joborun-pkg/jobcore
joborun-pkg
/
jobcore
Template
2
1
Fork 0
Code Issues Pull Requests Projects Releases Activity

upg audit curl sudo

This commit is contained in:
joborun linux 2023-02-16 02:25:06 +02:00
parent 3020fce4ec
commit 83089f8bd6
9 changed files with 393 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
audit/PKGBUILD
View File

@ -6,9 +6,10 @@
#-----------------------------------------| DESCRIPTION |---------------------------------------
pkgbase=audit
_name=audit-userspace
pkgname=('audit' 'python-audit')
pkgver=3.0.9
pkgrel=02
pkgver=3.1
pkgrel=01
pkgdesc="Userspace components of the audit framework w/o systemd"
url='https://people.redhat.com/sgrubb/audit'
arch=(x86_64)
@ -16,7 +17,8 @@ makedepends=(glibc krb5 libcap-ng libldap swig linux-api-headers python)
options=(emptydirs)
#options=(emptydirs debug) # comment above options uncomment this to have debug packages produced
source=(#$url/$pkgname-$pkgver.tar.gz
$pkgbase-userspace-$pkgver.tar.gz::https://github.com/linux-audit/audit-userspace/archive/refs/tags/v$pkgver.tar.gz
# $pkgbase-userspace-$pkgver.tar.gz::https://github.com/linux-audit/audit-userspace/archive/refs/tags/v$pkgver.tar.gz
https://github.com/linux-audit/$_name/archive/v$pkgver/$_name-v$pkgver.tar.gz
$pkgbase-3.0.8-config_paths.patch
$pkgbase-3.0.9-flex_array_workaround.patch
$pkgbase-3.0.9-undo_flex_array_workaround.patch)
@ -33,13 +35,13 @@ _pick() {
prepare() {
# replace the use of /sbin with /usr/bin in configs
patch -Np1 -d $pkgbase-userspace-$pkgver -i ../$pkgbase-3.0.8-config_paths.patch
patch -Np1 -d $_name-$pkgver -i ../$pkgbase-3.0.8-config_paths.patch
# fix broken userspace build due to swig: https://listman.redhat.com/archives/linux-audit/2022-February/018843.html
cp -v /usr/include/linux/audit.h $pkgbase-userspace-$pkgver/lib/
patch -Np1 -d $pkgbase-userspace-$pkgver -i ../$pkgbase-3.0.9-flex_array_workaround.patch
cp -v /usr/include/linux/audit.h $_name-$pkgver/lib/
patch -Np1 -d $_name-$pkgver -i ../$pkgbase-3.0.9-flex_array_workaround.patch
cd $pkgbase-userspace-$pkgver
cd $_name-$pkgver
autoreconf -fiv
}
@ -54,7 +56,7 @@ build() {
--with-libcap-ng=yes
)
cd $pkgbase-userspace-$pkgver
cd $_name-$pkgver
./configure "${configure_options[@]}"
# prevent excessive overlinking due to libtool
sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
@ -77,7 +79,7 @@ package_audit() {
etc/audit/plugins.d/syslog.conf
)
