From 2623be693ee9d8b78ab4bfd02737dcac58e6ffb2ffef1ef22400ba9af88a5f40 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 15 Jan 2007 23:38:14 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=1 --- .gitattributes | 23 +++ .gitignore | 1 + README.SUSE | 7 + ready | 0 sudo-1.6.8p12-__P.diff | 10 ++ sudo-1.6.8p12-conf.diff | 65 ++++++++ sudo-1.6.8p12-configure.diff | 124 ++++++++++++++++ sudo-1.6.8p12-defaults.diff | 12 ++ sudo-1.6.8p12-ldap.diff | 11 ++ sudo-1.6.8p12-prompt.diff | 42 ++++++ sudo-1.6.8p12-secure_path.diff | 32 ++++ sudo-1.6.8p12-strip.diff | 16 ++ sudo-1.6.8p12-sudoers.diff | 23 +++ sudo-1.6.8p12.pamd | 5 + sudo-1.6.8p12.tar.bz2 | 3 + sudo.changes | 262 +++++++++++++++++++++++++++++++++ sudo.spec | 234 +++++++++++++++++++++++++++++ 17 files changed, 870 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 README.SUSE create mode 100644 ready create mode 100644 sudo-1.6.8p12-__P.diff create mode 100644 sudo-1.6.8p12-conf.diff create mode 100644 sudo-1.6.8p12-configure.diff create mode 100644 sudo-1.6.8p12-defaults.diff create mode 100644 sudo-1.6.8p12-ldap.diff create mode 100644 sudo-1.6.8p12-prompt.diff create mode 100644 sudo-1.6.8p12-secure_path.diff create mode 100644 sudo-1.6.8p12-strip.diff create mode 100644 sudo-1.6.8p12-sudoers.diff create mode 100644 sudo-1.6.8p12.pamd create mode 100644 sudo-1.6.8p12.tar.bz2 create mode 100644 sudo.changes create mode 100644 sudo.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..45685a6 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,7 @@ +In the default (ie unconfigured) configuration sudo asks for root password. +This allows to use an ordinary user account for administration of a freshly +installed system. When configuring sudo, please make sure to delete the two +following lines: + +Defaults targetpw # ask for the password of the target user i.e. root +%users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/sudo-1.6.8p12-__P.diff b/sudo-1.6.8p12-__P.diff new file mode 100644 index 0000000..3888ebd --- /dev/null +++ b/sudo-1.6.8p12-__P.diff @@ -0,0 +1,10 @@ +--- compat.h ++++ compat.h +@@ -28,6 +28,7 @@ + */ + + /* Deal with ANSI stuff reasonably. */ ++#undef __P + #ifndef __P + # if defined (__cplusplus) || defined (__STDC__) + # define __P(args) args diff --git a/sudo-1.6.8p12-conf.diff b/sudo-1.6.8p12-conf.diff new file mode 100644 index 0000000..119b0c6 --- /dev/null +++ b/sudo-1.6.8p12-conf.diff @@ -0,0 +1,65 @@ +--- aclocal.m4 ++++ aclocal.m4 +@@ -224,9 +224,9 @@ + rm -f core core.* *.core])dnl + AC_MSG_RESULT($sudo_cv_func_fnmatch) + if test $sudo_cv_func_fnmatch = yes; then +- [$1] ++ $1 + else +- [$2] ++ $2 + fi + ]) + +--- configure.in ++++ configure.in +@@ -1703,9 +1703,9 @@ + AC_CHECK_FUNCS(lockf flock, [break]) + AC_CHECK_FUNCS(waitpid wait3, [break]) + AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) +-AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [LIBS="${LIBS} -lcompat"], AC_LIBOBJ(lsearch), -), AC_LIBOBJ(lsearch))]) ++AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, [AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])]) + AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) +-SUDO_FUNC_FNMATCH(AC_DEFINE(HAVE_FNMATCH), AC_LIBOBJ(fnmatch)) ++SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH, 1, [Define if you have the `fnmatch' function.])], [AC_LIBOBJ(fnmatch)]) + SUDO_FUNC_ISBLANK + AC_REPLACE_FUNCS(strerror strcasecmp sigaction strlcpy strlcat closefrom) + AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) +@@ -1739,15 +1739,15 @@ + dnl if crypt(3) not in libc, look elsewhere + dnl + if test -z "$LIB_CRYPT" -a "$with_pam" != "yes"; then +- AC_CHECK_FUNC(crypt, , [AC_CHECK_LIB(crypt, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt"; LIBS="${LIBS} -lcrypt"], AC_CHECK_LIB(crypt_d, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt_d"; LIBS="${LIBS} -lcrypt_d"], AC_CHECK_LIB(ufc, crypt, [SUDO_LIBS="${SUDO_LIBS} -lufc"; LIBS="${LIBS} -lufc"])))]) ++ AC_CHECK_FUNC(crypt, , [AC_CHECK_LIB(crypt, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt"; LIBS="${LIBS} -lcrypt"], [AC_CHECK_LIB(crypt_d, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt_d"; LIBS="${LIBS} -lcrypt_d"], [AC_CHECK_LIB(ufc, crypt, [SUDO_LIBS="${SUDO_LIBS} -lufc"; LIBS="${LIBS} -lufc"])])])]) + fi + dnl + dnl If socket(2) not in libc, check -lsocket and -linet + dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols + dnl In this case we look for main(), not socket() to avoid using a cached value + dnl +-AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) +-AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))]) ++AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], [AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], [AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) ++AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)])])]) + dnl + dnl If inet_addr(3) not in libc, check -lnsl and -linet + dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols +@@ -1757,7 +1757,7 @@ + dnl + dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet + dnl +-AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))]) ++AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], [AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], [AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])])])]) + dnl + dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc) + dnl (gcc includes its own alloca(3) but other compilers may not) +@@ -2000,7 +2000,7 @@ + AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) + fi + AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])]) +- AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) ++ AC_CHECK_LIB(skey, skeyaccess, [AC_DEFINE(HAVE_SKEYACCESS, 1, [Define if your S/Key library has skeyaccess().])]) + LDFLAGS="$O_LDFLAGS" + SUDO_LIBS="${SUDO_LIBS} -lskey" + fi diff --git a/sudo-1.6.8p12-configure.diff b/sudo-1.6.8p12-configure.diff new file mode 100644 index 0000000..e9e6745 --- /dev/null +++ b/sudo-1.6.8p12-configure.diff @@ -0,0 +1,124 @@ +--- configure.in ++++ configure.in +@@ -1281,7 +1281,7 @@ + ;; + *-*-hiuxmpp*) + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"; SECUREWARE=1])) ++ AC_CHECK_LIB(sec, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1], [AC_CHECK_LIB(security, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"; SECUREWARE=1])]) + CHECKSHADOW="false" + fi + test -n "$mansectsu" || mansectsu=1m +@@ -1324,13 +1324,13 @@ + ;; + *-*-hpux10.*) + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) AC_CHECK_LIB(sec, iscomsec, AC_DEFINE(HAVE_ISCOMSEC)) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1]) ++ AC_CHECK_LIB(sec, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) AC_CHECK_LIB(sec, iscomsec, [AC_DEFINE(HAVE_ISCOMSEC)]) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1]) + CHECKSHADOW="false" + fi + ;; + *) + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) ++ AC_CHECK_LIB(sec, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) + CHECKSHADOW="false" + fi + ;; +@@ -1422,7 +1422,7 @@ + *-*-linux*) + # Some Linux versions need to link with -lshadow + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_FUNCS(getspnam, , [AC_CHECK_LIB(shadow, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lshadow"; LIBS="${LIBS} -lshadow"])]) ++ AC_CHECK_FUNCS(getspnam, , [AC_CHECK_LIB(shadow, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lshadow"; LIBS="${LIBS} -lshadow"])]) + CHECKSHADOW="false" + fi + ;; +@@ -1433,14 +1433,14 @@ + fi + + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"; OSDEFS="${OSDEFS} -D_AUDIT -D_ACL -DSecureWare"; SECUREWARE=1]) ++ AC_CHECK_LIB(sec, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"; OSDEFS="${OSDEFS} -D_AUDIT -D_ACL -DSecureWare"; SECUREWARE=1]) + CHECKSHADOW="false" + fi + ;; + *-*-ultrix*) + OS="ultrix" + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_LIB(auth, getauthuid, AC_DEFINE(HAVE_GETAUTHUID) [SUDO_LIBS="${SUDO_LIBS} -lauth"; LIBS="${LIBS} -lauth"]) ++ AC_CHECK_LIB(auth, getauthuid, [AC_DEFINE(HAVE_GETAUTHUID) SUDO_LIBS="${SUDO_LIBS} -lauth"; LIBS="${LIBS} -lauth"]) + CHECKSHADOW="false" + fi + ;; +@@ -1458,7 +1458,7 @@ + LIBS="${LIBS} -lcrypt" + + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) ++ AC_CHECK_LIB(sec, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) + CHECKSHADOW="false" + fi + test -n "$mansectsu" || mansectsu=1m +@@ -1466,8 +1466,8 @@ + ;; + *-*-sco*|*-sco-*) + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lprot -lx"; LIBS="${LIBS} -lprot -lx"; SECUREWARE=1], , -lx) +- AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"]) ++ AC_CHECK_LIB(prot, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) SUDO_LIBS="${SUDO_LIBS} -lprot -lx"; LIBS="${LIBS} -lprot -lx"; SECUREWARE=1], , -lx) ++ AC_CHECK_LIB(gen, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"]) + CHECKSHADOW="false" + fi + test -n "$mansectsu" || mansectsu=1m +@@ -1481,7 +1481,7 @@ + ;; + *-sequent-sysv*) + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) ++ AC_CHECK_LIB(sec, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) + CHECKSHADOW="false" + fi + test -n "$mansectsu" || mansectsu=1m +@@ -1489,7 +1489,7 @@ + test -n "$with_rpath" || with_rpath=yes + ;; + *-ncr-sysv4*|*-ncr-sysvr4*) +- AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes]) ++ AC_CHECK_LIB(c89, strcasecmp, [AC_DEFINE(HAVE_STRCASECMP) LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes]) + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes +@@ -1606,10 +1606,10 @@ + dnl We check for SVR4-style first and then SecureWare-style. + dnl + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_FUNCS(getspnam, [CHECKSHADOW="false"], [AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])]) ++ AC_CHECK_FUNCS(getspnam, [CHECKSHADOW="false"], [AC_CHECK_LIB(gen, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])]) + fi + if test "$CHECKSHADOW" = "true"; then +- AC_CHECK_FUNC(getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1], AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"], AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"])))]) ++ AC_CHECK_FUNC(getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1], [AC_CHECK_LIB(sec, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"], [AC_CHECK_LIB(security, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"], [AC_CHECK_LIB(prot, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"])])])]) + fi + + dnl +@@ -1703,7 +1703,7 @@ + AC_CHECK_FUNCS(lockf flock, [break]) + AC_CHECK_FUNCS(waitpid wait3, [break]) + AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) +-AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, [AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])]) ++AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, [AC_CHECK_HEADER(search.h, [AC_DEFINE(HAVE_LSEARCH) LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])]) + AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) + SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH, 1, [Define if you have the `fnmatch' function.])], [AC_LIBOBJ(fnmatch)]) + SUDO_FUNC_ISBLANK +@@ -1752,8 +1752,8 @@ + dnl If inet_addr(3) not in libc, check -lnsl and -linet + dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols + dnl +-AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) +-AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))]) ++AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , [AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], [AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], [AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) ++AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)])])])]) + dnl + dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet + dnl diff --git a/sudo-1.6.8p12-defaults.diff b/sudo-1.6.8p12-defaults.diff new file mode 100644 index 0000000..fe61728 --- /dev/null +++ b/sudo-1.6.8p12-defaults.diff @@ -0,0 +1,12 @@ +--- defaults.c ++++ defaults.c +@@ -432,9 +432,6 @@ + #ifdef FQDN + def_fqdn = TRUE; + #endif +-#ifdef USE_INSULTS +- def_insults = TRUE; +-#endif + #ifdef ENV_EDITOR + def_env_editor = TRUE; + #endif diff --git a/sudo-1.6.8p12-ldap.diff b/sudo-1.6.8p12-ldap.diff new file mode 100644 index 0000000..9a2d3c0 --- /dev/null +++ b/sudo-1.6.8p12-ldap.diff @@ -0,0 +1,11 @@ +--- configure.in ++++ configure.in +@@ -2133,7 +2133,7 @@ + + SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}" + LIBS="$_LIBS" +- LDFLAGS="$_LDFLAGS" ++ LDFLAGS="${LDFLAGS} $_LDFLAGS" + fi + + dnl diff --git a/sudo-1.6.8p12-prompt.diff b/sudo-1.6.8p12-prompt.diff new file mode 100644 index 0000000..c93022f --- /dev/null +++ b/sudo-1.6.8p12-prompt.diff @@ -0,0 +1,42 @@ +--- check.c ++++ check.c +@@ -207,6 +207,11 @@ + len += strlen(*user_runas) - 2; + subst = 1; + break; ++ case 'p': ++ p++; ++ len += strlen(auth_pw->pw_name) - 2; ++ subst = 1; ++ break; + case '%': + p++; + len--; +@@ -252,6 +257,13 @@ + goto oflow; + np += n; + continue; ++ case 'p': ++ p++; ++ n = strlcpy(np, auth_pw->pw_name, np - endp); ++ if (n >= np - endp) ++ goto oflow; ++ np += n; ++ continue; + case '%': + /* convert %% -> % */ + p++; +--- sudoers.man.in ++++ sudoers.man.in +@@ -663,6 +663,11 @@ + .IX Item "%U" + expanded to the login name of the user the command will + be run as (defaults to root) ++.ie n .IP "%p" 8 ++.el .IP "\f(CW%p\fR" 8 ++.IX Item "%p" ++expanded to the login name of the user whose password ++is requested + .ie n .IP "%h" 8 + .el .IP "\f(CW%h\fR" 8 + .IX Item "%h" diff --git a/sudo-1.6.8p12-secure_path.diff b/sudo-1.6.8p12-secure_path.diff new file mode 100644 index 0000000..b4555c7 --- /dev/null +++ b/sudo-1.6.8p12-secure_path.diff @@ -0,0 +1,32 @@ +--- env.c ++++ env.c +@@ -487,7 +487,8 @@ + + #ifdef SECURE_PATH + /* Replace the PATH envariable with a secure one. */ +- insert_env(format_env("PATH", SECURE_PATH, VNULL), 1); ++ if (def_env_reset) ++ insert_env(format_env("PATH", SECURE_PATH, VNULL), 1); + #endif + + /* Set $USER and $LOGNAME to target if "set_logname" is true. */ +--- find_path.c ++++ find_path.c +@@ -74,7 +74,7 @@ + char *result = NULL; /* result of path/file lookup */ + int checkdot = 0; /* check current dir? */ + int len; /* length parameter */ +- ++ + if (strlen(infile) >= PATH_MAX) + errx(1, "%s: File name too long", infile); + +@@ -93,7 +93,7 @@ + + /* Use PATH passed in unless SECURE_PATH is in effect. */ + #ifdef SECURE_PATH +- if (!user_is_exempt()) ++ if (!user_is_exempt() && def_env_reset) + path = SECURE_PATH; + #endif /* SECURE_PATH */ + if (path == NULL) diff --git a/sudo-1.6.8p12-strip.diff b/sudo-1.6.8p12-strip.diff new file mode 100644 index 0000000..18bba3e --- /dev/null +++ b/sudo-1.6.8p12-strip.diff @@ -0,0 +1,16 @@ +--- Makefile.in ++++ Makefile.in +@@ -301,11 +301,11 @@ + $(DESTDIR)$(noexecdir) + + install-binaries: $(PROGS) +- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)$(sudodir)/sudo ++ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 sudo $(DESTDIR)$(sudodir)/sudo + rm -f $(DESTDIR)$(sudodir)/sudoedit + ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit + +- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo ++ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo + + install-noexec: sudo_noexec.la + $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir) diff --git a/sudo-1.6.8p12-sudoers.diff b/sudo-1.6.8p12-sudoers.diff new file mode 100644 index 0000000..3bdfeaf --- /dev/null +++ b/sudo-1.6.8p12-sudoers.diff @@ -0,0 +1,23 @@ +--- sudoers ++++ sudoers +@@ -13,6 +13,20 @@ + + # Defaults specification + ++# prevent environment variables from influencing programs in an ++# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, ++# CVE-2006-0151) ++Defaults always_set_home ++Defaults env_reset ++Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS" ++ ++# In the default (unconfigured) configuration, sudo asks for the root password. ++# This allows use of an ordinary user account for administration of a freshly ++# installed system. When configuring sudo, delete the two ++# following lines: ++Defaults targetpw # ask for the password of the target user i.e. root ++ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! ++ + # Runas alias specification + + # User privilege specification diff --git a/sudo-1.6.8p12.pamd b/sudo-1.6.8p12.pamd new file mode 100644 index 0000000..fef9dd4 --- /dev/null +++ b/sudo-1.6.8p12.