update to 1.8.15

- fixes CVE-2015-5602

.gitignore

@@ -15,3 +15,4 @@ sudo-1.7.2p2-sudoers
 /sudo-1.8.11.tar.gz
 /sudo-1.8.11p2.tar.gz
 /sudo-1.8.12.tar.gz
+/sudo-1.8.15.tar.gz

sources

@@ -1,2 +1,2 @@
 775b863cdff3a2ee2a26c2d53b51aff5  sudo-1.8.8-sudoers
-87558f3a55c62bc9244b19594f103ffa  sudo-1.8.12.tar.gz
+7cf6b9b76d0478a572432bed481dd7b5  sudo-1.8.15.tar.gz

sudo-1.8.14p1-ldapconfpatch.patch

@@ -1,7 +1,7 @@
-diff -up sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.11b4/plugins/sudoers/ldap.c
---- sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch	2014-07-22 22:52:34.000000000 +0200
-+++ sudo-1.8.11b4/plugins/sudoers/ldap.c	2014-09-15 11:22:11.122094452 +0200
-@@ -1550,6 +1550,33 @@ sudo_check_krb5_ccname(const char *ccnam
+diff -up sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.14b3/plugins/sudoers/ldap.c
+--- sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch	2015-07-07 18:51:11.000000000 +0200
++++ sudo-1.8.14b3/plugins/sudoers/ldap.c	2015-07-09 11:03:25.686645581 +0200
+@@ -1922,6 +1922,33 @@ sudo_check_krb5_ccname(const char *ccnam
  }
  #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
  
@@ -35,7 +35,7 @@ diff -up sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.11b4/plugin
  static bool
  sudo_ldap_read_config(void)
  {
-@@ -1575,7 +1602,7 @@ sudo_ldap_read_config(void)
+@@ -1955,7 +1982,7 @@ sudo_ldap_read_config(void)
      if ((fp = fopen(path_ldap_conf, "r")) == NULL)
  	debug_return_bool(false);
  
@@ -44,11 +44,12 @@ diff -up sudo-1.8.11b4/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.11b4/plugin
  	if (*line == '\0')
  	    continue;		/* skip empty line */
  
-@@ -1595,7 +1622,6 @@ sudo_ldap_read_config(void)
+@@ -1975,7 +2002,7 @@ sudo_ldap_read_config(void)
  	if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global))
  	    sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn);
      }
 -    free(line);
++
      fclose(fp);
  
-     if (!ldap_conf.host)
+     if (!ldap_conf.host) {

sudo.spec

@@ -1,6 +1,6 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.8.12
+Version: 1.8.15
 Release: 1%{?dist}
 License: ISC
 Group: Applications/System
@@ -27,7 +27,7 @@ BuildRequires: zlib-devel
 # don't strip
 Patch1: sudo-1.6.7p5-strip.patch
 # Patch to read ldap.conf more closely to nss_ldap
-Patch2: sudo-1.8.11b4-ldapconfpatch.patch
+Patch2: sudo-1.8.14p1-ldapconfpatch.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -110,6 +110,9 @@ rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
 # Remove examples; Examples can be found in man pages too.
 rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
 
+#Remove all .la files
+find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
+
 %find_lang sudo
 %find_lang sudoers
 
@@ -146,9 +149,10 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0750,root,root) %dir /etc/sudoers.d/
 %config(noreplace) /etc/pam.d/sudo
 %config(noreplace) /etc/pam.d/sudo-i
+%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
 %dir /var/db/sudo
 %attr(4111,root,root) %{_bindir}/sudo
-%attr(4111,root,root) %{_bindir}/sudoedit
+%{_bindir}/sudoedit
 %attr(0111,root,root) %{_bindir}/sudoreplay
 %attr(0755,root,root) %{_sbindir}/visudo
 %dir %{_libexecdir}/sudo
@@ -157,7 +161,8 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
 %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
 %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
-%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.*
+%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
+%{_libexecdir}/sudo/libsudo_util.so.?
 %{_mandir}/man5/sudoers.5*
 %{_mandir}/man5/sudoers.ldap.5*
 %{_mandir}/man5/sudo.conf.5*
@@ -182,9 +187,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_includedir}/sudo_plugin.h
 %{_mandir}/man8/sudo_plugin.8*
 %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so
-%attr(0644,root,root) %{_libexecdir}/sudo/*.la
 
 %changelog
+* Thu Nov  5 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.15-1
+- update to 1.8.15
+- fixes CVE-2015-5602
+
 * Wed Feb 18 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.12
 - update to 1.8.12
 - fixes CVE-2014-9680