Blame SPECS/sudo.spec

1b092f
Summary: Allows restricted root access for specified users
1b092f
Name: sudo
0e1944
Version: 1.8.19p2
97c789
Release: 11%{?dist}
1b092f
License: ISC
1b092f
Group: Applications/System
1b092f
URL: http://www.courtesan.com/sudo/
1b092f
Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
a67eaf
Source1: sudoers
a67eaf
Source2: sudo-ldap.conf
a67eaf
Source3: sudo.conf
1b092f
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
0e1944
Requires: /etc/pam.d/system-auth, vim-minimal, libgcrypt
1b092f
1b092f
BuildRequires: pam-devel
1b092f
BuildRequires: groff
1b092f
BuildRequires: openldap-devel
1b092f
BuildRequires: flex
1b092f
BuildRequires: bison
1b092f
BuildRequires: automake autoconf libtool
1b092f
BuildRequires: audit-libs-devel libcap-devel
0e1944
BuildRequires: libgcrypt-devel
1b092f
BuildRequires: libselinux-devel
1b092f
BuildRequires: /usr/sbin/sendmail
1b092f
BuildRequires: gettext
1b092f
BuildRequires: zlib-devel
72fdaf
BuildRequires: libgcrypt-devel
1b092f
1b092f
# don't strip
1b092f
Patch1: sudo-1.6.7p5-strip.patch
1b092f
# configure.in fix
1b092f
Patch2: sudo-1.7.2p1-envdebug.patch
1b092f
# 840980 - sudo creates a new parent process
1b092f
# Adds cmnd_no_wait Defaults option
0e1944
Patch3: sudo-1.8.6p3-nowaitopt.patch
1b092f
# 881258 - rpmdiff: added missing sudo-ldap.conf manpage
0e1944
Patch4: sudo-1.8.6p7-sudoldapconfman.patch
523624
# 1092499 - Regression in sudo 1.8.6p3-7 package, double quotes are not accepted in sudoers
0e1944
Patch5: sudo-1.8.6p3-doublequotefix.patch
72fdaf
# 1183818 - backport of command digest specification feature
0e1944
Patch6: sudo-1.8.6p7-digest-backport.patch
72fdaf
# 1135539 - sudo with ldap doesn't work with 'user id' in sudoUser option
0e1944
Patch7: sudo-1.8.6p7-ldapsearchuidfix.patch
a67eaf
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure
0e1944
Patch8: sudo-1.8.6p7-logsudouser.patch
0e1944
# fix upstream testsuite - disabling 2 tests, working only with non-root user
0e1944
Patch9: sudo-1.8.18-testsuitefix.patch
0e1944
# 1413160 - backport ignore_unknown_defaults flag
0e1944
Patch10: sudo-1.8.19p2-ignore-unknown-defaults.patch
0e1944
# 1424575 - backport visudo severity of the message
0e1944
Patch11: sudo-1.8.19p2-error-warning-visudo-message.patch
0e1944
# 1369856 - synchronous (real-time) writes in sudo i/o logs
0e1944
Patch12: sudo-1.8.19p2-iologflush.patch
0e1944
# 1293306 - Sudo group lookup issue.
0e1944
Patch13: sudo-1.8.19p2-lookup-issue-doc.patch
0e1944
# 1360687 -  sudo rhel-7 rebase - comment11
0e1944
Patch14: sudo-1.8.19p2-upstream-testsuitefix.patch
0e1944
# 1360687 -  sudo rhel-7 rebase - comment13
0e1944
Patch15: sudo-1.8.19p2-fqdn-use-after-free.patch
0e1944
# 1360687 -  sudo rhel-7 rebase - comment13
0e1944
Patch16: sudo-1.8.19p2-lecture-boolean.patch
0e1944
# 1455402 - CVE-2017-1000367: Privilege escalation in via improper get_process_ttyname() parsing
0e1944
Patch17: sudo-1.8.19p2-get_process_ttyname.patch
0e1944
# 1459152 - CVE-2017-1000368: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367)
0e1944
Patch18: sudo-1.8.19p2-CVE-2017-1000368.patch
1b092f
1b092f
%description
1b092f
Sudo (superuser do) allows a system administrator to give certain
1b092f
users (or groups of users) the ability to run some (or all) commands
1b092f
as root while logging all commands and arguments. Sudo operates on a
1b092f
per-command basis.  It is not a replacement for the shell.  Features
1b092f
include: the ability to restrict what commands a user may run on a
1b092f
per-host basis, copious logging of each command (providing a clear
1b092f
audit trail of who did what), a configurable timeout of the sudo
1b092f
command, and the ability to use the same configuration file (sudoers)
1b092f
on many different machines.
1b092f
1b092f
%package        devel
1b092f
Summary:        Development files for %{name}
1b092f
Group:          Development/Libraries
1b092f
Requires:       %{name} = %{version}-%{release}
1b092f
1b092f
%description    devel
1b092f
The %{name}-devel package contains header files developing sudo
1b092f
plugins that use %{name}.
