diff --git a/backport-add-h-and-V-to-sudoedit-usage-and-customize-help-out.patch b/backport-add-h-and-V-to-sudoedit-usage-and-customize-help-out.patch new file mode 100644 index 0000000000000000000000000000000000000000..4b78183d5cba7810608d697461550b7e899b0c4a --- /dev/null +++ b/backport-add-h-and-V-to-sudoedit-usage-and-customize-help-out.patch @@ -0,0 +1,174 @@ +From a4c710ccfdbd8d1e8af726ac6afe4ed3ca0feba7 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Tue, 30 Mar 2021 15:53:38 -0600 +Subject: [PATCH] Add -h and -V to sudoedit usage and customize help output for + sudoedit. Also add missing -B option to usage strings. + +--- + src/parse_args.c | 78 +++++++++++++++++++++++++++++---------------- + src/sudo_usage.h.in | 9 +++--- + 2 files changed, 55 insertions(+), 32 deletions(-) + +diff --git a/src/parse_args.c b/src/parse_args.c +index 50933816d..3fe0d6acf 100644 +--- a/src/parse_args.c ++++ b/src/parse_args.c +@@ -717,8 +717,9 @@ display_usage(int (*output)(const char *)) + * Use usage vectors appropriate to the progname. + */ + if (strcmp(getprogname(), "sudoedit") == 0) { +- uvec[0] = &SUDO_USAGE5[3]; +- uvec[1] = NULL; ++ uvec[0] = SUDO_USAGE0; ++ uvec[1] = &SUDO_USAGE5[3]; /* skip the leading "-e " */ ++ uvec[2] = NULL; + } else { + uvec[0] = SUDO_USAGE1; + uvec[1] = SUDO_USAGE2; +@@ -771,13 +772,16 @@ help(void) + struct sudo_lbuf lbuf; + const int indent = 32; + const char *pname = getprogname(); ++ bool sudoedit = false; + debug_decl(help, SUDO_DEBUG_ARGS); + + sudo_lbuf_init(&lbuf, usage_out, indent, NULL, user_details.ts_cols); +- if (strcmp(pname, "sudoedit") == 0) ++ if (strcmp(pname, "sudoedit") == 0) { ++ sudoedit = true; + sudo_lbuf_append(&lbuf, _("%s - edit files as another user\n\n"), pname); +- else ++ } else { + sudo_lbuf_append(&lbuf, _("%s - execute a command as another user\n\n"), pname); ++ } + sudo_lbuf_print(&lbuf); + + display_usage(usage_out); +@@ -789,8 +793,10 @@ help(void) + sudo_lbuf_append(&lbuf, " -a, --auth-type=type %s\n", + _("use specified BSD authentication type")); + #endif +- sudo_lbuf_append(&lbuf, " -b, --background %s\n", +- _("run command in the background")); ++ if (!sudoedit) { ++ sudo_lbuf_append(&lbuf, " -b, --background %s\n", ++ _("run command in the background")); ++ } + sudo_lbuf_append(&lbuf, " -B, --bell %s\n", + _("ring bell when prompting")); + sudo_lbuf_append(&lbuf, " -C, --close-from=num %s\n", +@@ -801,32 +807,42 @@ help(void) + #endif + sudo_lbuf_append(&lbuf, " -D, --chdir=directory %s\n", + _("change the working directory before running command")); +- sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n", +- _("preserve user environment when running command")); +- sudo_lbuf_append(&lbuf, " --preserve-env=list %s\n", +- _("preserve specific environment variables")); +- sudo_lbuf_append(&lbuf, " -e, --edit %s\n", +- _("edit files instead of running a command")); ++ if (!sudoedit) { ++ sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n", ++ _("preserve user environment when running command")); ++ sudo_lbuf_append(&lbuf, " --preserve-env=list %s\n", ++ _("preserve specific environment variables")); ++ sudo_lbuf_append(&lbuf, " -e, --edit %s\n", ++ _("edit files instead of running a command")); ++ } + sudo_lbuf_append(&lbuf, " -g, --group=group %s\n", + _("run command as the specified group name or ID")); +- sudo_lbuf_append(&lbuf, " -H, --set-home %s\n", +- _("set HOME variable to target user's home dir")); ++ if (!sudoedit) { ++ sudo_lbuf_append(&lbuf, " -H, --set-home %s\n", ++ _("set HOME variable to target user's home dir")); ++ } + sudo_lbuf_append(&lbuf, " -h, --help %s\n", + _("display help message and exit")); + sudo_lbuf_append(&lbuf, " -h, --host=host %s\n", + _("run command on host (if supported by plugin)")); +- sudo_lbuf_append(&lbuf, " -i, --login %s\n", +- _("run login shell as the target user; a command may also be specified")); +- sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n", +- _("remove timestamp file completely")); ++ if (!sudoedit) { ++ sudo_lbuf_append(&lbuf, " -i, --login %s\n", ++ _("run login shell as the target user; a command may also be specified")); ++ sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n", ++ _("remove timestamp file completely")); ++ } + sudo_lbuf_append(&lbuf, " -k, --reset-timestamp %s\n", + _("invalidate timestamp file")); +- sudo_lbuf_append(&lbuf, " -l, --list %s\n", +- _("list user's privileges or check