/[smeserver]/rpms/sudo/sme9/sudo.spec
ViewVC logotype

Annotation of /rpms/sudo/sme9/sudo.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Thu Feb 4 19:44:49 2021 UTC (3 years, 8 months ago) by jpp
Branch: MAIN
CVS Tags: sudo-1_8_6p3-29_el6_9
Sudo

1 jpp 1.1 Summary: Allows restricted root access for specified users
2     Name: sudo
3     Version: 1.8.6p3
4     Release: 29%{?dist}
5     License: ISC
6     Group: Applications/System
7     URL: http://www.courtesan.com/sudo/
8     Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
9     Source1: sudo-1.8.6p3-sudoers
10     Source2: sudo-1.7.4p5-sudo-ldap.conf
11     Source3: sudo-1.8.6p3-sudo.conf
12     Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
13     Requires: /etc/pam.d/system-auth, vim-minimal
14    
15     BuildRequires: pam-devel
16     BuildRequires: groff
17     BuildRequires: openldap-devel
18     BuildRequires: flex
19     BuildRequires: bison
20     BuildRequires: automake autoconf libtool
21     BuildRequires: audit-libs-devel libcap-devel
22     BuildRequires: libselinux-devel
23     BuildRequires: sendmail
24     BuildRequires: zlib-devel
25     BuildRequires: tzdata
26    
27     # don't strip
28     Patch1: sudo-1.6.7p5-strip.patch
29     # configure.in fix
30     Patch2: sudo-1.7.2p1-envdebug.patch
31     # show the editor being executed by `sudo -e' in audit messages
32     Patch3: sudo-1.8.6p3-auditeditor.patch
33     # fix manpage typo (#726634)
34     Patch4: sudo-1.8.6p3-mantypo.patch
35     # correct SELinux handling in sudoedit mode (#697775)
36     Patch5: sudo-1.8.6p3-sudoedit-selinux.patch
37     # [RFE] Fix visudo -s to be backwards compatible (#604297)
38     Patch6: sudo-1.8.6p3-aliaswarnonly.patch
39     # log failed user role changes (#665131)
40     Patch7: sudo-1.8.6p3-auditrolechange.patch
41     # 840980 - sudo creates a new parent process
42     # Adds cmnd_no_wait Defaults option
43     Patch8: sudo-1.8.6p3-nowaitopt.patch
44     # Do not inform the user that the command was not permitted by the
45     # policy if they do not successfully authenticate.
46     Patch9: sudo-1.8.6p3-noauthwarn-regression.patch
47     # 876578 - erealloc3 error on sssd sudoHost netgroup mismatch
48     Patch10: sudo-1.8.6p3-emallocfail.patch
49     # 876208 - sudoRunAsUser #uid specification doesn't work
50     Patch11: sudo-1.8.6p3-ldap-sssd-usermatch.patch
51     # 879675 - sudo parse ldap.conf incorrectly
52     Patch12: sudo-1.8.6p3-ldapconfparse.patch
53     # 879633 - sudo + sssd + local user sends e-mail to administrator
54     Patch13: sudo-1.8.6p3-sssd-noise.patch
55     # 903020 - sudoers containing specially crafted aliases causes segfault of visudo
56     Patch14: sudo-1.8.6p3-cyclesegv.patch
57     # 856901 - Defauts:!<user> syntax in sudoers doesn't seem to work as expected
58     Patch15: sudo-1.8.6p3-ALL-with-negation-manupdate.patch
59     # 947276 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo
60     Patch16: sudo-1.8.6p3-nprocfix.patch
61     # 886648 - Access granted with invalid sudoRunAsUser/sudoRunAsGroup
62     Patch17: sudo-1.8.6p3-strictuidgid.patch
63     # 994563 - Warning in visudo: cycle in Host_Alias even without cycle
64     Patch18: sudo-1.8.6p3-cycledetect.patch
65     # 848111 - Improve error message
66     Patch19: sudo-1.8.6p3-netgrmatchtrace.patch
67     # 994626 - sudo -u <user> sudo -l show error: *** glibc detected *** sudo: realloc(): invalid next size
68     Patch20: sudo-1.8.6p3-lbufexpandcode.patch
69     # 973228 - RHEL6 sudo logs username "root" instead of realuser in /var/log/secure
70     Patch21: sudo-1.8.6p3-logsudouser.patch
71     # 880150 - sssd +netgroup sudoUser is always matched
72     Patch22: sudo-1.8.6p3-sssdfixes.patch
73     # 853542 - sudo should use ipa_hostname in IPA backend when defined
74     Patch23: sudo-1.8.6p3-ipahostname.patch
75     # 1015355 - CVE-2013-1775 CVE-2013-2777 CVE-2013-2776 sudo: various flaws
76     # upstream ref: 2f3225a2a4a4 049a12a5cc14 ebd6cc75020f
77     Patch24: sudo-1.8.6p3-CVE-2013-2777_2776_1775.patch
78     # 1065415 - -sesh replaces /path/to/myshell with /path/to-myshell instead of -myshell
79     Patch25: sudo-1.8.6p3-sesharg0fix.patch
80     # 1078338 - sudo does not handle the "(none)" string, when no domainname is set, which breaks when nscd is enabled
81     Patch26: sudo-1.8.6p3-nonehostname.patch
82     # 1052940 - Regression in sudo 1.8.6p3-7 package, double quotes are not accepted in sudoers
83     Patch27: sudo-1.8.6p3-doublequotefix.patch
84     # 1083064 - With sudo-1.8.6p3-12.el6.x86_64 version, If a sudo rules contains +netgroup in sudoUser attribute it result in access denied
85     # 1006463 - sudo -U <user> listing shows incorrect list when sssd is used.
