powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

sudo package update 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 6 years ago
parent
0772d05c3d
commit
1b50540dd3
8 changed files with 554 additions and 120 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 161
      SOURCES/sudo-1.8.23-Ignore-PAM_NEW_AUTHTOK_REQD-and-PAM_AUTHTOK_EXPIRED.patch
  2. 70
      SOURCES/sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch
  3. 27
      SOURCES/sudo-1.8.23-ldapsearchuidfix.patch
  4. 89
      SOURCES/sudo-1.8.23-legacy-group-processing.patch
  5. 61
      SOURCES/sudo-1.8.23-nowaitopt.patch
  6. 32
      SOURCES/sudo-1.8.23-sudoldapconfman.patch
  7. 8
      SOURCES/sudoers
  8. 226
      SPECS/sudo.spec

161
SOURCES/sudo-1.8.23-Ignore-PAM_NEW_AUTHTOK_REQD-and-PAM_AUTHTOK_EXPIRED.patch
Unescape View File

@ -0,0 +1,161 @@ @@ -0,0 +1,161 @@
From 0f303a2de843c31afb03b558dfb7287be79e6e17 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Thu, 26 Jul 2018 12:31:29 -0600
Subject: [PATCH] Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors
from pam_acct_mgmt() if authentication is disabled for the user. Bug #843

---
plugins/sudoers/auth/bsdauth.c | 2 +-
plugins/sudoers/auth/pam.c | 10 +++++++++-
plugins/sudoers/auth/sudo_auth.c | 4 ++--
plugins/sudoers/auth/sudo_auth.h | 6 +++---
plugins/sudoers/check.c | 4 +++-
plugins/sudoers/sudoers.h | 2 +-
6 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c
index 444cd337..390263d3 100644
--- a/plugins/sudoers/auth/bsdauth.c
+++ b/plugins/sudoers/auth/bsdauth.c
@@ -168,7 +168,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con
}
int
-bsdauth_approval(struct passwd *pw, sudo_auth *auth)
+bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt)
{
struct bsdauth_state *state = auth->data;
debug_decl(bsdauth_approval, SUDOERS_DEBUG_AUTH)
diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c
index 347289da..a4749448 100644
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -202,7 +202,7 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co
}
int
-sudo_pam_approval(struct passwd *pw, sudo_auth *auth)
+sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt)
{
const char *s;
int *pam_status = (int *) auth->data;
@@ -217,6 +217,10 @@ sudo_pam_approval(struct passwd *pw, sudo_auth *auth)
"is your account locked?"));
debug_return_int(AUTH_FATAL);
case PAM_NEW_AUTHTOK_REQD:
+ /* Ignore if user is exempt from password restrictions. */
+ if (exempt)
+ debug_return_int(AUTH_SUCCESS);
+ /* New password required, try to change it. */
log_warningx(0, N_("Account or password is "
"expired, reset your password and try again"));
*pam_status = pam_chauthtok(pamh,
@@ -229,6 +233,10 @@ sudo_pam_approval(struct passwd *pw, sudo_auth *auth)
N_("unable to change expired password: %s"), s);
debug_return_int(AUTH_FAILURE);
case PAM_AUTHTOK_EXPIRED:
+ /* Ignore if user is exempt from password restrictions. */
+ if (exempt)
+ debug_return_int(AUTH_SUCCESS);
+ /* Password expired, cannot be updated by user. */
log_warningx(0,
N_("Password expired, contact your system administrator"));
debug_return_int(AUTH_FATAL);
diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c
index 6ef9bd72..5d9382dc 100644
--- a/plugins/sudoers/auth/sudo_auth.c
+++ b/plugins/sudoers/auth/sudo_auth.c
@@ -163,7 +163,7 @@ sudo_auth_init(struct passwd *pw)
* Returns true on success, false on failure and -1 on error.
*/
int
-sudo_auth_approval(struct passwd *pw, int validated)
+sudo_auth_approval(struct passwd *pw, int validated, bool exempt)
{
sudo_auth *auth;
debug_decl(sudo_auth_approval, SUDOERS_DEBUG_AUTH)
@@ -171,7 +171,7 @@ sudo_auth_approval(struct passwd *pw, int validated)
/* Call approval routines. */
for (auth = auth_switch; auth->name; auth++) {
if (auth->approval && !IS_DISABLED(auth)) {
- int status = (auth->approval)(pw, auth);
+ int status = (auth->approval)(pw, auth, exempt);
if (status != AUTH_SUCCESS) {
/* Assume error msg already printed. */
log_auth_failure(validated, 0);
diff --git a/plugins/sudoers/auth/sudo_auth.h b/plugins/sudoers/auth/sudo_auth.h
index ea5ed9cd..9ae69cd5 100644
--- a/plugins/sudoers/auth/sudo_auth.h
+++ b/plugins/sudoers/auth/sudo_auth.h
@@ -31,7 +31,7 @@ typedef struct sudo_auth {
int (*init)(struct passwd *pw, struct sudo_auth *auth);
int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth);
int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback);
- int (*approval)(struct passwd *pw, struct sudo_auth *auth);
+ int (*approval)(struct passwd *pw, struct sudo_auth *auth, bool exempt);
int (*cleanup)(struct passwd *pw, struct sudo_auth *auth);
int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth);
int (*end_session)(struct passwd *pw, struct sudo_auth *auth);
@@ -56,7 +56,7 @@ extern sudo_conv_t sudo_conv;
/* Prototypes for standalone methods */
int bsdauth_init(struct passwd *pw, sudo_auth *auth);
int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
-int bsdauth_approval(struct passwd *pw, sudo_auth *auth);
+int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth);
int sudo_aix_init(struct passwd *pw, sudo_auth *auth);
int sudo_aix_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
@@ -67,7 +67,7 @@ int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth);
int sudo_pam_init(struct passwd *pw, sudo_auth *auth);
int sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth);
int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
-int sudo_pam_approval(struct passwd *pw, sudo_auth *auth);
+int sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth);
int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth);
int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth);
diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c
index ed49d63a..486a80d8 100644
--- a/plugins/sudoers/check.c
+++ b/plugins/sudoers/check.c
@@ -175,6 +175,7 @@ check_user(int validated, int mode)
{
struct passwd *auth_pw;
int ret = -1;
+ bool exempt = false;
debug_decl(check_user, SUDOERS_DEBUG_AUTH)
/*
@@ -194,6 +195,7 @@ check_user(int validated, int mode)
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s", __func__,
!def_authenticate ? "authentication disabled" :
"user exempt from authentication");
+ exempt = true;
ret = true;
goto done;
}
@@ -218,7 +220,7 @@ check_user(int validated, int mode)
done:
if (ret == true) {
/* The approval function may disallow a user post-authentication. */
- ret = sudo_auth_approval(auth_pw, validated);
+ ret = sudo_auth_approval(auth_pw, validated, exempt);
}
sudo_auth_cleanup(auth_pw);
sudo_pw_delref(auth_pw);
diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 57db74c1..956cb084 100644
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -265,7 +265,7 @@ int verify_user(struct passwd *pw, char *prompt, int validated, struct sudo_conv
int sudo_auth_begin_session(struct passwd *pw, char **user_env[]);
int sudo_auth_end_session(struct passwd *pw);
int sudo_auth_init(struct passwd *pw);
-int sudo_auth_approval(struct passwd *pw, int validated);
+int sudo_auth_approval(struct passwd *pw, int validated, bool exempt);
int sudo_auth_cleanup(struct passwd *pw);
/* set_perms.c */
--
2.13.6

