rpms/sudo
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
236 Commits 34 Branches 140 Tags 518 KiB
f37-riscv64
Commit Graph

214 Commits

Author SHA1 Message Date
Fedora Release Engineering
41ef6145c0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-02-09 17:52:13 +00:00
Colin Walters
29adaddcb8 Drop legacy %post chmod /etc/sudoers 
The RPM permissions have been set at `0440` for a long, long time.  This
`%post` invocation dates beyond the import from CVS in 2004.  Further,
this change will actually *undo* local admin changes to use e.g. `0600`
or something if they want to harden it further.

This is similar to: https://src.fedoraproject.org/rpms/nfs-utils/pull-request/1
I'm just making this change as it shows up as error spew when doing
`rpm-ostree compose tree`.
 2017-12-14 10:38:30 -05:00
Radovan Sroka
ddbf4e5ddd
Update to 1.8.22b1 
- Added /usr/local/sbin and /usr/local/bin to secure path
  rhbz#1166185
 2017-12-14 12:08:51 +01:00
Marek Tamaskovic
0c12737f71 Update to sudo-1.8.21p2 
Fix changelog
 2017-10-04 12:03:18 +02:00
Matthew Miller
3e6b39b185 Replace file-based requirements with package-level ones: 
- /etc/pam.d/system-auth to 'pam'
- /bin/chmod to 'coreutils' (bug #1488934)
- /usr/bin/vi to vim-minimal
- ... and make vim-minimal "recommends" instead of "requires", because
  other editors can be configured.
 2017-09-06 12:53:03 -04:00
Fedora Release Engineering
185e4548ca - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 08:56:24 +00:00
Fedora Release Engineering
7769b86dd9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 19:27:35 +00:00
Daniel Kopeček
e0f60ff106 update to 1.8.20p2 2017-06-01 12:33:48 +02:00
Daniel Kopeček
ababf7ba8f update to 1.8.20p1 
fixes CVE-2017-1000367
  Resolves: rhbz#1456884
 2017-05-31 09:05:44 +02:00
Jiri Vymazal
e43103946c * Fri Apr 07 2017 Jiri Vymazal <jvymazal@redhat.com> - 1.8.20-0.1.b1 
- update to latest development version 1.8.20b1
- added sudo to dnf/yum protected packages
  Resolves: rhbz#1418756
 2017-04-07 16:01:56 +02:00
Tomas Sykora
e05aa772e6 update to 1.8.19p2 2017-02-13 12:49:39 +01:00
Fedora Release Engineering
4a9e2fc28e - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 14:05:57 +00:00
Daniel Kopecek
e07c54ccee update to latest development version 
- fixes CVE-2016-7076
 2016-11-08 12:46:14 +01:00
Radovan Sroka
ab266a825d "update" to 1.8.19-0.1.20160923git90e4538 
- this commit changes only version, nothing else
- we were not able to update from rc and beta versions to stable
  one in fedora rawhide
- so this is a new snapshot package which resolves it
 2016-09-23 16:21:17 +02:00
Radovan Sroka
a4bd4c5ee7 Minor update 
- fix source link
 2016-09-21 17:27:54 +02:00
Radovan Sroka
68760bc5c7 update to 1.8.18 2016-09-21 16:40:11 +02:00
Radovan Sroka
bc3371c40d update to 1.8.18rc4 2016-09-16 09:20:46 +02:00
Radovan Sroka
4884b56d12 update to 1.8.18rc2 
- dropped sudo-1.8.14p1-ldapconfpatch.patch
   upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html
 2016-09-14 15:02:53 +02:00
Radovan Sroka
3859d5ec51 update to 1.8.18b2 
- added --disable-root-mailer as configure option
  Resolves: rhbz#1324091
 2016-08-26 14:21:48 +02:00
Daniel Kopecek
932e467d11 update to 1.8.17p1 
- install the /var/db/sudo/lectured
  Resolves: rhbz#1321414
 2016-06-24 16:22:57 +02:00
Daniel Kopecek
d3ea02b0f5 removed INPUTRC from env_keep to prevent a possible info leak 
Resolves: rhbz#1340701
 2016-05-31 14:17:26 +02:00
Daniel Kopecek
ffcdc7d630 Track the default sudoers file in git 2016-05-31 12:22:54 +02:00
Daniel Kopecek
333fe38779 fixed upstream patch for rhbz#1328735 2016-05-13 11:28:06 +02:00
Daniel Kopecek
c0063cebde fixed invalid sesh argument array construction 2016-05-12 09:33:11 +02:00
Daniel Kopecek
df8acf06e9 update to 1.8.16 2016-04-05 12:52:51 +02:00
Fedora Release Engineering
8ef2445bcd - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-05 00:48:28 +00:00
Daniel Kopecek
2306938c7f update to 1.8.15 
- fixes CVE-2015-5602
 2015-11-05 09:50:31 +01:00
Radovan Sroka
