Blame SPECS/sudo.spec

a2b174
Summary: Allows restricted root access for specified users
a2b174
Name: sudo
a2b174
Version: 1.8.29
7ec3f7
Release: 9%{?dist}
a2b174
License: ISC
a2b174
Group: Applications/System
15c49f
URL: https://www.sudo.ws/
a2b174
a2b174
Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
a2b174
Source1: sudoers
a2b174
Source2: sudo-ldap.conf
a2b174
Source3: sudo.conf
a2b174
a2b174
Requires: /etc/pam.d/system-auth
a2b174
Requires: /usr/bin/vi
a2b174
Requires(post): /bin/chmod
a2b174
a2b174
BuildRequires: /usr/sbin/sendmail
a2b174
BuildRequires: autoconf
a2b174
BuildRequires: automake
a2b174
BuildRequires: bison
a2b174
BuildRequires: flex
a2b174
BuildRequires: gettext
a2b174
BuildRequires: groff
a2b174
BuildRequires: libtool
a2b174
BuildRequires: audit-libs-devel
a2b174
BuildRequires: libcap-devel
a2b174
BuildRequires: libgcrypt-devel
a2b174
BuildRequires: libselinux-devel
a2b174
BuildRequires: openldap-devel
a2b174
BuildRequires: pam-devel
a2b174
BuildRequires: zlib-devel
a2b174
a2b174
# don't strip
a2b174
Patch1: sudo-1.6.7p5-strip.patch
a2b174
# 881258 - rpmdiff: added missing sudo-ldap.conf manpage
a2b174
Patch2: sudo-1.8.23-sudoldapconfman.patch
a2b174
# env debug patch
a2b174
Patch3: sudo-1.7.2p1-envdebug.patch
a2b174
# 1247591 - Sudo taking a long time when user information is stored externally.
a2b174
Patch4: sudo-1.8.23-legacy-group-processing.patch
a2b174
# 840980 - sudo creates a new parent process
a2b174
# Adds cmnd_no_wait Defaults option
a2b174
Patch5: sudo-1.8.23-nowaitopt.patch
a2b174
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure
a2b174
Patch6: sudo-1.8.6p7-logsudouser.patch
a2b174
# 1786987 - CVE-2019-19232 sudo: attacker with access to a Runas ALL sudoer account
a2b174
# can impersonate a nonexistent user [rhel-8]
a2b174
Patch7: sudo-1.8.29-CVE-2019-19232.patch
a2b174
# 1796518 - [RFE] add optional check for the target user shell
a2b174
Patch8: sudo-1.8.29-CVE-2019-19234.patch
a2b174
# 1798093 - CVE-2019-18634 sudo: Stack based buffer overflow in when pwfeedback is enabled [rhel-8.2.0]
a2b174
Patch9: sudo-1.8.29-CVE-2019-18634.patch
a2b174
ad92e8
# 1815164 - sudo allows privilege escalation with expire password
ad92e8
Patch10: sudo-1.8.29-expired-password-part1.patch
ad92e8
Patch11: sudo-1.8.29-expired-password-part2.patch
ad92e8
15c49f
# 1917734 - EMBARGOED CVE-2021-3156 sudo: Heap-buffer overflow in argument parsing [rhel-8.4.0]
15c49f
Patch12: sudo-1.8.31-CVE-2021-3156.patch
15c49f
# 1916434 - CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit [rhel-8]
15c49f
Patch13: sudo-1.9.5-CVE-2021-23239.patch
15c49f
# 1917038 - CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit [rhel-8]
15c49f
Patch14: sudo-1.9.5-CVE-2021-23240-1.patch
15c49f
Patch15: sudo-1.9.5-CVE-2021-23240-2.patch
15c49f
Patch16: sudo-1.9.5-CVE-2021-23240-3.patch
15c49f
Patch17: sudo-1.9.5-CVE-2021-23240-4.patch
15c49f
Patch18: sudo-1.9.5-CVE-2021-23240-5.patch
15c49f
56e51f
# 2029551 - sudoedit does not work with selinux args
56e51f
Patch19: sudo-1.9.5-sudoedit-selinux.patch
56e51f
# 1999751 - Request to backport https://www.sudo.ws/repos/sudo/rev/b4c91a0f72e7 to RHEL 8
56e51f
Patch20: sudo-1.9.7-sigchild.patch
56e51f
# 1917379 - [RFE] pass KRB5CCNAME to pam_authenticate environment if available
56e51f
Patch21: sudo-1.9.7-krb5ccname.patch
56e51f
# 1986572 - utmp resource leak in sudo
56e51f
Patch22: sudo-1.9.7-utmp-leak.patch
b1b93b
7ec3f7
# 2114576 - sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
7ec3f7
Patch23: sha-digest-calc.patch
7ec3f7
a2b174
%description
a2b174
Sudo (superuser do) allows a system administrator to give certain
a2b174
users (or groups of users) the ability to run some (or all) commands
a2b174
as root while logging all commands and arguments. Sudo operates on a
a2b174
per-command basis.  It is not a replacement for the shell.  Features
a2b174
include: the ability to restrict what commands a user may run on a
a2b174
per-host basis, copious logging of each command (providing a clear
a2b174
audit trail of who did what), a configurable timeout of the sudo
a2b174
command, and the ability to use the same configuration file (sudoers)
a2b174
on many different machines.
a2b174
a2b174
%package        devel
a2b174
Summary:        Development files for %{name}
a2b174
Group:          Development/Libraries
a2b174
Requires:       %{name} = %{version}-%{release}
a2b174
a2b174
%description    devel
a2b174
The %{name}-devel package contains header files developing sudo
a2b174
plugins that use %{name}.
