powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity

sudo package update 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 2018-11-27 14:52:52 +01:00
parent 0772d05c3d
commit 1b50540dd3
8 changed files with 555 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
SOURCES/sudo-1.8.23-Ignore-PAM_NEW_AUTHTOK_REQD-and-PAM_AUTHTOK_EXPIRED.patch Normal file
View File

@ -0,0 +1,161 @@
From 0f303a2de843c31afb03b558dfb7287be79e6e17 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Thu, 26 Jul 2018 12:31:29 -0600
Subject: [PATCH] Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors
from pam_acct_mgmt() if authentication is disabled for the user. Bug #843

---
plugins/sudoers/auth/bsdauth.c | 2 +-
plugins/sudoers/auth/pam.c | 10 +++++++++-
plugins/sudoers/auth/sudo_auth.c | 4 ++--
plugins/sudoers/auth/sudo_auth.h | 6 +++---
plugins/sudoers/check.c | 4 +++-
plugins/sudoers/sudoers.h | 2 +-
6 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c
index 444cd337..390263d3 100644
--- a/plugins/sudoers/auth/bsdauth.c
+++ b/plugins/sudoers/auth/bsdauth.c
@@ -168,7 +168,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con
}
int
-bsdauth_approval(struct passwd *pw, sudo_auth *auth)
+bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt)
{
struct bsdauth_state *state = auth->data;
debug_decl(bsdauth_approval, SUDOERS_DEBUG_AUTH)
diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c
index 347289da..a4749448 100644
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -202,7 +202,7 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co
}
int
-sudo_pam_approval(struct passwd *pw, sudo_auth *auth)
+sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt)
{
const char *s;
int *pam_status = (int *) auth->data;
@@ -217,6 +217,10 @@ sudo_pam_approval(struct passwd *pw, sudo_auth *auth)
"is your account locked?"));
debug_return_int(AUTH_FATAL);
case PAM_NEW_AUTHTOK_REQD:
+ /* Ignore if user is exempt from password restrictions. */
+ if (exempt)
+ debug_return_int(AUTH_SUCCESS);
+ /* New password required, try to change it. */
log_warningx(0, N_("Account or password is "
"expired, reset your password and try again"));
*pam_status = pam_chauthtok(pamh,
@@ -229,6 +233,10 @@ sudo_pam_approval(struct passwd *pw, sudo_auth *auth)
N_("unable to change expired password: %s"), s);
debug_return_int(AUTH_FAILURE);
case PAM_AUTHTOK_EXPIRED:
+ /* Ignore if user is exempt from password restrictions. */
+ if (exempt)
+ debug_return_int(AUTH_SUCCESS);
+ /* Password expired, cannot be updated by user. */
log_warningx(0,
N_("Password expired, contact your system administrator"));
debug_return_int(AUTH_FATAL);
diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c
index 6ef9bd72..5d9382dc 100644
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -163,7 +163,7 @@ sudo_auth_init(struct passwd *pw)
* Returns true on success, false on failure and -1 on error.
*/
int
-sudo_auth_approval(struct passwd *pw, int validated)
+sudo_auth_approval(struct passwd *pw, int validated, bool exempt)
{
sudo_auth *auth;
debug_decl(sudo_auth_approval, SUDOERS_DEBUG_AUTH)
@@ -171,7 +171,7 @@ sudo_auth_approval(struct passwd *pw, int validated)
/* Call approval routines. */
for (auth = auth_switch; auth->name; auth++) {
if (auth->approval && !IS_DISABLED(auth)) {
- int status = (auth->approval)(pw, auth);
+ int status = (auth->approval)(pw, auth, exempt);
if (status != AUTH_SUCCESS) {
/* Assume error msg already printed. */
log_auth_failure(validated, 0);
diff --git a/plugins/sudoers/auth/sudo_auth.h b/plugins/sudoers/auth/sudo_auth.h
index ea5ed9cd..9ae69cd5 100644
--- a/plugins/sudoers/auth/sudo_auth.h
+++ b/plugins/sudoers/auth/sudo_auth.h
@@ -31,7 +31,7 @@ typedef struct sudo_auth {
int (*init)(struct passwd *pw, struct sudo_auth *auth);
int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth);
int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback);
- int (*approval)(struct passwd *pw, struct sudo_auth *auth);
+ int (*approval)(struct passwd *pw, struct sudo_auth *auth, bool exempt);
int (*cleanup)(struct passwd *pw, struct sudo_auth *auth);
int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth);
int (*end_session)(struct passwd *pw, struct sudo_auth *auth);
@@ -56,7 +56,7 @@ extern sudo_conv_t sudo_conv;
/* Prototypes for standalone methods */
int bsdauth_init(struct passwd *pw, sudo_auth *auth);
int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
-int bsdauth_approval(struct passwd *pw, sudo_auth *auth);
+int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth);
int sudo_aix_init(struct passwd *pw, sudo_auth *auth);
int sudo_aix_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
@@ -67,7 +67,7 @@ int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth);
int sudo_pam_init(struct passwd *pw, sudo_auth *auth);
int sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth);
int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
-int sudo_pam_approval(struct passwd *pw, sudo_auth *auth);
+int sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth);
int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth);
int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth);
diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c
index ed49d63a..486a80d8 100644
--- a/plugins/sudoers/check.c
+++ b/plugins/sudoers/check.c
@@ -175,6 +175,7 @@ check_user(int validated, int mode)
{
struct passwd *auth_pw;
int ret = -1;
+ bool exempt = false;
debug_decl(check_user, SUDOERS_DEBUG_AUTH)
/*
@@ -194,6 +195,7 @@ check_user(int validated, int mode)
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s", __func__,
!def_authenticate ? "authentication disabled" :
"user exempt from authentication");
+ exempt = true;
ret = true;
goto done;
}
@@ -218,7 +220,7 @@ check_user(int validated, int mode)
done:
if (ret == true) {
/* The approval function may disallow a user post-authentication. */
- ret = sudo_auth_approval(auth_pw, validated);
+ ret = sudo_auth_approval(auth_pw, validated, exempt);
}
sudo_auth_cleanup(auth_pw);
sudo_pw_delref(auth_pw);
diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 57db74c1..956cb084 100644
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -265,7 +265,7 @@ int verify_user(struct passwd *pw, char *prompt, int validated, struct sudo_conv
int sudo_auth_begin_session(struct passwd *pw, char **user_env[]);
int sudo_auth_end_session(struct passwd *pw);
int sudo_auth_init(struct passwd *pw);
-int sudo_auth_approval(struct passwd *pw, int validated);
+int sudo_auth_approval(struct passwd *pw, int validated, bool exempt);
int sudo_auth_cleanup(struct passwd *pw);
/* set_perms.c */
--
2.13.6

