diff --git a/sudo-1.7.1-__P.diff b/sudo-1.7.1-__P.diff index 3888ebd..51091a5 100644 --- a/sudo-1.7.1-__P.diff +++ b/sudo-1.7.1-__P.diff @@ -1,6 +1,8 @@ ---- compat.h +Index: compat.h +=================================================================== +--- compat.h.orig +++ compat.h -@@ -28,6 +28,7 @@ +@@ -29,6 +29,7 @@ */ /* Deal with ANSI stuff reasonably. */ diff --git a/sudo-1.7.1-defaults.diff b/sudo-1.7.1-defaults.diff index 841756a..85d7b92 100644 --- a/sudo-1.7.1-defaults.diff +++ b/sudo-1.7.1-defaults.diff @@ -1,6 +1,8 @@ ---- defaults.c +Index: defaults.c +=================================================================== +--- defaults.c.orig +++ defaults.c -@@ -430,9 +430,6 @@ +@@ -418,9 +418,6 @@ init_defaults() #ifdef FQDN def_fqdn = TRUE; #endif diff --git a/sudo-1.7.1-env.diff b/sudo-1.7.1-env.diff index 222576f..c9fad91 100644 --- a/sudo-1.7.1-env.diff +++ b/sudo-1.7.1-env.diff @@ -1,4 +1,6 @@ ---- sudoers2ldif +Index: sudoers2ldif +=================================================================== +--- sudoers2ldif.orig +++ sudoers2ldif @@ -1,4 +1,4 @@ -#!/usr/bin/env perl diff --git a/sudo-1.7.1-pam_rhost.diff b/sudo-1.7.1-pam_rhost.diff index d0be390..cd835fb 100644 --- a/sudo-1.7.1-pam_rhost.diff +++ b/sudo-1.7.1-pam_rhost.diff @@ -1,12 +1,14 @@ ---- auth/pam.c +Index: auth/pam.c +=================================================================== +--- auth/pam.c.orig +++ auth/pam.c -@@ -209,7 +209,9 @@ +@@ -111,7 +111,9 @@ pam_init(pw, promptp, auth) + * We set PAM_RHOST to avoid a bug in Solaris 7 and below. */ - (void) pam_set_item(pamh, PAM_USER, pw->pw_name); (void) pam_set_item(pamh, PAM_RUSER, user_name); +#if 0 /* we don't care about Solaris bugs */ (void) pam_set_item(pamh, PAM_RHOST, user_host); +#endif /* - * Set credentials (may include resource limits, device ownership, etc). + * Some versions of pam_lastlog have a bug that diff --git a/sudo-1.7.1-secure_path.diff b/sudo-1.7.1-secure_path.diff index e6152a9..62b5fd5 100644 --- a/sudo-1.7.1-secure_path.diff +++ b/sudo-1.7.1-secure_path.diff @@ -1,6 +1,8 @@ ---- env.c +Index: env.c +=================================================================== +--- env.c.orig +++ env.c -@@ -688,7 +688,7 @@ +@@ -700,7 +700,7 @@ rebuild_env(sudo_mode, noexec) } } /* Replace the PATH envariable with a secure one? */ @@ -9,9 +11,11 @@ sudo_setenv("PATH", def_secure_path, TRUE); SET(didvar, DID_PATH); } ---- find_path.c +Index: find_path.c +=================================================================== +--- find_path.c.orig +++ find_path.c -@@ -87,7 +87,7 @@ +@@ -87,7 +87,7 @@ find_path(infile, outfile, sbp, path) } /* Use PATH passed in unless SECURE_PATH is in effect. */ @@ -20,9 +24,11 @@ path = def_secure_path; else if (path == NULL) return(NOT_FOUND); ---- logging.c +Index: logging.c +=================================================================== +--- logging.c.orig +++ logging.c -@@ -433,7 +433,7 @@ +@@ -434,7 +434,7 @@ send_mail(line) #ifndef NO_ROOT_MAILER static char *root_envp[] = { "HOME=/", @@ -31,7 +37,9 @@ "LOGNAME=root", "USERNAME=root", "USER=root", ---- pathnames.h.in +Index: pathnames.h.in +=================================================================== +--- pathnames.h.in.orig +++ pathnames.h.in @@ -41,9 +41,10 @@ #define _PATH_DEVNULL "/dev/null" diff --git a/sudo-1.7.1-strip.diff b/sudo-1.7.1-strip.diff index 7b2f54d..51bb568 100644 --- a/sudo-1.7.1-strip.diff +++ b/sudo-1.7.1-strip.diff @@ -1,6 +1,8 @@ ---- Makefile.in +Index: Makefile.in +=================================================================== +--- Makefile.in.orig +++ Makefile.in -@@ -415,11 +415,11 @@ +@@ -417,11 +417,11 @@ install-dirs: $(DESTDIR)$(noexecdir) install-binaries: install-dirs $(PROGS) diff --git a/sudo-1.7.1-sudoers.diff b/sudo-1.7.1-sudoers.diff index 266f8ba..68d3c78 100644 --- a/sudo-1.7.1-sudoers.diff +++ b/sudo-1.7.1-sudoers.diff @@ -1,6 +1,8 @@ ---- sudo.man.in +Index: sudo.man.in +=================================================================== +--- sudo.man.in.orig +++ sudo.man.in -@@ -180,8 +180,8 @@ +@@ -190,8 +190,8 @@ is initialized based on the group file ( specified). If the invoking user is root or if the target user is the same as the invoking user, no password is required. Otherwise, \&\fBsudo\fR requires that users authenticate themselves with a password @@ -11,7 +13,9 @@ a timestamp is updated and the user may then use sudo without a password for a short period of time (\f(CW\*(C`@timeout@\*(C'\fR minutes unless overridden in \fIsudoers\fR). ---- sudoers +Index: sudoers +=================================================================== +--- sudoers.orig +++ sudoers @@ -15,6 +15,26 @@ diff --git a/sudo-1.7.2.tar.bz2 b/sudo-1.7.2.tar.bz2 deleted file mode 100644 index ad0e761..0000000 --- a/sudo-1.7.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:df8e24807b0abd3f407d71aa2b46bdc859a0144bea318c6d1ea21edd476431fe -size 582651 diff --git a/sudo-1.7.2p4.tar.gz b/sudo-1.7.2p4.tar.gz new file mode 100644 index 0000000..b69c43b --- /dev/null +++ b/sudo-1.7.2p4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:57d9adbdffa881e32894231079da7d68ffe99f46942818b63baadf6c795b7bdd +size 772821 diff --git a/sudo.changes b/sudo.changes index 977c9b2..38ed8c8 100644 --- a/sudo.changes +++ b/sudo.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Wed Feb 24 16:19:35 UTC 2010 - prusnak@suse.cz + +- updated to 1.7.2p4 + * Fixed the expansion of the %h escape in #include file names + introduced in sudo 1.7.1. + * Fixed a a bug where the negation operator in a Cmnd_List + was not being honored. + * No longer produce a parse error when #includedir references + a directory that contains no valid filenames. + * The sudo.man.pl and sudoers.man.pl files are now included + in the distribution for people who wish to regenerate the man pages. + * Fixed the emulation of krb5_get_init_creds_opt_alloc() for MIT kerberos. + * When authenticating via PAM, set PAM_RUSER and PAM_RHOST early + so they can be used during authentication. + * Fix printing of entries with multiple host entries on + a single line. + * Fix use after free when sending error messages via email. + * Use setrlimit64(), if available, instead of setrlimit() + when setting AIX resource limits since rlim_t is 32bits. + * Fix size arg when realloc()ing include stack. + * Avoid a duplicate fclose() of the sudoers file. + * Fix a bug that could allow users with permission to run sudoedit + to run arbitrary commands. + ------------------------------------------------------------------- Tue Jan 26 22:48:31 CET 2010 - jengelh@medozas.de diff --git a/sudo.spec b/sudo.spec index f2d9d10..ec39482 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,5 +1,5 @@ # -# spec file for package sudo (Version 1.7.2) +# spec file for package sudo (Version 1.7.2p4) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -22,13 +22,13 @@ Name: sudo BuildRequires: openldap2-devel pam-devel postfix BuildRequires: libselinux-devel PreReq: coreutils -Version: 1.7.2 -Release: 2 +Version: 1.7.2p4 +Release: 1 Group: System/Base License: BSD3c(or similar) Url: http://www.sudo.ws/ Summary: Execute some commands as root -Source0: %{name}-%{version}.tar.bz2 +Source0: http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz Source1: %{name}.pamd Source2: README.SUSE Patch1: %{name}-1.7.1-defaults.diff @@ -96,7 +96,7 @@ make %{?jobs:-j%jobs} %install make DESTDIR=$RPM_BUILD_ROOT install -install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo +install -d -m 700 $RPM_BUILD_ROOT%{_localstatedir}/run/sudo install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo install -m 755 sudoers2ldif $RPM_BUILD_ROOT%{_sbindir}/sudoers2ldif @@ -119,6 +119,6 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/sudoedit %{_sbindir}/* %{_libexecdir}/sudo -/var/run/sudo +%{_localstatedir}/run/sudo %changelog