diff --git a/debian/changelog b/debian/changelog index 2260e31..3265fa8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ lxqt-sudo (2.3.0-0ubuntu1) resolute; urgency=medium * New upstream release. - Update build dependencies. + - Drop bypass-envvar-allowlist.patch due to incompatibility with sudo-rs. * Update copyright file. * Update Standards-Version to 4.7.3, no changes needed. * Remove unnecessary Rules-Requires-Root. diff --git a/debian/patches/bypass-envvar-allowlist.patch b/debian/patches/bypass-envvar-allowlist.patch deleted file mode 100644 index c5adcde..0000000 --- a/debian/patches/bypass-envvar-allowlist.patch +++ /dev/null @@ -1,82 +0,0 @@ -Description: Add a -E option, exposing all environment variables - Some system tools (such as ubuntu-release-upgrader) read XDG* (etc.), so allow the user to opt-in to preserving those. -Author: Simon Quigley -Origin: upstream -Forwarded: https://github.com/lxqt/lxqt-sudo/pull/204 -Last-Update: 2023-10-11 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/sudo.cpp -+++ b/sudo.cpp -@@ -84,6 +84,7 @@ namespace - " -s|--su Use %3(1) as backend.\n" - " -d|--sudo Use %2(8) as backend.\n" - " -a|--doas Use %4(1) as backend.\n" -+ " -E|--keep-env Preserve all existing environment variables.\n" - " command Command to run.\n" - " arguments Optional arguments for command.\n\n").arg(app_master).arg(sudo_prog).arg(su_prog).arg(doas_prog); - if (!err.isEmpty()) -@@ -114,8 +115,13 @@ namespace - }; - assert_helper h; - -- inline std::string env_workarounds() -+ inline std::string env_workarounds(bool preserveEnv) - { -+ if (preserveEnv) { -+ std::cerr << LXQTSUDO << ": Preserving all environment variables.\n"; -+ return ""; -+ } -+ - std::cerr << LXQTSUDO << ": Stripping child environment except for: "; - std::ostringstream left_env_params; - std::copy(ALLOWED_VARS, ALLOWED_END - 1, std::ostream_iterator{left_env_params, ","}); -@@ -196,6 +202,10 @@ int Sudo::main() - { - mBackend = BACK_DOAS; - mArgs.removeAt(0); -+ } else if (QStringLiteral("-E") == arg1 || QStringLiteral("--keep-env") == arg1) -+ { -+ mPreserveEnv = true; -+ mArgs.removeAt(0); - } - } - //any other arguments we simply forward to su/sudo -@@ -287,11 +297,13 @@ void Sudo::child() - switch (mBackend) - { - case BACK_SUDO: -- preserve_env_param = "--preserve-env="; -- -- preserve_env_param += env_workarounds(); -- -- *(param_arg++) = preserve_env_param.c_str(); //preserve environment -+ if(!mPreserveEnv) { -+ preserve_env_param = "--preserve-env="; -+ preserve_env_param += env_workarounds(mPreserveEnv); -+ } else { -+ preserve_env_param = "--preserve-env"; -+ } -+ *(param_arg++) = preserve_env_param.c_str(); - *(param_arg++) = "/bin/sh"; - break; - case BACK_DOAS: -@@ -299,7 +311,7 @@ void Sudo::child() - [[fallthrough]]; - case BACK_SU: - case BACK_NONE: -- env_workarounds(); -+ env_workarounds(mPreserveEnv); - break; - - } ---- a/sudo.h -+++ b/sudo.h -@@ -81,6 +81,7 @@ private: - int mChildPid; - int mPwdFd; - int mRet; -+ bool mPreserveEnv = false; - }; - - #endif //SUDO_H diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 2e54794..0000000 --- a/debian/patches/series +++ /dev/null @@ -1 +0,0 @@ -bypass-envvar-allowlist.patch