70
SOURCES/sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch Normal file
View File

@ -0,0 +1,70 @@
diff -up sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok
--- sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok.defaults-double-quote-fix 2018-09-24 18:10:37.235000000 +0200
+++ sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok 2018-09-24 18:11:40.153000000 +0200
@@ -34,7 +34,7 @@
},
{
"Binding": [
- { "username": "%them" }
+ { "usergroup": "them" }
],
"Options": [
{ "set_home": true }
@@ -42,7 +42,7 @@
},
{
"Binding": [
- { "username": "%: non UNIX 0 c" }
+ { "nonunixgroup": " non UNIX 0 c" }
],
"Options": [
{ "set_home": true }
@@ -50,7 +50,7 @@
},
{
"Binding": [
- { "username": "+net" }
+ { "netgroup": "net" }
],
"Options": [
{ "set_home": true }
diff -up sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok
--- sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok.defaults-double-quote-fix 2018-09-24 18:10:25.216000000 +0200
+++ sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok 2018-09-24 18:11:45.213000000 +0200
@@ -29,9 +29,9 @@ DEFAULTS_HOST BEGINSTR STRBODY ENDSTR WO
#
DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR NETGROUP DEFVAR
#
DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
diff -up sudo-1.8.23/plugins/sudoers/toke.c.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/toke.c
--- sudo-1.8.23/plugins/sudoers/toke.c.defaults-double-quote-fix 2018-04-29 21:59:23.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/toke.c 2018-09-24 18:06:15.527000000 +0200
@@ -2395,7 +2395,7 @@ YY_RULE_SETUP
LEXTRACE("ERROR "); /* empty string */
LEXRETURN(ERROR);
}
- if (prev_state == INITIAL) {
+ if (prev_state == INITIAL || prev_state == GOTDEFS) {
switch (sudoerslval.string[0]) {
case '%':
if (sudoerslval.string[1] == '\0' ||
diff -up sudo-1.8.23/plugins/sudoers/toke.l.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/toke.l
--- sudo-1.8.23/plugins/sudoers/toke.l.defaults-double-quote-fix 2018-04-29 21:59:23.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/toke.l 2018-09-24 18:06:15.528000000 +0200
@@ -187,7 +187,7 @@ DEFVAR [a-z_]+
LEXTRACE("ERROR "); /* empty string */
LEXRETURN(ERROR);
}
- if (prev_state == INITIAL) {
+ if (prev_state == INITIAL || prev_state == GOTDEFS) {
switch (sudoerslval.string[0]) {
case '%':
if (sudoerslval.string[1] == '\0' ||

