rpms/sudo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

update to 1.8.17p1

Browse Source 
- install the /var/db/sudo/lectured
  Resolves: rhbz#1321414
This commit is contained in:
Daniel Kopecek 2016-06-24 16:22:57 +02:00
parent d3ea02b0f5
commit 932e467d11
11 changed files with 11 additions and 474 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
/sudo-1.8.16.tar.gz
/sudo-1.8.17p1.tar.gz

2
sources
View File

@ -1 +1 @@
a977449587dc857e129bb20555b46af4 sudo-1.8.16.tar.gz
50a840a688ceb6fa3ab24fc0adf4fa23 sudo-1.8.17p1.tar.gz

12
sudo-1.7.2p1-envdebug.patch
View File

@ -1,12 +0,0 @@
diff -up sudo-1.7.2p1/configure.in.envdebug sudo-1.7.2p1/configure.in
--- sudo-1.7.2p1/configure.in.envdebug 2009-10-30 12:18:09.000000000 +0100
+++ sudo-1.7.2p1/configure.in 2009-10-30 12:19:01.000000000 +0100
@@ -1214,7 +1214,7 @@ AC_ARG_ENABLE(env_debug,
[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
- AC_DEFINE(ENV_DEBUG)
+ AC_DEFINE(ENV_DEBUG, [], [Environment debugging.])
;;
no) AC_MSG_RESULT(no)
;;

17
sudo-1.8.11p2-auditfix.patch
View File

@ -1,17 +0,0 @@
diff -up sudo-1.8.11p2/plugins/sudoers/linux_audit.c.auditfix sudo-1.8.11p2/plugins/sudoers/linux_audit.c
--- sudo-1.8.11p2/plugins/sudoers/linux_audit.c.auditfix 2014-11-03 12:44:53.674230966 +0100
+++ sudo-1.8.11p2/plugins/sudoers/linux_audit.c 2014-11-03 12:45:13.407021599 +0100
@@ -57,10 +57,10 @@ linux_audit_open(void)
au_fd = audit_open();
if (au_fd == -1) {
/* Kernel may not have audit support. */
- if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT) {
- sudo_warn(U_("unable to open audit system"));
+ if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT)
au_fd = AUDIT_NOT_CONFIGURED;
- }
+ else
+ sudo_warn(U_("unable to open audit system"));
} else {
(void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
}

38
sudo-1.8.14p1-docpassexpire.patch
View File

@ -1,38 +0,0 @@
diff -up sudo-1.8.14b4/doc/sudoers.cat.docpassexpire sudo-1.8.14b4/doc/sudoers.cat
--- sudo-1.8.14b4/doc/sudoers.cat.docpassexpire 2015-06-09 00:47:07.000000000 +0200
+++ sudo-1.8.14b4/doc/sudoers.cat 2015-07-14 13:11:11.116000185 +0200
@@ -1328,8 +1328,8 @@ SSUUDDOOEERRSS OOPPTTIIOONN
fractional component if minute granularity is
insufficient, for example 2.5. The default is 5. Set
this to 0 to always prompt for a password. If set to a
- value less than 0 the user's time stamp will never
- expire. This can be used to allow users to create or
+ value less than 0 the user's time stamp will not
+ expire until reboot. This can be used to allow users to create or
delete their own time stamps via ``sudo -v'' and ``sudo
-k'' respectively.
diff -up sudo-1.8.14b4/doc/sudoers.man.in.docpassexpire sudo-1.8.14b4/doc/sudoers.man.in
--- sudo-1.8.14b4/doc/sudoers.man.in.docpassexpire 2015-07-14 13:11:11.116000185 +0200
+++ sudo-1.8.14b4/doc/sudoers.man.in 2015-07-14 13:14:17.261222481 +0200
@@ -2822,7 +2822,7 @@ Set this to
to always prompt for a password.
If set to a value less than
\fR0\fR
-the user's time stamp will never expire.
+the user's time stamp will not expire until reboot.
This can be used to allow users to create or delete their own time stamps via
\(Lq\fRsudo -v\fR\(Rq
and
diff -up sudo-1.8.14b4/doc/sudoers.mdoc.in.docpassexpire sudo-1.8.14b4/doc/sudoers.mdoc.in
--- sudo-1.8.14b4/doc/sudoers.mdoc.in.docpassexpire 2015-04-07 18:15:50.000000000 +0200
+++ sudo-1.8.14b4/doc/sudoers.mdoc.in 2015-07-14 13:11:11.117000176 +0200
@@ -2647,7 +2647,7 @@ Set this to
to always prompt for a password.
If set to a value less than
.Li 0
-the user's time stamp will never expire.
+the user's time stamp will not expire until reboot.
This can be used to allow users to create or delete their own time stamps via
.Dq Li sudo -v
and