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/sudo-1.6.8p12.tar.bz2 b/sudo-1.6.8p12.tar.bz2 new file mode 100644 index 0000000..a7fe573 --- /dev/null +++ b/sudo-1.6.8p12.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fc1e96c9cd7333587184538acac09db7532295ae17518e8afce7b07e267ead34 +size 424499 diff --git a/sudo.changes b/sudo.changes new file mode 100644 index 0000000..6df9942 --- /dev/null +++ b/sudo.changes @@ -0,0 +1,262 @@ +------------------------------------------------------------------- +Thu Nov 30 14:12:34 CET 2006 - prusnak@suse.cz + +- package /etc/sudoers as 0440 [Fate#300934] + +------------------------------------------------------------------- +Wed Nov 29 18:29:23 CET 2006 - prusnak@suse.cz + +- protect locale-related environment variables from resetting (sudoers.diff) [#222728] + +------------------------------------------------------------------- +Wed Oct 4 19:35:18 CEST 2006 - mjancar@suse.cz + +- enable LDAP support (#159774) + +------------------------------------------------------------------- +Wed Jun 14 16:55:52 CEST 2006 - schwab@suse.de + +- Fix quoting in configure script. + +------------------------------------------------------------------- +Wed Mar 8 15:22:15 CET 2006 - mjancar@suse.cz + +- don't limit access to local group users (#151938) + +------------------------------------------------------------------- +Fri Jan 27 09:23:26 CET 2006 - mjancar@suse.cz + +- set environment and sudo search PATH to SECURE_PATH + only when env_reset (#145687) + +------------------------------------------------------------------- +Thu Jan 26 13:28:28 CET 2006 - schwab@suse.de + +- Fix syntax error in /etc/sudoers. + +------------------------------------------------------------------- +Thu Jan 26 12:03:48 CET 2006 - mjancar@suse.cz + +- fix PATH always reset (#145687) + +------------------------------------------------------------------- +Wed Jan 25 21:41:52 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Sun Jan 15 20:40:26 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Tue Jan 10 16:31:46 CET 2006 - mjancar@suse.cz + +- fix CVE-2005-4158 (#140300) + * compile with --with-secure-path + * use always_set_home and env_reset by default +- document purpose of the default asking for root password + +------------------------------------------------------------------- +Wed Dec 21 19:55:27 CET 2005 - mjancar@suse.cz + +- update to 1.6.8p12 + +------------------------------------------------------------------- +Fri Dec 9 10:01:27 CET 2005 - ro@suse.de + +- disabled selinux + +------------------------------------------------------------------- +Tue Aug 2 20:42:18 CEST 2005 - mjancar@suse.cz + +- update to 1.6.8p9 + +------------------------------------------------------------------- +Mon Jun 20 11:50:45 CEST 2005 - anicka@suse.cz + +- build position independent binaries + +------------------------------------------------------------------- +Mon Feb 28 15:30:42 CET 2005 - ro@suse.de + +- update to 1.6.8p7 + +------------------------------------------------------------------- +Mon Nov 15 14:58:45 CET 2004 - kukuk@suse.de + +- Use common PAM config files + +------------------------------------------------------------------- +Mon Sep 13 16:00:56 CEST 2004 - ro@suse.de + +- undef __P first + +------------------------------------------------------------------- +Tue Apr 6 07:12:34 CEST 2004 - kukuk@suse.de + +- fix default permissions of sudo + +------------------------------------------------------------------- +Fri Mar 26 01:18:52 CET 2004 - ro@suse.de + +- added postfix to neededforbuild + +------------------------------------------------------------------- +Wed