Compare commits
6 Commits
Author | SHA1 | Date |
---|---|---|
Marek Tamaskovic | 5c63394874 | |
Daniel Kopeček | 039140a51d | |
Daniel Kopeček | 98199dc3ed | |
Jiri Vymazal | 90a132a69b | |
Daniel Kopecek | dcf541d6dd | |
Radovan Sroka | 5cca8afb18 |
|
@ -1,2 +1,11 @@
|
|||
/sudo-1.8.16.tar.gz
|
||||
/sudo-1.8.17p1.tar.gz
|
||||
/sudo-1.8.18b2.tar.gz
|
||||
/sudo-1.8.18rc2.tar.gz
|
||||
/sudo-1.8.18rc4.tar.gz
|
||||
/sudo-1.8.18.tar.gz
|
||||
/sudo-1.8.18p1.tar.gz
|
||||
/sudo-1.8.19p2.tar.gz
|
||||
/sudo-1.8.20p1.tar.gz
|
||||
/sudo-1.8.20p2.tar.gz
|
||||
/sudo-1.8.21p2.tar.gz
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
50a840a688ceb6fa3ab24fc0adf4fa23 sudo-1.8.17p1.tar.gz
|
||||
SHA512 (sudo-1.8.21p2.tar.gz) = f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c
|
||||
|
|
|
@ -1,55 +0,0 @@
|
|||
diff -up sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.14b3/plugins/sudoers/ldap.c
|
||||
--- sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch 2015-07-07 18:51:11.000000000 +0200
|
||||
+++ sudo-1.8.14b3/plugins/sudoers/ldap.c 2015-07-09 11:03:25.686645581 +0200
|
||||
@@ -1922,6 +1922,33 @@ sudo_check_krb5_ccname(const char *ccnam
|
||||
}
|
||||
#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
|
||||
|
||||
+/*
|
||||
+ * Read a line of input, remove whole line comments and strip off leading
|
||||
+ * and trailing spaces. Returns static storage that is reused.
|
||||
+ */
|
||||
+static char *
|
||||
+sudo_ldap_parseln(fp)
|
||||
+ FILE *fp;
|
||||
+{
|
||||
+ size_t len;
|
||||
+ char *cp = NULL;
|
||||
+ static char buf[LINE_MAX];
|
||||
+
|
||||
+ if (fgets(buf, sizeof(buf), fp) != NULL) {
|
||||
+ /* Remove comments */
|
||||
+ if (*buf == '#')
|
||||
+ *buf = '\0';
|
||||
+
|
||||
+ /* Trim leading and trailing whitespace/newline */
|
||||
+ len = strlen(buf);
|
||||
+ while (len > 0 && isspace((unsigned char)buf[len - 1]))
|
||||
+ buf[--len] = '\0';
|
||||
+ for (cp = buf; isblank(*cp); cp++)
|
||||
+ continue;
|
||||
+ }
|
||||
+ return(cp);
|
||||
+}
|
||||
+
|
||||
static bool
|
||||
sudo_ldap_read_config(void)
|
||||
{
|
||||
@@ -1955,7 +1982,7 @@ sudo_ldap_read_config(void)
|
||||
if ((fp = fopen(path_ldap_conf, "r")) == NULL)
|
||||
debug_return_bool(false);
|
||||
|
||||
- while (sudo_parseln(&line, &linesize, NULL, fp) != -1) {
|
||||
+ while ((line = sudo_ldap_parseln(fp)) != NULL) {
|
||||
if (*line == '\0')
|
||||
continue; /* skip empty line */
|
||||
|
||||
@@ -1975,7 +2002,7 @@ sudo_ldap_read_config(void)
|
||||
if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global))
|
||||
sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn);
|
||||
}
|
||||
- free(line);
|
||||
+
|
||||
fclose(fp);
|
||||
|
||||
if (!ldap_conf.host) {
|
50
sudo.spec
50
sudo.spec
|
@ -1,11 +1,11 @@
|
|||
Summary: Allows restricted root access for specified users
|
||||
Name: sudo
|
||||
Version: 1.8.17p1
|
||||
Version: 1.8.21p2
|
||||
Release: 1%{?dist}
|
||||
License: ISC
|
||||
Group: Applications/System
|
||||
URL: http://www.courtesan.com/sudo/
|
||||
Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
|
||||
URL: https://www.sudo.ws/
|
||||
Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
|
||||
Source1: sudoers
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Requires: /etc/pam.d/system-auth
|
||||
|
@ -26,8 +26,6 @@ BuildRequires: zlib-devel
|
|||
|
||||
# don't strip
|
||||
Patch1: sudo-1.6.7p5-strip.patch
|
||||
# Patch to read ldap.conf more closely to nss_ldap
|
||||
Patch2: sudo-1.8.14p1-ldapconfpatch.patch
|
||||
|
||||
%description
|
||||
Sudo (superuser do) allows a system administrator to give certain
|
||||
|
@ -53,7 +51,6 @@ plugins that use %{name}.