make DESTDIR="$pkgdir" install -C $pkgbase-userspace-$pkgver
make DESTDIR="$pkgdir" install -C $_name-$pkgver
# undo fix for broken swig, so that other programs may use the header file correctly
patch -Np0 -d "$pkgdir" -i "$srcdir/$pkgbase-3.0.9-undo_flex_array_workaround.patch"
@ -108,21 +110,18 @@ package_python-audit() {
license=(GPL LGPL2.1)
sha512sums=('c0b35d40d3aecb3450ce99422115efe40d56ad199d8f035f836dae94df0d55a4561659673c70fc49056a316bdc8531d7014f4c2a2d60aac66bdf69c262ee3ca0'
sha512sums=('c21be7da557a2f0f2576645db23626785955190599e1b417252424eaefa7284da8e2e915cf2599f28078ee507d83497eb6cbbdb1b1459a0fabd62e235b34e7b9'
'bc699123f810abcf9300728bf61d7fcfcc83677b75fbeb713fb24cc11b2f9edf687661aab70766acde7c3c41c6a62f8e0a54cdfb49d1c7ce2246b67fbe3feec5'
'442bffac895abbd0abe455c36ebc03ed5a9faee16b57347ef1f37c0d9c33777e204da917be3bbe11c56173c2ec96eed60646ac7214da47f828eef5fa104c1ebb'
'92ba0f9b3d3721bf64b56e2f3e2ac4e54b2b6acd9d5646a5ee97eea244cb165e19a56c362de16834925ae063c79e6505687749f1dd67dd0f2997919aea7cb2ef')
b2sums=('921db4ecce0ecd3d412003861f03bb4fd9a9e3b9f721a783cc2f70ad26666f8a4c2585051eac351606e699cda8f47d202cf12523747f19a647d5e2e416ff08a4'
b2sums=('62c92a933c6eefeb3dfe1ec2950de624b7bdfe6f990528314108ad07d4d5a58fb53e0e5edc2f411b1f0a0140bfe96742a7ffadc72c06d1f3f34cb3cbea4e5f4d'
'50be1b4f76ace20d8d14b4c57a9bb69daa3da35fd654aca8730bc287682fe38f1c1917b37469fb087daf9f309ffc15cca15f54166ece0a055f540c2604778fc6'
'2241c3dd29c803493ac8e85afd6031749a46b583514829b8761c24ae12061999b7c95107ec2948dd7edb239f805ca088b7b24229abb5445a4767702539779b0f'
'd89110c32da33c2ca9292391ead930352e4c8935aa86111640130d9e3fbc0ebe27b069a83812530dfbbf28f4ddd33545658c8061d87bfac9a9d3a6a5ff0be4b8')
sha256sums=(8fb63cfe1c2c127dd2908be164f596ac4ea00439f34ee2444840f7103b0ab422 # audit-userspace-3.0.9.tar.gz
sha256sums=(98d75a6269b80288a442e24c9fbdd6e6845ef4b7c8bc9141725f11a91cef5797 # audit-userspace-v3.1.tar.gz
c3647e09d1a973595d8e43e373b8644dfb7131328c7fb3e229593af02c72ca42 # audit-3.0.8-config_paths.patch
118c01ae411904b7a7730379ebf7a7506a044182a73d9bcf0620e25e853b698a # audit-3.0.9-flex_array_workaround.patch
f4f4a06fa6070970611f49573180501f588de215cc6c26bfb8804ed9e7621e8f) # audit-3.0.9-undo_flex_array_workaround.patch
# ed95e1aba684a3244ff64df3bdadb5177e24edc9d9e9ae3d602cf54eb6b8a0e5 audit-3.0.9-02-x86_64.pkg.tar.xz
# 3fda4e4b6669a7ef5299d7e8ec08b01af6c437d6e38862ea2d9419d550152d96 python-audit-3.0.9-02-x86_64.pkg.tar.xz