70
SOURCES/sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch
Unescape View File

@ -0,0 +1,70 @@ @@ -0,0 +1,70 @@
diff -up sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok
--- sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok.defaults-double-quote-fix 2018-09-24 18:10:37.235000000 +0200
+++ sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok 2018-09-24 18:11:40.153000000 +0200
@@ -34,7 +34,7 @@
},
{
"Binding": [
- { "username": "%them" }
+ { "usergroup": "them" }
],
"Options": [
{ "set_home": true }
@@ -42,7 +42,7 @@
},
{
"Binding": [
- { "username": "%: non UNIX 0 c" }
+ { "nonunixgroup": " non UNIX 0 c" }
],
"Options": [
{ "set_home": true }
@@ -50,7 +50,7 @@
},
{
"Binding": [
- { "username": "+net" }
+ { "netgroup": "net" }
],
"Options": [
{ "set_home": true }
diff -up sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok
--- sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok.defaults-double-quote-fix 2018-09-24 18:10:25.216000000 +0200
+++ sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok 2018-09-24 18:11:45.213000000 +0200
@@ -29,9 +29,9 @@ DEFAULTS_HOST BEGINSTR STRBODY ENDSTR WO
#
DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR NETGROUP DEFVAR
#
DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
diff -up sudo-1.8.23/plugins/sudoers/toke.c.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/toke.c
--- sudo-1.8.23/plugins/sudoers/toke.c.defaults-double-quote-fix 2018-04-29 21:59:23.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/toke.c 2018-09-24 18:06:15.527000000 +0200
@@ -2395,7 +2395,7 @@ YY_RULE_SETUP
LEXTRACE("ERROR "); /* empty string */
LEXRETURN(ERROR);
}
- if (prev_state == INITIAL) {
+ if (prev_state == INITIAL || prev_state == GOTDEFS) {
switch (sudoerslval.string[0]) {
case '%':
if (sudoerslval.string[1] == '\0' ||
diff -up sudo-1.8.23/plugins/sudoers/toke.l.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/toke.l
--- sudo-1.8.23/plugins/sudoers/toke.l.defaults-double-quote-fix 2018-04-29 21:59:23.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/toke.l 2018-09-24 18:06:15.528000000 +0200
@@ -187,7 +187,7 @@ DEFVAR [a-z_]+
LEXTRACE("ERROR "); /* empty string */
LEXRETURN(ERROR);
}
- if (prev_state == INITIAL) {
+ if (prev_state == INITIAL || prev_state == GOTDEFS) {
switch (sudoerslval.string[0]) {
case '%':
if (sudoerslval.string[1] == '\0' ||

