OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=4

sudo-1.6.8p12-conf.diff

@@ -1,65 +0,0 @@
---- aclocal.m4
-+++ aclocal.m4
-@@ -224,9 +224,9 @@
- rm -f core core.* *.core])dnl
- AC_MSG_RESULT($sudo_cv_func_fnmatch)
- if test $sudo_cv_func_fnmatch = yes; then
--  [$1]
-+  $1
- else
--  [$2]
-+  $2
- fi
- ])
- 
---- configure.in
-+++ configure.in
-@@ -1703,9 +1703,9 @@
- AC_CHECK_FUNCS(lockf flock, [break])
- AC_CHECK_FUNCS(waitpid wait3, [break])
- AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
--AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [LIBS="${LIBS} -lcompat"], AC_LIBOBJ(lsearch), -), AC_LIBOBJ(lsearch))])
-+AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, [AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
- AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
--SUDO_FUNC_FNMATCH(AC_DEFINE(HAVE_FNMATCH), AC_LIBOBJ(fnmatch))
-+SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH, 1, [Define if you have the `fnmatch' function.])], [AC_LIBOBJ(fnmatch)])
- SUDO_FUNC_ISBLANK
- AC_REPLACE_FUNCS(strerror strcasecmp sigaction strlcpy strlcat closefrom)
- AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
-@@ -1739,15 +1739,15 @@
- dnl if crypt(3) not in libc, look elsewhere
- dnl
- if test -z "$LIB_CRYPT" -a "$with_pam" != "yes"; then
--    AC_CHECK_FUNC(crypt, , [AC_CHECK_LIB(crypt, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt"; LIBS="${LIBS} -lcrypt"], AC_CHECK_LIB(crypt_d, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt_d"; LIBS="${LIBS} -lcrypt_d"], AC_CHECK_LIB(ufc, crypt, [SUDO_LIBS="${SUDO_LIBS} -lufc"; LIBS="${LIBS} -lufc"])))])
-+    AC_CHECK_FUNC(crypt, , [AC_CHECK_LIB(crypt, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt"; LIBS="${LIBS} -lcrypt"], [AC_CHECK_LIB(crypt_d, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt_d"; LIBS="${LIBS} -lcrypt_d"], [AC_CHECK_LIB(ufc, crypt, [SUDO_LIBS="${SUDO_LIBS} -lufc"; LIBS="${LIBS} -lufc"])])])])
- fi
- dnl
- dnl If socket(2) not in libc, check -lsocket and -linet
- dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
- dnl In this case we look for main(), not socket() to avoid using a cached value
- dnl
--AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
--AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
-+AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], [AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], [AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
-+AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)])])])
- dnl
- dnl If inet_addr(3) not in libc, check -lnsl and -linet
- dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
-@@ -1757,7 +1757,7 @@
- dnl
- dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
- dnl
--AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
-+AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], [AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], [AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])])])])
- dnl
- dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
- dnl (gcc includes its own alloca(3) but other compilers may not)
-@@ -2000,7 +2000,7 @@
- 	AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
-     fi
-     AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
--    AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
-+    AC_CHECK_LIB(skey, skeyaccess, [AC_DEFINE(HAVE_SKEYACCESS, 1, [Define if your S/Key library has skeyaccess().])])
-     LDFLAGS="$O_LDFLAGS"
-     SUDO_LIBS="${SUDO_LIBS} -lskey"
- fi