1b092f
1b092f
%prep
1b092f
%setup -q
1b092f
1b092f
%patch1 -p1 -b .strip
1b092f
%patch2 -p1 -b .envdebug
0e1944
%patch3 -p1 -b .nowaitopt
0e1944
%patch4 -p1 -b .sudoldapconfman
0e1944
%patch5 -p1 -b .doublequotefix
0e1944
%patch6 -p1 -b .digest-backport
0e1944
%patch7 -p1 -b .ldapsearchuidfix
0e1944
%patch8 -p1 -b .logsudouser
0e1944
%patch9 -p1 -b .testsuite
0e1944
%patch10 -p1 -b .ignoreunknowndefaults
0e1944
%patch11 -p1 -b .errorwarningvisudomsg
0e1944
%patch12 -p1 -b .iologflush
0e1944
%patch13 -p1 -b .lookup
0e1944
%patch14 -p1 -b .testsuite
0e1944
%patch15 -p1 -b .fqdnafterfree
0e1944
%patch16 -p1 -b .lecture
0e1944
%patch17 -p1 -b .get_process_ttyname
0e1944
%patch18 -p1 -b .CVE-2017-1000368
1b092f
1b092f
%build
1b092f
autoreconf -I m4 -fv --install
1b092f
1b092f
%ifarch s390 s390x sparc64
1b092f
F_PIE=-fPIE
1b092f
%else
1b092f
F_PIE=-fpie
1b092f
%endif
1b092f
1b092f
export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHLIB_MODE=755
1b092f
1b092f
%configure \
1b092f
        --prefix=%{_prefix} \
1b092f
        --sbindir=%{_sbindir} \
1b092f
        --libdir=%{_libdir} \
1b092f
        --docdir=%{_datadir}/doc/%{name}-%{version} \
1b092f
        --with-logging=syslog \
1b092f
        --with-logfac=authpriv \
1b092f
        --with-pam \
1b092f
        --with-pam-login \
1b092f
        --with-editor=/bin/vi \
1b092f
        --with-env-editor \
0e1944
        --with-gcrypt \
1b092f
        --with-ignore-dot \
1b092f
        --with-tty-tickets \
1b092f
        --with-ldap \
1b092f
        --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
1b092f
        --with-selinux \
1b092f
        --with-passprompt="[sudo] password for %p: " \
1b092f
        --with-linux-audit \
0e1944
        --with-sssd
1b092f
#       --without-kerb5 \
1b092f
#       --without-kerb4
1b092f
make
1b092f
0e1944
make check
0e1944
1b092f
%install
1b092f
rm -rf $RPM_BUILD_ROOT
1b092f
1b092f
# Update README.LDAP (#736653)
1b092f
sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP
1b092f
1b092f
make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
1b092f
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
1b092f
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
0e1944
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
1b092f
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
1b092f
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
1b092f
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
1b092f
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
1b092f
1b092f
# Remove execute permission on this script so we don't pull in perl deps
1b092f
chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
1b092f
0e1944
#Remove all .la files
0e1944
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
0e1944
1b092f
%find_lang sudo
1b092f
%find_lang sudoers
1b092f
1b092f
cat sudo.lang sudoers.lang > sudo_all.lang
1b092f
rm sudo.lang sudoers.lang
1b092f
1b092f
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
1b092f
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
1b092f
#%%PAM-1.0
1b092f
auth       include      system-auth
1b092f
account    include      system-auth
1b092f
password   include      system-auth
1b092f
session    optional     pam_keyinit.so revoke
1b092f
session    required     pam_limits.so
1b092f
EOF
1b092f
1b092f
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
1b092f
#%%PAM-1.0
1b092f
auth       include      sudo
1b092f
account    include      sudo
1b092f
password   include      sudo
1b092f
session    optional     pam_keyinit.so force revoke
1b092f
session    required     pam_limits.so
1b092f
EOF
1b092f
1b092f
1b092f
%clean
1b092f
rm -rf $RPM_BUILD_ROOT
1b092f
1b092f
%files -f sudo_all.lang
1b092f
%defattr(-,root,root)
1b092f
%attr(0440,root,root) %config(noreplace) /etc/sudoers
1b092f
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
1b092f
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
1b092f
%attr(0750,root,root) %dir /etc/sudoers.d/
1b092f
%config(noreplace) /etc/pam.d/sudo
1b092f
%config(noreplace) /etc/pam.d/sudo-i
0e1944
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
1b092f
%dir /var/db/sudo
0e1944
%dir /var/db/sudo/lectured
1b092f
%attr(4111,root,root) %{_bindir}/sudo
0e1944
%{_bindir}/sudoedit
1b092f
%attr(0111,root,root) %{_bindir}/sudoreplay
1b092f
%attr(0755,root,root) %{_sbindir}/visudo
0e1944
%attr(0755,root,root) %{_libexecdir}/sudo/sesh
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
0e1944
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
0e1944
%{_libexecdir}/sudo/libsudo_util.so.?
