rpms/sudo
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed upstream regression and removed arch specific files

Browse Source 
- added upstream patch for a regression
 - don't include arch specific files in the -devel subpackage
 - ship only one sample plugin in the -devel subpackage
This commit is contained in:
Daniel Kopecek 2012-11-12 13:16:34 +01:00
parent a9963cd1b9
commit bbce9a9922
2 changed files with 89 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
sudo-1.8.6p3-noauthwarn-regression.patch Normal file
View File

@ -0,0 +1,77 @@
diff -up sudo-1.8.6p3/plugins/sudoers/audit.c.orig sudo-1.8.6p3/plugins/sudoers/audit.c
--- sudo-1.8.6p3/plugins/sudoers/audit.c.orig 2012-11-07 13:04:55.424637797 +0100
+++ sudo-1.8.6p3/plugins/sudoers/audit.c 2012-11-07 13:06:53.705032954 +0100
@@ -26,6 +26,11 @@
# include <stdlib.h>
# endif
#endif /* STDC_HEADERS */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif /* HAVE_STDBOOL_H */
#include <stdarg.h>
#include "missing.h"
diff -up sudo-1.8.6p3/plugins/sudoers/logging.c.orig sudo-1.8.6p3/plugins/sudoers/logging.c
--- sudo-1.8.6p3/plugins/sudoers/logging.c.orig 2012-11-07 13:04:55.424637797 +0100
+++ sudo-1.8.6p3/plugins/sudoers/logging.c 2012-11-07 13:06:53.705032954 +0100
@@ -247,14 +247,20 @@ do_logfile(char *msg)
}
/*
- * Log and mail the denial message, optionally informing the user.
+ * Log, audit and mail the denial message, optionally informing the user.
*/
-static void
+void
log_denial(int status, bool inform_user)
{
char *logline, *message;
debug_decl(log_denial, SUDO_DEBUG_LOGGING)
+ /* Handle auditing first. */
+ if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
+ audit_failure(NewArgv, _("No user or host"));
+ else
+ audit_failure(NewArgv, _("validation failure"));
+
/* Set error message. */
if (ISSET(status, FLAG_NO_USER))
message = _("user NOT in sudoers");
@@ -312,12 +318,6 @@ log_failure(int status, int flags)
debug_decl(log_failure, SUDO_DEBUG_LOGGING)
bool inform_user = true;
- /* Handle auditing first. */
- if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
- audit_failure(NewArgv, _("No user or host"));
- else
- audit_failure(NewArgv, _("validation failure"));
-
/* The user doesn't always get to see the log message (path info). */
if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info &&
(flags == NOT_FOUND_DOT || flags == NOT_FOUND))
diff -up sudo-1.8.6p3/plugins/sudoers/logging.h.orig sudo-1.8.6p3/plugins/sudoers/logging.h
--- sudo-1.8.6p3/plugins/sudoers/logging.h.orig 2012-11-07 13:04:55.425637802 +0100
+++ sudo-1.8.6p3/plugins/sudoers/logging.h 2012-11-07 13:06:53.706032965 +0100
@@ -56,6 +56,7 @@ void audit_success(char *exec_args[]);
void audit_failure(char *exec_args[], char const *const fmt, ...);
void log_allowed(int status);
void log_auth_failure(int status, int tries);
+void log_denial(int status, bool inform_user);
void log_failure(int status, int flags);
void log_error(int flags, const char *fmt, ...) __printflike(2, 3);
void log_fatal(int flags, const char *fmt, ...) __printflike(2, 3) __attribute__((__noreturn__));
diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.c.orig sudo-1.8.6p3/plugins/sudoers/sudoers.c
--- sudo-1.8.6p3/plugins/sudoers/sudoers.c.orig 2012-11-07 13:04:55.425637802 +0100
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.c 2012-11-07 13:06:53.706032965 +0100
@@ -466,7 +466,7 @@ sudoers_policy_main(int argc, char * con
rval = check_user(validated, sudo_mode);
if (rval != true) {
if (!ISSET(validated, VALIDATE_OK))
- log_failure(validated, cmnd_status);
+ log_denial(validated, false);
goto done;
}

14
sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.8.6p3 Version: 1.8.6p3
Release: 1%{?dist} Release: 2%{?dist}
License: ISC License: ISC
Group: Applications/System Group: Applications/System
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
@ -25,6 +25,10 @@ BuildRequires: gettext
Patch1: sudo-1.6.7p5-strip.patch Patch1: sudo-1.6.7p5-strip.patch
# configure.in fix # configure.in fix
Patch2: sudo-1.7.2p1-envdebug.patch Patch2: sudo-1.7.2p1-envdebug.patch
# Do not inform the user that the command was not permitted by the policy
# if they do not successfully authenticate. This is a regression introduced
# in sudo 1.8.6.
Patch3: sudo-1.8.6p3-noauthwarn-regression.patch
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
@ -51,6 +55,7 @@ plugins that use %{name}.
%patch1 -p1 -b .strip %patch1 -p1 -b .strip
%patch2 -p1 -b .envdebug %patch2 -p1 -b .envdebug
%patch3 -p1 -b .noauthwarn-regression
%build %build
autoreconf -I m4 -fv --install autoreconf -I m4 -fv --install
@ -155,11 +160,16 @@ rm -rf $RPM_BUILD_ROOT
%files devel %files devel
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc plugins/{sample,sample_group} %doc plugins/sample/sample_plugin.c
%{_includedir}/sudo_plugin.h %{_includedir}/sudo_plugin.h
%{_mandir}/man8/sudo_plugin.8* %{_mandir}/man8/sudo_plugin.8*
%changelog %changelog
* Mon Nov 12 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
- added upstream patch for a regression
- don't include arch specific files in the -devel subpackage
- ship only one sample plugin in the -devel subpackage
* Tue Sep 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1 * Tue Sep 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
- update to 1.8.6p3 - update to 1.8.6p3
- drop -pipelist patch (fixed in upstream) - drop -pipelist patch (fixed in upstream)