Fixed upstream regression and removed arch specific files
- added upstream patch for a regression - don't include arch specific files in the -devel subpackage - ship only one sample plugin in the -devel subpackage
This commit is contained in:
parent
a9963cd1b9
commit
bbce9a9922
77
sudo-1.8.6p3-noauthwarn-regression.patch
Normal file
77
sudo-1.8.6p3-noauthwarn-regression.patch
Normal file
@ -0,0 +1,77 @@
|
||||
diff -up sudo-1.8.6p3/plugins/sudoers/audit.c.orig sudo-1.8.6p3/plugins/sudoers/audit.c
|
||||
--- sudo-1.8.6p3/plugins/sudoers/audit.c.orig 2012-11-07 13:04:55.424637797 +0100
|
||||
+++ sudo-1.8.6p3/plugins/sudoers/audit.c 2012-11-07 13:06:53.705032954 +0100
|
||||
@@ -26,6 +26,11 @@
|
||||
# include <stdlib.h>
|
||||
# endif
|
||||
#endif /* STDC_HEADERS */
|
||||
+#ifdef HAVE_STDBOOL_H
|
||||
+# include <stdbool.h>
|
||||
+#else
|
||||
+# include "compat/stdbool.h"
|
||||
+#endif /* HAVE_STDBOOL_H */
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "missing.h"
|
||||
diff -up sudo-1.8.6p3/plugins/sudoers/logging.c.orig sudo-1.8.6p3/plugins/sudoers/logging.c
|
||||
--- sudo-1.8.6p3/plugins/sudoers/logging.c.orig 2012-11-07 13:04:55.424637797 +0100
|
||||
+++ sudo-1.8.6p3/plugins/sudoers/logging.c 2012-11-07 13:06:53.705032954 +0100
|
||||
@@ -247,14 +247,20 @@ do_logfile(char *msg)
|
||||
}
|
||||
|
||||
/*
|
||||
- * Log and mail the denial message, optionally informing the user.
|
||||
+ * Log, audit and mail the denial message, optionally informing the user.
|
||||
*/
|
||||
-static void
|
||||
+void
|
||||
log_denial(int status, bool inform_user)
|
||||
{
|
||||
char *logline, *message;
|
||||
debug_decl(log_denial, SUDO_DEBUG_LOGGING)
|
||||
|
||||
+ /* Handle auditing first. */
|
||||
+ if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
|
||||
+ audit_failure(NewArgv, _("No user or host"));
|
||||
+ else
|
||||
+ audit_failure(NewArgv, _("validation failure"));
|
||||
+
|
||||
/* Set error message. */
|
||||
if (ISSET(status, FLAG_NO_USER))
|
||||
message = _("user NOT in sudoers");
|
||||
@@ -312,12 +318,6 @@ log_failure(int status, int flags)
|
||||
debug_decl(log_failure, SUDO_DEBUG_LOGGING)
|
||||
bool inform_user = true;
|
||||
|
||||
- /* Handle auditing first. */
|
||||
- if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
|
||||
- audit_failure(NewArgv, _("No user or host"));
|
||||
- else
|
||||
- audit_failure(NewArgv, _("validation failure"));
|
||||
-
|
||||
/* The user doesn't always get to see the log message (path info). */
|
||||
if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info &&
|
||||
(flags == NOT_FOUND_DOT || flags == NOT_FOUND))
|
||||
diff -up sudo-1.8.6p3/plugins/sudoers/logging.h.orig sudo-1.8.6p3/plugins/sudoers/logging.h
|
||||
--- sudo-1.8.6p3/plugins/sudoers/logging.h.orig 2012-11-07 13:04:55.425637802 +0100
|
||||
+++ sudo-1.8.6p3/plugins/sudoers/logging.h 2012-11-07 13:06:53.706032965 +0100
|
||||
@@ -56,6 +56,7 @@ void audit_success(char *exec_args[]);
|
||||
void audit_failure(char *exec_args[], char const *const fmt, ...);
|
||||
void log_allowed(int status);
|
||||
void log_auth_failure(int status, int tries);
|
||||
+void log_denial(int status, bool inform_user);
|
||||
void log_failure(int status, int flags);
|
||||
void log_error(int flags, const char *fmt, ...) __printflike(2, 3);
|
||||
void log_fatal(int flags, const char *fmt, ...) __printflike(2, 3) __attribute__((__noreturn__));
|
||||
diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.c.orig sudo-1.8.6p3/plugins/sudoers/sudoers.c
|
||||
--- sudo-1.8.6p3/plugins/sudoers/sudoers.c.orig 2012-11-07 13:04:55.425637802 +0100
|
||||
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.c 2012-11-07 13:06:53.706032965 +0100
|
||||
@@ -466,7 +466,7 @@ sudoers_policy_main(int argc, char * con
|
||||
rval = check_user(validated, sudo_mode);
|
||||
if (rval != true) {
|
||||
if (!ISSET(validated, VALIDATE_OK))
|
||||
- log_failure(validated, cmnd_status);
|
||||
+ log_denial(validated, false);
|
||||
goto done;
|
||||
}
|
||||
|
14
sudo.spec
14
sudo.spec
@ -1,7 +1,7 @@
|
||||
Summary: Allows restricted root access for specified users
|
||||
Name: sudo
|
||||
Version: 1.8.6p3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: ISC
|
||||
Group: Applications/System
|
||||
URL: http://www.courtesan.com/sudo/
|
||||
@ -25,6 +25,10 @@ BuildRequires: gettext
|
||||
Patch1: sudo-1.6.7p5-strip.patch
|
||||
# configure.in fix
|
||||
Patch2: sudo-1.7.2p1-envdebug.patch
|
||||
# Do not inform the user that the command was not permitted by the policy
|
||||
# if they do not successfully authenticate. This is a regression introduced
|
||||
# in sudo 1.8.6.
|
||||
Patch3: sudo-1.8.6p3-noauthwarn-regression.patch
|
||||
|
||||
%description
|
||||
Sudo (superuser do) allows a system administrator to give certain
|
||||
@ -51,6 +55,7 @@ plugins that use %{name}.
|
||||
|
||||
%patch1 -p1 -b .strip
|
||||
%patch2 -p1 -b .envdebug
|
||||
%patch3 -p1 -b .noauthwarn-regression
|
||||
|
||||
%build
|
||||
autoreconf -I m4 -fv --install
|
||||
@ -155,11 +160,16 @@ rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root,-)
|
||||
%doc plugins/{sample,sample_group}
|
||||
%doc plugins/sample/sample_plugin.c
|
||||
%{_includedir}/sudo_plugin.h
|
||||
%{_mandir}/man8/sudo_plugin.8*
|
||||
|
||||
%changelog
|
||||
* Mon Nov 12 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
|
||||
- added upstream patch for a regression
|
||||
- don't include arch specific files in the -devel subpackage
|
||||
- ship only one sample plugin in the -devel subpackage
|
||||
|
||||
* Tue Sep 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
|
||||
- update to 1.8.6p3
|
||||
- drop -pipelist patch (fixed in upstream)
|
||||
|
Loading…
Reference in New Issue
Block a user