From f02ed1c65ea5e8e513344d1b251e0dcdd8188ac0 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 25 Aug 2021 11:03:18 -0400 Subject: [PATCH] enable rpmautospec (https://docs.pagure.org/Fedora-Infra.rpmautospec/) --- changelog | 833 +++++++++++++++++++++++++++++++++++++++++++++++++++++ sudo.spec | 836 +----------------------------------------------------- 2 files changed, 835 insertions(+), 834 deletions(-) create mode 100644 changelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..2345722 --- /dev/null +++ b/changelog @@ -0,0 +1,833 @@ +* Sat Aug 7 2021 Matthew Miller - 1.9.7p2-2 +- drop obsolete requirement for post script that doesn't exist anymore + (thanks @scfc) +- remove commented-out lines from prior PR + +* Fri Jul 30 2021 Peter Czanik - 1.9.7p2-1 +- update to 1.9.7p2 +- follow up path change in strip patch +- added --enable-zlib=system configure parameter, so sudo uses system zlib, + autoconf is no more needed + +* Fri Jul 23 2021 Fedora Release Engineering - 1.9.5p2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jun 04 2021 Python Maint - 1.9.5p2-2 +- Rebuilt for Python 3.10 + +* Tue Jan 26 2021 Matthew Miller - 1.9.5p2-1 +- rebase to 1.9.5p2 +Resolves: rhbz#1920611 +- fixed CVE-2021-3156 sudo: Heap buffer overflow in argument parsing +Resolves: rhbz#1920618 + +* Mon Jan 18 2021 Radovan Sroka - 1.9.5p1-1 +- rebase to 1.9.5p1 +Resolves: rhbz#1902758 +- fixed double free in sss_to_sudoers +Resolves: rhbz#1885874 +- fixed CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit +Resolves: rhbz#1915055 +- fixed CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit +Resolves: rhbz#1915054 + +* Wed Jan 13 2021 Jonathan Lebon - 1.9.3p1-2 +- split out Python modules into separate subpackage +Resolves: rhbz#1909299 + +* Mon Oct 05 2020 Radovan Sroka - 1.9.3p1-1 +- rebase to 1.9.3p1 +- enable python modules +Resolves: rhbz#1881112 + +* Tue Sep 15 2020 Radovan Sroka - 1.9.2-1 +- rebase to 1.9.2 +Resolves: rhbz#1859577 +- added logsrvd subpackage +- added openssl-devel buildrequires +Resolves: rhbz#1860653 +- fixed sudo runstatedir path +- it was generated as /sudo instead of /run/sudo +Resolves: rhbz#1868215 +- added /var/lib/snapd/snap/bin to secure_path variable +Resolves: rhbz#1691996 + +* Sat Aug 01 2020 Fedora Release Engineering - 1.9.1-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 08 2020 Attila Lakatos - 1.9.1-1 +- rebase to 1.9.1 +Resolves: rhbz#1848788 +- fix rpmlint errors +Resolves: rhbz#1817139 + +* Wed Mar 25 2020 Attila Lakatos - 1.9.0-0.1.b4 +- update to latest development version 1.9.0b4 +Resolves: rhbz#1816593 +- setrlimit(RLIMIT_CORE): Operation not permitted warning message fix +Resolves: rhbz#1773148 + +* Mon Feb 24 2020 Attila Lakatos - 1.9.0-0.1.b1 +- update to latest development version 1.9.0b1 +- added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages +Resolves: rhbz#1787823 +- Stack based buffer overflow in when pwfeedback is enabled +Resolves: rhbz#1796945 +- fixes: CVE-2019-18634 +- By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account +Resolves: rhbz#1786709 +- fixes CVE-2019-19234 +- attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user +Resolves: rhbz#1786705 +- fixes CVE-2019-19232 + +* Fri Jan 31 2020 Fedora Release Engineering - 1.8.29-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Nov 11 2019 Radovan Sroka - 1.8.29-1 +- rebase to 1.8.29 +Resolves: rhbz#1766233 + +* Tue Oct 22 2019 Radovan Sroka - 1.8.28p1-1 +- rebase to 1.8.28p1 +Resolves: rhbz#1762350 + +* Tue Oct 15 2019 Radovan Sroka - 1.8.28-1 +- rebase to 1.8.28 +Resolves: rhbz#1761533 +- set always_set_home by default +Resolves: rhbz#1728687 +- Sync sudoers options from rhel8 to fedora +Resolves: rhbz#1761781 +- CVE-2019-14287 +Resolves: rhbz#1761584 + +* Sat Jul 27 2019 Fedora Release Engineering - 1.8.27-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Mar 31 2019 Marek Tamaskovic 1.8.27-2 +- resolves rhbz#1676925 +- Removed PS1, PS2 from sudoers + +* Mon Mar 11 2019 Radovan Sroka 1.8.27-1 +- rebase sudo to 1.8.27 + +* Sun Feb 03 2019 Fedora Release Engineering - 1.8.25p1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Oct 01 2018 Radovan Sroka 1.8.25p1-1 +- rebase sudo to 1.8.25p1 + +* Mon Sep 10 2018 Radovan Sroka 1.8.25-1 +- rebase sudo to latest stawble version +- install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo (1626968) + +* Sat Jul 14 2018 Fedora Release Engineering - 1.8.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 03 2018 Matthew Miller - 1.8.23-2 +- remove defattr, as default is now sane + +* Wed May 09 2018 Daniel Kopecek - 1.8.23-1 +- update to 1.8.23 + +* Wed Apr 18 2018 Daniel Kopecek - 1.8.23-0.1.b3 +- update to 1.8.23b3 + +* Fri Feb 09 2018 Fedora Release Engineering - 1.8.22-0.2.b1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Dec 14 2017 Radovan Sroka - 1.8.22b1-1 +- update to 1.8.22b1 +- Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 + +* Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 +- update to 1.8.21p2 +- Moved libsudo_util.so from the -devel sub-package to main package (1481225) + +* Wed Sep 06 2017 Matthew Miller - 1.8.20p2-4 +- replace file-based requirements with package-level ones: +- /etc/pam.d/system-auth to 'pam' +- /bin/chmod to 'coreutils' (bug #1488934) +- /usr/bin/vi to vim-minimal +- ... and make vim-minimal "recommends" instead of "requires", because + other editors can be configured. + +* Thu Aug 03 2017 Fedora Release Engineering - 1.8.20p2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1.8.20p2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Jun 01 2017 Daniel Kopecek 1.8.20p2-1 +- update to 1.8.20p2 + +* Wed May 31 2017 Daniel Kopecek 1.8.20p1-1 +- update to 1.8.20p1 +- fixes CVE-2017-1000367 + Resolves: rhbz#1456884 + +* Fri Apr 07 2017 Jiri Vymazal - 1.8.20-0.1.b1 +- update to latest development version 1.8.20b1 +- added sudo to dnf/yum protected packages + Resolves: rhbz#1418756 + +* Mon Feb 13 2017 Tomas Sykora - 1.8.19p2-1 +- update to 1.8.19p2 + +* Sat Feb 11 2017 Fedora Release Engineering - 1.8.19-0.3.20161108git738c3cb +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Nov 08 2016 Daniel Kopecek 1.8.19-0.2.20161108git738c3cb +- update to latest development version +- fixes CVE-2016-7076 + +* Fri Sep 23 2016 Radovan Sroka 1.8.19-0.1.20160923git90e4538 +- we were not able to update from rc and beta versions to stable one +- so this is a new snapshot package which resolves it + +* Wed Sep 21 2016 Radovan Sroka 1.8.18-1 +- update to 1.8.18 + +* Fri Sep 16 2016 Radovan Sroka 1.8.18rc4-1 +- update to 1.8.18rc4 + +* Wed Sep 14 2016 Radovan Sroka 1.8.18rc2-1 +- update to 1.8.18rc2 +- dropped