diff --git a/sudo-1.9.8p2.tar.gz b/sudo-1.9.8p2.tar.gz deleted file mode 100644 index a05ea02..0000000 --- a/sudo-1.9.8p2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9e3b8b8da7def43b6e60c257abe80467205670fd0f7c081de1423c414b680f2d -size 4302256 diff --git a/sudo-1.9.8p2.tar.gz.sig b/sudo-1.9.8p2.tar.gz.sig deleted file mode 100644 index ffe9371..0000000 Binary files a/sudo-1.9.8p2.tar.gz.sig and /dev/null differ diff --git a/sudo-1.9.9.tar.gz b/sudo-1.9.9.tar.gz new file mode 100644 index 0000000..69e033b --- /dev/null +++ b/sudo-1.9.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6d6ee863a3bc26c87661093a74ec63e10fd031ceba714642d21636dfe25e3e00 +size 4456969 diff --git a/sudo-1.9.9.tar.gz.sig b/sudo-1.9.9.tar.gz.sig new file mode 100644 index 0000000..f89246d Binary files /dev/null and b/sudo-1.9.9.tar.gz.sig differ diff --git a/sudo-feature-negated-LDAP-users.patch b/sudo-feature-negated-LDAP-users.patch deleted file mode 100644 index 1c59dd7..0000000 --- a/sudo-feature-negated-LDAP-users.patch +++ /dev/null @@ -1,295 +0,0 @@ -From e88087721be391ec851b3cad8a88a5476f03d317 Mon Sep 17 00:00:00 2001 -From: "Todd C. Miller" -Date: Tue, 18 Jan 2022 11:20:22 -0700 -Subject: [PATCH] Add support in the LDAP filter for negated users. Based on a - diff from Simon Lees - ---- - docs/sudoers.ldap.man.in | 31 ++++------ - docs/sudoers.ldap.mdoc.in | 28 ++++----- - plugins/sudoers/ldap.c | 116 ++++++++++++++++++++++++++++---------- - 3 files changed, 109 insertions(+), 66 deletions(-) - -diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c -index 4b768fdfb..e3c47b9bc 100644 ---- a/plugins/sudoers/ldap.c -+++ b/plugins/sudoers/ldap.c -@@ -1,7 +1,7 @@ - /* - * SPDX-License-Identifier: ISC - * -- * Copyright (c) 2003-2020 Todd C. Miller -+ * Copyright (c) 2003-2022 Todd C. Miller - * - * This code is derived from software contributed by Aaron Spangler. - * -@@ -315,18 +315,18 @@ sudo_ldap_get_values_len(LDAP *ld, LDAPMessage *entry, char *attr, int *rc) - /* - * Walk through search results and return true if we have a matching - * non-Unix group (including netgroups), else false. -+ * A matching entry that is negated will always return false. - */ - static int - sudo_ldap_check_non_unix_group(LDAP *ld, LDAPMessage *entry, struct passwd *pw) - { - struct berval **bv, **p; - bool ret = false; -- char *val; - int rc; - debug_decl(sudo_ldap_check_non_unix_group, SUDOERS_DEBUG_LDAP); - - if (!entry) -- debug_return_bool(ret); -+ debug_return_bool(false); - - /* get the values from the entry */ - bv = sudo_ldap_get_values_len(ld, entry, "sudoUser", &rc); -@@ -338,18 +338,29 @@ sudo_ldap_check_non_unix_group(LDAP *ld, LDAPMessage *entry, struct passwd *pw) - - /* walk through values */ - for (p = bv; *p != NULL && !ret; p++) { -- val = (*p)->bv_val; -+ bool negated = false; -+ char *val = (*p)->bv_val; -+ -+ if (*val == '!') { -+ val++; -+ negated = true; -+ } - if (*val == '+') { - if (netgr_matches(val, def_netgroup_tuple ? user_runhost : NULL, - def_netgroup_tuple ? user_srunhost : NULL, pw->pw_name)) - ret = true; -- DPRINTF2("ldap sudoUser netgroup '%s' ... %s", val, -- ret ? "MATCH!" : "not"); -+ DPRINTF2("ldap sudoUser netgroup '%s%s' ... %s", -+ negated ? "!" : "", val, ret ? "MATCH!" : "not"); - } else { - if (group_plugin_query(pw->pw_name, val + 2, pw)) - ret = true; -- DPRINTF2("ldap sudoUser non-Unix group '%s' ... %s", val, -- ret ? "MATCH!" : "not"); -+ DPRINTF2("ldap sudoUser non-Unix group '%s%s' ... %s", -+ negated ? "!" : "", val, ret ? "MATCH!" : "not"); -+ } -+ /* A negated match overrides all other entries. */ -+ if (ret && negated) { -+ ret = false; -+ break; - } - } - -@@ -928,7 +939,8 @@ sudo_netgroup_lookup(LDAP *ld, struct passwd *pw, - static char * - sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - { -- char *buf, timebuffer[TIMEFILTER_LENGTH + 1], idbuf[MAX_UID_T_LEN + 1]; -+ char timebuffer[TIMEFILTER_LENGTH + 1], idbuf[MAX_UID_T_LEN + 1]; -+ char *buf, *notbuf; - struct ldap_netgroup_list netgroups; - struct ldap_netgroup *ng = NULL; - struct gid_list *gidlist; -@@ -940,34 +952,45 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - - STAILQ_INIT(&netgroups); - -- /* If there is a filter, allocate space for the global AND. */ -- if (ldap_conf.timed || ldap_conf.search_filter) -+ if (ldap_conf.timed || ldap_conf.search_filter) { -+ /* Allocate space for the global AND. */ - sz += 3; - -- /* Add LDAP search filter if present. */ -- if (ldap_conf.search_filter) -- sz += strlen(ldap_conf.search_filter); -+ /* Add LDAP search filter if present. */ -+ if (ldap_conf.search_filter) -+ sz += strlen(ldap_conf.search_filter); -+ -+ /* If timed, add space for time limits. */ -+ if (ldap_conf.timed) -+ sz += TIMEFILTER_LENGTH; -+ } -+ -+ /* Add space for the global OR clause + (sudoUser=ALL) + NOT + NUL. */ -+ sz += sizeof("(|(sudoUser=ALL)(!(|)))"); - -- /* Then add (|(sudoUser=USERNAME)(sudoUser=#uid)(sudoUser=ALL)) + NUL */ -- sz += 29 + (12 + MAX_UID_T_LEN) + sudo_ldap_value_len(pw->pw_name); -+ /* Add space for username and uid, including the negated versions. */ -+ sz += ((sizeof("(sudoUser=)(sudoUser=#)") - 1 + -+ sudo_ldap_value_len(pw->pw_name) + MAX_UID_T_LEN) * 2) + 2; - - /* Add space for primary and supplementary groups and gids */ - if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) { -- sz += 12 + sudo_ldap_value_len(grp->gr_name); -+ sz += ((sizeof("(sudoUser=%)") - 1 + -+ sudo_ldap_value_len(grp->gr_name)) * 2) + 1; - } -- sz += 13 + MAX_UID_T_LEN; -+ sz += ((sizeof("(sudoUser=%#)") - 1 + MAX_UID_T_LEN) * 2) + 1; - if ((grlist = sudo_get_grlist(pw)) != NULL) { - for (i = 0; i < grlist->ngroups; i++) { - if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0) - continue; -- sz += 12 + sudo_ldap_value_len(grlist->groups[i]); -+ sz += ((sizeof("(sudoUser=%)") - 1 + -+ sudo_ldap_value_len(grlist->groups[i])) * 2) + 1; - } - } - if ((gidlist = sudo_get_gidlist(pw, ENTRY_TYPE_ANY)) != NULL) { - for (i = 0; i < gidlist->ngids; i++) { - if (pw->pw_gid == gidlist->gids[i]) - continue; -- sz += 13 + MAX_UID_T_LEN; -+ sz += ((sizeof("(sudoUser=%#)") - 1 + MAX_UID_T_LEN) * 2) + 1; - } - } - -@@ -976,7 +999,7 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - DPRINTF1("Looking up netgroups for %s", pw->pw_name); - if (sudo_netgroup_lookup(ld, pw, &netgroups)) { - STAILQ_FOREACH(ng, &netgroups, entries) { -- sz += 14 + strlen(ng->name); -+ sz += ((sizeof("(sudoUser=+)") - 1 + strlen(ng->name)) * 2) + 1; - } - } else { - /* sudo_netgroup_lookup() failed, clean up. */ -@@ -988,12 +1011,12 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - } - } - -- /* If timed, add space for time limits. */ -- if (ldap_conf.timed) -- sz += TIMEFILTER_LENGTH; -- if ((buf = malloc(sz)) == NULL) -+ buf = malloc(sz); -+ notbuf = malloc(sz); -+ if (buf == NULL || notbuf == NULL) - goto bad; - *buf = '\0'; -+ *notbuf = '\0'; - - /* - * If timed or using a search filter, start a global AND clause to -@@ -1009,23 +1032,35 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - CHECK_STRLCAT(buf, "(|(sudoUser=", sz); - CHECK_LDAP_VCAT(buf, pw->pw_name, sz); - CHECK_STRLCAT(buf, ")", sz); -+ CHECK_STRLCAT(notbuf, "(sudoUser=!", sz); -+ CHECK_LDAP_VCAT(notbuf, pw->pw_name, sz); -+ CHECK_STRLCAT(notbuf, ")", sz); - - /* Append user-ID */ - (void) snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int)pw->pw_uid); - CHECK_STRLCAT(buf, "(sudoUser=#", sz); - CHECK_STRLCAT(buf, idbuf, sz); - CHECK_STRLCAT(buf, ")", sz); -+ CHECK_STRLCAT(notbuf, "(sudoUser=!