You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1073 lines
37 KiB
1073 lines
37 KiB
Summary: Allows restricted root access for specified users |
|
Name: sudo |
|
Version: 1.8.23 |
|
Release: 11%{?dist} |
|
License: ISC |
|
Group: Applications/System |
|
URL: http://www.courtesan.com/sudo/ |
|
Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz |
|
Source1: sudoers |
|
Source2: sudo-ldap.conf |
|
Source3: sudo.conf |
|
Requires: /etc/pam.d/system-auth |
|
Requires: /usr/bin/vi |
|
|
|
BuildRequires: /usr/sbin/sendmail |
|
BuildRequires: autoconf |
|
BuildRequires: automake |
|
BuildRequires: bison |
|
BuildRequires: flex |
|
BuildRequires: gettext |
|
BuildRequires: groff |
|
BuildRequires: libtool |
|
BuildRequires: audit-libs-devel |
|
BuildRequires: libcap-devel |
|
BuildRequires: libgcrypt-devel |
|
BuildRequires: libgcrypt-devel |
|
BuildRequires: libselinux-devel |
|
BuildRequires: openldap-devel |
|
BuildRequires: pam-devel |
|
BuildRequires: zlib-devel |
|
|
|
# don't strip |
|
Patch1: sudo-1.6.7p5-strip.patch |
|
# configure.in fix |
|
Patch2: sudo-1.7.2p1-envdebug.patch |
|
# 881258 - rpmdiff: added missing sudo-ldap.conf manpage |
|
Patch3: sudo-1.8.23-sudoldapconfman.patch |
|
# 1247591 - Sudo taking a long time when user information is stored externally. |
|
Patch4: sudo-1.8.23-legacy-group-processing.patch |
|
# 1135539 - sudo with ldap doesn't work with 'user id' in sudoUser option |
|
Patch5: sudo-1.8.23-ldapsearchuidfix.patch |
|
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure |
|
Patch6: sudo-1.8.6p7-logsudouser.patch |
|
# 840980 - sudo creates a new parent process |
|
# Adds cmnd_no_wait Defaults option |
|
Patch7: sudo-1.8.23-nowaitopt.patch |
|
# 1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers |
|
# This is fix of a regression in the referenced feature request. It was fixed |
|
# in newer versions of sudo and we backport it to prevent future regression |
|
# bz in RHEL. The feature itself was delivered via the rebase to 1.8.23. |
|
Patch8: sudo-1.8.23-Ignore-PAM_NEW_AUTHTOK_REQD-and-PAM_AUTHTOK_EXPIRED.patch |
|
# 1547974 - (sudo-rhel-7.6-rebase) Rebase sudo to latest stable upstream version |
|
Patch9: sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch |
|
|
|
# 1647678 - sudo access denied with pam_access and pts terminal configurations |
|
# 1672876 - Backporting sudo bug with expired passwords - this is included in in this patch |
|
Patch10: sudo-1.8.23-pam_access-and-terminals.patch |
|
|
|
# 1665285 - Problem with sudo-1.8.23 and 'who am i' |
|
Patch11: sudo-1.8.23-who-am-i.patch |
|
|
|
# 1738841 - Crash in do_syslog() while doing sudoedit |
|
Patch12: sudo-1.8.23-fix_empty_username_in_do_syslog.patch |
|
|
|
# 1760694 - CVE-2019-14287 sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword [rhel-7.8] |
|
Patch13: sudo-1.8.28-CVE-strtouid.patch |
|
Patch14: sudo-1.8.28-CVE-strtouid-test.patch |
|
|
|
# 1798095 - CVE-2019-18634 sudo: Stack based buffer overflow in when pwfeedback is enabled [rhel-7.8] |
|
Patch15: sudo-1.8.29-CVE-2019-18634-part1.patch |
|
Patch16: sudo-1.8.29-CVE-2019-18634-part2.patch |
|
|
|
# 1788196 - sudo allows privilege escalation with expire password |
|
Patch17: sudo-1.8.29-expired-password-part1.patch |
|
Patch18: sudo-1.8.29-expired-password-part2.patch |
|
|
|
# 1917729 - EMBARGOED CVE-2021-3156 sudo: Heap-buffer overflow in argument parsing [rhel-7.9.z] |
|
Patch19: sudo-1.8.31-CVE-2021-3156.patch |
|
|
|
%description |
|
Sudo (superuser do) allows a system administrator to give certain |
|
users (or groups of users) the ability to run some (or all) commands |
|
as root while logging all commands and arguments. Sudo operates on a |
|
per-command basis. It is not a replacement for the shell. Features |
|
include: the ability to restrict what commands a user may run on a |
|
per-host basis, copious logging of each command (providing a clear |
|
audit trail of who did what), a configurable timeout of the sudo |
|
command, and the ability to use the same configuration file (sudoers) |
|
on many different machines. |
|
|
|
%package devel |
|
Summary: Development files for %{name} |
|
Group: Development/Libraries |
|
Requires: %{name} = %{version}-%{release} |
|
|
|
%description devel |
|
The %{name}-devel package contains header files developing sudo |
|
plugins that use %{name}. |
|
|
|
%prep |
|
%setup -q |
|
|
|
%patch1 -p1 -b .strip |
|
%patch2 -p1 -b .envdebug |
|
%patch3 -p1 -b .sudoldapconfman |
|
%patch4 -p1 -b .legacy-group-processing |
|
%patch5 -p1 -b .ldapsearchuidfix |
|
%patch6 -p1 -b .logsudouser |
|
%patch7 -p1 -b .nowaitopt |
|
%patch8 -p1 -b .pam-mgmt-ignore-errors |
|
%patch9 -p1 -b .defaults-double-quote-fix |
|
|
|
%patch10 -p1 -b .pam_access-and-terminals |
|
|
|
%patch11 -p1 -b .who-am-i |
|
%patch12 -p1 -b .do_syslog-username |
|
|
|
%patch13 -p1 -b .CVE-strtouid |
|
%patch14 -p1 -b .CVE-strtouid-test |
|
|
|
%patch15 -p1 -b .CVE-2019-18634-part1 |
|
%patch16 -p1 -b .CVE-2019-18634-part2 |
|
|
|
%patch17 -p1 -b .expired-password-part1 |
|
%patch18 -p1 -b .expired-password-part2 |
|
|
|
%patch19 -p1 -b .heap-buffer |