24
audit/PKGBUILD-arch
View File

@ -8,9 +8,10 @@
# Contributor: henning mueller <henning@orgizm.net>
pkgbase=audit
_name=audit-userspace
pkgname=(audit python-audit)
pkgver=3.0.9
pkgrel=2
pkgver=3.1
pkgrel=1
pkgdesc='Userspace components of the audit framework'
url='https://people.redhat.com/sgrubb/audit'
arch=(x86_64)
@ -18,16 +19,16 @@ makedepends=(glibc krb5 libcap-ng libldap linux-api-headers python swig)
license=(GPL2 LGPL2.1)
options=(emptydirs)
source=(
$pkgbase-userspace-$pkgver.tar.gz::https://github.com/linux-audit/audit-userspace/archive/refs/tags/v$pkgver.tar.gz
https://github.com/linux-audit/$_name/archive/v$pkgver/$_name-v$pkgver.tar.gz
$pkgbase-3.0.8-config_paths.patch
$pkgbase-3.0.9-flex_array_workaround.patch
$pkgbase-3.0.9-undo_flex_array_workaround.patch
)
sha512sums=('c0b35d40d3aecb3450ce99422115efe40d56ad199d8f035f836dae94df0d55a4561659673c70fc49056a316bdc8531d7014f4c2a2d60aac66bdf69c262ee3ca0'
sha512sums=('c21be7da557a2f0f2576645db23626785955190599e1b417252424eaefa7284da8e2e915cf2599f28078ee507d83497eb6cbbdb1b1459a0fabd62e235b34e7b9'
'bc699123f810abcf9300728bf61d7fcfcc83677b75fbeb713fb24cc11b2f9edf687661aab70766acde7c3c41c6a62f8e0a54cdfb49d1c7ce2246b67fbe3feec5'
'442bffac895abbd0abe455c36ebc03ed5a9faee16b57347ef1f37c0d9c33777e204da917be3bbe11c56173c2ec96eed60646ac7214da47f828eef5fa104c1ebb'
'92ba0f9b3d3721bf64b56e2f3e2ac4e54b2b6acd9d5646a5ee97eea244cb165e19a56c362de16834925ae063c79e6505687749f1dd67dd0f2997919aea7cb2ef')
b2sums=('921db4ecce0ecd3d412003861f03bb4fd9a9e3b9f721a783cc2f70ad26666f8a4c2585051eac351606e699cda8f47d202cf12523747f19a647d5e2e416ff08a4'
b2sums=('62c92a933c6eefeb3dfe1ec2950de624b7bdfe6f990528314108ad07d4d5a58fb53e0e5edc2f411b1f0a0140bfe96742a7ffadc72c06d1f3f34cb3cbea4e5f4d'
'50be1b4f76ace20d8d14b4c57a9bb69daa3da35fd654aca8730bc287682fe38f1c1917b37469fb087daf9f309ffc15cca15f54166ece0a055f540c2604778fc6'
'2241c3dd29c803493ac8e85afd6031749a46b583514829b8761c24ae12061999b7c95107ec2948dd7edb239f805ca088b7b24229abb5445a4767702539779b0f'
'd89110c32da33c2ca9292391ead930352e4c8935aa86111640130d9e3fbc0ebe27b069a83812530dfbbf28f4ddd33545658c8061d87bfac9a9d3a6a5ff0be4b8')
@ -50,7 +51,7 @@ prepare() {
cp -v /usr/include/linux/audit.h $pkgbase-userspace-$pkgver/lib/
patch -Np1 -d $pkgbase-userspace-$pkgver -i ../$pkgbase-3.0.9-flex_array_workaround.patch
cd $pkgbase-userspace-$pkgver
cd $_name-$pkgver
autoreconf -fiv
}
@ -62,10 +63,11 @@ build() {
--libexecdir=/usr/lib/audit
--enable-gssapi-krb5=yes
--enable-systemd=yes
--with-io_uring=yes
--with-libcap-ng=yes
)
cd $pkgbase-userspace-$pkgver
cd $_name-$pkgver
./configure "${configure_options[@]}"
# prevent excessive overlinking due to libtool
sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
@ -74,7 +76,11 @@ build() {
}
package_audit() {
depends=(glibc krb5 libkrb5.so libgssapi_krb5.so libcap-ng libcap-ng.so)
depends=(
glibc
krb5 libkrb5.so libgssapi_krb5.so
libcap-ng libcap-ng.so
)
provides=(libaudit.so libauparse.so)
backup=(
etc/libaudit.conf
@ -88,7 +94,7 @@ package_audit() {
etc/audit/plugins.d/syslog.conf
)
make DESTDIR="$pkgdir" install -C $pkgbase-userspace-$pkgver
make DESTDIR="$pkgdir" install -C $_name-$pkgver
# undo fix for broken swig, so that other programs may use the header file correctly
patch -Np0 -d "$pkgdir" -i "$srcdir/$pkgbase-3.0.9-undo_flex_array_workaround.patch"

56
curl/0001-Revert-http2-minor-buffer-and-error-path-fixes.patch Normal file
View File