Feb 25 13:02:03 CET 2004 - lnussel@suse.de + +- Add comment and warning for 'Defaults targetpw' to config file + +------------------------------------------------------------------- +Thu Jan 29 15:57:53 CET 2004 - kukuk@suse.de + +- Fix sudo configuration broken by last patch + +------------------------------------------------------------------- +Wed Jan 28 10:55:29 CET 2004 - kukuk@suse.de + +- Add SELinux patch + +------------------------------------------------------------------- +Thu Jan 22 18:45:07 CET 2004 - ro@suse.de + +- package /etc/sudoers as 0640 + +------------------------------------------------------------------- +Fri Jan 16 13:26:31 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Sun Jan 11 09:29:32 CET 2004 - adrian@suse.de + +- build as user + +------------------------------------------------------------------- +Fri Nov 7 16:20:57 CET 2003 - schwab@suse.de + +- Fix quoting in configure script. + +------------------------------------------------------------------- +Wed Sep 10 11:06:04 CEST 2003 - mjancar@suse.cz + +- move the defaults to better place in /etc/sudoers (#30282) + +------------------------------------------------------------------- +Mon Aug 25 15:21:16 CEST 2003 - mjancar@suse.cz + +- update to 1.6.7p5 + * Fixed a problem with large numbers + of environment variables. +- more useful defaults (#28056) + +------------------------------------------------------------------- +Wed May 14 10:44:53 CEST 2003 - mjancar@suse.cz + +- update to version 1.6.7p4 + +------------------------------------------------------------------- +Fri Feb 7 13:49:00 CET 2003 - kukuk@suse.de + +- Use pam_unix2.so instead of pam_unix.so + +------------------------------------------------------------------- +Wed Jun 5 15:18:21 CEST 2002 - pmladek@suse.cz + +- updated to version 1.6.6 +- removed obsolete heap-overflow fix in prompt patch + +------------------------------------------------------------------- +Mon Apr 22 14:56:46 CEST 2002 - pmladek@suse.cz + +- fixed a heap-overflow (prompt patch) +- fixed prompt behaviour, %% is always translated to % (prompt patch) + +------------------------------------------------------------------- +Tue Feb 12 12:23:08 CET 2002 - pmladek@suse.cz + +- insults are really off by default now [#13134] +- sudo.pamd moved from patch to sources +- used %defattr(-,root,root) + +------------------------------------------------------------------- +Thu Jan 24 10:17:00 CET 2002 - postadal@suse.cz + +- updated to version 1.6.5p2 + +------------------------------------------------------------------- +Thu Jan 17 18:47:02 CET 2002 - pmladek@suse.cz + +- updated to version 1.6.5p1 +- removed obsolete security patch (to do not run mailer as root), + sudo runs mailer again as root but with hard-coded environment + +------------------------------------------------------------------- +Wed Jan 2 12:36:17 CET 2002 - pmladek@suse.cz + +- aplied security patch from Sebastian Krahmer + to do not run mailer as root +- NOTIFY_BY_EMAIL enabled + +------------------------------------------------------------------- +Tue Oct 30 22:58:33 CET 2001 - bjacke@suse.de + +- make /etc/sudoers (noreplace) + +------------------------------------------------------------------- +Wed Aug 15 16:17:35 CEST 2001 - pmladek@suse.cz + +- updated to version 1.6.3p7 + +------------------------------------------------------------------- +Tue Aug 14 18:05:55 CEST 2001 - ro@suse.de + +- Don't use absolute paths to PAM modules in PAM config files + +------------------------------------------------------------------- +Tue Feb 27 11:17:10 CET 2001 - pblaha@suse.cz + +- update on 1.6.3p6 for fix potential security problems + +------------------------------------------------------------------- +Mon Jun 26 17:39:24 CEST 2000 - schwab@suse.de + +- Add %suse_update_config. + +------------------------------------------------------------------- +Thu May 4 15:57:08 CEST 2000 - smid@suse.cz + +- upgrade to 1.6.3 +- buildroot added + +------------------------------------------------------------------- +Tue Apr 4 17:55:40 CEST 2000 - uli@suse.de + +- added "--with-env-editor" to configure call + +------------------------------------------------------------------- +Wed Mar 1 16:08:27 CET 2000 - schwab@suse.de + +- Specfile cleanup, remove Makefile.Linux +- /usr/man -> /usr/share/man + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Wed Jun 9 17:19:36 MEST 1999 - kukuk@suse.de + +- update to version 1.5.9p1 +- enable PAM + +---------------------------------------------------------------------------- +Wed Nov 6 00:13:26 CET 1996 - florian@suse.de + + +- update to version 1.5.2 + +- sudo has changed a lot, please check the sudo documentation + + diff --git a/sudo.spec b/sudo.spec new file mode 100644 index 0000000..aba27cd --- /dev/null +++ b/sudo.spec @@ -0,0 +1,234 @@ +# +# spec file for package sudo (Version 1.6.8p12) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: sudo +BuildRequires: openldap2-devel pam-devel postfix +Version: 1.6.8p12 +Release: 40 +Autoreqprov: on +Group: System/Base +License: BSD License and BSD-like +URL: http://www.courtesan.com/sudo +Summary: Execute some commands as root +Source0: %{name}-%{version}.tar.bz2 +Source1: %{name}-%{version}.pamd +Source2: README.SUSE +Patch0: %{name}-%{version}-defaults.diff +Patch1: %{name}-%{version}-sudoers.diff +Patch2: %{name}-%{version}-conf.diff +Patch4: %{name}-%{version}-__P.diff +Patch5: %{name}-%{version}-strip.diff +Patch6: %{name}-%{version}-prompt.diff +Patch7: %{name}-%{version}-secure_path.diff +Patch8: %{name}-%{version}-configure.diff +Patch9: %{name}-%{version}-ldap.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +Sudo is a command that allows users to execute some commands as root. +The /etc/sudoers file (edited with 'visudo') specifies which users have +access to sudo and which commands they can run. Sudo logs all its +activities to syslogd, so the system administrator can keep an eye on +things. Sudo asks for the password for initializing a check period of a +given time N (where N is defined at installation and is set to 5 +minutes by default). + + + +Authors: +-------- + Jeff Nieusma + David Hieb + Ian McCloghrie + +%prep +%setup -q +%patch0 +%patch1 +%patch2 +%patch4 +%patch5 +%patch6 +%patch7 +%patch8 +%patch9 +cp %{S:1} %{S:2} . + +%build +%{suse_update_config -f} +#autoreconf --force --install +autoconf +%ifarch s390 s390x +F_PIE=-fPIE +%else +F_PIE=-fpie +%endif +CFLAGS="$RPM_OPT_FLAGS -Wall $F_PIE -DLDAP_DEPRECATED" \ +LDFLAGS="-pie" \ + ./configure --prefix=%{_prefix} \ + --sbindir=%{_prefix}/sbin \ + --libexecdir=%{_prefix}/lib/sudo \ + --mandir=%{_mandir} \ + --with-logfac=auth \ + --with-insults \ + --with-all-insults \ + --with-ignore-dot \ + --with-tty-tickets \ + --enable-shell-sets-home \ + --with-sudoers-mode=0440 \ + --with-pam \ + --with-ldap \ + --with-env-editor \ + --with-secure-path=/usr/sbin:/bin:/usr/bin:/sbin:/usr/X11R6/bin \ + --with-passprompt="%%p's password:" +make %{?jobs:-j%jobs} + +%install +make DESTDIR=$RPM_BUILD_ROOT install +install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo +install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d +install -m 644 sudo-%{version}.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo +rm -f $RPM_BUILD_ROOT/usr/bin/sudoedit +ln -sf /usr/bin/sudo $RPM_BUILD_ROOT/usr/bin/sudoedit + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers +%config %{_sysconfdir}/pam.d/sudo +%doc BUGS CHANGES HISTORY LICENSE PORTING README RUNSON README.SUSE +%doc TODO TROUBLESHOOTING *.pod +%doc %{_mandir}/man?