122
sudo-1.8.14p3-initialization.patch
View File

@ -1,122 +0,0 @@
diff -up ./lib/util/strsplit.c.initialization ./lib/util/strsplit.c
--- ./lib/util/strsplit.c.initialization 2015-07-22 14:22:49.000000000 +0200
+++ ./lib/util/strsplit.c 2015-08-18 13:28:28.141319501 +0200
@@ -37,6 +37,10 @@ sudo_strsplit_v1(const char *str, const
const char *cp, *s;
debug_decl(sudo_strsplit, SUDO_DEBUG_UTIL)
+ /* exclusion of two NULLs at the same time */
+ if (str == NULL && *last == NULL)
+ debug_return_ptr(NULL);
+
/* If no str specified, use last ptr (if any). */
if (str == NULL)
str = *last;
diff -up ./lib/util/sudo_conf.c.initialization ./lib/util/sudo_conf.c
--- ./lib/util/sudo_conf.c.initialization 2015-07-22 14:22:49.000000000 +0200
+++ ./lib/util/sudo_conf.c 2015-08-18 13:28:28.142319494 +0200
@@ -161,7 +161,7 @@ static int
parse_path(const char *entry, const char *conf_file, unsigned int lineno)
{
const char *entry_end = entry + strlen(entry);
- const char *ep, *name, *path;
+ const char *ep = NULL, *name, *path;
struct sudo_conf_path_table *cur;
size_t namelen;
debug_decl(parse_path, SUDO_DEBUG_UTIL)
@@ -208,7 +208,7 @@ parse_debug(const char *entry, const cha
{
struct sudo_conf_debug *debug_spec;
struct sudo_debug_file *debug_file = NULL;
- const char *ep, *path, *progname, *flags;
+ const char *ep = NULL, *path, *progname, *flags;
const char *entry_end = entry + strlen(entry);
size_t pathlen, prognamelen;
debug_decl(parse_debug, SUDO_DEBUG_UTIL)
@@ -278,7 +278,7 @@ static int
parse_plugin(const char *entry, const char *conf_file, unsigned int lineno)
{
struct plugin_info *info = NULL;
- const char *ep, *path, *symbol;
+ const char *ep = NULL, *path, *symbol;
const char *entry_end = entry + strlen(entry);
char **options = NULL;
size_t pathlen, symlen;
diff -up ./plugins/sudoers/editor.c.initialization ./plugins/sudoers/editor.c
--- ./plugins/sudoers/editor.c.initialization 2015-07-22 14:22:49.000000000 +0200
+++ ./plugins/sudoers/editor.c 2015-08-18 13:28:28.142319494 +0200
@@ -45,7 +45,7 @@ resolve_editor(const char *ed, size_t ed
int *argc_out, char ***argv_out, char * const *whitelist)
{
char **nargv, *editor, *editor_path = NULL;
- const char *cp, *ep, *tmp;
+ const char *cp, *ep = NULL, *tmp;
const char *edend = ed + edlen;
struct stat user_editor_sb;
int nargc;
diff -up ./plugins/sudoers/interfaces.c.initialization ./plugins/sudoers/interfaces.c
--- ./plugins/sudoers/interfaces.c.initialization 2015-07-22 14:22:50.000000000 +0200
+++ ./plugins/sudoers/interfaces.c 2015-08-18 13:28:28.142319494 +0200
@@ -109,7 +109,7 @@ get_interfaces(void)
void
dump_interfaces(const char *ai)
{
- const char *cp, *ep;
