diff --git a/SOURCES/sudo-1.7.4p5-sudoers b/SOURCES/sudo-1.7.4p5-sudoers
deleted file mode 100644
index 414fc5f..0000000
--- a/SOURCES/sudo-1.7.4p5-sudoers
+++ /dev/null
@@ -1,118 +0,0 @@
-## Sudoers allows particular users to run various commands as
-## the root user, without needing the root password.
-##
-## Examples are provided at the bottom of the file for collections
-## of related commands, which can then be delegated out to particular
-## users or groups.
-##
-## This file must be edited with the 'visudo' command.
-
-## Host Aliases
-## Groups of machines. You may prefer to use hostnames (perhaps using
-## wildcards for entire domains) or IP addresses instead.
-# Host_Alias FILESERVERS = fs1, fs2
-# Host_Alias MAILSERVERS = smtp, smtp2
-
-## User Aliases
-## These aren't often necessary, as you can use regular groups
-## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
-## rather than USERALIAS
-# User_Alias ADMINS = jsmith, mikem
-
-
-## Command Aliases
-## These are groups of related commands...
-
-## Networking
-# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
-
-## Installation and management of software
-# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
-
-## Services
-# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
-
-## Updating the locate database
-# Cmnd_Alias LOCATE = /usr/bin/updatedb
-
-## Storage
-# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
-
-## Delegating permissions
-# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
-
-## Processes
-# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
-
-## Drivers
-# Cmnd_Alias DRIVERS = /sbin/modprobe
-
-# Defaults specification
-
-#
-# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
-# You have to run "ssh -t hostname sudo <cmd>".
-#
-Defaults requiretty
-
-#
-# Refuse to run if unable to disable echo on the tty. This setting should also be
-# changed in order to be able to use sudo without a tty. See requiretty above.
-#
-Defaults !visiblepw
-
-#
-# Preserving HOME has security implications since many programs
-# use it when searching for configuration files. Note that HOME
-# is already set when the the env_reset option is enabled, so
-# this option is only effective for configurations where either
-# env_reset is disabled or HOME is present in the env_keep list.
-#
-Defaults always_set_home
-
-Defaults env_reset
-Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
-Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
-Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
-Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
-Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
-
-#
-# Adding HOME to env_keep may enable a user to run unrestricted
-# commands via sudo.
-#
-# Defaults env_keep += "HOME"
-
-Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
-
-## Next comes the main part: which users can run what software on
-## which machines (the sudoers file can be shared between multiple
-## systems).
-## Syntax:
-##
-## user MACHINE=COMMANDS
-##
-## The COMMANDS section may have other options added to it.
-##
-## Allow root to run any commands anywhere
-root ALL=(ALL) ALL
-
-## Allows members of the 'sys' group to run networking, software,
-## service management apps and more.
-# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
-
-## Allows people in group wheel to run all commands
-# %wheel ALL=(ALL) ALL
-
-## Same thing without a password
-# %wheel ALL=(ALL) NOPASSWD: ALL
-
-## Allows members of the users group to mount and unmount the
-## cdrom as root
-# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
-
-## Allows members of the users group to shutdown this system
-# %users localhost=/sbin/shutdown -h now
-
-## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
-#includedir /etc/sudoers.d
diff --git a/SOURCES/sudo-1.8.6p7-sesh_loginshell.patch b/SOURCES/sudo-1.8.6p7-sesh_loginshell.patch
new file mode 100644
index 0000000..dde9491
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-sesh_loginshell.patch
@@ -0,0 +1,12 @@
+diff -up sudo-1.8.6p7/src/sesh.c.sesh_loginshell sudo-1.8.6p7/src/sesh.c
+--- sudo-1.8.6p7/src/sesh.c.sesh_loginshell 2014-02-26 12:37:59.735214882 +0100
++++ sudo-1.8.6p7/src/sesh.c 2014-02-26 12:38:05.535235487 +0100
+@@ -214,6 +214,8 @@ cleanup_0:
+ if (argv[-1][0] == '-') {
+ if ((cp = strrchr(argv[0], '/')) == NULL)
+ cp = argv[0];
++ else
++ argv[0] = cp;
+ *cp = '-';
+ }
+ sudo_execve(cmnd, argv, envp, noexec);
diff --git a/SOURCES/sudo-1.8.6p7-sudoers b/SOURCES/sudo-1.8.6p7-sudoers
new file mode 100644
index 0000000..3b19ebf
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-sudoers
@@ -0,0 +1,118 @@
+## Sudoers allows particular users to run various commands as
+## the root user, without needing the root password.