sudo-1.8.14p1-ldapconfpatch.patch + upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html + +* Fri Aug 26 2016 Radovan Sroka 1.8.18b2-1 +- update to 1.8.18b2 +- added --disable-root-mailer as configure option + Resolves: rhbz#1324091 + +* Fri Jun 24 2016 Daniel Kopecek 1.8.17p1-1 +- update to 1.8.17p1 +- install the /var/db/sudo/lectured + Resolves: rhbz#1321414 + +* Tue May 31 2016 Daniel Kopecek 1.8.16-4 +- removed INPUTRC from env_keep to prevent a possible info leak + Resolves: rhbz#1340701 + +* Fri May 13 2016 Daniel Kopecek 1.8.16-3 +- fixed upstream patch for rhbz#1328735 + +* Thu May 12 2016 Daniel Kopecek 1.8.16-2 +- fixed invalid sesh argument array construction + +* Mon Apr 04 2016 Daniel Kopecek 1.8.16-1 +- update to 1.8.16 + +* Fri Feb 05 2016 Fedora Release Engineering - 1.8.15-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Nov 5 2015 Daniel Kopecek 1.8.15-1 +- update to 1.8.15 +- fixes CVE-2015-5602 + +* Mon Aug 24 2015 Radovan Sroka 1.8.14p3-3 +- enable upstream test suite + +* Mon Aug 24 2015 Radovan Sroka 1.8.14p3-2 +- add patch that resolves initialization problem before sudo_strsplit call +- add patch that resolves deadcode in visudo.c +- add patch that removes extra while in visudo.c and sudoers.c + +* Mon Jul 27 2015 Radovan Sroka 1.8.14p3-1 +- update to 1.8.14p3 + +* Mon Jul 20 2015 Radovan Sroka 1.8.14p1-1 +- update to 1.8.14p1-1 +- rebase sudo-1.8.14b3-ldapconfpatch.patch -> sudo-1.8.14p1-ldapconfpatch.patch +- rebase sudo-1.8.14b4-docpassexpire.patch -> sudo-1.8.14p1-docpassexpire.patch + +* Tue Jul 14 2015 Radovan Sroka 1.8.12-2 +- add patch3 sudo.1.8.14b4-passexpire.patch that makes change in documentation about timestamp_time +- Resolves: rhbz#1162070 + +* Fri Jul 10 2015 Radovan Sroka - 1.8.14b4-1 +- Update to 1.8.14b4 +- Add own %%{_tmpfilesdir}/sudo.conf + +* Fri Jun 19 2015 Fedora Release Engineering - 1.8.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Feb 18 2015 Daniel Kopecek - 1.8.12 +- update to 1.8.12 +- fixes CVE-2014-9680 + +* Mon Nov 3 2014 Daniel Kopecek - 1.8.11p2-1 +- update to 1.8.11p2 +- added patch to fix upstream bug #671 -- exiting immediately + when audit is disabled + +* Tue Sep 30 2014 Daniel Kopecek - 1.8.11-1 +- update to 1.8.11 +- major changes & fixes: + - when running a command in the background, sudo will now forward + SIGINFO to the command + - the passwords in ldap.conf and ldap.secret may now be encoded in base64. + - SELinux role changes are now audited. For sudoedit, we now audit + the actual editor being run, instead of just the sudoedit command. + - it is now possible to match an environment variable's value as well as + its name using env_keep and env_check + - new files created via sudoedit as a non-root user now have the proper group id + - sudoedit now works correctly in conjunction with sudo's SELinux RBAC support + - it is now possible to disable network interface probing in sudo.conf by + changing the value of the probe_interfaces setting + - when listing a user's privileges (sudo -l), the sudoers plugin will now prompt + for the user's password even if the targetpw, rootpw or runaspw options are set. + - the new use_netgroups sudoers option can be used to explicitly enable or disable + netgroups support + - visudo can now export a sudoers file in JSON format using the new -x flag +- added patch to read ldap.conf more closely to nss_ldap +- require /usr/bin/vi instead of vim-minimal +- include pam.d/system-auth in PAM session phase from pam.d/sudo +- include pam.d/sudo in PAM session phase from pam.d/sudo-i + +* Tue Aug 5 2014 Tom Callaway - 1.8.8-6 +- fix license handling + +* Sun Jun 08 2014 Fedora Release Engineering - 1.8.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat May 31 2014 Peter Robinson 1.8.8-4 +- Drop ChangeLog, we ship NEWS + +* Mon Mar 10 2014 Daniel Kopecek - 1.8.8-3 +- remove bundled copy of zlib before compilation +- drop the requiretty Defaults setting from sudoers + +* Sat Jan 25 2014 Ville Skyttä - 1.8.8-2 +- Own the %%{_libexecdir}/sudo dir. + +* Mon Sep 30 2013 Daniel Kopecek - 1.8.8-1 +- update to 1.8.8 +- major changes & fixes: + - LDAP SASL support now works properly with Kerberos + - root may no longer change its SELinux role without entering a password + - user messages are now always displayed in the user's locale, even when + the same message is being logged or mailed in a different locale. + - log files created by sudo now explicitly have the group set to group + ID 0 rather than relying on BSD group semantics + - sudo now stores its libexec files in a sudo subdirectory instead of in + libexec itself + - system_group and group_file sudoers group provider plugins are now + installed by default + - the paths to ldap.conf and ldap.secret may now be specified as arguments + to the sudoers plugin in the sudo.conf file + - ...and many new features and settings. See the upstream ChangeLog for the + full list. +- several sssd support fixes +- added patch to make uid/gid specification parsing more strict (don't accept + an invalid number as uid/gid) +- use the _pkgdocdir macro + (see https://fedoraproject.org/wiki/Changes/UnversionedDocdirs) +- fixed several bugs found by the clang static analyzer +- added %%post dependency on chmod + +* Sun Aug 04 2013 Fedora Release Engineering - 1.8.6p7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 28 2013 Daniel Kopecek - 1.8.6p7-1 +- update to 1.8.6p7 +- fixes CVE-2013-1775 and CVE-2013-1776 +- fixed several packaging issues (thanks to ville.skytta@iki.fi) + - build with system zlib. + - let rpmbuild strip libexecdir/*.so. + - own the %%{_docdir}/sudo-* dir. + - fix some rpmlint warnings (spaces vs tabs, unescaped macros). + - fix bogus %%changelog dates. + +* Fri Feb 15 2013 Fedora Release Engineering - 1.8.6p3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 12 2012 Daniel Kopecek - 1.8.6p3-2 +- added upstream patch for a regression +- don't include arch specific files in the -devel subpackage +- ship only one sample plugin in the -devel subpackage + +* Tue Sep 25 2012 Daniel Kopecek - 1.8.6p3-1 +- update to 1.8.6p3 +- drop -pipelist patch (fixed in upstream) + +* Thu Sep 6 2012 Daniel Kopecek - 1.8.6-1 +- update to 1.8.6 + +* Thu Jul 26 2012 Daniel Kopecek - 1.8.5-4 +- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com) +- re-enabled SSSD support +- removed libsss_sudo dependency + +* Tue Jul 24 2012 Bill Nottingham - 1.8.5-3 +- flip sudoers2ldif executable bit after make install, not in setup + +* Sat Jul 21 2012 Fedora Release Engineering - 1.8.