a2b174
a2b174
%prep
a2b174
%setup -q
a2b174
a2b174
%patch1 -p1 -b .strip
a2b174
%patch2 -p1 -b .sudoldapconfman
a2b174
%patch3 -p1 -b .env-debug
a2b174
%patch4 -p1 -b .legacy-processing
a2b174
%patch5 -p1 -b .nowait
a2b174
%patch6 -p1 -b .logsudouser
a2b174
%patch7 -p1 -b .CVE-2019-19232
a2b174
%patch8 -p1 -b .target-shell
a2b174
%patch9 -p1 -b .CVE-2019-18634
a2b174
ad92e8
%patch10 -p1 -b .expired1
ad92e8
%patch11 -p1 -b .expired2
ad92e8
15c49f
%patch12 -p1 -b .heap-buffer
15c49f
15c49f
%patch13 -p1 -b .sudoedit-race
15c49f
15c49f
%patch14 -p1 -b .symbolic-link-attack-1
15c49f
%patch15 -p1 -b .symbolic-link-attack-2
15c49f
%patch16 -p1 -b .symbolic-link-attack-3
15c49f
%patch17 -p1 -b .symbolic-link-attack-4
15c49f
%patch18 -p1 -b .symbolic-link-attack-5
15c49f
56e51f
%patch19 -p1 -b .sudoedit-selinux
b1b93b
56e51f
%patch20 -p1 -b .sigchild
56e51f
%patch21 -p1 -b .krb5ccname
56e51f
%patch22 -p1 -b .utmp-leak
b1b93b
7ec3f7
%patch23 -p1 -b .sha-digest
7ec3f7
a2b174
%build
a2b174
# Remove bundled copy of zlib
a2b174
rm -rf zlib/
a2b174
autoreconf -I m4 -fv --install
a2b174
a2b174
%ifarch s390 s390x sparc64
a2b174
F_PIE=-fPIE
a2b174
%else
a2b174
F_PIE=-fpie
a2b174
%endif
a2b174
a2b174
export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
a2b174
a2b174
%configure \
a2b174
        --prefix=%{_prefix} \
a2b174
        --sbindir=%{_sbindir} \
a2b174
        --libdir=%{_libdir} \
a2b174
        --docdir=%{_pkgdocdir} \
a2b174
        --disable-root-mailer \
a2b174
        --with-logging=syslog \
a2b174
        --with-logfac=authpriv \
a2b174
        --with-pam \
a2b174
        --with-pam-login \
a2b174
        --with-editor=/bin/vi \
a2b174
        --with-env-editor \
a2b174
        --with-ignore-dot \
a2b174
        --with-tty-tickets \
a2b174
        --with-ldap \
a2b174
        --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
a2b174
        --with-selinux \
a2b174
        --with-passprompt="[sudo] password for %p: " \
a2b174
        --with-linux-audit \
a2b174
        --with-sssd
a2b174
#       --without-kerb5 \
a2b174
#       --without-kerb4
a2b174
make
a2b174
a2b174
%check
a2b174
make check
a2b174
a2b174
%install
a2b174
rm -rf $RPM_BUILD_ROOT
a2b174
a2b174
# Update README.LDAP (#736653)
a2b174
sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP
a2b174
a2b174
make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
a2b174
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
a2b174
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
a2b174
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
a2b174
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
a2b174
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
a2b174
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
a2b174
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
a2b174
a2b174
# Add sudo to protected packages
a2b174
install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
a2b174
touch sudo.conf
a2b174
echo sudo > sudo.conf
a2b174
install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
a2b174
rm -f sudo.conf
a2b174
a2b174
chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
a2b174
a2b174
# Don't package LICENSE as a doc
a2b174
rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
a2b174
a2b174
# Remove examples; Examples can be found in man pages too.
a2b174
rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
a2b174
a2b174
# Remove all .la files
a2b174
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
a2b174
a2b174
# Remove sudoers.dist
a2b174
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
a2b174
a2b174
%find_lang sudo
a2b174
%find_lang sudoers
a2b174
a2b174
cat sudo.lang sudoers.lang > sudo_all.lang
a2b174
rm sudo.lang sudoers.lang
a2b174
a2b174
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
a2b174
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
a2b174
#%%PAM-1.0
a2b174
auth       include      system-auth
a2b174
account    include      system-auth
a2b174
password   include      system-auth
a2b174
session    include      system-auth
a2b174
EOF
a2b174
a2b174
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
a2b174
#%%PAM-1.0
a2b174
auth       include      sudo
a2b174
account    include      sudo
a2b174
password   include      sudo
a2b174
session    optional     pam_keyinit.so force revoke
a2b174
session    include      sudo
a2b174
EOF
a2b174
a2b174
a2b174
%clean
a2b174
rm -rf $RPM_BUILD_ROOT
a2b174
a2b174
%files -f sudo_all.lang
a2b174
%defattr(-,root,root)
a2b174
%attr(0440,root,root) %config(noreplace) /etc/sudoers
a2b174
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
a2b174
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
a2b174
%attr(0750,root,root) %dir /etc/sudoers.d/
a2b174
%config(noreplace) /etc/pam.d/sudo
a2b174
%config(noreplace) /etc/pam.d/sudo-i
a2b174
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
a2b174
%attr(0644,root,root) /etc/dnf/protected.d/sudo.conf
a2b174
%dir /var/db/sudo
a2b174
%dir /var/db/sudo/lectured
a2b174
%attr(4111,root,root) %{_bindir}/sudo
a2b174
%{_bindir}/sudoedit
a2b174
%{_bindir}/cvtsudoers
a2b174
%attr(0111,root,root) %{_bindir}/sudoreplay
a2b174
%attr(0755,root,root) %{_sbindir}/visudo
a2b174
%dir %{_libexecdir}/sudo
a2b174
%attr(0755,root,root) %{_libexecdir}/sudo/sesh
a2b174
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
a2b174
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
a2b174
%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
a2b174
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
a2b174
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
a2b174
%{_libexecdir}/sudo/libsudo_util.so.?