|
|
|
%build |
|
autoreconf -I m4 -fv --install |
|
|
|
%ifarch s390 s390x sparc64 |
|
F_PIE=-fPIE |
|
%else |
|
F_PIE=-fpie |
|
%endif |
|
|
|
export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHLIB_MODE=755 |
|
|
|
%configure \ |
|
--prefix=%{_prefix} \ |
|
--sbindir=%{_sbindir} \ |
|
--libdir=%{_libdir} \ |
|
--docdir=%{_datadir}/doc/%{name}-%{version} \ |
|
--with-logging=syslog \ |
|
--with-logfac=authpriv \ |
|
--with-pam \ |
|
--with-pam-login \ |
|
--with-editor=/usr/bin/vi \ |
|
--with-env-editor \ |
|
--enable-gcrypt \ |
|
--with-ignore-dot \ |
|
--with-tty-tickets \ |
|
--with-ldap \ |
|
--with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \ |
|
--with-selinux \ |
|
--with-passprompt="[sudo] password for %p: " \ |
|
--with-linux-audit \ |
|
--with-sssd |
|
|
|
make |
|
|
|
%check |
|
make check |
|
|
|
%install |
|
rm -rf %{buildroot} |
|
|
|
# Update README.LDAP (#736653) |
|
sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP |
|
|
|
make install DESTDIR="%{buildroot}" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` |
|
|
|
chmod 755 %{buildroot}%{_bindir}/* %{buildroot}%{_sbindir}/* |
|
install -p -d -m 700 %{buildroot}%{_localstatedir}/db/sudo |
|
install -p -d -m 700 %{buildroot}%{_localstatedir}/db/sudo/lectured |
|
install -p -d -m 750 %{buildroot}%{_sysconfdir}/sudoers.d |
|
install -p -c -m 0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers |
|
install -p -c -m 0640 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudo.conf |
|
install -p -c -m 0640 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudo-ldap.conf |
|
|
|
# Remove upstream sudoers file |
|
rm -f %{buildroot}%{_sysconfdir}/sudoers.dist |
|
|
|
# Remove all .la files |
|
find %{buildroot} -name '*.la' -exec rm -f {} ';' |
|
|
|
%find_lang sudo |
|
%find_lang sudoers |
|
|
|
cat sudo.lang sudoers.lang > sudo_all.lang |
|
rm sudo.lang sudoers.lang |
|
|
|
mkdir -p %{buildroot}%{_sysconfdir}/pam.d |
|
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF |
|
#%%PAM-1.0 |
|
auth include system-auth |
|
account include system-auth |
|
password include system-auth |
|
session optional pam_keyinit.so revoke |
|
session include system-auth |
|
EOF |
|
|
|
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF |
|
#%%PAM-1.0 |
|
auth include sudo |
|
account include sudo |
|
password include sudo |
|
session optional pam_keyinit.so force revoke |
|
session include sudo |
|
EOF |
|
|
|
%clean |
|
rm -rf %{buildroot} |
|
|
|
%files -f sudo_all.lang |
|
%defattr(-,root,root) |
|
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers |
|
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf |
|
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf |
|
%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/ |
|
%config(noreplace) %{_sysconfdir}/pam.d/sudo |
|
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i |
|
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf |
|
%dir %{_localstatedir}/db/sudo |
|
%dir %{_localstatedir}/db/sudo/lectured |
|
%attr(4111,root,root) %{_bindir}/sudo |
|
%{_bindir}/sudoedit |
|
%{_bindir}/cvtsudoers |
|
%attr(0111,root,root) %{_bindir}/sudoreplay |
|
%attr(0755,root,root) %{_sbindir}/visudo |
|
%attr(0755,root,root) %{_libexecdir}/sudo/sesh |
|
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so |
|
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so |
|
%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so |
|
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so |
|
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? |
|
%{_libexecdir}/sudo/libsudo_util.so.? |
|
%{_libexecdir}/sudo/libsudo_util.so |
|
%{_mandir}/man5/sudoers.5* |
|
%{_mandir}/man5/sudoers.ldap.5* |
|
%{_mandir}/man5/sudo-ldap.conf.5* |
|
%{_mandir}/man5/sudo.conf.5* |
|
%{_mandir}/man8/sudo.8* |
|
%{_mandir}/man8/sudoedit.8* |
|
%{_mandir}/man8/sudoreplay.8* |
|
%{_mandir}/man8/visudo.8* |
|
%{_mandir}/man1/cvtsudoers.1.gz |
|
%{_mandir}/man5/sudoers_timestamp.5.gz |
|
%dir %{_docdir}/sudo-%{version} |
|
%{_docdir}/sudo-%{version}/* |
|
|
|
# Make sure permissions are ok even if we're updating |
|
%post |
|
/bin/chmod 0440 %{_sysconfdir}/sudoers || : |
|
|
|
%files devel |
|
%defattr(-,root,root,-) |
|
%doc plugins/sample/sample_plugin.c |
|
%{_includedir}/sudo_plugin.h |
|
%{_mandir}/man8/sudo_plugin.8* |
|
|
|
%changelog |
|
* Wed Jan 20 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.23-11 |
|
- RHEL 7.9.Z ERRATUM |
|
- CVE-2021-3156 |
|
Resolves: rhbz#1917729 |
|
|
|
* Wed Mar 25 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.23-10 |
|
- RHEL-7.9 |
|
- sudo allows privilege escalation with expire password |
|
Resolves: rhbz#1788196 |
|
|
|
* Wed Feb 05 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.23-9 |
|
- RHEL-7.8 |
|
- CVE-2019-18634 |
|
Resolves: rhbz#1798095 |
|
|
|
* Thu Oct 17 2019 Marek Tamaskovic <mtamasko@redhat.com> 1.8.23-8 |
|
- RHEL-7.8 |
|
- fixed CVE-2019-14287 |
|
Resolves: rhbz#1760695 |
|
|
|
* Thu Aug 22 2019 Marek Tamaskovic <mtamasko@redhat.com> 1.8.23-7 |
|
- RHEL-7.8 erratum |
|
Resolves: rhbz#1738841 Crash in do_syslog() while doing sudoedit |
