diff options
author | Doug Goldstein <cardoe@gentoo.org> | 2016-03-08 09:03:42 -0600 |
---|---|---|
committer | Doug Goldstein <cardoe@gentoo.org> | 2016-03-08 09:04:11 -0600 |
commit | 21f8d167c044a4a6846b97ce78c7e52ce7497936 (patch) | |
tree | 3179b198500d450bb4aa933c282c4693a8e54e26 /app-admin | |
parent | app-emulation/virtualbox-extpack-oracle: No get_libdir in global scope. (diff) | |
download | gentoo-21f8d167c044a4a6846b97ce78c7e52ce7497936.tar.gz gentoo-21f8d167c044a4a6846b97ce78c7e52ce7497936.tar.bz2 gentoo-21f8d167c044a4a6846b97ce78c7e52ce7497936.zip |
app-admin/sudo: remove vulnerable versions
Clean up versions vulnerable to CVE-2015-5602
Gentoo-Bug: 564774
Package-Manager: portage-2.2.26
Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
Diffstat (limited to 'app-admin')
-rw-r--r-- | app-admin/sudo/Manifest | 2 | ||||
-rw-r--r-- | app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch | 146 | ||||
-rw-r--r-- | app-admin/sudo/sudo-1.8.12.ebuild | 197 | ||||
-rw-r--r-- | app-admin/sudo/sudo-1.8.14_p3.ebuild | 196 |
4 files changed, 0 insertions, 541 deletions
diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest index 91f8db96501f..185cd436983d 100644 --- a/app-admin/sudo/Manifest +++ b/app-admin/sudo/Manifest @@ -1,3 +1 @@ -DIST sudo-1.8.12.tar.gz 2493373 SHA256 163b51841de8ad19276581a6782d61f5948f1f72a0a843371a1c167d3dc4f3b0 SHA512 1815343eceb7cfa6e37c961ce1c68cf96fc290356b92078d6d24a2c85d8b7a7236df78d3ff7f5e30eba492dc8407346d884e01c0b989eef4414156cfec80b67b WHIRLPOOL 0d9e618937a08b9bf74aaebf12f5b9f96afd827728f90fa95b6a2a4f932cc84240d56674aa903062247068ec5aa3369b14bad64130caeb313330286510c2d3f6 -DIST sudo-1.8.14p3.tar.gz 2570892 SHA256 a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237 SHA512 022e75a4171c0d9b87569adc5b08afc1b8f2adb7dbc6c80dfb737029dbca560a08e317ce37f117b614f36b54666ed01559a72d0c92523a5a2ee3531f520d7a2b WHIRLPOOL 143ff1c464b539e79172cd0340a089739207d2b99fc01d183a27b24b5172c834d6ed0f7258116542ffa559a3a4c3540924261170655dd7bedb449f8d93496bbd DIST sudo-1.8.15.tar.gz 2660128 SHA256 4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308 SHA512 f2bff92104ddc4cbea8c788da446043cbfe02c977cedf18d46b1c82e98d7227432cb5a61233e7a06af84e3637f906edd5e02bb88c03a2ce4a16df410469a5dab WHIRLPOOL 3da64eda51f22d7fc0ea76f0693e9960d511b7c762b5d6237318d17436fd64b58ae90caa9bf4e125ebee70b83eac7cba2c7451fb62fafd8ee3d133c4ae2037b9 diff --git a/app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch b/app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch deleted file mode 100644 index f33748669e97..000000000000 --- a/app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch +++ /dev/null @@ -1,146 +0,0 @@ -This fixes builds on uClibc and musl. See -https://bugs.gentoo.org/show_bug.cgi?id=544756 - -This patch is a slight modification of uptream commits: -http://www.sudo.ws/repos/sudo/rev/86eb67f3c41a -http://www.sudo.ws/repos/sudo/rev/e0794f05e95c - -diff -Naur sudo-1.8.12.orig/lib/util/getopt_long.c sudo-1.8.12/lib/util/getopt_long.c ---- sudo-1.8.12.orig/lib/util/getopt_long.c 2015-02-09 18:40:10.000000000 +0000 -+++ sudo-1.8.12/lib/util/getopt_long.c 2015-04-10 19:21:20.337032782 +0000 -@@ -52,6 +52,7 @@ - - #include <config.h> - -+#include <sys/types.h> - #include <stdio.h> - #ifdef STDC_HEADERS - # include <stdlib.h> -diff -Naur sudo-1.8.12.orig/lib/util/mksiglist.c sudo-1.8.12/lib/util/mksiglist.c ---- sudo-1.8.12.orig/lib/util/mksiglist.c 2015-02-09 18:40:10.000000000 +0000 -+++ sudo-1.8.12/lib/util/mksiglist.c 2015-04-10 19:22:38.719856268 +0000 -@@ -43,6 +43,7 @@ - #include "mksiglist.h" - - printf("#include <config.h>\n"); -+ printf("#include <sys/types.h>\n"); - printf("#include <signal.h>\n"); - printf("#include \"sudo_compat.h\"\n\n"); - printf("const char *const sudo_sys_siglist[NSIG] = {\n"); -diff -Naur sudo-1.8.12.orig/lib/util/mksigname.c sudo-1.8.12/lib/util/mksigname.c ---- sudo-1.8.12.orig/lib/util/mksigname.c 2015-02-09 18:40:10.000000000 +0000 -+++ sudo-1.8.12/lib/util/mksigname.c 2015-04-10 19:22:10.738491394 +0000 -@@ -43,6 +43,7 @@ - #include "mksigname.h" - - printf("#include <config.h>\n"); -+ printf("#include <sys/types.h>\n"); - printf("#include <signal.h>\n"); - printf("#include \"sudo_compat.h\"\n\n"); - printf("const char *const sudo_sys_signame[NSIG] = {\n"); -diff -Naur sudo-1.8.12.orig/lib/util/regress/fnmatch/fnm_test.c sudo-1.8.12/lib/util/regress/fnmatch/fnm_test.c ---- sudo-1.8.12.orig/lib/util/regress/fnmatch/fnm_test.c 2015-02-09 18:40:10.000000000 +0000 -+++ sudo-1.8.12/lib/util/regress/fnmatch/fnm_test.c 2015-04-10 19:21:20.340032928 +0000 -@@ -6,6 +6,7 @@ - - #include <config.h> - -+#include <sys/types.h> - #include <stdio.h> - #include <stdlib.h> - #ifdef HAVE_STRING_H -diff -Naur sudo-1.8.12.orig/lib/util/regress/glob/globtest.c sudo-1.8.12/lib/util/regress/glob/globtest.c ---- sudo-1.8.12.orig/lib/util/regress/glob/globtest.c 2015-02-09 18:40:10.000000000 +0000 -+++ sudo-1.8.12/lib/util/regress/glob/globtest.c 2015-04-10 19:21:20.341032977 +0000 -@@ -6,6 +6,7 @@ - - #include <config.h> - -+#include <sys/types.h> - #include <stdio.h> - #include <stdlib.h> - #ifdef HAVE_STRING_H -diff -Naur sudo-1.8.12.orig/lib/util/sha2.c sudo-1.8.12/lib/util/sha2.c ---- sudo-1.8.12.orig/lib/util/sha2.c 2015-02-09 18:40:09.000000000 +0000 -+++ sudo-1.8.12/lib/util/sha2.c 2015-04-10 19:21:20.342033026 +0000 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com> -+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above -@@ -25,6 +25,7 @@ - - #include <config.h> - -+#include <sys/types.h> - #include <stdio.h> - #ifdef STDC_HEADERS - # include <stdlib.h> -diff -Naur sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_base64.c sudo-1.8.12/plugins/sudoers/regress/parser/check_base64.c ---- sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_base64.c 2015-02-09 18:40:10.000000000 +0000 -+++ sudo-1.8.12/plugins/sudoers/regress/parser/check_base64.c 2015-04-10 19:21:20.342033026 +0000 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com> -+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above -@@ -16,6 +16,7 @@ - - #include <config.h> - -+#include <sys/types.h> - #include <stdio.h> - #ifdef STDC_HEADERS - # include <stdlib.h> -diff -Naur sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_digest.c sudo-1.8.12/plugins/sudoers/regress/parser/check_digest.c ---- sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_digest.c 2015-02-09 18:40:10.000000000 +0000 -+++ sudo-1.8.12/plugins/sudoers/regress/parser/check_digest.c 2015-04-10 19:21:20.343033075 +0000 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com> -+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above -@@ -16,6 +16,7 @@ - - #include <config.h> - -+#include <sys/types.h> - #include <stdio.h> - #ifdef STDC_HEADERS - # include <stdlib.h> -diff -Naur sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_hexchar.c sudo-1.8.12/plugins/sudoers/regress/parser/check_hexchar.c ---- sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_hexchar.c 2015-02-09 18:40:10.000000000 +0000 -+++ sudo-1.8.12/plugins/sudoers/regress/parser/check_hexchar.c 2015-04-10 19:21:20.344033124 +0000 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2014 Todd C. Miller <Todd.Miller@courtesan.com> -+ * Copyright (c) 2014-2015 Todd C. Miller <Todd.Miller@courtesan.com> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above -@@ -16,6 +16,7 @@ - - #include <config.h> - -+#include <sys/types.h> - #include <stdio.h> - #ifdef STDC_HEADERS - # include <stdlib.h> -diff -Naur sudo-1.8.12.orig/plugins/sudoers/solaris_audit.c sudo-1.8.12/plugins/sudoers/solaris_audit.c ---- sudo-1.8.12.orig/plugins/sudoers/solaris_audit.c 2015-02-09 18:53:54.000000000 +0000 -+++ sudo-1.8.12/plugins/sudoers/solaris_audit.c 2015-04-10 19:21:20.345033172 +0000 -@@ -15,6 +15,8 @@ - */ - - #include <config.h> -+ -+#include <sys/types.h> - #include <stdarg.h> - #include <stdio.h> - #include <stdlib.h> diff --git a/app-admin/sudo/sudo-1.8.12.ebuild b/app-admin/sudo/sudo-1.8.12.ebuild deleted file mode 100644 index d1ed25ec38cf..000000000000 --- a/app-admin/sudo/sudo-1.8.12.ebuild +++ /dev/null @@ -1,197 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit eutils pam multilib libtool - -MY_P=${P/_/} -MY_P=${MY_P/beta/b} - -uri_prefix= -case ${P} in -*_beta*|*_rc*) uri_prefix=beta/ ;; -esac - -DESCRIPTION="Allows users or groups to run commands as other users" -HOMEPAGE="http://www.sudo.ws/" -SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz - ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" - -# Basic license is ISC-style as-is, some files are released under -# 3-clause BSD license -LICENSE="ISC BSD" -SLOT="0" -KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris" -IUSE="ldap nls pam offensive selinux skey +sendmail" - -DEPEND="pam? ( virtual/pam ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - ldap? ( - >=net-nds/openldap-2.1.30-r1 - dev-libs/cyrus-sasl - ) - sys-libs/zlib" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-sudo ) - ldap? ( dev-lang/perl ) - pam? ( sys-auth/pambase ) - >=app-misc/editor-wrapper-3 - virtual/editor - sendmail? ( virtual/mta )" -DEPEND="${DEPEND} - sys-devel/bison" - -S=${WORKDIR}/${MY_P} - -REQUIRED_USE="pam? ( !skey ) skey? ( !pam )" - -MAKEOPTS+=" SAMPLES=" - -src_prepare() { - epatch "${FILESDIR}"/${P}-include-sys-types-h.patch - elibtoolize -} - -set_rootpath() { - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path ..." - - # first extract the default ROOTPATH from build env - ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}") - if [[ -z ${ROOTPATH} ]] ; then - ewarn " Failed to find ROOTPATH, please report this" - fi - - # then remove duplicate path entries - cleanpath() { - local newpath thisp IFS=: - for thisp in $1 ; do - if [[ :${newpath}: != *:${thisp}:* ]] ; then - newpath+=:$thisp - else - einfo " Duplicate entry ${thisp} removed..." - fi - done - ROOTPATH=${newpath#:} - } - cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}} - - # finally, strip gcc paths #136027 - rmpath() { - local e newpath thisp IFS=: - for thisp in ${ROOTPATH} ; do - for e ; do [[ $thisp == $e ]] && continue 2 ; done - newpath+=:$thisp - done - ROOTPATH=${newpath#:} - } - rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' - - einfo "... done" -} - -src_configure() { - local ROOTPATH - set_rootpath - - # audit: somebody got to explain me how I can test this before I - # enable it.. - Diego - # plugindir: autoconf code is crappy and does not delay evaluation - # until `make` time, so we have to use a full path here rather than - # basing off other values. - econf \ - --enable-zlib=system \ - --with-secure-path="${ROOTPATH}" \ - --with-editor="${EPREFIX}"/usr/libexec/editor \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) \ - $(use_enable nls) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with selinux) \ - $(use_with sendmail) \ - --without-opie \ - --without-linux-audit \ - --with-rundir="${EPREFIX}"/var/run/sudo \ - --with-vardir="${EPREFIX}"/var/db/sudo \ - --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \ - --docdir="${EPREFIX}"/usr/share/doc/${PF} -} - -src_install() { - default - - if use ldap ; then - dodoc README.LDAP doc/schema.OpenLDAP - dosbin plugins/sudoers/sudoers2ldif - - cat <<-EOF > "${T}"/ldap.conf.sudo - # See ldap.conf(5) and README.LDAP for details - # This file should only be readable by root - - # supported directives: host, port, ssl, ldap_version - # uri, binddn, bindpw, sudoers_base, sudoers_debug - # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key - EOF - - insinto /etc - doins "${T}"/ldap.conf.sudo - fperms 0440 /etc/ldap.conf.sudo - fi - - pamd_mimic system-auth sudo auth account session - - keepdir /var/db/sudo - fperms 0700 /var/db/sudo - - # Don't install into /var/run as that is a tmpfs most of the time - # (bug #504854) - rm -rf "${D}"/var/run -} - -pkg_postinst() { - if use ldap ; then - ewarn - ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." - ewarn - if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then - ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" - ewarn "configured in /etc/nsswitch.conf." - ewarn - ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" - ewarn " sudoers: ldap files" - ewarn - fi - fi - if use prefix ; then - ewarn - ewarn "To use sudo, you need to change file ownership and permissions" - ewarn "with root privileges, as follows:" - ewarn - ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" - ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" - ewarn " # chown root:root ${EPREFIX}/etc/sudoers" - ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" - ewarn " # chown root:root ${EPREFIX}/var/db/sudo" - ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" - ewarn - fi - - elog "To use the -A (askpass) option, you need to install a compatible" - elog "password program from the following list. Starred packages will" - elog "automatically register for the use with sudo (but will not force" - elog "the -A option):" - elog "" - elog " [*] net-misc/ssh-askpass-fullscreen" - elog " net-misc/x11-ssh-askpass" - elog "" - elog "You can override the choice by setting the SUDO_ASKPASS environmnent" - elog "variable to the program you want to use." -} diff --git a/app-admin/sudo/sudo-1.8.14_p3.ebuild b/app-admin/sudo/sudo-1.8.14_p3.ebuild deleted file mode 100644 index c4e80afad003..000000000000 --- a/app-admin/sudo/sudo-1.8.14_p3.ebuild +++ /dev/null @@ -1,196 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit eutils pam multilib libtool - -MY_P=${P/_/} -MY_P=${MY_P/beta/b} - -uri_prefix= -case ${P} in -*_beta*|*_rc*) uri_prefix=beta/ ;; -esac - -DESCRIPTION="Allows users or groups to run commands as other users" -HOMEPAGE="http://www.sudo.ws/" -SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz - ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" - -# Basic license is ISC-style as-is, some files are released under -# 3-clause BSD license -LICENSE="ISC BSD" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris" -IUSE="ldap nls pam offensive selinux skey +sendmail" - -DEPEND="pam? ( virtual/pam ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - ldap? ( - >=net-nds/openldap-2.1.30-r1 - dev-libs/cyrus-sasl - ) - sys-libs/zlib" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-sudo ) - ldap? ( dev-lang/perl ) - pam? ( sys-auth/pambase ) - >=app-misc/editor-wrapper-3 - virtual/editor - sendmail? ( virtual/mta )" -DEPEND="${DEPEND} - sys-devel/bison" - -S=${WORKDIR}/${MY_P} - -REQUIRED_USE="pam? ( !skey ) skey? ( !pam )" - -MAKEOPTS+=" SAMPLES=" - -src_prepare() { - elibtoolize -} - -set_rootpath() { - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path ..." - - # first extract the default ROOTPATH from build env - ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}") - if [[ -z ${ROOTPATH} ]] ; then - ewarn " Failed to find ROOTPATH, please report this" - fi - - # then remove duplicate path entries - cleanpath() { - local newpath thisp IFS=: - for thisp in $1 ; do - if [[ :${newpath}: != *:${thisp}:* ]] ; then - newpath+=:$thisp - else - einfo " Duplicate entry ${thisp} removed..." - fi - done - ROOTPATH=${newpath#:} - } - cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}} - - # finally, strip gcc paths #136027 - rmpath() { - local e newpath thisp IFS=: - for thisp in ${ROOTPATH} ; do - for e ; do [[ $thisp == $e ]] && continue 2 ; done - newpath+=:$thisp - done - ROOTPATH=${newpath#:} - } - rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' - - einfo "... done" -} - -src_configure() { - local ROOTPATH - set_rootpath - - # audit: somebody got to explain me how I can test this before I - # enable it.. - Diego - # plugindir: autoconf code is crappy and does not delay evaluation - # until `make` time, so we have to use a full path here rather than - # basing off other values. - econf \ - --enable-zlib=system \ - --with-secure-path="${ROOTPATH}" \ - --with-editor="${EPREFIX}"/usr/libexec/editor \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) \ - $(use_enable nls) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with selinux) \ - $(use_with sendmail) \ - --without-opie \ - --without-linux-audit \ - --with-rundir="${EPREFIX}"/var/run/sudo \ - --with-vardir="${EPREFIX}"/var/db/sudo \ - --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \ - --docdir="${EPREFIX}"/usr/share/doc/${PF} -} - -src_install() { - default - - if use ldap ; then - dodoc README.LDAP doc/schema.OpenLDAP - dosbin plugins/sudoers/sudoers2ldif - - cat <<-EOF > "${T}"/ldap.conf.sudo - # See ldap.conf(5) and README.LDAP for details - # This file should only be readable by root - - # supported directives: host, port, ssl, ldap_version - # uri, binddn, bindpw, sudoers_base, sudoers_debug - # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key - EOF - - insinto /etc - doins "${T}"/ldap.conf.sudo - fperms 0440 /etc/ldap.conf.sudo - fi - - pamd_mimic system-auth sudo auth account session - - keepdir /var/db/sudo - fperms 0700 /var/db/sudo - - # Don't install into /var/run as that is a tmpfs most of the time - # (bug #504854) - rm -rf "${D}"/var/run -} - -pkg_postinst() { - if use ldap ; then - ewarn - ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." - ewarn - if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then - ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" - ewarn "configured in /etc/nsswitch.conf." - ewarn - ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" - ewarn " sudoers: ldap files" - ewarn - fi - fi - if use prefix ; then - ewarn - ewarn "To use sudo, you need to change file ownership and permissions" - ewarn "with root privileges, as follows:" - ewarn - ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" - ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" - ewarn " # chown root:root ${EPREFIX}/etc/sudoers" - ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" - ewarn " # chown root:root ${EPREFIX}/var/db/sudo" - ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" - ewarn - fi - - elog "To use the -A (askpass) option, you need to install a compatible" - elog "password program from the following list. Starred packages will" - elog "automatically register for the use with sudo (but will not force" - elog "the -A option):" - elog "" - elog " [*] net-misc/ssh-askpass-fullscreen" - elog " net-misc/x11-ssh-askpass" - elog "" - elog "You can override the choice by setting the SUDO_ASKPASS environmnent" - elog "variable to the program you want to use." -} |