pool/sudo
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
sudo/sudo.spec
Dirk Mueller 7c6c82c48c Accepting request 738914 from home:vitezslav_cizek:branches:Base:System 
- Update to 1.8,28p1
  * The fix for Bug #869 caused "sudo -v" to prompt for a password
    when "verifypw" is set to "all" (the default) and all of the
    user's sudoers entries are marked with NOPASSWD.  Bug #901.

- Update to 1.8.28
 * Fixed CVE-2019-14287 (bsc#1153674),
   a bug where a sudo user may be able to
   run a command as root when the Runas specification explicitly
   disallows root access as long as the ALL keyword is listed first.
   * Sudo will now only set PAM_TTY to the empty string when no
   terminal is present on Solaris and Linux.  This workaround is
   only needed on those systems which may have PAM modules that
   misbehave when PAM_TTY is not set.
 * The mailerflags sudoers option now has a default value even if
   sendmail support was disabled at configure time.  Fixes a crash
   when the mailerpath sudoers option is set but mailerflags is not.
   Bug #878.
 * Sudo will now filter out last login messages on HP-UX unless it
   a shell is being run via "sudo -s" or "sudo -i".  Otherwise,
   when trusted mode is enabled, these messages will be displayed
   for each command.
 * Sudo has a new -B command line option that will ring the terminal
   bell when prompting for a password.
 * Sudo no longer refuses to prompt for a password when it cannot
   determine the user's terminal as long as it can open /dev/tty.
   This allows sudo to function on systems where /proc is unavailable,
   such as when running in a chroot environment.
 * The "env_editor" sudoers flag is now on by default.  This makes
   source builds more consistent with the packages generated by

OBS-URL: https://build.opensuse.org/request/show/738914
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=156
2019-10-28 10:04:59 +00:00

199 lines
6.5 KiB
RPMSpec
Raw Blame History

#
# spec file for package sudo
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: sudo
Version: 1.8.28p1
Release: 0
Summary: Execute some commands as root
License: ISC
Group: System/Base
URL: https://www.sudo.ws/
Source0: https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
Source1: https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
Source2: %{name}.keyring
Source3: sudo.pamd
Source4: sudo-i.pamd
Source5: README.SUSE
Source6: fate_313276_test.sh
Source7: README_313276.test
# PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
Patch0: sudo-sudoers.patch
BuildRequires: audit-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: groff
BuildRequires: libselinux-devel
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: systemd-rpm-macros
BuildRequires: zlib-devel
Requires(pre): coreutils
Requires(pre): permissions
%description
Sudo is a command that allows users to execute some commands as root.
The %{_sysconfdir}/sudoers file (edited with 'visudo') specifies which users have
access to sudo and which commands they can run. Sudo logs all its
activities to syslogd, so the system administrator can keep an eye on
things. Sudo asks for the password for initializing a check period of a
given time N (where N is defined at installation and is set to 5
minutes by default).
%package devel
Summary: Header files needed for sudo plugin development
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}
%description devel
These header files are needed for building of sudo plugins.
%package test
Summary: Tests for the package
Group: Development/Tools/Other
Requires: %{name} = %{version}
%description test
Tests for fate#313276
%prep
%setup -q
%patch0 -p1
%build
%ifarch s390 s390x %{sparc}
F_PIE=-fPIE
%else
F_PIE=-fpie
%endif
export CFLAGS="%{optflags} -Wall $F_PIE -DLDAP_DEPRECATED"
export LDFLAGS="-pie"
%configure \
--libexecdir=%{_libexecdir}/sudo \
--docdir=%{_docdir}/%{name} \
--with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
--enable-tmpfiles.d=%{_tmpfilesdir} \
--with-pam \
--with-pam-login \
--with-ldap \
--with-selinux \
--with-linux-audit \
--with-logfac=auth \
--with-all-insults \
--with-ignore-dot \
--with-tty-tickets \
--enable-shell-sets-home \
--enable-warnings \
--with-sendmail=%{_sbindir}/sendmail \
--with-sudoers-mode=0440 \
--with-env-editor \
--without-secure-path \
--with-passprompt="[sudo] password for %%p: " \
--with-rundir=%{_localstatedir}/lib/sudo \
--with-sssd
# -B required to make every build give the same result - maybe from bad build deps in Makefiles?
make -B %{?_smp_mflags}
%install
%make_install install_uid=`id -u` install_gid=`id -g`
install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/sudo
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/sudo-i
rm -f %{buildroot}%{_bindir}/sudoedit
ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema
install -m 644 %{SOURCE5} %{buildroot}%{_docdir}/%{name}/
rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
%find_lang %{name}
%find_lang sudoers
cat sudoers.lang >> %{name}.lang
# tests
install -d -m 755 %{buildroot}%{_localstatedir}/lib/tests/sudo
install -m 755 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/tests/sudo
install -m 755 %{SOURCE7} %{buildroot}%{_localstatedir}/lib/tests/sudo
install -d %{buildroot}%{_docdir}/%{name}-test
install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE %{buildroot}%{_docdir}/%{name}-test/LICENSE
rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE
%post
chmod 0440 %{_sysconfdir}/sudoers
%if 0%{?suse_version} <= 1130
%run_permissions
%else
%set_permissions %{_bindir}/sudo
%endif
%tmpfiles_create %{_tmpfilesdir}/sudo.conf
%verifyscript
%verify_permissions -e %{_bindir}/sudo
%files -f %{name}.lang
%license doc/LICENSE
%doc %{_docdir}/%{name}
%{_mandir}/man1/cvtsudoers.1%{?ext_man}
%{_mandir}/man5/sudoers.5%{?ext_man}
%{_mandir}/man5/sudo.conf.5%{?ext_man}
%{_mandir}/man5/sudoers.ldap.5%{?ext_man}
%{_mandir}/man5/sudoers_timestamp.5%{?ext_man}
%{_mandir}/man8/sudo.8%{?ext_man}
%{_mandir}/man8/sudoedit.8%{?ext_man}
%{_mandir}/man8/sudoreplay.8%{?ext_man}
%{_mandir}/man8/visudo.8%{?ext_man}
%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
%dir %{_sysconfdir}/sudoers.d
%config(noreplace) %{_sysconfdir}/pam.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
%attr(4755,root,root) %{_bindir}/sudo
%dir %{_sysconfdir}/openldap
%dir %{_sysconfdir}/openldap/schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/sudo.schema
%{_bindir}/sudoedit
%{_bindir}/sudoreplay
%{_bindir}/cvtsudoers
%{_sbindir}/visudo
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/sesh
%{_libexecdir}/%{name}/sudo_noexec.so
%dir %{_libexecdir}/%{name}/%{name}
%{_libexecdir}/%{name}/%{name}/sudoers.so
%{_libexecdir}/%{name}/%{name}/group_file.so
%{_libexecdir}/%{name}/%{name}/system_group.so
%{_libexecdir}/%{name}/libsudo_util.so.*
%attr(0711,root,root) %dir %ghost %{_localstatedir}/lib/%{name}
%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}/ts
%dir %{_tmpfilesdir}
%{_tmpfilesdir}/sudo.conf
%files devel
%doc plugins/sample/sample_plugin.c
%{_includedir}/sudo_plugin.h
%{_mandir}/man8/sudo_plugin.8%{?ext_man}
%attr(0644,root,root) %{_libexecdir}/%{name}/libsudo_util.so
%{_libexecdir}/%{name}/sudo/*.la
%{_libexecdir}/%{name}/*.la
%files test
%{_localstatedir}/lib/tests
%{_docdir}/%{name}-test/
%changelog
Reference in New Issue View Git Blame Copy Permalink