summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/sudo
Commit message (Collapse)AuthorAgeFilesLines
* sudo: upgrade 1.9.7 -> 1.9.7p1Alexander Kanavin2021-06-171-1/+1
| | | | | | | (From OE-Core rev: 7da8152cc42c14ddc02c6a3180632c958a191d74) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.9.6p1 -> 1.9.7Richard Purdie2021-05-181-1/+1
| | | | | | (From OE-Core rev: a1698056f5548285d87ebe25052c48c701f89143) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: CVE_VERSION_SUFFIX to work with patched releaseLee Chee Yang2021-03-201-0/+2
| | | | | | | | | | | | | CVE_VERSION_SUFFIX in "patch" to treat version string with suffix "pX" or "patchX" as patched release. also update testcases to cover this changes and set CVE_VERSION_SUFFIX for sudo. (From OE-Core rev: 8076815fc2ffc8f632e73527ce2b7d158a29e9ea) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.9.6 -> 1.9.6p1zhengruoqin2021-03-201-1/+1
| | | | | | | (From OE-Core rev: 237411b48d639bd325a54d5a1c9168b776f485e1) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.9.5p2 -> 1.9.6Richard Purdie2021-03-161-1/+1
| | | | | | (From OE-Core rev: ecb038f14c0b91280ba1532ad94a6ebc64c70644) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.9.5p1 -> 1.9.5p2Yi Fan Yu2021-01-271-1/+1
| | | | | | | | | Notable fix: CVE-2021-3156 (From OE-Core rev: 1140ca0090eb235cad3bc1427703dea43429d9de) Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.9.4p1 -> 1.9.5p1Anuj Mittal2021-01-202-3/+3
| | | | | | | | | License-Update: copyright years changed (From OE-Core rev: b72b3e04457928235843173981fd0a20ef1b00ae) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: split sudo binary into its own packageSinan Kaya2021-01-121-1/+11
| | | | | | | | | | Package just sudo binary into its own package for size concerned targets. (From OE-Core rev: 788c95c3bb8ede0d3d6a8f125743ac47c0b3f00e) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.9.3p1 -> 1.9.4p1Alexander Kanavin2020-12-301-1/+1
| | | | | | | (From OE-Core rev: 14f6e64b4ca08e19d9465a7903f4eb5bf9838052) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: fix multilib conflictKai Kang2020-11-242-2/+56
| | | | | | | | | | | | | | | | | | | | It fails to install sudo and lib32-sudo at same time: | Error: Transaction test error: | file /usr/libexec/sudo/audit_json.so conflicts between attempted installs of lib32-sudo-1.9.3p1-r0.core2_32 and sudo-1.9.3p1-r0.core2_64 | file /usr/libexec/sudo/group_file.so conflicts between attempted installs of lib32-sudo-1.9.3p1-r0.core2_32 and sudo-1.9.3p1-r0.core2_64 Pass ${libdir} to configure option --libexecdir of sudo that it installs plugin libraries to /usr/lib{,64} rather than /usr/libexec/. Then add a patch to fix multilib conflict of sudo.conf. [RP: Add missing Upstream-Status] (From OE-Core rev: c9b6974cfcac370c6848d28400e0546ac85512e9) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.9.3 -> 1.9.3p1Alexander Kanavin2020-11-031-1/+1
| | | | | | | (From OE-Core rev: bdc1f9006331391d83e1982339dfe0449b48db99) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.9.2 -> 1.9.3zangrc2020-09-301-1/+1
| | | | | | | (From OE-Core rev: c5571fd473369deab62f5b8e7c2d4318746df725) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo:upgrade 1.9.1 -> 1.9.2zangrc2020-08-011-1/+1
| | | | | | | (From OE-Core rev: e9d825a780d68b485a71e880397ab2db8e0ac3ca) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: set with-rundir to /run/sudoRicardo Salveti2020-07-221-1/+2
| | | | | | | | | | | | Set with-rundir to a known path instead of letting configure decide which is the best folder to store the timestamp files. This is required otherwise it might end up at /sudo, which will cause errors on a ro filesystem. (From OE-Core rev: 22ae707afa69d1d0a0496a6dc25a400a9c4404d9) Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.9.0 -> 1.9.1Alexander Kanavin2020-06-282-39/+3
| | | | | | | | | Drop the patch as it is merged upstream. (From OE-Core rev: 000577afd815fa8399c595d1aef81f4327204327) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.8.31 -> 1.9.0Alexander Kanavin2020-06-042-3/+3
| | | | | | | | License-Update: additional copyright statements, all BSD (From OE-Core rev: a37947c7ba882ae35b4709562035a249c9e0dbe9) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.8.30 -> 1.8.31Wang Mingyu2020-02-142-3/+3
| | | | | | | | | -License-Update: Copyright year updated from 1998-2019 to 1998-2020. (From OE-Core rev: 19711adc45cf57fc007a7d1e052726fd45157f98) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: specify where target tools areRoss Burton2020-02-082-2/+9
| | | | | | | | | | | | | sudo uses AC_PATH_PROG to find target paths, which means at best potential host-contamination (and reproducible issues) and at worst it thinks sh is at /your/build/path/hosttools/sh. Solve this by explicitly passing the correct paths to configure. (From OE-Core rev: 61650dd8498a093f3bfa93202c9cd2e9a7fb7834) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade 1.8.29 -> 1.8.30Anuj Mittal2020-02-041-2/+2