+ const char *cp, *ep = NULL;
const char *ai_end = ai + strlen(ai);
debug_decl(set_interfaces, SUDOERS_DEBUG_NETIF)
diff -up ./plugins/sudoers/sudoers.c.initialization ./plugins/sudoers/sudoers.c
--- ./plugins/sudoers/sudoers.c.initialization 2015-07-22 14:22:50.000000000 +0200
+++ ./plugins/sudoers/sudoers.c 2015-08-18 13:28:28.142319494 +0200
@@ -1186,7 +1186,7 @@ sudoers_cleanup(void)
static char *
find_editor(int nfiles, char **files, int *argc_out, char ***argv_out)
{
- const char *cp, *ep, *editor = NULL;
+ const char *cp, *ep = NULL, *editor = NULL;
char *editor_path = NULL, **ev, *ev0[4];
debug_decl(find_editor, SUDOERS_DEBUG_PLUGIN)
diff -up ./plugins/sudoers/sudoreplay.c.initialization ./plugins/sudoers/sudoreplay.c
--- ./plugins/sudoers/sudoreplay.c.initialization 2015-07-22 14:22:49.000000000 +0200
+++ ./plugins/sudoers/sudoreplay.c 2015-08-18 13:39:53.776411920 +0200
@@ -189,7 +189,7 @@ main(int argc, char *argv[])
int ch, idx, plen, exitcode = 0, rows = 0, cols = 0;
bool def_filter = true, listonly = false;
const char *decimal, *id, *user = NULL, *pattern = NULL, *tty = NULL;
- char *cp, *ep, path[PATH_MAX];
+ char *cp, *ep = NULL, path[PATH_MAX];
struct log_info *li;
double max_wait = 0;
debug_decl(main, SUDO_DEBUG_MAIN)
@@ -225,6 +225,8 @@ main(int argc, char *argv[])
/* Set the replay filter. */
def_filter = false;
for (cp = strtok_r(optarg, ",", &ep); cp; cp = strtok_r(NULL, ",", &ep)) {
+ if (ep == NULL)
+ sudo_fatalx(U_("invalid filter option: %s"), optarg);
if (strcmp(cp, "stdout") == 0)
io_log_files[IOFD_STDOUT].enabled = true;
else if (strcmp(cp, "stderr") == 0)
diff -up ./plugins/sudoers/visudo.c.initialization ./plugins/sudoers/visudo.c
--- ./plugins/sudoers/visudo.c.initialization 2015-07-22 14:22:50.000000000 +0200
+++ ./plugins/sudoers/visudo.c 2015-08-18 13:28:28.142319494 +0200
@@ -287,7 +287,7 @@ get_editor(int *editor_argc, char ***edi
/* Build up editor whitelist from def_editor unless env_editor is set. */
if (!def_env_editor) {
- const char *cp, *ep;
+ const char *cp, *ep = NULL;
const char *def_editor_end = def_editor + strlen(def_editor);
/* Count number of entries in whitelist and split into a list. */
@@ -325,7 +325,7 @@ get_editor(int *editor_argc, char ***edi
if (editor_path == NULL) {
/* def_editor could be a path, split it up, avoiding strtok() */
const char *def_editor_end = def_editor + strlen(def_editor);
- const char *cp, *ep;
+ const char *cp, *ep = NULL;
for (cp = sudo_strsplit(def_editor, def_editor_end, ":", &ep);
cp != NULL; cp = sudo_strsplit(NULL, def_editor_end, ":", &ep)) {
editor_path = resolve_editor(cp, (size_t)(ep - cp), 2, files,

