Commit Graph

178 Commits

Author SHA1 Message Date
Colin Walters
29adaddcb8 Drop legacy %post chmod /etc/sudoers
The RPM permissions have been set at `0440` for a long, long time.  This
`%post` invocation dates beyond the import from CVS in 2004.  Further,
this change will actually *undo* local admin changes to use e.g. `0600`
or something if they want to harden it further.

This is similar to: https://src.fedoraproject.org/rpms/nfs-utils/pull-request/1
I'm just making this change as it shows up as error spew when doing
`rpm-ostree compose tree`.
2017-12-14 10:38:30 -05:00
Radovan Sroka
ddbf4e5ddd
Update to 1.8.22b1
- Added /usr/local/sbin and /usr/local/bin to secure path
  rhbz#1166185
2017-12-14 12:08:51 +01:00
Rachel Sibley
60f7afa183 Initial commit for downstream tests using standard test interface 2017-10-05 15:32:54 -04:00
Marek Tamaskovic
0c12737f71 Update to sudo-1.8.21p2
Fix changelog
2017-10-04 12:03:18 +02:00
Matthew Miller
3e6b39b185 Replace file-based requirements with package-level ones:
- /etc/pam.d/system-auth to 'pam'
- /bin/chmod to 'coreutils' (bug #1488934)
- /usr/bin/vi to vim-minimal
- ... and make vim-minimal "recommends" instead of "requires", because
  other editors can be configured.
2017-09-06 12:53:03 -04:00
Fedora Release Engineering
185e4548ca - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 08:56:24 +00:00
Fedora Release Engineering
7769b86dd9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 19:27:35 +00:00
Daniel Kopeček
e0f60ff106 update to 1.8.20p2 2017-06-01 12:33:48 +02:00
Daniel Kopeček
ababf7ba8f update to 1.8.20p1
fixes CVE-2017-1000367
  Resolves: rhbz#1456884
2017-05-31 09:05:44 +02:00
Jiri Vymazal
e43103946c * Fri Apr 07 2017 Jiri Vymazal <jvymazal@redhat.com> - 1.8.20-0.1.b1
- update to latest development version 1.8.20b1
- added sudo to dnf/yum protected packages
  Resolves: rhbz#1418756
2017-04-07 16:01:56 +02:00
Tomas Sykora
e05aa772e6 update to 1.8.19p2 2017-02-13 12:49:39 +01:00
Fedora Release Engineering
4a9e2fc28e - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 14:05:57 +00:00
Daniel Kopecek
e07c54ccee update to latest development version
- fixes CVE-2016-7076
2016-11-08 12:46:14 +01:00
Radovan Sroka
ab266a825d "update" to 1.8.19-0.1.20160923git90e4538
- this commit changes only version, nothing else
- we were not able to update from rc and beta versions to stable
  one in fedora rawhide
- so this is a new snapshot package which resolves it
2016-09-23 16:21:17 +02:00
Radovan Sroka
a4bd4c5ee7 Minor update
- fix source link
2016-09-21 17:27:54 +02:00
Radovan Sroka
68760bc5c7 update to 1.8.18 2016-09-21 16:40:11 +02:00
Radovan Sroka
bc3371c40d update to 1.8.18rc4 2016-09-16 09:20:46 +02:00
Radovan Sroka
4884b56d12 update to 1.8.18rc2
- dropped sudo-1.8.14p1-ldapconfpatch.patch
   upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html
2016-09-14 15:02:53 +02:00
Radovan Sroka
3859d5ec51 update to 1.8.18b2
- added --disable-root-mailer as configure option
  Resolves: rhbz#1324091
2016-08-26 14:21:48 +02:00
Daniel Kopecek
932e467d11 update to 1.8.17p1
- install the /var/db/sudo/lectured
  Resolves: rhbz#1321414
2016-06-24 16:22:57 +02:00
Daniel Kopecek
d3ea02b0f5 removed INPUTRC from env_keep to prevent a possible info leak
Resolves: rhbz#1340701
2016-05-31 14:17:26 +02:00
Daniel Kopecek
ffcdc7d630 Track the default sudoers file in git 2016-05-31 12:22:54 +02:00
Daniel Kopecek
333fe38779 fixed upstream patch for rhbz#1328735 2016-05-13 11:28:06 +02:00
Daniel Kopecek
c0063cebde fixed invalid sesh argument array construction 2016-05-12 09:33:11 +02:00
Daniel Kopecek
df8acf06e9 update to 1.8.16 2016-04-05 12:52:51 +02:00
Fedora Release Engineering
8ef2445bcd - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-05 00:48:28 +00:00
Daniel Kopecek
2306938c7f update to 1.8.15
- fixes CVE-2015-5602
2015-11-05 09:50:31 +01:00
Radovan Sroka
2c03b0a9fd Enable upstream test suite 2015-08-24 14:18:22 +02:00
Radovan Sroka
c1ed913d71 Fix coverity scan outputs
- add patch that resolves initialization problem before call sudo_strsplit
- add patch that resolves deadcode in visudo.c
2015-08-24 11:50:05 +02:00
Radovan Sroka
09c50775bb Update to 1.8.14p3 2015-07-27 13:16:01 +02:00
Radovan Sroka
febf08760c update to 1.8.14p1 2015-07-21 14:59:30 +02:00
Radovan Sroka
af884a422e Add patch3 sudo.1.8.14b4-passexpire.patch that makes change in documentation about timestamp_time
Resolves: rhbz#1162070
2015-07-14 14:02:08 +02:00
Radovan Sroka
9047d526fd Update to 1.8.14b4
