Blame SPECS/sudo.spec

1b092f
Summary: Allows restricted root access for specified users
1b092f
Name: sudo
1b092f
Version: 1.8.6p7
63ace7
Release: 22%{?dist}
1b092f
License: ISC
1b092f
Group: Applications/System
1b092f
URL: http://www.courtesan.com/sudo/
1b092f
Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
a67eaf
Source1: sudoers
a67eaf
Source2: sudo-ldap.conf
a67eaf
Source3: sudo.conf
1b092f
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
1b092f
Requires: /etc/pam.d/system-auth, vim-minimal
1b092f
1b092f
BuildRequires: pam-devel
1b092f
BuildRequires: groff
1b092f
BuildRequires: openldap-devel
1b092f
BuildRequires: flex
1b092f
BuildRequires: bison
1b092f
BuildRequires: automake autoconf libtool
1b092f
BuildRequires: audit-libs-devel libcap-devel
1b092f
BuildRequires: libselinux-devel
1b092f
BuildRequires: /usr/sbin/sendmail
1b092f
BuildRequires: gettext
1b092f
BuildRequires: zlib-devel
72fdaf
BuildRequires: libgcrypt-devel
1b092f
1b092f
# don't strip
1b092f
Patch1: sudo-1.6.7p5-strip.patch
1b092f
# configure.in fix
1b092f
Patch2: sudo-1.7.2p1-envdebug.patch
1b092f
# show the editor being executed by `sudo -e' in audit messages
1b092f
Patch3: sudo-1.8.6p3-auditeditor.patch
1b092f
# fix manpage typo (#726634)
1b092f
Patch4: sudo-1.8.6p3-mantypo.patch
1b092f
# correct SELinux handling in sudoedit mode (#697775)
1b092f
Patch5: sudo-1.8.6p3-sudoedit-selinux.patch
1b092f
# [RFE] Fix visudo -s to be backwards compatible (#604297)
1b092f
Patch6: sudo-1.8.6p3-aliaswarnonly.patch
1b092f
# log failed user role changes (#665131)
1b092f
Patch7: sudo-1.8.6p3-auditrolechange.patch
1b092f
# 840980 - sudo creates a new parent process
1b092f
# Adds cmnd_no_wait Defaults option
1b092f
Patch8: sudo-1.8.6p3-nowaitopt.patch
1b092f
# 876578 - erealloc3 error on sssd sudoHost netgroup mismatch
1b092f
Patch9: sudo-1.8.6p3-emallocfail.patch
1b092f
# 876208 - sudoRunAsUser #uid specification doesn't work
1b092f
Patch10: sudo-1.8.6p3-ldap-sssd-usermatch.patch
1b092f
# 879675 - sudo parse ldap.conf incorrectly
1b092f
Patch11: sudo-1.8.6p3-ldapconfparse.patch
1b092f
# 879633 - sudo + sssd + local user sends e-mail to administrator
1b092f
Patch12: sudo-1.8.6p3-sssd-noise.patch
1b092f
# 856901 - Defauts:!<user> syntax in sudoers doesn't seem to work as expected
1b092f
Patch13: sudo-1.8.6p3-ALL-with-negation-manupdate.patch
1b092f
# 947276 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo
1b092f
Patch14: sudo-1.8.6p3-nprocfix.patch
1b092f
# 881258 - rpmdiff: added missing sudo.conf manpage
1b092f
Patch15: sudo-1.8.6p7-sudoconfman.patch
1b092f
# 881258 - rpmdiff: added missing sudo-ldap.conf manpage
1b092f
Patch16: sudo-1.8.6p7-sudoldapconfman.patch
1b092f
# 1026904 - Access granted with invalid sudoRunAsUser/sudoRunAsGroup
1b092f
Patch17: sudo-1.8.6p3-strictuidgid.patch
1b092f
# 1026890 - Improve error message
1b092f
Patch18: sudo-1.8.6p3-netgrmatchtrace.patch
1b092f
# 1007014 - sssd +netgroup sudoUser is always matched
1b092f
Patch19: sudo-1.8.6p3-sssdfixes.patch
1b092f
# 1026894 - sudo -u <user> sudo -l show error: glibc detected sudo: realloc(): invalid next size
1b092f
Patch20: sudo-1.8.6p3-lbufexpandcode.patch
1b092f
# 994566 - Warning in visudo: cycle in Host_Alias even without cycle
1b092f
Patch21: sudo-1.8.6p3-cycledetect.patch
9c2f35
# 1065418 - -sesh replaces /path/to/myshell with /path/to-myshell instead of -myshell
9c2f35
Patch22: sudo-1.8.6p7-sesh_loginshell.patch
523624
# 1084488 - sudo should use ipa_hostname in IPA backend when defined
523624
Patch23: sudo-1.8.6p7-ipahostname.patch
523624
# 1096813 - sudo does not handle the "(none)" string, when no domainname is set, which
523624
#           breaks when nscd is enabled
523624
Patch24: sudo-1.8.6p3-nonehostname.patch
523624
# 1092499 - Regression in sudo 1.8.6p3-7 package, double quotes are not accepted in sudoers
523624
Patch25: sudo-1.8.6p3-doublequotefix.patch
523624
# 1088464 - sudo -ll does not list the rule names when sssd is used.
523624
Patch26: sudo-1.8.6p3-sssdrulenames.patch
523624
# 1088825 - With sudo-1.8.6p3-12.el6.x86_64 version, If a sudo rules contains +netgroup
523624
#           in sudoUser attribute it result in access denied
523624
# 1147557 - sudo -U <user> listing shows incorrect list when sssd is used.
523624
Patch27: sudo-1.8.6p3-netgrfilterfix.patch
523624
# 1093099 - pam_faillock causes sudo to lock user when user aborts password prompt
523624
Patch28: sudo-1.8.6p3-authinterrupt.patch
523624
# 1147497 - duplicate sss module in nsswitch breaks sudo
523624
Patch29: sudo-1.8.6p7-duplicatenssfix.patch
523624