sudo-1.6.8p12-configure.diff

@@ -1,124 +0,0 @@
---- configure.in
-+++ configure.in
-@@ -1281,7 +1281,7 @@
- 		;;
-     *-*-hiuxmpp*)
- 		if test "$CHECKSHADOW" = "true"; then
--		    AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"; SECUREWARE=1]))
-+		    AC_CHECK_LIB(sec, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1], [AC_CHECK_LIB(security, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"; SECUREWARE=1])])
- 		    CHECKSHADOW="false"
- 		fi
- 		test -n "$mansectsu" || mansectsu=1m
-@@ -1324,13 +1324,13 @@
- 			;;
- 			*-*-hpux10.*)
- 			    if test "$CHECKSHADOW" = "true"; then
--				AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) AC_CHECK_LIB(sec, iscomsec, AC_DEFINE(HAVE_ISCOMSEC)) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1])
-+				AC_CHECK_LIB(sec, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) AC_CHECK_LIB(sec, iscomsec, [AC_DEFINE(HAVE_ISCOMSEC)]) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1])
- 				CHECKSHADOW="false"
- 			    fi
- 			;;
- 			*)
- 			if test "$CHECKSHADOW" = "true"; then
--			    AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"])
-+			    AC_CHECK_LIB(sec, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"])
- 			    CHECKSHADOW="false"
- 			fi
- 			;;
-@@ -1422,7 +1422,7 @@
-     *-*-linux*)
- 		# Some Linux versions need to link with -lshadow
- 		if test "$CHECKSHADOW" = "true"; then
--		    AC_CHECK_FUNCS(getspnam, , [AC_CHECK_LIB(shadow, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lshadow"; LIBS="${LIBS} -lshadow"])])
-+		    AC_CHECK_FUNCS(getspnam, , [AC_CHECK_LIB(shadow, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lshadow"; LIBS="${LIBS} -lshadow"])])
- 		    CHECKSHADOW="false"
- 		fi
- 		;;
-@@ -1433,14 +1433,14 @@
- 		fi
- 
- 		if test "$CHECKSHADOW" = "true"; then
--		    AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"; OSDEFS="${OSDEFS} -D_AUDIT -D_ACL -DSecureWare"; SECUREWARE=1])
-+		    AC_CHECK_LIB(sec, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"; OSDEFS="${OSDEFS} -D_AUDIT -D_ACL -DSecureWare"; SECUREWARE=1])
- 		    CHECKSHADOW="false"
- 		fi
- 		;;
-     *-*-ultrix*)
- 		OS="ultrix"
- 		if test "$CHECKSHADOW" = "true"; then
--		    AC_CHECK_LIB(auth, getauthuid, AC_DEFINE(HAVE_GETAUTHUID) [SUDO_LIBS="${SUDO_LIBS} -lauth"; LIBS="${LIBS} -lauth"])
-+		    AC_CHECK_LIB(auth, getauthuid, [AC_DEFINE(HAVE_GETAUTHUID) SUDO_LIBS="${SUDO_LIBS} -lauth"; LIBS="${LIBS} -lauth"])
- 		    CHECKSHADOW="false"
- 		fi
- 		;;
-@@ -1458,7 +1458,7 @@
- 		LIBS="${LIBS} -lcrypt"
- 
- 		if test "$CHECKSHADOW" = "true"; then
--		    AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"])
-+		    AC_CHECK_LIB(sec, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"])
- 		    CHECKSHADOW="false"
- 		fi
- 		test -n "$mansectsu" || mansectsu=1m
-@@ -1466,8 +1466,8 @@
- 		;;
-     *-*-sco*|*-sco-*)
- 		if test "$CHECKSHADOW" = "true"; then
--		    AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lprot -lx"; LIBS="${LIBS} -lprot -lx"; SECUREWARE=1], , -lx)
--		    AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])
-+		    AC_CHECK_LIB(prot, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) SUDO_LIBS="${SUDO_LIBS} -lprot -lx"; LIBS="${LIBS} -lprot -lx"; SECUREWARE=1], , -lx)
-+		    AC_CHECK_LIB(gen, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])
- 		    CHECKSHADOW="false"
- 		fi
- 		test -n "$mansectsu" || mansectsu=1m
-@@ -1481,7 +1481,7 @@
- 		;;
-     *-sequent-sysv*)
- 		if test "$CHECKSHADOW" = "true"; then
--		    AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"])
-+		    AC_CHECK_LIB(sec, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"])
- 		    CHECKSHADOW="false"
- 		fi
- 		test -n "$mansectsu" || mansectsu=1m
-@@ -1489,7 +1489,7 @@
- 		test -n "$with_rpath" || with_rpath=yes
- 		;;
-     *-ncr-sysv4*|*-ncr-sysvr4*)
--		AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
-+		AC_CHECK_LIB(c89, strcasecmp, [AC_DEFINE(HAVE_STRCASECMP) LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
- 		test -n "$mansectsu" || mansectsu=1m
- 		test -n "$mansectform" || mansectform=4
- 		test -n "$with_rpath" || with_rpath=yes
-@@ -1606,10 +1606,10 @@
- dnl We check for SVR4-style first and then SecureWare-style.
- dnl
- if test "$CHECKSHADOW" = "true"; then
--    AC_CHECK_FUNCS(getspnam, [CHECKSHADOW="false"], [AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])])
-+    AC_CHECK_FUNCS(getspnam, [CHECKSHADOW="false"], [AC_CHECK_LIB(gen, getspnam, [AC_DEFINE(HAVE_GETSPNAM) SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])])
- fi
- if test "$CHECKSHADOW" = "true"; then
--    AC_CHECK_FUNC(getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1], AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"], AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"])))])
-+    AC_CHECK_FUNC(getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1], [AC_CHECK_LIB(sec, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"], [AC_CHECK_LIB(security, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"], [AC_CHECK_LIB(prot, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"])])])])
- fi
- 
- dnl
-@@ -1703,7 +1703,7 @@
- AC_CHECK_FUNCS(lockf flock, [break])
- AC_CHECK_FUNCS(waitpid wait3, [break])
- AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
--AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, [AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
-+AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, [AC_CHECK_HEADER(search.h, [AC_DEFINE(HAVE_LSEARCH) LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
- AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
- SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH, 1, [Define if you have the `fnmatch' function.])], [AC_LIBOBJ(fnmatch)])
- SUDO_FUNC_ISBLANK
-@@ -1752,8 +1752,8 @@
- dnl If inet_addr(3) not in libc, check -lnsl and -linet
- dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
- dnl
--AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
--AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
-+AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , [AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], [AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], [AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
-+AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)])])])])
- dnl
- dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
- dnl