- Add own %{_tmpfilesdir}/sudo.conf
2015-07-13 10:01:05 +02:00
Dennis Gilmore
fb968d2c85 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-19 01:55:23 +00:00
Daniel Kopecek
200fa94028 update to 1.8.12
- fixes CVE-2014-9680
2015-02-18 10:32:39 +01:00
Daniel Kopecek
7719973d9b update to 1.8.11p2
- added patch to fix upstream bug #671 -- exiting immediately
  when audit is disabled
2014-11-03 13:23:04 +01:00
Daniel Kopecek
af463d53b2 Added the sudo-1.8.11 tarball -- now for real 2014-09-30 15:57:08 +02:00
Daniel Kopecek
eb43a57277 Added the sudo-1.8.11.tar.gz tarball 2014-09-30 15:51:09 +02:00
Daniel Kopecek
a5f9360d9a update to 1.8.11
- major changes & fixes:
  - when running a command in the background, sudo will now forward
    SIGINFO to the command
  - the passwords in ldap.conf and ldap.secret may now be encoded in base64.
  - SELinux role changes are now audited. For sudoedit, we now audit
    the actual editor being run, instead of just the sudoedit command.
  - it is now possible to match an environment variable's value as well as
    its name using env_keep and env_check
  - new files created via sudoedit as a non-root user now have the proper group id
  - sudoedit now works correctly in conjunction with sudo's SELinux RBAC support
  - it is now possible to disable network interface probing in sudo.conf by
    changing the value of the probe_interfaces setting
  - when listing a user's privileges (sudo -l), the sudoers plugin will now prompt
    for the user's password even if the targetpw, rootpw or runaspw options are set.
  - the new use_netgroups sudoers option can be used to explicitly enable or disable
    netgroups support
  - visudo can now export a sudoers file in JSON format using the new -x flag
- added patch to read ldap.conf more closely to nss_ldap
- require /usr/bin/vi instead of vim-minimal
- include pam.d/system-auth in PAM session phase from pam.d/sudo
- include pam.d/sudo in PAM session phase from pam.d/sudo-i
2014-09-30 15:45:25 +02:00
Peter Robinson
71fccff302 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-18 04:03:38 +00:00
Tom Callaway
8f687c7bef fix license handling 2014-08-05 11:04:25 -04:00
Dennis Gilmore
ed48f93a75 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-08 02:26:52 -05:00
Peter Robinson
824a03a3b1 Drop ChangeLog, we ship NEWS 2014-06-01 00:24:08 +01:00
Daniel Kopecek
cdc45918d3 Update sudoers source in the spec 2014-03-12 12:44:37 +01:00
Daniel Kopecek
fbec0ab1c9 Minor update
- remove bundled copy of zlib before compilation
  - drop the requiretty Defaults setting from sudoers
2014-03-12 12:29:34 +01:00
Ville Skyttä
0477581f3c Own the %{_libexecdir}/sudo dir. 2014-01-25 20:15:33 +02:00
Daniel Kopecek
8729726fc1 update to 1.8.8
- major changes & fixes:
  - LDAP SASL support now works properly with Kerberos
  - root may no longer change its SELinux role without entering a password
  - user messages are now always displayed in the user's locale, even when
    the same message is being logged or mailed in a different locale.
  - log files created by sudo now explicitly have the group set to group
    ID 0 rather than relying on BSD group semantics
  - sudo now stores its libexec files in a sudo subdirectory instead of in
    libexec itself
  - system_group and group_file sudoers group provider plugins are now
    installed by default
  - the paths to ldap.conf and ldap.secret may now be specified as arguments
    to the sudoers plugin in the sudo.conf file
  - ...and many new features and settings. See the upstream ChangeLog for the
    full list.
- several sssd support fixes
- added patch to make uid/gid specification parsing more strict (don't accept
  an invalid number as uid/gid)
- use the _pkgdocdir macro
  (see https://fedoraproject.org/wiki/Changes/UnversionedDocdirs)
- fixed several bugs found by the clang static analyzer
- added %post dependency on chmod
2013-10-01 00:09:16 +02:00
Daniel Kopecek
42f0c7e726 Removed unused patches 2013-10-01 00:05:52 +02:00
Dennis Gilmore
d656fea480 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-04 10:56:56 -05:00
Daniel Kopecek
392812324b update to 1.8.6p7
- fixes CVE-2013-1775 and CVE-2013-1776
- fixed several packaging issues (thanks to ville.skytta@iki.fi)
  - build with system zlib.
  - let rpmbuild strip libexecdir/*.so.
  - own the %{_docdir}/sudo-* dir.
  - fix some rpmlint warnings (spaces vs tabs, unescaped macros).
  - fix bogus %changelog dates.
2013-02-28 13:47:01 +01:00