2c03b0a9fd Enable upstream test suite 2015-08-24 14:18:22 +02:00
Radovan Sroka
c1ed913d71 Fix coverity scan outputs 
- add patch that resolves initialization problem before call sudo_strsplit
- add patch that resolves deadcode in visudo.c
 2015-08-24 11:50:05 +02:00
Radovan Sroka
09c50775bb Update to 1.8.14p3 2015-07-27 13:16:01 +02:00
Radovan Sroka
febf08760c update to 1.8.14p1 2015-07-21 14:59:30 +02:00
Radovan Sroka
af884a422e Add patch3 sudo.1.8.14b4-passexpire.patch that makes change in documentation about timestamp_time 
Resolves: rhbz#1162070
 2015-07-14 14:02:08 +02:00
Radovan Sroka
9047d526fd Update to 1.8.14b4 
- Add own %{_tmpfilesdir}/sudo.conf
 2015-07-13 10:01:05 +02:00
Dennis Gilmore
fb968d2c85 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-19 01:55:23 +00:00
Daniel Kopecek
200fa94028 update to 1.8.12 
- fixes CVE-2014-9680
 2015-02-18 10:32:39 +01:00
Daniel Kopecek
7719973d9b update to 1.8.11p2 
- added patch to fix upstream bug #671 -- exiting immediately
  when audit is disabled
 2014-11-03 13:23:04 +01:00
Daniel Kopecek
a5f9360d9a update to 1.8.11 
- major changes & fixes:
  - when running a command in the background, sudo will now forward
    SIGINFO to the command
  - the passwords in ldap.conf and ldap.secret may now be encoded in base64.
  - SELinux role changes are now audited. For sudoedit, we now audit
    the actual editor being run, instead of just the sudoedit command.
  - it is now possible to match an environment variable's value as well as
    its name using env_keep and env_check
  - new files created via sudoedit as a non-root user now have the proper group id
  - sudoedit now works correctly in conjunction with sudo's SELinux RBAC support
  - it is now possible to disable network interface probing in sudo.conf by
    changing the value of the probe_interfaces setting
  - when listing a user's privileges (sudo -l), the sudoers plugin will now prompt
    for the user's password even if the targetpw, rootpw or runaspw options are set.
  - the new use_netgroups sudoers option can be used to explicitly enable or disable
    netgroups support
  - visudo can now export a sudoers file in JSON format using the new -x flag
- added patch to read ldap.conf more closely to nss_ldap
- require /usr/bin/vi instead of vim-minimal
- include pam.d/system-auth in PAM session phase from pam.d/sudo
- include pam.d/sudo in PAM session phase from pam.d/sudo-i
 2014-09-30 15:45:25 +02:00
Peter Robinson
71fccff302 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-18 04:03:38 +00:00
Tom Callaway
8f687c7bef fix license handling 2014-08-05 11:04:25 -04:00
Dennis Gilmore
ed48f93a75 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-08 02:26:52 -05:00
Peter Robinson
824a03a3b1 Drop ChangeLog, we ship NEWS 2014-06-01 00:24:08 +01:00
Daniel Kopecek
cdc45918d3 Update sudoers source in the spec 2014-03-12 12:44:37 +01:00
Daniel Kopecek
fbec0ab1c9 Minor update 
- remove bundled copy of zlib before compilation
  - drop the requiretty Defaults setting from sudoers
 2014-03-12 12:29:34 +01:00
Ville Skyttä
0477581f3c Own the %{_libexecdir}/sudo dir. 2014-01-25 20:15:33 +02:00
Daniel Kopecek
8729726fc1 update to 1.8.8 
- major changes & fixes:
  - LDAP SASL support now works properly with Kerberos
  - root may no longer change its SELinux role without entering a password
  - user messages are now always displayed in the user's locale, even when
    the same message is being logged or mailed in a different locale.
  - log files created by sudo now explicitly have the group set to group
    ID 0 rather than relying on BSD group semantics
  - sudo now stores its libexec files in a sudo subdirectory instead of in
    libexec itself
  - system_group and group_file sudoers group provider plugins are now
    installed by default
  - the paths to ldap.conf and ldap.secret may now be specified as arguments
    to the sudoers plugin in the sudo.conf file
  - ...and many new features and settings. See the upstream ChangeLog for the
    full list.