| | | | | | | (From OE-Core rev: 5933efd44811f97a53952dd72b6d2026ebfa8d39) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: Set vardir deterministicallyRichard Purdie2020-02-041-0/+1
| | | | | | | | | | | Without setting this it will vary depending on which directories are present on the host. [YOCTO #13775] (From OE-Core rev: 39fe849b56d70689846262c31ab7c182c8443923) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: update to 1.8.29Alexander Kanavin2019-12-164-305/+13
| | | | | | | | License-Update: added SPDX info. (From OE-Core rev: d3660148a64fc6ef18c7f9d2080c26d89c0b3826) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: Fix fetching sourcesFerry Toth2019-10-311-1/+1
| | | | | | | | | | | It looks like https://www.sudo.ws/download.html changed certificate and directory structure. This breaks fetching sources. (From OE-Core rev: e03afb9b776407db0ca41852d359b599676379c6) Signed-off-by: Ferry Toth <ftoth@exalondelft.nl> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: fix CVE-2019-14287Changqing Li2019-10-233-0/+292
| | | | | | | | | | | | | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. (From OE-Core rev: 4e11cd561f2bdaa6807cf02ee7c9870881826308) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: Fix BSD license file checksumWes Lindauer2019-08-211-5/+5
| | | | | | | | | BSD license files must include the copyright notice. (From OE-Core rev: f5cfcaa79fd3a2cfd9299f2c8e7686b502e52551) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: correct SRC_URIAlexander Kanavin2019-08-141-1/+1
| | | | | | | | | The old URI returns 404, and has an invalid TLS certificate. (From OE-Core rev: 73ff6aba0a53ffc3ee0a5859a3ad4c8021be4de0) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: use nonarch_libdir instead of libdir for tmpfiles.dChen Qi2019-07-261-2/+2
| | | | | | | | | | In case of multilib, /usr/lib64/tmpfiles.d is not a path that will be searched. So we need to use nonarch_libdir. (From OE-Core rev: 2623d9d2f243128e50be9ed6fb5bb222b3fe9fa0) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.27Chen Qi2019-02-202-3/+3
| | | | | | | | | License-Update: copyright years updated (From OE-Core rev: 53b5629cf5010f8fee79d82260e291b418cbef7c) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.26Chen Qi2018-12-052-4/+7
| | | | | | | | | License-Update: include more files to check, but license remains the same. (From OE-Core rev: ad0f26263eb51cda4cf96cd2fe7f6e7f950b9e8e) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: Add missing dep on virtual/cryptAlex Kiernan2018-09-051-1/+1
| | | | | | | | | | | | | Ensure we have virtual/crypt even if building without PAM; fixes: sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy" sudo: unable to load /usr/libexec/sudo/sudoers.so: /usr/libexec/sudo/sudoers.so: undefined symbol: crypt sudo: fatal error, unable to load plugins (From OE-Core rev: f863713ae255bf5b6619c98ecd36aacbda352bbb) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: add PACKAGECONFIG for pam-wheelYi Zhao2018-08-022-0/+5
| | | | | | | | | | | | The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant user is a member of the wheel group. Add PACKAGECONFIG to enable pam_wheel module for sudo. (From OE-Core rev: 7a46ca79b18527a56de470fcaaf95c870c097cf6) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.23Chen Qi2018-05-152-6/+7
| | | | | | | | | | | | | | | Upgrade sudo to 1.8.23. The license checksum changes but the actual license does not. The /var/run/sudo directory has changed to /run/sudo, change do_install_append according to avoid error. (From OE-Core rev: abd809670ea4048551d20c11da95203536250001) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: 1.8.21P1 -> 1.8.22Huang Qiyu2018-02-242-4/+4
| | | | | | | | | | | | | | 1.Upgrade sudo from 1.8.21P1 to 1.8.22. 2.Update the checksum of LIC_FILES_CHKSUM. The following content is appended to doc/LICENSE, plugins/sudoers/redblack.c. Todd C. Miller <Todd.Miller@courtesan.com> -> Todd C. Miller <Todd.Miller@sudo.ws> (From OE-Core rev: 05e8601dcbf6ba8500696d874c483f9ac8df71fa) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: improve reproducibilityJuro Bystricky2017-11-301-0/+6
| | | | | | | | | | | | | | Delete various build host references from the internally generated file sudo_usage.h. The references get compiled into executables, which leads to non-reproducible builds. The removed references (configure options) were only used as part of the sudo "usage", and even then only when ran as root. (From OE-Core rev: 090eb9efdb2204673b1d569582813ea8860c8570) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.21p2Chen Qi2017-11-211-2/+2
| | | | | | | | (From OE-Core rev: a3eccc5b0f0e95c18b3d40cc82d576fbe45b4547) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.20p2Chen Qi2017-07-272-3/+3
