Blame SPECS/sudo.spec

0eb21d
Summary: Allows restricted root access for specified users
0eb21d
Name: sudo
3379fe
Version: 1.8.29
611e46
Release: 10%{?dist}
0eb21d
License: ISC
0eb21d
Group: Applications/System
230a1d
URL: https://www.sudo.ws/
0eb21d
0eb21d
Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
0eb21d
Source1: sudoers
0eb21d
Source2: sudo-ldap.conf
0eb21d
Source3: sudo.conf
0eb21d
0eb21d
Requires: /etc/pam.d/system-auth
0eb21d
Requires: /usr/bin/vi
0eb21d
Requires(post): /bin/chmod
0eb21d
0eb21d
BuildRequires: /usr/sbin/sendmail
0eb21d
BuildRequires: autoconf
0eb21d
BuildRequires: automake
0eb21d
BuildRequires: bison
0eb21d
BuildRequires: flex
0eb21d
BuildRequires: gettext
0eb21d
BuildRequires: groff
0eb21d
BuildRequires: libtool
0eb21d
BuildRequires: audit-libs-devel
0eb21d
BuildRequires: libcap-devel
0eb21d
BuildRequires: libgcrypt-devel
0eb21d
BuildRequires: libselinux-devel
0eb21d
BuildRequires: openldap-devel
0eb21d
BuildRequires: pam-devel
0eb21d
BuildRequires: zlib-devel
0eb21d
0eb21d
# don't strip
0eb21d
Patch1: sudo-1.6.7p5-strip.patch
0eb21d
# 881258 - rpmdiff: added missing sudo-ldap.conf manpage
0eb21d
Patch2: sudo-1.8.23-sudoldapconfman.patch
0eb21d
# env debug patch
0eb21d
Patch3: sudo-1.7.2p1-envdebug.patch
0eb21d
# 1247591 - Sudo taking a long time when user information is stored externally.
0eb21d
Patch4: sudo-1.8.23-legacy-group-processing.patch
0eb21d
# 840980 - sudo creates a new parent process
0eb21d
# Adds cmnd_no_wait Defaults option
3379fe
Patch5: sudo-1.8.23-nowaitopt.patch
0eb21d
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure
3379fe
Patch6: sudo-1.8.6p7-logsudouser.patch
3379fe
# 1786987 - CVE-2019-19232 sudo: attacker with access to a Runas ALL sudoer account
3379fe
# can impersonate a nonexistent user [rhel-8]
3379fe
Patch7: sudo-1.8.29-CVE-2019-19232.patch
3379fe
# 1796518 - [RFE] add optional check for the target user shell
3379fe
Patch8: sudo-1.8.29-CVE-2019-19234.patch
3379fe
# 1798093 - CVE-2019-18634 sudo: Stack based buffer overflow in when pwfeedback is enabled [rhel-8.2.0]
3379fe
Patch9: sudo-1.8.29-CVE-2019-18634.patch
168bcc
7c0317
# 1815164 - sudo allows privilege escalation with expire password
7c0317
Patch10: sudo-1.8.29-expired-password-part1.patch
7c0317
Patch11: sudo-1.8.29-expired-password-part2.patch
7c0317
230a1d
# 1917734 - EMBARGOED CVE-2021-3156 sudo: Heap-buffer overflow in argument parsing [rhel-8.4.0]
1c24e9
Patch12: sudo-1.8.31-CVE-2021-3156.patch
230a1d
# 1916434 - CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit [rhel-8]
230a1d
Patch13: sudo-1.9.5-CVE-2021-23239.patch
230a1d
# 1917038 - CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit [rhel-8]
230a1d
Patch14: sudo-1.9.5-CVE-2021-23240-1.patch
230a1d
Patch15: sudo-1.9.5-CVE-2021-23240-2.patch
230a1d
Patch16: sudo-1.9.5-CVE-2021-23240-3.patch
230a1d
Patch17: sudo-1.9.5-CVE-2021-23240-4.patch
230a1d
Patch18: sudo-1.9.5-CVE-2021-23240-5.patch
1c24e9
e1791d
# 2029551 - sudoedit does not work with selinux args
e1791d
Patch19: sudo-1.9.5-sudoedit-selinux.patch
e1791d
# 1999751 - Request to backport https://www.sudo.ws/repos/sudo/rev/b4c91a0f72e7 to RHEL 8
e1791d
Patch20: sudo-1.9.7-sigchild.patch
e1791d
# 1917379 - [RFE] pass KRB5CCNAME to pam_authenticate environment if available
e1791d
Patch21: sudo-1.9.7-krb5ccname.patch
e1791d
# 1986572 - utmp resource leak in sudo
e1791d
Patch22: sudo-1.9.7-utmp-leak.patch
6b7901
611e46
# 2114576 - sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
611e46
Patch23: sha-digest-calc.patch
611e46
# 2161221 - EMBARGOED CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user [rhel-8.8.0]
8712ef
Patch24: sudo-1.9.12-CVE-2023-22809-whitelist.patch
8712ef
Patch25: sudo-1.9.12-CVE-2023-22809-backports.patch
8712ef
Patch26: sudo-1.9.12-CVE-2023-22809.patch
8712ef
0eb21d
%description
0eb21d
Sudo (superuser do) allows a system administrator to give certain
0eb21d
users (or groups of users) the ability to run some (or all) commands
0eb21d
as root while logging all commands and arguments. Sudo operates on a
0eb21d
per-command basis.  It is not a replacement for the shell.  Features
0eb21d
include: the ability to restrict what commands a user may run on a
0eb21d
per-host basis, copious logging of each command (providing a clear
0eb21d
audit trail of who did what), a configurable timeout of the sudo
0eb21d
command, and the ability to use the same configuration file (sudoers)
0eb21d
on many different machines.
