[sudo/f17] update to 1.8.6p7
Daniel Kopeček
mildew at fedoraproject.org
Thu Feb 28 13:46:55 UTC 2013
commit 8f9bb539c509243390ff8cc8bb7ba568711de8ac
Author: Daniel Kopecek <dkopecek at redhat.com>
Date: Thu Feb 28 14:46:42 2013 +0100
update to 1.8.6p7
- fixes CVE-2013-1775 and CVE-2013-1776
- fixed several packaging issues (thanks to ville.skytta at iki.fi)
- build with system zlib.
- let rpmbuild strip libexecdir/*.so.
- own the %{_docdir}/sudo-* dir.
- fix some rpmlint warnings (spaces vs tabs, unescaped macros).
- fix bogus %changelog dates.
.gitignore | 1 +
sources | 2 +-
sudo.spec | 77 +++++++++++++++++++++++++++++------------------------------
3 files changed, 40 insertions(+), 40 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 754758f..7252493 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ sudo-1.7.2p2-sudoers
/sudo-1.7.4p5.tar.gz
/sudo-1.8.1p2.tar.gz
/sudo-1.8.3p1.tar.gz
+/sudo-1.8.6p7.tar.gz
diff --git a/sources b/sources
index d108a9e..95bc198 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-7becc572fa97f94cf721a2ee8299c45b sudo-1.8.3p1.tar.gz
56f74aed3a7b32f2b01a34d65ac86f85 sudo-1.7.4p4-sudoers
+126abfa2e841139e774d4c67d80f0e5b sudo-1.8.6p7.tar.gz
diff --git a/sudo.spec b/sudo.spec
index 4a78dab..dac5ce6 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
-Version: 1.8.3p1
-Release: 7%{?dist}
+Version: 1.8.6p7
+Release: 1%{?dist}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@@ -20,22 +20,12 @@ BuildRequires: audit-libs-devel libcap-devel
BuildRequires: libselinux-devel
BuildRequires: sendmail
BuildRequires: gettext
-BuildRequires: libsss_sudo-devel
+BuildRequires: zlib-devel
# don't strip
Patch1: sudo-1.6.7p5-strip.patch
# configure.in fix
Patch2: sudo-1.7.2p1-envdebug.patch
-# add m4/ to paths in aclocal.m4
-Patch3: sudo-1.7.4p3-m4path.patch
-# disable word wrapping if the ouput is piped
-Patch4: sudo-1.8.3-pipelist.patch
-# CVE-2012-0809
-Patch5: sudo-1.8.3p1-CVE-2012-0809.patch
-# SSSD support
-Patch6: sudo-1.8.3p1-sssd-support.patch
-# CVE-2012-2337
-Patch7: sudo-1.8.3p1-CVE-2012-2337.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -62,17 +52,12 @@ plugins that use %{name}.
%patch1 -p1 -b .strip
%patch2 -p1 -b .envdebug
-%patch3 -p1 -b .m4path
-%patch4 -p1 -b .pipelist
-%patch5 -p1 -b .CVE-2012-0809
-%patch6 -p1 -b .sssd-support
-%patch7 -p1 -b .CVE-2012-2337
# Remove execute permission on this script so we don't pull in perl deps
chmod -x plugins/sudoers/sudoers2ldif
%build
-autoreconf -fv --install
+autoreconf -I m4 -fv --install
%ifarch s390 s390x sparc64
F_PIE=-fPIE
@@ -86,22 +71,22 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
--prefix=%{_prefix} \
--sbindir=%{_sbindir} \
--libdir=%{_libdir} \
- --docdir=%{_datadir}/doc/%{name}-%{version} \
+ --docdir=%{_datadir}/doc/%{name}-%{version} \
--with-logging=syslog \
--with-logfac=authpriv \
--with-pam \
- --with-pam-login \
+ --with-pam-login \
--with-editor=/bin/vi \
--with-env-editor \
--with-ignore-dot \
--with-tty-tickets \
--with-ldap \
- --with-selinux \
- --with-passprompt="[sudo] password for %p: " \
- --with-linux-audit \
- --with-sssd
-# --without-kerb5 \
-# --without-kerb4
+ --with-selinux \
+ --with-passprompt="[sudo] password for %p: " \
+ --with-linux-audit \
+ --with-sssd
+# --without-kerb5 \
+# --without-kerb4
make
%install
@@ -113,6 +98,11 @@ install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
+chmod +x $RPM_BUILD_ROOT%{_libexecdir}/*.so # for stripping, reset in %%files
+
+# Remove execute permission on this script so we don't pull in perl deps
+chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
+
%find_lang sudo
