[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/files/, app-admin/sudo/

["Sam James" <sam@gentoo.org>]

commit:     13f11b1b10bc995b910fd1538ce1e5c41ac69c7a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 29 02:31:59 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct 29 02:31:59 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13f11b1b

app-admin/sudo: add 1.9.16

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-admin/sudo/Manifest                            |  2 +
 .../sudo-1.9.16-allow-disabling-secure-path.patch  | 54 ++++++++++++++++++++++
 .../sudo/{sudo-9999.ebuild => sudo-1.9.16.ebuild}  | 13 ++++--
 app-admin/sudo/sudo-9999.ebuild                    | 13 ++++--
 4 files changed, 76 insertions(+), 6 deletions(-)

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 90f9f2b10c40..f24674d78d62 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1,2 +1,4 @@
 DIST sudo-1.9.15p5.tar.gz 5306611 BLAKE2B 73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720 SHA512 ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a
 DIST sudo-1.9.15p5.tar.gz.sig 566 BLAKE2B ddd8fed1b3721aafdb32b762834168063c3f0f003ef5d83f1883615320da6fe89b08d72c8e893c8b2bf9fd892a40e47cc77d72672e43b5a24db50e7194d9bc4c SHA512 97480a3d27b546a93e997c3a1e8169904a7625ab8fa6198d0b7e1d2d040f55b2d58462cd08e5cc97c2f1c817b12343e35cdd7db207aee42785f2b95b17c600b0
+DIST sudo-1.9.16.tar.gz 5392026 BLAKE2B 19daa789af3ca2c4832950f0dd6f26a97285fdc155f0d7c18ec1f1accafce9b86f2f5730d3bb0b8e7717c0c55f4079928e03acb3974cb2652c58d4bcb2f74a12 SHA512 1b0254eb5b75422bffd31a2ae8c56cb4e8e2ecc08e2fa687eddb638d4f2de2585fa7621c868c03423e9d636bfb5679a3758d504155dbdfd3eebfbdcbd8b58f7c
+DIST sudo-1.9.16.tar.gz.sig 566 BLAKE2B 9eb9fd2db0de5b9ce965c2109a9722e0b5f0793b7c9003123b1540d7cb5b8178043221296fd51c7f0b24ce1b1cda9f196a6d50083da172ca2afcb8f130d8eae1 SHA512 edf066f9ffdf2653468f8b45866a65214f0dff0164318d5f6bd9252f6211e82522161b1b9621798fbc9112253e6940d7137d18e8b42e8c6e5ba52ccac64d99cf

diff --git a/app-admin/sudo/files/sudo-1.9.16-allow-disabling-secure-path.patch b/app-admin/sudo/files/sudo-1.9.16-allow-disabling-secure-path.patch
new file mode 100644
index 000000000000..8fda41a2b73f
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.9.16-allow-disabling-secure-path.patch
@@ -0,0 +1,54 @@
+https://github.com/sudo-project/sudo/commit/131e7e2de02ab53cfefefe93978d7fee4cb8142d
+
+From 131e7e2de02ab53cfefefe93978d7fee4cb8142d Mon Sep 17 00:00:00 2001
+From: Andy Fiddaman <illumos@fiddaman.net>
+Date: Tue, 17 Sep 2024 12:49:13 +0000
+Subject: [PATCH] Allow --secure-path-value=no
+
+This adds support for --with-secure-path-value=no to allow packagers
+to ship the sudoers configuration file with the secure path
+line commented out if required.
+--- a/configure.ac
++++ b/configure.ac
+@@ -177,6 +177,7 @@ AC_SUBST([sssd_lib])
+ AC_SUBST([nsswitch_conf])
+ AC_SUBST([netsvc_conf])
+ AC_SUBST([secure_path])
++AC_SUBST([secure_path_config])
+ AC_SUBST([secure_path_status])
+ AC_SUBST([editor])
+ AC_SUBST([pam_session])
+@@ -230,6 +231,7 @@ sesh_file="$libexecdir/sudo/sesh"
+ visudo="$sbindir/visudo"
+ nsswitch_conf=/etc/nsswitch.conf
+ secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
++secure_path_config=
+ secure_path_status="disabled"
+ pam_session=on
+ pam_login_service=sudo
+@@ -1068,9 +1070,11 @@ AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path t
+ test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
+ SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
+ 
+-AC_ARG_WITH(secure-path-value, [AS_HELP_STRING([--with-secure-path-value], [value of secure_path in the default sudoers file])],
++AC_ARG_WITH(secure-path-value, [AS_HELP_STRING([--with-secure-path-value], [value of secure_path in the default sudoers file, or "no" to comment out by default])],
+ [case $with_secure_path_value in
+-    yes|no)	AC_MSG_ERROR([must give --secure-path-value an argument.])
++    yes)	AC_MSG_ERROR([must give --with-secure-path-value an argument.])
++		;;
++    no)		secure_path_config="# "
+ 		;;
+     *)		secure_path="$with_secure_path_value"
+ 		;;
+--- a/plugins/sudoers/sudoers.in
++++ b/plugins/sudoers/sudoers.in
+@@ -48,7 +48,7 @@ Defaults!@visudo@ env_keep += "SUDO_EDITOR EDITOR VISUAL"
+ ## Use a hard-coded PATH instead of the user's to find commands.
+ ## This also helps prevent poorly written scripts from running
+ ## artbitrary commands under sudo.
+-Defaults secure_path="@secure_path@"
++@secure_path_config@Defaults secure_path="@secure_path@"
+ ##
+ ## You may wish to keep some of the following environment variables
+ ## when running commands via sudo.
+