86     Patch28: sudo-1.8.6p3-netgrfilterfix.patch
87     # 1006447 - sudo -ll does not list the rule names when sssd is used.
88     Patch29: sudo-1.8.6p3-sssdrulenames.patch
89     # 1070952 - pam_faillock causes sudo to lock user when user aborts password prompt
90     Patch30: sudo-1.8.6p3-authinterrupt.patch
91     # Fix compiler warnings about discarting const qualifiers
92     Patch31: sudo-1.8.6p3-constwarnfix.patch
93     # 1138267 - sudoers.ldap man page has typos in description
94     Patch32: sudo-1.8.6p3-mantypos-ldap.patch
95     # 1147498 - duplicate sss module in nsswitch breaks sudo
96     Patch33: sudo-1.8.6p3-nssdupfix.patch
97     # 1138581 - sudo with sssd doesn't work correctly with sudoOrder option
98     Patch34: sudo-1.8.6p3-sudoorderfix.patch
99     # 1142122 - sudo option mail_no_user doesn't work
100     Patch35: sudo-1.8.6p3-ldapusermatchfix.patch
101     # 1094548 - sudo - cmnd_no_wait can cause child processes to ignore SIGPIPE
102     Patch36: sudo-1.8.6p3-sigpipefix.patch
103     # 1144448 - sudo with ldap doesn't work correctly with 'listpw=all' and 'verifypw=all' in sudoOption entry
104     Patch37: sudo-1.8.6p3-authlogicfix.patch
105     # 1200253 - CVE-2014-9680 sudo: unsafe handling of TZ environment variable [rhel-6.7]
106     Patch38: sudo-1.8.6p3-CVE-2014-9680.patch
107     # 1075836 - Sudo taking a long time when user information is stored externally.
108     Patch39: sudo-1.8.6p3-legacy-group-processing.patch
109     # 1241896 - [RFE] Implement sudoers option to change netgroup processing semantics
110     Patch40: sudo-1.8.6p3-netgroup_tuple.patch
111     # 1248695 - sudo segfault segfault at 8 i error 4 in sudoers.so
112     Patch41: sudo-1.8.6p3-seqfault-null-group-list.patch
113     # 1197885 - visudo ignores -q flag
114     Patch42: sudo-1.8.6p3-visudo-quiet-flag.patch
115     # 1247231 - [RFE] Backport pam_service and pam_login_service sudoers options from sudo 1.8.8
116     Patch43: sudo-1.8.6p3-pam_servicebackport.patch
117     # 1144422 - sudo with ldap/sssd doesn't respect env_keep,env_check and env_delete variables in sudoOption
118     Patch44: sudo-1.8.6p3-strunquote.patch
119     # 1279447 - sudo command throwing error when defaults records are added in ldap based on sudoers2ldif generated ldif
120     Patch45: sudo-1.8.6p3-ldap_sssd_parse_whitespaces.patch
121     # 1135531 - sudo with ldap doesn't work with 'user id' in sudoUser option
122     Patch46: sudo-1.8.6p3-ldapsearchuidfix.patch
123     # 1220480 - sudo option mail_no_user doesn't work with sssd provider
124     Patch47: sudo-1.8.6p3-sssd-mailfix.patch
125     # 1284886 - getcwd failed, resulting in Null pointer exception
126     Patch48: sudo-1.8.6p3-null_exception.patch
127     # 1309976 - closefrom_override sudo option not working
128     Patch49: sudo-1.8.6p7-closefrom-override-fix.patch
129     # 1312481 - non-root user can list privileges of other users
130     Patch50: sudo-1.8.6p3-unprivileged-list-fix.patch
131     # 1330001 - Fix sudo log file wrong group ownership
132     Patch51: sudo-1.8.6p3-loggingperms.patch
133     # 1374410 - Fix "sudo -l command" in the LDAP and SSS backends when the command is not allowed.
134     Patch52: sudo-1.8.6p3-ldap-sssd-notallowedcmnd.patch
135     # 1318374 - Fix sudo parsing sudoers with user's locale
136     Patch53: sudo-1.8.6p3-sudoerslocale.patch
137     # 1365156 - Fix race condition when creating /var/log/sudo-io direcotry
138     Patch54: sudo-1.8.6p3-iologracecondition.patch
139     # 1391938 - CVE-2016-7032 CVE-2016-7076 sudo: various flaws [rhel-6.9]
140     Patch55: sudo-1.8.6p3-noexec-update.patch
141     # 1455399 - CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing [rhel-6.9.z]
142     Patch56: sudo-1.8.6p3-tty-parsing.patch
143     # 1459408 - CVE-2017-1000368 sudo: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367) [rhel-6.9.z]
144     Patch57: sudo-1.8.6p7-CVE-2017-1000368.patch
145    
146    
147     %description
148     Sudo (superuser do) allows a system administrator to give certain
149     users (or groups of users) the ability to run some (or all) commands
150     as root while logging all commands and arguments. Sudo operates on a
151     per-command basis. It is not a replacement for the shell. Features
152     include: the ability to restrict what commands a user may run on a
153     per-host basis, copious logging of each command (providing a clear
154     audit trail of who did what), a configurable timeout of the sudo
155     command, and the ability to use the same configuration file (sudoers)
156     on many different machines.