@ -0,0 +1,56 @@
From 7c5f90353e2e107b9464a73dbdd58e5cc90ec22f Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 15 Feb 2023 12:22:41 +0100
Subject: [PATCH 1/1] Revert "http2: minor buffer and error path fixes"
This reverts commit 8c762f59983a3e9e2b80fdb34aa5e08f1d9a1c7d.
---
lib/http2.c | 17 ++++-------------
tests/tests-httpd/test_05_errors.py | 18 +++++++-----------
2 files changed, 11 insertions(+), 24 deletions(-)
diff --git a/lib/http2.c b/lib/http2.c
index 46fc74645..db968ed2d 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -1905,9 +1905,8 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
if(stream->memlen) {
ssize_t retlen = stream->memlen;
-
- /* TODO: all this buffer handling is very brittle */
- stream->len += stream->memlen;
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv: returns %zd",
+ stream->stream_id, retlen));
stream->memlen = 0;
if(ctx->pause_stream_id == stream->stream_id) {
@@ -1919,10 +1918,6 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
Curl_expire(data, 0, EXPIRE_RUN_NOW);
}
else if(stream->closed) {
- if(stream->reset || stream->error) {
- nread = http2_handle_stream_close(cf, data, stream, err);
- goto out;
- }
/* this stream is closed, trigger a another read ASAP to detect that */
DEBUGF(LOG_CF(data, cf, "[h2sid=%u] is closed now, run again",
stream->stream_id));
@@ -1934,15 +1929,11 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
}
nread = retlen;
- DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_h2_recv -> %zd",
- stream->stream_id, nread));
goto out;
}
- if(stream->closed) {
- nread = http2_handle_stream_close(cf, data, stream, err);
- goto out;
- }
+ if(stream->closed)
+ return http2_handle_stream_close(cf, data, stream, err);
if(!data->state.drain && Curl_conn_cf_data_pending(cf->next, data)) {
DEBUGF(LOG_CF(data, cf, "[h2sid=%u] pending data, set drain",

25
curl/PKGBUILD
View File

@ -7,8 +7,8 @@
pkgbase=curl
pkgname=(curl libcurl-compat libcurl-gnutls)
pkgver=7.87.0
pkgrel=03
pkgver=7.88.0
pkgrel=02
pkgdesc='An URL retrieval utility and library - w/o ipv6 & zstd'
arch=('x86_64')
url='https://curl.haxx.se'
@ -19,9 +19,7 @@ depends=('ca-certificates' 'brotli' 'libbrotlidec.so' 'krb5' 'libgssapi_krb5.so'
makedepends=('patchelf')
provides=('libcurl.so')
source=("https://curl.haxx.se/download/${pkgname}-${pkgver}.tar.gz"{,.asc}
'0001-typecheck_accept_expressions_for_option_info_parameters.patch'
'0002-cfilters_Curl_conn_get_select_socks_use_the_first_non_connected_filter.patch')
'0001-Revert-http2-minor-buffer-and-error-path-fixes.patch')
_configure_options=(
--prefix='/usr'
--mandir='/usr/share/man'
@ -41,9 +39,7 @@ _configure_options=(
prepare() {
cd "${srcdir}/${pkgbase}-${pkgver}"
patch -Np1 < ../0001-typecheck_accept_expressions_for_option_info_parameters.patch
patch -Np1 < ../0002-cfilters_Curl_conn_get_select_socks_use_the_first_non_connected_filter.patch
patch -Np1 < ../0001-Revert-http2-minor-buffer-and-error-path-fixes.patch
}
build() {
@ -137,12 +133,11 @@ license=('MIT')
validpgpkeys=('27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2') # Daniel Stenberg
sha256sums=(8a063d664d1c23d35526b87a2bf15514962ffdd8ef7fd40519191b3c23e39548 # curl-7.87.0.tar.gz
0b2d605653367adeaee6f33d190c0791b6809afd6b6469468bd2c1d532409ab8 # curl-7.87.0.tar.gz.asc
15b85263f8b8a7acbfa0861d71ce994cbe26c1a67e7de6749cb11831e34a481f # 0001-typecheck_accept_expressions_for_option_info_parameters.patch
5e55bdecb85a2bd0f254a7c875e9d3df353c555d229fb661cf247e31ffb15ae1) # 0002-cfilters_Curl_conn_get_select_socks_use_the_first_non_connected_filter.patch
sha256sums=(dfb8582a05a893e305783047d791ffef5e167d295cf8d12b9eb9cfa0991ca5a9 # curl-7.88.0.tar.gz
9c5ffc962eb4ac1fd2f29265c965512ddcfc672f86ceb39144e72edbe562e89c # curl-7.88.0.tar.gz.asc
9e6cbc24b8575c4dcf7b4755bfcf8f2eb943670535f7c5a19226f24286110308) # 0001-Revert-http2-minor-buffer-and-error-path-fixes.patch
# 794c4697b48440210f3a8830caea092612674369eeff004fe35c3fdc42d5f8b3 curl-7.87.0-03-x86_64.pkg.tar.xz
# c23ec1e5be61bc14e605796f29acfe7c903bb50fe44309efd071eb62c4869e66 libcurl-compat-7.87.0-03-x86_64.pkg.tar.xz
# 805a08cde81c7068ae551320b145fc843085dec05a2447b1f52a6f4c77e0701d libcurl-gnutls-7.87.0-03-x86_64.pkg.tar.xz
## a0b5ebe5f8560625a93e2b62b79992767808144f9939a52d8ef76c6a29b3d9ca curl-7.88.0-02-x86_64.pkg.tar.lz
## 585cb9cff519c33bb5dee40e88918b4e76df565fd587d13613f176d4770ddc37 libcurl-compat-7.88.0-02-x86_64.pkg.tar.lz
## b5b5a81b44d2fd0d853c25110c79a71a61c0ccd00b09fc5b7b2313cc7776dc90 libcurl-gnutls-7.88.0-02-x86_64.pkg.tar.lz