0eb21d
0eb21d
%package        devel
0eb21d
Summary:        Development files for %{name}
0eb21d
Group:          Development/Libraries
0eb21d
Requires:       %{name} = %{version}-%{release}
0eb21d
0eb21d
%description    devel
0eb21d
The %{name}-devel package contains header files developing sudo
0eb21d
plugins that use %{name}.
0eb21d
0eb21d
%prep
0eb21d
%setup -q
0eb21d
0eb21d
%patch1 -p1 -b .strip
0eb21d
%patch2 -p1 -b .sudoldapconfman
0eb21d
%patch3 -p1 -b .env-debug
0eb21d
%patch4 -p1 -b .legacy-processing
3379fe
%patch5 -p1 -b .nowait
3379fe
%patch6 -p1 -b .logsudouser
3379fe
%patch7 -p1 -b .CVE-2019-19232
3379fe
%patch8 -p1 -b .target-shell
3379fe
%patch9 -p1 -b .CVE-2019-18634
168bcc
7c0317
%patch10 -p1 -b .expired1
7c0317
%patch11 -p1 -b .expired2
7c0317
1c24e9
%patch12 -p1 -b .heap-buffer
1c24e9
230a1d
%patch13 -p1 -b .sudoedit-race
230a1d
230a1d
%patch14 -p1 -b .symbolic-link-attack-1
230a1d
%patch15 -p1 -b .symbolic-link-attack-2
230a1d
%patch16 -p1 -b .symbolic-link-attack-3
230a1d
%patch17 -p1 -b .symbolic-link-attack-4
230a1d
%patch18 -p1 -b .symbolic-link-attack-5
230a1d
e1791d
%patch19 -p1 -b .sudoedit-selinux
6b7901
e1791d
%patch20 -p1 -b .sigchild
e1791d
%patch21 -p1 -b .krb5ccname
e1791d
%patch22 -p1 -b .utmp-leak
6b7901
611e46
%patch23 -p1 -b .sha-digest
8712ef
%patch24 -p1 -b .whitelist
8712ef
%patch25 -p1 -b .backports
8712ef
%patch26 -p1 -b .cve
8712ef
0eb21d
%build
0eb21d
# Remove bundled copy of zlib
0eb21d
rm -rf zlib/
0eb21d
autoreconf -I m4 -fv --install
0eb21d
0eb21d
%ifarch s390 s390x sparc64
0eb21d
F_PIE=-fPIE
0eb21d
%else
0eb21d
F_PIE=-fpie
0eb21d
%endif
0eb21d
0eb21d
export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
0eb21d
0eb21d
%configure \
0eb21d
        --prefix=%{_prefix} \
0eb21d
        --sbindir=%{_sbindir} \
0eb21d
        --libdir=%{_libdir} \
0eb21d
        --docdir=%{_pkgdocdir} \
0eb21d
        --disable-root-mailer \
0eb21d
        --with-logging=syslog \
0eb21d
        --with-logfac=authpriv \
0eb21d
        --with-pam \
0eb21d
        --with-pam-login \
0eb21d
        --with-editor=/bin/vi \
0eb21d
        --with-env-editor \
0eb21d
        --with-ignore-dot \
0eb21d
        --with-tty-tickets \
0eb21d
        --with-ldap \
0eb21d
        --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
0eb21d
        --with-selinux \
0eb21d
        --with-passprompt="[sudo] password for %p: " \
0eb21d
        --with-linux-audit \
0eb21d
        --with-sssd
0eb21d
#       --without-kerb5 \
0eb21d
#       --without-kerb4
0eb21d
make
0eb21d
0eb21d
%check
0eb21d
make check
0eb21d
0eb21d
%install
0eb21d
rm -rf $RPM_BUILD_ROOT
0eb21d
0eb21d
# Update README.LDAP (#736653)
0eb21d
sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP
0eb21d
0eb21d
make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
0eb21d
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
0eb21d
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
0eb21d
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
0eb21d
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
0eb21d
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
0eb21d
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
0eb21d
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
0eb21d
0eb21d
# Add sudo to protected packages
0eb21d
install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
0eb21d
touch sudo.conf
0eb21d
echo sudo > sudo.conf
0eb21d
install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
0eb21d
rm -f sudo.conf
0eb21d
0eb21d
chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
0eb21d
0eb21d
# Don't package LICENSE as a doc
0eb21d
rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
0eb21d
0eb21d
# Remove examples; Examples can be found in man pages too.
0eb21d
rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
0eb21d
0eb21d
# Remove all .la files
0eb21d
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
0eb21d
0eb21d
# Remove sudoers.dist
0eb21d
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
0eb21d
0eb21d
%find_lang sudo
0eb21d
%find_lang sudoers
0eb21d
0eb21d
cat sudo.lang sudoers.lang > sudo_all.lang
0eb21d
rm sudo.lang sudoers.lang
0eb21d
0eb21d
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
0eb21d
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
0eb21d
#%%PAM-1.0
0eb21d
auth       include      system-auth
0eb21d
account    include      system-auth
0eb21d
password   include      system-auth
0eb21d
session    include      system-auth
0eb21d
EOF
0eb21d
0eb21d
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
0eb21d
#%%PAM-1.0
0eb21d
auth       include      sudo
0eb21d
account    include      sudo
0eb21d
password   include      sudo
0eb21d
session    optional     pam_keyinit.so force revoke
0eb21d
session    include      sudo
0eb21d
EOF
0eb21d
0eb21d
0eb21d
%clean
0eb21d
rm -rf $RPM_BUILD_ROOT
0eb21d
0eb21d
%files -f sudo_all.lang
0eb21d
%defattr(-,root,root)
0eb21d
%attr(0440,root,root) %config(noreplace) /etc/sudoers
0eb21d
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
0eb21d
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
0eb21d
%attr(0750,root,root) %dir /etc/sudoers.d/
0eb21d
%config(noreplace) /etc/pam.d/sudo
0eb21d
%config(noreplace) /etc/pam.d/sudo-i
0eb21d
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
0eb21d
%attr(0644,root,root) /etc/dnf/protected.d/sudo.conf
0eb21d
%dir /var/db/sudo
0eb21d
%dir /var/db/sudo/lectured
0eb21d
%attr(4111,root,root) %{_bindir}/sudo
0eb21d
%{_bindir}/sudoedit
0eb21d
%{_bindir}/cvtsudoers
0eb21d
%attr(0111,root,root) %{_bindir}/sudoreplay
0eb21d
%attr(0755,root,root) %{_sbindir}/visudo
0eb21d
%dir %{_libexecdir}/sudo
0eb21d
%attr(0755,root,root) %{_libexecdir}/sudo/sesh
0eb21d
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
0eb21d
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
0eb21d
%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
0eb21d
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
0eb21d
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
0eb21d
%{_libexecdir}/sudo/libsudo_util.so.?