157    
158     %package devel
159     Summary: Development files for %{name}
160     Group: Development/Libraries
161     Requires: %{name} = %{version}-%{release}
162    
163     %description devel
164     The %{name}-devel package contains header files developing sudo
165     plugins that use %{name}.
166    
167     %prep
168     %setup -q
169    
170     %patch1 -p1 -b .strip
171     %patch2 -p1 -b .envdebug
172     %patch3 -p1 -b .auditeditor
173     %patch4 -p1 -b .mantypo
174     %patch5 -p1 -b .sudoedit-selinux
175     %patch6 -p1 -b .aliaswarnonly
176     %patch7 -p1 -b .auditrolechange
177     %patch8 -p1 -b .nowaitopt
178     %patch9 -p1 -b .noauthwarn
179     %patch10 -p1 -b .emallocfail
180     %patch11 -p1 -b .ldap-sssd-usermatch
181     %patch12 -p1 -b .ldapconfparse
182     %patch13 -p1 -b .sssd-noise
183     %patch14 -p1 -b .cyclesegv
184     %patch15 -p1 -b .ALL-with-negation-manupdate
185     %patch16 -p1 -b .nprocfix
186     %patch17 -p1 -b .strictuidgid
187     %patch18 -p1 -b .cycledetect
188     %patch19 -p1 -b .netgrmatchtrace
189     %patch20 -p1 -b .lbufexpandcode
190     %patch21 -p1 -b .logsudouser
191     %patch22 -p1 -b .sssdfixes
192     %patch23 -p1 -b .ipahostname
193     %patch24 -p1 -b .CVE-2013-2777_2776_1775
194     %patch25 -p1 -b .sesharg0fix
195     %patch26 -p1 -b .nonehostname
196     %patch27 -p1 -b .doublequotefix
197     %patch28 -p1 -b .netgrfilterfix
198     %patch29 -p1 -b .sssdrulenames
199     %patch30 -p1 -b .authinterrupt
200     %patch31 -p1 -b .constwarnfix
201     %patch32 -p1 -b .mantypos-ldap
202     %patch33 -p1 -b .nssdupfix
203     %patch34 -p1 -b .sudoorderfix
204     %patch35 -p1 -b .ldapusermatchfix
205     %patch36 -p1 -b .sigpipefix
206     %patch37 -p1 -b .authlogicfix
207     %patch38 -p1 -b .CVE-2014-9680
208     %patch39 -p1 -b .legacy-group-processing
209     %patch40 -p1 -b .netgroup_tuple
210     %patch41 -p1 -b .segfault-null-group-list
211     %patch42 -p1 -b .visudo-quiet-flag
212     %patch43 -p1 -b .pam_servicebackport
213     %patch44 -p1 -b .strunquote
214     %patch45 -p1 -b .rmwhitespaces
215     %patch46 -p1 -b .ldapsearchuidfix
216     %patch47 -p1 -b .mailfix
217     %patch48 -p1 -b .nullexception
218     %patch49 -p1 -b .closefrom-override-fix
219     %patch50 -p1 -b .unprivileged-list-fix
220     %patch51 -p1 -b .loggingperms
221     %patch52 -p1 -b .ldap-sssd-notallowedcmnd
222     %patch53 -p1 -b .sudoerslocale
223     %patch54 -p1 -b .iologracecondition
224     %patch55 -p1 -b .noexec-update
225     %patch56 -p1 -b .tty-parsing
226     %patch57 -p1 -b .CVE-2017-1000368
227    
228     %build
229     autoreconf -I m4 -fv --install
230    
231     %ifarch s390 s390x sparc64
232     F_PIE=-fPIE
233     %else
234     F_PIE=-fpie
235     %endif
236    
237     export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHLIB_MODE=755
238    
239     %configure \
240     --prefix=%{_prefix} \
241     --sbindir=%{_sbindir} \
242     --libdir=%{_libdir} \
243     --docdir=%{_datadir}/doc/%{name}-%{version} \
244     --with-logging=syslog \
245     --with-logfac=authpriv \
246     --with-pam \
247     --with-pam-login \
248     --with-editor=/bin/vi \
249     --with-env-editor \
250     --with-ignore-dot \
251     --with-tty-tickets \
252     --with-ldap \
253     --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
254     --with-selinux \
255     --with-passprompt="[sudo] password for %p: " \
256     --with-linux-audit \
257     --with-sssd
258     # --without-kerb5 \
259     # --without-kerb4
260     make
261    
262     %install
263     rm -rf $RPM_BUILD_ROOT
264    
265     # Update README.LDAP (#736653)
266     sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP
267    
268     make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
269     chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
270     install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
271     install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
272     install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
273     install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
274     install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
275    
276     # Remove execute permission on this script so we don't pull in perl deps
277     chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
278    
279     %find_lang sudo
280     %find_lang sudoers
281    
282     cat sudo.lang sudoers.lang > sudo_all.lang
283     rm sudo.lang sudoers.lang
284    
285     mkdir -p $RPM_BUILD_ROOT/etc/pam.d
286     cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
287     #%PAM-1.0
288     auth include system-auth
289     account include system-auth
290     password include system-auth
291     session optional pam_keyinit.so revoke
292     session required pam_limits.so
293     EOF
294    
295     cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
296     #%PAM-1.0
297     auth include sudo