41
sudo-1.8.16-seshargsfix.patch
View File

@ -1,41 +0,0 @@
diff -up sudo-1.8.16/src/selinux.c.seshargsfix sudo-1.8.16/src/selinux.c
--- sudo-1.8.16/src/selinux.c.seshargsfix 2016-03-17 17:13:10.000000000 +0100
+++ sudo-1.8.16/src/selinux.c 2016-05-13 11:14:04.628296996 +0200
@@ -378,7 +378,7 @@ selinux_execve(int fd, const char *path,
{
char **nargv;
const char *sesh;
- int argc, serrno;
+ int argc, nargc, serrno;
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX)
sesh = sudo_conf_sesh_path();
@@ -409,9 +409,7 @@ selinux_execve(int fd, const char *path,
*/
for (argc = 0; argv[argc] != NULL; argc++)
continue;
- if (fd != -1)
- argc++;
- nargv = reallocarray(NULL, argc + 2, sizeof(char *));
+ nargv = reallocarray(NULL, argc + 3, sizeof(char *));
if (nargv == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return;
@@ -420,13 +418,13 @@ selinux_execve(int fd, const char *path,
nargv[0] = *argv[0] == '-' ? "-sesh-noexec" : "sesh-noexec";
else
nargv[0] = *argv[0] == '-' ? "-sesh" : "sesh";
- argc = 1;
- if (fd != -1 && asprintf(&nargv[argc++], "--execfd=%d", fd) == -1) {
+ nargc = 1;
+ if (fd != -1 && asprintf(&nargv[nargc++], "--execfd=%d", fd) == -1) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return;
}
- nargv[argc] = (char *)path;
- memcpy(&nargv[argc + 1], &argv[argc], argc * sizeof(char *)); /* copies NULL */
+ nargv[nargc++] = (char *)path;
+ memcpy(&nargv[nargc], &argv[1], argc * sizeof(char *)); /* copies NULL */
/* sesh will handle noexec for us. */
sudo_execve(-1, sesh, nargv, envp, false);

60
sudo-1.8.8-clangbugs.patch
View File

@ -1,60 +0,0 @@
diff -up sudo-1.8.8/plugins/sudoers/auth/pam.c.clangbugs sudo-1.8.8/plugins/sudoers/auth/pam.c
--- sudo-1.8.8/plugins/sudoers/auth/pam.c.clangbugs 2013-09-30 23:41:07.899529555 +0200
+++ sudo-1.8.8/plugins/sudoers/auth/pam.c 2013-09-30 23:41:58.988707761 +0200
@@ -246,6 +246,7 @@ sudo_pam_begin_session(struct passwd *pw
(void) pam_end(pamh, *pam_status | PAM_DATA_SILENT);
pamh = NULL;
status = AUTH_FAILURE;
+ goto done;
}
}
diff -up sudo-1.8.8/plugins/sudoers/sssd.c.clangbugs sudo-1.8.8/plugins/sudoers/sssd.c
--- sudo-1.8.8/plugins/sudoers/sssd.c.clangbugs 2013-09-30 23:44:20.404200629 +0200
+++ sudo-1.8.8/plugins/sudoers/sssd.c 2013-09-30 23:49:05.998194738 +0200
@@ -310,11 +310,10 @@ static int sudo_sss_close(struct sudo_ns
debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD);
if (nss && nss->handle) {
- handle = nss->handle;
- dlclose(handle->ssslib);
+ handle = nss->handle;
+ dlclose(handle->ssslib);
+ efree(nss->handle);
}
-
- efree(nss->handle);
debug_return_int(0);
}
@@ -705,17 +704,21 @@ sudo_sss_result_get(struct sudo_nss *nss
sudo_sss_result_filterp, _SUDO_SSS_FILTER_INCLUDE, NULL);
if (f_sss_result != NULL) {
- if (f_sss_result->num_rules > 0) {
- if (state != NULL) {
- sudo_debug_printf(SUDO_DEBUG_DEBUG, "state |= HOSTMATCH");
- *state |= _SUDO_SSS_STATE_HOSTMATCH;
+ if (f_sss_result->num_rules > 0) {
+ if (state != NULL) {
+ sudo_debug_printf(SUDO_DEBUG_DEBUG, "state |= HOSTMATCH");
+ *state |= _SUDO_SSS_STATE_HOSTMATCH;
+ }
}
- }
- }
- sudo_debug_printf(SUDO_DEBUG_DEBUG,
- "u_sss_result=(%p, %u) => f_sss_result=(%p, %u)", u_sss_result,
- u_sss_result->num_rules, f_sss_result, f_sss_result->num_rules);
+ sudo_debug_printf(SUDO_DEBUG_DEBUG,
+ "u_sss_result=(%p, %u) => f_sss_result=(%p, %u)", u_sss_result,
+ u_sss_result->num_rules, f_sss_result, f_sss_result->num_rules);
+ } else {
+ sudo_debug_printf(SUDO_DEBUG_DEBUG,
+ "u_sss_result=(%p, %u) => f_sss_result=NULL",
+ u_sss_result, u_sss_result->num_rules);
+ }
handle->fn_free_result(u_sss_result);