0eb21d
%{_libexecdir}/sudo/libsudo_util.so
0eb21d
%{_mandir}/man5/sudoers.5*
0eb21d
%{_mandir}/man5/sudoers.ldap.5*
0eb21d
%{_mandir}/man5/sudo-ldap.conf.5*
0eb21d
%{_mandir}/man5/sudo.conf.5*
0eb21d
%{_mandir}/man8/sudo.8*
0eb21d
%{_mandir}/man8/sudoedit.8*
0eb21d
%{_mandir}/man8/sudoreplay.8*
0eb21d
%{_mandir}/man8/visudo.8*
0eb21d
%{_mandir}/man1/cvtsudoers.1*
0eb21d
%{_mandir}/man5/sudoers_timestamp.5*
0eb21d
%dir %{_pkgdocdir}/
0eb21d
%{_pkgdocdir}/*
0eb21d
%{!?_licensedir:%global license %%doc}
0eb21d
%license doc/LICENSE
0eb21d
%exclude %{_pkgdocdir}/ChangeLog
0eb21d
0eb21d
0eb21d
# Make sure permissions are ok even if we're updating
0eb21d
%post
0eb21d
/bin/chmod 0440 /etc/sudoers || :
0eb21d
0eb21d
%files devel
0eb21d
%defattr(-,root,root,-)
0eb21d
%doc plugins/sample/sample_plugin.c
0eb21d
%{_includedir}/sudo_plugin.h
0eb21d
%{_mandir}/man8/sudo_plugin.8*
0eb21d
0eb21d
%changelog
611e46
* Wed Jan 11 2023 Radovan Sroka <rsroka@redhat.com> - 1.8.29.9
611e46
RHEL 8.8.0 ERRATUM
8712ef
- CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user
611e46
Resolves: rhbz#2161221
611e46
- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
611e46
Resolves: rhbz#2114576
8712ef
e1791d
* Mon Dec 06 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-8
e1791d
RHEL 8.6.0 ERRATUM
e1791d
- sudoedit does not work with selinux args
e1791d
Resolves: rhbz#2029551
6b7901
- Make sure SIGCHLD is not ignored when sudo is executed
e1791d
Resolves: rhbz#1999751
e1791d
- [RFE] pass KRB5CCNAME to pam_authenticate environment if available
e1791d
Resolves: rhbz#1917379
e1791d
- utmp resource leak in sudo
e1791d
Resolves: rhbz#1986572
6b7901
230a1d
* Tue Feb 02 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-7
230a1d
- RHEL 8.4 ERRATUM
1c24e9
- CVE-2021-3156
230a1d
Resolves: rhbz#1917734
230a1d
- CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit
230a1d
Resolves: rhzb#1916434
230a1d
- CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit
230a1d
Resolves: rhbz#1917038
230a1d
- updated upstream url
230a1d
Resolves: rhbz#1923825
1c24e9
7c0317
* Tue Apr 28 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.29-6
7c0317
- RHEL 8.3 ERRATUM
7c0317
- sudo allows privilege escalation with expire password
7c0317
Resolves: rhbz#1815164
7c0317
3379fe
* Wed Feb 05 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.29-5
3379fe
- RHEL 8.2 ERRATUM
168bcc
- CVE-2019-18634
3379fe
Resolves: rhbz#1798093
3379fe
3379fe
* Tue Jan 14 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.29-4
3379fe
- RHEL 8.2 ERRATUM
3379fe
- CVE-2019-19232
3379fe
Resolves: rhbz#1786987
3379fe
Resolves: rhbz#1796518
3379fe
3379fe
* Wed Oct 30 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.29-2
3379fe
- RHEL 8.2 ERRATUM
3379fe
- rebase to 1.8.29
3379fe
Resolves: rhbz#1733961
3379fe
Resolves: rhbz#1651662
3379fe
3379fe
* Fri Oct 25 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.28p1-1
3379fe
- RHEL 8.2 ERRATUM
3379fe
- rebase to 1.8.28p1
3379fe
Resolves: rhbz#1733961
3379fe
- fixed man page for always_set_home
3379fe
Resolves: rhbz#1576880
3379fe
- sudo does not work with notbefore/after
3379fe
Resolves: rhbz#1679508
3379fe
- NOTBEFORE showing value of sudoNotAfter Ldap attribute
3379fe
Resolves: rhbz#1715516
3379fe
- CVE-2019-14287 sudo
3379fe
- Privilege escalation via 'Runas' specification with 'ALL' keyword
3379fe
Resolves: rhbz#1760697
168bcc
e7179e
* Fri Aug 16 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.25-7
e7179e
- RHEL 8.1 ERRATUM
e7179e
- sudo ipa_hostname not honored
e7179e
Resolves: rhbz#1738662
e7179e
e7179e
* Mon Aug 12 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.25-6
e7179e
- RHEL 8.1 ERRATUM
b1606e
- Fixed The LDAP backend which is not properly parsing sudoOptions,
b1606e
  resulting in selinux roles not being applied
e7179e
Resolves: rhbz#1738326
e7179e
e7179e
* Tue May 28 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.25-5
e7179e
- RHEL 8.1 ERRATUM
e7179e
- Fixed problem with sudo-1.8.23 and 'who am i'
e7179e
Resolves: rhbz#1673886
e7179e
- Backporting sudo bug with expired passwords
e7179e
Resolves: rhbz#1676819
b1606e
0eb21d
* Tue Dec 11 2018 Radovan Sroka <rsroka@redhat.com> - 1.8.25-4
0eb21d
- Fix most of the man page scans problems
0eb21d
- Resolves: rhbz#1613327
0eb21d
0eb21d
* Fri Oct 12 2018 Daniel Kopecek <dkopecek@redhat.com> - 1.8.25-3
e7179e
- bump release for new build
0eb21d
Resolves: rhbz#1625683
0eb21d
0eb21d
* Thu Oct 11 2018 Daniel Kopecek <dkopecek@redhat.com> - 1.8.25-2
0eb21d
- Depend explicitly on /usr/sbin/sendmail instead of sendmail (rhel-7 sync)
0eb21d
- Simplified pam configuration file by removing duplicate pam stack entries
0eb21d
Resolves: rhbz#1633144
0eb21d
0eb21d
* Wed Sep 26 2018 Radovan Sroka <rsroka@redhat.com> - 1.8.25-1
0eb21d
- rebase to the new upstream version 1.8.25p1
0eb21d
- sync patches with rhel-7.6
0eb21d
- sync sudoers with rhel-7.6
0eb21d
  resolves: rhbz#1633144
0eb21d
0eb21d
* Mon Sep 10 2018 Radovan Sroka <rsroka@redhat.com> - 1.8.23-2
0eb21d
