294 lines
10 KiB
RPMSpec
294 lines
10 KiB
RPMSpec
#
|
|
# spec file for package sudo (Version 1.6.9)
|
|
#
|
|
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
# This file and all modifications and additions to the pristine
|
|
# package are under the same license as the package itself.
|
|
#
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
# norootforbuild
|
|
|
|
Name: sudo
|
|
BuildRequires: openldap2-devel pam-devel postfix
|
|
PreReq: coreutils
|
|
Version: 1.6.9
|
|
Release: 1
|
|
Autoreqprov: on
|
|
Group: System/Base
|
|
License: BSD 3-Clause
|
|
URL: http://www.sudo.ws/
|
|
Summary: Execute some commands as root
|
|
Source0: %{name}-%{version}.tar.bz2
|
|
Source1: %{name}-%{version}.pamd
|
|
Source2: README.SUSE
|
|
Patch1: %{name}-%{version}-defaults.diff
|
|
Patch2: %{name}-%{version}-sudoers.diff
|
|
Patch3: %{name}-%{version}-__P.diff
|
|
Patch4: %{name}-%{version}-strip.diff
|
|
Patch5: %{name}-%{version}-prompt.diff
|
|
Patch6: %{name}-%{version}-secure_path.diff
|
|
Patch7: %{name}-%{version}-ldap.diff
|
|
Patch8: %{name}-%{version}-env.diff
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
|
|
%description
|
|
Sudo is a command that allows users to execute some commands as root.
|
|
The /etc/sudoers file (edited with 'visudo') specifies which users have
|
|
access to sudo and which commands they can run. Sudo logs all its
|
|
activities to syslogd, so the system administrator can keep an eye on
|
|
things. Sudo asks for the password for initializing a check period of a
|
|
given time N (where N is defined at installation and is set to 5
|
|
minutes by default).
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Jeff Nieusma <nieusma@rootgroup.com>
|
|
David Hieb <davehieb@rootgroup.com>
|
|
Ian McCloghrie <ian@ucsd.edu>
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch1
|
|
%patch2
|
|
%patch3
|
|
%patch4
|
|
%patch5
|
|
%patch6
|
|
%patch7
|
|
%patch8
|
|
cp %{S:1} %{S:2} .
|
|
|
|
%build
|
|
%ifarch s390 s390x
|
|
F_PIE=-fPIE
|
|
%else
|
|
F_PIE=-fpie
|
|
%endif
|
|
export CFLAGS="$RPM_OPT_FLAGS -Wall $F_PIE -DLDAP_DEPRECATED"
|
|
export LDFLAGS="-pie"
|
|
%configure \
|
|
--libexecdir=%{_libexecdir}/sudo \
|
|
--with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
|
|
--with-logfac=auth \
|
|
--with-insults \
|
|
--with-all-insults \
|
|
--with-ignore-dot \
|
|
--with-tty-tickets \
|
|
--enable-shell-sets-home \
|
|
--with-sudoers-mode=0440 \
|
|
--with-pam \
|
|
--with-ldap \
|
|
--with-env-editor \
|
|
--with-secure-path=%{_sbindir}:/bin:%{_bindir}:/sbin \
|
|
--with-passprompt="%%p's password:"
|
|
make %{?jobs:-j%jobs}
|
|
|
|
%install
|
|
make DESTDIR=$RPM_BUILD_ROOT install
|
|
install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo
|
|
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
|
|
install -m 644 sudo-%{version}.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo
|
|
install -m 755 sudoers2ldif $RPM_BUILD_ROOT%{_sbindir}/sudoers2ldif
|
|
rm -f $RPM_BUILD_ROOT%{_bindir}/sudoedit
|
|
ln -sf %{_bindir}/sudo $RPM_BUILD_ROOT%{_bindir}/sudoedit
|
|
|
|
%post
|
|
chmod 0440 %{_sysconfdir}/sudoers
|
|
|
|
%clean
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%doc BUGS CHANGES HISTORY LICENSE PORTING README README.LDAP README.SUSE
|
|
%doc TODO TROUBLESHOOTING *.pod
|
|
%doc %{_mandir}/man?/*
|
|
%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
|
|
%config %{_sysconfdir}/pam.d/sudo
|
|
%attr(4755,root,root) %{_bindir}/sudo
|
|
%{_bindir}/sudoedit
|
|
%{_sbindir}/*
|
|
%{_libexecdir}/sudo
|
|
/var/run/sudo
|
|
|
|
%changelog
|
|
* Tue Jul 24 2007 - prusnak@suse.cz
|
|
- updated to 1.6.9
|
|
* added to the list of variables to remove from the environment
|
|
* fixed a Kerberos V security issue that could allow a user to
|
|
authenticate using a fake KDC
|
|