|
|
|
* Mon Aug 19 2019 Marek Tamaskovic <mtamasko@redhat.com> 1.8.23-6 |
|
- RHEL-7.8 erratum |
|
Resolves: rhbz#1647678 sudo access denied with pam_access and pts terminal configurations |
|
|
|
* Mon Aug 12 2019 Marek Tamaskovic <mtamasko@redhat.com> 1.8.23-5 |
|
- RHEL-7.8 erratum |
|
Resolves: rhbz#1711997 sudo is super slow when /etc/security/limits.conf contains many entries |
|
|
|
* Wed Feb 20 2019 Radovan Sroka <rsroka@redhat.com> 1.8.23-4 |
|
- RHEL-7.7 erratum |
|
Resolves: rhbz#1672876 - Backporting sudo bug with expired passwords |
|
Resolves: rhbz#1665285 - Problem with sudo-1.8.23 and 'who am i' |
|
|
|
* Mon Sep 24 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-3 |
|
- RHEL-7.6 erratum |
|
Resolves: rhbz#1547974 - Rebase sudo to latest stable upstream version |
|
|
|
* Fri Sep 21 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-2 |
|
- RHEL-7.6 erratum |
|
Resolves: rhbz#1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers |
|
Resolves: rhbz#1506025 - Latest update broke sudo for ldap users. |
|
Resolves: rhbz#1502630 - inclusion of system-auth for session hooks missing in sudo PAM snippets |
|
|
|
* Thu Jun 28 2018 Daniel Kopecek <dkopecek@redhat.com> 1.8.23-1 |
|
- RHEL-7.6 erratum |
|
Resolves: rhbz#1547974 - Rebase sudo to latest stable upstream version (1.8.23) |
|
Resolves: rhbz#1502630 - inclusion of system-auth for session hooks missing in sudo PAM snippets |
|
Resolves: rhbz#1506025 - Latest update broke sudo for ldap users. |
|
Resolves: rhbz#1533964 - sudo skips PAM account module in case NOPASSWD is used in sudoers |
|
Resolves: rhbz#1548380 - RFE: Create flag to filter to sudo -l output |
|
Resolves: rhbz#1510002 - Ensure that the command input (stdin) eating behaviour of Default log_input is documented |
|
Resolves: rhbz#1596032 - Why does sudo package depend on vim-minimal? |
|
|
|
* Thu Nov 30 2017 Radovan Sroka <rsroka@redhat.com> 1.8.19p2-13 |
|
- RHEL 7.5 erratum |
|
- Fixed sudo -l checking results whether user should be authenticated |
|
- Enabled LDAP filter patch |
|
- Fixed double free in sssd |
|
|
|
Resolves: rhbz#1505409 |
|
Resolves: rhbz#1511850 |
|
Resolves: rhbz#1518104 |
|
|
|
* Mon Oct 02 2017 Radovan Sroka <rsroka@redhat.com> 1.8.19p2-12 |
|
- RHEL 7.5 erratum |
|
- Fixed exit codes for `sudo -l -U <user>` |
|
- Fixed truncated output when log_output is enabled |
|
- Updated use_pty and IO logging manpage |
|
|
|
Resolves: rhbz#1458696 |
|
Resolves: rhbz#1454571 |
|
Resolves: rhbz#1490358 |
|
|
|
- Fixed second pass LDAP filter expression in the sudoers ldap backend |
|
- inclomplete patch for rhbz#1485397 |
|
|
|
* Mon Aug 14 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.19p2-11 |
|
- Moved libsudo_util.so from the -devel sub-package to main package |
|
Resolves: rhbz#1481225 |
|
|
|
* Wed Jun 07 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.19p2-10 |
|
- RHEL 7.4 erratum |
|
- Fix CVE-2017-1000368 |
|
Resolves: rhbz#1459411 |
|
|
|
* Tue Jun 06 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.19p2-9 |
|
- RHEL 7.4 erratum |
|
- removed patch for output truncation (1454571) which introduced regression |
|
Resolves: rhbz#1360687 |
|
|
|
* Thu May 25 2017 Jakub Jelen <jjelen@redhat.com> - 1.8.19p2-8 |
|
- RHEL 7.4 erratum |
|
- Fixes CVE-2017-1000367: Privilege escalation in via improper get_process_ttyname() parsing |
|
Resolves: rhbz#1455402 |
|
|
|
* Tue May 23 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.19p2-7 |
|
- RHEL 7.4 erratum |
|
- added patch to fix output truncation (in some cases) when log_output |
|
option is enabled |
|
Resolves: rhbz#1454571 |
|
|
|
* Thu May 04 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.19p2-6 |
|
- RHEL 7.4 erratum |
|
- added patch that fixes lecture option used as bolean |
|
Resolves rhbz#1360687 |
|
|
|
* Tue Apr 25 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.19p2-5 |
|
- RHEL 7.4 erratum |
|
- added doc patch about sudo lookup issue |
|
Resolves: rhbz#1293306 |
|
- added test suite patch |
|
Resolves: rhbz#1360687 |
|
- fixed use after free fqdn problem |
|
Resolves: rhbz#1360687 |
|
|
|
* Tue Mar 21 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-4 |
|
- RHEL 7.4 erratum |
|
- fixed cmnd_no_wait patch |
|
- backported iolog_flush sudoers default |
|
Resolves: rhbz#1369856 |
|
Resolves: rhbz#1425853 |
|
|
|
* Wed Mar 08 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-3 |
|
- RHEL 7.4 eratum |
|
- Fixes semicolon typo in digest backport patch from the previous build |
|
Resolves: rhbz#1360687 |
|
|
|
* Wed Mar 08 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-2 |
|
- RHEL 7.4 erratum |
|
- Fixes coverity scan issues created by our patches: |
|
- fixed resource leaks and a compiler warning in digest backport patch |
|
- removed needless code from cmnd_no_wait patch causing clang warning |
|
- format of the last changelog message causes problems to rhpkg push, |
|
so don't use that as a commit message |
|
Resolves: rhbz#1360687 |
|
|
|
* Wed Mar 01 2017 Tomas Sykora <tosykora@redhat.com> - 1.8.19p2-1 |
|
- RHEL 7.4 erratum |