- install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo
0eb21d
  resolves: rhbz#1626972
0eb21d
0eb21d
* Thu May 17 2018 Daniel Kopecek <dkopecek@redhat.com> - 1.8.23-1
0eb21d
- Packaging update for RHEL 8.0 (sync with latest RHEL 7 state)
0eb21d
0eb21d
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.22-0.2.b1
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
0eb21d
0eb21d
* Thu Dec 14 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.22b1-1
0eb21d
- update to 1.8.22b1
0eb21d
- Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185
0eb21d
0eb21d
* Thu Sep 21 2017 Marek Tamaskovic <mtamasko@redhat.com> - 1.8.21p2-1
0eb21d
- update to 1.8.21p2
e7179e
- Moved libsudo_util.so from the -devel sub-package to main package (1481225)
0eb21d
0eb21d
* Wed Sep 06 2017 Matthew Miller <mattdm@fedoraproject.org> - 1.8.20p2-4
0eb21d
- replace file-based requirements with package-level ones:
0eb21d
- /etc/pam.d/system-auth to 'pam'
0eb21d
- /bin/chmod to 'coreutils' (bug #1488934)
0eb21d
- /usr/bin/vi to vim-minimal
0eb21d
- ... and make vim-minimal "recommends" instead of "requires", because
0eb21d
  other editors can be configured.
0eb21d
0eb21d
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.20p2-3
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
0eb21d
0eb21d
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.20p2-2
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
0eb21d
0eb21d
* Thu Jun 01 2017 Daniel Kopecek <dkopecek@redhat.com> 1.8.20p2-1
0eb21d
- update to 1.8.20p2
0eb21d
0eb21d
* Wed May 31 2017 Daniel Kopecek <dkopecek@redhat.com> 1.8.20p1-1
0eb21d
- update to 1.8.20p1
0eb21d
- fixes CVE-2017-1000367
0eb21d
  Resolves: rhbz#1456884
0eb21d
0eb21d
* Fri Apr 07 2017 Jiri Vymazal <jvymazal@redhat.com> - 1.8.20-0.1.b1
0eb21d
- update to latest development version 1.8.20b1
0eb21d
- added sudo to dnf/yum protected packages
0eb21d
  Resolves: rhbz#1418756
0eb21d
0eb21d
* Mon Feb 13 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-1
0eb21d
- update to 1.8.19p2
0eb21d
0eb21d
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.19-0.3.20161108git738c3cb
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
0eb21d
0eb21d
* Tue Nov 08 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.19-0.2.20161108git738c3cb
0eb21d
- update to latest development version
0eb21d
- fixes CVE-2016-7076
0eb21d
0eb21d
* Fri Sep 23 2016 Radovan Sroka <rsroka@redhat.com> 1.8.19-0.1.20160923git90e4538
0eb21d
- we were not able to update from rc and beta versions to stable one
0eb21d
- so this is a new snapshot package which resolves it
0eb21d
0eb21d
* Wed Sep 21 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18-1
0eb21d
- update to 1.8.18
0eb21d
0eb21d
* Fri Sep 16 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18rc4-1
0eb21d
- update to 1.8.18rc4
0eb21d
0eb21d
* Wed Sep 14 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18rc2-1
0eb21d
- update to 1.8.18rc2
0eb21d
- dropped sudo-1.8.14p1-ldapconfpatch.patch
0eb21d
  upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html
0eb21d
0eb21d
* Fri Aug 26 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18b2-1
0eb21d
- update to 1.8.18b2
0eb21d
- added --disable-root-mailer as configure option
0eb21d
  Resolves: rhbz#1324091
0eb21d
0eb21d
* Fri Jun 24 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.17p1-1
0eb21d
- update to 1.8.17p1
0eb21d
- install the /var/db/sudo/lectured
0eb21d
  Resolves: rhbz#1321414
0eb21d
0eb21d
* Tue May 31 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-4
0eb21d
- removed INPUTRC from env_keep to prevent a possible info leak
0eb21d
  Resolves: rhbz#1340701
0eb21d
0eb21d
* Fri May 13 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-3
0eb21d
- fixed upstream patch for rhbz#1328735
0eb21d
0eb21d
* Thu May 12 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-2
0eb21d
- fixed invalid sesh argument array construction
0eb21d
0eb21d
* Mon Apr 04 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-1
0eb21d
- update to 1.8.16
0eb21d
0eb21d
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.15-2
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
0eb21d
0eb21d
* Thu Nov  5 2015 Daniel Kopecek <dkopecek@redhat.com> 1.8.15-1
0eb21d
- update to 1.8.15
0eb21d
- fixes CVE-2015-5602
0eb21d
0eb21d
* Mon Aug 24 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-3
0eb21d
- enable upstream test suite
0eb21d
0eb21d
* Mon Aug 24 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-2
0eb21d
- add patch that resolves initialization problem before sudo_strsplit call
e7179e
- add patch that resolves deadcode in visudo.c
0eb21d
- add patch that removes extra while in visudo.c and sudoers.c
0eb21d
0eb21d
* Mon Jul 27 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-1
0eb21d
- update to 1.8.14p3
0eb21d
0eb21d
* Mon Jul 20 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p1-1
0eb21d
- update to 1.8.14p1-1
0eb21d
- rebase sudo-1.8.14b3-ldapconfpatch.patch -> sudo-1.8.14p1-ldapconfpatch.patch
0eb21d