# Fix compiler warnings about discarting const qualifiers
523624
Patch30: sudo-1.8.6p7-constwarnfix.patch
523624
# 1147616 - New defect found in sudo-1.8.6p7-12.el7
523624
Patch31: sudo-1.8.6p7-clangfixes.patch
72fdaf
## RHEL 7.2 errata ##
72fdaf
# 1144446 - sudo with ldap doesn't work correctly with 'listpw=all' and 'verifypw=all' in sudoOption entry
72fdaf
Patch32: sudo-1.8.6p7-authlogicfix.patch
72fdaf
# 1235570 - CVE-2014-9680 sudo: unsafe handling of TZ environment variable [rhel-7.2]
72fdaf
Patch33: sudo-1.8.6p7-CVE-2014-9680.patch
72fdaf
# 1138259 - sudoers.ldap man page has typos in description
72fdaf
Patch34: sudo-1.8.6p3-mantypos-ldap.patch
72fdaf
# 1183818 - backport of command digest specification feature
72fdaf
Patch35: sudo-1.8.6p7-digest-backport.patch
72fdaf
# 1233607 - In sudoers man page, "use_pty" information is merged with "umask_override".
72fdaf
Patch36: sudo-1.8.6p7-manfix-usepty.patch
72fdaf
# 1183818 - backport of command digest specification feature (documentation part)
72fdaf
Patch37: sudo-1.8.6p7-digest-backport-docs.patch
72fdaf
# 1144419 - sudo with ldap/sssd doesn't respect env_keep,env_check and env_delete variables in sudoOption
72fdaf
Patch38: sudo-1.8.6p7-strunquote.patch
72fdaf
# 1135539 - sudo with ldap doesn't work with 'user id' in sudoUser option
72fdaf
Patch39: sudo-1.8.6p7-ldapsearchuidfix.patch
72fdaf
# 1254621 - make check broken by missing hexchar.o object file
72fdaf
Patch40: sudo-1.8.6p7-digest-backport-checklinkfix.patch
72fdaf
# 1247591 - Sudo taking a long time when user information is stored externally.
72fdaf
Patch41: sudo-1.8.6p7-legacy-group-processing.patch
72fdaf
# 1183818 - [RFE] store checksum alongside the command being permitted
72fdaf
Patch42: sudo-1.8.6p7-newbase64decoder.patch
72fdaf
# 1183818 - [RFE] store checksum alongside the command being permitted
72fdaf
Patch43: sudo-1.8.6p7-digestmessagesfix.patch
a67eaf
# 1297062 - closefrom_override sudo option not working
3f2bfe
Patch44: sudo-1.8.6p7-closefrom-override-fix.patch
a67eaf
# 1334360 - sudo option mail_no_user doesn't work
a67eaf
Patch45: sudo-1.8.6p7-ldapusermatchfix.patch
a67eaf
# 1334331 - [RFE] Implement sudoers option to change netgroup processing semantics
a67eaf
Patch46: sudo-1.8.6p7-netgroup_tuple.patch
a67eaf
# 1247230 - Backport pam_service and pam_login_service sudoers options
a67eaf
Patch47: sudo-1.8.6p7-pam_servicebackport.patch
a67eaf
# 1261998 - visudo accept non valid content
a67eaf
Patch48: sudo-1.8.6p7-visudocontent.patch
a67eaf
# 1313364 - non-root user can list privileges of other users
a67eaf
Patch49: sudo-1.8.6p7-unprivileged-list-fix.patch
a67eaf
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure
a67eaf
Patch50: sudo-1.8.6p7-logsudouser.patch
a67eaf
# 1268958 - sudo - cmnd_no_wait can cause child processes to ignore SIGPIPE
a67eaf
Patch51: sudo-1.8.6p3-sigpipefix.patch
a67eaf
# 1335039 - sudo segfault segfault at 8 i error 4 in sudoers.so[7f4a87ef1000+45000]
a67eaf
Patch52: sudo-1.8.6p7-segfault-null-group-list.patch
a67eaf
# 1335042 - sudo command throwing error when defaults records are added in ldap based on sudoers2ldif generated ldif.
a67eaf
Patch53: sudo-1.8.6p7-ldap_sssd_parse_whitespaces.patch
a67eaf
# 1335045 - getcwd failed, resulting in Null pointer exception
a67eaf
Patch54: sudo-1.8.6p7-null_exception.patch
a67eaf
# 1273243 - sudo improperly sets RLIMIT_NPROC=0 when using Defaults cmnd_no_wait
a67eaf
Patch55: sudo-1.8.6p7-nproc-nowait.patch
a67eaf
# 1299883 - sudo: document raciness of the digest check
a67eaf
Patch56: sudo-1.8.6p7-digest_race_doc.patch
a67eaf
# 1350828 - [RHEL7] visudo ignores -q flag
a67eaf
Patch57: sudo-1.8.6p3-visudo-quiet-flag.patch
84fdb2
# 1391939 - CVE-2016-7032 CVE-2016-7076 sudo: various flaws [rhel-7.4]
84fdb2
Patch58: sudo-1.8.6p7-noexec-update.patch
63ace7
# 1455401 - CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing [rhel-7.3.z]
63ace7
Patch59: sudo-1.8.6p7-tty-name-parsing.patch
63ace7
1b092f
1b092f
%description
1b092f
Sudo (superuser do) allows a system administrator to give certain
1b092f
users (or groups of users) the ability to run some (or all) commands
1b092f
as root while logging all commands and arguments. Sudo operates on a
1b092f
per-command basis.  It is not a replacement for the shell.  Features
1b092f
include: the ability to restrict what commands a user may run on a
1b092f
per-host basis, copious logging of each command (providing a clear
1b092f
audit trail of who did what), a configurable timeout of the sudo
1b092f
command, and the ability to use the same configuration file (sudoers)
1b092f
on many different machines.