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu May 17 2012 Daniel Kopecek - 1.8.5-1 +- update to 1.8.5 +- fixed CVE-2012-2337 +- temporarily disabled SSSD support + +* Wed Feb 29 2012 Daniel Kopecek - 1.8.3p1-6 +- fixed problems with undefined symbols (rhbz#798517) + +* Wed Feb 22 2012 Daniel Kopecek - 1.8.3p1-5 +- SSSD patch update + +* Tue Feb 7 2012 Daniel Kopecek - 1.8.3p1-4 +- added SSSD support + +* Thu Jan 26 2012 Daniel Kopecek - 1.8.3p1-3 +- added patch for CVE-2012-0809 + +* Sat Jan 14 2012 Fedora Release Engineering - 1.8.3p1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Nov 10 2011 Daniel Kopecek - 1.8.3p1-1 +- update to 1.8.3p1 +- disable output word wrapping if the output is piped + +* Wed Sep 7 2011 Peter Robinson - 1.8.1p2-2 +- Remove execute bit from sample script in docs so we don't pull in perl + +* Tue Jul 12 2011 Daniel Kopecek - 1.8.1p2-1 +- rebase to 1.8.1p2 +- removed .sudoi patch +- fixed typo: RELPRO -> RELRO +- added -devel subpackage for the sudo_plugin.h header file +- use default ldap configuration files again + +* Fri Jun 3 2011 Daniel Kopecek - 1.7.4p5-4 +- build with RELRO + +* Wed Feb 09 2011 Fedora Release Engineering - 1.7.4p5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 17 2011 Daniel Kopecek - 1.7.4p5-2 +- rebase to 1.7.4p5 +- fixed sudo-1.7.4p4-getgrouplist.patch +- fixes CVE-2011-0008, CVE-2011-0010 + +* Tue Nov 30 2010 Daniel Kopecek - 1.7.4p4-5 +- anybody in the wheel group has now root access (using password) (rhbz#656873) +- sync configuration paths with the nss_ldap package (rhbz#652687) + +* Wed Sep 29 2010 Daniel Kopecek - 1.7.4p4-4 +- added upstream patch to fix rhbz#638345 + +* Mon Sep 20 2010 Daniel Kopecek - 1.7.4p4-3 +- added patch for #635250 +- /var/run/sudo -> /var/db/sudo in .spec + +* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-2 +- sudo now uses /var/db/sudo for timestamps + +* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-1 +- update to new upstream version +- new command available: sudoreplay +- use native audit support +- corrected license field value: BSD -> ISC + +* Wed Jun 2 2010 Daniel Kopecek - 1.7.2p6-2 +- added patch that fixes insufficient environment sanitization issue (#598154) + +* Wed Apr 14 2010 Daniel Kopecek - 1.7.2p6-1 +- update to new upstream version +- merged .audit and .libaudit patch +- added sudoers.ldap.5* to files + +* Mon Mar 1 2010 Daniel Kopecek - 1.7.2p5-2 +- update to new upstream version + +* Tue Feb 16 2010 Daniel Kopecek - 1.7.2p2-5 +- fixed no valid sudoers sources found (#558875) + +* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-4 +- audit related Makefile.in and configure.in corrections +- added --with-audit configure option +- removed call to libtoolize + +* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-3 +- fixed segfault when #include directive is used in cycles (#561336) + +* Fri Jan 8 2010 Ville Skyttä - 1.7.2p2-2 +- Add /etc/sudoers.d dir and use it in default config (#551470). +- Drop *.pod man page duplicates from docs. + +* Thu Jan 07 2010 Daniel Kopecek - 1.7.2p2-1 +- new upstream version 1.7.2p2-1 +- commented out unused aliases in sudoers to make visudo happy (#550239) + +* Fri Aug 21 2009 Tomas Mraz - 1.7.1-7 +- rebuilt with new audit + +* Thu Aug 20 2009 Daniel Kopecek 1.7.1-6 +- moved secure_path from compile-time option to sudoers file (#517428) + +* Sun Jul 26 2009 Fedora Release Engineering - 1.7.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jul 09 2009 Daniel Kopecek 1.7.1-4 +- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch) +- epoch number sync + +* Mon Jun 22 2009 Daniel Kopecek 1.7.1-1 +- updated sudo to version 1.7.1 +- fixed small bug in configure.in (sudo-1.7.1-conffix.patch) + +* Tue Feb 24 2009 Daniel Kopecek 1.6.9p17-6 +- fixed building with new libtool +- fix for incorrect handling of groups in Runas_User +- added /usr/local/sbin to secure-path + +* Tue Jan 13 2009 Daniel Kopecek 1.6.9p17-3 +- build with sendmail installed +- Added /usr/local/bin to secure-path + +* Tue Sep 02 2008 Peter Vrabec 1.6.9p17-2 +- adjust audit patch, do not scream when kernel is + compiled without audit netlink support (#401201) + +* Fri Jul 04 2008 Peter Vrabec 1.6.9p17-1 +- upgrade + +* Wed Jun 18 2008 Peter Vrabec 1.6.9p13-7 +- build with newer autoconf-2.62 (#449614) + +* Tue May 13 2008 Peter Vrabec 1.6.9p13-6 +- compiled with secure path (#80215) + +* Mon May 05 2008 Peter Vrabec 1.6.9p13-5 +- fix path to updatedb in /etc/sudoers (#445103) + +* Mon Mar 31 2008 Peter Vrabec 1.6.9p13-4 +- include ldap files in rpm package (#439506) + +* Thu Mar 13 2008 Peter Vrabec 1.6.9p13-3 +- include [sudo] in password prompt (#437092) + +* Tue Mar 04 2008 Peter Vrabec 1.6.9p13-2 +- audit support improvement + +* Thu Feb 21 2008 Peter Vrabec 1.6.9p13-1 +- upgrade to the latest upstream release + +* Wed Feb 06 2008 Peter Vrabec 1.6.9p12-1 +- upgrade to the latest upstream release +- add selinux support + +* Mon Feb 04 2008 Dennis Gilmore 1.6.9p4-6 +- sparc64 needs to be in the -fPIE list with s390 + +* Mon Jan 07 2008 Peter Vrabec 1.6.9p4-5 +- fix complains about audit_log_user_command(): Connection + refused (#401201) + +* Wed Dec 05 2007 Release Engineering - 1.6.9p4-4 +- Rebuild for deps + +* Wed Dec 05 2007 Release Engineering - 1.6.9p4-3 +- Rebuild for openssl bump + +* Thu Aug 30 2007 Peter Vrabec 1.6.9p4-2 +- fix autotools stuff and add audit support + +* Mon Aug 20 2007 Peter Vrabec 1.6.9p4-1 +- upgrade to upstream release + +* Thu Apr 12 2007 Peter Vrabec 1.6.8p12-14 +- also use getgrouplist() to determine group membership (#235915) + +* Mon Feb 26 2007 Peter Vrabec 1.6.8p12-13 +- fix some spec file issues + +* Thu Dec 14 2006 Peter Vrabec 1.6.8p12-12 +- fix rpmlint issue + +* Thu Oct 26 2006 Peter Vrabec 1.6.8p12-11 +- fix typo in sudoers file (#212308) + +* Sun Oct 01 2006 Jesse Keating - 1.6.8p12-10 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Thu Sep 21 2006 Peter Vrabec 1.6.8p12-9 +- fix sudoers file, X apps didn't work (#206320) + +* Tue Aug 08 2006 Peter Vrabec 1.6.8p12-8 +- use Red Hat specific default sudoers file + +* Sun Jul 16 2006 Karel Zak 1.6.8p12-7 +- fix #198755 - make login processes (sudo -i) initialise session keyring + (thanks for PAM config files to David Howells) +- add IPv6 support (patch by Milan Zazrivec) + +* Wed Jul 12 2006 Jesse Keating - 1.6.8p12-6.1 +- rebuild + +* Mon May 29 2006 Karel Zak 1.6.8p12-6 +- fix #190062 - "ssh localhost sudo su" will show the password in clear + +* Tue May 23 2006 Karel Zak 1.6.8p12-5 +- add LDAP support (#170848) + +* Fri Feb 10 2006 Jesse Keating - 1.6.8p12-4.1 +- bump again for double-long bug on ppc(64) + +* Wed Feb 8 2006 Karel Zak 1.6.8p12-4 +- reset env. by default + +* Tue Feb 07 2006 Jesse Keating - 