/* +%attr(4755,root,root) %{_bindir}/sudo +%{_bindir}/sudoedit +%{_sbindir}/* +%{_prefix}/lib/sudo +/var/run/sudo + +%changelog -n sudo +* Thu Nov 30 2006 - prusnak@suse.cz +- package /etc/sudoers as 0440 [Fate#300934] +* Wed Nov 29 2006 - prusnak@suse.cz +- protect locale-related environment variables from resetting (sudoers.diff) [#222728] +* Wed Oct 04 2006 - mjancar@suse.cz +- enable LDAP support (#159774) +* Wed Jun 14 2006 - schwab@suse.de +- Fix quoting in configure script. +* Wed Mar 08 2006 - mjancar@suse.cz +- don't limit access to local group users (#151938) +* Fri Jan 27 2006 - mjancar@suse.cz +- set environment and sudo search PATH to SECURE_PATH + only when env_reset (#145687) +* Thu Jan 26 2006 - schwab@suse.de +- Fix syntax error in /etc/sudoers. +* Thu Jan 26 2006 - mjancar@suse.cz +- fix PATH always reset (#145687) +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Sun Jan 15 2006 - schwab@suse.de +- Don't strip binaries. +* Tue Jan 10 2006 - mjancar@suse.cz +- fix CVE-2005-4158 (#140300) + * compile with --with-secure-path + * use always_set_home and env_reset by default +- document purpose of the default asking for root password +* Wed Dec 21 2005 - mjancar@suse.cz +- update to 1.6.8p12 +* Fri Dec 09 2005 - ro@suse.de +- disabled selinux +* Tue Aug 02 2005 - mjancar@suse.cz +- update to 1.6.8p9 +* Mon Jun 20 2005 - anicka@suse.cz +- build position independent binaries +* Mon Feb 28 2005 - ro@suse.de +- update to 1.6.8p7 +* Mon Nov 15 2004 - kukuk@suse.de +- Use common PAM config files +* Mon Sep 13 2004 - ro@suse.de +- undef __P first +* Tue Apr 06 2004 - kukuk@suse.de +- fix default permissions of sudo +* Fri Mar 26 2004 - ro@suse.de +- added postfix to neededforbuild +* Wed Feb 25 2004 - lnussel@suse.de +- Add comment and warning for 'Defaults targetpw' to config file +* Thu Jan 29 2004 - kukuk@suse.de +- Fix sudo configuration broken by last patch +* Wed Jan 28 2004 - kukuk@suse.de +- Add SELinux patch +* Thu Jan 22 2004 - ro@suse.de +- package /etc/sudoers as 0640 +* Fri Jan 16 2004 - kukuk@suse.de +- Add pam-devel to neededforbuild +* Sun Jan 11 2004 - adrian@suse.de +- build as user +* Fri Nov 07 2003 - schwab@suse.de +- Fix quoting in configure script. +* Wed Sep 10 2003 - mjancar@suse.cz +- move the defaults to better place in /etc/sudoers (#30282) +* Mon Aug 25 2003 - mjancar@suse.cz +- update to 1.6.7p5 + * Fixed a problem with large numbers + of environment variables. +- more useful defaults (#28056) +* Wed May 14 2003 - mjancar@suse.cz +- update to version 1.6.7p4 +* Fri Feb 07 2003 - kukuk@suse.de +- Use pam_unix2.so instead of pam_unix.so +* Wed Jun 05 2002 - pmladek@suse.cz +- updated to version 1.6.6 +- removed obsolete heap-overflow fix in prompt patch +* Mon Apr 22 2002 - pmladek@suse.cz +- fixed a heap-overflow (prompt patch) +- fixed prompt behaviour, %% is always translated to %% (prompt patch) +* Tue Feb 12 2002 - pmladek@suse.cz +- insults are really off by default now [#13134] +- sudo.pamd moved from patch to sources +- used %%defattr(-,root,root) +* Thu Jan 24 2002 - postadal@suse.cz +- updated to version 1.6.5p2 +* Thu Jan 17 2002 - pmladek@suse.cz +- updated to version 1.6.5p1 +- removed obsolete security patch (to do not run mailer as root), + sudo runs mailer again as root but with hard-coded environment +* Wed Jan 02 2002 - pmladek@suse.cz +- aplied security patch from Sebastian Krahmer + to do not run mailer as root +- NOTIFY_BY_EMAIL enabled +* Tue Oct 30 2001 - bjacke@suse.de +- make /etc/sudoers (noreplace) +* Wed Aug 15 2001 - pmladek@suse.cz +- updated to version 1.6.3p7 +* Tue Aug 14 2001 - ro@suse.de +- Don't use absolute paths to PAM modules in PAM config files +* Tue Feb 27 2001 - pblaha@suse.cz +- update on 1.6.3p6 for fix potential security problems +* Mon Jun 26 2000 - schwab@suse.de +- Add %%suse_update_config. +* Thu May 04 2000 - smid@suse.cz +- upgrade to 1.6.3 +- buildroot added +* Tue Apr 04 2000 - uli@suse.de +- added "--with-env-editor" to configure call +* Wed Mar 01 2000 - schwab@suse.de +- Specfile cleanup, remove Makefile.Linux +- /usr/man -> /usr/share/man +* Mon Sep 13 1999 - bs@suse.de +- ran old prepare_spec on spec file to switch to new prepare_spec. +* Wed Jun 09 1999 - kukuk@suse.de +- update to version 1.5.9p1 +- enable PAM +* Thu Jan 02 1997 - florian@suse.de +- update to version 1.5.2 +- sudo has changed a lot, please check the sudo documentation