* PAM is now the default on systems where it is supported
|
|
* removed POSIX saved uid use; the stay_setuid option now requires
|
|
the setreuid() or setresuid() functions to work
|
|
* fixed fd leak when lecture file option is enabled
|
|
* PAM fixes
|
|
* security fix for Kerberos5
|
|
* fixed securid5 authentication
|
|
* added fcntl F_CLOSEM support to closefrom()
|
|
* sudo now uses the supplemental group vector for matching
|
|
* added more environment variables to remove by default
|
|
* mail from sudo now includes an Auto-Submitted: auto-generated header
|
|
* reworked the environment handling code
|
|
* remove the --with-execv option, it was not useful
|
|
* use TCSADRAIN instead of TCSAFLUSH in tgetpass() since some OSes
|
|
have issues with TCSAFLUSH
|
|
* use glob(3) instead of fnmatch(3) for matching pathnames
|
|
* reworked the syslog long line splitting code based on changes
|
|
from Eygene Ryabinkin
|
|
* visudo will now honor command line arguments in the EDITOR or VISUAL
|
|
environment variables if env_editor is enabled
|
|
* LDAP now honors rootbinddn, timelimit and bind_timelimit in /etc/ldap.conf
|
|
* For LDAP, do a sub tree search instead of a base search (one level in
|
|
the tree only) for sudo right objects
|
|
* env_reset option is now enabled by default
|
|
* moved LDAP schema data into separate files
|
|
* sudo no longer assumes that gr_mem in struct group is non-NULL
|
|
* added support for setting environment variables on the command line
|
|
if the command has the SETENV attribute set in sudoers
|
|
* added a -E flag to preserve the environment if the SETENV attribute
|
|
has been set
|
|
* sudoers2ldif script now parses Runas users
|
|
* -- flag now behaves as documented
|
|
* sudo -k/-K no longer cares if the timestamp is in the future
|
|
* when searching for the command, sudo now uses the effective gid of
|
|
the runas user
|
|
* sudo no longer updates the timestamp if not validated by sudoers
|
|
* now rebuild environment regardless of how sudo was invoked
|
|
* more accurate usage() when called as sudoedit
|
|
* command line environment variables are now treated like normal
|
|
environment variables unless the SETENV tag is set
|
|
* better explanation of environment handling in the sudo man page
|
|
- changed '/usr/bin/env perl' to '/usr/bin/env' in sudoers2ldif
|
|
script (env.diff)
|
|
- dropped obsoleted patches:
|
|
* sudo-1.6.8p12-conf.diff
|
|
* sudo-1.6.8p12-configure.diff
|
|
* Tue Jul 17 2007 - prusnak@suse.cz
|
|
- added note about special input method variables into /etc/sudoers
|
|
(sudoers.diff) [#222728]
|
|
* Fri Jan 26 2007 - prusnak@suse.cz
|
|
- packaged script sudoers2ldif
|
|
* can be used for importing /etc/sudoers to LDAP
|
|
* more info at http://www.sudo.ws/sudo/readme_ldap.html
|
|
* Wed Jan 24 2007 - prusnak@suse.cz
|
|
- added sudoers permission change to %%post section of spec file
|
|
* Thu Nov 30 2006 - prusnak@suse.cz
|
|
- package /etc/sudoers as 0440 [Fate#300934]
|
|
* Wed Nov 29 2006 - prusnak@suse.cz
|
|
- protect locale-related environment variables from resetting (sudoers.diff) [#222728]
|
|
* Wed Oct 04 2006 - mjancar@suse.cz
|
|
- enable LDAP support (#159774)
|
|
* Wed Jun 14 2006 - schwab@suse.de
|
|
- Fix quoting in configure script.
|
|
* Wed Mar 08 2006 - mjancar@suse.cz
|
|
- don't limit access to local group users (#151938)
|
|
* Fri Jan 27 2006 - mjancar@suse.cz
|
|
- set environment and sudo search PATH to SECURE_PATH
|
|
only when env_reset (#145687)
|
|
* Thu Jan 26 2006 - schwab@suse.de
|
|
- Fix syntax error in /etc/sudoers.
|
|
* Thu Jan 26 2006 - mjancar@suse.cz
|
|
- fix PATH always reset (#145687)
|
|
* Wed Jan 25 2006 - mls@suse.de
|
|
- converted neededforbuild to BuildRequires
|
|
* Sun Jan 15 2006 - schwab@suse.de
|
|
- Don't strip binaries.
|
|
* Tue Jan 10 2006 - mjancar@suse.cz
|
|
- fix CVE-2005-4158 (#140300)
|
|
* compile with --with-secure-path
|
|
* use always_set_home and env_reset by default
|
|
- document purpose of the default asking for root password
|
|
* Wed Dec 21 2005 - mjancar@suse.cz
|
|
- update to 1.6.8p12
|
|
* Fri Dec 09 2005 - ro@suse.de
|
|
- disabled selinux
|
|
* Tue Aug 02 2005 - mjancar@suse.cz
|
|
- update to 1.6.8p9
|
|
* Mon Jun 20 2005 - anicka@suse.cz
|
|
- build position independent binaries
|
|
* Mon Feb 28 2005 - ro@suse.de
|
|
- update to 1.6.8p7
|
|
* Mon Nov 15 2004 - kukuk@suse.de
|
|
- Use common PAM config files
|
|
* Mon Sep 13 2004 - ro@suse.de
|
|
- undef __P first
|
|
* Tue Apr 06 2004 - kukuk@suse.de
|
|
- fix default permissions of sudo
|
|
* Fri Mar 26 2004 - ro@suse.de
|
|
- added postfix to neededforbuild
|
|
* Wed Feb 25 2004 - lnussel@suse.de
|
|
- Add comment and warning for 'Defaults targetpw' to config file
|
|
* Thu Jan 29 2004 - kukuk@suse.de
|
|
- Fix sudo configuration broken by last patch
|
|
* Wed Jan 28 2004 - kukuk@suse.de
|
|
- Add SELinux patch
|
|
* Thu Jan 22 2004 - ro@suse.de
|
|
- package /etc/sudoers as 0640
|
|
* Fri Jan 16 2004 - kukuk@suse.de
|
|
- Add pam-devel to neededforbuild
|
|
* Sun Jan 11 2004 - adrian@suse.de
|
|
- build as user
|
|
* Fri Nov 07 2003 - schwab@suse.de
|
|
- Fix quoting in configure script.
|
|
* Wed Sep 10 2003 - mjancar@suse.cz
|
|
- move the defaults to better place in /etc/sudoers (#30282)
|
|
* Mon Aug 25 2003 - mjancar@suse.cz
|
|
- update to 1.6.7p5
|
|
* Fixed a problem with large numbers
|
|
of environment variables.
|
|
- more useful defaults (#28056)
|
|
* Wed May 14 2003 - mjancar@suse.cz
|
|
- update to version 1.6.7p4
|
|
* Fri Feb 07 2003 - kukuk@suse.de
|
|
- Use pam_unix2.so instead of pam_unix.so
|
|
* Wed Jun 05 2002 - pmladek@suse.cz
|
|
- updated to version 1.6.6
|
|
- removed obsolete heap-overflow fix in prompt patch
|
|
* Mon Apr 22 2002 - pmladek@suse.cz
|
|
- fixed a heap-overflow (prompt patch)
|
|
- fixed prompt behaviour, %% is always translated to %% (prompt patch)
|
|
* Tue Feb 12 2002 - pmladek@suse.cz
|
|
- insults are really off by default now [#13134]
|
|
- sudo.pamd moved from patch to sources
|
|
- used %%defattr(-,root,root)
|
|
* Thu Jan 24 2002 - postadal@suse.cz
|
|
- updated to version 1.6.5p2
|
|
* Thu Jan 17 2002 - pmladek@suse.cz
|
|
- updated to version 1.6.5p1
|
|
- removed obsolete security patch (to do not run mailer as root),
|
|
sudo runs mailer again as root but with hard-coded environment
|
|
* Wed Jan 02 2002 - pmladek@suse.cz
|
|
- aplied security patch from Sebastian Krahmer <krahmer@suse.de>
|
|
to do not run mailer as root
|
|
- NOTIFY_BY_EMAIL enabled
|
|
* Tue Oct 30 2001 - bjacke@suse.de
|
|
- make /etc/sudoers (noreplace)
|
|
* Wed Aug 15 2001 - pmladek@suse.cz
|
|
- updated to version 1.6.3p7
|
|
* Tue Aug 14 2001 - ro@suse.de
|
|
- Don't use absolute paths to PAM modules in PAM config files
|
|
* Tue Feb 27 2001 - pblaha@suse.cz
|
|
- update on 1.6.3p6 for fix potential security problems
|
|
* Mon Jun 26 2000 - schwab@suse.de
|
|
- Add %%suse_update_config.
|
|
* Thu May 04 2000 - smid@suse.cz
|
|
- upgrade to 1.6.3
|
|
- buildroot added
|
|
* Tue Apr 04 2000 - uli@suse.de
|
|
- added "--with-env-editor" to configure call
|
|
* Wed Mar 01 2000 - schwab@suse.de
|
|
- Specfile cleanup, remove Makefile.Linux
|
|
- /usr/man -> /usr/share/man
|
|
* Mon Sep 13 1999 - bs@suse.de
|
|
- ran old prepare_spec on spec file to switch to new prepare_spec.
|
|
* Wed Jun 09 1999 - kukuk@suse.de
|
|
- update to version 1.5.9p1
|
|
- enable PAM
|
|
* Thu Jan 02 1997 - florian@suse.de
|
|
- update to version 1.5.2
|
|
- sudo has changed a lot, please check the sudo documentation
|