|
- Resolves: rhbz#1360687 - rebase to 1.8.19p2 |
|
- Resolves: rhbz#1123526 - performance improvement |
|
- Resolves: rhbz#1308789 - add MAIL and NOMAIL tags |
|
- Resolves: rhbz#1348504 - sudo now parses sudoers with sudoers locale |
|
- Resolves: rhbz#1374417 - "sudo -l command" indicated that the command |
|
was runnable even if denied by sudoers when using LDAP or SSSD backend. |
|
- Resolves: rhbz#1387303 - add ignore_iolog_errors option |
|
- Resolves: rhbz#1389360 - wrong log file group ownership |
|
- Resolves: rhbz#1389735 - add iolog_group, iolog_mode, iolog_user options |
|
- Resolves: rhbz#1397169 - maxseq and ignore_iolog_errors options |
|
- Resolves: rhbz#1403051 - add support for querying netgroups directly via LDAP |
|
- Resolves: rhbz#1410086 - race condition while creating /var/log/sudo-io dir |
|
- Resolves: rhbz#1413160 - add ignore_unknown_defaults flag |
|
- Resolves: rhbz#1254772 - ability to export sudoers in json format |
|
- Resolves: rhbz#1417187 - wrong reference to config file in systax error message |
|
- Resolves: rhbz#1424575 - visudo was not printing severity of error/warning message |
|
|
|
* Wed Nov 23 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-21 |
|
- Update noexec syscall blacklist |
|
- Fixes CVE-2016-7032 and CVE-2016-7076 |
|
Resolves: rhbz#1391940 |
|
|
|
* Tue Jul 19 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-20 |
|
- RHEL 7.3 erratum |
|
- fixed visudo's -q flag |
|
Resolves: rhbz#1350828 |
|
|
|
* Tue Jun 14 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-19 |
|
- RHEL 7.3 erratum |
|
- removed INPUTRC from env_keep to prevent a potential info leak |
|
Resolves: rhbz#1340700 |
|
|
|
* Wed May 11 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-18 |
|
- RHEL 7.3 erratum |
|
- removed requiretty flag from the default sudoers policy |
|
- backported pam_service and pam_login_service defaults options |
|
- implemented netgroup_tuple defaults option for changing netgroup |
|
processing semantics |
|
- fixed user matching logic in the LDAP nss backend |
|
- don't allow visudo to accept an invalid sudoers file |
|
- fixed a bug causing that non-root users can list privileges of |
|
other users |
|
- modified digest check documentation to mention the raciness of |
|
the checking mechanism |
|
Resolves: rhbz#1196451 |
|
Resolves: rhbz#1247230 |
|
Resolves: rhbz#1334331 |
|
Resolves: rhbz#1334360 |
|
Resolves: rhbz#1261998 |
|
Resolves: rhbz#1313364 |
|
Resolves: rhbz#1312486 |
|
Resolves: rhbz#1268958 |
|
Resolves: rhbz#1335039 |
|
Resolves: rhbz#1335042 |
|
Resolves: rhbz#1335045 |
|
Resolves: rhbz#1273243 |
|
Resolves: rhbz#1299883 |
|
|
|
* Mon Feb 15 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-17 |
|
- fixed bug in closefrom_override defaults option |
|
Resolves: rhbz#1297062 |
|
|
|
* Tue Sep 1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-16 |
|
- RHEL 7.2 erratum |
|
- show the digest type in warning messages |
|
Resolves: rhbz#1183818 |
|
|
|
* Tue Sep 1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-15 |
|
- RHEL 7.2 erratum |
|
- fixed compilation of testing binaries during make check |
|
- added legacy group processing patch |
|
- replaced buggy base64 decoder with a public domain implementation |
|
Resolves: rhbz#1254621 |
|
Resolves: rhbz#1183818 |
|
Resolves: rhbz#1247591 |
|
|
|
* Tue Jul 7 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-14 |
|
- RHEL 7.2 erratum |
|
- backported command digest specification |
|
- fixed CVE-2014-9680 sudo: unsafe handling of TZ environment variable |
|
- fixed typos in sudoers.ldap man page |
|
- fixed handling of double-quoted sudoOption values in ldap, sssd sources |
|
- fixed numeric uid specification support in ldap source |
|
- fixed authentication flag logic in ldap source |
|
- added the systemctl command to the SERVICES alias in the default sudoers file |
|
Resolves: rhbz#1144446 |
|
Resolves: rhbz#1235570 |
|
Resolves: rhbz#1138259 |
|
Resolves: rhbz#1183818 |
|
Resolves: rhbz#1233607 |
|
Resolves: rhbz#1144419 |
|
Resolves: rhbz#1135539 |
|
Resolves: rhbz#1215400 |
|
|
|
* Tue Sep 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-13 |
|
- RHEL 7.1 erratum |
|
- fixed issues found by covscan/clang-analyzer |
|
Resolves: rhbz#1147616 |
|
|
|
* Mon Sep 29 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-12 |
|
- RHEL 7.1 erratum |
|
- don't retry authentication when ctrl-c pressed |
|
- fix double-quote processing in Defaults options |
|
- handle the "(none)" hostname correctly |
|
- SSSD: fix sudoUser netgroup specification filtering |
|
- SSSD: list correct user when -U <user> -l specified |
|
- SSSD: show rule names on long listing (-ll) |
|
- fix infinite loop when duplicate entries are specified on the |
|
sudoers nsswitch.conf line |
|
Resolves: rhbz#1084488 |
|
Resolves: rhbz#1088464 |
|
Resolves: rhbz#1088825 |
|
Resolves: rhbz#1092499 |
|
Resolves: rhbz#1093099 |
|
Resolves: rhbz#1096813 |
|
Resolves: rhbz#1147497 |
|
Resolves: rhbz#1147557 |
|
|
|
* Wed Feb 26 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-11 |
|