- several sssd support fixes
- added patch to make uid/gid specification parsing more strict (don't accept
  an invalid number as uid/gid)
- use the _pkgdocdir macro
  (see https://fedoraproject.org/wiki/Changes/UnversionedDocdirs)
- fixed several bugs found by the clang static analyzer
- added %post dependency on chmod
 2013-10-01 00:09:16 +02:00
Dennis Gilmore
d656fea480 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-04 10:56:56 -05:00
Daniel Kopecek
392812324b update to 1.8.6p7 
- fixes CVE-2013-1775 and CVE-2013-1776
- fixed several packaging issues (thanks to ville.skytta@iki.fi)
  - build with system zlib.
  - let rpmbuild strip libexecdir/*.so.
  - own the %{_docdir}/sudo-* dir.
  - fix some rpmlint warnings (spaces vs tabs, unescaped macros).
  - fix bogus %changelog dates.
 2013-02-28 13:47:01 +01:00
Dennis Gilmore
d201380f8e - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-14 18:45:08 -06:00
Daniel Kopecek
bbce9a9922 Fixed upstream regression and removed arch specific files 
- added upstream patch for a regression
 - don't include arch specific files in the -devel subpackage
 - ship only one sample plugin in the -devel subpackage
 2012-11-12 13:17:48 +01:00
Daniel Kopecek
a9963cd1b9 update to 1.8.6p3 
- drop -pipelist patch (fixed in upstream)
 2012-09-25 12:37:55 +02:00
Daniel Kopecek
41b07d49de Update to 1.8.6 
- dropped SSSD patches as they are now part of the upstream source code
 - use the upstream version of -pipelist patch
 2012-09-06 14:41:27 +02:00
Daniel Kopecek
049d9661dd added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com) 
- re-enabled SSSD support
- removed libsss_sudo dependency
 2012-07-26 09:32:44 +02:00
Bill Nottingham
0247beae71 Flip sudoers2ldif bit after make install, since it was making it executable again. 2012-07-24 14:48:31 -04:00
Dennis Gilmore
94079dc775 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-21 16:34:41 -05:00
Daniel Kopecek
86c7e6867b update to 1.8.5 
- fixed CVE-2012-2337
- temporarily disabled SSSD support
 2012-05-17 12:51:44 +02:00
Daniel Kopecek
74fe5b93c4 Fixed a typo in the spec file 2012-02-29 10:21:41 +01:00
Daniel Kopecek
6b548c85a8 fixed problems with undefined symbols (rhbz#798517) 2012-02-29 10:20:33 +01:00
Daniel Kopecek
b27e499e8f SSSD patch update 2012-02-22 11:27:43 +01:00
Daniel Kopecek
d415988861 added SSSD support 2012-02-07 12:25:11 +01:00
Daniel Kopecek
2c51203bb4 added patch for CVE-2012-0809 2012-01-26 15:36:37 +01:00
Dennis Gilmore
6a1e504d6b - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 22:32:29 -06:00
Daniel Kopecek
0894814a99 update to 1.8.3p1 
disable output word wrapping if the output is piped
 2011-11-10 10:22:56 +01:00
Peter Robinson
911d5c1fe9 Remove execute bit from sample script in docs so we don't pull in perl 2011-09-07 09:48:26 +01:00
Daniel Kopecek
269d3c7dce rebase to 1.8.1p2 
removed .sudoi patch
fixed typo: RELPRO -> RELRO
added -devel subpackage for the sudo_plugin.h header file
use default ldap configuration files again
 2011-07-12 13:20:39 +02:00
Daniel Kopecek
c973b40001 build with RELPRO 2011-06-03 15:01:00 +02:00
Dennis Gilmore
ed2333e15c - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-09 10:29:16 -06:00
Daniel Kopecek
e5db21ffd8 bump release number 2011-01-17 11:40:57 +01:00
Daniel Kopecek
142eb81e35 Corrected sudo.spec 2011-01-17 11:39:16 +01:00
Daniel Kopecek
92c68ba926 - rebase to 1.7.4p5 
- fixed sudo-1.7.4p4-getgrouplist.patch
- fixes CVE-2011-0008, CVE-2011-0010
 2011-01-17 11:23:52 +01:00
Daniel Kopecek
d12db81253 - anybody in the wheel group has now root access (using password) (rhbz#656873) 