16
curl/PKGBUILD-arch
View File

@ -6,25 +6,22 @@
pkgbase=curl
pkgname=(curl libcurl-compat libcurl-gnutls)
pkgver=7.87.0
pkgrel=3
pkgver=7.88.0
pkgrel=2
pkgdesc='An URL retrieval utility and library'
arch=('x86_64')
url='https://curl.haxx.se'
license=('MIT')
options=('debug')
depends=('ca-certificates' 'brotli' 'libbrotlidec.so' 'krb5' 'libgssapi_krb5.so'
'libidn2' 'libidn2.so' 'libnghttp2' 'libpsl' 'libpsl.so' 'libssh2' 'libssh2.so'
'openssl' 'zlib' 'zstd' 'libzstd.so')
makedepends=('patchelf')
provides=('libcurl.so')
source=("https://curl.haxx.se/download/${pkgname}-${pkgver}.tar.gz"{,.asc}
'0001-typecheck_accept_expressions_for_option_info_parameters.patch'
'0002-cfilters_Curl_conn_get_select_socks_use_the_first_non_connected_filter.patch')
sha512sums=('939be5a7d82f7ed4e96173639aa50f5e6748b387d3f458f3845c584ad24d15d77b8cd64f4f2dc11bcc207b097d125d1dc713a9769964e3d4766182a217e9898d'
'0001-Revert-http2-minor-buffer-and-error-path-fixes.patch')
sha512sums=('bfaac71e97a45d884be410872a55fdb365f9d03c11620fb12e82c7f26dbbb6a417b51dd0dc2a3631e95fb36e37a72c7f73fd6cf5f796c154f1424395c03c22cb'
'SKIP'
'813201a302cf7d70d30e12cf8461bbc5783913d865872dd08aa2f19a6de132d76cf1a698714eaf028ba8e065eef892197f814015bdc3cc06c1f351ca2220b328'
'98ee049419ec0c531170ca8e07b8a235bd1588f7210018a6b7bca38adf9c3babcbd540ab9ab463a15292dedeb5120aef22d252abac8cee4f539a55b46653d994')
'c06b5738290394e20c666fbb9d0f4b08ce5a3c668dd1ae2d6271b42235526b929c1caac1238aa05bc541a82eb6c9678a81f7d8dc2c3ad282188f934b9b036699')
validpgpkeys=('27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2') # Daniel Stenberg
_configure_options=(
@ -44,8 +41,7 @@ _configure_options=(
prepare() {
cd "${srcdir}/${pkgbase}-${pkgver}"
patch -Np1 < ../0001-typecheck_accept_expressions_for_option_info_parameters.patch
patch -Np1 < ../0002-cfilters_Curl_conn_get_select_socks_use_the_first_non_connected_filter.patch
patch -Np1 < ../0001-Revert-http2-minor-buffer-and-error-path-fixes.patch
}
build() {