97c789
%{_libexecdir}/sudo/libsudo_util.so
1b092f
%{_mandir}/man5/sudoers.5*
1b092f
%{_mandir}/man5/sudoers.ldap.5*
1b092f
%{_mandir}/man5/sudo-ldap.conf.5*
1b092f
%{_mandir}/man5/sudo.conf.5*
1b092f
%{_mandir}/man8/sudo.8*
1b092f
%{_mandir}/man8/sudoedit.8*
1b092f
%{_mandir}/man8/sudoreplay.8*
1b092f
%{_mandir}/man8/visudo.8*
1b092f
%dir %{_docdir}/sudo-%{version}
1b092f
%{_docdir}/sudo-%{version}/*
1b092f
1b092f
1b092f
# Make sure permissions are ok even if we're updating
1b092f
%post
1b092f
/bin/chmod 0440 /etc/sudoers || :
1b092f
1b092f
%files devel
1b092f
%defattr(-,root,root,-)
1b092f
%doc plugins/sample/sample_plugin.c
1b092f
%{_includedir}/sudo_plugin.h
1b092f
%{_mandir}/man8/sudo_plugin.8*
1b092f
1b092f
%changelog
97c789
* Fri Aug 18 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.19p2-11
97c789
- Moved libsudo_util.so from the -devel sub-package to main package
97c789
  Resolves: rhbz#1482929
97c789
0e1944
* Wed Jun 07 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.19p2-10
0e1944
- RHEL 7.4 erratum
0e1944
- Fix CVE-2017-1000368
0e1944
  Resolves: rhbz#1459411
0e1944
0e1944
* Tue Jun 06 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.19p2-9
0e1944
- RHEL 7.4 erratum
0e1944
- removed patch for output truncation (1454571) which introduced regression
0e1944
  Resolves: rhbz#1360687
0e1944
0e1944
* Thu May 25 2017 Jakub Jelen <jjelen@redhat.com> - 1.8.19p2-8
0e1944
- RHEL 7.4 erratum
0e1944
- Fixes CVE-2017-1000367: Privilege escalation in via improper get_process_ttyname() parsing
0e1944
  Resolves: rhbz#1455402
0e1944
0e1944
* Tue May 23 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.19p2-7
0e1944
- RHEL 7.4 erratum
0e1944
- added patch to fix output truncation (in some cases) when log_output
0e1944
  option is enabled
0e1944
  Resolves: rhbz#1454571
0e1944
0e1944
* Thu May 04 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.19p2-6
0e1944
- RHEL 7.4 erratum
0e1944
- added patch that fixes lecture option used as bolean
0e1944
  Resolves rhbz#1360687
0e1944
0e1944
* Tue Apr 25 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.19p2-5
0e1944
- RHEL 7.4 erratum
0e1944
- added doc patch about sudo lookup issue
0e1944
  Resolves: rhbz#1293306
0e1944
- added test suite patch
0e1944
  Resolves: rhbz#1360687
0e1944
- fixed use after free fqdn problem
0e1944
  Resolves: rhbz#1360687
0e1944
0e1944
* Tue Mar 21 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-4
0e1944
- RHEL 7.4 erratum
0e1944
- fixed cmnd_no_wait patch
0e1944
- backported iolog_flush sudoers default
0e1944
  Resolves: rhbz#1369856
0e1944
  Resolves: rhbz#1425853
0e1944
0e1944
* Wed Mar 08 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-3
0e1944
- RHEL 7.4 eratum
0e1944
- Fixes semicolon typo in digest backport patch from the previous build
0e1944
  Resolves: rhbz#1360687
0e1944
0e1944
* Wed Mar 08 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-2
0e1944
- RHEL 7.4 erratum
0e1944
- Fixes coverity scan issues created by our patches: 
0e1944
  - fixed resource leaks and a compiler warning in digest backport patch
0e1944
  - removed needless code from cmnd_no_wait patch causing clang warning
0e1944
  - format of the last changelog message causes problems to rhpkg push,
0e1944
    so don't use that as a commit message 
0e1944
  Resolves: rhbz#1360687
f48767
0e1944
* Wed Mar 01 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-1
0e1944
- RHEL 7.4 erratum
0e1944
  - Resolves: rhbz#1360687 - rebase to 1.8.19p2
0e1944
  - Resolves: rhbz#1123526 - performance improvement
0e1944
  - Resolves: rhbz#1308789 - add MAIL and NOMAIL tags
0e1944
  - Resolves: rhbz#1348504 - sudo now parses sudoers with sudoers locale
0e1944
  - Resolves: rhbz#1374417 - "sudo -l command" indicated that the command 
0e1944
    was runnable even if denied by sudoers when using LDAP or SSSD backend.