1b092f
1b092f
%package        devel
1b092f
Summary:        Development files for %{name}
1b092f
Group:          Development/Libraries
1b092f
Requires:       %{name} = %{version}-%{release}
1b092f
1b092f
%description    devel
1b092f
The %{name}-devel package contains header files developing sudo
1b092f
plugins that use %{name}.
1b092f
1b092f
%prep
1b092f
%setup -q
1b092f
1b092f
%patch1 -p1 -b .strip
1b092f
%patch2 -p1 -b .envdebug
1b092f
%patch3 -p1 -b .auditeditor
1b092f
%patch4 -p1 -b .mantypo
1b092f
%patch5 -p1 -b .sudoedit-selinux
1b092f
%patch6 -p1 -b .aliaswarnonly
1b092f
%patch7 -p1 -b .auditrolechange
1b092f
%patch8 -p1 -b .nowaitopt
1b092f
%patch9 -p1 -b .emallocfail
1b092f
%patch10 -p1 -b .ldap-sssd-usermatch
1b092f
%patch11 -p1 -b .ldapconfparse
1b092f
%patch12 -p1 -b .sssd-noise
1b092f
%patch13 -p1 -b .ALL-with-negation-manupdate
1b092f
%patch14 -p1 -b .nprocfix
1b092f
%patch15 -p1 -b .sudoconfman
1b092f
%patch16 -p1 -b .sudoldapconfman
1b092f
%patch17 -p1 -b .strictuidgid
1b092f
%patch18 -p1 -b .netgrmatchtrace
1b092f
%patch19 -p1 -b .sssdfixes
1b092f
%patch20 -p1 -b .lbufexpandcode
1b092f
%patch21 -p1 -b .cycledetect
9c2f35
%patch22 -p1 -b .sesh_loginshell
523624
%patch23 -p1 -b .ipahostname
523624
%patch24 -p1 -b .nonehostname
523624
%patch25 -p1 -b .doublequotefix
523624
%patch26 -p1 -b .sssdrulenames
523624
%patch27 -p1 -b .netgrfilterfix
523624
%patch28 -p1 -b .authinterrupt
523624
%patch29 -p1 -b .duplicatenssfix
523624
%patch30 -p1 -b .constwarnfix
523624
%patch31 -p1 -b .clangfixes
72fdaf
%patch32 -p1 -b .authlogicfix
72fdaf
%patch33 -p1 -b .CVE-2014-9680
72fdaf
%patch34 -p1 -b .mantypos-ldap
72fdaf
%patch35 -p1 -b .digest-backport
72fdaf
%patch36 -p1 -b .manfix-usepty
72fdaf
%patch37 -p1 -b .digest-backport-docs
72fdaf
%patch38 -p1 -b .strunquote
72fdaf
%patch39 -p1 -b .ldapsearchuidfix
72fdaf
%patch40 -p1 -b .checklinkfix
72fdaf
%patch41 -p1 -b .legacy-group-processing
72fdaf
%patch42 -p1 -b .newbase64decoder
72fdaf
%patch43 -p1 -b .digestmessagesfix
3f2bfe
%patch44 -p1 -b .closefrom-override-fix
a67eaf
%patch45 -p1 -b .ldapusermatchfix
a67eaf
%patch46 -p1 -b .netgroup_tuple
a67eaf
%patch47 -p1 -b .pam_servicebackport
a67eaf
%patch48 -p1 -b .visudocontent
a67eaf
%patch49 -p1 -b .unprivileged-list-fix
a67eaf
%patch50 -p1 -b .logsudouser
a67eaf
%patch51 -p1 -b .sigpipefix
a67eaf
%patch52 -p1 -b .segfault-null-group-list
a67eaf
%patch53 -p1 -b .ldap_sssd_parse_whitespaces
a67eaf
%patch54 -p1 -b .null_exception
a67eaf
%patch55 -p1 -b .nproc-nowait
a67eaf
%patch56 -p1 -b .digest_race_doc
a67eaf
%patch57 -p1 -b .visudo-quiet-flag
84fdb2
%patch58 -p1 -b .noexec-update
63ace7
%patch59 -p1 -b .tty-parsing
1b092f
1b092f
%build
1b092f
autoreconf -I m4 -fv --install
1b092f
1b092f
%ifarch s390 s390x sparc64
1b092f
F_PIE=-fPIE
1b092f
%else
1b092f
F_PIE=-fpie
1b092f
%endif
1b092f
1b092f
export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHLIB_MODE=755
1b092f
1b092f
%configure \
1b092f
        --prefix=%{_prefix} \
1b092f
        --sbindir=%{_sbindir} \
1b092f
        --libdir=%{_libdir} \
1b092f
        --docdir=%{_datadir}/doc/%{name}-%{version} \
1b092f
        --with-logging=syslog \
1b092f
        --with-logfac=authpriv \
1b092f
        --with-pam \
1b092f
        --with-pam-login \
1b092f
        --with-editor=/bin/vi \
1b092f
        --with-env-editor \
1b092f
        --with-ignore-dot \
1b092f
        --with-tty-tickets \
1b092f
        --with-ldap \
1b092f
        --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
1b092f
        --with-selinux \
1b092f
        --with-passprompt="[sudo] password for %p: " \
1b092f
        --with-linux-audit \
72fdaf
        --with-sssd \
72fdaf
        --with-gcrypt
1b092f
#       --without-kerb5 \
1b092f
#       --without-kerb4
1b092f
make
1b092f
1b092f
%install
1b092f
rm -rf $RPM_BUILD_ROOT
1b092f
1b092f
# Update README.LDAP (#736653)
1b092f
sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP
1b092f
1b092f
make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
1b092f
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
1b092f
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
1b092f
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
1b092f
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
1b092f
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
1b092f
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
1b092f
1b092f
# Remove execute permission on this script so we don't pull in perl deps
1b092f
chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
1b092f
1b092f
%find_lang sudo
1b092f
%find_lang sudoers
1b092f
1b092f
cat sudo.lang sudoers.lang > sudo_all.lang