diff --git a/app-admin/sudo/sudo-9999.ebuild b/app-admin/sudo/sudo-1.9.16.ebuild
similarity index 95%
copy from app-admin/sudo/sudo-9999.ebuild
copy to app-admin/sudo/sudo-1.9.16.ebuild
index d020a1a1f339..868cb8e860d0 100644
--- a/app-admin/sudo/sudo-9999.ebuild
+++ b/app-admin/sudo/sudo-1.9.16.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=8
 
-inherit pam libtool tmpfiles toolchain-funcs
+inherit autotools pam libtool tmpfiles toolchain-funcs
 
 MY_P="${P/_/}"
 MY_P="${MY_P/beta/b}"
@@ -86,10 +86,16 @@ REQUIRED_USE="
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.9.16-allow-disabling-secure-path.patch
+)
+
 src_prepare() {
 	default
 
-	elibtoolize
+	# eautoreconf temporarily for allow-disabling-secure-path patch
+	# in 1.9.16; revert to elibtoolize once that is gone.
+	eautoreconf
 }
 
 set_secure_path() {
@@ -178,7 +184,8 @@ src_configure() {
 		$(use_with offensive all-insults)
 		$(use_with pam)
 		$(use_with pam pam-login)
-		$(use_with secure-path secure-path "${SECURE_PATH}")
+		$(use_with secure-path)
+		--with-secure-path-value="${SECURE_PATH}"
 		$(use_with selinux)
 		$(use_with sendmail)
 		$(use_with skey)

diff --git a/app-admin/sudo/sudo-9999.ebuild b/app-admin/sudo/sudo-9999.ebuild
index d020a1a1f339..868cb8e860d0 100644
--- a/app-admin/sudo/sudo-9999.ebuild
+++ b/app-admin/sudo/sudo-9999.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=8
 
-inherit pam libtool tmpfiles toolchain-funcs
+inherit autotools pam libtool tmpfiles toolchain-funcs
 
 MY_P="${P/_/}"
 MY_P="${MY_P/beta/b}"
@@ -86,10 +86,16 @@ REQUIRED_USE="
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.9.16-allow-disabling-secure-path.patch
+)
+
 src_prepare() {
 	default
 
-	elibtoolize
+	# eautoreconf temporarily for allow-disabling-secure-path patch
+	# in 1.9.16; revert to elibtoolize once that is gone.
+	eautoreconf
 }
 
 set_secure_path() {
@@ -178,7 +184,8 @@ src_configure() {
 		$(use_with offensive all-insults)
 		$(use_with pam)
 		$(use_with pam pam-login)
-		$(use_with secure-path secure-path "${SECURE_PATH}")
+		$(use_with secure-path)
+		--with-secure-path-value="${SECURE_PATH}"
 		$(use_with selinux)
 		$(use_with sendmail)
 		$(use_with skey)