+##
+## Examples are provided at the bottom of the file for collections
+## of related commands, which can then be delegated out to particular
+## users or groups.
+##
+## This file must be edited with the 'visudo' command.
+
+## Host Aliases
+## Groups of machines. You may prefer to use hostnames (perhaps using
+## wildcards for entire domains) or IP addresses instead.
+# Host_Alias FILESERVERS = fs1, fs2
+# Host_Alias MAILSERVERS = smtp, smtp2
+
+## User Aliases
+## These aren't often necessary, as you can use regular groups
+## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
+## rather than USERALIAS
+# User_Alias ADMINS = jsmith, mikem
+
+
+## Command Aliases
+## These are groups of related commands...
+
+## Networking
+# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
+
+## Installation and management of software
+# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
+
+## Services
+# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
+
+## Updating the locate database
+# Cmnd_Alias LOCATE = /usr/bin/updatedb
+
+## Storage
+# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
+
+## Delegating permissions
+# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
+
+## Processes
+# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
+
+## Drivers
+# Cmnd_Alias DRIVERS = /sbin/modprobe
+
+# Defaults specification
+
+#
+# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
+# You have to run "ssh -t hostname sudo <cmd>".
+#
+Defaults requiretty
+
+#
+# Refuse to run if unable to disable echo on the tty. This setting should also be
+# changed in order to be able to use sudo without a tty. See requiretty above.
+#
+Defaults !visiblepw
+
+#
+# Preserving HOME has security implications since many programs
+# use it when searching for configuration files. Note that HOME
+# is already set when the the env_reset option is enabled, so
+# this option is only effective for configurations where either
+# env_reset is disabled or HOME is present in the env_keep list.
+#
+Defaults always_set_home
+
+Defaults env_reset
+Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
+Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
+Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
+Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
+Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
+
+#
+# Adding HOME to env_keep may enable a user to run unrestricted
+# commands via sudo.
+#
+# Defaults env_keep += "HOME"
+
+Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
+
+## Next comes the main part: which users can run what software on
+## which machines (the sudoers file can be shared between multiple
+## systems).
+## Syntax:
+##
+## user MACHINE=COMMANDS
+##
+## The COMMANDS section may have other options added to it.
+##
+## Allow root to run any commands anywhere
+root ALL=(ALL) ALL
+
+## Allows members of the 'sys' group to run networking, software,
+## service management apps and more.
+# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
+
+## Allows people in group wheel to run all commands
+%wheel ALL=(ALL) ALL
+
+## Same thing without a password
+# %wheel ALL=(ALL) NOPASSWD: ALL
+
+## Allows members of the users group to mount and unmount the
+## cdrom as root
+# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
+
+## Allows members of the users group to shutdown this system
+# %users localhost=/sbin/shutdown -h now
+
+## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
+#includedir /etc/sudoers.d
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index b3ee71e..cbde546 100644
--- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec
@@ -1,12 +1,12 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.8.6p7
-Release: 7%{?dist}
+Release: 11%{?dist}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
-Source1: sudo-1.7.4p5-sudoers
+Source1: sudo-1.8.6p7-sudoers
Source2: sudo-1.7.4p5-sudo-ldap.conf
Source3: sudo-1.8.6p3-sudo.conf
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -67,6 +67,8 @@ Patch19: sudo-1.8.6p3-sssdfixes.patch
Patch20: sudo-1.8.6p3-lbufexpandcode.patch
# 994566 - Warning in visudo: cycle in Host_Alias even without cycle
Patch21: sudo-1.8.6p3-cycledetect.patch
+# 1065418 - -sesh replaces /path/to/myshell with /path/to-myshell instead of -myshell
+Patch22: sudo-1.8.6p7-sesh_loginshell.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -112,6 +114,7 @@ plugins that use %{name}.
%patch19 -p1 -b .sssdfixes
%patch20 -p1 -b .lbufexpandcode
%patch21 -p1 -b .cycledetect
+%patch22 -p1 -b .sesh_loginshell
%build
autoreconf -I m4 -fv --install
@@ -232,6 +235,21 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8*
%changelog
+* Wed Feb 26 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-11
+- Fixed incorrect login shell path construction in sesh
+ (thanks fkrska@redhat.com for the patch)
+ Resolves: rhbz#1065418
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.8.6p7-10
+- Mass rebuild 2014-01-24
+
+* Wed Jan 15 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-9
+- allow the wheel group to use sudo
+ Resolves: rhbz#994623
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.8.6p7-8
+- Mass rebuild 2013-12-27
+
* Fri Nov 08 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-7
- dropped wrong patch and fixed patch comments
Resolves: rhbz#1000389