a2b174
%{_libexecdir}/sudo/libsudo_util.so
a2b174
%{_mandir}/man5/sudoers.5*
a2b174
%{_mandir}/man5/sudoers.ldap.5*
a2b174
%{_mandir}/man5/sudo-ldap.conf.5*
a2b174
%{_mandir}/man5/sudo.conf.5*
a2b174
%{_mandir}/man8/sudo.8*
a2b174
%{_mandir}/man8/sudoedit.8*
a2b174
%{_mandir}/man8/sudoreplay.8*
a2b174
%{_mandir}/man8/visudo.8*
a2b174
%{_mandir}/man1/cvtsudoers.1*
a2b174
%{_mandir}/man5/sudoers_timestamp.5*
a2b174
%dir %{_pkgdocdir}/
a2b174
%{_pkgdocdir}/*
a2b174
%{!?_licensedir:%global license %%doc}
a2b174
%license doc/LICENSE
a2b174
%exclude %{_pkgdocdir}/ChangeLog
a2b174
a2b174
a2b174
# Make sure permissions are ok even if we're updating
a2b174
%post
a2b174
/bin/chmod 0440 /etc/sudoers || :
a2b174
a2b174
%files devel
a2b174
%defattr(-,root,root,-)
a2b174
%doc plugins/sample/sample_plugin.c
a2b174
%{_includedir}/sudo_plugin.h
a2b174
%{_mandir}/man8/sudo_plugin.8*
a2b174
a2b174
%changelog
7ec3f7
* Wed Jan 11 2023 Radovan Sroka <rsroka@redhat.com> - 1.8.29.9
7ec3f7
RHEL 8.8.0 ERRATUM
7ec3f7
- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
7ec3f7
Resolves: rhbz#2114576
7ec3f7
56e51f
* Mon Dec 06 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-8
56e51f
RHEL 8.6.0 ERRATUM
56e51f
- sudoedit does not work with selinux args
56e51f
Resolves: rhbz#2029551
b1b93b
- Make sure SIGCHLD is not ignored when sudo is executed
56e51f
Resolves: rhbz#1999751
56e51f
- [RFE] pass KRB5CCNAME to pam_authenticate environment if available
56e51f
Resolves: rhbz#1917379
56e51f
- utmp resource leak in sudo
56e51f
Resolves: rhbz#1986572
b1b93b
15c49f
* Tue Feb 02 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-7
15c49f
- RHEL 8.4 ERRATUM
15c49f
- CVE-2021-3156
15c49f
Resolves: rhbz#1917734
15c49f
- CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit
15c49f
Resolves: rhzb#1916434
15c49f
- CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit
15c49f
Resolves: rhbz#1917038
15c49f
- updated upstream url
15c49f
Resolves: rhbz#1923825
15c49f
ad92e8
* Tue Apr 28 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.29-6
ad92e8
- RHEL 8.3 ERRATUM
ad92e8
- sudo allows privilege escalation with expire password
ad92e8
Resolves: rhbz#1815164
ad92e8
a2b174
* Wed Feb 05 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.29-5
a2b174
- RHEL 8.2 ERRATUM
a2b174
- CVE-2019-18634
a2b174
Resolves: rhbz#1798093
a2b174
a2b174
* Tue Jan 14 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.29-4
a2b174
- RHEL 8.2 ERRATUM
a2b174
- CVE-2019-19232
a2b174
Resolves: rhbz#1786987
a2b174
Resolves: rhbz#1796518
a2b174
a2b174
* Wed Oct 30 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.29-2
a2b174
- RHEL 8.2 ERRATUM
a2b174
- rebase to 1.8.29
a2b174
Resolves: rhbz#1733961
a2b174
Resolves: rhbz#1651662
a2b174
a2b174
* Fri Oct 25 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.28p1-1
a2b174
- RHEL 8.2 ERRATUM
a2b174
- rebase to 1.8.28p1
a2b174
Resolves: rhbz#1733961
a2b174
- fixed man page for always_set_home
a2b174
Resolves: rhbz#1576880
a2b174
- sudo does not work with notbefore/after
a2b174
Resolves: rhbz#1679508
a2b174
- NOTBEFORE showing value of sudoNotAfter Ldap attribute
a2b174
Resolves: rhbz#1715516
a2b174
- CVE-2019-14287 sudo
a2b174
- Privilege escalation via 'Runas' specification with 'ALL' keyword
a2b174
Resolves: rhbz#1760697
a2b174
a2b174
* Fri Aug 16 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.25-7
a2b174
- RHEL 8.1 ERRATUM
a2b174
- sudo ipa_hostname not honored
a2b174
Resolves: rhbz#1738662
a2b174
a2b174
* Mon Aug 12 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.25-6
a2b174
- RHEL 8.1 ERRATUM
a2b174
- Fixed The LDAP backend which is not properly parsing sudoOptions,
a2b174
  resulting in selinux roles not being applied
a2b174
Resolves: rhbz#1738326
a2b174
a2b174
* Tue May 28 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.25-5
a2b174
- RHEL 8.1 ERRATUM
a2b174
- Fixed problem with sudo-1.8.23 and 'who am i'
a2b174
Resolves: rhbz#1673886
a2b174
- Backporting sudo bug with expired passwords
a2b174
Resolves: rhbz#1676819
a2b174
a2b174
* Tue Dec 11 2018 Radovan Sroka <rsroka@redhat.com> - 1.8.25-4
a2b174
- Fix most of the man page scans problems
a2b174
- Resolves: rhbz#1613327
a2b174
a2b174
* Fri Oct 12 2018 Daniel Kopecek <dkopecek@redhat.com> - 1.8.25-3
a2b174
- bump release for new build
a2b174
Resolves: rhbz#1625683
a2b174
a2b174
* Thu Oct 11 2018 Daniel Kopecek <dkopecek@redhat.com> - 1.8.25-2
a2b174
- Depend explicitly on /usr/sbin/sendmail instead of sendmail (rhel-7 sync)
a2b174
- Simplified pam configuration file by removing duplicate pam stack entries
a2b174
Resolves: rhbz#1633144
a2b174
a2b174
* Wed Sep 26 2018 Radovan Sroka <rsroka@redhat.com> - 1.8.25-1
a2b174
- rebase to the new upstream version 1.8.25p1