298     account include sudo
299     password include sudo
300     session optional pam_keyinit.so force revoke
301     session required pam_limits.so
302     EOF
303    
304     %clean
305     rm -rf $RPM_BUILD_ROOT
306    
307     %files -f sudo_all.lang
308     %defattr(-,root,root)
309     %attr(0440,root,root) %config(noreplace) /etc/sudoers
310     %attr(0640,root,root) %config(noreplace) /etc/sudo.conf
311     %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
312     %attr(0750,root,root) %dir /etc/sudoers.d/
313     %config(noreplace) /etc/pam.d/sudo
314     %config(noreplace) /etc/pam.d/sudo-i
315     %dir /var/db/sudo
316     %attr(4111,root,root) %{_bindir}/sudo
317     %attr(4111,root,root) %{_bindir}/sudoedit
318     %attr(0111,root,root) %{_bindir}/sudoreplay
319     %attr(0755,root,root) %{_sbindir}/visudo
320     %attr(0755,root,root) %{_libexecdir}/sesh
321     %{_libexecdir}/sudoers.*
322     %{_libexecdir}/sudo_noexec.*
323     %{_mandir}/man5/sudoers.5*
324     %{_mandir}/man5/sudoers.ldap.5*
325     %{_mandir}/man8/sudo.8*
326     %{_mandir}/man8/sudoedit.8*
327     %{_mandir}/man8/sudoreplay.8*
328     %{_mandir}/man8/visudo.8*
329     %{_docdir}/sudo-%{version}/*
330    
331    
332     # Make sure permissions are ok even if we're updating
333     %post
334     /bin/chmod 0440 /etc/sudoers || :
335    
336     %files devel
337     %defattr(-,root,root,-)
338     %doc plugins/sample/sample_plugin.c
339     %{_includedir}/sudo_plugin.h
340     %{_mandir}/man8/sudo_plugin.8*
341    
342     %changelog
343     * Wed Jun 07 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-29
344     - Fixes CVE-2017-1000368
345     Resolves: rhbz#1459408
346    
347     * Mon May 29 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-28
348     - Fixes CVE-2017-1000367
349     Resolves: rhbz#1455399
350    
351     * Thu Nov 24 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-27
352     - Update noexec syscall blacklist
353     - Fixes CVE-2016-7032 and CVE-2016-7076
354     Resolves: rhbz#1391938
355    
356     * Tue Oct 18 2016 Tomas Sykora <tosykora@redhat.com> - 1.8.6p3-26
357     - RHEL-6.9 erratum
358     - Fix race condition when creating /var/log/sudo-io direcotry
359     Resolves: rhbz#1365156
360    
361     * Thu Oct 06 2016 Tomas Sykora <tosykora@redhat.com> - 1.8.6p3-25
362     - RHEL-6.9 erratum
363     - Fix "sudo -l command" in the LDAP and SSS backends when the command
364     is not allowed.
365     Resolves: rhbz#1374410
366     - Fix sudo log file wrong group ownership
367     Resolves: rhbz#1330001
368     - Fix sudo parsing sudoers with user's locale
369     Resolves: rhbz#1318374
370    
371     * Tue Mar 01 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-24
372     - RHEL-6.8 erratum
373     - fixed a bug causing that non-root users can list privileges of
374     other users
375     Resolves: rhbz#1312481
376    
377     * Thu Feb 25 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-23
378     - RHEL-6.8 erratum
379     - fixed handling of closefrom_override defaults option
380     Resolves: rhbz#1309976
381    
382     * Wed Jan 20 2016 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-22
383     - RHEL-6.8 erratum
384     - fixed potential getcwd failure, resulting in Null pointer exception
385     Resolves: rhbz#1284886
386    
387     * Tue Dec 15 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-21
388     - RHEL-6.8 erratum
389     - fixed sssd's detection of user with zero rules
390     Resolves: rhbz#1220480
391    
392     * Mon Dec 14 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-21
393     - RHEL-6.8 erratum
394     - search also by user id when fetching rules from LDAP
395     Resolves: rhbz#1135531
396    
397     * Tue Dec 8 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-21
398     - RHEL-6.8 erratum
399     - fixed ldap's and sssd's sudoOption value and remove quotes
400     - fixed ldap's and sssd's sudoOption whitespaces parse problem
401     Resolves: rhbz#1144422
402     Resolves: rhbz#1279447
403    
404     * Tue Dec 8 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-21
405     - RHEL-6.8 erratum
406     - removed defaults option requiretty from /etc/sudoers
407     - backported pam_service and pam_login_service defaults options
408     - implemented a new defaults option for changing netgroup processing
409     semantics
410     - fixed visudo's quiet cli option
411     Resolves: rhbz#1248695
412     Resolves: rhbz#1247231
413     Resolves: rhbz#1241896
414     Resolves: rhbz#1197885
415     Resolves: rhbz#1233205
416    
417     * Wed Jul 29 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-20
418     - added patch to re-introduce old group processing behaviour
419     Resolves: rhbz#1075836
420    
421     * Tue May 05 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-19
422     - RHEL-6.7 erratum
423     - modified the authlogicfix patch to fix #1144448