26
sudo/PKGBUILD
View File

@ -6,8 +6,8 @@
#-----------------------------------------| DESCRIPTION |---------------------------------------
pkgname=sudo
_sudover=1.9.12p2
pkgrel=02
_sudover=1.9.13
pkgrel=01
pkgver=${_sudover/p/.p}
pkgdesc="Give certain users the ability to run some commands as root w/o systemd"
arch=('x86_64')
@ -22,12 +22,19 @@ install=$pkgname.install
source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
# $pkgname-CVE-2022-43995.patch::https://github.com/sudo-project/sudo/commit/bd209b9f16fc.patch
# sudo_logsrvd.service
$pkgname-configure-add-missing-bracket.patch::https://github.com/sudo-project/sudo/commit/defec5d46eec.patch
$pkgname-tests-pick-first-utf-8-locale.patch::https://github.com/sudo-project/sudo/commit/2845ceafb06d.patch
sudo.pam)
prepare() {
cd $pkgname-$_sudover
# # fix CVE-2022-43995 (potential heap overflow for passwords < 8 characters)
# patch -Np1 -i ../$pkgname-CVE-2022-43995.patch
# https://github.com/sudo-project/sudo/issues/238
patch -Np1 -i ../$pkgname-configure-add-missing-bracket.patch
# https://github.com/sudo-project/sudo/issues/241
patch -Np1 -i ../$pkgname-tests-pick-first-utf-8-locale.patch
}
build() {
@ -83,10 +90,11 @@ license=('custom')
validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB') # "Todd C. Miller <Todd.Miller@sudo.ws>"
sha256sums=(b9a0b1ae0f1ddd9be7f3eafe70be05ee81f572f6f536632c44cd4101bb2a8539 # sudo-1.9.12p2.tar.gz
334665e5483a135eb30a195d29512693b4e29f44ca05a9c30090a4141bc5b67e # sudo-1.9.12p2.tar.gz.sig
d1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2) # sudo.pam
## 61b79c7ea01667ce5d2a1b49e6129225e6fd9f24948ec294eb65a26a733e11da sudo-1.9.12.p2-02-x86_64.pkg.tar.lz
sha256sums=(3f55455b46edb0a129d925dcc39972f12f7c7fb78d0ccab6017ee16c8177e436 # sudo-1.9.13.tar.gz
18461bce86d7fa12a467bbc997291b9bbea2a3e43300823c87024848c5f1d33c # sudo-1.9.13.tar.gz.sig
c6a19646f5dada64977ffa942803f17e6772911f4e62436652455525a45f8f5f # sudo-configure-add-missing-bracket.patch
8d8e44bee9bf9aeda194ab5ea789dd73f361498755295bc73a9ffd4b931b64aa # sudo-tests-pick-first-utf-8-locale.patch
d1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2) # sudo.pam
## 6b3cb7398f71936e4967d257c263be36fabe0c9efce82ef8f8d431bff9d89582 sudo-1.9.13-01-x86_64.pkg.tar.lz