27
SOURCES/sudo-1.8.23-ldapsearchuidfix.patch
Unescape View File

@ -0,0 +1,27 @@ @@ -0,0 +1,27 @@
diff -up sudo-1.8.23/plugins/sudoers/ldap.c.ldapsearchuidfix sudo-1.8.23/plugins/sudoers/ldap.c
--- sudo-1.8.23/plugins/sudoers/ldap.c.ldapsearchuidfix 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/ldap.c 2018-06-18 08:34:01.202686941 +0200
@@ -1189,8 +1189,8 @@ sudo_ldap_build_pass1(LDAP *ld, struct p
if (ldap_conf.search_filter)
sz += strlen(ldap_conf.search_filter);
- /* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */
- sz += 29 + sudo_ldap_value_len(pw->pw_name);
+ /* Then add (|(sudoUser=USERNAME)(sudoUser=#uid)(sudoUser=ALL)) + NUL */
+ sz += 29 + (12 + MAX_UID_T_LEN) + sudo_ldap_value_len(pw->pw_name);
/* Add space for primary and supplementary groups and gids */
if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
@@ -1253,6 +1253,12 @@ sudo_ldap_build_pass1(LDAP *ld, struct p
CHECK_LDAP_VCAT(buf, pw->pw_name, sz);
CHECK_STRLCAT(buf, ")", sz);
+ /* Append user uid */
+ (void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)pw->pw_uid);
+ (void) strlcat(buf, "(sudoUser=#", sz);
+ (void) strlcat(buf, gidbuf, sz);
+ (void) strlcat(buf, ")", sz);
+
/* Append primary group and gid */
if (grp != NULL) {
CHECK_STRLCAT(buf, "(sudoUser=%", sz);

89
SOURCES/sudo-1.8.23-legacy-group-processing.patch
Unescape View File

@ -0,0 +1,89 @@ @@ -0,0 +1,89 @@
diff -up sudo-1.8.23/plugins/sudoers/cvtsudoers.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/cvtsudoers.c
--- sudo-1.8.23/plugins/sudoers/cvtsudoers.c.legacy-group-processing 2018-06-28 11:24:25.966475241 +0200
+++ sudo-1.8.23/plugins/sudoers/cvtsudoers.c 2018-06-28 11:26:40.215025493 +0200
@@ -321,6 +321,15 @@ main(int argc, char *argv[])
sudo_fatalx("error: unhandled input %d", input_format);
}
+ /*
+ * cvtsudoers group filtering doesn't work if def_match_group_by_gid
+ * is set to true by default (at compile-time). It cannot be set to false
+ * because cvtsudoers doesn't apply the parsed Defaults.
+ *
+ * Related: sudo-1.8.23-legacy-group-processing.patch
+ */
+ def_match_group_by_gid = def_legacy_group_processing = false;
+
/* Apply filters. */
filter_userspecs(conf);
filter_defaults(conf);
diff -up sudo-1.8.23/plugins/sudoers/defaults.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/defaults.c
--- sudo-1.8.23/plugins/sudoers/defaults.c.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/defaults.c 2018-06-28 11:24:25.966475241 +0200
@@ -87,6 +87,7 @@ static struct early_default early_defaul
{ I_FQDN },
#endif
{ I_MATCH_GROUP_BY_GID },
+ { I_LEGACY_GROUP_PROCESSING },
{ I_GROUP_PLUGIN },
{ I_RUNAS_DEFAULT },
{ I_SUDOERS_LOCALE },
@@ -488,6 +489,8 @@ init_defaults(void)
}
/* First initialize the flags. */
+ def_legacy_group_processing = true;
+ def_match_group_by_gid = true;
#ifdef LONG_OTP_PROMPT
def_long_otp_prompt = true;
#endif
diff -up sudo-1.8.23/plugins/sudoers/def_data.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/def_data.c
--- sudo-1.8.23/plugins/sudoers/def_data.c.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.c 2018-06-28 11:24:25.966475241 +0200
@@ -494,6 +494,10 @@ struct sudo_defs_types sudo_defs_table[]
N_("Ignore case when matching group names"),
NULL,
}, {
+ "legacy_group_processing", T_FLAG,
+ N_("Don't pre-resolve all group names"),
+ NULL,
+ }, {
NULL, 0, NULL
}
};
diff -up sudo-1.8.23/plugins/sudoers/def_data.h.legacy-group-processing sudo-1.8.23/plugins/sudoers/def_data.h
--- sudo-1.8.23/plugins/sudoers/def_data.h.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.h 2018-06-28 11:24:25.967475238 +0200
@@ -226,6 +226,8 @@
#define def_case_insensitive_user (sudo_defs_table[I_CASE_INSENSITIVE_USER].sd_un.flag)
#define I_CASE_INSENSITIVE_GROUP 113
#define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
+#define I_LEGACY_GROUP_PROCESSING 114
+#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
enum def_tuple {
never,
diff -up sudo-1.8.23/plugins/sudoers/def_data.in.legacy-group-processing sudo-1.8.23/plugins/sudoers/def_data.in
--- sudo-1.8.23/plugins/sudoers/def_data.in.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.in 2018-06-28 11:24:25.967475238 +0200
@@ -357,3 +357,6 @@ case_insensitive_user
case_insensitive_group
T_FLAG
"Ignore case when matching group names"
+legacy_group_processing
+ T_FLAG
+ "Don't pre-resolve all group names"
diff -up sudo-1.8.23/plugins/sudoers/sudoers.c.legacy-group-processing sudo-1.8.23/plugins/sudoers/sudoers.c
--- sudo-1.8.23/plugins/sudoers/sudoers.c.legacy-group-processing 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/sudoers.c 2018-06-28 11:24:25.967475238 +0200
@@ -209,6 +209,10 @@ sudoers_policy_init(void *info, char * c
if (set_loginclass(runas_pw ? runas_pw : sudo_user.pw))
ret = true;
+ if (!def_match_group_by_gid || !def_legacy_group_processing) {
+ def_match_group_by_gid = false;
+ def_legacy_group_processing = false;
+ }
cleanup:
if (!restore_perms())
ret = -1;