1b092f
rm sudo.lang sudoers.lang
1b092f
1b092f
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
1b092f
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
1b092f
#%%PAM-1.0
1b092f
auth       include      system-auth
1b092f
account    include      system-auth
1b092f
password   include      system-auth
1b092f
session    optional     pam_keyinit.so revoke
1b092f
session    required     pam_limits.so
1b092f
EOF
1b092f
1b092f
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
1b092f
#%%PAM-1.0
1b092f
auth       include      sudo
1b092f
account    include      sudo
1b092f
password   include      sudo
1b092f
session    optional     pam_keyinit.so force revoke
1b092f
session    required     pam_limits.so
1b092f
EOF
1b092f
1b092f
1b092f
%clean
1b092f
rm -rf $RPM_BUILD_ROOT
1b092f
1b092f
%files -f sudo_all.lang
1b092f
%defattr(-,root,root)
1b092f
%attr(0440,root,root) %config(noreplace) /etc/sudoers
1b092f
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
1b092f
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
1b092f
%attr(0750,root,root) %dir /etc/sudoers.d/
1b092f
%config(noreplace) /etc/pam.d/sudo
1b092f
%config(noreplace) /etc/pam.d/sudo-i
1b092f
%dir /var/db/sudo
1b092f
%attr(4111,root,root) %{_bindir}/sudo
1b092f
%attr(4111,root,root) %{_bindir}/sudoedit
1b092f
%attr(0111,root,root) %{_bindir}/sudoreplay
1b092f
%attr(0755,root,root) %{_sbindir}/visudo
1b092f
%attr(0755,root,root) %{_libexecdir}/sesh
1b092f
%attr(0644,root,root) %{_libexecdir}/sudo_noexec.so
1b092f
%attr(0644,root,root) %{_libexecdir}/sudoers.so
1b092f
%{_mandir}/man5/sudoers.5*
1b092f
%{_mandir}/man5/sudoers.ldap.5*
1b092f
%{_mandir}/man5/sudo-ldap.conf.5*
1b092f
%{_mandir}/man5/sudo.conf.5*
1b092f
%{_mandir}/man8/sudo.8*
1b092f
%{_mandir}/man8/sudoedit.8*
1b092f
%{_mandir}/man8/sudoreplay.8*
1b092f
%{_mandir}/man8/visudo.8*
1b092f
%dir %{_docdir}/sudo-%{version}
1b092f
%{_docdir}/sudo-%{version}/*
1b092f
1b092f
1b092f
# Make sure permissions are ok even if we're updating
1b092f
%post
1b092f
/bin/chmod 0440 /etc/sudoers || :
1b092f
1b092f
%files devel
1b092f
%defattr(-,root,root,-)
1b092f
%doc plugins/sample/sample_plugin.c
1b092f
%{_includedir}/sudo_plugin.h
1b092f
%{_mandir}/man8/sudo_plugin.8*
1b092f
1b092f
%changelog
63ace7
* Mon May 29 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.6p7-22
63ace7
- Fixes CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing [rhel-7.3.z]
63ace7
  Resolves: rhbz#1455401
63ace7
84fdb2
* Wed Nov 23 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-21
84fdb2
- Update noexec syscall blacklist
84fdb2
- Fixes CVE-2016-7032 and CVE-2016-7076
84fdb2
  Resolves: rhbz#1391939
84fdb2
a67eaf
* Tue Jul 19 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-20
a67eaf
- RHEL 7.3 erratum
a67eaf
  - fixed visudo's -q flag
a67eaf
  Resolves: rhbz#1350828
a67eaf
a67eaf
* Tue Jun 14 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-19
a67eaf
- RHEL 7.3 erratum
a67eaf
  - removed INPUTRC from env_keep to prevent a potential info leak
a67eaf
  Resolves: rhbz#1340700
a67eaf
a67eaf
* Wed May 11 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-18
a67eaf
- RHEL 7.3 erratum
a67eaf
  - removed requiretty flag from the default sudoers policy
a67eaf
  - backported pam_service and pam_login_service defaults options
a67eaf
  - implemented netgroup_tuple defaults option for changing netgroup
a67eaf
    processing semantics
a67eaf
  - fixed user matching logic in the LDAP nss backend
a67eaf
  - don't allow visudo to accept an invalid sudoers file
a67eaf
  - fixed a bug causing that non-root users can list privileges of
a67eaf
    other users
a67eaf
  - modified digest check documentation to mention the raciness of
a67eaf
    the checking mechanism
a67eaf
  Resolves: rhbz#1196451
a67eaf
  Resolves: rhbz#1247230
a67eaf
  Resolves: rhbz#1334331
a67eaf
  Resolves: rhbz#1334360
a67eaf
  Resolves: rhbz#1261998
a67eaf
  Resolves: rhbz#1313364
a67eaf
  Resolves: rhbz#1312486
a67eaf
  Resolves: rhbz#1268958
a67eaf
  Resolves: rhbz#1335039
a67eaf
  Resolves: rhbz#1335042
a67eaf
  Resolves: rhbz#1335045
a67eaf
  Resolves: rhbz#1273243
a67eaf
  Resolves: rhbz#1299883
a67eaf
a67eaf
* Mon Feb 15 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-17
3f2bfe
- fixed bug in closefrom_override defaults option
a67eaf
  Resolves: rhbz#1297062
3f2bfe
72fdaf
* Tue Sep  1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-16
72fdaf
- RHEL 7.2 erratum
72fdaf
  - show the digest type in warning messages
72fdaf
  Resolves: rhbz#1183818
72fdaf
72fdaf
* Tue Sep  1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-15
72fdaf
- RHEL 7.2 erratum
72fdaf