|
|||
%setup -q
|
||||
|
||||
%patch1 -p1 -b .strip
|
||||
%patch2 -p1 -b .ldapconfpatch
|
||||
|
||||
%build
|
||||
# Remove bundled copy of zlib
|
||||
|
@ -73,6 +70,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
|||
--sbindir=%{_sbindir} \
|
||||
--libdir=%{_libdir} \
|
||||
--docdir=%{_pkgdocdir} \
|
||||
--disable-root-mailer \
|
||||
--with-logging=syslog \
|
||||
--with-logfac=authpriv \
|
||||
--with-pam \
|
||||
|
@ -102,6 +100,12 @@ install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
|
|||
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
|
||||
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
|
||||
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
|
||||
#add sudo to protected packages
|
||||
install -p -d -m 755 $RPM_BUILD_ROOT/etc/yum/protected.d/
|
||||
touch sudo.conf
|
||||
echo sudo > sudo.conf
|
||||
install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/yum/protected.d/
|
||||
rm -f sudo.conf
|
||||
|
||||
chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
|
||||
|
||||
|
@ -117,6 +121,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
|
|||
#Remove all .la files
|
||||
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
|
||||
|
||||
# Remove sudoers.dist
|
||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
|
||||
|
||||
%find_lang sudo
|
||||
%find_lang sudoers
|
||||
|
||||
|
@ -154,6 +161,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%config(noreplace) /etc/pam.d/sudo
|
||||
%config(noreplace) /etc/pam.d/sudo-i
|
||||
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
|
||||
%attr(0644,root,root) /etc/yum/protected.d/sudo.conf
|
||||
%dir /var/db/sudo
|
||||
%dir /var/db/sudo/lectured
|
||||
%attr(4111,root,root) %{_bindir}/sudo
|
||||
|
@ -168,6 +176,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
|
||||
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
|
||||
%{_libexecdir}/sudo/libsudo_util.so.?
|
||||
%{_libexecdir}/sudo/libsudo_util.so
|
||||
%{_mandir}/man5/sudoers.5*
|
||||
%{_mandir}/man5/sudoers.ldap.5*
|
||||
%{_mandir}/man5/sudo.conf.5*
|
||||
|
@ -191,9 +200,36 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%doc plugins/sample/sample_plugin.c
|
||||
%{_includedir}/sudo_plugin.h
|
||||
%{_mandir}/man8/sudo_plugin.8*
|
||||
%{_libexecdir}/sudo/libsudo_util.so
|
||||
|
||||
%changelog
|
||||
* Thu Sep 21 2017 Marek Tamaskovic <mtamasko@redhat.com> - 1.8.21p2-1
|
||||
- update to 1.8.21p2
|
||||
- Moved libsudo_util.so from the -devel sub-package to main package (1481225)
|
||||
|
||||
* Thu Jun 01 2017 Daniel Kopecek <dkopecek@redhat.com> 1.8.20p2-1
|
||||
- update to 1.8.20p2
|
||||
- added sudo to dnf/yum protected packages
|
||||
|
||||
* Wed May 31 2017 Daniel Kopecek <dkopecek@redhat.com> 1.8.20p1-1
|
||||
- update to 1.8.20p1
|
||||
- fixes CVE-2017-1000367
|
||||
Resolves: rhbz#1456884
|
||||
|
||||
* Mon Apr 03 2017 Jiri Vymazal <jvymazal@redhat.com> 1.8.19p2-1
|
||||
- update to 1.8.19p2
|
||||
- updated URL and source0 as upstream changed domain
|
||||
|
||||
* Tue Nov 08 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.18p1-1
|
||||
- update to 1.8.18p1
|
||||
- fixes CVE-2016-7076
|
||||
|
||||
* Wed Sep 21 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18-1
|
||||
- update to 1.8.18
|
||||
- dropped sudo-1.8.14p1-ldapconfpatch.patch
|
||||
upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html
|
||||
- added --disable-root-mailer as configure option
|
||||
Resolves: rhbz#1324091
|
||||
|
||||
* Fri Jun 24 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.17p1-1
|
||||
- update to 1.8.17p1
|
||||
- install the /var/db/sudo/lectured
|
||||
|
|
Loading…
Reference in New Issue