119
sudo-1.8.8-sssdfixes.patch
View File

@ -1,119 +0,0 @@
diff -up sudo-1.8.8/plugins/sudoers/sssd.c.sssdfixes sudo-1.8.8/plugins/sudoers/sssd.c
--- sudo-1.8.8/plugins/sudoers/sssd.c.sssdfixes 2013-09-30 23:18:49.641913457 +0200
+++ sudo-1.8.8/plugins/sudoers/sssd.c 2013-09-30 23:25:54.819376696 +0200
@@ -534,30 +534,31 @@ sudo_sss_check_runas_group(struct sudo_s
* Walk through search results and return true if we have a runas match,
* else false. RunAs info is optional.
*/
-static int
+static bool
sudo_sss_check_runas(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
{
- int ret;
+ bool ret;
debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD);
if (rule == NULL)
- debug_return_int(false);
+ debug_return_bool(false);
ret = sudo_sss_check_runas_user(handle, rule) != false &&
sudo_sss_check_runas_group(handle, rule) != false;
- debug_return_int(ret);
+ debug_return_bool(ret);
}
-static int
+static bool
sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
{
char **val_array, *val;
- int ret = false, i;
+ bool ret = false;
+ int i;
debug_decl(sudo_sss_check_host, SUDO_DEBUG_SSSD);
if (rule == NULL)
- debug_return_int(ret);
+ debug_return_bool(ret);
/* get the values from the rule */
switch (handle->fn_get_values(rule, "sudoHost", &val_array))
@@ -566,10 +567,10 @@ sudo_sss_check_host(struct sudo_sss_hand
break;
case ENOENT:
sudo_debug_printf(SUDO_DEBUG_INFO, "No result.");
- debug_return_int(false);
+ debug_return_bool(false);
default:
sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoHost): != 0");
- debug_return_int(ret);
+ debug_return_bool(ret);
}
/* walk through values */
@@ -589,7 +590,52 @@ sudo_sss_check_host(struct sudo_sss_hand
handle->fn_free_values(val_array);
- debug_return_int(ret);
+ debug_return_bool(ret);
+}
+
+/*
+ * Look for netgroup specifcations in the sudoUser attribute and
+ * if found, filter according to netgroup membership.
+ * returns:
+ * true -> netgroup spec found && negroup member
+ * false -> netgroup spec found && not a meber of netgroup
+ * true -> netgroup spec not found (filtered by SSSD already, netgroups are an exception)
+ */
+bool sudo_sss_filter_user_netgroup(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
+{
+ bool ret = false, netgroup_spec_found = false;
+ char **val_array, *val;
+ int i;
+ debug_decl(sudo_sss_check_user_netgroup, SUDO_DEBUG_SSSD);
+
+ if (!handle || !rule)
+ debug_return_bool(ret);
+
+ switch (handle->fn_get_values(rule, "sudoUser", &val_array)) {
+ case 0:
+ break;
+ case ENOENT:
+ sudo_debug_printf(SUDO_DEBUG_INFO, "No result.");
+ debug_return_bool(ret);
+ default:
+ sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoUser): != 0");
+ debug_return_bool(ret);
+ }
+
+ for (i = 0; val_array[i] != NULL && !ret; ++i) {
+ val = val_array[i];
+ if (*val == '+') {
+ netgroup_spec_found = true;
+ }
+ sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val);
+ if (strcmp(val, "ALL") == 0 || netgr_matches(val, NULL, NULL, user_name)) {
+ ret = true;
+ sudo_debug_printf(SUDO_DEBUG_DIAG,
+ "sssd/ldap sudoUser '%s' ... MATCH! (%s)", val, user_name);
+ }
+ }
+ handle->fn_free_values(val_array);
+ debug_return_bool(netgroup_spec_found ? ret : true);
}
static int
@@ -599,7 +645,8 @@ sudo_sss_result_filterp(struct sudo_sss_
(void)unused;
debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD);
- if (sudo_sss_check_host(handle, rule))
+ if (sudo_sss_check_host(handle, rule) &&
+ sudo_sss_filter_user_netgroup(handle, rule))
debug_return_int(1);
else
debug_return_int(0);