61
SOURCES/sudo-1.8.23-nowaitopt.patch
Unescape View File

@ -0,0 +1,61 @@ @@ -0,0 +1,61 @@
diff -up sudo-1.8.23/plugins/sudoers/def_data.c.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.c
--- sudo-1.8.23/plugins/sudoers/def_data.c.nowaitopt 2018-06-18 09:36:34.249307795 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.c 2018-06-18 09:43:12.122986032 +0200
@@ -498,6 +498,10 @@ struct sudo_defs_types sudo_defs_table[]
N_("Don't pre-resolve all group names"),
NULL,
}, {
+ "cmnd_no_wait", T_FLAG,
+ N_("Don't fork and wait for the command to finish, just exec it"),
+ NULL,
+ }, {
NULL, 0, NULL
}
};
diff -up sudo-1.8.23/plugins/sudoers/def_data.h.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.h
--- sudo-1.8.23/plugins/sudoers/def_data.h.nowaitopt 2018-06-18 09:36:34.250307792 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.h 2018-06-18 09:43:44.541878327 +0200
@@ -228,6 +228,8 @@
#define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
#define I_LEGACY_GROUP_PROCESSING 114
#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
+#define I_CMND_NO_WAIT 115
+#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
enum def_tuple {
never,
diff -up sudo-1.8.23/plugins/sudoers/def_data.in.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.in
--- sudo-1.8.23/plugins/sudoers/def_data.in.nowaitopt 2018-06-18 09:36:34.250307792 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.in 2018-06-18 09:45:00.076627403 +0200
@@ -360,3 +360,6 @@ case_insensitive_group
legacy_group_processing
T_FLAG
"Don't pre-resolve all group names"
+cmnd_no_wait
+ T_FLAG
+ "Don't fork and wait for the command to finish, just exec it"
diff -up sudo-1.8.23/plugins/sudoers/policy.c.nowaitopt sudo-1.8.23/plugins/sudoers/policy.c
diff -up sudo-1.8.23/plugins/sudoers/sudoers.c.nowaitopt sudo-1.8.23/plugins/sudoers/sudoers.c
--- sudo-1.8.23/plugins/sudoers/sudoers.c.nowaitopt 2018-06-18 11:31:51.883751328 +0200
+++ sudo-1.8.23/plugins/sudoers/sudoers.c 2018-06-18 11:31:03.670899166 +0200
@@ -213,6 +213,20 @@ sudoers_policy_init(void *info, char * c
def_match_group_by_gid = false;
def_legacy_group_processing = false;
}
+
+ /*
+ * Emulate cmnd_no_wait option by disabling PAM session, PTY allocation
+ * and I/O logging. This will cause sudo to execute the given command
+ * directly instead of forking a separate process for it.
+ */
+ if (def_cmnd_no_wait) {
+ def_pam_setcred = false;
+ def_pam_session = false;
+ def_use_pty = false;
+ def_log_input = false;
+ def_log_output = false;
+ }
+
cleanup:
if (!restore_perms())
ret = -1;