424     - fixed a bug in the ldapusermatchfix patch
425     Resolves: rhbz#1144448
426     Resolves: rhbz#1142122
427    
428     * Thu Apr 16 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-18
429     - RHEL-6.7 erratum
430     - fixed the mantypos-ldap.patch
431     Resolves: rhbz#1138267
432    
433     * Tue Mar 31 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-17
434     - RHEL-6.7 erratum
435     - added patch for CVE-2014-9680
436     - added BuildRequires for tzdata
437     Resolves: rhbz#1200253
438    
439     * Wed Mar 4 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-16
440     - RHEL-6.7 erratum
441     - added zlib-devel build required to enable zlib compression support
442     - fixed two typos in the sudoers.ldap man page
443     - fixed a hang when duplicate nss entries are specified in nsswitch.conf
444     - SSSD: implemented sorting of the result entries according to the
445     sudoOrder attribute
446     - LDAP: fixed logic handling the computation of the "user matched" flag
447     - fixed restoring of the SIGPIPE signal in the tgetpass function
448     - fixed listpw, verifypw + authenticate option logic in LDAP/SSSD
449     Resolves: rhbz#1106433
450     Resolves: rhbz#1138267
451     Resolves: rhbz#1147498
452     Resolves: rhbz#1138581
453     Resolves: rhbz#1142122
454     Resolves: rhbz#1094548
455     Resolves: rhbz#1144448
456    
457     * Thu Jul 31 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-15
458     - RHEL-6.6 erratum
459     - SSSD: dropped the ipahostnameshort patch, as it is not
460     needed. rhbz#1033703 is a configuration issue.
461     Related: rhbz#1033703
462    
463     * Wed Jul 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-14
464     - RHEL-6.6 erratum
465     - SSSD: fixed netgroup filter patch
466     - SSSD: dropped serparate patch for #1006463, the fix is now part
467     of the netgroup filter patch
468     Resolves: rhbz#1006463
469     Resolves: rhbz#1083064
470    
471     * Mon May 19 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-13
472     - RHEL-6.6 erratum
473     - don't retry authentication when ctrl-c pressed
474     - fix double-quote processing in Defaults options
475     - fix sesh login shell argv[0]
476     - handle the "(none)" hostname correctly
477     - SSSD: fix ipa_hostname handling
478     - SSSD: fix sudoUser netgroup specification filtering
479     - SSSD: list correct user when -U <user> -l specified
480     - SSSD: show rule names on long listing (-ll)
481     Resolves: rhbz#1065415
482     Resolves: rhbz#1078338
483     Resolves: rhbz#1052940
484     Resolves: rhbz#1083064
485     Resolves: rhbz#1033703
486     Resolves: rhbz#1006447
487     Resolves: rhbz#1006463
488     Resolves: rhbz#1070952
489    
490     * Mon Oct 7 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-12
491     - added patches for CVE-2013-1775 CVE-2013-2777 CVE-2013-2776
492     Resolves: rhbz#1015355
493    
494     * Thu Sep 5 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-11
495     - sssd: fixed a bug in ipa_hostname processing
496     Resolves: rhbz#853542
497    
498     * Thu Aug 15 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-10
499     - sssd: fixed buffer size for the ipa_hostname value
500     Resolves: rhbz#853542
501    
502     * Wed Aug 14 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-9
503     - sssd: match against ipa_hostname from sssd.conf too when
504     checking sudoHost
505     Resolves: rhbz#853542
506    
507     * Wed Aug 14 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-8
508     - updated man-page
509     - fixed handling of RLIMIT_NPROC resource limit
510     - fixed alias cycle detection code
511     - added debug messages for tracing of netgroup matching
512     - fixed aborting on realloc when displaying allowed commands
513     - show the SUDO_USER in logs, if running commands as root
514     - sssd: filter netgroups in the sudoUser attribute
515     Resolves: rhbz#856901
516     Resolves: rhbz#947276
517     Resolves: rhbz#886648
518     Resolves: rhbz#994563
519     Resolves: rhbz#848111
520     Resolves: rhbz#994626
521     Resolves: rhbz#973228
522     Resolves: rhbz#880150
523    
524     * Wed Jan 23 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-7
525     - fixed potential stack overflow in visudo
526     Resolves: rhbz#903020
527    
528     * Thu Nov 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-6
529     - added patches to address a number of issues in ldap & sssd plugins
530     - fixed README.LDAP updating in the spec file
531     Resolves: rhbz#860397
532     Resolves: rhbz#876208
533     Resolves: rhbz#876578
534     Resolves: rhbz#879675
535     Resolves: rhbz#879633
536    
537     * Wed Nov 07 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-5
538     - Include just one sample plugin in the documentation for the -devel
539     subpackage. Don't include architecture specific files.