53
sudo-1.8.8-strictuidgid.patch
View File

@ -1,53 +0,0 @@
diff -up sudo-1.8.8/plugins/sudoers/match.c.strictuidgid sudo-1.8.8/plugins/sudoers/match.c
--- sudo-1.8.8/plugins/sudoers/match.c.strictuidgid 2013-09-30 23:30:12.359263967 +0200
+++ sudo-1.8.8/plugins/sudoers/match.c 2013-09-30 23:31:04.335443002 +0200
@@ -777,14 +777,16 @@ hostname_matches(char *shost, char *lhos
bool
userpw_matches(char *sudoers_user, char *user, struct passwd *pw)
{
- debug_decl(userpw_matches, SUDO_DEBUG_MATCH)
-
- if (pw != NULL && *sudoers_user == '#') {
- uid_t uid = (uid_t) atoi(sudoers_user + 1);
- if (uid == pw->pw_uid)
- debug_return_bool(true);
- }
- debug_return_bool(strcmp(sudoers_user, user) == 0);
+ debug_decl(userpw_matches, SUDO_DEBUG_MATCH)
+ if (pw != NULL && *sudoers_user == '#') {
+ char *end = NULL;
+ uid_t uid = (uid_t) strtol(sudoers_user + 1, &end, 10);
+ if (end != NULL && (sudoers_user[1] != '\0' && *end == '\0')) {
+ if (uid == pw->pw_uid)
+ debug_return_bool(true);
+ }
+ }
+ debug_return_bool(strcmp(sudoers_user, user) == 0);
}
/*
@@ -794,14 +796,16 @@ userpw_matches(char *sudoers_user, char
bool
group_matches(char *sudoers_group, struct group *gr)
{
- debug_decl(group_matches, SUDO_DEBUG_MATCH)
-
- if (*sudoers_group == '#') {
- gid_t gid = (gid_t) atoi(sudoers_group + 1);
- if (gid == gr->gr_gid)
- debug_return_bool(true);
- }
- debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0);
+ debug_decl(group_matches, SUDO_DEBUG_MATCH)
+ if (*sudoers_group == '#') {
+ char *end = NULL;
+ gid_t gid = (gid_t) strtol(sudoers_group + 1, &end, 10);
+ if (end != NULL && (sudoers_group[1] != '\0' && *end == '\0')) {
+ if (gid == gr->gr_gid)
+ debug_return_bool(true);
+ }
+ }
+ debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0);
}
/*

20
sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.8.16
Release: 4%{?dist}
Version: 1.8.17p1
Release: 1%{?dist}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@ -28,12 +28,6 @@ BuildRequires: zlib-devel
Patch1: sudo-1.6.7p5-strip.patch
# Patch to read ldap.conf more closely to nss_ldap
Patch2: sudo-1.8.14p1-ldapconfpatch.patch
# Patch makes changes in documentation bz:1162070
Patch3: sudo-1.8.14p1-docpassexpire.patch
# Patch initialize variable before executing sudo_strsplit
Patch4: sudo-1.8.14p3-initialization.patch
# 1328735 - Weird sudo issue that seems to be selinux related
Patch5: sudo-1.8.16-seshargsfix.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@ -60,9 +54,6 @@ plugins that use %{name}.
%patch1 -p1 -b .strip
%patch2 -p1 -b .ldapconfpatch
%patch3 -p1 -b .docpassexpire
%patch4 -p1 -b .initialization
%patch5 -p1 -b .seshargsfix
%build
# Remove bundled copy of zlib
@ -108,6 +99,7 @@ make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` s
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
@ -163,6 +155,7 @@ rm -rf $RPM_BUILD_ROOT
%config(noreplace) /etc/pam.d/sudo-i
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
%dir /var/db/sudo
%dir /var/db/sudo/lectured
%attr(4111,root,root) %{_bindir}/sudo
%{_bindir}/sudoedit
%attr(0111,root,root) %{_bindir}/sudoreplay
@ -201,6 +194,11 @@ rm -rf $RPM_BUILD_ROOT
%{_libexecdir}/sudo/libsudo_util.so
%changelog
* Fri Jun 24 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.17p1-1
- update to 1.8.17p1
- install the /var/db/sudo/lectured
Resolves: rhbz#1321414
* Tue May 31 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-4
- removed INPUTRC from env_keep to prevent a possible info leak
Resolves: rhbz#1340701