  - fixed compilation of testing binaries during make check
72fdaf
  - added legacy group processing patch
72fdaf
  - replaced buggy base64 decoder with a public domain implementation
72fdaf
  Resolves: rhbz#1254621
72fdaf
  Resolves: rhbz#1183818
72fdaf
  Resolves: rhbz#1247591
72fdaf
72fdaf
* Tue Jul  7 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-14
72fdaf
- RHEL 7.2 erratum
72fdaf
  - backported command digest specification
72fdaf
  - fixed CVE-2014-9680 sudo: unsafe handling of TZ environment variable
72fdaf
  - fixed typos in sudoers.ldap man page
72fdaf
  - fixed handling of double-quoted sudoOption values in ldap, sssd sources
72fdaf
  - fixed numeric uid specification support in ldap source
72fdaf
  - fixed authentication flag logic in ldap source
72fdaf
  - added the systemctl command to the SERVICES alias in the default sudoers file
72fdaf
  Resolves: rhbz#1144446
72fdaf
  Resolves: rhbz#1235570
72fdaf
  Resolves: rhbz#1138259
72fdaf
  Resolves: rhbz#1183818
72fdaf
  Resolves: rhbz#1233607
72fdaf
  Resolves: rhbz#1144419
72fdaf
  Resolves: rhbz#1135539
72fdaf
  Resolves: rhbz#1215400
72fdaf
523624
* Tue Sep 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-13
523624
- RHEL 7.1 erratum
523624
  - fixed issues found by covscan/clang-analyzer
523624
  Resolves: rhbz#1147616
523624
523624
* Mon Sep 29 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-12
523624
- RHEL 7.1 erratum
523624
  - don't retry authentication when ctrl-c pressed
523624
  - fix double-quote processing in Defaults options
523624
  - handle the "(none)" hostname correctly
523624
  - SSSD: fix sudoUser netgroup specification filtering
523624
  - SSSD: list correct user when -U <user> -l specified
523624
  - SSSD: show rule names on long listing (-ll)
523624
  - fix infinite loop when duplicate entries are specified on the
523624
    sudoers nsswitch.conf line
523624
  Resolves: rhbz#1084488
523624
  Resolves: rhbz#1088464
523624
  Resolves: rhbz#1088825
523624
  Resolves: rhbz#1092499
523624
  Resolves: rhbz#1093099
523624
  Resolves: rhbz#1096813
523624
  Resolves: rhbz#1147497
523624
  Resolves: rhbz#1147557
523624
9c2f35
* Wed Feb 26 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-11
9c2f35
- Fixed incorrect login shell path construction in sesh
9c2f35
  (thanks fkrska@redhat.com for the patch)
9c2f35
  Resolves: rhbz#1065418
9c2f35
9c2f35
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.8.6p7-10
9c2f35
- Mass rebuild 2014-01-24
9c2f35
9c2f35
* Wed Jan 15 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-9
9c2f35
- allow the wheel group to use sudo
9c2f35
  Resolves: rhbz#994623
9c2f35
9c2f35
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.8.6p7-8
9c2f35
- Mass rebuild 2013-12-27
9c2f35
1b092f
* Fri Nov 08 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-7
1b092f
- dropped wrong patch and fixed patch comments
1b092f
  Resolves: rhbz#1000389
1b092f
1b092f
* Thu Nov 07 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-6
1b092f
- fixed alias cycle detection code
1b092f
- added debug messages for tracing of netgroup matching
1b092f
- fixed aborting on realloc when displaying allowed commands
1b092f
- sssd: filter netgroups in the sudoUser attribute
1b092f
- parse uids/gids more strictly
1b092f
- added debug messages to trace netgroup matching
1b092f
  Resolves: rhbz#1026904
1b092f
  Resolves: rhbz#1026890
1b092f
  Resolves: rhbz#1007014
1b092f
  Resolves: rhbz#1026894
1b092f
  Resolves: rhbz#1000389
1b092f
  Resolves: rhbz#994566
1b092f
1b092f
* Mon Aug 05 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-5
1b092f
- added standalone manpage for sudo.conf and sudo-ldap.conf
1b092f
- spec file cleanup
1b092f
  Resolves: rhbz#881258
1b092f
1b092f
* Mon Jul 29 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-4
1b092f
- added RHEL 6 patches
1b092f
1b092f
* Wed Jul 24 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-3
1b092f
- synced sudoers, configure options & configuration files with
1b092f
  expected RHEL configuration
1b092f
  Resolves: rhbz#969373
1b092f
  Resolves: rhbz#971009
1b092f
  Resolves: rhbz#965124
1b092f
  Resolves: rhbz#971013
1b092f
  Resolves: rhbz#839705
1b092f
1b092f
* Thu Apr 11 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-2
1b092f
- depend on /usr/sbin/sendmail instead of the sendmail package
1b092f
  Resolves: rhbz#927842
1b092f
1b092f
* Thu Feb 28 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-1
1b092f
- update to 1.8.6p7
1b092f
- fixes CVE-2013-1775 and CVE-2013-1776
1b092f
- fixed several packaging issues (thanks to ville.skytta@iki.fi)
1b092f
  - build with system zlib.