27
SOURCES/sudo-1.8.23-ldapsearchuidfix.patch Normal file
View File

@ -0,0 +1,27 @@
diff -up sudo-1.8.23/plugins/sudoers/ldap.c.ldapsearchuidfix sudo-1.8.23/plugins/sudoers/ldap.c
--- sudo-1.8.23/plugins/sudoers/ldap.c.ldapsearchuidfix 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/ldap.c 2018-06-18 08:34:01.202686941 +0200
@@ -1189,8 +1189,8 @@ sudo_ldap_build_pass1(LDAP *ld, struct p
if (ldap_conf.search_filter)
sz += strlen(ldap_conf.search_filter);
- /* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */
- sz += 29 + sudo_ldap_value_len(pw->pw_name);
+ /* Then add (|(sudoUser=USERNAME)(sudoUser=#uid)(sudoUser=ALL)) + NUL */
+ sz += 29 + (12 + MAX_UID_T_LEN) + sudo_ldap_value_len(pw->pw_name);
/* Add space for primary and supplementary groups and gids */
if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
@@ -1253,6 +1253,12 @@ sudo_ldap_build_pass1(LDAP *ld, struct p
CHECK_LDAP_VCAT(buf, pw->pw_name, sz);
CHECK_STRLCAT(buf, ")", sz);
+ /* Append user uid */
+ (void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)pw->pw_uid);
+ (void) strlcat(buf, "(sudoUser=#", sz);
+ (void) strlcat(buf, gidbuf, sz);
+ (void) strlcat(buf, ")", sz);
+
/* Append primary group and gid */
if (grp != NULL) {
CHECK_STRLCAT(buf, "(sudoUser=%", sz);

89
SOURCES/sudo-1.8.23-legacy-group-processing.patch Normal file
View File

@ -0,0 +1,89 @@
diff -up sudo-1.8.23/plugins/sudoers/cvtsudoers.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/cvtsudoers.c
--- sudo-1.8.23/plugins/sudoers/cvtsudoers.c.legacy-group-processing 2018-06-28 11:24:25.966475241 +0200
+++ sudo-1.8.23/plugins/sudoers/cvtsudoers.c 2018-06-28 11:26:40.215025493 +0200
@@ -321,6 +321,15 @@ main(int argc, char *argv[])
sudo_fatalx("error: unhandled input %d", input_format);
}
+ /*
+ * cvtsudoers group filtering doesn't work if def_match_group_by_gid
+ * is set to true by default (at compile-time). It cannot be set to false
+ * because cvtsudoers doesn't apply the parsed Defaults.
+ *
+ * Related: sudo-1.8.23-legacy-group-processing.patch
+ */
+ def_match_group_by_gid = def_legacy_group_processing = false;
+
/* Apply filters. */
filter_userspecs(conf);
filter_defaults(conf);
diff -up sudo-1.8.23/plugins/sudoers/defaults.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/defaults.c
--- sudo-1.8.23/plugins/sudoers/defaults.c.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/defaults.c 2018-06-28 11:24:25.966475241 +0200
@@ -87,6 +87,7 @@ static struct early_default early_defaul
{ I_FQDN },
#endif
{ I_MATCH_GROUP_BY_GID },
+ { I_LEGACY_GROUP_PROCESSING },
{ I_GROUP_PLUGIN },
{ I_RUNAS_DEFAULT },
{ I_SUDOERS_LOCALE },
@@ -488,6 +489,8 @@ init_defaults(void)
}
/* First initialize the flags. */
+ def_legacy_group_processing = true;
+ def_match_group_by_gid = true;
#ifdef LONG_OTP_PROMPT
def_long_otp_prompt = true;
#endif
diff -up sudo-1.8.23/plugins/sudoers/def_data.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/def_data.c
--- sudo-1.8.23/plugins/sudoers/def_data.c.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.c 2018-06-28 11:24:25.966475241 +0200
@@ -494,6 +494,10 @@ struct sudo_defs_types sudo_defs_table[]
N_("Ignore case when matching group names"),
NULL,
}, {
+ "legacy_group_processing", T_FLAG,
+ N_("Don't pre-resolve all group names"),
+ NULL,
+ }, {
NULL, 0, NULL
}
};
diff -up sudo-1.8.23/plugins/sudoers/def_data.h.legacy-group-processing sudo-1.8.23/plugins/sudoers/def_data.h
--- sudo-1.8.23/plugins/sudoers/def_data.h.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.h 2018-06-28 11:24:25.967475238 +0200
@@ -226,6 +226,8 @@
#define def_case_insensitive_user (sudo_defs_table[I_CASE_INSENSITIVE_USER].sd_un.flag)
#define I_CASE_INSENSITIVE_GROUP 113
#define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
+#define I_LEGACY_GROUP_PROCESSING 114
+#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
enum def_tuple {
never,
diff -up sudo-1.8.23/plugins/sudoers/def_data.in.legacy-group-processing sudo-1.8.23/plugins/sudoers/def_data.in
--- sudo-1.8.23/plugins/sudoers/def_data.in.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.in 2018-06-28 11:24:25.967475238 +0200
@@ -357,3 +357,6 @@ case_insensitive_user
case_insensitive_group
T_FLAG
"Ignore case when matching group names"
+legacy_group_processing
+ T_FLAG
+ "Don't pre-resolve all group names"
diff -up sudo-1.8.23/plugins/sudoers/sudoers.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/sudoers.c
--- sudo-1.8.23/plugins/sudoers/sudoers.c.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/sudoers.c 2018-06-28 11:24:25.967475238 +0200
@@ -209,6 +209,10 @@ sudoers_policy_init(void *info, char * c
if (set_loginclass(runas_pw ? runas_pw : sudo_user.pw))
ret = true;
+ if (!def_match_group_by_gid || !def_legacy_group_processing) {
+ def_match_group_by_gid = false;
+ def_legacy_group_processing = false;
+ }
cleanup:
if (!restore_perms())
ret = -1;