1.6.8p12-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Jan 23 2006 Dan Walsh 1.6.8p12-3 +- Remove selinux patch. It has been decided that the SELinux patch for sudo is +- no longer necessary. In tageted policy it had no effect. In strict/MLS policy +- We require the person using sudo to execute newrole before using sudo. + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri Nov 25 2005 Karel Zak 1.6.8p12-1 +- new upstream version 1.6.8p12 + +* Tue Nov 8 2005 Karel Zak 1.6.8p11-1 +- new upstream version 1.6.8p11 + +* Thu Oct 13 2005 Tomas Mraz 1.6.8p9-6 +- use include instead of pam_stack in pam config + +* Tue Oct 11 2005 Karel Zak 1.6.8p9-5 +- enable interfaces in selinux patch +- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch + +* Mon Sep 19 2005 Karel Zak 1.6.8p9-4 +- fix debuginfo + +* Mon Sep 19 2005 Karel Zak 1.6.8p9-3 +- fix #162623 - sesh hangs when child suspends + +* Mon Aug 1 2005 Dan Walsh 1.6.8p9-2 +- Add back in interfaces call, SELinux has been fixed to work around + +* Tue Jun 21 2005 Karel Zak 1.6.8p9-1 +- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution) + +* Tue May 24 2005 Karel Zak 1.6.8p8-2 +- fix #154511 - sudo does not use limits.conf + +* Mon Apr 4 2005 Thomas Woerner 1.6.8p8-1 +- new version 1.6.8p8: new sudoedit and sudo_noexec + +* Wed Feb 9 2005 Thomas Woerner 1.6.7p5-31 +- rebuild + +* Mon Oct 4 2004 Thomas Woerner 1.6.7p5-30.1 +- added missing BuildRequires for libselinux-devel (#132883) + +* Wed Sep 29 2004 Dan Walsh 1.6.7p5-30 +- Fix missing param error in sesh + +* Mon Sep 27 2004 Dan Walsh 1.6.7p5-29 +- Remove full patch check from sesh + +* Thu Jul 8 2004 Dan Walsh 1.6.7p5-28 +- Fix selinux patch to switch to root user + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Apr 13 2004 Dan Walsh 1.6.7p5-26 +- Eliminate tty handling from selinux + +* Thu Apr 1 2004 Thomas Woerner 1.6.7p5-25 +- fixed spec file: sesh in file section with selinux flag (#119682) + +* Tue Mar 30 2004 Colin Walters 1.6.7p5-24 +- Enhance sesh.c to fork/exec children itself, to avoid + having sudo reap all domains. +- Only reinstall default signal handlers immediately before + exec of child with SELinux patch + +* Thu Mar 18 2004 Dan Walsh 1.6.7p5-23 +- change to default to sysadm_r +- Fix tty handling + +* Thu Mar 18 2004 Dan Walsh 1.6.7p5-22 +- Add /bin/sesh to run selinux code. +- replace /bin/bash -c with /bin/sesh + +* Tue Mar 16 2004 Dan Walsh 1.6.7p5-21 +- Hard code to use "/bin/bash -c" for selinux + +* Tue Mar 16 2004 Dan Walsh 1.6.7p5-20 +- Eliminate closing and reopening of terminals, to match su. + +* Mon Mar 15 2004 Dan Walsh 1.6.7p5-19 +- SELinux fixes to make transitions work properly + +* Fri Mar 5 2004 Thomas Woerner 1.6.7p5-18 +- pied sudo + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Tue Jan 27 2004 Dan Walsh 1.6.7p5-16 +- Eliminate interfaces call, since this requires big SELinux privs +- and it seems to be useless. + +* Tue Jan 27 2004 Karsten Hopp 1.6.7p5-15 +- visudo requires vim-minimal or setting EDITOR to something useful (#68605) + +* Mon Jan 26 2004 Dan Walsh 1.6.7p5-14 +- Fix is_selinux_enabled call + +* Tue Jan 13 2004 Dan Walsh 1.6.7p5-13 +- Clean up patch on failure + +* Tue Jan 6 2004 Dan Walsh 1.6.7p5-12 +- Remove sudo.te for now. + +* Fri Jan 2 2004 Dan Walsh 1.6.7p5-11 +- Fix usage message + +* Mon Dec 22 2003 Dan Walsh 1.6.7p5-10 +- Clean up sudo.te to not blow up if pam.te not present + +* Thu Dec 18 2003 Thomas Woerner +- added missing BuildRequires for groff + +* Tue Dec 16 2003 Jeremy Katz 1.6.7p5-9 +- remove left-over debugging code + +* Tue Dec 16 2003 Dan Walsh 1.6.7p5-8 +- Fix terminal handling that caused Sudo to exit on non selinux machines. + +* Mon Dec 15 2003 Dan Walsh 1.6.7p5-7 +- Remove sudo_var_run_t which is now pam_var_run_t + +* Fri Dec 12 2003 Dan Walsh 1.6.7p5-6 +- Fix terminal handling and policy + +* Thu Dec 11 2003 Dan Walsh 1.6.7p5-5 +- Fix policy + +* Thu Nov 13 2003 Dan Walsh 1.6.7p5-4.sel +- Turn on SELinux support + +* Tue Jul 29 2003 Dan Walsh 1.6.7p5-3 +- Add support for SELinux + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Mon May 19 2003 Thomas Woerner 1.6.7p5-1 + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Nov 12 2002 Nalin Dahyabhai 1.6.6-2 +- remove absolute path names from the PAM configuration, ensuring that the + right modules get used for whichever arch we're built for +- don't try to install the FAQ, which isn't there any more + +* Thu Jun 27 2002 Bill Nottingham 1.6.6-1 +- update to 1.6.6 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Thu Apr 18 2002 Bernhard Rosenkraenzer 1.6.5p2-2 +- Fix bug #63768 + +* Thu Mar 14 2002 Bernhard Rosenkraenzer 1.6.5p2-1 +- 1.6.5p2 + +* Fri Jan 18 2002 Bernhard Rosenkraenzer 1.6.5p1-1 +- 1.6.5p1 +- Hope this "a new release per day" madness stops ;) + +* Thu Jan 17 2002 Bernhard Rosenkraenzer 1.6.5-1 +- 1.6.5 + +* Tue Jan 15 2002 Bernhard Rosenkraenzer 1.6.4p1-1 +- 1.6.4p1 + +* Mon Jan 14 2002 Bernhard Rosenkraenzer 1.6.4-1 +- Update to 1.6.4 + +* Mon Jul 23 2001 Bernhard Rosenkraenzer 1.6.3p7-2 +- Add build requirements (#49706) +- s/Copyright/License/ +- bzip2 source + +* Sat Jun 16 2001 Than Ngo +- update to 1.6.3p7 +- use %%{_tmppath} + +* Fri Feb 23 2001 Bernhard Rosenkraenzer +- 1.6.3p6, fixes buffer overrun + +* Tue Oct 10 2000 Bernhard Rosenkraenzer +- 1.6.3p5 + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Tue Jun 06 2000 Karsten Hopp +- fixed owner of sudo and visudo + +* Thu Jun 1 2000 Nalin Dahyabhai +- modify PAM setup to use system-auth +- clean up buildrooting by using the makeinstall macro + +* Tue Apr 11 2000 Bernhard Rosenkraenzer +- initial build in main distrib +- update to 1.6.3 +- deal with compressed man pages + +* Tue Dec 14 1999 Preston Brown +- updated to 1.6.1 for Powertools 6.2 +- config files are now noreplace. + +* Thu Jul 22 1999 Tim Powers +- updated to 1.5.9p2 for Powertools 6.1 + +* Wed May 12 1999 Bill Nottingham +- sudo is configured with pam. There's no pam.d file. Oops. + +* Mon Apr 26 1999 Preston Brown +- upgraded to 1.59p1 for powertools 6.0 + +* Tue Oct 27 1998 Preston Brown +- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) + +* Thu Oct 08 1998 Michael Maher +- built package for 5.2 + +* Mon May 18 1998 Michael Maher +- updated SPEC file + +* Thu Jan 29 1998 Otto Hammersmith +- updated to 1.5.4 + +* Tue Nov 18 1997 Otto Hammersmith +- built for glibc, no problems + +* Fri Apr 25 1997 Michael Fulbright +- Fixed for 4.2 PowerTools +- Still need to be pamified +- Still need to move stmp file to /var/log + +* Mon Feb 17 1997 Michael Fulbright +- First version for PowerCD. diff --git a/sudo.spec b/sudo.spec index