- rebase sudo-1.8.14b4-docpassexpire.patch -> sudo-1.8.14p1-docpassexpire.patch
0eb21d
0eb21d
* Tue Jul 14 2015 Radovan Sroka <rsroka@redhat.com> 1.8.12-2
0eb21d
- add patch3 sudo.1.8.14b4-passexpire.patch that makes change in documentation about timestamp_time
0eb21d
- Resolves: rhbz#1162070
0eb21d
0eb21d
* Fri Jul 10 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.14b4-1
0eb21d
- Update to 1.8.14b4
0eb21d
- Add own %%{_tmpfilesdir}/sudo.conf
0eb21d
0eb21d
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.12-2
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
0eb21d
0eb21d
* Wed Feb 18 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.12
0eb21d
- update to 1.8.12
0eb21d
- fixes CVE-2014-9680
0eb21d
0eb21d
* Mon Nov  3 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.11p2-1
0eb21d
- update to 1.8.11p2
0eb21d
- added patch to fix upstream bug #671 -- exiting immediately
0eb21d
  when audit is disabled
0eb21d
0eb21d
* Tue Sep 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.11-1
0eb21d
- update to 1.8.11
0eb21d
- major changes & fixes:
0eb21d
  - when running a command in the background, sudo will now forward
0eb21d
    SIGINFO to the command
e7179e
  - the passwords in ldap.conf and ldap.secret may now be encoded in base64.
0eb21d
  - SELinux role changes are now audited. For sudoedit, we now audit
e7179e
    the actual editor being run, instead of just the sudoedit command.
0eb21d
  - it is now possible to match an environment variable's value as well as
0eb21d
    its name using env_keep and env_check
0eb21d
  - new files created via sudoedit as a non-root user now have the proper group id
0eb21d
  - sudoedit now works correctly in conjunction with sudo's SELinux RBAC support
0eb21d
  - it is now possible to disable network interface probing in sudo.conf by
0eb21d
    changing the value of the probe_interfaces setting
0eb21d
  - when listing a user's privileges (sudo -l), the sudoers plugin will now prompt
0eb21d
    for the user's password even if the targetpw, rootpw or runaspw options are set.
0eb21d
  - the new use_netgroups sudoers option can be used to explicitly enable or disable
0eb21d
    netgroups support
0eb21d
  - visudo can now export a sudoers file in JSON format using the new -x flag
0eb21d
- added patch to read ldap.conf more closely to nss_ldap
0eb21d
- require /usr/bin/vi instead of vim-minimal
0eb21d
- include pam.d/system-auth in PAM session phase from pam.d/sudo
0eb21d
- include pam.d/sudo in PAM session phase from pam.d/sudo-i
0eb21d
0eb21d
* Tue Aug  5 2014 Tom Callaway <spot@fedoraproject.org> - 1.8.8-6
0eb21d
- fix license handling
0eb21d
0eb21d
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.8-5
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
0eb21d
0eb21d
* Sat May 31 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1.8.8-4
0eb21d
- Drop ChangeLog, we ship NEWS
0eb21d
0eb21d
* Mon Mar 10 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.8-3
0eb21d
- remove bundled copy of zlib before compilation
0eb21d
- drop the requiretty Defaults setting from sudoers
0eb21d
0eb21d
* Sat Jan 25 2014 Ville Skyttä <ville.skytta@iki.fi> - 1.8.8-2
0eb21d
- Own the %%{_libexecdir}/sudo dir.
0eb21d
0eb21d
* Mon Sep 30 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.8-1
0eb21d
- update to 1.8.8
0eb21d
- major changes & fixes:
0eb21d
  - LDAP SASL support now works properly with Kerberos
0eb21d
  - root may no longer change its SELinux role without entering a password
0eb21d
  - user messages are now always displayed in the user's locale, even when
0eb21d
    the same message is being logged or mailed in a different locale.
0eb21d
  - log files created by sudo now explicitly have the group set to group
0eb21d
    ID 0 rather than relying on BSD group semantics
0eb21d
  - sudo now stores its libexec files in a sudo subdirectory instead of in
0eb21d
    libexec itself
0eb21d
  - system_group and group_file sudoers group provider plugins are now
0eb21d
    installed by default
0eb21d
  - the paths to ldap.conf and ldap.secret may now be specified as arguments
0eb21d
    to the sudoers plugin in the sudo.conf file
0eb21d
  - ...and many new features and settings. See the upstream ChangeLog for the
0eb21d
    full list.
0eb21d
- several sssd support fixes
0eb21d
- added patch to make uid/gid specification parsing more strict (don't accept
0eb21d
  an invalid number as uid/gid)
0eb21d
- use the _pkgdocdir macro
0eb21d
  (see https://fedoraproject.org/wiki/Changes/UnversionedDocdirs)
0eb21d
- fixed several bugs found by the clang static analyzer
0eb21d
- added %%post dependency on chmod
0eb21d
0eb21d
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.6p7-2
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
0eb21d
0eb21d
* Thu Feb 28 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-1
0eb21d
- update to 1.8.6p7
0eb21d
- fixes CVE-2013-1775 and CVE-2013-1776
0eb21d
- fixed several packaging issues (thanks to ville.skytta@iki.fi)
0eb21d
  - build with system zlib.