32
SOURCES/sudo-1.8.23-sudoldapconfman.patch
Unescape View File

@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
diff -up sudo-1.8.23/doc/Makefile.in.sudoldapconfman sudo-1.8.23/doc/Makefile.in
--- sudo-1.8.23/doc/Makefile.in.sudoldapconfman 2018-05-23 13:38:08.347538854 +0200
+++ sudo-1.8.23/doc/Makefile.in 2018-05-23 13:38:12.806523146 +0200
@@ -345,10 +345,16 @@ install-doc: install-dirs
rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \
echo ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \
ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \
+ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \
+ echo ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \
+ ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \
else \
rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \
echo ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \
ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \
+ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \
+ echo ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \
+ ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \
fi
install-plugin:
@@ -363,8 +369,9 @@ uninstall:
$(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \
$(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \
$(DESTDIR)$(mandirform)/sudoers.$(mansectform) \
- $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform)
- $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
+ $(DESTDIR)$(mandirform)/sudoers_timestamp.$(mansectform) \
+ $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) \
+ $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)
splint:

8
SOURCES/sudoers
Unescape View File

@ -64,6 +64,14 @@ Defaults !visiblepw @@ -64,6 +64,14 @@ Defaults !visiblepw
Defaults always_set_home
Defaults match_group_by_gid

# Prior to version 1.8.15, groups listed in sudoers that were not
# found in the system group database were passed to the group
# plugin, if any. Starting with 1.8.15, only groups of the form
# %:group are resolved via the group plugin by default.
# We enable always_query_group_plugin to restore old behavior.
# Disable this option for new behavior.
Defaults always_query_group_plugin

Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

226
SPECS/sudo.spec
Unescape View File

@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.8.19p2
Release: 13%{?dist}
Version: 1.8.23
Release: 3%{?dist}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@ -9,72 +9,48 @@ Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz @@ -9,72 +9,48 @@ Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
Source1: sudoers
Source2: sudo-ldap.conf
Source3: sudo.conf
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: /etc/pam.d/system-auth, vim-minimal, libgcrypt
Requires: /etc/pam.d/system-auth
Requires: /usr/bin/vi

BuildRequires: pam-devel
BuildRequires: groff
BuildRequires: openldap-devel
BuildRequires: flex
BuildRequires: /usr/sbin/sendmail
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison
BuildRequires: automake autoconf libtool
BuildRequires: audit-libs-devel libcap-devel
BuildRequires: flex
BuildRequires: gettext
BuildRequires: groff
BuildRequires: libtool
BuildRequires: audit-libs-devel
BuildRequires: libcap-devel
BuildRequires: libgcrypt-devel
BuildRequires: libgcrypt-devel
BuildRequires: libselinux-devel
BuildRequires: /usr/sbin/sendmail
BuildRequires: gettext
BuildRequires: openldap-devel
BuildRequires: pam-devel
BuildRequires: zlib-devel
BuildRequires: libgcrypt-devel