sudo-1.6.8p12-secure_path.diff

@@ -1,32 +0,0 @@
---- env.c
-+++ env.c
-@@ -487,7 +487,8 @@
- 
- #ifdef SECURE_PATH
-     /* Replace the PATH envariable with a secure one. */
--    insert_env(format_env("PATH", SECURE_PATH, VNULL), 1);
-+    if (def_env_reset)
-+	insert_env(format_env("PATH", SECURE_PATH, VNULL), 1);
- #endif
- 
-     /* Set $USER and $LOGNAME to target if "set_logname" is true. */
---- find_path.c
-+++ find_path.c
-@@ -74,7 +74,7 @@
-     char *result = NULL;	/* result of path/file lookup */
-     int checkdot = 0;		/* check current dir? */
-     int len;			/* length parameter */
--
-+    
-     if (strlen(infile) >= PATH_MAX)
- 	errx(1, "%s: File name too long", infile);
- 
-@@ -93,7 +93,7 @@
- 
-     /* Use PATH passed in unless SECURE_PATH is in effect.  */
- #ifdef SECURE_PATH
--    if (!user_is_exempt())
-+    if (!user_is_exempt() && def_env_reset)
- 	path = SECURE_PATH;
- #endif /* SECURE_PATH */
-     if (path == NULL)

sudo-1.6.8p12.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fc1e96c9cd7333587184538acac09db7532295ae17518e8afce7b07e267ead34
-size 424499

sudo-1.6.9-defaults.diff

@@ -1,6 +1,6 @@
 --- defaults.c
 +++ defaults.c
-@@ -432,9 +432,6 @@
+@@ -430,9 +430,6 @@
  #ifdef FQDN
      def_fqdn = TRUE;
  #endif

sudo-1.6.9-env.diff

@@ -0,0 +1,8 @@
+--- sudoers2ldif
++++ sudoers2ldif
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env perl
++#!/usr/bin/perl
+ use strict;
+ 
+ #

sudo-1.6.9-ldap.diff

@@ -6,6 +6,6 @@
      LIBS="$_LIBS"
 -    LDFLAGS="$_LDFLAGS"
 +    LDFLAGS="${LDFLAGS} $_LDFLAGS"
+     # XXX - OpenLDAP has deprecated ldap_get_values()
+     CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
  fi
- 
- dnl