d2e2cd9..762cc13 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.7p2 -Release: 2%{?dist} +Release: %autorelease License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}.tar.gz @@ -229,836 +229,4 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog -* Sat Aug 7 2021 Matthew Miller - 1.9.7p2-2 -- drop obsolete requirement for post script that doesn't exist anymore - (thanks @scfc) -- remove commented-out lines from prior PR - -* Fri Jul 30 2021 Peter Czanik - 1.9.7p2-1 -- update to 1.9.7p2 -- follow up path change in strip patch -- added --enable-zlib=system configure parameter, so sudo uses system zlib, - autoconf is no more needed - -* Fri Jul 23 2021 Fedora Release Engineering - 1.9.5p2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Fri Jun 04 2021 Python Maint - 1.9.5p2-2 -- Rebuilt for Python 3.10 - -* Tue Jan 26 2021 Matthew Miller - 1.9.5p2-1 -- rebase to 1.9.5p2 -Resolves: rhbz#1920611 -- fixed CVE-2021-3156 sudo: Heap buffer overflow in argument parsing -Resolves: rhbz#1920618 - -* Mon Jan 18 2021 Radovan Sroka - 1.9.5p1-1 -- rebase to 1.9.5p1 -Resolves: rhbz#1902758 -- fixed double free in sss_to_sudoers -Resolves: rhbz#1885874 -- fixed CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit -Resolves: rhbz#1915055 -- fixed CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit -Resolves: rhbz#1915054 - -* Wed Jan 13 2021 Jonathan Lebon - 1.9.3p1-2 -- split out Python modules into separate subpackage -Resolves: rhbz#1909299 - -* Mon Oct 05 2020 Radovan Sroka - 1.9.3p1-1 -- rebase to 1.9.3p1 -- enable python modules -Resolves: rhbz#1881112 - -* Tue Sep 15 2020 Radovan Sroka - 1.9.2-1 -- rebase to 1.9.2 -Resolves: rhbz#1859577 -- added logsrvd subpackage -- added openssl-devel buildrequires -Resolves: rhbz#1860653 -- fixed sudo runstatedir path -- it was generated as /sudo instead of /run/sudo -Resolves: rhbz#1868215 -- added /var/lib/snapd/snap/bin to secure_path variable -Resolves: rhbz#1691996 - -* Sat Aug 01 2020 Fedora Release Engineering - 1.9.1-3 -- Second attempt - Rebuilt for - https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 29 2020 Fedora Release Engineering - 1.9.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 08 2020 Attila Lakatos - 1.9.1-1 -- rebase to 1.9.1 -Resolves: rhbz#1848788 -- fix rpmlint errors -Resolves: rhbz#1817139 - -* Wed Mar 25 2020 Attila Lakatos - 1.9.0-0.1.b4 -- update to latest development version 1.9.0b4 -Resolves: rhbz#1816593 -- setrlimit(RLIMIT_CORE): Operation not permitted warning message fix -Resolves: rhbz#1773148 - -* Mon Feb 24 2020 Attila Lakatos - 1.9.0-0.1.b1 -- update to latest development version 1.9.0b1 -- added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages -Resolves: rhbz#1787823 -- Stack based buffer overflow in when pwfeedback is enabled -Resolves: rhbz#1796945 -- fixes: CVE-2019-18634 -- By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account -Resolves: rhbz#1786709 -- fixes CVE-2019-19234 -- attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user -Resolves: rhbz#1786705 -- fixes CVE-2019-19232 - -* Fri Jan 31 2020 Fedora Release Engineering - 1.8.29-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Mon Nov 11 2019 Radovan Sroka - 1.8.29-1 -- rebase to 1.8.29 -Resolves: rhbz#1766233 - -* Tue Oct 22 2019 Radovan Sroka - 1.8.28p1-1 -- rebase to 1.8.28p1 -Resolves: rhbz#1762350 - -* Tue Oct 15 2019 Radovan Sroka - 1.8.28-1 -- rebase to 1.8.28 -Resolves: rhbz#1761533 -- set always_set_home by default -Resolves: rhbz#1728687 -- Sync sudoers options from rhel8 to fedora -Resolves: rhbz#1761781 -- CVE-2019-14287 -Resolves: rhbz#1761584 - -* Sat Jul 27 2019 Fedora Release Engineering - 1.8.27-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Sun Mar 31 2019 Marek Tamaskovic 1.8.27-2 -- resolves rhbz#1676925 -- Removed PS1, PS2 from sudoers - -* Mon Mar 11 2019 Radovan Sroka 1.8.27-1 -- rebase sudo to 1.8.27 - -* Sun Feb 03 2019 Fedora Release Engineering - 1.8.25p1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Oct 01 2018 Radovan Sroka 1.8.25p1-1 -- rebase sudo to 1.8.25p1 - -* Mon Sep 10 2018 Radovan Sroka 1.8.25-1 -- rebase sudo to latest stawble version -- install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo (1626968) - -* Sat Jul 14 2018 Fedora Release Engineering - 1.8.23-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jul 03 2018 Matthew Miller - 1.8.23-2 -- remove defattr, as default is now sane - -* Wed May 09 2018 Daniel Kopecek - 1.8.23-1 -- update to 1.8.23 - -* Wed Apr 18 2018 Daniel Kopecek - 1.8.23-0.1.b3 -- update to 1.8.23b3 - -* Fri Feb 09 2018 Fedora Release Engineering - 1.8.22-0.2.b1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Dec 14 2017 Radovan Sroka - 1.8.22b1-1 -- update to 1.8.22b1 -- Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 - -* Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 -- update to 1.8.21p2 -- Moved libsudo_util.so from the -devel sub-package to main package (1481225) - -* Wed Sep 06 2017 Matthew Miller - 1.8.20p2-4 -- replace file-based requirements with package-level ones: -- /etc/pam.d/system-auth to 'pam' -- /bin/chmod to 'coreutils' (bug #1488934) -- /usr/bin/vi to vim-minimal -- ... and make vim-minimal "recommends" instead of "requires", because - other editors can be configured. - -* Thu Aug 03 2017 Fedora Release Engineering - 1.8.20p2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Thu Jul 27 2017 Fedora Release Engineering - 1.8.20p2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Thu Jun 01 2017 Daniel Kopecek 1.8.20p2-1 -- update to 1.8.20p2 - -* Wed May 31 2017 Daniel Kopecek 1.8.20p1-1 -- update to 1.8.20p1 -- fixes CVE-2017-1000367 - Resolves: rhbz#1456884 - -* Fri Apr 07 2017 Jiri Vymazal - 1.8.20-0.1.b1 -- update to latest development version 1.8.20b1 -- added sudo to dnf/yum protected packages - Resolves: rhbz#1418756 - -* Mon Feb 13 2017 Tomas Sykora - 1.8.19p2-1 -- update to 1.8.19p2 - -* Sat Feb 11 2017 Fedora Release Engineering - 1.8.19-0.3.20161108git738c3cb -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Tue Nov 08 2016 Daniel Kopecek 1.8.19-0.2.20161108git738c3cb -- update to latest development version -- fixes CVE-2016-7076 - -* Fri Sep 23 2016 Radovan Sroka 1.8.19-0.1.20160923git90e4538 -- we were not able to update from rc and beta versions to stable one -- so this is a new snapshot package which resolves it - -* Wed Sep 21 2016 Radovan Sroka 1.8.18-1 -- update to 1.8.18 - -* Fri Sep 16 2016 Radovan Sroka 1.8.18rc4-1 -- update to 1.8.18rc4 - -* Wed Sep 14 2016 Radovan Sroka 1.8.18rc2-1 -- update to 1.8.18rc2 -- dropped sudo-1.8.14p1-ldapconfpatch.patch - upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html - -* Fri Aug 26 2016 Radovan Sroka 1.8.18b2-1 -- update to 1.8.18b2 -- added --disable-root-mailer as configure option - Resolves: rhbz#1324091 - -* Fri Jun 24 2016 Daniel Kopecek 1.8.17p1-1 -- update to 1.8.17p1 -- install the /var/db/sudo/lectured - Resolves: rhbz#1321414 - -* Tue May 31 2016 Daniel Kopecek 1.8.16-4 -- removed INPUTRC from env_keep to prevent a possible info leak - Resolves: rhbz#1340701 - -* Fri May 13 2016 Daniel Kopecek 1.8.16-3 -- fixed upstream patch for rhbz#1328735 - -* Thu May 12 2016 Daniel Kopecek 1.8.16-2 -- fixed invalid sesh argument array construction - -* Mon Apr 04 2016 Daniel Kopecek 1.8.16-1 -- update to 1.8.16 - -* Fri Feb 05 2016 Fedora Release Engineering - 1.8.15-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Thu Nov 5 2015 Daniel Kopecek 1.8.15-1 -- update to 1.8.15 -- fixes CVE-2015-5602 - -* Mon Aug 24 2015 Radovan Sroka 1.8.14p3-3 -- enable upstream test suite - -* Mon Aug 24 2015 Radovan Sroka 1.8.14p3-2 -- add patch that resolves initialization problem before sudo_strsplit call -- add patch that resolves deadcode in visudo.c -- add patch that removes extra while in visudo.c and sudoers.c - -* Mon Jul 27 2015 Radovan Sroka 1.8.14p3-1 -- update to 1.8.14p3 - -* Mon Jul 20 2015 Radovan Sroka 1.8.14p1-1 -- update to 1.8.14p1-1 -- rebase sudo-1.8.14b3-ldapconfpatch.patch -> sudo-1.8.14p1-ldapconfpatch.patch -- rebase sudo-1.8.14b4-docpassexpire.patch -> sudo-1.8.14p1-docpassexpire.patch - -* Tue Jul 14 2015 Radovan Sroka 1.8.12-2 -- add patch3 sudo.1.8.14b4-passexpire.patch that makes change in documentation about timestamp_time -- Resolves: rhbz#1162070 - -* Fri Jul 10 2015 Radovan Sroka - 1.8.14b4-1 -- Update to 1.8.14b4 -- Add own %%{_tmpfilesdir}/sudo.conf - -* Fri Jun 19 2015 Fedora Release Engineering - 1.8.12-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Wed Feb 18 2015 Daniel Kopecek - 1.8.12 -- update to 1.8.12 -- fixes CVE-2014-9680 - -* Mon Nov 3 2014 Daniel Kopecek - 1.8.11p2-1 -- update to 1.8.11p2 -- added patch to fix upstream bug #671 -- exiting immediately - when audit is disabled - -* Tue Sep 30 2014 Daniel Kopecek - 1.8.11-1 -- update to 1.8.11 -- major changes & fixes: - - when running a command in the background, sudo will now forward - SIGINFO to the command - - the passwords in ldap.conf and ldap.secret may now be encoded in base64. - - SELinux role changes are now audited. For sudoedit, we now audit - the actual editor being run, instead of just the sudoedit command. - - it is now possible to match an environment variable's value as well as - its name using env_keep and env_check - - new files created via sudoedit as a non-root user now have the proper group id - - sudoedit now works correctly in conjunction with sudo's SELinux RBAC support - - it is now possible to disable network interface probing in sudo.conf by - changing the value of the probe_interfaces setting - - when listing a user's privileges (sudo -l), the sudoers plugin will now prompt - for the user's password even if the targetpw, rootpw or runaspw options are set. - - the new use_netgroups sudoers option can be used to explicitly enable or disable - netgroups support - - visudo can now export a sudoers file in JSON format using the new -x flag -- added patch to read ldap.conf more closely to nss_ldap -- require /usr/bin/vi instead of vim-minimal -- include pam.d/system-auth in PAM session phase from pam.d/sudo -- include pam.d/sudo in PAM session phase from pam.d/sudo-i - -* Tue Aug 5 2014 Tom Callaway - 1.8.8-6 -- fix license handling - -* Sun Jun 08 2014 Fedora Release Engineering - 1.8.8-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Sat May 31 2014 Peter Robinson 1.8.8-4 -- Drop ChangeLog, we ship NEWS - -* Mon Mar 10 2014 Daniel Kopecek - 1.8.8-3 -- remove bundled copy of zlib before compilation -- drop the requiretty Defaults setting from sudoers - -* Sat Jan 25 2014 Ville Skyttä - 1.8.8-2 -- Own the %%{_libexecdir}/sudo dir. - -* Mon Sep 30 2013 Daniel Kopecek - 1.8.8-1 -- update to 1.8.8 -- major changes & fixes: - - LDAP SASL support now works properly with Kerberos - - root may no longer change its SELinux role without entering a password - - user messages are now always displayed in the user's locale, even when - the same message is being logged or mailed in a different locale. - - log files created by sudo now explicitly have the group set to group - ID 0 rather than relying on BSD group semantics - - sudo now stores its libexec files in a sudo subdirectory instead of in - libexec itself - - system_group and group_file sudoers group provider plugins are now - installed by default - - the paths to ldap.conf and ldap.secret may now be specified as arguments - to the sudoers plugin in the sudo.conf file - - ...and many new features and settings. See the upstream ChangeLog for the - full list. -- several sssd support fixes -- added patch to make uid/gid specification parsing more strict (don't accept - an invalid number as uid/gid) -- use the _pkgdocdir macro - (see https://fedoraproject.org/wiki/Changes/UnversionedDocdirs) -- fixed several bugs found by the clang static analyzer -- added %%post dependency on chmod - -* Sun Aug 04 2013 Fedora Release Engineering - 1.8.6p7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Thu Feb 28 2013 Daniel Kopecek - 1.8.6p7-1 -- update to 1.8.6p7 -- fixes CVE-2013-1775 and CVE-2013-1776 -- fixed several packaging issues (thanks to ville.skytta@iki.fi) - - build with system zlib. - - let rpmbuild strip libexecdir/*.so. - - own the %%{_docdir}/sudo-* dir. - - fix some rpmlint warnings (spaces vs tabs, unescaped macros). - - fix bogus %%changelog dates. - -* Fri Feb 15 2013 Fedora Release Engineering - 1.8.6p3-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Mon Nov 12 2012 Daniel Kopecek - 1.8.6p3-2 -- added upstream patch for a regression -- don't include arch specific files in the -devel subpackage -- ship only one sample plugin in the -devel subpackage - -* Tue Sep 25 2012 Daniel Kopecek - 1.8.6p3-1 -- update to 1.8.6p3 -- drop -pipelist patch (fixed in upstream) - -* Thu Sep 6 2012 Daniel Kopecek - 1.8.6-1 -- update to 1.8.6 - -* Thu Jul 26 2012 Daniel Kopecek - 1.8.5-4 -- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com) -- re-enabled SSSD support -- removed libsss_sudo dependency - -* Tue Jul 24 2012 Bill Nottingham - 1.8.5-3 -- flip sudoers2ldif executable bit after make install, not in setup - -* Sat Jul 21 2012 Fedora Release Engineering - 1.8.5-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu May 17 2012 Daniel Kopecek - 1.8.5-1 -- update to 1.8.5 -- fixed CVE-2012-2337 -- temporarily disabled SSSD