Accepting request 64995 from Base:System

Accepted submit request 64995 from user coolo

OBS-URL: https://build.opensuse.org/request/show/64995
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=35

sudo-1.7.1-__P.diff

@@ -1,12 +0,0 @@
-Index: compat.h
-===================================================================
---- compat.h.orig
-+++ compat.h
-@@ -29,6 +29,7 @@
-  */
- 
- /* Deal with ANSI stuff reasonably.  */
-+#undef __P
- #ifndef  __P
- # if defined (__cplusplus) || defined (__STDC__)
- #  define __P(args)		args

sudo-1.7.1-defaults.diff

@@ -1,14 +0,0 @@
-Index: defaults.c
-===================================================================
---- defaults.c.orig
-+++ defaults.c
-@@ -418,9 +418,6 @@ init_defaults()
- #ifdef FQDN
-     def_fqdn = TRUE;
- #endif
--#ifdef USE_INSULTS
--    def_insults = TRUE;
--#endif
- #ifdef ENV_EDITOR
-     def_env_editor = TRUE;
- #endif

sudo-1.7.1-pam_rhost.diff

@@ -1,14 +0,0 @@
-Index: auth/pam.c
-===================================================================
---- auth/pam.c.orig
-+++ auth/pam.c
-@@ -111,7 +111,9 @@ pam_init(pw, promptp, auth)
-      * We set PAM_RHOST to avoid a bug in Solaris 7 and below.
-      */
-     (void) pam_set_item(pamh, PAM_RUSER, user_name);
-+#if 0 /* we don't care about Solaris bugs */
-     (void) pam_set_item(pamh, PAM_RHOST, user_host);
-+#endif
- 
-     /*
-      * Some versions of pam_lastlog have a bug that

sudo-1.7.1-secure_path.diff

@@ -1,57 +0,0 @@
-Index: env.c
-===================================================================
---- env.c.orig
-+++ env.c
-@@ -700,7 +700,7 @@ rebuild_env(sudo_mode, noexec)
- 	}
-     }
-     /* Replace the PATH envariable with a secure one? */
--    if (def_secure_path && !user_is_exempt()) {
-+    if (def_secure_path && !user_is_exempt() && def_env_reset) {
- 	sudo_setenv("PATH", def_secure_path, TRUE);
- 	SET(didvar, DID_PATH);
-     }
-Index: find_path.c
-===================================================================
---- find_path.c.orig
-+++ find_path.c
-@@ -87,7 +87,7 @@ find_path(infile, outfile, sbp, path)
-     }
- 
-     /* Use PATH passed in unless SECURE_PATH is in effect.  */
--    if (def_secure_path && !user_is_exempt())
-+    if (def_secure_path && !user_is_exempt() && def_env_reset)
- 	path = def_secure_path;
-     else if (path == NULL)
- 	return(NOT_FOUND);
-Index: logging.c
-===================================================================
---- logging.c.orig
-+++ logging.c
-@@ -434,7 +434,7 @@ send_mail(line)
- #ifndef NO_ROOT_MAILER
-     static char *root_envp[] = {
- 	"HOME=/",
--	"PATH=/usr/bin:/bin",
-+	"PATH=/usr/sbin:/bin:/usr/bin:/sbin",
- 	"LOGNAME=root",
- 	"USERNAME=root",
- 	"USER=root",
-Index: pathnames.h.in
-===================================================================
---- pathnames.h.in.orig
-+++ pathnames.h.in
-@@ -41,9 +41,10 @@
- #define _PATH_DEVNULL		"/dev/null"
- #endif /* _PATH_DEVNULL */
- 
--#ifndef _PATH_DEFPATH
--#define _PATH_DEFPATH		"/usr/bin:/bin"
--#endif /* _PATH_DEFPATH */
-+/*
-+ * _PATH_DEFPATH included from <paths.h> contains only "/usr/bin:/bin"
-+ */
-+#define _PATH_DEFPATH		"/usr/sbin:/bin:/usr/bin:/sbin"
- 
- #ifndef _PATH_ENVIRONMENT
- #define _PATH_ENVIRONMENT	"/etc/environment"

sudo-1.7.1-strip.diff

@@ -1,19 +0,0 @@
-Index: Makefile.in
-===================================================================
---- Makefile.in.orig
-+++ Makefile.in
-@@ -417,11 +417,11 @@ install-dirs:
- 	    $(DESTDIR)$(noexecdir)
- 
- install-binaries: install-dirs $(PROGS)
--	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)$(sudodir)/sudo
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 sudo $(DESTDIR)$(sudodir)/sudo
- 	rm -f $(DESTDIR)$(sudodir)/sudoedit
- 	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
--	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
--@SELINUX@	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo
-+@SELINUX@	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh
- 
- install-noexec: install-dirs sudo_noexec.la
- 	test -f .libs/$(noexecfile) && $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir)