a2b174
- sync patches with rhel-7.6
a2b174
- sync sudoers with rhel-7.6
a2b174
  resolves: rhbz#1633144
a2b174
a2b174
* Mon Sep 10 2018 Radovan Sroka <rsroka@redhat.com> - 1.8.23-2
a2b174
- install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo
a2b174
  resolves: rhbz#1626972
a2b174
a2b174
* Thu May 17 2018 Daniel Kopecek <dkopecek@redhat.com> - 1.8.23-1
a2b174
- Packaging update for RHEL 8.0 (sync with latest RHEL 7 state)
a2b174
a2b174
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.22-0.2.b1
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
a2b174
a2b174
* Thu Dec 14 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.22b1-1
a2b174
- update to 1.8.22b1
a2b174
- Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185
a2b174
a2b174
* Thu Sep 21 2017 Marek Tamaskovic <mtamasko@redhat.com> - 1.8.21p2-1
a2b174
- update to 1.8.21p2
a2b174
- Moved libsudo_util.so from the -devel sub-package to main package (1481225)
a2b174
a2b174
* Wed Sep 06 2017 Matthew Miller <mattdm@fedoraproject.org> - 1.8.20p2-4
a2b174
- replace file-based requirements with package-level ones:
a2b174
- /etc/pam.d/system-auth to 'pam'
a2b174
- /bin/chmod to 'coreutils' (bug #1488934)
a2b174
- /usr/bin/vi to vim-minimal
a2b174
- ... and make vim-minimal "recommends" instead of "requires", because
a2b174
  other editors can be configured.
a2b174
a2b174
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.20p2-3
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
a2b174
a2b174
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.20p2-2
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
a2b174
a2b174
* Thu Jun 01 2017 Daniel Kopecek <dkopecek@redhat.com> 1.8.20p2-1
a2b174
- update to 1.8.20p2
a2b174
a2b174
* Wed May 31 2017 Daniel Kopecek <dkopecek@redhat.com> 1.8.20p1-1
a2b174
- update to 1.8.20p1
a2b174
- fixes CVE-2017-1000367
a2b174
  Resolves: rhbz#1456884
a2b174
a2b174
* Fri Apr 07 2017 Jiri Vymazal <jvymazal@redhat.com> - 1.8.20-0.1.b1
a2b174
- update to latest development version 1.8.20b1
a2b174
- added sudo to dnf/yum protected packages
a2b174
  Resolves: rhbz#1418756
a2b174
a2b174
* Mon Feb 13 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-1
a2b174
- update to 1.8.19p2
a2b174
a2b174
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.19-0.3.20161108git738c3cb
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
a2b174
a2b174
* Tue Nov 08 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.19-0.2.20161108git738c3cb
a2b174
- update to latest development version
a2b174
- fixes CVE-2016-7076
a2b174
a2b174
* Fri Sep 23 2016 Radovan Sroka <rsroka@redhat.com> 1.8.19-0.1.20160923git90e4538
a2b174
- we were not able to update from rc and beta versions to stable one
a2b174
- so this is a new snapshot package which resolves it
a2b174
a2b174
* Wed Sep 21 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18-1
a2b174
- update to 1.8.18
a2b174
a2b174
* Fri Sep 16 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18rc4-1
a2b174
- update to 1.8.18rc4
a2b174
a2b174
* Wed Sep 14 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18rc2-1
a2b174
- update to 1.8.18rc2
a2b174
- dropped sudo-1.8.14p1-ldapconfpatch.patch
a2b174
  upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html
a2b174
a2b174
* Fri Aug 26 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18b2-1
a2b174
- update to 1.8.18b2
a2b174
- added --disable-root-mailer as configure option
a2b174
  Resolves: rhbz#1324091
a2b174
a2b174
* Fri Jun 24 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.17p1-1
a2b174
- update to 1.8.17p1
a2b174
- install the /var/db/sudo/lectured
a2b174
  Resolves: rhbz#1321414
a2b174
a2b174
* Tue May 31 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-4
a2b174
- removed INPUTRC from env_keep to prevent a possible info leak
a2b174
  Resolves: rhbz#1340701
a2b174
a2b174
* Fri May 13 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-3
a2b174
- fixed upstream patch for rhbz#1328735
a2b174
a2b174
* Thu May 12 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-2
a2b174
- fixed invalid sesh argument array construction
a2b174
a2b174
* Mon Apr 04 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-1
a2b174
- update to 1.8.16
a2b174
a2b174
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.15-2
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
a2b174
a2b174
* Thu Nov  5 2015 Daniel Kopecek <dkopecek@redhat.com> 1.8.15-1
a2b174
- update to 1.8.15
a2b174
- fixes CVE-2015-5602
a2b174
a2b174
* Mon Aug 24 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-3
a2b174
- enable upstream test suite
a2b174
a2b174
* Mon Aug 24 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-2
a2b174
- add patch that resolves initialization problem before sudo_strsplit call
