Rebase to 1.9.2

Resolves: rhbz#1859577

- added logsrvd subpackage
- added openssl-devel buildrequires
Resolves: rhbz#1860653
- fixed sudo runstatedir path
- it was generated as /sudo instead of /run/sudo
Resolves: rhbz#1868215
- added /var/lib/snapd/snap/bin to secure_path variable
Resolves: rhbz#1691996

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
This commit is contained in:
Radovan Sroka 2020-09-15 16:49:29 +02:00
parent 845456e9a7
commit 35c555c44a
No known key found for this signature in database
GPG Key ID: F5778AD785E3581F
5 changed files with 83 additions and 11 deletions

1
.gitignore vendored
View File

@ -23,3 +23,4 @@
/sudo-1.9.0b1.tar.gz /sudo-1.9.0b1.tar.gz
/sudo-1.9.0b4.tar.gz /sudo-1.9.0b4.tar.gz
/sudo-1.9.1.tar.gz /sudo-1.9.1.tar.gz
/sudo-1.9.2.tar.gz

View File

@ -0,0 +1,43 @@
From 0d7a041f18c5016abb78b74f3cfa505797e704ee Mon Sep 17 00:00:00 2001
From: Evan Anderson <evan@eaanderson.com>
Date: Sun, 6 Sep 2020 14:30:54 -0500
Subject: [PATCH] configure: Fix runstatedir handling for distros that do not
support it
runstatedir was added in yet-to-be released autoconf 2.70. Some distros
are shipping this addition in their autoconf packages, but others, such as Fedora,
are not. This causes the rundir variable to be set incorrectly if the configure script
is regenerated with an unpatched autoconf since the runstatedir variable set is deleted
after regeneration. This change works around that problem by checking that runstatedir
is non-empty before potentially using it to set the rundir variable
---
configure | 2 +-
m4/sudo.m4 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 0f6ceb16c..2e0838e01 100755
--- a/configure
+++ b/configure
@@ -26718,7 +26718,7 @@ EOF
$as_echo_n "checking for sudo run dir location... " >&6; }
if test -n "$with_rundir"; then
rundir="$with_rundir"
-elif test "$runstatedir" != '${localstatedir}/run'; then
+elif test -n "$runstatedir" && test "$runstatedir" != '${localstatedir}/run'; then
rundir="$runstatedir/sudo"
else
# No --with-rundir or --runstatedir specified
diff --git a/m4/sudo.m4 b/m4/sudo.m4
index a5a972b3c..b3a40b208 100644
--- a/m4/sudo.m4
+++ b/m4/sudo.m4
@@ -120,7 +120,7 @@ dnl
AC_DEFUN([SUDO_RUNDIR], [AC_MSG_CHECKING(for sudo run dir location)
if test -n "$with_rundir"; then
rundir="$with_rundir"
-elif test "$runstatedir" != '${localstatedir}/run'; then
+elif test -n "$runstatedir" && test "$runstatedir" != '${localstatedir}/run'; then
rundir="$runstatedir/sudo"
else
# No --with-rundir or --runstatedir specified

View File

@ -1 +1 @@
SHA512 (sudo-1.9.1.tar.gz) = 7994c7d8f020188eda51787bb5f6fe7668518cc89b711e7840470db7e5bac1219490ffccc73854fecb14ceb3ffaf0fc605f3438c87b83f27921ea3626365105c SHA512 (sudo-1.9.2.tar.gz) = 20afdf2604b1c93395157382b24f225cd1ff88d3a892362e2d69fecd240c4e7171f05032c08be1778cd1dea6e460025e4241f57272fac0ea3550e220b6d73d21