support - -* Wed Feb 29 2012 Daniel Kopecek - 1.8.3p1-6 -- fixed problems with undefined symbols (rhbz#798517) - -* Wed Feb 22 2012 Daniel Kopecek - 1.8.3p1-5 -- SSSD patch update - -* Tue Feb 7 2012 Daniel Kopecek - 1.8.3p1-4 -- added SSSD support - -* Thu Jan 26 2012 Daniel Kopecek - 1.8.3p1-3 -- added patch for CVE-2012-0809 - -* Sat Jan 14 2012 Fedora Release Engineering - 1.8.3p1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Thu Nov 10 2011 Daniel Kopecek - 1.8.3p1-1 -- update to 1.8.3p1 -- disable output word wrapping if the output is piped - -* Wed Sep 7 2011 Peter Robinson - 1.8.1p2-2 -- Remove execute bit from sample script in docs so we don't pull in perl - -* Tue Jul 12 2011 Daniel Kopecek - 1.8.1p2-1 -- rebase to 1.8.1p2 -- removed .sudoi patch -- fixed typo: RELPRO -> RELRO -- added -devel subpackage for the sudo_plugin.h header file -- use default ldap configuration files again - -* Fri Jun 3 2011 Daniel Kopecek - 1.7.4p5-4 -- build with RELRO - -* Wed Feb 09 2011 Fedora Release Engineering - 1.7.4p5-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Mon Jan 17 2011 Daniel Kopecek - 1.7.4p5-2 -- rebase to 1.7.4p5 -- fixed sudo-1.7.4p4-getgrouplist.patch -- fixes CVE-2011-0008, CVE-2011-0010 - -* Tue Nov 30 2010 Daniel Kopecek - 1.7.4p4-5 -- anybody in the wheel group has now root access (using password) (rhbz#656873) -- sync configuration paths with the nss_ldap package (rhbz#652687) - -* Wed Sep 29 2010 Daniel Kopecek - 1.7.4p4-4 -- added upstream patch to fix rhbz#638345 - -* Mon Sep 20 2010 Daniel Kopecek - 1.7.4p4-3 -- added patch for #635250 -- /var/run/sudo -> /var/db/sudo in .spec - -* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-2 -- sudo now uses /var/db/sudo for timestamps - -* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-1 -- update to new upstream version -- new command available: sudoreplay -- use native audit support -- corrected license field value: BSD -> ISC - -* Wed Jun 2 2010 Daniel Kopecek - 1.7.2p6-2 -- added patch that fixes insufficient environment sanitization issue (#598154) - -* Wed Apr 14 2010 Daniel Kopecek - 1.7.2p6-1 -- update to new upstream version -- merged .audit and .libaudit patch -- added sudoers.ldap.5* to files - -* Mon Mar 1 2010 Daniel Kopecek - 1.7.2p5-2 -- update to new upstream version - -* Tue Feb 16 2010 Daniel Kopecek - 1.7.2p2-5 -- fixed no valid sudoers sources found (#558875) - -* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-4 -- audit related Makefile.in and configure.in corrections -- added --with-audit configure option -- removed call to libtoolize - -* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-3 -- fixed segfault when #include directive is used in cycles (#561336) - -* Fri Jan 8 2010 Ville Skyttä - 1.7.2p2-2 -- Add /etc/sudoers.d dir and use it in default config (#551470). -- Drop *.pod man page duplicates from docs. - -* Thu Jan 07 2010 Daniel Kopecek - 1.7.2p2-1 -- new upstream version 1.7.2p2-1 -- commented out unused aliases in sudoers to make visudo happy (#550239) - -* Fri Aug 21 2009 Tomas Mraz - 1.7.1-7 -- rebuilt with new audit - -* Thu Aug 20 2009 Daniel Kopecek 1.7.1-6 -- moved secure_path from compile-time option to sudoers file (#517428) - -* Sun Jul 26 2009 Fedora Release Engineering - 1.7.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Thu Jul 09 2009 Daniel Kopecek 1.7.1-4 -- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch) -- epoch number sync - -* Mon Jun 22 2009 Daniel Kopecek 1.7.1-1 -- updated sudo to version 1.7.1 -- fixed small bug in configure.in (sudo-1.7.1-conffix.patch) - -* Tue Feb 24 2009 Daniel Kopecek 1.6.9p17-6 -- fixed building with new libtool -- fix for incorrect handling of groups in Runas_User -- added /usr/local/sbin to secure-path - -* Tue Jan 13 2009 Daniel Kopecek 1.6.9p17-3 -- build with sendmail installed -- Added /usr/local/bin to secure-path - -* Tue Sep 02 2008 Peter Vrabec 1.6.9p17-2 -- adjust audit patch, do not scream when kernel is - compiled without audit netlink support (#401201) - -* Fri Jul 04 2008 Peter Vrabec 1.6.9p17-1 -- upgrade - -* Wed Jun 18 2008 Peter Vrabec 1.6.9p13-7 -- build with newer autoconf-2.62 (#449614) - -* Tue May 13 2008 Peter Vrabec 1.6.9p13-6 -- compiled with secure path (#80215) - -* Mon May 05 2008 Peter Vrabec 1.6.9p13-5 -- fix path to updatedb in /etc/sudoers (#445103) - -* Mon Mar 31 2008 Peter Vrabec 1.6.9p13-4 -- include ldap files in rpm package (#439506) - -* Thu Mar 13 2008 Peter Vrabec 1.6.9p13-3 -- include [sudo] in password prompt (#437092) - -* Tue Mar 04 2008 Peter Vrabec 1.6.9p13-2 -- audit support improvement - -* Thu Feb 21 2008 Peter Vrabec 1.6.9p13-1 -- upgrade to the latest upstream release - -* Wed Feb 06 2008 Peter Vrabec 1.6.9p12-1 -- upgrade to the latest upstream release -- add selinux support - -* Mon Feb 04 2008 Dennis Gilmore 1.6.9p4-6 -- sparc64 needs to be in the -fPIE list with s390 - -* Mon Jan 07 2008 Peter Vrabec 1.6.9p4-5 -- fix complains about audit_log_user_command(): Connection - refused (#401201) - -* Wed Dec 05 2007 Release Engineering - 1.6.9p4-4 -- Rebuild for deps - -* Wed Dec 05 2007 Release Engineering - 1.6.9p4-3 -- Rebuild for openssl bump - -* Thu Aug 30 2007 Peter Vrabec 1.6.9p4-2 -- fix autotools stuff and add audit support - -* Mon Aug 20 2007 Peter Vrabec 1.6.9p4-1 -- upgrade to upstream release - -* Thu Apr 12 2007 Peter Vrabec 1.6.8p12-14 -- also use getgrouplist() to determine group membership (#235915) - -* Mon Feb 26 2007 Peter Vrabec 1.6.8p12-13 -- fix some spec file issues - -* Thu Dec 14 2006 Peter Vrabec 1.6.8p12-12 -- fix rpmlint issue - -* Thu Oct 26 2006 Peter Vrabec 1.6.8p12-11 -- fix typo in sudoers file (#212308) - -* Sun Oct 01 2006 Jesse Keating - 1.6.8p12-10 -- rebuilt for unwind info generation, broken in gcc-4.1.1-21 - -* Thu Sep 21 2006 Peter Vrabec 1.6.8p12-9 -- fix sudoers file, X apps didn't work (#206320) - -* Tue Aug 08 2006 Peter Vrabec 1.6.8p12-8 -- use Red Hat specific default sudoers file - -* Sun Jul 16 2006 Karel Zak 1.6.8p12-7 -- fix #198755 - make login processes (sudo -i) initialise session keyring - (thanks for PAM config files to David Howells) -- add IPv6 support (patch by Milan Zazrivec) - -* Wed Jul 12 2006 Jesse Keating - 1.6.8p12-6.1 -- rebuild - -* Mon May 29 2006 Karel Zak 1.6.8p12-6 -- fix #190062 - "ssh localhost sudo su" will show the password in clear - -* Tue May 23 2006 Karel Zak 1.6.8p12-5 -- add LDAP support (#170848) - -* Fri Feb 10 2006 Jesse Keating - 1.6.8p12-4.1 -- bump again for double-long bug on ppc(64) - -* Wed Feb 8 2006 Karel Zak 1.6.8p12-4 -- reset env. by default - -* Tue Feb 07 2006 Jesse Keating - 1.6.8p12-3.1 