- Fixed incorrect login shell path construction in sesh |
|
(thanks fkrska@redhat.com for the patch) |
|
Resolves: rhbz#1065418 |
|
|
|
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.8.6p7-10 |
|
- Mass rebuild 2014-01-24 |
|
|
|
* Wed Jan 15 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-9 |
|
- allow the wheel group to use sudo |
|
Resolves: rhbz#994623 |
|
|
|
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.8.6p7-8 |
|
- Mass rebuild 2013-12-27 |
|
|
|
* Fri Nov 08 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-7 |
|
- dropped wrong patch and fixed patch comments |
|
Resolves: rhbz#1000389 |
|
|
|
* Thu Nov 07 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-6 |
|
- fixed alias cycle detection code |
|
- added debug messages for tracing of netgroup matching |
|
- fixed aborting on realloc when displaying allowed commands |
|
- sssd: filter netgroups in the sudoUser attribute |
|
- parse uids/gids more strictly |
|
- added debug messages to trace netgroup matching |
|
Resolves: rhbz#1026904 |
|
Resolves: rhbz#1026890 |
|
Resolves: rhbz#1007014 |
|
Resolves: rhbz#1026894 |
|
Resolves: rhbz#1000389 |
|
Resolves: rhbz#994566 |
|
|
|
* Mon Aug 05 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-5 |
|
- added standalone manpage for sudo.conf and sudo-ldap.conf |
|
- spec file cleanup |
|
Resolves: rhbz#881258 |
|
|
|
* Mon Jul 29 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-4 |
|
- added RHEL 6 patches |
|
|
|
* Wed Jul 24 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-3 |
|
- synced sudoers, configure options & configuration files with |
|
expected RHEL configuration |
|
Resolves: rhbz#969373 |
|
Resolves: rhbz#971009 |
|
Resolves: rhbz#965124 |
|
Resolves: rhbz#971013 |
|
Resolves: rhbz#839705 |
|
|
|
* Thu Apr 11 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-2 |
|
- depend on /usr/sbin/sendmail instead of the sendmail package |
|
Resolves: rhbz#927842 |
|
|
|
* Thu Feb 28 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-1 |
|
- update to 1.8.6p7 |
|
- fixes CVE-2013-1775 and CVE-2013-1776 |
|
- fixed several packaging issues (thanks to ville.skytta@iki.fi) |
|
- build with system zlib. |
|
- let rpmbuild strip libexecdir/*.so. |
|
- own the %%{_docdir}/sudo-* dir. |
|
- fix some rpmlint warnings (spaces vs tabs, unescaped macros). |
|
- fix bogus %%changelog dates. |
|
|
|
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.6p3-3 |
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
|
|
|
* Mon Nov 12 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2 |
|
- added upstream patch for a regression |
|
- don't include arch specific files in the -devel subpackage |
|
- ship only one sample plugin in the -devel subpackage |
|
|
|
* Tue Sep 25 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1 |
|
- update to 1.8.6p3 |
|
- drop -pipelist patch (fixed in upstream) |
|
|
|
* Thu Sep 6 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6-1 |
|
- update to 1.8.6 |
|
|
|
* Thu Jul 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-4 |
|
- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com) |
|
- re-enabled SSSD support |
|
- removed libsss_sudo dependency |
|
|
|
* Tue Jul 24 2012 Bill Nottingham <notting@redhat.com> - 1.8.5-3 |
|
- flip sudoers2ldif executable bit after make install, not in setup |
|
|
|
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.5-2 |
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
|
|
|
* Thu May 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.5-1 |
|
- update to 1.8.5 |
|
- fixed CVE-2012-2337 |
|
- temporarily disabled SSSD support |
|
|
|
* Wed Feb 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-6 |
|
- fixed problems with undefined symbols (rhbz#798517) |
|
|
|
* Wed Feb 22 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-5 |
|
- SSSD patch update |
|
|
|
* Tue Feb 7 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-4 |
|
- added SSSD support |
|
|
|
* Thu Jan 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-3 |
|
- added patch for CVE-2012-0809 |
|
|
|
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.3p1-2 |
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
|
|
|
* Thu Nov 10 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.3p1-1 |
|
- update to 1.8.3p1 |
|
- disable output word wrapping if the output is piped |
|
|
|
* Wed Sep 7 2011 Peter Robinson <pbrobinson@fedoraproject.org> - 1.8.1p2-2 |
|
- Remove execute bit from sample script in docs so we don't pull in perl |
|
|
|
* Tue Jul 12 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.8.1p2-1 |
|
- rebase to 1.8.1p2 |
|
- removed .sudoi patch |
|
- fixed typo: RELPRO -> RELRO |
|
- added -devel subpackage for the sudo_plugin.h header file |
|
- use default ldap configuration files again |
|
|
|
* Fri Jun 3 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4 |
|
- build with RELRO |
|
|
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.4p5-3 |
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild |
|
|
|
* Mon Jan 17 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2 |
|
- rebase to 1.7.4p5 |
|