61
SOURCES/sudo-1.8.23-nowaitopt.patch Normal file
View File

@ -0,0 +1,61 @@
diff -up sudo-1.8.23/plugins/sudoers/def_data.c.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.c
--- sudo-1.8.23/plugins/sudoers/def_data.c.nowaitopt 2018-06-18 09:36:34.249307795 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.c 2018-06-18 09:43:12.122986032 +0200
@@ -498,6 +498,10 @@ struct sudo_defs_types sudo_defs_table[]
N_("Don't pre-resolve all group names"),
NULL,
}, {
+ "cmnd_no_wait", T_FLAG,
+ N_("Don't fork and wait for the command to finish, just exec it"),
+ NULL,
+ }, {
NULL, 0, NULL
}
};
diff -up sudo-1.8.23/plugins/sudoers/def_data.h.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.h
--- sudo-1.8.23/plugins/sudoers/def_data.h.nowaitopt 2018-06-18 09:36:34.250307792 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.h 2018-06-18 09:43:44.541878327 +0200
@@ -228,6 +228,8 @@
#define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
#define I_LEGACY_GROUP_PROCESSING 114
#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
+#define I_CMND_NO_WAIT 115
+#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
enum def_tuple {
never,
diff -up sudo-1.8.23/plugins/sudoers/def_data.in.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.in
--- sudo-1.8.23/plugins/sudoers/def_data.in.nowaitopt 2018-06-18 09:36:34.250307792 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.in 2018-06-18 09:45:00.076627403 +0200
@@ -360,3 +360,6 @@ case_insensitive_group
legacy_group_processing
T_FLAG
"Don't pre-resolve all group names"
+cmnd_no_wait
+ T_FLAG
+ "Don't fork and wait for the command to finish, just exec it"
diff -up sudo-1.8.23/plugins/sudoers/policy.c.nowaitopt sudo-1.8.23/plugins/sudoers/policy.c
diff -up sudo-1.8.23/plugins/sudoers/sudoers.c.nowaitopt sudo-1.8.23/plugins/sudoers/sudoers.c
--- sudo-1.8.23/plugins/sudoers/sudoers.c.nowaitopt 2018-06-18 11:31:51.883751328 +0200
+++ sudo-1.8.23/plugins/sudoers/sudoers.c 2018-06-18 11:31:03.670899166 +0200
@@ -213,6 +213,20 @@ sudoers_policy_init(void *info, char * c
def_match_group_by_gid = false;
def_legacy_group_processing = false;
}
+
+ /*
+ * Emulate cmnd_no_wait option by disabling PAM session, PTY allocation
+ * and I/O logging. This will cause sudo to execute the given command
+ * directly instead of forking a separate process for it.
+ */
+ if (def_cmnd_no_wait) {
+ def_pam_setcred = false;
+ def_pam_session = false;
+ def_use_pty = false;
+ def_log_input = false;
+ def_log_output = false;
+ }
+
cleanup:
if (!restore_perms())
ret = -1;