sudo-1.6.9-secure_path.diff

@@ -0,0 +1,22 @@
+--- env.c
++++ env.c
+@@ -529,7 +529,7 @@
+ 
+ #ifdef SECURE_PATH
+     /* Replace the PATH envariable with a secure one. */
+-    if (!user_is_exempt()) {
++    if (!user_is_exempt() && def_env_reset) {
+ 	insert_env(format_env("PATH", SECURE_PATH, VNULL), &env, 1);
+ 	SET(didvar, DID_PATH);
+     }
+--- find_path.c
++++ find_path.c
+@@ -93,7 +93,7 @@
+ 
+     /* Use PATH passed in unless SECURE_PATH is in effect.  */
+ #ifdef SECURE_PATH
+-    if (!user_is_exempt())
++    if (!user_is_exempt() && def_env_reset)
+ 	path = SECURE_PATH;
+ #endif /* SECURE_PATH */
+     if (path == NULL)

sudo-1.6.9-strip.diff

@@ -1,6 +1,6 @@
 --- Makefile.in
 +++ Makefile.in
-@@ -301,11 +301,11 @@
+@@ -309,11 +309,11 @@
  	    $(DESTDIR)$(noexecdir)
  
  install-binaries: $(PROGS)

sudo-1.6.9.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:85611b0d3be2768c88bc2e56d8f5c5e5ad55cefb9d712364768da5b08cc11f2e
+size 431616

sudo.changes

@@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Tue Jul 24 15:49:47 CEST 2007 - prusnak@suse.cz
+
+- updated to 1.6.9
+  * added to the list of variables to remove from the environment
+  * fixed a Kerberos V security issue that could allow a user to
+    authenticate using a fake KDC
+  * PAM is now the default on systems where it is supported
+  * removed POSIX saved uid use; the stay_setuid option now requires
+    the setreuid() or setresuid() functions to work
+  * fixed fd leak when lecture file option is enabled
+  * PAM fixes
+  * security fix for Kerberos5
+  * fixed securid5 authentication
+  * added fcntl F_CLOSEM support to closefrom()
+  * sudo now uses the supplemental group vector for matching
+  * added more environment variables to remove by default
+  * mail from sudo now includes an Auto-Submitted: auto-generated header
+  * reworked the environment handling code
+  * remove the --with-execv option, it was not useful
+  * use TCSADRAIN instead of TCSAFLUSH in tgetpass() since some OSes
+    have issues with TCSAFLUSH
+  * use glob(3) instead of fnmatch(3) for matching pathnames
+  * reworked the syslog long line splitting code based on changes
+    from Eygene Ryabinkin
+  * visudo will now honor command line arguments in the EDITOR or VISUAL
+    environment variables if env_editor is enabled
+  * LDAP now honors rootbinddn, timelimit and bind_timelimit in /etc/ldap.conf
+  * For LDAP, do a sub tree search instead of a base search (one level in
+    the tree only) for sudo right objects
+  * env_reset option is now enabled by default
+  * moved LDAP schema data into separate files
+  * sudo no longer assumes that gr_mem in struct group is non-NULL
+  * added support for setting environment variables on the command line
+    if the command has the SETENV attribute set in sudoers
+  * added a -E flag to preserve the environment if the SETENV attribute
+    has been set
+  * sudoers2ldif script now parses Runas users
+  * -- flag now behaves as documented
+  * sudo -k/-K no longer cares if the timestamp is in the future
+  * when searching for the command, sudo now uses the effective gid of
+    the runas user
+  * sudo no longer updates the timestamp if not validated by sudoers
+  * now rebuild environment regardless of how sudo was invoked
+  * more accurate usage() when called as sudoedit
+  * command line environment variables are now treated like normal
+    environment variables unless the SETENV tag is set
+  * better explanation of environment handling in the sudo man page
+- changed '/usr/bin/env perl' to '/usr/bin/env' in sudoers2ldif
+  script (env.diff)
+- dropped obsoleted patches:
+  * sudo-1.6.8p12-conf.diff
+  * sudo-1.6.8p12-configure.diff
+
 -------------------------------------------------------------------
 Tue Jul 17 10:57:40 CEST 2007 - prusnak@suse.cz
 