a2b174
- add patch that resolves deadcode in visudo.c
a2b174
- add patch that removes extra while in visudo.c and sudoers.c
a2b174
a2b174
* Mon Jul 27 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-1
a2b174
- update to 1.8.14p3
a2b174
a2b174
* Mon Jul 20 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p1-1
a2b174
- update to 1.8.14p1-1
a2b174
- rebase sudo-1.8.14b3-ldapconfpatch.patch -> sudo-1.8.14p1-ldapconfpatch.patch
a2b174
- rebase sudo-1.8.14b4-docpassexpire.patch -> sudo-1.8.14p1-docpassexpire.patch
a2b174
a2b174
* Tue Jul 14 2015 Radovan Sroka <rsroka@redhat.com> 1.8.12-2
a2b174
- add patch3 sudo.1.8.14b4-passexpire.patch that makes change in documentation about timestamp_time
a2b174
- Resolves: rhbz#1162070
a2b174
a2b174
* Fri Jul 10 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.14b4-1
a2b174
- Update to 1.8.14b4
a2b174
- Add own %%{_tmpfilesdir}/sudo.conf
a2b174
a2b174
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.12-2
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
a2b174
a2b174
* Wed Feb 18 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.12
a2b174
- update to 1.8.12
a2b174
- fixes CVE-2014-9680
a2b174
a2b174
* Mon Nov  3 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.11p2-1
a2b174
- update to 1.8.11p2
a2b174
- added patch to fix upstream bug #671 -- exiting immediately
a2b174
  when audit is disabled
a2b174
a2b174
* Tue Sep 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.11-1
a2b174
- update to 1.8.11
a2b174
- major changes & fixes:
a2b174
  - when running a command in the background, sudo will now forward
a2b174
    SIGINFO to the command
a2b174
  - the passwords in ldap.conf and ldap.secret may now be encoded in base64.
a2b174
  - SELinux role changes are now audited. For sudoedit, we now audit
a2b174
    the actual editor being run, instead of just the sudoedit command.
a2b174
  - it is now possible to match an environment variable's value as well as
a2b174
    its name using env_keep and env_check
a2b174
  - new files created via sudoedit as a non-root user now have the proper group id
a2b174
  - sudoedit now works correctly in conjunction with sudo's SELinux RBAC support
a2b174
  - it is now possible to disable network interface probing in sudo.conf by
a2b174
    changing the value of the probe_interfaces setting
a2b174
  - when listing a user's privileges (sudo -l), the sudoers plugin will now prompt
a2b174
    for the user's password even if the targetpw, rootpw or runaspw options are set.
a2b174
  - the new use_netgroups sudoers option can be used to explicitly enable or disable
a2b174
    netgroups support
a2b174
  - visudo can now export a sudoers file in JSON format using the new -x flag
a2b174
- added patch to read ldap.conf more closely to nss_ldap
a2b174
- require /usr/bin/vi instead of vim-minimal
a2b174
- include pam.d/system-auth in PAM session phase from pam.d/sudo
a2b174
- include pam.d/sudo in PAM session phase from pam.d/sudo-i
a2b174
a2b174
* Tue Aug  5 2014 Tom Callaway <spot@fedoraproject.org> - 1.8.8-6
a2b174
- fix license handling
a2b174
a2b174
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.8-5
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
a2b174
a2b174
* Sat May 31 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1.8.8-4
a2b174
- Drop ChangeLog, we ship NEWS
a2b174
a2b174
* Mon Mar 10 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.8-3
a2b174
- remove bundled copy of zlib before compilation
a2b174
- drop the requiretty Defaults setting from sudoers
a2b174
a2b174
* Sat Jan 25 2014 Ville Skyttä <ville.skytta@iki.fi> - 1.8.8-2
a2b174
- Own the %%{_libexecdir}/sudo dir.
a2b174
a2b174
* Mon Sep 30 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.8-1
a2b174
- update to 1.8.8
a2b174
- major changes & fixes:
a2b174
  - LDAP SASL support now works properly with Kerberos
a2b174
  - root may no longer change its SELinux role without entering a password
a2b174
  - user messages are now always displayed in the user's locale, even when
a2b174
    the same message is being logged or mailed in a different locale.
a2b174
  - log files created by sudo now explicitly have the group set to group
a2b174
    ID 0 rather than relying on BSD group semantics
a2b174
  - sudo now stores its libexec files in a sudo subdirectory instead of in
a2b174
    libexec itself
a2b174
  - system_group and group_file sudoers group provider plugins are now
a2b174
    installed by default
a2b174
  - the paths to ldap.conf and ldap.secret may now be specified as arguments
a2b174
    to the sudoers plugin in the sudo.conf file
a2b174
  - ...and many new features and settings. See the upstream ChangeLog for the
a2b174
    full list.