540     - patch: Do not inform the user that the command was not permitted by
541     the policy if they do not successfully authenticate.
542     Resolves: rhbz#759480
543     Resolves: rhbz#871303
544     Resolves: rhbz#872740
545    
546     * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-4
547     - removed %doc since sudo installs the files anyway
548     Resolves: rhbz#759480
549    
550     * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-3
551     - added SHLIB_MODE=755 to get striping to work again
552     Resolves: rhbz#759480
553    
554     * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
555     - extended the default sudo-ldap.conf file
556     - corrected default file permissions on sudo.conf, sudo-ldap.conf
557     - added patch that introduces the cmnd_no_wait Defaults option
558     Resolves: rhbz#840980 - sudo creates a new parent process
559     Resolves: rhbz#860397 - new /etc/sudo-ldap.conf configuration file problems
560    
561     * Mon Sep 24 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
562     - rebase to 1.8.6p3
563     - new -devel subpackage
564     - new configuration file: /etc/sudo.conf
565     Resolves: rhbz#852045 - ulimit -c got Operation not permitted
566     Resolves: rhbz#804123 - sudo does not call pam_close_session() or pam_end()
567     Resolves: rhbz#828707 - sudo fails to report error correctly when execv(3) fails
568     Resolves: rhbz#844691 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo
569     Resolves: rhbz#759480 - Rebase sudo to 1.8 in RHEL 6.4
570     Resolves: rhbz#846117 - Sudo interpretation of wildcard command arguments is more lenient providing a security risk
571     Resolves: rhbz#789937 - [RFE] Add ability to treat files authoritatively in sudoers.ldap
572     Resolves: rhbz#836242 - sudo -s -u USERNAME can't change ulimit -c
573    
574     * Tue Jul 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-13
575     - fixed job control
576     Resolves: rhbz#823993
577    
578     * Fri Jun 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-12
579     - added patch for CVE-2012-2337
580     Resolves: rhbz#829757
581    
582     * Wed May 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-11
583     - use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK (#821976)
584     Resolves: rhbz#821976
585    
586     * Fri May 04 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-10.1
587     - backported ldap code modifications that fix an issue with tls_checkpeer (#810372)
588     Resolves: rhbz#810372
589    
590     * Mon Apr 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-10
591     - fixed bug in Runas_Spec group matching (#810147)
592     - disable `sudo -l' output word wrapping if the output
593     is piped (#810326)
594     - fixed `sudo -i' command escaping (#806095)
595     Resolves: rhbz#806095
596     Resolves: rhbz#810147
597     Resolves: rhbz#810326
598    
599     * Mon Apr 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-9
600     - fixed uninitialized value warning introduced with the sudoedit-selinux patch
601     Resolves: rhbz#806386
602    
603     * Thu Mar 01 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-8
604     - created a separate ldap configuration file, sudo-ldap.conf
605     - visudo: mark unused aliases as warnings, not errors
606     - backported signal handling from 1.7.5
607     - don't disable coredumping from the code, rely on /proc/sys/fs/suid_dumpable
608     - use correct SELinux context when editing files with sudoedit
609     - fixed visudo syntax checks
610     - fixed typos and inconsistencies in documentation
611     - switched to an updated -getgrouplist patch to fix sudo -l -U <user> behavior
612     Resolves: rhbz#760843
613     Resolves: rhbz#736030
614     Resolves: rhbz#697775
615     Resolves: rhbz#726634
616     Resolves: rhbz#708515
617     Resolves: rhbz#736653
618     Resolves: rhbz#667120
619     Resolves: rhbz#769701
620     Resolves: rhbz#751680
621     Resolves: rhbz#604297
622     Resolves: rhbz#797511
623    
624     * Thu Jul 21 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-7
625     - set ldap configuration file to nslcd.conf
626     Resolves: rhbz#709235
627    
628     * Thu Jul 14 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-6
629     - removed the --with-ldap-*conf options
630     - added RELRO flags
631     Resolves: rhbz#709235
632     Resolves: rhbz#709859
633    
634     * Tue Apr 19 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-5
635     - patch: log failed user role changes
636     Resolves: rhbz#665131
637    
638     * Wed Mar 23 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
639     - added #includedir /etc/sudoers.d to sudoers
640     Resolves: rhbz#615087
641    
642     * Tue Mar 22 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-3
643     - added !visiblepw option to sudoers
644     Resolves: rhbz#688640
645    
646     * Fri Feb 4 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2
647     - added patch for rhbz#665131
648     Resolves: rhbz#665131
649    
650     * Thu Jan 13 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-1
651     - rebase to latest stable version
652     - sudo now uses /var/db/sudo for timestamps
653     - new command available: sudoreplay
654     - use native audit support
655     - sync configuration paths with the nss_ldap package
656     Resolves: rhbz#615087
657     Resolves: rhbz#652726
658     Resolves: rhbz#634159
659     Resolves: rhbz#603823
660    
661     * Wed Sep 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-9
662     - added patch for CVE-2010-2956 (#628628)
663     Resolves: rhbz#629054
664    
665     * Tue Aug 03 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-8
666     - sudoers change: always set $HOME to the target user home directory
667     Resolves: rhbz#619293
668    
669     * Thu Jul 15 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-7
670     - move the sudo_end* calls before closefrom()
671     - close audit_fd before exec
672     - fixed typo in Makefile.in
673     Resolves: rhbz#569313
674    
675     * Tue Jun 8 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-6
676     - fixed segfault when #include directive is used in cycles
677     Resolves: rhbz#598363
678    
679     * Tue Jun 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5
680     - added patch that fixes insufficient environment sanitization issue (#598154)
681     Resolves: rhbz#598383
682    
683     * Tue Apr 13 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4
684     - added second patch for CVE-2010-0426 (#580441)
685     Resolves: rhbz#580527
686    
687     * Wed Feb 24 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
688     - added patch for CVE-2010-0426 (#567337)
689     Resolves: rhbz#567675
690    
691     * Wed Jan 27 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-2
692     - changed the License: value to ISC
693     Related: rhbz#543948
694    
695     * Wed Jan 13 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1
696     - new upstream version
697     Resolves: rhbz#554321
698     - drop *.pod man page duplicates from docs
699     - commented out unused aliases in sudoers to make visudo happy (#550239)
700    
701     * Tue Jan 12 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.1-8
702     - Rebuild for new libaudit
703     Related: rhbz#543948
704    
705     * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7
706     - rebuilt with new audit
707    
708     * Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6