View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.9.1 Version: 1.9.2
Release: 3%{?dist} Release: 1%{?dist}
License: ISC License: ISC
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
@ -24,6 +24,7 @@ BuildRequires: zlib-devel
# don't strip # don't strip
Patch1: sudo-1.6.7p5-strip.patch Patch1: sudo-1.6.7p5-strip.patch
Patch2: configure-runstatedir.patch
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
@ -44,10 +45,22 @@ Requires: %{name} = %{version}-%{release}
The %{name}-devel package contains header files developing sudo The %{name}-devel package contains header files developing sudo
plugins that use %{name}. plugins that use %{name}.
%package logsrvd
Summary: High-performance log server for %{name}
Requires: %{name} = %{version}-%{release}
BuildRequires: openssl-devel
%description logsrvd
%{name}-logsrvd is a high-performance log server that accepts event and I/O logs from sudo.
It can be used to implement centralized logging of sudo logs.
%prep %prep
%setup -q %setup -q
%patch1 -p1 -b .strip %patch1 -p1 -b .strip
%patch2 -p1 -b .runstatedir
%build %build
# Remove bundled copy of zlib # Remove bundled copy of zlib
@ -67,6 +80,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
--sbindir=%{_sbindir} \ --sbindir=%{_sbindir} \
--libdir=%{_libdir} \ --libdir=%{_libdir} \
--docdir=%{_pkgdocdir} \ --docdir=%{_pkgdocdir} \
--enable-openssl \
--disable-root-mailer \ --disable-root-mailer \
--with-logging=syslog \ --with-logging=syslog \
--with-logfac=authpriv \ --with-logfac=authpriv \
@ -154,7 +168,6 @@ EOF
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf %attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf %attr(0640,root,root) %config(noreplace) /etc/sudo.conf
%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf
%dir /var/db/sudo %dir /var/db/sudo
%dir /var/db/sudo/lectured %dir /var/db/sudo/lectured
%attr(4111,root,root) %{_bindir}/sudo %attr(4111,root,root) %{_bindir}/sudo
@ -163,8 +176,6 @@ EOF
%attr(0755,root,root) %{_sbindir}/visudo %attr(0755,root,root) %{_sbindir}/visudo
%{_bindir}/cvtsudoers %{_bindir}/cvtsudoers
%dir %{_libexecdir}/sudo %dir %{_libexecdir}/sudo
%attr(0755,root,root) %{_sbindir}/sudo_logsrvd
%attr(0755,root,root) %{_sbindir}/sudo_sendlog
%attr(0755,root,root) %{_libexecdir}/sudo/sesh %attr(0755,root,root) %{_libexecdir}/sudo/sesh
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so %attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
@ -184,11 +195,7 @@ EOF
%{_mandir}/man8/visudo.8* %{_mandir}/man8/visudo.8*
%{_mandir}/man1/cvtsudoers.1.gz %{_mandir}/man1/cvtsudoers.1.gz
%{_mandir}/man5/sudoers_timestamp.5.gz %{_mandir}/man5/sudoers_timestamp.5.gz
%{_mandir}/man5/sudo_logsrv.proto.5.gz
%{_mandir}/man5/sudo_logsrvd.conf.5.gz
%{_mandir}/man8/sudo_logsrvd.8.gz
%{_mandir}/man8/sudo_plugin_python.8.gz %{_mandir}/man8/sudo_plugin_python.8.gz
%{_mandir}/man8/sudo_sendlog.8.gz
%dir %{_pkgdocdir}/ %dir %{_pkgdocdir}/
%{_pkgdocdir}/* %{_pkgdocdir}/*
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
@ -200,7 +207,28 @@ EOF
%{_includedir}/sudo_plugin.h %{_includedir}/sudo_plugin.h
%{_mandir}/man8/sudo_plugin.8* %{_mandir}/man8/sudo_plugin.8*
%files logsrvd
%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf
%attr(0755,root,root) %{_sbindir}/sudo_logsrvd
%attr(0755,root,root) %{_sbindir}/sudo_sendlog
%{_mandir}/man5/sudo_logsrv.proto.5.gz
%{_mandir}/man5/sudo_logsrvd.conf.5.gz
%{_mandir}/man8/sudo_logsrvd.8.gz
%{_mandir}/man8/sudo_sendlog.8.gz
%changelog %changelog
* Tue Sep 15 2020 Radovan Sroka <rsroka@redhat.com> - 1.9.2-1
- rebase to 1.9.2
Resolves: rhbz#1859577
- added logsrvd subpackage
- added openssl-devel buildrequires
Resolves: rhbz#1860653
- fixed sudo runstatedir path
- it was generated as /sudo instead of /run/sudo
Resolves: rhbz#1868215
- added /var/lib/snapd/snap/bin to secure_path variable
Resolves: rhbz#1691996
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-3 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-3
- Second attempt - Rebuilt for - Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

View File

@ -85,7 +85,7 @@ Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY
# #
# Defaults env_keep += "HOME" # Defaults env_keep += "HOME"
Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin
## Next comes the main part: which users can run what software on ## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple ## which machines (the sudoers file can be shared between multiple