a2b174
- several sssd support fixes
a2b174
- added patch to make uid/gid specification parsing more strict (don't accept
a2b174
  an invalid number as uid/gid)
a2b174
- use the _pkgdocdir macro
a2b174
  (see https://fedoraproject.org/wiki/Changes/UnversionedDocdirs)
a2b174
- fixed several bugs found by the clang static analyzer
a2b174
- added %%post dependency on chmod
a2b174
a2b174
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.6p7-2
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
a2b174
a2b174
* Thu Feb 28 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-1
a2b174
- update to 1.8.6p7
a2b174
- fixes CVE-2013-1775 and CVE-2013-1776
a2b174
- fixed several packaging issues (thanks to ville.skytta@iki.fi)
a2b174
  - build with system zlib.
a2b174
  - let rpmbuild strip libexecdir/*.so.
a2b174
  - own the %%{_docdir}/sudo-* dir.
a2b174
  - fix some rpmlint warnings (spaces vs tabs, unescaped macros).
a2b174
  - fix bogus %%changelog dates.
a2b174
a2b174
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.6p3-3
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
a2b174
a2b174
* Mon Nov 12 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
a2b174
- added upstream patch for a regression
a2b174
- don't include arch specific files in the -devel subpackage
a2b174
- ship only one sample plugin in the -devel subpackage
a2b174
a2b174
* Tue Sep 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
a2b174
- update to 1.8.6p3
a2b174
- drop -pipelist patch (fixed in upstream)
a2b174
a2b174
* Thu Sep  6 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6-1
a2b174
- update to 1.8.6
a2b174
a2b174
* Thu Jul 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-4
a2b174
- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com)
a2b174
- re-enabled SSSD support
a2b174
- removed libsss_sudo dependency
a2b174
a2b174
* Tue Jul 24 2012 Bill Nottingham <notting@redhat.com> - 1.8.5-3
a2b174
- flip sudoers2ldif executable bit after make install, not in setup
a2b174
a2b174
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.5-2
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
a2b174
a2b174
* Thu May 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-1
a2b174
- update to 1.8.5
a2b174
- fixed CVE-2012-2337
a2b174
- temporarily disabled SSSD support
a2b174
a2b174
* Wed Feb 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-6
a2b174
- fixed problems with undefined symbols (rhbz#798517)
a2b174
a2b174
* Wed Feb 22 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-5
a2b174
- SSSD patch update
a2b174
a2b174
* Tue Feb  7 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-4
a2b174
- added SSSD support
a2b174
a2b174
* Thu Jan 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-3
a2b174
- added patch for CVE-2012-0809
a2b174
a2b174
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.3p1-2
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
a2b174
a2b174
* Thu Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
a2b174
- update to 1.8.3p1
a2b174
- disable output word wrapping if the output is piped
a2b174
a2b174
* Wed Sep  7 2011 Peter Robinson <pbrobinson@fedoraproject.org> - 1.8.1p2-2
a2b174
- Remove execute bit from sample script in docs so we don't pull in perl
a2b174
a2b174
* Tue Jul 12 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.1p2-1
a2b174
- rebase to 1.8.1p2
a2b174
- removed .sudoi patch
a2b174
- fixed typo: RELPRO -> RELRO
a2b174
- added -devel subpackage for the sudo_plugin.h header file
a2b174
- use default ldap configuration files again
a2b174
a2b174
* Fri Jun  3 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
a2b174
- build with RELRO
a2b174
a2b174
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.4p5-3
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
a2b174
a2b174
* Mon Jan 17 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2
a2b174
- rebase to 1.7.4p5
a2b174
- fixed sudo-1.7.4p4-getgrouplist.patch
a2b174
- fixes CVE-2011-0008, CVE-2011-0010
a2b174
a2b174
* Tue Nov 30 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-5
a2b174
- anybody in the wheel group has now root access (using password) (rhbz#656873)
a2b174
- sync configuration paths with the nss_ldap package (rhbz#652687)
a2b174
a2b174
* Wed Sep 29 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-4
a2b174
- added upstream patch to fix rhbz#638345
a2b174
a2b174
* Mon Sep 20 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-3
a2b174
- added patch for #635250
a2b174
- /var/run/sudo -> /var/db/sudo in .spec
a2b174
a2b174
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-2
a2b174
- sudo now uses /var/db/sudo for timestamps
a2b174
a2b174
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-1
a2b174
- update to new upstream version
a2b174
- new command available: sudoreplay
a2b174
- use native audit support
a2b174
- corrected license field value: BSD -> ISC
a2b174
a2b174
* Wed Jun  2 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-2
a2b174
- added patch that fixes insufficient environment sanitization issue (#598154)
a2b174
a2b174
* Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1
a2b174
- update to new upstream version
a2b174
- merged .audit and .libaudit patch
a2b174
- added sudoers.ldap.5* to files
a2b174
a2b174
* Mon Mar  1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p5-2
a2b174
- update to new upstream version
a2b174
a2b174
* Tue Feb 16 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5
a2b174
- fixed no valid sudoers sources found (#558875)
a2b174
a2b174
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4
a2b174
- audit related Makefile.in and configure.in corrections
a2b174
- added --with-audit configure option
a2b174
- removed call to libtoolize
a2b174
a2b174
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
a2b174
- fixed segfault when #include directive is used in cycles (#561336)
a2b174
a2b174
* Fri Jan  8 2010 Ville Skyttä <ville.skytta@iki.fi> - 1.7.2p2-2
a2b174
- Add /etc/sudoers.d dir and use it in default config (#551470).
a2b174
- Drop *.pod man page duplicates from docs.
