RHEL 10.0 ERRATUM

- sudo-1.9.15-2.p5.el10: RHEL SAST Automation: address 4 High impact true positive(s)
Resolves: RHEL-44436
- sudo subpackage sudo-logsrvd should not be built
Resolves: RHEL-52864

Signed-off-by: Radovan Sroka <rsroka@redhat.com>

sudo-conf.patch

@@ -0,0 +1,25 @@
+diff -up ./examples/sudo.conf.in.fix ./examples/sudo.conf.in
+--- ./examples/sudo.conf.in.fix	2024-08-20 16:32:04.223791138 +0200
++++ ./examples/sudo.conf.in	2024-08-20 16:33:02.470003955 +0200
+@@ -11,9 +11,9 @@
+ # The plugin_options are optional.
+ #
+ # The sudoers plugin is used by default if no Plugin lines are present.
+-#Plugin sudoers_policy @sudoers_plugin@
+-#Plugin sudoers_io @sudoers_plugin@
+-#Plugin sudoers_audit @sudoers_plugin@
++Plugin sudoers_policy @sudoers_plugin@
++Plugin sudoers_io @sudoers_plugin@
++Plugin sudoers_audit @sudoers_plugin@
+ 
+ #
+ # Sudo askpass:
+@@ -85,7 +85,7 @@
+ # To aid in debugging sudo problems, you may wish to enable core
+ # dumps by setting "disable_coredump" to false.
+ #
+-#Set disable_coredump false
++Set disable_coredump false
+ 
+ #
+ # User groups:

sudo.spec

@@ -33,6 +33,7 @@ BuildRequires: zlib-devel
 
 
 Patch1: coverity.patch
+Patch2: sudo-conf.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -161,13 +162,12 @@ cat sudo.lang sudoers.lang > sudo_all.lang
 rm sudo.lang sudoers.lang
 
 mkdir -p $RPM_BUILD_ROOT/etc/pam.d
+
 cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
 #%%PAM-1.0
 auth       include      system-auth
 account    include      system-auth
 password   include      system-auth
-session    optional     pam_keyinit.so revoke
-session    required     pam_limits.so
 session    include      system-auth
 EOF