32
SOURCES/sudo-1.8.23-sudoldapconfman.patch Normal file
View File

@ -0,0 +1,32 @@
diff -up sudo-1.8.23/doc/Makefile.in.sudoldapconfman sudo-1.8.23/doc/Makefile.in
--- sudo-1.8.23/doc/Makefile.in.sudoldapconfman 2018-05-23 13:38:08.347538854 +0200
+++ sudo-1.8.23/doc/Makefile.in 2018-05-23 13:38:12.806523146 +0200
@@ -345,10 +345,16 @@ install-doc: install-dirs
rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \
echo ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \
ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \
+ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \
+ echo ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \
+ ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \
else \
rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \
echo ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \
ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \
+ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \
+ echo ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \
+ ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \
fi
install-plugin:
@@ -363,8 +369,9 @@ uninstall:
$(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \
$(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \
$(DESTDIR)$(mandirform)/sudoers.$(mansectform) \
- $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform)
- $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
+ $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) \
+ $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) \
+ $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)
splint:

8
SOURCES/sudoers
View File

@ -64,6 +64,14 @@ Defaults !visiblepw
Defaults always_set_home
Defaults match_group_by_gid

# Prior to version 1.8.15, groups listed in sudoers that were not
# found in the system group database were passed to the group
# plugin, if any. Starting with 1.8.15, only groups of the form
# %:group are resolved via the group plugin by default.
# We enable always_query_group_plugin to restore old behavior.
# Disable this option for new behavior.
Defaults always_query_group_plugin

Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

228
SPECS/sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.8.19p2
Release: 13%{?dist}
Version: 1.8.23
Release: 3%{?dist}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@ -9,72 +9,48 @@ Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
Source1: sudoers
Source2: sudo-ldap.conf
Source3: sudo.conf
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: /etc/pam.d/system-auth, vim-minimal, libgcrypt
Requires: /etc/pam.d/system-auth
Requires: /usr/bin/vi

BuildRequires: pam-devel
BuildRequires: groff
BuildRequires: openldap-devel
BuildRequires: flex
BuildRequires: /usr/sbin/sendmail
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison
BuildRequires: automake autoconf libtool
BuildRequires: audit-libs-devel libcap-devel
BuildRequires: flex
BuildRequires: gettext
BuildRequires: groff
BuildRequires: libtool
BuildRequires: audit-libs-devel
BuildRequires: libcap-devel
BuildRequires: libgcrypt-devel
BuildRequires: libgcrypt-devel
BuildRequires: libselinux-devel
BuildRequires: /usr/sbin/sendmail
BuildRequires: gettext
BuildRequires: openldap-devel
BuildRequires: pam-devel
BuildRequires: zlib-devel
BuildRequires: libgcrypt-devel