sudo.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package sudo (Version 1.6.8p12)
+# spec file for package sudo (Version 1.6.9)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -13,8 +13,8 @@
 Name:           sudo
 BuildRequires:  openldap2-devel pam-devel postfix
 PreReq:         coreutils
-Version:        1.6.8p12
-Release:        81
+Version:        1.6.9
+Release:        1
 Autoreqprov:    on
 Group:          System/Base
 License:        BSD 3-Clause
@@ -23,15 +23,14 @@ Summary:        Execute some commands as root
 Source0:        %{name}-%{version}.tar.bz2
 Source1:        %{name}-%{version}.pamd
 Source2:        README.SUSE
-Patch0:         %{name}-%{version}-defaults.diff
-Patch1:         %{name}-%{version}-sudoers.diff
-Patch2:         %{name}-%{version}-conf.diff
-Patch4:         %{name}-%{version}-__P.diff
-Patch5:         %{name}-%{version}-strip.diff
-Patch6:         %{name}-%{version}-prompt.diff
-Patch7:         %{name}-%{version}-secure_path.diff
-Patch8:         %{name}-%{version}-configure.diff
-Patch9:         %{name}-%{version}-ldap.diff
+Patch1:         %{name}-%{version}-defaults.diff
+Patch2:         %{name}-%{version}-sudoers.diff
+Patch3:         %{name}-%{version}-__P.diff
+Patch4:         %{name}-%{version}-strip.diff
+Patch5:         %{name}-%{version}-prompt.diff
+Patch6:         %{name}-%{version}-secure_path.diff
+Patch7:         %{name}-%{version}-ldap.diff
+Patch8:         %{name}-%{version}-env.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -53,44 +52,39 @@ Authors:
 
 %prep
 %setup -q
-%patch0
 %patch1
 %patch2
+%patch3
 %patch4
 %patch5
 %patch6
 %patch7
 %patch8
-%patch9
 cp %{S:1} %{S:2} .
 
 %build
-%{suse_update_config -f}
-#autoreconf --force --install
-autoconf
 %ifarch s390 s390x
 F_PIE=-fPIE
 %else
 F_PIE=-fpie
 %endif
-CFLAGS="$RPM_OPT_FLAGS -Wall $F_PIE -DLDAP_DEPRECATED" \
-LDFLAGS="-pie" \
-	./configure --prefix=%{_prefix} \
-	--sbindir=%{_prefix}/sbin \
-	--libexecdir=%{_prefix}/lib/sudo \
-	--mandir=%{_mandir} \
-	--with-logfac=auth \
-	--with-insults \
-	--with-all-insults \
-	--with-ignore-dot \
-	--with-tty-tickets \
-	--enable-shell-sets-home \
-	--with-sudoers-mode=0440 \
-	--with-pam \
-	--with-ldap \
-	--with-env-editor \
-	--with-secure-path=/usr/sbin:/bin:/usr/bin:/sbin:/usr/X11R6/bin \
-	--with-passprompt="%%p's password:"
+export CFLAGS="$RPM_OPT_FLAGS -Wall $F_PIE -DLDAP_DEPRECATED"
+export LDFLAGS="-pie"
+%configure \
+    --libexecdir=%{_libexecdir}/sudo \
+    --with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
+    --with-logfac=auth \
+    --with-insults \
+    --with-all-insults \
+    --with-ignore-dot \
+    --with-tty-tickets \
+    --enable-shell-sets-home \
+    --with-sudoers-mode=0440 \
+    --with-pam \
+    --with-ldap \
+    --with-env-editor \
+    --with-secure-path=%{_sbindir}:/bin:%{_bindir}:/sbin \
+    --with-passprompt="%%p's password:"
 make %{?jobs:-j%jobs}
 