16
sudo/PKGBUILD-arch
View File

@ -3,8 +3,8 @@
# Contributor: Tom Newsom <Jeepster@gmx.co.uk>
pkgname=sudo
_sudover=1.9.12p2
pkgrel=2
_sudover=1.9.13
pkgrel=1
pkgver=${_sudover/p/.p}
pkgdesc="Give certain users the ability to run some commands as root"
arch=('x86_64')
@ -18,15 +18,25 @@ backup=('etc/pam.d/sudo'
install=$pkgname.install
source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
sudo_logsrvd.service
$pkgname-configure-add-missing-bracket.patch::https://github.com/sudo-project/sudo/commit/defec5d46eec.patch
$pkgname-tests-pick-first-utf-8-locale.patch::https://github.com/sudo-project/sudo/commit/2845ceafb06d.patch
sudo.pam)
sha256sums=('b9a0b1ae0f1ddd9be7f3eafe70be05ee81f572f6f536632c44cd4101bb2a8539'
sha256sums=('3f55455b46edb0a129d925dcc39972f12f7c7fb78d0ccab6017ee16c8177e436'
'SKIP'
'8b91733b73171827c360a3e01f4692772b78e62ceca0cf0fd4b770aba35081a1'
'c6a19646f5dada64977ffa942803f17e6772911f4e62436652455525a45f8f5f'
'8d8e44bee9bf9aeda194ab5ea789dd73f361498755295bc73a9ffd4b931b64aa'
'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB')
prepare() {
cd $pkgname-$_sudover
# https://github.com/sudo-project/sudo/issues/238
patch -Np1 -i ../$pkgname-configure-add-missing-bracket.patch
# https://github.com/sudo-project/sudo/issues/241
patch -Np1 -i ../$pkgname-tests-pick-first-utf-8-locale.patch
}
build() {

46
sudo/sudo-configure-add-missing-bracket.patch Normal file
View File

@ -0,0 +1,46 @@
From defec5d46eec7345b62060049f72215ffd7f3e7e Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 14 Feb 2023 14:24:28 -0700
Subject: [PATCH] Add missing '[' to AS_IF() call. Fixes GitHub issue #238.
---
configure | 5 +++--
configure.ac | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/configure b/configure
index c7c643bec..221d69bcc 100755
--- a/configure
+++ b/configure
@@ -24525,7 +24525,8 @@ fi
if test X"$with_noexec" != X"no"
then :
- # Check for non-standard exec functions
+
+ # Check for non-standard exec functions
ac_fn_c_check_func "$LINENO" "exect" "ac_cv_func_exect"
if test "x$ac_cv_func_exect" = xyes
then :
@@ -24564,7 +24565,7 @@ fi
fi
-]
+
fi
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
diff --git a/configure.ac b/configure.ac
index 174c5775d..b570aa6ee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3022,7 +3022,7 @@ AC_CHECK_FUNCS([setpassent setgroupent])
dnl
dnl Function checks for sudo_noexec
dnl
-AS_IF([test X"$with_noexec" != X"no"],
+AS_IF([test X"$with_noexec" != X"no"], [
# Check for non-standard exec functions
AC_CHECK_FUNCS([exect execvP execvpe])
# Check for posix_spawn, and posix_spawnp

