rebase to 1.8.1p2

removed .sudoi patch
fixed typo: RELPRO -> RELRO
added -devel subpackage for the sudo_plugin.h header file
use default ldap configuration files again

.gitignore

@@ -4,3 +4,4 @@ sudo-1.7.2p2-sudoers
 /sudo-1.7.2p2-sudoers
 /sudo-1.7.4p4-sudoers
 /sudo-1.7.4p5.tar.gz
+/sudo-1.8.1p2.tar.gz

sources

@@ -1,2 +1,2 @@
-4c8105507363371dea89ceb7c92187dd  sudo-1.7.4p5.tar.gz
+e8330f0e63b0ecb2e12b5c76922818cc  sudo-1.8.1p2.tar.gz
 56f74aed3a7b32f2b01a34d65ac86f85  sudo-1.7.4p4-sudoers

sudo-1.7.4p4-getgrouplist-fixed.patch

@@ -1,42 +0,0 @@
-diff -up sudo-1.7.4p4/configure.in.getgrouplist sudo-1.7.4p4/configure.in
---- sudo-1.7.4p4/configure.in.getgrouplist	2011-01-11 10:45:49.170262147 +0100
-+++ sudo-1.7.4p4/configure.in	2011-01-11 10:45:49.176261407 +0100
-@@ -1913,7 +1913,7 @@ AC_FUNC_GETGROUPS
- AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
- 	       strftime setrlimit initgroups getgroups fstat gettimeofday \
- 	       regcomp setlocale getaddrinfo setenv vhangup \
--	       mbr_check_membership setrlimit64)
-+	       mbr_check_membership setrlimit64 getgrouplist)
- AC_CHECK_FUNCS(getline, [], [
-     AC_LIBOBJ(getline)
-     AC_CHECK_FUNCS(fgetln)
-diff -up sudo-1.7.4p4/pwutil.c.getgrouplist sudo-1.7.4p4/pwutil.c
---- sudo-1.7.4p4/pwutil.c.getgrouplist	2010-08-06 15:44:30.000000000 +0200
-+++ sudo-1.7.4p4/pwutil.c	2011-01-11 11:42:16.771282451 +0100
-@@ -628,5 +628,26 @@ user_in_group(pw, group)
-     }
- #endif /* HAVE_MBR_CHECK_MEMBERSHIP */
- 
-+#ifdef HAVE_GETGROUPLIST
-+    if (user_ngroups >= 0 &&
-+	strcmp(pw->pw_name, list_pw ? list_pw->pw_name : user_name) == 0)
-+    {
-+	gid_t *grouplist, grouptmp;
-+	int n_groups, i;
-+	n_groups = 1;
-+
-+	if (getgrouplist(user_name, user_gid, &grouptmp, &n_groups) == -1) {
-+	    grouplist = (gid_t *) emalloc(sizeof(gid_t) * (n_groups + 1));
-+	    if (getgrouplist(user_name, user_gid, grouplist, &n_groups) > 0)
-+		for (i = 0; i < n_groups; i++)
-+		    if (grouplist[i] == grp->gr_gid) {
-+			free(grouplist);
-+			return(TRUE);
-+		    }
-+	    free(grouplist);
-+	}
-+    }
-+#endif /* HAVE_GETGROUPLIST */
-+
-     return(FALSE);
- }