sudo-1.7.1-sudoers.diff

@@ -1,46 +0,0 @@
-Index: sudo.man.in
-===================================================================
---- sudo.man.in.orig
-+++ sudo.man.in
-@@ -190,8 +190,8 @@ is initialized based on the group file (
- specified).  If the invoking user is root or if the target user is
- the same as the invoking user, no password is required.  Otherwise,
- \&\fBsudo\fR requires that users authenticate themselves with a password
--by default (\s-1NOTE:\s0 in the default configuration this is the user's
--password, not the root password).  Once a user has been authenticated,
-+by default (\s-1NOTE:\s0 in the default configuration this is the root
-+password, not the user's password).  Once a user has been authenticated,
- a timestamp is updated and the user may then use sudo without a
- password for a short period of time (\f(CW\*(C`@timeout@\*(C'\fR minutes unless
- overridden in \fIsudoers\fR).
-Index: sudoers
-===================================================================
---- sudoers.orig
-+++ sudoers
-@@ -15,6 +15,26 @@
- 
- # Defaults specification
- 
-+# Prevent environment variables from influencing programs in an
-+# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
-+Defaults always_set_home
-+Defaults env_reset
-+# Change env_reset to !env_reset in previous line to keep all environment variables
-+# Following list will no longer be necessary after this change
-+
-+Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
-+# Comment out the preceding line and uncomment the following one if you need
-+# to use special input methods. This may allow users to compromise  the root
-+# account if they are allowed to run commands without authentication.
-+#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
-+
-+# In the default (unconfigured) configuration, sudo asks for the root password.
-+# This allows use of an ordinary user account for administration of a freshly
-+# installed system. When configuring sudo, delete the two
-+# following lines:
-+Defaults targetpw   # ask for the password of the target user i.e. root
-+ALL	ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
-+
- # Runas alias specification
- 
- # User privilege specification

sudo-1.7.2p7.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:07a9c83e628a088314523e558236ac3c4cb0d54d7d7093e5b3e4c8101b1a2bea
-size 772356

sudo-1.8.0.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cc246ed848ae493db5da5643c5b75cd749e2d552d48273d249a72cd711a3415b
+size 930401

sudo-CVE-2011-0010.patch

@@ -1,93 +0,0 @@
-# User Todd C. Miller <Todd.Miller@courtesan.com>
-# Date 1294760019 18000
-# Node ID fe8a94f96542335c02d09fba81077c1dcc6381b5
-# Parent  8f9303326db73a2e00cd53c2515db8188386cfc0
-If the user is running sudo as himself but as a different group we
-need to prompt for a password.
-
-Index: sudo-1.7.2p7/check.c
-===================================================================
---- sudo-1.7.2p7.orig/check.c
-+++ sudo-1.7.2p7/check.c
-@@ -93,7 +93,13 @@ check_user(validated, mode)
- 	/* do not check or update timestamp */
- 	status = TS_ERROR;
-     } else {
--	if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
-+	/*
-+	 * Don't prompt for the root passwd or if the user is exempt.
-+	 * If the user is not changing uid/gid, no need for a password.
-+	 */
-+	if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
-+	    (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
-+	    user_is_exempt())
- 	    return;
- 
- 	build_timestamp(&timestampdir, &timestampfile);
-Index: sudo-1.7.2p7/pwutil.c
-===================================================================
---- sudo-1.7.2p7.orig/pwutil.c
-+++ sudo-1.7.2p7/pwutil.c
-@@ -565,3 +565,50 @@ sudo_endgrent()
-     sudo_freegrcache();
- #endif
- }
-+
-+
-+int
-+user_in_group(struct passwd *pw, const char *group)
-+{
-+    char **gr_mem;
-+    int i;
-+    struct group *grp;
-+    int retval = FALSE;
-+
-+    grp = sudo_getgrnam(group);
-+    if (grp == NULL)
-+	goto done;
-+
-+    /* check against user's primary (passwd file) gid */
-+    if (grp->gr_gid == pw->pw_gid) {
-+	retval = TRUE;
-+	goto done;
-+    }
-+
-+    /*
-+     * If we are matching the invoking or list user and that user has a
-+     * supplementary group vector, check it.
-+     */
-+    if (user_ngroups > 0 &&
-+	strcmp(pw->pw_name, list_pw ? list_pw->pw_name : user_name) == 0) {
-+	for (i = 0; i < user_ngroups; i++) {
-+	    if (grp->gr_gid == user_groups[i]) {
-+		retval = TRUE;
-+		goto done;
-+	    }
-+	}
-+    } else
-+    {
-+	if (grp != NULL && grp->gr_mem != NULL) {
-+	    for (gr_mem = grp->gr_mem; *gr_mem; gr_mem++) {
-+		if (strcmp(*gr_mem, pw->pw_name) == 0) {
-+		    retval = TRUE;
-+		    goto done;
-+		}
-+	    }
-+	}
-+    }
-+
-+done:
-+    return(retval);
-+}
-Index: sudo-1.7.2p7/sudo.h
-===================================================================
---- sudo-1.7.2p7.orig/sudo.h
-+++ sudo-1.7.2p7/sudo.h
-@@ -316,6 +316,7 @@ struct passwd *sudo_getpwuid __P((uid_t)
- struct group *sudo_getgrnam __P((const char *));
- struct group *sudo_fakegrnam __P((const char *));
- struct group *sudo_getgrgid __P((gid_t));
-+int user_in_group(struct passwd *pw, const char *group);
- #ifdef HAVE_SELINUX
- void selinux_exec __P((char *, char *, char **, int));
- #endif