0e1944
  - Resolves: rhbz#1387303 - add ignore_iolog_errors option
0e1944
  - Resolves: rhbz#1389360 - wrong log file group ownership
0e1944
  - Resolves: rhbz#1389735 - add iolog_group, iolog_mode, iolog_user options
0e1944
  - Resolves: rhbz#1397169 - maxseq and ignore_iolog_errors options
0e1944
  - Resolves: rhbz#1403051 - add support for querying netgroups directly via LDAP
0e1944
  - Resolves: rhbz#1410086 - race condition while creating /var/log/sudo-io dir
0e1944
  - Resolves: rhbz#1413160 - add ignore_unknown_defaults flag
0e1944
  - Resolves: rhbz#1254772 - ability to export sudoers in json format
0e1944
  - Resolves: rhbz#1417187 - wrong reference to config file in systax error message
0e1944
  - Resolves: rhbz#1424575 - visudo was not printing severity of error/warning message
63ace7
84fdb2
* Wed Nov 23 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-21
84fdb2
- Update noexec syscall blacklist
84fdb2
- Fixes CVE-2016-7032 and CVE-2016-7076
0e1944
  Resolves: rhbz#1391940
84fdb2
a67eaf
* Tue Jul 19 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-20
a67eaf
- RHEL 7.3 erratum
a67eaf
  - fixed visudo's -q flag
a67eaf
  Resolves: rhbz#1350828
a67eaf
a67eaf
* Tue Jun 14 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-19
a67eaf
- RHEL 7.3 erratum
a67eaf
  - removed INPUTRC from env_keep to prevent a potential info leak
a67eaf
  Resolves: rhbz#1340700
a67eaf
a67eaf
* Wed May 11 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-18
a67eaf
- RHEL 7.3 erratum
a67eaf
  - removed requiretty flag from the default sudoers policy
a67eaf
  - backported pam_service and pam_login_service defaults options
a67eaf
  - implemented netgroup_tuple defaults option for changing netgroup
a67eaf
    processing semantics
a67eaf
  - fixed user matching logic in the LDAP nss backend
a67eaf
  - don't allow visudo to accept an invalid sudoers file
a67eaf
  - fixed a bug causing that non-root users can list privileges of
a67eaf
    other users
a67eaf
  - modified digest check documentation to mention the raciness of
a67eaf
    the checking mechanism
a67eaf
  Resolves: rhbz#1196451
a67eaf
  Resolves: rhbz#1247230
a67eaf
  Resolves: rhbz#1334331
a67eaf
  Resolves: rhbz#1334360
a67eaf
  Resolves: rhbz#1261998
a67eaf
  Resolves: rhbz#1313364
a67eaf
  Resolves: rhbz#1312486
a67eaf
  Resolves: rhbz#1268958
a67eaf
  Resolves: rhbz#1335039
a67eaf
  Resolves: rhbz#1335042
a67eaf
  Resolves: rhbz#1335045
a67eaf
  Resolves: rhbz#1273243
a67eaf
  Resolves: rhbz#1299883
a67eaf
a67eaf
* Mon Feb 15 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-17
3f2bfe
- fixed bug in closefrom_override defaults option
a67eaf
  Resolves: rhbz#1297062
3f2bfe
72fdaf
* Tue Sep  1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-16
72fdaf
- RHEL 7.2 erratum
72fdaf
  - show the digest type in warning messages
72fdaf
  Resolves: rhbz#1183818
72fdaf
72fdaf
* Tue Sep  1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-15
72fdaf
- RHEL 7.2 erratum
72fdaf
  - fixed compilation of testing binaries during make check
72fdaf
  - added legacy group processing patch
72fdaf
  - replaced buggy base64 decoder with a public domain implementation
72fdaf
  Resolves: rhbz#1254621
72fdaf
  Resolves: rhbz#1183818
72fdaf
  Resolves: rhbz#1247591
72fdaf
72fdaf
* Tue Jul  7 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-14
72fdaf
- RHEL 7.2 erratum
72fdaf
  - backported command digest specification
72fdaf
  - fixed CVE-2014-9680 sudo: unsafe handling of TZ environment variable
72fdaf
  - fixed typos in sudoers.ldap man page
72fdaf
  - fixed handling of double-quoted sudoOption values in ldap, sssd sources
72fdaf
  - fixed numeric uid specification support in ldap source
72fdaf
  - fixed authentication flag logic in ldap source
72fdaf
  - added the systemctl command to the SERVICES alias in the default sudoers file
72fdaf
  Resolves: rhbz#1144446
72fdaf
  Resolves: rhbz#1235570