#", sz); -+ CHECK_STRLCAT(notbuf, idbuf, sz); -+ CHECK_STRLCAT(notbuf, ")", sz); - - /* Append primary group and group-ID */ - if (grp != NULL) { - CHECK_STRLCAT(buf, "(sudoUser=%", sz); - CHECK_LDAP_VCAT(buf, grp->gr_name, sz); - CHECK_STRLCAT(buf, ")", sz); -+ CHECK_STRLCAT(notbuf, "(sudoUser=!%", sz); -+ CHECK_LDAP_VCAT(notbuf, grp->gr_name, sz); -+ CHECK_STRLCAT(notbuf, ")", sz); - } - (void) snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int)pw->pw_gid); - CHECK_STRLCAT(buf, "(sudoUser=%#", sz); - CHECK_STRLCAT(buf, idbuf, sz); - CHECK_STRLCAT(buf, ")", sz); -+ CHECK_STRLCAT(notbuf, "(sudoUser=!%#", sz); -+ CHECK_STRLCAT(notbuf, idbuf, sz); -+ CHECK_STRLCAT(notbuf, ")", sz); - - /* Append supplementary groups and group-IDs */ - if (grlist != NULL) { -@@ -1035,6 +1070,9 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - CHECK_STRLCAT(buf, "(sudoUser=%", sz); - CHECK_LDAP_VCAT(buf, grlist->groups[i], sz); - CHECK_STRLCAT(buf, ")", sz); -+ CHECK_STRLCAT(notbuf, "(sudoUser=!%", sz); -+ CHECK_LDAP_VCAT(notbuf, grlist->groups[i], sz); -+ CHECK_STRLCAT(notbuf, ")", sz); - } - } - if (gidlist != NULL) { -@@ -1046,6 +1084,9 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - CHECK_STRLCAT(buf, "(sudoUser=%#", sz); - CHECK_STRLCAT(buf, idbuf, sz); - CHECK_STRLCAT(buf, ")", sz); -+ CHECK_STRLCAT(notbuf, "(sudoUser=!%#", sz); -+ CHECK_STRLCAT(notbuf, idbuf, sz); -+ CHECK_STRLCAT(notbuf, ")", sz); - } - } - -@@ -1063,12 +1104,20 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - CHECK_STRLCAT(buf, "(sudoUser=+", sz); - CHECK_LDAP_VCAT(buf, ng->name, sz); - CHECK_STRLCAT(buf, ")", sz); -+ CHECK_STRLCAT(notbuf, "(sudoUser=!+", sz); -+ CHECK_LDAP_VCAT(notbuf, ng->name, sz); -+ CHECK_STRLCAT(notbuf, ")", sz); - free(ng->name); - free(ng); - } - -- /* Add ALL to list and end the global OR. */ -- CHECK_STRLCAT(buf, "(sudoUser=ALL)", sz); -+ /* Add ALL to list. */ -+ CHECK_STRLCAT(buf, "(sudoUser=ALL))", sz); -+ -+ /* Add filter for negated entries. */ -+ CHECK_STRLCAT(buf, "(!(|", sz); -+ CHECK_STRLCAT(buf, notbuf, sz); -+ CHECK_STRLCAT(buf, ")", sz); - - /* Add the time restriction, or simply end the global OR. */ - if (ldap_conf.timed) { -@@ -1079,8 +1128,10 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - } else if (ldap_conf.search_filter) { - CHECK_STRLCAT(buf, ")", sz); /* closes the global OR */ - } -+ - CHECK_STRLCAT(buf, ")", sz); /* closes the global OR or the global AND */ - -+ free(notbuf); - debug_return_str(buf); - overflow: - sudo_warnx(U_("internal error, %s overflow"), __func__); -@@ -1097,6 +1148,7 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) - free(ng); - } - free(buf); -+ free(notbuf); - debug_return_str(NULL); - } - -@@ -1133,16 +1185,18 @@ sudo_ldap_build_pass2(void) - * those get ANDed in to the expression. - */ - if (query_netgroups && def_group_plugin) { -- len = asprintf(&filt, "%s%s(|(sudoUser=+*)(sudoUser=%%:*))%s%s", -+ len = asprintf(&filt, "%s%s(|(sudoUser=+*)(sudoUser=!+*)(sudoUser=%%:*)(sudoUser=!%%:*))%s%s", - (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "", - ldap_conf.search_filter ? ldap_conf.search_filter : "", - ldap_conf.timed ? timebuffer : "", - (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); - } else { -- len = asprintf(&filt, "(&%s(sudoUser=*)(sudoUser=%s*)%s)", -+ len = asprintf(&filt, "%s%s(|(sudoUser=%s*)(sudoUser=!