- fixed sudo-1.7.4p4-getgrouplist.patch |
|
- fixes CVE-2011-0008, CVE-2011-0010 |
|
|
|
* Tue Nov 30 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-5 |
|
- anybody in the wheel group has now root access (using password) (rhbz#656873) |
|
- sync configuration paths with the nss_ldap package (rhbz#652687) |
|
|
|
* Wed Sep 29 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-4 |
|
- added upstream patch to fix rhbz#638345 |
|
|
|
* Mon Sep 20 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-3 |
|
- added patch for #635250 |
|
- /var/run/sudo -> /var/db/sudo in .spec |
|
|
|
* Tue Sep 7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-2 |
|
- sudo now uses /var/db/sudo for timestamps |
|
|
|
* Tue Sep 7 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p4-1 |
|
- update to new upstream version |
|
- new command available: sudoreplay |
|
- use native audit support |
|
- corrected license field value: BSD -> ISC |
|
|
|
* Wed Jun 2 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-2 |
|
- added patch that fixes insufficient environment sanitization issue (#598154) |
|
|
|
* Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1 |
|
- update to new upstream version |
|
- merged .audit and .libaudit patch |
|
- added sudoers.ldap.5* to files |
|
|
|
* Mon Mar 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p5-2 |
|
- update to new upstream version |
|
|
|
* Tue Feb 16 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5 |
|
- fixed no valid sudoers sources found (#558875) |
|
|
|
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4 |
|
- audit related Makefile.in and configure.in corrections |
|
- added --with-audit configure option |
|
- removed call to libtoolize |
|
|
|
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3 |
|
- fixed segfault when #include directive is used in cycles (#561336) |
|
|
|
* Fri Jan 8 2010 Ville Skyttä <ville.skytta@iki.fi> - 1.7.2p2-2 |
|
- Add /etc/sudoers.d dir and use it in default config (#551470). |
|
- Drop *.pod man page duplicates from docs. |
|
|
|
* Thu Jan 07 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1 |
|
- new upstream version 1.7.2p2-1 |
|
- commented out unused aliases in sudoers to make visudo happy (#550239) |
|
|
|
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7 |
|
- rebuilt with new audit |
|
|
|
* Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6 |
|
- moved secure_path from compile-time option to sudoers file (#517428) |
|
|
|
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5 |
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
|
|
|
* Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4 |
|
- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch) |
|
- epoch number sync |
|
|
|
* Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1 |
|
- updated sudo to version 1.7.1 |
|
- fixed small bug in configure.in (sudo-1.7.1-conffix.patch) |
|
|
|
* Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6 |
|
- fixed building with new libtool |
|
- fix for incorrect handling of groups in Runas_User |
|
- added /usr/local/sbin to secure-path |
|
|
|
* Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3 |
|
- build with sendmail installed |
|
- Added /usr/local/bin to secure-path |
|
|
|
* Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2 |
|
- adjust audit patch, do not scream when kernel is |
|
compiled without audit netlink support (#401201) |
|
|
|
* Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1 |
|
- upgrade |
|
|
|
* Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7 |
|
- build with newer autoconf-2.62 (#449614) |
|
|
|
* Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6 |
|
- compiled with secure path (#80215) |
|
|
|
* Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5 |
|
- fix path to updatedb in /etc/sudoers (#445103) |
|
|
|
* Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4 |
|
- include ldap files in rpm package (#439506) |
|
|
|
* Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3 |
|
- include [sudo] in password prompt (#437092) |
|
|
|
* Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2 |
|
- audit support improvement |
|
|
|
* Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1 |
|
- upgrade to the latest upstream release |
|
|
|
* Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1 |
|
- upgrade to the latest upstream release |
|
- add selinux support |
|
|
|
* Mon Feb 04 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6 |
|
- sparc64 needs to be in the -fPIE list with s390 |
|
|
|
* Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5 |
|
- fix complains about audit_log_user_command(): Connection |
|
refused (#401201) |
|
|
|
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4 |
|
- Rebuild for deps |
|
|
|
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3 |
|
- Rebuild for openssl bump |
|
|
|
* Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2 |
|
- fix autotools stuff and add audit support |
|
|
|
* Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1 |
|
- upgrade to upstream release |
|
|
|
* Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14 |