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Mon Jan 23 2006 Dan Walsh 1.6.8p12-3 -- Remove selinux patch. It has been decided that the SELinux patch for sudo is -- no longer necessary. In tageted policy it had no effect. In strict/MLS policy -- We require the person using sudo to execute newrole before using sudo. - -* Fri Dec 09 2005 Jesse Keating -- rebuilt - -* Fri Nov 25 2005 Karel Zak 1.6.8p12-1 -- new upstream version 1.6.8p12 - -* Tue Nov 8 2005 Karel Zak 1.6.8p11-1 -- new upstream version 1.6.8p11 - -* Thu Oct 13 2005 Tomas Mraz 1.6.8p9-6 -- use include instead of pam_stack in pam config - -* Tue Oct 11 2005 Karel Zak 1.6.8p9-5 -- enable interfaces in selinux patch -- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch - -* Mon Sep 19 2005 Karel Zak 1.6.8p9-4 -- fix debuginfo - -* Mon Sep 19 2005 Karel Zak 1.6.8p9-3 -- fix #162623 - sesh hangs when child suspends - -* Mon Aug 1 2005 Dan Walsh 1.6.8p9-2 -- Add back in interfaces call, SELinux has been fixed to work around - -* Tue Jun 21 2005 Karel Zak 1.6.8p9-1 -- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution) - -* Tue May 24 2005 Karel Zak 1.6.8p8-2 -- fix #154511 - sudo does not use limits.conf - -* Mon Apr 4 2005 Thomas Woerner 1.6.8p8-1 -- new version 1.6.8p8: new sudoedit and sudo_noexec - -* Wed Feb 9 2005 Thomas Woerner 1.6.7p5-31 -- rebuild - -* Mon Oct 4 2004 Thomas Woerner 1.6.7p5-30.1 -- added missing BuildRequires for libselinux-devel (#132883) - -* Wed Sep 29 2004 Dan Walsh 1.6.7p5-30 -- Fix missing param error in sesh - -* Mon Sep 27 2004 Dan Walsh 1.6.7p5-29 -- Remove full patch check from sesh - -* Thu Jul 8 2004 Dan Walsh 1.6.7p5-28 -- Fix selinux patch to switch to root user - -* Tue Jun 15 2004 Elliot Lee -- rebuilt - -* Tue Apr 13 2004 Dan Walsh 1.6.7p5-26 -- Eliminate tty handling from selinux - -* Thu Apr 1 2004 Thomas Woerner 1.6.7p5-25 -- fixed spec file: sesh in file section with selinux flag (#119682) - -* Tue Mar 30 2004 Colin Walters 1.6.7p5-24 -- Enhance sesh.c to fork/exec children itself, to avoid - having sudo reap all domains. -- Only reinstall default signal handlers immediately before - exec of child with SELinux patch - -* Thu Mar 18 2004 Dan Walsh 1.6.7p5-23 -- change to default to sysadm_r -- Fix tty handling - -* Thu Mar 18 2004 Dan Walsh 1.6.7p5-22 -- Add /bin/sesh to run selinux code. -- replace /bin/bash -c with /bin/sesh - -* Tue Mar 16 2004 Dan Walsh 1.6.7p5-21 -- Hard code to use "/bin/bash -c" for selinux - -* Tue Mar 16 2004 Dan Walsh 1.6.7p5-20 -- Eliminate closing and reopening of terminals, to match su. - -* Mon Mar 15 2004 Dan Walsh 1.6.7p5-19 -- SELinux fixes to make transitions work properly - -* Fri Mar 5 2004 Thomas Woerner 1.6.7p5-18 -- pied sudo - -* Fri Feb 13 2004 Elliot Lee -- rebuilt - -* Tue Jan 27 2004 Dan Walsh 1.6.7p5-16 -- Eliminate interfaces call, since this requires big SELinux privs -- and it seems to be useless. - -* Tue Jan 27 2004 Karsten Hopp 1.6.7p5-15 -- visudo requires vim-minimal or setting EDITOR to something useful (#68605) - -* Mon Jan 26 2004 Dan Walsh 1.6.7p5-14 -- Fix is_selinux_enabled call - -* Tue Jan 13 2004 Dan Walsh 1.6.7p5-13 -- Clean up patch on failure - -* Tue Jan 6 2004 Dan Walsh 1.6.7p5-12 -- Remove sudo.te for now. - -* Fri Jan 2 2004 Dan Walsh 1.6.7p5-11 -- Fix usage message - -* Mon Dec 22 2003 Dan Walsh 1.6.7p5-10 -- Clean up sudo.te to not blow up if pam.te not present - -* Thu Dec 18 2003 Thomas Woerner -- added missing BuildRequires for groff - -* Tue Dec 16 2003 Jeremy Katz 1.6.7p5-9 -- remove left-over debugging code - -* Tue Dec 16 2003 Dan Walsh 1.6.7p5-8 -- Fix terminal handling that caused Sudo to exit on non selinux machines. - -* Mon Dec 15 2003 Dan Walsh 1.6.7p5-7 -- Remove sudo_var_run_t which is now pam_var_run_t - -* Fri Dec 12 2003 Dan Walsh 1.6.7p5-6 -- Fix terminal handling and policy - -* Thu Dec 11 2003 Dan Walsh 1.6.7p5-5 -- Fix policy - -* Thu Nov 13 2003 Dan Walsh 1.6.7p5-4.sel -- Turn on SELinux support - -* Tue Jul 29 2003 Dan Walsh 1.6.7p5-3 -- Add support for SELinux - -* Wed Jun 04 2003 Elliot Lee -- rebuilt - -* Mon May 19 2003 Thomas Woerner 1.6.7p5-1 - -* Wed Jan 22 2003 Tim Powers -- rebuilt - -* Tue Nov 12 2002 Nalin Dahyabhai 1.6.6-2 -- remove absolute path names from the PAM configuration, ensuring that the - right modules get used for whichever arch we're built for -- don't try to install the FAQ, which isn't there any more - -* Thu Jun 27 2002 Bill Nottingham 1.6.6-1 -- update to 1.6.6 - -* Fri Jun 21 2002 Tim Powers -- automated rebuild - -* Thu May 23 2002 Tim Powers -- automated rebuild - -* Thu Apr 18 2002 Bernhard Rosenkraenzer 1.6.5p2-2 -- Fix bug #63768 - -* Thu Mar 14 2002 Bernhard Rosenkraenzer 1.6.5p2-1 -- 1.6.5p2 - -* Fri Jan 18 2002 Bernhard Rosenkraenzer 1.6.5p1-1 -- 1.6.5p1 -- Hope this "a new release per day" madness stops ;) - -* Thu Jan 17 2002 Bernhard Rosenkraenzer 1.6.5-1 -- 1.6.5 - -* Tue Jan 15 2002 Bernhard Rosenkraenzer 1.6.4p1-1 -- 1.6.4p1 - -* Mon Jan 14 2002 Bernhard Rosenkraenzer 1.6.4-1 -- Update to 1.6.4 - -* Mon Jul 23 2001 Bernhard Rosenkraenzer 1.6.3p7-2 -- Add build requirements (#49706) -- s/Copyright/License/ -- bzip2 source - -* Sat Jun 16 2001 Than Ngo -- update to 1.6.3p7 -- use %%{_tmppath} - -* Fri Feb 23 2001 Bernhard Rosenkraenzer -- 1.6.3p6, fixes buffer overrun - -* Tue Oct 10 2000 Bernhard Rosenkraenzer -- 1.6.3p5 - -* Wed Jul 12 2000 Prospector -- automatic rebuild - -* Tue Jun 06 2000 Karsten Hopp -- fixed owner of sudo and visudo - -* Thu Jun 1 2000 Nalin Dahyabhai -- modify PAM setup to use system-auth -- clean up buildrooting by using the makeinstall macro - -* Tue Apr 11 2000 Bernhard Rosenkraenzer -- initial build in main distrib -- update to 1.6.3 -- deal with compressed man pages - -* Tue Dec 14 1999 Preston Brown -- updated to 1.6.1 for Powertools 6.2 -- config files are now noreplace. - -* Thu Jul 22 1999 Tim Powers -- updated to 1.5.9p2 for Powertools 6.1 - -* Wed May 12 1999 Bill Nottingham -- sudo is configured with pam. There's no pam.d file. Oops. - -* Mon Apr 26 1999 Preston Brown -- upgraded to 1.59p1 for powertools 6.0 - -* Tue Oct 27 1998 Preston Brown -- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) - -* Thu Oct 08 1998 Michael Maher -- built package for 5.2 - -* Mon May 18 1998 Michael Maher -- updated SPEC file - -* Thu Jan 29 1998 Otto Hammersmith -- updated to 1.5.4 - -* Tue Nov 18 1997 Otto Hammersmith -- built for glibc, no problems - -* Fri Apr 25 1997 Michael Fulbright -- Fixed for 4.2 PowerTools -- Still need to be pamified -- Still need to move stmp file to /var/log - -* Mon Feb 17 1997 Michael Fulbright -- First version for PowerCD. +%autochangelog