216
sudo/sudo-tests-pick-first-utf-8-locale.patch Normal file
View File

@ -0,0 +1,216 @@
From 2845ceafb06d728b60a9d79d9d51a966e5ef66c2 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Wed, 15 Feb 2023 13:49:04 -0700
Subject: [PATCH] Handle "locale -a" returning both C.UTF-8 and C.utf8. It is
possible to have mutiple matches from the output of "locale -a". Just take
the first one. Fixes GitHub issue #241.
---
lib/eventlog/Makefile.in | 2 +-
lib/iolog/Makefile.in | 10 +++++-----
lib/util/Makefile.in | 6 +++---
logsrvd/Makefile.in | 6 +++---
plugins/python/Makefile.in | 2 +-
plugins/sudoers/Makefile.in | 10 +++++-----
src/Makefile.in | 2 +-
7 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/lib/eventlog/Makefile.in b/lib/eventlog/Makefile.in
index 190470a82..cd713c483 100644
--- a/lib/eventlog/Makefile.in
+++ b/lib/eventlog/Makefile.in
@@ -152,7 +152,7 @@ check-fuzzer:
check: $(TEST_PROGS) check-fuzzer
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
diff --git a/lib/iolog/Makefile.in b/lib/iolog/Makefile.in
index 4e1f3a4bc..61bc05815 100644
--- a/lib/iolog/Makefile.in
+++ b/lib/iolog/Makefile.in
@@ -200,7 +200,7 @@ fuzz_iolog_json_seed_corpus.zip:
rm -rf $$tdir
run-fuzz_iolog_json: fuzz_iolog_json
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -225,7 +225,7 @@ fuzz_iolog_legacy_seed_corpus.zip:
rm -rf $$tdir
run-fuzz_iolog_legacy: fuzz_iolog_legacy
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -250,7 +250,7 @@ fuzz_iolog_timing_seed_corpus.zip:
rm -rf $$tdir
run-fuzz_iolog_timing: fuzz_iolog_timing
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -302,7 +302,7 @@ fuzz: run-fuzz_iolog_json run-fuzz_iolog_legacy run-fuzz_iolog_timing
check-fuzzer: $(FUZZ_PROGS)
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -319,7 +319,7 @@ check-fuzzer: $(FUZZ_PROGS)
check: $(TEST_PROGS) check-fuzzer
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
diff --git a/lib/util/Makefile.in b/lib/util/Makefile.in
index 9a73f201e..7898eecea 100644
--- a/lib/util/Makefile.in
+++ b/lib/util/Makefile.in
@@ -360,7 +360,7 @@ fuzz_sudo_conf_seed_corpus.zip:
rm -rf $$tdir
run-fuzz_sudo_conf: fuzz_sudo_conf
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -424,7 +424,7 @@ fuzz: run-fuzz_sudo_conf
check-fuzzer: $(FUZZ_PROGS)
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -438,7 +438,7 @@ check-fuzzer: $(FUZZ_PROGS)
# Note: some regress checks are run from srcdir for consistent error messages
check: $(TEST_PROGS) check-fuzzer
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
diff --git a/logsrvd/Makefile.in b/logsrvd/Makefile.in
index 310ec1182..2a1f0d1a5 100644
--- a/logsrvd/Makefile.in
+++ b/logsrvd/Makefile.in
@@ -195,7 +195,7 @@ fuzz_logsrvd_conf_seed_corpus.zip:
rm -rf $$tdir
run-fuzz_logsrvd_conf: fuzz_logsrvd_conf
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -256,7 +256,7 @@ fuzz: run-fuzz_logsrvd_conf
check-fuzzer: $(FUZZ_PROGS)
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -269,7 +269,7 @@ check-fuzzer: $(FUZZ_PROGS)
check: $(TEST_PROGS) check-fuzzer
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
diff --git a/plugins/python/Makefile.in b/plugins/python/Makefile.in
index 4cac26c72..e79f57061 100644
--- a/plugins/python/Makefile.in
+++ b/plugins/python/Makefile.in
@@ -229,7 +229,7 @@ check-fuzzer:
check: $(TEST_PROGS) check-fuzzer
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in
index c1a72f1fd..3dcc746f2 100644
--- a/plugins/sudoers/Makefile.in
+++ b/plugins/sudoers/Makefile.in
@@ -423,7 +423,7 @@ fuzz_policy_seed_corpus.zip:
rm -rf $$tdir
run-fuzz_policy: fuzz_policy
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -448,7 +448,7 @@ fuzz_sudoers_seed_corpus.zip:
rm -rf $$tdir
run-fuzz_sudoers: fuzz_sudoers
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -473,7 +473,7 @@ fuzz_sudoers_ldif_seed_corpus.zip:
rm -rf $$tdir
run-fuzz_sudoers_ldif: fuzz_sudoers_ldif
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -621,7 +621,7 @@ fuzz: run-fuzz_policy run-fuzz_sudoers run-fuzz_sudoers_ldif
check-fuzzer: $(FUZZ_PROGS)
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
@@ -638,7 +638,7 @@ check-fuzzer: $(FUZZ_PROGS)
check: $(TEST_PROGS) visudo testsudoers cvtsudoers check-fuzzer
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \
diff --git a/src/Makefile.in b/src/Makefile.in
index 2785d7839..d9fa3a693 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -332,7 +332,7 @@ check-fuzzer:
check: $(TEST_PROGS) check-fuzzer
@if test X"$(cross_compiling)" != X"yes"; then \
- l=`locale -a 2>&1 | $(EGREP) -i '^C.UTF-?8$$'` || true; \
+ l=`locale -a 2>&1 | $(EGREP) -i '^C\.UTF-?8$$' | $(SED) 1q` || true; \
test -n "$$l" || l="C"; \
LC_ALL="$$l"; export LC_ALL; \
unset LANG || LANG=; \