Accepting request 909383 from home:czanik:branches:Base:System

- update to 1.9.7p2 - enabled openssl support for secure central session recording collection (without it's clear text) - fixed SLES12 build * When formatting JSON output, octal numbers are now stored as strings, not numbers. The JSON spec does not actually support octal numbers with a '0' prefix. * Fixed a compilation issue on Solaris 9. * Sudo now can handle the getgroups() function returning a different number of groups for subsequent invocations. GitHub PR #106. * When loading a Python plugin, python_plugin.so now verifies that the module loaded matches the one we tried to load. This allows sudo to display a more useful error message when trying to load a plugin with a name that conflicts with a Python module installed in the system location. * Sudo no longer sets the the open files resource limit to "unlimited" while it runs. This avoids a problem where sudo's closefrom() emulation would need to close a very large number of descriptors on systems without a way to determine which ones are actually open. * Sudo now includes a configure check for va_copy or __va_copy and only defines its own version if the configure test fails. * Fixed a bug in sudo's utmp file handling which prevented old entries from being reused. As a result, the utmp (or utmpx) file was appended to unnecessarily. GitHub PR #108. * Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd from accepting TLS connections when OpenSSL is used. Bug #988. * Fixed an SELinux sudoedit bug when the edited temporary file could not be opened. The sesh helper would still be run even when there are no temporary files available to install. * Fixed a compilation problem on FreeBSD. * The sudo_noexec.so file is now built as a module on all systems other than macOS. This makes it possible to use other libtool implementations such as slibtool. On macOS shared libraries and modules are not interchangeable and the version of libtool shipped with sudo must be used. * Fixed a few bugs in the getgrouplist() emulation on Solaris when reading from the local group file. * Fixed a bug in sudo_logsrvd that prevented periodic relay server connection retries from occurring in "store_first" mode. * Disabled the nss_search()-based getgrouplist() emulation on HP-UX due to a crash when the group source is set to "compat" in /etc/nsswitch.conf. This is probably due to a mismatch between include/compat/nss_dbdefs.h and what HP-UX uses internally. On HP-UX we now just cycle through groups the slow way using getgrent(). Bug #978. OBS-URL: https://build.opensuse.org/request/show/909383 OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=201
2021-08-17 23:42:04 +00:00 · 2021-08-17 23:42:04 +00:00 · 6c83a9a46c
commit 6c83a9a46c
parent 3a3c58c1c7
6 changed files with 60 additions and 4 deletions
--- a/sudo-1.9.7.tar.gz
+++ b/sudo-1.9.7.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2bbe7c2d6699b84d950ef9a43f09d4d967b8bc244b73bc095c4202068ddbe549
-size 4194242
--- a/sudo-1.9.7.tar.gz.sig
+++ b/sudo-1.9.7.tar.gz.sig
--- a/sudo-1.9.7p2.tar.gz
+++ b/sudo-1.9.7p2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:28b5ee725dbf89a7852f42f309ca877d2810a9531b4eecfe59f3a84b6b4afca8
+size 4200036
--- a/sudo-1.9.7p2.tar.gz.sig
+++ b/sudo-1.9.7p2.tar.gz.sig
--- a/sudo.changes
+++ b/sudo.changes
@ -1,3 +1,52 @@
+-------------------------------------------------------------------
+Fri Jul 30 07:35:39 UTC 2021 - peter czanik <peter@czanik.hu>
+
+- update to 1.9.7p2 
+- enabled openssl support for secure central session
+  recording collection (without it's clear text)
+- fixed SLES12 build
+ * When formatting JSON output, octal numbers are now stored as
+   strings, not numbers.  The JSON spec does not actually support
+   octal numbers with a '0' prefix.
+ * Fixed a compilation issue on Solaris 9.
+ * Sudo now can handle the getgroups() function returning a different
+   number of groups for subsequent invocations.  GitHub PR #106.
+ * When loading a Python plugin, python_plugin.so now verifies
+   that the module loaded matches the one we tried to load.  This
+   allows sudo to display a more useful error message when trying
+   to load a plugin with a name that conflicts with a Python module
+   installed in the system location.
+ * Sudo no longer sets the the open files resource limit to "unlimited"
+   while it runs.  This avoids a problem where sudo's closefrom()
+   emulation would need to close a very large number of descriptors
+   on systems without a way to determine which ones are actually open.
+ * Sudo now includes a configure check for va_copy or __va_copy and
+   only defines its own version if the configure test fails.
+ * Fixed a bug in sudo's utmp file handling which prevented old
+   entries from being reused.  As a result, the utmp (or utmpx)
+   file was appended to unnecessarily.  GitHub PR #108.
+ * Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd
+   from accepting TLS connections when OpenSSL is used.  Bug #988.
+ * Fixed an SELinux sudoedit bug when the edited temporary file
+   could not be opened.  The sesh helper would still be run even
+   when there are no temporary files available to install.
+ * Fixed a compilation problem on FreeBSD.
+ * The sudo_noexec.so file is now built as a module on all systems
+   other than macOS.  This makes it possible to use other libtool
+   implementations such as slibtool.  On macOS shared libraries and
+   modules are not interchangeable and the version of libtool shipped
+   with sudo must be used.
+ * Fixed a few bugs in the getgrouplist() emulation on Solaris when
+   reading from the local group file.
+ * Fixed a bug in sudo_logsrvd that prevented periodic relay server
+   connection retries from occurring in "store_first" mode.
+ * Disabled the nss_search()-based getgrouplist() emulation on HP-UX
+   due to a crash when the group source is set to "compat" in
+   /etc/nsswitch.conf.  This is probably due to a mismatch between
+   include/compat/nss_dbdefs.h and what HP-UX uses internally.  On
+   HP-UX we now just cycle through groups the slow way using
+   getgrent().  Bug #978.
+
 -------------------------------------------------------------------
 Mon Jul 12 16:29:32 UTC 2021 - Yaroslav Kurlaev <yaroslav.kurlaev@gmail.com>

--- a/sudo.spec
+++ b/sudo.spec
@ -22,7 +22,7 @@
 %define use_usretc 1
 %endif
 Name:           sudo
-Version:        1.9.7
+Version:        1.9.7p2
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC
@ -41,6 +41,7 @@ Patch0:         sudo-sudoers.patch
 BuildRequires:  audit-devel
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  groff
+BuildRequires:  libopenssl-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
@ -115,6 +116,7 @@ export LDFLAGS="-pie"
    --enable-shell-sets-home \
    --enable-warnings \
    --enable-python \
+    --enable-openssl \
    --with-sendmail=%{_sbindir}/sendmail \
    --with-sudoers-mode=0440 \
    --with-env-editor \
@ -122,8 +124,13 @@ export LDFLAGS="-pie"
    --with-passprompt="[sudo] password for %%p: " \
    --with-rundir=%{_localstatedir}/lib/sudo \
    --with-sssd
+%if 0%{?sle_version} < 150000
+# the SLES12 way
+make %{?_smp_mflags} V=1
+%else
 # -B required to make every build give the same result - maybe from bad build deps in Makefiles?
 %make_build -B
+%endif

 %install
 %make_install install_uid=`id -u` install_gid=`id -g`