 %install
@@ -99,8 +93,8 @@ install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo
 install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
 install -m 644 sudo-%{version}.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo
 install -m 755 sudoers2ldif $RPM_BUILD_ROOT%{_sbindir}/sudoers2ldif
-rm -f $RPM_BUILD_ROOT/usr/bin/sudoedit
-ln -sf /usr/bin/sudo $RPM_BUILD_ROOT/usr/bin/sudoedit
+rm -f $RPM_BUILD_ROOT%{_bindir}/sudoedit
+ln -sf %{_bindir}/sudo $RPM_BUILD_ROOT%{_bindir}/sudoedit
 
 %post
 chmod 0440 %{_sysconfdir}/sudoers
@@ -110,18 +104,69 @@ rm -rf $RPM_BUILD_ROOT
 
 %files
 %defattr(-,root,root)
-%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
-%config %{_sysconfdir}/pam.d/sudo
-%doc BUGS CHANGES HISTORY LICENSE PORTING README RUNSON README.SUSE
+%doc BUGS CHANGES HISTORY LICENSE PORTING README README.LDAP README.SUSE
 %doc TODO TROUBLESHOOTING *.pod
 %doc %{_mandir}/man?/*
+%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
+%config %{_sysconfdir}/pam.d/sudo
 %attr(4755,root,root) %{_bindir}/sudo
 %{_bindir}/sudoedit
 %{_sbindir}/*
-%{_prefix}/lib/sudo
+%{_libexecdir}/sudo
 /var/run/sudo
 
 %changelog
+* Tue Jul 24 2007 - prusnak@suse.cz
+- updated to 1.6.9
+  * added to the list of variables to remove from the environment
+  * fixed a Kerberos V security issue that could allow a user to
+  authenticate using a fake KDC
+  * PAM is now the default on systems where it is supported
+  * removed POSIX saved uid use; the stay_setuid option now requires
+  the setreuid() or setresuid() functions to work
+  * fixed fd leak when lecture file option is enabled
+  * PAM fixes
+  * security fix for Kerberos5
+  * fixed securid5 authentication
+  * added fcntl F_CLOSEM support to closefrom()
+  * sudo now uses the supplemental group vector for matching
+  * added more environment variables to remove by default
+  * mail from sudo now includes an Auto-Submitted: auto-generated header
+  * reworked the environment handling code
+  * remove the --with-execv option, it was not useful
+  * use TCSADRAIN instead of TCSAFLUSH in tgetpass() since some OSes
+  have issues with TCSAFLUSH
+  * use glob(3) instead of fnmatch(3) for matching pathnames
+  * reworked the syslog long line splitting code based on changes
+  from Eygene Ryabinkin
+  * visudo will now honor command line arguments in the EDITOR or VISUAL
+  environment variables if env_editor is enabled
+  * LDAP now honors rootbinddn, timelimit and bind_timelimit in /etc/ldap.conf
+  * For LDAP, do a sub tree search instead of a base search (one level in
+  the tree only) for sudo right objects
+  * env_reset option is now enabled by default
+  * moved LDAP schema data into separate files
+  * sudo no longer assumes that gr_mem in struct group is non-NULL
+  * added support for setting environment variables on the command line
+  if the command has the SETENV attribute set in sudoers
+  * added a -E flag to preserve the environment if the SETENV attribute
+  has been set
+  * sudoers2ldif script now parses Runas users
+  * -- flag now behaves as documented
+  * sudo -k/-K no longer cares if the timestamp is in the future
+  * when searching for the command, sudo now uses the effective gid of
+  the runas user
+  * sudo no longer updates the timestamp if not validated by sudoers
+  * now rebuild environment regardless of how sudo was invoked
+  * more accurate usage() when called as sudoedit
+  * command line environment variables are now treated like normal
+  environment variables unless the SETENV tag is set
+  * better explanation of environment handling in the sudo man page
+- changed '/usr/bin/env perl' to '/usr/bin/env' in sudoers2ldif
+  script (env.diff)
+- dropped obsoleted patches:
+  * sudo-1.6.8p12-conf.diff
+  * sudo-1.6.8p12-configure.diff
 * Tue Jul 17 2007 - prusnak@suse.cz
 - added note about special input method variables into /etc/sudoers
   (sudoers.diff) [#222728]