sudo-1.7.4p4-sudoi.patch

@@ -1,57 +0,0 @@
---- env.c	Wed Aug 18 15:27:03 2010
-+++ env.c	Tue Sep 14 11:41:50 2010
-@@ -608,10 +608,16 @@
- #ifdef ENV_DEBUG
-     memset(env.envp, 0, env.env_size * sizeof(char *));
- #endif
--    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
--	/* Reset HOME based on target user unless keeping old value. */
--	reset_home = TRUE;
- 
-+    /* Reset HOME based on target user if configured to. */
-+    if (ISSET(sudo_mode, MODE_RUN)) {
-+	if (def_always_set_home ||
-+	    ISSET(sudo_mode, MODE_RESET_HOME | MODE_LOGIN_SHELL) || 
-+	    (ISSET(sudo_mode, MODE_SHELL) && def_set_home))
-+	    reset_home = TRUE;
-+    }
-+
-+    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
- 	/* Pull in vars we want to keep from the old environment. */
- 	for (ep = old_envp; *ep; ep++) {
- 	    int keepit;
-@@ -696,6 +702,11 @@
- 	    if (!ISSET(didvar, DID_USERNAME))
- 		sudo_setenv("USERNAME", user_name, FALSE);
- 	}
-+
-+	/* If we didn't keep HOME, reset it based on target user. */
-+	if (!ISSET(didvar, KEPT_HOME))
-+	    reset_home = TRUE;
-+
- 	/*
- 	 * Set MAIL to target user in -i mode or if MAIL is not preserved
- 	 * from user's environment.
-@@ -709,13 +720,6 @@
- 	    sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
- 	}
-     } else {
--	/* Reset HOME based on target user if configured to. */
--	if (ISSET(sudo_mode, MODE_RUN)) {
--	    if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) || 
--		(ISSET(sudo_mode, MODE_SHELL) && def_set_home))
--		reset_home = TRUE;
--	}
--
- 	/*
- 	 * Copy environ entries as long as they don't match env_delete or
- 	 * env_check.
-@@ -765,7 +769,7 @@
-     }
- 
-     /* Set $HOME to target user if not preserving user's value. */
--    if (reset_home && !ISSET(didvar, KEPT_HOME))
-+    if (reset_home)
- 	sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
- 
-     /* Provide default values for $TERM and $PATH if they are not set. */

sudo-1.8.1p2-getgrouplist.patch

@@ -0,0 +1,44 @@
+diff -up sudo-1.8.1p2/configure.in.getgrouplist sudo-1.8.1p2/configure.in
+--- sudo-1.8.1p2/configure.in.getgrouplist	2011-07-12 12:13:29.562597933 +0200
++++ sudo-1.8.1p2/configure.in	2011-07-12 12:15:27.116597851 +0200
+@@ -2007,7 +2007,7 @@ dnl
+ AC_FUNC_GETGROUPS
+ AC_CHECK_FUNCS(strrchr sysconf tzset strftime initgroups getgroups fstat \
+ 	       regcomp setlocale nl_langinfo getaddrinfo mbr_check_membership \
+-	       setrlimit64 sysctl)
++	       setrlimit64 sysctl getgrouplist)
+ AC_CHECK_FUNCS(getline, [], [
+     AC_LIBOBJ(getline)
+     AC_CHECK_FUNCS(fgetln)
+diff -up sudo-1.8.1p2/plugins/sudoers/pwutil.c.getgrouplist sudo-1.8.1p2/plugins/sudoers/pwutil.c
+--- sudo-1.8.1p2/plugins/sudoers/pwutil.c.getgrouplist	2011-07-12 12:13:17.346597942 +0200
++++ sudo-1.8.1p2/plugins/sudoers/pwutil.c	2011-07-12 12:19:02.171597700 +0200
+@@ -711,6 +711,28 @@ user_in_group(struct passwd *pw, const c
+     }
+ #endif /* HAVE_MBR_CHECK_MEMBERSHIP */
+ 
++#ifdef HAVE_GETGROUPLIST
++    if (user_ngroups >= 0 &&
++       strcmp(pw->pw_name, list_pw ? list_pw->pw_name : user_name) == 0)
++    {
++       gid_t *grouplist, grouptmp;
++       int n_groups, i;
++       n_groups = 1;
++
++       if (getgrouplist(user_name, user_gid, &grouptmp, &n_groups) == -1) {
++           grouplist = (gid_t *) emalloc(sizeof(gid_t) * (n_groups + 1));
++           if (getgrouplist(user_name, user_gid, grouplist, &n_groups) > 0)
++               for (i = 0; i < n_groups; i++)
++                   if (grouplist[i] == grp->gr_gid) {
++                       free(grouplist);
++                       retval = TRUE;
++                       goto done;
++                   }
++           free(grouplist);
++       }
++    }
++#endif /* HAVE_GETGROUPLIST */
++
+ done:
+     if (grp != NULL)
+ 	gr_delref(grp);