# don't strip
Patch1: sudo-1.6.7p5-strip.patch
# configure.in fix
Patch2: sudo-1.7.2p1-envdebug.patch
# 881258 - rpmdiff: added missing sudo-ldap.conf manpage
Patch3: sudo-1.8.23-sudoldapconfman.patch
# 1247591 - Sudo taking a long time when user information is stored externally.
Patch4: sudo-1.8.23-legacy-group-processing.patch
# 1135539 - sudo with ldap doesn't work with 'user id' in sudoUser option
Patch5: sudo-1.8.23-ldapsearchuidfix.patch
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure
Patch6: sudo-1.8.6p7-logsudouser.patch
# 840980 - sudo creates a new parent process
# Adds cmnd_no_wait Defaults option
Patch3: sudo-1.8.6p3-nowaitopt.patch
# 881258 - rpmdiff: added missing sudo-ldap.conf manpage
Patch4: sudo-1.8.6p7-sudoldapconfman.patch
# 1092499 - Regression in sudo 1.8.6p3-7 package, double quotes are not accepted in sudoers
Patch5: sudo-1.8.6p3-doublequotefix.patch
# 1183818 - backport of command digest specification feature
Patch6: sudo-1.8.6p7-digest-backport.patch
# 1135539 - sudo with ldap doesn't work with 'user id' in sudoUser option
Patch7: sudo-1.8.6p7-ldapsearchuidfix.patch
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure
Patch8: sudo-1.8.6p7-logsudouser.patch
# fix upstream testsuite - disabling 2 tests, working only with non-root user
Patch9: sudo-1.8.18-testsuitefix.patch
# 1413160 - backport ignore_unknown_defaults flag
Patch10: sudo-1.8.19p2-ignore-unknown-defaults.patch
# 1424575 - backport visudo severity of the message
Patch11: sudo-1.8.19p2-error-warning-visudo-message.patch
# 1369856 - synchronous (real-time) writes in sudo i/o logs
Patch12: sudo-1.8.19p2-iologflush.patch
# 1293306 - Sudo group lookup issue.
Patch13: sudo-1.8.19p2-lookup-issue-doc.patch
# 1360687 - sudo rhel-7 rebase - comment11
Patch14: sudo-1.8.19p2-upstream-testsuitefix.patch
# 1360687 - sudo rhel-7 rebase - comment13
Patch15: sudo-1.8.19p2-fqdn-use-after-free.patch
# 1360687 - sudo rhel-7 rebase - comment13
Patch16: sudo-1.8.19p2-lecture-boolean.patch
# 1455402 - CVE-2017-1000367: Privilege escalation in via improper get_process_ttyname() parsing
Patch17: sudo-1.8.19p2-get_process_ttyname.patch
# 1459152 - CVE-2017-1000368: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367)
Patch18: sudo-1.8.19p2-CVE-2017-1000368.patch
# 1485397 - sudo breaking who ldap and local users after upgrade
Patch19: sudo-1.8.21-ldap-pass2-filter.patch
# 1458696 - successful sudo -l returns non-zero if asking for other user
Patch20: sudo-1.8.19p2-display-privs.patch
# 1454571 - Sudo, with I/O Logging log_output option enabled, truncate output in case of cycle over standard input
Patch21: sudo-1.8.19p2-iologtruncate.patch
# 1490358 - Update use_pty and IO logging man page
Patch22: sudo-1.8.19p2-manpage-use_pty.patch
# 1505409 - Regression in "sudo -l" when using IPA / sssd
Patch23: sudo-1.8.19p2-sudo-l-sssd.patch
# 1518104 - sudo crashed: double free or corruption (fasttop)
Patch24: sudo-1.8.19p2-sssd-double-free.patch
Patch7: sudo-1.8.23-nowaitopt.patch
# 1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers
# This is fix of a regression in the referenced feature request. It was fixed
# in newer versions of sudo and we backport it to prevent future regression
# bz in RHEL. The feature itself was delivered via the rebase to 1.8.23.
Patch8: sudo-1.8.23-Ignore-PAM_NEW_AUTHTOK_REQD-and-PAM_AUTHTOK_EXPIRED.patch
# 1547974 - (sudo-rhel-7.6-rebase) Rebase sudo to latest stable upstream version
Patch9: sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch

%description
Sudo (superuser do) allows a system administrator to give certain
@ -101,28 +77,13 @@ plugins that use %{name}.

%patch1 -p1 -b .strip
%patch2 -p1 -b .envdebug
%patch3 -p1 -b .nowaitopt
%patch4 -p1 -b .sudoldapconfman
%patch5 -p1 -b .doublequotefix
%patch6 -p1 -b .digest-backport
%patch7 -p1 -b .ldapsearchuidfix
%patch8 -p1 -b .logsudouser
%patch9 -p1 -b .testsuite
%patch10 -p1 -b .ignoreunknowndefaults
%patch11 -p1 -b .errorwarningvisudomsg
%patch12 -p1 -b .iologflush
%patch13 -p1 -b .lookup
%patch14 -p1 -b .testsuite
%patch15 -p1 -b .fqdnafterfree
%patch16 -p1 -b .lecture
%patch17 -p1 -b .get_process_ttyname
%patch18 -p1 -b .CVE-2017-1000368
%patch19 -p1 -b .ldap-pass2-filter
%patch20 -p1 -b .display-privs
%patch21 -p1 -b .iologtruncate
%patch22 -p1 -b .manpage
%patch23 -p1 -b .sudo-l
%patch24 -p1 -b .double-free
%patch3 -p1 -b .sudoldapconfman
%patch4 -p1 -b .legacy-group-processing
%patch5 -p1 -b .ldapsearchuidfix
%patch6 -p1 -b .logsudouser
%patch7 -p1 -b .nowaitopt
%patch8 -p1 -b .pam-mgmt-ignore-errors
%patch9 -p1 -b .defaults-double-quote-fix