a2b174
a2b174
* Thu Jan 07 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1
a2b174
- new upstream version 1.7.2p2-1
a2b174
- commented out unused aliases in sudoers to make visudo happy (#550239)
a2b174
a2b174
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7
a2b174
- rebuilt with new audit
a2b174
a2b174
* Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6
a2b174
- moved secure_path from compile-time option to sudoers file (#517428)
a2b174
a2b174
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5
a2b174
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
a2b174
a2b174
* Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4
a2b174
- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch)
a2b174
- epoch number sync
a2b174
a2b174
* Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1
a2b174
- updated sudo to version 1.7.1
a2b174
- fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
a2b174
a2b174
* Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6
a2b174
- fixed building with new libtool
a2b174
- fix for incorrect handling of groups in Runas_User
a2b174
- added /usr/local/sbin to secure-path
a2b174
a2b174
* Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
a2b174
- build with sendmail installed
a2b174
- Added /usr/local/bin to secure-path
a2b174
a2b174
* Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
a2b174
- adjust audit patch, do not scream when kernel is
a2b174
  compiled without audit netlink support (#401201)
a2b174
a2b174
* Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
a2b174
- upgrade
a2b174
a2b174
* Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7
a2b174
- build with newer autoconf-2.62 (#449614)
a2b174
a2b174
* Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6
a2b174
- compiled with secure path (#80215)
a2b174
a2b174
* Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5
a2b174
- fix path to updatedb in /etc/sudoers (#445103)
a2b174
a2b174
* Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4
a2b174
- include ldap files in rpm package (#439506)
a2b174
a2b174
* Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3
a2b174
- include [sudo] in password prompt (#437092)
a2b174
a2b174
* Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2
a2b174
- audit support improvement
a2b174
a2b174
* Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1
a2b174
- upgrade to the latest upstream release
a2b174
a2b174
* Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1
a2b174
- upgrade to the latest upstream release
a2b174
- add selinux support
a2b174
a2b174
* Mon Feb 04 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
a2b174
- sparc64 needs to be in the -fPIE list with s390
a2b174
a2b174
* Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
a2b174
- fix complains about audit_log_user_command(): Connection
a2b174
  refused (#401201)
a2b174
a2b174
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
a2b174
- Rebuild for deps
a2b174
a2b174
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3
a2b174
- Rebuild for openssl bump
a2b174
a2b174
* Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2
a2b174
- fix autotools stuff and add audit support
a2b174
a2b174
* Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1
a2b174
- upgrade to upstream release
a2b174
a2b174
* Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
a2b174
- also use getgrouplist() to determine group membership (#235915)
a2b174
a2b174
* Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
a2b174
- fix some spec file issues
a2b174
a2b174
* Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
a2b174
- fix rpmlint issue
a2b174
a2b174
* Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
a2b174
- fix typo in sudoers file (#212308)
a2b174
a2b174
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
a2b174
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
a2b174
a2b174
* Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
a2b174
- fix sudoers file, X apps didn't work (#206320)
a2b174
a2b174
* Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
a2b174
- use Red Hat specific default sudoers file
a2b174
a2b174
* Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
a2b174
- fix #198755 - make login processes (sudo -i) initialise session keyring
a2b174
  (thanks for PAM config files to David Howells)
a2b174
- add IPv6 support (patch by Milan Zazrivec)
a2b174
a2b174
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
a2b174
- rebuild
a2b174
a2b174
* Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
a2b174
- fix #190062 - "ssh localhost sudo su" will show the password in clear
a2b174
a2b174
* Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
a2b174
- add LDAP support (#170848)
a2b174
a2b174
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
a2b174
- bump again for double-long bug on ppc(64)
a2b174
a2b174
* Wed Feb  8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
a2b174
- reset env. by default
a2b174
a2b174
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
a2b174
- rebuilt for new gcc4.1 snapshot and glibc changes
a2b174
a2b174
* Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
a2b174
- Remove selinux patch.  It has been decided that the SELinux patch for sudo is
a2b174
- no longer necessary.  In tageted policy it had no effect.  In strict/MLS policy
a2b174
- We require the person using sudo to execute newrole before using sudo.
a2b174
a2b174
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
a2b174
- rebuilt
a2b174
a2b174
* Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
a2b174
- new upstream version 1.6.8p12
a2b174
a2b174
* Tue Nov  8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
a2b174
- new upstream version 1.6.8p11
a2b174
a2b174
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
a2b174
- use include instead of pam_stack in pam config
a2b174
a2b174
* Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
a2b174
- enable interfaces in selinux patch
a2b174
- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
a2b174
a2b174
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
a2b174
- fix debuginfo
a2b174
a2b174
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
a2b174
- fix #162623 - sesh hangs when child suspends
a2b174
a2b174
* Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
a2b174
- Add back in interfaces call, SELinux has been fixed to work around
a2b174
a2b174
* Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
a2b174
- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
a2b174
a2b174
* Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
a2b174
- fix #154511 - sudo does not use limits.conf
a2b174
a2b174
* Mon Apr  4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
a2b174
- new version 1.6.8p8: new sudoedit and sudo_noexec
a2b174
a2b174
* Wed Feb  9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
a2b174
- rebuild
a2b174
a2b174
* Mon Oct  4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
a2b174
- added missing BuildRequires for libselinux-devel (#132883)
a2b174
a2b174
* Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
a2b174
- Fix missing param error in sesh
a2b174
a2b174
* Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
a2b174
- Remove full patch check from sesh
a2b174
a2b174
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
a2b174
- Fix selinux patch to switch to root user
a2b174
a2b174
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
a2b174
- rebuilt
a2b174
a2b174
* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
a2b174
- Eliminate tty handling from selinux
a2b174
a2b174
* Thu Apr  1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
a2b174
- fixed spec file: sesh in file section with selinux flag (#119682)
a2b174
a2b174
* Tue Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
a2b174
- Enhance sesh.c to fork/exec children itself, to avoid
a2b174
  having sudo reap all domains.
a2b174
- Only reinstall default signal handlers immediately before
a2b174
  exec of child with SELinux patch
a2b174
a2b174
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
a2b174
- change to default to sysadm_r
a2b174
- Fix tty handling
a2b174
a2b174
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
a2b174
- Add /bin/sesh to run selinux code.
a2b174
- replace /bin/bash -c with /bin/sesh
a2b174
a2b174
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
a2b174
- Hard code to use "/bin/bash -c" for selinux
a2b174
a2b174
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
a2b174
- Eliminate closing and reopening of terminals, to match su.
a2b174
a2b174
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
a2b174
- SELinux fixes to make transitions work properly
a2b174
a2b174
* Fri Mar  5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
a2b174
- pied sudo
a2b174
a2b174
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
a2b174
- rebuilt
a2b174
a2b174
* Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
a2b174
- Eliminate interfaces call, since this requires big SELinux privs
a2b174
- and it seems to be useless.
a2b174
a2b174
* Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
a2b174
- visudo requires vim-minimal or setting EDITOR to something useful (#68605)
a2b174
a2b174
* Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
a2b174
- Fix is_selinux_enabled call
a2b174
a2b174
* Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
a2b174
- Clean up patch on failure
a2b174
a2b174
* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
a2b174
- Remove sudo.te for now.
a2b174
a2b174
* Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
a2b174
- Fix usage message
a2b174
a2b174
* Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
a2b174
- Clean up sudo.te to not blow up if pam.te not present
a2b174
a2b174
* Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
a2b174
- added missing BuildRequires for groff
a2b174
a2b174
* Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
a2b174
- remove left-over debugging code
a2b174
a2b174
* Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
a2b174
- Fix terminal handling that caused Sudo to exit on non selinux machines.
a2b174
a2b174
* Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
a2b174
- Remove sudo_var_run_t which is now pam_var_run_t
a2b174
a2b174
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
a2b174
- Fix terminal handling and policy
a2b174
a2b174
* Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
a2b174
- Fix policy
a2b174
a2b174
* Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
a2b174
- Turn on SELinux support
a2b174
a2b174
* Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
a2b174
- Add support for SELinux
a2b174
a2b174
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
a2b174
- rebuilt
a2b174
a2b174
* Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
a2b174
a2b174
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
a2b174
- rebuilt
a2b174
a2b174
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
a2b174
- remove absolute path names from the PAM configuration, ensuring that the
a2b174
  right modules get used for whichever arch we're built for
a2b174
- don't try to install the FAQ, which isn't there any more
a2b174
a2b174
* Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
a2b174
- update to 1.6.6
a2b174
a2b174
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
a2b174
- automated rebuild
a2b174
a2b174
* Thu May 23 2002 Tim Powers <timp@redhat.com>
a2b174
- automated rebuild
a2b174
a2b174
* Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
a2b174
- Fix bug #63768
a2b174
a2b174
* Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
a2b174
- 1.6.5p2
a2b174
a2b174
* Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
a2b174
- 1.6.5p1
a2b174
- Hope this "a new release per day" madness stops ;)
a2b174
a2b174
* Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
a2b174
- 1.6.5
a2b174
a2b174
* Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
a2b174
- 1.6.4p1
a2b174
a2b174
* Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
a2b174
- Update to 1.6.4
a2b174
a2b174
* Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
a2b174
- Add build requirements (#49706)
a2b174
- s/Copyright/License/
a2b174
- bzip2 source
a2b174
a2b174
* Sat Jun 16 2001 Than Ngo <than@redhat.com>
a2b174
- update to 1.6.3p7
a2b174
- use %%{_tmppath}
a2b174
a2b174
* Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
a2b174
- 1.6.3p6, fixes buffer overrun
a2b174
a2b174
* Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
a2b174
- 1.6.3p5
a2b174
a2b174
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
a2b174
- automatic rebuild
a2b174
a2b174
* Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de>
a2b174
- fixed owner of sudo and visudo
a2b174
a2b174
* Thu Jun  1 2000 Nalin Dahyabhai <nalin@redhat.com>
a2b174
- modify PAM setup to use system-auth
a2b174
- clean up buildrooting by using the makeinstall macro
a2b174
a2b174
* Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
a2b174
- initial build in main distrib
a2b174
- update to 1.6.3
a2b174
- deal with compressed man pages
a2b174
a2b174
* Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
a2b174
- updated to 1.6.1 for Powertools 6.2
a2b174
- config files are now noreplace.
a2b174
a2b174
* Thu Jul 22 1999 Tim Powers <timp@redhat.com>
a2b174
- updated to 1.5.9p2 for Powertools 6.1
a2b174
a2b174
* Wed May 12 1999 Bill Nottingham <notting@redhat.com>
a2b174
- sudo is configured with pam. There's no pam.d file. Oops.
a2b174
a2b174
* Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
a2b174
- upgraded to 1.59p1 for powertools 6.0
a2b174
a2b174
* Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
a2b174
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
a2b174
a2b174
* Thu Oct 08 1998 Michael Maher <mike@redhat.com>
a2b174
- built package for 5.2
a2b174
a2b174
* Mon May 18 1998 Michael Maher <mike@redhat.com>
a2b174
- updated SPEC file
a2b174
a2b174
* Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
a2b174
- updated to 1.5.4
a2b174
a2b174
* Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
a2b174
- built for glibc, no problems
a2b174
a2b174
* Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
a2b174
- Fixed for 4.2 PowerTools
a2b174
- Still need to be pamified
a2b174
- Still need to move stmp file to /var/log
a2b174
a2b174
* Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
a2b174
- First version for PowerCD.