72fdaf
  Resolves: rhbz#1138259
72fdaf
  Resolves: rhbz#1183818
72fdaf
  Resolves: rhbz#1233607
72fdaf
  Resolves: rhbz#1144419
72fdaf
  Resolves: rhbz#1135539
72fdaf
  Resolves: rhbz#1215400
72fdaf
523624
* Tue Sep 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-13
523624
- RHEL 7.1 erratum
523624
  - fixed issues found by covscan/clang-analyzer
523624
  Resolves: rhbz#1147616
523624
523624
* Mon Sep 29 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-12
523624
- RHEL 7.1 erratum
523624
  - don't retry authentication when ctrl-c pressed
523624
  - fix double-quote processing in Defaults options
523624
  - handle the "(none)" hostname correctly
523624
  - SSSD: fix sudoUser netgroup specification filtering
523624
  - SSSD: list correct user when -U <user> -l specified
523624
  - SSSD: show rule names on long listing (-ll)
523624
  - fix infinite loop when duplicate entries are specified on the
523624
    sudoers nsswitch.conf line
523624
  Resolves: rhbz#1084488
523624
  Resolves: rhbz#1088464
523624
  Resolves: rhbz#1088825
523624
  Resolves: rhbz#1092499
523624
  Resolves: rhbz#1093099
523624
  Resolves: rhbz#1096813
523624
  Resolves: rhbz#1147497
523624
  Resolves: rhbz#1147557
523624
9c2f35
* Wed Feb 26 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-11
9c2f35
- Fixed incorrect login shell path construction in sesh
9c2f35
  (thanks fkrska@redhat.com for the patch)
9c2f35
  Resolves: rhbz#1065418
9c2f35
9c2f35
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.8.6p7-10
9c2f35
- Mass rebuild 2014-01-24
9c2f35
9c2f35
* Wed Jan 15 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-9
9c2f35
- allow the wheel group to use sudo
9c2f35
  Resolves: rhbz#994623
9c2f35
9c2f35
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.8.6p7-8
9c2f35
- Mass rebuild 2013-12-27
9c2f35
1b092f
* Fri Nov 08 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-7
1b092f
- dropped wrong patch and fixed patch comments
1b092f
  Resolves: rhbz#1000389
1b092f
1b092f
* Thu Nov 07 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-6
1b092f
- fixed alias cycle detection code
1b092f
- added debug messages for tracing of netgroup matching
1b092f
- fixed aborting on realloc when displaying allowed commands
1b092f
- sssd: filter netgroups in the sudoUser attribute
1b092f
- parse uids/gids more strictly
1b092f
- added debug messages to trace netgroup matching
1b092f
  Resolves: rhbz#1026904
1b092f
  Resolves: rhbz#1026890
1b092f
  Resolves: rhbz#1007014
1b092f
  Resolves: rhbz#1026894
1b092f
  Resolves: rhbz#1000389
1b092f
  Resolves: rhbz#994566
1b092f
1b092f
* Mon Aug 05 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-5
1b092f
- added standalone manpage for sudo.conf and sudo-ldap.conf
1b092f
- spec file cleanup
1b092f
  Resolves: rhbz#881258
1b092f
1b092f
* Mon Jul 29 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-4
1b092f
- added RHEL 6 patches
1b092f
1b092f
* Wed Jul 24 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-3
1b092f
- synced sudoers, configure options & configuration files with
1b092f
  expected RHEL configuration
1b092f
  Resolves: rhbz#969373
1b092f
  Resolves: rhbz#971009
1b092f
  Resolves: rhbz#965124
1b092f
  Resolves: rhbz#971013
1b092f
  Resolves: rhbz#839705
1b092f
1b092f
* Thu Apr 11 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-2
1b092f
- depend on /usr/sbin/sendmail instead of the sendmail package
1b092f
  Resolves: rhbz#927842
1b092f
1b092f
* Thu Feb 28 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-1
1b092f
- update to 1.8.6p7
1b092f
- fixes CVE-2013-1775 and CVE-2013-1776
1b092f
- fixed several packaging issues (thanks to ville.skytta@iki.fi)
1b092f
  - build with system zlib.
1b092f
  - let rpmbuild strip libexecdir/*.so.
1b092f
  - own the %%{_docdir}/sudo-* dir.
1b092f
  - fix some rpmlint warnings (spaces vs tabs, unescaped macros).
1b092f
  - fix bogus %%changelog dates.