%find_lang sudoers
@@ -121,7 +111,7 @@ rm sudo.lang sudoers.lang
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
-#%PAM-1.0
+#%%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
@@ -130,7 +120,7 @@ session required pam_limits.so
EOF
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
-#%PAM-1.0
+#%%PAM-1.0
auth include sudo
account include sudo
password include sudo
@@ -139,14 +129,11 @@ session required pam_limits.so
EOF
-%clean
+%clean
rm -rf $RPM_BUILD_ROOT
%files -f sudo_all.lang
%defattr(-,root,root)
-%doc ChangeLog NEWS README* MANIFEST
-%doc doc/HISTORY doc/LICENSE doc/TROUBLESHOOTING doc/UPGRADE
-%doc doc/schema.* plugins/sudoers/sudoers2ldif doc/sample.*
%attr(0440,root,root) %config(noreplace) /etc/sudoers
%attr(0750,root,root) %dir /etc/sudoers.d/
%config(noreplace) /etc/pam.d/sudo
@@ -157,14 +144,16 @@ rm -rf $RPM_BUILD_ROOT
%attr(0111,root,root) %{_bindir}/sudoreplay
%attr(0755,root,root) %{_sbindir}/visudo
%attr(0755,root,root) %{_libexecdir}/sesh
-%{_libexecdir}/sudo_noexec.*
-%{_libexecdir}/sudoers.*
+%attr(0644,root,root) %{_libexecdir}/sudo_noexec.so
+%attr(0644,root,root) %{_libexecdir}/sudoers.so
%{_mandir}/man5/sudoers.5*
%{_mandir}/man5/sudoers.ldap.5*
%{_mandir}/man8/sudo.8*
%{_mandir}/man8/sudoedit.8*
%{_mandir}/man8/sudoreplay.8*
%{_mandir}/man8/visudo.8*
+%dir %{_docdir}/sudo-%{version}
+%{_docdir}/sudo-%{version}/*
# Make sure permissions are ok even if we're updating
@@ -178,6 +167,16 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8*
%changelog
+* Thu Feb 28 2013 Daniel Kopecek <dkopecek at redhat.com> - 1.8.6p7-1
+- update to 1.8.6p7
+- fixes CVE-2013-1775 and CVE-2013-1776
+- fixed several packaging issues (thanks to ville.skytta at iki.fi)
+ - build with system zlib.
+ - let rpmbuild strip libexecdir/*.so.
+ - own the %%{_docdir}/sudo-* dir.
+ - fix some rpmlint warnings (spaces vs tabs, unescaped macros).
+ - fix bogus %%changelog dates.
+
* Thu May 17 2012 Daniel Kopecek <dkopecek at redhat.com> - 1.8.3p1-7
- added patch for CVE-2012-2337 (rhbz#820677)
@@ -196,7 +195,7 @@ rm -rf $RPM_BUILD_ROOT
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.3p1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-* Tue Nov 10 2011 Daniel Kopecek <dkopecek at redhat.com> - 1.8.3p1-1
+* Thu Nov 10 2011 Daniel Kopecek <dkopecek at redhat.com> - 1.8.3p1-1
- update to 1.8.3p1
- disable output word wrapping if the output is piped
@@ -329,7 +328,7 @@ rm -rf $RPM_BUILD_ROOT
- upgrade to the latest upstream release
- add selinux support
-* Mon Feb 02 2008 Dennis Gilmore <dennis at ausil.us> 1.6.9p4-6
+* Mon Feb 04 2008 Dennis Gilmore <dennis at ausil.us> 1.6.9p4-6
- sparc64 needs to be in the -fPIE list with s390
* Mon Jan 07 2008 Peter Vrabec <pvrabec at redhat.com> 1.6.9p4-5
@@ -455,7 +454,7 @@ rm -rf $RPM_BUILD_ROOT
* Thu Apr 1 2004 Thomas Woerner <twoerner at redhat.com> 1.6.7p5-25
- fixed spec file: sesh in file section with selinux flag (#119682)
-* Thu Mar 30 2004 Colin Walters <walters at redhat.com> 1.6.7p5-24
+* Tue Mar 30 2004 Colin Walters <walters at redhat.com> 1.6.7p5-24
- Enhance sesh.c to fork/exec children itself, to avoid
having sudo reap all domains.
- Only reinstall default signal handlers immediately before
@@ -617,7 +616,7 @@ rm -rf $RPM_BUILD_ROOT
* Tue Oct 27 1998 Preston Brown <pbrown at redhat.com>
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
-* Fri Oct 08 1998 Michael Maher <mike at redhat.com>
+* Thu Oct 08 1998 Michael Maher <mike at redhat.com>
- built package for 5.2
* Mon May 18 1998 Michael Maher <mike at redhat.com>
More information about the scm-commits
mailing list