dodoc README.LDAP schema.OpenLDAP - dosbin sudoers2ldif - - cat - > "${T}"/ldap.conf.sudo <<EOF -# See ldap.conf(5) and README.LDAP for details\n" -# This file should only be readable by root\n\n" -# supported directives: host, port, ssl, ldap_version\n" -# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" -# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key -EOF - - insinto /etc - doins "${T}"/ldap.conf.sudo - fperms 0440 /etc/ldap.conf.sudo - fi - - pamd_mimic system-login sudo auth account password session - - insinto /etc - doins "${FILESDIR}"/sudoers - fperms 0440 /etc/sudoers -} - -pkg_postinst() { - if use ldap; then - ewarn - ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." - ewarn - if egrep -q '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf; then - ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" - ewarn "configured in /etc/nsswitch.conf." - ewarn - ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" - ewarn " sudoers: ldap files" - ewarn - fi - fi -} diff --git a/app-admin/sudo/sudo-1.7_beta4.ebuild b/app-admin/sudo/sudo-1.7_beta4.ebuild deleted file mode 100644 index 390345756c3c..000000000000 --- a/app-admin/sudo/sudo-1.7_beta4.ebuild +++ /dev/null @@ -1,201 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.7_beta4.ebuild,v 1.2 2008/05/11 13:13:11 ulm Exp $ - -inherit eutils pam confutils - -MY_P=${P/_/} -MY_P=${MY_P/beta/b} - -[[ ${P} == *_beta* ]] && uri_prefix=beta/ || uri_prefix="" - -DESCRIPTION="Allows users or groups to run commands as other users" -HOMEPAGE="http://www.sudo.ws/" -SRC_URI="ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" -LICENSE="Sudo" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc64 ~sparc ~x86" -IUSE="pam skey offensive ldap selinux" - -DEPEND="pam? ( virtual/pam ) - ldap? ( >=net-nds/openldap-2.1.30-r1 ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - virtual/editor - virtual/mta" -RDEPEND="selinux? ( sec-policy/selinux-sudo ) - ldap? ( dev-lang/perl ) - pam? ( sys-auth/pambase ) - ${DEPEND}" -DEPEND="${RDEPEND} sys-devel/bison" - -S=${WORKDIR}/${MY_P} - -pkg_setup() { - confutils_use_conflict skey pam -} - -src_unpack() { - unpack ${A}; cd "${S}" - - # compatability fix. - epatch "${FILESDIR}"/${PN}-skeychallengeargs.diff - - # additional variables to disallow, should user disable env_reset. - - # NOTE: this is not a supported mode of operation, these variables - # are added to the blacklist as a convenience to administrators - # who fail to heed the warnings of allowing untrusted users - # to access sudo. - # - # there is *no possible way* to foresee all attack vectors in - # all possible applications that could potentially be used via - # sudo, these settings will just delay the inevitable. - # - # that said, I will accept suggestions for variables that can - # be misused in _common_ interpreters or libraries, such as - # perl, bash, python, ruby, etc., in the hope of dissuading - # a casual attacker. - - # XXX: perl should be using suid_perl. - # XXX: users can remove/add more via env_delete and env_check. - # XXX: <?> = probably safe enough for most circumstances. - - einfo "Blacklisting common variables (env_delete)..." - sudo_bad_var() { - local target='env.c' marker='\*initial_badenv_table\[\]' - - ebegin " $1" - sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} - eend $? - } - - sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. - sudo_bad_var 'FPATH' # ksh, search path for functions. - sudo_bad_var 'NULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. <?> - sudo_bad_var 'PYTHONHOME' # python, module search path. - sudo_bad_var 'PYTHONPATH' # python, search path. - sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. - sudo_bad_var 'RUBYLIB' # ruby, lib load path. - sudo_bad_var 'RUBYOPT' # ruby, cl options. - sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. - einfo "...done." - - # prevent binaries from being stripped. - sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in - - # remove useless c++ checks - epunt_cxx -} - -src_compile() { - local line ROOTPATH - - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path..." - - # why not use grep? variable might be expanded from other variables - # declared in that file. cannot just source the file, would override - # any variables already set. - eval `PS4= bash -x /etc/profile.env 2>&1 | \ - while read line; do - case $line in - ROOTPATH=*) echo $line; break;; - *) continue;; - esac - done` && einfo " Found ROOTPATH..." || \ - ewarn " Failed to find ROOTPATH, please report this." - - # remove duplicate path entries from $1 - cleanpath() { - local i=1 x n IFS=: - local -a paths; paths=($1) - - for ((n=${#paths[*]}-1;i<=n;i++)); do - for ((x=0;x<i;x++)); do - test "${paths[i]}" == "${paths[x]}" && { - einfo " Duplicate entry ${paths[i]} removed..." 1>&2 - unset paths[i]; continue 2; } - done; # einfo " Adding ${paths[i]}..." 1>&2 - done; echo "${paths[*]}" - } - - ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) - - # strip gcc path (bug #136027) - rmpath() { - declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: - shift - for thisp in $oldpath; do - for e; do [[ $thisp == $e ]] && continue 2; done - newpath=$newpath:$thisp - done - eval $PATHvar='${newpath#:}' - } - - rmpath ROOTPATH '*/gcc-bin/*' - - einfo "...done." - - # XXX: --disable-path-info closes an info leak, but may be confusing. - # XXX: /bin/vi may not be available, make nano visudo's default. - econf --with-secure-path="${ROOTPATH}" \ - --with-editor=/bin/nano \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) || die - - emake || die -} - -src_install() { - emake -j1 DESTDIR="${D}" install || die - dodoc ChangeLog HISTORY PORTING README TROUBLESHOOTING \ - UPGRADE sample.sudoers sample.syslog.conf - - if use ldap; then - dodoc README.LDAP schema.OpenLDAP - dosbin sudoers2ldif - - cat - > "${T}"/ldap.conf.sudo <<EOF -# See ldap.conf(5) and README.LDAP for details\n" -# This file should only be readable by root\n\n" -# supported directives: host, port, ssl, ldap_version\n" -# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" -# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key -EOF - - insinto /etc - doins "${T}"/ldap.conf.sudo - fperms 0440 /etc/ldap.conf.sudo - fi - - pamd_mimic system-auth sudo auth account password session - - insinto /etc - doins "${FILESDIR}"/sudoers - fperms 0440 /etc/sudoers -} - -pkg_postinst() { - if use ldap; then - ewarn - ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." - ewarn - if egrep -q '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf; then - ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" - ewarn "configured in /etc/nsswitch.conf." - ewarn - ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" - ewarn " sudoers: ldap files" - ewarn - fi - fi -} |