0eb21d
  - let rpmbuild strip libexecdir/*.so.
0eb21d
  - own the %%{_docdir}/sudo-* dir.
0eb21d
  - fix some rpmlint warnings (spaces vs tabs, unescaped macros).
0eb21d
  - fix bogus %%changelog dates.
0eb21d
0eb21d
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.6p3-3
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
0eb21d
0eb21d
* Mon Nov 12 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
0eb21d
- added upstream patch for a regression
0eb21d
- don't include arch specific files in the -devel subpackage
0eb21d
- ship only one sample plugin in the -devel subpackage
0eb21d
0eb21d
* Tue Sep 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
0eb21d
- update to 1.8.6p3
0eb21d
- drop -pipelist patch (fixed in upstream)
0eb21d
0eb21d
* Thu Sep  6 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6-1
0eb21d
- update to 1.8.6
0eb21d
0eb21d
* Thu Jul 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-4
0eb21d
- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com)
0eb21d
- re-enabled SSSD support
0eb21d
- removed libsss_sudo dependency
0eb21d
0eb21d
* Tue Jul 24 2012 Bill Nottingham <notting@redhat.com> - 1.8.5-3
0eb21d
- flip sudoers2ldif executable bit after make install, not in setup
0eb21d
0eb21d
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.5-2
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
0eb21d
0eb21d
* Thu May 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-1
0eb21d
- update to 1.8.5
0eb21d
- fixed CVE-2012-2337
e7179e
- temporarily disabled SSSD support
0eb21d
0eb21d
* Wed Feb 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-6
0eb21d
- fixed problems with undefined symbols (rhbz#798517)
0eb21d
0eb21d
* Wed Feb 22 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-5
0eb21d
- SSSD patch update
0eb21d
0eb21d
* Tue Feb  7 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-4
0eb21d
- added SSSD support
0eb21d
0eb21d
* Thu Jan 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-3
0eb21d
- added patch for CVE-2012-0809
0eb21d
0eb21d
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.3p1-2
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
0eb21d
0eb21d
* Thu Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
0eb21d
- update to 1.8.3p1
e7179e
- disable output word wrapping if the output is piped
0eb21d
0eb21d
* Wed Sep  7 2011 Peter Robinson <pbrobinson@fedoraproject.org> - 1.8.1p2-2
0eb21d
- Remove execute bit from sample script in docs so we don't pull in perl
0eb21d
0eb21d
* Tue Jul 12 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.1p2-1
0eb21d
- rebase to 1.8.1p2
0eb21d
- removed .sudoi patch
0eb21d
- fixed typo: RELPRO -> RELRO
0eb21d
- added -devel subpackage for the sudo_plugin.h header file
0eb21d
- use default ldap configuration files again
0eb21d
0eb21d
* Fri Jun  3 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
0eb21d
- build with RELRO
0eb21d
0eb21d
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.4p5-3
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
0eb21d
0eb21d
* Mon Jan 17 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2
0eb21d
- rebase to 1.7.4p5
0eb21d
- fixed sudo-1.7.4p4-getgrouplist.patch
0eb21d
- fixes CVE-2011-0008, CVE-2011-0010
0eb21d
0eb21d
* Tue Nov 30 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-5
0eb21d
- anybody in the wheel group has now root access (using password) (rhbz#656873)
0eb21d
- sync configuration paths with the nss_ldap package (rhbz#652687)
0eb21d
0eb21d
* Wed Sep 29 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-4
0eb21d
- added upstream patch to fix rhbz#638345
0eb21d
0eb21d
* Mon Sep 20 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-3
0eb21d
- added patch for #635250
0eb21d
- /var/run/sudo -> /var/db/sudo in .spec
0eb21d
0eb21d
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-2
0eb21d
- sudo now uses /var/db/sudo for timestamps
0eb21d
0eb21d
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-1
0eb21d
- update to new upstream version
0eb21d
- new command available: sudoreplay
0eb21d
- use native audit support
0eb21d
- corrected license field value: BSD -> ISC
0eb21d
0eb21d
* Wed Jun  2 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-2
0eb21d
- added patch that fixes insufficient environment sanitization issue (#598154)
0eb21d
0eb21d
* Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1
0eb21d
- update to new upstream version
0eb21d
- merged .audit and .libaudit patch
0eb21d
- added sudoers.ldap.5* to files
0eb21d
0eb21d
* Mon Mar  1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p5-2
0eb21d
- update to new upstream version
0eb21d
0eb21d
* Tue Feb 16 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5
0eb21d
- fixed no valid sudoers sources found (#558875)
0eb21d
0eb21d
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4
0eb21d
- audit related Makefile.in and configure.in corrections
0eb21d
- added --with-audit configure option
0eb21d
- removed call to libtoolize
0eb21d
0eb21d
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
0eb21d
- fixed segfault when #include directive is used in cycles (#561336)
0eb21d
0eb21d
* Fri Jan  8 2010 Ville Skyttä <ville.skytta@iki.fi> - 1.7.2p2-2
0eb21d
- Add /etc/sudoers.d dir and use it in default config (#551470).
0eb21d
- Drop *.pod man page duplicates from docs.