# don't strip
Patch1: sudo-1.6.7p5-strip.patch
# configure.in fix
Patch2: sudo-1.7.2p1-envdebug.patch
# 840980 - sudo creates a new parent process
# Adds cmnd_no_wait Defaults option
Patch3: sudo-1.8.6p3-nowaitopt.patch
# 881258 - rpmdiff: added missing sudo-ldap.conf manpage
Patch4: sudo-1.8.6p7-sudoldapconfman.patch
# 1092499 - Regression in sudo 1.8.6p3-7 package, double quotes are not accepted in sudoers
Patch5: sudo-1.8.6p3-doublequotefix.patch
# 1183818 - backport of command digest specification feature
Patch6: sudo-1.8.6p7-digest-backport.patch
Patch3: sudo-1.8.23-sudoldapconfman.patch
# 1247591 - Sudo taking a long time when user information is stored externally.
Patch4: sudo-1.8.23-legacy-group-processing.patch
# 1135539 - sudo with ldap doesn't work with 'user id' in sudoUser option
Patch7: sudo-1.8.6p7-ldapsearchuidfix.patch
Patch5: sudo-1.8.23-ldapsearchuidfix.patch
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure
Patch8: sudo-1.8.6p7-logsudouser.patch
# fix upstream testsuite - disabling 2 tests, working only with non-root user
Patch9: sudo-1.8.18-testsuitefix.patch
# 1413160 - backport ignore_unknown_defaults flag
Patch10: sudo-1.8.19p2-ignore-unknown-defaults.patch
# 1424575 - backport visudo severity of the message
Patch11: sudo-1.8.19p2-error-warning-visudo-message.patch
# 1369856 - synchronous (real-time) writes in sudo i/o logs
Patch12: sudo-1.8.19p2-iologflush.patch
# 1293306 - Sudo group lookup issue.
Patch13: sudo-1.8.19p2-lookup-issue-doc.patch
# 1360687 - sudo rhel-7 rebase - comment11
Patch14: sudo-1.8.19p2-upstream-testsuitefix.patch
# 1360687 - sudo rhel-7 rebase - comment13
Patch15: sudo-1.8.19p2-fqdn-use-after-free.patch
# 1360687 - sudo rhel-7 rebase - comment13
Patch16: sudo-1.8.19p2-lecture-boolean.patch
# 1455402 - CVE-2017-1000367: Privilege escalation in via improper get_process_ttyname() parsing
Patch17: sudo-1.8.19p2-get_process_ttyname.patch
# 1459152 - CVE-2017-1000368: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367)
Patch18: sudo-1.8.19p2-CVE-2017-1000368.patch
# 1485397 - sudo breaking who ldap and local users after upgrade
Patch19: sudo-1.8.21-ldap-pass2-filter.patch
# 1458696 - successful sudo -l returns non-zero if asking for other user
Patch20: sudo-1.8.19p2-display-privs.patch
# 1454571 - Sudo, with I/O Logging log_output option enabled, truncate output in case of cycle over standard input
Patch21: sudo-1.8.19p2-iologtruncate.patch
# 1490358 - Update use_pty and IO logging man page
Patch22: sudo-1.8.19p2-manpage-use_pty.patch
# 1505409 - Regression in "sudo -l" when using IPA / sssd
Patch23: sudo-1.8.19p2-sudo-l-sssd.patch
# 1518104 - sudo crashed: double free or corruption (fasttop)
Patch24: sudo-1.8.19p2-sssd-double-free.patch
Patch6: sudo-1.8.6p7-logsudouser.patch
# 840980 - sudo creates a new parent process
# Adds cmnd_no_wait Defaults option
Patch7: sudo-1.8.23-nowaitopt.patch
# 1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers
# This is fix of a regression in the referenced feature request. It was fixed
# in newer versions of sudo and we backport it to prevent future regression
# bz in RHEL. The feature itself was delivered via the rebase to 1.8.23.
Patch8: sudo-1.8.23-Ignore-PAM_NEW_AUTHTOK_REQD-and-PAM_AUTHTOK_EXPIRED.patch
# 1547974 - (sudo-rhel-7.6-rebase) Rebase sudo to latest stable upstream version
Patch9: sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch

%description
Sudo (superuser do) allows a system administrator to give certain
@ -101,28 +77,13 @@ plugins that use %{name}. @@ -101,28 +77,13 @@ plugins that use %{name}.

%patch1 -p1 -b .strip
%patch2 -p1 -b .envdebug
%patch3 -p1 -b .nowaitopt
%patch4 -p1 -b .sudoldapconfman
%patch5 -p1 -b .doublequotefix
%patch6 -p1 -b .digest-backport
%patch7 -p1 -b .ldapsearchuidfix
%patch8 -p1 -b .logsudouser
%patch9 -p1 -b .testsuite
%patch10 -p1 -b .ignoreunknowndefaults
%patch11 -p1 -b .errorwarningvisudomsg
%patch12 -p1 -b .iologflush
%patch13 -p1 -b .lookup
%patch14 -p1 -b .testsuite
%patch15 -p1 -b .fqdnafterfree
%patch16 -p1 -b .lecture
%patch17 -p1 -b .get_process_ttyname
%patch18 -p1 -b .CVE-2017-1000368
%patch19 -p1 -b .ldap-pass2-filter
%patch20 -p1 -b .display-privs
%patch21 -p1 -b .iologtruncate
%patch22 -p1 -b .manpage
%patch23 -p1 -b .sudo-l
%patch24 -p1 -b .double-free
%patch3 -p1 -b .sudoldapconfman
%patch4 -p1 -b .legacy-group-processing
%patch5 -p1 -b .ldapsearchuidfix
%patch6 -p1 -b .logsudouser
%patch7 -p1 -b .nowaitopt
%patch8 -p1 -b .pam-mgmt-ignore-errors
%patch9 -p1 -b .defaults-double-quote-fix