%s*))%s%s", -+ (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "", - ldap_conf.search_filter ? ldap_conf.search_filter : "", -- query_netgroups ? "+" : "%:", -- ldap_conf.timed ? timebuffer : ""); -+ query_netgroups ? "+" : "%:", query_netgroups ? "+" : "%:", -+ ldap_conf.timed ? timebuffer : "", -+ (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); - } - if (len == -1) - filt = NULL; diff --git a/sudo-sudoers.patch b/sudo-sudoers.patch index 2484adb..3db0d09 100644 --- a/sudo-sudoers.patch +++ b/sudo-sudoers.patch @@ -1,7 +1,7 @@ -Index: sudo-1.8.31/plugins/sudoers/sudoers.in +Index: sudo-1.9.9/plugins/sudoers/sudoers.in =================================================================== ---- sudo-1.8.31.orig/plugins/sudoers/sudoers.in -+++ sudo-1.8.31/plugins/sudoers/sudoers.in +--- sudo-1.9.9.orig/plugins/sudoers/sudoers.in ++++ sudo-1.9.9/plugins/sudoers/sudoers.in @@ -32,30 +32,23 @@ ## ## Defaults specification @@ -67,48 +67,17 @@ Index: sudo-1.8.31/plugins/sudoers/sudoers.in ## ## Runas alias specification ## -@@ -84,13 +84,5 @@ +@@ -84,13 +83,5 @@ root ALL=(ALL:ALL) ALL ## Same thing without a password - # %wheel ALL=(ALL) NOPASSWD: ALL + # %wheel ALL=(ALL:ALL) NOPASSWD: ALL -## Uncomment to allow members of group sudo to execute any command --# %sudo ALL=(ALL) ALL +-# %sudo ALL=(ALL:ALL) ALL - -## Uncomment to allow any user to run sudo if they know the password -## of the user they are running the command as (root by default). -# Defaults targetpw # Ask for the password of the target user --# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' +-# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw' - ## Read drop-in files from @sysconfdir@/sudoers.d @includedir @sysconfdir@/sudoers.d -Index: sudo-1.8.31/doc/sudoers.mdoc.in -=================================================================== ---- sudo-1.8.31.orig/doc/sudoers.mdoc.in -+++ sudo-1.8.31/doc/sudoers.mdoc.in -@@ -1985,7 +1985,7 @@ is present in the - .Em env_keep - list, both of which are strongly discouraged. - This flag is --.Em off -+.Em on - by default. - .It authenticate - If set, users must authenticate themselves via a password (or other -@@ -2376,7 +2376,7 @@ If set, - .Nm sudo - will insult users when they enter an incorrect password. - This flag is --.Em @insults@ -+.Em off - by default. - .It log_allowed - If set, -@@ -3009,7 +3009,7 @@ database as an argument to the - .Fl u - option. - This flag is --.Em off -+.Em on - by default. - .It tty_tickets - If set, users must authenticate on a per-tty basis. diff --git a/sudo.changes b/sudo.changes index e9c39c8..29d806a 100644 --- a/sudo.changes +++ b/sudo.changes @@ -1,3 +1,91 @@ +------------------------------------------------------------------- +Tue Feb 1 02:27:04 UTC 2022 - Simon Lees + +- Update to 1.9.9 + * Sudo can now be built with OpenSSL 3.0 without generating + warnings about deprecated OpenSSL APIs. + * A digest can now be specified along with the ALL command in + the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for + this in the sudoers file but did not include corresponding + changes for the other back-ends. + * visudo now only warns about an undefined alias or a cycle in + an alias once for each alias. + * The sudoRole cn was truncated by a single character in warning + messages. GitHub issue #115. + * The cvtsudoers utility has new --group-file and --passwd-file + options to use a custom passwd or group file when the + --match-local option is also used. + * The cvtsudoers utility can now filter or match based on a command. + * The cvtsudoers utility can now produce output in csv + (comma-separated value) format. This can be used to help generate + entitlement reports. + * Fixed a bug in sudo_logsrvd that could result in the connection + being dropped for very long command lines. + * Fixed a bug where sudo_logsrvd would not accept a restore point + of zero. + * Fixed a bug in visudo where the value of the editor setting was + not used if it did not match the user’s EDITOR environment + variable. This was only a problem if the env_editor setting was + not enabled. Bug #1000. + * Sudo now builds with the -fcf-protection compiler option and the + -z now linker option if supported. + * The output of sudoreplay -l now more closely matches the + traditional sudo log format. + * The sudo_sendlog utility will now use the full contents of the + log.json file, if present. This makes it possible to send + sudo-format I/O logs that use the newer log.json format to + sudo_logsrvd without losing any information. + * Fixed compilation of the arc4random_buf() replacement on systems + with arc4random() but no arc4random_buf(). Bug #1008. + * Sudo now uses its own getentropy() by default on Linux. The GNU + libc version of getentropy() will fail on older kernels that + don’t support the getrandom() system call. + * It is now possible to build sudo with WolfSSL’s OpenSSL + compatibility layer by using the --enable-wolfssl configure + option. + * Fixed a bug related to Daylight Saving Time when parsing + timestamps in Generalized Time format. This affected the NOTBEFORE + and NOTAFTER options in sudoers. Bug #1006. + * Added the -O and -P options to visudo, which can be used to check + or set the owner and permissions. This can be used in conjunction + with the -c option to check that the sudoers file ownership and + permissions are correct. Bug #1007. + * It is now possible to set resource limits in the sudoers file + itself. The special values default and “user” refer to the + default system limit and invoking user limit respectively. The + core dump size limit is now set to 0 by default unless overridden + by the sudoers file. + * The cvtsudoers utility can now merge multiple sudoers sources into + a single, combined sudoers file. If there are conflicting entries, + cvtsudoers will attempt to resolve them but manual intervention + may be required. The merging of sudoers rules is currently fairly + simplistic but will be improved in a future release. + * Sudo was parsing but not applying the “deref” and “tls_reqcert” + ldap.conf settings. This meant the options were effectively ignored + which broke dereferencing of aliases in LDAP. Bug #1013. + * Clarified in the sudo man page that the security policy may + override the user’s PATH environment variable. Bug #1014. + * When sudo is run in non-interactive mode (with the -n option), it + will now attempt PAM authentication and only exit with an error if + user interaction is required. This allows PAM modules that don’t + interact with the user to succeed. Previously, sudo would not + attempt authentication if the -n option was specified. Bug #956 + and GitHub issue #83. + * Fixed a regression introduced in version 1.9.1 when sudo is built + with the --with-fqdn configure option. The local host name was + being resolved before the sudoers file was processed, making it + impossible to disable DNS lookups by negating the fqdn sudoers + option. Bug #1016. + * Added support for negated sudoUser attributes in the LDAP and SSSD + sudoers back ends. A matching sudoUser that is negated will cause + the sudoRole containing it to be ignored. + * Fixed a bug where the stack resource limit could be set to a value + smaller than that of the invoking user and not be reset before the + command was