sudo-dont-ignore-LDFLAGS.patch

@@ -0,0 +1,13 @@
+Index: sudo-1.8.0/plugins/sudoers/Makefile.in
+===================================================================
+--- sudo-1.8.0.orig/plugins/sudoers/Makefile.in
++++ sudo-1.8.0/plugins/sudoers/Makefile.in
+@@ -55,7 +55,7 @@ CPPFLAGS = -I$(incdir) -I$(top_builddir)
+ CFLAGS = @CFLAGS@
+ 
+ # Flags to pass to the link stage
+-LDFLAGS =
++LDFLAGS = @LDFLAGS@
+ SUDOERS_LDFLAGS = @SUDOERS_LDFLAGS@
+ 
+ # Where to install things...

sudo-sudoers.patch

@@ -0,0 +1,80 @@
+Index: sudo-1.8.0/plugins/sudoers/sudoers.in
+===================================================================
+--- sudo-1.8.0.orig/plugins/sudoers/sudoers.in
++++ sudo-1.8.0/plugins/sudoers/sudoers.in
+@@ -31,37 +31,36 @@
+ ##
+ ## Defaults specification
+ ##
+-## You may wish to keep some of the following environment variables
+-## when running commands via sudo.
+-##
+-## Locale settings
+-# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
+-##
+-## Run X applications through sudo; HOME is used to find the
+-## .Xauthority file.  Note that other programs use HOME to find   
+-## configuration files and this may lead to privilege escalation!
+-# Defaults env_keep += "HOME"
+-##
+-## X11 resource path settings
+-# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
+-##
+-## Desktop path settings
+-# Defaults env_keep += "QTDIR KDEDIR"
+-##
+-## Allow sudo-run commands to inherit the callers' ConsoleKit session
+-# Defaults env_keep += "XDG_SESSION_COOKIE"
+-##
+-## Uncomment to enable special input methods.  Care should be taken as
+-## this may allow users to subvert the command being run via sudo.
+-# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
++## Prevent environment variables from influencing programs in an
++## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
++Defaults always_set_home
++Defaults env_reset
++## Change env_reset to !env_reset in previous line to keep all environment variables
++## Following list will no longer be necessary after this change
++
++Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
++## Comment out the preceding line and uncomment the following one if you need
++## to use special input methods. This may allow users to compromise  the root
++## account if they are allowed to run commands without authentication.
++#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
++
++## Do not insult users when they enter an incorrect password.
++Defaults !insults
++
+ ##
+ ## Uncomment to enable logging of a command's output, except for
+ ## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
+ # Defaults log_output
+ # Defaults!/usr/bin/sudoreplay !log_output
+-# Defaults!/usr/local/bin/sudoreplay !log_output
+ # Defaults!/sbin/reboot !log_output
+ 
++## In the default (unconfigured) configuration, sudo asks for the root password.
++## This allows use of an ordinary user account for administration of a freshly
++## installed system. When configuring sudo, delete the two
++## following lines:
++Defaults targetpw   # ask for the password of the target user i.e. root
++ALL	ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
++
+ ##
+ ## Runas alias specification
+ ##
+@@ -77,14 +76,6 @@ root ALL=(ALL) ALL
+ ## Same thing without a password
+ # %wheel ALL=(ALL) NOPASSWD: ALL
+ 
+-## Uncomment to allow members of group sudo to execute any command
+-# %sudo	ALL=(ALL) ALL
+-
+-## Uncomment to allow any user to run sudo if they know the password
+-## of the user they are running the command as (root by default).
+-# Defaults targetpw  # Ask for the password of the target user
+-# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
+-
+ ## Read drop-in files from @sysconfdir@/sudoers.d
+ ## (the '#' here does not indicate a comment)
+ #includedir @sysconfdir@/sudoers.d