1b092f
  - let rpmbuild strip libexecdir/*.so.
1b092f
  - own the %%{_docdir}/sudo-* dir.
1b092f
  - fix some rpmlint warnings (spaces vs tabs, unescaped macros).
1b092f
  - fix bogus %%changelog dates.
1b092f
1b092f
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.6p3-3
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
1b092f
1b092f
* Mon Nov 12 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
1b092f
- added upstream patch for a regression
1b092f
- don't include arch specific files in the -devel subpackage
1b092f
- ship only one sample plugin in the -devel subpackage
1b092f
1b092f
* Tue Sep 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
1b092f
- update to 1.8.6p3
1b092f
- drop -pipelist patch (fixed in upstream)
1b092f
1b092f
* Thu Sep  6 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6-1
1b092f
- update to 1.8.6
1b092f
1b092f
* Thu Jul 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-4
1b092f
- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com)
1b092f
- re-enabled SSSD support
1b092f
- removed libsss_sudo dependency
1b092f
1b092f
* Tue Jul 24 2012 Bill Nottingham <notting@redhat.com> - 1.8.5-3
1b092f
- flip sudoers2ldif executable bit after make install, not in setup
1b092f
1b092f
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.5-2
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
1b092f
1b092f
* Thu May 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-1
1b092f
- update to 1.8.5
1b092f
- fixed CVE-2012-2337
1b092f
- temporarily disabled SSSD support 
1b092f
1b092f
* Wed Feb 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-6
1b092f
- fixed problems with undefined symbols (rhbz#798517)
1b092f
1b092f
* Wed Feb 22 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-5
1b092f
- SSSD patch update
1b092f
1b092f
* Tue Feb  7 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-4
1b092f
- added SSSD support
1b092f
1b092f
* Thu Jan 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-3
1b092f
- added patch for CVE-2012-0809
1b092f
1b092f
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.3p1-2
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
1b092f
1b092f
* Thu Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
1b092f
- update to 1.8.3p1
1b092f
- disable output word wrapping if the output is piped 
1b092f
1b092f
* Wed Sep  7 2011 Peter Robinson <pbrobinson@fedoraproject.org> - 1.8.1p2-2
1b092f
- Remove execute bit from sample script in docs so we don't pull in perl
1b092f
1b092f
* Tue Jul 12 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.1p2-1
1b092f
- rebase to 1.8.1p2
1b092f
- removed .sudoi patch
1b092f
- fixed typo: RELPRO -> RELRO
1b092f
- added -devel subpackage for the sudo_plugin.h header file
1b092f
- use default ldap configuration files again
1b092f
1b092f
* Fri Jun  3 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
1b092f
- build with RELRO
1b092f
1b092f
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.4p5-3
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
1b092f
1b092f
* Mon Jan 17 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2
1b092f
- rebase to 1.7.4p5
1b092f
- fixed sudo-1.7.4p4-getgrouplist.patch
1b092f
- fixes CVE-2011-0008, CVE-2011-0010
1b092f
1b092f
* Tue Nov 30 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-5
1b092f
- anybody in the wheel group has now root access (using password) (rhbz#656873)
1b092f
- sync configuration paths with the nss_ldap package (rhbz#652687)
1b092f
1b092f
* Wed Sep 29 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-4
1b092f
- added upstream patch to fix rhbz#638345
1b092f
1b092f
* Mon Sep 20 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-3
1b092f
- added patch for #635250
1b092f
- /var/run/sudo -> /var/db/sudo in .spec
1b092f
1b092f
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-2
1b092f
- sudo now uses /var/db/sudo for timestamps
1b092f
1b092f
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-1
1b092f
- update to new upstream version
1b092f
- new command available: sudoreplay
1b092f
- use native audit support
1b092f
- corrected license field value: BSD -> ISC
1b092f
1b092f
* Wed Jun  2 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-2
1b092f
- added patch that fixes insufficient environment sanitization issue (#598154)
1b092f
1b092f
* Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1
1b092f
- update to new upstream version
1b092f
- merged .audit and .libaudit patch
1b092f
- added sudoers.ldap.5* to files
1b092f
1b092f
* Mon Mar  1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p5-2
1b092f
- update to new upstream version
1b092f
1b092f
* Tue Feb 16 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5
1b092f
- fixed no valid sudoers sources found (#558875)
1b092f
1b092f
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4
1b092f
- audit related Makefile.in and configure.in corrections
1b092f
- added --with-audit configure option
1b092f
- removed call to libtoolize
1b092f
1b092f
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
1b092f
- fixed segfault when #include directive is used in cycles (#561336)
1b092f
1b092f
* Fri Jan  8 2010 Ville Skyttä <ville.skytta@iki.fi> - 1.7.2p2-2
1b092f
- Add /etc/sudoers.d dir and use it in default config (#551470).