run. Bug #1016. +- sudo no longer ships schema for LDAP. +- sudo-feature-negated-LDAP-users.patch dropped, included upstream +- refreshed sudo-sudoers.patch + ------------------------------------------------------------------- Thu Jan 27 03:00:26 UTC 2022 - Simon Lees @@ -85,7 +173,7 @@ Wed Sep 22 12:27:51 UTC 2021 - Kristyna Streitova ------------------------------------------------------------------- Fri Jul 30 07:35:39 UTC 2021 - peter czanik -- update to 1.9.7p2 +- update to 1.9.7p2 - enabled openssl support for secure central session recording collection (without it's clear text) - fixed SLES12 build @@ -204,8 +292,8 @@ Wed May 12 15:22:11 UTC 2021 - Kristyna Streitova Bug #820. * Corrected the description of which groups may be specified via the -g option in the Runas_Spec section. Bug #975. - - + + ------------------------------------------------------------------- Sat Mar 20 18:25:12 UTC 2021 - Dirk Müller diff --git a/sudo.spec b/sudo.spec index 9c1c846..9bb97bc 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ # # spec file for package sudo # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define use_usretc 1 %endif Name: sudo -Version: 1.9.8p2 +Version: 1.9.9 Release: 0 Summary: Execute some commands as root License: ISC @@ -38,8 +38,6 @@ Source6: fate_313276_test.sh Source7: README_313276.test # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config Patch0: sudo-sudoers.patch -# PATCH-Upstream fixes jira SLE-20068 - sflees@suse.de -Patch1: sudo-feature-negated-LDAP-users.patch BuildRequires: audit-devel BuildRequires: cyrus-sasl-devel BuildRequires: groff @@ -90,8 +88,7 @@ Requires: %{name} = %{version} Tests for fate#313276 %prep -%setup -q -%patch0 -p1 +%autosetup -p1 %build %ifarch s390 s390x %{sparc} @@ -142,7 +139,6 @@ install -m 644 %{SOURCE4} %{buildroot}%{_distconfdir}/pam.d/sudo-i rm -f %{buildroot}%{_bindir}/sudoedit ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema -install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema install -m 644 %{SOURCE5} %{buildroot}%{_docdir}/%{name}/ rm -f %{buildroot}%{_docdir}/%{name}/sample.pam rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf @@ -156,9 +152,10 @@ cat sudoers.lang >> %{name}.lang install -d -m 755 %{buildroot}%{_localstatedir}/lib/tests/sudo install -m 755 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/tests/sudo install -m 755 %{SOURCE7} %{buildroot}%{_localstatedir}/lib/tests/sudo -install -d %{buildroot}%{_docdir}/%{name}-test -install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE %{buildroot}%{_docdir}/%{name}-test/LICENSE -rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE + +install -d %{buildroot}%{_licensedir}/%{name} +install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE.md %{buildroot}%{_licensedir}/%{name}/LICENSE.md +rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE.md %if %{defined use_usretc} %pre @@ -187,7 +184,7 @@ chmod 0440 %{_sysconfdir}/sudoers %verify_permissions -e %{_bindir}/sudo %files -f %{name}.lang -%license doc/LICENSE +%license doc/LICENSE.md %doc %{_docdir}/%{name} %{_mandir}/man1/cvtsudoers.1%{?ext_man} %{_mandir}/man5/sudoers.5%{?ext_man} @@ -215,9 +212,6 @@ chmod 0440 %{_sysconfdir}/sudoers %config(noreplace) %{_sysconfdir}/pam.d/sudo-i %endif %attr(4755,root,root) %{_bindir}/sudo -%dir %{_sysconfdir}/openldap -%dir %{_sysconfdir}/openldap/schema -%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/sudo.schema %{_bindir}/sudoedit %{_bindir}/sudoreplay %{_bindir}/cvtsudoers @@ -254,6 +248,5 @@ chmod 0440 %{_sysconfdir}/sudoers %files test %{_localstatedir}/lib/tests -%{_docdir}/%{name}-test/ %changelog