%build
autoreconf -I m4 -fv --install
@ -144,9 +105,9 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL @@ -144,9 +105,9 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
--with-logfac=authpriv \
--with-pam \
--with-pam-login \
--with-editor=/bin/vi \
--with-editor=/usr/bin/vi \
--with-env-editor \
--with-gcrypt \
--enable-gcrypt \
--with-ignore-dot \
--with-tty-tickets \
--with-ldap \
@ -155,32 +116,33 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL @@ -155,32 +116,33 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
--with-passprompt="[sudo] password for %p: " \
--with-linux-audit \
--with-sssd
# --without-kerb5 \
# --without-kerb4

make

%check
make check

%install
rm -rf $RPM_BUILD_ROOT
rm -rf %{buildroot}

# Update README.LDAP (#736653)
sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP

make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
make install DESTDIR="%{buildroot}" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`

chmod 755 %{buildroot}%{_bindir}/* %{buildroot}%{_sbindir}/*
install -p -d -m 700 %{buildroot}%{_localstatedir}/db/sudo
install -p -d -m 700 %{buildroot}%{_localstatedir}/db/sudo/lectured
install -p -d -m 750 %{buildroot}%{_sysconfdir}/sudoers.d
install -p -c -m 0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers
install -p -c -m 0640 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudo.conf
install -p -c -m 0640 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudo-ldap.conf

# Remove execute permission on this script so we don't pull in perl deps
chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
# Remove upstream sudoers file
rm -f %{buildroot}%{_sysconfdir}/sudoers.dist

#Remove all .la files
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
# Remove all .la files
find %{buildroot} -name '*.la' -exec rm -f {} ';'

%find_lang sudo
%find_lang sudoers
@ -188,42 +150,44 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' @@ -188,42 +150,44 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
cat sudo.lang sudoers.lang > sudo_all.lang
rm sudo.lang sudoers.lang

mkdir -p $RPM_BUILD_ROOT/etc/pam.d
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF
#%%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so
session include system-auth
EOF

cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF
#%%PAM-1.0
auth include sudo
account include sudo
password include sudo
session optional pam_keyinit.so force revoke
session required pam_limits.so
session include sudo
EOF


%clean
rm -rf $RPM_BUILD_ROOT
rm -rf %{buildroot}

%files -f sudo_all.lang
%defattr(-,root,root)
%attr(0440,root,root) %config(noreplace) /etc/sudoers
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
%attr(0750,root,root) %dir /etc/sudoers.d/
%config(noreplace) /etc/pam.d/sudo
%config(noreplace) /etc/pam.d/sudo-i
%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/
%config(noreplace) %{_sysconfdir}/pam.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
%dir /var/db/sudo
%dir /var/db/sudo/lectured
%dir %{_localstatedir}/db/sudo
%dir %{_localstatedir}/db/sudo/lectured
%attr(4111,root,root) %{_bindir}/sudo
%{_bindir}/sudoedit
%{_bindir}/cvtsudoers
%attr(0111,root,root) %{_bindir}/sudoreplay
%attr(0755,root,root) %{_sbindir}/visudo
%attr(0755,root,root) %{_libexecdir}/sudo/sesh
@ -242,13 +206,14 @@ rm -rf $RPM_BUILD_ROOT @@ -242,13 +206,14 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudoedit.8*
%{_mandir}/man8/sudoreplay.8*
%{_mandir}/man8/visudo.8*
%{_mandir}/man1/cvtsudoers.1.gz
%{_mandir}/man5/sudoers_timestamp.5.gz
%dir %{_docdir}/sudo-%{version}
%{_docdir}/sudo-%{version}/*


# Make sure permissions are ok even if we're updating
%post
/bin/chmod 0440 /etc/sudoers || :
/bin/chmod 0440 %{_sysconfdir}/sudoers || :

%files devel
%defattr(-,root,root,-)
@ -257,6 +222,26 @@ rm -rf $RPM_BUILD_ROOT @@ -257,6 +222,26 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8*

%changelog
* Mon Sep 24 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-3
- RHEL-7.6 erratum
Resolves: rhbz#1547974 - Rebase sudo to latest stable upstream version

* Fri Sep 21 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-2
- RHEL-7.6 erratum
Resolves: rhbz#1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers
Resolves: rhbz#1506025 - Latest update broke sudo for ldap users.
Resolves: rhbz#1502630 - inclusion of system-auth for session hooks missing in sudo PAM snippets

* Thu Jun 28 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-1
- RHEL-7.6 erratum
Resolves: rhbz#1547974 - Rebase sudo to latest stable upstream version (1.8.23)
Resolves: rhbz#1502630 - inclusion of system-auth for session hooks missing in sudo PAM snippets
Resolves: rhbz#1506025 - Latest update broke sudo for ldap users.
Resolves: rhbz#1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers
Resolves: rhbz#1548380 - RFE: Create flag to filter to sudo -l output
Resolves: rhbz#1510002 - Ensure that the command input (stdin) eating behaviour of Default log_input is documented
Resolves: rhbz#1596032 - Why does sudo package depend on vim-minimal?

* Thu Nov 30 2017 Radovan Sroka <rsroka@redhat.com> 1.8.19p2-13
- RHEL 7.5 erratum
- Fixed sudo -l checking results whether user should be authenticated
@ -333,11 +318,11 @@ rm -rf $RPM_BUILD_ROOT @@ -333,11 +318,11 @@ rm -rf $RPM_BUILD_ROOT

* Wed Mar 08 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-2
- RHEL 7.4 erratum
- Fixes coverity scan issues created by our patches:
- Fixes coverity scan issues created by our patches:
- fixed resource leaks and a compiler warning in digest backport patch
- removed needless code from cmnd_no_wait patch causing clang warning
- format of the last changelog message causes problems to rhpkg push,
so don't use that as a commit message
so don't use that as a commit message
Resolves: rhbz#1360687

* Wed Mar 01 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-1
@ -346,7 +331,7 @@ rm -rf $RPM_BUILD_ROOT @@ -346,7 +331,7 @@ rm -rf $RPM_BUILD_ROOT
- Resolves: rhbz#1123526 - performance improvement
- Resolves: rhbz#1308789 - add MAIL and NOMAIL tags
- Resolves: rhbz#1348504 - sudo now parses sudoers with sudoers locale
- Resolves: rhbz#1374417 - "sudo -l command" indicated that the command
- Resolves: rhbz#1374417 - "sudo -l command" indicated that the command
was runnable even if denied by sudoers when using LDAP or SSSD backend.
- Resolves: rhbz#1387303 - add ignore_iolog_errors option
- Resolves: rhbz#1389360 - wrong log file group ownership
@ -553,7 +538,7 @@ rm -rf $RPM_BUILD_ROOT @@ -553,7 +538,7 @@ rm -rf $RPM_BUILD_ROOT
* Thu May 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-1
- update to 1.8.5
- fixed CVE-2012-2337
- temporarily disabled SSSD support
- temporarily disabled SSSD support

* Wed Feb 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-6
- fixed problems with undefined symbols (rhbz#798517)
@ -572,7 +557,7 @@ rm -rf $RPM_BUILD_ROOT @@ -572,7 +557,7 @@ rm -rf $RPM_BUILD_ROOT

* Thu Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1
- update to 1.8.3p1
- disable output word wrapping if the output is piped
- disable output word wrapping if the output is piped

* Wed Sep 7 2011 Peter Robinson <pbrobinson@fedoraproject.org> - 1.8.1p2-2
- Remove execute bit from sample script in docs so we don't pull in perl
@ -707,7 +692,7 @@ rm -rf $RPM_BUILD_ROOT @@ -707,7 +692,7 @@ rm -rf $RPM_BUILD_ROOT
- sparc64 needs to be in the -fPIE list with s390

* Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
- fix complains about audit_log_user_command(): Connection
- fix complains about audit_log_user_command(): Connection
refused (#401201)

* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
@ -809,7 +794,7 @@ rm -rf $RPM_BUILD_ROOT @@ -809,7 +794,7 @@ rm -rf $RPM_BUILD_ROOT
- rebuild

* Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
- added missing BuildRequires for libselinux-devel (#132883)
- added missing BuildRequires for libselinux-devel (#132883)

* Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
- Fix missing param error in sesh
@ -836,7 +821,7 @@ rm -rf $RPM_BUILD_ROOT @@ -836,7 +821,7 @@ rm -rf $RPM_BUILD_ROOT
exec of child with SELinux patch

* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
- change to default to sysadm_r
- change to default to sysadm_r
- Fix tty handling

* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
@ -844,7 +829,7 @@ rm -rf $RPM_BUILD_ROOT @@ -844,7 +829,7 @@ rm -rf $RPM_BUILD_ROOT
- replace /bin/bash -c with /bin/sesh

* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
- Hard code to use "/bin/bash -c" for selinux
- Hard code to use "/bin/bash -c" for selinux

* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
- Eliminate closing and reopening of terminals, to match su.
@ -869,7 +854,7 @@ rm -rf $RPM_BUILD_ROOT @@ -869,7 +854,7 @@ rm -rf $RPM_BUILD_ROOT
- Fix is_selinux_enabled call

* Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
- Clean up patch on failure
- Clean up patch on failure

* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
- Remove sudo.te for now.
@ -992,7 +977,7 @@ rm -rf $RPM_BUILD_ROOT @@ -992,7 +977,7 @@ rm -rf $RPM_BUILD_ROOT
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)

* Thu Oct 08 1998 Michael Maher <mike@redhat.com>
- built package for 5.2
- built package for 5.2

* Mon May 18 1998 Michael Maher <mike@redhat.com>
- updated SPEC file
@ -1004,9 +989,10 @@ rm -rf $RPM_BUILD_ROOT @@ -1004,9 +989,10 @@ rm -rf $RPM_BUILD_ROOT
- built for glibc, no problems

* Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
- Fixed for 4.2 PowerTools
- Fixed for 4.2 PowerTools
- Still need to be pamified
- Still need to move stmp file to /var/log

* Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
- First version for PowerCD.


Write Preview
Loading…
Cancel
Save