%build
autoreconf -I m4 -fv --install
@ -144,9 +105,9 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
--with-logfac=authpriv \
--with-pam \
--with-pam-login \
--with-editor=/bin/vi \
--with-editor=/usr/bin/vi \
--with-env-editor \
--with-gcrypt \
--enable-gcrypt \
--with-ignore-dot \
--with-tty-tickets \
--with-ldap \
@ -155,32 +116,33 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
--with-passprompt="[sudo] password for %p: " \
--with-linux-audit \
--with-sssd
# --without-kerb5 \
# --without-kerb4

make

%check
make check

%install
rm -rf $RPM_BUILD_ROOT
rm -rf %{buildroot}

# Update README.LDAP (#736653)
sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP

make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
make install DESTDIR="%{buildroot}" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`

# Remove execute permission on this script so we don't pull in perl deps
chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
chmod 755 %{buildroot}%{_bindir}/* %{buildroot}%{_sbindir}/*
install -p -d -m 700 %{buildroot}%{_localstatedir}/db/sudo
install -p -d -m 700 %{buildroot}%{_localstatedir}/db/sudo/lectured
install -p -d -m 750 %{buildroot}%{_sysconfdir}/sudoers.d
install -p -c -m 0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers
install -p -c -m 0640 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudo.conf
install -p -c -m 0640 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudo-ldap.conf

#Remove all .la files
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
# Remove upstream sudoers file
rm -f %{buildroot}%{_sysconfdir}/sudoers.dist

# Remove all .la files
find %{buildroot} -name '*.la' -exec rm -f {} ';'

%find_lang sudo
%find_lang sudoers
@ -188,42 +150,44 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
cat sudo.lang sudoers.lang > sudo_all.lang
rm sudo.lang sudoers.lang

mkdir -p $RPM_BUILD_ROOT/etc/pam.d
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF
#%%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so
session include system-auth
EOF

cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF
#%%PAM-1.0
auth include sudo
account include sudo
password include sudo
session optional pam_keyinit.so force revoke
session required pam_limits.so
session include sudo
EOF


%clean
rm -rf $RPM_BUILD_ROOT
rm -rf %{buildroot}

%files -f sudo_all.lang
%defattr(-,root,root)
%attr(0440,root,root) %config(noreplace) /etc/sudoers
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
%attr(0750,root,root) %dir /etc/sudoers.d/
%config(noreplace) /etc/pam.d/sudo
%config(noreplace) /etc/pam.d/sudo-i
%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/
%config(noreplace) %{_sysconfdir}/pam.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
%dir /var/db/sudo
%dir /var/db/sudo/lectured
%dir %{_localstatedir}/db/sudo
%dir %{_localstatedir}/db/sudo/lectured
%attr(4111,root,root) %{_bindir}/sudo
%{_bindir}/sudoedit
%{_bindir}/cvtsudoers
%attr(0111,root,root) %{_bindir}/sudoreplay
%attr(0755,root,root) %{_sbindir}/visudo
%attr(0755,root,root) %{_libexecdir}/sudo/sesh
@ -242,13 +206,14 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudoedit.8*
%{_mandir}/man8/sudoreplay.8*
%{_mandir}/man8/visudo.8*
%{_mandir}/man1/cvtsudoers.1.gz
%{_mandir}/man5/sudoers_timestamp.5.gz
%dir %{_docdir}/sudo-%{version}
%{_docdir}/sudo-%{version}/*


# Make sure permissions are ok even if we're updating
%post
/bin/chmod 0440 /etc/sudoers || :
/bin/chmod 0440 %{_sysconfdir}/sudoers || :

%files devel
%defattr(-,root,root,-)
@ -257,6 +222,26 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8*

%changelog
* Mon Sep 24 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-3
- RHEL-7.6 erratum
Resolves: rhbz#1547974 - Rebase sudo to latest stable upstream version

* Fri Sep 21 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-2
- RHEL-7.6 erratum
Resolves: rhbz#1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers
Resolves: rhbz#1506025 - Latest update broke sudo for ldap users.
Resolves: rhbz#1502630 - inclusion of system-auth for session hooks missing in sudo PAM snippets

* Thu Jun 28 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-1
- RHEL-7.6 erratum
Resolves: rhbz#1547974 - Rebase sudo to latest stable upstream version (1.8.23)
Resolves: rhbz#1502630 - inclusion of system-auth for session hooks missing in sudo PAM snippets
Resolves: rhbz#1506025 - Latest update broke sudo for ldap users.
Resolves: rhbz#1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers
Resolves: rhbz#1548380 - RFE: Create flag to filter to sudo -l output
Resolves: rhbz#1510002 - Ensure that the command input (stdin) eating behaviour of Default log_input is documented
Resolves: rhbz#1596032 - Why does sudo package depend on vim-minimal?

