Blame SPECS/sudo.spec

1b092f
Summary: Allows restricted root access for specified users
1b092f
Name: sudo
02d491
Version: 1.8.23
63c98a
Release: 10%{?dist}
1b092f
License: ISC
1b092f
Group: Applications/System
1b092f
URL: http://www.courtesan.com/sudo/
1b092f
Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
a67eaf
Source1: sudoers
a67eaf
Source2: sudo-ldap.conf
a67eaf
Source3: sudo.conf
02d491
Requires: /etc/pam.d/system-auth
02d491
Requires: /usr/bin/vi
1b092f
02d491
BuildRequires: /usr/sbin/sendmail
02d491
BuildRequires: autoconf
02d491
BuildRequires: automake
1b092f
BuildRequires: bison
02d491
BuildRequires: flex
02d491
BuildRequires: gettext
02d491
BuildRequires: groff
02d491
BuildRequires: libtool
02d491
BuildRequires: audit-libs-devel
02d491
BuildRequires: libcap-devel
02d491
BuildRequires: libgcrypt-devel
0e1944
BuildRequires: libgcrypt-devel
1b092f
BuildRequires: libselinux-devel
02d491
BuildRequires: openldap-devel
02d491
BuildRequires: pam-devel
1b092f
BuildRequires: zlib-devel
1b092f
1b092f
# don't strip
1b092f
Patch1: sudo-1.6.7p5-strip.patch
1b092f
# configure.in fix
1b092f
Patch2: sudo-1.7.2p1-envdebug.patch
1b092f
# 881258 - rpmdiff: added missing sudo-ldap.conf manpage
02d491
Patch3: sudo-1.8.23-sudoldapconfman.patch
02d491
# 1247591 - Sudo taking a long time when user information is stored externally.
02d491
Patch4: sudo-1.8.23-legacy-group-processing.patch
72fdaf
# 1135539 - sudo with ldap doesn't work with 'user id' in sudoUser option
02d491
Patch5: sudo-1.8.23-ldapsearchuidfix.patch
a67eaf
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure
02d491
Patch6: sudo-1.8.6p7-logsudouser.patch
02d491
# 840980 - sudo creates a new parent process
02d491
# Adds cmnd_no_wait Defaults option
02d491
Patch7: sudo-1.8.23-nowaitopt.patch
02d491
# 1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers
02d491
#  This is fix of a regression in the referenced feature request. It was fixed
02d491
#  in newer versions of sudo and we backport it to prevent future regression
02d491
#  bz in RHEL. The feature itself was delivered via the rebase to 1.8.23.
02d491
Patch8: sudo-1.8.23-Ignore-PAM_NEW_AUTHTOK_REQD-and-PAM_AUTHTOK_EXPIRED.patch
02d491
# 1547974 - (sudo-rhel-7.6-rebase) Rebase sudo to latest stable upstream version
3f071d
Patch9: sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch
3f071d
e6a6c6
# 1647678 - sudo access denied with pam_access and pts terminal configurations
e6a6c6
# 1672876 - Backporting sudo bug with expired passwords - this is included in in this patch
e6a6c6
Patch10: sudo-1.8.23-pam_access-and-terminals.patch
e6a6c6
3f071d
# 1665285 - Problem with sudo-1.8.23 and 'who am i'
3f071d
Patch11: sudo-1.8.23-who-am-i.patch
3f071d
e6a6c6
# 1738841 - Crash in do_syslog() while doing sudoedit
e6a6c6
Patch12: sudo-1.8.23-fix_empty_username_in_do_syslog.patch
e6a6c6
e6a6c6
# 1760694 - CVE-2019-14287 sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword [rhel-7.8]
e6a6c6
Patch13: sudo-1.8.28-CVE-strtouid.patch
e6a6c6
Patch14: sudo-1.8.28-CVE-strtouid-test.patch
1b092f
e6a6c6
# 1798095 - CVE-2019-18634 sudo: Stack based buffer overflow in when pwfeedback is enabled [rhel-7.8]
e6a6c6
Patch15: sudo-1.8.29-CVE-2019-18634-part1.patch
e6a6c6
Patch16: sudo-1.8.29-CVE-2019-18634-part2.patch
ed9154
63c98a
# 1788196 - sudo allows privilege escalation with expire password
63c98a
Patch17: sudo-1.8.29-expired-password-part1.patch
63c98a
Patch18: sudo-1.8.29-expired-password-part2.patch
63c98a
1b092f
%description
1b092f
Sudo (superuser do) allows a system administrator to give certain
1b092f
users (or groups of users) the ability to run some (or all) commands
1b092f
as root while logging all commands and arguments. Sudo operates on a
1b092f
per-command basis.  It is not a replacement for the shell.  Features
1b092f
include: the ability to restrict what commands a user may run on a
1b092f
per-host basis, copious logging of each command (providing a clear
1b092f
audit trail of who did what), a configurable timeout of the sudo
1b092f
command, and the ability to use the same configuration file (sudoers)
1b092f
on many different machines.
1b092f
1b092f
%package        devel
1b092f
Summary:        Development files for %{name}
1b092f
Group:          Development/Libraries
1b092f
Requires:       %{name} = %{version}-%{release}
1b092f
1b092f
%description    devel
1b092f
The %{name}-devel package contains header files developing sudo
1b092f
plugins that use %{name}.
