From a9e1120791606b9d525d97030a81d80599edc9e8 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Sat, 8 Feb 2025 10:24:11 -0700
Subject: [PATCH] Only package parent directories that match a non-default
 prefix

For example, if sudo is installed into /opt/sudo we only want to
package directories under /opt and not /var.
---
 etc/sudo-logsrvd.pp | 8 +++++++-
 etc/sudo-python.pp  | 8 +++++++-
 etc/sudo.pp         | 8 +++++++-
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/etc/sudo-logsrvd.pp b/etc/sudo-logsrvd.pp
index 27f5b35d5..a51fc03ab 100644
--- a/etc/sudo-logsrvd.pp
+++ b/etc/sudo-logsrvd.pp
@@ -5,7 +5,7 @@
 from sudo clients.
 This makes it possible to have all sudo I/O logs on a central server."
 	vendor="Todd C. Miller"
-	copyright="Copyright 2019-2024 Todd C. Miller"
+	copyright="Copyright 2019-2025 Todd C. Miller"
 
 %if [aix]
 	# Convert to 4 part version for AIX, including patch level
@@ -167,10 +167,16 @@ This makes it possible to have all sudo I/O logs on a central server."
 	    extradirs="$extradirs `dirname $docdir` `dirname $rundir`"
 	    test "`dirname $exampledir`" != "$docdir" && extradirs="$extradirs `dirname $exampledir`"
 	    for dir in $sbindir $extradirs; do
+		# Only package directories that match the prefix,
+		# otherwise we could package directories like /var.
+		case "$dir" in
+		${prefix}*)
 		    while test "$dir" != "/"; do
 			    parentdirs="${parentdirs}${parentdirs+ }$dir/"
 			    dir=`dirname $dir`
 		    done
+		    ;;
+		esac
 	    done
 	    parentdirs=`echo $parentdirs | tr " " "\n" | sort -u`
 	fi
diff --git a/etc/sudo-python.pp b/etc/sudo-python.pp
index 3faf55cd2..646c4312b 100644
--- a/etc/sudo-python.pp
+++ b/etc/sudo-python.pp
@@ -3,7 +3,7 @@
 	summary="Sudo Python plugin framework"
 	description="The sudo Python plugin allows you to extend sudo using Python."
 	vendor="Todd C. Miller"
-	copyright="Copyright 2019-2024 Todd C. Miller"
+	copyright="Copyright 2019-2025 Todd C. Miller"
 
 %if [aix]
 	# Convert to 4 part version for AIX, including patch level
@@ -117,10 +117,16 @@
 	    extradirs="$extradirs `dirname $docdir`"
 	    test "`dirname $exampledir`" != "$docdir" && extradirs="$extradirs `dirname $exampledir`"
 	    for dir in $libexecdir $extradirs; do
+		# Only package directories that match the prefix,
+		# otherwise we could package directories like /var.
+		case "$dir" in
+		${prefix}*)
 		    while test "$dir" != "/"; do
 			    parentdirs="${parentdirs}${parentdirs+ }$dir/"
 			    dir=`dirname $dir`
 		    done
+		;;
+		esac
 	    done
 	    parentdirs=`echo $parentdirs | tr " " "\n" | sort -u`
 	fi
diff --git a/etc/sudo.pp b/etc/sudo.pp
index 3e323c67a..2dfbeabd0 100644
--- a/etc/sudo.pp
+++ b/etc/sudo.pp
@@ -10,7 +10,7 @@ limited root privileges to users and log root activity.  \
 The basic philosophy is to give as few privileges as possible but \
 still allow people to get their work done."
 	vendor="Todd C. Miller"
-	copyright="Copyright 1994-1996,1998-2024 Todd C. Miller"
+	copyright="Copyright 1994-1996,1998-2025 Todd C. Miller"
 	sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"`
 	sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'`
 
@@ -295,10 +295,16 @@ still allow people to get their work done."
 	    test "`dirname $exampledir`" != "$docdir" && extradirs="$extradirs `dirname $exampledir`"
 	    test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir"
 	    for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
+		# Only package directories that match the prefix,
+		# otherwise we could package directories like /var.
+		case "$dir" in
+		${prefix}*)
 		    while test "$dir" != "/"; do
 			    parentdirs="${parentdirs}${parentdirs+ }$dir/"
 			    dir=`dirname $dir`
 		    done
+		    ;;
+		esac
 	    done
 	    parentdirs=`echo $parentdirs | tr " " "\n" | sort -u`
 	fi