diff options
| author | Yi Fan Yu <yifan.yu@windriver.com> | 2021-01-26 18:13:36 -0500 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-27 10:17:45 +0000 |
| commit | d1aee0c050921b26e4d01a1b3c7a6fd6539ef690 (patch) | |
| tree | b1152483800d2ef4a25e04f7b8032f16f218c6df /meta/recipes-extended/sudo/sudo_1.9.5p2.bb | |
| parent | 8e03298201cf89b0d5987ec3a3639a3638b09979 (diff) | |
| download | poky-d1aee0c050921b26e4d01a1b3c7a6fd6539ef690.tar.gz | |
sudo: upgrade 1.9.5p1 -> 1.9.5p2
Notable fix: CVE-2021-3156
(From OE-Core rev: 1140ca0090eb235cad3bc1427703dea43429d9de)
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/sudo/sudo_1.9.5p2.bb')
| -rw-r--r-- | meta/recipes-extended/sudo/sudo_1.9.5p2.bb | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/sudo_1.9.5p2.bb b/meta/recipes-extended/sudo/sudo_1.9.5p2.bb new file mode 100644 index 0000000000..ca23e94ace --- /dev/null +++ b/meta/recipes-extended/sudo/sudo_1.9.5p2.bb | |||
| @@ -0,0 +1,59 @@ | |||
| 1 | require sudo.inc | ||
| 2 | |||
| 3 | SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ | ||
| 4 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ | ||
| 5 | file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \ | ||
| 6 | " | ||
| 7 | |||
| 8 | PAM_SRC_URI = "file://sudo.pam" | ||
| 9 | |||
| 10 | SRC_URI[sha256sum] = "539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978" | ||
| 11 | |||
| 12 | DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" | ||
| 13 | RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" | ||
| 14 | |||
| 15 | CACHED_CONFIGUREVARS = " \ | ||
| 16 | ac_cv_type_rsize_t=no \ | ||
| 17 | ac_cv_path_MVPROG=${base_bindir}/mv \ | ||
| 18 | ac_cv_path_BSHELLPROG=${base_bindir}/sh \ | ||
| 19 | ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \ | ||
| 20 | ac_cv_path_VIPROG=${base_bindir}/vi \ | ||
| 21 | " | ||
| 22 | |||
| 23 | EXTRA_OECONF += " \ | ||
| 24 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ | ||
| 25 | ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ | ||
| 26 | --with-rundir=/run/sudo \ | ||
| 27 | --with-vardir=/var/lib/sudo \ | ||
| 28 | --libexecdir=${libdir} \ | ||
| 29 | " | ||
| 30 | |||
| 31 | do_install_append () { | ||
| 32 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then | ||
| 33 | install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo | ||
| 34 | if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then | ||
| 35 | echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo | ||
| 36 | sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers | ||
| 37 | fi | ||
| 38 | fi | ||
| 39 | |||
| 40 | chmod 4111 ${D}${bindir}/sudo | ||
| 41 | chmod 0440 ${D}${sysconfdir}/sudoers | ||
| 42 | |||
| 43 | # Explicitly remove the /sudo directory to avoid QA error | ||
| 44 | rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo | ||
| 45 | } | ||
| 46 | |||
| 47 | FILES_${PN}-dev += "${libdir}/${BPN}/lib*${SOLIBSDEV} ${libdir}/${BPN}/*.la \ | ||
| 48 | ${libdir}/lib*${SOLIBSDEV} ${libdir}/*.la" | ||
| 49 | |||
| 50 | SUDO_PACKAGES = "${PN}-sudo\ | ||
| 51 | ${PN}-lib" | ||
| 52 | |||
| 53 | PACKAGE_BEFORE_PN = "${SUDO_PACKAGES}" | ||
| 54 | |||
| 55 | RDEPENDS_${PN}-sudo = "${PN}-lib" | ||
| 56 | RDEPENDS_${PN} += "${SUDO_PACKAGES}" | ||
| 57 | |||
| 58 | FILES_${PN}-sudo = "${bindir}/sudo ${bindir}/sudoedit" | ||
| 59 | FILES_${PN}-lib = "${localstatedir} ${libexecdir} ${sysconfdir} ${libdir} ${nonarch_libdir}" | ||