0eb21d
0eb21d
* Thu Jan 07 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1
0eb21d
- new upstream version 1.7.2p2-1
0eb21d
- commented out unused aliases in sudoers to make visudo happy (#550239)
0eb21d
0eb21d
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7
0eb21d
- rebuilt with new audit
0eb21d
0eb21d
* Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6
0eb21d
- moved secure_path from compile-time option to sudoers file (#517428)
0eb21d
0eb21d
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5
0eb21d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
0eb21d
0eb21d
* Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4
0eb21d
- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch)
0eb21d
- epoch number sync
0eb21d
0eb21d
* Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1
0eb21d
- updated sudo to version 1.7.1
0eb21d
- fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
0eb21d
0eb21d
* Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6
0eb21d
- fixed building with new libtool
0eb21d
- fix for incorrect handling of groups in Runas_User
0eb21d
- added /usr/local/sbin to secure-path
0eb21d
0eb21d
* Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
0eb21d
- build with sendmail installed
0eb21d
- Added /usr/local/bin to secure-path
0eb21d
0eb21d
* Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
0eb21d
- adjust audit patch, do not scream when kernel is
0eb21d
  compiled without audit netlink support (#401201)
0eb21d
0eb21d
* Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
0eb21d
- upgrade
0eb21d
0eb21d
* Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7
0eb21d
- build with newer autoconf-2.62 (#449614)
0eb21d
0eb21d
* Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6
0eb21d
- compiled with secure path (#80215)
0eb21d
0eb21d
* Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5
0eb21d
- fix path to updatedb in /etc/sudoers (#445103)
0eb21d
0eb21d
* Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4
0eb21d
- include ldap files in rpm package (#439506)
0eb21d
0eb21d
* Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3
0eb21d
- include [sudo] in password prompt (#437092)
0eb21d
0eb21d
* Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2
0eb21d
- audit support improvement
0eb21d
0eb21d
* Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1
0eb21d
- upgrade to the latest upstream release
0eb21d
0eb21d
* Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1
0eb21d
- upgrade to the latest upstream release
0eb21d
- add selinux support
0eb21d
0eb21d
* Mon Feb 04 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
0eb21d
- sparc64 needs to be in the -fPIE list with s390
0eb21d
0eb21d
* Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
e7179e
- fix complains about audit_log_user_command(): Connection
0eb21d
  refused (#401201)
0eb21d
0eb21d
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
0eb21d
- Rebuild for deps
0eb21d
0eb21d
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3
0eb21d
- Rebuild for openssl bump
0eb21d
0eb21d
* Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2
0eb21d
- fix autotools stuff and add audit support
0eb21d
0eb21d
* Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1
0eb21d
- upgrade to upstream release
0eb21d
0eb21d
* Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
0eb21d
- also use getgrouplist() to determine group membership (#235915)
0eb21d
0eb21d
* Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
0eb21d
- fix some spec file issues
0eb21d
0eb21d
* Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
0eb21d
- fix rpmlint issue
0eb21d
0eb21d
* Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
0eb21d
- fix typo in sudoers file (#212308)
0eb21d
0eb21d
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
0eb21d
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
0eb21d
0eb21d
* Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
0eb21d
- fix sudoers file, X apps didn't work (#206320)
0eb21d
0eb21d
* Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
0eb21d
- use Red Hat specific default sudoers file
0eb21d
0eb21d
* Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
0eb21d
- fix #198755 - make login processes (sudo -i) initialise session keyring
0eb21d
  (thanks for PAM config files to David Howells)
0eb21d
- add IPv6 support (patch by Milan Zazrivec)
0eb21d
0eb21d
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
0eb21d
- rebuild
0eb21d
0eb21d
* Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
0eb21d
- fix #190062 - "ssh localhost sudo su" will show the password in clear
0eb21d
0eb21d
* Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
0eb21d
- add LDAP support (#170848)
0eb21d
0eb21d
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
0eb21d
- bump again for double-long bug on ppc(64)
0eb21d
0eb21d
* Wed Feb  8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
0eb21d
- reset env. by default
0eb21d
0eb21d
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
0eb21d
- rebuilt for new gcc4.1 snapshot and glibc changes
0eb21d
0eb21d
* Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
0eb21d
- Remove selinux patch.  It has been decided that the SELinux patch for sudo is
0eb21d
- no longer necessary.  In tageted policy it had no effect.  In strict/MLS policy
0eb21d
- We require the person using sudo to execute newrole before using sudo.
0eb21d
0eb21d
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
0eb21d
- rebuilt
0eb21d
0eb21d
* Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
0eb21d
- new upstream version 1.6.8p12
0eb21d
0eb21d
* Tue Nov  8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
0eb21d
- new upstream version 1.6.8p11
0eb21d
0eb21d
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
0eb21d
- use include instead of pam_stack in pam config
0eb21d
0eb21d
* Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
0eb21d
- enable interfaces in selinux patch
0eb21d
- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
0eb21d
0eb21d
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
0eb21d
- fix debuginfo
0eb21d
0eb21d
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
0eb21d
- fix #162623 - sesh hangs when child suspends
0eb21d
0eb21d
* Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
0eb21d
- Add back in interfaces call, SELinux has been fixed to work around
0eb21d
0eb21d
* Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
0eb21d
- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
0eb21d
0eb21d
* Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
0eb21d
- fix #154511 - sudo does not use limits.conf
0eb21d
0eb21d
* Mon Apr  4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
0eb21d
- new version 1.6.8p8: new sudoedit and sudo_noexec
0eb21d
0eb21d
* Wed Feb  9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
0eb21d
- rebuild
0eb21d
0eb21d
* Mon Oct  4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
e7179e
- added missing BuildRequires for libselinux-devel (#132883)
0eb21d
0eb21d
* Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
0eb21d
- Fix missing param error in sesh
0eb21d
0eb21d
* Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
0eb21d
- Remove full patch check from sesh
0eb21d
0eb21d
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
0eb21d
- Fix selinux patch to switch to root user
0eb21d
0eb21d
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
0eb21d
- rebuilt
0eb21d
0eb21d
* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
0eb21d
- Eliminate tty handling from selinux
0eb21d
0eb21d
* Thu Apr  1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
0eb21d
- fixed spec file: sesh in file section with selinux flag (#119682)
0eb21d
0eb21d
* Tue Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
0eb21d
- Enhance sesh.c to fork/exec children itself, to avoid
0eb21d
  having sudo reap all domains.
0eb21d
- Only reinstall default signal handlers immediately before
0eb21d
  exec of child with SELinux patch
0eb21d
0eb21d
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
e7179e
- change to default to sysadm_r
0eb21d
- Fix tty handling
0eb21d
0eb21d
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
0eb21d
- Add /bin/sesh to run selinux code.
0eb21d
- replace /bin/bash -c with /bin/sesh
0eb21d
0eb21d
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
e7179e
- Hard code to use "/bin/bash -c" for selinux
0eb21d
0eb21d
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
0eb21d
- Eliminate closing and reopening of terminals, to match su.
0eb21d
0eb21d
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
0eb21d
- SELinux fixes to make transitions work properly
0eb21d
0eb21d
* Fri Mar  5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
0eb21d
- pied sudo
0eb21d
0eb21d
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
0eb21d
- rebuilt
0eb21d
0eb21d
* Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
0eb21d
- Eliminate interfaces call, since this requires big SELinux privs
0eb21d
- and it seems to be useless.
0eb21d
0eb21d
* Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
0eb21d
- visudo requires vim-minimal or setting EDITOR to something useful (#68605)
0eb21d
0eb21d
* Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
0eb21d
- Fix is_selinux_enabled call
0eb21d
0eb21d
* Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
e7179e
- Clean up patch on failure
0eb21d
0eb21d
* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
0eb21d
- Remove sudo.te for now.
0eb21d
0eb21d
* Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
0eb21d
- Fix usage message
0eb21d
0eb21d
* Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
0eb21d
- Clean up sudo.te to not blow up if pam.te not present
0eb21d
0eb21d
* Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
0eb21d
- added missing BuildRequires for groff
0eb21d
0eb21d
* Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
0eb21d
- remove left-over debugging code
0eb21d
0eb21d
* Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
0eb21d
- Fix terminal handling that caused Sudo to exit on non selinux machines.
0eb21d
0eb21d
* Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
0eb21d
- Remove sudo_var_run_t which is now pam_var_run_t
0eb21d
0eb21d
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
0eb21d
- Fix terminal handling and policy
0eb21d
0eb21d
* Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
0eb21d
- Fix policy
0eb21d
0eb21d
* Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
0eb21d
- Turn on SELinux support
0eb21d
0eb21d
* Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
0eb21d
- Add support for SELinux
0eb21d
0eb21d
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
0eb21d
- rebuilt
0eb21d
0eb21d
* Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
0eb21d
0eb21d
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
0eb21d
- rebuilt
0eb21d
0eb21d
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
0eb21d
- remove absolute path names from the PAM configuration, ensuring that the
0eb21d
  right modules get used for whichever arch we're built for
0eb21d
- don't try to install the FAQ, which isn't there any more
0eb21d
0eb21d
* Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
0eb21d
- update to 1.6.6
0eb21d
0eb21d
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
0eb21d
- automated rebuild
0eb21d
0eb21d
* Thu May 23 2002 Tim Powers <timp@redhat.com>
0eb21d
- automated rebuild
0eb21d
0eb21d
* Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
0eb21d
- Fix bug #63768
0eb21d
0eb21d
* Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
0eb21d
- 1.6.5p2
0eb21d
0eb21d
* Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
0eb21d
- 1.6.5p1
0eb21d
- Hope this "a new release per day" madness stops ;)
0eb21d
0eb21d
* Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
0eb21d
- 1.6.5
0eb21d
0eb21d
* Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
0eb21d
- 1.6.4p1
0eb21d
0eb21d
* Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
0eb21d
- Update to 1.6.4
0eb21d
0eb21d
* Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
0eb21d
- Add build requirements (#49706)
0eb21d
- s/Copyright/License/
0eb21d
- bzip2 source
0eb21d
0eb21d
* Sat Jun 16 2001 Than Ngo <than@redhat.com>
0eb21d
- update to 1.6.3p7
0eb21d
- use %%{_tmppath}
0eb21d
0eb21d
* Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
0eb21d
- 1.6.3p6, fixes buffer overrun
0eb21d
0eb21d
* Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
0eb21d
- 1.6.3p5
0eb21d
0eb21d
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
0eb21d
- automatic rebuild
0eb21d
0eb21d
* Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de>
0eb21d
- fixed owner of sudo and visudo
0eb21d
0eb21d
* Thu Jun  1 2000 Nalin Dahyabhai <nalin@redhat.com>
0eb21d
- modify PAM setup to use system-auth
0eb21d
- clean up buildrooting by using the makeinstall macro
0eb21d
0eb21d
* Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
0eb21d
- initial build in main distrib
0eb21d
- update to 1.6.3
0eb21d
- deal with compressed man pages
0eb21d
0eb21d
* Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
0eb21d
- updated to 1.6.1 for Powertools 6.2
0eb21d
- config files are now noreplace.
0eb21d
0eb21d
* Thu Jul 22 1999 Tim Powers <timp@redhat.com>
0eb21d
- updated to 1.5.9p2 for Powertools 6.1
0eb21d
0eb21d
* Wed May 12 1999 Bill Nottingham <notting@redhat.com>
0eb21d
- sudo is configured with pam. There's no pam.d file. Oops.
0eb21d
0eb21d
* Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
0eb21d
- upgraded to 1.59p1 for powertools 6.0
0eb21d
0eb21d
* Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
0eb21d
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
0eb21d
0eb21d
* Thu Oct 08 1998 Michael Maher <mike@redhat.com>
e7179e
- built package for 5.2
0eb21d
0eb21d
* Mon May 18 1998 Michael Maher <mike@redhat.com>
0eb21d
- updated SPEC file
0eb21d
0eb21d
* Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
0eb21d
- updated to 1.5.4
0eb21d
0eb21d
* Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
0eb21d
- built for glibc, no problems
0eb21d
0eb21d
* Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
e7179e
- Fixed for 4.2 PowerTools
0eb21d
- Still need to be pamified
0eb21d
- Still need to move stmp file to /var/log
0eb21d
0eb21d
* Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
0eb21d
- First version for PowerCD.