update to 1.8.6p7
- fixes CVE-2013-1775 and CVE-2013-1776 - fixed several packaging issues (thanks to ville.skytta@iki.fi) - build with system zlib. - let rpmbuild strip libexecdir/*.so. - own the %{_docdir}/sudo-* dir. - fix some rpmlint warnings (spaces vs tabs, unescaped macros). - fix bogus %changelog dates.
This commit is contained in:
Daniel Kopecek
parent
d201380f8e
commit
392812324b
|
|
@ -9,3 +9,4 @@ sudo-1.7.2p2-sudoers
|
|||
/sudo-1.8.5.tar.gz
|
||||
/sudo-1.8.6.tar.gz
|
||||
/sudo-1.8.6p3.tar.gz
|
||||
/sudo-1.8.6p7.tar.gz
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1,2 +1,2 @@
|
|||
56f74aed3a7b32f2b01a34d65ac86f85 sudo-1.7.4p4-sudoers
|
||||
a7b5c39a904721956eccddd30689250f sudo-1.8.6p3.tar.gz
|
||||
126abfa2e841139e774d4c67d80f0e5b sudo-1.8.6p7.tar.gz
|
||||
|
|
|
|||
57
sudo.spec
57
sudo.spec
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Allows restricted root access for specified users
|
||||
Name: sudo
|
||||
Version: 1.8.6p3
|
||||
Release: 3%{?dist}
|
||||
Version: 1.8.6p7
|
||||
Release: 1%{?dist}
|
||||
License: ISC
|
||||
Group: Applications/System
|
||||
URL: http://www.courtesan.com/sudo/
|
||||
|
|
@ -20,15 +20,12 @@ BuildRequires: audit-libs-devel libcap-devel
|
|||
BuildRequires: libselinux-devel
|
||||
BuildRequires: sendmail
|
||||
BuildRequires: gettext
|
||||
BuildRequires: zlib-devel
|
||||
|
||||
# don't strip
|
||||
Patch1: sudo-1.6.7p5-strip.patch
|
||||
# configure.in fix
|
||||
Patch2: sudo-1.7.2p1-envdebug.patch
|
||||
# Do not inform the user that the command was not permitted by the policy
|
||||
# if they do not successfully authenticate. This is a regression introduced
|
||||
# in sudo 1.8.6.
|
||||
Patch3: sudo-1.8.6p3-noauthwarn-regression.patch
|
||||
|
||||
%description
|
||||
Sudo (superuser do) allows a system administrator to give certain
|
||||
|
|
@ -55,7 +52,6 @@ plugins that use %{name}.
|
|||
|
||||
%patch1 -p1 -b .strip
|
||||
%patch2 -p1 -b .envdebug
|
||||
%patch3 -p1 -b .noauthwarn-regression
|
||||
|
||||
%build
|
||||
autoreconf -I m4 -fv --install
|
||||
|
|
@ -72,22 +68,22 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
|||
--prefix=%{_prefix} \
|
||||
--sbindir=%{_sbindir} \
|
||||
--libdir=%{_libdir} \
|
||||
--docdir=%{_datadir}/doc/%{name}-%{version} \
|
||||
--docdir=%{_datadir}/doc/%{name}-%{version} \
|
||||
--with-logging=syslog \
|
||||
--with-logfac=authpriv \
|
||||
--with-pam \
|
||||
--with-pam-login \
|
||||
--with-pam-login \
|
||||
--with-editor=/bin/vi \
|
||||
--with-env-editor \
|
||||
--with-ignore-dot \
|
||||
--with-tty-tickets \
|
||||
--with-ldap \
|
||||
--with-selinux \
|
||||
--with-passprompt="[sudo] password for %p: " \
|
||||
--with-linux-audit \
|
||||
--with-sssd
|
||||
# --without-kerb5 \
|
||||
# --without-kerb4
|
||||
--with-selinux \
|
||||
--with-passprompt="[sudo] password for %p: " \
|
||||
--with-linux-audit \
|
||||
--with-sssd
|
||||
# --without-kerb5 \
|
||||
# --without-kerb4
|
||||
make
|
||||
|
||||
%install
|
||||
|
|
@ -99,6 +95,8 @@ install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
|
|||
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
|
||||
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
|
||||
|
||||
chmod +x $RPM_BUILD_ROOT%{_libexecdir}/*.so # for stripping, reset in %%files
|
||||
|
||||
# Remove execute permission on this script so we don't pull in perl deps
|
||||
chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
|
||||
|
||||
|
|
@ -110,7 +108,7 @@ rm sudo.lang sudoers.lang
|
|||
|
||||
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
|
||||
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
|
||||
#%PAM-1.0
|
||||
#%%PAM-1.0
|
||||