sudo.changes

@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Thu Mar 17 10:24:49 UTC 2011 - puzel@novell.com
+
+- update to sudo-1.8.0
+  * Sudo has been refactored to use a modular framework that can
+    support third-party policy and I/O logging plugins.
+  * Defaults settings that are tied to a user, host or command may
+    now include the negation operator. For example:
+         Defaults:!millert lecture
+    will match any user but millert.
+  * The default PATH environment variable, used when no PATH
+    variable exists, now includes /usr/sbin and /sbin.
+  * Support for logging I/O for the command being run.
+  * Sudo will now use the Linux audit system.
+  + See /usr/share/doc/packages/sudo/NEWS for full list
+- new configure script flags: enable-warnings, with-linux-audit, 
+  docdir, with-sendmail
+- BuildRequires += audit-devel
+- BuildRequires -= postfix
+- PreReq += permissions
+- add sudo-dont-ignore-LDFLAGS.patch
+- drop sudo-1.7.1-defaults.diff (insults disabled in sudoers)
+- drop sudo-1.7.1-__P.diff (no more __P in sudo sources)
+- drop sudo-1.7.1-strip.diff (sudo no longer strips binaries)
+- drop sudo-CVE-2011-0010.patch (in upstream)
+- drop sudo-1.7.1-secure_path.diff (sudo now adds /sbin and
+  /usr/sbin to $PATH if it is empty)
+- drop sudo-1.7.1-pam_rhost.diff (fixed in upstream)
+- sudo-1.7.1-sudoers.diff renamed to sudo-sudoers.patch
+- sudo-1.7.1-env.diff renamed to sudoers2ldif-env.patch
+- do not package *.pod files
+- use %verifyscript
+- timestamp directory moved from /var/run/sudo to /var/lib/sudo
+- better commented default /etc/sudoers
+- packaged /etc/sudoers.d directory
+- new sudo-devel subpackage
+- cleaned specfile
+
 -------------------------------------------------------------------
 Thu Jan 27 09:18:05 UTC 2011 - cprause@novell.com
 

sudo.spec

@@ -15,30 +15,27 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
 
 
 Name:           sudo
-BuildRequires:  openldap2-devel pam-devel postfix
-BuildRequires:  libselinux-devel
-PreReq:         coreutils
-Version:        1.7.2p7
+Version:        1.8.0
 Release:        5
-Group:          System/Base
 License:        BSD3c(or similar)
-Url:            http://www.sudo.ws/
 Summary:        Execute some commands as root
-Source0:        http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
-Source1:        %{name}.pamd
+Url:            http://www.sudo.ws/
+Group:          System/Base
+Source0:        http://sudo.ws/sudo/dist/%{name}-%{version}.tar.bz2
+Source1:        sudo.pamd
 Source2:        README.SUSE
-Patch1:         %{name}-1.7.1-defaults.diff
-Patch2:         %{name}-1.7.1-sudoers.diff
-Patch3:         %{name}-1.7.1-__P.diff
-Patch4:         %{name}-1.7.1-strip.diff
-Patch5:         %{name}-1.7.1-secure_path.diff
-Patch6:         %{name}-1.7.1-env.diff
-Patch7:         %{name}-1.7.1-pam_rhost.diff
-Patch8:         sudo-CVE-2011-0010.patch	
+Patch1:         sudoers2ldif-env.patch
+Patch2:         sudo-dont-ignore-LDFLAGS.patch
+Patch3:         sudo-sudoers.patch
+BuildRequires:  audit-devel
+BuildRequires:  libselinux-devel
+BuildRequires:  openldap2-devel
+BuildRequires:  pam-devel
+PreReq:         coreutils
+PreReq:         permissions
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -50,25 +47,19 @@ things. Sudo asks for the password for initializing a check period of a
 given time N (where N is defined at installation and is set to 5
 minutes by default).
 