|
- also use getgrouplist() to determine group membership (#235915) |
|
|
|
* Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13 |
|
- fix some spec file issues |
|
|
|
* Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12 |
|
- fix rpmlint issue |
|
|
|
* Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11 |
|
- fix typo in sudoers file (#212308) |
|
|
|
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10 |
|
- rebuilt for unwind info generation, broken in gcc-4.1.1-21 |
|
|
|
* Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9 |
|
- fix sudoers file, X apps didn't work (#206320) |
|
|
|
* Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8 |
|
- use Red Hat specific default sudoers file |
|
|
|
* Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7 |
|
- fix #198755 - make login processes (sudo -i) initialise session keyring |
|
(thanks for PAM config files to David Howells) |
|
- add IPv6 support (patch by Milan Zazrivec) |
|
|
|
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1 |
|
- rebuild |
|
|
|
* Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6 |
|
- fix #190062 - "ssh localhost sudo su" will show the password in clear |
|
|
|
* Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5 |
|
- add LDAP support (#170848) |
|
|
|
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1 |
|
- bump again for double-long bug on ppc(64) |
|
|
|
* Wed Feb 8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4 |
|
- reset env. by default |
|
|
|
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1 |
|
- rebuilt for new gcc4.1 snapshot and glibc changes |
|
|
|
* Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3 |
|
- Remove selinux patch. It has been decided that the SELinux patch for sudo is |
|
- no longer necessary. In tageted policy it had no effect. In strict/MLS policy |
|
- We require the person using sudo to execute newrole before using sudo. |
|
|
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> |
|
- rebuilt |
|
|
|
* Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1 |
|
- new upstream version 1.6.8p12 |
|
|
|
* Tue Nov 8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1 |
|
- new upstream version 1.6.8p11 |
|
|
|
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6 |
|
- use include instead of pam_stack in pam config |
|
|
|
* Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5 |
|
- enable interfaces in selinux patch |
|
- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch |
|
|
|
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4 |
|
- fix debuginfo |
|
|
|
* Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3 |
|
- fix #162623 - sesh hangs when child suspends |
|
|
|
* Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2 |
|
- Add back in interfaces call, SELinux has been fixed to work around |
|
|
|
* Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1 |
|
- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution) |
|
|
|
* Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2 |
|
- fix #154511 - sudo does not use limits.conf |
|
|
|
* Mon Apr 4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1 |
|
- new version 1.6.8p8: new sudoedit and sudo_noexec |
|
|
|
* Wed Feb 9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31 |
|
- rebuild |
|
|
|
* Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1 |
|
- added missing BuildRequires for libselinux-devel (#132883) |
|
|
|
* Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30 |
|
- Fix missing param error in sesh |
|
|
|
* Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29 |
|
- Remove full patch check from sesh |
|
|
|
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28 |
|
- Fix selinux patch to switch to root user |
|
|
|
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> |
|
- rebuilt |
|
|
|
* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26 |
|
- Eliminate tty handling from selinux |
|
|
|
* Thu Apr 1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25 |
|
- fixed spec file: sesh in file section with selinux flag (#119682) |
|
|
|
* Tue Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24 |
|
- Enhance sesh.c to fork/exec children itself, to avoid |
|
having sudo reap all domains. |
|
- Only reinstall default signal handlers immediately before |
|
exec of child with SELinux patch |
|
|
|
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23 |
|
- change to default to sysadm_r |
|
- Fix tty handling |
|
|
|
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22 |
|
- Add /bin/sesh to run selinux code. |
|
- replace /bin/bash -c with /bin/sesh |
|
|
|
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21 |
|
- Hard code to use "/bin/bash -c" for selinux |
|
|
|
* Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20 |
|
- Eliminate closing and reopening of terminals, to match su. |
|
|
|
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19 |
|
- SELinux fixes to make transitions work properly |
|
|
|
* Fri Mar 5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18 |
|
- pied sudo |
|
|
|
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> |