1b092f
- Drop *.pod man page duplicates from docs.
1b092f
1b092f
* Thu Jan 07 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1
1b092f
- new upstream version 1.7.2p2-1
1b092f
- commented out unused aliases in sudoers to make visudo happy (#550239)
1b092f
1b092f
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7
1b092f
- rebuilt with new audit
1b092f
1b092f
* Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6
1b092f
- moved secure_path from compile-time option to sudoers file (#517428)
1b092f
1b092f
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
1b092f
1b092f
* Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4
1b092f
- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch)
1b092f
- epoch number sync
1b092f
1b092f
* Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1
1b092f
- updated sudo to version 1.7.1
1b092f
- fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
1b092f
1b092f
* Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6
1b092f
- fixed building with new libtool
1b092f
- fix for incorrect handling of groups in Runas_User
1b092f
- added /usr/local/sbin to secure-path
1b092f
1b092f
* Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
1b092f
- build with sendmail installed
1b092f
- Added /usr/local/bin to secure-path
1b092f
1b092f
* Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
1b092f
- adjust audit patch, do not scream when kernel is
1b092f
  compiled without audit netlink support (#401201)
1b092f
1b092f
* Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
1b092f
- upgrade
1b092f
1b092f
* Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7
1b092f
- build with newer autoconf-2.62 (#449614)
1b092f
1b092f
* Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6
1b092f
- compiled with secure path (#80215)
1b092f
1b092f
* Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5
1b092f
- fix path to updatedb in /etc/sudoers (#445103)
1b092f
1b092f
* Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4
1b092f
- include ldap files in rpm package (#439506)
1b092f
1b092f
* Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3
1b092f
- include [sudo] in password prompt (#437092)
1b092f
1b092f
* Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2
1b092f
- audit support improvement
1b092f
1b092f
* Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1
1b092f
- upgrade to the latest upstream release
1b092f
1b092f
* Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1
1b092f
- upgrade to the latest upstream release
1b092f
- add selinux support
1b092f
1b092f
* Mon Feb 04 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
1b092f
- sparc64 needs to be in the -fPIE list with s390
1b092f
1b092f
* Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
1b092f
- fix complains about audit_log_user_command(): Connection 
1b092f
  refused (#401201)
1b092f
1b092f
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
1b092f
- Rebuild for deps
1b092f
1b092f
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3
1b092f
- Rebuild for openssl bump
1b092f
1b092f
* Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2
1b092f
- fix autotools stuff and add audit support
1b092f
1b092f
* Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1
1b092f
- upgrade to upstream release
1b092f
1b092f
* Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
1b092f
- also use getgrouplist() to determine group membership (#235915)
1b092f
1b092f
* Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
1b092f
- fix some spec file issues
1b092f
1b092f
* Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
1b092f
- fix rpmlint issue
1b092f
1b092f
* Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
1b092f
- fix typo in sudoers file (#212308)
1b092f
1b092f
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
1b092f
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
1b092f
1b092f
* Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
1b092f
- fix sudoers file, X apps didn't work (#206320)
1b092f
1b092f
* Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
1b092f
- use Red Hat specific default sudoers file
1b092f
1b092f
* Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
1b092f
- fix #198755 - make login processes (sudo -i) initialise session keyring
1b092f
  (thanks for PAM config files to David Howells)
1b092f
- add IPv6 support (patch by Milan Zazrivec)
1b092f
1b092f
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
1b092f
- rebuild
1b092f
1b092f
* Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
1b092f
- fix #190062 - "ssh localhost sudo su" will show the password in clear
1b092f
1b092f
* Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
1b092f
- add LDAP support (#170848)
1b092f
1b092f
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
1b092f
- bump again for double-long bug on ppc(64)
1b092f
1b092f
* Wed Feb  8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
1b092f
- reset env. by default
1b092f
1b092f
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
1b092f
- rebuilt for new gcc4.1 snapshot and glibc changes
1b092f
1b092f
* Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
1b092f
- Remove selinux patch.  It has been decided that the SELinux patch for sudo is
1b092f
- no longer necessary.  In tageted policy it had no effect.  In strict/MLS policy
1b092f
- We require the person using sudo to execute newrole before using sudo.
1b092f
1b092f
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
1b092f
- new upstream version 1.6.8p12
1b092f
1b092f
* Tue Nov  8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
1b092f
- new upstream version 1.6.8p11
1b092f
1b092f
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
1b092f
- use include instead of pam_stack in pam config
1b092f
1b092f
* Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
1b092f
- enable interfaces in selinux patch
1b092f
- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
1b092f
1b092f
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
1b092f
- fix debuginfo
1b092f
1b092f
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
1b092f
- fix #162623 - sesh hangs when child suspends
1b092f
1b092f
* Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
1b092f
- Add back in interfaces call, SELinux has been fixed to work around
1b092f
1b092f
* Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
1b092f
- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
1b092f
1b092f
* Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
1b092f
- fix #154511 - sudo does not use limits.conf
1b092f
1b092f
* Mon Apr  4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
1b092f
- new version 1.6.8p8: new sudoedit and sudo_noexec
1b092f
1b092f
* Wed Feb  9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
1b092f
- rebuild
1b092f
1b092f
* Mon Oct  4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
1b092f
- added missing BuildRequires for libselinux-devel (#132883) 
1b092f
1b092f
* Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
1b092f
- Fix missing param error in sesh
1b092f
1b092f
* Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
1b092f
- Remove full patch check from sesh
1b092f
1b092f
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
1b092f
- Fix selinux patch to switch to root user
1b092f
1b092f
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
1b092f
- Eliminate tty handling from selinux
1b092f
1b092f
* Thu Apr  1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
1b092f
- fixed spec file: sesh in file section with selinux flag (#119682)
1b092f
1b092f
* Tue Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
1b092f
- Enhance sesh.c to fork/exec children itself, to avoid
1b092f
  having sudo reap all domains.
1b092f
- Only reinstall default signal handlers immediately before
1b092f
  exec of child with SELinux patch
1b092f
1b092f
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
1b092f
- change to default to sysadm_r 
1b092f
- Fix tty handling
1b092f
1b092f
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
1b092f
- Add /bin/sesh to run selinux code.
1b092f
- replace /bin/bash -c with /bin/sesh
1b092f
1b092f
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
1b092f
- Hard code to use "/bin/bash -c" for selinux 
1b092f
1b092f
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
1b092f
- Eliminate closing and reopening of terminals, to match su.
1b092f
1b092f
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
1b092f
- SELinux fixes to make transitions work properly
1b092f
1b092f
* Fri Mar  5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
1b092f
- pied sudo
1b092f
1b092f
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
1b092f
- Eliminate interfaces call, since this requires big SELinux privs
1b092f
- and it seems to be useless.
1b092f
1b092f
* Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
1b092f
- visudo requires vim-minimal or setting EDITOR to something useful (#68605)
1b092f
1b092f
* Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
1b092f
- Fix is_selinux_enabled call
1b092f
1b092f
* Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
1b092f
- Clean up patch on failure 
1b092f
1b092f
* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
1b092f
- Remove sudo.te for now.
1b092f
1b092f
* Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
1b092f
- Fix usage message
1b092f
1b092f
* Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
1b092f
- Clean up sudo.te to not blow up if pam.te not present
1b092f
1b092f
* Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
1b092f
- added missing BuildRequires for groff
1b092f
1b092f
* Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
1b092f
- remove left-over debugging code
1b092f
1b092f
* Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
1b092f
- Fix terminal handling that caused Sudo to exit on non selinux machines.
1b092f
1b092f
* Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
1b092f
- Remove sudo_var_run_t which is now pam_var_run_t
1b092f
1b092f
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
1b092f
- Fix terminal handling and policy
1b092f
1b092f
* Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
1b092f
- Fix policy
1b092f
1b092f
* Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
1b092f
- Turn on SELinux support
1b092f
1b092f
* Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
1b092f
- Add support for SELinux
1b092f
1b092f
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
1b092f
1b092f
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
1b092f
- remove absolute path names from the PAM configuration, ensuring that the
1b092f
  right modules get used for whichever arch we're built for
1b092f
- don't try to install the FAQ, which isn't there any more
1b092f
1b092f
* Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
1b092f
- update to 1.6.6
1b092f
1b092f
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
1b092f
- automated rebuild
1b092f
1b092f
* Thu May 23 2002 Tim Powers <timp@redhat.com>
1b092f
- automated rebuild
1b092f
1b092f
* Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
1b092f
- Fix bug #63768
1b092f
1b092f
* Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
1b092f
- 1.6.5p2
1b092f
1b092f
* Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
1b092f
- 1.6.5p1
1b092f
- Hope this "a new release per day" madness stops ;)
1b092f
1b092f
* Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
1b092f
- 1.6.5
1b092f
1b092f
* Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
1b092f
- 1.6.4p1
1b092f
1b092f
* Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
1b092f
- Update to 1.6.4
1b092f
1b092f
* Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
1b092f
- Add build requirements (#49706)
1b092f
- s/Copyright/License/
1b092f
- bzip2 source
1b092f
1b092f
* Sat Jun 16 2001 Than Ngo <than@redhat.com>
1b092f
- update to 1.6.3p7
1b092f
- use %%{_tmppath}
1b092f
1b092f
* Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
1b092f
- 1.6.3p6, fixes buffer overrun
1b092f
1b092f
* Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1b092f
- 1.6.3p5
1b092f
1b092f
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
1b092f
- automatic rebuild
1b092f
1b092f
* Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de>
1b092f
- fixed owner of sudo and visudo
1b092f
1b092f
* Thu Jun  1 2000 Nalin Dahyabhai <nalin@redhat.com>
1b092f
- modify PAM setup to use system-auth
1b092f
- clean up buildrooting by using the makeinstall macro
1b092f
1b092f
* Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1b092f
- initial build in main distrib
1b092f
- update to 1.6.3
1b092f
- deal with compressed man pages
1b092f
1b092f
* Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
1b092f
- updated to 1.6.1 for Powertools 6.2
1b092f
- config files are now noreplace.
1b092f
1b092f
* Thu Jul 22 1999 Tim Powers <timp@redhat.com>
1b092f
- updated to 1.5.9p2 for Powertools 6.1
1b092f
1b092f
* Wed May 12 1999 Bill Nottingham <notting@redhat.com>
1b092f
- sudo is configured with pam. There's no pam.d file. Oops.
1b092f
1b092f
* Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
1b092f
- upgraded to 1.59p1 for powertools 6.0
1b092f
1b092f
* Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
1b092f
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
1b092f
1b092f
* Thu Oct 08 1998 Michael Maher <mike@redhat.com>
1b092f
- built package for 5.2 
1b092f
1b092f
* Mon May 18 1998 Michael Maher <mike@redhat.com>
1b092f
- updated SPEC file
1b092f
1b092f
* Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
1b092f
- updated to 1.5.4
1b092f
1b092f
* Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
1b092f
- built for glibc, no problems
1b092f
1b092f
* Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
1b092f
- Fixed for 4.2 PowerTools 
1b092f
- Still need to be pamified
1b092f
- Still need to move stmp file to /var/log
1b092f
1b092f
* Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
1b092f
- First version for PowerCD.
1b092f