- sync configuration paths with the nss_ldap package (rhbz#652687)
 2010-11-30 12:16:25 +01:00
Daniel Kopecek
ecddd163e2 - added upstream patch to fix rhbz#638345 2010-09-29 10:26:02 +02:00
Daniel Kopecek
9714d256ce - added patch for #635250 
- /var/run/sudo -> /var/db/sudo in .spec
 2010-09-20 08:38:07 +02:00
Daniel Kopecek
e273750ee7 - sudo now uses /var/db/sudo for timestamps 2010-09-07 16:49:47 +02:00
dnk
520e07da9c - update to new upstream version 
- new command available: sudoreplay
- use native audit support
- corrected license field value: BSD -> ISC
 2010-09-07 16:28:31 +02:00
Daniel Kopeček
4933b8941d - added patch that fixes insufficient environment sanitization issue 
(#598154)
 2010-06-02 09:06:33 +00:00
Daniel Kopeček
ac43db5783 - update to new upstream version 
- merged .audit and .libaudit patch
- added sudoers.ldap.5* to files
 2010-04-14 13:49:58 +00:00
Daniel Kopeček
d3f6d25f13 forgot to update sources... 2010-03-01 11:59:20 +00:00
Daniel Kopeček
cd64307f4c update to new upstream version 2010-03-01 11:54:07 +00:00
Daniel Kopeček
0d6a144061 - fixed no valid sudoers sources found (#558875) 2010-02-16 22:27:13 +00:00
Daniel Kopeček
8e5b1df1b9 - audit related Makefile.in and configure.in corrections 
- added --with-audit configure option
- removed call to libtoolize
 2010-02-10 15:52:05 +00:00
Daniel Kopeček
46cc5da5fe - fixed segfault when #include directive is used in cycles (#561336) 2010-02-10 12:38:59 +00:00
Daniel Kopeček
a9a317e7d0 - Add /etc/sudoers.d dir and use it in default config (#551470). 
- Drop *.pod man page duplicates from docs.
 2010-01-12 13:17:31 +00:00
Daniel Kopeček
7a4ce764b3 - new upstream version 1.7.2p2-1 
- commented out unused aliases in sudoers to make visudo happy (#550239)
 2010-01-07 15:24:53 +00:00
Tomáš Mráz
4e2470df23 - rebuilt with new audit 2009-08-21 11:19:03 +00:00
Daniel Kopeček
ea73fb27c7 cleanup 2009-08-20 13:01:46 +00:00
Daniel Kopeček
9bc07b3b72 moved secure_path from compile-time option to sudoers file (#517428) 2009-08-20 12:38:43 +00:00
Jesse Keating
bf223ad016 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-27 04:58:19 +00:00
Daniel Kopeček
0b7f70f9e1 - moved the closefrom() call before audit_help_open() 
- epoch number sync
 2009-07-09 13:29:34 +00:00
Daniel Kopeček
6a836e9aac - updated sudo to version 1.7.1 
- fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
- reverted the value of secure-path configure option
 2009-06-22 14:27:32 +00:00
Daniel Kopeček
db5280d0ec Can't use -5, trying -6 2009-02-24 15:49:07 +00:00
Daniel Kopeček
9b190fb143 I hope this is the last commit today... 2009-02-24 15:43:30 +00:00
Daniel Kopeček
8e0d152bd4 typo 2009-02-24 15:34:40 +00:00
Daniel Kopeček
aefbd0093d - fixed building with new libtool 
- fix for incorrect handling of groups in Runas_User
- added /usr/local/sbin to secure-path
 2009-02-24 15:24:58 +00:00
Daniel Kopeček
eca3e72bb0 - build with sendmail installed 
- added /usr/local/bin to secure-path
 2009-01-13 17:09:02 +00:00
Peter Vrabec
83eef97412 spec file fix 2008-09-03 08:59:59 +00:00
Peter Vrabec
5922acb089 - adjust audit patch, do not scream when kernel is compiled without audit 
netlink support (#401201
 2008-09-02 13:56:42 +00:00
Peter Vrabec
f6d08872cc upgrade 2008-07-04 14:13:33 +00:00
Peter Vrabec
05534ca1d2 build with newer autoconf-2.62 (#449614) 2008-06-18 09:52:34 +00:00
Peter Vrabec
2981ba32e0 - compiled with secure path (#80215) 2008-05-13 12:42:02 +00:00
Peter Vrabec
e94854c079 fix path to updatedb in /etc/sudoers (#445103) 2008-05-05 11:53:04 +00:00