a specific command; use twice for longer format")); ++ if (!sudoedit) { ++ sudo_lbuf_append(&lbuf, " -l, --list %s\n", ++ _("list user's privileges or check a specific command; use twice for longer format")); ++ } + sudo_lbuf_append(&lbuf, " -n, --non-interactive %s\n", + _("non-interactive mode, no prompts are used")); +- sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n", +- _("preserve group vector instead of setting to target's")); ++ if (!sudoedit) { ++ sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n", ++ _("preserve group vector instead of setting to target's")); ++ } + sudo_lbuf_append(&lbuf, " -p, --prompt=prompt %s\n", + _("use the specified password prompt")); + sudo_lbuf_append(&lbuf, " -R, --chroot=directory %s\n", +@@ -837,22 +853,28 @@ help(void) + #endif + sudo_lbuf_append(&lbuf, " -S, --stdin %s\n", + _("read password from standard input")); +- sudo_lbuf_append(&lbuf, " -s, --shell %s\n", +- _("run shell as the target user; a command may also be specified")); ++ if (!sudoedit) { ++ sudo_lbuf_append(&lbuf, " -s, --shell %s\n", ++ _("run shell as the target user; a command may also be specified")); ++ } + #ifdef HAVE_SELINUX + sudo_lbuf_append(&lbuf, " -t, --type=type %s\n", + _("create SELinux security context with specified type")); + #endif + sudo_lbuf_append(&lbuf, " -T, --command-timeout=timeout %s\n", + _("terminate command after the specified time limit")); +- sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n", +- _("in list mode, display privileges for user")); ++ if (!sudoedit) { ++ sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n", ++ _("in list mode, display privileges for user")); ++ } + sudo_lbuf_append(&lbuf, " -u, --user=user %s\n", + _("run command (or edit file) as specified user name or ID")); + sudo_lbuf_append(&lbuf, " -V, --version %s\n", + _("display version information and exit")); +- sudo_lbuf_append(&lbuf, " -v, --validate %s\n", +- _("update user's timestamp without running a command")); ++ if (!sudoedit) { ++ sudo_lbuf_append(&lbuf, " -v, --validate %s\n", ++ _("update user's timestamp without running a command")); ++ } + sudo_lbuf_append(&lbuf, " -- %s\n", + _("stop processing command line arguments")); + sudo_lbuf_print(&lbuf); +diff --git a/src/sudo_usage.h.in b/src/sudo_usage.h.in +index afccc1582..fce40d30c 100644 +--- a/src/sudo_usage.h.in ++++ b/src/sudo_usage.h.in +@@ -24,11 +24,12 @@ + * Usage strings for sudo. These are here because we + * need to be able to substitute values from configure. + */ ++#define SUDO_USAGE0 " -h | -V" + #define SUDO_USAGE1 " -h | -K | -k | -V" +-#define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]" +-#define SUDO_USAGE3 " -l [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command]" +-#define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] [-D directory] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] [VAR=value] [-i|-s] []" +-#define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ..." ++#define SUDO_USAGE2 " -v [-ABknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]" ++#define SUDO_USAGE3 " -l [-ABknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command]" ++#define SUDO_USAGE4 " [-ABbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] [-D directory] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] [VAR=value] [-i|-s] []" ++#define SUDO_USAGE5 " -e [-ABknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ..." + + /* + * Configure script arguments used to build sudo. diff --git a/sudo.spec b/sudo.spec index b5067b3c2b95b209c0ae8de1507c14ee1de48754..43cc32a288a013e57ea13a3305ad7e4e5b634386 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Name: sudo Version: 1.9.5p2 -Release: 3 +Release: 4 Summary: Allows restricted root access for specified users License: ISC URL: http://www.courtesan.com/sudo/ @@ -11,6 +11,7 @@ Source2: sudo Source3: sudo-i Patch0: backport-In-json_stack_push-treat-stack-exhaustion-like-memory-allocation-failure.patch +Patch1: backport-add-h-and-V-to-sudoedit-usage-and-customize-help-out.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: pam @@ -155,6 +156,9 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i %exclude %{_pkgdocdir}/ChangeLog %changelog +* Fri Dec 24 2021 steven.ygui - 1.9.5p2-4 +- DESC: backport upstream patch for fixing sudoedit usage error + * Thu Sep 16 2021 yixiangzhike - 1.9.5p2-3 - DESC: treat stack exhaustion like memory allocation failure