| | | | | | | | | | The checksum for doc/LICENSE is changed, but the content only changes year from '2013' to '2017', so the license remains the same. (From OE-Core rev: e1d27852bf21be49db574ed207bc90d42c4bd898) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.19p2Chen Qi2017-03-012-3/+3
| | | | | | | | | | | | The license checksum for doc/LICENSE is changed. It's a small change. '2015' is changed to '2017'. Nothing else is changed. So the licenses remain the same. (From OE-Core rev: a14b935461d231429b6dc3bd0fdc34142b48fe86) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-1/+1
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: 1.8.17p1 -> 1.8.18p1Huang Qiyu2016-12-171-2/+2
| | | | | | | | | | | | Upgrade sudo from 1.8.17p1 to 1.8.18p1. (From OE-Core rev: 31bafcbcb59bdb370a918ad9b96d4b07af3993f2) (From OE-Core rev: 66076da016be13ed9441229983fe323ac53f2f6c) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.17p1Chen Qi2016-07-201-2/+2
| | | | | | | | (From OE-Core rev: 0564ab21fe403dd3e43240f7cfad619a356cee06) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.16Chen Qi2016-06-151-2/+2
| | | | | | | (From OE-Core rev: cab69cc57aba3b228cccae650f8b06dcf7d388af) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: fix pam config on systemd systemsDan McGregor2016-04-131-1/+1
| | | | | | | | | | Pam_keyinit revoke causes issues on systemd systems. Make its use optional. This brings it in line with Fedora 23 and Centos 7. (From OE-Core rev: 36825c7b14b92434705a58aa4c22b8c1710a9760) Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.15Fan Xin2015-12-122-34/+2
| | | | | | | | | | | | 1. upgrade to 1.8.15 2. delete patch file due to the bug has been fixed in sudo 1.8.15 (http://bugzilla.sudo.ws/show_bug.cgi?id=708) (From OE-Core rev: 2180280e63aece8fb45686e1b5dd01430ce478fe) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: remove libdir INSANE_SKIPRoss Burton2015-12-121-5/+0
| | | | | | | | | Now that the libdir check allows libraries in libexecdir, remove INSANE_SKIP. (From OE-Core rev: a760d550b099a9287b188b8376ef2f0787cc85fc) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: handle libexecdir != libdir/PN.Ross Burton2015-12-082-1/+7
| | | | | | | | | | | | | | | | | sudo has somewhat special file installation logic and installs the modules and libraries to $libexecdir/sudo, with special handling for the case when libexecdir already contains /sudo (which it does by default in current oe-core where libexecdir=$libdir/$PN). As setting libexecdir to /usr/libexec should work, add both possibilities to FILES to be sure the right files are captured, and add INSANE_SKIP for the libdir warning that libraries are outside of /usr/lib/ (arguably, this should be fixed in insane). (From OE-Core rev: 431ad7a268fc07c367ce830c4f69dba515f44b4e) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: fix file permission for /etc/pam.d/sudoChen Qi2015-10-211-1/+1
| | | | | | | | | | The file permission should be 0644 instead of 0664. (From OE-Core rev: 86c80f6d51b3700e090c70067808ea405d5a0b20) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: Disable rsize_t deliberatelyKhem Raj2015-09-121-0/+1
| | | | | | | | | | | | gcc does not have it but clang does, problem happens when host compiler is gcc and cross compiler is clang, because autoconf detects it with clang and slaps it to host compiler as well (From OE-Core rev: c70d915bcc3054120e7ad06b9bcfef57f2d15371) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: Include sys/types.h for id_t definitionKhem Raj2015-09-122-0/+35
| | | | | | | | | | | This is exposed by musl, on glibc sys/types.h comes as indirect include from other include myriad. (From OE-Core rev: 7a55d298376b83248a4a35f3c01f3fd163908046) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.14p3Ross Burton2015-07-273-5/+42
| | | | | | | | | | | | | | | The licence checksum is modified according to the change of doc/LICENCE. In specific, file://lib/util/reallocarray.c is added to LIC_FILES_CHECKSUM. Fix out of tree builds, and explicitly enable/disable tmpfiles.d support based on the systemd DISTRO_FEATURE to avoid non-deterministic packaging. Based on a patch by Chen Qi <Qi.Chen@windriver.com> (From OE-Core rev: ef2a842d06b3a9ee6036af06247c7c022f8c720d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: Disable hardening for muslKhem Raj2015-04-131-0/+2
| | | | | | | | | | musl does not yet enable ssp Change-Id: If40ab0a54b17d5528676b1268182b6c7e7ef5761 (From OE-Core rev: a583f81d9bc6ae984699d9aba7a53019ff0afc23) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.13Chen Qi2015-04-102-11/+5
| | | | | | | | | | | | | | The do_configure_prepend is deleted because it doesn't seem to have any positive effect and it causes the following error. | aclocal: error: acinclude.m4:133: file 'm4/ax_sys_weak_alias.m4' does not exist | autoreconf: aclocal failed with exit status: 1 | ERROR: autoreconf execution failed. (From OE-Core rev: a31d05f7bb60d5431a6e1cd370d7106ae785b0ca) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>