709     - moved secure_path from compile-time option to sudoers file (#517428)
710    
711     * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5
712     - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
713    
714     * Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4
715     - moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch)
716     - epoch number sync
717    
718     * Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1
719     - updated sudo to version 1.7.1
720     - fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
721    
722     * Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6
723     - fixed building with new libtool
724     - fix for incorrect handling of groups in Runas_User
725     - added /usr/local/sbin to secure-path
726    
727     * Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
728     - build with sendmail installed
729     - Added /usr/local/bin to secure-path
730    
731     * Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
732     - adjust audit patch, do not scream when kernel is
733     compiled without audit netlink support (#401201)
734    
735     * Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
736     - upgrade
737    
738     * Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7
739     - build with newer autoconf-2.62 (#449614)
740    
741     * Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6
742     - compiled with secure path (#80215)
743    
744     * Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5
745     - fix path to updatedb in /etc/sudoers (#445103)
746    
747     * Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4
748     - include ldap files in rpm package (#439506)
749    
750     * Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3
751     - include [sudo] in password prompt (#437092)
752    
753     * Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2
754     - audit support improvement
755    
756     * Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1
757     - upgrade to the latest upstream release
758    
759     * Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1
760     - upgrade to the latest upstream release
761     - add selinux support
762    
763     * Mon Feb 02 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
764     - sparc64 needs to be in the -fPIE list with s390
765    
766     * Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
767     - fix complains about audit_log_user_command(): Connection
768     refused (#401201)
769    
770     * Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
771     - Rebuild for deps
772    
773     * Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3
774     - Rebuild for openssl bump
775    
776     * Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2
777     - fix autotools stuff and add audit support
778    
779     * Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1
780     - upgrade to upstream release
781    
782     * Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
783     - also use getgrouplist() to determine group membership (#235915)
784    
785     * Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
786     - fix some spec file issues
787    
788     * Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
789     - fix rpmlint issue
790    
791     * Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
792     - fix typo in sudoers file (#212308)
793    
794     * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
795     - rebuilt for unwind info generation, broken in gcc-4.1.1-21
796    
797     * Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
798     - fix sudoers file, X apps didn't work (#206320)
799    
800     * Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
801     - use Red Hat specific default sudoers file
802    
803     * Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
804     - fix #198755 - make login processes (sudo -i) initialise session keyring
805     (thanks for PAM config files to David Howells)
806     - add IPv6 support (patch by Milan Zazrivec)
807    
808     * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
809     - rebuild
810    
811     * Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
812     - fix #190062 - "ssh localhost sudo su" will show the password in clear
813    
814     * Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
815     - add LDAP support (#170848)
816    
817     * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
818     - bump again for double-long bug on ppc(64)
819    
820     * Wed Feb 8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
821     - reset env. by default
822    
823     * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
824     - rebuilt for new gcc4.1 snapshot and glibc changes
825    
826     * Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
827     - Remove selinux patch. It has been decided that the SELinux patch for sudo is
828     - no longer necessary. In tageted policy it had no effect. In strict/MLS policy
829     - We require the person using sudo to execute newrole before using sudo.
830    
831     * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
832     - rebuilt
833    
834     * Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
835     - new upstream version 1.6.8p12
836    
837     * Tue Nov 8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
838     - new upstream version 1.6.8p11
839    
840     * Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
841     - use include instead of pam_stack in pam config
842    
843     * Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
844     - enable interfaces in selinux patch
845     - merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
846    
847     * Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
848     - fix debuginfo
849    
850     * Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
851     - fix #162623 - sesh hangs when child suspends
852    
853     * Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
854     - Add back in interfaces call, SELinux has been fixed to work around
855    
856     * Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
857     - new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
858    
859     * Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
860     - fix #154511 - sudo does not use limits.conf
861    
862     * Mon Apr 4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
863     - new version 1.6.8p8: new sudoedit and sudo_noexec
864    
865     * Wed Feb 9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
866     - rebuild
867    
868     * Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
869     - added missing BuildRequires for libselinux-devel (#132883)
870    
871     * Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
872     - Fix missing param error in sesh
873    
874     * Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
875     - Remove full patch check from sesh
876    
877     * Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
878     - Fix selinux patch to switch to root user
879    
880     * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
881     - rebuilt
882    
883     * Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
884     - Eliminate tty handling from selinux
885    
886     * Thu Apr 1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
887     - fixed spec file: sesh in file section with selinux flag (#119682)
888    
889     * Thu Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
890     - Enhance sesh.c to fork/exec children itself, to avoid
891     having sudo reap all domains.