1b092f
1b092f
%prep
1b092f
%setup -q
1b092f
1b092f
%patch1 -p1 -b .strip
1b092f
%patch2 -p1 -b .envdebug
02d491
%patch3 -p1 -b .sudoldapconfman
02d491
%patch4 -p1 -b .legacy-group-processing
02d491
%patch5 -p1 -b .ldapsearchuidfix
02d491
%patch6 -p1 -b .logsudouser
02d491
%patch7 -p1 -b .nowaitopt
02d491
%patch8 -p1 -b .pam-mgmt-ignore-errors
02d491
%patch9 -p1 -b .defaults-double-quote-fix
1b092f
e6a6c6
%patch10 -p1 -b .pam_access-and-terminals
e6a6c6
3f071d
%patch11 -p1 -b .who-am-i
e6a6c6
%patch12 -p1 -b .do_syslog-username
3f071d
e6a6c6
%patch13 -p1 -b .CVE-strtouid
e6a6c6
%patch14 -p1 -b .CVE-strtouid-test
28a657
e6a6c6
%patch15 -p1 -b .CVE-2019-18634-part1
e6a6c6
%patch16 -p1 -b .CVE-2019-18634-part2
ed9154
63c98a
%patch17 -p1 -b .expired-password-part1
63c98a
%patch18 -p1 -b .expired-password-part2
63c98a
1b092f
%build
1b092f
autoreconf -I m4 -fv --install
1b092f
1b092f
%ifarch s390 s390x sparc64
1b092f
F_PIE=-fPIE
1b092f
%else
1b092f
F_PIE=-fpie
1b092f
%endif
1b092f
1b092f
export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHLIB_MODE=755
1b092f
1b092f
%configure \
1b092f
        --prefix=%{_prefix} \
1b092f
        --sbindir=%{_sbindir} \
1b092f
        --libdir=%{_libdir} \
1b092f
        --docdir=%{_datadir}/doc/%{name}-%{version} \
1b092f
        --with-logging=syslog \
1b092f
        --with-logfac=authpriv \
1b092f
        --with-pam \
1b092f
        --with-pam-login \
02d491
        --with-editor=/usr/bin/vi \
1b092f
        --with-env-editor \
02d491
        --enable-gcrypt \
1b092f
        --with-ignore-dot \
1b092f
        --with-tty-tickets \
1b092f
        --with-ldap \
1b092f
        --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
1b092f
        --with-selinux \
1b092f
        --with-passprompt="[sudo] password for %p: " \
1b092f
        --with-linux-audit \
0e1944
        --with-sssd
02d491
1b092f
make
1b092f
02d491
%check
0e1944
make check
0e1944
1b092f
%install
02d491
rm -rf %{buildroot}
1b092f
1b092f
# Update README.LDAP (#736653)
1b092f
sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP
1b092f
02d491
make install DESTDIR="%{buildroot}" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
02d491
02d491
chmod 755 %{buildroot}%{_bindir}/* %{buildroot}%{_sbindir}/*
02d491
install -p -d -m 700 %{buildroot}%{_localstatedir}/db/sudo
02d491
install -p -d -m 700 %{buildroot}%{_localstatedir}/db/sudo/lectured
02d491
install -p -d -m 750 %{buildroot}%{_sysconfdir}/sudoers.d
02d491
install -p -c -m 0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers
02d491
install -p -c -m 0640 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudo.conf
02d491
install -p -c -m 0640 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudo-ldap.conf
1b092f
02d491
# Remove upstream sudoers file
02d491
rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
1b092f
02d491
# Remove all .la files
02d491
find %{buildroot} -name '*.la' -exec rm -f {} ';'
0e1944
1b092f
%find_lang sudo
1b092f
%find_lang sudoers
1b092f
1b092f
cat sudo.lang sudoers.lang > sudo_all.lang
1b092f
rm sudo.lang sudoers.lang
1b092f
02d491
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
02d491
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF
1b092f
#%%PAM-1.0
1b092f
auth       include      system-auth
1b092f
account    include      system-auth
1b092f
password   include      system-auth
1b092f
session    optional     pam_keyinit.so revoke
02d491
session    include      system-auth
1b092f
EOF
1b092f
02d491
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF
1b092f
#%%PAM-1.0
1b092f
auth       include      sudo
1b092f
account    include      sudo
1b092f
password   include      sudo
1b092f
session    optional     pam_keyinit.so force revoke
02d491
session    include      sudo
1b092f
EOF
1b092f
1b092f
%clean
02d491
rm -rf %{buildroot}
1b092f
1b092f
%files -f sudo_all.lang
1b092f
%defattr(-,root,root)
02d491
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
02d491
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf
1b092f
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
02d491
%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/
02d491
%config(noreplace) %{_sysconfdir}/pam.d/sudo
02d491
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
0e1944
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
02d491
%dir %{_localstatedir}/db/sudo
02d491
%dir %{_localstatedir}/db/sudo/lectured
1b092f
%attr(4111,root,root) %{_bindir}/sudo
0e1944
%{_bindir}/sudoedit
02d491
%{_bindir}/cvtsudoers
1b092f
%attr(0111,root,root) %{_bindir}/sudoreplay
1b092f
%attr(0755,root,root) %{_sbindir}/visudo
0e1944
%attr(0755,root,root) %{_libexecdir}/sudo/sesh
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
0e1944
%{_libexecdir}/sudo/libsudo_util.so.?
97c789
%{_libexecdir}/sudo/libsudo_util.so
1b092f
%{_mandir}/man5/sudoers.5*
1b092f
%{_mandir}/man5/sudoers.ldap.5*
1b092f
%{_mandir}/man5/sudo-ldap.conf.5*
1b092f
%{_mandir}/man5/sudo.conf.5*
1b092f
%{_mandir}/man8/sudo.8*
1b092f
%{_mandir}/man8/sudoedit.8*
1b092f
%{_mandir}/man8/sudoreplay.8*
1b092f
%{_mandir}/man8/visudo.8*
02d491
%{_mandir}/man1/cvtsudoers.1.gz
02d491
%{_mandir}/man5/sudoers_timestamp.5.gz
1b092f
%dir %{_docdir}/sudo-%{version}
1b092f
%{_docdir}/sudo-%{version}/*
1b092f
1b092f
# Make sure permissions are ok even if we're updating
1b092f
%post
02d491
/bin/chmod 0440 %{_sysconfdir}/sudoers || :
1b092f
1b092f
%files devel
1b092f
%defattr(-,root,root,-)
1b092f
%doc plugins/sample/sample_plugin.c
1b092f
%{_includedir}/sudo_plugin.h
1b092f
%{_mandir}/man8/sudo_plugin.8*
1b092f
1b092f
%changelog
63c98a
* Wed Mar 25 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.23-10
63c98a
- RHEL-7.9
63c98a
- sudo allows privilege escalation with expire password
63c98a
  Resolves: rhbz#1788196
63c98a
e6a6c6
* Wed Feb 05 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.23-9
e6a6c6
- RHEL-7.8
e6a6c6
- CVE-2019-18634
e6a6c6
  Resolves: rhbz#1798095
ed9154
e6a6c6
* Thu Oct 17 2019 Marek Tamaskovic <mtamasko@redhat.com> 1.8.23-8
e6a6c6
- RHEL-7.8
28a657
- fixed CVE-2019-14287
e6a6c6
  Resolves: rhbz#1760695
e6a6c6
e6a6c6
* Thu Aug 22 2019 Marek Tamaskovic <mtamasko@redhat.com> 1.8.23-7
e6a6c6
- RHEL-7.8 erratum
e6a6c6
  Resolves: rhbz#1738841 Crash in do_syslog() while doing sudoedit
e6a6c6
e6a6c6
* Mon Aug 19 2019 Marek Tamaskovic <mtamasko@redhat.com> 1.8.23-6
e6a6c6
- RHEL-7.8 erratum
e6a6c6
  Resolves: rhbz#1647678 sudo access denied with pam_access and pts terminal configurations
e6a6c6
e6a6c6
* Mon Aug 12 2019 Marek Tamaskovic <mtamasko@redhat.com> 1.8.23-5
e6a6c6
- RHEL-7.8 erratum
e6a6c6
  Resolves: rhbz#1711997 sudo is super slow when /etc/security/limits.conf contains many entries
3f071d
3f071d
* Wed Feb 20 2019 Radovan Sroka <rsroka@redhat.com> 1.8.23-4
3f071d
- RHEL-7.7 erratum
3f071d
  Resolves: rhbz#1672876 - Backporting sudo bug with expired passwords
3f071d
  Resolves: rhbz#1665285 - Problem with sudo-1.8.23 and 'who am i'
3f071d
02d491
* Mon Sep 24 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-3
02d491
- RHEL-7.6 erratum
02d491
  Resolves: rhbz#1547974 - Rebase sudo to latest stable upstream version
02d491
02d491
* Fri Sep 21 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-2
02d491
- RHEL-7.6 erratum
02d491
  Resolves: rhbz#1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers
02d491
  Resolves: rhbz#1506025 - Latest update broke sudo for ldap users.
02d491
  Resolves: rhbz#1502630 - inclusion of system-auth for session hooks missing in sudo PAM snippets
02d491
02d491
* Thu Jun 28 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-1
02d491
- RHEL-7.6 erratum
02d491
  Resolves: rhbz#1547974 - Rebase sudo to latest stable upstream version (1.8.23)
02d491
  Resolves: rhbz#1502630 - inclusion of system-auth for session hooks missing in sudo PAM snippets
02d491
  Resolves: rhbz#1506025 - Latest update broke sudo for ldap users.
02d491
  Resolves: rhbz#1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers
02d491
  Resolves: rhbz#1548380 - RFE: Create flag to filter to sudo -l output
02d491
  Resolves: rhbz#1510002 - Ensure that the command input (stdin) eating behaviour of Default log_input is documented
02d491
  Resolves: rhbz#1596032 - Why does sudo package depend on vim-minimal?
81abbb
ce887b
* Thu Nov 30 2017 Radovan Sroka <rsroka@redhat.com> 1.8.19p2-13
ce887b
- RHEL 7.5 erratum
ce887b
- Fixed sudo -l checking results whether user should be authenticated
ce887b
- Enabled LDAP filter patch
ce887b
- Fixed double free in sssd
ce887b
ce887b
  Resolves: rhbz#1505409
ce887b
  Resolves: rhbz#1511850
ce887b
  Resolves: rhbz#1518104
ce887b
ce887b
* Mon Oct 02 2017 Radovan Sroka <rsroka@redhat.com> 1.8.19p2-12
ce887b
- RHEL 7.5 erratum
ce887b
- Fixed exit codes for `sudo -l -U <user>`
ce887b
- Fixed truncated output when log_output is enabled
ce887b
- Updated use_pty and IO logging manpage
ce887b
ce887b
  Resolves: rhbz#1458696
ce887b
  Resolves: rhbz#1454571
ce887b
  Resolves: rhbz#1490358
ce887b
ce887b
- Fixed second pass LDAP filter expression in the sudoers ldap backend
ce887b
  - inclomplete patch for rhbz#1485397
ce887b
ce887b
* Mon Aug 14 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.19p2-11
97c789
- Moved libsudo_util.so from the -devel sub-package to main package
ce887b
  Resolves: rhbz#1481225
97c789
0e1944
* Wed Jun 07 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.19p2-10
0e1944
- RHEL 7.4 erratum
0e1944
- Fix CVE-2017-1000368
0e1944
  Resolves: rhbz#1459411
0e1944
0e1944
* Tue Jun 06 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.19p2-9
0e1944
- RHEL 7.4 erratum
0e1944
- removed patch for output truncation (1454571) which introduced regression
0e1944
  Resolves: rhbz#1360687
0e1944
0e1944
* Thu May 25 2017 Jakub Jelen <jjelen@redhat.com> - 1.8.19p2-8
0e1944
- RHEL 7.4 erratum
0e1944
- Fixes CVE-2017-1000367: Privilege escalation in via improper get_process_ttyname() parsing
0e1944
  Resolves: rhbz#1455402
0e1944
0e1944
* Tue May 23 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.19p2-7
0e1944
- RHEL 7.4 erratum
0e1944
- added patch to fix output truncation (in some cases) when log_output
0e1944
  option is enabled
0e1944
  Resolves: rhbz#1454571
0e1944
0e1944
* Thu May 04 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.19p2-6
0e1944
- RHEL 7.4 erratum
0e1944
- added patch that fixes lecture option used as bolean
0e1944
  Resolves rhbz#1360687
0e1944
0e1944
* Tue Apr 25 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.19p2-5
0e1944
- RHEL 7.4 erratum
0e1944
- added doc patch about sudo lookup issue
0e1944
  Resolves: rhbz#1293306
0e1944
- added test suite patch
0e1944
  Resolves: rhbz#1360687
0e1944
- fixed use after free fqdn problem
0e1944
  Resolves: rhbz#1360687
0e1944
0e1944
* Tue Mar 21 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-4
0e1944
- RHEL 7.4 erratum
0e1944
- fixed cmnd_no_wait patch
0e1944
- backported iolog_flush sudoers default
0e1944
  Resolves: rhbz#1369856
0e1944
  Resolves: rhbz#1425853
0e1944
0e1944
* Wed Mar 08 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-3
0e1944
- RHEL 7.4 eratum
0e1944
- Fixes semicolon typo in digest backport patch from the previous build
0e1944
  Resolves: rhbz#1360687
0e1944
0e1944
* Wed Mar 08 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-2
0e1944
- RHEL 7.4 erratum
3f071d
- Fixes coverity scan issues created by our patches:
0e1944
  - fixed resource leaks and a compiler warning in digest backport patch
0e1944
  - removed needless code from cmnd_no_wait patch causing clang warning
0e1944
  - format of the last changelog message causes problems to rhpkg push,
3f071d
    so don't use that as a commit message
0e1944
  Resolves: rhbz#1360687
f48767
0e1944
* Wed Mar 01 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-1
0e1944
- RHEL 7.4 erratum
0e1944
  - Resolves: rhbz#1360687 - rebase to 1.8.19p2
0e1944
  - Resolves: rhbz#1123526 - performance improvement
0e1944
  - Resolves: rhbz#1308789 - add MAIL and NOMAIL tags
0e1944
  - Resolves: rhbz#1348504 - sudo now parses sudoers with sudoers locale
3f071d
  - Resolves: rhbz#1374417 - "sudo -l command" indicated that the command
0e1944
    was runnable even if denied by sudoers when using LDAP or SSSD backend.
0e1944
  - Resolves: rhbz#1387303 - add ignore_iolog_errors option
0e1944
  - Resolves: rhbz#1389360 - wrong log file group ownership
0e1944
  - Resolves: rhbz#1389735 - add iolog_group, iolog_mode, iolog_user options
0e1944
  - Resolves: rhbz#1397169 - maxseq and ignore_iolog_errors options
0e1944
  - Resolves: rhbz#1403051 - add support for querying netgroups directly via LDAP
0e1944
  - Resolves: rhbz#1410086 - race condition while creating /var/log/sudo-io dir
0e1944
  - Resolves: rhbz#1413160 - add ignore_unknown_defaults flag
0e1944
  - Resolves: rhbz#1254772 - ability to export sudoers in json format
0e1944
  - Resolves: rhbz#1417187 - wrong reference to config file in systax error message
0e1944
  - Resolves: rhbz#1424575 - visudo was not printing severity of error/warning message
63ace7
84fdb2
* Wed Nov 23 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-21
84fdb2
- Update noexec syscall blacklist
84fdb2
- Fixes CVE-2016-7032 and CVE-2016-7076
0e1944
  Resolves: rhbz#1391940
84fdb2
a67eaf
* Tue Jul 19 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-20
a67eaf
- RHEL 7.3 erratum
a67eaf
  - fixed visudo's -q flag
a67eaf
  Resolves: rhbz#1350828
a67eaf
a67eaf
* Tue Jun 14 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-19
a67eaf
- RHEL 7.3 erratum
a67eaf
  - removed INPUTRC from env_keep to prevent a potential info leak
a67eaf
  Resolves: rhbz#1340700
a67eaf
a67eaf
* Wed May 11 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-18
a67eaf
- RHEL 7.3 erratum
a67eaf
  - removed requiretty flag from the default sudoers policy
a67eaf
  - backported pam_service and pam_login_service defaults options
a67eaf
  - implemented netgroup_tuple defaults option for changing netgroup
a67eaf
    processing semantics
a67eaf
  - fixed user matching logic in the LDAP nss backend
a67eaf
  - don't allow visudo to accept an invalid sudoers file
a67eaf
  - fixed a bug causing that non-root users can list privileges of
a67eaf
    other users
a67eaf
  - modified digest check documentation to mention the raciness of
a67eaf
    the checking mechanism
a67eaf
  Resolves: rhbz#1196451
a67eaf
  Resolves: rhbz#1247230
a67eaf
  Resolves: rhbz#1334331
a67eaf
  Resolves: rhbz#1334360
a67eaf
  Resolves: rhbz#1261998
a67eaf
  Resolves: rhbz#1313364
a67eaf
  Resolves: rhbz#1312486
a67eaf
  Resolves: rhbz#1268958
a67eaf
  Resolves: rhbz#1335039
a67eaf
  Resolves: rhbz#1335042
a67eaf
  Resolves: rhbz#1335045
a67eaf
  Resolves: rhbz#1273243
a67eaf
  Resolves: rhbz#1299883
a67eaf
a67eaf
* Mon Feb 15 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-17
3f2bfe
- fixed bug in closefrom_override defaults option
a67eaf
  Resolves: rhbz#1297062
3f2bfe
72fdaf
* Tue Sep  1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-16
72fdaf
- RHEL 7.2 erratum
72fdaf
  - show the digest type in warning messages
72fdaf
  Resolves: rhbz#1183818
72fdaf
72fdaf
* Tue Sep  1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-15
72fdaf
- RHEL 7.2 erratum
72fdaf
  - fixed compilation of testing binaries during make check
72fdaf
  - added legacy group processing patch
72fdaf
  - replaced buggy base64 decoder with a public domain implementation
72fdaf
  Resolves: rhbz#1254621
72fdaf
  Resolves: rhbz#1183818
72fdaf
  Resolves: rhbz#1247591
72fdaf
72fdaf
* Tue Jul  7 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-14
72fdaf
- RHEL 7.2 erratum
72fdaf
  - backported command digest specification
72fdaf
  - fixed CVE-2014-9680 sudo: unsafe handling of TZ environment variable
72fdaf
  - fixed typos in sudoers.ldap man page
72fdaf
  - fixed handling of double-quoted sudoOption values in ldap, sssd sources
72fdaf
  - fixed numeric uid specification support in ldap source
72fdaf
  - fixed authentication flag logic in ldap source
72fdaf
  - added the systemctl command to the SERVICES alias in the default sudoers file
72fdaf
  Resolves: rhbz#1144446
72fdaf
  Resolves: rhbz#1235570
72fdaf
  Resolves: rhbz#1138259
72fdaf
  Resolves: rhbz#1183818
72fdaf
  Resolves: rhbz#1233607
72fdaf
  Resolves: rhbz#1144419
72fdaf
  Resolves: rhbz#1135539
72fdaf
  Resolves: rhbz#1215400
72fdaf
523624
* Tue Sep 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-13
523624
- RHEL 7.1 erratum
523624
  - fixed issues found by covscan/clang-analyzer
523624
  Resolves: rhbz#1147616
523624
523624
* Mon Sep 29 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-12
523624
- RHEL 7.1 erratum
523624
  - don't retry authentication when ctrl-c pressed
523624
  - fix double-quote processing in Defaults options
523624
  - handle the "(none)" hostname correctly
523624
  - SSSD: fix sudoUser netgroup specification filtering
523624
  - SSSD: list correct user when -U <user> -l specified
523624
  - SSSD: show rule names on long listing (-ll)
523624
  - fix infinite loop when duplicate entries are specified on the
523624
    sudoers nsswitch.conf line
523624
  Resolves: rhbz#1084488
523624
  Resolves: rhbz#1088464
523624
  Resolves: rhbz#1088825
523624
  Resolves: rhbz#1092499
523624
  Resolves: rhbz#1093099
523624
  Resolves: rhbz#1096813
523624
  Resolves: rhbz#1147497
523624
  Resolves: rhbz#1147557
523624
9c2f35
* Wed Feb 26 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-11
9c2f35
- Fixed incorrect login shell path construction in sesh
9c2f35
  (thanks fkrska@redhat.com for the patch)
9c2f35
  Resolves: rhbz#1065418
9c2f35
9c2f35
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.8.6p7-10
9c2f35
- Mass rebuild 2014-01-24
9c2f35
9c2f35
* Wed Jan 15 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-9
9c2f35
- allow the wheel group to use sudo
9c2f35
  Resolves: rhbz#994623
9c2f35
9c2f35
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.8.6p7-8
9c2f35
- Mass rebuild 2013-12-27
9c2f35
1b092f
* Fri Nov 08 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-7
1b092f
- dropped wrong patch and fixed patch comments
1b092f
  Resolves: rhbz#1000389
1b092f
1b092f
* Thu Nov 07 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-6
1b092f
- fixed alias cycle detection code
1b092f
- added debug messages for tracing of netgroup matching
1b092f
- fixed aborting on realloc when displaying allowed commands
1b092f
- sssd: filter netgroups in the sudoUser attribute
1b092f
- parse uids/gids more strictly
1b092f
- added debug messages to trace netgroup matching
1b092f
  Resolves: rhbz#1026904
1b092f
  Resolves: rhbz#1026890
1b092f
  Resolves: rhbz#1007014
1b092f
  Resolves: rhbz#1026894
1b092f
  Resolves: rhbz#1000389
1b092f
  Resolves: rhbz#994566
1b092f
1b092f
* Mon Aug 05 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-5
1b092f
- added standalone manpage for sudo.conf and sudo-ldap.conf
1b092f
- spec file cleanup
1b092f
  Resolves: rhbz#881258
1b092f
1b092f
* Mon Jul 29 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-4
1b092f
- added RHEL 6 patches
1b092f
1b092f
* Wed Jul 24 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-3
1b092f
- synced sudoers, configure options & configuration files with
1b092f
  expected RHEL configuration
1b092f
  Resolves: rhbz#969373
1b092f
  Resolves: rhbz#971009
1b092f
  Resolves: rhbz#965124
1b092f
  Resolves: rhbz#971013
1b092f
  Resolves: rhbz#839705
1b092f
1b092f
* Thu Apr 11 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-2
1b092f
- depend on /usr/sbin/sendmail instead of the sendmail package
1b092f
  Resolves: rhbz#927842
1b092f
1b092f
* Thu Feb 28 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-1
1b092f
- update to 1.8.6p7
1b092f
- fixes CVE-2013-1775 and CVE-2013-1776
1b092f
- fixed several packaging issues (thanks to ville.skytta@iki.fi)
1b092f
  - build with system zlib.
1b092f
  - let rpmbuild strip libexecdir/*.so.
1b092f
  - own the %%{_docdir}/sudo-* dir.
1b092f
  - fix some rpmlint warnings (spaces vs tabs, unescaped macros).
1b092f
  - fix bogus %%changelog dates.
1b092f
1b092f
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.6p3-3
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
1b092f
1b092f
* Mon Nov 12 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
1b092f
- added upstream patch for a regression
1b092f
- don't include arch specific files in the -devel subpackage
1b092f
- ship only one sample plugin in the -devel subpackage
1b092f
1b092f
* Tue Sep 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
1b092f
- update to 1.8.6p3
1b092f
- drop -pipelist patch (fixed in upstream)
1b092f
1b092f
* Thu Sep  6 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6-1
1b092f
- update to 1.8.6
1b092f
1b092f
* Thu Jul 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-4
1b092f
- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com)
1b092f
- re-enabled SSSD support
1b092f
- removed libsss_sudo dependency
1b092f
1b092f
* Tue Jul 24 2012 Bill Nottingham <notting@redhat.com> - 1.8.5-3
1b092f
- flip sudoers2ldif executable bit after make install, not in setup
1b092f
1b092f
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.5-2
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
1b092f
1b092f
* Thu May 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-1
1b092f
- update to 1.8.5
1b092f
- fixed CVE-2012-2337
3f071d
- temporarily disabled SSSD support
1b092f
1b092f
* Wed Feb 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-6
1b092f
- fixed problems with undefined symbols (rhbz#798517)
1b092f
1b092f
* Wed Feb 22 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-5
1b092f
- SSSD patch update
1b092f
1b092f
* Tue Feb  7 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-4
1b092f
- added SSSD support
1b092f
1b092f
* Thu Jan 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-3
1b092f
- added patch for CVE-2012-0809
1b092f
1b092f
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.3p1-2
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
1b092f
1b092f
* Thu Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
1b092f
- update to 1.8.3p1
3f071d
- disable output word wrapping if the output is piped
1b092f
1b092f
* Wed Sep  7 2011 Peter Robinson <pbrobinson@fedoraproject.org> - 1.8.1p2-2
1b092f
- Remove execute bit from sample script in docs so we don't pull in perl
1b092f
1b092f
* Tue Jul 12 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.1p2-1
1b092f
- rebase to 1.8.1p2
1b092f
- removed .sudoi patch
1b092f
- fixed typo: RELPRO -> RELRO
1b092f
- added -devel subpackage for the sudo_plugin.h header file
1b092f
- use default ldap configuration files again
1b092f
1b092f
* Fri Jun  3 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
1b092f
- build with RELRO
1b092f
1b092f
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.4p5-3
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
1b092f
1b092f
* Mon Jan 17 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2
1b092f
- rebase to 1.7.4p5
1b092f
- fixed sudo-1.7.4p4-getgrouplist.patch
1b092f
- fixes CVE-2011-0008, CVE-2011-0010
1b092f
1b092f
* Tue Nov 30 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-5
1b092f
- anybody in the wheel group has now root access (using password) (rhbz#656873)
1b092f
- sync configuration paths with the nss_ldap package (rhbz#652687)
1b092f
1b092f
* Wed Sep 29 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-4
1b092f
- added upstream patch to fix rhbz#638345
1b092f
1b092f
* Mon Sep 20 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-3
1b092f
- added patch for #635250
1b092f
- /var/run/sudo -> /var/db/sudo in .spec
1b092f
1b092f
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-2
1b092f
- sudo now uses /var/db/sudo for timestamps
1b092f
1b092f
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-1
1b092f
- update to new upstream version
1b092f
- new command available: sudoreplay
1b092f
- use native audit support
1b092f
- corrected license field value: BSD -> ISC
1b092f
1b092f
* Wed Jun  2 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-2
1b092f
- added patch that fixes insufficient environment sanitization issue (#598154)
1b092f
1b092f
* Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1
1b092f
- update to new upstream version
1b092f
- merged .audit and .libaudit patch
1b092f
- added sudoers.ldap.5* to files
1b092f
1b092f
* Mon Mar  1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p5-2
1b092f
- update to new upstream version
1b092f
1b092f
* Tue Feb 16 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5
1b092f
- fixed no valid sudoers sources found (#558875)
1b092f
1b092f
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4
1b092f
- audit related Makefile.in and configure.in corrections
1b092f
- added --with-audit configure option
1b092f
- removed call to libtoolize
1b092f
1b092f
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
1b092f
- fixed segfault when #include directive is used in cycles (#561336)
1b092f
1b092f
* Fri Jan  8 2010 Ville Skyttä <ville.skytta@iki.fi> - 1.7.2p2-2
1b092f
- Add /etc/sudoers.d dir and use it in default config (#551470).
1b092f
- Drop *.pod man page duplicates from docs.
1b092f
1b092f
* Thu Jan 07 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1
1b092f
- new upstream version 1.7.2p2-1
1b092f
- commented out unused aliases in sudoers to make visudo happy (#550239)
1b092f
1b092f
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7
1b092f
- rebuilt with new audit
1b092f
1b092f
* Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6
1b092f
- moved secure_path from compile-time option to sudoers file (#517428)
1b092f
1b092f
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
1b092f
1b092f
* Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4
1b092f
- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch)
1b092f
- epoch number sync
1b092f
1b092f
* Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1
1b092f
- updated sudo to version 1.7.1
1b092f
- fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
1b092f
1b092f
* Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6
1b092f
- fixed building with new libtool
1b092f
- fix for incorrect handling of groups in Runas_User
1b092f
- added /usr/local/sbin to secure-path
1b092f
1b092f
* Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
1b092f
- build with sendmail installed
1b092f
- Added /usr/local/bin to secure-path
1b092f
1b092f
* Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
1b092f
- adjust audit patch, do not scream when kernel is
1b092f
  compiled without audit netlink support (#401201)
1b092f
1b092f
* Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
1b092f
- upgrade
1b092f
1b092f
* Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7
1b092f
- build with newer autoconf-2.62 (#449614)
1b092f
1b092f
* Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6
1b092f
- compiled with secure path (#80215)
1b092f
1b092f
* Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5
1b092f
- fix path to updatedb in /etc/sudoers (#445103)
1b092f
1b092f
* Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4
1b092f
- include ldap files in rpm package (#439506)
1b092f
1b092f
* Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3
1b092f
- include [sudo] in password prompt (#437092)
1b092f
1b092f
* Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2
1b092f
- audit support improvement
1b092f
1b092f
* Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1
1b092f
- upgrade to the latest upstream release
1b092f
1b092f
* Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1
1b092f
- upgrade to the latest upstream release
1b092f
- add selinux support
1b092f
1b092f
* Mon Feb 04 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
1b092f
- sparc64 needs to be in the -fPIE list with s390
1b092f
1b092f
* Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
3f071d
- fix complains about audit_log_user_command(): Connection
1b092f
  refused (#401201)
1b092f
1b092f
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
1b092f
- Rebuild for deps
1b092f
1b092f
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3
1b092f
- Rebuild for openssl bump
1b092f
1b092f
* Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2
1b092f
- fix autotools stuff and add audit support
1b092f
1b092f
* Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1
1b092f
- upgrade to upstream release
1b092f
1b092f
* Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
1b092f
- also use getgrouplist() to determine group membership (#235915)
1b092f
1b092f
* Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
1b092f
- fix some spec file issues
1b092f
1b092f
* Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
1b092f
- fix rpmlint issue
1b092f
1b092f
* Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
1b092f
- fix typo in sudoers file (#212308)
1b092f
1b092f
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
1b092f
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
1b092f
1b092f
* Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
1b092f
- fix sudoers file, X apps didn't work (#206320)
1b092f
1b092f
* Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
1b092f
- use Red Hat specific default sudoers file
1b092f
1b092f
* Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
1b092f
- fix #198755 - make login processes (sudo -i) initialise session keyring
1b092f
  (thanks for PAM config files to David Howells)
1b092f
- add IPv6 support (patch by Milan Zazrivec)
1b092f
1b092f
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
1b092f
- rebuild
1b092f
1b092f
* Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
1b092f
- fix #190062 - "ssh localhost sudo su" will show the password in clear
1b092f
1b092f
* Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
1b092f
- add LDAP support (#170848)
1b092f
1b092f
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
1b092f
- bump again for double-long bug on ppc(64)
1b092f
1b092f
* Wed Feb  8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
1b092f
- reset env. by default
1b092f
1b092f
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
1b092f
- rebuilt for new gcc4.1 snapshot and glibc changes
1b092f
1b092f
* Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
1b092f
- Remove selinux patch.  It has been decided that the SELinux patch for sudo is
1b092f
- no longer necessary.  In tageted policy it had no effect.  In strict/MLS policy
1b092f
- We require the person using sudo to execute newrole before using sudo.
1b092f
1b092f
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
1b092f
- new upstream version 1.6.8p12
1b092f
1b092f
* Tue Nov  8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
1b092f
- new upstream version 1.6.8p11
1b092f
1b092f
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
1b092f
- use include instead of pam_stack in pam config
1b092f
1b092f
* Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
1b092f
- enable interfaces in selinux patch
1b092f
- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
1b092f
1b092f
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
1b092f
- fix debuginfo
1b092f
1b092f
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
1b092f
- fix #162623 - sesh hangs when child suspends
1b092f
1b092f
* Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
1b092f
- Add back in interfaces call, SELinux has been fixed to work around
1b092f
1b092f
* Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
1b092f
- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
1b092f
1b092f
* Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
1b092f
- fix #154511 - sudo does not use limits.conf
1b092f
1b092f
* Mon Apr  4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
1b092f
- new version 1.6.8p8: new sudoedit and sudo_noexec
1b092f
1b092f
* Wed Feb  9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
1b092f
- rebuild
1b092f
1b092f
* Mon Oct  4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
3f071d
- added missing BuildRequires for libselinux-devel (#132883)
1b092f
1b092f
* Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
1b092f
- Fix missing param error in sesh
1b092f
1b092f
* Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
1b092f
- Remove full patch check from sesh
1b092f
1b092f
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
1b092f
- Fix selinux patch to switch to root user
1b092f
1b092f
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
1b092f
- Eliminate tty handling from selinux
1b092f
1b092f
* Thu Apr  1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
1b092f
- fixed spec file: sesh in file section with selinux flag (#119682)
1b092f
1b092f
* Tue Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
1b092f
- Enhance sesh.c to fork/exec children itself, to avoid
1b092f
  having sudo reap all domains.
1b092f
- Only reinstall default signal handlers immediately before
1b092f
  exec of child with SELinux patch
1b092f
1b092f
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
3f071d
- change to default to sysadm_r
1b092f
- Fix tty handling
1b092f
1b092f
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
1b092f
- Add /bin/sesh to run selinux code.
1b092f
- replace /bin/bash -c with /bin/sesh
1b092f
1b092f
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
3f071d
- Hard code to use "/bin/bash -c" for selinux
1b092f
1b092f
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
1b092f
- Eliminate closing and reopening of terminals, to match su.
1b092f
1b092f
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
1b092f
- SELinux fixes to make transitions work properly
1b092f
1b092f
* Fri Mar  5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
1b092f
- pied sudo
1b092f
1b092f
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
1b092f
- Eliminate interfaces call, since this requires big SELinux privs
1b092f
- and it seems to be useless.
1b092f
1b092f
* Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
1b092f
- visudo requires vim-minimal or setting EDITOR to something useful (#68605)
1b092f
1b092f
* Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
1b092f
- Fix is_selinux_enabled call
1b092f
1b092f
* Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
3f071d
- Clean up patch on failure
1b092f
1b092f
* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
1b092f
- Remove sudo.te for now.
1b092f
1b092f
* Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
1b092f
- Fix usage message
1b092f
1b092f
* Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
1b092f
- Clean up sudo.te to not blow up if pam.te not present
1b092f
1b092f
* Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
1b092f
- added missing BuildRequires for groff
1b092f
1b092f
* Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
1b092f
- remove left-over debugging code
1b092f
1b092f
* Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
1b092f
- Fix terminal handling that caused Sudo to exit on non selinux machines.
1b092f
1b092f
* Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
1b092f
- Remove sudo_var_run_t which is now pam_var_run_t
1b092f
1b092f
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
1b092f
- Fix terminal handling and policy
1b092f
1b092f
* Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
1b092f
- Fix policy
1b092f
1b092f
* Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
1b092f
- Turn on SELinux support
1b092f
1b092f
* Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
1b092f
- Add support for SELinux
1b092f
1b092f
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
1b092f
1b092f
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
1b092f
- remove absolute path names from the PAM configuration, ensuring that the
1b092f
  right modules get used for whichever arch we're built for
1b092f
- don't try to install the FAQ, which isn't there any more
1b092f
1b092f
* Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
1b092f
- update to 1.6.6
1b092f
1b092f
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
1b092f
- automated rebuild
1b092f
1b092f
* Thu May 23 2002 Tim Powers <timp@redhat.com>
1b092f
- automated rebuild
1b092f
1b092f
* Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
1b092f
- Fix bug #63768
1b092f
1b092f
* Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
1b092f
- 1.6.5p2
1b092f
1b092f
* Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
1b092f
- 1.6.5p1
1b092f
- Hope this "a new release per day" madness stops ;)
1b092f
1b092f
* Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
1b092f
- 1.6.5
1b092f
1b092f
* Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
1b092f
- 1.6.4p1
1b092f
1b092f
* Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
1b092f
- Update to 1.6.4
1b092f
1b092f
* Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
1b092f
- Add build requirements (#49706)
1b092f
- s/Copyright/License/
1b092f
- bzip2 source
1b092f
1b092f
* Sat Jun 16 2001 Than Ngo <than@redhat.com>
1b092f
- update to 1.6.3p7
1b092f
- use %%{_tmppath}
1b092f
1b092f
* Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
1b092f
- 1.6.3p6, fixes buffer overrun
1b092f
1b092f
* Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1b092f
- 1.6.3p5
1b092f
1b092f
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
1b092f
- automatic rebuild
1b092f
1b092f
* Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de>
1b092f
- fixed owner of sudo and visudo
1b092f
1b092f
* Thu Jun  1 2000 Nalin Dahyabhai <nalin@redhat.com>
1b092f
- modify PAM setup to use system-auth
1b092f
- clean up buildrooting by using the makeinstall macro
1b092f
1b092f
* Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1b092f
- initial build in main distrib
1b092f
- update to 1.6.3
1b092f
- deal with compressed man pages
1b092f
1b092f
* Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
1b092f
- updated to 1.6.1 for Powertools 6.2
1b092f
- config files are now noreplace.
1b092f
1b092f
* Thu Jul 22 1999 Tim Powers <timp@redhat.com>
1b092f
- updated to 1.5.9p2 for Powertools 6.1
1b092f
1b092f
* Wed May 12 1999 Bill Nottingham <notting@redhat.com>
1b092f
- sudo is configured with pam. There's no pam.d file. Oops.
1b092f
1b092f
* Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
1b092f
- upgraded to 1.59p1 for powertools 6.0
1b092f
1b092f
* Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
1b092f
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
1b092f
1b092f
* Thu Oct 08 1998 Michael Maher <mike@redhat.com>
3f071d
- built package for 5.2
1b092f
1b092f
* Mon May 18 1998 Michael Maher <mike@redhat.com>
1b092f
- updated SPEC file
1b092f
1b092f
* Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
1b092f
- updated to 1.5.4
1b092f
1b092f
* Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
1b092f
- built for glibc, no problems
1b092f
1b092f
* Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
3f071d
- Fixed for 4.2 PowerTools
1b092f
- Still need to be pamified
1b092f
- Still need to move stmp file to /var/log
1b092f
1b092f
* Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
1b092f
- First version for PowerCD.