+%package devel
+License:        BSD3c(or similar)
+Summary:        Header files needed for sudo plugin development
+Group:          Development/Libraries/C and C++
 
-
-Authors:
---------
-    Jeff Nieusma <nieusma@rootgroup.com>
-    David Hieb <davehieb@rootgroup.com>
-    Ian McCloghrie <ian@ucsd.edu>
+%description devel
+These header files are needed for building of sudo plugins.
 
 %prep
 %setup -q
-%patch1
-%patch2
-%patch3
-%patch4
-%patch5
-%patch6
-%patch7
-%patch8 -p1
-cp %{SOURCE2} .
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
 %build
 %ifarch s390 s390x %sparc
@@ -76,56 +67,79 @@ F_PIE=-fPIE
 %else
 F_PIE=-fpie
 %endif
-export CFLAGS="$RPM_OPT_FLAGS -Wall $F_PIE -DLDAP_DEPRECATED"
+export CFLAGS="%{optflags} -Wall $F_PIE -DLDAP_DEPRECATED"
 export LDFLAGS="-pie"
 %configure \
     --libexecdir=%{_libexecdir}/sudo \
+    --docdir=%{_docdir}/%{name} \
     --with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
+    --with-pam \
+    --with-ldap \
     --with-selinux \
+    --with-linux-audit \
     --with-logfac=auth \
     --with-insults \
     --with-all-insults \
     --with-ignore-dot \
     --with-tty-tickets \
     --enable-shell-sets-home \
+    --enable-warnings \
+    --with-sendmail=%{_sbindir}/sendmail \
     --with-sudoers-mode=0440 \
-    --with-pam \
-    --with-ldap \
     --with-env-editor \
     --without-secure-path \
     --with-passprompt='%%p\x27s password:'
 make %{?_smp_mflags}
 
 %install
-make DESTDIR=$RPM_BUILD_ROOT install
-install -d -m 700 $RPM_BUILD_ROOT%{_localstatedir}/run/sudo
-install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
-install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo
-install -m 755 sudoers2ldif $RPM_BUILD_ROOT%{_sbindir}/sudoers2ldif
-rm -f $RPM_BUILD_ROOT%{_bindir}/sudoedit
-ln -sf %{_bindir}/sudo $RPM_BUILD_ROOT%{_bindir}/sudoedit
-install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema
-install -m 644 schema.OpenLDAP $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/sudo.schema
+%make_install
+install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
+install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/sudo
+mv %{buildroot}%{_docdir}/%{name}/sudoers2ldif %{buildroot}%{_sbindir}
+rm -f %{buildroot}%{_bindir}/sudoedit
+ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
+install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
+install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema
+install -m 644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/
+rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
+rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
+rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
+rm -f %{buildroot}%{_libexecdir}/%{name}/sudoers.la
 
 %post
 chmod 0440 %{_sysconfdir}/sudoers
+%if 0%{?suse_version} <= 1130
+%run_permissions
+%else
+%set_permissions /usr/bin/sudo
+%endif
+
+%verifyscript
+%verify_permissions -e /usr/bin/sudo
 
 %clean
-rm -rf $RPM_BUILD_ROOT
+rm -rf %{buildroot}
 
 %files
 %defattr(-,root,root)
-%doc HISTORY LICENSE PORTING README README.LDAP README.SUSE TROUBLESHOOTING UPGRADE WHATSNEW *.pod
+%doc %{_docdir}/%{name}
 %doc %{_mandir}/man?/*
 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
+%dir %{_sysconfdir}/sudoers.d
 %config %{_sysconfdir}/pam.d/sudo
 %attr(4755,root,root) %{_bindir}/sudo
 %dir %{_sysconfdir}/openldap
 %dir %{_sysconfdir}/openldap/schema
 %attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/sudo.schema
 %{_bindir}/sudoedit
-%{_sbindir}/*
+%{_bindir}/sudoreplay
+%{_sbindir}/visudo
+%attr(0755,root,root) %{_sbindir}/sudoers2ldif
 %{_libexecdir}/sudo
-%{_localstatedir}/run/sudo
+%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/sudo
+
+%files devel
+%defattr(-,root,root)
+%{_includedir}/sudo_plugin.h
 
 %changelog

sudoers2ldif-env.patch

@@ -1,7 +1,7 @@
-Index: sudoers2ldif
+Index: sudo-1.8.0/plugins/sudoers/sudoers2ldif
 ===================================================================
---- sudoers2ldif.orig
-+++ sudoers2ldif
+--- sudo-1.8.0.orig/plugins/sudoers/sudoers2ldif
++++ sudo-1.8.0/plugins/sudoers/sudoers2ldif
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl