[sudo] rebase to 1.8.1p2 removed .sudoi patch fixed typo: RELPRO -> RELRO added -devel subpackage for the s
Daniel Kopeček
mildew at fedoraproject.org
Tue Jul 12 11:20:29 UTC 2011
commit 269d3c7dcea2138d59c17ad1d51e7338a9dd4a00
Author: Daniel Kopecek <dkopecek at redhat.com>
Date: Tue Jul 12 13:20:39 2011 +0200
rebase to 1.8.1p2
removed .sudoi patch
fixed typo: RELPRO -> RELRO
added -devel subpackage for the sudo_plugin.h header file
use default ldap configuration files again
.gitignore | 1 +
sources | 2 +-
sudo-1.7.4p4-getgrouplist-fixed.patch | 42 ------------------------
sudo-1.7.4p4-sudoi.patch | 57 ---------------------------------
sudo-1.8.1p2-getgrouplist.patch | 44 +++++++++++++++++++++++++
sudo.spec | 46 ++++++++++++++++++---------
6 files changed, 77 insertions(+), 115 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 7770bdb..352f8f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ sudo-1.7.2p2-sudoers
/sudo-1.7.2p2-sudoers
/sudo-1.7.4p4-sudoers
/sudo-1.7.4p5.tar.gz
+/sudo-1.8.1p2.tar.gz
diff --git a/sources b/sources
index c05bae3..a86ed7d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-4c8105507363371dea89ceb7c92187dd sudo-1.7.4p5.tar.gz
+e8330f0e63b0ecb2e12b5c76922818cc sudo-1.8.1p2.tar.gz
56f74aed3a7b32f2b01a34d65ac86f85 sudo-1.7.4p4-sudoers
diff --git a/sudo-1.8.1p2-getgrouplist.patch b/sudo-1.8.1p2-getgrouplist.patch
new file mode 100644
index 0000000..6ccfe5e
--- /dev/null
+++ b/sudo-1.8.1p2-getgrouplist.patch
@@ -0,0 +1,44 @@
+diff -up sudo-1.8.1p2/configure.in.getgrouplist sudo-1.8.1p2/configure.in
+--- sudo-1.8.1p2/configure.in.getgrouplist 2011-07-12 12:13:29.562597933 +0200
++++ sudo-1.8.1p2/configure.in 2011-07-12 12:15:27.116597851 +0200
+@@ -2007,7 +2007,7 @@ dnl
+ AC_FUNC_GETGROUPS
+ AC_CHECK_FUNCS(strrchr sysconf tzset strftime initgroups getgroups fstat \
+ regcomp setlocale nl_langinfo getaddrinfo mbr_check_membership \
+- setrlimit64 sysctl)
++ setrlimit64 sysctl getgrouplist)
+ AC_CHECK_FUNCS(getline, [], [
+ AC_LIBOBJ(getline)
+ AC_CHECK_FUNCS(fgetln)
+diff -up sudo-1.8.1p2/plugins/sudoers/pwutil.c.getgrouplist sudo-1.8.1p2/plugins/sudoers/pwutil.c
+--- sudo-1.8.1p2/plugins/sudoers/pwutil.c.getgrouplist 2011-07-12 12:13:17.346597942 +0200
++++ sudo-1.8.1p2/plugins/sudoers/pwutil.c 2011-07-12 12:19:02.171597700 +0200
+@@ -711,6 +711,28 @@ user_in_group(struct passwd *pw, const c
+ }
+ #endif /* HAVE_MBR_CHECK_MEMBERSHIP */
+
++#ifdef HAVE_GETGROUPLIST
++ if (user_ngroups >= 0 &&
++ strcmp(pw->pw_name, list_pw ? list_pw->pw_name : user_name) == 0)
++ {
++ gid_t *grouplist, grouptmp;
++ int n_groups, i;
++ n_groups = 1;
++
++ if (getgrouplist(user_name, user_gid, &grouptmp, &n_groups) == -1) {
++ grouplist = (gid_t *) emalloc(sizeof(gid_t) * (n_groups + 1));
++ if (getgrouplist(user_name, user_gid, grouplist, &n_groups) > 0)
++ for (i = 0; i < n_groups; i++)
++ if (grouplist[i] == grp->gr_gid) {
++ free(grouplist);
++ retval = TRUE;
++ goto done;
++ }
++ free(grouplist);
++ }
++ }
++#endif /* HAVE_GETGROUPLIST */
++
+ done:
+ if (grp != NULL)
+ gr_delref(grp);
diff --git a/sudo.spec b/sudo.spec
index cca9415..147c24a 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
-Version: 1.7.4p5
-Release: 4%{?dist}
+Version: 1.8.1p2
+Release: 1%{?dist}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@@ -28,9 +28,7 @@ Patch2: sudo-1.7.2p1-envdebug.patch
Patch3: sudo-1.7.4p3-m4path.patch
# getgrouplist() to determine group membership (#235915)
# - version with CVE-2009-0034 fixed
-Patch4: sudo-1.7.4p4-getgrouplist-fixed.patch
-# reset HOME when using the `-i' option (#635250)
-Patch5: sudo-1.7.4p4-sudoi.patch
+Patch4: sudo-1.8.1p2-getgrouplist.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -43,19 +41,24 @@ audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.
+%package devel
+Summary: Development files for %{name}
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description devel
+The %{name}-devel package contains header files developing sudo
+plugins that use %{name}.
+
%prep
%setup -q
%patch1 -p1 -b .strip
%patch2 -p1 -b .envdebug
%patch3 -p1 -b .m4path
-%patch4 -p1 -b .getgrouplist-fixed
-%patch5 -p0 -b .sudoi
+%patch4 -p1 -b .getgrouplist
%build
-# handle newer autoconf
-rm -f acsite.m4
-mv aclocal.m4 acinclude.m4
autoreconf -fv --install
%ifarch s390 s390x sparc64
@@ -80,8 +83,6 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
--with-ignore-dot \
--with-tty-tickets \
--with-ldap \
- --with-ldap-conf-file="%{_sysconfdir}/nss_ldap.conf" \
- --with-ldap-secret-file="%{_sysconfdir}/nss_ldap.secret" \
--with-selinux \
--with-passprompt="[sudo] password for %p: " \
--with-linux-audit
@@ -122,8 +123,9 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
-%doc ChangeLog NEWS HISTORY LICENSE README* TROUBLESHOOTING UPGRADE
-%doc schema.* sudoers2ldif sample.*
+%doc ChangeLog NEWS README* MANIFEST
+%doc doc/HISTORY doc/LICENSE doc/TROUBLESHOOTING doc/UPGRADE
+%doc doc/schema.* plugins/sudoers/sudoers2ldif doc/sample.*
%attr(0440,root,root) %config(noreplace) /etc/sudoers
%attr(0750,root,root) %dir /etc/sudoers.d/
%config(noreplace) /etc/pam.d/sudo
@@ -135,6 +137,7 @@ rm -rf $RPM_BUILD_ROOT
%attr(0755,root,root) %{_sbindir}/visudo
%attr(0755,root,root) %{_libexecdir}/sesh
%{_libexecdir}/sudo_noexec.*
+%{_libexecdir}/sudoers.*
%{_mandir}/man5/sudoers.5*
%{_mandir}/man5/sudoers.ldap.5*
%{_mandir}/man8/sudo.8*
@@ -146,9 +149,22 @@ rm -rf $RPM_BUILD_ROOT
%post
/bin/chmod 0440 /etc/sudoers || :
+%files devel
+%defattr(-,root,root,-)
+%doc plugins/{sample,sample_group}
+%{_includedir}/sudo_plugin.h
+%{_mandir}/man8/sudo_plugin.8*
+
%changelog
+* Tue Jul 12 2011 Daniel Kopecek <dkopecek at redhat.com> - 1.8.1p2-1
+- rebase to 1.8.1p2
+- removed .sudoi patch
+- fixed typo: RELPRO -> RELRO
+- added -devel subpackage for the sudo_plugin.h header file
+- use default ldap configuration files again
+
* Fri Jun 3 2011 Daniel Kopecek <dkopecek at redhat.com> - 1.7.4p5-4
-- build with RELPRO
+- build with RELRO
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.4p5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
More information about the scm-commits
mailing list