|
- rebuilt |
|
|
|
* Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16 |
|
- Eliminate interfaces call, since this requires big SELinux privs |
|
- and it seems to be useless. |
|
|
|
* Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15 |
|
- visudo requires vim-minimal or setting EDITOR to something useful (#68605) |
|
|
|
* Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14 |
|
- Fix is_selinux_enabled call |
|
|
|
* Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13 |
|
- Clean up patch on failure |
|
|
|
* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12 |
|
- Remove sudo.te for now. |
|
|
|
* Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11 |
|
- Fix usage message |
|
|
|
* Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10 |
|
- Clean up sudo.te to not blow up if pam.te not present |
|
|
|
* Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com> |
|
- added missing BuildRequires for groff |
|
|
|
* Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9 |
|
- remove left-over debugging code |
|
|
|
* Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8 |
|
- Fix terminal handling that caused Sudo to exit on non selinux machines. |
|
|
|
* Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7 |
|
- Remove sudo_var_run_t which is now pam_var_run_t |
|
|
|
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6 |
|
- Fix terminal handling and policy |
|
|
|
* Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5 |
|
- Fix policy |
|
|
|
* Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel |
|
- Turn on SELinux support |
|
|
|
* Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3 |
|
- Add support for SELinux |
|
|
|
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> |
|
- rebuilt |
|
|
|
* Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1 |
|
|
|
* Wed Jan 22 2003 Tim Powers <timp@redhat.com> |
|
- rebuilt |
|
|
|
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2 |
|
- remove absolute path names from the PAM configuration, ensuring that the |
|
right modules get used for whichever arch we're built for |
|
- don't try to install the FAQ, which isn't there any more |
|
|
|
* Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1 |
|
- update to 1.6.6 |
|
|
|
* Fri Jun 21 2002 Tim Powers <timp@redhat.com> |
|
- automated rebuild |
|
|
|
* Thu May 23 2002 Tim Powers <timp@redhat.com> |
|
- automated rebuild |
|
|
|
* Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2 |
|
- Fix bug #63768 |
|
|
|
* Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1 |
|
- 1.6.5p2 |
|
|
|
* Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1 |
|
- 1.6.5p1 |
|
- Hope this "a new release per day" madness stops ;) |
|
|
|
* Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1 |
|
- 1.6.5 |
|
|
|
* Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1 |
|
- 1.6.4p1 |
|
|
|
* Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1 |
|
- Update to 1.6.4 |
|
|
|
* Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2 |
|
- Add build requirements (#49706) |
|
- s/Copyright/License/ |
|
- bzip2 source |
|
|
|
* Sat Jun 16 2001 Than Ngo <than@redhat.com> |
|
- update to 1.6.3p7 |
|
- use %%{_tmppath} |
|
|
|
* Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> |
|
- 1.6.3p6, fixes buffer overrun |
|
|
|
* Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com> |
|
- 1.6.3p5 |
|
|
|
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com> |
|
- automatic rebuild |
|
|
|
* Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de> |
|
- fixed owner of sudo and visudo |
|
|
|
* Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com> |
|
- modify PAM setup to use system-auth |
|
- clean up buildrooting by using the makeinstall macro |
|
|
|
* Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com> |
|
- initial build in main distrib |
|
- update to 1.6.3 |
|
- deal with compressed man pages |
|
|
|
* Tue Dec 14 1999 Preston Brown <pbrown@redhat.com> |
|
- updated to 1.6.1 for Powertools 6.2 |
|
- config files are now noreplace. |
|
|
|
* Thu Jul 22 1999 Tim Powers <timp@redhat.com> |
|
- updated to 1.5.9p2 for Powertools 6.1 |
|
|
|
* Wed May 12 1999 Bill Nottingham <notting@redhat.com> |
|
- sudo is configured with pam. There's no pam.d file. Oops. |
|
|
|
* Mon Apr 26 1999 Preston Brown <pbrown@redhat.com> |
|
- upgraded to 1.59p1 for powertools 6.0 |
|
|
|
* Tue Oct 27 1998 Preston Brown <pbrown@redhat.com> |
|
- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) |
|
|
|
* Thu Oct 08 1998 Michael Maher <mike@redhat.com> |
|
- built package for 5.2 |
|
|
|
* Mon May 18 1998 Michael Maher <mike@redhat.com> |
|
- updated SPEC file |
|
|
|
* Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com> |
|
- updated to 1.5.4 |
|
|
|
* Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com> |
|
- built for glibc, no problems |
|
|
|
* Fri Apr 25 1997 Michael Fulbright <msf@redhat.com> |
|
- Fixed for 4.2 PowerTools |
|
- Still need to be pamified |
|
- Still need to move stmp file to /var/log |
|
|
|
* Mon Feb 17 1997 Michael Fulbright <msf@redhat.com> |
|
- First version for PowerCD.
|
|
|