* Thu Nov 30 2017 Radovan Sroka <rsroka@redhat.com> 1.8.19p2-13
- RHEL 7.5 erratum
- Fixed sudo -l checking results whether user should be authenticated
@ -333,11 +318,11 @@ rm -rf $RPM_BUILD_ROOT

* Wed Mar 08 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-2
- RHEL 7.4 erratum
- Fixes coverity scan issues created by our patches:
- Fixes coverity scan issues created by our patches:
- fixed resource leaks and a compiler warning in digest backport patch
- removed needless code from cmnd_no_wait patch causing clang warning
- format of the last changelog message causes problems to rhpkg push,
so don't use that as a commit message
so don't use that as a commit message
Resolves: rhbz#1360687

* Wed Mar 01 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-1
@ -346,7 +331,7 @@ rm -rf $RPM_BUILD_ROOT
- Resolves: rhbz#1123526 - performance improvement
- Resolves: rhbz#1308789 - add MAIL and NOMAIL tags
- Resolves: rhbz#1348504 - sudo now parses sudoers with sudoers locale
- Resolves: rhbz#1374417 - "sudo -l command" indicated that the command
- Resolves: rhbz#1374417 - "sudo -l command" indicated that the command
was runnable even if denied by sudoers when using LDAP or SSSD backend.
- Resolves: rhbz#1387303 - add ignore_iolog_errors option
- Resolves: rhbz#1389360 - wrong log file group ownership
@ -553,7 +538,7 @@ rm -rf $RPM_BUILD_ROOT
* Thu May 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-1
- update to 1.8.5
- fixed CVE-2012-2337
- temporarily disabled SSSD support
- temporarily disabled SSSD support

* Wed Feb 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-6
- fixed problems with undefined symbols (rhbz#798517)
@ -572,7 +557,7 @@ rm -rf $RPM_BUILD_ROOT

* Thu Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
- update to 1.8.3p1
- disable output word wrapping if the output is piped
- disable output word wrapping if the output is piped

* Wed Sep 7 2011 Peter Robinson <pbrobinson@fedoraproject.org> - 1.8.1p2-2
- Remove execute bit from sample script in docs so we don't pull in perl
@ -707,7 +692,7 @@ rm -rf $RPM_BUILD_ROOT
- sparc64 needs to be in the -fPIE list with s390

* Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
- fix complains about audit_log_user_command(): Connection
- fix complains about audit_log_user_command(): Connection
refused (#401201)

* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
@ -809,7 +794,7 @@ rm -rf $RPM_BUILD_ROOT
- rebuild

* Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
- added missing BuildRequires for libselinux-devel (#132883)
- added missing BuildRequires for libselinux-devel (#132883)

* Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
- Fix missing param error in sesh
@ -836,7 +821,7 @@ rm -rf $RPM_BUILD_ROOT
exec of child with SELinux patch

* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
- change to default to sysadm_r
- change to default to sysadm_r
- Fix tty handling

* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
@ -844,7 +829,7 @@ rm -rf $RPM_BUILD_ROOT
- replace /bin/bash -c with /bin/sesh

* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
- Hard code to use "/bin/bash -c" for selinux
- Hard code to use "/bin/bash -c" for selinux

* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
- Eliminate closing and reopening of terminals, to match su.
@ -869,7 +854,7 @@ rm -rf $RPM_BUILD_ROOT
- Fix is_selinux_enabled call

* Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
- Clean up patch on failure
- Clean up patch on failure

* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
- Remove sudo.te for now.
@ -992,7 +977,7 @@ rm -rf $RPM_BUILD_ROOT
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)

* Thu Oct 08 1998 Michael Maher <mike@redhat.com>
- built package for 5.2
- built package for 5.2

* Mon May 18 1998 Michael Maher <mike@redhat.com>
- updated SPEC file
@ -1004,9 +989,10 @@ rm -rf $RPM_BUILD_ROOT
- built for glibc, no problems

* Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
- Fixed for 4.2 PowerTools
- Fixed for 4.2 PowerTools
- Still need to be pamified
- Still need to move stmp file to /var/log

* Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
- First version for PowerCD.