1b092f
1b092f
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.6p3-3
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
1b092f
1b092f
* Mon Nov 12 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
1b092f
- added upstream patch for a regression
1b092f
- don't include arch specific files in the -devel subpackage
1b092f
- ship only one sample plugin in the -devel subpackage
1b092f
1b092f
* Tue Sep 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
1b092f
- update to 1.8.6p3
1b092f
- drop -pipelist patch (fixed in upstream)
1b092f
1b092f
* Thu Sep  6 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6-1
1b092f
- update to 1.8.6
1b092f
1b092f
* Thu Jul 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-4
1b092f
- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com)
1b092f
- re-enabled SSSD support
1b092f
- removed libsss_sudo dependency
1b092f
1b092f
* Tue Jul 24 2012 Bill Nottingham <notting@redhat.com> - 1.8.5-3
1b092f
- flip sudoers2ldif executable bit after make install, not in setup
1b092f
1b092f
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.5-2
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
1b092f
1b092f
* Thu May 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-1
1b092f
- update to 1.8.5
1b092f
- fixed CVE-2012-2337
1b092f
- temporarily disabled SSSD support 
1b092f
1b092f
* Wed Feb 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-6
1b092f
- fixed problems with undefined symbols (rhbz#798517)
1b092f
1b092f
* Wed Feb 22 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-5
1b092f
- SSSD patch update
1b092f
1b092f
* Tue Feb  7 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-4
1b092f
- added SSSD support
1b092f
1b092f
* Thu Jan 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-3
1b092f
- added patch for CVE-2012-0809
1b092f
1b092f
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.3p1-2
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
1b092f
1b092f
* Thu Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
1b092f
- update to 1.8.3p1
1b092f
- disable output word wrapping if the output is piped 
1b092f
1b092f
* Wed Sep  7 2011 Peter Robinson <pbrobinson@fedoraproject.org> - 1.8.1p2-2
1b092f
- Remove execute bit from sample script in docs so we don't pull in perl
1b092f
1b092f
* Tue Jul 12 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.1p2-1
1b092f
- rebase to 1.8.1p2
1b092f
- removed .sudoi patch
1b092f
- fixed typo: RELPRO -> RELRO
1b092f
- added -devel subpackage for the sudo_plugin.h header file
1b092f
- use default ldap configuration files again
1b092f
1b092f
* Fri Jun  3 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
1b092f
- build with RELRO
1b092f
1b092f
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.4p5-3
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
1b092f
1b092f
* Mon Jan 17 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2
1b092f
- rebase to 1.7.4p5
1b092f
- fixed sudo-1.7.4p4-getgrouplist.patch
1b092f
- fixes CVE-2011-0008, CVE-2011-0010
1b092f
1b092f
* Tue Nov 30 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-5
1b092f
- anybody in the wheel group has now root access (using password) (rhbz#656873)
1b092f
- sync configuration paths with the nss_ldap package (rhbz#652687)
1b092f
1b092f
* Wed Sep 29 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-4
1b092f
- added upstream patch to fix rhbz#638345
1b092f
1b092f
* Mon Sep 20 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-3
1b092f
- added patch for #635250
1b092f
- /var/run/sudo -> /var/db/sudo in .spec
1b092f
1b092f
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-2
1b092f
- sudo now uses /var/db/sudo for timestamps
1b092f
1b092f
* Tue Sep  7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-1
1b092f
- update to new upstream version
1b092f
- new command available: sudoreplay
1b092f
- use native audit support
1b092f
- corrected license field value: BSD -> ISC
1b092f
1b092f
* Wed Jun  2 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-2
1b092f
- added patch that fixes insufficient environment sanitization issue (#598154)
1b092f
1b092f
* Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1
1b092f
- update to new upstream version
1b092f
- merged .audit and .libaudit patch
1b092f
- added sudoers.ldap.5* to files
1b092f
1b092f
* Mon Mar  1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p5-2
1b092f
- update to new upstream version
1b092f
1b092f
* Tue Feb 16 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5
1b092f
- fixed no valid sudoers sources found (#558875)
1b092f
1b092f
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4
1b092f
- audit related Makefile.in and configure.in corrections
1b092f
- added --with-audit configure option
1b092f
- removed call to libtoolize
1b092f
1b092f
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
1b092f
- fixed segfault when #include directive is used in cycles (#561336)
1b092f
1b092f
* Fri Jan  8 2010 Ville Skyttä <ville.skytta@iki.fi> - 1.7.2p2-2
1b092f
- Add /etc/sudoers.d dir and use it in default config (#551470).
1b092f
- Drop *.pod man page duplicates from docs.
1b092f
1b092f
* Thu Jan 07 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1
1b092f
- new upstream version 1.7.2p2-1
1b092f
- commented out unused aliases in sudoers to make visudo happy (#550239)
1b092f
1b092f
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7
1b092f
- rebuilt with new audit
1b092f
1b092f
* Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6
1b092f
- moved secure_path from compile-time option to sudoers file (#517428)
1b092f
1b092f
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5
1b092f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
1b092f
1b092f
* Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4
1b092f
- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch)
1b092f
- epoch number sync
1b092f
1b092f
* Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1
1b092f
- updated sudo to version 1.7.1
1b092f
- fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
1b092f
1b092f
* Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6
1b092f
- fixed building with new libtool
1b092f
- fix for incorrect handling of groups in Runas_User
1b092f
- added /usr/local/sbin to secure-path
1b092f
1b092f
* Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
1b092f
- build with sendmail installed
1b092f
- Added /usr/local/bin to secure-path
1b092f
1b092f
* Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
1b092f
- adjust audit patch, do not scream when kernel is
1b092f
  compiled without audit netlink support (#401201)
1b092f
1b092f
* Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
1b092f
- upgrade
1b092f
1b092f
* Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7
1b092f
- build with newer autoconf-2.62 (#449614)
1b092f
1b092f
* Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6
1b092f
- compiled with secure path (#80215)
1b092f
1b092f
* Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5
1b092f
- fix path to updatedb in /etc/sudoers (#445103)
1b092f
1b092f
* Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4
1b092f
- include ldap files in rpm package (#439506)
1b092f
1b092f
* Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3
1b092f
- include [sudo] in password prompt (#437092)
1b092f
1b092f
* Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2
1b092f
- audit support improvement
1b092f
1b092f
* Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1
1b092f
- upgrade to the latest upstream release
1b092f
1b092f
* Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1
1b092f
- upgrade to the latest upstream release
1b092f
- add selinux support
1b092f
1b092f
* Mon Feb 04 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
1b092f
- sparc64 needs to be in the -fPIE list with s390
1b092f
1b092f
* Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
1b092f
- fix complains about audit_log_user_command(): Connection 
1b092f
  refused (#401201)
1b092f
1b092f
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
1b092f
- Rebuild for deps
1b092f
1b092f
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3
1b092f
- Rebuild for openssl bump
1b092f
1b092f
* Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2
1b092f
- fix autotools stuff and add audit support
1b092f
1b092f
* Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1
1b092f
- upgrade to upstream release
1b092f
1b092f
* Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
1b092f
- also use getgrouplist() to determine group membership (#235915)
1b092f
1b092f
* Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
1b092f
- fix some spec file issues
1b092f
1b092f
* Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
1b092f
- fix rpmlint issue
1b092f
1b092f
* Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
1b092f
- fix typo in sudoers file (#212308)
1b092f
1b092f
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
1b092f
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
1b092f
1b092f
* Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
1b092f
- fix sudoers file, X apps didn't work (#206320)
1b092f
1b092f
* Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
1b092f
- use Red Hat specific default sudoers file
1b092f
1b092f
* Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
1b092f
- fix #198755 - make login processes (sudo -i) initialise session keyring
1b092f
  (thanks for PAM config files to David Howells)
1b092f
- add IPv6 support (patch by Milan Zazrivec)
1b092f
1b092f
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
1b092f
- rebuild
1b092f
1b092f
* Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
1b092f
- fix #190062 - "ssh localhost sudo su" will show the password in clear
1b092f
1b092f
* Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
1b092f
- add LDAP support (#170848)
1b092f
1b092f
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
1b092f
- bump again for double-long bug on ppc(64)
1b092f
1b092f
* Wed Feb  8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
1b092f
- reset env. by default
1b092f
1b092f
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
1b092f
- rebuilt for new gcc4.1 snapshot and glibc changes
1b092f
1b092f
* Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
1b092f
- Remove selinux patch.  It has been decided that the SELinux patch for sudo is
1b092f
- no longer necessary.  In tageted policy it had no effect.  In strict/MLS policy
1b092f
- We require the person using sudo to execute newrole before using sudo.
1b092f
1b092f
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
1b092f
- new upstream version 1.6.8p12
1b092f
1b092f
* Tue Nov  8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
1b092f
- new upstream version 1.6.8p11
1b092f
1b092f
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
1b092f
- use include instead of pam_stack in pam config
1b092f
1b092f
* Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
1b092f
- enable interfaces in selinux patch
1b092f
- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
1b092f
1b092f
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
1b092f
- fix debuginfo
1b092f
1b092f
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
1b092f
- fix #162623 - sesh hangs when child suspends
1b092f
1b092f
* Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
1b092f
- Add back in interfaces call, SELinux has been fixed to work around
1b092f
1b092f
* Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
1b092f
- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
1b092f
1b092f
* Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
1b092f
- fix #154511 - sudo does not use limits.conf
1b092f
1b092f
* Mon Apr  4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
1b092f
- new version 1.6.8p8: new sudoedit and sudo_noexec
1b092f
1b092f
* Wed Feb  9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
1b092f
- rebuild
1b092f
1b092f
* Mon Oct  4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
1b092f
- added missing BuildRequires for libselinux-devel (#132883) 
1b092f
1b092f
* Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
1b092f
- Fix missing param error in sesh
1b092f
1b092f
* Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
1b092f
- Remove full patch check from sesh
1b092f
1b092f
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
1b092f
- Fix selinux patch to switch to root user
1b092f
1b092f
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
1b092f
- Eliminate tty handling from selinux
1b092f
1b092f
* Thu Apr  1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
1b092f
- fixed spec file: sesh in file section with selinux flag (#119682)
1b092f
1b092f
* Tue Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
1b092f
- Enhance sesh.c to fork/exec children itself, to avoid
1b092f
  having sudo reap all domains.
1b092f
- Only reinstall default signal handlers immediately before
1b092f
  exec of child with SELinux patch
1b092f
1b092f
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
1b092f
- change to default to sysadm_r 
1b092f
- Fix tty handling
1b092f
1b092f
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
1b092f
- Add /bin/sesh to run selinux code.
1b092f
- replace /bin/bash -c with /bin/sesh
1b092f
1b092f
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
1b092f
- Hard code to use "/bin/bash -c" for selinux 
1b092f
1b092f
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
1b092f
- Eliminate closing and reopening of terminals, to match su.
1b092f
1b092f
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
1b092f
- SELinux fixes to make transitions work properly
1b092f
1b092f
* Fri Mar  5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
1b092f
- pied sudo
1b092f
1b092f
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
1b092f
- Eliminate interfaces call, since this requires big SELinux privs
1b092f
- and it seems to be useless.
1b092f
1b092f
* Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
1b092f
- visudo requires vim-minimal or setting EDITOR to something useful (#68605)
1b092f
1b092f
* Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
1b092f
- Fix is_selinux_enabled call
1b092f
1b092f
* Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
1b092f
- Clean up patch on failure 
1b092f
1b092f
* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
1b092f
- Remove sudo.te for now.
1b092f
1b092f
* Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
1b092f
- Fix usage message
1b092f
1b092f
* Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
1b092f
- Clean up sudo.te to not blow up if pam.te not present
1b092f
1b092f
* Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
1b092f
- added missing BuildRequires for groff
1b092f
1b092f
* Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
1b092f
- remove left-over debugging code
1b092f
1b092f
* Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
1b092f
- Fix terminal handling that caused Sudo to exit on non selinux machines.
1b092f
1b092f
* Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
1b092f
- Remove sudo_var_run_t which is now pam_var_run_t
1b092f
1b092f
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
1b092f
- Fix terminal handling and policy
1b092f
1b092f
* Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
1b092f
- Fix policy
1b092f
1b092f
* Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
1b092f
- Turn on SELinux support
1b092f
1b092f
* Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
1b092f
- Add support for SELinux
1b092f
1b092f
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
1b092f
1b092f
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
1b092f
- rebuilt
1b092f
1b092f
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
1b092f
- remove absolute path names from the PAM configuration, ensuring that the
1b092f
  right modules get used for whichever arch we're built for
1b092f
- don't try to install the FAQ, which isn't there any more
1b092f
1b092f
* Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
1b092f
- update to 1.6.6
1b092f
1b092f
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
1b092f
- automated rebuild
1b092f
1b092f
* Thu May 23 2002 Tim Powers <timp@redhat.com>
1b092f
- automated rebuild
1b092f
1b092f
* Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
1b092f
- Fix bug #63768
1b092f
1b092f
* Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
1b092f
- 1.6.5p2
1b092f
1b092f
* Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
1b092f
- 1.6.5p1
1b092f
- Hope this "a new release per day" madness stops ;)
1b092f
1b092f
* Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
1b092f
- 1.6.5
1b092f
1b092f
* Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
1b092f
- 1.6.4p1
1b092f
1b092f
* Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
1b092f
- Update to 1.6.4
1b092f
1b092f
* Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
1b092f
- Add build requirements (#49706)
1b092f
- s/Copyright/License/
1b092f
- bzip2 source
1b092f
1b092f
* Sat Jun 16 2001 Than Ngo <than@redhat.com>
1b092f
- update to 1.6.3p7
1b092f
- use %%{_tmppath}
1b092f
1b092f
* Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
1b092f
- 1.6.3p6, fixes buffer overrun
1b092f
1b092f
* Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1b092f
- 1.6.3p5
1b092f
1b092f
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
1b092f
- automatic rebuild
1b092f
1b092f
* Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de>
1b092f
- fixed owner of sudo and visudo
1b092f
1b092f
* Thu Jun  1 2000 Nalin Dahyabhai <nalin@redhat.com>
1b092f
- modify PAM setup to use system-auth
1b092f
- clean up buildrooting by using the makeinstall macro
1b092f
1b092f
* Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1b092f
- initial build in main distrib
1b092f
- update to 1.6.3
1b092f
- deal with compressed man pages
1b092f
1b092f
* Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
1b092f
- updated to 1.6.1 for Powertools 6.2
1b092f
- config files are now noreplace.
1b092f
1b092f
* Thu Jul 22 1999 Tim Powers <timp@redhat.com>
1b092f
- updated to 1.5.9p2 for Powertools 6.1
1b092f
1b092f
* Wed May 12 1999 Bill Nottingham <notting@redhat.com>
1b092f
- sudo is configured with pam. There's no pam.d file. Oops.
1b092f
1b092f
* Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
1b092f
- upgraded to 1.59p1 for powertools 6.0
1b092f
1b092f
* Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
1b092f
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
1b092f
1b092f
* Thu Oct 08 1998 Michael Maher <mike@redhat.com>
1b092f
- built package for 5.2 
1b092f
1b092f
* Mon May 18 1998 Michael Maher <mike@redhat.com>
1b092f
- updated SPEC file
1b092f
1b092f
* Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
1b092f
- updated to 1.5.4
1b092f
1b092f
* Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
1b092f
- built for glibc, no problems
1b092f
1b092f
* Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
1b092f
- Fixed for 4.2 PowerTools 
1b092f
- Still need to be pamified
1b092f
- Still need to move stmp file to /var/log
1b092f
1b092f
* Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
1b092f
- First version for PowerCD.
1b092f