auth include system-auth
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
|
|
@ -119,7 +117,7 @@ session required pam_limits.so
|
|||
EOF
|
||||
|
||||
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
|
||||
#%PAM-1.0
|
||||
#%%PAM-1.0
|
||||
auth include sudo
|
||||
account include sudo
|
||||
password include sudo
|
||||
|
|
@ -128,7 +126,7 @@ session required pam_limits.so
|
|||
EOF
|
||||
|
||||
|
||||
%clean
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files -f sudo_all.lang
|
||||
|
|
@ -143,14 +141,15 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%attr(0111,root,root) %{_bindir}/sudoreplay
|
||||
%attr(0755,root,root) %{_sbindir}/visudo
|
||||
%attr(0755,root,root) %{_libexecdir}/sesh
|
||||
%{_libexecdir}/sudo_noexec.*
|
||||
%{_libexecdir}/sudoers.*
|
||||
%attr(0644,root,root) %{_libexecdir}/sudo_noexec.so
|
||||
%attr(0644,root,root) %{_libexecdir}/sudoers.so
|
||||
%{_mandir}/man5/sudoers.5*
|
||||
%{_mandir}/man5/sudoers.ldap.5*
|
||||
%{_mandir}/man8/sudo.8*
|
||||
%{_mandir}/man8/sudoedit.8*
|
||||
%{_mandir}/man8/sudoreplay.8*
|
||||
%{_mandir}/man8/visudo.8*
|
||||
%dir %{_docdir}/sudo-%{version}
|
||||
%{_docdir}/sudo-%{version}/*
|
||||
|
||||
|
||||
|
|
@ -165,6 +164,16 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man8/sudo_plugin.8*
|
||||
|
||||
%changelog
|
||||
* Thu Feb 28 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-1
|
||||
- update to 1.8.6p7
|
||||
- fixes CVE-2013-1775 and CVE-2013-1776
|
||||
- fixed several packaging issues (thanks to ville.skytta@iki.fi)
|
||||
- build with system zlib.
|
||||
- let rpmbuild strip libexecdir/*.so.
|
||||
- own the %%{_docdir}/sudo-* dir.
|
||||
- fix some rpmlint warnings (spaces vs tabs, unescaped macros).
|
||||
- fix bogus %%changelog dates.
|
||||
|
||||
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.6p3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||
|
||||
|
|
@ -211,7 +220,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.3p1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Tue Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
|
||||
* Thu Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
|
||||
- update to 1.8.3p1
|
||||
- disable output word wrapping if the output is piped
|
||||
|
||||
|
|
@ -344,7 +353,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
- upgrade to the latest upstream release
|
||||
- add selinux support
|
||||
|
||||
* Mon Feb 02 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
|
||||
* Mon Feb 04 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
|
||||
- sparc64 needs to be in the -fPIE list with s390
|
||||
|
||||
* Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
|
||||
|
|
@ -470,7 +479,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
* Thu Apr 1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
|
||||
- fixed spec file: sesh in file section with selinux flag (#119682)
|
||||
|
||||
* Thu Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
|
||||
* Tue Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
|
||||
- Enhance sesh.c to fork/exec children itself, to avoid
|
||||
having sudo reap all domains.
|
||||
- Only reinstall default signal handlers immediately before
|
||||
|
|
@ -632,7 +641,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
* Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
|
||||
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
|
||||
|
||||
* Fri Oct 08 1998 Michael Maher <mike@redhat.com>
|
||||
* Thu Oct 08 1998 Michael Maher <mike@redhat.com>
|
||||
- built package for 5.2
|
||||
|
||||
* Mon May 18 1998 Michael Maher <mike@redhat.com>
|
||||
|
|
|
|||
Loading…
Reference in New Issue