sudo.spec

@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.7.4p5
-Release: 4%{?dist}
+Version: 1.8.1p2
+Release: 1%{?dist}
 License: ISC
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@@ -28,9 +28,7 @@ Patch2: sudo-1.7.2p1-envdebug.patch
 Patch3: sudo-1.7.4p3-m4path.patch
 # getgrouplist() to determine group membership (#235915)
 # - version with CVE-2009-0034 fixed
-Patch4: sudo-1.7.4p4-getgrouplist-fixed.patch
-# reset HOME when using the `-i' option (#635250)
-Patch5: sudo-1.7.4p4-sudoi.patch
+Patch4: sudo-1.8.1p2-getgrouplist.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -43,19 +41,24 @@ audit trail of who did what), a configurable timeout of the sudo
 command, and the ability to use the same configuration file (sudoers)
 on many different machines.
 
+%package        devel
+Summary:        Development files for %{name}
+Group:          Development/Libraries
+Requires:       %{name} = %{version}-%{release}
+
+%description    devel
+The %{name}-devel package contains header files developing sudo
+plugins that use %{name}.
+
 %prep
 %setup -q
 
 %patch1 -p1 -b .strip
 %patch2 -p1 -b .envdebug
 %patch3 -p1 -b .m4path
-%patch4 -p1 -b .getgrouplist-fixed
-%patch5 -p0 -b .sudoi
+%patch4 -p1 -b .getgrouplist
 
 %build
-# handle newer autoconf
-rm -f acsite.m4
-mv aclocal.m4 acinclude.m4
 autoreconf -fv --install
 
 %ifarch s390 s390x sparc64
@@ -80,8 +83,6 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
         --with-ignore-dot \
         --with-tty-tickets \
         --with-ldap \
-	--with-ldap-conf-file="%{_sysconfdir}/nss_ldap.conf" \
-	--with-ldap-secret-file="%{_sysconfdir}/nss_ldap.secret" \
 	--with-selinux \
 	--with-passprompt="[sudo] password for %p: " \
 	--with-linux-audit
@@ -122,8 +123,9 @@ rm -rf $RPM_BUILD_ROOT
 
 %files
 %defattr(-,root,root)
-%doc ChangeLog NEWS HISTORY LICENSE README* TROUBLESHOOTING UPGRADE
-%doc schema.* sudoers2ldif sample.*
+%doc ChangeLog NEWS README* MANIFEST
+%doc doc/HISTORY doc/LICENSE doc/TROUBLESHOOTING doc/UPGRADE
+%doc doc/schema.* plugins/sudoers/sudoers2ldif doc/sample.*
 %attr(0440,root,root) %config(noreplace) /etc/sudoers
 %attr(0750,root,root) %dir /etc/sudoers.d/
 %config(noreplace) /etc/pam.d/sudo
@@ -135,6 +137,7 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0755,root,root) %{_sbindir}/visudo
 %attr(0755,root,root) %{_libexecdir}/sesh
 %{_libexecdir}/sudo_noexec.*
+%{_libexecdir}/sudoers.*
 %{_mandir}/man5/sudoers.5*
 %{_mandir}/man5/sudoers.ldap.5*
 %{_mandir}/man8/sudo.8*
@@ -146,9 +149,22 @@ rm -rf $RPM_BUILD_ROOT
 %post
 /bin/chmod 0440 /etc/sudoers || :
 
+%files devel
+%defattr(-,root,root,-)
+%doc plugins/{sample,sample_group}
+%{_includedir}/sudo_plugin.h
+%{_mandir}/man8/sudo_plugin.8*
+
 %changelog
+* Tue Jul 12 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.1p2-1
+- rebase to 1.8.1p2
+- removed .sudoi patch
+- fixed typo: RELPRO -> RELRO
+- added -devel subpackage for the sudo_plugin.h header file
+- use default ldap configuration files again
+
 * Fri Jun  3 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
-- build with RELPRO
+- build with RELRO
 
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.4p5-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild