diff options
author | Yi Fan Yu <yifan.yu@windriver.com> | 2021-01-26 18:13:36 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-27 10:16:14 +0000 |
commit | 1140ca0090eb235cad3bc1427703dea43429d9de (patch) | |
tree | 6c2caf35c7da6971df55bb2621d4203d4e2cb770 /meta/recipes-extended/sudo/sudo_1.9.5p2.bb | |
parent | 5af9f32d9b12654793289f44366251f978f6378a (diff) | |
download | openembedded-core-contrib-1140ca0090eb235cad3bc1427703dea43429d9de.tar.gz |
sudo: upgrade 1.9.5p1 -> 1.9.5p2
Notable fix: CVE-2021-3156
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/sudo/sudo_1.9.5p2.bb')
-rw-r--r-- | meta/recipes-extended/sudo/sudo_1.9.5p2.bb | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/sudo_1.9.5p2.bb b/meta/recipes-extended/sudo/sudo_1.9.5p2.bb new file mode 100644 index 0000000000..ca23e94ace --- /dev/null +++ b/meta/recipes-extended/sudo/sudo_1.9.5p2.bb @@ -0,0 +1,59 @@ +require sudo.inc + +SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \ + " + +PAM_SRC_URI = "file://sudo.pam" + +SRC_URI[sha256sum] = "539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978" + +DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" + +CACHED_CONFIGUREVARS = " \ + ac_cv_type_rsize_t=no \ + ac_cv_path_MVPROG=${base_bindir}/mv \ + ac_cv_path_BSHELLPROG=${base_bindir}/sh \ + ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \ + ac_cv_path_VIPROG=${base_bindir}/vi \ + " + +EXTRA_OECONF += " \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ + --with-rundir=/run/sudo \ + --with-vardir=/var/lib/sudo \ + --libexecdir=${libdir} \ + " + +do_install_append () { + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo + if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then + echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo + sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers + fi + fi + + chmod 4111 ${D}${bindir}/sudo + chmod 0440 ${D}${sysconfdir}/sudoers + + # Explicitly remove the /sudo directory to avoid QA error + rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo +} + +FILES_${PN}-dev += "${libdir}/${BPN}/lib*${SOLIBSDEV} ${libdir}/${BPN}/*.la \ + ${libdir}/lib*${SOLIBSDEV} ${libdir}/*.la" + +SUDO_PACKAGES = "${PN}-sudo\ + ${PN}-lib" + +PACKAGE_BEFORE_PN = "${SUDO_PACKAGES}" + +RDEPENDS_${PN}-sudo = "${PN}-lib" +RDEPENDS_${PN} += "${SUDO_PACKAGES}" + +FILES_${PN}-sudo = "${bindir}/sudo ${bindir}/sudoedit" +FILES_${PN}-lib = "${localstatedir} ${libexecdir} ${sysconfdir} ${libdir} ${nonarch_libdir}" |