892     - Only reinstall default signal handlers immediately before
893     exec of child with SELinux patch
894    
895     * Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
896     - change to default to sysadm_r
897     - Fix tty handling
898    
899     * Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
900     - Add /bin/sesh to run selinux code.
901     - replace /bin/bash -c with /bin/sesh
902    
903     * Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
904     - Hard code to use "/bin/bash -c" for selinux
905    
906     * Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
907     - Eliminate closing and reopening of terminals, to match su.
908    
909     * Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
910     - SELinux fixes to make transitions work properly
911    
912     * Fri Mar 5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
913     - pied sudo
914    
915     * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
916     - rebuilt
917    
918     * Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
919     - Eliminate interfaces call, since this requires big SELinux privs
920     - and it seems to be useless.
921    
922     * Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
923     - visudo requires vim-minimal or setting EDITOR to something useful (#68605)
924    
925     * Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
926     - Fix is_selinux_enabled call
927    
928     * Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
929     - Clean up patch on failure
930    
931     * Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
932     - Remove sudo.te for now.
933    
934     * Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
935     - Fix usage message
936    
937     * Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
938     - Clean up sudo.te to not blow up if pam.te not present
939    
940     * Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
941     - added missing BuildRequires for groff
942    
943     * Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
944     - remove left-over debugging code
945    
946     * Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
947     - Fix terminal handling that caused Sudo to exit on non selinux machines.
948    
949     * Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
950     - Remove sudo_var_run_t which is now pam_var_run_t
951    
952     * Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
953     - Fix terminal handling and policy
954    
955     * Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
956     - Fix policy
957    
958     * Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
959     - Turn on SELinux support
960    
961     * Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
962     - Add support for SELinux
963    
964     * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
965     - rebuilt
966    
967     * Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
968    
969     * Wed Jan 22 2003 Tim Powers <timp@redhat.com>
970     - rebuilt
971    
972     * Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
973     - remove absolute path names from the PAM configuration, ensuring that the
974     right modules get used for whichever arch we're built for
975     - don't try to install the FAQ, which isn't there any more
976    
977     * Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
978     - update to 1.6.6
979    
980     * Fri Jun 21 2002 Tim Powers <timp@redhat.com>
981     - automated rebuild
982    
983     * Thu May 23 2002 Tim Powers <timp@redhat.com>
984     - automated rebuild
985    
986     * Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
987     - Fix bug #63768
988    
989     * Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
990     - 1.6.5p2
991    
992     * Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
993     - 1.6.5p1
994     - Hope this "a new release per day" madness stops ;)
995    
996     * Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
997     - 1.6.5
998    
999     * Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
1000     - 1.6.4p1
1001    
1002     * Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
1003     - Update to 1.6.4
1004    
1005     * Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
1006     - Add build requirements (#49706)
1007     - s/Copyright/License/
1008     - bzip2 source
1009    
1010     * Sat Jun 16 2001 Than Ngo <than@redhat.com>
1011     - update to 1.6.3p7
1012     - use %%{_tmppath}
1013    
1014     * Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
1015     - 1.6.3p6, fixes buffer overrun
1016    
1017     * Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1018     - 1.6.3p5
1019    
1020     * Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
1021     - automatic rebuild
1022    
1023     * Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de>
1024     - fixed owner of sudo and visudo
1025    
1026     * Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
1027     - modify PAM setup to use system-auth
1028     - clean up buildrooting by using the makeinstall macro
1029    
1030     * Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1031     - initial build in main distrib
1032     - update to 1.6.3
1033     - deal with compressed man pages
1034    
1035     * Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
1036     - updated to 1.6.1 for Powertools 6.2
1037     - config files are now noreplace.
1038    
1039     * Thu Jul 22 1999 Tim Powers <timp@redhat.com>
1040     - updated to 1.5.9p2 for Powertools 6.1
1041    
1042     * Wed May 12 1999 Bill Nottingham <notting@redhat.com>
1043     - sudo is configured with pam. There's no pam.d file. Oops.
1044    
1045     * Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
1046     - upgraded to 1.59p1 for powertools 6.0
1047    
1048     * Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
1049     - fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
1050    
1051     * Fri Oct 08 1998 Michael Maher <mike@redhat.com>
1052     - built package for 5.2
1053    
1054     * Mon May 18 1998 Michael Maher <mike@redhat.com>
1055     - updated SPEC file
1056    
1057     * Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
1058     - updated to 1.5.4
1059    
1060     * Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
1061     - built for glibc, no problems
1062    
1063     * Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
1064     - Fixed for 4.2 PowerTools
1065     - Still need to be pamified
1066     - Still need to move stmp file to /var/log
1067    
1068     * Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
1069     - First version for PowerCD.
1070    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed